The Rare Glitch Project: Verification Tools for Embedded Systems

1
The Rare Glitch ProjectVerification Tools for
Embedded Systems
Ed Clarke, David Garlan, Bruce Krogh, Reid
Simmons, Jeannette Wing

• Carnegie Mellon UniversityPittsburgh, PA

2
Embedded Systems

• They are highly distributed, multi-task,
  concurrent real-time systems.
• They control increasingly sophisticated physical
  systems.
• They operate with increasing autonomy under
  adverse and unpredictable conditions.
• They eventually will be seamlessly woven into the
  fabric of our everyday lives.

3
Verification

• Grand Challenge
• To ensure the correctness of these embedded
  systems as they operate in increasingly complex
  environmentsfor the safety and good of the
  general public.
• Opportunity
• State of the art verification tools are well
  suited for control systems.
• Embedded systems have narrow hardware/software
  interface.
• Embedded systems architectures are simpler and
  more regular.
• Feasibility
• We are not trying to solve the whole verification
  problem, but one for a class of systems for which
  we believe we can make the next big success
  story.

4
Our Long-Term Vision

• To provide design engineers with lightweight
  push-button tools, each checking a specific
  application-specific property.

Check Restart
Check Fuel usage
Check Race
Check Powerusage
Check Deadlock
5
Three Main Thrusts of Our Project

• Verifying system integrity
• Synchronization constraints
• Resource constraints
• Real-time constraints
• Modeling the environment
• Hybrid dynamics
• Stochastic models
• Usability
• Extracting models
• Explaining tool feedback

system
environment
6
Technical Challenges

• Interleavings of multiple task executions
• Inter-task dependencies and synchronization
  requirements
• System resource constraints
• Hard real-time constraints
• Interactions with complex physical dynamic
  systems
• Adverse, unpredictable environments
• Stringent requirements for autonomy, fault
  tolerance, and survivability

7
Technical Approach
Embedded System
Environment
8
Cross-Cutting Themes

• Exploit model checking techniques and tools.
• Focus on the task level.
• Incorporate continuous domains in our models.

9
Verifying System Integrity

• Synchronization constraints
• Publish-subscribe architecture
• Cyclic-tasks with shared variables
• Research question How can we reason about their
  aggregate behavior?
• Resource constraints
• Continuous, consumable (e.g., fuel) and renewable
  (e.g., bandwidth, disk space) resources
• Research question How should we specify and
  verify resource constraints?
• Real-time constraints
• Quantitative timing analysis
• Research questions How can we extend this
  technique to continuous time? How can we deal
  with dynamic process creation and deletion?

10
Modeling the Environment

• Hybrid dynamics
• Dealing with both discrete and continuous state
  variables
• Research question How can we automate and scale
  differential equations models for large systems?
• Stochastic models
• Dealing with uncertainty, unpredictability
• Using continuous variables (e.g., probabilities)
  for reliability and cost-benefit analyses
• Research questions How can we handle dependent
  events, cascading of events? Both
  nondeterministic and probabilistic state
  transitions?

11
Usability

• Extracting models
• Synchronization skeletons
• Translators for task execution languages
• Research question How can we balance
  expressibility of languages with efficiency of
  verification and user-friendliness?
• Explaining verification tool results
• Adopt AI techniques to explain counterexamples
  for task executive programs.
• Develop techniques to view and browse the
  temporal evolution of counterexamples.
• Research question How can we create virtual
  execution traces that can be used by existing
  visualization tools?

12
The Rare Glitch Tool Suite
Checkers and Provers
Analysis Engines
Specification and Modeling Languages
13
Preliminary Planning

• Technical
• So far Technical presentations of our current
  work
• To do
• Identification of case studies
• Identification of common group project
• Continue to pursue existing two-way and three-way
  collaborations
• Administrative
• Weekly project meetings, project name, project
  web page

14
Project Administration

• Principal Investigators
• Ed Clarke, David Garlan, Bruce Krogh, Reid
  Simmons, Jeannette Wing (POC)
• Industrial connections
• Honeywell Technology Center
• CMU High Dependability Computing Consortium
• Years 3 and 5
• Hold workshops for technical exchange with
  industry

15
Preview of This Afternoons Talks

• Ed Clarke
• Verifying Bus Protocol Standards for Embedded
  Systems
• Bruce Krogh
• Model Checking for Hybrid Systems
• Jeannette Wing
• Scenario Graph Generation and MDP-Based Analysis
• David Garlan
• Model Checking Publish-Subscribe Software
  Architectures