static analysis of control command systems floating point
play

Static Analysis of Control-Command Systems: Floating-Point and - PowerPoint PPT Presentation

Sep 16, 2023 •325 likes •1.17k views

Static Analysis of Control-Command Systems: Floating-Point and Integer Invariants Vivien Maisonneuve Thesis supervisors: Olivier Hermant Franois Irigoin Thesis defense Paris, February 6, 2015 Control-Command Systems A control-command

  1. Static Analysis of Control-Command Systems: Floating-Point and Integer Invariants Vivien Maisonneuve Thesis supervisors: Olivier Hermant François Irigoin Thesis defense Paris, February 6, 2015

  2. Control-Command Systems A control-command system is a system that regulates the behavior of a device. command Control System Device actuators sensors 2 / 41

  3. Control-Command Systems A control-command system is a system that regulates the behavior of a device. command Control System Device actuators sensors 2 / 41

  4. Control-Command Systems Wide spectrum of control-command systems 3 / 41 Critical applications ⇒ need for reliability

  5. Development Constraints Often implemented on embedded systems Extra constraints: • reactivity (real time) • autonomy • cost • energy, memory 4 / 41

  6. low-level C program • thousands of LOC • computations • management of sensors • floating-point numbers How to ensure that the executed program is correct? Step-by-step refinements GCC, CLANG and actuators elementary operations decomposed into Description Levels Formalization Realization MATLAB, Simulink (stability) system behavior 4 control theory: (differential equations) 3 model of the environment 2 constraint specification 1 system conception 5 / 41 mathematical proofs of

  7. Description Levels Realization How to ensure that the executed program is correct? Step-by-step refinements GCC, CLANG and actuators elementary operations decomposed into Formalization 5 / 41 MATLAB, Simulink (stability) system behavior 4 control theory: (differential equations) 3 model of the environment 2 constraint specification 1 system conception low-level C program • thousands of LOC • computations mathematical proofs of • management of sensors • floating-point numbers

  8. Description Levels Realization How to ensure that the executed program is correct? Step-by-step refinements GCC, CLANG and actuators elementary operations decomposed into Formalization 5 / 41 MATLAB, Simulink (stability) system behavior 4 control theory: (differential equations) 3 model of the environment 2 constraint specification 1 system conception low-level C program • thousands of LOC • computations mathematical proofs of • management of sensors • floating-point numbers

  9. Programming Critical Systems Combination of different methods: (dynamic allocation, global variables…) Successes in implementing critical software: software • documentation and specification of all software components • coding standard to limit “dangerous” programming techniques • extensive testing • zero bug in space shuttle code (400 KLOC) • after decades of civil aviation, no human casualty due to a defective 6 / 41

  10. Drawbacks Long and expensive development process: 25 % of the total development cost electronic throttle control defect in Toyota Camry vehicles Exhaustive testing is impossible: can miss bugs. correctness. • 70 % of software development cost for Boeing 777, • development constraint sometimes poorly respected: ⇒ Interest in formal methods to provide mathematical insurances of 7 / 41

  11. Context compute response each location in the code Numerical invariants: mathematical properties on program variables, at stability domain”: … “During execution, controller state variables // property P 4 send response to actuators // property P 3 // property P 2 Formalization input sensors // property P 1 input command repeat every 10ms: and a stability proof Output after formalization: MATLAB pseudocode of a discrete-time C code implementation controller with a frequency 8 / 41

  12. Context Formalization C code implementation Output after formalization: MATLAB pseudocode of a discrete-time repeat every 10ms: input sensors // property P 2 compute response // property P 3 send response to actuators // property P 4 Numerical invariants: mathematical properties on program variables, at each location in the code controller with a frequency and a stability proof input command // property P 1 “During execution, controller state variables ∈ stability domain”: … � 8 / 41

  13. Problems & Contributions Formalization C code implementation 1 Stability proof on real numbers Implementation on machine arithmetic • numeric constants • rounding errors in computations 9 / 41

