Specification: The Biggest Bottleneck in Aerospace V&V and - - PowerPoint PPT Presentation

specification the biggest bottleneck in aerospace v v and
SMART_READER_LITE
LIVE PREVIEW

Specification: The Biggest Bottleneck in Aerospace V&V and - - PowerPoint PPT Presentation

Nov 26, 2022 454 likes •630 views

Successes Challenges Future Challenges Specification: The Biggest Bottleneck in Aerospace V&V and Autonomy Kristin Yvonne Rozier University of Cincinnati May 6, 2016 Laboratory for Kristin Yvonne Rozier Specification: The Biggest

slide-1
SLIDE 1

Successes Challenges Future Challenges

Specification: The Biggest Bottleneck in Aerospace V&V and Autonomy

Kristin Yvonne Rozier

University of Cincinnati

May 6, 2016

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-2
SLIDE 2

Successes Challenges Future Challenges

Design-Time Verification!

Expected design-time component Recommended in DO-178B/C, D0-254 standards for Successfully applied in many aerospace contexts. . .

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-3
SLIDE 3

Successes Challenges Future Challenges

Runtime Verification and System Health Management!

Required for Autonomy New: Intelligent Interfaces Hot topic: UTM, Mars, NextGen, . . .

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-4
SLIDE 4

Successes Challenges Future Challenges

A Goal Aerospace System Design Process

System Design Build Prototype Simulation Testing and

...

ERROR NO Model Check SPEC DEBUGGING Specification Model Verification SPEC DEBUGGING USE SPECIFICATIONS FOR RUNTIME MONITORING YES NO ERROR REVISE YES Specification Validation Model Validation via Model Checking M = Formal System Model Model

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-5
SLIDE 5

Successes Challenges Future Challenges

A Goal Aerospace System Design Process

System Design Build Prototype Simulation Testing and

...

ERROR NO Model Check SPEC DEBUGGING Specification Model Verification SPEC DEBUGGING USE SPECIFICATIONS FOR RUNTIME MONITORING YES NO ERROR REVISE YES Specification Validation Model Validation via Model Checking M = Formal System Model Model

... Garbage in, garbage out!

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-6
SLIDE 6

Successes Challenges Future Challenges

The Bottom Line

Bottom Line: INPUTS to formal analysis are the BIGGEST challenge

System Design Model Check ERROR M = Formal System Model Model Verification Specification

... ... ...

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-7
SLIDE 7

Successes Challenges Future Challenges

Synthesis!

Model checking: check M | = φ Problems:1 Designing M is hard and expensive Re-designing M when M φ is hard and expensive Synthesis: start from φ, design M such that M | = φ

Simplifies verification No re-design For algorithmic derivations: no design!

What about φ? We need LTL Genesis!

1Vardi, Moshe Y. “From Verification to Synthesis.” VSTTE 5295 (2008): 2.

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-8
SLIDE 8

Successes Challenges Future Challenges Specification Origins

Where will we get specifications from?

Some critical systems are designed without formal requirements Some design processes don’t formally define requirements until the testing phase Early specifications often mix many different objectives

levels of detail/abstraction how the system is defined vs how the system should behave legal-speak on why the system satisfies rules desires/opinions of designers

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-9
SLIDE 9

Successes Challenges Future Challenges Specification Origins

Specification Extraction Strategies

Human Authorship:

Train system designers to write formal specifications first Pair designers with formal methods team to write specifications

Natural Language Processing: extract formal specifications from English Operational Concepts2

Highly input-dependent: assumptions, implied/arbitrary functions Hard to measure correctness, completeness

Specification Mining: extract behaviors from existing systems Static Analysis: map all paths of a program

Hard to differentiate normal usage from exceptions

Learning/Dynamic Invariants: analyze actual executions; observe use-cases Specification Wizard: Semi-automated exploration of system facets, guided by human input

2Ghosh, Shalini, Natarajan Shankar, Patrick Lincoln, Daniel Elenius, Wenchao Li, and Wilfrid Steiener. “Automatic Requirements Specification Extraction from Natural Language (ARSENAL).” SRI International, Menlo Park CA, 2014.

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-10
SLIDE 10

Successes Challenges Future Challenges Specification Origins

Specifications for Free?3

Combine specification mining, test-case generation, static analysis, and dynamic invariants to extract specifications automatically! Can use specifications mined from code

Specification validation == software defect detection Promising for software runtime verification Still need code. . .

What about early design time? What about cyber-physical system specifications?

Can use specifications extracted from last version for new designs

Challenges with specialization/levels of abstraction/relevance

Other challenges:

Scalability Efficiency Expressiveness

3Zeller, Andreas. “Specifications for Free.” In NFM, volume 6617 of LNCS, pages

2-12, Springer, April 2011.

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-11
SLIDE 11

Successes Challenges Future Challenges Specification Quality

How should we measure specification quality?

How can we know when we’re done? How good are the specifications? How can we measure the completeness, correctness, coverage, or general quality of a set of specifications?

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-12
SLIDE 12

Successes Challenges Future Challenges Specification Quality

Sanity Checks

Satisfiability Vacuity Realizability Coverage

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-13
SLIDE 13

Successes Challenges Future Challenges Specification Usage

How do we best use specifications?

Design lifecycles for different cyber-physical systems? How to indoctrinate formal specification into diverse teams of system designers? Barriers to adoption:

time to write/validate learning curves culture

Need an end-to-end process for specification extraction, usage What should our roadmap look like for a future full of well-specified (formally analyzable) critical systems?

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-14
SLIDE 14

Successes Challenges Future Challenges Specification Usage

Specification Use Strategies

Property-Based Design: from specifications to systems Synthesis: generate M such that M | = φ

For cyber-physical systems?

Specification-Based Testing: use specifications in test-case generation From Design- to Run-Time: carry specifications through the design cycle

Specification design lifecycle?

Maintenance: using specifications in system up-keep

Maintenance of specifications?

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-15
SLIDE 15

Successes Challenges Future Challenges

Specification Challenges: to Infinity and Beyond!4

You are here Specifications Completeness Correctness Coverage Quality

Where are we now?

Continuously re-assess . . .

Where will we get specifications from? How should we measure specification quality? How do we best use specifications?

4Panel: “Future Directions of Specifications for Formal Methods.” In NFM 2014,

  • J. Badger and K.Y.Rozier, eds.

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy

slide-16
SLIDE 16

Successes Challenges Future Challenges

Specification Challenges: to Infinity and Beyond!4

You are here Specifications Completeness Correctness Coverage Quality

Where are we now?

Continuously re-assess . . .

Where will we get specifications from? How should we measure specification quality? How do we best use specifications? ... in the context of cyber-physical systems?

4Panel: “Future Directions of Specifications for Formal Methods.” In NFM 2014,

  • J. Badger and K.Y.Rozier, eds.

Laboratory for Temporal Logic

Kristin Yvonne Rozier Specification: The Biggest Bottleneck in V&V and Autonomy