HILT '12最新文献

{"title":"Hi-Lite: the convergence of compiler technology and program verification","authors":"Johannes Kanig, E. Schonberg, Claire Dross","doi":"10.1145/2402676.2402690","DOIUrl":"https://doi.org/10.1145/2402676.2402690","url":null,"abstract":"Formal program verification tools check that a program correctly implements its specification. Existing specification languages for well-known programming languages (Ada, C, Java, C#) have been developed independently from the programming language to which they apply. As a result, specifications are expressed separately from the code, typically as stylized comments, and the verification tools often bear no direct relation to the production compiler. We argue that this approach is problematic, and that the compiler and the verification tools should be integrated seamlessly. Based on our current work on the Hi-Lite project to develop a formal verification tool for Ada2012, we show that in an integrated setting, the compiler becomes the centerpiece of the verification architecture, and supports both static proofs and run-time assertion checking. Such an environment does much to simplify software certification.","PeriodicalId":402438,"journal":{"name":"HILT '12","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134378303","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Leading-edge ada verification technologies: combining testing and verification with GNATTest and GNATProve -- the hi-lite project","authors":"Johannes Kanig","doi":"10.1145/2402676.2402680","DOIUrl":"https://doi.org/10.1145/2402676.2402680","url":null,"abstract":"We give a hands-on introduction to the tools GNATtest and GNATprove, both developed at AdaCore in the Hi-Lite research project. They allow to do verification of Ada 2012 contracts through testing and formal verification, and also allow a combination of the results of both tools.\u0000 The tutorial will contain a very short introduction to Ada 2012, and attendees will write a small example on which they can play with GNATtest to develop test cases, and GNATprove to do some formal verification.","PeriodicalId":402438,"journal":{"name":"HILT '12","volume":"160 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124481172","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Applicability of real-time schedulability analysis on a software radio protocol","authors":"Shuai Li, Frank Singhoff, S. Rubini, M. Bourdellès","doi":"10.1145/2402676.2402703","DOIUrl":"https://doi.org/10.1145/2402676.2402703","url":null,"abstract":"In this paper, we present our experience on integrating timing constraint verification and analysis, by using the real-time scheduling theory, in an industrial context. The verification process has been integrated into a design flow at THALES Communications & Security. We focus our work on Software Radio Protocols (SRP). We have used Model-Driven Engineering technologies and the Cheddar schedulability analysis tool for our experiment. We show how we have modeled a complete SRP in UML MARTE, a profile for real-time embedded systems, before using model transformation to extract information for schedulability analysis with Cheddar.","PeriodicalId":402438,"journal":{"name":"HILT '12","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131635469","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Implementation of a simple dimensionality checking system in Ada 2012","authors":"E. Schonberg, Vincent Pucci","doi":"10.1145/2402676.2402692","DOIUrl":"https://doi.org/10.1145/2402676.2402692","url":null,"abstract":"We present the design and implementation of a dimensionality checking system in Ada 2012. The system is implemented in the GNAT compiler, and performs compile-time checks to verify the dimensional consistency of physical computations. The system allows the user to define his own system of units, and imposes no run-time changes nor multiple compilation passes on the user.","PeriodicalId":402438,"journal":{"name":"HILT '12","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125981072","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"HACMS: high assurance cyber military systems","authors":"Kathleen Fisher","doi":"10.1145/2402676.2402695","DOIUrl":"https://doi.org/10.1145/2402676.2402695","url":null,"abstract":"Embedded systems form a ubiquitous, networked, computing substrate that underlies much of modern technological society. Such systems range from large supervisory control and data acquisition (SCADA) systems that manage physical infrastructure to medical devices such as pace-makers and insulin pumps, to computer peripherals such as printers and routers, to communication devices such as cell phones and radios, to vehicles such as airplanes and satellites. Such devices have been networked for a variety of reasons, including the ability to conveniently access diagnostic information, perform software updates, provide innovative features, lower costs, and improve ease of use. Researchers and hackers have shown that these kinds of networked embedded systems are vulnerable to remote attack, and such attacks can cause physical damage while hiding the effects from monitors.","PeriodicalId":402438,"journal":{"name":"HILT '12","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124804493","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Tutorial overview: understanding dynamic memory management in safety critical java","authors":"K. Nilsen","doi":"10.1145/2402676.2402685","DOIUrl":"https://doi.org/10.1145/2402676.2402685","url":null,"abstract":"In spite of the high-level abstraction benefits of automatic tracing garbage collection, current prevailing sentiment within the safety certification community is that a simpler memory model is required for the most rigorous levels of software safety certification. Thus, the draft JSR-302 specification for safety critical Java relies on scope-based memory allocation rather than tracing garbage collection. The scoped memory model for JSR-302 is a simplification of the RTSJ model. JSR-302 enforces a strict hierarchy of scopes and distinguishes private scopes, which can be seen only by one thread, from mission scopes, which can be accessed by all the threads that comprise a mission, including threads running within inner-nested sub-missions. The hierarchical memory structure allows implementations to guarantee the absence of memory fragmentation for scope management, unlike the Real-Time Specification for Java from which the JSR-302 specification was derived.