Wetting and Soldering Behavior of Eutectic Au-Ge Alloy on Cu and Ni Substrates

Au-Ge-based alloys are interesting as novel high-temperature lead-free solders because of their low melting point, good thermal and electrical conductivity, and high corrosion resistance. In the present work, the wetting and soldering behavior of the eutectic Au-28Ge (at.%) alloy on Cu and Ni substrates have been investigated. Good wetting on both substrates with final contact angles of 13° to 14° was observed. In addition, solder joints with bond shear strength of 30MPa to 35MPa could be produced under controlled conditions. Cu substrates exhibit pronounced dissolution into the Au-Ge filler metal. On Ni substrates, the NiGe intermetallic compound was formed at the filler/substrate interface, which prevents dissolution of Ni into the solder. Using thin filler metal foils (25μm), complete consumption of Ge in the reaction at the Ni interface was observed, leading to the formation of an almost pure Au layer in the soldering zon

Flexible Invariants Through Semantic Collaboration

Modular reasoning about class invariants is challenging in the presence of dependencies among collaborating objects that need to maintain global consistency. This paper presents semantic collaboration: a novel methodology to specify and reason about class invariants of sequential object-oriented programs, which models dependencies between collaborating objects by semantic means. Combined with a simple ownership mechanism and useful default schemes, semantic collaboration achieves the flexibility necessary to reason about complicated inter-object dependencies but requires limited annotation burden when applied to standard specification patterns. The methodology is implemented in AutoProof, our program verifier for the Eiffel programming language (but it is applicable to any language supporting some form of representation invariants). An evaluation on several challenge problems proposed in the literature demonstrates that it can handle a variety of idiomatic collaboration patterns, and is more widely applicable than the existing invariant methodologies.Comment: 22 page

Efficient Refinement Checking in VCC

We propose a methodology for carrying out refinement proofs across declarative abstract models and concrete implementations in C, using the VCC verification tool. The main idea is to first perform a systematic translation from the top-level abstract model to a ghost implementation in VCC. Subsequent refinement proofs between successively refined abstract models and between abstract and concrete implementations are carried out in VCC. We propose an efficient technique to carry out these refinement checks in VCC. We illustrate our methodology with a case study in which we verify a simplified C implementation of an RTOS scheduler, with respect to its abstract Z specification. Overall, our methodology leads to efficient and automatic refinement proofs for complex systems that would typically be beyond the capability of tools such as Z/Eves or Rodin

Proving Memory Safety of the ANI Windows Image Parser Using Compositional Exhaustive Testing

We report in this paper how we proved memory safety of a complex Windows image parser written in low-level C in only three months of work and using only three core tech-niques, namely (1) symbolic execution at the x86 binary level, (2) exhaustive program path enumeration and testing, and (3) user-guided program decomposition and summariza-tion. We also used a new tool, named MicroX, for executing code fragments in isolation using a custom virtual machine designed for testing purposes. As a result of this work, we are able to prove, for the first time, that a Windows image parser is memory safe, i.e., free of any buffer-overflow secu-rity vulnerabilities, modulo the soundness of our tools and several additional assumptions regarding bounding input-dependent loops, fixing a few buffer-overflow bugs, and ex-cluding some code parts that are not memory safe by design. In the process, we also discovered and fixed several limita-tions in our tools, and narrowed the gap between systematic testing and verification. 1

A formally verified compiler back-end

This article describes the development and formal verification (proof of semantic preservation) of a compiler back-end from Cminor (a simple imperative intermediate language) to PowerPC assembly code, using the Coq proof assistant both for programming the compiler and for proving its correctness. Such a verified compiler is useful in the context of formal methods applied to the certification of critical software: the verification of the compiler guarantees that the safety properties proved on the source code hold for the executable compiled code as well

On the Verification of Memory Management Mechanisms

We define physical machines as processors with physical memory and swap memory; in user mode physical machines support address translation. We report about the formal verification of a complex processor supporting address translation by means of a memory management unit (MMU). We give a paper and pencil proof that physical machines togethe

Mechanized semantics for the Clight subset of the C language

This article presents the formal semantics of a large subset of the C language called Clight. Clight includes pointer arithmetic, "struct" and "union" types, C loops and structured "switch" statements. Clight is the source language of the CompCert verified compiler. The formal semantics of Clight is a big-step operational semantics that observes both terminating and diverging executions and produces traces of input/output events. The formal semantics of Clight is mechanized using the Coq proof assistant. In addition to the semantics of Clight, this article describes its integration in the CompCert verified compiler and several ways by which the semantics was validated.Comment: Journal of Automated Reasoning (2009

Fatigue life of machined components

A correlation between machining process and fatigue strength of machined components clearly exists. However, a complete picture of the knowledge on this is not readily available for practical applications. This study addresses this issue by investigating the effects of machining methods on fatigue life of commonly used materials, such as titanium alloys, steel, aluminium alloys and nickel alloys from previous literature. Effects of turning, milling, grinding and different non-conventional machining processes on fatigue strength of above-mentioned materials have been investigated in detail with correlated information. It is found that the effect of materials is not significant except steel in which phase change causes volume expansion, resulting in compressive/tensile residual stresses based on the amounts of white layers. It is very complex to identify the influence of surface roughness on the fatigue strength of machined components in the presence of residual stresses. The polishing process improves the surface roughness, but removes the surface layers that contain compressive residual stresses to decrease the fatigue strength of polished specimens. The compressive and tensile residual stresses improve and reduce fatigue strength, respectively. Grinding process induces tensile residual stresses on the machined surfaces due to high temperature generation. On the other hand, milling and turning processes induce compressive residual stresses. High temperature non-conventional machining generates a network of micro-cracks on the surfaces in addition to tensile residual stresses to subsequently reduce fatigue strength of machined components. Embedded grits of abrasive water jet machining degrade the fatigue performance of components machined by this method

Refinement-Based Verification of the FreeRTOS Scheduler in VCC

We describe our experience with verifying the scheduler-related functionality of FreeRTOS, a popular open-source embedded real-time operating system. We propose a methodology for carrying out refinement-based proofs of functional correctness of abstract data types in the popular code-level verifier VCC. We then apply this methodology to carry out a full machine-checked proof of the functional correctness of the FreeRTOS scheduler. We describe the bugs found during this exercise, the fixes made, and the effort involved