118,807 research outputs found
Experience with the CAIS
Intermetrics' experience is that the Ada package construct, which allows separation of specification and implementation allows specification of a CAIS that is transportable across varying hardware and software bases. Additionally, the CAIS is an excellent basis for providing operating system functionality to Ada applications. By allowing the Byron APSE to be moved easily from system to system, and allowing significant re-writes of underlying code. Ada and the CAIS provide portability as well as transparency to change at the application operating system interface level
Adaptable transition systems
We present an essential model of adaptable transition systems inspired by white-box approaches to adaptation and based on foundational models of component based systems. The key feature of adaptable transition systems are control propositions, imposing a clear separation between ordinary, functional behaviours and adaptive ones. We instantiate our approach on interface automata yielding adaptable interface automata, but it may be instantiated on other foundational models of component-based systems as well. We discuss how control propositions can be exploited in the specification and analysis of adaptive systems, focusing on various notions proposed in the literature, like adaptability, control loops, and control synthesis
A History of BlockingQueues
This paper describes a way to formally specify the behaviour of concurrent
data structures. When specifying concurrent data structures, the main challenge
is to make specifications stable, i.e., to ensure that they cannot be
invalidated by other threads. To this end, we propose to use history-based
specifications: instead of describing method behaviour in terms of the object's
state, we specify it in terms of the object's state history. A history is
defined as a list of state updates, which at all points can be related to the
actual object's state.
We illustrate the approach on the BlockingQueue hierarchy from the
java.util.concurrent library. We show how the behaviour of the interface
BlockingQueue is specified, leaving a few decisions open to descendant classes.
The classes implementing the interface correctly inherit the specifications. As
a specification language, we use a combination of JML and permission-based
separation logic, including abstract predicates. This results in an abstract,
modular and natural way to specify the behaviour of concurrent queues. The
specifications can be used to derive high-level properties about queues, for
example to show that the order of elements is preserved. Moreover, the approach
can be easily adapted to other concurrent data structures.Comment: In Proceedings FLACOS 2012, arXiv:1209.169
The role of the RM-ODP computational viewpoint concepts in the MDA approach
An MDA design approach should be able to accommodate designs at different levels of platform-independence. We have proposed a design approach previously (in [2]), which allows these levels to be identified. An important feature of this approach is the notion of abstract platform. An abstract platform is determined by the platform characteristics that are relevant for applications at a certain level of platform-independence, and must be established by considering various design goals. In this paper, we define a framework that makes it possible to use RM-ODP concepts in our MDA design approach. This framework allows a recursive application of the computational viewpoint at different levels of platform-independence. This is obtained by equating the RM-ODP notion of infrastructure to our notion of abstract platform
Permission-Based Separation Logic for Multithreaded Java Programs
This paper presents a program logic for reasoning about multithreaded
Java-like programs with dynamic thread creation, thread joining and reentrant
object monitors. The logic is based on concurrent separation logic. It is the
first detailed adaptation of concurrent separation logic to a multithreaded
Java-like language. The program logic associates a unique static access
permission with each heap location, ensuring exclusive write accesses and
ruling out data races. Concurrent reads are supported through fractional
permissions. Permissions can be transferred between threads upon thread
starting, thread joining, initial monitor entrancies and final monitor exits.
In order to distinguish between initial monitor entrancies and monitor
reentrancies, auxiliary variables keep track of multisets of currently held
monitors. Data abstraction and behavioral subtyping are facilitated through
abstract predicates, which are also used to represent monitor invariants,
preconditions for thread starting and postconditions for thread joining.
Value-parametrized types allow to conveniently capture common strong global
invariants, like static object ownership relations. The program logic is
presented for a model language with Java-like classes and interfaces, the
soundness of the program logic is proven, and a number of illustrative examples
are presented
Linearizability with Ownership Transfer
Linearizability is a commonly accepted notion of correctness for libraries of
concurrent algorithms. Unfortunately, it assumes a complete isolation between a
library and its client, with interactions limited to passing values of a given
data type. This is inappropriate for common programming languages, where
libraries and their clients can communicate via the heap, transferring the
ownership of data structures, and can even run in a shared address space
without any memory protection. In this paper, we present the first definition
of linearizability that lifts this limitation and establish an Abstraction
Theorem: while proving a property of a client of a concurrent library, we can
soundly replace the library by its abstract implementation related to the
original one by our generalisation of linearizability. This allows abstracting
from the details of the library implementation while reasoning about the
client. We also prove that linearizability with ownership transfer can be
derived from the classical one if the library does not access some of data
structures transferred to it by the client
Coordination Contracts as Connectors in Component-Based Development
Several proposals for component-based development
methods have started to appear. However, the emphasis is
still very much on the development of components as
opposed to the development with components. The main
focus is on how to generate ideal reusable components not
on how to plug existing components and specify their
interactions and connections.
