TY - GEN
T1 - Multi-Model Specifications and their Application to Classification Systems
AU - Burns, Alan
AU - Baruah, Sanjoy
N1 - Publisher Copyright:
© 2023 Owner/Author.
PY - 2023/6/7
Y1 - 2023/6/7
N2 - Many safety-critical systems are required to have their correctness validated prior to deployment. Such validation is typically performed using models of the run-time behaviour that the system is expected to exhibit and experience during run-time. However, these systems may be subject to different requirements under different circumstances; also, there may be multiple stakeholders involved, each with a somewhat different perspective on correctness. We examine the use of a multi-model framework based on assumptions (Pre and Rely conditions) and obligations (Post and Guarantee conditions) to represent the workload and resource related needs of complex AI system components such as DNN classifiers. We identify three kinds of multi-models that are of particular interest: Independent, Integrated and Hierarchical. All the individual models comprising an independent multi-model must remain valid at all times during run-time; at least one of the models comprising an integrated multi-model must always be valid. With hierarchical multi-models all models are initially valid but the component's behaviour may gracefully degrade through a series of models with successively weaker assumptions and commitments (we show that Mixed-Criticality Systems, widely studied in the real-time computing community, are particularly well-suited for representation via hierarchical multi-models). We explain how this modelling framework is intended to be used, and present algorithms for determining the worst-case timing behaviour of systems that are specified using multi-models.
AB - Many safety-critical systems are required to have their correctness validated prior to deployment. Such validation is typically performed using models of the run-time behaviour that the system is expected to exhibit and experience during run-time. However, these systems may be subject to different requirements under different circumstances; also, there may be multiple stakeholders involved, each with a somewhat different perspective on correctness. We examine the use of a multi-model framework based on assumptions (Pre and Rely conditions) and obligations (Post and Guarantee conditions) to represent the workload and resource related needs of complex AI system components such as DNN classifiers. We identify three kinds of multi-models that are of particular interest: Independent, Integrated and Hierarchical. All the individual models comprising an independent multi-model must remain valid at all times during run-time; at least one of the models comprising an integrated multi-model must always be valid. With hierarchical multi-models all models are initially valid but the component's behaviour may gracefully degrade through a series of models with successively weaker assumptions and commitments (we show that Mixed-Criticality Systems, widely studied in the real-time computing community, are particularly well-suited for representation via hierarchical multi-models). We explain how this modelling framework is intended to be used, and present algorithms for determining the worst-case timing behaviour of systems that are specified using multi-models.
UR - https://www.scopus.com/pages/publications/85161166145
U2 - 10.1145/3575757.3575760
DO - 10.1145/3575757.3575760
M3 - Conference contribution
AN - SCOPUS:85161166145
T3 - ACM International Conference Proceeding Series
SP - 155
EP - 165
BT - Proceedings of 31st International Conference on Real-Time Networks and Systems, RTNS 2023
PB - Association for Computing Machinery
T2 - 31st International Conference on Real-Time Networks and Systems, RTNS 2023
Y2 - 7 June 2023 through 8 June 2023
ER -