Samuel J. Ellis,Eric R. Henderson,Titus H. Klinge,James I. Lathrop,Jack H. Lutz,Robyn R. Lutz,Divita Mathur,Andrew S. Miner

DOI: https://doi.org/10.1145/2642937.2643007

2014-09-15

Abstract:Dynamic systems in DNA nanotechnology are often programmed using a chemical reaction network (CRN) model as an intermediate level of abstraction. In this paper, we design and analyze a CRN model of a watchdog timer, a device commonly used to monitor the health of a safety critical system. Our process uses incremental design practices with goal-oriented requirements engineering, software verification tools, and custom software to help automate the software engineering process. The watchdog timer is comprised of three components: an absence detector, a threshold filter, and a signal amplifier. These components are separately designed and verified, and only then composed to create the molecular watchdog timer. During the requirements-design iterations, simulation, model checking, and analysis are used to verify the system. Using this methodology several incomplete requirements and design flaws were found, and the final verified model helped determine specific parameters for biological experiments.

Shimin Chen,Babak Falsafi,Phillip B. Gibbons,Michael Kozuch,Todd C. Mowry,Radu Teodorescu,Anastassia Ailamaki,Limor Fix,Gregory R. Ganger,Bin Lin,Steven W. Schlosser

DOI: https://doi.org/10.1145/1181309.1181319

2006-01-01

Abstract:Runtime monitoring tools are invaluable for detecting various types of bugs, in both sequential and multi-threaded programs. However, these tools often slow down the monitored program by an order of magnitude or more [4], implying that the tools are ill-suited for always-on monitoring of deployed code. Fortunately, the emergence of chip multiprocessors as a dominant computing platform means that resources are available on-chip to assist in monitoring tasks. In this brief note, we advocate Log-Based Architectures (LBA) that exploit such on-chip resources in order to dramatically reduce the overhead of runtime program monitoring. Specifically, we propose adding hardware support for logging a main program's trace and delivering it to another (otherwise idle) processing core for inspection. A life-guard program running on this other core executes the desired monitoring task.

Jack H. Lutz,Neil Lutz,Robyn R. Lutz,Matthew R. Riley

DOI: https://doi.org/10.1109/icse-nier.2019.00025

2019-05-01

Abstract:Matter, especially DNA, is now programmed to carry out useful processes at the nanoscale. As these programs and processes become more complex and their envisioned safety-critical applications approach deployment, it is essential to develop methods for engineering trustworthiness into molecular programs. Some of this can be achieved by adapting existing software engineering methods, but molecular programming also presents new challenges that will require new methods. This paper presents a method for dealing with one such challenge, namely, the difficulty of ascertaining how robust a molecular program is to perturbations of the relative “clock speeds” of its various reactions. The method proposed here is game-theoretic. The robustness of a molecular program is quantified in terms of its ability to win (achieve its original objective) in games against other molecular programs that manipulate its relative clock speeds. This game-theoretic approach is general enough to quantify the security of a molecular program against malicious manipulations of its relative clock speeds. However, this preliminary report focuses on games against nature, games in which the molecular program's opponent perturbs clock speeds randomly (indifferently) according to the probabilities inherent in chemical kinetics.

Zhiwei Wang

2009-01-01

Abstract:Analog and mixed signal (AMS) circuits play an important role in system on chip designs. They pose, however, many challenges in the verification of the overall system due to their complex behaviors and expensive consumption of simulation resources. Besides functionality, AMS systems also suffer from stochastic processes such as random noise which exhibits statistical properties. Among many developed verification techniques, runtime verification has been shown to be effective by experimenting finite executions instead of going through the whole state space. In this thesis, we propose a methodology for the verification of AMS designs using functional and statistical runtime verification. Functional runtime verification is used to check the functional behavior of the AMS design. A system of recurrence equation (SRE) is used to model the AMS design and construct a functional property monitor. This functional runtime verification is carried out in an online fashion. Statistical runtime verification is used to verify the statistical properties of the AMS design. Hypothesis test, which is a method to make statistical decisions about rejecting or accepting some statement about the information of a sample, is used to verify the statistical properties. We use Monte Carlo simulation for the hypothesis test and for evaluating its performance. The proposed methodology is applied to a phase lock loop based frequency synthesizer where several functional properties and stochastic noise properties are verified.

