ABSTRACT
NetSketch is a tool for the specification of constrained-flow applications and the certification of desirable safety properties imposed thereon. NetSketch assists system integrators in two types of activities: modeling and design. As a modeling tool, it enables the abstraction of an existing system while retaining sufficient information about it to carry out future analysis of safety properties. As a design tool, NetSketch enables the exploration of alternative safe designs as well as the identification of minimal requirements for outsourced subsystems. NetSketch embodies a lightweight formal verification philosophy, whereby the power (but not the heavy machinery) of a rigorous formalism is made accessible to users via a friendly interface. NetSketch does so by exposing tradeoffs between exactness of analysis and scalability, and by combining traditional whole-system analysis with a more flexible compositional analysis. The compositional analysis is based on a strongly-typed Domain-Specific Language (DSL) for describing and reasoning about constrained-flow networks at various levels of sketchiness along with invariants that need to be enforced thereupon. In this paper, we define the formal system underlying the operation of NetSketch, in particular the DSL behind NetSketch's user-interface when used in "sketch mode", and prove its soundness relative to appropriately-defined notions of validity. In a companion paper [7], we overview NetSketch, highlight its salient features, and illustrate how it could be used in applications that include: the management/shaping of traffic flows in a vehicular network (as a proxy for cyber-physical systems (CPS) applications) and a streaming media network (as a proxy for Internet applications).
- Proceedings of the 8th International Conference on Typed Lambda Calculi and Applications, Paris, France, June 2007.Google Scholar
- L. d. Alfaro and T. A. Henzinger. Interface theories for component-based design. In EMSOFT '01: Proceedings of the First International Workshop on Embedded Software, pages 148--165, London, UK, 2001. Springer-Verlag. Google ScholarDigital Library
- D. Aspinall, S. Gilmore, M. Hofmann, D. Sannella, and I. Stark. Mobile resource guarantees for smart devices. In Construction and Analysis of Safe, Secure and Interoperable Smart Devices: Proceedings of the International Workshop CASSIS 2004, number 3362 in Lecture Notes in Computer Science, pages 1--26.Springer-Verlag, 2005. Google ScholarDigital Library
- J. Baeten and W. Weijland. Process Algebra. Cambridge University Press, 1990. Google ScholarDigital Library
- A. Bestavros, A. Bradley, A. Kfoury, and I. Matta. Typed Abstraction of Complex Network Compositions. In Proceedings of the 13th IEEE International Conference on Network Protocols (ICNP'05), Boston, MA, November 2005. Google ScholarDigital Library
- A. Bestavros, A. Kfoury, A. Lapets, and M. Ocean. Safe Compositional Network Sketches: Formalism. Technical Report BUCS-TR-2009-029, CS Dept., Boston University, September 29 2009.Google Scholar
- A. Bestavros, A. Kfoury, A. Lapets, and M. Ocean. Safe Compositional Network Sketches: Tool and Use Cases. Technical Report BUCS-TR-2009-028, CS Dept., Boston University, September 29 2009.Google Scholar
- G. Boudol. The 'calculus in direct style. In 97: 24th, pages 228--241, 1997. Google ScholarDigital Library
- A. Bradley, A. Bestavros, and A. Kfoury. Systematic Verification of Safety Properties of Arbitrary Network Protocol Compositions Using CHAIN. In Proceedings of ICNP'03: The 11th IEEE International Conference on Network Protocols, Atlanta, GA, November 2003. Google ScholarDigital Library
- A. Ciaffaglione. Certified reasoning on Real Numbers and Objects in Co-inductive Type Theory. PhD thesis, Dipartimento di Matematica e Informatica Università di Udine, Italy, 2003. available as outline.Google Scholar
- T. H. Cormen, C. E. Leiserson, and R. L. Rivest. Introduction to Algorithms. The MIT Electrical Engineering and Computer Scienece Series. The MIT Press, McGraw-Hill Book Company, 1990. Google ScholarDigital Library
- K. Crary and S. Sarkar. Foundational certified code in a metalogical framework. In Nineteenth InternationalConference on Automated Deduction, Miami, Florida,2003.Google Scholar
- L. Doyen, T. A. Henzinger, B. Jobstmann, and T. Petrov. Interface theories with component reuse. In EMSOFT '08: Proceedings of the 8th ACM international conference on Embedded software, pages 79--88, New York, NY, USA, 2008. ACM. Google ScholarDigital Library
- R. Fletcher. Practical methods of optimization; (2nd ed.). Wiley-Interscience, New York, NY, USA, 1987. Google ScholarDigital Library
- K. Hammond, C. Ferdinand, and R. Heckmann. Towards formally verifiable resource bounds for real-time embedded systems. SIGBED Rev., 3(4):27--36, 2006. Google ScholarDigital Library
