roberto bruttomesso intrepid an smt based model checker
play

Roberto Bruttomesso Intrepid: an SMT-based Model Checker for Control - PowerPoint PPT Presentation

Dec 18, 2023 •446 likes •853 views

Roberto Bruttomesso Intrepid: an SMT-based Model Checker for Control Engineering and Industrial Automation SMT 2019 Control Engineering 2 Control Engineering Sensor Physical Controller System Motor 3 Avionics & Automotive - Strict

  1. Roberto Bruttomesso Intrepid: an SMT-based Model Checker for Control Engineering and Industrial Automation SMT 2019

  2. Control Engineering 2

  3. Control Engineering Sensor Physical Controller System Motor 3

  4. Avionics & Automotive - Strict software development process, encoded in standards (e.g., DO-178C) - Requirement-centric process - Derive software from reqs. - Provide tests to witness that requirements are met 4

  5. Avionics & Automotive 5

  6. Avionics & Automotive Lustre Checker ATG 6

  7. Industrial Automation 7

  8. Industrial Automation Sensor PLC Motor 8

  9. Industrial Automation - IEC-61131 defines 5 programming languages for PLCs - Two textual (ST, IL) - Two graphical (FBD, LD) - A “mixed” (SFC) 9

  10. Industrial Automation STUXNET 10

  11. Control Engineering Languages IEC 61131-3 Intrepid Lustre 11

  12. Control Engineering Languages - Types - Booleans - Signed Integers (SINT, INT, …) - Unsigned Integers (USINT, UINT, …) - Floats (REAL, LREAL) - Semantics of the above: - Fixed-width - Discrete evolution of memory values 12

  13. Intrepid intro 13

  14. Intrepid’s guiding principles -Fast simulation -Bit-precise -Scriptable -Parsing real-world languages 14

  15. Intrepid: a model-checking library -Backend: C++ engine (intrepid) - State representation (SMT formulas in Z3) - State exploration (Satisf. and QE calls to Z3) - Exposes a C API -Python API (intrepyd) -Wraps the C API, and provides OO Python API -Retains efficiency, but provides flexibility and fun 15

  16. Intrepid’s input language -There is no input language: you write benchmarks directly in Python example2.py example1.py 16

  17. Intrepid’s input language Some advantages - Functions and classes come for free - Benchmarks are programs - Can natively import them (even “on-the-fly”) - Autocompletion - I don’t have to maintain a parser 17

  18. Intrepid’s Simulator - Linear-time in size of circuit - Fills out values of a “trace” object - Values for inputs can be specified for specific time- stamps, otherwise they are defaulted to false/0 - Traces can be converted into pandas dataframes - Counter-examples are traces, so they can be readily re- simulated to check their validity 18

  19. Intrepid’s Engines - BMC - Finds counterexamples for some targets, at some depth - Optimizing BMC - Find counterexamples that satisfies the highest number of targets - Backward Reachability - Finds counterexamples and proves targets unreachable 19

  20. Intrepid’s Engines - Multi-target engines - Target: a Boolean signal that we want to reach - Watch: values that we want to see in trace 20

  21. Intrepid’s Engines Add targets to the engine Increase depth no All yes no remaining Reach targets Can prove? targets targets > 0 unreachable yes targets = 0 Removed last done reached targets 21

  22. An example application: ATG 22

  23. ATG: compute MC/DC - MC/DC is a testing criterion defined in DO-178C, for critical software - Decision: a sub-circuit with a Boolean output - Condition: a Boolean net in the decision that needs to be observed - Task: given a decision D, for each condition C find two tests T1, T2 such that - C has value true in T1 - C has value false in T2 - D evaluates differently in T1 and T2 23

  24. ATG: compute MC/DC - Each row is a test - Tests 0 and 1 show MC/DC for A A B C O 0 T T F T 1 F T F F 2 T F F F 3 F F T T 4 F F F F 24

  25. ATG: compute MC/DC -To come up with suitable tests (the table) is easy -… but, the less tests are produced, the better - Tests are to be written down on tables and reviewed by the FAA (no kidding) -It is not so easy, it is an optimization problem -Also, not merely combinational, sequential part plays a role too -Need for an optimizing-BMC 25

  26. ATG: compute MC/DC Create a target per Remove unreachable each MC/DC test pair targets with BR Add targets to the BMC-opt engine Increase depth Just 300 Python LOC no Reach targets targets > 0 yes Remove last targets = 0 reached targets, done Save test 26