Xing Gao,Ming-Hong Liao,Xiang-Hu Wu,Chao-Yong Li

DOI: https://doi.org/10.1108/00022660910926863

2009-01-01

Abstract:PurposeThe purpose of this paper is to present a novel algorithm to handle space environment induced errors in the space‐robot software.Design/methodology/approachThe radiations in outer space may induce transient errors in micro‐processors, this phenomena will make software behavior unpredictable, and the existing software fault tolerance methods have been restricted in non‐multi‐threaded operation systems, non‐component‐based frameworks, non‐cacheable micro‐processors, non‐distributed environments, etc. A software model for space‐robot software, based on adaptive redundancy, is developed and a corresponding run‐time error detection algorithm is presented in this paper. Software was monitored and run‐time transient error would be detected and processed.FindingsExperiments indicate that this method introduces about 30‐35 percent time overhead and about 200‐230 percent memory overhead. It also increases the fault detection rate to 84‐92.5 percent. Moreover, the model and algorithm is effective in a realistic space robot environment.Originality/valueA redundancy model is developed and an error detection algorithm is introduced in this paper. Experiments demonstrate it can provide space‐robot software with good protection against the radiation induced transient errors.

Tao CHEN,M WANG

DOI: https://doi.org/10.3969/j.issn.1673-629X.2019.02.006

2019-01-01

Abstract:Runtime verification is a new lightweight automatic verification technique.The verification software used in this technology is composed of two parts:one part is the monitored target program;the other is the monitor.The main idea of the runtime verification method based on formalized language is to input a formal specification syntax that represents events and properties and target program, and output a new program.The new program with inserting pile will execute the corresponding function to judge whether it satisfies the formal specification grammar when it meets the point that needs to be monitored.However, when the traditional single thread runtime verification monitor has many properties that the target program needs to monitor, the regenerated program may slow down the performance of the program because of the more specified nature.In this paper, we optimize the prototype tool Movec by using multi-core parallel technology.Through the way of serial program monitor assigned to multithreading, Clang compiler's piling technology and multi-core task allocation method have realized the optimization of Movec prototype tools.The optimized Movec is compared with the experimental data without the improved tools, which shows that the multithread operation method has a better effect.

Muhammad Taimoor Khan,Martin Pinzger,Dimitrios Serpanos,Howard Shrobe

DOI: https://doi.org/10.1109/mdat.2020.3007729

2020-12-01

IEEE Design and Test

Abstract:With increasing complexity, connectivity, and programmability of embedded CPS devices, the potential cyber-attack surface has also been increasing making the study of related cyber-security issues highly relevant and timely. This article provides an efficient verification method for runtime applications with tight performance specifications. By considering classification and the declarative and definitive properties of different types of attacks, it is shown that a runtime security monitor can be generated to assure the security of application execution against known threats given the performance requirements. The methodology is applied in a healthcare application of insulin pump to regulate blood sugar level. —Farshad Khorrami, New York University

engineering, electrical & electronic,computer science, hardware & architecture

Pu Du,Joshiba Ariamuthu Venkidasalapathy,Sunjeev Venkateswaran,Benjamin Wilhite,Costas Kravaris

DOI: https://doi.org/10.1021/acs.iecr.3c01205

2023-08-21

Industrial & Engineering Chemistry Research

Abstract:In safety-critical chemical reactors with potential hazards, reaction kinetics and heat transfer parameters are usually known, and a mathematical model is available. It is then meaningful to base fault detection and isolation algorithms on the first-principles model as opposed to statistics, so that physically meaningful residual signals are generated from material and/or energy balances not closing, leading to reliable fault diagnosis. Additionally, to maintain the safety of the entire system, it is necessary to take appropriate control action based on the mathematical model and the identified faults, to minimize their impact and thus ensure safe operation. In the present work, these ideas will be formulated and illustrated through a continuous stirred-tank reactor case study involving the liquid-phase oxidation of alkylpyridine with hydrogen peroxide. The proposed fault tolerant control strategy monitors the DSM (distance of the system state from the boundary of the dynamic safe set) and the estimate of the fault size, and when they cross a certain limit as a result of an abnormal event, the manipulated input is switched. Simulation results show the effectiveness of the proposed fault tolerant control strategy in dealing with cooling system failure.

