S. Ramesh

S. Ramesh
General Motors Company | GM · ECS Lab

Doctor of Philosophy

About

181
Publications
16,553
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
1,890
Citations
Introduction
Skills and Expertise
Additional affiliations
September 1989 - December 2004
Indian Institute of Technology Bombay
Position
  • Professor (Full)

Publications

Publications (181)
Conference Paper
Full-text available
The specification of functional safety requirements is an integral part of a safety engineering process, especially in the case of a system whose behavior is largely determined by software. Many industry standards, such as RTCA DO-178C (aerospace), ISO 26262 (automotive) and CENELEC EN 50128 (rail), underscore the importance of specifying functiona...
Article
Full-text available
Program analysis of automotive software has several unique challenges, including that the code base is ultra large, comprising over a hundred million lines of code running on a single vehicle; the code is structured as a software product line (SPL) for managing a family of related software products from a common set of artifacts; and the analysis r...
Article
With growing complexity of modern software, it is important that the relevant textual requirements are correctly linked into a ‘requirement liking matrix’ during early system development stages. The resulting requirement linking matrix highlights direct and indirect interactions between different requirements, thus facilitating improved design, dev...
Chapter
Autonomous systems incorporate varying degrees of adaptation behavior to sustain their operations with acceptable quality of service (QoS). The QoS capability of such highly complex dynamic adaptive systems depends on how well they respond to hostile external events. The paper formulates model-based assessment techniques to benchmark the QoS capabi...
Chapter
Advanced Driver Assistance Systems and higher-level automated features are rapidly being deployed in the automotive industry. A common development approach taken for ensuring safe operation of these vehicles is to focus on driving real vehicles in the planned operating environment. This approach has benefits, including helping to identify challengi...
Preprint
Full-text available
Software Product Lines (SPLs) are families of related software products developed from a common set of artifacts. Most existing analysis tools cannot be applied to an entire SPL, but rather must be applied an SPL’s products one at a time. Some tools have been redesigned or re-implemented to support the kind of variability exhibited in SPLs, but thi...
Article
Full-text available
Test generation based on one-by-one analysis of potential implementations in fault models is challenging; it is indeed impossible or inefficient to enumerate each and every implementation, even when a fault model defines a finite but a significant number of implementations. We propose an approach for fault model and constraint solving-based testing...
Article
The emerging Die-stacking technology enables DRAM to be used as a cache to break the “Memory Wall” problem. Recent studies have proposed to use DRAM as a victim cache in both CPU and GPU memory hierarchies to improve performance. DRAM caches are large in size and, hence, when realized as a victim cache, non-inclusive design is preferred. This non-i...
Preprint
Test oracles are usually used to evaluate the behaviors of systems under test to reveal faults. In a typical conformance testing scenario, a test oracle is a deterministic finite state machine (FSM). However, uncertainty occurring in the design of an oracle may result in a set of potential candidate oracles which can compactly be represented by a n...
Article
Full-text available
Advanced driver assistance and automated driving systems must operate in complex environments and make safety-critical decisions. Resilient behavior of these systems in their targeted operation design domain is essential. In this paper, we describe developments in our Model-Based Systems Engineering (MBSE) approach to develop resilient safety-criti...
Article
This paper proposes a novel notion called variability verification applicable to Software Product Lines (SPL). Variability is central to SPL and we have observed that variability is expressed differently at different levels of abstraction in the development flow of SPL. A natural problem in this context is the conformance of variability information...
Article
Die-stacking technology enables the use of a high density DRAM as a cache. Major processor vendors have recently started using these stacked DRAM modules as the last level cache of their products. These stacked DRAM modules provide high bandwidth with relatively low latency compared to the off-package DRAM modules. Recent studies on DRAM caches pro...
Conference Paper
Full-text available
Hybrid Dynamic Systems HDS constitute a wide class of common industrial applications. A HDS is generally characterized by interaction of discrete-event and continuous variable dynamics. The behavior of HDS can switches between several modes with different dynamics over time. Thus, Their identification aims to find the model mapping the inputs to re...
Article
Full-text available
In a Software Product Line (SPL), the central notion of implementability provides the requisite connection between specifications and their implementations, leading to the definition of products. While it appears to be a simple extension of the traceability relation between components and features, it involves several subtle issues that were overlo...
Article
Time-triggered architectures form an important component of many distributed computing platforms for safety-critical real-time applications such as avionics and automotive control systems. TTA, FlexRay, and TTCAN are examples of such time-triggered architectures that have been popular in recent times. These architectures involve a number of algorit...
