TOWARDS FORMAL VERIFICATION IN AUTOMOTIVE APPLIED TO THE AUTONOMOUS - - PowerPoint PPT Presentation

towards formal verification in automotive
SMART_READER_LITE
LIVE PREVIEW

TOWARDS FORMAL VERIFICATION IN AUTOMOTIVE APPLIED TO THE AUTONOMOUS - - PowerPoint PPT Presentation

Dec 23, 2023 318 likes •679 views

TOWARDS FORMAL VERIFICATION IN AUTOMOTIVE APPLIED TO THE AUTONOMOUS DRIVING SUPERVISION FUNCTION ERTS 2020 - 30 JANUARY Authors : YASMINE ASSIOUA, RENAULT SOFTWARE LABS & TELECOM PARIS RABEA AMEUR-BOULIFA, TELECOM PARIS PATRICIA

slide-1
SLIDE 1

Renault Confidential C

TOWARDS FORMAL VERIFICATION IN AUTOMOTIVE

APPLIED TO THE AUTONOMOUS DRIVING SUPERVISION FUNCTION

Authors :

  • YASMINE ASSIOUA, RENAULT SOFTWARE LABS & TELECOM PARIS
  • RABEA AMEUR-BOULIFA, TELECOM PARIS
  • PATRICIA GUITTON-OUHAMOU, RENAULT SOFTWARE LABS

ERTS 2020 - 30 JANUARY

slide-2
SLIDE 2

Renault Confidential C

TOWARDS FORMAL VERIFICATION IN AUTOMOTIVE

AGENDA

01 02 03 04

CONTEXT

INTRODUCTION

APPROACH

THE USE OF FORMAL SPECIFICATION AND FORMAL VERIFICATION TO PROVE THE RELIABILITY OF THE STUDIED SYSTEMS

MODEL’S CONSTRUCTION

THE DIFFERENT STEPS TO TRANSFORM INFORMAL REQUIREMENT INTO A FORMAL MODEL (STATE MACHINE) FOR FORMAL VERIFICATION APPLIED TO AD (AUTONOLOUS DRIVING) SUPERVISION

VERIFICATION

THE USE OF A MODEL CHECKER (UPPAAL) TO VERIFY IF THE GENERATED MODEL USING PROPERTIES AND SIMULATION

05

CONCLUSION

ACHIEVEMENTS & PERSPECTIVES

ERTS 2020

slide-3
SLIDE 3

Renault Confidential C

01

CONTEXT

ERTS 2020

Introduction

slide-4
SLIDE 4

Renault Confidential C 4

CONTEXT

INTRODUCTION

ERTS 2020

  • Rapid development of autonomous vehicles
  • Complex system evolving in an unpredictable environment
  • Comply to strict standards and norms (AUTOSAR, ISO26262)
slide-5
SLIDE 5

Renault Confidential C 5

BUG CONSEQUENCES

CONTEXT

Critical System = deal with scenarios that may lead to loss of life, serious personal injury, or damage to the natural environment

ERTS 2020

  • A failure can cause severe accidents
  • High cost (Brand, Recall, Bug’s correction,…)
  • Essential to ensure the quality of the requirements
slide-6
SLIDE 6

Renault Confidential C 6

CONTEXT

REDUCE BUGS

ERTS 2020

  • Early Validation
  • Rigorous Model-Based

approach

  • Using formal methods
  • Goal:
  • Improve SW quality
  • Reduce time to market
  • Reduce costs

The V-Model: Systems development lifecycle

Source : Software engineering environments: concepts and technology Robert N. Charette

slide-7
SLIDE 7

Renault Confidential C

02

APPROACH

ERTS 2020

The use of formal specification and formal verification to prove the reliability of the studied systems

slide-8
SLIDE 8

Renault Confidential C 8

APPROACH

THE APPROACH

ERTS 2020

NATURAL LANGUAGE SEMI FORMAL LANGUAGE FORMAL MODEL

  • Document analysis
  • Identify the different

concepts (states, conditions, key words,…)

