Sudarshan K. Srinivasan

Joint Placement of Phasor and Power Flow Measurements for Observability of Power Systems

We consider the problem of joint optimal placement of phasor measurement units (PMU) and conventional measurements to ensure full observability in power systems. The formulation is initially posed as a nonlinear integer programming problem and then transformed in to an equivalent integer linear programming (ILP) problem by introducing auxiliary variables and constraints. The resulting ILP problem is solved for the optimal solution on IEEE 14-, 57-, and 118-bus systems considering zero-injection buses. To extend the formulation to large-scale systems, two heuristics are proposed where the nonlinear problem is decomposed into two separate problems of lesser complexity. The heuristics are evaluated on standard IEEE test cases and a large 2383-bus Polish system. The heuristics yield solutions close to optimal (difference of 1 PMU) solutions on standard IEEE systems, while substantially reducing problem complexity and run time. The placement results obtained with the proposed formulation require fewer PMUs for observability compared to systems with fixed locations of conventional measurements. The results thus potentially provide a more economical solution to system observability compared to those obtained solely with PMU placement.

Modeling and Analysis of State-of-the-art VM-based Cloud Management Platforms

Virtualization is a key aspect to achieve scalability and flexibility in a cloud. Many solutions have been proposed to monitor and deploy Virtual Machines (VM) in resource pool of cloud. However, most of the cloud management systems, such as Amazon EC2 are proprietary. In the said perspective, many open source VM-based platforms have tossed for general users to research. The existing work has mainly focused on the discussion of architecture, feature-set, and performance analysis. Other important aspects, such as formal analysis, modeling, and verification are usually ignored. In this paper, we provide formal analysis, modeling, and verification of three open source state-of-the-art VM-based cloud platforms: (a) Eucalyptus, (b) Open Nebula, and (c) Nimbus. We used High-Level Petri Nets (HLPN) to model and analyze the structural and behavioral properties of the systems. Moreover, to verify the models, we have used Satisfiability Modulo Theories Library (SMT-Lib) and Z3 Solver. We modeled about 100 VM to verify the correctness and feasibility of our models. The results reveal that the models are functioning correctly. Moreover, the increase in the number of VM does not affect the working of the models that indicates the practicability of the models in a highly scalable and flexible environment.

Automatic verification of safety and liveness for XScale-like processor models using WEB refinements

We show how to automatically verify that complex XScale-like pipelined machine models satisfy the same safety and liveness properties as their corresponding instruction set architecture models, by using the notion of well-founded equivalence bisimulation (WEB) refinement. Automation is achieved by reducing the WEB-refinement proof obligation to a formula in the logic of counter arithmetic with lambda expressions and uninterpreted functions (CLU). We use the tool UCLID to transform the resulting CLU formula into a Boolean formula, which is then checked with a SAT solver. The models we verify include features such as out of order completion, precise exceptions, branch prediction, and interrupts. We use two types of refinement maps. In one, flushing is used to map pipelined machine states to instruction set architecture states; in the other, we use the commitment approach, which is the dual of flushing, since partially completed instructions are invalidated. We present experimental results for all the machines modelled, including verification times. For our application, we found that the time spent proving liveness accounts for about 5% of the over-all verification time.

BAT: the bit-level analysis tool

While effective methods for bit-level verification of low-level properties exist, system-level properties that entail reasoning about a significant part of the design pose a major verification challenge. We present the Bit-level Analysis Tool (BAT), a state-of-the-art decision procedure for bit-level reasoning that implements a novel collection of techniques targeted towards enabling the verification of system-level properties. Key features of the BAT system are an expressive strongly-typed modeling and specification language, a fully automatic and efficient memory abstraction algorithm for extensional arrays, and a novel CNF generation algorithm. The BAT system can be used to automatically solve system-level RTL verification problems that were previously intractable, such as refinement-based verification of RTL-level pipelined machines.