engineering, chemical

F. Alrowaie,R. B. Gopaluni,Aditya Tulsyan

DOI: https://doi.org/10.1002/AIC.15860

Abstract:In process and manufacturing industries, alarm systems play a critical role in ensuring safe and efficient operations. The objective of a standard industrial alarm system is to detect undesirable deviations in process variables as soon as they occur. Fault detection and diagnosis (FDD) systems often need to be alerted by an industrial alarm system; however, poorly designed alarms often lead to alarm flooding and other undesirable events. In this paper, we consider the problem of industrial alarm design for processes represented by stochastic nonlinear time-series models. The alarm design for such complex processes faces three important challenges: 1) industrial processes exhibit highly nonlinear behavior; 2) state variables are not precisely known (modeling error); and 3) process signals are not necessarily Gaussian, stationary or uncorrelated. In this paper, a procedure for designing a delay timer alarm configuration is proposed for the process states. The proposed design is based on minimization of the rate of false and missed alarm rates – two common performance measures for alarm systems. To ensure the alarm design is robust to any non-stationary process behavior, an expected-case and a worst-case alarm designs are proposed. Finally, the efficacy of the proposed alarm design is illustrated on a non-stationary chemical reactor problem. This article is protected by copyright. All rights reserved.

Engineering,Chemistry

Xingjun Zhang,Yan Yang,Endong Wang,Ilsun You,Xiaoshe Dong

DOI: https://doi.org/10.1504/ijahuc.2015.071660

2015-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:To achieve the software fault tolerance at runtime, based on runtime verification techniques, this paper proposes a runtime model of running program, which is used to define the actions and constrains for runtime software fault management. This model contains the descriptions of event, path, scope and adjustment. A runtime fault management system prototype, which mainly includes the rule description, event acquisition, fault diagnosis and handling, is implemented to verify the model. Two test cases are used to estimate the effect of the prototype, and the results show that this method can handle faults successfully at runtime.

Stephane Lafortune,Yin Wang

2009-01-01

Abstract:Software reliability is an increasingly pressing concern as the multicore revolution forces parallel programming upon the average programmer. Many existing approaches to software failure are ad hoc, based on best-practice heuristics. Often these approaches impose onerous burdens on developers, entail high runtime performance overheads, or offer no help for unmodified legacy code. We demonstrate that discrete control theory can be applied to software failure avoidance problems. Discrete control theory is a branch of control engineering that addresses the control of systems with discrete state spaces and event-driven dynamics. Typical modeling formalisms used in discrete control theory include automata and Petri nets, which are well suited for modeling software systems. In order to use discrete control theory for software failure avoidance problems, formal models of computer programs must first be constructed. Next, control logic must be synthesized from the model and given behavioral specifications. Finally, the control logic must be embedded into the execution engine or the program itself. At runtime, the provably correct control logic guarantees that the given failure-avoidance specifications are enforced. This thesis employs the above methodology in two different application domains: failure avoidance in information technology automation workflows and deadlock avoidance in multithreaded C programs. In the first application, we model workflows using finite-state automata and synthesize controllers for safety and nonblocking specifications expressed as regular languages using an automata-based discrete control technique, called Supervisory Control. The second application addresses the problem of deadlock avoidance in multithreaded C programs that use lock primitives. We exploit compiler technology to model programs as Petri nets and establish a correspondence between deadlock avoidance in the program and the absence of reachable empty siphons in its Petri net model. The technique of Supervision Based on Place Invariants is then used to synthesize the desired control logic, which is implemented using source-to-source translation. Empirical evidence confirms that the algorithmic techniques of Discrete Control Theory employed scale to programs of practical size in both application domains. Furthermore, comprehensive experiments in the deadlock avoidance problem demonstrate tolerable runtime overhead, no more than 18%, for a benchmark and several real-world C programs.

Stefan Mitsch,André Platzer

DOI: https://doi.org/10.48550/arXiv.1811.06502

2019-02-25

Abstract:Formal verification provides strong safety guarantees but only for models of cyber-physical systems. Hybrid system models describe the required interplay of computation and physical dynamics, which is crucial to guarantee what computations lead to safe physical behavior (e.g., cars should not collide). Control computations that affect physical dynamics must act in advance to avoid possibly unsafe future circumstances. Formal verification then ensures that the controllers correctly identify and provably avoid unsafe future situations under a certain model of physics. But any model of physics necessarily deviates from reality and, moreover, any observation with real sensors and manipulation with real actuators is subject to uncertainty. This makes runtime validation a crucial step to monitor whether the model assumptions hold for the real system implementation. The key question is what property needs to be runtime-monitored and what a satisfied runtime monitor entails about the safety of the system: the observations of a runtime monitor only relate back to the safety of the system if they are themselves accompanied by a proof of correctness! For an unbroken chain of correctness guarantees, we, thus, synthesize runtime monitors in a provably correct way from provably safe hybrid system models. This paper addresses the inevitable challenge of making the synthesized monitoring conditions robust to partial observability of sensor uncertainty and partial controllability due to actuator disturbance. We show that the monitoring conditions result in provable safety guarantees with fallback controllers that react to monitor violation at runtime.