  • Syntax
  • Semantic
  • Patterns
  • Automata
  • Model checking
  • Properties verification
slide-9
SLIDE 9

Renault Confidential C 9

APPROACH

OUR FRAMEWORK

ERTS 2020

Grammar & semantic

slide-10
SLIDE 10

Renault Confidential C

03

MODEL CONSTRUCTION

ERTS 2020

The different steps to transform informal requirement into a formal model (state machine) for formal verification applid to AD (Autonomous driving supervision)

slide-11
SLIDE 11

Renault Confidential C 11 ERTS 2020

THE AUTONOMOUS DRIVING (AD) FUNCTION SPECIFIES A SELF DRIVING CAR

Control function specifies the Autonomous driving function behavior Surpervision function gives or takes back the control from AD_Control

CASE STUDY

MODEL CONSTRUCTION

slide-12
SLIDE 12

Renault Confidential C 12

MODEL CONSTRUCTION

STEPS

ERTS 2020

Requirement Analysis Requirement Selection Guard Elaboration Model construction Completion Plausibility check Guard Regroupement DIFFICULTIES

The model construction follows different steps: Some steps are recursive

slide-13
SLIDE 13

Renault Confidential C 13

MODEL CONSTRUCTION

REQUIREMENTS ANALYSIS

“The lateral jerk requested by the AD-function shall be limited to a threshold” (FR1)

ERTS 2020

“AD-function shall be available on verified road sections” (FR3) “AD-function shall be available at dawn and dusk” (FR2) “IF AD-function is not available and vehicle is in Germany or in France, then AD-function shall be available” (FR4)

Function’s name State’s name Condition Key words

slide-14
SLIDE 14

Renault Confidential C 14

MODEL CONSTRUCTION

REQUIREMENT SELECTION

“The lateral jerk requested by the AD-function shall be limited to a threshold” (FR1)

ERTS 2020

“AD-function shall be available on verified road sections” (FR3) “AD-function shall be available at dawn and dusk” (FR2) “IF AD-function is not available and vehicle is in Germany or in France, then AD-function shall be available” (FR4)

Function’s name State’s name Condition Key words

slide-15
SLIDE 15

Renault Confidential C 15

MODEL CONSTRUCTION

MODEL CONSTRUCTION

<Function> SHALL BE < State> <Condition>

<Initial State>

<Function>

<Final State>

<Condition>

ERTS 2020

IF <Function> is in <Initial State> AND

<Condition>

THEN

<Function> SHALL BE <Final State> <Function>

<State>

<Condition>

slide-16
SLIDE 16

Renault Confidential C 16

MODEL CONSTRUCTION

GUARDS ELABORATION

ERTS 2020

“AD-function shall be available at dawn and dusk” (FR3)

AT DAWN AND DUSK

VALUES CREATION VARIABLE CREATION

  • Dawn
  • Dusk
  • …(?)

DAY_TIME

DAY-TIME= dawn OR DAY-TIME= dusk

slide-17
SLIDE 17

Renault Confidential C 17

MODEL CONSTRUCTION

COMPLETION

ERTS 2020

AD-function shall be available IF DAY-TIME = dawn OR DAY-TIME = dusk

Possible states: OFF, NOT_AVAILABLE, AVAILABLE, ACTIVABLE, ACTIVE

slide-18
SLIDE 18

Renault Confidential C 18

MODEL CONSTRUCTION

PLAUSIBILTY CHECK

ERTS 2020

CORRECTION Using the Plausibilty Table

slide-19
SLIDE 19

Renault Confidential C 19

MODEL CONSTRUCTION

GUARDS REGROUPEMENT

ERTS 2020

“AD-function shall be available IF DAY-TIME = dawn OR DAY-TIME=dusk” “AD-function shall be available IF ROAD-SECTION=ok”

