Ke Xu,Yuexuan Wang,Cheng Wu

DOI: https://doi.org/10.1007/11745693_53

2006-01-01

Abstract:Ensuring the reliability and robustness of complex scientific grid applications is a critical issue for managing and sharing expensive scientific instruments. However, guaranteeing the correct processing of grid applications under all circumstances is difficult and not fully addressed by existing grid infrastructure. Hidden flaws in the applications including unexpected internal behaviors, dissatisfaction of real-time constraints, incompatibility in service interactions, etc may lead to subtle failures in grid systems. This work tries to enhance the trustworthiness of grid applications by investigating existing formal techniques and their extensions. A formal framework based on extensions of Pi calculus is proposed which also integrates formal techniques of model checking and bisimulation analysis to enable the reasoning of grid applications from three perspectives: data, time and behavior. In addition, both application examples and our current implementation architecture are also concluded.

Ting Wang,Songzheng Song,Jun Sun,Yang Liu,Jin Song Dong,Xinyu Wang,Shanping Li

DOI: https://doi.org/10.1007/978-3-642-34281-3_26

2012-01-01

Abstract:Refinement checking plays an important role in system verification. It establishes properties of an implementation by showing a refinement relationship between the implementation and a specification. Recently, it has been shown that anti-chain based approaches increase the efficiency of trace refinement checking significantly. In this work, we study the problem of adopting anti-chain for stable failures refinement checking, failures-divergence refinement checking and probabilistic refine checking (i.e., a probabilistic implementation against a non-probabilistic specification). We show that the first two problems can be significantly improved, because the state space of the product model may be reduced dramatically. Though applying anti-chain for probabilistic refinement checking is more complicated, we manage to show improvements in some cases. We have integrated these techniques into the PAT model checking framework. Experiments are conducted to demonstrate the efficiency of our approach.

HUANG Chong-de,PENG Xin,ZHAO Wen-yun

DOI: https://doi.org/10.3321/j.issn:1002-8331.2007.10.027

2007-01-01

Abstract:With the requirements of continuous service in mission and safety critical software applications,shutdown and restart system during software upgrade are unacceptable.Dynamic update with foundation of runtime software evolution becomes a way to solve these problems.But as the variety of component style,ability,and communicating protocols,component substitute may encounter incompatibility.And force updating without adaptation may endanger the stability and correctness of current system.This paper focuses the behaviors of component,uses the architecture description language based on Wright,and uses the description method based on CSP,to describe the behaviors between components,to analyze the difference of behaviors before update.Be sure that the new component behaviors satisfy the system's requirements.And this mechanism ensures the correctness and security of dynamic update,and enhances the self-adaptability of system evolution.

yuanjie si,xiaohu yang,xinyu wang,chao huang,aleksander j kavs

DOI: https://doi.org/10.1109/ICCET.2010.5485256

2010-01-01

Abstract:In this paper, a bottom-up architecture-based reliability estimation framework for component based software systems is presented. The approach takes the component composition mechanisms and the utilization frequency of each component into account, and it is general for different architecture styles. We first propose five basic component composition mechanisms and their reliability representation methods. Then we show how to estimate the reliability of heterogeneous architectures using these basic component composition mechanisms through an iterative process. Finally a case study of a stock trading system is used to illustrate the application of our approach.

Xiaohui Xu,Yi Zhang

DOI: https://doi.org/10.1109/ICCSNT.2013.6967115

2013-01-01

Abstract:To enable the updated system to run correctly, it is very important to reason about some meaning and possible effects of updates. In this paper, we propose a formal calculus update π, a variant extension of higher-order π calculus, to model dynamic updates of component-based software, which is language and technology independent. This calculus focuses on some main aspects which include granularity of update, timing of update, state transformation and update failure recovery. Some applications of this formal method to those general dynamic update processes and the relational analysis of property and verification show that the update π calculus can reasonably reason about and ensure the safety and consistency of dynamic updates.

