5 research outputs found
A Datalog Hammer for Supervisor Verification Conditions Modulo Simple Linear Arithmetic
The Bernays-Sch\"onfinkel first-order logic fragment over simple linear real
arithmetic constraints BS(SLR) is known to be decidable. We prove that BS(SLR)
clause sets with both universally and existentially quantified verification
conditions (conjectures) can be translated into BS(SLR) clause sets over a
finite set of first-order constants. For the Horn case, we provide a Datalog
hammer preserving validity and satisfiability. A toolchain from the BS(LRA)
prover SPASS-SPL to the Datalog reasoner VLog establishes an effective way of
deciding verification conditions in the Horn fragment. This is exemplified by
the verification of supervisor code for a lane change assistant in a car and of
an electronic control unit for a supercharged combustion engine.Comment: 26 page
Towards Dynamic Dependable Systems through Evidence-Based Continuous Certification
International audienceFuture cyber-physical systems are expected to be dynamic, evolving while already being deployed. Frequent updates of software components are likely to become the norm even for safety-critical systems. In this setting, a full re-certification before each software update might delay important updates that fix previous bugs, or security or safety issues. Here we propose a vision addressing this challenge, namely through the evidence-based continuous supervision and certification of software variants in the field. The idea is to run both old and new variants of component software inside the same system, together with a supervising instance that monitors their behavior. Updated variants are phased into operation after sufficient evidence for correct behavior has been collected. The variants are required to explicate their decisions in a logical language, enabling the supervisor to reason about these decisions and to identify inconsistencies. To resolve contradictory information, the supervisor can run a component analysis to identify potentially faulty components on the basis of previously observed behavior, and can trigger micro-experiments which plan and execute system behavior specifically aimed at reducing uncertainty. We spell out our overall vision, and provide a first formalization of the different components and their interplay. In order to provide efficient supervisor reasoning as well as automatic verification of supervisor properties we introduce SupERLog, a logic specifically designed to this end
PCRAFT: Capacity Planning for Dependable Stateless Services
Fault-tolerance techniques depend on replication to enhance availability,
albeit at the cost of increased infrastructure costs. This results in a
fundamental trade-off: Fault-tolerant services must satisfy given availability
and performance constraints while minimising the number of replicated
resources. These constraints pose capacity planning challenges for the service
operators to minimise replication costs without negatively impacting
availability.
To this end, we present PCRAFT, a system to enable capacity planning of
dependable services. PCRAFT's capacity planning is based on a hybrid approach
that combines empirical performance measurements with probabilistic modelling
of availability based on fault injection. In particular, we integrate
traditional service-level availability mechanisms (active route anywhere and
passive failover) and deployment schemes (cloud and on-premises) to quantify
the number of nodes needed to satisfy the given availability and performance
constraints. Our evaluation based on real-world applications shows that cloud
deployment requires fewer nodes than on-premises deployments. Additionally,
when considering on-premises deployments, we show how passive failover requires
fewer nodes than active route anywhere. Furthermore, our evaluation quantify
the quality enhancement given by additional integrity mechanisms and how this
affects the number of nodes needed.Comment: 11 page
A Datalog Hammer for Supervisor Verification Conditions Modulo Simple Linear Arithmetic
International audienceThe Bernays-Schönfinkel first-order logic fragment over simple linear real arithmetic constraints BS(SLR) is known to be decidable. We prove that BS(SLR) clause sets with both universally and existentially quantified verification conditions (conjectures) can be translated into BS(SLR) clause sets over a finite set of first-order constants. For the Horn case, we provide a Datalog hammer preserving validity and satisfiability. A toolchain from the BS(LRA) prover SPASS-SPL to the Datalog reasoner VLog establishes an effective way of deciding verification conditions in the Horn fragment. This is exemplified by the verification of supervisor code for a lane change assistant in a car and of an electronic control unit for a supercharged combustion engine