opportunities for industrial applications of formal
play

Opportunities for Industrial Applications of Formal Methods John - PowerPoint PPT Presentation

Mar 06, 2024 •288 likes •740 views

Opportunities for Industrial Applications of Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I CAL Inauguration Seminar: 1 Formal Methods These are ways for exploring properties

  1. Opportunities for Industrial Applications of Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I CAL Inauguration Seminar: 1

  2. Formal Methods • These are ways for exploring properties of computational systems for all possible executions • As opposed to testing or simulation ◦ These just sample the space of executions • Formal methods use symbolic methods of calculation, e.g., ◦ Abstract interpretation ◦ Model checking ◦ Theorem proving • Cf. x 2 − y 2 = ( x − y )( x + y ) vs. 5*5-3*3 = (5-3)*(5+3) John Rushby, SR I CAL Inauguration Seminar: 2

  3. Practical Formal Methods • Symbolic calculations have high computational complexity ◦ NP Hard or worse, often superexponential, sometimes undecidable • So to make them practical we have to compromise ◦ Accept some wrong answers ⋆ Incompleteness (false alarms) ⋆ Unsoundness (undetected bugs) ◦ Consider only very simple properties (not full correctness) ◦ Focus on models of the software, not the actual code ◦ Use human guidance • Let’s look at some of these John Rushby, SR I CAL Inauguration Seminar: 3

  4. Bug Finding by Static Analysis • Many commercial tools are available for this ◦ E.g., Coverity, KlocWork, CodeSonar, . . . FindBugs, . . . Lint ◦ These work on C, C++, Java • Most are tuned to reduce the number of false alarms • Even at the cost of missing some real bugs (i.e., unsound) • Because the main market is in bug finding John Rushby, SR I CAL Inauguration Seminar: 4

  5. Example: Bug Finding by Static Analysis unsigned int X, Y; int x, y, z; while (1) { y = 1; while (1) { /* ... */ if (x > 0) { B = (X == 0); /* ... */ y = y+x if (B) { } else { Y = 1 / X y = y-x } ; } /* ... */ z = 1 / y } ; } A simple static analyzer will find the bug on the left, but will probably give a false alarm for the correct program on the right • Or else fail to find the bug when y is initialized to 0 John Rushby, SR I CAL Inauguration Seminar: 5

  6. Verification by Static Analysis • Some tools are tuned the other way • Mostly for safety-critical applications • Guarantee to find all bugs in a certain class (i.e., sound) • Possibly at the cost of false alarms • For example Spark Examiner: guarantee absence of runtime errors (e.g., divide by zero) in Ada Astr´ ee guarantee no over/underflow or loss of precision in floating point calculations (in C generated from SCADE) John Rushby, SR I CAL Inauguration Seminar: 6

  7. Example: Verification by Static Analysis We abstract integers by their signs x, y in { neg, zero, pos } int x, y, z; y = 1; y is pos while (1) { if (x > 0) { y ← pos ⊕ pos; i.e., pos y = y+x x is pos; } else { x ∈ { zero, neg } ; y ← pos ⊖ { zero, neg } , y = y-x } i.e., pos z = 1 / y division is ok } This is an example of data abstraction; other methods include predicate abstraction, and abstract interpretation John Rushby, SR I CAL Inauguration Seminar: 7

  8. Model Checking • Most static analyzers consider only simple properties ◦ Often the properties are built-in and fixed ◦ E.g., range of values each variable may take • Model checking is more versatile • User can specify property • There are model checkers for C and Java • But most work on more abstract models of software (typically state machines) • We’ll do an example John Rushby, SR I CAL Inauguration Seminar: 8

  9. Car Door Locking Example • Highly simplified from an example by Philipps and Scholz • Controller for door locks ◦ To keep it simple, we’ll have just one door • The lock can be in one of four states: locking, unlocking, locked, unlocked Starts in the unlocked state • At each time step it takes an input with one of three values open, close, idle And asserts a signal ready when it is locked or unlocked • The controller receives the ready signal from the lock, a crash signal from the airbag, and a command from the user open, close, idle • Safety requirement: ◦ Door is unlocked following open command, or crash John Rushby, SR I CAL Inauguration Seminar: 9

