Language Workbenches, Embedded Software and Formal Verification
|
|
- Jessica Logan
- 5 years ago
- Views:
Transcription
1 Language Workbenches, Embedded Software and Formal Verification Markus Voelter independent/itemis +Markus Voelter Daniel Ratiu ForTISS GmbH
2
3 mbeddr 1
4
5 An extensible version of the C programming language for Embedded Programming C the Difference C the Future gefördert durch das BMBF Förderkennzeichen 01 S11014
6 An extensible C with support for formal methods, requirements and PLE.
7 IDE for Everything
8 A debugger for all of that
9 SDK for building your own Language Extensions!
10 IDE for Everything JetBrains MPS Open Source Language Workbench
11
12 Challenges in embedded software development
13 Abstraction without Runtime Cost
14 C considered unsafe
15 Program Annotations
16 Static Checks and Verification
17 Product Lines and Requirement Traces
18 Separate, hard to integrate Tools
19
20 Subset of Available Extensions
21 All of C (cleaned-up)
22
23 Retargettable Build Integration
24
25 Native Support for Unit Testing and Logging
26
27
28 Physical Units
29
30 Components Interfaces Contracts Instances Mocks & Stubs
31
32
33
34 State Machines + Model Checking
35
36
37 Decision Tables + Consistency and Completeness Checks
38
39 Support for Frama-C + High-level Iterators
40 IDE Support for Frama- C Annota3ons
41 Generate Frama- C Annota3ons from Higher- level Constructs
42 Requirements Tracability
43
44
45
46 Product Line Variability
47
48
49
50
51
52 Status and Availability
53
54 Developed within LWES Language Workbenches for Embedded Systems gefördert durch das BMBF Förderkennzeichen 01 S11014
55 Most is Open Source (EPL); the rest will follow this year.
56 support for graphical early 2013
57 integration in early 2013
58
59 2 Language Engineering w/ Language Workbenches
60
61 Introduction
62 A DSL is a focussed, processable language for describing a specific concern when building a system in a specific domain. The abstractions and notations used are natural/ suitable for the stakeholders who specify that particular concern.
63 Concepts (abstract syntax) (concrete) Syntax semantics (generators) Tools and IDE
64 more in GPLs more in DSL Domain Size large and complex smaller and well-defined Designed by guru or committee a few engineers and domain experts Language Size large small Turing-completeness almost always often not User Community In-language abstraction large, anonymous and widespread sophisticated small, accessible and local limited Lifespan years to decades months to years (driven by context) Evolution slow, often standardized fast-paced Incompatible Changes almost impossible feasible
65 General Purpose C Components State Machines Domain Specific Sensor Access LEGO Robot Control
66 Big Language o a b n c m k L d e j f i h g with many first class concepts!
67 Small Language α δ L β ω λ with a few, orthogonal and poweful concepts
68 Modular Language α my L a b c d e f g h i j k l β with many optional, composable modules
69
70 Model an abstraction or simplification of reality ecosurvey.gmu.edu/glossary.htm
71 Model which ones? an abstraction or simplification of reality what should we leave out? ecosurvey.gmu.edu/glossary.htm
72 Model Purpose code generation analysis and checking platform independence stakeholder integration drives design of language!
73 Programs Languages Domains
74 deductive top down body of knowledge in the real world Domain existing software (family) inductive bottom up
75 Domain Domain existing software (family) inductive bottom up
76 Domain Hierarchy
77 Domain Hierarchy automotive avionics embedded software all programs Example Exten ded C
78 Heterogeneous Example Exten ded C
79 Heterogeneous C Statemachines Testing Example Exten ded C
80
81 Domain Hierarchy more specialized domains more specialized languages
82 Reification D n
83 Reification D n+1 == D n
84 Reification Transformation/ Generation == Language Definition
85 ?
86 ? Overspecification! Requires Semantic Analysis!
87 ! Declarative! Directly represents Semantics. Linguistic Abstraction
88 Def: DSL A DSL is a language at D that provides linguistic abstractions for common patterns and idioms of a language at D-1 when used within the domain D.
89 Def: DSL cont d A good DSL does not require the use of patterns and idioms to express semantically interesting concepts in D. Processing tools do not have to do semantic recovery on D programs. Declarative!
90 Another Example Example Exten ded C
91 Another Example Turing Complete! Requires Semantic Analysis! Example Exten ded C
92 Linguistic Abstraction Example Exten ded C
93 Linguistic Abstraction Example Exten ded C
94 Linguistic Abstraction In-Language Abstraction Libraries Classes Frameworks
95 Linguistic Abstraction Analyzable Better IDE Support In-Language Abstraction User-Definable Simpler Language
96 Linguistic Abstraction Analyzable Better IDE Support Special Treatment! In-Language Abstraction User-Definable Simpler Language
97
98 Semantics
99 Static Semantics Execution Semantics
100 Static Semantics Execution Semantics
101 Static Semantics Constraints Type Systems
102 Unique State Names Unreachable States Dead End States Example Exten ded C
103 Unique State Names Unreachable States Dead End States Easier to do on a declarative Level! Example Exten ded C
104 Unique State Names Unreachable States Dead End States Easier to do on a declarative Level! Thinking of all constraints is a coverage problem! Example Exten ded C
