A Model-Based End-to-End Toolchain for the Probabilistic Analysis of Complex Systems Alessandro Pinto United Technologies Research Center Inc. Berkeley, CA pintoa@utrc.utc.com Sudha Krishnamurthy United Technologies Research Center East Hartford, CT krishnadots@gmail.com Suresh Kannan Dept. of Aerospace Engineering Georgia Institute of Technology Atlanta, GA, suresh.kannan@ aerospace.gatech.edu Abstract—We present a model-based environment for the probabilistic analysis of systems operating under uncertain conditions. This uncertainty may result from either the en- vironments in which they operate or the platforms on which they execute. Available probabilistic analysis methods require to capture the system specification using languages that are se- mantically very close to Markov Chains. However, designers use model-based environments working at much higher abstraction levels. We present an integrated tool, called StoNES (Stochastic analysis of Networked Embedded Systems), that automates the model transformation and probabilistic analysis of systems. We apply our translation and analysis methodology to explore the trade-off between sensor accuracy and computational speed for the vision algorithm of an autonomous helicopter system. I. I NTRODUCTION Model-based design is an important paradigm in the development of safety-critical embedded systems. The main principle of the paradigm is to use models all along the development cycle, from design to implementation. Model- based design enables the use of tools for analysis, simulation, verification, synthesis, and code generation. Our objective is the analysis of embedded systems that operate in uncertain environments. This uncertainty may arise from different factors, such as the environmental conditions and the perfor- mance of the platforms on which they execute. Consider, for example, an autonomous helicopter. Its dynamics is affected by wind that is uncertain; the estimate of its position is affected by sensor inaccuracies; the execution times of the image processing algorithms used in autonomous missions are data dependent, and since data values are not known a priori, the execution time is uncertain; and finally, hardware components may fail with a certain probability. It is essential for designers to be able to assess the performance of the entire system early in the design. The interesting question to be answered is the following: what is the probability that a mission can be accomplished autonomously, under such uncertain conditions? For such systems, a design-and-test approach is inadequate, because it is not possible to run tests in any randomly selected scenario. Ideally, a designer would capture the system in a high level language, by including all sources of uncertainty, and would then rely on a push-button solution to explore the impact of design choices on the mission success probability. Matlab Simulink and Stateflow (MSS) are often the languages of choice, especially in many safety-critical application domains Continuous Time Stateflow Charts Simulink/Stateflow Model Finite sate abstraction SF2SAN ct.txt E M; I S c san.xml Reachability MC analysis Analysis parameters Results MC Simulation Validation trace.mat Model Translate Analyze Fig. 1. Overview of the StoNES front-end tool. such as avionics and automotive. However, while the MSS models are primarily used for simulation, there is little support for formal verification and virtually no support for stochastic analysis. One possibility would be to use Monte Carlo simulations. However, the complexity of this type of analysis depends on the number of uncertain parameters in the system and on their distributions. On the other hand, when the models can be reduced to Markov Chain (MC) based formalisms, such as Stochastic Petri Nets (SPN) [1] or Stochastic Automata Networks (SAN) [2], analytical methods exist to compute the probability distribution over the states of the underlying MC. While the complexity of the analytical methods depends on the number of states of the MC and suffer from the state explosion problem, the advantage is that the result covers all possible behaviors of the system, and is exact within the assumptions of the model. Manual development of probabilistic models requires a considerable amount of time and is also error prone. Thus, there is need for a methodology and a companion tool that can bridge this gap by automatically generating models that are amenable to probabilistic analysis starting from a high- level specification of real systems, and providing a flexible back-end tool for analysis and design space exploration. We have developed a tool-chain, called StoNES, with the objective of automating the stochastic analysis and design of networked embedded systems, starting from their high- level specification. StoNES has three key modules: a func-