  10. Car Door Locking Example (ctd) • The lock is given, it behaves as follows ◦ When it receives a close input: ⋆ Does nothing if already locked ⋆ If it is unlocked , goes to the intermediate locking state ⋆ If it is locking , goes to locked ⋆ If it is unlocking , nondeterministically continues to unlocked , or reverses to locking ◦ Mutatis mutandis for open input ◦ See state machine on next page • Our task is to design the controller ◦ Lock may still be performing a previous action ◦ Only visibility into the lock’s state is the ready signal ◦ Which it sees with one cycle delay John Rushby, SR I CAL Inauguration Seminar: 10

  11. Lock and Controller Lock (given) Controller (designed) Inputs output unlocked locking crash open close open open close close open idle & ready idle unlocking locked else repeat last Output ready in green states John Rushby, SR I CAL Inauguration Seminar: 11

  12. Model Checking the Car Door Locking Example • Typically, we would specify this in a statecharts-like graphical formalism (e.g., StateFlow) • But I will use the textual input to the SAL model checkers so we can see more of what is going on • It’s fairly easy to build translators and GUIs from engineering notations to the raw notation of a model checker John Rushby, SR I CAL Inauguration Seminar: 12

  13. The Car Door Locking Example: Model Checker Input Ideally, use an integrated front end; here we look at raw model-checker input Integrated front−end development environment Ideally AADL, UML2, Matlab TOPCASED, SSIV etc. Evidential Tool Bus (ETB) This example SAL PVS Yices John Rushby, SR I CAL Inauguration Seminar: 13

  14. Beginning of the lock Module in SAL lock: MODULE = BEGIN INPUT action: lockaction OUTPUT ready: BOOLEAN LOCAL state: lockstate INITIALIZATION state = unlocked DEFINITION ready = (state = locked OR state = unlocked); TRANSITION [ locking: action = close AND state = unlocked --> state’ = locking; [] reverse_unlocking: action = close AND state = unlocking --> state’ IN { s: lockstate | s = locking OR s = unlocked } John Rushby, SR I CAL Inauguration Seminar: 14

  15. Rest of the lock Module in SAL [] lock: state = locking --> state’ = locked; [] unlocking: action = open AND state = locked --> state’ = unlocking; [] reverse_locking: action = open AND state = locking --> state’ IN { s: lockstate | s = unlocking OR s = locked } [] unlock: state = unlocking --> state’ = unlocked; [] ELSE --> ] END; John Rushby, SR I CAL Inauguration Seminar: 15

  16. Beginning of the controller Module in SAL controller: MODULE = BEGIN INPUT user: lockaction, ready: BOOLEAN, crash: BOOLEAN OUTPUT action: lockaction INITIALIZATION action = idle; John Rushby, SR I CAL Inauguration Seminar: 16

  17. Rest of the controller Module in SAL TRANSITION [ crash: crash --> action’ = open; [] open: user = open --> action’ = open; [] close: user = close --> action’ = close; [] return_to_idle: user = idle AND ready --> action’ = idle; [] ELSE --> ] END; John Rushby, SR I CAL Inauguration Seminar: 17

  18. Specifying The System and a Property • The system is the synchronous composition of the two modules system: MODULE = lock || controller; • Inputs and outputs with matching names (i.e., lockaction and ready ) are automatically “wired up” • Now we’ll check a property: whenever the user gives an open input, then the state will eventually be unlocked ◦ We need to be careful that the user doesn’t immediately cancel the open with a close ◦ So we’ll require that there are no close inputs following the open • We could have GUI for specifying properties, but here we’ll use Linear Temporal Logic (LTL) which is the raw input to a model checker John Rushby, SR I CAL Inauguration Seminar: 18

