SPaCIFY: a Formal Model-Driven Engineering for Spacecraft On-Board Software

International audienceThe aim of this article is to present a model- driven approach proposed by the SPaCIFY project for spacecraft on-board software development. This ap- proach is based on a formal globally asynchronous lo- cally synchronous language called Synoptic, and on a set of transformations allowing code generation and model verification

Mobile Resource Guarantees and Policies

Abstract. This paper introduces notions of resource policy for mobile code to be run on smart devices, to integrate with the proof-carrying code architecture of the Mobile Resource Guarantees (MRG) project. Two forms of policy are used: guaranteed policies which come with proofs and target policies which describe limits of the device. A guaranteed policy is expressed as a function of a methods input sizes, which determines a bound on consumption of some resource. A target policy is defined by a constant bound and input constraints for a method. A recipient of mobile code chooses whether to run methods by comparing between a guaranteed policy and the target policy. Since delivered code may use methods implemented on the target machine, guaranteed policies may also be provided by the platform; they appear symbolically as assumptions in delivered proofs. Guaranteed policies entail proof obligations that must be established from the proof certificate. Before proof, a policy checker ensures that the guaranteed policy refines the target policy; our policy format ensures that this step is tractable and does not require proof. Delivering policies thus mediates between arbitrary target requirements and the desirability to package code and certificate only once.

Lightweight Polymorphic Effects

Type-and-effect systems are a well-studied approach for reasoning about the computational behavior of programs. Nevertheless, there is only one example of an effect system that has been adopted in a wide-spread industrial language: Java’s checked exceptions. We believe that the main obstacle to using effect systems in day-to-day programming is their verbosity, especially when writing functions that are polymorphic in the effect of their argument. To overcome this issue, we propose a new syntactically lightweight technique for writing effect-polymorphic functions. We show its independence from a specific kind of side-effect by embedding it into a generic and extensible framework for checking effects of multiple domains. Finally, we verified the expressiveness and practicality of the system by implementing it for the Scala programming language

Deterministic Concurrency: A Clock-Synchronised Shared Memory Approach

International audienceSynchronous Programming (SP) is a universal computational principle that provides deterministic concurrency. The same input sequence with the same timing always results in the same externally observable output sequence, even if the internal behaviour generates uncertainty in the scheduling of concurrent memory accesses. Consequently, SP languages have always been strongly founded on mathematical semantics that support formal program analysis. So far, however, communication has been constrained to a set of primitive clock-synchronised shared memory (csm) data types, such as data-flow registers, streams and signals with restricted read and write accesses that limit modularity and behavioural abstractions. This paper proposes an extension to the SP theory which retains the advantages of deterministic concurrency, but allows communication to occur at higher levels of abstraction than currently supported by SP data types. Our approach is as follows. To avoid data races, each csm type publishes a policy interface for specifying the admissibility and precedence of its access methods. Each instance of the csm type has to be policy-coherent, meaning it must behave deterministically under its own policy-a natural requirement if the goal is to build deterministic systems that use these types. In a policy-constructive system, all access methods can be scheduled in a policy-conformant way for all the types without deadlocking. In this paper, we show that a policy-constructive program exhibits deterministic concurrency in the sense that all policy-conformant interleavings produce the same input-output behaviour. Policies are conservative and support the csm types existing in current SP languages. Technically, we introduce a kernel SP language that uses arbitrary policy-driven csm types. A big-step fixed-point semantics for this language is developed for which we prove determinism and termination of constructive programs

The impact of Participatory Budgeting on health and wellbeing:A scoping review of evaluations

Background: Participatory budgeting (PB), citizens deliberating among themselves and with officials to decide how to allocate funds for public goods, has been increasingly implemented across Europe and worldwide. While PB is recommended as good practice by the World Bank and the United Nations, with potential to improve health and wellbeing, it is unclear what evaluations have been conducted on the impact of PB on health and wellbeing. Methods: For this scoping review, we searched 21 databases with no restrictions on publication date or language. The search term ‘participatory budget’ was used as the relevant global label for the intervention of interest. Studies were included if they reported original analysis of health, social, political, or economic and budgetary outcomes of PB. We examined the study design, analysis, outcomes and location of included articles. Findings are reported narratively. Results: From 1458 identified references, 37 studies were included. The majority of evaluations (n = 24) were of PB in South America, seven were in Europe. Most evaluations were case studies (n = 23) conducting ethnography and surveys, focussing on political outcomes such as participation in PB or impacts on political activities. All of the quantitative observational studies analysing population level data, except one in Russia, were conducted in South America. Conclusion: Despite increasing interest in PB, evaluations applying robust methods to analyse health and wellbeing outcomes are scarce, particularly beyond Brazil. Therefore, implementation of PB schemes should be accompanied by rigorous qualitative and quantitative evaluation to identify impacts and the processes by which they are realised