Real-time and fault tolerance in distributed control software

Closed loop control systems typically contain multitude of spatially distributed sensors and actuators operated simultaneously. So those systems are parallel and distributed in their essence. But mapping this parallelism onto the given distributed hardware architecture, brings in some additional requirements: safe multithreading, optimal process allocation, real-time scheduling of bus and network resources. Nowadays, fault tolerance methods and fast even online reconfiguration are becoming increasingly important. All those often conflicting requirements, make design and implementation of real-time distributed control systems an extremely difficult task, that requires substantial knowledge in several areas of control and computer science. Although many design methods have been proposed so far, none of them had succeeded to cover all important aspects of the problem at hand. [1] Continuous increase of production in embedded market, makes a simple and natural design methodology for real-time systems needed more then ever

Towards Practical Graph-Based Verification for an Object-Oriented Concurrency Model

To harness the power of multi-core and distributed platforms, and to make the development of concurrent software more accessible to software engineers, different object-oriented concurrency models such as SCOOP have been proposed. Despite the practical importance of analysing SCOOP programs, there are currently no general verification approaches that operate directly on program code without additional annotations. One reason for this is the multitude of partially conflicting semantic formalisations for SCOOP (either in theory or by-implementation). Here, we propose a simple graph transformation system (GTS) based run-time semantics for SCOOP that grasps the most common features of all known semantics of the language. This run-time model is implemented in the state-of-the-art GTS tool GROOVE, which allows us to simulate, analyse, and verify a subset of SCOOP programs with respect to deadlocks and other behavioural properties. Besides proposing the first approach to verify SCOOP programs by automatic translation to GTS, we also highlight our experiences of applying GTS (and especially GROOVE) for specifying semantics in the form of a run-time model, which should be transferable to GTS models for other concurrent languages and libraries.Comment: In Proceedings GaM 2015, arXiv:1504.0244

City strategy : final evaluation

The City Strategy (CS) concept was first announced in the 2006 Welfare Reform Green Paper – A new deal for welfare: Empowering people to work. CS was designed at a time of growth in the national economy to combat enduring pockets of entrenched worklessness and poverty in urban areas by empowering local institutions to come together in partnerships to develop locally sensitive solutions. It was premised on the idea that developing a better understanding of the local welfare to work arena would allow partnerships to align and pool funding and resources to reduce duplication of services and fill gaps in provision. The ‘theory of change’ underlying CS suggested that such an approach would result in more coordinated services which would be able to generate extra positive outcomes in terms of getting people into jobs and sustaining them in employment over and above existing provision. CS was initially set to run for two years from April 2007 to March 2009 in 15 CS Pathfinder (CSP) areas, varying in size from five wards in one town through single local authority areas to subregional groupings of multiple local authority areas, across Great Britain. In July 2008, the Secretary of State for Work and Pensions announced an extension for a further two years to March 2011. In April 2009, two local areas in Wales, which were in receipt of monies from the Deprived Areas Fund (DAF), were invited by the Department for Work and Pensions (DWP) to form local partnerships with a similar remit to the CSPs, albeit more limited in scope – to develop locally sensitive solutions to economic inactivity, to the CSPs. During the period that the CS initiative was operational, economic conditions changed markedly with a severe recession, followed by fragile recovery. The CSPs had to cope with ongoing changes in policy throughout the lifetime of the CS initiative, including a General Election and a new Coalition Government at Westminster early in the fourth year. While policy changes are a fact of life for local practitioners operating in the welfare to work arena, the global recession in 2008/09 marked a fundamental change in the context in which local partnerships operated

A Generalized Hybrid Hoare Logic

Deductive verification of hybrid systems (HSs) increasingly attracts more attention in recent years because of its power and scalability, where a powerful specification logic for HSs is the cornerstone. Often, HSs are naturally modelled by concurrent processes that communicate with each other. However, existing specification logics cannot easily handle such models. In this paper, we present a specification logic and proof system for Hybrid Communicating Sequential Processes (HCSP), that extends CSP with ordinary differential equations (ODE) and interrupts to model interactions between continuous and discrete evolution. Because it includes a rich set of algebraic operators, complicated hybrid systems can be easily modelled in an algebra-like compositional way in HCSP. Our logic can be seen as a generalization and simplification of existing hybrid Hoare logics (HHL) based on duration calculus (DC), as well as a conservative extension of existing Hoare logics for concurrent programs. Its assertion logic is the first-order theory of differential equations (FOD), together with assertions about traces recording communications, readiness, and continuous evolution. We prove continuous relative completeness of the logic w.r.t. FOD, as well as discrete relative completeness in the sense that continuous behaviour can be arbitrarily approximated by discretization. Besides, we discuss how to simplify proofs using the logic by providing a simplified assertion language and a set of sound and complete rules for differential invariants for ODEs. Finally, we implement a proof assistant for the logic in Isabelle/HOL, and apply it to verify two case studies to illustrate the power and scalability of our logic

Dependability engineering in Isabelle

In this paper, we introduce a process of formal system development supported by interactive theorem proving in a dedicated Isabelle framework. This Isabelle Infrastructure framework implements specification and verification in a cyclic process supported by attack tree analysis closely inter-connected with formal refinement of the specification. The process is cyclic: in a repeated iteration the refinement adds more detail to the system specification. It is a known hard problem how to find the next refinement step: this problem is addressed by the attack based analysis using Kripke structures and CTL logic. We call this cyclic process the Refinement-Risk cycle (RR-cycle). It has been developed for security and privacy of IoT healthcare systems initially but is more generally applicable for safety as well, that is, dependability in general. In this paper, we present the extensions to the Isabelle Infrastructure framework implementing a formal notion of property preserving refinement interleaved with attack tree analysis for the RR-cycle. The process is illustrated on the specification development and privacy analysis of the mobile Corona-virus warning app