olivier bouissou | Commissariat à l'Energie Atomique (CEA) (original) (raw)
Uploads
Papers by olivier bouissou
In this article, we study the interactions between a control-command program and its physical env... more In this article, we study the interactions between a control-command program and its physical environment via sensors and actuators. We are interested in finding invariants on the continuous trajectories of the physical values that the program is supposed to control. The invariants we are looking for are periodic sequences of intervals that are abstractions of the values read by the program. To compute them, we first build octrees that abstract the impact of the program on its environment. Then, we compute a period of the abstract periodic sequence and we finally define the values of this sequence as the fixpoint of a monotone map. We present a prototype analyzer that computes such invariants for C programs using a simple specification language for describing the continuous environment. It shows good results on classical benchmarks for hybrid systems verification.
The validation of embedded programs requires that we compute all their possible executions. Howev... more The validation of embedded programs requires that we compute all their possible executions. However, such programs usually interact with their environment in two ways: their inputs come from the discretization of a continuous function via sensors and their outputs modify the dynamics of these functions via actuators. Thus, their executions strongly depend on the physical environment in which they are run. Therefore, good results can only be obtained if one considers the program as the discrete part of a more general system, in which the continuous dynamics is taken into account. This poster presents our work on the analysis of such hybrid systems. We chose to split our analysis into two parts: an analysis of the continuous system via validated integration and an analysis of the discrete system via abstract interpretation techniques. This approach may be used for industrial systems as it does not require big changes of the existing codes.
In this article we present a new approach for the computation of guaranteed solutions of ODEs, ba... more In this article we present a new approach for the computation of guaranteed solutions of ODEs, based on a classical Runge-Kutta method with a precise error approximation.
We define an abstraction of the continuous variables that serve as inputs to embedded software. I... more We define an abstraction of the continuous variables that serve as inputs to embedded software. In existing static analyzers, these variables are most often abstracted by a constant interval, and this approach has shown its limits. We propose a different method that analyzes in a more precise way the continuous environment. This environment is first expressed as the semantics of a special continuous program, and we define a safe abstract semantics. We introduce the abstract domain of interval valued step functions and show that it safely over-approximates the set of continuous functions. The theory of guaranteed integration is then used to effectively compute an abstract semantics and we prove that this abstract semantics is safe.
In this article, we present a model and a denotational semantics for hybrid systems. Our model is... more In this article, we present a model and a denotational semantics for hybrid systems. Our model is designed to be used for the verification of large, existing embedded applications. The discrete part is modeled by a program written in an extension of an imperative language and the continuous part is modeled by differential equations. We give a denotational semantics to the continuous system inspired by what is usually done for the semantics of computer programs and then we show how it merges into the semantics of the whole system. The semantics of the continuous system is computed as the fix-point of a modified Picard operator which increases the information content at each step.
In this article, we describe a new library for computing guaranteed bounds of the solutions of In... more In this article, we describe a new library for computing guaranteed bounds of the solutions of Initial Value Problems (IVP). Given an initial value problem and an end point, our library computes a sequence of approximation points together with a sequence of approximation errors such that the distance to the true solution of the IVP is below these error terms at each approximation point. These sequences are computed using a classical Runge-Kutta method for which truncation and roundoff errors may be over-approximated. We also compute the propagation of local errors to obtain an enclosure of the global error at each computation step. These techniques are implemented in a C++ library which provides an easy-to-use framework for the rigorous approximation of IVP. This library implements an error control technique based on step size reduction in order to reach a certain tolerance on local errors.
We present a method for generating linear invariants for large systems. The method performs forwa... more We present a method for generating linear invariants for large systems. The method performs forward propagation in an abstract domain consisting of arbitrary polyhedra of a predefined fixed shape. The basic operations on the domain like abstraction, intersection, join and inclusion tests are all posed as linear optimization queries, which can be solved efficiently by existing LP solvers. The number and dimensionality of the LP queries are polynomial in the program dimensionality, size and the number of target invariants. The method generalizes similar analyses in the interval, octagon, and octahedra domains, without resorting to polyhedral manipulations. We demonstrate the performance of our method on some benchmark programs.