- H. Herbelin. A λ-calculus structure isomorphic to Gentzen-style sequent calculus structure. In "Proc. Conf. Computer Science Logic", volume 933, pages 61--75. Springer-Verlag, 1994. Google ScholarDigital Library
- M. Hofmann and S. Jost. Static prediction of heap space usage for first-order functional programs. In POPL '03, pages 185--197. ACM Press, 2003. Google ScholarDigital Library
- G. J. Holzmann. The Model Checker SPIN. IEEE Transactions on Software Engineering, 23(5):1--17, May 1997. Google ScholarDigital Library
- G. J. Holzmann and M. H. Smith. A practical method for verifying event-driven software. In Proc. ICSE99, pages 597--607, Los Angeles, CA, May 1999. Google ScholarDigital Library
- J. Hughes, L. Pareto, and A. Sabry. Proving the correctness of reactive systems using sized types. In ACM PoPL, pages 410--423, 1996. Google ScholarDigital Library
- D. Jackson. Alloy: a lightweight object modelling notation. Software Engineering and Methodology, 11(2):256--290, 2002. Google ScholarDigital Library
- A. Lapets and A. Kfoury. Verification with Natural Contexts: Soundness of Safe Compositional Network Sketches. Technical Report BUCS-TR-2009-030, CS Dept., Boston University, October 16 2009.Google Scholar
- E. A. Lee and Y. Xiong. System-level types for component-based design. In EMSOFT '01: Proceedings of the First International Workshop on Embedded Software, pages 237--253, London, UK, 2001. Springer-Verlag. Google ScholarDigital Library
- H.-W. Loidl and K. Hammond. A sized time system for a parallel functional language. In Proceedings ofthe Glasgow Workshop on Functional Programming, Ullapool, Scotland, July 1996.Google Scholar
- N. Lynch and M. Tuttle. An introduction to input/output automata. CWI-Quarterly, 2(3)(3):219--246, Sept. 1989.Google Scholar
- N. Lynch and F. Vaandrager. Forward and backward simulations -- part I: Untimed systems. Information and Computation, 121(2):214--233, Sept. 1995. Google ScholarDigital Library
- N. Lynch and F. Vaandrager. Forward and backward simulations -- part II: Timing-based systems. Information and Computation, 128(1):1--25, July 1996. Google ScholarDigital Library
- R. Milner, J. Parrow, and D. Walker. A Calculus of Mobile Processes (Part I and II). Information and Computation, (100):1--77, 1992. Google ScholarDigital Library
- L. C. Paulson. Isabelle: A Generic Theorem Prover, volume LNCS 828. Springer-Verlag, 1994.Google Scholar
- C. A. Petri. Communication with Automata. PhD thesis, Univ. Bonn, 1966.Google Scholar
- B. Reistad and D. K. Gifford. Static dependent costs for estimating execution time. In LISP and Functional Programming, pages 65--78, 1994. Google ScholarDigital Library
- H. Theiling, C. Ferdinand, and R. Wilhelm. Fast and precise wcet prediction by separated cache and path analyses. Real-Time Syst., 18(2--3):157--179, 2000. Google ScholarDigital Library
- S. Tripakis, B. Lickly, T. A. Henzinger, and E. A. Lee. On relational interfaces. In EMSOFT '09: Proceedings of the seventh ACM international conference on Embedded software, pages 67--76, New York, NY, USA, 2009. ACM. Google ScholarDigital Library
- E. Tsang. A glimpse of constraint satisfaction. Artif. Intell. Rev., 13(3):215--227, 1999. Google ScholarDigital Library
- E. P. K. Tsang. Foundations of Constraint Satisfaction. Academic Press, London and San Diego, 1993.Google Scholar
- R. Wilhelm, J. Engblom, A. Ermedahl, N. Holsti, S. Thesing, D. Whalley, G. Bernat, C. Ferdinand, R. Heckmann, T. Mitra, F. Mueller, I. Puaut, P. Puschner, J. Staschulat, and P. Stenström. The worst-case execution-time problem--overview of methods and survey of tools. Trans. on Embedded Computing Sys., 7(3):1--53, 2008. Google ScholarDigital Library
Index Terms
- Safe compositional network sketches: formal framework
Recommendations
Are Logical Languages Compositional?
In this paper I argue that in contrast to natural languages, logical languages typically are not compositional. This does not mean that the meaning of expressions cannot be determined at all using some well-defined set of rules. It only means that the ...
A compositional approach to statecharts semantics
SIGSOFT '00/FSE-8: Proceedings of the 8th ACM SIGSOFT international symposium on Foundations of software engineering: twenty-first century applicationsStatecharts is a visual language for specifying reactive system behavior. The formalism extends traditional finite-state machines with notions of hierarchy and concurrency, and it is used in many popular software design notations. A large part of the ...
A compositional approach to statecharts semantics
Statecharts is a visual language for specifying reactive system behavior. The formalism extends traditional finite-state machines with notions of hierarchy and concurrency, and it is used in many popular software design notations. A large part of the ...
Comments