Requirements Analysis of a Quad-Redundant Flight Control System

In this paper we detail our effort to formalize and prove requirements for the Quad-redundant Flight Control System (QFCS) within NASA's Transport Class Model (TCM). We use a compositional approach with assume-guarantee contracts that correspond to the requirements for software components embedded in an AADL system architecture model. This approach is designed to exploit the verification effort and artifacts that are already part of typical software verification processes in the avionics domain. Our approach is supported by an AADL annex that allows specification of contracts along with a tool, called AGREE, for performing compositional verification. The goal of this paper is to show the benefits of a compositional verification approach applied to a realistic avionics system and to demonstrate the effectiveness of the AGREE tool in performing this analysis.Comment: Accepted to NASA Formal Methods 201

Modular and Safe Event-Driven Programming

Asynchronous event-driven systems are ubiquitous across domains such as device drivers, distributed systems, and robotics. These systems are notoriously hard to get right as the programmer needs to reason about numerous control paths resulting from the complex interleaving of events (or messages) and failures. Unsurprisingly, it is easy to introduce subtle errors while attempting to fill in gaps between high-level system specifications and their concrete implementations.This dissertation proposes new methods for programming safe event-driven asynchronous systems.In the first part of the thesis, we present ModP, a modular programming framework for compositional programming and testing of event-driven asynchronous systems.The ModP module system supports a novel theory of compositional refinement for assume-guarantee reasoning of dynamic event-driven asynchronous systems. We build a complex distributed systems software stack using ModP.Our results demonstrate that compositional reasoning can help scale model-checking (both explicit and symbolic) to large distributed systems.ModP is transforming the way asynchronous software is built at Microsoft and Amazon Web Services (AWS). Microsoft uses ModP for implementing safe device drivers and other software in the Windows kernel.AWS uses ModP for compositional model checking of complex distributed systems. While ModP simplifies analysis of such systems, the state space of industrial-scale systems remains extremely large.In the second part of this thesis, we present scalable verification and systematic testing approaches to further mitigate this state-space explosion problem.First, we introduce the concept of a delaying explorer to perform prioritized exploration of the behaviors of an asynchronous reactive program. A delaying explorer stratifies the search space using a custom strategy (tailored towards finding bugs faster), and a delay operation that allows deviation from that strategy. We show that prioritized search with a delaying explorer performs significantly better than existing approaches for finding bugs in asynchronous programs.Next, we consider the challenge of verifying time-synchronized systems; these are almost-synchronous systems as they are neither completely asynchronous nor synchronous.We introduce approximate synchrony, a sound and tunable abstraction for verification of almost-synchronous systems. We show how approximate synchrony can be used for verification of both time-synchronization protocols and applications running on top of them.Moreover, we show how approximate synchrony also provides a useful strategy to guide state-space exploration during model-checking.Using approximate synchrony and implementing it as a delaying explorer, we were able to verify the correctness of the IEEE 1588 distributed time-synchronization protocol and, in the process, uncovered a bug in the protocol that was well appreciated by the standards committee.In the final part of this thesis, we consider the challenge of programming a special class of event-driven asynchronous systems -- safe autonomous robotics systems.Our approach towards achieving assured autonomy for robotics systems consists of two parts: (1) a high-level programming language for implementing and validating the reactive robotics software stack; and (2) an integrated runtime assurance system to ensure that the assumptions used during design-time validation of the high-level software hold at runtime.Combining high-level programming language and model-checking with runtime assurance helps us bridge the gap between design-time software validation that makes assumptions about the untrusted components (e.g., low-level controllers), and the physical world, and the actual execution of the software on a real robotic platform in the physical world. We implemented our approach as DRONA, a programming framework for building safe robotics systems.We used DRONA for building a distributed mobile robotics system and deployed it on real drone platforms. Our results demonstrate that DRONA (with the runtime-assurance capabilities) enables programmers to build an autonomous robotics software stack with formal safety guarantees.To summarize, this thesis contributes new theory and tools to the areas of programming languages, verification, systematic testing, and runtime assurance for programming safe asynchronous event-driven across the domains of fault-tolerant distributed systems and safe autonomous robotics systems

Learning dispositif and emotional attachment:a preliminary international investigation

