Linghe Kong,Dawei Jiang,Min-You Wu

DOI: https://doi.org/10.1109/icdcs.2010.52

2010-01-01

Abstract:Cyber-physical systems (CPS) bridge the virtual cyber world with the real physical world. For representing a physical environment in cyber, CPS devices / nodes are assigned to collect data in a region of interest. In practice, the nodes seldom fully cover the region due to the restriction of quantity and cost. Hence, the sampled data are usually inadequate to describe the holistic environment. Recent researches mainly focus on the interpolation methods to generate an approximating model from the raw data. However, in this paper, we propose to study the spatio-temporal distribution of CPS nodes in order to obtain the crucial data for optimal environment abstraction. There are two target problems. First, when the environment changes little over time, what is the optimal spatial distribution of stationary nodes based on historical data? Second, when the environment is time-varying, what is the adaptive spatio-temporal distribution of mobile nodes? We show the NP hardness of the former problem and propose an approximation algorithm. For the latter problem, we develop a cooperative movement algorithm on nodes for achieving a curvature-weighted distribution pattern. A trace driven simulation based on real data of GreenOrbs project evaluates the performance of the proposed approaches.

Jingyi Wang,Jun Sun,Shengchao Qin,Cyrille Jegourel

DOI: https://doi.org/10.1109/tse.2018.2886898

IF: 7.4

2018-01-01

IEEE Transactions on Software Engineering

Abstract:Precisely modeling complex systems like cyber-physical systems is challenging, which often renders model-based system verification techniques like model checking infeasible. To overcome this challenge, we propose a method called LAR to automatically ‘verify’ such complex systems through a combination of learning, abstraction and refinement from a set of system log traces. We assume that log traces and sampling frequency are adequate to capture ‘enough’ behaviour of the system. Given a safety property and the concrete system log traces as input, LAR automatically learns and refines system models, and produces two kinds of outputs. One is a counterexample with a bounded probability of being spurious. The other is a probabilistic model based on which the given property is ‘verified’. The model can be viewed as a proof obligation, i.e., the property is verified if the model is correct. It can also be used for subsequent system analysis activities like runtime monitoring or model-based testing. Our method has been implemented as a self-contained software toolkit. The evaluation on multiple benchmark systems as well as a real-world water treatment system shows promising results.

Meiyi Ma,Ezio Bartocci,Eli Lifland,John Stankovic,Lu Feng

DOI: https://doi.org/10.48550/arXiv.2104.04904

2021-04-11

Abstract:With the development of the Internet of Things, millions of sensors are being deployed in cities to collect real-time data. This leads to a need for checking city states against city requirements at runtime. In this paper, we develop a novel spatial-temporal specification-based monitoring system for smart cities. We first describe a study of over 1,000 smart city requirements, some of which cannot be specified using existing logic such as Signal Temporal Logic (STL) and its variants. To tackle this limitation, we develop SaSTL -- a novel Spatial Aggregation Signal Temporal Logic -- for the efficient runtime monitoring of safety and performance requirements in smart cities. We develop two new logical operators in SaSTL to augment STL for expressing spatial aggregation and spatial counting characteristics that are commonly found in real city requirements. We define Boolean and \newcontent{quantitative semantics}~for SaSTL in support of the analysis of city performance across different periods and locations. We also develop efficient monitoring algorithms that can check a SaSTL requirement in parallel over multiple data streams (e.g., generated by multiple sensors distributed spatially in a city). Additionally, we build a SaSTL-based monitoring tool to support decision making of different stakeholders to specify and runtime monitor their requirements in smart cities. We evaluate our SaSTL monitor by applying it to three case studies with large-scale real city sensing data (e.g., up to 10,000 sensors in one study). The results show that SaSTL has a much higher coverage expressiveness than other spatial-temporal logic, and with a significant reduction of computation time for monitoring requirements. We also demonstrate that the SaSTL monitor improves the safety and performance of smart cities via simulated experiments.