105 Assign fixed types What does a type system do?
106 Derive Types Assign fixed types What does a type system do?
107 Derive Types Assign fixed types Calculate Common Types What does a type system do?
108 Assign fixed types Derive Types Calculate Common Types Check Type Consistency What does a type system do?
109 Intent + Derive Check More code Better error messages Better Performance More convenient More complex checkers Harder to understand for users
110 Example Refrige rators
111
112 What does it all mean? Execution Semantics
113 Def: Semantics via mapping to lower level OB: Observable Behaviour (Test Cases)
114 Def: Semantics via mapping to lower level L D Transformation Interpretation L D-1
115 Transformation D n+1 D n
116 Transformation Example Exten ded C
117 Transformation L D Transformation L D-1 Known Semantics!
118 Transformation L D Correct!? Transformation L D-1
119 Transformation Tests (D) L D Transformation Tests (D-1) L D-1 Run tests on both levels; all pass. Coverage Problem!
120 Transformation Tests Simulators Documentation L D Transformation L D-1
121 Multi-Stage L 3 L 2 Modularization L 1 L 0
122 Multi-Stage: Reuse L 3 L 2 L 5 L 1 Reusing Later Stages L 0 Optimizations!
123 Multi-Stage: Reuse L 3 L 2 L 5 Robot Control State Machine Components L 1 C (MPS tree) L 0 C Text Example Exten ded C
124 Multi-Stage: Reuse L 3 L 2 L 5 Robot Control State Machine Consistency Model Checking Components Efficient Mappings L 0 L 1 C Type System C (MPS tree) Syntactic Correctness, Headers C Text Example Exten ded C
125 Multi-Stage: Reuse L 3 Reusing Early Stages L 2 Portability L 1 L 1b L 0 L 0b
126 Multi-Stage: Reuse L 3 L 2 L 1 L 1b Java C# Example L 0 L 0b Exten ded C
127 Multi-Stage: Preprocess Adding an optional, modular emergency stop feature
128 Reduced Expressiveness bad? maybe. good? maybe! Model Checking SMT Solving Exhaustive Search, Proof!
129
130 Language Modularity
131 Language Modularity, Behavior Composition and Reuse (LMR&C) increase efficiency of DSL development
132 Language Modularity, Behavior Composition and Reuse (LMR&C) increase efficiency of DSL development 4 ways of composition: Referencing Reuse Extension Reuse
133 Language Modularity, Behavior Composition and Reuse (LMR&C) increase efficiency of DSL development 4 ways of composition: distinguished regarding dependencies and fragment structure
134 Dependencies: Behavior do we have to know about the reuse when designing the languages?
135 Dependencies: Behavior do we have to know about the reuse when designing the languages? Fragment Structure: homogeneous vs. heterogeneous ( mixing languages )
136 Behavior Dependencies & Fragment Structure:
137 Behavior Dependencies & Fragment Structure:
138 Referencing
139 Referencing Dependent No containment
140 Referencing Used in Viewpoints
141 Referencing Fragment Fragment references Fragment
142 Referencing Example Refrige rators
143 Extension
144 Extension Dependent Containment
145 Extension more specialized domains more specialized languages
146 Extension D n+1 == D n
147 Extension D n+1 == D n
148 Extension Good for bottom-up (inductive) domains, and for use by technical DSLs (people) D n ==
149 Extension Behavior Drawbacks tightly bound to base potentially hard to analyze the combined program
150 Extension Example Exten ded C
151 Extension Example Exten ded C
152 Reuse
153 Reuse Independent No containment
154 Reuse Behavior Often the referenced language is built expecting it will be reused. Hooks may be added.
155 Embedding
156 Embedding
157 Embedding Independent Containment
158 Embedding Example Pension Plans
159 Embedding Behavior Embedding often uses Extension to extend the embedded language to adapt it to its new context.
160 Challenges - Syntax Behavior Extension and Embedding requires modular concrete syntax Many tools/formalisms cannot do that
161 Challenges Type Systems Behavior Extension: the type system of the base language must be designed to be extensible/ overridable
162 Challenges Type Systems Behavior Reuse and Embedding: Rules that affect the interplay can reside in the adapter language.
163 Challenges Trafo & Gen Referencing (I) Behavior Written specifically for the combination Can be Reused Two separate, dependent single-source transformations
164 Challenges Trafo & Gen Referencing (II) A single multi-sourced transformation
165 Challenges Trafo & Gen Referencing (III) A preprocessing trafo that changes the referenced frag in a way specified by the referencing frag
166 Challenges Trafo & Gen Extension Transformation by assimiliation, i.e. generating code in the host lang from code expr in the extension lang.
167 Challenges Trafo & Gen Extension Example Exten ded C
168 Challenges Trafo & Gen Reuse (I) Reuse of existing transformations for both fragments plus generation of adapter code
169 Challenges Trafo & Gen Reuse (II) composing transformations
170 Challenges Trafo & Gen Reuse (III) generating separate artifacts plus a weaving specification
171 Challenges Trafo & Gen Embedding (I) a purely embeddable language may not come with a generator. Assimilation (as with Extension)
172 Challenges Trafo & Gen Embedding (II) Adapter language can coordinate the transformations for the host and for the emebedded languages.