  19. A Formal Analysis • We specify the property in LTL as follows: prop1: LEMMA system |- G(user=open AND X(G(user /= close)) => F(state=unlocked)); • In LTL, G means always, F means eventually, and X means next state ◦ These are sometimes written ✷ , ✸ , and ◦ , respectively • We put all the SAL text into a file door.sal • Then we can ask the SAL symbolic model checker to check the property prop1 : sal-smc -v 3 door prop1 • In a fraction of a second it says: proved • Unlike a simulation, this has considered all possible scenarios satisfying the hypothesis (e.g., whether lock is ready or not). John Rushby, SR I CAL Inauguration Seminar: 19

  20. More Analyses • We can check that the door eventually always stays unlocked prop1a: LEMMA system |- G(user = open AND X(G(user /= close)) => F(G(state = unlocked))); • And we can sharpen eventually to four steps prop1b: LEMMA system |- G(user=open AND X(G(user/=close)) => XXXX(G(state = unlocked))); ( XXXX is a macro for four applications of X ) • We can check that four is the minimum by trying three prop1c: LEMMA system |- G(user=open AND X(G(user/=close)) => XXX(state = unlocked)); • Sure enough, SAL says invalid John Rushby, SR I CAL Inauguration Seminar: 20

Recommend

Unlocking the Value in Applications Agenda Environment is Right for Industrial Wireless

Unlocking the Value in Applications Agenda Environment is Right for Industrial Wireless

Honeywell is Making Industrial Wireless Real Unlocking the Value in Applications Agenda Environment is Right for Industrial Wireless Exciting Opportunities/Benefits from Wireless Choosing a Wireless Solution Why Honeywell?

851 views • 38 slides
Unlocking the Value in Applications Agenda Environment is Right for Industrial Wireless

Unlocking the Value in Applications Agenda Environment is Right for Industrial Wireless

Honeywell is Making Industrial Wireless Real Unlocking the Value in Applications Agenda Environment is Right for Industrial Wireless Exciting Opportunities/Benefits from Wireless Choosing a Wireless Solution Why Honeywell?

763 views • 35 slides
Chapter Four: DFA Applications Formal Language, chapter 4, slide 1 1 We have seen how DFAs

Chapter Four: DFA Applications Formal Language, chapter 4, slide 1 1 We have seen how DFAs

Chapter Four: DFA Applications Formal Language, chapter 4, slide 1 1 We have seen how DFAs can be used to define formal languages. In addition to this formal use, DFAs have practical applications. DFA- based pieces of code lie at the

463 views • 20 slides
New Opportunities in Industrial Cooperation in Israel Th The indus e industrial cooperat trial

New Opportunities in Industrial Cooperation in Israel Th The indus e industrial cooperat trial

New Opportunities in Industrial Cooperation in Israel Th The indus e industrial cooperat trial cooperation ion re regu gulations lations Thre hreshold shold Valu alue 35%-50% of transaction value Initial transaction: $5m (20%

180 views • 13 slides
Real numbers in the real world Industrial applications of theorem proving John Harrison Intel

Real numbers in the real world Industrial applications of theorem proving John Harrison Intel

Real numbers in the real world Industrial applications of theorem proving John Harrison Intel Corporation 30th May 2006 0 Overview Famous computer arithmetic failures Formal verification and theorem proving Floating-point

627 views • 34 slides
B3: INDUSTRIAL LEASING VS STRATA OWNERSHIP OPPORTUNITIES MODERATOR:

B3: INDUSTRIAL LEASING VS STRATA OWNERSHIP OPPORTUNITIES MODERATOR:

B3: INDUSTRIAL LEASING VS STRATA OWNERSHIP OPPORTUNITIES MODERATOR: RON BAGAN, EXECUTIVE VICE PRESIDENT | VANCOUVER INDUSTRIAL, COLLIERS INTERNATIONAL

