Mothers of Pipelines

We present a method for pipeline verification using SMT solvers. It is based on a non-deterministic “mother pipeline” machine (MOP) that abstracts the instruction set architecture (ISA). The MOP vs. ISA correctness theorem splits naturally into a large number of simple subgoals. This theorem reduces proving the correctness of a given pipelined implementation of the ISA to verifying that each of its transitions can be modeled as a sequence of MOP state transitions.     

Precise visual modeling: A case-study

We develop an abstract model for our case-study: software to support a “video rental service.” This illustrates how a visual formalism, constraint diagrams, may be used in order to specify such systems precisely.     

Expressing Priorities and External Probabilities in Process Algebra via Mixed Open/Closed Systems

Defining operational semantics for a process algebra is often based either on labeled transition systems that account for interaction with a context or on the so-called reduction semantics: we assume to have a representation of the whole system and we compute unlabeled reduction transitions (leading to a distribution over states in the probabilistic case). In this paper we consider mixed models with states where the system is still open (towards interaction with a context) and states where the system is already closed. The idea is that (open) parts of a system “P” can be closed via an operator “P↑G” that turns already synchronized actions whose “handle” is specified inside “G” into prioritized reduction transitions (and, therefore, states performing them into closed states). We show that we can use the operator “P↑G” to express multi-level priorities and external probabilistic choices (by assigning weights to handles inside G), and that, by considering reduction transitions as the only unobservable τ transitions, the proposed technique is compatible, for process algebra with general recursion, with both standard (probabilistic) observational congruence and a notion of equivalence which aggregates reduction transitions in a (much more aggregating) trace based manner. We also observe that the trace-based aggregated transition system can be obtained directly in operational semantics and we present the “aggregating” semantics. Finally, we discuss how the open/closed approach can be used to also express discrete and continuous (exponential probabilistic) time and we show that, in such timed contexts, the trace-based equivalence can aggregate more with respect to traditional lumping based equivalences over Markov Chains.     

Automated verification of design patterns: A case study

Representing design decisions for complex software systems, tracing them to code, and enforcing them throughout the lifecycle are pressing concerns for software architects and developers. To be of practical use, specification and modeling languages for software design need to combine rigor with abstraction and simplicity, and be supported by automated design verification tools that require minimal human intervention. This paper examines closely the use of the visual language of Codecharts for representing design decisions and demonstrate the process of verifying the conformance of a program to the chart. We explicate the abstract semantics of segments of the Java package java.awt as a finite structures, specify the Composite design pattern as a Codechart and unpack it as a set of formulas, and prove that the structure representing the program satisfies the formulas. We also describe a set of tools for modeling design patterns with Codecharts and for verifying the conformance of native (plain) Java programs to the charts.     

Specification in CTL+Past for Verification in CTL

We describe PCTL, a temporal logic extending CTL with connectives allowing to refer to the past of a current state. This incorporates the new N, “from now on,” combinator we recently introduced. PCTL has a branching future, but a determined, finite, and cumulative past. We argue this is the right choice for a semantical framework and show this through an extensive example. We investigate the feasibility of verification with PCTL and demonstrate how a translation-based approach allows model-checking specifications written in NCTL, a fragment of PCTL.     

A Practical Approach to Partial Functions in CVC Lite

Most verification approaches assume a mathematical formalism in which functions are total, even though partial functions occur naturally in many applications. Furthermore, although there have been various proposals for logics of partial functions, there is no consensus on which is “the right” logic to use for verification applications. In this paper, we propose using a three-valued Kleene logic, where partial functions return the “undefined” value when applied outside of their domains. The particular semantics are chosen according to the principle of least surprise to the user; if there is disagreement among the various approaches on what the value of the formula should be, its evaluation is undefined. We show that the problem of checking validity in the three-valued logic can be reduced to checking validity in a standard two-valued logic, and describe how this approach has been successfully implemented in our tool, CVC Lite.     

Built-In Contract Testing in Component Integration Testing

Assembling new software systems from prefabricated components is an attractive alternative to traditional software engineering practices which promises to increase reuse and reduce development costs. However, these benefits will only occur if separately developed components can be made to work effectively together with reasonable effort. Lengthy and costly in-situ verification and acceptance testing directly undermines the benefits of independent component fabrication and late system integration. This position paper outlines and introduces an approach for reducing manual system verification effort by equipping components with the ability to check their execution environments at run-time. When deployed in new systems, built-in tester components check the contract-compliance of their server components, including the run-time system, and thus automatically verify their ability to fulfill their own obligations. This comprises functional/behavioural contracts as well as quality-of-service contracts between individual components. Enhancing traditional component-based development methods with built-in contract testing in this way reduces the costs associated with component assembly, and thus makes the “plug-and-play” vision of component-based development closer to practical reality.     

