A TLA+ Formal Specification and Verification of a New Real-Time Communication Protocol

AbstractWe describe the formal specification and verification of a new fault-tolerant real-time communication protocol, called DoRiS, which is designed for supporting distributed real-time systems that use a shared high-bandwidth medium. Since such a kind of protocol is reasonably complex and requires high levels of confidence on both timing and safety properties, formal methods are useful. Indeed, the design of DoRiS was strongly based on formal methods, where the TLA+ language and its associated model-checker TLC were the supporting design tool. The protocol conception was improved by using information provided by its formal specification and verification. In the end, a precise and highly reliable protocol description is provided

Formal verification of a real-time operating system

Errors caused by the interaction of computer systems with the physical world are hard to mitigate but errors related to the underlying software can be prevented by a more rigorous development of software code. In the context of critical systems, a failure caused by software errors could lead to consequences that are determined to be unacceptable. At the heart of a critical system, a real-time operating system is commonly found. Since the reliability of the entire system depends upon having a reliable operating system, verifying that the operating systems functions as desired is of prime interest. One solution to verify the correctness of significant properties of an existing real-time operating system microkernel (FreeRTOS) applies assisted proof checking to its formalized specification description. The experiment consists of describing real-time operating system characteristics, such as memory safety and scheduler determinism, in Separation Logic — a formal language that allows reasoning about the behaviour of the system in terms of preconditions and postconditions. Once the desired properties are defined in a formal language, a theorem can be constructed to describe the validity of such formula for the given FreeRTOS implementation. Then, by using the Coq proof assistant, a machine-checked proof that such properties hold for FreeRTOS can be carried out. By expressing safety and deterministic properties of an existing real-time operating systems and proving them correct we demonstrate that the current state-of-the-art in theorem-based formal verification, including appropriate logics and proof assistants, make it possible to provide a machine-checked proof of the specification of significant properties for FreeRTOS

An Integrated Framework for Multiprocessor, Multimoded Real-Time Applications

The final publication is available at Springer via http://dx.doi.org/10.1007/978-3-642-30598-6_2In this paper we propose an approach for building real-time systems under a combination of requirements: specification and handling of operating modes and mode changes; implementation on top of a multiprocessor platform; integration of both aspects within a common framework; and connection with schedulability analysis procedures. The proposed approach uses finite state machines to describe operating modes and transitions, and a framework of real-time utilities that implements the required behaviour in Ada 2012. Automatic code generation plays an important role: the system is derived from the functional and timing specification, and implemented according to the abstractions provided by the framework. Response time analysis enables assessing the schedulability of the different operating modes and the transitions between modes.This work was partially supported by the Vicerrectorado de Investigación of the UPV (PAID-06-10-2397), Ministerio de Ciencia e Innovación (TIN2011-28567-C03- 03) and European Union (FP7-ICT-287702)Sáez Barona, S.; Real Sáez, JV.; Crespo, A. (2012). An Integrated Framework for Multiprocessor, Multimoded Real-Time Applications. En Reliable Software Technologies – Ada-Europe 2012. Springer. 18-34. https://doi.org/10.1007/978-3-642-30598-6_21834Wellings, A.J., Burns, A.: A Framework for Real-Time Utilities for Ada 2005. Ada Letters XXVII(2) (August 2007)Real, J., Crespo, A.: Incorporating Operating Modes to an Ada Real-Time Framework. Ada Letters 30(1) (April 2010)Sáez, S., Terrasa, S., Crespo, A.: A Real-Time Framework for Multiprocessor Platforms Using Ada 2012. In: Romanovsky, A., Vardanega, T. (eds.) Ada-Europe 2011. LNCS, vol. 6652, pp. 46–60. Springer, Heidelberg (2011)Joseph, M., Pandya, P.: Finding response times in a real-time system. British Computer Society Computer Journal 29(5), 390–395 (1986)Audsley, N., Burns, A., Richardson, M., Tindell, K., Wellings, A.J.: Applying new scheduling theory to static priority pre-emptive scheduling. Software Engineering Journal 8(5), 284–292 (1993)Real, J., Crespo, A.: Mode Change Protocols for Real-Time Systems: A Survey and a new Proposal. Real-Time Systems 26(2), 161–197 (2004)Harel, D.: Statecharts: A visual formalism for complex systems. The Science of Computer Programming 8(3), 231–274 (1987)Object Management Group: Unified Modeling Language (OMG UML) V2.4 (August 2011), http://www.omg.org/spec/UML/2.4.1Sáez, S., Terrasa, S., Lorente, V., Crespo, A.: Implementing Reactive Systems with UML State Machines and Ada 2005. In: Kordon, F., Kermarrec, Y. (eds.) Ada-Europe 2009. LNCS, vol. 5570, pp. 149–163. Springer, Heidelberg (2009)Burns, A., Wellings, A.J.: Dispatching Domains for Multiprocessor Platforms and their Representation in Ada. In: Real, J., Vardanega, T. (eds.) Ada-Europe 2010. LNCS, vol. 6106, pp. 41–53. Springer, Heidelberg (2010)Barnett, J.: State Chart XML (SCXML): State Machine Notation for Control Abstraction (May 2008), http://www.w3.org/TR/scxml