322 views • 10 slides
Parnas Tables: An Experience with Formal Verification in an Industrial Setting Bill Kelly OPGI

Parnas Tables: An Experience with Formal Verification in an Industrial Setting Bill Kelly OPGI

Parnas Tables: An Experience with Formal Verification in an Industrial Setting Bill Kelly OPGI ( retired) Parnas Tables An Experience with Formal Verification in an Industrial Setting This talk describes the use of a method of formal

427 views • 29 slides
Efficient IoT Framework for Industrial Applications Pablo Pual Pereira Industrial Electronics

Efficient IoT Framework for Industrial Applications Pablo Pual Pereira Industrial Electronics

DOCTORAL THESIS Efficient IoT Framework for Industrial Applications Pablo Pual Pereira Industrial Electronics Department of Computer Science, Electrical and Space Engineering Division of EISLAB Lule University of Technology, Lule,

453 views • 41 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
Deploying Machine Translation in an Industrial Setting: Challenges and Opportunities

Deploying Machine Translation in an Industrial Setting: Challenges and Opportunities

Deploying Machine Translation in an Industrial Setting: Challenges and Opportunities Opportunities Opportunity 1 On-line spending power 2020 - $16 trillion English only! ( Source: PracticalEcommerce ) Industry without borders 2020 -

379 views • 19 slides
Testing security of CPS with Formal Methods Application (in progress) to industrial protocols IoS

Testing security of CPS with Formal Methods Application (in progress) to industrial protocols IoS

Testing security of CPS with Formal Methods Application (in progress) to industrial protocols IoS & IoT Roland Groz, Jean-Luc Richier, Maxime Puys, Laurent Mounier Univ. Grenoble Alpes LIG/Vasco + Vrimag/PACSS Kobe Universit

1.02k views • 33 slides
Challenges & Opportunities for the Challenges & Opportunities for the Pharmaceutical

Challenges & Opportunities for the Challenges & Opportunities for the Pharmaceutical

Challenges & Opportunities for the Challenges & Opportunities for the Pharmaceutical Industry Dr Gino Martini FRPharmS EIPG President Why do I enjoy being an Industrial Pharmacist? Something happened here Sir Alexander Fleming & his

647 views • 46 slides
Empowering the Commercial & Industrial Customer: New Opportunities, New Technologies

Empowering the Commercial & Industrial Customer: New Opportunities, New Technologies

Empowering the Commercial & Industrial Customer: New Opportunities, New Technologies EURELECTRIC Annual Conference Berlin, June 1 st , 2015 Dr. Arndt Neuhaus CEO of RWE Deutschland and RWE Retail Fundamental changes towards a new energy

512 views • 10 slides
Industrial use of a safe and efficient formal method based software engineering process in

Industrial use of a safe and efficient formal method based software engineering process in

Industrial use of a safe and efficient formal method based software engineering process in avionics Presented by Jean Souyris Airbus Operations SAS Abderrahmane Brahmi*, Marie-Jo Carolus*, David Delmas*, Mohamed Habib Essoussi*, Pascal

547 views • 16 slides
ITW SYSTEMS: Optimal LED lighting solution for industrial and commercial applications About us

ITW SYSTEMS: Optimal LED lighting solution for industrial and commercial applications About us

ITW SYSTEMS: Optimal LED lighting solution for industrial and commercial applications About us IntelTech Worldwide (ITW) is a US-owned Ukraine-based manufacturer of energy efficient industrial Light Emitting Diode (LED) lighting

1.07k views • 19 slides
INDUSTRIAL PHOTOGRAMMETRY FOR APPLICATIONS IN AUTOMOTIVE AND AEROSPACE INDUSTRY 56th

INDUSTRIAL PHOTOGRAMMETRY FOR APPLICATIONS IN AUTOMOTIVE AND AEROSPACE INDUSTRY 56th

INDUSTRIAL PHOTOGRAMMETRY FOR APPLICATIONS IN AUTOMOTIVE AND AEROSPACE INDUSTRY 56th Photogrammetric Week 1 22/08/2017 INDUSTRIAL PHOTOGRAMMETRY FOR APPLICATIONS IN AUTOMOTIVE AND AEROSPACE INDUSTRY Werner Bsemann AICON 3D Systems GmbH