Junrong Shen,Xi Sun,Gang Huang,Wenpin Jiao,Yanchun Sun,Hong Mei

DOI: https://doi.org/10.1145/1081706.1081720

2005-01-01

ACM SIGSOFT Software Engineering Notes

Abstract:The continuous requirements of evolving a delivered software system and the rising cost of shutting down a running software system are forcing researchers and practitioners to find ways of updating software as it runs. Dynamic update is a kind of software evolution that updates a running program without interruption. This paper covers the fundamental issues of the mechanisms of dynamic update theoretically. Based on a similarity analysis of many typical approaches to dynamic update during the past decades, we propose a unified formal model (namely, Dynamic Update Connector) to specify mechanisms of updating an architectural component, and reason about its properties. The model borrows the concept of connectors from software architecture community and is specified using process algebra CSP. We also demonstrate the applications of our DUC model.

Shengwei An,Xiaoxing Ma,Chun Cao,Ping Yu,Chang Xu

DOI: https://doi.org/10.1109/QRS.2015.33

2015-01-01

Abstract:Dynamic Software Update (DSU) is a technique to upgrade running programs without shutting them down. DSU can improve system availability and maintenance flexibility. However, its adoption in practice is still limited due to the risk of system misbehavior that careless DSU may bring. To reduce this risk we propose a formal framework for the specification and verification of DSU. Different from previous approaches where DSU is described from the viewpoint of program's internal state transitions, our framework focuses on program's external behavior and its effect on its environment. This more abstract view avoids over specification of DSU and allows for better DSU flexibility. Based on this framework, we also devise a mechanism that automatically synthesizes runtime monitors to improve DSU timeliness without compromising its safety.

Xiaohui Xu,Linpeng Huang,Dejun Wang,Junqing Chen

DOI: https://doi.org/10.48550/arXiv.1011.6496

2010-11-30

Abstract:It is important to enable reasoning about the meaning and possible effects of updates to ensure that the updated system operates correctly. A formal, mathematical model of dynamic update should be developed, in order to understand by both users and implementors of update technology what design choices can be considered. In this paper, we define a formal calculus $update\pi$, a variant extension of higher-order $\pi$ calculus, to model dynamic updates of component-based software, which is language and technology independent. The calculus focuses on following main concepts: proper granularity of update, timing of dynamic update, state transformation between versions, update failure check and recovery. We describe a series of rule on safe component updates to model some general processes of dynamic update and discuss its reduction semantics coincides with a labelled transition system semantics that illustrate the expressive power of these calculi.

Logic in Computer Science

Ruzhi Xu,Quansheng Wu,Hongquan Gong,Leqiu Qian

DOI: https://doi.org/10.1109/iitsi.2010.101

2010-01-01

Abstract:Formal semantics of components are foundations for rigorous analyzing and reasoning about the composition process and its correctness. According to the notion of software contract, components interaction patterns and composition process patterns, formal semantics of components are proposed. With this basis and inspired by typing system and process construction methods of -calculus, a typing framework for the composition are proposed. Additionally, based on the operational semantics, a formal model of component is suggested. Then, transition rules about component composition are introduced based on the calculus typing rules. At last, the feasibility and validity of the proposed composition method are confirmed by the results of composition experiments on a composition platform FSCC.

Shi Zhang,LinPeng Huang

DOI: https://doi.org/10.1109/qsic.2006.30

2006-01-01

Abstract:Dynamic software updating enables running programs to be updated while executing. In this paper, a simple formal system is established with the goal of understanding the underlying foundations of updating classes, for the purpose of understanding how to best build reliable updatable programs. The update calculus is built for O-O software with a precise mathematical semantics. It is formulated as an extension of a core calculus for Featherweight Java, and supports updating technology similar to that of the programming language Java and C++. The calculus also presents what kind of update can be made dynamically. At the end of the paper, we proof that these update is type safety

