Abstract
Software in autonomous systems like autonomous cars, robots or drones is often implemented on resource-constrained embedded systems with heterogeneous architectures. At the heart of such software are multiple feedback control loops, whose dynamics not only depend on the control strategy being used, but also on the timing behavior the control software experiences. But performing timing analysis for safety critical control software tasks, particularly on heterogeneous computing platforms, is challenging. Consequently, a number of recent papers have addressed the problem of stability analysis of feedback control loops in the presence of timing uncertainties (cf., deadline misses). In this paper, we address a different class of safety properties, viz., whether the system trajectory with timing uncertainties deviates too much from the nominal trajectory. Verifying such quantitative safety properties involves performing a reachability analysis that is computationally intractable, or is too conservative. To alleviate these problems we propose to provide statistical guarantees over the behavior of control systems with timing uncertainties. More specifically, we present a Bayesian hypothesis testing method that estimates deviations from a nominal or ideal behavior. We show that our analysis can provide, with high confidence, tighter estimates of the deviation from nominal behavior than using known reachability analysis methods. We also illustrate the scalability of our techniques by obtaining bounds in cases where reachability analysis fails, thereby establishing the practicality of our proposed method.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data availability
All the data has been provided in the GitHub repository.
Notes
sites.google.com/view/statdev.
Note that \(\text{ Uniform }(0,1) \overset{d}{=} \text{ Beta }(1,1),\) so the uniform prior also induces a beta posterior distribution on \(\theta\).
References
Åström KJ, Wittenmark B (1997) Computer-controlled systems, 3rd edn. Prentice-Hall Inc, New York
Axer P et al (2014) Building timing predictable embedded systems. ACM Trans Embed Comput Syst 13(4):82–18237
Bernardi O, Giménez O (2010) A linear algorithm for the random sampling from regular languages. Algorithmica 62:130–145
Blind R, Allgöwer F (2015) Towards networked control systems with guaranteed stability: using weakly hard real-time constraints to model the loss process. In: 54th IEEE conference on decision and control (CDC)
Bozhko S et al (2021) Monte carlo response-time analysis. In: IEEE real-time systems symposium (RTSS)
Chakraborty S, Erlebach T, Thiele L (2001) On the complexity of scheduling conditional real-time code. In: 7th international workshop on algorithms and data structures (WADS)
Chakraborty S, Faruque MAA, Chang W, Goswami D, Wolf M, Zhu Q (2016) Automotive cyber-physical systems: a tutorial introduction. IEEE Des Test 33(4):92–108
Chakraborty S et al (2018) Embedded systems and software challenges in electric vehicles. In: Design, automation & test in europe conference & exhibition (DATE)
Chakraborty S et al (2019) Cross-layer interactions in CPS for performance and certification. In: Design, automation & test in europe (DATE)
Chang W, Chakraborty S (2016) Resource-aware automotive control systems design: a cyber-physical systems approach. Found Trends Electron Des Autom 10(4):249–369
Chang W, Goswami D, Chakraborty S, Ju L, Xue CJ, Andalam S (2017) Memory-aware embedded control systems design. IEEE Trans CAD Integr Circ Syst 36(4):586–599
Chang W, Goswami D, Chakraborty S, Hamann A (2018a) OS-aware automotive controller design using non-uniform sampling. ACM Trans Cyber-Phys Syst 2(4):26–12622
Chang W, Roy D, Hu XS, Chakraborty S (2018b) Cache-aware task scheduling for maximizing control performance. In: Design, automation & test in europe (DATE)
Chen JJ, Novick MR (1984) Bayesian analysis for binomial models with generalized beta prior distributions. J Educ Stat 9(2):163–175
Clarke EM, Grumberg O, Jha S, Lu Y, Veith H (2000) Counterexample-guided abstraction refinement. In: Emerson EA, Sistla AP (eds) 12th international conference on computer aided verification (CAV)
Cloosterman M et al (2009) Stability of networked control systems with uncertain time-varying delays. IEEE Trans Autom Control 54(7):1575–1580
Dennis L, Fisher M (2020) Verifiable self-aware agent-based autonomous systems. Proc IEEE 108(7):1011–1026
Diwakaran R et al (2017) Analyzing neighborhoods of falsifying traces in cyber-physical systems. In: 8th international conference on cyber-physical systems (ICCPS)
Donkers M et al (2012) Stability analysis of stochastic networked control systems. Automatica 48(5):917–925
Duggirala PS, Viswanathan M (2016) Parsimonious, simulation based verification of linear systems. In: Chaudhuri S, Farzan A (eds) Computer aided verification (CAV)
Fisher M et al (2013) Verifying autonomous systems. Commun ACM 56(9):84–93
Flajolet P et al (1994) A calculus for the random generation of labelled combinatorial structures. Theoret Comput Sci 132(1):1–35
Fukuda K (2004) From the zonotope construction to the Minkowski addition of convex polytopes. J Symbolic Comput 38(4):1261–1272
Gabel RA, Roberts RA (1991) Signals and linear systems. Wiley, New YOrk
Georgakos G et al (2013) Reliability challenges for electric vehicles: from devices to architecture and systems software. In: 50th annual design automation conference (DAC)
Ghosh M (2011) Objective priors: an introduction for frequentists. Stat Sci 26(2):187–202
Ghosh B et al (2022)Statistical hypothesis testing of controller implementations under timing uncertainties. In: 2022 IEEE 28th international conference on embedded and real-time computing systems and applications (RTCSA)
Girard A (2005) Reachability of uncertain linear systems using zonotopes. In: Proceedings of the 8th international conference on hybrid systems: computation and control (HSCC)