Software Engineering,Formal Languages and Automata Theory

Xiaohong Chen,Ling Yin,Yijun Yu,Zhi Jin

DOI: https://doi.org/10.1007/978-3-319-68690-5_4

2017-01-01

Abstract:The timing requirements of embedded cyber-physical systems (CPS) constrain CPS behaviors made by scheduling analysis. Lack of physical entity properties modeling and the need of scheduling analysis require a systematic approach to specify timing requirements of CPS at the early phase of requirements engineering. In this work, we extend the Problem Frames notations to capture timing properties of both cyber and physical domain entities into Clock Constraint Specification Language (CCSL) constraints which is more explicit that LTL for scheduling analysis. Interpreting them using operational semantics as finite state machines, we are able to transform these timing requirements into CCSL scheduling constraints, and verify their consistency on NuSMV. Our TimePF tool-supported approach is illustrated through the verification of timing requirements for a representative problem in embedded CPS.

N. Halbwachs,P. Caspi,P. Raymond,D. Pilaud

DOI: https://doi.org/10.1109/5.97300

IF: 20.6

1991-01-01

Proceedings of the IEEE

Abstract:The authors describe LUSTRE, a data flow synchronous language designed for programming reactive systems-such as automatic control and monitoring systems-as well as for describing hardware. The data flow aspect of LUSTRE makes it very close to usual description tools in these domains (block-diagrams, networks of operators, dynamical sample-systems, etc.), and its synchronous interpretation makes it well suited for handling time in programs. Moreover, this synchronous interpretation allows it to be compiled into an efficient sequential program. The LUSTRE formalism is very similar to temporal logics. This allows the language to be used for both writing programs and expressing program properties, which results in an original program verification methodology.<>

engineering, electrical & electronic

Hongkai Chen,Scott A. Smolka,Nicola Paoletti,Shan Lin

DOI: https://doi.org/10.48550/arXiv.2211.02794

2022-11-05

Abstract:We present ResilienC, a framework for resilient control of Cyber-Physical Systems subject to STL-based requirements. ResilienC utilizes a recently developed formalism for specifying CPS resiliency in terms of sets of $(\mathit{rec},\mathit{dur})$ real-valued pairs, where $\mathit{rec}$ represents the system's capability to rapidly recover from a property violation (recoverability), and $\mathit{dur}$ is reflective of its ability to avoid violations post-recovery (durability). We define the resilient STL control problem as one of multi-objective optimization, where the recoverability and durability of the desired STL specification are maximized. When neither objective is prioritized over the other, the solution to the problem is a set of Pareto-optimal system trajectories. We present a precise solution method to the resilient STL control problem using a mixed-integer linear programming encoding and an a posteriori $\epsilon$-constraint approach for efficiently retrieving the complete set of optimally resilient solutions. In ResilienC, at each time-step, the optimal control action selected from the set of Pareto-optimal solutions by a Decision Maker strategy realizes a form of Model Predictive Control. We demonstrate the practical utility of the ResilienC framework on two significant case studies: autonomous vehicle lane keeping and deadline-driven, multi-region package delivery.

Systems and Control

Feng Tan,Yufei Wang,Qixin Wang,Lei Bu,Rong Zheng,Neeraj Suri

DOI: https://doi.org/10.1109/dsn.2013.6575357

2013-01-01

Abstract:Cyber-Physical Systems (CPS) integrate discrete-time computing and continuous-time physical-world entities, which are often wirelessly interlinked. The use of wireless safety critical CPS (control, healthcare etc.) requires safety guarantees despite communication faults. This paper focuses on one important set of such safety rules: Proper-Temporal-Embedding (PTE). Our solution introduces hybrid automata to formally describe and analyze CPS design patterns. We propose a novel lease based design pattern, along with closed-form configuration constraints, to guarantee PTE safety rules under arbitrary wireless communication faults. We propose a formal methodology to transform the design pattern hybrid automata into specific wireless CPS designs. This methodology can effectively isolate physical world parameters from affecting the PTE safety of the resultant specific designs. We conduct a case study on laser tracheotomy wireless CPS to show that the resulting system is safe and can withstand communication disruptions.

Sara Mohammadinejad,Jyotirmy V. Deshmukh,Laura Nenzi

DOI: https://doi.org/10.48550/arXiv.2106.08548

2021-06-16

Abstract:The Internet-of-Things, complex sensor networks, multi-agent cyber-physical systems are all examples of spatially distributed systems that continuously evolve in time. Such systems generate huge amounts of spatio-temporal data, and system designers are often interested in analyzing and discovering structure within the data. There has been considerable interest in learning causal and logical properties of temporal data using logics such as Signal Temporal Logic (STL); however, there is limited work on discovering such relations on spatio-temporal data. We propose the first set of algorithms for unsupervised learning for spatio-temporal data. Our method does automatic feature extraction from the spatio-temporal data by projecting it onto the parameter space of a parametric spatio-temporal reach and escape logic (PSTREL). We propose an agglomerative hierarchical clustering technique that guarantees that each cluster satisfies a distinct STREL formula. We show that our method generates STREL formulas of bounded description complexity using a novel decision-tree approach which generalizes previous unsupervised learning techniques for Signal Temporal Logic. We demonstrate the effectiveness of our approach on case studies from diverse domains such as urban transportation, epidemiology, green infrastructure, and air quality monitoring.