Software Evolution Approach for the Development of Command and Control Systems

2000 Command and Control Research and Technology Symposium (CCRTS), June 11-13, 2000, Naval Postgraduate School, Monterey, CAThis paper addresses the problem of how to produce reliable software that is also flexible and cost effective for the DoD distributed software domain. DoD software systems fall into two categories: information systems and war fighter systems. Both types of systems can be distributed, heterogeneous and network-based, consisting of a set of components running on different platforms and working together via multiple communication links and protocols. We propose to tackle the problem using prototyping and a “wrapper and glue” technology for interoperability and integration. This paper describes a distributed development environment, CAPS (Computer- Aided Prototyping System), to support rapid prototyping and automatic generation of wrapper and glue software based on designer specifications. The CAPS system uses a fifth-generation prototyping language to model the communication structure, timing constraints, I/O control, and data buffering that comprise the requirements for an embedded software system. The language supports the specification of hard real-time systems with reusable components from domain specific component libraries. CAPS has been used successfully as a research tool in prototyping large war-fighter control systems (e.g. the command-and-control station, cruise missile flight control system, missile defense systems) and demonstrated its capability to support the development of large complex embedded software.This research was supported in part by the U. S. Army Research Office under contract/grant number 35037-MA and 40473-MA

GRIDCC: Real-time workflow system

The Grid is a concept which allows the sharing of resources between distributed communities, allowing each to progress towards potentially different goals. As adoption of the Grid increases so are the activities that people wish to conduct through it. The GRIDCC project is a European Union funded project addressing the issues of integrating instruments into the Grid. This increases the requirement of workflows and Quality of Service upon these workflows as many of these instruments have real-time requirements. In this paper we present the workflow management service within the GRIDCC project which is tasked with optimising the workflows and ensuring that they meet the pre-defined QoS requirements specified upon them

Automated Generation of User Guidance by Combining Computation and Deduction

Herewith, a fairly old concept is published for the first time and named "Lucas Interpretation". This has been implemented in a prototype, which has been proved useful in educational practice and has gained academic relevance with an emerging generation of educational mathematics assistants (EMA) based on Computer Theorem Proving (CTP). Automated Theorem Proving (ATP), i.e. deduction, is the most reliable technology used to check user input. However ATP is inherently weak in automatically generating solutions for arbitrary problems in applied mathematics. This weakness is crucial for EMAs: when ATP checks user input as incorrect and the learner gets stuck then the system should be able to suggest possible next steps. The key idea of Lucas Interpretation is to compute the steps of a calculation following a program written in a novel CTP-based programming language, i.e. computation provides the next steps. User guidance is generated by combining deduction and computation: the latter is performed by a specific language interpreter, which works like a debugger and hands over control to the learner at breakpoints, i.e. tactics generating the steps of calculation. The interpreter also builds up logical contexts providing ATP with the data required for checking user input, thus combining computation and deduction. The paper describes the concepts underlying Lucas Interpretation so that open questions can adequately be addressed, and prerequisites for further work are provided.Comment: In Proceedings THedu'11, arXiv:1202.453

A Survey on IT-Techniques for a Dynamic Emergency Management in Large Infrastructures

This deliverable is a survey on the IT techniques that are relevant to the three use cases of the project EMILI. It describes the state-of-the-art in four complementary IT areas: Data cleansing, supervisory control and data acquisition, wireless sensor networks and complex event processing. Even though the deliverable’s authors have tried to avoid a too technical language and have tried to explain every concept referred to, the deliverable might seem rather technical to readers so far little familiar with the techniques it describes

On the engineering of crucial software

The various aspects of the conventional software development cycle are examined. This cycle was the basis of the augmented approach contained in the original grant proposal. This cycle was found inadequate for crucial software development, and the justification for this opinion is presented. Several possible enhancements to the conventional software cycle are discussed. Software fault tolerance, a possible enhancement of major importance, is discussed separately. Formal verification using mathematical proof is considered. Automatic programming is a radical alternative to the conventional cycle and is discussed. Recommendations for a comprehensive approach are presented, and various experiments which could be conducted in AIRLAB are described

UAV as a Reliable Wingman: A Flight Demonstration

In this brief, we present the results from a flight experiment demonstrating two significant advances in software enabled control: optimization-based control using real-time trajectory generation and logical programming environments for formal analysis of control software. Our demonstration platform consisted of a human-piloted F-15 jet flying together with an autonomous T-33 jet. We describe the behavior of the system in two scenarios. In the first, nominal state communications were present and the autonomous aircraft maintained formation as the human pilot flew maneuvers. In the second, we imposed the loss of high-rate communications and demonstrated an autonomous safe “lost wingman” procedure to increase separation and reacquire contact. The flight demonstration included both a nominal formation flight component and an execution of the lost wingman scenario

Software safety : a definition and some preliminary thoughts

Software safety is the subject of a research project in its initial stages at the University of California Irvine. This research deals with critical real-time software where the cost of an error is high, e.g. human life. In this paper software techniques having a bearing on safety are described and evaluated. Initial definitions of software safety concepts are presented along with some preliminary thoughts and research questions