An Algebra of Synchronous Scheduling Interfaces

In this paper we propose an algebra of synchronous scheduling interfaces which combines the expressiveness of Boolean algebra for logical and functional behaviour with the min-max-plus arithmetic for quantifying the non-functional aspects of synchronous interfaces. The interface theory arises from a realisability interpretation of intuitionistic modal logic (also known as Curry-Howard-Isomorphism or propositions-as-types principle). The resulting algebra of interface types aims to provide a general setting for specifying type-directed and compositional analyses of worst-case scheduling bounds. It covers synchronous control flow under concurrent, multi-processing or multi-threading execution and permits precise statements about exactness and coverage of the analyses supporting a variety of abstractions. The paper illustrates the expressiveness of the algebra by way of some examples taken from network flow problems, shortest-path, task scheduling and worst-case reaction times in synchronous programming.Comment: In Proceedings FIT 2010, arXiv:1101.426

Partial Reconfiguration in the Field of Logic Controllers Design

The paper presents method for logic controllers multi context implementation by means of partial reconfiguration. The UML state machine diagram specifies the behaviour of the logic controller. Multi context functionality is specified at the specification level as variants of the composite state. Each composite state, both orthogonal or compositional, describes specific functional requirement of the control process. The functional decomposition provided by composite states is required by the dynamic partial reconfiguration flow. The state machines specified by UML state machine diagrams are transformed into hierarchical configurable Petri nets (HCfgPN). HCfgPN are a Petri nets variant with the direct support of the exceptions handling mechanism. The paper presents placesoriented method for HCfgPN description in Verilog language. In the paper proposed methodology was illustrated by means of simple industrial control process

Procedure-modular specification and verification of temporal safety properties

This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application

Simulation Logic, Applets and Compositional Verification

We present a compositional verification method for control flow based safety properties of smart card applets. Our method rests on a close correspondence between transition system models ordered by simulation and Hennessy-Milner logic extended with simultaneous greatest fixed points. We show that simulation can be characterised logically and, vice versa, logical satisfaction can be represented behaviourally by a maximal model for a given formula. Based on these results and earlier ideas by Grumberg and Long we develop a compositional verification technique, where maximal models replace logical assumptions to reduce compositional verification to standard model checking. However, in the context of applets, equipped with interfaces, this technique needs to be refined. Since for a given behavioural formula and interface a maximal applet does not always exist, we propose a two-level approach, where local assumptions restrict the control flow \emph{structure} of applets, while the global property restricts the control flow \emph{behaviour} of the system. By separating the tasks of verifying global and local properties of applets, our method supports secure post-issuance loading of new applets onto a smart card

Verifying the Safety of a Flight-Critical System

This paper describes our work on demonstrating verification technologies on a flight-critical system of realistic functionality, size, and complexity. Our work targeted a commercial aircraft control system named Transport Class Model (TCM), and involved several stages: formalizing and disambiguating requirements in collaboration with do- main experts; processing models for their use by formal verification tools; applying compositional techniques at the architectural and component level to scale verification. Performed in the context of a major NASA milestone, this study of formal verification in practice is one of the most challenging that our group has performed, and it took several person months to complete it. This paper describes the methodology that we followed and the lessons that we learned.Comment: 17 pages, 5 figure

A Contract-Based Methodology for Aircraft Electric Power System Design

In an aircraft electric power system, one or more supervisory control units actuate a set of electromechanical switches to dynamically distribute power from generators to loads, while satisfying safety, reliability, and real-time performance requirements. To reduce expensive redesign steps, this control problem is generally addressed by minor incremental changes on top of consolidated solutions. A more systematic approach is hindered by a lack of rigorous design methodologies that allow estimating the impact of earlier design decisions on the final implementation. To achieve an optimal implementation that satisfies a set of requirements, we propose a platform-based methodology for electric power system design, which enables independent implementation of system topology (i.e., interconnection among elements) and control protocol by using a compositional approach. In our flow, design space exploration is carried out as a sequence of refinement steps from the initial specification toward a final implementation by mapping higher level behavioral and performance models into a set of either existing or virtual library components at the lower level of abstraction. Specifications are first expressed using the formalisms of linear temporal logic, signal temporal logic, and arithmetic constraints on Boolean variables. To reason about different requirements, we use specialized analysis and synthesis frameworks and formulate assume guarantee contracts at the articulation points in the design flow. We show the effectiveness of our approach on a proof-of-concept electric power system design

A Frobenius Algebraic Analysis for Parasitic Gaps

The interpretation of parasitic gaps is an ostensible case of non-linearity in natural language composition. Existing categorial analyses, both in the typelogical and in the combinatory traditions, rely on explicit forms of syntactic copying. We identify two types of parasitic gapping where the duplication of semantic content can be confined to the lexicon. Parasitic gaps in adjuncts are analysed as forms of generalized coordination with a polymorphic type schema for the head of the adjunct phrase. For parasitic gaps affecting arguments of the same predicate, the polymorphism is associated with the lexical item that introduces the primary gap. Our analysis is formulated in terms of Lambek calculus extended with structural control modalities. A compositional translation relates syntactic types and derivations to the interpreting compact closed category of finite dimensional vector spaces and linear maps with Frobenius algebras over it. When interpreted over the necessary semantic spaces, the Frobenius algebras provide the tools to model the proposed instances of lexical polymorphism.Comment: SemSpace 2019, to appear in Journal of Applied Logic

An Algebraic Framework for Compositional Program Analysis

The purpose of a program analysis is to compute an abstract meaning for a program which approximates its dynamic behaviour. A compositional program analysis accomplishes this task with a divide-and-conquer strategy: the meaning of a program is computed by dividing it into sub-programs, computing their meaning, and then combining the results. Compositional program analyses are desirable because they can yield scalable (and easily parallelizable) program analyses. This paper presents algebraic framework for designing, implementing, and proving the correctness of compositional program analyses. A program analysis in our framework defined by an algebraic structure equipped with sequencing, choice, and iteration operations. From the analysis design perspective, a particularly interesting consequence of this is that the meaning of a loop is computed by applying the iteration operator to the loop body. This style of compositional loop analysis can yield interesting ways of computing loop invariants that cannot be defined iteratively. We identify a class of algorithms, the so-called path-expression algorithms [Tarjan1981,Scholz2007], which can be used to efficiently implement analyses in our framework. Lastly, we develop a theory for proving the correctness of an analysis by establishing an approximation relationship between an algebra defining a concrete semantics and an algebra defining an analysis.Comment: 15 page