  14. • Linear systems • Floating-point & fixed-point arithmetic, parametric precision • [Feron ICSM’10]: open-loop 32 bits, closed-loop 117 bits Transposition of Stability Proof to Machine Arithmetic % d Implementation Functions Constants Machine (C) d % d Theoretical Framework Intermediate d % d % d Real (MATLAB) i % d Transpose code + invariants in two steps % d ′ = θ ( d , i ) 10 / 41

  15. • Linear systems • Floating-point & fixed-point arithmetic, parametric precision • [Feron ICSM’10]: open-loop 32 bits, closed-loop 117 bits Implementation Functions Constants Machine (C) d % d % d Intermediate Theoretical Framework Transposition of Stability Proof to Machine Arithmetic d Real (MATLAB) i % d Transpose code + invariants in two steps % ˜ ı ˜ % d ′ = θ ( d , i ) d ′ = θ (˜ % ˜ d , ˜ ı ) 10 / 41

  16. • Linear systems • Floating-point & fixed-point arithmetic, parametric precision • [Feron ICSM’10]: open-loop 32 bits, closed-loop 117 bits Transposition of Stability Proof to Machine Arithmetic Theoretical Framework % d i Real (MATLAB) d Implementation Functions Constants Machine (C) d Intermediate Transpose code + invariants in two steps % ¯ % ˜ ı ˜ ¯ ı % d ′ = θ ( d , i ) d ′ = θ (˜ d ′ ⊃ θ (¯ % ¯ % ˜ d , ˜ ı ) d , ˜ ı ) ⊕ ε 10 / 41

  17. Transposition of Stability Proof to Machine Arithmetic Intermediate % d i Implementation Real (MATLAB) Functions d Constants Machine (C) d Theoretical Framework Transpose code + invariants in two steps % ¯ % ˜ ı ˜ ¯ ı % d ′ = θ ( d , i ) d ′ = θ (˜ d ′ ⊃ θ (¯ % ¯ % ˜ d , ˜ ı ) d , ˜ ı ) ⊕ ε • Linear systems • Floating-point & fixed-point arithmetic, parametric precision • [Feron ICSM’10]: open-loop 32 bits, closed-loop 117 bits 10 / 41

  18. Problems & Contributions Formalization C code implementation 2 Data acquisition through interrupt handlers outside the main loop SIGNAL (SIG_COMMAND) { ... } SIGNAL (SIG_SENSOR1) { ... } void main_loop() { ... } New invariant computation techniques 11 / 41 ⇒ different code structure ⇒ computation of global invariants to check the program runs at the ⇒ correct frequency • transformers • benchmark to compare tools and algorithms

  19. Outline 1 Transformers: Scalability and Accuracy 2 Improvements in Transformer Computation Control-Path Transformers Iterative Analysis Arbitrary-Precision Numbers 3 Model Restructuring State Splitting State Merge 12 / 41

  20. Linear Relation Analysis (LRA) [Cousot & Halbwachs POPL’78] // invariant (precondition) program instruction // invariant (postcondition) x 1 x 2 Good trade-off: computational cost vs. accuracy invariant = system of affine (in)equalities = convex polyhedron x 1 + 7 ≥ 2 x 2 x 2 ≥ 5 − x 1 x 2 ≥ 1 13 / 41

  21. • Propagation • Branch output P 6 : either P 4 or P 5 • Branch output P 7 : • Loop invariant: P 2 entering the loop P 7 after one iteration 1 n 0 P 6 P 2 Linear Relation Analysis (LRA) P 7 [Halbwachs & Henry SAS’12] } else n = 0; if (n < 60) n++; if (rand()) while (rand()) int n = 0; void foo() { 14 / 41

  22. • Branch output P 6 : either P 4 or P 5 • Branch output P 7 : • Loop invariant: P 2 entering the loop P 7 after one iteration 1 n 0 P 6 P 2 P 7 Linear Relation Analysis (LRA) [Halbwachs & Henry SAS’12] } else n = 0; if (n < 60) n++; if (rand()) while (rand()) int n = 0; void foo() { • Propagation // P 0 : true 14 / 41

