validation of critical systems
play

Validation of Critical Systems Christiano Braga Instituto de - PowerPoint PPT Presentation

May 12, 2023 •333 likes •1.07k views

2nd School of Theoretical Computer Science and Formal Methods Validation of Critical Systems Christiano Braga Instituto de Computao with Rewriting Logic in Maude Universidade Federal Fluminense s 0 n 1 n 2 start s 1 s 5 t 1 n 2 n 1 t 2 s 2

  1. 2nd School of Theoretical Computer Science and Formal Methods Validation of Critical Systems Christiano Braga Instituto de Computação with Rewriting Logic in Maude Universidade Federal Fluminense

  2. s 0 n 1 n 2 start s 1 s 5 t 1 n 2 n 1 t 2 s 2 c 1 n 2 n 1 c 2 s 6 t 1 t 2 s 3 s 4 s 7 c 1 t 2 t 1 c 2 2nd School of Theoretical Computer Science and Formal Methods Validation of Critical Systems Christiano Braga Instituto de Computação with Rewriting Logic in Maude Universidade Federal Fluminense

  3. Do you know… ❖ that shared resources should properly managed? ❖ how to convert from English units to the metric system? ❖ that coercing a 64-bit number into a 16-bit one implies loss of information? ❖ that static typing helps in the composition of software components? ❖ that one should be thorough and precise in early stages of the software development? ❖ that commands (in any formal language) should be well-formed? ❖ that security is an essential aspect of networked software components? ❖ that the functions a software implements should remain functions after 100 hours of the system execution? ❖ that division is a partial function? ❖ that we should specify our algorithms before implementing them? ❖ that we should specify our processes before implementing them? C. Braga, Validation of Critical Systems 3

  4. Did you know… ❖ Therac-25 software, overdoses of radiation because of a race condition, several deaths between race condition 1985 and 1987? ❖ Mars Climate Orbiter, crashed, unit conversion error, $125M? ❖ Ariane 5 Flight 501, exploded, coercion error, $8B? ❖ UK's EDS Child Support System, component incompatibility, $1B? ❖ Heathrow Terminal 5 luggage system, system shutdown, over 500 flights canceled? ❖ Mariner 1 Spacecraft, self-destructed, command ill-formed, $18B? ❖ Morris Worm, coding error, crashed thousands of computers, $100M? ❖ U.S. Patriot missile defense system, failed, 28 soldiers killed? ❖ Pentium FDIV bug, cost $475M to Intel? ❖ Knight's stock trading algorithms, erratic trades, $440M in 30 min.? ❖ NOAA-19 Satellite, poor manhandling, $135M? C. Braga, Validation of Critical Systems 4

  5. Some basic questions… ❖ How to specify a component? ❖ How to specify the properties a component should have? ❖ How to make sure that a component has the desired properties? C. Braga, Validation of Critical Systems 5

  6. How to specify a component? L = ( Q , δ , L ) A = ( Σ , Q , δ , q 0 , F ) s 0 n 1 n 2 start ❖ Theory of computation to the rescue: automata theory! s 1 s 5 t 1 n 2 n 1 t 2 ❖ Example: a mutual exclusion s 2 c 1 n 2 n 1 c 2 s 6 t 1 t 2 protocol s 3 s 4 s 7 c 1 t 2 t 1 c 2 C. Braga, Validation of Critical Systems 6

  7. How to specify the properties a component should have? Safety properties specify that “nothing bad” ever happens. Liveness properties are such that “something good” happens from time to time. ❖ Logic to the rescue: logics of change! Safety: G¬ ( c 1 ∧ c 2 ) Liveness: G ( t 1 → F c 1 ) ❖ Example: Temporal logic C. Braga, Validation of Critical Systems 7

  8. How to specify the properties a component should have? G means “always” and F denotes “eventually”. Formulae are interpreted on Kripke structures, Kripke which are essentially graphs, and so are LTS! graphs LTS ❖ Logic to the rescue: logics of change! Safety: G¬ ( c 1 ∧ c 2 ) Liveness: G ( t 1 → F c 1 ) ❖ Example: Temporal logic L = ( Q , δ , L ) K = ( W, R ) C. Braga, Validation of Critical Systems 8