173
174 3 Formal Verification
175 Can language engineering increase the adoption of formal verification?
176 Can we make formal verification more usable and agile?
177 Our goal: formal verification for everyone
178 Challenges with using formal analyses 1) Writing the formal model 2) Specify the property to be verified 3) Interpret the analysis results
179 Addressing the challenges 1) Wrap the language of the analysis tool into higher level languages 2) Define out-of-the-box analyses goals that can be automated 3) Lift the analysis results at the abstraction level of the domain
180 Challenges with Building Formal Analyses Tools [...] model construc3on problem: the seman.c gap between the ar.facts produced by so:ware developers and those accepted by current verifica.on tools. [...] In order to use a verifica.on tool on a real program, the developer must extract an abstract mathema3cal model of the program s salient proper3es and specify this model in the input language of the verifica3on tool. This process is both error- prone and.me- consuming ICSE 2000, CorbeI et. al., Bandera...
181 Addressing the challenges Define sub- languages that are easier to analyze and embedd them in more expressive languages. Allow developers to write programs directly in a sub- language that is easier to analyze.
182 Adequate Languages Make the Life Simpler Analyses are simpler to define Automa3on degree grows / analyses are (computa3onally) more feasible The results of analyses can be presented in more adequate form Today s state of prac3ce: Write some program (e.g. C) and then try (very hardly) to analyze it. Today s state of the art: Write programs that can be analyzed The mbeddr approach: by using adequate language (fragments)
183 Allow SoUware Developers Make Informed Decisions... Either write a sub- system in a restricted (but verifiable language) or use the full power of a GPL Get immediate feedback if you are (not) in the verifiable sub- set 183
184 Characteris3cs of Analyzable Languages High modularisa3on and encapsula3on Small and well- defined interfaces Clean- up or restrict problema3c features Access to global state, side- effects, etc. Raise the level of abstrac3on Be able to leave out unnecessary details Eliminate the accidental complexity Be able to directly express what we want without any encoding 184
185 Code- based, Model- based and DSLs- based Analyses Formal analysis tools e.g. model checkers, SMT solvers Program abstrac.on Abstrac.on GPL Code Abstract models, - e.g. Statecharts Genera.on GPL Code DSL1 DSL2 C code Clean, easy to analyze DSLs DSL3... m2m transf. code gen. Challenges: - program abstrac.on - iden.fica.on of invariants - figh.ng accidental complexity Agile Formal Analyses Daniel Ra.u Challenges: - integrate with exis.ng systems - for many tasks the models are not enough expressive Challenges: - Find adequate language fragments and corresponding analyses mbeddr
186 Paradigm Change for analyses users: decide which parts of programs will be analyzed and use adequate language fragments that allow analysis... for analyses developers: it is easier to extend/restrict languages than to extend analyses to deal with intricacies of all language features
187
188 Referencing Verifying State Machines
189 Model Checking
190 Model Checking
191 Out of the box verification conditions Unreachable States Dead End States Live States Transitions Nondeterminism Dead Transitions Variables out-of-bounds Check the sanity of the code
192 Have a (temporal) scope: Global User Defined Properties Before R R R After Q Q Q Between Q and R After Q Until R Q Q Q Q R R Q Q R Q that restrict a certain basic property: P not P S responds to P Define Business-Domain Specific Verification Conditions
193 Model Checking
194 Model Checking
195 Model Checking
196 Example Exten ded C
197 Example Restricted State Machines: float vars. are not allowed
198
199 Referencing Verifying Decision Tables
200 Decision Tables Example Exten ded C
201 Decision Tables Completeness: did we cover all cases? Consistency: are there overlapping cases?
202 Decision Tables Easy to answer using an SMT solver SMT = Sa3sfiability Modulo Theories - extension of boolean sa.sfiability with addi.onal theories like linear arithme.c
203 Decision Tables
204 Decision Tables Language restric3on: non- linear expressions are not allowed
205
206 New Challenges Iden3fy language fragments relevant to developers that can be easily analyzed Ensure equivalence with the transla3on to C or, at least, increase the confidence that they are close enough for a certain analysis goal
207
208 The End. Most of this material is part of Markus upcoming (early 2013) book DSL Engineering. Stay in touch, it may become a free ebook +Markus Voelter
A conceptual framework for building good DSLs. Markus Voelter independent/itemis
DSL Design A conceptual framework for building good DSLs Markus Voelter independent/itemis voelter@acm.org www.voelter.de voelterblog.blogspot.de @markusvoelter +Markus Voelter based on material from a
More informationA little History Domain Specific Languages Examples Tools Benefits A more theoretical View Programming and Modeling The LWES Project Bonus: Best
Domain Specific Languages Markus Voelter Independent/itemis voelter@acm.org A little History Domain Specific Languages Examples Tools Benefits A more theoretical View Programming and Modeling The LWES
More information10 Thoughts 2 Demos * Discussions
Developing Embedded software with Language Workbenches Stuttgart, 20.09.2011 Markus Voelter Independent/itemis voelter@acm.org 10 Thoughts 2 Demos * Discussions 1 1 Embedded Development Two Classes in
More informationTesting DSLs How to test DSLs, their IDEs and Programs
Testing DSLs How to test DSLs, their IDEs and Programs Markus Voelter independent/itemis voelter@acm.org www.voelter.de voelterblog.blogspot.de @markusvoelter +Markus Voelter A DSL is a focussed, processable
More informationDSL Implementation. ... with language Workbenches. v1.1 Jan 16, Markus Voelter independent/itemis
DSL Implementation... with language Workbenches. v1.1 Jan 16, 2013 Markus Voelter independent/itemis voelter@acm.org www.voelter.de voelterblog.blogspot.de @markusvoelter +Markus Voelter Last Year s Talk
More informationDomain Specific Languages. Product Line Engineering
Using Domain Specific Languages in the context of Product Line Engineering Markus Voelter Independent/itemis voelter@acm.org Using Domain Specific Languages in the context of Product Line Engineering DSLs
More informationPlan. Language engineering and Domain Specific Languages. Language designer defines syntax. How to define language
Plan Language engineering and Domain Specific Languages Perdita Stevens School of Informatics University of Edinburgh 1. Defining languages 2. General purpose languages vs domain specific languages 3.