Goswami D, Schneider R, Chakraborty S (2011) Re-engineering cyber-physical control applications for hybrid communication protocols. In: Design, automation and test in europe (DATE)
Goswami D, Schneider R, Chakraborty S (2014) Relaxing signal delay constraints in distributed embedded controllers. IEEE Trans Control Syst Technol 22(6):2337–2345
Grünbaum B, Kaibel V, Klee V, Ziegler GM (2003) Convex polytopes. Springer, New York
Hagemann W (2014) Reachability analysis of hybrid systems using symbolic orthogonal projections. In: Biere A, Bloem R (eds) Computer Aided Verification (CAV)
Hespanha J (2014) Modeling and analysis of networked control systems using stochastic hybrid systems. Annu Rev Control 38(2):155–170
Hespanha JP (2018) Linear systems theory, 2nd edn. Princeton University Press, Princeton
Horssen E (2016) Performance analysis and controller improvement for linear systems with (m, k)-firm data losses. In: 15th european control conference (ECC)
Ju L et al (2009) Context-sensitive timing analysis of esterel programs. In: 46th design automation conference (DAC)
Kass R, Raftery A (1995) Bayes factors. J Am Stat Assoc 90(430):773–795
Kauer M et al (2014) Fault-tolerant control synthesis and verification of distributed embedded systems. In: Design, automation & test in europe conference (DATE)
Legay A, Lukina A, Traonouez LM, Yang J, Smolka SA, Grosu R (2019) Statistical model checking. Springer, Cham, pp 478–504
Liberzon D (2003) Switching in systems and control. Springer, New York
Linsenmayer S, Allgöwer F (2017) Stabilization of networked control systems with weakly hard real-time dropout description. In: 56th IEEE annual conference on decision and control (CDC)
Lukasiewycz M et al (2013) System architecture and software design for electric vehicles. In: 50th design automation conference (DAC)
Maggio M et al (2020)Control-system stability under consecutive deadline misses constraints. In: 32nd euromicro conference on real-time systems (ECRTS)
Mahfouzi R et al (2018) Stability-aware integrated routing and scheduling for control applications in Ethernet networks. In: Design, automation & test in europe conference (DATE)
Masrur A et al (2010) VM-based real-time services for automotive control applications. In: 16th IEEE international conference on embedded and real-time computing systems and applications (RTCSA)
Mundhenk P et al (2015) Security analysis of automotive architectures using probabilistic model checking. In: 52nd annual design automation conference (DAC)
O’Kelly M, Zheng H, Karthik D, Mangharam R (2020) F1tenth: an open-source evaluation environment for continuous control and reinforcement learning. Proc Mach Learn Res 123:77–89
Pazzaglia P et al (2018) Beyond the weakly hard model: measuring the performance cost of deadline misses. In: 30th Euromicro conference on real-time systems (ECRTS)
Pazzaglia P et al (2019) DMAC: deadline-miss-aware control. In: 31st Euromicro conference on real-time systems (ECRTS)
Roy D et al (2016) Multi-objective co-optimization of FlexRay-based distributed control systems. In: 22nd IEEE real-time and embedded technology and applications symposium (RTAS)
Roy D, Zhang L, Chang W, Mitter SK, Chakraborty S (2018) Semantics-preserving cosynthesis of cyber-physical systems. Proc IEEE 106(1):171–200
Sadraddini S, Tedrake R (2019) Linear encodings for polytope containment problems. In: 2019 IEEE 58th conference on decision and control (CDC)
Samii S et al (2010) Dynamic scheduling and control-quality optimization of self-triggered control applications. In: 31st IEEE real-time systems symposium (RTSS)
Schneider R et al (2011) Constraint-driven synthesis and tool-support for flexray-based automotive control systems. In: CODES+ISSS
Schneider R et al (2013) Multi-layered scheduling of mixed-criticality cyber-physical systems. J Syst Architect-Embed Syst Des 59(10D):1215–1230
Soudbakhsh D et al (2018) Co-design of arbitrated network control systems with overrun strategies. IEEE Trans Control Netw Syst 5(1):128–141
Thiele L, Wilhelm R (2004) Design for timing predictability. Real-Time Syst 28(2–3):157–177
Waszecki P et al (2017) Automotive electrical and electronic architecture security via distributed in-vehicle traffic monitoring. IEEE Trans Comput Aided Des Integr Circ Syst 36(11):1790–1803
Wilhelm R (2020) Real time spent on real time. Commun ACM 63(10):54–60
Wing J (2021) Trustworthy AI. Commun ACM 64(10):64–71
Xu S, Ghosh B, Hobbs C, Thiagarajan PS, Chakraborty S (2023) Safety-aware flexible schedule synthesis for cyber-physical systems using weakly-hard constraints. In: 28th asia and south pacific design automation Conference (ASP-DAC)
Younes H, Simmons R (2002) Probabilistic verification of discrete event systems using acceptance sampling. In: CAV
Zhang W et al (2001) Stability of networked control systems. IEEE Control Syst Mag 21(1):84–99
Acknowledgements
We thank all the reviewers of the RTCSA 2022 version of this paper, as well as the reviewers of this journal version, for their helpful feedback. This work was partially supported by the NSF Award #2038960.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Appendices
Appendix 1
A case study: the impact of prior selection
The methodology presented in Sect. 4 assumes a uniform prior distribution. Specifically, we assumed
However, the number of samples required to conclude that \(\theta \ge 0.99\) with sufficiently high probability depends heavily on the choice of prior. Our choice of a uniform prior feels safe in that it does not assume any prior knowledge of the underlying system. A variety of more nuanced procedures exist for selecting so-called objective priors Ghosh (2011) that avoid some of the pitfalls of using a uniform prior. Plugging these priors into our procedure is straightforward, and a full discussion of objective priors is beyond the scope of this paper.