  9. How to make sure that a component has the desired properties? Is formula satisfiable in model M starting at state s 0 ? ϕ M, s 0 | = ϕ ❖ Logic to the rescue: model checking! model checking ❖ Automatically, by the way! M, s 0 | = Liveness G ( t 1 → F c 1 ) C. Braga, Validation of Critical Systems 9

  10. How to make sure that a component has the desired properties? ❖ If a property does not hold, a counter-example is produced. C. Braga, Validation of Critical Systems 10

  11. How to make sure that a component has the desired properties? Liveness fails… s 0 n 1 n 2 start s 1 s 5 t 1 n 2 n 1 t 2 s 2 c 1 n 2 n 1 c 2 s 6 t 1 t 2 s 3 s 4 s 7 c 1 t 2 t 1 c 2 C. Braga, Validation of Critical Systems 11

  12. How to make sure that a component has the desired properties? Fixing liveness s 0 n 1 n 2 start s 1 s 5 t 1 n 2 n 1 t 2 s 2 c 1 n 2 s 3 s 8 n 1 c 2 s 6 t 1 t 2 t 1 t 2 s 4 s 7 c 1 t 2 t 1 c 2 C. Braga, Validation of Critical Systems 12

  13. Some logics of change ❖ The structure (or ``data type'') where theories are interpreted over (a.k.a Kripke structure) is essentially a state-transition system. (A general form of automata.) ❖ Modal logics, where temporal logics form a subclass. ❖ Substructural logics, where different forms to organize formulae give rise to different logics. ❖ Rewriting logic , a computational logic that may Rewriting logic represent different logical and semantics frameworks. C. Braga, Validation of Critical Systems 13

  14. What is Rewriting Logic? ❖ A logic to reason on concurrent systems. ❖ The state of a system is denoted by a term in a suitable rewrite theory. ❖ Computations are deductions in the given rewrite theory. C. Braga, Validation of Critical Systems 14

  15. RWL rules of deduction, graphically ❖ Reflexivity t t ❖ Transitivity t 1 t 3 t 2 C. Braga, Validation of Critical Systems 15

  16. RWL rules of deduction, graphically u v ❖ Equality = = u 0 v 0 C. Braga, Validation of Critical Systems 16

  17. RWL rules of deduction, graphically f t 1 t 2 t 3 t 4 ❖ Congruence f t 0 t 0 t 0 t 0 1 2 3 4 C. Braga, Validation of Critical Systems Back to MUTEX 17

  18. RWL rules of deduction, graphically t t 1 t 2 t 3 t 4 ❖ Replacement t 0 t 0 t 0 t 0 t 0 1 2 3 4 C. Braga, Validation of Critical Systems 18

  19. Maude http://maude.cs.uiuc.edu ❖ A specification language and a system. ❖ Maude is an implementation of Rewriting Logic, such implementation that descriptions in Maude denote theories in RWL. ❖ Deductions in RWL correspond to rewrites in Maude. C. Braga, Validation of Critical Systems 19

  20. MUTEX in Maude - Specification Signature Types (or sorts) for process state, configuration mod MUTEX is (set) of processes and a system of processes. The pr NAT . sort Proc is included in the sort of configuration of processes. sort Proc Conf System . subsort Proc < Conf . ops idle try critical : Nat -> Proc [ctor] . op empty : -> Conf [ctor] . op __ : Conf Conf -> Conf [ctor assoc comm id: empty ] . op {_} : Conf ~> System [ctor] . op inCrit? : Conf -> Bool . op dup? : Conf -> Bool . (…) 20

  21. MUTEX in Maude - Specification Signature Processes, configurations of processes and System are declared with (constructor) operators. mod MUTEX is Configurations are constructed with associative, pr NAT . commutative (juxtaposition) operator, with empty as its identity operation. sort Proc Conf System . subsort Proc < Conf . ops idle try critical : Nat -> Proc [ctor] . op empty : -> Conf [ctor] . op __ : Conf Conf -> Conf [ctor assoc comm id: empty ] . op {_} : Conf ~> System [ctor] . op inCrit? : Conf -> Bool . op dup? : Conf -> Bool . 21

