static analysis of software for autonomous spacecrafts
DESCRIPTION
Static Analysis of Software for Autonomous Spacecrafts. Supratik Mukhopadhyay [email protected]. Research Heaven, West Virginia. Why Autonomous Software?. Great distances from earth of the next generation missions (e.g., Mars) make autonomous software the only option - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/1.jpg)
1
Research Heaven,West Virginia
Static Analysis of Software for Autonomous Spacecrafts
Supratik Mukhopadhyay
Research Heaven,West Virginia
![Page 2: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/2.jpg)
2
Research Heaven,West Virginia
Why Autonomous Software?
• Great distances from earth of the next generation missions (e.g., Mars) make autonomous software the only option
• Systems must operate severely limited human intervention to control complex, real time, and mission-critical processes over many months in poorly understood environments
• Any control from earth takes at least 8 minutes to get actuated on Mars
• Promises improved capabilities at a reduced operational cost
![Page 3: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/3.jpg)
3
Research Heaven,West Virginia
The Challenges…
• Complexity of software for autonomous systems tremendous• Validation poses a formidable challenge• Traditional testing fails due to the explosion in the number of possible situations.
![Page 4: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/4.jpg)
4
Research Heaven,West Virginia
Current Solutions…
• Model-based programming for robust development and early validation• Introduce and enforce disciplined coding conventions to make debugging and testing easier (e.g., in flight code no dynamic allocation, always check for array bounds, use standard programming language exception handling mechanism and apply Purify )
• Formal Methods: Model Checking (e.g., translate models to SMV, Java Pathfinder) or Theorem Proving (PVS); able to uncover many concurrency bugs
![Page 5: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/5.jpg)
5
Research Heaven,West Virginia
Still… Current Status…
• “I don’t know if it’s the candidate manager, Stanley or the engine, but it really seems to hog my machine. I have to shut it down to use other applications” • “the first release was announced but failed with some environment variable not being set properly …”
Bugs from the GNATS Database
![Page 6: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/6.jpg)
6
Research Heaven,West Virginia
Current Status needs to improve. But…
• Formal verification suffers from state explosion• Need to extract models from code; in many cases such extraction is manually aided• Formal verification acts on models, not on actual code• Simple coding errors are the cause of many crashes (remember Ariane); Formal verification bypasses them
![Page 7: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/7.jpg)
7
Research Heaven,West Virginia
Need of the hour…
• New techniques that can work not only on the models but also on actual code• Techniques should require minimum amount of human support• Should be able to detect not only logical design errors but also programming errors • Should be able to integrate itself with the model-based development paradigm followed at NASA
![Page 8: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/8.jpg)
8
Research Heaven,West Virginia
New Technique: Static Analysis
• a set of techniques used to infer program properties at compile-time • immensely successful for general purpose programming languages • autonomous systems developed using special-purpose languages; such languages typically at a higher level of abstraction and typically more constrained than general purpose programming languages. • features of the language to be included in a compiled instance specified by the user; typically only a few features are included.• such criteria make static analysis easier to apply to such software
![Page 9: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/9.jpg)
9
Research Heaven,West Virginia
Autonomous Software in NASA
• Much publicized use of Remote Agent autonomy architecture used in Deep Space
• Mode Identification and Recovery (MIR) component uses Lisp-based Livingstone (L1) Integrated Vehicle Health Management (IVHM) system
• Accepts models of components of system; infers overall behavior of system
• Being used in the next generation shuttles
![Page 10: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/10.jpg)
10
Research Heaven,West Virginia
Where does Static Analysis fit in?
Model in JMPL
JMPL Compiler
Model in XMPL
Livingstone (L2)Source in C++
C++ Compiler
LivingstoneExecutable
SystemBehavior
• Is it the correct model?• Is the model built correctly?
Does the system crash?
![Page 11: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/11.jpg)
11
Research Heaven,West Virginia
Why is the autonomous landscape is so special?
