Your Proof Fails? Testing Helps to Find the Reason

Applying deductive verification to formally prove that a program respects its formal specification is a very complex and time-consuming task due in particular to the lack of feedback in case of proof failures. Along with a non-compliance between the code and its specification (due to an error in at least one of them), possible reasons of a proof failure include a missing or too weak specification for a called function or a loop, and lack of time or simply incapacity of the prover to finish a particular proof. This work proposes a new methodology where test generation helps to identify the reason of a proof failure and to exhibit a counter-example clearly illustrating the issue. We describe how to transform an annotated C program into C code suitable for testing and illustrate the benefits of the method on comprehensive examples. The method has been implemented in STADY, a plugin of the software analysis platform FRAMA-C. Initial experiments show that detecting non-compliances and contract weaknesses allows to precisely diagnose most proof failures.Comment: 11 pages, 10 figure

The New NASA Approach to Reliability and Maintainability

In 2017, after 20 years, NASA issued a major revision of its reliability and maintainability (R&M) policy, NASA-STD- 8729.1A. Formerly NASA required certain specific R&M activities during each succeeding phase of project development. Now NASA requires a project to start by including the initial development of R&M requirements and the devising of strategies to implement and verify them. Rather than resolving all the requirements first and then designing the system, as has been usual in systems design, the design process now is to work top down by layers. It begins by first identifying the top level requirements and suggesting top level design strategies for those, then making these higher strategies the basis for a lower level set of requirements, and so on down to the lowest components. This approach is intended to ensure that R&M is designed in from the beginning rather than added later with difficulty to a completed design concept. The new R&M standard uses an innovative and effective top-down system design approach intended to effectively implement R&M

Identifying common problems in the acquisition and deployment of large-scale software projects in the US and UK healthcare systems

Public and private organizations are investing increasing amounts into the development of healthcare information technology. These applications are perceived to offer numerous benefits. Software systems can improve the exchange of information between healthcare facilities. They support standardised procedures that can help to increase consistency between different service providers. Electronic patient records ensure minimum standards across the trajectory of care when patients move between different specializations. Healthcare information systems also offer economic benefits through efficiency savings; for example by providing the data that helps to identify potential bottlenecks in the provision and administration of care. However, a number of high-profile failures reveal the problems that arise when staff must cope with the loss of these applications. In particular, teams have to retrieve paper based records that often lack the detail on electronic systems. Individuals who have only used electronic information systems face particular problems in learning how to apply paper-based fallbacks. The following pages compare two different failures of Healthcare Information Systems in the UK and North America. The intention is to ensure that future initiatives to extend the integration of electronic patient records will build on the ‘lessons learned’ from previous systems

Vaccine innovation, translational research and the management of knowledge accumulation

What does it take to translate research into socially beneficial technologies like vaccines? Current policy that focuses on expanding research or strengthening incentives overlooks how the supply and demand of innovation is mediated by problem-solving processes that generate knowledge which is often fragmented and only locally valid. This paper details some of the conditions that allow fragmented, local knowledge to accumulate through a series of structured steps from the artificial simplicity of the laboratory to the complexity of real world application. Poliomyelitis is used as an illustrative case to highlight the importance of experimental animal models and the extent of co-ordination that can be required if they are missing. Implications for the governance and management of current attempts to produce vaccines for HIV, TB and Malaria are discussed. Article Outlin

Autonomous spacecraft maintenance study group

A plan to incorporate autonomous spacecraft maintenance (ASM) capabilities into Air Force spacecraft by 1989 is outlined. It includes the successful operation of the spacecraft without ground operator intervention for extended periods of time. Mechanisms, along with a fault tolerant data processing system (including a nonvolatile backup memory) and an autonomous navigation capability, are needed to replace the routine servicing that is presently performed by the ground system. The state of the art fault handling capabilities of various spacecraft and computers are described, and a set conceptual design requirements needed to achieve ASM is established. Implementations for near term technology development needed for an ASM proof of concept demonstration by 1985, and a research agenda addressing long range academic research for an advanced ASM system for 1990s are established

ExplainIt! -- A declarative root-cause analysis engine for time series data (extended version)

