Introduction to Embedded Systems Chapter 14 Reachability Analysis (14.1, 14.2.1 – 14.2-2)

Post on 05-Jan-2016

28 views 1 download

Preview:

Click to see full reader
Report this document
SHARE

description

Introduction to Embedded Systems Chapter 14 Reachability Analysis (14.1, 14.2.1 – 14.2-2). Hao Zheng U of South Florida. The Challenge of Dependable Software in Embedded Systems. Today ’ s medical devices run on software… software defects can have life-threatening consequences. - PowerPoint PPT Presentation

Transcript of Introduction to Embedded Systems Chapter 14 Reachability Analysis (14.1, 14.2.1 – 14.2-2)

Introduction to Embedded Systems

Chapter 14 Reachability Analysis(14.1, 14.2.1 – 14.2-2)

Hao Zheng

U of South Florida

2

The Challenge of Dependable Software in Embedded Systems

“In 1 of every 12,000 settings, the software can cause an error in the programming resulting in the possibility of producing paced rates up to 185 beats/min.”

Today’s medical devices run on software… software defects can have life-threatening consequences.

“the patient collapsed while walking towards the cashier after refueling his car […] A week later the patient complained to his physician about an increasing feeling of unwell-being since the fall.”

[different device]

[Journal of Pacing and Clinical Electrophysiology, 2004]

3

Graph of FSM modeling 2 trains

and a bridge traffic controller.

Is it possible for the trains to be on a collision path?

[Moritz Hammer, Uni. Muenchen]

4

Reachability Analysis and Model Checking

Reachability analysis is the process of computing the set of reachable states for a system. all three problems can be solved using

reachability analysis

Model checking is an algorithmic method for determining if a system satisfies a formal specification expressed in temporal logic.

Model checking typically performs reachability analysis.

5

A General View of Model Checking

S

E

Compose Verify

Property

System

Environment

YES[proof]

NOcounterexample

M

6

Open vs. Closed Systems

A closed system is one with no inputs

For verification, we obtain a closed system by composing the system and environment models

7

Model Checking G p

Consider an LTL formula of the form Gp where p is a proposition (p is a property on a single state)

To verify Gp on a system M, one simply needs to enumerate all the reachable states and check that they all satisfy p.

The state space found is typically represented as a directed graph called a state graph.

When M is a finite-state machine, this reachability analysis will terminate (in theory).

In practice, though, the number of states may be prohibitively large consuming too much run-time or memory (the state explosion problem).

8

Traffic Light Controller Example

9

Composed FSM for Traffic Light Controller

This FSM has 188 states (due to different values of count)

10

Reachability Analysis Through Graph Traversal

Construct the state graph on the fly

Start with initial state, and explore next states using a suitable graph-traversal strategy.

A state is a collection of a FSM state and values of all variables.

initial state: (red, crossing, count==0)

A successor: (red, crossing, count==1

11

Depth-First Search (DFS)

Maintain 2 data structures:1.Set of visited states R2.Stack with current path from the initial state