Machine Learning

Jiawan Wang,Wenxia Liu,Muzimiao Zhang,Jiaqi Wei,Yuhui Shi,Lei Bu,Xuandong Li

DOI: https://doi.org/10.1007/978-3-031-65633-0_15

2024-01-01

Abstract:Cyber-physical systems (CPSs) are used in many safety-critical areas, making it crucial to ensure their safety. However, with CPSs increasingly dynamically deployed and reconfigured during run-time, their safety analysis becomes challenging. For one thing, reconfigurable CPSs usually consist of multiple agents dynamically connected during runtime. Their highly dynamic system topologies are too intricate for traditional modeling languages, which, in turn, hinders formal analysis. For another, due to the growing size and uncertainty of reconfigurable CPSs, their system models can be huge and even unavailable at design time. This calls for runtime analysis approaches with better scalability and efficiency. To address these challenges, we propose a scenario-based hierarchical modeling language for reconfigurable CPS. It provides template models for agent inherent features, together with an instantiation mechanism to activate single agent's runtime behavior, communication configurations for multiple agents' connected behaviors, and scenario task configurations for their dynamic topologies. We also present a path-oriented falsification approach to falsify system requirements. It employs classification-model-based optimization to explore search space effectively and cut unnecessary system simulations and robustness calculations for efficiency. Our modeling and falsification are implemented in a tool called SNIFF. Experiments have shown that it can largely reduce modeling time and improve modeling accuracy, and perform scalable CPS falsification with high success rates in seconds.

Céline Bellanger,Pierre-Loïc Garoche,Matthieu Martel,Célia Picard

DOI: https://doi.org/10.4204/EPTCS.395.14

2023-11-16

Abstract:Signal Temporal Logic (STL) is a convenient formalism to express bounded horizon properties of autonomous critical systems. STL extends LTL to real-valued signals and associates a non-singleton bound interval to each temporal operators. In this work we provide a rigorous encoding of non-nested discrete-time STL formulas into Lustre synchronous observers. Our encoding provides a three-valued online semantics for the observers and therefore enables both the verification of the property and the search of counter-examples. A key contribution of this work is an instrumented proof of the validity of the implementation. Each node is proved correct with respect to the original STL semantics. All the experiments are automated with the Kind2 model-checker and the Z3 SMT solver.

Logic in Computer Science

Xiong Xu,Shuling Wang,Bohua Zhan,Xiangyu Jin,Naijun Zhan,Jean-Pierre Talpin

DOI: https://doi.org/10.1145/3631483.3631487

2023-10-30

ACM SIGAda Ada Letters

Abstract:The design of safety-critical cyber-physical systems (CPSs) involve several dimensions, including physics, hardware rchitecture and software functionality. It is desirable to design CPSs by taking these issues into account uniformly and yet, few existing design workflows support this aim. For instance, AADL is an architecturecentric modelling formalism for CPSs, which focuses on modelling architecture and prototyping real-time hardware platforms, but it delegates physical and software behavioral models to so-called annexes. By contrast, Simulink/Stateflow (S/S) focuses on modelling interacting physical and software behaviors, but does not render the non-functional characteristics of their hardware platforms. To address this issue, in [1], we proposed the combination of AADL and S/S, called AADL S/S, to comodel CPSs and presented a method to uniformly analyse and verify them. AADL S/S provides a unified graphical co-modelling environment for CPS design and supports simulation through C code generation. Also, [1] presented a formal semantics of AADL S/S by translation to Hybrid Communicating Sequential Processes (HCSP), yielding a deductive verification framework of the combined models using Hybrid Hoare Logic (HHL). Additionally, [1] proved the correctness of the translation of AADL S/S to HCSP.

