Interface contracts for TinyOS

ManuscriptTinyOS applications are built with software components that communicate through narrow interfaces. Since components enable fine-grained code reuse, this approach has been successful in creating applications that make very efficient use of the limited code and data memory on sensor network nodes. However, the other important benefit of components-rapid application development through black-box reuse-remains largely unrealized because in many cases interfaces have implied usage constraints that can be the source of frustrating program errors. Developers are commonly forced to read the source code for components, partially defeating the purpose of using components in the first place. Our research helps solve these problems by allowing developers to explicitly specify and enforce component interface contracts. Due to the extensive reuse of the most common interfaces, implementing contracts for a small number of frequently reused interfaces permitted us to extensively check a number of applications. We uncovered some subtle and previously unknown bugs in applications that have been in common use for years

Supporting the Specification and Runtime Validation of Asynchronous Calling Patterns in Reactive Systems

Wireless sensor networks (“sensornets”) are highly distributed and concurrent, with program actions bound to external stimuli. They exemplify a system class known as reactive systems, which comprise execution units that have “hidden” layers of control flow. A key obstacle in enabling reactive system developers to rigorously validate their implementations has been the absence of precise software component specifications and tools to assist in leveraging those specifications at runtime. We address this obstacle in three ways: (i) We describe a specification approach tailored for reactive environments and demonstrate its application in the context of sensornets. (ii) We describe the design and implementation of extensions to the popular nesC tool-chain that enable the expression of these specifications and automate the generation of runtime monitors that signal violations, if any. (iii) Finally, we apply the specification approach to a significant collection of the most commonly used software components in the TinyOS distribution and analyze the overhead involved in monitoring their correctness

A State-Machine Model for Reliability Eliciting over Wireless Sensor and Actuator Networks

AbstractAdvances in communications and embedded systems have led to the proliferation of wireless sensor and actuator networks (WSANs) in a wide variety of application domains. One important key of many such WSAN applications is the needed to meet non-functional requirements (e.g., lifetime, reliability, time guarantees) as well as functional ones (e.g. monitoring, actuation). Some application domains even require that sensor nodes be deployed in harsh environments (e.g., refineries), where they can fail due to communication interference, power problems or other issues. Unfortunately, the node failures can be catastrophic for critical or safety related systems. State machines can offer a promising approach to separate the two concerns – functional and non-functional – bringing forth reliability exception conditions handling, by means of fault handling states. We develop an approach that allows users to define and program typical applications using their platform language, but also adds state machine logic to design, view and handle explicitly other concerns such as reliability. The experimental section shows a working deployment of this concept in an industrial refinery settin

Deriving state machines from tinyos programs using symbolic execution.

Abstract Th

Inter-context control-flow and data-flow test adequacy criteria for nesC applications

NesC is a programming language for applications that run on top of networked sensor nodes. Such an application mainly uses an interrupt to trigger a sequence of operations, known as contexts, to perform its actions. However, a high degree of inter-context interleaving in an application can cause it to be error-prone. For instance, a context may mistakenly alter another context’s data kept at a shared variable. Existing concurrency testing techniques target testing programs written in general-purpose programming languages, where a small scale of inter-context interleaving between program executions may make these techniques inapplicable. We observe that nesC blocks new context interleaving when handling interrupts, and this feature significantly restricts the scale of inter-context interleaving that may occur in a nesC application. This paper models how operations on different contexts may interleave as inter-context flow graphs. Based on these graphs, it proposes two test adequacy criteria, one on inter-context data-flows and another on inter-context control-flows. It evaluates the proposal by a real-life open-source nesC application. The empirical results show that the new criteria detect significantly more failures than their conventional counterparts

A Map-algebra-inspired Approach for Interacting With Wireless Sensor Networks, Cyber-physical Systems or Internet of Things

The typical approach for consuming data from wireless sensor networks (WSN) and Internet of Things (IoT) has been to send data back to central servers for processing and analysis. This thesis develops an alternative strategy for processing and acting on data directly in the environment referred to as Active embedded Map Algebra (AeMA). Active refers to the near real time production of data, and embedded refers to the architecture of distributed embedded sensor nodes. Network macroprogramming, a style of programming adopted for wireless sensor networks and IoT, addresses the challenges of coordinating the behavior of multiple connected devices through a high-level programming model. Several macroprogramming models have been proposed, but none to date has adopted a comprehensive spatial model. This thesis takes the unique approach of adapting the well-known Map Algebra model from Geographic Information Science to extend the functionality of WSN/IoT and the opportunities for user interaction with WSN/IoT. As an inherently spatial model, the Map Algebra-inspired metaphor supports the types of computation desired from a network of geographically dispersed WSN nodes. The AeMA data model aligns with the conceptual model of GIS layers and specific layer operations from Map Algebra. A declarative query and network tasking language, based on Map Algebra operations, provides the basis for operations and interactions. The model adds functionality to calculate and store time series and specific temporal summary-type composite objects as an extension to traditional Map Algebra. The AeMA encodes Map Algebra-inspired operations into an extensible Virtual Machine Runtime system, called MARS (Map Algebra Runtime System) that supports Map Algebra in an efficient and extensible way. Map algebra-like operations are performed in a distributed manner. Data do not leave the network but are analyzed and consumed in place. As a consequence, collected information is available in-situ to drive local actions. The conceptual model and tasking language are designed to direct nodes as active entities, able to perform some actions on their environment. This Map Algebra inspired network macroprogramming model has many potential applications for spatially deployed WSN/IoT networks. In particular the thesis notes its utility for precision agriculture applications

Systematic and automatic verification of sensor networks

Ph.DDOCTOR OF PHILOSOPH

Interface contracts for TinyOS

TinyOS applications are built with software components that communicate through narrow interfaces. Since components enable finegrained code reuse, this approach has been successful in creating applications that make very efficient use of the limited code and data memory on sensor network nodes. However, the other important benefit of components—rapid application development through black-box reuse—remains largely unrealized because in many cases interfaces have implied usage constraints that can be the source of frustrating program errors. Developers are commonly forced to read the source code for components, partially defeating the purpose of using components in the first place. Our research helps solve these problems by allowing developers to explicitly specify and enforce component interface contracts. Due to the extensive reuse of the most common interfaces, implementing contracts for a small number of frequently reused interfaces permitted us to extensively check a number of applications. We uncovered some subtle and previously unknown bugs in applications that have been in common use for years