•Procedural (Livingstone C++)•Object-oriented (source of L2)•.Declarative (JMPL)
•.Involves Concurrency and Components
• embedded and real-time aspects
• More high-level than traditional programs
![Page 12: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/12.jpg)
12
Research Heaven,West Virginia
Static Analysis Technology
• Slice the code automatically to prune portions irrelevant to the property (use Codesurfer from grammatech)• Automatic translation of source code (C++, JMPL) to Constraint Query Language (CQL) Programs• Properties to be inferred or validated to be incorporated as program transformations on constraint query language programs• Computing models of CQL programs provides the analysis• Widenings used to accelerate or terminate the computation; comes up with a ‘yes’ or ‘don’t know’ answer
![Page 13: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/13.jpg)
13
Research Heaven,West Virginia
Properties to check
• Array bound violation• Code reachability• Constraints on variable values at program locations (memory content)• Deadlocks and concurrency errors
![Page 14: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/14.jpg)
14
Research Heaven,West Virginia
Translation of Source Code to CQL programs
…10:x=y+10;11:while(x<=z){…}
p(10,X,Y,Z) p(11,X1,Y,Z),{X=Y+10}p(11,X,Y,Z) p(12,X,Y,Z),{X=<Z}
![Page 15: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/15.jpg)
15
Research Heaven,West Virginia
Incorporating properties
…10:x=y+10;11:while(x<=z){…}
p(10,X,Y,Z) p(11,X1,Y,Z),{X=Y+10}p(11,X,Y,Z) p(12,X,Y,Z),{X=<Z}
Line 12 is reachable
p(10,X,Y,Z) p(11,X1,Y,Z),{X=Y+10}p(11,X,Y,Z) p(12,X,Y,Z),{X=<Z}p(12,X,Y,Z).
Property
![Page 16: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/16.jpg)
16
Research Heaven,West Virginia
Tool for Automatic Translation
• Built with Lex, Yacc and 400 lines of awk code
• Translates C++ source code to CQL clauses
• Able to handle 10000 lines of code in a matter of seconds
• Used the tool to translate some Livingstone methods to CQL programs
•Tool for translating JMPL source code currently underway
r(p(10,X,Y,Z),p(11,X1,Y,Z),{X1=Y+10}).
Tool generated translation
![Page 17: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/17.jpg)
17
Research Heaven,West Virginia
Computing Models of CQLs
• Both forward and backward chaining methods• Forward chaining method wasteful• Backward chaining: Tabled Resolution; table each constrained atom as it is called; on subsequent calls use the information on the table•Tabled resolution: goal-directed
p(x) p(x).p(x) {x=0}.p(x) {x=1}
p(x)
{x=0} {x=1} p(x)
p(x): x=0,x=1Table
![Page 18: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/18.jpg)
18
Research Heaven,West Virginia
Tool for Computing Models
• Written in Sicstus Prolog with 3000 lines of code
• Has a GUI written in Tcl/Tk• Uses CLP(R) library of Sicstus
Prolog for constraint solving• Have checked array bounds
automatically for several Livingstone methods; generated interface conditions for array bound violation
• Handles 1000 lines of source code in < 30 seconds
![Page 19: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/19.jpg)
19
Research Heaven,West Virginia
Widenings
• A series of widenings being developed for both accelerating and enforcing termination• Most of them are based on syntax for efficient implementation
M M
![Page 20: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/20.jpg)
20
Research Heaven,West Virginia
Implementing Widenings
• Have implemented many of the widenings already in Sicstus Prolog• Implementation of more widenings underway• Some of the widenings lose information resulting in ‘don’t know’ answers• Accuracy of widenings to be studied
![Page 21: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/21.jpg)
21
Research Heaven,West VirginiaCurrent Status
• Implemented tool for translating C++ source code to CQL clauses• Developed tool for computing models of CQL programs• Implemented many of the widenings• Conducted preliminary case studies
To do in the next quarter
• Implement translator from JMPL to CQL• Implement more widenings• Study new techniques to make the analysis faster e.g., randomized techniques• Conduct more rigorous case studies
![Page 22: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/22.jpg)
22
Research Heaven,West VirginiaRelated Work
• Bandera: Conduct finite models from Java source code• SLAM: Constructs finite models from C source code• JavaPathfinder: Model Checks Java programs• BANE: Infers constraints from C programs and solves them
![Page 23: Static Analysis of Software for Autonomous Spacecrafts](https://reader036.vdocument.in/reader036/viewer/2022062305/568167d7550346895ddd30b6/html5/thumbnails/23.jpg)
23
Research Heaven,West VirginiaLessons learnt
• Adherence to disciplined coding practices like no dynamic allocation in flight code makes static analysis easier • Techniques needed to make static analysis faster• Can be used to generate interface specification for modules• Preliminary experiments providing encouraging results