ABSTRACT
Embedded systems use increasingly complex software and are evolving into cyber-physical systems (CPS) with sophisticated interaction and coupling between physical and computational processes. Many CPS operate in safety-critical environments and have stringent certification, reliability, and correctness requirements. These systems undergo changes throughout their lifetimes, where either the software or physical hardware is updated in subsequent design iterations. One source of failure in safety-critical CPS is when there are unstated assumptions in either the physical or cyber parts of the system, and new components do not match those assumptions. In this work, we present an automated method towards identifying unstated assumptions in CPS. Dynamic specifications in the form of candidate invariants of both the software and physical components are identified using dynamic analysis (executing and/or simulating the system implementation or model thereof). A prototype tool called Hynger (for HYbrid iNvariant GEneratoR) was developed that instruments Simulink/Stateflow (SLSF) model diagrams to generate traces in the input format compatible with the Daikon invariant inference tool, which has been extensively applied to software systems. Hynger, in conjunction with Daikon, is able to detect candidate invariants of several CPS case studies. We use the running example of a DC-to-DC power converter, and demonstrate that Hynger can detect a specification mismatch where a tolerance assumed by the software is violated due to a plant change.
- B. Beizer, Software testing techniques (2nd ed.). New York, NY, USA: Van Nostrand Reinhold Co., 1990. Google ScholarDigital Library
- K. Manamcheri, S. Mitra, S. Bak, and M. Caccamo, "A step towards verification and synthesis from Simulink/Stateflow models," in Proc. of the 14th Intl. Conf. on Hybrid Systems: Computation and Control (HSCC). ACM, 2011, pp. 317--318. Google ScholarDigital Library
- M. Ernst, J. Cockrell, W. G. Griswold, and D. Notkin, "Dynamically discovering likely program invariants to support program evolution," Software Engineering, IEEE Transactions on, vol. 27, no. 2, pp. 99--123, 2001. Google ScholarDigital Library
- M. D. Ernst, J. H. Perkins, P. J. Guo, S. McCamant, C. Pacheco, M. S. Tschantz, and C. Xiao, "The Daikon system for dynamic detection of likely invariants," Science of Computer Programming, vol. 69, no. 1--3, pp. 35--45, Dec. 2007. Google ScholarDigital Library
- G. Frehse, C. Le Guernic, A. Donzé, S. Cotton, R. Ray, O. Lebeltel, R. Ripado, A. Girard, T. Dang, and O. Maler, "SpaceEx: Scalable verification of hybrid systems," in Computer Aided Verification (CAV), ser. LNCS. Springer, 2011. Google ScholarDigital Library
- National Highway Traffic Safety Administration (NHTSA), "Honda automatic transmission control module software (recall #11v395000)," Aug. 2011.Google Scholar
- J. L. Lions, "Ariane 5 flight 501 failure," Paris, France, Tech. Rep., Jul. 1996. {Online}. Available: http://www.di.unito.it/~damiani/ariane5rep.htmlGoogle Scholar
- "Ariane 5 flight 501 failure, report by the inquiry board," ESA Inquiry Board, Paris, France, Tech. Rep., Jul. 1996. {Online}. Available: https://www.ima.umn.edu/~arnold/disasters/ariane5rep.htmlGoogle Scholar
- K. McCaney, "Pentagon's rapid plan for maintaining air superiority," http://defensesystems.com/Articles/2014/05/01/DARPAsystem-of-systems-SoSITE.aspx, 2014.Google Scholar