Potential problems for a huge graph? State explosion

12

Explicit State Model Checking Example

R = { (red, crossing, 0) }

13

Explicit State Model Checking Example

R = { (red, crossing, 0), (red, crossing, 1) }

14

Explicit State Model Checking Example

R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60) }

15

Explicit State Model Checking Example

R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60),

(green, none, 0) }

16

Explicit State Model Checking Example

R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60),

(green, none, 0), (green, none, 1) }

17

Explicit State Model Checking Example

R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60),

(green, none, 0), (green, none, 1), …, (green, none, 60) }

18

Explicit State Model Checking Example

R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60),

(green, none, 0), (green, none, 1), …, (green, none, 60),

(yellow, waiting, 0) }

19

Explicit State Model Checking Example

R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60),

(green, none, 0), (green, none, 1), …, (green, none, 60),

(yellow, waiting, 0), … (yellow, waiting, 5) }

20

Explicit State Model Checking Example

R = { (red, crossing, 0), (red, crossing, 1), … (red, crossing, 60),

(green, none, 0), (green, none, 1), …, (green, none, 60),

(yellow, waiting, 0), … (yellow, waiting, 5),

(pending, waiting, 1), …, (pending, waiting, 60) }

Top related

Levy Nuclear Plant Units 1 and 2 14.0 INITIAL TEST PROGRAMS · (Related to RG 1.206, Section C.III.1, Chapter 14, C.I.14.2, “Initial Plant Test Program”) 14.2.1 Summary of Test
 Documents
Sounds of Old Technology IB Assessment Statements Topic 14.2., Data Capture and Digital Imaging Using Charge-Coupled Devices (CCDs) 14.2.1.Define capacitance.
 Documents
Reachability Graphs
 Documents
Chapter 14 Environmental outlook · 2017. 11. 14. · Environmental outlook | 306 Chapter 14 Content 14.1 INTRODUCTION 14.2 IMPACT MAPPING 14.2.1 Overview 14.2.2 Sustainable development
 Documents
Oscillator Verification with Probability Onehunt/FMCAD/FMCAD12/s7_p2.pdf · Our Approach: Reachability Analysis Reachability analysis Global convergence by reachability computation
 Documents
Part-turn actuators SQ 05.2 SQ 14.2/SQR 05.2 SQR 14.2 …€¦ · SQ 05.2 – SQ 14.2/SQR 05.2 – SQR 14.2 AUMA NORM (without controls) ... SQ 05.2 – SQ 14.2/SQR 05.2 ... must
 Documents
(One-Path) Reachability Logic
 Documents
Reachability Queries Sept. 2014Yangjun Chen ACS-71021 Outline: Reachability Query Evaluation What is reachability query? Reachability query evaluation.
 Documents
14. Constitutive secondary plant metabolites and soil ...chemsrv0.pph.univie.ac.at/scripten/VO_Chemische... · 14.2 Secondary metabolites as chemical defense 14.2.1 Diversity and
 Documents
Reducing Context-bounded Concurrent Reachability to Sequential Reachability
 Documents
Level-set approach for Reachability Analysis of Hybrid ... · Level-set approach for Reachability Analysis of Hybrid Systems ... Level-set approach for Reachability Analysis of ...
 Documents
Foundations of Reachability Analysis
 Documents
Understanding Bitcoin · 14.1.1 Micropayment Channels 231 14.1.2 Atomic Cross-chain Trading 232 14.2 Alternatives to Proof-of-work 233 14.2.1 Proof-of-stake 234 14.2.2 Proof-of-burn
 Documents
string analysis difficulty reachability fixpoints
 Documents
14. Residency, Citizenship, and Immigrant Status · Residency, Citizenship, and Immigrant Status 14.2 Citizenship 14.2.1 Regulation [63-405.1] An individual who is a United States
 Documents
Chapter 14 · 2020. 5. 26. · CONTENTS 14 UNPLANNED EVENTS 14-1 14.1 INTRODUCTION 14-1 14.2 METHODOLOGY 14-2 14.2.1 Assessing Significance of Risks 14-2 14.3 ASSESSMENT OF SPILLS
 Documents
SignalTemporalLogicmeetsHamilton-Jacobi Reachability ...
 Documents
pms/files/14.2/Article/14.2.1.pdf · ducats per game if n games are played, is '"fair" in the sense of the law of large numbers in (1.2). The result found its way into Feller's classical
 Documents
Oscillator Verification with Probability OneOur Approach: Reachability Analysis Reachability analysis Global convergence by reachability computation Split the entire initial state
 Documents
Henk Dekker John Schot - CORE205 Henk Dekker John Schot 14 Images of the US in the Netherlands 205 14.1 Abstract 205 14.2 Previous Research 206 14.2.1 Motives and Aims 206 14.3 Images,
 Documents

Copyright © 2022 FDOCUMENTS