Capturing Assumptions while Designing a Verification Model for Embedded Systems

A formal proof of a system correctness typically holds under a number of assumptions. Leaving them implicit raises the chance of using the system in a context that violates some assumptions, which in return may invalidate the correctness proof. The goal of this paper is to show how combining informal and formal techniques in the process of modelling and formal verification helps capturing these assumptions. As we focus on embedded systems, the assumptions are about the control software, the system on which the software is running and the system’s environment. We present them as a list written in natural language that supplements the formally verified embedded system model. These two together are a better argument for system correctness than each of these given separately

Determination of nitroaromatic and nitramine explosives from a PTFE wipe using thermal desorption-gas chromatography with electron-capture detection

Abstract A method for the detection of nitroaromatic and nitramine explosives from a PTFE wipe has been developed using thermal desorption and gas chromatography with electron-capture detection (TD-GC-ECD). For method development a standard mixture containing eight nitroaromatic and two nitramine (HMX and RDX) explosive compounds was spiked onto a PTFE wipe. Explosives were desorbed from the wipe in a commercial thermal desorption system and trapped onto a cooled injection system, which was incorporated into the injection port of the GC. A dual column, dual ECD configuration was adopted to enable simultaneous confirmation analysis of the explosives desorbed. For the desorption of 50 ng of each explosive, desorption efficiencies ranged between 80.0 and 117%, for both columns. Linearity over the range 2.5-50 ng was demonstrated for each explosive on both columns with r 2 values ranging from 0.979 to 0.991 and limits of detection less than 4 ng. Desorption of HMX from a PTFE wipe has also been demonstrated for the first time, albeit at relatively high loadings (100 ng)

A method for rigorous development of fault-tolerant systems

PhD ThesisWith the rapid development of information systems and our increasing dependency on computer-based systems, ensuring their dependability becomes one the most important concerns during system development. This is especially true for the mission and safety critical systems on which we rely not to put signi cant resources and lives at risk. Development of critical systems traditionally involves formal modelling as a fault prevention mechanism. At the same time, systems typically support fault tolerance mechanisms to mitigate runtime errors. However, fault tolerance modelling and, in particular, rigorous de nitions of fault tolerance requirements, fault assumptions and system recovery have not been given enough attention during formal system development. The main contribution of this research is in developing a method for top-down formal design of fault tolerant systems. The re nement-based method provides modelling guidelines presented in the following form: a set of modelling principles for systematic modelling of fault tolerance, a fault tolerance re nement strategy, and a library of generic modelling patterns assisting in disciplined integration of error detection and error recovery steps into models. The method supports separation of normal and fault tolerant system behaviour during modelling. It provides an environment for explicit modelling of fault tolerance and modal aspects of system behaviour which ensure rigour of the proposed development process. The method is supported by tools that are smoothly integrated into an industry-strength development environment. The proposed method is demonstrated on two case studies. In particular, the evaluation is carried out using a medium-scale industrial case study from the aerospace domain. The method is shown to provide support for explicit modelling of fault tolerance, to reduce the development e orts during modelling, to support reuse of fault tolerance modelling, and to facilitate adoption of formal methods.DEPLOY: The TrAmS Grant: The School of Computing Science, Newcastle University

Refactoring Alloy Specifications

This paper proposes modeling laws for Alloy, a formal object-oriented modeling language. These laws are important not only to define the axiomatic semantics of Alloy but also to guide and formalize popular software development practices. In particular, these laws can be used to formaly refactor specifications. As an example, we formally refactor a specification for Java types

Hexavalent Chromium Dissociation from Overspray Particles into Fluid for Three Aircraft Primers

DOD and industry use chromate-containing primers extensively to inhibit corrosion on metal assets. Chromate contains Cr6+, a human carcinogen, but there is little epidemiological evidence of increased lung cancer among spray painters. Using bio-aerosol impingers, overspray particles from three primers (solvent-borne epoxy, water-borne epoxy, and solvent-borne polyurethane) were collected into water to test the hypothesis that the paint matrix inhibits Cr6+ release into water, under the premise that this simulates Cr6+ release from particles into lung fluid. Particles were allowed to reside in water for 1 or 24 hours, then separated from the water by centrifugation, and the water tested for Cr6+. The mean fractions of Cr6+ released into the water after 1 and 24 hours for each primer (95% confidence) were: 70 5% and 85 5% (solvent epoxy), 74 4% and 84 4% (water epoxy), and 94 3% and 95 2% (polyurethane). Solvent and water epoxy primer 24-hour Cr6+ release ranged from 100% dissociation to 33% and 48%, respectively. Correlations between Cr6+ distribution with particle size and % Cr6+ dissociated from each sample indicate that particles \u3c 5 mm release a larger fraction of Cr6+ during the first 24 hours vs. particles \u3e 5 micrometers

Assessment of water quality impacts for different management practices using SWAT model

The high yield input strategy has been successful in narrowing the gap between food and fiber requirements and the growing population. However, at the same time it has also threatened the sustainability of land and water resources. Best management practices (BMPs) are technically feasible methods for preventing or reducing nonpoint source pollution to a level compatible with water quality goals. Long-term monitoring of BMP impacts is essential to assess their effectiveness under different conditions. However, it is impractical to monitor all BMPs under all conditions due to time and cost constraints. Computer simulation models provide an alternative to evaluate the response of soil and crops to a range of management practices in an efficient and cost effective way. Testing and evaluation of computer models require the use of extensive field data to ensure that they are reliable for the prediction of management effects. This study was designed to: (1) Calibrate and evaluate the subsurface drainage component of SWAT model; (2) Test the ability of SWAT (version 99.2) model for predicting nitrate-nitrogen (N03N) losses with tile flow, by comparing the model output versus measured data; (3) Application of SWAT model on watershed scale.;In general, SWAT adequately tracked the measured tile drain flows, except that the cumulative monthly tile flows were consistently under-predicted. Differences of -8.4 to 6 and 2 to 11% were determined for the annual simulated tile flows as compared to the corresponding measured flows for the calibration and validation period respectively. Calibration of SWAT was performed using tile flow NO3-N loss data measured in 1995 while validation was conducted by comparing the model output with measured NO3-N losses with tile flow observed in 1993--94 and 1996--97. Differences ranging from 2 to 10% and -7.34 to 5.50 were found between annual NO 3-N losses during the calibration period and validation period respectively, indicating that the model tracked the monthly observations reasonably well. However, the peak NO3-N losses were consistently under-predicted for all three combinations of tillage and cropping systems.;The SWAT model was used to estimate the flow and nitrate loading for UMRW watershed. The model was calibrated for stream flow and NO3-N data measured in 1999 at the outlet of the watershed and model was validated for 2000 and 2001 period. The model accurately tracked most of the peak flow events that occurred during the year, although the peaks were usually over predicted. The model tracked the flow reasonably well but model was unable to track the nitrate trend. The underprediction between the simulated and measured annual flow for year 1999 was 24%, while 35% for year 2000 and 12% for year 2001. The NO3-N was over predicted by 25%, 22% and 108% for 1999, 2000, and 2001, indicating the poor performance of SWAT model in NO3-N simulation

Missouri S&T Magazine, Spring 2000

https://scholarsmine.mst.edu/alumni-magazine/1420/thumbnail.jp

Missouri S&T Magazine, Spring 2000

https://scholarsmine.mst.edu/alumni-magazine/1420/thumbnail.jp