theorem proving and testing for autonomous systems
play

Theorem Proving and Testing for Autonomous Systems Kerstin Eder - PowerPoint PPT Presentation

Feb 21, 2024 •26 likes •476 views

Theorem Proving and Testing for Autonomous Systems Kerstin Eder University of Bristol and Bristol Robotics Laboratory Verification and Validation for Safety in Robots To develop techniques and methodologies that can be used to design

  1. Theorem Proving and Testing for Autonomous Systems Kerstin Eder University of Bristol and Bristol Robotics Laboratory

  2. Verification and Validation for Safety in Robots To develop techniques and methodologies that can be used to design autonomous intelligent systems that are verifiably trustworthy. 2

  3. Correctness from Specification to Implementation User Requirements Verification (OL) High-level Specification Translate Verification Optimizer (IL) Design and Analysis (Simulink) Implement Controller (SW/HW) e.g. C, C++, RTL (VHDL/Verilog) 3

  4. What can be done at the design level? D. Araiza Illan, K. Eder, A. Richards. Formal Verification of Control Systems’ Properties with Theorem Proving. International Conference on Control (CONTROL), pp. 244 – 249. IEEE, Jul 2014. http://dx.doi.org/10.1109/CONTROL.2014.6915147 D. Araiza Illan, K. Eder, A. Richards. Verification of Control Systems Implemented in Simulink with Assertion Checks and Theorem Proving: A Case Study . European Control Conference (ECC), pp. tbc. Jul 2015. http://arxiv.org/abs/1505.05699 4

  5. Simulink Diagrams in Control Systems Control systems design level Implementation level Code ! Simulating the control systems ! Analysis techniques from control systems theory (e.g., stability) ! Serve as requirements/specification ! For (automatic) code generation 5

  6. Verifying Stability Stability Matrix P > 0 (Lyapunov function) Matrix Equivalence P − (A − BK) T P(A − BK) > 0 V(k)-V(k-1) = x(k-1) T [(A − BK) T P(A − BK)-P] x(k-1) (Lyapunov's equation application) (Lyapunov function's difference) Capture control systems requirements Retain in code Add as assertions implementation

  7. Assertion-Based Verification 7

  8. Combining Verification Techniques Stability Matrix P > 0 (Lyapunov function) Matrix Equivalence P − (A − BK) T P(A − BK) > 0 V(k)-V(k-1) = x(k-1) T [(A − BK) T P(A − BK)-P] x(k-1) (Lyapunov's equation application) (Lyapunov function's difference) First order logic theory of the Simulink diagram Axiom: Bu = B * u ... … Automatic Test in simulation theorem proving Goal: vdiff == vdiff_an 8

  9. http://github.com/riveras/simulink D. Araiza Illan, K. Eder, A. Richards. Formal Verification of Control Systems’ Properties with Theorem Proving. International Conference on Control (CONTROL), pp. 244 – 249. IEEE, Jul 2014. http://dx.doi.org/10.1109/CONTROL.2014.6915147 D. Araiza Illan, K. Eder, A. Richards. Verification of Control Systems Implemented in Simulink with Assertion Checks and Theorem Proving: A Case Study . European Control Conference (ECC), pp. tbc. Jul 2015. 9 http://arxiv.org/abs/1505.05699

  10. Simulation-based testing Why and how? D. Araiza Illan, D. Western, A. Pipe, K. Eder. Coverage-Driven Verification - An approach to verify code for robots that directly interact with humans. (accepted for publication at HVC 2015) D. Araiza Illan, D. Western, A. Pipe, K. Eder. Model-Based, Coverage-Driven Verification and Validation of Code for Robots in Human-Robot Interactions. (under review for publication at ICRA 2016) 10

  11. System Complexity 11

  12. “Model checking works best for well defined models that are not too huge. Most of the world is thus not covered.” Yaron Kashai, 12 Fellow at the Systems and Verification R&D Division of Cadence

  13. 13

  14. Coverage-Driven Verification SUT 14

  15. Code Structure J. Boren and S. Cousins, “The SMACH High-Level Executive,” 15 IEEE Robotics & Automation Magazine, vol. 17, no. 4, pp. 18–20, 2010.