We present ExplainIt!, a declarative, unsupervised root-cause analysis engine that uses time series monitoring data from large complex systems such as data centres. ExplainIt! empowers operators to succinctly specify a large number of causal hypotheses to search for causes of interesting events. ExplainIt! then ranks these hypotheses, reducing the number of causal dependencies from hundreds of thousands to a handful for human understanding. We show how a declarative language, such as SQL, can be effective in declaratively enumerating hypotheses that probe the structure of an unknown probabilistic graphical causal model of the underlying system. Our thesis is that databases are in a unique position to enable users to rapidly explore the possible causal mechanisms in data collected from diverse sources. We empirically demonstrate how ExplainIt! had helped us resolve over 30 performance issues in a commercial product since late 2014, of which we discuss a few cases in detail.Comment: SIGMOD Industry Track 201

SADA: Semantic Adversarial Diagnostic Attacks for Autonomous Applications

One major factor impeding more widespread adoption of deep neural networks (DNNs) is their lack of robustness, which is essential for safety-critical applications such as autonomous driving. This has motivated much recent work on adversarial attacks for DNNs, which mostly focus on pixel-level perturbations void of semantic meaning. In contrast, we present a general framework for adversarial attacks on trained agents, which covers semantic perturbations to the environment of the agent performing the task as well as pixel-level attacks. To do this, we re-frame the adversarial attack problem as learning a distribution of parameters that always fools the agent. In the semantic case, our proposed adversary (denoted as BBGAN) is trained to sample parameters that describe the environment with which the black-box agent interacts, such that the agent performs its dedicated task poorly in this environment. We apply BBGAN on three different tasks, primarily targeting aspects of autonomous navigation: object detection, self-driving, and autonomous UAV racing. On these tasks, BBGAN can generate failure cases that consistently fool a trained agent.Comment: Accepted at AAAI'2

A Failed Proof Can Yield a Useful Test

A successful automated program proof is, in software verification, the ultimate triumph. In practice, however, the road to such success is paved with many failed proof attempts. Unlike a failed test, which provides concrete evidence of an actual bug in the program, a failed proof leaves the programmer in the dark. Can we instead learn something useful from it? The work reported here takes advantage of the rich internal information that some automatic provers collect about the program when attempting a proof. If the proof fails, the Proof2Test tool presented in this article uses the counterexample generated by the prover (specifically, the SMT solver underlying the proof environment Boogie, used in the AutoProof system to perform correctness proofs of contract-equipped Eiffel programs) to produce a failed test, which provides the programmer with immediately exploitable information to correct the program. The discussion presents the Proof2Test tool and demonstrates the application of the ideas and tool to a collection of representative examples

Automation of closed environments in space for human comfort and safety

The development of Environmental Control and Life Support Systems (ECLSS) for Space Station Freedom, future colonization of the Moon, and Mars missions presents new challenges for present technologies. ECLSS that operate during long-duration missions must be semi-autonomous to allow crew members environmental control without constant supervision. A control system for the ECLSS must address these issues as well as being reliable. The Kansas State University Advanced Design Team is in the process of researching and designing controls for the automation of the ECLSS for Space Station Freedom and beyond. The ECLSS for Freedom is composed of six subsystems. The temperature and humidity control (THC) subsystem maintains the cabin temperature and humidity at a comfortable level. The atmosphere control and supply (ACS) subsystem insures proper cabin pressure and partial pressures of oxygen and nitrogen. To protect the space station from fire damage, the fire detection and suppression (FDS) subsystem provides fire-sensing alarms and extinguishers. The waste management (WM) subsystem compacts solid wastes for return to Earth, and collects urine for water recovery. The atmosphere revitalization (AR) subsystem removes CO2 and other dangerous contaminants from the air. The water recovery and management (WRM) subsystem collects and filters condensate from the cabin to replenish potable water supplies, and processes urine and other waste waters to replenish hygiene water supplies. These subsystems are not fully automated at this time. Furthermore, the control of these subsystems is not presently integrated; they are largely independent of one another. A fully integrated and automated ECLSS would increase astronauts' productivity and contribute to their safety and comfort