2,231 research outputs found
Towards a formal semantics for AADL execution model
International audienceIn this paper, we present a specification in TLA+ of an AADL execution model. This formal specification is used forderiving a prototype verification tool for AADL the TOPCASED development environment
Building Tunable CRDTs
Nowadays multiple large-scale services are hosted on the Internet, many of them with
millions of daily users. These systems need to scale efficiently, providing fast access
and being always available, despite failures of the servers or of the network and high
amounts of users accessing the service. As such, these services typically trade strong
consistency for high availability and low latency. However, not having strong consistency implies that conflicts arising from concurrent updates will occur, which need to be solved.
Conflict-Free Replicated Data Types (CRDTs) provide low latency and solve conflicts
automatically, ensuring eventual state convergence.
However, one shortcoming of CRDTs is the way they deal with concurrency conflicts –
usually they solve them automatically by applying a specific policy. For example, in a set, e priority to the add. These policies are limited and not adequate for all applications, especially since CRDTs don’t allow for policies dependent on the application context, such as, give priority to add if it’s element e, but give priority to remove if it’s element f.
As such, in this thesis we propose a new type of CRDTs, called tunable CRDT (t-
CRDT), which allows the programmer to specify for each operation what is the desired
conflict solving policy, by supplying a simple boolean function. The programmer can
either supply his own policy or use one of the many we provide in our t-CRDT library.
T-CRDTs solve conflicts automatically by applying the policies in each operation.
This new type of CRDTs adapt more easily to each application specific needs, as it
gives more control to the programmer while still having the main properties of CRDTs,
i.e., eventual convergence of state and low latency. With this, it is expected that more applications can start using CRDTs as their data solution and benefit from their properties
Integrating formal methods into medical software development : the ASM approach
Medical devices are safety-critical systems since their malfunctions can seriously compromise human safety. Correct operation of a medical device depends upon the controlling software, whose development should adhere to certification standards. However, these standards provide general descriptions of common software engineering activities without any indication regarding particular methods and techniques to assure safety and reliability. This paper discusses how to integrate the use of a formal approach into the current normative for the medical software development. The rigorous process is based on the Abstract State Machine (ASM) formal method, its refinement principle, and model analysis approaches the method supports. The hemodialysis machine case study is used to show how the ASM-based design process covers most of the engineering activities required by the related standards, and provides rigorous approaches for medical software validation and verification
Comparing Java Programs: Syntactic and Contextual Semantic Differences
This thesis describes the foundation for developing a tool that compares Java programs, or different versions of a program. The tool captures syntactic differences and contextual semantic differences as well. Syntactic differences are “ordinary” changes in the code. This tool works much in the same way as the Unix tool diff, but it is much smarter than diff. This is because it exploits the fact that programs are built differently than ordinary text. The tool diff’s purpose is to compare text, and it will therefore give imprecise or too verbose results. The tool described in this thesis can identify contextual semantic differences because it knows the contexts of methods, meaning that it knows whether methods are directly declared in the class, inherited from implemented interfaces or if methods override the class’ parent’s method.
The approach in this thesis for comparing Java programs is to transform the programs into abstract syntax trees. The transformation from source code to abstract syntax trees are done with the help Strafunski. Strafunski is a software bundle that supports generic programming. The implementation of the tool is done in Haskell. Haskell is a functional programming language.
The work of comparing abstract syntax trees can be broken down into the problem of finding the largest common subtree of two abstract syntax trees and further more, the problem of finding the longest common subsequence of two sequences. This thesis describes and presents new algorithms for doing this and it also describe working Haskell code of the implementation of the tool
Multiparty interactions in dependable distributed systems
PhD ThesisWith the expansion of computer networks, activities involving computer communication
are becoming more and more distributed. Such distribution can
include processing, control, data, network management, and security. Although
distribution can improve the reliability of a system by replicating
components, sometimes an increase in distribution can introduce some undesirable
faults. To reduce the risks of introducing, and to improve the chances
of removing and tolerating faults when distributing applications, it is important
that distributed systems are implemented in an organized way.
As in sequential programming, complexity in distributed, in particular
parallel, program development can be managed by providing appropriate
programming language constructs. Language constructs can help both by
supporting encapsulation so as to prevent unwanted interactions between
program components and by providing higher-level abstractions that reduce
programmer effort by allowing compilers to handle mundane, error-prone
aspects of parallel program implementation.
A language construct that supports encapsulation of interactions between
multiple parties (objects or processes) is referred in the literature as multiparty
interaction. In a multiparty interaction, several parties somehow "come
together" to produce an intermediate and temporary combined state, use this
state to execute some activity, and then leave the interaction and continue
their normal execution.
There has been a lot of work in the past years on multiparty interaction,
but most of it has been concerned with synchronisation, or handshaking,
between parties rather than the encapsulation of several activities executed
in parallel by the interaction participants. The programmer is therefore left
responsible for ensuring that the processes involved in a cooperative activity
do not interfere with, or suffer interference from, other processes not involved
in the activity.
Furthermore, none of this work has discussed the provision of features
that would facilitate the design of multiparty interactions that are expected
to cope with faults - whether in the environment that the computer system
has to deal with, in the operation of the underlying computer hardware or
software, or in the design of the processes that are involved in the interaction.
In this thesis the concept of multiparty interaction is integrated with
the concept of exception handling in concurrent activities. The final result
is a language in which the concept of multiparty interaction is extended
by providing it with a mechanism to handle concurrent exceptions. This
extended concept is called dependable multiparty interaction.
The features and requirements for multiparty interaction and exception
handling provided in a set of languages surveyed in this thesis, are integrated
to describe the new dependable multiparty interaction construct. Additionally,
object-oriented architectures for dependable multiparty interactions are
described, and a full implementation of one of the architectures is provided.
This implementation is then applied to a set of case studies. The case studies
show how dependable multiparty interactions can be used to design and
implement a safety-critical system, a multiparty programming abstraction,
and a parallel computation model.Brazilian Research Agency CNPq
On Provably Correct Decision-Making for Automated Driving
The introduction of driving automation in road vehicles can potentially reduce road traffic crashes and significantly improve road safety. Automation in road vehicles also brings several other benefits such as the possibility to provide independent mobility for people who cannot and/or should not drive. Many different hardware and software components (e.g. sensing, decision-making, actuation, and control) interact to solve the autonomous driving task. Correctness of such automated driving systems is crucial as incorrect behaviour may have catastrophic consequences. Autonomous vehicles operate in complex and dynamic environments, which requires decision-making and planning at different levels. The aim of such decision-making components in these systems is to make safe decisions at all times. The challenge of safety verification of these systems is crucial for the commercial deployment of full autonomy in vehicles. Testing for safety is expensive, impractical, and can never guarantee the absence of errors. In contrast, formal methods, which are techniques that use rigorous mathematical models to build hardware and software systems can provide a mathematical proof of the correctness of the system. The focus of this thesis is to address some of the challenges in the safety verification of decision-making in automated driving systems. A central question here is how to establish formal verification as an efficient tool for automated driving software development.A key finding is the need for an integrated formal approach to prove correctness and to provide a complete safety argument. This thesis provides insights into how three different formal verification approaches, namely supervisory control theory, model checking, and deductive verification differ in their application to automated driving and identifies the challenges associated with each method. It identifies the need for the introduction of more rigour in the requirement refinement process and presents one possible solution by using a formal model-based safety analysis approach. To address challenges in the manual modelling process, a possible solution by automatically learning formal models directly from code is proposed
Fifty years of Hoare's Logic
We present a history of Hoare's logic.Comment: 79 pages. To appear in Formal Aspects of Computin
- …