Using Abstraction in Modular Verification of Synchronous Adaptive Systems

Self-adaptive embedded systems autonomously adapt to changing environment conditions to improve their functionality and to increase their dependability by downgrading functionality in case of fail- ures. However, adaptation behaviour of embedded systems significantly complicates system design and poses new challenges for guaranteeing system correctness, in particular vital in the automotive domain. Formal verification as applied in safety-critical applications must therefore be able to address not only temporal and functional properties, but also dynamic adaptation according to external and internal stimuli. In this paper, we introduce a formal semantic-based framework to model, specify and verify the functional and the adaptation behaviour of syn- chronous adaptive systems. The modelling separates functional and adap- tive behaviour to reduce the design complexity and to enable modular reasoning about both aspects independently as well as in combination. By an example, we show how to use this framework in order to verify properties of synchronous adaptive systems. Modular reasoning in com- bination with abstraction mechanisms makes automatic model checking efficiently applicable

Clouds in the atmospheres of extrasolar planets. II. Thermal emission spectra of Earth-like planets influenced by low and high-level clouds

We study the impact of multi-layered clouds (low-level water and high-level ice clouds) on the thermal emission spectra of Earth-like planets orbiting different types of stars. Clouds have an important influence on such planetary emission spectra due to their wavelength dependent absorption and scattering properties. We also investigate the influence of clouds on the ability to derive information about planetary surface temperatures from low-resolution spectra.Comment: accepted for publication in A&

The impact of ice crystal shapes, size distributions and spatial structures of cirrus clouds on solar radiative fluxes

The solar radiative properties of cirrus clouds depend on ice particle shape, size, and orientation, as well as on the spatial cloud structure. Radiation schemes in atmospheric circulation models rely on estimates of cloud optical thickness only. In the present work, a Monte Carlo radiative transfer code is applied to various cirrus cloud scenarios to obtain the radiative response of uncertainties in the above-mentioned microphysical and spatial cloud properties (except orientation). First, plane-parallel homogeneous (0D) clouds with different crystal shapes (hexagonal columns, irregular polycrystals) and 114 different size distributions have been considered. The resulting variabilities in the solar radiative fluxes are in the order of a few percent for the reflected and about 1% for the diffusely transmitted fluxes. Largest variabilities in the order of 10% to 30% are found for the solar broadband absorptance. However, these variabilities are smaller than the flux differences caused by the choice of ice particle geometries. The influence of cloud inhomogeneities on the radiative fluxes has been examined with the help of time series of Raman lidar extinction coefficient profiles as input for the radiative transfer calculations. Significant differences between results for inhomogeneous and plane-parallel clouds were found. These differences are in the same order of magnitude as those arising from using extremely different crystal shapes for the radiative transfer calculations. From this sensitivity study, the ranking of cirrus cloud properties according to their importance in solar broadband radiative transfer is optical thickness, ice crystal shape, ice particle size, and spatial structure

Inheritance of Temporal Logic Properties

Abstract. Inheritance is one of the key features for the success of object-oriented languages. Inheritance (or specialisation) supports incremental design and re-use of already written specifications or programs. In a for-mal approach to system design the interest does not only lie in re-use of class definitions but also in re-use of correctness proofs. If a provably correct class is specialised we like to know those correctness properties which are preserved in the subclass. This can avoid re-verification of already proven properties and may thus substantially reduce the verifi-cation effort. In this paper we study the question of inheritance of correctness prop-erties in the context of state-based formalisms, using a temporal logic (CTL) to formalise requirements on classes. Given a superclass and its specialised subclass we develop a technique for computing the set of for-mulas which are preserved in the subclass. For specialisation we allow addition of attributes, modification of existing as well as extension with new methods.

Clouds in the atmospheres of extrasolar planets. I. Climatic effects of multi-layered clouds for Earth-like planets and implications for habitable zones

The effects of multi-layered clouds in the atmospheres of Earth-like planets orbiting different types of stars are studied. The radiative effects of cloud particles are directly correlated with their wavelength-dependent optical properties. Therefore the incident stellar spectra may play an important role for the climatic effect of clouds. We discuss the influence of clouds with mean properties measured in the Earth's atmosphere on the surface temperatures and Bond albedos of Earth-like planets orbiting different types of main sequence dwarf stars.Comment: accepted for publication in A&

Inductive Proof Outlines for Monitors in Java

Abstract. The research concerning Java’s semantics and proof theory has mainly focussed on various aspects of sequential sub-languages. Java, however, integrates features of a class-based object-oriented language with the notion of multi-threading, where multiple threads can concurrently execute and exchange information via shared instance variables. Furthermore, each object can act as a monitor to assure mutual exclusion or to coordinate between threads. In this paper we present a sound and relatively complete assertional proof system for Java’s monitor concept, which generates verification conditions for a concurrent sublanguage JavaMT of Java. This work extends previous results by incorporating Java’s monitor methods