To illustrate the effect of prior knowledge on our testing procedure, we now consider how the choice of prior impacts the number of samples required by our hypothesis testing procedure. Recall that our hypothesis testing procedure boiled down to estimating the value of \(\theta\) given that each sampled trajectory would independently obey \(\textbf{d}_ ub\) with probability \(\theta\). Specifically, we take K samples and then try to estimate \(\theta\) given that \(\text {Binomial}(K,\theta )=K\). It is well known that the beta distribution is a conjugate prior of binomial likelihood functions—any beta prior distribution and a binomial likelihood function will induce a beta posterior distribution on \(\theta\)Chen and Novick (1984). Hence, to examine the impact of the choice of prior, we consider two alternate beta distributions as priors.
We compare these choices of prior to the uniform prior used in the paper. For this comparison, we again assume that the user-defined parameter \(c=0.99\). That is, we would like to say whether a given \(\textbf{d}_ ub\) is at least a 99th percentile of the distribution of trajectory deviations. We consider beta prior distributions with modes at \(\theta =0.25\), and \(\theta =0.99\) respectively.Footnote 4 These priors reflect two common cases. First, the prior with a peak at \(\theta =0.99\) reflects the case where one strongly believes that \(\theta\) is close to 0.99, but is also agnostic as to whether the true value of \(\theta\) is above or below 0.99. Second, the prior with a peak a \(\theta =0.25\) reflects the case where one chooses a prior conservatively to ensure the safety of the system. These priors are shown in Fig. 11.
A variety of prior distributions that can be plugged into our hypothesis testing procedure. We use beta prior distributions because they emit simple posterior distributions when used with a binomial likelihood function. We consider the uniform prior used in Sect. 4 as well as a prior with a mode of \(\theta =0.25\) and a prior with a mode of \(\theta =0.99\)
Based on each of these priors, we can compute the posterior distribution induced by sampling K trajectories which all obey a given value of \(\textbf{d}_ ub\). Figure 12 shows the probability of a type-I error, \(\alpha\), as a function of the number of samples, K. We see that the choice of prior significantly impacts the number of samples required by our hypothesis testing procedure. First, we can see that using a prior with a peak at \(\theta =0.25\) has the intended effect. Meeting a given level of \(\alpha\) when using this prior requires roughly twice as many samples as were required when using a uniform prior. Surprisingly, the prior with a peak at \(\theta =0.99\) does not have the opposite effect. Given a strong prior belief that \(\theta\) is close to 0.99, we might expect to require fewer samples than when using a uniform prior. Figure 12 shows that, although \(\alpha\) is slightly lower for small values of K, we actually require more samples when using the prior with a peak at.99 than were required when using a uniform prior. The issue is that this prior assigns significant probability density to values slightly above and slightly below 0.99. A large number of samples is then required to decide whether \(\theta\) is actually above 0.99 or just slightly below 0.99. Hence, while the uniform prior is in some sense non-informative, both of the alternate priors shown here are more conservative in the number of samples they require before allowing us to accept a given value of \(\textbf{d}_ ub\).
Type-I error, \(\alpha\), as a function of the sample size K under a variety of beta prior distributions. Using a prior with a mode of 0.25 has the expected effect of requiring more samples than are required when using a uniform prior. Surprisingly, using a prior with a mode of 0.99 also requires more samples than are required when using a uniform prior
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Ghosh, B., Hobbs, C., Xu, S. et al. Statistical verification of autonomous system controllers under timing uncertainties. Real-Time Syst 60, 108–149 (2024). https://doi.org/10.1007/s11241-023-09417-x
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11241-023-09417-x