The known unknowns of hydraulic engineering

Hydraulic engineers and researchers deal with scientific challenges involving turbulent flow motion and its interactions with the surroundings. Turbulent flows are characterised by unpredictable behaviour, and little systematic research has yet been conducted in natural systems. This paper discusses the implications of recent developments in affordable instrumentation previously characterised by intrinsic weaknesses that adversely affect the quality of the signal outputs. A challenging application is the unsteady turbulence field in tidal bores. The interactions between open channel flows and movable boundaries and atmosphere illustrate another aspect of our limited knowledge. Rapid siltation of reservoirs and air entrainment in turbulent free-surface flows are discussed. In both applications, hydraulic engineers require some broad-based expertise. In turn the education of future hydraulic engineers is of vital importance

Practically Applicable Formal Methods

Abstract. Formal methods are considered to be highly expensive. There-fore, they are currently applied almost only in high risk software develop-ment. In this paper, we show that formal techniques can be also efficiently used in standard large-scale applications. We focus on the generation of specifications which state the termination condition of for loops in Java code (expressed as so called Java Modeling Language decreases clauses). We demonstrate that with help of relatively simple techniques it is pos-sible to successfully generate the clauses for almost 80 % of the loops in a number of widely deployed applications. Moreover, it turns out that the remaining 20 % cases contain loops which should be carefully reviewed by software quality assurance personnel. The results show that our tech-nique might be helpful in spreading the usage of formal methods onto typical business software

Formalizing a hierarchical file system

An abstract file system is defined here as a partial function from (absolute) paths to data. Such a file system determines the set of valid paths. It allows the file system to be read and written at a valid path, and it allows the system to be modified by the Unix operations for creation, removal, and moving of files and directories. We present abstract definitions (axioms) for these operations. This specification is refined towards a pointer implementation. The challenge is to have a natural abstraction function from the implementation to the specification, to define operations on the concrete store that behave exactly in the same way as the corresponding functions on the abstract store, and to prove these facts. To mitigate the problems attached to partial functions, we do this in two steps: first a refinement towards a pointer implementation with total functions, followed by one that allows partial functions. These two refinements are proved correct by means of a number of invariants. Indeed, the insights gained consist, on the one hand, of the invariants of the pointer implementation that are needed for the refinement functions, and on the other hand of the precise enabling conditions of the operations on the different levels of abstraction. Each of the three specification levels is enriched with a permission system for reading, writing, or executing, and the refinement relations between these permission systems are explored. Files and directories are distinguished from the outset, but this rarely affects our part of the specifications. All results have been verified with the proof assistant PVS, in particular, that the invariants are preserved by the operations, and that, where the invariants hold, the operations commute with the refinement functions

Automatically refining partial specifications for Program Verification

10.1007/978-3-642-21437-0_28Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)6664 LNCS369-38

Java Applet Correctness: a Developer-Oriented Approach

This paper present experime t o forma alidatio o J a applets I descri e t o tha ha ee de elo e a th Gemplus Resear Labs Thi t o all w t formall pr J classe annotated wit JML a annotatio languag fo J tha pr vide frame ork fo s ecifyin clas i aria t an meth d eh viours Th foundations an th mai feature o th t o ar prese ted Th mos inn ati part o th t o i tha i i tailore t use J programmers without a particula ba kgroun i forma meth ds reduc th difficul y o usin forma te hniques i aim t pr vid user-friendl i terface whi hide t de elo er mos o th forma feature an pr vide a "J s yl view o lemmas

Java Applet Correctness: a Developer-Oriented Approach

This paper presents experiments on formal validation of Java applets. It describes a tool that has been developed at the Gemplus Research Labs. This tool allows to formally prove Java classes annotated with JML, an annotation language for Java that provides a framework for specifying class invariants and methods behaviours. The foundations and the main features of the tool are presented. The most innovative part of the tool is that it is tailored to be used by Java programmers, without any particular background in formal methods. To reduce the di#culty of using formal techniques, it aims to provide a user-friendly interface which hides to developers most of the formal features and provides a "Java style view" of lemmas

Reasoning about Card Tears and Transactions in Java Card

Abstract. The Java dialect Java Card for programming smartcards contains some features which do not exist in Java. Java Card distinguishes persistent and transient data (data stored in EEPROM and RAM, respectively). Because power to a smartcard can suddenly be interrupted by a so-called card tear, by someone removing the smartcard from the reader, Java Card provides a notion of transaction to ensure that updates of multiple fields in persistent memory can be performed atomically. This paper describes a way to reason about these Java Card specific language features.