More informationDESIGN, EVOLUTION AND USE
DESIGN, EVOLUTION AND USE of KernelF voelter@acm.org www.voelter.de @markusvoelter Markus Völter Check out the paper! http://voelter.de/data /pub/kernelf-icmt.pdf EXAMPLE 1 Healthcare 1 Context Mobile
More informationLanguage engineering and Domain Specific Languages
Language engineering and Domain Specific Languages Perdita Stevens School of Informatics University of Edinburgh Plan 1. Defining languages 2. General purpose languages vs domain specific languages 3.
More informationDomain Specific Languages. Requirements (Engineering)
Domain Specific Languages and Requirements (Engineering) Andreas Graf Andreas.graf@itemis.de Markus Voelter www.voelter.de voelter@acm.org What are Requirements? a requirement is a singular documented
More informationProgramming Modeling Two Worlds? Programmierung Modellierung Zwei Welten? und. and. Markus Voelter Independent/itemis
und Programmierung Modellierung Zwei Welten? and Modeling Two Worlds? Markus Voelter Independent/itemis voelter@acm.org Markus Voelter Independent/itemis voelter@acm.org 1 Languages C# Erlang C++ Python
More informationLanguage Extension and Composition with Language Workbenches
Language Extension and Composition with Language Workbenches Eelco Visser TU Delft E.Visser@tudelft.nl Markus Voelter Independent/itemis voelter@acm.org Different Worlds Programming Tools!= Modeling Tools
More informationProgramming Languages
Trends in Programming Languages ICALEPCS 2011 Markus Voelter Independent/itemis voelter@acm.org A single language to rule them all An ecosystem of languages An ecosystem of languages The Pendulum Swings
More informationWhat are Requirements?
Domain Specific Languages and Requirements (Engineering) Markus Voelter www.voelter.de voelter@acm.org What are Requirements? 1 a requirement is a singular documented need of what a particular product
More informationMarkus Völter
of Markus Völter voelter@acm.org www.voelter.de @markusvoelter Examples 1 Healthcare Context & Motivation Mobile Apps that help patients w/ treatments Monitor side-effects and recommend actions Manage
More informationAutomated Testing of DSL Implementations
Software Quality Journal manuscript No. (will be inserted by the editor) Automated Testing of DSL Implementations Experiences from Building mbeddr Daniel Ratiu Markus Voelter Domenik Pavletic Received:
More informationLet s build. like they build. Markus Völter Bernd Kolb
Let s build like they build Markus Völter voelter@acm.org www.voelter.de @markusvoelter Bernd Kolb kolb@itemis.de www.itemis.de @berndkolb B 0 Motivation Examples 1 M Healthcare Context & Motivation Mobile
More informationLanguage Shapes (Architectural) Thought Markus Völter
Language Shapes (Architectural) Thought Markus Völter voelter@acm.org www.voelter.de @markusvoelter Language Shapes (Architectural) Thought Sapir Whorf hypothesis aka Whorfianism The principle of linguis;c
More informationCompositional Model Based Software Development
Compositional Model Based Software Development Prof. Dr. Bernhard Rumpe http://www.se-rwth.de/ Seite 2 Our Working Groups and Topics Automotive / Robotics Autonomous driving Functional architecture Variability
More informationPOLITECNICO DI TORINO Repository ISTITUZIONALE
POLITECNICO DI TORINO Repository ISTITUZIONALE Tool-automation for supporting the DSL learning process Original Tool-automation for supporting the DSL learning process / Tomassetti F.; Figueroa C.; Ratiu
More informationDeclarative. Contracts
Declarative Smart Contracts Markus Völter voelter@acm.org www.voelter.de @markusvoelter 1 Context SMART An actual contract, executed automatically. CONTRACT Any Turing Complete Program running on a Blockchain.
More informationchallenges in domain-specific modeling raphaël mannadiar august 27, 2009
challenges in domain-specific modeling raphaël mannadiar august 27, 2009 raphaël mannadiar challenges in domain-specific modeling 1/59 outline 1 introduction 2 approaches 3 debugging and simulation 4 differencing
More informationVariability differences among products in PL. Variability in PLE. Language Workbenches. Language Workbenches. Product Line Engineering
PPL 2009 Keynote Markus Voelter Indepenent/itemis voelter@acm.org http://www.voelter.de Language Workbenches in Product Line Engineering Variability in PLE Language Workbenches in Domain Specific Languages
More informationDomain Specific - a Binary Decision?