Electronic Notes in Theoretical Computer Science, 2010
Static analysis by abstract interpretation aims at automatically proving properties of computer p... more Static analysis by abstract interpretation aims at automatically proving properties of computer programs. To do this, an over-approximation of program semantics, defined as the least fixpoint of a system of semantic equations, must be computed. To enforce the convergence of this computation, widening operator is used but it may lead to coarse results. We propose a new method to accelerate the computation of this fixpoint by using standard techniques of numerical analysis. Our goal is to automatically and dynamically adapt the widening operator in order to maintain precision.
The industrial tool Matlab/Simulink is widely used in the design of embedded systems. The main fe... more The industrial tool Matlab/Simulink is widely used in the design of embedded systems. The main feature of this tool is its ability to model in a common formalism the software and its physical environment. This makes it very useful for validating the design of embedded software using numerical simulation. However, the formal verification of such models is still problematic as Simulink is a programming language for which no formal semantics exists. In this article, we present an operational semantics of a representative subset of Simulink which includes both continuous-time and discrete-time blocks. We believe that this work gives a better understanding of Simulink and it defines the foundations of a general framework to apply formal methods on Simulink's high level descriptions of embedded systems.
A new static analyzer is described, based on the analyzer Fluctuat. Its goal is to synthetize inv... more A new static analyzer is described, based on the analyzer Fluctuat. Its goal is to synthetize invariants for hybrid systems, encompassing a continuous environment described by a system of possibly switched ODEs, and an ANSI C program, in interaction with it. The evolution of the continuous environment is over-approximated using a guaranteed integrator that we developped, and special assertions are added to the program that simulate the action of sensors and actuators, making the continuous environment and the program communicate. We demonstrate our approach on an industrial case study 3 , a part of the flight control software of ASTRIUM's Automated Transfer Vehicle (ATV).
The industrial tool Matlab/Simulink is widely used in the design of embedded systems. The main fe... more The industrial tool Matlab/Simulink is widely used in the design of embedded systems. The main feature of this tool is its ability to model in a common formalism the software and its physical environment. This makes it very useful for validating the design of embedded software using numerical simulation. However, the formal verification of such models is still problematic as Simulink is a programming language for which no formal semantics exists. In this article, we present an operational semantics of a representative subset of Simulink which includes both continuous-time and discrete-time blocks. We believe that this work gives a better understanding of Simulink and it defines the foundations of a general framework to apply formal methods on Simulink's high level descriptions of embedded systems.
In this article, we study the interactions between a control-command program and its physical env... more In this article, we study the interactions between a control-command program and its physical environment via sensors and actuators. We are interested in finding invariants on the continuous trajectories of the physical values that the program is supposed to control. The invariants we are looking for are periodic sequences of intervals that are abstractions of the values read by the program. To compute them, we first build octrees that abstract the impact of the program on its environment. Then, we compute a period of the abstract periodic sequence and we finally define the values of this sequence as the fixpoint of a monotone map. We present a prototype analyzer that computes such invariants for C programs using a simple specification language for describing the continuous environment. It shows good results on classical benchmarks for hybrid systems verification.
The validation of embedded programs requires that we compute all their possible executions. Howev... more The validation of embedded programs requires that we compute all their possible executions. However, such programs usually interact with their environment in two ways: their inputs come from the discretization of a continuous function via sensors and their outputs modify the dynamics of these functions via actuators. Thus, their executions strongly depend on the physical environment in which they are run. Therefore, good results can only be obtained if one considers the program as the discrete part of a more general system, in which the continuous dynamics is taken into account. This poster presents our work on the analysis of such hybrid systems. We chose to split our analysis into two parts: an analysis of the continuous system via validated integration and an analysis of the discrete system via abstract interpretation techniques. This approach may be used for industrial systems as it does not require big changes of the existing codes.
In this article we present a new approach for the computation of guaranteed solutions of ODEs, ba... more In this article we present a new approach for the computation of guaranteed solutions of ODEs, based on a classical Runge-Kutta method with a precise error approximation.
We define an abstraction of the continuous variables that serve as inputs to embedded software. I... more We define an abstraction of the continuous variables that serve as inputs to embedded software. In existing static analyzers, these variables are most often abstracted by a constant interval, and this approach has shown its limits. We propose a different method that analyzes in a more precise way the continuous environment. This environment is first expressed as the semantics of a special continuous program, and we define a safe abstract semantics. We introduce the abstract domain of interval valued step functions and show that it safely over-approximates the set of continuous functions. The theory of guaranteed integration is then used to effectively compute an abstract semantics and we prove that this abstract semantics is safe.
