seminar:sowareengineeringof embeddedsystems( · 2015-04-23 · sowareengineering forembeddedsystems...

So#ware Engineering for Embedded Systems

Prof. Dr. Sabine Glesner Joachim Fellmuth, Nils Jähnig, Verena Klös,

Lydia Ma<ck, Marcus Mikulcak, Sebas@an Schlesinger

Summer term 2015

Seminar: So#ware Engineering of Embedded Systems

-‐ Quality Assurance of Embedded Systems -‐


Seminar PES SS2015 2

Research Areas

n  Projects n  Verifica@on and Transforma@on of Embedded Systems (VaTES)

n  Security in Cyber-‐Physical Systems n  Correct Model transformations (CorMorant) n  Reliable Embedded System design based on Co-‐verifica@on in a Unified Environment (RESCUE)

n  Abstrac@on-‐Based Modular Verifica@on of Self-‐Adap@ve Systems

n  Change Impact-‐Analyses of SoUware Models (CISMo) We are looking for student assistants for all projects!



Formal Verifica@on of Concurrent (Low-‐Level) Code

nils.jaehnig@tu-‐berlin.de



n  Verifica@on of embedded real-‐@me systems

n  Start with abstract specifica@on (CSP-‐based) n  Via high-‐level programming languages n  Un@l low-‐level compiler representa@on (LLVM)

n  Me: consider communica(ng low-‐level code

abstract

concrete



Hoare Logics

n  {P} code {Q} n  If precondi@on P holds, and the execu@on of code terminates, than postcond@on Q holds.

n  What if the execu@on does not terminate? n  What about communica@ng programs?



Topics

n  L. Lamport – The Hoare Logic of CSP, and all that

n  Xu, de Roever, He – The Rely-‐Guarantee Method for Verifying Shared Variable Concurrent Programs

n  Sergey, Nanevski, Banerjee – Specifying and Verifying Concurrent Algorithms with Histories and Subjec@vity



Security in Cyber-‐Physical Systems

joachim.fellmuth@tu-‐berlin.de



Security in CPS

n  Cyber-‐physical systems (CPS) have a number of specific proper@es which are relevant in terms of security

n  Examples are complexity, @ming, limited resources, higher availability requirements

n  Modeling of security has to be adjusted for CPS n  Defense techniques such as Intrusion Detec@on have to be specialized for new types of amacks



Topics

n  Burmester, Magkos, Chrissikopoulos -‐ Modeling security in cyber-‐physical systems

n  X – Zimmer, Bhat, Mueller, Mohan -‐ Time-‐based Intrusion Detec@on in Cyber-‐physical Systems



CorMoranT

[email protected]@tu-‐berlin.de



CorMoranT Overview

Goal Automated verifica@on of refactorings of hybrid Simulink models

𝑑/𝑑𝑡 𝑦(𝑡)=−𝑦(𝑡) 𝑦(𝑡)=exp(−𝑡) Mo@va@on n  Simulink de facto standard for

Model Driven Engineering in Automo@ve, Aerospace etc.

n  Verifica@on esp. in safety-‐cri@cal environments n  Refactorings improve structure, preserve behaviour

Example



Topics

n  Rajeev Alur, Thomas Henzinger, Gerardo Lafferriere, George Pappas, Discrete Abstrac,ons of Hybrid Systems, Proceedings of the IEEE, 2000

n  X – Frank Cassez, Thomas Henzinger, Jean-‐Francois Raskin, A Comparison of Control Problems for Timed and Hybrid Systems, 2002

n  X – Antoine Girard, A. Agung Julius, George Pappas, Approximate Simula,on Rela,ons for Hybrid Systems, Discrete Event Dynamic Systems, 2008



Reliable Embedded System design based on Co-‐verifica@on in a Unified

Environment (RESCUE)

lydia.ma<ck@tu-‐berlin.de



HW/SW Co-Verification

§  HW/SW co-‐design §  Integrated design of hardware and soUware components

of embedded systems §  Enables co-‐verifica@on

§  HW/SW co-‐verificaQon §  Combines verifica@on techniques from the hardware and

soUware world §  Has to cope with various models of computa@on

[ Goal: Comprehensive and systema@c verifica@on of

hardware, soUware and their interplay



Compositional Verification

§  Major problem in embedded systems verifica@on: Scalability

§  Combine verificaQon tools §  Exploit strengths and weaknesses §  Specialized for specific areas

§  QuesQons: §  How to decompose the system? §  How to decompose proper@es?