  22. MUTEX in Maude - Specification Signature This operator is necessary to control de congruence rule . More on this when we discuss the mod MUTEX is rule-based specification of the behavior of the pr NAT . protocol. sort Proc Conf System . subsort Proc < Conf . ops idle try critical : Nat -> Proc [ctor] . op empty : -> Conf [ctor] . op __ : Conf Conf -> Conf [ctor assoc comm id: empty ] . op {_} : Conf ~> System [ctor] . op inCrit? : Conf -> Bool . op dup? : Conf -> Bool . 22

  23. MUTEX in Maude - Specification Signature Predicates inCrit? and dup? are auxiliary mod MUTEX is operations, explained next… pr NAT . sort Proc Conf System . subsort Proc < Conf . ops idle try critical : Nat -> Proc [ctor] . op empty : -> Conf [ctor] . op __ : Conf Conf -> Conf [ctor assoc comm id: empty ] . op {_} : Conf ~> System [ctor] . op inCrit? : Conf -> Bool . op dup? : Conf -> Bool . 23

  24. MUTEX in Maude - Specification Equations (Conditional) membership equations allow for the specification of partiality. Operator {_} is partial: terms of sort System are only those such that this equation hold. var C : Conf . vars N M : Nat . cmb { C } : System if not dup?(C) . eq dup?(idle(N) idle(N) C) = true . eq dup?(idle(N) try(N) C) = true . eq dup?(idle(N) critical(N) C) = true . eq dup?(try(N) critical(N) C) = true . eq dup?(C) = false [owise] . eq inCrit?(critical(N) C) = true . eq inCrit?(C) = false [owise] . 24

  25. MUTEX in Maude - Specification Predicate dup? checks if a process Equations configuration has (at least) one repeated process id, denoted by a natural number. var C : Conf . vars N M : Nat . cmb { C } : System if not dup?(C) . eq dup?(idle(N) idle(N) C) = true . eq dup?(idle(N) try(N) C) = true . eq dup?(idle(N) critical(N) C) = true . eq dup?(try(N) critical(N) C) = true . eq dup?(C) = false [owise] . eq inCrit?(critical(N) C) = true . eq inCrit?(C) = false [owise] . 25

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

!&quot;#$!#!%&amp; Critical thinking Validation = critical assessment How good is my

!&quot;#$!#!%&amp; Critical thinking Validation = critical assessment How good is my

!&quot;#$!#!%&amp; EMBO Course on SAS, EMBL-HH, 2 November 2014 Applied common sense The why, what and how of validation Gerard J. Kleywegt Protein Data Bank in Europe (pdbe.org) EMBL-EBI, Cambridge, UK Validation according to the dictionary

407 views • 19 slides
Systems Engineering Presentation 2 1. Requirements to be verified at the Fall Validation

Systems Engineering Presentation 2 1. Requirements to be verified at the Fall Validation

Systems Engineering Presentation 2 1. Requirements to be verified at the Fall Validation Experiment 2. Significant changes to the architectures 3. Work Breakdown Structure 4. Critical path on your schedule 5. Top 3 risks and planned mitigation

567 views • 19 slides
Verification and Validation of Sensors and Systems Using Systems Engineering Methods John de

Verification and Validation of Sensors and Systems Using Systems Engineering Methods John de

IADC/SPE International Drilling 35 March 2020 1 Conference and Exhibition Galveston Island Convention Center, Galveston, Texas IADC / SPE 199589 Verification and Validation of Sensors and Systems Using Systems Engineering Methods John de

389 views • 17 slides
Operational Validation of EGNOS for Safety of Life Applications Author: David Pole Systems

Operational Validation of EGNOS for Safety of Life Applications Author: David Pole Systems

