Basing a Modeling Environment on a General Purpose Theorem Prover

Similar documents
DoD Common Access Card Information Brief. Smart Card Project Managers Group

Multi-Modal Communication

Using Model-Theoretic Invariants for Semantic Integration. Michael Gruninger NIST / Institute for Systems Research University of Maryland

Service Level Agreements: An Approach to Software Lifecycle Management. CDR Leonard Gaines Naval Supply Systems Command 29 January 2003

COMPUTATIONAL FLUID DYNAMICS (CFD) ANALYSIS AND DEVELOPMENT OF HALON- REPLACEMENT FIRE EXTINGUISHING SYSTEMS (PHASE II)

Accuracy of Computed Water Surface Profiles

Kathleen Fisher Program Manager, Information Innovation Office

Information, Decision, & Complex Networks AFOSR/RTC Overview

4. Lessons Learned in Introducing MBSE: 2009 to 2012

ARINC653 AADL Annex Update

HEC-FFA Flood Frequency Analysis

Monte Carlo Techniques for Estimating Power in Aircraft T&E Tests. Todd Remund Dr. William Kitto EDWARDS AFB, CA. July 2011

Running CyberCIEGE on Linux without Windows

Empirically Based Analysis: The DDoS Case

High-Assurance Security/Safety on HPEC Systems: an Oxymoron?

FUDSChem. Brian Jordan With the assistance of Deb Walker. Formerly Used Defense Site Chemistry Database. USACE-Albuquerque District.

Dana Sinno MIT Lincoln Laboratory 244 Wood Street Lexington, MA phone:

Using Templates to Support Crisis Action Mission Planning

2013 US State of Cybercrime Survey

ENVIRONMENTAL MANAGEMENT SYSTEM WEB SITE (EMSWeb)

SCR: A PRACTICAL METHOD FOR REQUIREMENTS SPECIFICATION

A Distributed Parallel Processing System for Command and Control Imagery

DoD M&S Project: Standardized Documentation for Verification, Validation, and Accreditation

Washington University

Wireless Connectivity of Swarms in Presence of Obstacles

Space and Missile Systems Center

The Last Word on TLE. James Brownlow AIR FORCE TEST CENTER EDWARDS AFB, CA May, Approved for public release ; distribution is unlimited.

Concept of Operations Discussion Summary

AFRL-ML-WP-TM

NATO-IST-124 Experimentation Instructions

Advanced Numerical Methods for Numerical Weather Prediction

The C2 Workstation and Data Replication over Disadvantaged Tactical Communication Links

Report Documentation Page

Towards a Formal Pedigree Ontology for Level-One Sensor Fusion

Vision Protection Army Technology Objective (ATO) Overview for GVSET VIP Day. Sensors from Laser Weapons Date: 17 Jul 09 UNCLASSIFIED

A Review of the 2007 Air Force Inaugural Sustainability Report

Edwards Air Force Base Accelerates Flight Test Data Analysis Using MATLAB and Math Works. John Bourgeois EDWARDS AFB, CA. PRESENTED ON: 10 June 2010

ASSESSMENT OF A BAYESIAN MODEL AND TEST VALIDATION METHOD

Stereo Vision Inside Tire

Technological Advances In Emergency Management

73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation

Approaches to Improving Transmon Qubits

Web Site update. 21st HCAT Program Review Toronto, September 26, Keith Legg

MODELING AND SIMULATION OF LIQUID MOLDING PROCESSES. Pavel Simacek Center for Composite Materials University of Delaware

U.S. Army Research, Development and Engineering Command (IDAS) Briefer: Jason Morse ARMED Team Leader Ground System Survivability, TARDEC

WAITING ON MORE THAN 64 HANDLES

David W. Hyde US Army Engineer Waterways Experiment Station Vicksburg, Mississippi ABSTRACT

Exploring the Query Expansion Methods for Concept Based Representation

75th Air Base Wing. Effective Data Stewarding Measures in Support of EESOH-MIS

Guide to Windows 2000 Kerberos Settings

A Methodology for End-to-End Evaluation of Arabic Document Image Processing Software