The concept of a coordination contract (Andrade and
Fiadeiro 1999; Andrade and Fiadeiro 2001; Andrade,
Fiadeiro et al. 2001) has been proposed to specify a
mechanism of interaction between objects based on the
separation between structure, what is stable, and
interaction, what is changeable. This separation supports
better any change of requirements, as contracts can be
replaced, added or removed dynamically, i.e. in run-time,
without having to interfere with the components that they
coordinate. A coordination contract corresponds to an
expressive architectural connector that can be used to plug
existing components.
In this paper we integrate the concept of a coordination
contract with component-based development and show
how coordination contracts can be used to specify the
connectors between components
Statistical Treatment of Earth Observing System Pyroshock Separation Test Data
The Earth Observing System (EOS) AM-1 spacecraft for NASA's Mission to Planet Earth is scheduled to be launched on an Atlas IIAS vehicle in June of 1998. One concern is that the instruments on the EOS spacecraft are sensitive to the shock-induced vibration produced when the spacecraft separates from the launch vehicle. By employing unique statistical analysis to the available ground test shock data, the NASA Lewis Research Center found that shock-induced vibrations would not be as great as the previously specified levels of Lockheed Martin. The EOS pyroshock separation testing, which was completed in 1997, produced a large quantity of accelerometer data to characterize the shock response levels at the launch vehicle/spacecraft interface. Thirteen pyroshock separation firings of the EOS and payload adapter configuration yielded 78 total measurements at the interface. The multiple firings were necessary to qualify the newly developed Lockheed Martin six-hardpoint separation system. Because of the unusually large amount of data acquired, Lewis developed a statistical methodology to predict the maximum expected shock levels at the interface between the EOS spacecraft and the launch vehicle. Then, this methodology, which is based on six shear plate accelerometer measurements per test firing at the spacecraft/launch vehicle interface, was used to determine the shock endurance specification for EOS. Each pyroshock separation test of the EOS spacecraft simulator produced its own set of interface accelerometer data. Probability distributions, histograms, the median, and higher order moments (skew and kurtosis) were analyzed. The data were found to be lognormally distributed, which is consistent with NASA pyroshock standards. Each set of lognormally transformed test data produced was analyzed to determine if the data should be combined statistically. Statistical testing of the data's standard deviations and means (F and t testing, respectively) determined if data sets were significantly different at a 95-percent confidence level. If two data sets were found to be significantly different, these families of data were not combined for statistical purposes. This methodology produced three separate statistical data families of shear plate data. For each population, a P99.1/50 (probability/confidence) per-separation-nut firing level was calculated. By using the binomial distribution, Lewis researchers determined that this pernut firing level was equivalent to a P95/50 per-flight confidence level. The overall envelope of the per-flight P95/50 levels led to Lewis' recommended EOS interface shock endurance specification. A similar methodology was used to develop Lewis' recommended EOS mission assurance levels. The available test data for the EOS mission are significantly larger than for a normal mission, thus increasing the confidence level in the calculated expected shock environment. Lewis significantly affected the EOS mission by properly employing statistical analysis to the data. This analysis prevented a costly requalification of the spacecraft's instruments, which otherwise would have been exposed to significantly higher test levels
A grammatical specification of human-computer dialogue
The Seeheim Model of human-computer interaction partitions an interactive application into a user-interface, a dialogue controller and the application itself. One of the formal techniques of implementing the dialogue controller is based on context-free grammars and automata. In this work, we modify an off-the-shelf compiler generator (YACC) to generate the dialogue controller. The dialogue controller is then integrated into the popular X-window system, to create an interactive-application generator. The actions of the user drive the automaton, which in turn controls the application
Resource Usage Protocols for Iterators
We discuss usage protocols for iterator objects that prevent concurrent modifications of the underlying collection while iterators are in progress. We formalize these protocols in Java-like object interfaces, enriched with separation logic contracts. We present examples of iterator clients and proofs that they adhere to the iterator protocol, as well as examples of iterator implementations and proofs that they implement the iterator interface
- ā¦