Presentation is loading. Please wait.

Presentation is loading. Please wait.

Stuart AllenMark Bickford Robert Constable Richard Eaton Christoph KreitzLori Lorigo Secure software infrastructure Logic Programming Communications Advances.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Stuart AllenMark Bickford Robert Constable Richard Eaton Christoph KreitzLori Lorigo Secure software infrastructure Logic Programming Communications Advances."— Presentation transcript:

1

2 Stuart AllenMark Bickford Robert Constable Richard Eaton Christoph KreitzLori Lorigo Secure software infrastructure Logic Programming Communications Advances in Logical Programming Environments

3 Build open L ogical P rogramming E nvironment - integrate programming language and logic - share libraries of formalized mathematics - enable cooperation among formal systems - local reflection and code transformations Project goals Application to reliable embedded systems - semantics-based transformation and optimization - high-assurance software components and systems - formal component design

4 Nuprl LPE - new implementation with open architecture - formal documentation mechanisms - development of class theory - local reflection for weaving aspects Progress - formal design of adaptive systems Application to networked systems - optimization of protocol stacks - compositional protocol verification - formal design of adaptive systems

5 Cooperating processes Library as persistent database - basis for sharing mathematics Ability to connect to external systems Cooperating inference engines Multiple user interfaces Reflective system structure LPE Architecture

6 Comments contain references to objects - formal content browsable while reading text Display objects determine term presentation - print representation (screen/LaTeX macros) - suppressing formal parameters - preferences vs. parentheses Formal Documentation Create documentation from formal objects - formal design expertise in “readable” form - screen display, LaTeX articles, HTML documents

7 Provides expressive type constructs - Union, Intersection, Subtyping, Records, Modules Supports formalization and composition of - Abstract specifications + concrete code of components - Modular verifications   IOA Ocaml (Ensemble) External System Formalizes JVM Java/JVM Ocaml Language Formalized in Nuprl Class theory provides IOA formalisms Formal Class Theory Extends Nuprl’s type theory

8 Add properties to code MessagePassingwith Total Order FaultTolerant System with Total Order Transform Total Order code to include rejoining & view-change code FaultTolerance Weaving as formal method requires local reflection - thms about semantical effect of syntactical transformations - reasoning about refinement + meta-properties   Weaving and local reflection

9 Optimize component-based network systems Formal Optimization Fast, abstract, verifiably correct results, speedup factor 3-4 (demo available) Automate with Nuprl LPE Identify Common Case Predicates Component code + CCP -> optimization theorem System composition -> theorem composition Composed theorem -> new system code generate fast-path for common case compress message headers

10 Incremental through proof inheritance : (A = P)  (A  B = P) A  B intersects : states, actions initial states, transitions Induction: 1. A  I = I 2. B  I = I 3. A.init  B.init  I A  B = I View = view View ETO ETO = total  view Total = total Total Compositional Protocol Verification

11 Adapt system to suit run-time dynamics - system upgrades - changing conditions (higher security levels, …) - use optimal implementations of components Usually complicated switch spec Building block approach - generic switching protocol constructs hybrid protocols from simpler ones - flexible, easy to prove correct Formal Design of Adaptive Systems Joint work with Robbert Van Renesse, Xiaoming Liu, Ken Birman

12 Normal mode - forward messages to current protocol - receive messages from current protocol Switching Protocol P1P2 Switching Mode - deliver messages from previous protocol - buffer messages sent in the new protocol Switching Protocols: basic model

13 What kind of properties will be preserved by switching? In other words, what are the properties of these properties ? Reliability? Total Order?Integrity? Confidentiality? Prioritized Delivery? Virtual Synchrony? propertiesmeta- Inject formal methods at earliest design stage

14 we proved that six meta-properties are sufficient for protocols to work correctly under a switching protocol switch spec network Using the Nuprl LPE

15 Formal Model of Communication Communication property - predicate P on traces Trace - List tr of send and receive events Send(p,m) : message p sent by process m Deliver(p,m) : message p received by process m

16 Confidentiality  q  T. Deliver(q,m)  tr   p  T. Send(p,m)  tr ) Reliability  p,m. Send(p, m)  tr   q. Deliver(q,m)  tr Properties, formalized Integrity (T: set of trusted processes)  q  T. Deliver(q,m)  tr   p  T. Send(p,m)  tr Total order  q 1,q 2,m 1,m 2. Deliver(q 1,m 1 )  tr  Deliver(q 2,m 1 )  tr  Deliver(q 1,m 2 )  tr  Deliver(q 2,m 2 )  tr  Deliver(q 1,m 1 ) < Deliver(q 1, m 2 )  Deliver(q 2,m 1 ) < Deliver(q 2, m 2 )

17 Expressed by relation R between traces tr u,tr l above and below a protocol layer M (P)   tr u,tr l. P(tr l )  tr l R tr u  P(tr u ) Meta-property Predicate M on properties of protocols   Requires capability for higher order reasoning

