Specification and verification of context conditions for programming languages

Bibliography: p. 204-211.Context conditions - also called static semantics - are the constraints on computer programs that cannot be reasonably expressed by a context-free grammar, but that can be statically checked without considering the execution properties - semantics - of the program. Such conditions tend to be arbitrary and complex. This thesis presents a new specification formalism called CFF/AML. This formalism is · designed to be both useful for the specification of programming languages to an environment generator and also simple to use. The driving insight behind CFF/AML is that a language specifier conceives of the context condition checks associated with a programming language syntax description in procedural terms. CFF/AML supports this view of context condition specification, thus simplifying the task of the language specifier. CFF/AML has been formally by constructing a temporal proof system for the metalanguage. This proof system can also be used to verify CFF/AML specifications. The construction of the temporal proof system for CFF/AML uncovered a deficiency in the existing theory, namely that there was no way to prove subprograms, especially recursive subprograms, correct. The theory was extended to handle recursive subprograms. The approach developed in this thesis allows recursive subprograms to be proven correct using the same approach as was used previously for iterative constructs. This thesis makes a number of contributions to Computer Science. An approach to language specification - CFF/AML - is developed that greatly reduces the problems associated with building a language specification for input to a programming language environment generator. The theory of temporal proof systems is extended to include a methodology for handling proofs of recursive subprograms. A formal description of the CFF/AML metalanguage has been developed using temporal logic as the framework for the description. This is the first attempt to use temporal logic for such a task. As CFF/AML constructs can be dynamically scoped, this development differs from that required for statically scoped languages. We have also used this temporal proof system formally to prove that context condition specifications are correct. These proofs are an advancement on earlier work in the field of formal reasoning about context condition specification as they allow formal proof of the correctness of evaluations, as well as proving termination

Ontology-Mediated Probabilistic Model Checking: Extended Version

Probabilistic model checking (PMC) is a well-established method for the quantitative analysis of dynamic systems. On the other hand, description logics (DLs) provide a well-suited formalism to describe and reason about static knowledge, used in many areas to specify domain knowledge in an ontology. We investigate how such knowledge can be integrated into the PMC process, introducing ontology-mediated PMC. Specifically, we propose a formalism that links ontologies to dynamic behaviors specified by guarded commands, the de-facto standard input formalism for PMC tools such as Prism. Further, we present and implement a technique for their analysis relying on existing DL-reasoning and PMC tools. This way, we enable the application of standard PMC techniques to analyze knowledge-intensive systems. Our approach is implemented and evaluated on a multi-server system case study, where different DL-ontologies are used to provide specifications of different server platforms and situations the system is executed in

EOS: A project to investigate the design and construction of real-time distributed embedded operating systems

The EOS project is investigating the design and construction of a family of real-time distributed embedded operating systems for reliable, distributed aerospace applications. Using the real-time programming techniques developed in co-operation with NASA in earlier research, the project staff is building a kernel for a multiple processor networked system. The first six months of the grant included a study of scheduling in an object-oriented system, the design philosophy of the kernel, and the architectural overview of the operating system. In this report, the operating system and kernel concepts are described. An environment for the experiments has been built and several of the key concepts of the system have been prototyped. The kernel and operating system is intended to support future experimental studies in multiprocessing, load-balancing, routing, software fault-tolerance, distributed data base design, and real-time processing

An operational approach to semantics and translation for concurrent programming languages

The problems of semantics and translation for concurrent programming languages are studied in this thesis. A structural operational approach is introduced to specify the semantics of parallelism and communication. Using this approach, semantics for the concurrent programming languages CSP (Hoare's Communicating Sequential Processes), multitasking and exception handling in Ada, Brinch-Hansen's Edison and CCS (Milner's Calculus of Communicating Systems) are defined and some of their properties are studied. An operational translation theory for concurrent programming languages is given. The concept of the correctness of a translation is formalised, the problem of composing transitions is studied and a composition theorem is proved. A set of sufficient conditions for proving the correctness of a translation is given. A syntax-directed translation from CSP to CCS is given and proved correct. Through this example the proof techniques of this approach is demonstrated. Finally, as an application of operational semantics and translation, a proposal for implementing multitasking in Ada is given via a two-step syntax-directed translation

