Program Model Checking: A Practitioner's Guide

Program model checking is a verification technology that uses state-space exploration to evaluate large numbers of potential program executions. Program model checking provides improved coverage over testing by systematically evaluating all possible test inputs and all possible interleavings of threads in a multithreaded system. Model-checking algorithms use several classes of optimizations to reduce the time and memory requirements for analysis, as well as heuristics for meaningful analysis of partial areas of the state space Our goal in this guidebook is to assemble, distill, and demonstrate emerging best practices for applying program model checking. We offer it as a starting point and introduction for those who want to apply model checking to software verification and validation. The guidebook will not discuss any specific tool in great detail, but we provide references for specific tools

Algebraic Stream Processing

We identify and analyse the typically higher-order approaches to stream processing in the literature. From this analysis we motivate an alternative approach to the specification of SPSs as STs based on an essentially first-order equational representation. This technique is called Cartesian form specification. More specifically, while STs are properly second-order objects we show that using Cartesian forms, the second-order models needed to formalise STs are so weak that we may use and develop well-understood first-order methods from computability theory and mathematical logic to reason about their properties. Indeed, we show that by specifying STs equationally in Cartesian form as primitive recursive functions we have the basis of a new, general purpose and mathematically sound theory of stream processing that emphasises the formal specification and formal verification of STs. The main topics that we address in the development of this theory are as follows. We present a theoretically well-founded general purpose stream processing language ASTRAL (Algebraic Stream TRAnsformer Language) that supports the use of modular specification techniques for full second-order STs. We show how ASTRAL specifications can be given a Cartesian form semantics using the language PREQ that is an equational characterisation of the primitive recursive functions. In more detail, we show that by compiling ASTRAL specifications into an equivalent Cartesian form in PREQ we can use first-order equational logic with induction as a logical calculus to reason about STs. In particular, using this calculus we identify a syntactic class of correctness statements for which the verification of ASTRAL programmes is decidable relative to this calculus. We define an effective algorithm based on term re-writing techniques to implement this calculus and hence to automatically verify a very broad class of STs including conventional hardware devices. Finally, we analyse the properties of this abstract algorithm as a proof assistant and discuss various techniques that have been adopted to develop software tools based on this algorithm

A Holistic Approach to Functional Safety for Networked Cyber-Physical Systems

Functional safety is a significant concern in today's networked cyber-physical systems such as connected machines, autonomous vehicles, and intelligent environments. Simulation is a well-known methodology for the assessment of functional safety. Simulation models of networked cyber-physical systems are very heterogeneous relying on digital hardware, analog hardware, and network domains. Current functional safety assessment is mainly focused on digital hardware failures while minor attention is devoted to analog hardware and not at all to the interconnecting network. In this work we believe that in networked cyber-physical systems, the dependability must be verified not only for the nodes in isolation but also by taking into account their interaction through the communication channel. For this reason, this work proposes a holistic methodology for simulation-based safety assessment in which safety mechanisms are tested in a simulation environment reproducing the high-level behavior of digital hardware, analog hardware, and network communication. The methodology relies on three main automatic processes: 1) abstraction of analog models to transform them into system-level descriptions, 2) synthesis of network infrastructures to combine multiple cyber-physical systems, and 3) multi-domain fault injection in digital, analog, and network. Ultimately, the flow produces a homogeneous optimized description written in C++ for fast and reliable simulation which can have many applications. The focus of this thesis is performing extensive fault simulation and evaluating different functional safety metrics, \eg, fault and diagnostic coverage of all the safety mechanisms

Representing Conversations for Scalable Overhearing

Open distributed multi-agent systems are gaining interest in the academic community and in industry. In such open settings, agents are often coordinated using standardized agent conversation protocols. The representation of such protocols (for analysis, validation, monitoring, etc) is an important aspect of multi-agent applications. Recently, Petri nets have been shown to be an interesting approach to such representation, and radically different approaches using Petri nets have been proposed. However, their relative strengths and weaknesses have not been examined. Moreover, their scalability and suitability for different tasks have not been addressed. This paper addresses both these challenges. First, we analyze existing Petri net representations in terms of their scalability and appropriateness for overhearing, an important task in monitoring open multi-agent systems. Then, building on the insights gained, we introduce a novel representation using Colored Petri nets that explicitly represent legal joint conversation states and messages. This representation approach offers significant improvements in scalability and is particularly suitable for overhearing. Furthermore, we show that this new representation offers a comprehensive coverage of all conversation features of FIPA conversation standards. We also present a procedure for transforming AUML conversation protocol diagrams (a standard human-readable representation), to our Colored Petri net representation

Radio evolution: conference proceedings

Fundação para a Ciência e a Tecnologia (FCT

Enlarging the possibility space for scientific model-based explanation

Two prominent views in the scientific explanation literature are: (1) that scientific explanations should be ontic or track causal or constitutive relations between the explanans and explanandum; (2) Idealizations in scientific models can be either epistemically dispensable or indispensable in principle. (1) manifests in the requirements which proponents of that view hold for scientific models to be deemed explanatory. Per these advocates, scientific models must not only track causal or constitutive relations but must include some mapping from the model components to the target system. (2) represents something like the current state of play for understanding the place of idealizations in scientific models and involves the longstanding issue of intertheoretic reduction. Idealizations can either be epistemically indispensable (that is not derivable from or reducible to) the relevant micro-level theory or epistemically dispensable in principle. The following project aims to rebut both of these views, thereby seeking to enlarge the possibility space for scientific explanation. For this reason, this project gestures towards and develops new dimensions for scientific model-based explanation. Pace (1), there are many scientific models which do not track ontic or causal relations but are nevertheless explanatory. The first chapter considers a cognitive dynamical model --the HKB model of bimanual coordination-- which fails these requirements for explanation but is one which I claim can still be shown to be explanatory. This represents a promising bit of evidence which can be marshalled and directed against this commitment. Along the lines of (1), proponents of this requirement claim that scientific models must be ontic or risk facing a problematic "directionality problem." The second chapter provides a route of response for the advocate of non-ontic scientific explanations, demonstrating how this problem can be resolved along pragmatic lines. Finally, the partition of the possibility space for understanding the role of idealizations in scientific models encapsulated in (2) is challenged in the third chapter. Therein, a certain species of idealization -continuum idealizations- are discussed and a pragmatic and deflationary approach to the issue of intertheoretic reduction is argued for. These chapters all serve to demonstrate countervailing considerations which, if successful, act as important challenges for the veracity of both (1) and (2). Rather than achieving a mere refutation of these commitments, the success of this project calls for a re-imagining and enlargement of the possibility space for scientific model-based explanations.Includes bibliographical references