Domain Specific - a Binary Decision? Markus Voelter independent/itemis Ötztaler Strasse 38 70327 Stuttgart, Germany voelter@acm.org Bernhard Merkle SICK AG R&D Software Engineering Erwin-Sick-Str.1 79183
More informationProjecting a Modular Future
Projecting a Modular Future Markus Voelter 1, Jos Warmer 2, and Bernd Kolb 3 1 independent/itemis, voelter@acm.org 2 independent, jos.warmer@openmodeling.nl 3 itemis, bernd.kolb@itemis.de Abstract. We
More informationISO compliant verification of functional requirements in the model-based software development process
requirements in the model-based software development process Hans J. Holberg SVP Marketing & Sales, BTC Embedded Systems AG An der Schmiede 4, 26135 Oldenburg, Germany hans.j.holberg@btc-es.de Dr. Udo
More informationDomain-Specific Languages Language Workbenches
Software Engineering with and Domain-Specific Languages Language Workbenches Peter Friese Itemis peter.friese@itemis.de Markus Voelter Independent/itemis voelter@acm.org 1 Programming Languages C# Erlang
More informationFrustrated by all the hype?
Fundamentals of Software Architecture Looking beyond the hype Markus Völter (voelter@acm.org) Introduction Frustrated by all the hype? If so this presentation is for you. Otherwise you should leave People
More informationStatic Analysis by A. I. of Embedded Critical Software
Static Analysis by Abstract Interpretation of Embedded Critical Software Julien Bertrane ENS, Julien.bertrane@ens.fr Patrick Cousot ENS & CIMS, Patrick.Cousot@ens.fr Radhia Cousot CNRS & ENS, Radhia.Cousot@ens.fr
More informationSIMPLIFYING COMPLEX EMBEDDED DEVELOPMENT PROCESSES WITH MBEDDR
29.10.2013 SIMPLIFYING COMPLEX EMBEDDED DEVELOPMENT PROCESSES WITH MBEDDR Stefan Schmierer Markus Völter, Bernd Kolb CONTEXT. WHAT IS MBEDDR? An extensible set of integrated languages for embedded so3ware
More informationPrinciples of Programming Languages
Principles of Programming Languages Lesson 14 Type Checking Collaboration and Management Dana Fisman www.cs.bgu.ac.il/~ppl172 1 Type Checking We return to the issue of type safety we discussed informally,
More informationMDSE USE CASES. Chapter #3
Chapter #3 MDSE USE CASES Teaching material for the book Model-Driven Software Engineering in Practice by Morgan & Claypool, USA, 2012. www.mdse-book.com MDSE GOES FAR BEYOND CODE-GENERATION www.mdse-book.com
More informationCSCI B522 Lecture 11 Naming and Scope 8 Oct, 2009
CSCI B522 Lecture 11 Naming and Scope 8 Oct, 2009 Lecture notes for CS 6110 (Spring 09) taught by Andrew Myers at Cornell; edited by Amal Ahmed, Fall 09. 1 Static vs. dynamic scoping The scope of a variable
More informationCIS 1.5 Course Objectives. a. Understand the concept of a program (i.e., a computer following a series of instructions)
By the end of this course, students should CIS 1.5 Course Objectives a. Understand the concept of a program (i.e., a computer following a series of instructions) b. Understand the concept of a variable
More informationApplying Model Driven Technologies in the Creation. of Domain Specific Modeling Languages
Applying Model Driven Technologies in the Creation Model Driven Development Language Editor Generator Abstraction Model Driven Development Refinement of Domain Specific Modeling Languages Bruce Trask Angel
More informationSimply-Typed Lambda Calculus
#1 Simply-Typed Lambda Calculus #2 Back to School What is operational semantics? When would you use contextual (small-step) semantics? What is denotational semantics? What is axiomatic semantics? What
More informationThe PISA Project A Model Driven Development case study
In collaboration with The PISA Project A Model Driven Development case study Pedro J. Molina, PhD. May 19 th, 2007 Contents Introduction Goals Foundations Design aspects & Trade-offs Demo Problems found
More informationInheritance (Chapter 7)
Inheritance (Chapter 7) Prof. Dr. Wolfgang Pree Department of Computer Science University of Salzburg cs.uni-salzburg.at Inheritance the soup of the day?! Inheritance combines three aspects: inheritance
More informationCS558 Programming Languages
CS558 Programming Languages Fall 2016 Lecture 3a Andrew Tolmach Portland State University 1994-2016 Formal Semantics Goal: rigorous and unambiguous definition in terms of a wellunderstood formalism (e.g.
More informationA Collaborative User-centered Approach to Fine-tune Geospatial
A Collaborative User-centered Approach to Fine-tune Geospatial Database Design Grira Joel Bédard Yvan Sboui Tarek 16 octobre 2012 6th International Workshop on Semantic and Conceptual Issues in GIS - SeCoGIS
More informationISO Compliant Automatic Requirements-Based Testing for TargetLink
ISO 26262 Compliant Automatic Requirements-Based Testing for TargetLink Dr. Udo Brockmeyer CEO BTC Embedded Systems AG An der Schmiede 4, 26135 Oldenburg, Germany udo.brockmeyer@btc-es.de Adrian Valea
More informationHow much is a mechanized proof worth, certification-wise?