  16. Coverage-Driven Verification Response Test SUT 16

  17. Coverage-Driven Verification Response Test Test SUT Generator 17

  18. Test Generator ! Effective tests: - legal tests - meaningful events - interesting events - while exploring the system - typical vs extreme values ! Efficient tests: - minimal set of tests (regression) ! Strategies: - Pseudorandom (repeatability) - Constrained pseudorandom - Model-based to target specific scenarios 18

  19. Test Generator ! Effective tests: - legal tests - meaningful events - interesting events - while exploring the system - typical vs extreme values ! Efficient tests: - minimal set of tests (regression) ! Strategies: - Pseudorandom (repeatability) - Constrained pseudorandom - Model-based to target specific scenarios 19

  20. Test Generator ! Effective tests: - legal tests - meaningful events - interesting events - while exploring the system - typical vs extreme values ! Efficient tests: - minimal set of tests (regression) ! Strategies: - Pseudorandom (repeatability) - Constrained pseudorandom - Model-based to target specific scenarios 20

  21. Model-based Test Generation 21

  22. Model-based Test Generation 22

  23. Coverage-Driven Verification Checker Response Test Test SUT Generator 23

  24. Checker ! Requirements as assertions monitors: - if [precondition], check [postcondition] ! - “If the robot decides the human is not ready, then the robot never releases an object”. - Implemented as automata ! Continuous monitoring at runtime, self-checking – High-level requirements – Lower-level requirements depending on the simulation's detail (e.g., path planning, collision avoidance). assert {robot_3D_space != human_3D_space} ! 24

  25. Coverage-Driven Verification Checker Response Test Test SUT Generator 25

  26. Coverage-Driven Verification Checker Response Test Test SUT Generator Coverage Collector 26

  27. Coverage Collector ! Coverage models: - Code coverage from statement to MC/DC - e.g., using the 'coverage' modules in Python - Structural coverage - e.g., FSM coverage 27

  28. Coverage of 100 pseudornd Tests 28

  29. Coverage of 100 pseudornd Tests Coverage Hole 29

  30. Coverage of 160 MB Tests 30

  31. Functional Coverage ! Requirements coverage ! “Cross-product” coverage [ O Lachish, E Marcus, S Ur and A Ziv. Hole Analysis for Functional Coverage Data. Design Automation Conference (DAC), June 10-14, 2002, New Orleans, Louisiana, USA.] A cross-product coverage model is composed of the following parts: 1. A semantic description of the model (story) 2. A list of the attributes mentioned in the story 3. A set of all the possible values for each attribute (the attribute value domains ) 4. A list of restrictions on the legal combinations in the cross-product of attribute values A functional coverage space is defined as the Cartesian product over the attribute value domains. 31

  32. Cross-Product Models in e Verification struct instruction { ! Languages , opcode: [NOP, ADD, SUB, AND, XOR]; ! such as e, operand1 : byte; ! support cross-product event stimulus; ! coverage models cover stimulus is { ! natively. item opcode; ! item operand1; ! (ADD, 00000000) ! cross opcode, operand1 ! (ADD, 00000001) ! using ignore = (opcode == NOP); ! (ADD, 00000010) ! }; ! (ADD, 00000011) ! }; ! … ! (XOR, 11111110) ! (XOR, 11111111) !

