Jyotirmoy DeshmukhToyota Technical Center · Model-based Development
Jyotirmoy Deshmukh
PhD
About
60
Publications
4,831
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
2,239
Citations
Introduction
Skills and Expertise
Additional affiliations
August 2010 - April 2012
Publications
Publications (60)
Existing multi-agent motion planners face scalability challenges with the number of agents and route plans that span long time horizons. We tackle these issues by introducing additional abstraction by interpolating agent trajectories with natural cubic splines and leveraging existing results that under some natural assumptions, the resulting game h...
Runtime verification (RV) refers to methods for formal reasoning about all aspects of the dynamic execution of systems, including hardware, software, and cyber-physical systems. RV includes techniques to assess and enforce correctness of a system against systemic bugs or extrinsic uncertainties. These methods are typically considered lightweight as...
Pedestrian detection is an important part of the perception system of autonomous vehicles. Foggy and low-light conditions are quite challenging for pedestrian detection, and several models have been proposed to increase the robustness of detections under such challenging conditions. Checking if such a model performs well is largely evaluated by man...
Signal Temporal Logic (STL) has become a popular tool for expressing formal requirements of Cyber-Physical Systems (CPS). The problem of verifying STL properties of neural network-controlled CPS remains a largely unexplored problem. In this paper, we present a model for the verification of Neural Network (NN) controllers for general STL specificati...
Reinforcement learning (RL) is a popular approach for robotic path planning in uncertain environments. However, the control policies trained for an RL agent crucially depend on user-defined, state-based reward functions. Poorly designed rewards can lead to policies that do get maximal rewards but fail to satisfy desired task objectives or are unsaf...
We present ShapeIt, a tool for mining specifications of cyber-physical systems (CPS) from their real-valued behaviors. The learned specifications are in the form of linear shape expressions, a declarative formal specification language suitable to express behavioral properties over real-valued signals. A linear shape expression is a regular expressi...
Perception algorithms in autonomous vehicles are vital for the vehicle to understand the semantics of its surroundings, including detection and tracking of objects in the environment. The outputs of these algorithms are in turn used for decision-making in safety-critical scenarios like collision avoidance, and automated emergency braking. Thus, it...
We present ShapeIt, a tool for mining specifications of cyber-physical systems (CPS) from their real-valued behaviors. The learned specifications are in the form of linear shape expressions, a declarative formal specification language suitable to express behavioral properties over real-valued signals. A linear shape expression is a regular expressi...
Perception algorithms in autonomous vehicles are vital for the vehicle to understand the semantics of its surroundings, including detection and tracking of objects in the environment. The outputs of these algorithms are in turn used for decision-making in safety-critical scenarios like collision avoidance, and automated emergency braking. Thus, it...
Modern cyber-physical systems (CPS) and the Internet of things (IoT) are data factories generating, measuring and recording huge amounts of time series. The useful information in time series is usually present in the form of sequential patterns. We propose shape expressions as a declarative language for specification and extraction of rich temporal...
Shape expressions (SEs) is a novel specification language that was recently introduced to express behavioral patterns over real-valued signals observed during the execution of cyber-physical systems. A shape expression is a regular expression composed of arbitrary parameterized shapes such as lines, exponential curves, and sinusoids as atomic symbo...
The use of machine learning components has posed significant challenges for the verification of cyber-physical systems due to its complexity, nonlinearity, and large space of parameters. In this work, we propose a novel probabilistic verification framework for learning-enabled CPS which can search over the entire (infinite) space of parameters, to...
This book constitutes the refereed proceedings of the 20th International Conference on Runtime Verification, RV 2020, held in Los Angeles, CA, USA, in October 2020. The conference was held virtually due to the COVID-19 pandemic.
The 14 regular papers and 2 short papers presented in this book were carefully reviewed and selected from 43 submissions...
We consider the problem of using reinforcement learning to train adversarial agents for automatic testing and falsification of cyberphysical systems, such as autonomous vehicles, robots, and airplanes. In order to produce useful agents, however, it is useful to be able to control the degree of adversariality by specifying rules that an agent must f...
Cyber-physical systems (CPS) and the Internet-of-Things (IoT) result in a tremendous amount of generated, measured and recorded time-series data. Extracting temporal segments that encode patterns with useful information out of these huge amounts of data is an extremely difficult problem. We propose shape expressions as a declarative formalism for s...
Cyber-physical systems are often safety-critical in that violations of safety properties may lead to catastrophes. We propose a method to enforce the safety of systems with real-valued signals by synthesizing a runtime enforcer called the shield. Whenever the system violates a property, the shield, composed with the system, makes correction instant...
