seminar:sowareengineeringof embeddedsystems( · 2015-04-23 · sowareengineering forembeddedsystems...
TRANSCRIPT
So#ware Engineering for Embedded Systems
Prof. Dr. Sabine Glesner Joachim Fellmuth, Nils Jähnig, Verena Klös,
Lydia Ma<ck, Marcus Mikulcak, Sebas@an Schlesinger
Summer term 2015
Seminar: So#ware Engineering of Embedded Systems
-‐ Quality Assurance of Embedded Systems -‐
So#ware Engineering for Embedded Systems
Seminar PES SS2015 2
Research Areas
n Projects n Verifica@on and Transforma@on of Embedded Systems (VaTES)
n Security in Cyber-‐Physical Systems n Correct Model transformations (CorMorant) n Reliable Embedded System design based on Co-‐verifica@on in a Unified Environment (RESCUE)
n Abstrac@on-‐Based Modular Verifica@on of Self-‐Adap@ve Systems
n Change Impact-‐Analyses of SoUware Models (CISMo) We are looking for student assistants for all projects!
So#ware Engineering for Embedded Systems
Seminar PES SS2015 3
Formal Verifica@on of Concurrent (Low-‐Level) Code
nils.jaehnig@tu-‐berlin.de
So#ware Engineering for Embedded Systems
Seminar PES SS2015 4
n Verifica@on of embedded real-‐@me systems
n Start with abstract specifica@on (CSP-‐based) n Via high-‐level programming languages n Un@l low-‐level compiler representa@on (LLVM)
n Me: consider communica(ng low-‐level code
abstract
concrete
So#ware Engineering for Embedded Systems
Seminar PES SS2015 5
Hoare Logics
n {P} code {Q} n If precondi@on P holds, and the execu@on of code terminates, than postcond@on Q holds.
n What if the execu@on does not terminate? n What about communica@ng programs?
So#ware Engineering for Embedded Systems
Seminar PES SS2015 6
Topics
n L. Lamport – The Hoare Logic of CSP, and all that
n Xu, de Roever, He – The Rely-‐Guarantee Method for Verifying Shared Variable Concurrent Programs
n Sergey, Nanevski, Banerjee – Specifying and Verifying Concurrent Algorithms with Histories and Subjec@vity
So#ware Engineering for Embedded Systems
Seminar PES SS2015 7
Security in Cyber-‐Physical Systems
joachim.fellmuth@tu-‐berlin.de
So#ware Engineering for Embedded Systems
Seminar PES SS2015 8
Security in CPS
n Cyber-‐physical systems (CPS) have a number of specific proper@es which are relevant in terms of security
n Examples are complexity, @ming, limited resources, higher availability requirements
n Modeling of security has to be adjusted for CPS n Defense techniques such as Intrusion Detec@on have to be specialized for new types of amacks
So#ware Engineering for Embedded Systems
Seminar PES SS2015 9
Topics
n Burmester, Magkos, Chrissikopoulos -‐ Modeling security in cyber-‐physical systems
n X – Zimmer, Bhat, Mueller, Mohan -‐ Time-‐based Intrusion Detec@on in Cyber-‐physical Systems
So#ware Engineering for Embedded Systems
Seminar PES SS2015 10
CorMoranT
[email protected]@tu-‐berlin.de
So#ware Engineering for Embedded Systems
Seminar PES SS2015 11
CorMoranT Overview
Goal Automated verifica@on of refactorings of hybrid Simulink models
𝑑/𝑑𝑡 𝑦(𝑡)=−𝑦(𝑡) 𝑦(𝑡)=exp(−𝑡) Mo@va@on n Simulink de facto standard for
Model Driven Engineering in Automo@ve, Aerospace etc.
n Verifica@on esp. in safety-‐cri@cal environments n Refactorings improve structure, preserve behaviour
Example
So#ware Engineering for Embedded Systems
Seminar PES SS2015 12
Topics
n Rajeev Alur, Thomas Henzinger, Gerardo Lafferriere, George Pappas, Discrete Abstrac,ons of Hybrid Systems, Proceedings of the IEEE, 2000
n X – Frank Cassez, Thomas Henzinger, Jean-‐Francois Raskin, A Comparison of Control Problems for Timed and Hybrid Systems, 2002
n X – Antoine Girard, A. Agung Julius, George Pappas, Approximate Simula,on Rela,ons for Hybrid Systems, Discrete Event Dynamic Systems, 2008
So#ware Engineering for Embedded Systems
Seminar PES SS2015 13
Reliable Embedded System design based on Co-‐verifica@on in a Unified
Environment (RESCUE)
lydia.ma<ck@tu-‐berlin.de
So#ware Engineering for Embedded Systems
Seminar PES SS2015 14
HW/SW Co-Verification
§ HW/SW co-‐design § Integrated design of hardware and soUware components
of embedded systems § Enables co-‐verifica@on
§ HW/SW co-‐verificaQon § Combines verifica@on techniques from the hardware and
soUware world § Has to cope with various models of computa@on
[ Goal: Comprehensive and systema@c verifica@on of
hardware, soUware and their interplay
So#ware Engineering for Embedded Systems
Seminar PES SS2015 15
Compositional Verification
§ Major problem in embedded systems verifica@on: Scalability
§ Combine verificaQon tools § Exploit strengths and weaknesses § Specialized for specific areas
§ QuesQons: § How to decompose the system? § How to decompose proper@es?