Enhancements to jml and its extended static checking technology

Formal methods are useful for developing high-quality software, but to make use of them, easy-to-use tools must be available. This thesis presents our work on the Java Modeling Language (JML) and its static verification tools. A main contribution is Offline User-Assisted Extended Static Checking (OUA-ESC), which is positioned between the traditional, fully automatic ESC and interactive Full Static Program Verification (FSPV). With OUA-ESC, automated theorem provers are used to discharge as many Verification Conditions (VCs) as possible, then users are allowed to provide Isabelle/HOL proofs for the sub-VCs that cannot be discharged automatically. Thus, users are able to take advantage of the full power of Isabelle/HOL to manually prove the system correct, if they so choose. Exploring unproven sub-VCs with Isabelle's ProofGeneral has also proven very useful for debugging code and their specifications. We also present syntax and semantics for monotonic non-null references, a common category that has not been previously identified. This monotonic non-null modifier allows some fields previously declared as nullable to be treated like local variables for nullity flow analysis. To support this work, we developed JML4, an Eclipse-based Integration Verification Environment (IVE) for the Java Modeling Language. JML4 provides integration of JML into all of the phases of the Eclipse JDT's Java compiler, makes use of external API specifications, and provides native error reporting. The verification techniques initially supported include a Non-Null Type System (NNTS), Runtime Assertion Checking (RAC), and Extended Static Checking (ESC); and verification tools to be developed by other researchers can be incorporated. JML4 was adopted by the JML4 community as the platform for their combined research efforts. ESC4, JML4's ESC component, provides other novel features not found before in ESC tools. Multiple provers are used automatically, which provides a greater coverage of language constructs that can be verified. Multi-threaded generation and distributed discharging of VCs, as well as a proof-status caching strategy, greatly speed up this CPU-intensive verification technique. VC caches are known to be fragile, and we developed a simple way to remove some of that fragility. These features combine to form the first IVE for JML, which will hopefully bring the improved quality promised by formal methods to Java developer

Study of Formal Parallel Language Generation

This purpose of this study was to develop a tool to automate the generation of sentences of a grammar. The generation of the sentences were to be done in parallel. The parallel method used is based on Dijkstra's guarded commands. The tool can be used as a teaching aid to check the existence ofa sentence in a language generated by a grammar. The software tool that was developed as part of this thesis work places certain restrictions on the type of granunar being used. These restrictions limit the languages to be considered to those that are recursive and do not contain empty productions. These restrictions only allow the productions of the grammar to increase the sentential forms in size or to leave the size ofthe sentential forms unchanged. All derivations were done in a leftmost manner. The tool was written to run under Microsoft Windows NT as an MFC-based application

An efficient sequential BTRS implementation

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2009.Includes bibliographical references (leaves 73-74).This thesis describes the implementation of BTRS, a language based on guarded atomic actions (GAA). The input language to the compiler which forms the basis of this work is a hierarchical tree of modules containing state, interface methods, and rules which fire atomically to cause state transitions. Since a schedule need not be specified, the program description is inherently nondeterministic, though the BTRS language does allow the programmer to remove nondeterminism by specifying varying degrees of scheduling constraints. The compiler outputs a (sequential) single-threaded C implementation of the input description, choosing a static schedule which adheres to the input constraints. The resulting work is intended to be used as the starting point for research into efficient software synthesis from guarded atomic actions, and ultimately a hardware inspired programming methodology for writing parallel software. This compiler is currently being used to generate software for a heterogeneous system in which the software and hardware components are both specified in BTRS.by Myron Decker King.S.M

A method for maintaining new software

This thesis describes a novel method for perfective maintenance of software which has been developed from specifications using formal transformations. The list of applied transformations provides a suitable derivation history to use when changes are made to the software. The method uses transformations which have been implemented in a tool called the Maintainer's Assistant for the purposes of restructuring code. The method uses these transformations for refinement. Comparisons are made between sequential transformations, refinement calculi and standard proof based refinement techniques for providing a suitable derivation history to use when changes are made in the requirements of a system. Two case studies are presented upon which these comparisons are based and on which the method is tested. Criteria such as saleability, speed, ease, design improvements and software quality is used to argue that transformations are a more favourable basis of refinement. Metrics are used to evaluate the complexity of the code developed using the method. Conclusions of how to develop different types of specifications into code and on how best to apply various changes are presented. An approach which is recommended is to use transformations for splitting the specification so that original refinement paths can still be used. Using transformations for refining a specification and recording this path produces software of a better structure and of higher maintainability. Having such a path improves the speed and ease of future alterations to the system. This is more cost effective than redeveloping the software from a new specification