| 1. |
- Selvaraj, Yuvaraj, 1990, et al.
(author)
-
Automatically Learning Formal Models: An Industrial Case from Autonomous Driving Development
- 2020
-
In: Proceedings of the ACM/IEEE Joint Conference on Digital Libraries. - New York, NY, USA : ACM. - 1552-5996.
-
Conference paper (peer-reviewed)abstract
- The correctness of autonomous driving software is of utmost importance as incorrect behaviour may have catastrophic consequences. Though formal model-based engineering techniques can help guarantee correctness, challenges exist in widespread industrial adoption. One among them is the model construction problem. Manual construction of formal models is expensive, error-prone, and intractable for large systems. Automating model construction would be a great enabler for the use of formal methods to guarantee software correctness and thereby for safe deployment of autonomous vehicles. Such automated techniques can be beneficial in software design, re-engineering, and reverse engineering. In this industrial case study, we apply active learning techniques to obtain formal models from an existing autonomous driving software (in development) implemented in MATLAB. We demonstrate the feasibility of active automata learning algorithms for automotive industrial use. Furthermore, we discuss the practical challenges in applying automata learning and possible directions for integrating automata learning into automotive software development workflow.
|
|
| 2. |
- Selvaraj, Yuvaraj, 1990, et al.
(author)
-
Verification of Decision Making Software in an Autonomous Vehicle: An Industrial Case Study
- 2019
-
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 11687, s. 143-159
-
Conference paper (peer-reviewed)abstract
- Correctness of autonomous driving systems is crucial as incorrect behaviour may have catastrophic consequences. Many different hardware and software components (e.g. sensing, decision making, actuation, and control) interact to solve the autonomous driving task, leading to a level of complexity that brings new challenges for the formal verification community. Though formal verification has been used to prove correctness of software, there are significant challenges in transferring such techniques to an agile software development process and to ensure widespread industrial adoption. In the light of these challenges, the identification of appropriate formalisms, and consequently the right verification tools, has significant impact on addressing them. In this paper, we evaluate the application of different formal techniques from supervisory control theory, model checking, and deductive verification to verify existing decision and control software (in development) for an autonomous vehicle. We discuss how the verification objective differs with respect to the choice of formalism and the level of formality that can be applied. Insights from the case study show a need for multiple formal methods to prove correctness, the difficulty to capture the right level of abstraction to model and specify the formal properties for the verification objectives.
|
|
| 3. |
- Ramezani, Zahra, 1988, et al.
(author)
-
Multiple Objective Functions for Falsification of Cyber-Physical Systems
- 2020
-
In: IFAC-PapersOnLine. - : Elsevier BV. - 2405-8963. ; 53:4, s. 417-422
-
Conference paper (peer-reviewed)abstract
- Cyber-physical systems are typically safety-critical, thus it is crucial to guarantee that they conform to given specifications, that are the properties that the system must fulfill. Optimization-based falsification is a model-based testing method to find counterexamples of the specifications. The main idea is to measure how far away a specification is from being broken, and to use an optimization procedure to guide the testing towards falsification. The efficiency of the falsification is affected by the objective function used to evaluate the test results; different objective functions are differently efficient for different types of problems. However, the efficiency of various objective functions is not easily determined beforehand. This paper evaluates the efficiency of using multiple objective functions in the falsification process. The hypothesis is that this will, in general, be more efficient, meaning that it falsifies a system in fewer iterations, than just applying a single objective function to a specific problem. Two objective functions are evaluated, Max, Additive, on a set of benchmark problems. The evaluation shows that using multiple objective functions can reduce the number of iterations necessary to falsify a property.
|
|
| 4. |
- Selvaraj, Yuvaraj, 1990, et al.
(author)
-
On How to Not Prove Faulty Controllers Safe in Differential Dynamic Logic
- 2022
-
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 13478, s. 281-297
-
Conference paper (peer-reviewed)abstract
- Cyber-physical systems are often safety-critical and their correctness is crucial, as in the case of automated driving. Using formal mathematical methods is one way to guarantee correctness. Though these methods have shown their usefulness, care must be taken as modeling errors might result in proving a faulty controller safe, which is potentially catastrophic in practice. This paper deals with two such modeling errors in differential dynamic logic. Differential dynamic logic is a formal specification and verification language for hybrid systems, which are mathematical models of cyber-physical systems. The main contribution is to prove conditions that when fulfilled, these two modeling errors cannot cause a faulty controller to be proven safe. The problems are illustrated with a real world example of a safety controller for automated driving, and it is shown that the formulated conditions have the intended effect both for a faulty and a correct controller. It is also shown how the formulated conditions aid in finding a loop invariant candidate to prove properties of hybrid systems with feedback loops. The results are proven using the interactive theorem prover KeYmaera X.
|
|
| 5. |
- Selvaraj, Yuvaraj, 1990, et al.
(author)
-
Supervisory Control Theory in System Safety Analysis
- 2020
-
In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). - Cham : Springer International Publishing. - 1611-3349 .- 0302-9743. ; 12235, s. 9-22
-
Conference paper (peer-reviewed)abstract
- Development of safety critical systems requires a risk management strategy to identify and analyse hazards, and apply necessary actions to eliminate or control them as malfunctions could be catastrophic. Fault Tree Analysis (FTA) is one of the most widely used methods for safety analysis in industrial use. However, the standard FTA is manual, informal, and limited to static analysis of systems. In this paper, we present preliminary results from a model-based approach to address these limitations using Supervisory Control Theory. Taking an example from the Fault Tree Handbook, we present a systematic approach to incrementally obtain formal models from a fault tree and verify them in the tool Supremica. We present a method to calculate minimal cut sets using our approach. These compositional techniques could potentially be very beneficial in the safety analysis of highly complex safety critical systems, where several components interact to solve different tasks.
|
|
| 6. |
- Farooqui, Ashfaq Hussain, 1990, et al.
(author)
-
Towards Automatic Learning of Discrete-Event Models from Simulations
- 2018
-
In: IEEE International Conference on Automation Science and Engineering. - 2161-8070 .- 2161-8089. ; 2018-August, s. 857-862
-
Conference paper (peer-reviewed)abstract
- Model-based techniques are, these days, being embraced by the manufacturing industry in their development frameworks. While model-based approaches allow for offline verification and validation before physical commissioning, and have other advantages over existing methods, they do have their own challenges. Firstly, models are typically created manually and hence are prone to errors. Secondly, once a model is created, tested, and put into use on the factory floor, there is an added effort required to maintain and update it. This paper is a preliminary study of the feasibility of automatically obtaining formal models from virtual simulations. We apply the foundational algorithm from the active automata learning community to study the requirements and enhancements needed to be able to derive discrete event models from virtual simulations. An abstract model in the form of operations is learned by applying this algorithm on a simulation model composed of discrete operations. While a major bottleneck to be solved is the generation of counterexamples, the results seem promising to apply model learning in practice.
|
|
| 7. |
|
|
| 8. |
|
|
| 9. |
- Adlemo, Anders, 1957, et al.
(author)
-
Towards a True Flexible Manufacturing System
- 1994
-
In: Proc of the 10th ISPE/IFAC Int. Conference on CAD/CAM, Robotics and Factories of the Future, CARS & FOF '94, Ottawa, Canada. ; , s. 401-410
-
Conference paper (peer-reviewed)
|
|
| 10. |
|
|