  23. • Branch output P 6 : either P 4 or P 5 • Branch output P 7 : • Loop invariant: P 2 entering the loop P 7 after one iteration 1 n 0 P 6 P 2 P 7 Linear Relation Analysis (LRA) [Halbwachs & Henry SAS’12] } else n = 0; if (n < 60) n++; if (rand()) while (rand()) int n = 0; void foo() { • Propagation // P 0 : true // P 1 : n = 0 14 / 41

  24. • Branch output P 6 : either P 4 or P 5 • Branch output P 7 : • Loop invariant: P 2 entering the loop P 7 after one iteration 1 n 0 P 6 P 2 P 7 Linear Relation Analysis (LRA) [Halbwachs & Henry SAS’12] } else n = 0; if (n < 60) n++; if (rand()) while (rand()) int n = 0; void foo() { • Propagation // P 0 : true // P 1 : n = 0 // P 2 : n = 0 14 / 41

  25. • Branch output P 6 : either P 4 or P 5 • Branch output P 7 : • Loop invariant: P 2 entering the loop P 7 after one iteration Linear Relation Analysis (LRA) [Halbwachs & Henry SAS’12] P 6 P 2 P 7 if (n < 60) n++; } else n = 0; n 1 if (rand()) while (rand()) int n = 0; void foo() { 0 • Propagation // P 0 : true // P 1 : n = 0 // P 2 : n = 0 // P 3 : n = 0 14 / 41

  26. • Branch output P 6 : either P 4 or P 5 • Branch output P 7 : • Loop invariant: P 2 entering the loop P 7 after one iteration Linear Relation Analysis (LRA) } P 2 P 7 [Halbwachs & Henry SAS’12] if (n < 60) n++; else n = 0; n 0 1 if (rand()) while (rand()) int n = 0; void foo() { P 6 • Propagation in each branch // P 0 : true // P 1 : n = 0 // P 2 : n = 0 // P 3 : n = 0 // P 4 : n = 1 14 / 41

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur

Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur

ECE 0142 Computer Organization Lecture 3 Floating Point Representations 1 Floating-point arithmetic We often incur floating-point programming. Floating point greatly simplifies working with large (e.g., 2 70 ) and small (e.g., 2 -17 )

638 views • 30 slides
Floating Point CSE 238/2038/2138: Systems Programming Instructor: Fatma CORUT ERGN Slides

Floating Point CSE 238/2038/2138: Systems Programming Instructor: Fatma CORUT ERGN Slides

Floating Point CSE 238/2038/2138: Systems Programming Instructor: Fatma CORUT ERGN Slides adapted from Bryant &amp; OHallarons slides Today: Floating Point Background: Fractional binary numbers IEEE floating point standard:

803 views • 52 slides
for Optimization and Analysis of Floating-Point Computations Heiko Becker, Pavel Panchekha, Eva

for Optimization and Analysis of Floating-Point Computations Heiko Becker, Pavel Panchekha, Eva

Combining Tools for Optimization and Analysis of Floating-Point Computations Heiko Becker, Pavel Panchekha, Eva Darulova, Zachary Tatlock FM 2018, 17.07.2018 Floating-Point Computations Are Ubiquitous 2 Floating-Point Computations are Tricky

341 views • 18 slides
Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point

Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point

Floating-point numbers Fractional binary numbers IEEE floating-point standard Floating-point operations and rounding Lessons for programmers Many more details we will skip (its a 58-page standard) See CSAPP 2.4 for more detail. 1

381 views • 15 slides
15-213 The course that gives CMU its Zip! Floating Point Sept 6, 2006 Topics Topics

15-213 The course that gives CMU its Zip! Floating Point Sept 6, 2006 Topics Topics

15-213 The course that gives CMU its Zip! Floating Point Sept 6, 2006 Topics Topics IEEE Floating Point Standard Rounding Floating Point Operations Mathematical properties class03.ppt 15-213, F06 Floating Point

1.03k views • 34 slides
COMMAND AND CONTROL SYSTEMS zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA CRITICAL PATH

COMMAND AND CONTROL SYSTEMS zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA CRITICAL PATH

COMMAND AND CONTROL SYSTEMS zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA CRITICAL PATH APPROACH TO BY D. J. LAMB AND P. F. O'NEILL OPERATIONAL RESEARCH AND ANALYSIS NATIONAL DEFENCE HEADQUARTERS OTTAWA, CANADA OUTLINE OF PRESENTATION

680 views • 45 slides
Floating point Today ! IEEE Floating Point Standard ! Rounding ! Floating Point Operations !