This research investigated the significance of learning dispositif (LD) and emotional attachment (EA) on perceived learning success (LS) across a diaspora of Western, Russian, Asian, Middle Eastern and Chinese student cohorts. Foucault’s LD captures the disparate socio-cultural contexts, institutional milieus and more or less didactic teaching styles that moderate learning. EA is a multi-dimensional notion involving affective bonds that emerged in child psychology and spread to marketing and other fields. The sequential explanatory research reviewed the learning and EA literatures and generated an LD–EA framework to structure the quantitative phase of its mixed investigations. In 2017 and 2018, the research collected 150 responses and used a range of statistical techniques for quantitative analysis. It found that LS varied significantly across cohorts, intimating that dispositifs influence learning. Nonparametric analysis suggested that EA also influenced learning, but regressions were inconclusive. Exploratory techniques hint at a dynamic mix of emotional or cognitive motivations during the student learning journey, involving structural breaks in student/instructor relationships. Cluster analysis identified distinct student groupings, linked to years of learning. Separately, qualitative analysis of open-ended survey questions and expert interviews intimates that frequent teacher interactions can increase EA. The synthesis of quantitative with qualitative results and pedagogical reflection suggests that LD and EA both influence learning in a complex, dynamic system. The key constituents for EA are Affection, Connection, Social Presence (SP), Teaching Presence (TP) and Flow but student emotional engagement is conditioned by the socio-cultural milieu (LD) and associated factors like relationships and trust. Unlike in the Community of Learning framework, in the EA framework Cognitive Presence (CP) is an outcome of the interaction between these EA constituents, associated factors and the socio-cultural milieu. Finally, whilst awareness of culture and emotions is a useful pedagogical consideration, learning mainstays remain inclusive educational systems that identify student needs and support well-designed programmes. Within these, scaffolded modules should include a variety of engaging learning activities with non-threatening formative and trustworthy summative feedback. We acknowledge some statistical study limitations, but its tentative findings make a useful preliminary contribution

Modeling and analysis of power processing systems: Feasibility investigation and formulation of a methodology

A review is given of future power processing systems planned for the next 20 years, and the state-of-the-art of power processing design modeling and analysis techniques used to optimize power processing systems. A methodology of modeling and analysis of power processing equipment and systems has been formulated to fulfill future tradeoff studies and optimization requirements. Computer techniques were applied to simulate power processor performance and to optimize the design of power processing equipment. A program plan to systematically develop and apply the tools for power processing systems modeling and analysis is presented so that meaningful results can be obtained each year to aid the power processing system engineer and power processing equipment circuit designers in their conceptual and detail design and analysis tasks

Student Perceptions of an Effective Learning Environment Across the Dimensions of Synchronous, Asynchronous, and Face-to-Face Instruction

Prior to the implementation of computer technology in the classroom, the traditional classroom dynamic consisted of a chalkboard, a lectern, a teacher handout, and the occasional group assignments. However, as technology continues to evolve, so has the restructuring of the educational system (Woods & Baker, 2004). This evolution, which began as correspondence courses by mail, has resulted in a Web-based learning community characterized by its rich learner-centered environment where both student and instructor collaborate and engage in constructivist practices (Conrad & Donaldson, 2004). This study sought to expand the existing body of knowledge on distance learning and employed quantitative techniques (multiple linear regression, One-Way Manova, and Repeated-measures design) to investigate students\u27 perceptions of the quality of courses delivered through synchronous and asynchronous instruction and compared their perceptions to face-to-face instruction. A sample comprised of undergraduate and graduate students from five regional universities was used to complete the study. Results from the study showed no statistically significant relationship among student demographics and technological skills. The researcher did find a statistically significant difference between students\u27 rating of quality instruction when given a preference between synchronous online instruction with voice and asynchronous online instruction. Such findings reveal that when students are given a choice between synchronous online instruction with voice and asynchronous online instruction they tend to prefer an asynchronous online environment. Last, there were no statistically significant differences regarding students\u27 perceptions of quality instruction based on gender. These results suggest that university administrators should consider investing in computer instructional technologies regardless of student demographics. Other results from the study show that despite the many features of SOIV, seem to prefer an asynchronous online learning as compared to synchronous online learning regardless of gender. n

Online Instruction in Higher Education: Promising, Research-based, and Evidence-based Practices

The purpose of this study was to review the research literature on online learning to identify effective instructional practices. We narrowed our scope to empirical studies published 2013-2019 given that studies earlier than 2013 had become quickly outdated because of changes in online pedagogies and technologies. We also limited our search to studies with undergraduate and graduate students, application of an empirical methodological design, and descriptions of methodology, data analysis, and results with sufficient detail to assure verifiability of data collection and analysis. Our analysis of the patterns and trends in the corpus of 104 research studies led to identification of five themes: course design factors, student support, faculty pedagogy, student engagement, and student success factors. Most of the strategies with promising effectiveness in the online environment are the same ones that are considered to be effective in face-to-face classrooms including the use of multiple pedagogies and learning resources to address different student learning needs, high instructor presence, quality of faculty-student interaction, academic support outside of class, and promotion of classroom cohesion and trust. Unique to the online environment are user-friendly technology tools, orientation to online instruction, opportunities for synchronous class sessions, and incorporation of social media. Given the few studies utilizing methodological designs from which claims of causality can be made or meta-analyses could be conducted, we identified only faculty feedback as an evidence-based practice and no specific intervention that we could identify as research-based in online instruction