Conference Paper
In test case generation methods based on symbolic testing and/or model checking, the primary emphasis is on covering code/model elements and not on optimising test sequence length. However, in certain domains, e.g. embedded systems, GUI, networking software, testing process may involve interaction with other physical subsystems, possibly remotely s...
Article
Today, most of the innovation in the automotive domain is in the areas of electronics and software. Modern cars have already been transformed, from largely mechanical entities, to complex embedded systems running on four wheels. High-end cars currently have around 100 electronic control units (ECUs), each with one or more, possibly multicore, proce...
Article
Modern automotive systems are composed of hundreds of software-implemented features often interacting with physical subsystems under real-time constraints. For efficient management of their development, the features are conceived and realized as product lines involving variability with different variants being deployed in different vehicle classes....
Article
AADL (Architectural Analysis and Design Language) can describe the architecture of an embedded control system at various levels of abstraction. In addition, AADL supports refinement mechanisms for refining abstract models to more detailed ones. However, the refinement mechanism in AADL is of informal nature. Event-B is an independent formal modelli...
Article
We present a new modelling formalism which is suitable for capturing high level functional specifications and requirements of reactive control systems. This formalism is a simple extension of the classical planning formalism. We show that if specifications are thus formalized, then it is possible to use existing automated planners and model checker...
Conference Paper
In this paper we study the reachability analysis problem for timed systems specified in a hierarchical manner. First we provide a formal model, called hierarchical extended Mealy machine with timer, input and output events, as well with input, output and context variables. Then we present a synchronous semantics of the model. A main feature of this...
Chapter
One of the challenging steps in the development of component based embedded control systems involves decomposition of feature or system level timing requirements into component level timing requirements. Often it is observed that the timing is introduced at a later stage in the development cycle and ad hoc estimates are made which lead to costly an...
Article
Full-text available
Code generators play a critical role in the Model Based Development of complex software systems. This is particularly true in the automotive domain, where the code auto-generated from Simulink/Stateflow models is directly flashed onto embedded controllers. Testing based approaches are popular for validating the translation of models to code. Howeve...
Article
Full-text available
The paper discusses the design of cyber-physical systems software around intelligent physical worlds (IPW). An IPW is the embodiment of control software functions wrapped around the external world processes, exhibiting self-adaptive behavior over a limited operating region of the system. This is in contrast with the traditional models where the phy...
Patent
Full-text available
A method allows for testing software under test (SUT) with respect to a partial design model (PDM) having a boundary which differs from a boundary of the SUT. The method includes recording input information including the SUT, the PDM, and coverage criteria defining a required number of the test cases. Variables in the SUT are identified that corres...
Article
Model-based test generation techniques based on random input generation and guided simulation do not satisfy the demands of high test coverage and completeness guarantees as required by safety-critical applications. Recently, test generation techniques based on model checking have been reported to bridge this gap. To evaluate the effectiveness of t...
Patent
Full-text available
A computer-implemented method for evaluating a machine-executable software code specification includes using the computer to generate a system dependence graph corresponding to the software code specification. The system dependence graph includes elements including nodes and edges. The computer evaluates the system dependence graph including select...
Patent
Full-text available
A computer-implemented method for evaluating a machine-executable software code specification includes using the computer to generate a system dependence graph corresponding to the software code specification. The system dependence graph includes elements including nodes and edges, wherein the computer evaluates the system dependence graph. The eva...
Article
This paper presents a new model of scenarios, dedicated to the specification and verification of system behaviours in the context of software product lines (SPL). We draw our inspiration from some techniques that are mostly used in the hardware community, and we show how they could be applied to the verification of software components. We point out...
Conference Paper
The control law of a typical industrial system has a modulating (continuous) component and a sequential/modal component. Control engineers are traditionally good at specifying the modulating part of the control laws unambiguously, correctly and completely. Software engineers have similar skills on the sequential component. In this paper, we discuss...
Conference Paper
Correct functionality of automotive embedded control systems often requires that the end-to-end latencies of data items traversing through specified task/message chains from sensors to actuators are within specified bounds. Hence, accurate estimation of the worst-case end-to-end latency has significant impact on the design of system architectures....
Conference Paper
The paper discusses the design of cyber-physical systems software around intelligent physical worlds (IPW). An IPW is the embodiment of control software functions wrapped around the external world processes. The IPW performs core domain-specific activities while adapting its behavior to the changing environment conditions and user inputs. The IPW e...
