Verification Approach of Metropolis Design Framework for Embedded Systems

In this paper, we focus on the verification approach of Metropolis, an integrated design framework for heterogeneous embedded systems. The verification approach is based on the formal properties specified in Linear Temporal Logic (LTL) or Logic of Constraints (LOC). Designs may be refined due to synthesis or be abstracted for verification. An automatic abstraction propagation algorithm is used to simplify the design for specific properties. A user-defined starting point may also be used with automatic propagation. Two main verification techniques are implemented in Metropolis the formal verification utilizing the model checker Spin and the simulation trace checking with automatic generated checkers. Translation algorithms from specification models to verification models, as well as algorithms of generated checkers are discussed. We use several case studies to demonstrate our approach for verification of system level designs at multiple levels of abstraction.     

Dependent Types for Program Termination Verification

Program termination verification is a challenging research subject of significant practical importance. While there is already a rich body of literature on this subject, it is still undeniably a difficult task to design a termination checker for a realistic programming language that supports general recursion. In this paper, we present an approach to program termination verification that makes use of a form of dependent types developed in Dependent ML (DML), demonstrating a novel application of such dependent types to establishing a liveness property. We design a type system that enables the programmer to supply metrics for verifying program termination and prove that every well-typed program in this type system is terminating. We also provide realistic examples, which are all verified in a prototype implementation, to support the effectiveness of our approach to program termination verification as well as its unobtrusiveness to programming. The main contribution of the paper lies in the design of an approach to program termination verification that smoothly combines types with metrics, yielding a type system capable of guaranteeing program termination that supports a general form of recursion (including mutual recursion), higher-order functions, algebraic datatypes, and polymorphism.     

Biased random key genetic algorithm for the Tactical Berth Allocation Problem

The Tactical Berth Allocation Problem (TBAP) aims to allocate incoming ships to berthing positions and assign quay crane profiles to them (i.e. number of quay cranes per time step). The goals of the TBAP are both the minimization of the housekeeping costs derived from the transshipment container flows between ships, and the maximization of the total value of the quay crane profiles assigned to the ships. In order to obtain good quality solutions with considerably short computational effort, this paper proposes a biased random key genetic algorithm for solving this problem. The computational experiments and the comparison with other solutions approaches presented in the related literature for tackling the TBAP show that the proposed algorithm is applicable to efficiently solve this difficult and essential container terminal problem. The problem instances used in this paper are composed of both, those reported in the literature and a new benchmark suite proposed in this work for taking into consideration other realistic scenarios.     

CL_ARRAY: A new generic library of multidimensional containers for c++ compilers with extension for OpenCL framework

This paper presents a new metaprogramming library, CL_ARRAY, that offers multiplatform and generic multidimensional data containers for C++ specifically adapted for parallel programming. The CL_ARRAY containers are built around a new formalism for representing the multidimensional nature of data as well as the semantics of multidimensional pointers and contiguous data structures. We also present OCL_ARRAY_VIEW, a concept based on metaprogrammed enveloped objects that supports multidimensional transformations and multidimensional iterators designed to simplify and formalize the interfacing process between OpenCL APIs, standard template library (STL) algorithms and CL_ARRAY containers. Our results demonstrate improved performance and energy savings over the three most popular container libraries available to the developer community for use in the context of multi-linear algebraic applications.     

Optimizing the Cray Graph Engine for performant analytics on cluster,SuperDome Flex,Shasta systems and cloud deployment

We present updates to the Cray Graph Engine, a high performance in-memory semantic graph database, which enable performant execution across multiple architectures as well as deployment in a container to support cloud and as-a-service graph analytics. This paper discusses the changes required to port and optimize CGE to target multiple architectures, including Cray Shasta systems, large shared-memory machines such as SuperDome Flex (SDF), and cluster environments such as Apollo systems. The porting effort focused primarily on removing dependences on XPMEM and Cray PGAS and replacing these with a simplified PGAS library based upon POSIX shared memory and one-sided MPI, while preserving the existing Coarray-C++ CGE code base. We also discuss the containerization of CGE using Singularity and the techniques required to enable container performance matching native execution. We present early benchmarking results for running CGE on the SDF, Infiniband clusters and Slingshot interconnect-based Shasta systems.     