We formulate numerically-robust inductive proof rules for unbounded stability and safety properties of continuous dynamical systems. These induction rules robustify standard notions of Lyapunov functions and barrier certificates so that they can tolerate small numerical errors. In this way, numerically-driven decision procedures can establish a sou...
The Author(s) 2019. We formulate numerically-robust inductive proof rules for unbounded stability and safety properties of continuous dynamical systems. These induction rules robustify standard notions of Lyapunov functions and barrier certificates so that they can tolerate small numerical errors. In this way, numerically-driven decision procedures...
The term Cyber-Physical Systems (CPS) typically refers to engineered, physical and biological systems monitored and/or controlled by an embedded computational core. The behaviour of a CPS over time is generally characterised by the evolution of physical quantities, and discrete software and hardware states. In general, these can be mathematically m...
Many problems in the design and analysis of cyber-physical systems (CPS) reduce to the following optimization problem: given a CPS which transforms continuous-time input traces in Rm to continuous-time output traces in Rn and a cost function over output traces, find an input trace which minimizes the cost. Cyber-physical systems are typically so co...
To effectively analyze and design cyberphysical systems (CPS), designers today have to combat the data deluge problem, i.e., the burden of processing intractably large amounts of data produced by complex models and experiments. In this work, we utilize monotonic Parametric Signal Temporal Logic (PSTL) to design features for unsupervised classificat...
Evaluation of industrial embedded control system designs is a time-consuming and imperfect process. While an ideal process would apply a formal verification technique such as model checking or theorem proving, these techniques do not scale to industrial design problems, and it is often difficult to use these techniques to verify performance aspects...
We study the problem of falsifying reachability properties of real-time control software acting in a closed-loop with a given model of the plant dynamics. Our approach employs numerical techniques to simulate a plant model, which may be highly nonlinear and hybrid, in combination with symbolic simulation of the controller software. The state-space...
The use of deductive techniques, such as theorem provers, has several advantages in safety verification of hybrid systems. There is often a gap, however, between the type of assistance that a theorem prover requires to make progress on a proof task and the assistance that a system designer is able to provide. To address this deficiency we present a...
Falsification techniques for models of embedded control systems automate the process of testing models to find bugs by searching for model-inputs that violate behavioral specifications given by logical and quantitative correctness requirements. A recent advance in falsification is to encode property satisfaction as a cost function based on a finite...
The use of deductive techniques, such as theorem provers, has several
advantages in safety verification of hybrid sys- tems; however,
state-of-the-art theorem provers require ex- tensive manual intervention.
Furthermore, there is often a gap between the type of assistance that a theorem
prover requires to make progress on a proof task and the assis...
Signal Temporal Logic (STL) is a formalism used to rigorously specify
requirements of cyberphysical systems (CPS), i.e., systems mixing digital or
discrete components in interaction with a continuous environment or analog com-
ponents. STL is naturally equipped with a quantitative semantics which can be
used for various purposes: from assessing the...
The conformance testing problem for dynamical systems asks, given two
dynamical models (e.g., as Simulink diagrams), whether their behaviors are
"close" to each other. In the semi-formal approach to conformance testing, the
two systems are simulated on a large set of tests, and a metric, defined on
pairs of real-valued, real-timed trajectories, is...
Techniques for testing cyberphysical systems (CPS) currently use a combination of automatic directed test generation and random testing to find undesirable behaviors. Existing techniques can fail to efficiently identify bugs because they do not adequately explore the space of system behaviors. In this paper, we present an approach that uses the rap...
We present a search technique to falsify safety properties of hybrid systems that model a software system controlling a physical plant. Our approach takes as input (a) the controller code and (b) a plant model given as a black-box system that can be simulated for given inputs over finite time horizons. Our approach combines the symbolic execution o...
In this paper, we present an approach for finding violations of safety properties of hybrid systems. Existing approaches search for complete system trajectories that begin from an initial state and reach some unsafe state. We present an approach that searches over segmented trajectories, consisting of a sequence of segments starting from any system...
Industrial control systems are often hybrid systems that are required to satisfy strict performance requirements. Verifying designs against requirements is a difficult task, and there is a lack of suitable open benchmark models to assess, evaluate, and compare tools and techniques. Benchmark models can be valuable for the hybrid systems research co...
Lyapunov functions are used to prove stability and to obtain performance bounds on system behaviors for nonlinear and hybrid dynamical systems, but discovering Lyapunov functions is a difficult task in general. We present a technique for discovering Lyapunov functions and barrier certificates for nonlinear and hybrid dynamical systems using a searc...
In Model-Based Design of Cyber-Physical Systems (CPS), it is often desirable
to develop several models of varying fidelity. Models of different fidelity
levels can enable mathematical analysis of the model, control synthesis, faster
simulation etc. Furthermore, when (automatically or manually) transitioning
from a model to its implementation on an...