Patent
A method and tools for providing precise timing analysis scalable to industrial case studies with large numbers of tasks and messages are provided, including the capability to model and analyze task and message response times; ECU usage; bus usage; end-to-end latency of task/message chains; and timing synchronization problems in task/message graphs...
Article
We propose a framework for developing and reasoning about hybrid systems that are comprised of a plant with multiple controllers, each of which controls the plant intermittently. The framework is based on the notion of a "conflict-tolerant" specification for a controller, and provides a modular way of developing and reasoning about such systems. We...
Conference Paper
Most innovations in the automotive domain are realized by electronics and software. Modern cars have up to 100 Electronic Control Units (ECUs) that implement a variety of control applications in a distributed fashion. The tasks are mapped onto different ECUs, communicating via a heterogeneous network, comprising communication buses like CAN, FlexRa...
Patent
A system and method for automatic formal verification of an executable model includes an assertion monitor configured to verify a system against an assertion in a specification. The assertion monitor includes a parser configured to generate a propositional formula representing the assertion in the specification using Boolean propositions, a filter...
Article
Model-Based Development processes in the automotive industry typically use high-level modeling languages to build the reference models of embedded controllers. One can use formal verification tools to exhaustively verify these design models against their requirements, ensuring high quality models and a reduction in the cost and effort of functional...
Article
The design of a complex embedded control system involves integration of large number of components. These components need to interact in a timely fashion to achieve the system level end-to-end requirements. In practice, the component level timing specification consists of design attributes like component task mapping, task period and schedule defin...
Conference Paper
This paper presents a novel approach to the design verifica- tion of Software Product Lines (SPL). The proposed approach assumes that the requirements and designs at the feature level are modeled as finite state machines with variability information. The variability infor- mation at the requirement and design levels are expressed differently and at...
Conference Paper
Completely automatic generation of tests from formal executable test models of industrial size still looks like a “holy grail”, in spite of significant progress in model-based testing research and tool development. Realizing this, we follow a more down-to-earth approach by assuming that, even if a test model is available, the test expert manually d...
Article
Full-text available
This paper presents a novel approach to the design verification of Software Product Lines(SPL). The proposed approach assumes that the requirements and designs are modeled as finite state machines with variability information. The variability information at the requirement and design levels are expressed differently and at different levels of abstr...
Conference Paper
This paper presents a novel approach to relate the variabilities that exist at the requirement and design levels in a Software Product Line (SPL). This approach is based upon two key observations: (i) it is not only the requirements, but also the design contain variability information, (ii) The variability information at the requirement and design...
Conference Paper
We introduce a new class of planning problems in which there is a separate set of actions with higher priority than regular actions. We present new planning domains to show that problems of practical interest may easily fit in this framework. We argue that though this framework is quite succinctly encoded in classical planning itself, existing plan...
Article
This paper is concerned with test case generation from Simulink/Stateflow (SL/SF) models with a focus on coverage of SF model elements. Coverage of the SF component in a model is a difficult task because of two primary reasons: (i) the SF component itself may lie deep in the SL/SF model in which case, inputs have to pass through a complex chain of...
Article
This paper presents a novel approach to the design verification of Software Product Lines(SPL). The proposed approach assumes that the requirements and designs are modeled as finite state machines with variability information. The variability information at the requirement and design levels are expressed differently and at different levels of abstr...
Conference Paper
Our work concerns with test case generation for structural coverage of Simulink/Stateflow (SL/SF) models. We have developed a tool called SmartTestGen which integrates multiple test generation techniques; experiments show that this tool performs better than some commercial tools. In this paper, we discuss a novel experiment. SmartTestGen uses rando...
Conference Paper
In a Software Product Line (SPL), the central notion of implementability provides the requisite connection between specifications (feature sets) and their implementations (component sets), leading to the definition of products. While it appears to be a simple extension (to sets) of the traceability relation between components and features, it actua...
Conference Paper
The modern automobile is a complex electronic system with a number of features providing functionalities for driver and passenger convenience, control of the vehicle, and safety of the occupants. As new features are developed and introduced into the automobile, they interact with already existing features, sometimes resulting in undesirable behavio...
Article
Full-text available
Correct functioning of automotive embedded controllers requires hard real-time constraints on a number of system parameters. To avoid costly design iterations, these timing constraints should be verified during the design stage itself. In this paper, we describe a formal verification technique for a class of timing constraints called timing synchro...