Mechanical Software Verification: High Level Control Aspects from a User's Perspective

We present lessons learned from using mechanical theorem proving for proof support in software verification, with trusted execution of programs in mind. We will use two realistic running examples, compiler verification, which is central if we want to prove that we can trust a piece of executable software, and an industrial project in which we proved the correctness of a safety critical expert system using (verified) runtime result verification. We will emphasize the role of partial program correctness and its preservation. And we will comment on high level control aspects, in particular on what we can and what we will not be able to prove for a concrete piece of executable software.     

Tensor contraction in C++

In my last column (see ibid., January/February 2001), I talked about a notational device for matrix algebra called tensor diagrams. This time I write some C++ code to symbolically evaluate these quantities. This gives me a chance to play with some as yet untried features in the C++ standard library, such as strings and standard template library (STL) container classes     

基于国产操作系统独立GUI应用研究

国产Linux操作系统运行第三方GUI应用软件需要解决软件依赖库问题,官方提供的依赖软件无法满足依赖库环境配置,导致大量第三方GUI应用软件无法在国产操作系统中安装使用.现提出一种利用容器技术把第三方GUI应用软件及其运行环境打包成独立应用软件的方案,使第三方GUI应用软件能够在国产操作系统上运行.以开源的分布式渲染系统Equalizer为目标对象,使用docker容器技术将其编译环境和运行环境所需的依赖库打包成镜像,docker镜像在国产操作系统NeoKylin上创建容器时配置容器与主机共享Linux系统中的X11服务,容器中Equalizer解析操作系统中X11文件,在主机屏幕展示图形界面.本文利用现有的docker技术制作独立镜像,并配置容器与主机系统共享Linux系统图形界面服务和显卡驱动程序,最终实现Equalizer程序在国产操作系统环境中正常使用.实验结果表明,该方案是可行的,并可以推广到其他GUI应用软件.     

Qualitative analysis of mapping systems in the Internet architectures based on identifier/locator separation

The current Internet has several known challenges, such as routing scalability, mobility, multihoming, traffic engineering, etc. due to the overloaded semantics of IP address, i.e. it is used as a node identifier (ID) and a node locator (LOC). Thus, the research community has redesigned the Internet architecture based on ID/LOC separation to overcome the limitations of the current Internet. In all Internet architectures based on ID/LOC separation, ID to LOC mapping system is necessarily required to bind ID and its LOC, since ID is no longer dependent to its LOC logically or physically. Thus, how to design the mapping system is a key challenge in ID/LOC separation architecture. In this paper, we analyse qualitatively the mapping systems proposed in ID/LOC separation architectures to provide insights into designing a new mapping system. The main contribution in this paper is that we categorise ID to LOC mapping systems according to the mapping server structure and provide the pros and cons of the mapping systems belonging to each category. Based on our qualitative analysis, we also examine intuitively if the mapping systems in each category satisfy their requirements.     

CoSMed: A Confidentiality-Verified Social Media Platform

This paper describes progress with our agenda of formal verification of information flow security for realistic systems. We present CoSMed, a social media platform with verified document confidentiality. The system’s kernel is implemented and verified in the proof assistant Isabelle/HOL. For verification, we employ the framework of Bounded-Deducibility (BD) Security, previously introduced for the conference system CoCon. CoSMed is a second major case study in this framework. For CoSMed, the static topology of declassification bounds and triggers that characterized previous instances of BD Security has to give way to a dynamic integration of the triggers as part of the bounds. We also show that, from a theoretical viewpoint, the removal of triggers from the notion of BD Security does not restrict its expressiveness.     

A validation of the component-based method for software sizeestimation

Estimation of software size is a crucial activity among the tasks of software management. Work planning and subsequent estimations of the effort required are made based on the estimate of the size of the software product. Software size can be measured in several ways: lines of code (LOC) is a common measure and is usually one of the independent variables in equations for estimating several methods for estimating the final LOC count of a software system in the early stages. We report the results of the validation of the component-based method (initially proposed by Verner and Tate, 1988) for software sizing. This was done through the analysis of 46 projects involving more than 100,000 LOC of a fourth-generation language. We present several conclusions concerning the predictive capabilities of the method. We observed that the component-based method behaves reasonably, although not as well as expected for “global” methods such as Mark II function points for software size prediction. The main factor observed that affects the performance is the type of component     

Is lines of code a good measure of effort in effort-aware models?

