Service adaptation with probabilistic partial models

Web service composition makes use of existing Web services to build complex business processes. Non-functional requirements are crucial for the Web service composition. In order to satisfy non-functional requirements when composing a Web service, one needs to rely on the estimated quality of the component services. However, estimation is seldom accurate especially in the dynamic environment. Hence, we propose a framework, ADFlow, to monitor and adapt the workflow of the Web service composition when necessary to maximize its ability to satisfy the non-functional requirements automatically. To reduce the monitoring overhead, ADFlow relies on asynchronous monitoring. ADFlow has been implemented and the evaluation has shown the effectiveness and efficiency of our approach. Given a composite service, ADFlow achieves 25 %–32 % of average improvement in the conformance of non-functional requirements, and only incurs 1 %–3 % of overhead with respect to the execution time.No Full Tex

SmartUnit: Empirical Evaluations for Automated Unit Testing of Embedded Software in Industry

In this paper, we aim at the automated unit coverage-based testing for embedded software. To achieve the goal, by analyzing the industrial requirements and our previous work on automated unit testing tool CAUT, we rebuild a new tool, SmartUnit, to solve the engineering requirements that take place in our partner companies. SmartUnit is a dynamic symbolic execution implementation, which supports statement, branch, boundary value and MC/DC coverage. SmartUnit has been used to test more than one million lines of code in real projects. For confidentiality motives, we select three in-house real projects for the empirical evaluations. We also carry out our evaluations on two open source database projects, SQLite and PostgreSQL, to test the scalability of our tool since the scale of the embedded software project is mostly not large, 5K-50K lines of code on average. From our experimental results, in general, more than 90% of functions in commercial embedded software achieve 100% statement, branch, MC/DC coverage, more than 80% of functions in SQLite achieve 100% MC/DC coverage, and more than 60% of functions in PostgreSQL achieve 100% MC/DC coverage. Moreover, SmartUnit is able to find the runtime exceptions at the unit testing level. We also have reported exceptions like array index out of bounds and divided-by-zero in SQLite. Furthermore, we analyze the reasons of low coverage in automated unit testing in our setting and give a survey on the situation of manual unit testing with respect to automated unit testing in industry.Comment: In Proceedings of 40th International Conference on Software Engineering: Software Engineering in Practice Track, Gothenburg, Sweden, May 27-June 3, 2018 (ICSE-SEIP '18), 10 page

Relational Differential Dynamic Logic

International audienceIn the field of quality assurance of hybrid systems (that combine continuous physical dynamics and discrete digital control), Platzer's differential dynamic logic (dL) is widely recognized as a deductive verification method with solid mathematical foundations and sophisticated tool support. Motivated by benchmarks provided by our industry partner , we study a relational extension of dL, aiming to formally prove statements such as "an earlier deployment of the emergency brake decreases the collision speed." A main technical challenge here is to relate two states of two dynamics at different time points. Our main contribution is a theory of suitable relational differential invariants (a relational extension of differential invariants that are central proof methods in dL), and a derived technique of time stretching. The latter features particularly high applicability, since the user does not have to synthesize a relational differential invariant out of the air. We derive new inference rules for dL from these notions, and demonstrate their use over a couple of automotive case studies

Layered controller synthesis for dynamic multi-agent systems

In this paper we present a layered approach for multi-agent control problem, decomposed into three stages, each building upon the results of the previous one. First, a high-level plan for a coarse abstraction of the system is computed, relying on parametric timed automata augmented with stopwatches as they allow to efficiently model simplified dynamics of such systems. In the second stage, the high-level plan, based on SMT-formulation, mainly handles the combinatorial aspects of the problem, provides a more dynamically accurate solution. These stages are collectively referred to as the SWA-SMT solver. They are correct by construction but lack a crucial feature: they cannot be executed in real time. To overcome this, we use SWA-SMT solutions as the initial training dataset for our last stage, which aims at obtaining a neural network control policy. We use reinforcement learning to train the policy, and show that the initial dataset is crucial for the overall success of the method

Research on Highly Reliable Agile Formal Engineering Methods

研究成果の概要 (和文) : 本研究では、既存のソフトウェア開発手法の短所を大幅に改善して、生産性と信頼性を共に確保する最新のソフトウェア開発技術とした「SOFLアジャイル形式工学手法」を確立して、次の具体的な成果を達成した。（１）SOFLアジャイル形式工学手法のフレームワーク、（２）SOFL仕様のアニメーション化手法、（３）仕様アニメーションとプログラムのテスト用のテストデータの自動生成手法とアルゴリズム、（４）定理証明とモデル検査の融合技術とアニメーション化手法,（５）仕様アニメーションの可視化表現手法、（６）仕様アニメーションの支援ツールとテストデータの自動生成の支援ツールのプロトタイプの開発。研究成果の概要 (英文) : In this research, we have established a new technology known as SOFL Agile Formal Engineering Method that significantly improves the existing software development methods in terms of offering a great capability of enhancing both software productivity and reliability. Specifically, the technology includes the following aspects:(1) a framework of the SOFL Agile Formal Engineering Method, (2) a new method for carrying out the animation of hybrid specifications, (3) a new method and the related algorithms for automatically generating test data for both specification animation and specification-based program testing, (4) a method for combining theorem proving with model checking and a tool support for model checking process animation, (5) prototypes of software tools to support the automatic test data generation for both specification animation and specification-based program testing

