Northeast Blackout of 2003

Transcription

1 Aug 13, 2003

2 Aug 14, 2003

3 Northeast Blackout of Millionen Menschen 60 Milliarden US$ because of a computer software bug in General Electric Energy's Unix-based XA/21 energy management system that prevented alarms from showing on their control system. This alarm system stalled because of a race condition bug. Ontario Aug 14, 2003

4

5

6

7 Software: Mehrwert oder Risiko? Technologien gegen Programmfehler Helmut Veith FORSYTE Group Faculty of Informatics, Vienna University of Technology Automatische Fehlersuche Software Model Checking Fehlervermeidung Rigorous Systems Engineering

8 Software: Mehrwert oder Risiko? Technologien gegen Programmfehler Helmut Veith FORSYTE Group Faculty of Informatics, Vienna University of Technology Automatische Fehlersuche Software Model Checking Fehlervermeidung Rigorous Systems Engineering

9 Limitations it ti of Human Reasoning Software design is teamwork over decades Driven by business imperatives First point of failure: Requirement Engineering Writing the wrong program

10 Limitations it ti of Human Reasoning Software design is teamwork over decades Driven by business imperatives First point of failure: Requirement Engineering Writing the wrong program Second point of failure: Software Errors Writing the program wrongly Reason: Mathematical Complexity

11 Limitations it ti of Human Reasoning Program Sizes Water Pump Pace Maker BMW 745i Boeing MS Vista / Linux Essentially long mathematical formulas Information content approaching human DNA Errors per Lines 250 Errors (typical software) 20 Errors (good software) 1 Error (Space Shuttle)

12 Managing Complexity Structured Thinking software engineering, programming languages Fault Tolerance Redundant Hardware Testing Empirical evidence Manpower Aviation: 40 program lines per week Mathematical Proof of Correctness Computer-generated Mathematical Proof of Correctness

13 Programs Analyzing Programs Self-Reference Psychology Philosophy Logic Computer Science Biology

14 Limitations of Machine Reasoning Alan Turing 1936 Program analysis by programs not possible.

15 Programs Analyzing Programs Approximate program analysis (reduction to finite state systems) E. Clarke, A. Emerson, J. Sifakis 1981 Turing Award 2007 Allen Emerson Edmund Clarke Joseph Sifakis

16 Software Model Checking C Code Static Analysis Spec Abstract Model Model Checker SMT SAT Abstract Counterexample Yes / No spurious Counterexample Analysis good Counterexample 2000s: development of industrial strength C model checkers rivals theorem proving for many verification tasks (Rushby) Microsoft product for Windows device driver verification

17 Programs Analyzing Programs software verification, this has been the Holy Grail of computer science for many decades but now in some very key areas, for example, driver verification, we re building tools that do actual proofs about the software and how it works in order to guarantee the reliability. (2002)

18 Software: Mehrwert oder Risiko? Technologien gegen Programmfehler Helmut Veith FORSYTE Group Faculty of Informatics, Vienna University of Technology Automatische Fehlersuche Software Model Checking Fehlervermeidung Rigorous Systems Engineering

19 Weight? Repair logistics? Component Reuse? Intellectual Property? Product Lines? Mechanical engineering process? ECU distribution? Deployment strategy? Certification? Variant tmanagement t? Power consumption? Physical Environment? Execution Time? Obsoliscence? Memory use? Dependability? HW or SW? FPGA or ASIC? Multicore? Safety? Cost per car?

20 Software Systems Engineering Mass Market 70 ECUs Inside Multidisciplinary Effort Mechanical Engineering i Electrical Engineering Computer Science Added value in automobile manufacturing Software Electronics Mechanics

21 System Design Challenge Constraints Software: algorithms, protocols, architectures, compilers, Hardware: speed, memory, power, failure rates, weight, size Environment: performance, robustness, integration / solution / compilation SYSTEM BLUEPRINT

22 System Design Challenge Constraints Software: algorithms, protocols, architectures, compilers, Hardware: speed, memory, power, failure rates, weight, size Environment: performance, robustness, Cost: development, HW, safety, certification, warranty, testing, Time: time to market, product lines, variants, component reuse integration / solution / compilation SYSTEM BLUEPRINT

23 Constraints System Design Challenge integration / solution / compilation SYSTEM BLUEPRINT

24 System Design Challenge Constraints heterogeneous global / horizontal analytical l + discrete transcend design layers multiple optimization criteria Guru Principle knows trade-offs holds global view maintains IP integration / solution / compilation SYSTEM BLUEPRINT