ContextEffort-aware models, e.g., effort-aware bug prediction models aim to help practitioners identify and prioritize buggy software locations according to the effort involved with fixing the bugs. Since the effort of current bugs is not yet known and the effort of past bugs is typically not explicitly recorded, effort-aware bug prediction models are forced to use approximations, such as the number of lines of code (LOC) of the predicted files.ObjectiveAlthough the choice of these approximations is critical for the performance of the prediction models, there is no empirical evidence on whether LOC is actually a good approximation. Therefore, in this paper, we investigate the question: is LOC a good measure of effort for use in effort-aware models?MethodWe perform an empirical study on four open source projects, for which we obtain explicitly-recorded effort data, and compare the use of LOC to various complexity, size and churn metrics as measures of effort.ResultsWe find that using a combination of complexity, size and churn metrics are a better measure of effort than using LOC alone. Furthermore, we examine the impact of our findings on previous effort-aware bug prediction work and find that using LOC as a measure for effort does not significantly affect the list of files being flagged, however, using LOC under-estimates the amount of effort required compared to our best effort predictor by approximately 66%.ConclusionStudies using effort-aware models should not assume that LOC is a good measure of effort. For the case of effort-aware bug prediction, using LOC provides results that are similar to combining complexity, churn, size and LOC as a proxy for effort when prioritizing the most risky files. However, we find that for the purpose of effort-estimation, using LOC may under-estimate the amount of effort required.     

海铁联运港口混合作业模式下轨道吊与集卡协同调度

在集装箱海铁联运港口中,铁路作业区作为连接铁路运输和水路运输的重要节点,其装卸效率将影响集装箱海铁联运的整体效率.首先,对比分析了"船舶-列车"作业模式和"船舶-堆场-列车"作业模式的特点,并结合海铁联运港口实际作业情况提出了混合作业模式.然后,以轨道吊完工时间最短为目标构建混合整数规划模型,既考虑了班列和船舶的作业时...     

使用SystemC验证库进行随机验证

SystemC是一种适用于SoC顶层设计的新型硬件设计语言,SystemC验证库是SystemC标准库的一个增补库,用以增强SystemC在SoC顶层验证的能力,本文对SystemC及其验证库进行了简要介绍,重点说明了如何使用SystemC验证库进行随机测试.     

3D simulation as training tool in container terminals: The TRAINPORTS simulator

Modeling & Simulation (M&S) provides one of the best solutions for personnel and managers training in complex environments. In this article, the authors present an advanced High Level Architecture (HLA) federation of simulators (TRAINPORTS, TRAINing in marine PORTs by using Simulation), that recreates in a three-dimensional virtual environment the most important transshipment terminal of the South Mediterranean area, the Gioia Tauro container terminal. The TRAINPORTS federation includes four different federates (Straddle Carrier, Quay Crane, Forklift and Truck) and offers an advanced tool for marine port operators’ training providing the sensation of being in a real container terminal environment. The TRAINPORTS federation is part of an innovative family of simulators (called ST_VP, Simulation Team Virtual Port). This article presents the TRAINPORTS architecture, describes the federates/federation development process and discusses the simulators operation modes and verification and validation issues.     

A symbolic manipulator for automated verification of reactive systems with heterogeneous data types

In this paper, we present the design and implementation of the Composite Symbolic Library, a symbolic manipulator for model checking systems with heterogeneous data types. Our tool provides a common interface for different symbolic representations, such as BDDs, for representing Boolean logic formulas and polyhedral representations for linear arithmetic formulas. Based on this common interface, these data structures are combined using a disjunctive composite representation. We propose several heuristics for efficient manipulation of this composite representation and present experimental results that demonstrate their performance. We used an object-oriented design to implement the Composite Symbolic Library. We imported the CUDD library (a BDD library) and the Omega Library (a linear arithmetic constraint manipulator that uses polyhedral representations) to our tool by writing wrappers around them which conform to our symbolic representation interface. Our tool supports polymorphic verification procedures which dynamically select symbolic representations based on the input specification. Our symbolic representation library can be used as an interface between different symbolic libraries, model checkers, and specification languages. We expect our tool to be useful in integrating different tools and techniques for symbolic model checking, and in comparing their performance.     

