2,401 research outputs found

    The foundational legacy of ASL

    Get PDF
    Abstract. We recall the kernel algebraic specification language ASL and outline its main features in the context of the state of research on algebraic specification at the time it was conceived in the early 1980s. We discuss the most significant new ideas in ASL and the influence they had on subsequent developments in the field and on our own work in particular.

    Facilitating modular property-preserving extensions of programming languages

    Get PDF
    We will explore an approach to modular programming language descriptions and extensions in a denotational style. Based on a language core, language features are added stepwise on the core. Language features can be described separated from each other in a self-contained, orthogonal way. We present an extension semantics framework consisting of mechanisms to adapt semantics of a basic language to new structural requirements in an extended language preserving the behaviour of programs of the basic language. Common templates of extension are provided. These can be collected in extension libraries accessible to and extendible by language designers. Mechanisms to extend these libraries are provided. A notation for describing language features embedding these semantics extensions is presented

    A Verified Information-Flow Architecture

    Get PDF
    SAFE is a clean-slate design for a highly secure computer system, with pervasive mechanisms for tracking and limiting information flows. At the lowest level, the SAFE hardware supports fine-grained programmable tags, with efficient and flexible propagation and combination of tags as instructions are executed. The operating system virtualizes these generic facilities to present an information-flow abstract machine that allows user programs to label sensitive data with rich confidentiality policies. We present a formal, machine-checked model of the key hardware and software mechanisms used to dynamically control information flow in SAFE and an end-to-end proof of noninterference for this model. We use a refinement proof methodology to propagate the noninterference property of the abstract machine down to the concrete machine level. We use an intermediate layer in the refinement chain that factors out the details of the information-flow control policy and devise a code generator for compiling such information-flow policies into low-level monitor code. Finally, we verify the correctness of this generator using a dedicated Hoare logic that abstracts from low-level machine instructions into a reusable set of verified structured code generators

    Formal Design of Asynchronous Fault Detection and Identification Components using Temporal Epistemic Logic

    Get PDF
    Autonomous critical systems, such as satellites and space rovers, must be able to detect the occurrence of faults in order to ensure correct operation. This task is carried out by Fault Detection and Identification (FDI) components, that are embedded in those systems and are in charge of detecting faults in an automated and timely manner by reading data from sensors and triggering predefined alarms. The design of effective FDI components is an extremely hard problem, also due to the lack of a complete theoretical foundation, and of precise specification and validation techniques. In this paper, we present the first formal approach to the design of FDI components for discrete event systems, both in a synchronous and asynchronous setting. We propose a logical language for the specification of FDI requirements that accounts for a wide class of practical cases, and includes novel aspects such as maximality and trace-diagnosability. The language is equipped with a clear semantics based on temporal epistemic logic, and is proved to enjoy suitable properties. We discuss how to validate the requirements and how to verify that a given FDI component satisfies them. We propose an algorithm for the synthesis of correct-by-construction FDI components, and report on the applicability of the design approach on an industrial case-study coming from aerospace.Comment: 33 pages, 20 figure

    Behavioural and abstractor specifications

    Get PDF
    AbstractIn the literature, one can distinguish two main approaches to the definition of observational semantics of algebraic specifications. On one hand, observational semantics is defined using a notion of observational satisfaction for the axioms of the specifications and, on the other hand, one can define observational semantics by abstraction with respect to an observational equivalence relation between algebras. In this paper, we present an analysis and a comparative study of the different approaches in a more general framework which subsumes the observational case. The distinction between the different observational concepts is reflected by our notions of behavioural specification and abstractor specification. We provide necessary and sufficient conditions for the semantical equivalence of both kinds of specifications and we show that behavioural specifications can be characterized by an abstractor construction and, vice versa, abstractor specifications can be characterized in terms of behavioural specifications. Hence, there exists a duality between both concepts which allows to express each one by the other. We also study the relationships to fully abstract algebras which can be used for a further characterization of behavioural semantics. Finally, we provide proof-theoretic results which show that behavioural theories of specifications can be reduced to standard theories of some classes of algebras

    Layering Assume-Guarantee Contracts for Hierarchical System Design

    Get PDF
    Specifications for complex engineering systems are typically decomposed into specifications for individual subsystems in a manner that ensures they are implementable and simpler to develop further. We describe a method to algorithmically construct component specifications that implement a given specification when assembled. By eliminating variables that are irrelevant to realizability of each component, we simplify the specifications and reduce the amount of information necessary for operation. We parametrize the information flow between components by introducing parameters that select whether each variable is visible to a component. The decomposition algorithm identifies which variables can be hidden while preserving realizability and ensuring correct composition, and these are eliminated from component specifications by quantification and conversion of binary decision diagrams to formulas. The resulting specifications describe component viewpoints with full information with respect to the remaining variables, which is essential for tractable algorithmic synthesis of implementations. The specifications are written in TLA + , with liveness properties restricted to an implication of conjoined recurrence properties, known as GR(1). We define an operator for forming open systems from closed systems, based on a variant of the “while-plus” operator. This operator simplifies the writing of specifications that are realizable without being vacuous. To convert the generated specifications from binary decision diagrams to readable formulas over integer variables, we symbolically solve a minimal covering problem. We show with examples how the method can be applied to obtain contracts that formalize the hierarchical structure of system design

    Controller synthesis for parameterized discrete event systems

    Get PDF
    Les systĂšmes Ă  Ă©vĂ©nements discrets sont des systĂšmes dynamiques particuliers. Ils changent d’état de fažcon discrĂšte et le terme Ă©vĂ©nement est utilisĂ© afin de reprĂ©senter l’occurrence de changements discontinus. Ces systĂšmes sont principalement construits par l’homme et on les retrouve surtout dans les secteurs manufacturier, de la circu- lation automobile, des bases de donnĂ©es et des protocoles de communication. Cette thĂšse s’intĂ©resse au contrĂŽle des systĂšmes paramĂ©trĂ©s Ă  Ă©vĂ©nements discrets oĂč les spĂ©cifications sont exprimĂ©es Ă  l’aide de prĂ©dicats et satisfont une condition de similaritĂ©. Des conditions sont donnĂ©es afin de dĂ©duire des propriĂ©tĂ©s, en observation partielle ou totale, pour un systĂšme composĂ© de n processus similaires Ă  partir d’un systĂšme com- posĂ© de n0 processus, avec n ≄ n0. De plus, il est montrĂ© comment infĂ©rer des politiques de contrĂŽle en prĂ©sence de relations d’interconnexion entre les processus. Cette Ă©tude est principalement motivĂ©e par la faiblesse des mĂ©thodes actuelles de synthĂšse pour le traitement des problĂšmes industriels de taille rĂ©elle.Discrete event systems are a special type of dynamic systems. The state of these systems changes only at discrete instants of time and the term event is used to represent the occurrence of discontinuous changes. These systems are mostly man-made and arise in the domains of manufacturing systems, traffic systems, database management systems and communication protocols. This thesis investigates the control of parameterized discrete event systems when specifications are given in terms of predicates and satisfy a similarity assumption. For systems consisting of similar processes under total or partial observation, conditions are given to deduce properties of a system of n processes from properties of a system of n0 processes, with n ≄ n0. Furthermore, it is shown how to infer a control policy for the former from the latter’s, while taking into account interconnections between processes. This study is motivated by a weakness in current synthesis methods that do not scale well to huge systems
    • 

    corecore