Floating point Today ! IEEE Floating Point Standard ! Rounding ! Floating Point Operations !

Floating point Today ! IEEE Floating Point Standard ! Rounding ! Floating Point Operations ! Mathematical properties Next time ! The machine model Chris Riesbeck, Fall 2011 Monday, October 3, 2011 Checkpoint Monday, October 3, 2011 IEEE

1.07k views • 28 slides
2/10/2020 Today: Floating Point Background: Fractional binary numbers IEEE floating point

2/10/2020 Today: Floating Point Background: Fractional binary numbers IEEE floating point

2/10/2020 Today: Floating Point Background: Fractional binary numbers IEEE floating point standard: Definition Floating Point Example and properties Rounding, addition, multiplication CSci 2021: Machine Architecture and

411 views • 7 slides
9/20/2018 Today: Floating Point Background: Fractional binary numbers IEEE floating point

9/20/2018 Today: Floating Point Background: Fractional binary numbers IEEE floating point

9/20/2018 Today: Floating Point Background: Fractional binary numbers IEEE floating point standard: Definition Floating Point Example and properties Rounding, addition, multiplication CSci 2021: Machine Architecture and

339 views • 7 slides
CENG 342 Digital Systems Simplified Floating-point Adder Larry Pyeatt SDSM&amp;T Binary

CENG 342 Digital Systems Simplified Floating-point Adder Larry Pyeatt SDSM&amp;T Binary

CENG 342 Digital Systems Simplified Floating-point Adder Larry Pyeatt SDSM&amp;T Binary Floating Point Representation Floating point number consists of three components: sign bit, exponent, and mantissa. Example: 12.75: sign is + , exponent

253 views • 12 slides
7. Floating-point Numbers II p 1 , the precision (number of places), e min , the smallest

7. Floating-point Numbers II p 1 , the precision (number of places), e min , the smallest

Floating-point Number Systems A Floating-point number system is defined by the four natural numbers: 2 , the base, 7. Floating-point Numbers II p 1 , the precision (number of places), e min , the smallest possible exponent, e max , the

296 views • 14 slides
CS 356 Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent

CS 356 Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent

3.1 CS 356 Unit 3 IEEE 754 Floating Point Representation 3.2 Floating Point Used to represent very small numbers (fractions) and very large numbers Avogadros Number: +6.0247 * 10 23 Plancks Constant: +6.6254 * 10 -27

789 views • 33 slides
Machine numbers: how floating point numbers are stored? Floating-point number representation

Machine numbers: how floating point numbers are stored? Floating-point number representation

Machine numbers: how floating point numbers are stored? Floating-point number representation What do we need to store when representing floating point numbers in a computer? ! = 1. &amp; 2 ! Initially, different floating-point

379 views • 18 slides
Floating point How arithmetic operations mathematics involving floating point numbers

Floating point How arithmetic operations mathematics involving floating point numbers

Numerical and Scientific Computing with Applications David F . Gleich CS 314, Purdue September 7, 2016 In this class: Floating point How arithmetic operations mathematics involving floating point numbers work. Next class IEEE

812 views • 11 slides
An Asynchronous Floating-Point Multiplier Basit Riaz Sheikh and Rajit Manohar Computer Systems

An Asynchronous Floating-Point Multiplier Basit Riaz Sheikh and Rajit Manohar Computer Systems

An Asynchronous Floating-Point Multiplier Basit Riaz Sheikh and Rajit Manohar Computer Systems Lab Cornell University http://vlsi.cornell.edu/ The person that did the work! Motivation Fast floating-point computation is important for

636 views • 15 slides
Floating Point Data CSCI 125 &amp; 161 / ENGR 144 Floating point numbers are not exact

Floating Point Data CSCI 125 &amp; 161 / ENGR 144 Floating point numbers are not exact

