Analog Property Checkers: A Ddr2 Case Study

The formal specification component of verification can be exported to simulation through the idea of property checkers. The essence of this approach is the automatic construction of an observer from the specification in the form of a program that can be interfaced with a simulator and alert the user if the property is violated by a simulation trace. Although not complete, this lighter approach to formal verification has been effectively used in software and digital hardware to detect errors. Recently, the idea of property checkers has been extended to analog and mixed-signal systems. In this paper, we apply the property-based checking methodology to an industrial and realistic example of a DDR2 memory interface. The properties describing the DDR2 analog behavior are expressed in the formal specification language stl/psl in form of assertions. The simulation traces generated from an actual DDR2 interface design are checked with respect to the stl/psl assertions using the amt tool. The focus of this paper is on the translation of the official (informal and descriptive) specification of two non-trivial DDR2 properties into stl/psl assertions. We study both the benefits and the current limits of such approach

A compositional monitoring framework for hard real-time systems

Runtime Monitoring of hard real-time embedded systems is a promising technique for ensuring that a running system respects timing constraints, possibly combined with faults originated by the software and/or hardware. This is particularly important when we have real-time embedded systems made of several components that must combine different levels of criticality, and different levels of correctness requirements. This paper introduces a compositional monitoring framework coupled with guarantees that include time isolation and the response time of a monitor for a predicted violation. The kind of monitors that we propose are automatically generated by synthesizing logic formulas of a timed temporal logic, and their correctness is ensured by construction.This work was partially supported by National Funds through FCT (Portuguese Foundation for Science and Technology) and by ERDF (European Regional Development Fund) through COMPETE (Operational Programme ’Thematic Factors of Competitiveness’), within projects Ref. FCOMP-01-0124-FEDER-022701 (CISTER), FCOMP-01-0124- FEDER-015006 (VIPCORE) and FCOMP-01-0124-FEDER-020486 (AVIACC)

Die "Roma-Frage" in Frankreich und Europa: Dekonstruktion eines Klischees

In der öffentlichen Wahrnehmung vieler europäischer Länder gelten Roma immer wieder als eine spezielle Bevölkerungsgruppe, die spezifische Probleme verursacht. Am Beispiel der Gruppe der "Roma-Migranten" in Frankreich fällt auf, dass ein Großteil der Schwierigkeiten, mit denen diese Einwanderergruppe konfrontiert ist, damit zusammenhängt, welche Wahrnehmungen und Klischees von "Roma" in Politik, Institutionen und Medien vorherrschen. Der Begriff "Roma-Migranten" ist noch relativ jung und umschreibt verschiedene familiäre Gruppen aus Zentraleuropa und vom Balkan, die infolge des Zusammenbruchs der kommunistischen Regime emigriert sind. In Frankreich umfasst diese Gruppe von Einwanderern 15.000 bis 20.000 Personen vorwiegend aus Rumänien. Sie leben zumeist in temporären, nicht genehmigten Siedlungen in den Vorstädten französischer Großstädte. Die prekären Lebensumstände sind allerdings nicht auf eine in irgendeiner Art ethnisch-kulturell zu begründenden Präferenz eines "fahrenden Volkes" zurückzuführen, sondern auf Mechanismen der Ausgrenzung, die politisch, juristisch und gesellschaftlich begründet sind

Correct-by-construction implementation of runtime monitors using stepwise refinement

Runtime verification (RV) is a lightweight technique for verifying traces of computer systems. One challenge in applying RV is to guarantee that the implementation of a runtime monitor correctly detects and signals unexpected events. In this paper, we present a method for deriving correct-by-construction implementations of runtime monitors from high-level specifications using Fiat, a Coq library for stepwise refinement. SMEDL (Scenario-based Meta-Event Definition Language), a domain specific language for event-driven RV, is chosen as the specification language. We propose an operational semantics for SMEDL suitable to be used in Fiat to describe the behavior of a monitor in a relational way. Then, by utilizing Fiat\u27s refinement calculus, we transform a declarative monitor specification into an executable runtime monitor with a proof that the behavior of the implementation is strictly a subset of that provided by the specification. Moreover, we define a predicate on the syntax structure of a monitor definition to ensure termination and determinism. Most of the proof work required to generate monitor code has been automated

Four-valued monitorability of ω-regular languages

The use of runtime verification has led to interest in deciding whether a property is monitorable: whether it is always possible for the satisfaction or violation of the property to be determined after a finite future continuation during system execution. However, classical two-valued monitorability suffers from two inherent limitations, which eventually increase runtime overhead. First, no information is available regarding whether only one verdict (satisfaction or violation) can be detected. Second, it does not tell us whether verdicts can be detected starting from the current monitor state during system execution. This paper proposes a new notion of four-valued monitorability for ω -languages and applies it at the state-level. Four-valued monitorability is more informative than two-valued monitorability as a property can be evaluated as a four-valued result, denoting that only satisfaction, only violation, or both are active for a monitorable property. We can also compute state-level weak monitorability, i.e., whether satisfaction or violation can be detected starting from a given state in a monitor, which enables state-level optimizations of monitoring algorithms. Based on a new six-valued semantics, we propose procedures for computing four-valued monitorability of ω -regular languages, both at the language-level and at the state-level. Experimental results show that our tool implementation Monic can correctly, and quickly, report both two-valued and four-valued monitorability