Operational Validation of EGNOS for Safety of Life Applications Author: David Pole Systems Engineer (NATS) Co-Author: Richard Handford Systems Engineer (NATS) 30 th October 2008 Nav 08 Presentation Overview Validation Motivations

666 views • 20 slides
Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values

Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values

Form Validation 1 CS380 What is form validation? 2 validation: ensuring that form's values are correct some types of validation: preventing blank values (email address) ensuring the type of values integer, real number,

284 views • 24 slides
Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far

Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far

Data Mining II Model Validation Heiko Paulheim Why Model Validation? We have seen so far Various metrics (e.g., accuracy, F-measure, RMSE, ) Evaluation protocol setups Split Validation Cross Validation Special

1.04k views • 55 slides
S V V .lu software verification &amp; validation Testing of Cyber-Physical Systems:

S V V .lu software verification &amp; validation Testing of Cyber-Physical Systems:

S V V .lu software verification &amp; validation Testing of Cyber-Physical Systems: Diversity-driven Strategies Lionel Briand COW 57, London, UK Cyber-Physical Systems A system of collaborating computational elements controlling

808 views • 41 slides
Chapter 5 Analysis: Four Level for Validation Vis/Visual Analytics, Chap 5 Validation 1 CGGM

Chapter 5 Analysis: Four Level for Validation Vis/Visual Analytics, Chap 5 Validation 1 CGGM

Chapter 5 Analysis: Four Level for Validation Vis/Visual Analytics, Chap 5 Validation 1 CGGM Lab., CS Dept., NCTU Jung Hong Chuang Contents Why Validate? Validation Approaches Domain Why is Validation Abstraction

724 views • 47 slides
Synchronization: Critical Sections &amp; Semaphores Why? Examples What? The Critical

Synchronization: Critical Sections &amp; Semaphores Why? Examples What? The Critical

CPSC-313: Introduction to Computer Systems Process Synchronization: Critical Sections, Semaphores, Monitors Synchronization: Critical Sections &amp; Semaphores Why? Examples What? The Critical Section Problem How? Software solutions

521 views • 23 slides
Capital Quality Validation Webinar Sept. 17, 2020 Agenda Validation Overview

Capital Quality Validation Webinar Sept. 17, 2020 Agenda Validation Overview

Capital Quality Validation Webinar Sept. 17, 2020 Agenda Validation Overview Validation Timeline Authorized Representative Validation Process How to Log In to QuickBase How to Reset Your Password How to

451 views • 43 slides
Independent Performance Validation for Robust and Resilient DP Systems Steven Cargill DNV GL

Independent Performance Validation for Robust and Resilient DP Systems Steven Cargill DNV GL

DYNAMIC POSITIONING CONFERENCE OCTOBER 911, 2017 DESIGN Independent Performance Validation for Robust and Resilient DP Systems Steven Cargill DNV GL Noble Denton Marine Services Chunying Li Aspin Kemp &amp; Associats The three pegs The

914 views • 31 slides
Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and

Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and

1 Adaptive Fault Tolerant Systems: Adaptive Fault Tolerant Systems: Reflective Design and Validation Reflective Design and Validation Marc-Olivier Killijian Dependable Computing and Fault Tolerance Research Group Toulouse - France 2

865 views • 50 slides
LaGov LaGov Validation Session Agenda Validation Session Agenda Purpose Work Session

LaGov LaGov Validation Session Agenda Validation Session Agenda Purpose Work Session

Validation Session Validation Session Validation Session Finance Team Finance Team Finance Team Project Systems Project Systems Project Systems December 10 &amp; 11, 2008 December 10 &amp; 11, 2008 December 10 &amp; 11, 2008 LaGov LaGov

1.29k views • 100 slides
Occams Razor Sampling Bias : generate the data carefuly Data Snooping : handle the data

Occams Razor Sampling Bias : generate the data carefuly Data Snooping : handle the data

recap: Validation and Cross Validation Validation Cross Validation D ( N ) D 1 D 2 D N D train Learning From Data D ( N K ) g 1 g 2 g N Lecture 14 ( x 1 , y 1 ) ( x 2 , y 2 ) ( x N , y N ) Three Learning Principles D