Floating Point Data CSCI 125 &amp; 161 / ENGR 144 Floating point numbers are not exact Value 0.1 is very close to 1/10, but not Lecture 13 precisely equal to it 0.1 10 = 0.000110011001100110011... 2 Cannot rely on accuracy of

313 views • 3 slides
ASPIC-END: A Structured Argumentation Framework to Model Explanations of the Liar Paradox PhDs in

ASPIC-END: A Structured Argumentation Framework to Model Explanations of the Liar Paradox PhDs in

ASPIC-END: A Structured Argumentation Framework to Model Explanations of the Liar Paradox PhDs in Logic IX, Ruhr-Universit at Bochum J er emie Dauphin &amp; Marcos Cramer University of Luxembourg May 2, 2017 J er emie Dauphin

699 views • 36 slides
Computing Invariants with Transformers: Experimental Scalability and Accuracy Vivien Maisonneuve

Computing Invariants with Transformers: Experimental Scalability and Accuracy Vivien Maisonneuve

Computing Invariants with Transformers: Experimental Scalability and Accuracy Vivien Maisonneuve Olivier Hermant Franois Irigoin The Fifth International Workshop on Numerical and Symbolic Abstract Domains (NSAD 2014) Munich, September 10,

698 views • 52 slides
ALICe: A Framework to Improve Affine Loop Invariant Computation Vivien Maisonneuve Olivier

ALICe: A Framework to Improve Affine Loop Invariant Computation Vivien Maisonneuve Olivier

ALICe: A Framework to Improve Affine Loop Invariant Computation Vivien Maisonneuve Olivier Hermant Franois Irigoin 5th International Workshop on Invariant Generation (WING) July 23, 2014 Introduction Need of abstract domains to represent

592 views • 37 slides
Weighted Abstract Dialectical Frameworks Gerhard Brewka Computer Science Institute University of

Weighted Abstract Dialectical Frameworks Gerhard Brewka Computer Science Institute University of

Weighted Abstract Dialectical Frameworks Gerhard Brewka Computer Science Institute University of Leipzig brewka@informatik.uni-leipzig.de joint work with H. Strass, J. Wallner, S. Woltran G. Brewka (Leipzig) Bochum, Dec. 2016 1 / 28 1.

762 views • 39 slides
Instantiating Knowledge Bases in Abstract Dialectical Frameworks Hannes Strass Computer Science

Instantiating Knowledge Bases in Abstract Dialectical Frameworks Hannes Strass Computer Science

Background From DTBs to AFs From DTBs to ADFs Conclusion Instantiating Knowledge Bases in Abstract Dialectical Frameworks Hannes Strass Computer Science Institute Leipzig University, Germany CLIMA XIV 16 September 2013 Hannes Strass CSI

481 views • 30 slides
V erification de syst` emes avec compteurs et pointeurs Arnaud Sangnier LSV, ENS Cachan,

V erification de syst` emes avec compteurs et pointeurs Arnaud Sangnier LSV, ENS Cachan,

V erification de syst` emes avec compteurs et pointeurs Arnaud Sangnier LSV, ENS Cachan, CNRS &amp; EDF R&amp;D 21 Novembre 2008 Th` ese CIFRE r ealis ee dans le cadre du projet RNTL AVERILES 1 Computer systems are everywhere 2

1.18k views • 79 slides
Adaptability and recommendations for the Identification of skills approaches Social SELF-I.

Adaptability and recommendations for the Identification of skills approaches Social SELF-I.

Adaptability and recommendations for the Identification of skills approaches Social SELF-I. Self-empowerment of guidance advisors and VET trainers for the promotion of social inclusion of refugees, asylum seekers and adults in career transition

267 views • 15 slides
Transitive Closures of Affine Integer Tuple Relations and their Overapproximations Sven

Transitive Closures of Affine Integer Tuple Relations and their Overapproximations Sven

Transitive Closures of Affine Integer Tuple Relations and their Overapproximations Sven Verdoolaege Albert Cohen Anna Beletska PARKAS group, INRIA and Ecole Normale Sup erieure de Paris, France September 15, 2011 1 / 30 Outline 1

921 views • 53 slides

More recommend