Download presentation
Presentation is loading. Please wait.
1
Stuart AllenMark Bickford Robert Constable (PI) Christoph KreitzLori LorigoRobbert Van Renesse Secure software infrastructure Logic Programming Communications An Open Logical Programming Environment Department of Computer Science, Cornell University Contract # F30602-98-0198
2
Formally relate mechanisms for composing program modules to mechanisms for composing specifications Prove system properties Add aspects while preserving properties Generate code modules from service specifications Build adaptive protocols for embedded applications Support real-time constraints in large networks Problem Description Build and apply formal method tools to increase assurance, adaptability, and performance of networked embedded systems
3
Objectives & Approach Class Theory ReflectionExtend logical language to support compositional design and verification (Class Theory), property-preserving code transformations, and real-time issues (Reflection) Build formal model of networked embedded systems Build formal knowledge and tailored reasoning strategies Introduce aspects via “composition” of micro-protocols Use LPE to increase confidence, flexibility & efficiency of key applications (Ensemble, Spinglass, Bold Stroke,...) open Logical Programming Environment Organize tools for verification, optimization, and formal design into an open Logical Programming Environment
4
LPE will provide Infrastructure for assuring system properties - e.g. safety, fault tolerance + synchronization, timing, … Support for error-free code reuse - Library of reusable specifications and related code - Mechanisms for composing designs and specs - Property-preserving transformations that combine aspects in code and specifications Verified mechanisms for increasing adaptability Support for real-time guarantees Contribution to PCES goals novel technologyreduce efforts increasing confidence The overarching goal of PCES is novel technology … that can reduce efforts to program embedded systems while increasing confidence in the … product Confidence requires proof
5
Possible applications through Ensemble & Spinglass Reliable infrastructure for large scale sensor networks that can provide real time intelligence to ground troops (Army) Support for communication infrastructure in Joint Battlespace Infosphere (In discussion with Air Force, Rome) Support for software systems like HiperD used in AEGIS battle control software (Navy) More through work on Boeing OEP Contribution to DoD Application LPE will provide assurance for desired properties, support rapid configuration of high-confidence systems and adaptability to changing situations
6
Project Tasks & Schedule Release tools for optimization of protocol stacks Complete formal verification of Ensemble VS protocol Develop new adaptive communication protocol using the LPE in design and verification Specify and model event-driven embedded system module from PCES project partner (BoldStroke, …) Develop web-based presentation mechanisms for knowledge base of software and specifications Enhance automatic tools to increase pace of formal developments (decision procedures, tailored tactics,…) Explore probabilistic embedded protocols with LPE technology developed for adaptive protocols Incrementally deploy logical reflection mechanisms as basis for program composition / reconfiguration Fall 2000 Winter 2000 Spring 2001 Summ er 2001Fall2001 ongoin g Spring / Summ er 20022002
7
Theoretical basis for efficient reflection mechanism reasoning about intensional properties: time, resources, synch…. Class theory supports code & design reuse through composition and weaving Developed LPE technology for formal design of verifiably correct adaptive systems Formal documentation, publications, Nuprl LPE and large database of algorithmic knowledge available at our web site http://www.cs.cornell.edu/Info/Projects/NuPrl Progress & Accomplishments
8
Verified Program Composition Class Theory provides expressive type constructs - Union, Intersection, Subtyping, Records, Modules Supports compositional verification - Intersecting modules preserves safety properties (M A P ) (M A M B P ) - Intersecting modules is a form of composition M A M B intersects states, actions, constraints == A method for property-preserving composition But intersection is more than just functional composition
9
Weaving as Combining Effects Intersection is proven to combine all safety properties of code Communication Logging Communication with Logging state q,log: Msg List action SEND: Msg effect SEND(m): q := enqueue m q if sensitive(m) then log := append log m Communication Communication state q: Msg List action SEND: Msg effect SEND(m): q := enqueue m q Logging Logging state log: Msg List action SEND: Msg effect SEND(m): if sensitive(m) then log := append log m Reflection needed to prove semantical effects of purely syntactical transformations (renaming, ….) Intersection weaves code-pieces together : property-preserving weaving of aspects
10
Designing Adaptive Systems Make system adapt safely to run-time dynamics - upgrades, higher security, performance Building block approach - generic switching protocol constructs hybrid protocols from simpler ones Switching protocol prot 1 prot 2 Correctness Issues - what protocols are switchable at all? - what code invariant preserves switchable properties ? Technique applies to event-driven architectures
11
6 Meta-Properties are sufficient for protocols to work correctly under a switch switch spec network Verifying Adaptive Systems } Layered Architecture } Protocol Switching Asynchrony Safety Delayable Send-enabled Composable Memoryless Verification reveals hidden assumptions & limitations of applicability Verification yields code invariants MP’s simplify design and verification MP’s characterize environmental prerequisites for correct behavior reliable adaptability Abstract approach supports reliable adaptability beyond communication
12
Package adaptive LPE tools and make available on web, including formal documentation Model components from Bold Stroke event channel - Investigate how to provide adaptive technology, optimization techniques, and check properties Illustrate how to weave probabilistic aspects into an existing protocol Develop prototype probabilistic real time embedded protocol with LPE Next Milestones
13
Applying the LPE to Bold Stroke Bold Stroke is layered event-channel architecture - some similarity to protocol stacks in communication Develop formal model of architecture and modules Investigate how to provide formal assistance for - assuring system properties (particularly after changes) - safe switching between schedules - dynamic reconfiguration (using adaptive technology) - improving performance for specific scenarios Analysis tools for OEP application components
14
Provide properties with extremely high probability Scales well Same real-time guarantees as deterministic approaches Less vulnerable (weaker assumptions, more realistic) Simpler to design and analyze use MP technology developed for adaptive protocols + formal probabilistic communication model + reflection (for timing issues and probability analysis) Applications: Air traffic control, embedded sensor networks Probabilistic embedded protocols Bimodal Multicast Unreliable 1% fail 10 -12 fail Elegant for dealing with real-time constraints in large networks
15
BBN (old ties: Ensemble in Aqua/Quo projects) (planned: Ensemble in A/V transmission) Boeing (in preparation: apply LPE to Bold Stroke) Vanderbilt (planned: analyze synthesized software) ORA (ongoing: LPE verifications) (planned: formal RT Java semantics) AFRL Rome (joint Information Assurance Institute) Others ? Collaborations
16
(DoD + commercial use)LPE already provides direct support of Ensemble and Spinglass systems (DoD + commercial use) (AFLR/Cornell Information Assurance Institute)AFRL people are being trained to use the LPE (AFLR/Cornell Information Assurance Institute) Connections to BBN and Boeing offer new transition paths for future results Technology Transfer
17
Which PCES application is best to demonstrate major impact of formal tools? Balance between long-term and short-term goals? (better formal tools vs pushing application with today’s tools) Project is part of PCES only until Sept. 2002 Meaningful collaboration beyond 2002? Program Issues
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.