Generalising feature interactions in email

We report on a property-based approach to feature interaction analysis for a client-server email system. The model is based upon Hall's email model presented at FIW'00, but the implementation is at a lower level of abstraction, employing non-determinism and asynchronous communication; it is a challenge to avoid deadlock and race conditions. The analysis is more extensive in two ways: interaction analysis is fully automated, based on model-checking the entire state-space, and results are scalable, that is they generalise to email systems consisting of any number of email clients. Abstraction techniques are used to prove general results. The key idea is to model-check a system consisting of a constant number (m) of client processes, in parallel with a mailer process and an ``abstract'' process which represents the product of any number of other (unfeatured, isomorphic) client processes. We give a lower bound for the value of m. All of the models -- for any specified set of client processes and selected features -- are generated automatically using Perl scripts

An automatic abstraction technique for verifying featured, parameterised systems

A general technique combining model checking and abstraction is presented that allows property based analysis systems consisting of an <i>arbitrary</i> number of featured components. We show how parameterised systems can be specified in a <i>guarded command</i> form with constraints placed on the variables which occur in guards. We prove that the results that hold for a small number of components can be shown to scale up. We then show how featured systems can be specified in a similar way, by relaxing the constraints on the guards. The main result is a generalisation theorem for featured systems which we apply to two well known examples

A generic approach for the automatic verification of featured, parameterised systems

A general technique is presented that allows property based feature analysis of systems consisting of an arbitrary number of components. Each component may have an arbitrary set of safe features. The components are defined in a guarded command form and the technique combines model checking and abstraction. Features must fulfill certain criteria in order to be safe, the criteria express constraints on the variables which occur in feature guards. The main result is a generalisation theorem which we apply to a well known example: the ubiquitous, featured telephone system

Using SPIN to Analyse the Tree Identification Phase of the IEEE 1394 High-Performance Serial Bus(FireWire)Protocol

We describe how the tree identification phase of the IEEE 1394 high-performance serial bus (FireWire) protocol is modelled in Promela and verified using SPIN. The verification of arbitrary system configurations is discussed

Automatic verification of any number of concurrent, communicating processes

The automatic verification of concurrent systems by model-checking is limited due to the inability to generalise results to systems consisting of any number of processes. We use abstraction to prove general results, by model-checking, about feature interaction analysis of a telecommunications service involving any number of processes. The key idea is to model-check a system of constant number (m) of concurrent processes, in parallel with an "abstract" process which represents the product of any number of other processes. The system, for any specified set of selected features, is generated automatically using Perl scripts

A template-based approach for the generation of abstractable and reducible models of featured networks

We investigate the relationship between symmetry reduction and inductive reasoning when applied to model checking networks of featured components. Popular reduction techniques for combatting state space explosion in model checking, like abstraction and symmetry reduction, can only be applied effectively when the natural symmetry of a system is not destroyed during specification. We introduce a property which ensures this is preserved, open symmetry. We describe a template-based approach for the construction of open symmetric Promela specifications of featured systems. For certain systems (safely featured parameterised systems) our generated specifications are suitable for conversion to abstract specifications representing any size of network. This enables feature interaction analysis to be carried out, via model checking and induction, for systems of any number of featured components. In addition, we show how, for any balanced network of components, by using a graphical representation of the features and the process communication structure, a group of permutations of the underlying state space of the generated specification can be determined easily. Due to the open symmetry of our Promela specifications, this group of permutations can be used directly for symmetry reduced model checking. The main contributions of this paper are an automatic method for developing open symmetric specifications which can be used for generic feature interaction analysis, and the novel application of symmetry detection and reduction in the context of model checking featured networks. We apply our techniques to a well known example of a featured network – an email system

Maximum A Posteriori Resampling of Noisy, Spatially Correlated Data

In any geologic application, noisy data are sources of consternation for researchers, inhibiting interpretability and marring images with unsightly and unrealistic artifacts. Filtering is the typical solution to dealing with noisy data. However, filtering commonly suffers from ad hoc (i.e., uncalibrated, ungoverned) application. We present here an alternative to filtering: a newly developed method for correcting noise in data by finding the “best” value given available information. The motivating rationale is that data points that are close to each other in space cannot differ by “too much,” where “too much” is governed by the field covariance. Data with large uncertainties will frequently violate this condition and therefore ought to be corrected, or “resampled.” Our solution for resampling is determined by the maximum of the a posteriori density function defined by the intersection of (1) the data error probability density function (pdf) and (2) the conditional pdf, determined by the geostatistical kriging algorithm applied to proximal data values. A maximum a posteriori solution can be computed sequentially going through all the data, but the solution depends on the order in which the data are examined. We approximate the global a posteriori solution by randomizing this order and taking the average. A test with a synthetic data set sampled from a known field demonstrates quantitatively and qualitatively the improvement provided by the maximum a posteriori resampling algorithm. The method is also applied to three marine geology/geophysics data examples, demonstrating the viability of the method for diverse applications: (1) three generations of bathymetric data on the New Jersey shelf with disparate data uncertainties; (2) mean grain size data from the Adriatic Sea, which is a combination of both analytic (low uncertainty) and word-based (higher uncertainty) sources; and (3) side-scan backscatter data from the Martha\u27s Vineyard Coastal Observatory which are, as is typical for such data, affected by speckle noise. Compared to filtering, maximum a posteriori resampling provides an objective and optimal method for reducing noise, and better preservation of the statistical properties of the sampled field. The primary disadvantage is that maximum a posteriori resampling is a computationally expensive procedure