So#ware Engineering for Embedded Systems
Seminar PES SS2015 16
HW/SW Co-Design
• SystemC: HW/SW co-‐design language • Intermediate representaQon for SystemC
designs (SysCIR) • Transforma@on into input language of
verificaQon tools (UPAAL, BLAST, UCLID)
Ø Problem: Scalability Ø Each tool cannot cope with en@re system
Ø Solu@on: ParQQoning/abstracQon
So#ware Engineering for Embedded Systems
Seminar PES SS2015 17
Slicing/Abstraction
• Decompose the design by slicing • Create sub-‐models on various levels of abstrac@on • Use specialized verifica@on tool to check properies
So#ware Engineering for Embedded Systems
Seminar PES SS2015 18
Topics
• X – Deian Tabakov, Moshe Y. Vardi, Gila Kamhi, Eli Singerman, A Temporal Language for SystemC, FMCAD 2007
• Cynthia Sturton, Rohit Sinha, Thurston H.Y. Dang, Sakshi Jain, Michael McCoyd, Symbolic So#ware Model ValidaQon, MEMOCODE 2013
• X – Dirk Beyer, Thomas A. Henzinger, M. Erkan Keremoglu, Philipp Wendler, CondiQonal Model Checking: A Technique to Pass InformaQon between Verifiers, FSE 2012
So#ware Engineering for Embedded Systems
Seminar PES SS2015 19
Abstrac@on-‐Based Modular Verifica@on of Self-‐adap@ve Systems
verena.kloes@tu-‐berlin.de
So#ware Engineering for Embedded Systems
Seminar PES SS2015 20
AbstracQon-‐Based Modular VerificaQon of Self-‐AdapQve Systems
n self-‐adap@ve HW/SW co-‐designs (SystemC) n Adapta@on based on rules and learning techniques n verifica@on with model checking n scalability: use abstrac@ons, modular verifica@on
So#ware Engineering for Embedded Systems
Seminar PES SS2015 21
Framework
So#ware Engineering for Embedded Systems
Seminar PES SS2015 22
AbstracQon-‐Based Modular VerificaQon of Self-‐AdapQve Systems
n learning on abstract models n generate new rules
n scalability Ø split verifica@on tasks Ø slicing/ abstrac@on
So#ware Engineering for Embedded Systems
Seminar PES SS2015 23
Topics
n Learning n Op@mal Planning for Architecture-‐Based Self-‐Adapta@on Via Model Checking of Stochas@c Games
n Incremental Quan@ta@ve Verifica@on for Markov Decision Processes
n Scalability n Refinement Checking for Timed Automata
So#ware Engineering for Embedded Systems
Seminar PES SS2015 24
CISMo
marcus.mikulcak@tu-‐berlin.de
So#ware Engineering for Embedded Systems
Seminar PES SS2015 25
Projekt CISMo
Change Impact Analyses for So#ware Models n model-‐based development of soUware components in the automo@ve sector
n Transfer of classic soUware development methods to model-‐based domain (MATLAB/Simulink) n Change detec@on and impact calcula@on n Iden@fica@on of security leaks
n Goal: Development of formal analysis methods for MATLAB/Simulink
So#ware Engineering for Embedded Systems
Seminar PES SS2015 26
Change Impact Analyses
Change Impact Analyses in Model-‐Based Development n Impact analysis is concerned with the iden@fica@on of
consequences of changes in soUware to ensure quality and maintainability
n Studied extensively for text-‐based programming languages, but model-‐based development poses different, as of yet unsolved challenges n Iden@fica@on of changes between models and model revisions n impact due to higher abstrac@on level of models
So#ware Engineering for Embedded Systems
Seminar PES SS2015 27
InformaQon Flow in Java
Topic 1: Handling Clone Muta(ons in MATLAB/Simulink
n automo@ve soUware models can contain up to 60.000 blocks
n possibility to reuse model parts through libraries n however, oUen slight changes in reusable code required
n in maintenance and analysis, necessary to manage clones and their changes (muta@ons)
So#ware Engineering for Embedded Systems
Seminar PES SS2015 28
InformaQon Flow in Java
X – Topic 2: MATLAB/Simulink Test Case Genera(on Using Extended Finite Automata
n For tests of safety-‐cri@cal soUware, extensive test cases are most important
n Guessing is not an op@on -‐> formal technique to find test cases to cover paths
n Transla@on into finite automaton, then model checking to find necessary input combina@ons and sequences
So#ware Engineering for Embedded Systems
Seminar PES SS2015 29
Available subjects n Handling Clone Muta@ons in MATLAB/Simulink n X – MATLAB/Simulink Test Case Genera@on Using Extended
Finite Automata
Contact
Marcus Mikulcak, marcus.mikulcak@tu-‐berlin.de