Logic in Computer Science

Xiaoya Jin,Christopher G Baker,Erick Romero,Nicolas P Mauranyapin,Timothy M F Hirsch,Warwick P Bowen,Glen I Harris

DOI: https://doi.org/10.1038/s41598-024-71679-7

2024-09-03

Abstract:Nanomechanical oscillators are an alternative platform for computation in harsh environments. However, external perturbations arising from such environments may hinder information processing by introducing errors into the computing system. Here, we simulate the dynamics of three coupled Duffing oscillators whose multiple equilibrium states can be used for information processing and storage. Our analysis reveals that, within experimentally relevant parameters, error correcting dynamics can emerge, wherein the system's state is robust against random external impulses. We find that oscillators in this configuration have several surprising and attractive features, including dynamic isolation of resonators exposed to extreme impulses and the ability to correct simultaneous errors.

Dan Alistarh,Bartłomiej Dudek,Adrian Kosowski,David Soloveichik,Przemysław Uznański

DOI: https://doi.org/10.48550/arXiv.1706.09937

2019-08-16

Abstract:In contrast to electronic computation, chemical computation is noisy and susceptible to a variety of sources of error, which has prevented the construction of robust complex systems. To be effective, chemical algorithms must be designed with an appropriate error model in mind. Here we consider the model of chemical reaction networks that preserve molecular count (population protocols), and ask whether computation can be made robust to a natural model of unintended "leak" reactions. Our definition of leak is motivated by both the particular spurious behavior seen when implementing chemical reaction networks with DNA strand displacement cascades, as well as the unavoidable side reactions in any implementation due to the basic laws of chemistry. We develop a new "Robust Detection" algorithm for the problem of fast (logarithmic time) single molecule detection, and prove that it is robust to this general model of leaks. Besides potential applications in single molecule detection, the error-correction ideas developed here might enable a new class of robust-by-design chemical algorithms. Our analysis is based on a non-standard hybrid argument, combining ideas from discrete analysis of population protocols with classic Markov chain techniques.

Data Structures and Algorithms,Distributed, Parallel, and Cluster Computing

Chao (Saul) Wang,Zhong-Chuan Fu,Hong-Song Chen,Dong-Sheng Wang

DOI: https://doi.org/10.1155/2014/286084

2014-01-01

Abstract:As semiconductor technology scales into the nanometer regime, intermittent faults have become an increasing threat. This paper focuses on the effects of intermittent faults on NET versus REG on one hand and the implications for dependability strategy on the other. First, the vulnerability characteristics of representative units in OpenSPARC T2 are revealed, and in particular, the highly sensitive modules are identified. Second, an arch-level dependability enhancement strategy is proposed, showing that events such as core/strand running status and core-memory interface events can be candidates of detectable symptoms. A simple watchdog can be deployed to detect application running status (IEXE event). Then SDC (silent data corruption) rate is evaluated demonstrating its potential. Third and last, the effects of traditional protection schemes in the target CMT to intermittent faults are quantitatively studied on behalf of the contribution of each trap type, demonstrating the necessity of taking this factor into account for the strategy.

Ronny Chevalier,Maugan Villatel,David Plaquin,Guillaume Hiet

DOI: https://doi.org/10.1145/3134600.3134622

2018-03-07

Abstract:Highly privileged software, such as firmware, is an attractive target for attackers. Thus, BIOS vendors use cryptographic signatures to ensure firmware integrity at boot time. Nevertheless, such protection does not prevent an attacker from exploiting vulnerabilities at runtime. To detect such attacks, we propose an event-based behavior monitoring approach that relies on an isolated co-processor. We instrument the code executed on the main CPU to send information about its behavior to the monitor. This information helps to resolve the semantic gap issue. Our approach does not depend on a specific model of the behavior nor on a specific target. We apply this approach to detect attacks targeting the System Management Mode (SMM), a highly privileged x86 execution mode executing firmware code at runtime. We model the behavior of SMM using invariants of its control-flow and relevant CPU registers (CR3 and SMBASE). We instrument two open-source firmware implementations: EDK II and coreboot. We evaluate the ability of our approach to detect state-of-the-art attacks and its runtime execution overhead by simulating an x86 system coupled with an ARM Cortex A5 co-processor. The results show that our solution detects intrusions from the state of the art, without any false positives, while remaining acceptable in terms of performance overhead in the context of the SMM (i.e., less than the 150 $\mu$s threshold defined by Intel).