Cong Sun,Ning Xi,Jinku Li,Qingsong Yao,Jianfeng Ma

DOI: https://doi.org/10.1109/APSEC.2014.60

2014-01-01

Abstract:Information flow security has been considered as a critical requirement on software systems, especially when heterogeneous components from different parties cooperate to achieve end-to-end enforcement on data confidentiality. Enforcing the information flow security properties on complicated systems faces a great challenge because the properties cannot be preserved under composition and most of the current approaches are not scalable enough. To address this problem, there have been several recent efforts on the compositional information flow analyses developed for different abstraction levels. But these approaches have rarely been considered to incorporate with the process of system design. Integrating the security enforcement with the model-based development process can provide the designer with ability to verify information flow security in the early stage of system development. We propose a compositional information flow verification which is integrated with model-based system design in Sys ML by an automated model translation from semi-formal behavior and structure models to interface automata. Our compositional approach is general to support the complex security lattices and a variety of in distinguish ability relations. The evaluation results show the usability of our approach on practical system designs and the scalability of the compositional verification.

李阳,吴朝晖

DOI: https://doi.org/10.3785/j.issn.1008-973x.2004.02.002

2004-01-01

Abstract:A formal method was proposed to depict the component integration and predict the component runtime behavior of integration. In this method, the component interfaces were regarded as thread —trigger and response. From the aspect of thread, component patterns of interaction, such as concurrency, mutex and asynchrony were expressed. Finally, the difficulty caused by component's unknown interaction was resolved with the presented method, which can be used to define more clearly and effectively the runtime behavior of an assembly and its applications.

Zan Xiao,Donggang Cao,Chao You,Minghui Zhou,Hong Mei

DOI: https://doi.org/10.1109/COMPSAC.2009.68

2009-01-01

Abstract:Dynamic component updating, which allows a running system to be updated without interrupting its execution, has been recognized as an important requirement for distributed systems. However, most of existing approaches complicate the component development by making the component’s updating logic mixed with its business logic. This paper proposes a flexible and lightweight approach for supporting dynamic component updating. Our approach allows multiple versions of a component to co-exist with the support of runtime version management mechanism. Multiple polices are provided to coordinate behaviors of different component versions. In this way, seamless system updating can be achieved and the reliability during updating is also guaranteed. Moreover, our approach separates the component’s updating logic from its business logic and little burden are placed on developers. The experimental results show that the performance overhead is trivial.

Zhe Chen,Gilles Motet

DOI: https://doi.org/10.1109/depend.2009.18

2009-06-01

Abstract:Safety is an important element of dependability. It is defined as the absence of accidents. Most accidents involving software-intensive systems have been system accidents, which are caused by unsafe inter-system or inter-component interactions. To validate the absence of system hazards concerning dysfunctional interactions, industrials call for approaches of modeling system safety requirements and interaction constraints among components. This paper proposes such a formalism, namely interface control systems (or shortly C-Systems). An interface C-System is composed of an interface automaton and a controlling automaton, which formalizes safe interactions and restricts system behavior at the meta level. This framework differs from the framework of traditional model checking. It explicitly separates the tasks of product engineers and safety engineers, and provides a top-down technique for modeling a system with safety constraints, and for automatically composing a safe system that conforms to safety requirements. The contributions of this work include formalizing safety requirements and a way of automatically ensuring system safety.

Luxi Chen,Linpeng Huang,Chen Li

DOI: https://doi.org/10.1109/ipdpsw.2012.196

2012-01-01

Abstract:Component-based software development (short for CBSD) is to develop software systems by choosing appropriate components in the distributed environment to assemble a dependable software architecture, which satisfies requirements. This new paradigm plays a key role in the software engineering and also brings new challenges to the dependable software architecture design. In this paper, firstly we introduce an architecture description language-π-ADL to specify the software architecture based on component. Secondly based on Higher-Order π-calculus, we give a formal method to verify the behavior consistency of component substitutability. In this way, we can forecast errors and enhance the semantic correctness of the software architecture from the design stage.

