54 research outputs found
Towards a Formal Framework for Mobile, Service-Oriented Sensor-Actuator Networks
Service-oriented sensor-actuator networks (SOSANETs) are deployed in
health-critical applications like patient monitoring and have to fulfill strong
safety requirements. However, a framework for the rigorous formal modeling and
analysis of SOSANETs does not exist. In particular, there is currently no
support for the verification of correct network behavior after node failure or
loss/addition of communication links. To overcome this problem, we propose a
formal framework for SOSANETs. The main idea is to base our framework on the
\pi-calculus, a formally defined, compositional and well-established formalism.
We choose KLAIM, an existing formal language based on the \pi-calculus as the
foundation for our framework. With that, we are able to formally model SOSANETs
with possible topology changes and network failures. This provides the basis
for our future work on prediction, analysis and verification of the network
behavior of these systems. Furthermore, we illustrate the real-life
applicability of this approach by modeling and extending a use case scenario
from the medical domain.Comment: In Proceedings FESCA 2013, arXiv:1302.478
A Denotational Semantics for Communicating Unstructured Code
An important property of programming language semantics is that they should
be compositional. However, unstructured low-level code contains goto-like
commands making it hard to define a semantics that is compositional. In this
paper, we follow the ideas of Saabas and Uustalu to structure low-level code.
This gives us the possibility to define a compositional denotational semantics
based on least fixed points to allow for the use of inductive verification
methods. We capture the semantics of communication using finite traces similar
to the denotations of CSP. In addition, we examine properties of this semantics
and give an example that demonstrates reasoning about communication and jumps.
With this semantics, we lay the foundations for a proof calculus that captures
both, the semantics of unstructured low-level code and communication.Comment: In Proceedings FESCA 2015, arXiv:1503.0437
An introduction to (Co)algebras and (Co)induction and their application to the semantics of programming languages
This report summarizes operational approaches to the formal
semantics of programming languages and shows that they can be
interpreted inductively by least fixed points as well as
coinductively by greatest fixed points. While the inductive
interpretation gives semantics to all terminating programs,
the coinductive one defines moreover also a semantics for all
non-terminating programs. This is especially important in
areas where programs do not terminate in general, e.g. data
bases, operating systems, or control software in embedded
systems. The semantic foundations described in this report can
be used to verify that transformations (e.g. in compilers) of
such software systems are correct.
In the course of this report, coalgebras and coinduction are
introduced, starting with a gentle intuitive motivation and
ending with a detailed mathematical description within the
notions of category theory
Fault-Tolerance by Graceful Degradation for Car Platoons
The key advantage of autonomous car platoons are their short inter-vehicle distances that increase traffic flow and reduce fuel consumption. However, this is challenging for operational and functional safety. If a failure occurs, the affected vehicles cannot suddenly stop driving but instead should continue their operation with reduced performance until a safe state can be reached or, in the case of temporal failures, full functionality can be guaranteed again. To achieve this degradation, platoon members have to be able to compensate sensor and communication failures and have to adjust their inter-vehicle distances to ensure safety. In this work, we describe a systematic design of degradation cascades for sensor and communication failures in autonomous car platoons using the example of an autonomous model car. We describe our systematic design method, the resulting degradation modes, and formulate contracts for each degradation level. We model and test our resulting degradation controller in Simulink/Stateflow
Instruction Caches in Static WCET Analysis of Artificially Diversified Software
Artificial Software Diversity is a well-established method to increase security of computer systems by thwarting code-reuse attacks, which is particularly beneficial in safety-critical real-time systems. However, static worst-case execution time (WCET) analysis on complex hardware involving caches only delivers sound results for single versions of the program, as it relies on absolute addresses for all instructions. To overcome this problem, we present an abstract interpretation based instruction cache analysis that provides a safe yet precise upper bound for the execution of all variants of a program. We achieve this by integrating uncertainties in the absolute and relative positioning of code fragments when updating the abstract cache state during the analysis. We demonstrate the effectiveness of our approach in an in-depth evaluation and provide an overview of the impact of different diversity techniques on the WCET estimations
Machine-Checkable Timed CSP
The correctness of safety-critical embedded software is crucial, whereas non-functional properties like deadlock-freedom and real-time constraints are particularly important. The real-time calculus Timed Communicating Sequential Processes (CSP) is capable of expressing such properties and can therefore be used to verify embedded software. In this paper, we present our formalization of Timed CSP in the Isabelle/HOL theorem prover, which we have formulated as an operational coalgebraic semantics together with bisimulation equivalences and coalgebraic invariants. Furthermore, we apply these techniques in an abstract specification with real-time constraints, which is the basis for current work in which we verify the components of a simple real-time operating system deployed on a satellite
Generating semantic analysis using constraint programming
We describe a new approach for the specification and generation
of the semantic analysis for typed programming languages.
We specify context-sensitive syntactic properties of a language
by a system of semantic rules. For various imperative programming
language concepts, we discuss the required semantic rules and show
how they can be solved efficiently, i.e., in time O(n) where n is
the program size
Optimized Transformation and Verification of SystemC Methods
Concurrent designs can be automatically verified by transforming them into an automata-based representation and by model checking the resulting model. However, when transforming a concurrent design into an automata-based representation, each method has to be translated into a single automaton. This produces a significant overhead for model checking. In this paper, we present an optimization of our previously proposed transformation from SystemC into Uppaal timed automata. The main idea is that we analyze whether SystemC methods can be executed atomically and then we use the results for generating a reduced automata model. We have implemented the optimized transformation in ourSystemC to Timed Automata Transformation Engine (STATE) and demonstrate the effect of our optimization with experimental results from micro benchmarks, a simple producer-consumer example, and from an Anti-Slip Regulation and Anti-lock Braking System (ASR/ABS)
Model checking SystemC designs using timed automata
SystemC is widely used for modeling and simulation in hard-ware/software co-design. Due to the lack of a complete for-mal semantics, it is not possible to verify SystemC designs. In this paper, we present an approach to overcome this prob-lem by defining the semantics of SystemC by a mapping from SystemC designs into the well-defined semantics of Uppaal timed automata. The informally defined behavior and the structure of SystemC designs are completely preserved in the generated Uppaal models. The resulting Uppaal models allow us to use the Uppaal model checker and the Uppaal tool suite, including simulation and visualization tools. The model checker can be used to verify important properties such as liveness, deadlock freedom or compliance with tim-ing constraints. We have implemented the presented trans-formation, applied it to two examples and verified liveness, safety and timing properties by model checking, thus show-ing the applicability of our approach in practice
Optimizing Code Generation from SSA Form: A Comparison Between Two Formal Correctness Proofs in Isabelle/HOL
AbstractCorrectness of compilers is a vital precondition for the correctness of the software translated by them. In this paper, we present two approaches for the formalization of static single assignment (SSA) form together with two corresponding formal proofs in the Isabelle/HOL system, each showing the correctness of code generation. Our comparison between the two proofs shows that it is very important to find adequate formalizations in formal proofs since they can simplify the verification task considerably. Our formal correctness proofs do not only verify the correctness of a certain class of code generation algorithms but also give us sufficient, easily checkable correctness criteria characterizing correct compilation results obtained from implementations (compilers) of these algorithms. These correctness criteria can be used in a compiler result checker
- …