In this article, we present a model and a denotational semantics for hybrid systems. Our model is... more In this article, we present a model and a denotational semantics for hybrid systems. Our model is designed to be used for the verification of large, existing embedded applications. The discrete part is modeled by a program written in an extension of an imperative language and the continuous part is modeled by differential equations. We give a denotational semantics to the continuous system inspired by what is usually done for the semantics of computer programs and then we show how it merges into the semantics of the whole system. The semantics of the continuous system is computed as the fix-point of a modified Picard operator which increases the information content at each step.
In this article, we describe a new library for computing guaranteed bounds of the solutions of In... more In this article, we describe a new library for computing guaranteed bounds of the solutions of Initial Value Problems (IVP). Given an initial value problem and an end point, our library computes a sequence of approximation points together with a sequence of approximation errors such that the distance to the true solution of the IVP is below these error terms at each approximation point. These sequences are computed using a classical Runge-Kutta method for which truncation and roundoff errors may be over-approximated. We also compute the propagation of local errors to obtain an enclosure of the global error at each computation step. These techniques are implemented in a C++ library which provides an easy-to-use framework for the rigorous approximation of IVP. This library implements an error control technique based on step size reduction in order to reach a certain tolerance on local errors.
We present a method for generating linear invariants for large systems. The method performs forwa... more We present a method for generating linear invariants for large systems. The method performs forward propagation in an abstract domain consisting of arbitrary polyhedra of a predefined fixed shape. The basic operations on the domain like abstraction, intersection, join and inclusion tests are all posed as linear optimization queries, which can be solved efficiently by existing LP solvers. The number and dimensionality of the LP queries are polynomial in the program dimensionality, size and the number of target invariants. The method generalizes similar analyses in the interval, octagon, and octahedra domains, without resorting to polyhedral manipulations. We demonstrate the performance of our method on some benchmark programs.
Electronic Notes in Theoretical Computer Science, 2010
Static analysis by abstract interpretation aims at automatically proving properties of computer p... more Static analysis by abstract interpretation aims at automatically proving properties of computer programs. To do this, an over-approximation of program semantics, defined as the least fixpoint of a system of semantic equations, must be computed. To enforce the convergence of this computation, widening operator is used but it may lead to coarse results. We propose a new method to accelerate the computation of this fixpoint by using standard techniques of numerical analysis. Our goal is to automatically and dynamically adapt the widening operator in order to maintain precision.
The industrial tool Matlab/Simulink is widely used in the design of embedded systems. The main fe... more The industrial tool Matlab/Simulink is widely used in the design of embedded systems. The main feature of this tool is its ability to model in a common formalism the software and its physical environment. This makes it very useful for validating the design of embedded software using numerical simulation. However, the formal verification of such models is still problematic as Simulink is a programming language for which no formal semantics exists. In this article, we present an operational semantics of a representative subset of Simulink which includes both continuous-time and discrete-time blocks. We believe that this work gives a better understanding of Simulink and it defines the foundations of a general framework to apply formal methods on Simulink's high level descriptions of embedded systems.
A new static analyzer is described, based on the analyzer Fluctuat. Its goal is to synthetize inv... more A new static analyzer is described, based on the analyzer Fluctuat. Its goal is to synthetize invariants for hybrid systems, encompassing a continuous environment described by a system of possibly switched ODEs, and an ANSI C program, in interaction with it. The evolution of the continuous environment is over-approximated using a guaranteed integrator that we developped, and special assertions are added to the program that simulate the action of sensors and actuators, making the continuous environment and the program communicate. We demonstrate our approach on an industrial case study 3 , a part of the flight control software of ASTRIUM's Automated Transfer Vehicle (ATV).
The industrial tool Matlab/Simulink is widely used in the design of embedded systems. The main fe... more The industrial tool Matlab/Simulink is widely used in the design of embedded systems. The main feature of this tool is its ability to model in a common formalism the software and its physical environment. This makes it very useful for validating the design of embedded software using numerical simulation. However, the formal verification of such models is still problematic as Simulink is a programming language for which no formal semantics exists. In this article, we present an operational semantics of a representative subset of Simulink which includes both continuous-time and discrete-time blocks. We believe that this work gives a better understanding of Simulink and it defines the foundations of a general framework to apply formal methods on Simulink's high level descriptions of embedded systems.