5,172 research outputs found
Requirements Analysis of a Quad-Redundant Flight Control System
In this paper we detail our effort to formalize and prove requirements for
the Quad-redundant Flight Control System (QFCS) within NASA's Transport Class
Model (TCM). We use a compositional approach with assume-guarantee contracts
that correspond to the requirements for software components embedded in an AADL
system architecture model. This approach is designed to exploit the
verification effort and artifacts that are already part of typical software
verification processes in the avionics domain. Our approach is supported by an
AADL annex that allows specification of contracts along with a tool, called
AGREE, for performing compositional verification. The goal of this paper is to
show the benefits of a compositional verification approach applied to a
realistic avionics system and to demonstrate the effectiveness of the AGREE
tool in performing this analysis.Comment: Accepted to NASA Formal Methods 201
Generating Property-Directed Potential Invariants By Backward Analysis
This paper addresses the issue of lemma generation in a k-induction-based
formal analysis of transition systems, in the linear real/integer arithmetic
fragment. A backward analysis, powered by quantifier elimination, is used to
output preimages of the negation of the proof objective, viewed as unauthorized
states, or gray states. Two heuristics are proposed to take advantage of this
source of information. First, a thorough exploration of the possible
partitionings of the gray state space discovers new relations between state
variables, representing potential invariants. Second, an inexact exploration
regroups and over-approximates disjoint areas of the gray state space, also to
discover new relations between state variables. k-induction is used to isolate
the invariants and check if they strengthen the proof objective. These
heuristics can be used on the first preimage of the backward exploration, and
each time a new one is output, refining the information on the gray states. In
our context of critical avionics embedded systems, we show that our approach is
able to outperform other academic or commercial tools on examples of interest
in our application field. The method is introduced and motivated through two
main examples, one of which was provided by Rockwell Collins, in a
collaborative formal verification framework.Comment: In Proceedings FTSCS 2012, arXiv:1212.657
Implementing Multi-Periodic Critical Systems: from Design to Code Generation
This article presents a complete scheme for the development of Critical
Embedded Systems with Multiple Real-Time Constraints. The system is programmed
with a language that extends the synchronous approach with high-level real-time
primitives. It enables to assemble in a modular and hierarchical manner several
locally mono-periodic synchronous systems into a globally multi-periodic
synchronous system. It also allows to specify flow latency constraints. A
program is translated into a set of real-time tasks. The generated code (\C\
code) can be executed on a simple real-time platform with a dynamic-priority
scheduler (EDF). The compilation process (each algorithm of the process, not
the compiler itself) is formally proved correct, meaning that the generated
code respects the real-time semantics of the original program (respect of
periods, deadlines, release dates and precedences) as well as its functional
semantics (respect of variable consumption).Comment: 15 pages, published in Workshop on Formal Methods for Aerospace
(FMA'09), part of Formal Methods Week 2009
A Tale of Two Data-Intensive Paradigms: Applications, Abstractions, and Architectures
Scientific problems that depend on processing large amounts of data require
overcoming challenges in multiple areas: managing large-scale data
distribution, co-placement and scheduling of data with compute resources, and
storing and transferring large volumes of data. We analyze the ecosystems of
the two prominent paradigms for data-intensive applications, hereafter referred
to as the high-performance computing and the Apache-Hadoop paradigm. We propose
a basis, common terminology and functional factors upon which to analyze the
two approaches of both paradigms. We discuss the concept of "Big Data Ogres"
and their facets as means of understanding and characterizing the most common
application workloads found across the two paradigms. We then discuss the
salient features of the two paradigms, and compare and contrast the two
approaches. Specifically, we examine common implementation/approaches of these
paradigms, shed light upon the reasons for their current "architecture" and
discuss some typical workloads that utilize them. In spite of the significant
software distinctions, we believe there is architectural similarity. We discuss
the potential integration of different implementations, across the different
levels and components. Our comparison progresses from a fully qualitative
examination of the two paradigms, to a semi-quantitative methodology. We use a
simple and broadly used Ogre (K-means clustering), characterize its performance
on a range of representative platforms, covering several implementations from
both paradigms. Our experiments provide an insight into the relative strengths
of the two paradigms. We propose that the set of Ogres will serve as a
benchmark to evaluate the two paradigms along different dimensions.Comment: 8 pages, 2 figure
The TASTE Toolset: turning human designed heterogeneous systems into computer built homogeneous software.
The TASTE tool-set results from spin-off studies of the ASSERT project, which started in 2004 with the objective to propose innovative and pragmatic solutions to develop real-time software. One of the primary targets was satellite flight software, but it appeared quickly that their characteristics were shared among various embedded systems. The solutions that we developed now comprise a process and several tools ; the development process is based on the idea that real-time, embedded systems are heterogeneous by nature and that a unique UML-like language was not helping neither their construction, nor their validation. Rather than inventing yet another "ultimate" language, TASTE makes the link between existing and mature technologies such as Simulink, SDL, ASN.1, C, Ada, and generates complete, homogeneous software-based systems that one can straightforwardly download and execute on a physical target. Our current prototype is moving toward a marketed product, and sequel studies are already in place to support, among others, FPGA systems
Overview of Hydra: a concurrent language for synchronous digital circuit design
Hydra is a computer hardware description language that integrates several kinds of software tool (simulation, netlist generation and timing analysis) within a single circuit specification. The design language is inherently concurrent, and it offers black box abstraction and general design patterns that simplify the design of circuits with regular structure. Hydra specifications are concise, allowing the complete design of a computer system as a digital circuit within a few pages. This paper discusses the motivations behind Hydra, and illustrates the system with a significant portion of the design of a basic RISC processor
- …