Article
Full-text available
Simulink/Stateflow (SL/SF) is the primary modeling notation for the development of control systems in automotive and aerospace industries. In model based testing, test cases derived from a design model are used to show model-code conformance. Safety standards such as ISO 26262 recommend model based testing to show the conformance of a software with...
Article
Asynchronous and Synchronous languages have been in use for the specification of reactive systems. One of the main distinguishing features of these two classes lies in the way nondeterminism is used for the specification of programs. From this viewpoint, we analyze CSP (a typical asynchronous language) and ESTEREL (a synchronous language). The sync...
Conference Paper
Automotive architectures today consist of up to 100 electronic control units (ECUs) that communicate via one or more FlexRay and CAN buses. Multiple control applications - like cruise control, brake control, etc. - are specified as Simulink/Stateflow models, from which code is generated and mapped onto the different ECUs. In addition, scheduling po...
Article
Parametric Temporal Logic extends linear temporal logic by allowing the temporal operators to additionally specify quantitative and parametric bounds on event occurrences. In this paper, we revisit and provide improved solutions to the four important problems of emptiness, universality, finiteness and construction considered in the literature for t...
Conference Paper
This paper presents a formal specification and analysis method motivated by issues faced during early stages of requirements development for automotive features. At this early stage of development, only overall goals of features are understood, and there is a need to discover all possible scenarios of operation. We have developed a formalism - Stru...
Article
Requirements of embedded systems often describe the system behavior with quantitative constraints over parameters such as timing, memory, and other resources. In this letter, we present a visual language suited for scenario-based specification of requirements with quantitative constraints. Our language, known as event sequence charts with quantitat...
Conference Paper
The development of in-vehicle software, often controlling safety-critical functions related to braking, steering and transmission systems, requires rigorous techniques to ensure high-integrity and reliability requirements. Formal models of requirements and design artifacts based on state-transition systems and other formalisms serve as a means to a...
Article
The size and complexity of embedded software in automotive systems has been increasing rapidly. This makes the analysis of such systems difficult. For instance, in many analyses it is required to trace the dependences between variables in the software. E.g., in checking compliance to On-Board Diagnostics (OBD) standards one needs to ensure that onl...
Conference Paper
The ever increasing number and complexity of software-controlled features in today's automotive vehicles mandate the use of numerous techniques and tools for ensuring the absence of any kind of defects in them. In this connection, one of the key areas of applied research today involves the identification, development and use of various analyses on...
Conference Paper
Exhaustive state space exploration based verification of embedded system designs remains a challenge despite three decades of active research into Model Checking. On the other hand, simulation based verification of even critical embedded system designs is often subject to financial budget considerations in practice. In this paper, we suggest an alg...
Conference Paper
Full-text available
Software Product Line (SPL) is a software development framework to jointly design a family of closely related software products in an efficient and cost-effective manner. In order to separate the concerns and handle complexity, designers usually project the SPL along different perspectives such as feature, architecture and behaviour. Each perspecti...
Conference Paper
This tutorial is concerned with various aspects of model-based design of hardware/software architectures of automotive systems. It will be split into three parts, the first dealing with model-based analysis of automotive ECU networks, the second with synthesis of schedules for such networks, and finally the third with model-based testing of such ar...
Conference Paper
Embedded control systems in automobiles are typically implemented by a set of tasks deployed on multiple Electronic Control Units (ECUs) communicating via one or more buses like CAN or FlexRay. In the case of safety-critical systems, there are hard real-time bounds on the (i) response times of tasks/messages, and (ii) end-to-end latencies of certai...
Conference Paper
Full-text available
We present the CoGenTe tool for automated black-box testing of code generators. A code generator is a program that takes a model in a high-level modeling language as input, and outputs a program that captures the behaviour of the model. Thus, a code generator's input and output are complex objects having not just syntactic structure but execution s...
Conference Paper
Full-text available
The growing trend towards using component based design approach in embedded system development requires addressing newer system engineering challenges. These systems are usually time critical and require timing guarantees from components. The articulation of a desirable response bounds for the components is often ad-hoc and happens late in developm...
Book
The primary aim of this monograph is to present the current research efforts that have gone into/or going on in the systematic design of real-time programs. Such an effort would help researchers and users in the area to get a clear picture of the issues of specification, verification and design of real-time reactive programs. It will clearly enable...
Conference Paper
Full-text available
This paper addresses the problem of detecting and resolving conflicts due to timing constraints imposed by features in real-time and hybrid systems. We consider systems composed of a base system with multiple features or controllers, each of which independently advise the system on how to react to input events so as to conform to their individual s...