Relational Differential Dynamic Logic

In the field of quality assurance of hybrid systems (that combine continuous physical dynamics and discrete digital control), Platzer's differential dynamic logic (dL) is widely recognized as a deductive verification method with solid mathematical foundations and sophisticated tool support. Motivated by benchmarks provided by our industry partner, we study a relational extension of dL, aiming to formally prove statements such as "an earlier deployment of the emergency brake decreases the collision speed." A main technical challenge here is to relate two states of two dynamics at different time points. Our main contribution is a theory of suitable simulations (a relational extension of differential invariants that are central proof methods in dL), and a derived technique of time stretching. The latter features particularly high applicability, since the user does not have to synthesize a simulation out of the air. We derive new inference rules for dL from these notions, and demonstrate their use over a couple of automotive case studies

Proving Tree Algorithms for Succinct Data Structures

Succinct data structures give space-efficient representations of large amounts of data without sacrificing performance. They rely on cleverly designed data representations and algorithms. We present here the formalization in Coq/SSReflect of two different tree-based succinct representations and their accompanying algorithms. One is the Level-Order Unary Degree Sequence, which encodes the structure of a tree in breadth-first order as a sequence of bits, where access operations can be defined in terms of Rank and Select, which work in constant time for static bit sequences. The other represents dynamic bit sequences as binary balanced trees, where Rank and Select present a low logarithmic overhead compared to their static versions, and with efficient insertion and deletion. The two can be stacked to provide a dynamic representation of dictionaries for instance. While both representations are well-known, we believe this to be their first formalization and a needed step towards provably-safe implementations of big data

Formal Specification and Verification of JDK’s Identity Hash Map Implementation

Hash maps are a common and important data structure in efficient algorithm implementations. Despite their wide-spread use, real-world implementations are not regularly verified. In this paper, we present the first case study of the \IHM class in the Java JDK. We specified its behavior using the Java Modeling Language (JML) and proved correctness for the main insertion and lookup methods with \key, a semi-interactive theorem prover for JML-annotated Java programs. Furthermore, we report how unit testing and bounded model checking can be leveraged to find a suitable specification more quickly. We also investigated where the bottlenecks in the verification of hash maps lie for \key by comparing required automatic proof effort for different hash map implementations and draw conclusions for the choice of hash map implementations regarding their verifiability

Manifest domains:analysis and description

Abstract We show that manifest domains, an understanding of which are a prerequisite for software requirements prescriptions, can be precisely described: narrated and formalised. We show that such manifest domains can be understood as a collection of endurant, that is, basically spatial entities: parts, components and materials, and perdurant, that is, basically temporal entities: actions, events and behaviours. We show that parts can be modeled in terms of external qualities whether: atomic or composite parts, having internal qualities: unique identifications, mereologies, which model relations between parts, and attributes. We show that the manifest domain analysis endeavour can be supported by a calculus of manifest domain analysis prompts: is_entity, is_endurant, is_perdurant, is_part, is_component, is_material, is_atomic, is_composite, has_components, has_materials, has_concrete_type, attribute_names, is_stationary, etcetera; and show how the manifest domain description endeavour can be supported by a calculus of manifest domain description prompts: observe_part_sorts, observe_part_type, observe_components, observe_materials, observe_unique_identifier, observe_mereology, observe_attributes. We show how to model attributes, essentially following Michael Jackson (Software requirements &amp; specifications: a lexicon of practice, principles and prejudices. ACM Press, Addison-Wesley, Reading, 1995 ), but with a twist: The attribute model introduces the attribute analysis prompts is_static_attribute, is_dynamic_attribute, is_inert_attribute, is_reactive_attribute, is_active_attribute, is_autonomous_attribute, is_biddable_attribute and is_programmable_attribute. The twist suggests ways of modeling “access” to the values of these kinds of attributes: the static attributes by simply “copying” them, once, the reactive and programmable attributes by “carrying” them as function parameters whose values are kept always updated, and the remaining, the external_attributes, by inquiring, when needed, as to their value, as if they were always offered on CSP-like channels (Hoare, Communicating sequential processes. C.A.R. Hoare series in computer science. Prentice-Hall International, London, 2004 ). We show how to model essential aspects of perdurants in terms of their signatures based on the concepts of endurants. And we show how one can “compile” descriptions of endurant parts into descriptions of perdurant behaviours. We do not show prompt calculi for perdurants. The above contributions express a method with principles, techniques and tools for constructing domain descriptions. It is important to realise that we do not wish to nor claim that the method can describe all that it is interesting to know about domains. </jats:p