39 research outputs found
Service adaptation with probabilistic partial models
Web service composition makes use of existing Web services to build complex business processes. Non-functional requirements are crucial for the Web service composition. In order to satisfy non-functional requirements when composing a Web service, one needs to rely on the estimated quality of the component services. However, estimation is seldom accurate especially in the dynamic environment. Hence, we propose a framework, ADFlow, to monitor and adapt the workflow of the Web service composition when necessary to maximize its ability to satisfy the non-functional requirements automatically. To reduce the monitoring overhead, ADFlow relies on asynchronous monitoring. ADFlow has been implemented and the evaluation has shown the effectiveness and efficiency of our approach. Given a composite service, ADFlow achieves 25 %–32 % of average improvement in the conformance of non-functional requirements, and only incurs 1 %–3 % of overhead with respect to the execution time.No Full Tex
SmartUnit: Empirical Evaluations for Automated Unit Testing of Embedded Software in Industry
In this paper, we aim at the automated unit coverage-based testing for
embedded software. To achieve the goal, by analyzing the industrial
requirements and our previous work on automated unit testing tool CAUT, we
rebuild a new tool, SmartUnit, to solve the engineering requirements that take
place in our partner companies. SmartUnit is a dynamic symbolic execution
implementation, which supports statement, branch, boundary value and MC/DC
coverage. SmartUnit has been used to test more than one million lines of code
in real projects. For confidentiality motives, we select three in-house real
projects for the empirical evaluations. We also carry out our evaluations on
two open source database projects, SQLite and PostgreSQL, to test the
scalability of our tool since the scale of the embedded software project is
mostly not large, 5K-50K lines of code on average. From our experimental
results, in general, more than 90% of functions in commercial embedded software
achieve 100% statement, branch, MC/DC coverage, more than 80% of functions in
SQLite achieve 100% MC/DC coverage, and more than 60% of functions in
PostgreSQL achieve 100% MC/DC coverage. Moreover, SmartUnit is able to find the
runtime exceptions at the unit testing level. We also have reported exceptions
like array index out of bounds and divided-by-zero in SQLite. Furthermore, we
analyze the reasons of low coverage in automated unit testing in our setting
and give a survey on the situation of manual unit testing with respect to
automated unit testing in industry.Comment: In Proceedings of 40th International Conference on Software
Engineering: Software Engineering in Practice Track, Gothenburg, Sweden, May
27-June 3, 2018 (ICSE-SEIP '18), 10 page
Relational Differential Dynamic Logic
International audienceIn the field of quality assurance of hybrid systems (that combine continuous physical dynamics and discrete digital control), Platzer's differential dynamic logic (dL) is widely recognized as a deductive verification method with solid mathematical foundations and sophisticated tool support. Motivated by benchmarks provided by our industry partner , we study a relational extension of dL, aiming to formally prove statements such as "an earlier deployment of the emergency brake decreases the collision speed." A main technical challenge here is to relate two states of two dynamics at different time points. Our main contribution is a theory of suitable relational differential invariants (a relational extension of differential invariants that are central proof methods in dL), and a derived technique of time stretching. The latter features particularly high applicability, since the user does not have to synthesize a relational differential invariant out of the air. We derive new inference rules for dL from these notions, and demonstrate their use over a couple of automotive case studies
Layered controller synthesis for dynamic multi-agent systems
In this paper we present a layered approach for multi-agent control problem,
decomposed into three stages, each building upon the results of the previous
one. First, a high-level plan for a coarse abstraction of the system is
computed, relying on parametric timed automata augmented with stopwatches as
they allow to efficiently model simplified dynamics of such systems. In the
second stage, the high-level plan, based on SMT-formulation, mainly handles the
combinatorial aspects of the problem, provides a more dynamically accurate
solution. These stages are collectively referred to as the SWA-SMT solver. They
are correct by construction but lack a crucial feature: they cannot be executed
in real time. To overcome this, we use SWA-SMT solutions as the initial
training dataset for our last stage, which aims at obtaining a neural network
control policy. We use reinforcement learning to train the policy, and show
that the initial dataset is crucial for the overall success of the method
Research on Highly Reliable Agile Formal Engineering Methods
研究成果の概要 (和文) : 本研究では、既存のソフトウェア開発手法の短所を大幅に改善して、生産性と信頼性を共に確保する最新のソフトウェア開発技術とした「SOFLアジャイル形式工学手法」を確立して、次の具体的な成果を達成した。(1)SOFLアジャイル形式工学手法のフレームワーク、(2)SOFL仕様のアニメーション化手法、(3)仕様アニメーションとプログラムのテスト用のテストデータの自動生成手法とアルゴリズム、(4)定理証明とモデル検査の融合技術とアニメーション化手法,(5)仕様アニメーションの可視化表現手法、(6)仕様アニメーションの支援ツールとテストデータの自動生成の支援ツールのプロトタイプの開発。研究成果の概要 (英文) : In this research, we have established a new technology known as SOFL Agile Formal Engineering Method that significantly improves the existing software development methods in terms of offering a great capability of enhancing both software productivity and reliability. Specifically, the technology includes the following aspects:(1) a framework of the SOFL Agile Formal Engineering Method, (2) a new method for carrying out the animation of hybrid specifications, (3) a new method and the related algorithms for automatically generating test data for both specification animation and specification-based program testing, (4) a method for combining theorem proving with model checking and a tool support for model checking process animation, (5) prototypes of software tools to support the automatic test data generation for both specification animation and specification-based program testing