Conference Paper
Full-text available
We present a methodology and a toolkit for improving sim- ulation coverage of Simulink/Stateflow models of hybrid systems using symbolic analysis of simulation traces. We propose a novel instrumen- tation scheme that allows the simulation engine of Simulink/Stateflow to output, along with the concrete simulation trace, the symbolic trans- formers n...
Article
Hardware module reuse is a standard solution to the problems of increasing complexity of chip architectures and pressure to reduce time to market. In the absence of a single module interface standard, predesigned modules for “plug-and-play” usually require a converter between incompatible interface protocols. Current approaches to automatic synthes...
Conference Paper
For quite some time, the Unified Modeling Language (UML) has been adopted by designers of safety critical control systems such as automotive and aviation control. This has led to an increased emphasis on setting up a validation flow over UML that can be used to guarantee the correctness of UML models. In this paper, we propose a dynamic Assertion-b...
Conference Paper
Full-text available
This paper addresses the problem of testing auto-code generators. Auto-code generators take as input a model in certain modeling language, and produce as output a program that captures the execution semantics of the input-model. We focus on the problem of test specification for the purpose of automatically generating a test-suite. We propose a nove...
Conference Paper
For quite some time, the Unified Modeling Language (UML) [5] has been adopted by designers of safety critical control systems such as automotive and aviation control. This has led to an increased emphasis on setting up a validation flow over UML that can be used to guarantee the correctness of UML models. In this paper, we present a dynamic propert...
Conference Paper
Full-text available
The Simulink/Stateflow (SL/SF) environment from Math- works is becoming the de facto standard in industry for model based development of embedded control systems. Many commercial tools are available in the market for test case generation from SL/SF designs; however, we have observed that these tools do not achieve satisfactory coverage in cases whe...
Conference Paper
Full-text available
This paper addresses the problem of detecting and resolving conflicts due to timing constraints imposed by features in real-time systems. We consider systems composed of a base system with multiple features or controllers, each of which independently advise the system on how to react to input events so as to conform to their individual specificatio...
Conference Paper
Aimed at verifying safety properties and improving simula- tion coverage for hybrid systems models of embedded control software, we propose a technique that combines numerical simulation and symbolic methods for computing state-sets. We consider systems with linear dynamics described in the commercial modeling tool Simulink/Stateflow. Given an ini-...
Conference Paper
Full-text available
We study the problem of "desynchronization", i.e., semantics-preserving "asynchronous implementation" of a "synchronous design". In a synchronous design, system components (which we model as input-output automata (I/O- automata)) communicate over synchronous channels and their combined behavior can be described using synchronous composition, wherea...
Conference Paper
We present AutoMOTGen, a tool for automatic test case generation (ATG) from MATLAB Simulink/Stateflow (SL/SF) models [6] for testing automotive controllers. Our methodology is based on model checking [2]. The main highlights of the tool are: The current implementation of AutoMOTGen uses SAL [8] as an intermediate representation and uses associated...
Conference Paper
Full-text available
End-to-end latency of messages is an important design parameter that needs to be within specified bounds for the correct functioning of distributed real-time control systems. In this paper we give a formal definition of end-to-end latency, and use this as the basis for checking whether a stipulated deadline is violated within a bounded time. For un...
Article
A key requirement for the development of safety-critical systems is the correctness of the tools used in their development process. Standards such as DO-178B mandate the qualification of tools used in the software engineering process of the systems to be certified at the highest levels of criticality. On the other hand, the increasing complexity of...
Conference Paper
Full-text available
In the absence of a single module interface standard, integration of pre-designed modules in System-on-Chip design often requires the use of protocol converters. Existing approaches to automatic synthesis of protocol converters mostly lack formal foundations and either employ abstractions that ignore crucial low level behaviors, or grossly simplify...
Article
Given deterministic interfaces P and Q, we investigate the problem of synthesising an interface R such that P composed with R renes Q. We show that a solution exists iff P and Q? are compatible, and the most general solution is given by (P k Q?)?, where P ? is the interface P with inputs and outputs interchanged. Remarkably, the result holds both f...
Conference Paper
The last decade has seen a phenomenal increase in the use of electronic components in automotive systems, resulting in the replacement of purely mechanical or hydraulic-implementations of different functionalities. Today, in high-end cars, it is common to have around 70 electronic control units (ECUs), each consisting of programmable processors, on...