- L. V. Nguyen and T. T. Johnson, "Benchmark: Dc-to-dc switched-mode power converters (buck converters, boost converters, and buck-boost converters)," in Applied Verification for Continuous and Hybrid Systems Workshop (ARCH 2014), Berlin, Germany, Apr. 2014.Google Scholar
- L. V. Nguyen, H.-D. Tran, and T. Johnson, "Virtual prototyping for distributed control of a fault-tolerant modular multilevel inverter for photovoltaics," Energy Conversion, IEEE Transactions on, vol. 29, no. 4, pp. 841--850, Dec. 2014.Google ScholarCross Ref
- T. T. Johnson, Z. Hong, and A. Kapoor, "Design verification methods for switching power converters," in Power and Energy Conference at Illinois (PECI), 2012 IEEE, Feb. 2012, pp. 1--6.Google Scholar
- S. Hossain, S. Dhople, and T. T. Johnson, "Reachability analysis of closed-loop switching power converters," in Power and Energy Conference at Illinois (PECI), 2013, pp. 130--134.Google Scholar
- R. P. Severns and G. Bloom, Modern DC-to-DC Switchmode Power Converter Circuits. New York, New York: Van Nostrand Reinhold Company, 1985.Google ScholarCross Ref
- R. W. Erickson and D. Maksimović, Fundamentals of Power Electronics, 2nd ed. Springer, 2004.Google Scholar
- P. Cuoq, F. Kirchner, N. Kosmatov, V. Prevosto, J. Signoles, and B. Yakobowski, "Frama-c: A software analysis perspective," in Software Engineering and Formal Methods, ser. LNCS, G. Eleftherakis, M. Hinchey, and M. Holcombe, Eds. Springer Berlin Heidelberg, 2012, vol. 7504, pp. 233--247. Google ScholarDigital Library
- N. Lynch, R. Segala, and F. Vaandrager, "Hybrid I/O automata," Information and Computation, vol. 185, no. 1, pp. 105--157, 2003. Google ScholarDigital Library
- R. Alur, T. Dang, J. Esposito, Y. Hur, F. Ivancic, V. Kumar, P. Mishra, G. Pappas, and O. Sokolsky, "Hierarchical modeling and analysis of embedded systems," Proceedings of the IEEE, vol. 91, no. 1, pp. 11--28, Jan. 2003.Google ScholarCross Ref
- C. Zhou and R. Kumar, "Semantic translation of simulink diagrams to input/output extended finite automata," Discrete Event Dynamic Systems, vol. 22, no. 2, pp. 223--247, 2012. Google ScholarDigital Library
- S. Tripakis, C. Stergiou, C. Shaver, and E. A. Lee, "A modular formal semantics for ptolemy," Mathematical Structures in Computer Science, vol. 23, pp. 834--881, 8 2013.Google ScholarCross Ref
- S. Bensalem, M. Bozga, A. Legay, T.-H. Nguyen, J. Sifakis, and R. Yan, "Component-based verification using incremental design and invariants," Software & Systems Modeling, pp. 1--25, 2014.Google Scholar
- E. Schwartz, T. Avgerinos, and D. Brumley, "All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask)," in Security and Privacy (SP), 2010 IEEE Symposium on, May 2010, pp. 317--331. Google ScholarDigital Library
- L. Moura and N. Bjørner, "Satisfiability modulo theories: An appetizer," in Formal Methods: Foundations and Applications, ser. LNCS, M. M. Oliveira and J. Woodcock, Eds. Springer Berlin Heidelberg, 2009, vol. 5902, pp. 23--36. Google ScholarDigital Library
- C. Barrett, A. Stump, and C. Tinelli, "The SMT-LIB standard: Version 2.0," 2010. {Online}. Available: http://smt-lib.org/Google Scholar
- L. De Moura and N. Bjørner, "Z3: An efficient SMT solver," in Proc. of 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, ser. TACAS '08/ETAPS '08. Springer-Verlag, 2008, pp. 337--340. Google ScholarDigital Library
- Y. Annpureddy, C. Liu, G. Fainekos, and S. Sankaranarayanan, "S-taliro: A tool for temporal logic falsification for hybrid systems," in Tools and Algorithms for the Construction and Analysis of Systems. Springer, 2011. Google ScholarDigital Library