Cryptography and Security

Ramakrishna V. Vishnuvajjala,Satish Subramanian,Wei-Tek Tsai,Lynn Elliott,Ramin Mojdehbakhsh

DOI: https://doi.org/10.1109/cbms.1996.507119

1996-01-01

Abstract:The authors discuss issues in designing run-time mechanisms for enhancing the dependability of safely-critical systems. Such mechanisms are aimed at failure avoidance and failure detection and can complement the other design methods in achieving higher dependability. The authors introduce a safety-constraint centered transformation methodology that is based on a system's safety constraint specification and the development of techniques for analyzing the constraints to derive the run-time checking schemes. The authors also discuss other issues that are important in designing run-time checks, such as the types of safety constraints that can arise, features that specification languages must have to specify such constraints, how such safety constraints can be violated, and run-time support required for the mechanisms.

Xiaopeng Shi,Chuanhou Gao

DOI: https://doi.org/10.48550/arXiv.2209.03033

2022-09-07

Dynamical Systems

Abstract:Embedding efficient command operation into biochemical system has always been a research focus in synthetic biology. One of the key problems is how to sequence the chemical reactions that act as units of computation. The answer is to design chemical oscillator, a component that acts as a clock signal to turn corresponding reaction on or off. Some previous work mentioned the use of chemical oscillations. However, the models used either lack a systematic analysis of the mechanism and properties of oscillation, or are too complex to be tackled with in practice. Our work summarizes the universal process for designing chemical oscillators, including generating robust oscillatory species, constructing clock signals from these species, and setting up termination component to eventually end the loop of whole reaction modules. We analyze the dynamic properties of the proposed oscillator model in the context of ordinary differential equations, and discuss how to determine parameters for the effect we want in detail. Our model corresponds to abstract chemical reactions based on mass-action kinetics which are expected to be implemented into chemistry with the help of DNA strand displacement cascades. Our consideration of ordering chemical reaction modules helps advance the embedding of more complex calculations into biochemical environments.

Xiaopeng Shi,Chuanhou Gao,Denis Dochain

DOI: https://doi.org/10.48550/arXiv.2211.02996

2022-11-06

Abstract:Regulation of multiple reaction modules is quite common in molecular computation and deep learning networks construction through chemical reactions, as is always a headache for that sequential execution of modules goes against the intrinsically parallel nature of chemical reactions. Precisely switching multiple reaction modules both on and off acts as the core role in programming chemical reaction systems. Unlike setting up physical compartments or adding human intervention signals, we adopt the idea of chemical oscillators based on relaxation oscillation, and assign corresponding clock signal components into the modules that need to be regulated. This paper mainly demonstrates the design process of oscillators under the regulation task of three modules, and provides a suitable approach for automatic termination of the modules cycle. We provide the simulation results at the level of ordinary differential equation and ensure that equations can be translated into corresponding chemical reaction networks.

Dynamical Systems

Jackson O'Brien,Arvind Murugan

DOI: https://doi.org/10.48550/arXiv.1810.02883

2018-10-06

Abstract:Living cells communicate information about physiological conditions by producing signaling molecules in a specific timed manner. Different conditions can result in the same total amount of a signaling molecule, differing only in the pattern of the molecular concentration over time. Such temporally coded information can be completely invisible to even state-of-the-art molecular sensors with high chemical specificity that respond only to the total amount of the signaling molecule. Here, we demonstrate design principles for circuits with temporal specificity, that is, molecular circuits that respond to specific temporal patterns in a molecular concentration. We consider pulsatile patterns in a molecular concentration characterized by three fundamental temporal features - time period, duty fraction and number of pulses. We develop circuits that respond to each one of these features while being insensitive to the others. We demonstrate our design principles using abstract Chemical Reaction Networks and with explicit simulations of DNA strand displacement reactions. In this way, our work develops building blocks for temporal pattern recognition through molecular computation.

Molecular Networks,Adaptation and Self-Organizing Systems,Biological Physics