\u0000 In the absence of block structure, it is more difficult in Java to safely manage references to stack-allocated objects than in Ada. While the simplified hierarchical management of scoped memory that is part of JSR-302 addresses memory fragmentation concerns, it does not guarantee the absence of dangling pointers. As with the Real-Time Specification for Java, JSR-302 requires a run-time check to enforce that no reference assignment creates a relationship whereby an outer-nested object is allowed to point to an inner-nested object. This rule assures the absence of dangling pointers, but it introduces a different problem: every assignment to a reference field must be accompanied by a run-time check to validate the appropriate scope nesting relationship. This run-time check will throw a run-time exception if the assignment is deemed inappropriate.\u0000 The safety certification evidence for a given safety-critical Java program must therefore include an argument for every reference assignment that it will not cause the program to abort with a run-time exception. Furthermore, the certification evidence must prove that sufficient memory is available to reliably execute each safety-critical task in the system.\u0000 This tutorial provides an overview of dynamic memory management in Safety Critical Java and describes two annotation systems that have been designed to support static (compile-time) enforcement of memory safety properties. The first annotation system is described in an appendix to the draft JSR-302 standard. This relatively simple annotation system, which is not considered normative, serves to demonstrate that memory safety can be statically proven without requiring extensive annotations throughout existing library code. The second annotation system is the system implemented in Perc Pico. This annotation system, which is much richer than the draft JSR-302 annotation, has been in experimental use for over five years. During that time, tens of thousands of lines of experimental application code have b","PeriodicalId":402438,"journal":{"name":"HILT '12","volume":"63 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116963183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Adapting ACATS for use with run-time checks suppressed","authors":"Dan Eilers, T. Koskinen","doi":"10.1145/2402676.2402707","DOIUrl":"https://doi.org/10.1145/2402676.2402707","url":null,"abstract":"A well-known issue with compiler conformance testing is that the tested environment may differ from the end user's environment, in ways that defy analysis. Possible differences include the host or target computer instruction set, the host or target computer operating system version, version differences in various components of the compilation system, and differences in compilation switch settings. Most of these differences can be eliminated by retesting in the end-user's actual environment. However, if the end user's environment includes compilation switches that suppress some or all of Ada's run-time checks, which we believe to be quite common, it is not currently feasible to re-run ACATS testing in that mode. That is because many ACATS tests rely on run-time checking, and those tests are not segregated or otherwise identified. We propose to remedy this difficulty by identifying such tests, so that the remaining tests can all be run and expected to pass with compilation flags that suppress some or all checks.","PeriodicalId":402438,"journal":{"name":"HILT '12","volume":"174 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121034650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Real-time Java in modernization of the aegis weapon system","authors":"K. Nilsen","doi":"10.1145/2402676.2402699","DOIUrl":"https://doi.org/10.1145/2402676.2402699","url":null,"abstract":"The U.S. Navy's Aegis system, considered to be the \"shield of the fleet\", provides area air defense for a carrier battle group in addition to providing long-range ballistic missile defense. A typical Aegis deployment consists of about 100 computers, many of which have multiple cores. The application is distributed, with typical real-time threads spanning 4 or 5 different computers. End-to-end distributed thread timing constraints measured from stimulus to response are typically under 100 ms. The target jitter constraints on the individual contributions of processors to the end-to-end deadline constraint are well below 1 ms. The system is fully redundant to support fault tolerance. The software is considered to be safety critical because it aims and fires weapons.\u0000 The Aegis Weapons System software was recently rewritten into real-time Java as part of the Aegis Modernization activity. This project involved replacement of about 200,000 lines of CMS-2 and Ada code with roughly 500,000 lines of Java. The effort began in 2003 and the new Java implementation of Aegis Weapons System is now being deployed on warships. This paper describes the motivation for the modernization effort and provides a summary of Lockheed Martin's experiences with this project.","PeriodicalId":402438,"journal":{"name":"HILT '12","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126652050","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Programming language life cycles","authors":"G. Steele","doi":"10.1145/2402676.2402705","DOIUrl":"https://doi.org/10.1145/2402676.2402705","url":null,"abstract":"New programming languages keep getting invented, and old languages (most of them) eventually die. Many languages are eventually reduced to, if anything, a single surviving slogan or idea. (Examples: COBOL = programs look like English; SNOBOL = pattern matching on strings.) How do ideas about what programmers want or need to do drive decisions made by language designers? We'll look at some of these ideas, and also at the origin, evolution, and possible destinations of certain ideas pursued during the development of the Fortress programming language, speculating on the forces that drive these life cycles.","PeriodicalId":402438,"journal":{"name":"HILT '12","volume":"498 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124442371","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Keynote presentation: Programming the turing machine","authors":"B. Liskov","doi":"10.1145/2402676.2402687","DOIUrl":"https://doi.org/10.1145/2402676.2402687","url":null,"abstract":"Turing provided the basis for modern computer science. However there is a huge gap between a Turing machine and the kinds of applications we use today. This gap is bridged by software, and designing and implementing large programs is a difficult task. The main way we have of keeping the complexity of software under control is to make use of abstraction and modularity. This talk will discuss how abstraction and modularity are used in the design of large programs, and how these concepts are supported in modern programming languages. It will also discuss what support is needed going forward,","PeriodicalId":402438,"journal":{"name":"HILT '12","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2012-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122162805","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}