How much is a mechanized proof worth, certification-wise? Xavier Leroy Inria Paris-Rocquencourt PiP 2014: Principles in Practice In this talk... Some feedback from the aircraft industry concerning the
More informationChapter 4 Objectives
Chapter 4 Objectives Eliciting requirements from the customers Modeling requirements Reviewing requirements to ensure their quality Documenting requirements for use by the design and test teams 4.1 The
More informationOutline. What is semantics? Denotational semantics. Semantics of naming. What is semantics? 2 / 21
Semantics 1 / 21 Outline What is semantics? Denotational semantics Semantics of naming What is semantics? 2 / 21 What is the meaning of a program? Recall: aspects of a language syntax: the structure of
More informationAbout the Tutorial. Audience. Prerequisites. Copyright & Disclaimer. Compiler Design
i About the Tutorial A compiler translates the codes written in one language to some other language without changing the meaning of the program. It is also expected that a compiler should make the target
More informationOMG Systems Modeling Language Tutorial May, 2012
OMG Systems Modeling Language Tutorial May, 2012 Giuseppe Scanniello Giuseppina Casalaro System Engineering Overview System Engineering (SE) is a discipline to deal with complex system realised through
More informationThe Environment Model. Nate Foster Spring 2018
The Environment Model Nate Foster Spring 2018 Review Previously in 3110: Interpreters: ASTs, evaluation, parsing Formal syntax: BNF Formal semantics: dynamic: small-step substitution model static semantics
More informationaxiomatic semantics involving logical rules for deriving relations between preconditions and postconditions.
CS 6110 S18 Lecture 18 Denotational Semantics 1 What is Denotational Semantics? So far we have looked at operational semantics involving rules for state transitions, definitional semantics involving translations
More informationSUMMARY: MODEL DRIVEN SECURITY
SUMMARY: MODEL DRIVEN SECURITY JAN-FILIP ZAGALAK, JZAGALAK@STUDENT.ETHZ.CH Model Driven Security: From UML Models to Access Control Infrastructres David Basin, Juergen Doser, ETH Zuerich Torsten lodderstedt,
More informationThe UPPAAL Model Checker. Julián Proenza Systems, Robotics and Vision Group. UIB. SPAIN
The UPPAAL Model Checker Julián Proenza Systems, Robotics and Vision Group. UIB. SPAIN The aim of this presentation Introduce the basic concepts of model checking from a practical perspective Describe
More informationSemantic Analysis. Outline. The role of semantic analysis in a compiler. Scope. Types. Where we are. The Compiler Front-End
Outline Semantic Analysis The role of semantic analysis in a compiler A laundry list of tasks Scope Static vs. Dynamic scoping Implementation: symbol tables Types Static analyses that detect type errors
More informationAssistant for Language Theory. SASyLF: An Educational Proof. Corporation. Microsoft. Key Shin. Workshop on Mechanizing Metatheory
SASyLF: An Educational Proof Assistant for Language Theory Jonathan Aldrich Robert J. Simmons Key Shin School of Computer Science Carnegie Mellon University Microsoft Corporation Workshop on Mechanizing
More informationCover Page. The handle holds various files of this Leiden University dissertation
Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue
More informationPrinciples of Programming Languages
Principles of Programming Languages www.cs.bgu.ac.il/~ppl172 Collaboration and Management Dana Fisman Lesson 2 - Types with TypeScript 1 Types What are types in programming languages? What types are you
More informationStatic analysis and testing of executable DSL specification
Static analysis and testing of executable DSL specification Qinan Lai 1, Andy Carpenter 1 1 School of Computer Science, the University of Manchester, Manchester, UK {laiq,afc}@cs.man.ac.uk Keywords: Abstract:
More informationProgrammiersprachen (Programming Languages)
2016-05-13 Preface Programmiersprachen (Programming Languages) coordinates: lecturer: web: usable for: requirements: No. 185.208, VU, 3 ECTS Franz Puntigam http://www.complang.tuwien.ac.at/franz/ps.html
More informationUtilizing a Common Language as a Generative Software Reuse Tool
Utilizing a Common Language as a Generative Software Reuse Tool Chris Henry and Stanislaw Jarzabek Department of Computer Science School of Computing, National University of Singapore 3 Science Drive,
More informationSoftware Architectures
Software Architectures Richard N. Taylor Information and Computer Science University of California, Irvine Irvine, California 92697-3425 taylor@ics.uci.edu http://www.ics.uci.edu/~taylor +1-949-824-6429
More informationPreliminary Experience of using mbeddr for Developing Embedded Software
Preliminary Experience of using mbeddr for Developing Embedded Software Markus Voelter independent/itemis Oetztaler Strasse 38 70327 Stuttgart voelter@acm.org Abstract: Over the last years, as part of
More informationOn partial order semantics for SAT/SMT-based symbolic encodings of weak memory concurrency
On partial order semantics for SAT/SMT-based symbolic encodings of weak memory concurrency Alex Horn and Daniel Kroening University of Oxford April 30, 2015 Outline What s Our Problem? Motivation and Example
More informationSymbolic Execution. Wei Le April
Symbolic Execution Wei Le 2016 April Agenda What is symbolic execution? Applications History Interal Design: The three challenges Path explosion Modeling statements and environments Constraint solving
More informationProgramming Assignment IV Due Monday, November 8 (with an automatic extension until Friday, November 12, noon)
Programming Assignment IV Due Monday, November 8 (with an automatic extension until Friday, November 12, noon) Thus spake the master programmer: A well-written program is its own heaven; a poorly written
More informationMIDTERM EXAMINATION. CSE 130: Principles of Programming Languages. Professor Goguen. February 16, points total
CSE 130, Winter 2006 MIDTERM EXAMINATION CSE 130: Principles of Programming Languages Professor Goguen February 16, 2006 100 points total Don t start the exam until you are told to. Turn off any cell phone
More informationSoftware Engineering using Formal Methods
Software Engineering using Formal Methods Introduction to Promela Wolfgang Ahrendt 03 September 2015 SEFM: Promela /GU 150903 1 / 36 Towards Model Checking System Model Promela Program byte n = 0; active
More informationBetter Stories, Better Languages
Better Stories, Better Languages What Would Alyssa P. Hacker Do? François-René Rideau, TUNES Project Bay Area Lispers, 2009-12-29 http://fare.tunes.org/computing/bal2009.pdf 1 The Take Home Points Software
More informationDiverSE s Seminar about Software Language Engineering
DiverSE s Seminar about Software Language Engineering May 28 th, 2015 Rennes, France http://people.irisa.fr/benoit.combemale/sleseminar2015 THE DIVERSE TEAM DiverSE s Seminar about SLE - May 28 th, 2015-2
More informationK and Matching Logic
K and Matching Logic Grigore Rosu University of Illinois at Urbana-Champaign Joint work with the FSL group at UIUC (USA) and the FMSE group at UAIC (Romania) Question could it be that, after 40 years of
More informationGoals. Greater Geate Abstraction work on a higher level do more with less insulate from technology. Increase Value. Reduce lossiness.