- X. Jin, J. V. Deshmukh, J. Kapinski, K. Ueda, and K. Butts, "Benchmarks for model transformations and conformance checking," in 1st International Workshop on Applied Verification for Continuous and Hybrid Systems (ARCH), 2014.Google Scholar
- A. Donzé, "Breach, a toolbox for verification and parameter synthesis of hybrid systems," in Computer Aided Verification, ser. Lecture Notes in Computer Science, T. Touili, B. Cook, and P. Jackson, Eds. Springer Berlin/Heidelberg, 2010, vol. 6174, pp. 167--170. Google ScholarDigital Library
- X. Jin, A. Donzé, J. V. Deshmukh, and S. A. Seshia, "Mining requirements from closed-loop control models," in Proceedings of the 16th international conference on Hybrid systems: computation and control, ser. HSCC '13. New York, NY, USA: ACM, 2013, pp. 43--52. Google ScholarDigital Library
- N. Nethercote and J. Seward, "Valgrind: A framework for heavyweight dynamic binary instrumentation," in Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation, ser. PLDI '07. New York, NY, USA: ACM, 2007, pp. 89--100. Google ScholarDigital Library
- J. W. Nimmer and M. D. Ernst, "Automatic generation of program specifications," in Proceedings of the 2002 ACM SIGSOFT international symposium on Software testing and analysis, ser. ISSTA '02. New York, NY, USA: ACM, 2002, pp. 229--239. Google ScholarDigital Library
- A. Reder and A. Egyed, "Determining the cause of a design model inconsistency," Software Engineering, IEEE Transactions on, vol. 39, no. 11, pp. 1531--1548, Nov. 2013. Google ScholarDigital Library
- D. Garlan, R. Allen, and J. Ockerbloom, "Architectural mismatch or why it's hard to build systems out of existing parts," in Software Engineering, 1995. ICSE 1995. 17th International Conference on, Apr. 1995, pp. 179--179. Google ScholarDigital Library
- M. Whalen, A. Gacek, D. Cofer, A. Murugesan, M. Heimdahl, and S. Rayadurgam, "Your what is my how: Iteration and hierarchy in system design," Software, IEEE, vol. 30, no. 2, pp. 54--60, Mar. 2013. Google ScholarDigital Library
- M. Boshernitsan, R. Doong, and A. Savoia, "From Daikon to Agitator: Lessons and challenges in building a commercial tool for developer testing," in Proceedings of the 2006 international symposium on Software testing and analysis, ser. ISSTA '06. New York, NY, USA: ACM, 2006, pp. 169--180. Google ScholarDigital Library
- C. Csallner, N. Tillmann, and Y. Smaragdakis, "DySy: Dynamic symbolic execution for invariant inference," in Software Engineering, 2008. ICSE '08. ACM/IEEE 30th International Conference on, 2008, pp. 281--290. Google ScholarDigital Library
- R. M. Hierons, K. Bogdanov, J. P. Bowen, R. Cleaveland, J. Derrick, J. Dick, M. Gheorghe, M. Harman, K. Kapoor, P. Krause, G. Lüttgen, A. J. H. Simons, S. Vilkomir, M. R. Woodward, and H. Zedan, "Using formal specifications to support testing," ACM Comput. Surv., vol. 41, no. 2, pp. 9:1--9:76, Feb. 2009. Google ScholarDigital Library
- F. Bernardini, M. Gheorghe, F. J. Romero-Campero, and N. Walkinshaw, "A hybrid approach to modeling biological systems," in Membrane Computing, ser. LNCS, G. Eleftherakis, P. Kefalas, G. Paun, G. Rozenberg, and A. Salomaa, Eds. Springer Berlin Heidelberg, 2007, vol. 4860, pp. 138--159. Google ScholarDigital Library
- H. Yang, B. Hoxha, and G. Fainekos, "Querying parametric temporal logic properties on embedded systems," in International Conference on Testing Software and Systems, ser. Lecture Notes in Computer Science, B. Nielsen and C. Weise, Eds. Springer Berlin Heidelberg, 2012, vol. 7641, pp. 136--151.Google Scholar