  27. Parsers for real-world industrial languages 27

  28. Control Engineering Languages IEC 61131-3 Lustre 28

  29. Lustre to Python -Parser written in Python using ANTLR -Takes Lustre, dumps Intrepyd’s Python API -benchmark.lus => benchmark.py -Good collection of benchmarks (Kind2), thanks for the effort of collecting them 29

  30. Simulink/Stateflow to Python -Simulink to Python: initial translation implemented FAILURE on top of ConQAT Java libraries -Very fast but -A pain to implement in detail and to maintain -Need to infer data types -Stateflow to Python: a real nightmare -No available specification of the language! -Need to guess behavior via simulation 30

  31. Simulink/Stateflow to IEC-61131 ST to Python - Matlab provides a toolkit called Simulink PLC Coder that generates IEC-61131 ST - Two birds with one stone: - We can indirectly handle Simulink/Stateflow - We can set foot in the Industrial Automation world - No need to parse the “whole” ST language, but only a subset (i.e., no loops) - Parser implemented again with ANTLR in Python 31

  32. Simulink/Stateflow to IEC-61131 ST 32

  33. Experiments 33

  34. Intrepid vs Luke on Invalid benchmarks - Basically two different implementation of BMC - Solved by Intrepid: 341 in 589 s - Solved by Luke: 342 in 3219 s - https://plot.ly/create/?fid=robertobrutt omesso:30#/ 34

  35. Intrepid vs Luke on Valid benchmarks - Basically TI vs Backward Reach - Solved by Intrepid: 182 in 3242 s - Solved by Luke: 137 in 335 s - https://plot.ly/create/?fid=robertobrutt omesso:32#/ 35

  36. Intrepid vs Luke on Valid benchmarks - Solved by Intrepid overall: 523 in 3831 s - Solved by Luke overall: 479 in 3557 s - https://plot.ly/create/?fid=r obertobruttomesso:36#/ 36

  37. Preliminary experiments: GPCA Simulink/Stateflow -Benchmark from the CocoSim suite (https://coco- team.github.io/cocosim/) -Simulink/Stateflow model of an infusion pump -Translated into IEC-61131 ST with Matlab and then into Python with our frontend (takes a few seconds) -Out of 8 properties, 4 can be solved in about 50 seconds (14 seconds for parsing) 37

  38. Conclusion 38

  39. How to get intrepid - Intrepid is open-source, BSD-3 licensed - Works on Windows and Linux “officially” - repo = https://github.com/formalmethods - Backend: repo/intrepid - Python API: repo/intrepyd -pip install intrepyd - Blog: https://formalmethods.github.io 39

  40. Thank You www.nozominetworks.com

Recommend

Implementation of a Coalgebraic Model Checker Aaron Strahlberger 16.07.2019 Parity Game based

Implementation of a Coalgebraic Model Checker Aaron Strahlberger 16.07.2019 Parity Game based

Implementation of a Coalgebraic Model Checker Aaron Strahlberger 16.07.2019 Parity Game based Model Checker Game-Based Local Model Checking for the Coalgebraic -Calculus by Daniel Hausmann and Lutz Schrder [1] (CONCUR 2019)

474 views • 31 slides
Intrepid Capital Management May 31 st , 2015 Our Firm Intrepid Capital offers investors a truly

Intrepid Capital Management May 31 st , 2015 Our Firm Intrepid Capital offers investors a truly

Intrepid Capital Management May 31 st , 2015 Our Firm Intrepid Capital offers investors a truly Global Access across Developed, Emerging and Frontier Markets. It is a Cayman-Island Based independent financial services firm established in 2012.

405 views • 17 slides
The UPPAAL Model Checker The UPPAAL Model Checker Julin Proenza Systems, Robotics and Vision

The UPPAAL Model Checker The UPPAAL Model Checker Julin Proenza Systems, Robotics and Vision

The UPPAAL Model Checker The UPPAAL Model Checker Julin Proenza Systems, Robotics and Vision Group. UIB. SPAIN Julin Proenza. UIB. Oct 2008 The aim of this presentation Introduce the basic concepts of model checking from a practical

804 views • 68 slides
Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July -

Lecture 3: Model-checker NuSMV B. Srivathsan Chennai Mathematical Institute NPTEL-course July - November 2015 1 / 31 Model-checker Specify the model of the system Specify the requirements Model-checker will automatically check if system

1.72k views • 112 slides
SMT-Based Weighted Model Integration Roberto Sebastiani 1 joint work with Paolo Morettin 1 ,

SMT-Based Weighted Model Integration Roberto Sebastiani 1 joint work with Paolo Morettin 1 ,

SMT-Based Weighted Model Integration Roberto Sebastiani 1 joint work with Paolo Morettin 1 , Andrea Passerini 1 with contributions by Samuel Kolb 2 , Luc De Raedt 2 , Francesco Sommavilla 1 , Pedro Zuidberg 2 1 University of Trento, Italy 2 KU

1.13k views • 74 slides
Vhdl Bounded Model Checker (VBMC): A Formal Verification Tool for VHDL Designs Ajith John, A. K.