ZHANG Xiaodong,CHAI Yueting,REN Shouju

DOI: https://doi.org/10.3321/j.issn:1000-0054.2000.03.017

2000-01-01

Abstract:Component theories are becoming more and more important in software engineering. A formal component model framework, which employs partial order event multisets rather than formal languages to describe the behavior patterns of components, was proposed to standardize components specifications and designs. Both sequentially controlled components and concurrently controlled components can be dealt with in a consistent way under this framework. The concepts of component model, task contract and system model, in combination with the verification approaches of component completeness, services satisfiability and system consistency, can be directly used to guide the design of simulation algorithms for in a components supporting environment.

Mo Xia,Ming Jin,Guiming Luo

DOI: https://doi.org/10.1109/iscas.2013.6572201

2013-01-01

Abstract:Model checking has had a substantive impact on the verification of software, and nowadays more and more software are developed with components manufactured by a third party. This paper examines the verification of systems with unspecified components. The method is based on the model of oracle automaton and related checking algorithms. Two problems in the previous checking algorithm are found and analyzed. To correct the previous error, an efficient algorithm for verifying the system with unspecified components is introduced. The new algorithm not only corrects the errors but also extends the original algorithm to multi-oracle finite automaton. The set of input transitions that are not related to the oracles is minimized by the new algorithm. Further, a prototype tool for checking oracle finite automaton (OFA) is implemented. It has advantages for modeling systems with unspecified components and merging different checking algorithms. Finally, the architecture and design of this tool are illustrated.

Jeremy Morse,Dejanira Araiza-Illan,Jonathan Lawry,Arthur Richards,Kerstin Eder

DOI: https://doi.org/10.48550/arXiv.1603.01082

IF: 3.7

2016-03-03

Robotics

Abstract:The widespread adoption of autonomous systems depends on providing guarantees of safety and functional correctness, at both design time and runtime. Information about the extent to which functional requirements can be met in combination with non-functional requirements (NFRs) -- i.e. requirements that can be partially complied with -- , under dynamic and uncertain environments, provides opportunities to enhance the safety and functional correctness of systems at design time. We present a technique to formally define system attributes that can change or be changed to deal with dynamic and uncertain environments (denominated weakened specifications) as a partially ordered lattice, and to automatically explore the system under different specifications, using probabilistic model checking, to find the likelihood of satisfying a requirement. The resulting probabilities form boundaries of "optimal specifications", analogous to Pareto frontiers in multi-objective optimization, informing the designer about the system's capabilities, such as resilience or robustness, when changing its attributes to deal with dynamic and uncertain environments. We illustrate the proposed technique through a domestic robotic assistant example.

Jun HU,Xiao-Feng YU,Yan ZHANG,Lin-Zhang WANG,Xuan-Dong LI,Guo-Liang ZHENG

DOI: https://doi.org/10.3321/j.issn:0254-4164.2006.04.001

2006-01-01

Jisuanji Xuebao/Chinese Journal of Computers

Abstract:Component-based system design is becoming more and more popular in software engineering. Checking the important behavioral properties formally in the design phase is an effective way to improve the system reliability. In this paper, the authors consider the problem of checking component-based system designs for scenario-based specifications. Specifically, the authors use the interface automata networks to model the component-based system designs which include a set of interface automata synchronized by shared actions, and the scenario-based specifications are specified by UML sequence diagrams. Based on investigating the reachability graph of the state space of the interface automata networks, the authors develop several algorithms to check the existential consistency and mandatory consistency including the forward, backward and bidirectional consistency.

ZHANG Yan,HU Jun,YU Xiao-Feng,LI Xuan-Dong,ZHENG Guo-Liang

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.11.059

2005-01-01

Computer Science

Abstract:Interface automata is a new formal system used to specify components and interaction among them in the component-based system. Optimistic approach and game-theoretic foundations that deal with composition are the prom- inent characteristics of interface automata and are distinct from other formal methods. This paper surveys interface au- tomata, timed interface automata, resource interface and game-based idea in them. By contrast with other formal meth- ods, merits and limits of interface automata are summarized. This paper also gives significances of interface automata in theory and in practice, and the future of the application of interface automata.