Heinz Schmidt,Peter Herrmann,Maria Spichkova,James Harland,Ian Peake,Ergys Puka

2024-10-18

Abstract:Many very large-scale systems are networks of cyber-physical systems in which humans and autonomous software agents cooperate. To make the cooperation safe for the humans involved, the systems have to follow protocols with rigid real-time and real-space properties, but they also need to be capable of making competitive and collaborative decisions with varying rewards and penalties. Due to these tough requirements, the construction of system control software is often very difficult. This calls for applying a model-based engineering approach, which allows one to formally express the time and space properties and use them as guidance for the whole engineering process from requirement definition via system design to software development. Moreover, it is beneficial, if one can verify with acceptable effort, that the time and space requirements are preserved throughout the development steps. This paper focuses on modelling spatio-temporal properties and their model-checking and simulation using different analysis tools in combination with the methods and tool extensions proposed here. To this end, we provide an informal overview of CASTeL, our CASTeLogic. CASTeL is stochastic and includes real-time concurrency and real-space distribution.

Software Engineering

Gan Yuanke,Zhang Lingbo,Shi Gang,Wang Shengyuan,Dong Yuan,Zhang Zhihui,Wang Yanhai

DOI: https://doi.org/10.3969/j.issn.1000-386x.2014.05.001

2014-01-01

Abstract:Lustre is a synchronous data-flow language which is widely applied in nuclear power and aviation,all are in the areas with high credibility.The safety of the compiler will be significantly improved by applying the formal verification approach to implementing the translation from Lustre to C and proving its procedure.Because the Lustre program executes concurrently,the causality analysis and sequentialisation on it is necessary.In the paper,we implement a credible sorting procedure for Lustre program,which is completed by in the first formally defining the property of topological sorting and the Lustre semantics in associate layers with Coq tool,doing the causality analysis and sorting on Lustre program,then proving that a sorted Lustre program fulfils the property of topological sorting,and finally proving that any two Lustre programs both of which satisfying the property of topological sorting are semantically equivalent in execution.

Kun Wang,Jingyi Wang,Christopher M. Poskitt,Xiangxiang Chen,Jun Sun,Peng Cheng

DOI: https://doi.org/10.1109/TSE.2023.3315292

2023-09-12

Abstract:Programmable Logic Controllers (PLCs) are responsible for automating process control in many industrial systems (e.g. in manufacturing and public infrastructure), and thus it is critical to ensure that they operate correctly and safely. The majority of PLCs are programmed in languages such as Structured Text (ST). However, a lack of formal semantics makes it difficult to ascertain the correctness of their translators and compilers, which vary from vendor-to-vendor. In this work, we develop K-ST, a formal executable semantics for ST in the K framework. Defined with respect to the IEC 61131-3 standard and PLC vendor manuals, K-ST is a high-level reference semantics that can be used to evaluate the correctness and consistency of different ST implementations. We validate K-ST by executing 509 ST programs extracted from Github and comparing the results against existing commercial compilers (i.e., CODESYS, CX-Programmer, and GX Works2). We then apply K-ST to validate the implementation of the open source OpenPLC platform, comparing the executions of several test programs to uncover five bugs and nine functional defects in the compiler.

Programming Languages,Software Engineering

Eun-Young Kang,Li Huang

DOI: https://doi.org/10.48550/arXiv.1806.07702

2018-06-20

Software Engineering

Abstract:Modeling and analysis of timing constraints is crucial in automotive systems. EAST-ADL is a domain specific architectural language dedicated to safety-critical automotive embedded system design. In most cases, a bounded number of violations of timing constraints in systems would not lead to system failures when the results of the violations are negligible, called Weakly-Hard (WH). We have previously specified EAST-ADL timing constraints in Clock Constraint Specification Language (CCSL) and transformed timed behaviors in CCSL into formal models amenable to model checking. Previous work is extended in this paper by including support for probabilistic analysis of timing constraints in the context of WH: Probabilistic extension of CCSL, called PrCCSL, is defined and the EAST-ADL timing constraints with stochastic properties are specified in PrCCSL. The semantics of the extended constraints in PrCCSL is translated into Proof Objective Models that can be verified using SIMULINK DESIGN VERIFIER. Furthermore, a set of mapping rules is proposed to facilitate guarantee of translation. Our approach is demonstrated on an autonomous traffic sign recognition vehicle case study.