- P. S. Duggirala, S. Mitra, and M. Viswanathan, "Verification of annotated models from executions," in Proceedings of the Eleventh ACM International Conference on Embedded Software (EMSOFT '13). Piscataway, NJ, USA: IEEE Press, 2013. Google ScholarDigital Library
- Z. Huang and S. Mitra, "Proofs from simulations and modular annotations," in Proceedings of the 17th International Conference on Hybrid Systems: Computation and Control, ser. HSCC '14. New York, NY, USA: ACM, 2014, pp. 183--192. Google ScholarDigital Library
- J. Ouaknine and J. Worrell, "Some recent results in metric temporal logic," in Formal Modeling and Analysis of Timed Systems, ser. LNCS, F. Cassez and C. Jard, Eds. Springer Berlin Heidelberg, 2008, vol. 5215, pp. 1--13. Google ScholarDigital Library
- J. H. Perkins, S. Kim, S. Larsen, S. Amarasinghe, J. Bachrach, M. Carbin, C. Pacheco, F. Sherwood, S. Sidiroglou, G. Sullivan, W.-F. Wong, Y. Zibin, M. D. Ernst, and M. Rinard, "Automatically patching errors in deployed software," in Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles (SOSP '09). New York, NY, USA: ACM, 2009, pp. 87--102. Google ScholarDigital Library
- S. Bak, T. T. Johnson, M. Caccamo, and L. Sha, "Real-time reachability for verified simplex design," in IEEE Real-Time Systems Symposium (RTSS). Rome, Italy: IEEE Computer Society, Dec. 2014.Google Scholar
- T. Nguyen, D. Kapur, W. Weimer, and S. Forrest, "Using dynamic analysis to discover polynomial and array invariants," in Proceedings of the 34th International Conference on Software Engineering, ser. ICSE '12. Piscataway, NJ, USA: IEEE Press, 2012, pp. 683--693. Google ScholarDigital Library
- T. Nguyen, D. Kapur, W. Weimer, and S. Forrest, "Using dynamic analysis to generate disjunctive invariants," in Proceedings of the 36th International Conference on Software Engineering, ser. ICSE 2014. New York, NY, USA: ACM, 2014, pp. 608--619. Google ScholarDigital Library
- T. Nguyen, D. Kapur, W. Weimer, and S. Forrest, "DIG: A dynamic invariant generator for polynomial and array invariants," ACM Transactions on Software Engineering and Methodology, to appear, 2014. Google ScholarDigital Library
Index Terms
- Cyber-physical specification mismatch identification with dynamic analysis
Recommendations
Cyber-Physical Specification Mismatches
Special Issue on Medical CPS PapersEmbedded systems use increasingly complex software and are evolving into cyber-physical systems (CPS) with sophisticated interaction and coupling between physical and computational processes. Many CPS operate in safety-critical environments and have ...
Towards Independent In-Cloud Evolution of Cyber-Physical Systems
CPSNA '14: Proceedings of the 2014 IEEE International Conference on Cyber-Physical Systems, Networks, and ApplicationsThe capabilities of Cyber-Physical Systems (CPSs) are increasingly being extended towards new composite services deployed across a range of smart sensing and controlling devices. These services enable the emergence of multiple end-to-end cyber-physical ...
An Integrated Specification Logic for Cyber-Physical Systems
ICECCS '09: Proceedings of the 2009 14th IEEE International Conference on Engineering of Complex Computer SystemsCyber-physical systems denote a new modeling paradigm that promotes a holistic view on complex systems. These systems have been studied before from various particular perspectives using paradigms like ubiquitous and distributed computing or embedded and ...
Comments