Comprehensive Monitor-Oriented Compensation Programming

Compensation programming is typically used in the programming of web service compositions whose correct implementation is crucial due to their handling of security-critical activities such as financial transactions. While traditional exception handling depends on the state of the system at the moment of failure, compensation programming is significantly more challenging and dynamic because it is dependent on the runtime execution flow - with the history of behaviour of the system at the moment of failure affecting how to apply compensation. To address this dynamic element, we propose the use of runtime monitors to facilitate compensation programming, with monitors enabling the modeller to be able to implicitly reason in terms of the runtime control flow, thus separating the concerns of system building and compensation modelling. Our approach is instantiated into an architecture and shown to be applicable to a case study.Comment: In Proceedings FESCA 2014, arXiv:1404.043

An Embedded Domain Specific Language to Model, Transform and Quality Assure Business Processes in Business-Driven Development

In Business-Driven Development (BDD), business process models are produced by business analysts. To ensure that the business requirements are satisfied, the IT solution is directly derived through a process of model refinement. If models do not contain all the required technical details or contain errors, the derived implementation would be incorrect and the BDD lifecycle would have to be repeated. In this project we present a functional domain specific language embedded in Haskell, with which: 1) models can rapidly be produced in a concise and abstract manner, 2) enables focus on the specifications rather than the implementation, 3) ensures that all the required details, to generate the executable code, are specified, 4) models can be transformed, analysed and interpreted in various ways, 5) quality assures models by carrying out three types of checks; by Haskell.s type checker, at construction-time and by functions that analyse the soundness of models, 6) enables users to define quality assured composite model transformations

Contracts for Interacting Two-Party Systems

This article deals with the interrelation of deontic operators in contracts -- an aspect often neglected when considering only one of the involved parties. On top of an automata-based semantics we formalise the onuses that obligations, permissions and prohibitions on one party impose on the other. Such formalisation allows for a clean notion of contract strictness and a derived notion of contract conflict that is enriched with issues arising from party interdependence.Comment: In Proceedings FLACOS 2012, arXiv:1209.169

Device-Centric Monitoring for Mobile Device Management

The ubiquity of computing devices has led to an increased need to ensure not only that the applications deployed on them are correct with respect to their specifications, but also that the devices are used in an appropriate manner, especially in situations where the device is provided by a party other than the actual user. Much work which has been done on runtime verification for mobile devices and operating systems is mostly application-centric, resulting in global, device-centric properties (e.g. the user may not send more than 100 messages per day across all applications) being difficult or impossible to verify. In this paper we present a device-centric approach to runtime verify the device behaviour against a device policy with the different applications acting as independent components contributing to the overall behaviour of the device. We also present an implementation for Android devices, and evaluate it on a number of device-centric policies, reporting the empirical results obtained.Comment: In Proceedings FESCA 2016, arXiv:1603.0837

Correct hardware compilation with Verilog HDL

Hardware description languages usually include features which do not have a direct hardware interpretation. Recently, synthesis algorithms allowing some of these features to be compiled into circuits have been developed and implemented. Using a formal semantics of Verilog based on Relational Duration Calculus, we give a number of algebraic laws which Verilog programs obey, using which, we then prove the correctness of a hardware compilation procedure.peer-reviewe

Extensible Technology-Agnostic Runtime Verification

With numerous specialised technologies available to industry, it has become increasingly frequent for computer systems to be composed of heterogeneous components built over, and using, different technologies and languages. While this enables developers to use the appropriate technologies for specific contexts, it becomes more challenging to ensure the correctness of the overall system. In this paper we propose a framework to enable extensible technology agnostic runtime verification and we present an extension of polyLarva, a runtime-verification tool able to handle the monitoring of heterogeneous-component systems. The approach is then applied to a case study of a component-based artefact using different technologies, namely C and Java.Comment: In Proceedings FESCA 2013, arXiv:1302.478

Multi-stage languages in hardware design

As circuits increase in size and complexity, hardware description techniques have been trying to adopt features already well- established in software languages. In this paper, we investigate how different hardware description languages implement levels of abstraction over the hardware designs, and we examine how improvements have lead to features like parameterised circuits and generic descriptions, that enable users to efficiently model and reason about large regular-shaped structures and connection patterns. Nonetheless, the ability to include non-functional properties of circuits in the same description is still an open issue. Lately, proposed solutions are looking into meta-functional languages and multi-staging techniques. We examine how hardware description languages can benefit from the capabilities of meta-functional languages, which are able to reason about, and transform the circuit generators as data objects, thus providing a means to access both the functional and non-functional aspects of the generated circuits.peer-reviewe

Recovery within long running transactions

As computer systems continue to grow in complexity, the possibilities of failure increase. At the same time, the increase in computer system pervasiveness in day-to-day activities brought along increased expectations on their reliability. This has led to the need for effective and automatic error recovery techniques to resolve failures. Transactions enable the handling of failure propagation over concurrent systems due to dependencies, restoring the system to the point before the failure occurred. However, in various settings, especially when interacting with the real world, reversal is not possible. The notion of compensations has been long advocated as a way of addressing this issue, through the specification of activities which can be executed to undo partial transactions. Still, there is no accepted standard theory; the literature offers a plethora of distinct formalisms and approaches. In this survey, we review the compensations from a theoretical point of view by: (i) giving a historic account of the evolution of compensating transactions; (ii) delineating and describing a number of design options involved; (iii) presenting a number of formalisms found in the literature, exposing similarities and differences; (iv) comparing formal notions of compensation correctness; (v) giving insights regarding the application of compensations in practice; and (vi) discussing current and future research trends in the area.peer-reviewe