Jesse Reimann,Nico Mansion,James Haydon,Benjamin Bray,Agnishom Chattopadhyay,Sota Sato,Masaki Waga,Étienne André,Ichiro Hasuo,Naoki Ueda,Yosuke Yokoyama

DOI: https://doi.org/10.1145/3605098.3636014

2024-03-28

Abstract:As the development of autonomous vehicles progresses, efficient safety assurance methods become increasingly necessary. Safety assurance methods such as monitoring and scenario-based testing call for formalisation of driving scenarios. In this paper, we develop a temporal-logic formalisation of an important class of critical scenarios in the ISO standard 34502. We use signal temporal logic (STL) as a logical formalism. Our formalisation has two main features: 1) modular composition of logical formulas for systematic and comprehensive formalisation (following the compositional methodology of ISO 34502); 2) use of the RSS distance for defining danger. We find our formalisation comes with few parameters to tune thanks to the RSS distance. We experimentally evaluated our formalisation; using its results, we discuss the validity of our formalisation and its stability with respect to the choice of some parameter values.

Robotics,Logic in Computer Science

Yan Zhang,Xiangwei Liu,Jin Shi,Tian Zhang,Zhuzhong Qian

DOI: https://doi.org/10.1109/IMIS.2014.8

2014-01-01

Abstract:Cyber-Physical Systems (CPS) play an important role in the safety-critical systems. It is very significant to verify whether some concerned behaviors exist in a CPS. Hybrid interface automata, extension of a non-hybrid version, are used to model a CPS. A scenario, described by MARTE sequence diagram, specifies the concerned behaviors. An algorithm is given for bounded checking the behavioral nonexistent consistency, namely, the behaviors specified by a scenario all do not exist in a hybrid interface automaton. The idea of the algorithm is, firstly, encoding the behavioral nonexistent consistency to an unconstrained dynamic programming, secondly, solving the unconstrained dynamic programming by a genetic algorithm. The algorithm can search the results on the real domain, and be applied to nonlinear as well as linear hybrid systems.

Changjian Zhang,Parv Kapoor,Romulo Meira-Goes,David Garlan,Eunsuk Kang,Akila Ganlath,Shatadal Mishra,Nejib Ammar

2024-03-26

Abstract:The adoption of cyber-physical systems (CPS) is on the rise in complex physical environments, encompassing domains such as autonomous vehicles, the Internet of Things (IoT), and smart cities. A critical attribute of CPS is robustness, denoting its capacity to operate safely despite potential disruptions and uncertainties in the operating environment. This paper proposes a novel specification-based robustness, which characterizes the effectiveness of a controller in meeting a specified system requirement, articulated through Signal Temporal Logic (STL) while accounting for possible deviations in the system. This paper also proposes the robustness falsification problem based on the definition, which involves identifying minor deviations capable of violating the specified requirement. We present an innovative two-layer simulation-based analysis framework designed to identify subtle robustness violations. To assess our methodology, we devise a series of benchmark problems wherein system parameters can be adjusted to emulate various forms of uncertainties and disturbances. Initial evaluations indicate that our falsification approach proficiently identifies robustness violations, providing valuable insights for comparing robustness between conventional and reinforcement learning (RL)-based controllers

Systems and Control,Logic in Computer Science,Software Engineering

Lars Lindemann,George J. Pappas,Dimos V. Dimarogonas

DOI: https://doi.org/10.48550/arXiv.2108.13490

2021-08-31

Abstract:The deployment of autonomous systems in uncertain and dynamic environments has raised fundamental questions. Addressing these is pivotal to build fully autonomous systems and requires a systematic integration of planning and control. We first propose reactive risk signal interval temporal logic (ReRiSITL) as an extension of signal temporal logic (STL) to formulate complex spatiotemporal specifications. Unlike STL, ReRiSITL allows to consider uncontrollable propositions that may model humans as well as random environmental events such as sensor failures. Additionally, ReRiSITL allows to incorporate risk measures, such as (but not limited to) the Conditional Value-at-Risk, to measure the risk of violating certain spatial specifications. Second, we propose an algorithm to check if an ReRiSITL specification is satisfiable. For this purpose, we abstract the ReRiSITL specification into a timed signal transducer and devise a game-based approach. Third, we propose a reactive planning and control framework for dynamical control systems under ReRiSITL specifications.

Systems and Control,Formal Languages and Automata Theory,Logic in Computer Science