Anytime System Level Verification via Random Exhaustive Hardware in the Loop Simulation

Mancini, Toni; Mari, Federico; Massini, Annalisa; Melatti, Igor; Tronci, Enrico

doi:10.1109/dsd.2014.91

Cited by 24 publications

(48 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The use of continuous-time monitors embedded in the VPH model gives us a flexible way to model both bounded safety and bounded liveness properties (see, e.g., [25,27] for a use of monitors to define safety properties for cyber-physical systems).…”

Section: Modelling Treatment Invariants and Goalsmentioning

confidence: 99%

Computing Personalised Treatments through In Silico Clinical Trials. A Case Study on Downregulation in Assisted Reproduction.

Mancini

Mari

Massini

et al. 2018

EasyChair Preprints

Self Cite

View full text Add to dashboard Cite

Abstract. In-Silico Clinical Trials (ISCT), i.e., clinical experimental campaigns carried out by means of computer simulations, hold the promise to decrease time and cost for the safety and efficacy assessment of pharmacological treatments, reduce the need for animal and human testing, and enable precision medicine. In this paper we present a case study aiming at quantifying, by means of a multi-arm ISCT supervised by intelligent search, the potential impact of precision medicine approaches on a real pharmacological treatment, namely the downregulation phase of a complex clinical protocol for assisted reproduction.

show abstract

Section: Modelling Treatment Invariants and Goalsmentioning

confidence: 99%

Computing Personalised Treatments through In Silico Clinical Trials. A Case Study on Downregulation in Assisted Reproduction.

Mancini

Mari

Massini

et al. 2018

EasyChair Preprints

Self Cite

View full text Add to dashboard Cite

show abstract

“…In [2], [3], [4] a methodology has been presented which allows exhaustive HILS. Such methodology works as follows.…”

Section: A Motivationsmentioning

confidence: 99%

“…Also, sequences of inputs to the SUV are of bounded length, thus the problem addressed is bounded SLFV. Accordingly, in [2], [3], [4], a simulation scenario is a finite sequence of disturbances. A system is expected to withstand all disturbance sequences that may arise in its operational environment.…”

Section: A Motivationsmentioning

confidence: 99%

SyLVaaS: System Level Formal Verification as a Service

Mancini

Mari

Massini

et al. 2015

2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing

Self Cite

View full text Add to dashboard Cite

The goal of System Level Formal Verification is to\ud show system correctness notwithstanding uncontrollable events\ud (disturbances), as for example faults, variation in system parameters,\ud external inputs, etc. This may be achieved with an exhaustive\ud Hardware In the Loop Simulation based approach, by considering\ud all relevant scenarios in the System Under Verification (SUV)\ud operational environment.\ud In this paper, we present SyLVaaS, a Web-based tool enabling\ud Verification as a Service (VaaS). SyLVaaS implements an assumeguarantee\ud approach to the verification problem outlined above.\ud SyLVaaS takes as input a high-level model defining the SUV\ud operational environment and computes, using parallel algorithms\ud deployed in a cluster infrastructure, a set of highly optimised\ud simulation campaigns, which can be executed in an embarrassingly\ud parallel fashion on a set of Simulink instances, using a platform\ud independent Simulink driver downloadable from the SyLVaaS\ud Web site.\ud As the actual simulation is carried out at the user premises\ud (e.g., in a private cluster), SyLVaaS allows full Intellectual\ud Property protection on the SUV model and the user verification\ud flow.\ud The simulation campaigns computed by SyLVaaS randomise\ud the verification order of operational scenarios and this enables,\ud at anytime during the parallel simulation activity, the estimation\ud of the completion time and the computation of an upper bound\ud to the Omission Probability, i.e., the probability that there is\ud a yet-to-be-simulated operational scenario which violates the\ud property under verification. This information supports graceful\ud degradation in the verification activity.\ud We show effectiveness of the SyLVaaS algorithms and infrastructure\ud by evaluating the system on industry-scale input related\ud to the verification of the Fuel Control System (FCS) model in the\ud Simulink distribution

show abstract

“…Also, even systems that have been fully verified at design time may be subject to external faults such as those introduced by unexpected hardware failures or human inputs. One way to address this issue is to model nondeterministic behaviours (such as faults) as disturbances, and to verify the system with respect to this disturbance model [29]. However, it may be impossible to model all potential unexpected behavior at design time.…”

Section: Introductionmentioning

confidence: 99%

Shield synthesis

Könighofer

Alshiekh

Bloem

et al. 2017

Form Methods Syst Des

View full text Add to dashboard Cite

Shield synthesis is an approach to enforce safety properties at runtime. A shield monitors the system and corrects any erroneous output values instantaneously. The shield deviates from the given outputs as little as it can and recovers to hand back control to the system as soon as possible. In the first part of this paper, we consider shield synthesis for reactive hardware systems. First, we define a general framework for solving the shield synthesis problem. Second, we discuss two concrete shield synthesis methods that automatically construct shields from a set of safety properties: (1) k-stabilizing shields, which guarantee Supported by the Austrian Science Fund (FWF) through the projects RiSE (S11406-N23) and LogiCS (W1255-N23), the European Commission through the project IMMORTAL (644905) recovery in a finite time. (2) Admissible shields, which attempt to work with the system to recover as soon as possible. Next, we discuss an extension of k-stabilizing and admissible shields, where erroneous output values of the reactive system are corrected while liveness properties of the system are preserved. Finally, we give experimental results for both synthesis methods. In the second part of the paper, we consider shielding a human operator instead of shielding a reactive system: the outputs to be corrected are not initiated by a system but by a human operator who works with an autonomous system. The challenge here lies in giving simple and intuitive explanations to the human for any interferences of the shield. We present results involving mission planning for unmanned aerial vehicles.

show abstract

Anytime System Level Verification via Random Exhaustive Hardware in the Loop Simulation

Cited by 24 publications

References 24 publications

Computing Personalised Treatments through In Silico Clinical Trials. A Case Study on Downregulation in Assisted Reproduction.

Computing Personalised Treatments through In Silico Clinical Trials. A Case Study on Downregulation in Assisted Reproduction.

SyLVaaS: System Level Formal Verification as a Service

Shield synthesis

Contact Info

Product

Resources

About