This paper examines techniques for finding falsifying trajectories of hybrid systems using an approach that we call trajectory splicing. Many formal verification techniques for hybrid systems, including flowpipe construction, can identify plausible abstract counterexamples for property violations. However, there is often a gap between the reported...
Many important functions over strings can be represented as finite-state string transducers. In this paper, we present an automatatheoretic technique for algorithmically verifying that such a function is robust to uncertainty. A function encoded as a transducer is defined to be robust if for each small (i.e., bounded) change to any input string, th...
We propose a deterministic model for associating costs with strings that is parameterized by operations of interest (such as addition, scaling, and minimum), a notion of regularity that provides a yardstick to measure expressiveness, and study decision problems and theoretical properties of resulting classes of cost functions. Our definition of reg...
With the maturing of technology for model checking and constraint solving, there is an emerging opportunity to develop programming tools that can transform the way systems are specified. In this paper, we propose a new way to program distributed protocols using concolic snippets. Concolic snippets are sample execution fragments that contain both co...
With the maturing of technology for model checking and constraint solving, there is an emerging opportunity to develop programming tools that can transform the way systems are specified. In this paper, we propose a new way to program distributed protocols using concolic snippets. Concolic snippets are sample execution fragments that contain both co...
A significant challenge to the formal validation of software-based industrial control systems is that system requirements are often imprecise, non-modular, evolving, or even simply unknown. We propose a framework for mining requirements from the closed-loop model of an industrial-scale control system, such as one specified in the Simulink modeling...
Many software systems are naturally modeled as networks of interacting elements such as computing nodes, input devices, and output devices. In this paper, we present a notion of robustness for a networked system when the underlying network is prone to errors. We model such a system \(\mathcal{N}\) as a set of processes that communicate with each ot...
With the maturing of computer-aided verification technology, there is an emerging opportunity to develop design tools that can transform the way systems are designed. In this paper, we propose a new way to specify protocols using concolic snippets, that is, sample execution fragments that contain both concrete and symbolic values. While the purely...
Methods in object-oriented concurrent libraries often encapsulate internal synchronization details. As a result of information
hiding, clients calling the library methods may cause thread safety violations by invoking methods in an unsafe manner. This
is frequently a cause of deadlocks. Given a concurrent library, we present a technique for inferri...
Motivated by the successful application of the theory of regular languages to
formal verification of finite-state systems, there is a renewed interest in
developing a theory of analyzable functions from strings to numerical values
that can provide a foundation for analyzing {\em quantitative} properties of
finite-state systems. In this paper, we pr...
We are interested in identifying and enforcing the isolation requirements of
a concurrent program, i.e., concurrency control that ensures that the program
meets its specification. The thesis of this paper is that this can be done
systematically starting from a sequential proof, i.e., a proof of correctness
of the program in the absence of concurren...
We introduce nondeterministic streaming string transducers (nssts) – a new computational model that can implement MSO-definable relations between strings. An nsst makes a single left-to-right pass on the input string and uses a finite set of string variables to compute the output. In each step, it reads one input symbol, and updates its string vari...
Programs that manipulate heap-allocated data structures present a formidable challenge for algorithmic verification. Recursive procedures (methods) in such software libraries are used for a large number of tasks ranging from simple traversals to complex structural transformations. Verification of such methods is undecidable in general. Hence, we pr...
Methods in object-oriented concurrent libraries hide internal synchronization details. However, information hiding may result in clients causing thread safety violations by invoking methods in an unsafe manner.Given such a library, we present a technique for inferring interface contracts that specify permissible concurrent method calls and patterns...
Automatic techniques for software verification focus on obtaining witnesses of program failure. Such counterexamples often fail to localize the precise cause of an error and usually do not suggest a repair strategy. We present an efficient algorithm to automatically generate a repair for an incorrect sequential Boolean program where program correct...
Predicate detection is an important problem in distributed systems. Predicate detection suffers from state explosion since the number of possible global states is exponential in the number of processes. Computation slicing is an important abstraction technique used to solve the predicate detection problem. The key observation in this paper is that...
Verifying correctness of programs operating on data structures has become an integral part of software verification. A method
is a program that acts on an input data structure (modeled as a graph) and produces an output data structure. The parameterized correctness problem for such methods can be defined as follows: Given a method and a property of...
Reliability of large-scale hardware and software systems of-ten depends on the correctness of the underlying structured data. Ex-amples of structured data include heap-allocated linked data structures, files, and program states in software, and netlists and simulator states for modeling hardware. In this paper, we focus on automatically trans-formi...