MDD: the Good, the Bad and the Ugly Steven Kelly CTO, MetaCase www.metacase.com com stevek@metacase.com Markus Voelter Independent/itemis AG www.voelter.de voelter@acm.org Part 1 1 Goals Goals Greater
More informationThe etrice Eclipse Project Proposal
The etrice Eclipse Project Proposal Dipl.-Ing. Thomas Schütz, Protos Software GmbH Eclipse Embedded Day 2010, Stuttgart Agenda Motivation Scope of etrice ROOM Language Codegenerators Middleware Realization
More informationThe Substitution Model
The Substitution Model Prof. Clarkson Fall 2017 Today s music: Substitute by The Who Review Previously in 3110: simple interpreter for expression language abstract syntax tree (AST) evaluation based on
More informationMatching Logic. Grigore Rosu University of Illinois at Urbana-Champaign
Matching Logic Grigore Rosu University of Illinois at Urbana-Champaign Joint work with Andrei Stefanescu and Chucky Ellison. Started with Wolfram Schulte at Microsoft Research in 2009 Question could it
More informationDenotational Semantics. Domain Theory
Denotational Semantics and Domain Theory 1 / 51 Outline Denotational Semantics Basic Domain Theory Introduction and history Primitive and lifted domains Sum and product domains Function domains Meaning
More informationUsing C Language Extensions for Developing Embedded So:ware - A Case Study
Using C Language Extensions for Developing Embedded So:ware - A Case Study Markus Völter Arie van Deursen Stephan Eberle Bernd Kolb voelter@acm.org Arie.vanDeursen@tudel:.nl stephan.eberle@itemis.com Bernd.kolb@itemis.de
More informationPractical DSL Design. Groovy Sydney Meetup May 4th, Peter Bell CEO/CTO SystemsForge
Practical DSL Design Groovy Sydney Meetup May 4th, 2010 Peter Bell CEO/CTO SystemsForge Overview Before DSLs... What is a DSL? Creating a DSL Good DSL Design Key Concepts Implementing DSLs in Groovy Testing
More informationRole of Executable UML in MDA. Presented by Shahid Alam
Role of Executable UML in MDA Presented by Shahid Alam salam3@connect.carleton.ca 12/2005 Outline Introduction to MDA Executable UML Does it apply to MDA Model Compilers Conclusion Model Driven Architecture
More informationIntroduction to Modeling
Introduction to Modeling Software Architecture Lecture 9 Copyright Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Objectives Concepts What is modeling? How do we choose
More informationGenerating Continuation Passing Style Code for the Co-op Language
Generating Continuation Passing Style Code for the Co-op Language Mark Laarakkers University of Twente Faculty: Computer Science Chair: Software engineering Graduation committee: dr.ing. C.M. Bockisch
More informationCISC327 - So*ware Quality Assurance
CISC327 - So*ware Quality Assurance Lecture 12 Black Box Tes?ng CISC327-2003 2017 J.R. Cordy, S. Grant, J.S. Bradbury, J. Dunfield Black Box Tes?ng Outline Last?me we con?nued with black box tes?ng and
More informationThe Environment Model
The Environment Model Prof. Clarkson Fall 2017 Today s music: Selections from Doctor Who soundtracks by Murray Gold Review Previously in 3110: Interpreters: ASTs, evaluation, parsing Formal syntax: BNF
More informationArchitecture-driven development of Climate Control Software LMS Imagine.Lab Embedded Software Designer Siemens DF PL
Architecture-driven development of Climate Control Software LMS Imagine.Lab Embedded Software Designer Siemens DF PL Restricted Siemens AG 2017 Realize innovation. Content 1 Overview 3 2 LMS Imagine.Lab
More informationDescribing the architecture: Creating and Using Architectural Description Languages (ADLs): What are the attributes and R-forms?