All terrain vehicle loss of control events in agriculture: Contribution of pitch,roll and velocity

All terrain vehicle (ATV) (i.e. quad bike) loss of control (LOC) events are a major cause of injury and death on New Zealand and Australian farms. ATV LOC history, work experience, anthropometric data and vehicle pitch, roll and velocity data were recorded from 30 farmers. The terrain induced 95th percentiles were forward pitch 27.8°, backward pitch 28.7° and 20.8° for left and right roll. Nineteen participants (mean 42.4 years) had experienced 53 LOC events and were on average 9.5 years younger than the 11 participants (mean 51.9 years) who had not previously experienced LOC. Peak pitch, roll and velocity were not associated with LOC; however, at peak left roll the non-LOC group had a pitch of 3.1° downhill, while the LOC group had a pitch of 2.1° uphill. Results indicate ATV LOC prevalence is considerably underestimated, while increased risk for LOC may be influenced by a combination of personal, mechanical or terrain factors. The ATV pitch, roll and slope traverse data may help in the better understanding of why LOC events occur, may help in the development of safety equipment such as a tilt warning device and will contribute to national safety guidelines.

Statement of Relevance: Approximately 80,000 ATVs are used in rural New Zealand and ATV accidents are the single most common cause of work-related fatalities, apart from road accidents. This fieldwork research provides pitch, roll and velocity data and considers how these data might contribute to risk of ATV accidents.     

The Quay Crane Scheduling Problem

The recent growth in worldwide container terminals’ traffic resulted in a crucial need for optimization models to manage the seaside operations and resources. Along with the recent increase in ship size and the container volume, the advancements in the field of Quay Crane Scheduling introduced the need for new modeling approaches. This is the motivation behind the current paper, which focuses on developing a novel yet simple formulation to address the Quay Crane Scheduling Problem (QCSP). The objective of the problem is to determine the sequence of discharge operations of a vessel that a set number of quay cranes will perform so that the completion time of the operations is minimized. The major contribution is attributed to the way that minimization is performed, which is by minimizing the differences between the container loads stacked over a number of bays and by maintaining a balanced load across the bays. Furthermore, important considerations are taken into account, such as the bidirectional movement of cranes and the ability to travel between bays even before completion of all container tasks. These realistic assumptions usually increase model complexity; however, in the current work this is offset by the novel simple objective. This paper presents a mixed-integer programming (MIP) formulation for the problem, which has been validated through multiple test runs with different parameters. Results demonstrate that the problem is solved extremely efficiently, especially for small problem sizes.     

Server Selection,Configuration and Reconfiguration Technology for IaaS Cloud with Multiple Server Types

We propose a server selection, configuration, reconfiguration and automatic performance verification technology to meet user functional and performance requirements on various types of cloud compute servers. Various servers mean there are not only virtual machines on normal CPU servers but also container or baremetal servers on strong graphic processing unit (GPU) servers or field programmable gate arrays (FPGAs) with a configuration that accelerates specified computation. Early cloud systems are composed of many PC-like servers, and virtual machines on these severs use distributed processing technology to achieve high computational performance. However, recent cloud systems change to make the best use of advances in hardware power. It is well known that baremetal and container performances are better than virtual machines performances. And dedicated processing servers, such as strong GPU servers for graphics processing, and FPGA servers for specified computation, have increased. Our objective for this study was to enable cloud providers to provision compute resources on appropriate hardware based on user requirements, so that users can benefit from high performance of their applications easily. Our proposed technology select appropriate servers for user compute resources from various types of hardware, such as GPUs and FPGAs, or set appropriate configurations or reconfigurations of FPGAs to use hardware power. Furthermore, our technology automatically verifies the performances of provisioned systems. We measured provisioning and automatic performance verification times to show the effectiveness of our technology.     

加入概率检验的Brands数字现金改进方案算法

Brands方案已经成为一个经典的数字现金方案,在这个方案的基础上设计了各种各样的数字现金方案,文章提出的方案是在原有的Brands方案的基础上增加一个概率检验过程,通过对用户信用和通信线路的综合考虑决定是否对数字现金作实时的检查,使数字现金使用的安全性得到极大的提高。