47,835 research outputs found
Sciduction: Combining Induction, Deduction, and Structure for Verification and Synthesis
Even with impressive advances in automated formal methods, certain problems
in system verification and synthesis remain challenging. Examples include the
verification of quantitative properties of software involving constraints on
timing and energy consumption, and the automatic synthesis of systems from
specifications. The major challenges include environment modeling,
incompleteness in specifications, and the complexity of underlying decision
problems.
This position paper proposes sciduction, an approach to tackle these
challenges by integrating inductive inference, deductive reasoning, and
structure hypotheses. Deductive reasoning, which leads from general rules or
concepts to conclusions about specific problem instances, includes techniques
such as logical inference and constraint solving. Inductive inference, which
generalizes from specific instances to yield a concept, includes algorithmic
learning from examples. Structure hypotheses are used to define the class of
artifacts, such as invariants or program fragments, generated during
verification or synthesis. Sciduction constrains inductive and deductive
reasoning using structure hypotheses, and actively combines inductive and
deductive reasoning: for instance, deductive techniques generate examples for
learning, and inductive reasoning is used to guide the deductive engines.
We illustrate this approach with three applications: (i) timing analysis of
software; (ii) synthesis of loop-free programs, and (iii) controller synthesis
for hybrid systems. Some future applications are also discussed
The formal, tool supported development of real time systems
The language SDL has long been applied in the development of various kinds of systems. Real-time systems are one application area where SDL has been applied extensively. Whilst SDL allows for certain modelling aspects of real-time systems to be represented, the language and its associated tool support have certain drawbacks for modelling and reasoning about such systems. In this paper we highlight the limitations of SDL and its associated tool support in this domain and present language extensions and next generation real-time system tool support to help overcome them. The applicability of the extensions and tools is demonstrated through a case study based upon a multimedia binding object used to support a configuration of time dependent information producers and consumers realising the so called lip-synchronisation algorithm
A Benes Based NoC Switching Architecture for Mixed Criticality Embedded Systems
Multi-core, Mixed Criticality Embedded (MCE) real-time systems require high
timing precision and predictability to guarantee there will be no interference
between tasks. These guarantees are necessary in application areas such as
avionics and automotive, where task interference or missed deadlines could be
catastrophic, and safety requirements are strict. In modern multi-core systems,
the interconnect becomes a potential point of uncertainty, introducing major
challenges in proving behaviour is always within specified constraints,
limiting the means of growing system performance to add more tasks, or provide
more computational resources to existing tasks.
We present MCENoC, a Network-on-Chip (NoC) switching architecture that
provides innovations to overcome this with predictable, formally verifiable
timing behaviour that is consistent across the whole NoC. We show how the
fundamental properties of Benes networks benefit MCE applications and meet our
architecture requirements. Using SystemVerilog Assertions (SVA), formal
properties are defined that aid the refinement of the specification of the
design as well as enabling the implementation to be exhaustively formally
verified. We demonstrate the performance of the design in terms of size,
throughput and predictability, and discuss the application level considerations
needed to exploit this architecture
Formal Verification of Real-Time Function Blocks Using PVS
A critical step towards certifying safety-critical systems is to check their
conformance to hard real-time requirements. A promising way to achieve this is
by building the systems from pre-verified components and verifying their
correctness in a compositional manner. We previously reported a formal approach
to verifying function blocks (FBs) using tabular expressions and the PVS proof
assistant. By applying our approach to the IEC 61131-3 standard of Programmable
Logic Controllers (PLCs), we constructed a repository of precise specification
and reusable (proven) theorems of feasibility and correctness for FBs. However,
we previously did not apply our approach to verify FBs against timing
requirements, since IEC 61131-3 does not define composite FBs built from
timers. In this paper, based on our experience in the nuclear domain, we
conduct two realistic case studies, consisting of the software requirements and
the proposed FB implementations for two subsystems of an industrial control
system. The implementations are built from IEC 61131-3 FBs, including the
on-delay timer. We find issues during the verification process and suggest
solutions.Comment: In Proceedings ESSS 2015, arXiv:1506.0325
Runtime Verification Based on Executable Models: On-the-Fly Matching of Timed Traces
Runtime verification is checking whether a system execution satisfies or
violates a given correctness property. A procedure that automatically, and
typically on the fly, verifies conformance of the system's behavior to the
specified property is called a monitor. Nowadays, a variety of formalisms are
used to express properties on observed behavior of computer systems, and a lot
of methods have been proposed to construct monitors. However, it is a frequent
situation when advanced formalisms and methods are not needed, because an
executable model of the system is available. The original purpose and structure
of the model are out of importance; rather what is required is that the system
and its model have similar sets of interfaces. In this case, monitoring is
carried out as follows. Two "black boxes", the system and its reference model,
are executed in parallel and stimulated with the same input sequences; the
monitor dynamically captures their output traces and tries to match them. The
main problem is that a model is usually more abstract than the real system,
both in terms of functionality and timing. Therefore, trace-to-trace matching
is not straightforward and allows the system to produce events in different
order or even miss some of them. The paper studies on-the-fly conformance
relations for timed systems (i.e., systems whose inputs and outputs are
distributed along the time axis). It also suggests a practice-oriented
methodology for creating and configuring monitors for timed systems based on
executable models. The methodology has been successfully applied to a number of
industrial projects of simulation-based hardware verification.Comment: In Proceedings MBT 2013, arXiv:1303.037
Reconciling a component and process view
In many cases we need to represent on the same abstraction level not only
system components but also processes within the system, and if for both
representation different frameworks are used, the system model becomes hard to
read and to understand. We suggest a solution how to cover this gap and to
reconcile component and process views on system representation: a formal
framework that gives the advantage of solving design problems for large-scale
component systems.Comment: Preprint, 7th International Workshop on Modeling in Software
Engineering (MiSE) at ICSE 201
- ā¦