Overcoming Heterogeneity and Autonomy in Multidatabase Systems

A multidatabase system (MDBS) is a software system for integration of preexisting and independent local database management systems (DBMSs). The transaction management problem in MDBSs consists of designing appropriate software, on top of local DBMSs, such that users can execute transactions that span multiple local DBMSs without jeopardizing database consistency. The difficulty in transaction management in MDBSs arises due to the heterogeneity of the transaction management algorithms used by the local DBMSs, and the desire to preserve their local autonomy. In this paper, we develop a framework for designing fault-tolerant transaction management algorithms for MDBS environments that effectively overcomes the heterogeneity- and autonomy-induced problems. The developed framework builds on our previous work. It uses the approach described in S. Mehrotra et al. (1992, in “Proceedings of ACM–SIGMOD 1992 International Conference on Management of Data, San Diego, CA”) to overcome the problems in ensuring serializability that arise due to heterogeneity of the local concurrency control protocols. Furthermore, it uses a redo approach to recovery for ensuring transaction atomicity (Y. Breitbart et al., 1990, in “Proceedings of ACM–SIGMOD 1990 International Conference on Management of Data, Atlantic City, NJ;” Mehrotra et al., 1992, in “Proceedings of the Eleventh ACM SIGACT–SIGMOD–SIGART Symposium on Principles of Database Systems, San Diego, CA;” and A. Wolski and J. Veijalainen, 1990, in “Proceedings of the International Conference on Databases, Parallel Architectures and Their Applications”, pp. 321–330), that strives to ensure atomicity of transactions without the usage of the 2PC protocol. We reduce the task of ensuring serializability in MDBSs in the presence of failures to solving three independent subproblems, solutions to which together constitute a complete strategy for failure-resilient transaction management in MDBS environments. We develop mechanisms with which each of the three subproblems can be solved without requiring any changes be made to the preexisting software of the local DBMSs and without compromising their autonomy.     

Cooperation without deliberation: A minimal behavior-based approach to multi-robot teams

While terminology and some concepts of behavior-based robotics have become widespread, the central ideas are often lost as researchers try to scale behavior to higher levels of complexity. “Hybrid systems” with model-based strategies that plan in terms of behaviors rather than simple actions have become common for higher-level behavior. We claim that a strict behavior-based approach can scale to higher levels of complexity than many robotics researchers assume, and that the resulting systems are in many cases more efficient and robust than those that rely on “classical AI” deliberative approaches. Our focus is on systems of cooperative autonomous robots in dynamic environments. We will discuss both claims that deliberation and explicit communication are necessary to cooperation and systems that cooperate only through environmental interaction. In this context we introduce three design principles for complex cooperative behavior—minimalism, statelessness and tolerance—and present a RoboCup soccer system that matches the sophistication of many deliberative soccer systems while exceeding their robustness, through the use of strict behavior-based techniques with no explicit communication.     

Validating for Liveness in Hidden Adversary Systems

Multi-stream interactive systems can be seen as “hidden adversary” systems (HAS), where the observable behaviour on any interaction channel is affected by interactions happening on other channels. One way of modelling HAS is in the form of a multi-process I/O automata, where each interacting process appears as a token in a shared state space. Constraints in the state space specify how the dynamics of one process affects other processes. We define the “liveness criterion” of each process as the end objective to be achieved by the process. The problem now for each process is to achieve this objective in the face of unforeseen interferences from other processes. In an earlier paper, it was proposed that this uncertainty can be mitigated by collaboration among the disparate processes. Two types of collaboration philosophies were also suggested: altruistic collaboration and pragmatic collaboration. This paper addresses the HAS validation problem where processes collaborate altruistically.     

AGAPIA v0.1: A Programming Language for Interactive Systems and Its Typing System

A model (consisting of rv-systems), a core programming language (for developing rv-programs), several specification and analysis techniques appropriate for modeling, programming and reasoning about interactive computing systems have been recently introduced by Stefanescu using register machines and space-time duality, see [Stefanescu, G. Interactive systems with registers and voices. Fundamenta Informaticae 73 (2006), 285–306. (Early draft, School of Computing, National University of Singapore, July 2004.)]. After that, Dragoi and Stefanescu have developed structured programming techniques for rv-systems and their verification, see, e.g., [Dragoi, C., and G. Stefanescu. Structured programming for interactive rv-systems. Institute of Mathematics of the Romanian Academy, IMAR Preprint 9/2006, Bucharest 2006. Dragoi, C., and G. Stefanescu. Towards a Hoare-like logic for structured rv-programs. Institute of Mathematics of the Romanian Academy, IMAR Preprint 10/2006, Bucharest, 2006. Dragoi, C., and G. Stefanescu. Implementation and verification of ring termination detection protocols using structured rv-programs. Annals of University of Bucharest, Mathematics-Informatics Series, 55 (2006), 129–138. Dragoi, C., and G. Stefanescu. Structured interactive programs with registers and voices and their verification. Draft, Bucharest, January 2007. Dragoi, C., and G. Stefanescu. On compiling structured interactive programs with registers and voices. In: “Proc. SOFSEM 2008,” 259–270. LNCS 4910, Springer, 2008.].In the present paper a kernel programming language AGAPIA v0.1 for interactive systems is introduced. The language contains definitions for complex spatial and temporal data, arithmetic and boolean expressions, modules, and while-programming statements with their temporal, spatial, and spatio-temporal versions. In AGAPIA v0.1 one can write programs for open processes located at various sites and having their temporal windows of adequate reaction to the environment. The main technical part of the paper describes a typing system for AGAPIA v0.1 programs.     