486 views • 15 slides
AngularJS &amp; Bootstrap Form Validation HTML default validation Browsers have built-in

AngularJS &amp; Bootstrap Form Validation HTML default validation Browsers have built-in

AngularJS &amp; Bootstrap Form Validation HTML default validation Browsers have built-in HTML validation These work when the type attribute is given to an input element We might want better validation than is provided by the web

328 views • 13 slides
Verification and Validation in Cyber-Physical Systems: Research Challenges and a Way Forward Xi

Verification and Validation in Cyber-Physical Systems: Research Challenges and a Way Forward Xi

Verification and Validation in Cyber-Physical Systems: Research Challenges and a Way Forward Xi (James) Zheng Christine Julien The Center for Advanced Research in Software Engineering The University of Texas at Austin Does this look

167 views • 14 slides
Physics 115 General Physics II Session 21 Energy in E fields Electric Current Batteries

Physics 115 General Physics II Session 21 Energy in E fields Electric Current Batteries

Physics 115 General Physics II Session 21 Energy in E fields Electric Current Batteries Resistance R. J. Wilkes Email: phy115a@u.washington.edu Home page: http://courses.washington.edu/phy115a/ 5/6/14 1 Lecture Schedule (up to

466 views • 17 slides
Irvine/Underground Device Evaluating Attenuation Length Andrew Renshaw ANT 2011 Oct 11 th 2011

Irvine/Underground Device Evaluating Attenuation Length Andrew Renshaw ANT 2011 Oct 11 th 2011

Irvine/Underground Device Evaluating Attenuation Length Andrew Renshaw ANT 2011 Oct 11 th 2011 University of California, Irvine The Labs UCI Laboratory Setup IDEAL band - pass pure water Gd pretreat system system system Gd removal

718 views • 30 slides
1 most of their time thinking about the fundamentals, to take a step back and look at the broader

1 most of their time thinking about the fundamentals, to take a step back and look at the broader

MITOCW | 1. Introduction The following content is provided under a Creative Commons license. Your support will help MIT OpenCourseWare continue to offer high quality educational resources for free. To make a donation or view additional materials

779 views • 32 slides
Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam

Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam

Introduction Lets Attack A Time-Memory Trade-Off The LanManager Hash Physical Attacks Password Cracking Sam Martin and Mark Tokutomi CS466/566: Computer Security April 22, 2012 Sam Martin and Mark Tokutomi Password Cracking

1.49k views • 76 slides
Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is

Cryptography Basics Network Security Instructor: Haojin Zhu 1 Cryptography What is cryptography? Related fields: Cryptography (&quot;secret writing&quot;): Making secret messages Turning plaintext (an ordinary readable message)

1.2k views • 57 slides
Developing and Deploying Sensor Network Applications with AnduIN Daniel Klan Katja Hose Kai-Uwe

Developing and Deploying Sensor Network Applications with AnduIN Daniel Klan Katja Hose Kai-Uwe

Developing and Deploying Sensor Network Applications with AnduIN Daniel Klan Katja Hose Kai-Uwe Sattler Databases &amp; Information Systems Group Ilmenau University of Technology, Germany Outline Introduction AnduIN Query

1.09k views • 19 slides
Proactive Adaptations in Sensor Network Query Processing Alan B. Stokes , Alvaro A. A. Fernandes,

Proactive Adaptations in Sensor Network Query Processing Alan B. Stokes , Alvaro A. A. Fernandes,

Proactive Adaptations in Sensor Network Query Processing Alan B. Stokes , Alvaro A. A. Fernandes, Norman W. Paton School of Computer Science University of Manchester Manchester, UK { a.stokes|alvaro|norm } @cs.man.ac.uk SSDBM 2014 Basics:

620 views • 31 slides
CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric

CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric

CPSC 418/MATH 318 Introduction to Cryptography Outline Course Technicalities, Symmetric Cryptosystems Course Technicalities Renate Scheidler 1 Department of Mathematics &amp; Statistics Overview of Cryptography 2 Department of Computer

222 views • 9 slides

More recommend