Applying formal methods to standard development: the open distributed processing experience

Since their introduction, formal methods have been applied in various ways to different standards. This paper gives an account of these applications, focusing on one application in particular: the development of a framework for creating standards for Open Distributed Processing (ODP). Following an introduction to ODP, the paper gives an insight into the current work on formalising the architecture of the Reference Model of ODP (RM-ODP), highlighting the advantages to be gained. The different approaches currently being taken are shown, together with their associated advantages and disadvantages. The paper concludes that there is no one all-purpose approach which can be used in preference to all others, but that a combination of approaches is desirable to best fulfil the potential of formal methods in developing an architectural semantics for OD

Specifying Multimedia Binding Objects in Z

The current standardisation activity of Open Distributed Processing (ODP) has attempted to incorporate multimedia flows of information into its architecture through the idea of stream interfaces. At present the reference model of ODP (ODP-RM) abstracts from the precise nature of the flows of information. As a consequence of this, the ODPRM only deals with syntactic aspects of stream interfaces and does not require them to satisfy any behavioural considerations. It is shown in this paper how the formal notation Z can be used to reason about these flows of information in a manner that enables behavioural as well as temporal aspects to be considered. The example given to highlight the approach is the ODP concept of a binding object

Overhauling SC atomics in C11 and OpenCL

Despite the conceptual simplicity of sequential consistency (SC), the semantics of SC atomic operations and fences in the C11 and OpenCL memory models is subtle, leading to convoluted prose descriptions that translate to complex axiomatic formalisations. We conduct an overhaul of SC atomics in C11, reducing the associated axioms in both number and complexity. A consequence of our simplification is that the SC operations in an execution no longer need to be totally ordered. This relaxation enables, for the first time, efficient and exhaustive simulation of litmus tests that use SC atomics. We extend our improved C11 model to obtain the first rigorous memory model formalisation for OpenCL (which extends C11 with support for heterogeneous many-core programming). In the OpenCL setting, we refine the SC axioms still further to give a sensible semantics to SC operations that employ a ‘memory scope’ to restrict their visibility to specific threads. Our overhaul requires slight strengthenings of both the C11 and the OpenCL memory models, causing some behaviours to become disallowed. We argue that these strengthenings are natural, and that all of the formalised C11 and OpenCL compilation schemes of which we are aware (Power and x86 CPUs for C11, AMD GPUs for OpenCL) remain valid in our revised models. Using the HERD memory model simulator, we show that our overhaul leads to an exponential improvement in simulation time for C11 litmus tests compared with the original model, making exhaustive simulation competitive, time-wise, with the non-exhaustive CDSChecker tool

Specifying Hardware Timing with ET-LOTOS (extended version)

It is explained how DILL (Digital Logic in LOTOS) can be used to specify and analyse hardware timing characteristics using ET-LOTOS (Enhanced Timed LOTOS), a timed extension of the ISO standard formal language LOTOS (Language of Temporal Ordering Specification). Hardware component functionality and timing characteristics are rigorously specified and then validated. As will be seen, subtle timing problems can be found by using this approach

Towards an analysis of shear suspension flows using radial basis functions

In this paper, radial basis functions are utilised for numerical prediction of the bulk properties of particulate suspensions under simple shear conditions. The suspending fluid is Newtonian and the suspended particles are rigid. Results obtained are compared well with those based on finite elements in the literature

Parliamentary elections in Jordan, January 2013

Jordan held its first elections since the beginning of the "Arab Spring" on January 23, 2013. Against the backdrop of region-wide mobilization in the Middle East, which led to the ousting of authoritarian President Mubarak in Egypt in 2011 and the civil war in Syria, the elections to the 17th lower house of parliament in Jordan were widely considered a political litmus test for King Abdullah II. Jordan experienced its own opposition mobilization throughout 2011 and 2012, with unprecedented criticism of the monarch. At the same time, the general political mood in Jordan has still overwhelmingly been one of gradual reform, not revolution. Therefore, the parliamentary elections of January 2013 must be seen in the context of an increasingly politicized and frustrated Jordanian public on the one hand, and a rather successful royal political survival strategy on the other

Protocol Techniques for Testing Radiotherapy Accelerators

The nature of radiotherapy accelerators is briefly explained. It is argued that these complex safety-critical systems need a systematic basis for testing their software. The paper describes a novel application of protocol specification and testing methods to radiotherapy accelerators. An outline specification is given in LOTOS (Language Of Temporal Ordering Specification) of the accelerator control system. It is completely infeasible to use this directly for test generation. Instead, specification inputs are restricted using annotations in a Parameter Constraint Language. This is automatically translated into LOTOS and combined with the accelerator specification. It then becomes manageable to generate tests automatically of the actual accelerator to check that it agrees with its specification according to the relation ioconf (input-output conformance). Sample input annotations, their translation to LOTOS, and the resulting test cases are described