Description of Quantum Dynamics of Open Systems Based on Collision-Like Models

Master equations in the Lindblad form describe evolution of open quantum systems that are completely positive and simultaneously have a semigroup property. We analyze the possibility to derive this type of master equations from an intrinsically discrete dynamics that is modelled as a sequence of collisions between a given quantum system (a qubit) with particles that form the environment. In order to illustrate our approach we analyze in detail how the process of an exponential decay and the process of decoherence can be derived from a collision-like model in which particular collisions are described by SWAP and controlled-NOT interactions, respectively.Presented at the 36th Symposium on Mathematical Physics, “Open Systems & Quantum Information”, Toruń, Poland, June 9-12, 2004.     

Automated Problem Determination Using Call-Stack Matching

We present an architecture and algorithms for performing automated software problem determination using call-stack matching. In an environment where software is used by a large user community, the same problem may re-occur many times. We show that this can be detected by matching the program call-stack against a historical database of call-stacks, so that as soon as the problem has been resolved once, future cases of the same or similar problems can be automatically resolved. This would greatly reduce the number of cases that need to be dealt with by human support analysts. We also show how a call-stack matching algorithm can be automatically learned from a small sample of call-stacks labeled by human analysts, and examine the performance of this learning algorithm on two different data sets.Mark Brodie is a research staff member in the “Machine Learning for Systems” group at the IBM T.J. Watson Research Center in Hawthorne, NY. He did his undergraduate work in Mathematics at the University of the Witwatersrand in South Africa and received his PhD in Computer Science at the University of Illinois in 2000. His research interests include machine learning, data mining, and problem determination.Sheng Ma received his BS degree in Electrical Engineering from Tsinghua University, Beijing China, in 1992, and his MS and PhD with honors in Electrical Engineering from Rensselaer Polytechnic Institute, Troy, NY, in 1995 and 1998, respectively. He joined the IBM T.J. Watson Research Center as a research staff member in 1998 and became manager of the “Machine Learning for Systems” group in 2001. His current research interests include machine learning, data mining, network traffic modeling and control, and network and computer systems management.Leonid Rachevsky is a software systems analyst in the “Machine Learning for Systems” group at the IBM T.J. Watson Research Center in Hawthorne, NY. He obtained his MSc in Mathematics at Kazan State University and his PhD in Technical Science (Applied Mathematics) at the Kazan Institute of Chemical Engineering in Kazan, USSR (now Russia). He has worked extensively as a software engineer and senior software analyst in Israel, Canada and the United States.Jon Champlin is an advisory software engineer with the Lotus division of IBM’s Software Group. He received a Bachelors of Computer Science from Siena College in 1993. He is part of the external support group and has developed several serviceability features for Lotus Notes/Domino.     

Extracting a polyhedron from a single-view sketch: Topological construction of a wireframe sketch with minimal hidden elements

An essential prerequisite to construct a manifold trihedral polyhedron from a given natural (or partial-view) sketch is solution of the “wireframe sketch from a single natural sketch (WSS)” problem, which is the subject of this paper. Published solutions view WSS as an “image-processing”/“computer vision” problem where emphasis is placed on analyzing the given input (natural sketch) using various heuristics. This paper proposes a new WSS method based on robust tools from graph theory, solid modeling and Euclidean geometry. Focus is placed on producing a minimal wireframe sketch that corresponds to a topologically correct polyhedron.     

Variable structure exponential stabilization of chained systems based on the extended nonholonomic integrator

In this paper, a new variable structure control strategy for exponentially stabilizing chained systems is presented based on the extended nonholonomic integrator model, the discontinuous coordinate transformation and the “reaching law method” in variable structure control design. The proposed approach converts the stabilization problem of an n-dimensional chained system into the pole-assignment problem of an (n−3)-dimensional linear time-invariant system and consequently simplifies the stabilization controller design of nonholonomic chained systems.     

Dynamic learning from multiple examples for semantic object segmentation and search

We present a novel “dynamic learning” approach for an intelligent image database system to automatically improve object segmentation and labeling without user intervention, as new examples become available, for object-based indexing. The proposed approach is an extension of our earlier work on “learning by example,” which addressed labeling of similar objects in a set of database images based on a single example. The proposed dynamic learning procedure utilizes multiple example object templates to improve the accuracy of existing object segmentations and labels. Multiple example templates may be images of the same object from different viewing angles, or images of related objects. This paper also introduces a new shape similarity metric called normalized area of symmetric differences (NASD), which has desired properties for use in the proposed “dynamic learning” scheme, and is more robust against boundary noise that results from automatic image segmentation. Performance of the dynamic learning procedures has been demonstrated by experimental results.