Describing the architecture: Creating and Using Architectural Description Languages (ADLs): What are the attributes and R-forms? CIS 8690 Enterprise Architectures Duane Truex, 2013 Cognitive Map of 8090
More informationIs Power State Table Golden?
Is Power State Table Golden? Harsha Vardhan #1, Ankush Bagotra #2, Neha Bajaj #3 # Synopsys India Pvt. Ltd Bangalore, India 1 dhv@synopsys.com 2 ankushb@synopsys.com 3 nehab@synopsys.com Abstract: Independent
More informationSoftware Life Cycle. Main issues: Discussion of different life cycle models Maintenance or evolution
Software Life Cycle Main issues: Discussion of different life cycle models Maintenance or evolution Introduction software development projects are large and complex a phased approach to control it is necessary
More informationNote that in this definition, n + m denotes the syntactic expression with three symbols n, +, and m, not to the number that is the sum of n and m.
CS 6110 S18 Lecture 8 Structural Operational Semantics and IMP Today we introduce a very simple imperative language, IMP, along with two systems of rules for evaluation called small-step and big-step semantics.
More informationStructured Analysis and Structured Design
Structured Analysis and Structured Design - Introduction to SASD - Structured Analysis - Structured Design Ver. 1.5 Lecturer: JUNBEOM YOO jbyoo@konkuk.ac.kr http://dslab.konkuk.ac.kr References Modern
More informationFormally Certified Satisfiability Solving
SAT/SMT Proof Checking Verifying SAT Solver Code Future Work Computer Science, The University of Iowa, USA April 23, 2012 Seoul National University SAT/SMT Proof Checking Verifying SAT Solver Code Future
More informationProgramming Assignment IV
Programming Assignment IV 1 Introduction In this assignment, you will implement the static semantics of Cool. You will use the abstract syntax trees (AST) built by the parser to check that a program conforms
More information! Use of formal notations. ! in software system descriptions. ! for a broad range of effects. ! and varying levels of use. !
What Are Formal Methods? David S. Rosenblum ICS 221 Winter 2001! Use of formal notations! first-order logic, state machines, etc.! in software system descriptions! system models, constraints, specifications,
More informationInterplay Between Language and Formal Verification
Interplay Between Language and Formal Verification Dr. Carl Seger Senior Principal Engineer Strategic CAD Labs, Intel Corp. Nov. 4, 2009 Quiz 1 Outline Context of talk Evolution of a custom language Stage
More informationCombined Object-Lambda Architectures
www.jquigley.com jquigley#jquigley.com Chicago Lisp April 2008 Research Goals System Goals Conventional Systems Unconventional Systems Research Goals Question: How to make with Pepsi and Coke? The Goal:
More informationSoftware Testing part II (white box) Lecturer: Giuseppe Santucci
Software Testing part II (white box) Lecturer: Giuseppe Santucci 4. White box testing White-box (or Glass-box) testing: general characteristics Statement coverage Decision coverage Condition coverage Decision
More informationChapter 3 (part 3) Describing Syntax and Semantics
Chapter 3 (part 3) Describing Syntax and Semantics Chapter 3 Topics Introduction The General Problem of Describing Syntax Formal Methods of Describing Syntax Attribute Grammars Describing the Meanings
More informationIntroduction to Dependable Systems: Meta-modeling and modeldriven
Introduction to Dependable Systems: Meta-modeling and modeldriven development http://d3s.mff.cuni.cz CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics 3 Software development Automated software
More informationCrafting a Compiler with C (II) Compiler V. S. Interpreter
Crafting a Compiler with C (II) 資科系 林偉川 Compiler V S Interpreter Compilation - Translate high-level program to machine code Lexical Analyzer, Syntax Analyzer, Intermediate code generator(semantics Analyzer),
More informationSymbolic and Concolic Execution of Programs
Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015 Information Security, CS 526 1 Reading for this lecture Symbolic execution and program testing - James
More informationDIVERSITY TG Automatic Test Case Generation from Matlab/Simulink models. Diane Bahrami, Alain Faivre, Arnault Lapitre
DIVERSITY TG Automatic Test Case Generation from Matlab/Simulink models Diane Bahrami, Alain Faivre, Arnault Lapitre CEA, LIST, Laboratory of Model Driven Engineering for Embedded Systems (LISE), Point
More informationMONIKA HEINER.
LESSON 1 testing, intro 1 / 25 SOFTWARE TESTING - STATE OF THE ART, METHODS, AND LIMITATIONS MONIKA HEINER monika.heiner@b-tu.de http://www.informatik.tu-cottbus.de PRELIMINARIES testing, intro 2 / 25
More informationThe role of semantic analysis in a compiler
Semantic Analysis Outline The role of semantic analysis in a compiler A laundry list of tasks Scope Static vs. Dynamic scoping Implementation: symbol tables Types Static analyses that detect type errors
More informationWhole Platform Foundation. The Long Way Toward Language Oriented Programming
Whole Platform Foundation The Long Way Toward Language Oriented Programming 2008 by Riccardo Solmi made available under the Creative Commons License last updated 22 October 2008 Outline Aim: Engineering
More information2.4 Structuring programs
2.4 Structuring programs While theoretically a program could be written as one big expression, in reality we want some structure so that l The programmer has it easier to read the program l A compiler
More information