Vhdl Bounded Model Checker (VBMC): A Formal Verification Tool for VHDL Designs Ajith John, A. K.

Vhdl Bounded Model Checker (VBMC): A Formal Verification Tool for VHDL Designs Ajith John, A. K. Bhattacharjee RCnD, BARC Supratik Chakraborty, CFDVS, IIT Bombay Introduction Design of modern computer based systems involves partitioning of

710 views • 58 slides
Verification of a Dynamic Channel Model using the SPIN Model Checker Rune M. Friborg and Brian

Verification of a Dynamic Channel Model using the SPIN Model Checker Rune M. Friborg and Brian

Verification of a Dynamic Channel Model using the SPIN Model Checker Rune M. Friborg and Brian Vinter eScience center, University of Copenhagen Dias 1 Introduction to PyCSP 2007 - PyCSP is presented. The synchronization model for channel

574 views • 20 slides
A Model Checker Collection for the Model Checking Contest @ Petri Nets Didier Buchs Stefan

A Model Checker Collection for the Model Checking Contest @ Petri Nets Didier Buchs Stefan

A Model Checker Collection for the Model Checking Contest @ Petri Nets Didier Buchs Stefan Klikovits Alban Linard Romain Mencattini Dimitri Racordon 28 June 2018 1/11 1/11 Examination Result GreatSPN ITSTools LoLA LTSMin Marcie

613 views • 20 slides
Formal Model Based Safety Assessment Marco Bozzano, Roberto Cavada, Alessandro Cimatti, Cristian

Formal Model Based Safety Assessment Marco Bozzano, Roberto Cavada, Alessandro Cimatti, Cristian

NuSMV3: a framework for Formal Model Based Safety Assessment Marco Bozzano, Roberto Cavada, Alessandro Cimatti, Cristian Mattarei Fondazione Bruno Kessler, Trento (Italy) Roadmap Formal Model Based Safety Assessment Formal Safety

497 views • 37 slides
Schedulability Analysis of Timed CSP Models Using the PAT Model Checker O uzcan O UZ Jan

Schedulability Analysis of Timed CSP Models Using the PAT Model Checker O uzcan O UZ Jan

Schedulability Analysis of Timed CSP Models Using the PAT Model Checker O uzcan O UZ Jan F. BROENINK Angelika MADER Robotics and Mechatronics, University of Twente, The Netherlands Contents Problem Statement & Approach

516 views • 24 slides
The Low-Level Bounded Model Checker LLBMC A Precise Memory Model for LLBMC Florian Merz | October

The Low-Level Bounded Model Checker LLBMC A Precise Memory Model for LLBMC Florian Merz | October

The Low-Level Bounded Model Checker LLBMC A Precise Memory Model for LLBMC Florian Merz | October 7, 2010 Carsten Sinz Stephan Falke V ERIFICATION MEETS A LGORITHM E NGINEERING www.kit.edu KIT University of the State of Baden-Wuerttemberg

415 views • 19 slides
Can a Model Checker Generate Tests for Non-Deterministic Systems? Sergiy Boroday, Alexandre

Can a Model Checker Generate Tests for Non-Deterministic Systems? Sergiy Boroday, Alexandre

Can a Model Checker Generate Tests for Non-Deterministic Systems? Sergiy Boroday, Alexandre Petrenko CRIM, Montreal, Canada Roland Groz INPG, France MBT 2007 Outline Motivation Weak and Strong Tests Test Generation Model

802 views • 22 slides
The Software Model Checker BLAST: Applications to Software Engineering Dirk Beyer, Thomas A.

The Software Model Checker BLAST: Applications to Software Engineering Dirk Beyer, Thomas A.