  33. Situation Coverage

  34. Coverage-Driven Verification Coverage analysis enables feedback to test generation Checker Response Test Test SUT Generator Coverage Collector 34

  35. Coverage-Driven Verification Coverage analysis enables feedback to test generation Checker Response Test Test SUT Generator Coverage Collector 35

  36. Stimulating the SUT Driver Checker Response Test Test SUT Generator Coverage Collector 36

  37. Stimulating the SUT Driver Checker Response Test Stimulus Test SUT Generator Coverage Collector 37

  38. Driver ! Environmental components (models) interacting with the system's control software ! Examples: humans, actuators (Gazebo), communication signals, sensors 38

  39. 39

  40. CDV for Human-Robot Interaction D. Araiza Illan, D. Western, A. Pipe, K. Eder. Model-Based, Coverage-Driven Verification and Validation of Code for Robots in Human-Robot Interactions. (under review for publication at ICRA 2016)

  41. Coverage-Directed Verification ! systematic, goal directed simulation-based V&V ! capable of exploring systems of realistic detail under a broad range of environment conditions ! focus on test generation and coverage ! constraining test generation requires significant engineering skill and SUT knowledge ! model-based test generation allows targeting requirements and cross-product coverage more effectively than pseudorandom test generation

  42. http://github.com/robosafe/testbench D. Araiza Illan, D. Western, A. Pipe, K. Eder. Coverage-Driven Verification - An approach to verify code for robots that directly interact with humans. (accepted for publication at HVC 2015) D. Araiza Illan, D. Western, A. Pipe, K. Eder. Model-Based, Coverage-Driven Verification and Validation of Code for Robots in Human-Robot Interactions. (under review for publication at ICRA 2016) 42

  43. Summary ! No single technique is adequate for an entire design/system in practice. ! Verification techniques can be combined. ! Learn from areas where verification techniques are mature. ! We need to design for verification. 43

  44. Thank you Any questions? Kerstin.Eder@bristol.ac.uk Special thanks to Dejanira Araiza Illan, David Western, Arthur Richards, Jonathan Lawry, Trevor Martin, Piotr Trojanek, Yoav Hollander, Yaron Kashai, Mike Bartley, Tony Pipe and Chris Melhuish for their hard work, collaboration, inspiration and the many productive discussions we have had.

Recommend

On Theorem Proving for Program Checking Historical perspective and recent developments Maria

On Theorem Proving for Program Checking Historical perspective and recent developments Maria

Outline Introduction Where is theorem proving in program checking Inside theorem proving Big and little engines together: a new theorem proving style Decision procedures with speculative inferences Current and future challenges On Theorem

944 views • 69 slides
Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without

Interactive Theorem Proving, Nancy August 22, 2016 Joachim Breitner Karlsruhe Institute of Technology University of Pennsylvania, Philadelphia Visual theorem proving with the Incredible Proof Machine The idea Theorem Proving without Syntax

579 views • 43 slides
Testing, Abstraction, Theorem Proving: Better Together Authors: Greta Yorsh Thomas Ball Mooly

Testing, Abstraction, Theorem Proving: Better Together Authors: Greta Yorsh Thomas Ball Mooly

Testing, Abstraction, Theorem Proving: Better Together Authors: Greta Yorsh Thomas Ball Mooly Sagiv Presenter: Michael Rudolph Seminar Program Analysis and Software Testing University of Freiburg 2016 Motivation Program No Proof no error

1.12k views • 89 slides
Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht

Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht

Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht Course Program Semantics and Verfication 2020, Utrecht University September 21, 2020 Lecture Notes Automated Reasoning by Gerard A.W. Vreeswijk.

609 views • 40 slides
Automated Theorem Proving 2/4: First-Order Theorem Proving A.L. Lamprecht Course Program

Automated Theorem Proving 2/4: First-Order Theorem Proving A.L. Lamprecht Course Program

Automated Theorem Proving 2/4: First-Order Theorem Proving A.L. Lamprecht Course Program Semantics and Verfication 2020, Utrecht University September 23, 2020 Lecture Notes Automated Reasoning by Gerard A.W. Vreeswijk. Available for

1.03k views • 54 slides
Theorem-Proving Environments Nathan Ng CSC2547: Learning to Search Theorem Proving What is a

Theorem-Proving Environments Nathan Ng CSC2547: Learning to Search Theorem Proving What is a