18 Meta-properties for Switching } } Layered Communication Protocol Switching R send-e (tr u,tr l )  tr u = tr l @ [Send(p 1,m 1 ),..,Send(p n,m n )] R async (tr u,tr l )  swap-adjacent(tr l,tr u ) for e 1,e 2 with process(e 1 )  process(e 2 ) R delay (tr u,tr l )  swap-adjacent(tr l,tr u ) for e 1,e 2 with e 1 =Send(p,m 1 )  e 2 = Deliver(p,m 2 ) R safety (tr u,tr l )  tr l  tr u R composable (tr u,tr l 1, tr l 2 )  tr l 1  tr l 2 =[]  interleave(tr u,tr l 1, tr l 2 )  … R memoryless (tr u,tr l )  tr u = tr l - [e | msg(e)  {m 1,..,m n }] Switchable(P)  M safety (P)  …  M composable (P) Asynchrony Safety Delayable Send- enabled Composable Memoryless

19 Formal design at same pace as “informal” one Verifying Hybrid Protocols  P.  tr u,tr l. switch_invariant(tr u,tr l )  Switchable(P)  (P(pr 1 (tr l ))  P(pr 2 (tr l )))  P(tr u ) Switchable properties are preserved if the switch implementation satisfies a switch invariant tr u results from swapping tr l events with different origin messages sent by different protocols must be delivered in the same order Nuprl proof developed in parallel to implementation

20 Lessons learned Employing formal techniques at every design stage is of great use for building efficient network systems The LPE is capable of supporting “real” design - its theory is very expressive - reflection supports reasoning about program transformation Automation still needs to be increased More experience from applications is necessary The component-based approach is ideal for building adaptive systems

21 Extend scope of automation - Domain-specific reasoning strategies - Connect external inference engines - Formalize design knowledge (e.g. as theorems) - Techniques for automated system (code) synthesis Develop and deploy full reflection mechanism Build formal infrastructure for practitioners - Include library of formally documented mathematics  Plans Design & verification of new programs - New hybrid protocols (adaptivity) - Probabilistic protocols (scalability)

Download ppt "Stuart AllenMark Bickford Robert Constable Richard Eaton Christoph KreitzLori Lorigo Secure software infrastructure Logic Programming Communications Advances."

Similar presentations

Synthesis of Protocol Converter Using Timed Petri-Nets Anh Dang Balaji Krishnamoorthy Manoj Iyer Presented by:

Synthesis of Protocol Converter Using Timed Petri-Nets Anh Dang Balaji Krishnamoorthy Manoj Iyer Presented by:
Construction process lasts until coding and testing is completed consists of design and implementation reasons for this phase –analysis model is not sufficiently.

Construction process lasts until coding and testing is completed consists of design and implementation reasons for this phase –analysis model is not sufficiently.
Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,
XML Technology in E-Commerce

XML Technology in E-Commerce
© Chinese University, CSE Dept. Software Engineering / 1 - 1 Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.

© Chinese University, CSE Dept. Software Engineering / Software Engineering Topic 1: Software Engineering: A Preview Your Name: ____________________.
Presented by: Thabet Kacem Spring 2010. Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
VIDE als voortzetting van Cocktail SET Seminar 11 september 2008 Dr. ir. Michael Franssen.

VIDE als voortzetting van Cocktail SET Seminar 11 september 2008 Dr. ir. Michael Franssen.
Stuart AllenMark Bickford Robert Constable (PI) Christoph KreitzLori LorigoRobbert Van Renesse Secure software infrastructure Logic Programming Communications.

Stuart AllenMark Bickford Robert Constable (PI) Christoph KreitzLori LorigoRobbert Van Renesse Secure software infrastructure Logic Programming Communications.
VIDE Integrated Environment for Development and Verification of Programs.

VIDE Integrated Environment for Development and Verification of Programs.
The Architecture Design Process

The Architecture Design Process
1 An Inheritance-Based Technique for Building Simulation Proofs Incrementally Idit Keidar, Roger Khazan, Nancy Lynch, Alex Shvartsman MIT Lab for Computer.

1 An Inheritance-Based Technique for Building Simulation Proofs Incrementally Idit Keidar, Roger Khazan, Nancy Lynch, Alex Shvartsman MIT Lab for Computer.
Software Engineering and Middleware: a Roadmap by Wolfgang Emmerich Ebru Dincel Sahitya Gupta.

Software Engineering and Middleware: a Roadmap by Wolfgang Emmerich Ebru Dincel Sahitya Gupta.
Π-Method: A Model-Driven Formal Method for Architecture- Centric Software Engineering By Flavio Oquendo Presented by: Sajith Wickramaratne.

Π-Method: A Model-Driven Formal Method for Architecture- Centric Software Engineering By Flavio Oquendo Presented by: Sajith Wickramaratne.
Ensuring Non-Functional Properties. What Is an NFP?  A software system’s non-functional property (NFP) is a constraint on the manner in which the system.

Ensuring Non-Functional Properties. What Is an NFP?  A software system’s non-functional property (NFP) is a constraint on the manner in which the system.
Establishing the overall structure of a software system

Establishing the overall structure of a software system
Architectural Design Principles. Outline  Architectural level of design The design of the system in terms of components and connectors and their arrangements.

Architectural Design Principles. Outline  Architectural level of design The design of the system in terms of components and connectors and their arrangements.
1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.

1 FM Overview of Adaptation. 2 FM RAPIDware: Component-Based Design of Adaptive and Dependable Middleware Project Investigators: Philip McKinley, Kurt.
Router modeling using Ptolemy Xuanming Dong and Amit Mahajan May 15, 2002 EE290N.

Router modeling using Ptolemy Xuanming Dong and Amit Mahajan May 15, 2002 EE290N.
Course Instructor: Aisha Azeem

Course Instructor: Aisha Azeem

Similar presentations

Ads by Google