a quantum computing approach to the verification and ... quantum computing...physical systems using...
TRANSCRIPT
A Quantum Computing Approach to the Verification and Validation of Complex
Cyber-Physical Systems
Achieving Quality and Cost Control in the Development of Enormous Systems
Copyright 2011 Lockheed Martin Corporation
Safe and Secure Systems and Software Symposium (S5)Beavercreek, Ohio
Program Objective & Products
• Objective
– Develop a system-level verification & validation (V&V) approach and enabling tools that generate probabilistic measures of correctness for an entire large-scale cyber-physical system, where…
– V&V costs insensitive to system complexity.
• Products
– Definition of a protocol/process for performing V&V of complex cyber-physical systems using a quantum simulators, and…
– Demonstration of the utility of the process using an appropriate cyber-physical system (e.g., a triplex VMS for a representative unmanned aircraft) and an existing quantum adiabatic simulator.
2
For the record:
The task of ‘discovery and removal’ of errors from the behavior of our mechatronic products is “V&V”• This includes “software V&V”, of course, but goes beyond to excising
faults in the implicit software expressed by “hardware-in-the-loop” and on to “man-in-the-loop”.
Quantum V&V spans a complex system: the source code is but one subsystem, the processor it runs on is another; the actuators, sensors, wiring harness, structure, and all the rest are others; even the human controlling it, locally or remotely, contemporaneously or via prior programming.
Implicit and explicit software together ARE the system
3
Background
• V&V is the fastest growing cost in systemintegration and growth rates areaccelerating...– Growth in system complexity drives
exponential growth in certification costs.
– Test automation cannot contain growth fed by emergent requirements for new autonomous, intelligent, and adaptive systems.
– Formal methods are provably incomplete and are not reducing costs; ‘correct by construction’ techniques are reducing costs some but are likewise provably incomplete.
Unsustainable development model with current V&V techniques
4
Hardness of Verification & Validation
• V&V is provably hard…– Church-Turing Theorem: 20th century founders of computer science
proved computer-aided software engineering can never catch all errors in the general case – Hilbert’s third problem, Gödel's theorem.
• Today, we agree on a social contract…– If we test critical software in accordance with conventional wisdom, it
will be certified – even though we cannot know if it’s error free.
– Probability of failure: The compact implies there is no way to know the probability of failure of any system based on software controls –so we do not and cannot know how safe our systems truly are.
– Intractability: Even modest systems are now so large it would take the age of the universe to test every failure mode.
David
Hilbert
Alonzo
Church
Alan
TuringKurt Gödel
“Testing can show the presence, not the absence of bugs” – E. W. Dijkstra
“Most errors found in operational software can be traced to requirements flaws… ” – N. G. Leveson
5
Quantum Verification & Validation
• Cyber-Physical Systems (CPS) bound the V&V problem because the physical layer constrains the cyber layer– Noether’s First Theorem: for every symmetry in a physical system, for
which mathematics offers a good model (i.e. a Hamiltonian Lagrangianmodel), there is an associated conservation law.
– Conjecture: while logical Turing Machines (TM) are subject to the Church-Turing Thesis (CTT), real CPS further constrain logic with thermodynamics and are subject to physical simulations not subject to CTT.
• Run a thermodynamic simulation of the system so that errors appear as low energy states– Adiabatic Quantum Simulation performs exactly this evolution and the
appearance of low energy states indicates existence of bugs
6
Unsustainable development model with current V&V techniques
A Typical Complex Cyber-Physical System
Left Air Data Probe
Nose Air Data Probe
Right Air Data Probe
Triplex VMC- CCDL- GPS- IMU- Data Bus- Discrete I/O
Nose LG
Left MLG
Right MLG
EMA
EMA
Actuator Control Unit
(Dual Channel)
Actuator Control Unit
(Dual Channel)
Actuator Control Unit
(Single Channel)
EMA
EMA
Spoiler
Spoiler
7
Quantum Simulation
• In December 2010, LM acquired computational time from D-Wave Systems
• D-Wave produces the only commercialized quantum simulator– Some contention over the “quantumness” of D-Wave’s simulator.
– Recently developed proofs that show the simulator is better than classical.
• State of the art yields 90 qubits, expect 500+ within two years
8
Using Quantum Computing for V&V
• The V&V problem is divided into two sequential phases:
– Phase I – map the classical V&V problem into a problem that can be solved by a quantum computing device.
– Phase II – solve the resulting problem using a quantum computer and/or simulator running on a classical computer.
Inputs Intermediate states Outputs
i1
i2
i3
i4
i5
i6
o1
o2
o3
s4
s3
s2
s1
Phase I Phase II
9
Our Current Quantum-V&V Insight
• How a V&V simulator works– Invariants (and their relationships) are extracted from the code – using any
one of several approaches now under evaluation (Daikon, image/pattern recognition approaches, a ‘smoothness criterion’ approach, a chemical modeling approach, etc).
– The invariants are written into a ‘satisfiability’ expression.
– The resulting satisfiability problem is solved using standard algorithms on an adiabatic quantum computer or a massively parallel classical computer.
• What we have / what needs to be developed– We have: 1) notional baseline for a QV&V procedure; 2) a (classical) computer
code to support partial attainment of our objectives, 3) first generation quantum processor (the DW-1) that we think can be used to carry us into initial utility.
– To be developed: we are testing the core algorithm now (further development is required); develop (or acquire) “invariance extractor”, design & develop an integrated q-sim system testbed based on the DW-1 or derivative.
10
Phase I Approach
• Using machine learning techniques and a variety of commercially available tools extract invariants from the system:
– Empirically determined by repeated execution
– Successfully demonstrated for a software-only model last month
– We are proposing to extend our approach to the entire cyber-physical system (i.e., HW and SW)
Inputs Intermediate states Outputs
i1
i2
i3
i4
i5
i6
o1
o2
o3
s4
s3
s2
s1
11
Phase I Approach cont.
Next we build a reversible reduced machine model of the cyber-physical system
Based on translating the invariants to a Boolean constraint satisfaction problem
Already successfully demonstrated on a software-only model last month
12
Phase II Approach
Using the reduced machine model “run it in reverse” on the D-Wave quantum adiabatic computer while fixing invariants to FALSE Propagate violations backwards through the reduced machine circuit model
Find bug(s) and generate probability of correctness
13
Phase II Approach cont.
• Input problem:– Programmatically or through a user interface
– Access available through a web service connected to the hardware
• Problem is mapped to hardware– True/false converted to +1/-1
– Higher-order interactions are made 2-local
– Connectivity of Ising representation mapped to hardware architecture
• Problem is solved on hardware– Hardware output is stochastic (temperature is not zero) so solve multiple times
– Answers converted from Ising representation back to true/false, and returned in DIMACS output format
14
A Probabilistic Metric?
15
Current Status
• LM studying V&V leveraging Adiabatic Quantum Simulation teamed with D-Wave and several universities:– Harvard
– MIT
– Carnegie Mellon
– U. Southern California
– U. Chicago
– UC-Berkeley
• Demonstrated capability to run “hard” problems on the quantum simulator solving a simple SW test case
• High-potential verification techniques from USC team
• Recent results from our Harvard team show a promising approach to verifying a complete sample problem
16
– U. Edinburgh, UK
– U. Sherbrooke
– U. British Columbia
– U. Waterloo
– Dalhousie
– India Institute of Technology
Questions?
17