<AVAILABLE

G1 G2

<AVAILABLE

G1 G2

AND OR

G1 G2

slide-20
SLIDE 20

Renault Confidential C 20

MODEL CONSTRUCTION

FORMAL MODEL

ERTS 2020

slide-21
SLIDE 21

Renault Confidential C

04

VERIFICATION

ERTS 2020

The use of a model checker (UPPAAL) to verify the generated model using properties and simulation

slide-22
SLIDE 22

Renault Confidential C 22

VERIFICATION

  • Use automatic model checker UPPAAL http://www.uppaal.org/

ERTS 2020

DEADLOCK PROPERTY REACHABILITY PROPERTIES

FORMAL VERIFICATION

slide-23
SLIDE 23

Renault Confidential C 23

VERIFICATION

SIMULATION & FUNCTIONAL DIAGRAM

ERTS 2020

  • Dynamic behavior
  • Visualise the function’s evolution
slide-24
SLIDE 24

Renault Confidential C

06

CONCLUSION

ERTS 2020

Achievements & perspectives

slide-25
SLIDE 25

Renault Confidential C 25

CONCLUSION

ACHIVEMENTS & PERSPECTIVES

  • Framework
  • Proof of concept on:
  • APA ( Automatic Park Assist )

https://hal.telecom-paristech.fr/hal-02269614

  • AD (Autonomous Driving supervion’s

function)

ERTS 2020

  • Extend the set of analysed

requirements

  • Time
  • Non functional properties
  • Validate the whole framework
slide-26
SLIDE 26

Renault Confidential C

slide-27
SLIDE 27

Renault Confidential C 27

MODEL CONSTRUCTION

COMPLETION

ERTS 2020

AD-function shall be available IF DAY-TIME = dawn OR DAY-TIME = dusk IF AD-function is in …. AND DAY-TIME = dawn OR DAY-TIME = dusk THEN AD-function shall be available

Possible states: OFF, NOT_AVAILABLE, AVAILABLE, ACTIVABLE, ACTIVE

ASSOCIATED STATE MACHINE

slide-28
SLIDE 28

Renault Confidential C 28

MODEL’S CONSTRUCTION

PLAUSIBILTY CHECK

ERTS 2020

slide-29
SLIDE 29

Renault Confidential C 29

MODEL’S CONSTRUCTION

GUARDS REGROUPEMENT

ERTS 2020

“AD-function shall be available IF DAY-TIME = dawn OR DAY-TIME=dusk” “AD-function shall be available IF ROAD-SECTION=ok”

GuardInAvailable= (DAY-TIME=dawn OR DAY-TIME=dusk) OR // AND ( ROAD-SECTION=ok)

SAFETY

slide-30
SLIDE 30

Renault Confidential C 30

CONCLUSION

  • Approach
  • Proof of concept
  • Finalise step 2 : how it impact on the model
  • Focus on the patterns

ERTS 2020

slide-31
SLIDE 31

Renault Confidential C 31

OBJECTIVE

  • Help engineers in the validation phase
  • Improve the product’s quality
  • Gain confidence on products
  • Reduce bugs and their cost
  • Minimize time to market

APPROACH

Suggest a methodology for early validation on requirements

ERTS 2020

slide-32
SLIDE 32

Renault Confidential C 32

CONTEXT

AUTOMOBILE’S EVOLUTION

ERTS 2020

  • 40-60 embedded systems in a classic vehicle
  • 80 embedded systems in a premium vehicle

Softwares representes more than 40%

  • f the vehicle market value
  • COMPLEXITY
  • COST

CRITICAL SYSTEM Deal with scenarios that may lead to loss of life, serious personal injury, or damage to the natural environment

slide-33
SLIDE 33

Renault Confidential C 33

MODEL’S CONSTRUCTION

COMPLETION

ERTS 2020

AD-function shall be available IF DAY-TIME = dawn OR DAY-TIME = dusk IF AD-function is OFF AND DAY-TIME = dawn OR DAY-TIME = dusk THEN AD-function shall be available

Possible states: OFF, NOT_AVAILABLE, AVAILABLE, ACTIVABLE, ACTIVE

IF AD-function is NOT_AVAILABLE AND DAY-TIME = dawn OR DAY-TIME = dusk THEN AD-function shall be available

ASSOCIATED STATE MA

slide-34
SLIDE 34

Renault Confidential C 34 Department / Redactor / Date