25 System Design Challenge Constraints heterogeneous global / horizontal analytical l + discrete transcend design layers multiple optimization criteria Multiple models & disciplines Transition between models Model validation i and integrationi Multiple orthogonal views Guru Exceeding Principle complexity integration / solution / compilation SYSTEM BLUEPRINT

26 System Design Challenge Constraints heterogeneous Multiple models & disciplines global / horizontal Transition between models analytical l + discrete Model validation i and integrationi transcend design layers Multiple orthogonal views Guru Principle multiple optimization criteria Exceeding complexity Formal methods needed integration / solution / compilation SYSTEM BLUEPRINT

27 Industrial Projects Automotive ti Industry Automotive Systems Engineering ( , 6 PhD TUM) Avionic Industry Avionic Software Engineering ( , 1 PhD student) Microsoft Research Evaluation of Resource Bounds ( , 1 PhD student)

28 Case Study Automotive Industry Added value in automobile manufacturing Mechanical engineering culture Software recognized as strategic t IP manufacturing No software engineering process Software Electronics Jungle of models and ontologies Mechanics Excessive warranty costs necessitate change Project Goals Domain exploration and assessment Seamless modeling framework Prototype automotive tool chain Accompanying software engineering process Technology proof of concept

29 Industrial Projects Automotive ti Industry Automotive Systems Engineering ( , 6 PhD TUM) Avionic Industry Avionic Software Engineering ( , 1 PhD student) Microsoft Research Evaluation of Resource Bounds ( , 1 PhD student) H. Veith 6/2010

30 Avionic Software Deployment decisions trial and error Project Goals predictability and efficiency simplified automated deployment resource aware composition reusability of function units (IMA - AADL) execution time estimation

31 Avionic Software Analysis Hardware analysis Hardware profile ( HW Data Sheet ) HW-parameters for execution time Analysis and modeling of the hardware and software Software analysis Symbolic execution time estimation (SW -> HW) Software profile ( SW Data Sheet ) SW-parameters for execution time

32 Avionic Software Analysis Hardware profile Software profile Model representation Analysis/Validation Refinement Furness SYSTEM BLUEPRINT

33 Avionic Software Analysis Hardware profile Software profile Model representation Analysis/Validation Refinement Furness SYSTEM BLUEPRINT

34 Industrial Projects Automotive ti Industry Automotive Systems Engineering ( , 6 PhD TUM) Avionic Industry Avionic Software Engineering ( , 1 PhD student) Microsoft Research Evaluation of Resource Bounds ( , 1 PhD student)

35 The Reachability-Bound Problem Given a control location X inside id a procedure P. i := 0; How often can X be visited inside P? Goal: A symbolic bound Bound(X) in terms of the inputs of P. Inputs: int n, C[] temp while (i < n) { j := i+1; while (j < n) { if (*) { X : temp[n] := new C(); j++; } i++; } j--; n--; } CPU time, memory, network bandwidth, power

36 Software: Mehrwert oder Risiko? Technologien gegen Programmfehler Helmut Veith FORSYTE Group Faculty of Informatics, Vienna University of Technology Automatische Fehlersuche Software Model Checking Fehlervermeidung Rigorous Systems Engineering

37 Rigorous Systems Engineering Interdisziplinäre Agenda Embedded Systems Computer-Aided Verification Fehlersuche a posteriori Logic Computer Aided Verification Rigorous Systems Engineering Mathematisches Design und Verifikation als Teil des Entwicklungsprozesses

38 Tu felix Austria

39 ARiSE Konsortium Tom Henzinger Krish Chatterjee Helmut Veith Ulrich Schmid Uwe Egly Laura Kovacs Roderick Bloem CAV CAV CAV Embedded Logik Logik CAV Armin Biere Christoph Kirsch CAV Embedded

40 Vorgeschichte Berkeley Professor Henzinger Adjunct Professor Henzinger PhD Chatterjee Postdoc Kirsch Stanford PhD Henzinger UC Santa Cruz Postdoc Chatterjee Colorado PhD Bloem Cornell Professor Henzinger Visiting Student Veith Carnegie Mellon Postdoc Biere Postdoc Veith Adjunct Professor Veith Delaware Master Henzinger

41 ARiSE Verein Wissenschaftliche h Gesellschaft Koordination & Zusammenarbeit Sichtbarkeit Nachwuchsförderung H. Veith, President R. Bloem, Chairman

42 Danke für Ihre Aufmerksamkeit! 42