The Software Model Checker BLAST: Applications to Software Engineering Dirk Beyer, Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar Int. Journal on Software Tools for Technology Transfer, 2007 Stefan Buchholz March 17, 2009 1 Model

456 views • 12 slides
Towards a model-checker for counter systems S. Demri 1 A. Finkel 1 V. Goranko 2 G. van Drimmelen 2

Towards a model-checker for counter systems S. Demri 1 A. Finkel 1 V. Goranko 2 G. van Drimmelen 2

Towards a model-checker for counter systems S. Demri 1 A. Finkel 1 V. Goranko 2 G. van Drimmelen 2 1 LSV, CNRS & ENS Cachan & INRIA Futurs 2 University of Witwatersrand, Johannesburg ATVA, October 2006, Beijing Motivations Presburger

679 views • 37 slides
Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker

Concurrency in Go Behavioural type inference Model checking behavioural types Termination checking Summary Static verification framework for Go Overview 2 Model checking Behavioural mCRL2 model checker Types Transform Check safety and

681 views • 67 slides
A Tutorial on Model Checker SPIN Instructor: Hao Zheng Department of Computer Science and

A Tutorial on Model Checker SPIN Instructor: Hao Zheng Department of Computer Science and

A Tutorial on Model Checker SPIN Instructor: Hao Zheng Department of Computer Science and Engineering University of South Florida Tampa, FL 33620 Email: haozheng@usf.edu Phone: (813)974-4757 Fax: (813)974-5456 1 Overview of Concurrent

1.5k views • 68 slides
A Storm is Coming! A New Probabilistic Model Checker Joost-Pieter Katoen IFIP WG 1.8 Open

A Storm is Coming! A New Probabilistic Model Checker Joost-Pieter Katoen IFIP WG 1.8 Open

A Storm is Coming! A New Probabilistic Model Checker Joost-Pieter Katoen IFIP WG 1.8 Open Problems in Concurrency Theory, June 26, 2017 joint with: Christian Dehnert, Sebastian Junges and Matthias Volk Probabilistic Model Checking Theory in

468 views • 28 slides
The CBMC bounded model checker for C Paul Jackson School of Informatics University of Edinburgh

The CBMC bounded model checker for C Paul Jackson School of Informatics University of Edinburgh

The CBMC bounded model checker for C Paul Jackson School of Informatics University of Edinburgh Formal Verification Spring 2017 Sources CBMC: Bounded Model Checking for ANSI-C Introductory slides on CBMC from CProver website. V1.0, 2010.

500 views • 5 slides
A Prototype Embedding of Bluespec SystemVerilog in the SAL Model Checker Dominic Richards and

A Prototype Embedding of Bluespec SystemVerilog in the SAL Model Checker Dominic Richards and

A Prototype Embedding of Bluespec SystemVerilog in the SAL Model Checker Dominic Richards and David Lester Advanced Processor Technologies Group The University of Manchester Introduction Bluespec SystemVerilog (BSV) is a language for high

856 views • 29 slides
Benchmarking a Model Checker for Algorithmic Improvements and Tuning for Performance G. Cabodi

Benchmarking a Model Checker for Algorithmic Improvements and Tuning for Performance G. Cabodi

Benchmarking a Model Checker for Algorithmic Improvements and Tuning for Performance G. Cabodi S.Nocco S.Quer Politecnico di Torino Torino, Italy Gianpiero Cabodi - HWVW2010 1 Outline The PdTRAV tool Motivations &

450 views • 26 slides
Financial crises and systemic bank runs in a dynamic model of banking Roberto Robatto, University

Financial crises and systemic bank runs in a dynamic model of banking Roberto Robatto, University

Introduction Model Monetary policy Conclusions Financial crises and systemic bank runs in a dynamic model of banking Roberto Robatto, University of Chicago MFM and Macroeconomic Fragility Conference October 16, 2013 Roberto Robatto,

607 views • 17 slides
Implementing and Evaluating a Model Checker for TM Systems Woongki Baek, Nathan Bronson,

Implementing and Evaluating a Model Checker for TM Systems Woongki Baek, Nathan Bronson,

Implementing and Evaluating a Model Checker for TM Systems Woongki Baek, Nathan Bronson, Christos Kozyrakis, Kunle Olukotun wkbaek@stanford.edu Stanford University Introduction Transactional Memory (TM) simplifies parallel programming

357 views • 22 slides
Nuspell: version 3 of the new spell checker FOSS spell checker implemented in C++17 with aid of

Nuspell: version 3 of the new spell checker FOSS spell checker implemented in C++17 with aid of

Nuspell: version 3 of the new spell checker FOSS spell checker implemented in C++17 with aid of Mozilla Sander van Geloven FOSDEM, Brussels February 1, 2020 . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

611 views • 39 slides
Towards a Software Model Checker for ML Naoki Kobayashi Tohoku University Joint work with:

Towards a Software Model Checker for ML Naoki Kobayashi Tohoku University Joint work with:

Towards a Software Model Checker for ML Naoki Kobayashi Tohoku University Joint work with: Ryosuke Sato and Hiroshi Unno (Tohoku University) in collaboration with Luke Ong (Oxford), Naoshi Tabuchi and Takeshi Tsukada (Tohoku) This Talk

786 views • 66 slides

More recommend