Relational Differential Dynamic Logic
In the field of quality assurance of hybrid systems (that combine continuous
physical dynamics and discrete digital control), Platzer's differential dynamic
logic (dL) is widely recognized as a deductive verification method with solid
mathematical foundations and sophisticated tool support. Motivated by
benchmarks provided by our industry partner, we study a relational extension of
dL, aiming to formally prove statements such as "an earlier deployment of the
emergency brake decreases the collision speed." A main technical challenge here
is to relate two states of two dynamics at different time points. Our main
contribution is a theory of suitable simulations (a relational extension of
differential invariants that are central proof methods in dL), and a derived
technique of time stretching. The latter features particularly high
applicability, since the user does not have to synthesize a simulation out of
the air. We derive new inference rules for dL from these notions, and
demonstrate their use over a couple of automotive case studies
Proving Tree Algorithms for Succinct Data Structures
Succinct data structures give space-efficient representations of large amounts of data without sacrificing performance. They rely on cleverly designed data representations and algorithms. We present here the formalization in Coq/SSReflect of two different tree-based succinct representations and their accompanying algorithms. One is the Level-Order Unary Degree Sequence, which encodes the structure of a tree in breadth-first order as a sequence of bits, where access operations can be defined in terms of Rank and Select, which work in constant time for static bit sequences. The other represents dynamic bit sequences as binary balanced trees, where Rank and Select present a low logarithmic overhead compared to their static versions, and with efficient insertion and deletion. The two can be stacked to provide a dynamic representation of dictionaries for instance. While both representations are well-known, we believe this to be their first formalization and a needed step towards provably-safe implementations of big data
Formal Specification and Verification of JDK’s Identity Hash Map Implementation
Hash maps are a common and important data structure in efficient
algorithm implementations. Despite their wide-spread use, real-world
implementations are not regularly verified.
In this paper, we present the first case study of the \IHM class in
the Java JDK. We specified its behavior using the Java Modeling
Language (JML) and proved correctness for the main insertion and
lookup methods with \key, a semi-interactive theorem prover for
JML-annotated Java programs. Furthermore, we report how unit testing
and bounded model checking can be leveraged to find a suitable
specification more quickly. We also investigated where the
bottlenecks in the verification of hash maps lie for \key by
comparing required automatic proof effort for different hash map
implementations and draw conclusions for the choice of hash map
implementations regarding their verifiability
Manifest domains:analysis and description
Abstract
We show that manifest domains, an understanding of which are a prerequisite for software requirements prescriptions, can be precisely described: narrated and formalised. We show that such manifest domains can be understood as a collection of endurant, that is, basically spatial entities: parts, components and materials, and perdurant, that is, basically temporal entities: actions, events and behaviours. We show that parts can be modeled in terms of external qualities whether: atomic or composite parts, having internal qualities: unique identifications, mereologies, which model relations between parts, and attributes. We show that the manifest domain analysis endeavour can be supported by a calculus of manifest domain analysis prompts: is_entity, is_endurant, is_perdurant, is_part, is_component, is_material, is_atomic, is_composite, has_components, has_materials, has_concrete_type, attribute_names, is_stationary, etcetera; and show how the manifest domain description endeavour can be supported by a calculus of manifest domain description prompts: observe_part_sorts, observe_part_type, observe_components, observe_materials, observe_unique_identifier, observe_mereology, observe_attributes. We show how to model attributes, essentially following Michael Jackson (Software requirements & specifications: a lexicon of practice, principles and prejudices. ACM Press, Addison-Wesley, Reading,
1995
), but with a twist: The attribute model introduces the attribute analysis prompts is_static_attribute, is_dynamic_attribute, is_inert_attribute, is_reactive_attribute, is_active_attribute, is_autonomous_attribute, is_biddable_attribute and is_programmable_attribute. The twist suggests ways of modeling “access” to the values of these kinds of attributes: the static attributes by simply
“copying”
them, once, the reactive and programmable attributes by
“carrying”
them as function parameters whose values are kept always updated, and the remaining, the external_attributes, by inquiring, when needed, as to their value, as if they were always offered on CSP-like channels (Hoare, Communicating sequential processes. C.A.R. Hoare series in computer science. Prentice-Hall International, London,
2004
). We show how to model essential aspects of perdurants in terms of their signatures based on the concepts of endurants. And we show how one can “compile” descriptions of endurant parts into descriptions of perdurant behaviours. We do not show prompt calculi for perdurants. The above contributions express a method with principles, techniques and tools for constructing domain descriptions. It is important to realise that we do not wish to nor claim that the method can describe all that it is interesting to know about domains.
</jats:p