Refinement Maps for Efficient Verification of Processor Models

While most of the effort in improving verification times for pipelined machine verification has focused on faster decision procedures, we show that the refinement maps used also have a drastic impact on verification times. We introduce a new class of refinement maps for pipelined machine verification, and using the state-of-the-art verification tools UCLID and Siege we show that one can attain several orders of magnitude improvements in verification times over the standard flushing-based refinement maps, even enabling the verification of machines that are too complex to otherwise automatically verify.

On the Security of Randomized Arithmetic Codes Against Ciphertext-Only Attacks

Modifications of arithmetic coding (AC) have been proposed to improve the security of traditional AC. Two main modifications to AC are randomized AC (RAC) and AC with key-based interval splitting (KSAC). Chosen-plaintext attacks have been proposed for these two methods when the same key is used to encrypt different messages. We first give a definition for security of encryption using AC that is based on the inability of the adversary to distinguish between the encryption of one plaintext from the encryption of another. Using this definition, we prove that RAC is insecure even if a new random key is used to compress every message. Our proof assumes that the adversary can only eavesdrop on the ciphertext and cannot request encryptions of chosen-plaintexts. We then prove that the method of first-compress-then-encrypt, where the encryption is performed by a bitwise xor of the compressed output with a pseudorandom bit sequence, is provably secure with respect to chosen-plaintext attacks. If the pseudorandom bit sequence is derived in advance using Advanced Encryption Standard (AES) in the counter mode, then the first-compress-then-encrypt method results in a performance penalty of only a few two input xor-gate delays.

Formal verification of an Intel XScale processor model with scoreboarding, specialized execution pipelines, and impress data-memory exceptions

We present the formal verification of an Intel Xscale processor model. The Xscale is a superpipelined RISC processor with 7-stage integer, 8-stage memory, and variable-latency multiply-and-accumulate execution pipelines. The processor uses scoreboarding to track data dependencies, and implements both precise and imprecise exceptions. Such set of features had not been modeled and formally verified previously. The formal verification was done with an automatic tool flow that consists of the term-level symbolic simulator TLSim, the decision procedure EVC, and an efficient SAT-checker.

A complete compositional reasoning framework for the efficient verification of pipelined machines

We present a compositional reasoning framework based on refinement for verifying that pipelined machines satisfy the same safety and liveness properties as their instruction set architectures. Our framework consists of a set of convenient, easily-applicable, and complete compositional proof rules. We show that our framework greatly extends the applicability of decision procedures by verifying a complex, deeply pipelined machine that state-of-the-art tools cannot currently handle. We discuss how our framework can be added to the design cycle and highlight what arguably is the most important benefit of our approach over current methods, that the counterexamples generated are much simpler, as bugs are isolated to a particular step in the composition proof.

Joint optimal placement of PMU and conventional measurements in power systems

We consider the problem of joint optimal placement of Phasor Measurement Units (PMU) and conventional measurements to ensure full observability in power systems. The problem is first formulated as a nonlinear integer programming problem and then recast in to an equivalent integer linear programming (ILP) problem by introducing auxiliary variables and constraints. The ensuing ILP problem is solved for the IEEE 14, 57 and 118 bus systems considering zero-injection buses. The results provide a far more economical solution to system observability compared to those obtained solely with PMU placement.

A parameterized benchmark suite of hard pipelined-machine-verification problems

We present a parameterized suite of benchmark problems arising from our work on pipelined machine verification, in the hopes that they can be used to speed up decision procedures. While the existence of a large number of CNF benchmarks has spurred the development of efficient SAT solvers, the benchmarks available for more expressive logics are quite limited. Our work on pipelined machine verification has yielded many problems that not only have complex models, but also have complex correctness statements, involving invariants and symbolic simulations of the models for dozens of steps. Many of these proofs take hundreds of thousands of seconds to check using the UCLID decision procedure and SAT solvers such as Zchaff and Siege. More complex problems can be generated by using PiMaG, a Web application that we developed. PiMaG generates problems in UCLID, SVC, and CNF formats based on user-provided parameters specifying features of the pipelined machines and their correctness statements.