HW/SW Co-Design

•  SystemC: HW/SW co-‐design language •  Intermediate representaQon for SystemC

designs (SysCIR) •  Transforma@on into input language of

verificaQon tools (UPAAL, BLAST, UCLID)

Ø  Problem: Scalability Ø  Each tool cannot cope with en@re system

Ø  Solu@on: ParQQoning/abstracQon



Slicing/Abstraction

•  Decompose the design by slicing •  Create sub-‐models on various levels of abstrac@on •  Use specialized verifica@on tool to check properies



Topics

•  X – Deian Tabakov, Moshe Y. Vardi, Gila Kamhi, Eli Singerman, A Temporal Language for SystemC, FMCAD 2007

•  Cynthia Sturton, Rohit Sinha, Thurston H.Y. Dang, Sakshi Jain, Michael McCoyd, Symbolic So#ware Model ValidaQon, MEMOCODE 2013

•  X – Dirk Beyer, Thomas A. Henzinger, M. Erkan Keremoglu, Philipp Wendler, CondiQonal Model Checking: A Technique to Pass InformaQon between Verifiers, FSE 2012



Abstrac@on-‐Based Modular Verifica@on of Self-‐adap@ve Systems

verena.kloes@tu-‐berlin.de



AbstracQon-‐Based Modular VerificaQon of Self-‐AdapQve Systems

n  self-‐adap@ve HW/SW co-‐designs (SystemC) n  Adapta@on based on rules and learning techniques n  verifica@on with model checking n  scalability: use abstrac@ons, modular verifica@on



Framework



AbstracQon-‐Based Modular VerificaQon of Self-‐AdapQve Systems

n  learning on abstract models n  generate new rules

n  scalability Ø  split verifica@on tasks Ø  slicing/ abstrac@on



Topics

n  Learning n  Op@mal Planning for Architecture-‐Based Self-‐Adapta@on Via Model Checking of Stochas@c Games

n  Incremental Quan@ta@ve Verifica@on for Markov Decision Processes

n  Scalability n  Refinement Checking for Timed Automata



CISMo

marcus.mikulcak@tu-‐berlin.de



Projekt CISMo

Change Impact Analyses for So#ware Models n  model-‐based development of soUware components in the automo@ve sector

n  Transfer of classic soUware development methods to model-‐based domain (MATLAB/Simulink) n  Change detec@on and impact calcula@on n  Iden@fica@on of security leaks

n  Goal: Development of formal analysis methods for MATLAB/Simulink



Change Impact Analyses

Change Impact Analyses in Model-‐Based Development n  Impact analysis is concerned with the iden@fica@on of

consequences of changes in soUware to ensure quality and maintainability

n  Studied extensively for text-‐based programming languages, but model-‐based development poses different, as of yet unsolved challenges n  Iden@fica@on of changes between models and model revisions n  impact due to higher abstrac@on level of models



InformaQon Flow in Java

Topic 1: Handling Clone Muta(ons in MATLAB/Simulink

n  automo@ve soUware models can contain up to 60.000 blocks

n  possibility to reuse model parts through libraries n  however, oUen slight changes in reusable code required

n  in maintenance and analysis, necessary to manage clones and their changes (muta@ons)



InformaQon Flow in Java

X – Topic 2: MATLAB/Simulink Test Case Genera(on Using Extended Finite Automata

n  For tests of safety-‐cri@cal soUware, extensive test cases are most important

n  Guessing is not an op@on -‐> formal technique to find test cases to cover paths

n  Transla@on into finite automaton, then model checking to find necessary input combina@ons and sequences



Available subjects n  Handling Clone Muta@ons in MATLAB/Simulink n  X – MATLAB/Simulink Test Case Genera@on Using Extended

Finite Automata

Contact

Marcus Mikulcak, marcus.mikulcak@tu-‐berlin.de

seminar:sowareengineeringof embeddedsystems( · 2015-04-23 · sowareengineering forembeddedsystems...

Documents