19,423 research outputs found
Code Generation From Hierarchical Concurrency Specifications
Rapport interne.This paper explains how executable Java code is generated from hierarchical specifications in the Concurrency Factory specification and verification environment. Besides the ability to generate executable code from verified, abstract concurrency specifications, the paper's main contributions include: (1) new solutions to the well-known input/output guard-scheduling problem in the context of hierarchically configured concurrent systems; (2) code-generation algorithms that produce both thread-based Java code and distributed ADA code; (3) the use of the Concurrency Factory itself to verify an abstraction of each generated code module; in this sense, the Factory is self-verifying; and, finally, (4) a report on our experience in executing the generated code for simulation and debugging purposes in the case of the Rether real-time ethernet protocol
Distributed Real-Time Emulation of Formally-Defined Patterns for Safe Medical Device Control
Safety of medical devices and of their interoperation is an unresolved issue
causing severe and sometimes deadly accidents for patients with shocking
frequency. Formal methods, particularly in support of highly reusable and
provably safe patterns which can be instantiated to many device instances can
help in this regard. However, this still leaves open the issue of how to pass
from their formal specifications in logical time to executable emulations that
can interoperate in physical time with other devices and with simulations of
patient and/or doctor behaviors. This work presents a specification-based
methodology in which virtual emulation environments can be easily developed
from formal specifications in Real-Time Maude, and can support interactions
with other real devices and with simulation models. This general methodology is
explained in detail and is illustrated with two concrete scenarios which are
both instances of a common safe formal pattern: one scenario involves the
interaction of a provably safe pacemaker with a simulated heart; the other
involves the interaction of a safe controller for patient-induced analgesia
with a real syringe pump.Comment: In Proceedings RTRTS 2010, arXiv:1009.398
Runtime Verification Based on Executable Models: On-the-Fly Matching of Timed Traces
Runtime verification is checking whether a system execution satisfies or
violates a given correctness property. A procedure that automatically, and
typically on the fly, verifies conformance of the system's behavior to the
specified property is called a monitor. Nowadays, a variety of formalisms are
used to express properties on observed behavior of computer systems, and a lot
of methods have been proposed to construct monitors. However, it is a frequent
situation when advanced formalisms and methods are not needed, because an
executable model of the system is available. The original purpose and structure
of the model are out of importance; rather what is required is that the system
and its model have similar sets of interfaces. In this case, monitoring is
carried out as follows. Two "black boxes", the system and its reference model,
are executed in parallel and stimulated with the same input sequences; the
monitor dynamically captures their output traces and tries to match them. The
main problem is that a model is usually more abstract than the real system,
both in terms of functionality and timing. Therefore, trace-to-trace matching
is not straightforward and allows the system to produce events in different
order or even miss some of them. The paper studies on-the-fly conformance
relations for timed systems (i.e., systems whose inputs and outputs are
distributed along the time axis). It also suggests a practice-oriented
methodology for creating and configuring monitors for timed systems based on
executable models. The methodology has been successfully applied to a number of
industrial projects of simulation-based hardware verification.Comment: In Proceedings MBT 2013, arXiv:1303.037
Uncovering Bugs in Distributed Storage Systems during Testing (not in Production!)
Testing distributed systems is challenging due to multiple sources of nondeterminism. Conventional testing techniques, such as unit, integration and stress testing, are ineffective in preventing serious but subtle bugs from reaching production. Formal techniques, such as TLA+, can only verify high-level specifications of systems at the level of logic-based models, and fall short of checking the actual executable code. In this paper, we present a new methodology for testing distributed systems. Our approach applies advanced systematic testing techniques to thoroughly check that the executable code adheres to its high-level specifications, which significantly improves coverage of important system behaviors. Our methodology has been applied to three distributed storage systems in the Microsoft Azure cloud computing platform. In the process, numerous bugs were identified, reproduced, confirmed and fixed. These bugs required a subtle combination of concurrency and failures, making them extremely difficult to find with conventional testing techniques. An important advantage of our approach is that a bug is uncovered in a small setting and witnessed by a full system trace, which dramatically increases the productivity of debugging
Framework programmable platform for the advanced software development workstation. Integration mechanism design document
The Framework Programmable Software Development Platform (FPP) is a project aimed at combining effective tool and data integration mechanisms with a model of the software development process in an intelligent integrated software development environment. Guided by this model, this system development framework will take advantage of an integrated operating environment to automate effectively the management of the software development process so that costly mistakes during the development phase can be eliminated
- …