Theorem-Proving Environments Nathan Ng CSC2547: Learning to Search Theorem Proving What is a theorem? Statement proven based on basis of previously established statements Premise: If I attend UofT, I am a student Premise: I attend

375 views • 25 slides
Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA Overview Last Lecture theorem

Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA Overview Last Lecture theorem

Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA Overview Last Lecture theorem proving problems premise selection deep learning for theorem proving state estimation Today automated reasoning learning in classical ATPs

1.18k views • 97 slides
Health Warning Principles, Techniques, Applications Theorem Proving is addictive Gerwin Klein

Health Warning Principles, Techniques, Applications Theorem Proving is addictive Gerwin Klein

W HAT YOU WILL LEARN how to use a theorem prover background, how it works how to prove and specify NICTA Advanced Course Slide 1 Slide 3 Theorem Proving Health Warning Principles, Techniques, Applications Theorem Proving is

262 views • 9 slides
Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA 2019 Computer Theorem Proving

Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA 2019 Computer Theorem Proving

Artificial Intelligence in Theorem Proving Cezary Kaliszyk VTSA 2019 Computer Theorem Proving Computer used to automate reasoning in a logic Traditionally part of artificial intelligence (not machine learning) Field of research since the

1.25k views • 101 slides
Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for

Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for

Formal Verification Methods 4: Theorem Proving Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for general theorem proving Set theory vs. higher-order logic Herbrand-based approaches

475 views • 18 slides
Testing Overview Introduction (Proving and Testing) Types of Testing Unit,

Testing Overview Introduction (Proving and Testing) Types of Testing Unit,

CPSC 310 Software Engineering Testing Overview Introduction (Proving and Testing) Types of Testing Unit, Integration, Regression, System, Acceptance Testing Tactics Functional (Black Box), Structural (White Box)

982 views • 61 slides
Learning theorem proving through self-play Stanisaw Purga Overview AlphaZero Proving

Learning theorem proving through self-play Stanisaw Purga Overview AlphaZero Proving

Learning theorem proving through self-play Stanisaw Purga Overview AlphaZero Proving game adjusting MCTS for proving game some results 2019-10 1 Neural black box game state S move policy expected outcome R n v

455 views • 45 slides
Bellerophon: Tactical Theorem Proving for Hybrid Systems Nathan Fulton , Stefan Mitsch, Brandon

Bellerophon: Tactical Theorem Proving for Hybrid Systems Nathan Fulton , Stefan Mitsch, Brandon

Bellerophon: Tactical Theorem Proving for Hybrid Systems Nathan Fulton , Stefan Mitsch, Brandon Bohrer, Andr Platzer Carnegie Mellon University Cyber-Physical Systems Cyber-Physical Systems combine computation and control. Hybrid Systems

964 views • 68 slides
Saturation-based Theorem Proving and ML Course Machine Learning and Reasoning 2020 MLR 2020 1 1

Saturation-based Theorem Proving and ML Course Machine Learning and Reasoning 2020 MLR 2020 1 1

First-order Logic and Theorem Proving Saturation-based Proving Further Tuning and the Role of Strategies Summary Saturation-based Theorem Proving and ML Course Machine Learning and Reasoning 2020 MLR 2020 1 1 Czech Technical Univeristy in

913 views • 64 slides
Automated Theorem Proving Georg Struth University of She ffi eld Motivation everybody loves my

Automated Theorem Proving Georg Struth University of She ffi eld Motivation everybody loves my

Automated Theorem Proving Georg Struth University of She ffi eld Motivation everybody loves my baby but my baby aint love nobody but me (Doris Day) Overview main goal: we will learn how ATP systems work (in theory) where ATP systems

520 views • 29 slides
Automated Reasoning Systems Resolution Theorem Proving: Prover9 Temur Kutsia RISC, Johannes

Automated Reasoning Systems Resolution Theorem Proving: Prover9 Temur Kutsia RISC, Johannes