472 views • 46 slides
W50 New W50 Motors The WEG W50 motor line is a product designed for industrial applications

W50 New W50 Motors The WEG W50 motor line is a product designed for industrial applications

New WMO s Engineered Industrial Motors Platform W50 New W50 Motors The WEG W50 motor line is a product designed for industrial applications featuring high performance and reliable for the most severe operating conditions. Intensive

535 views • 10 slides
Formal Timing Analysis of Ethernet AVB for Industrial Automation 802.1Qav Meeting, Munich, Jan

Formal Timing Analysis of Ethernet AVB for Industrial Automation 802.1Qav Meeting, Munich, Jan

Formal Timing Analysis of Ethernet AVB for Industrial Automation 802.1Qav Meeting, Munich, Jan 16-20, 2012 Jonas Rox, Jonas Diemer, Rolf Ernst {rox|diemer}@ida.ing.tu-bs.de | January 16, 2012 Outline Introduction Formal Analysis Approach

836 views • 31 slides
Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS

Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin 2000 Andrew Butterfield c Formal Methods for Industrial Critical Systems at Trinity College, University of Dublin (FMICS 2003, Rros, June 7th 2003)

1.02k views • 16 slides
Formal Analysis of Correctness of a Strategy for the KRK Chess Endgame Fifth Workshop on Formal

Formal Analysis of Correctness of a Strategy for the KRK Chess Endgame Fifth Workshop on Formal

Formal Analysis of Correctness of a Strategy for the KRK Chess Endgame Fifth Workshop on Formal and Automated Theorem Proving and Applications. Belgrade, February 3-4, 2012. Marko Malikovi Mirko ubrilo Predrag Janii Faculty of Humanities

406 views • 27 slides
Solutions for industrial applications: Industries : Oil & Gas, Petrochemical, Mining,

Solutions for industrial applications: Industries : Oil & Gas, Petrochemical, Mining,

Solutions for industrial applications: Industries : Oil & Gas, Petrochemical, Mining, Steel, Chemical, Cement, Pulp & Paper, Food Environment: Decommissioning, Decontamination, Radiation detection Technical advice and

741 views • 16 slides
for Formal Verification of Industrial Circuit Designs John OLeary and Roope Kaivola, Intel Tom

for Formal Verification of Industrial Circuit Designs John OLeary and Roope Kaivola, Intel Tom

Relational STE and Theorem Proving for Formal Verification of Industrial Circuit Designs John OLeary and Roope Kaivola, Intel Tom Melham, Oxford CPU datapath verification at Intel Thousands of operations Integer, FP, SSE, AVX,

241 views • 23 slides
Great Lakes Greatness Great Lakes Greatness Largest collection of Opportunities and fresh

Great Lakes Greatness Great Lakes Greatness Largest collection of Opportunities and fresh

10/18/2011 Mary Ann Dickinson Thomas Pape Alliance for Water Efficiency SAVING INDUSTRIAL WATER IN SAVING INDUSTRIAL WATER IN THE GREAT LAKES: THE GREAT LAKES: Opportunities and Challenges Opportunities and Challenges Great Lakes Greatness

300 views • 10 slides
Outdoor-, Industrial-, Military Market Industrial & Harsh Environment (HE) Typical

Outdoor-, Industrial-, Military Market Industrial & Harsh Environment (HE) Typical

Outdoor-, Industrial-, Military Market Industrial & Harsh Environment (HE) Typical applications: 1. Antenna 2. Avionics/Space 3. Mining 4. Solar plant 5. Industry 6. Wind farm 2 CONFIDENTI 7. Oil/Gas 8. Container terminal 9.

358 views • 33 slides

More recommend