Automated Reasoning Systems Resolution Theorem Proving: Prover9 Temur Kutsia RISC, Johannes Kepler University of Linz, Austria kutsia@risc.jku.at Prover9 Automated theorem prover from the Argonne group Successor of Otter Author:

525 views • 17 slides
Mechanical Theorem Proving in Tarskis Geometry. Julien Narboux under the supervision of Hugo

Mechanical Theorem Proving in Tarskis Geometry. Julien Narboux under the supervision of Hugo

Mechanical Theorem Proving in Tarskis Geometry. Julien Narboux under the supervision of Hugo Herbelin LIX, INRIA Futurs, Ecole Polytechnique 31/08/2006, Pontevedra, Spain Outline 1 Interactive proof / Automated theorem proving 2

1.1k views • 73 slides
Proving In fi nite Satis fi ability Peter Baumgartner Joshua Bax Goal Theorem Proving in

Proving In fi nite Satis fi ability Peter Baumgartner Joshua Bax Goal Theorem Proving in

Proving In fi nite Satis fi ability Peter Baumgartner Joshua Bax Goal Theorem Proving in Hierarchic Combinations of Speci fi cations Dis Background theory linear integer arithmetic Data structures ? Conjecture list axioms/arrays

443 views • 15 slides
Theorem Proving and the Real Numbers Applications and Challenges Lawrence C Paulson 1.

Theorem Proving and the Real Numbers Applications and Challenges Lawrence C Paulson 1.

Theorem Proving and the Real Numbers Applications and Challenges Lawrence C Paulson 1. Interactive Theorem Proving A partial, biased history A UTOMATH L. S. van Benthem Jutting, Checking Landaus Grundlagen in the A UTOMATH

920 views • 37 slides
Apply Image-to-Image Translation on Autonomous Driving Systems Testing Presented by Yilin Han,

Apply Image-to-Image Translation on Autonomous Driving Systems Testing Presented by Yilin Han,

Apply Image-to-Image Translation on Autonomous Driving Systems Testing Presented by Yilin Han, Ziyi Chen Deep Neural Networks and Autonomous Driving Systems DeepTest DeepRoad GAN Based Image-to-Image Translator in Unsupervised Manner

522 views • 20 slides
Planning and Theorem Proving Slides by Svetlana Lazebnik, 9/2016 with modifications by Mark

Planning and Theorem Proving Slides by Svetlana Lazebnik, 9/2016 with modifications by Mark

Planning and Theorem Proving Slides by Svetlana Lazebnik, 9/2016 with modifications by Mark Hasegawa-Johnson, 1/2019 CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=18656684 Planning and Theorem Proving Examples Automatic

539 views • 41 slides
Planning and Theorem Proving Slides by Svetlana Lazebnik, 9/2016 with modifications by Mark

Planning and Theorem Proving Slides by Svetlana Lazebnik, 9/2016 with modifications by Mark

Planning and Theorem Proving Slides by Svetlana Lazebnik, 9/2016 with modifications by Mark Hasegawa-Johnson, 2/2020 CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=18656684 Planning and Theorem Proving Examples Automatic

666 views • 40 slides
On deciding satisfiability by DPLL(+ T ) and unsound theorem proving Maria Paola Bonacina 1

On deciding satisfiability by DPLL(+ T ) and unsound theorem proving Maria Paola Bonacina 1

Outline Motivation: reasoning for SW verification Idea: Unsound theorem proving to get decision procedures DPLL( + T ) with UTP: SMT-solver+Superposition+UTP Decision procedures for type systems Discussion On deciding satisfiability by

687 views • 39 slides
Symbolic Computation and Theorem Proving in Program Analysis Laura Kov acs Chalmers

Symbolic Computation and Theorem Proving in Program Analysis Laura Kov acs Chalmers

Symbolic Computation and Theorem Proving in Program Analysis Laura Kov acs Chalmers Specification Program Loop Assertions Verification Conditions Proving Proving Specification Program Loop Assertions Theorem Proving Computer Algebra

916 views • 90 slides

More recommend