Distributed Real-Time Embedded Video Processing

ATCCIS Replication Mechanism (ARM)

Setting the Standard for Real-Time Digital Signal Processing Pentek Seminar Series. Digital IF Standardization

Uniform Tests of File Converters Using Unit Cubes

Architecting for Resiliency Army s Common Operating Environment (COE) SERC

Corrosion Prevention and Control Database. Bob Barbin 07 February 2011 ASETSDefense 2011

Smart Data Selection (SDS) Brief

Data Warehousing. HCAT Program Review Park City, UT July Keith Legg,

Lessons Learned in Adapting a Software System to a Micro Computer

Headquarters U.S. Air Force. EMS Play-by-Play: Using Air Force Playbooks to Standardize EMS

REPORT DOCUMENTATION PAGE

LARGE AREA, REAL TIME INSPECTION OF ROCKET MOTORS USING A NOVEL HANDHELD ULTRASOUND CAMERA

Use of the Polarized Radiance Distribution Camera System in the RADYO Program

Topology Control from Bottom to Top

DEVELOPMENT OF A NOVEL MICROWAVE RADAR SYSTEM USING ANGULAR CORRELATION FOR THE DETECTION OF BURIED OBJECTS IN SANDY SOILS

Shallow Ocean Bottom BRDF Prediction, Modeling, and Inversion via Simulation with Surface/Volume Data Derived from X-Ray Tomography

Advanced Numerical Methods for Numerical Weather Prediction

Computer Aided Munitions Storage Planning

Dynamic Information Management and Exchange for Command and Control Applications

Space and Missile Systems Center

73rd MORSS CD Cover Page UNCLASSIFIED DISCLOSURE FORM CD Presentation

C2-Simulation Interoperability in NATO

DISTRIBUTION A: Distribution approved for public release.

Creating, Positioning, and Rotating Rectangles Using C++

Defense Hotline Allegations Concerning Contractor-Invoiced Travel for U.S. Army Corps of Engineers' Contracts W912DY-10-D-0014 and W912DY-10-D-0024

An Update on CORBA Performance for HPEC Algorithms. Bill Beckwith Objective Interface Systems, Inc.

Open Systems Development Initiative (OSDI) Open Systems Project Engineering Conference (OSPEC) FY 98 Status Review 29 April - 1 May 1998

Parallelization of a Electromagnetic Analysis Tool

Fall 2014 SEI Research Review Verifying Evolving Software

75 TH MORSS CD Cover Page. If you would like your presentation included in the 75 th MORSS Final Report CD it must :

Dr. Stuart Dickinson Dr. Donald H. Steinbrecher Naval Undersea Warfare Center, Newport, RI May 10, 2011

BUPT at TREC 2009: Entity Track

UMass at TREC 2006: Enterprise Track

Ross Lazarus MB,BS MPH

Introducing I 3 CON. The Information Interpretation and Integration Conference

ASPECTS OF USE OF CFD FOR UAV CONFIGURATION DESIGN

Android: Call C Functions with the Native Development Kit (NDK)

SURVIVABILITY ENHANCED RUN-FLAT

A Multilevel Secure MapReduce Framework for Cross-Domain Information Sharing in the Cloud

CASE STUDY: Using Field Programmable Gate Arrays in a Beowulf Cluster

Specifying and proving properties of timed I/O automata using Tempo

Army Research Laboratory

QuanTM Architecture for Web Services

Energy Security: A Global Challenge

Balancing Transport and Physical Layers in Wireless Ad Hoc Networks: Jointly Optimal Congestion Control and Power Control

REPORT DOCUMENTATION PAGE

Using TAME to Prove Invariants of Automata Models: Two Case Studies

Office of Global Maritime Situational Awareness

CENTER FOR ADVANCED ENERGY SYSTEM Rutgers University. Field Management for Industrial Assessment Centers Appointed By USDOE

Transcription:

Naval Research Laboratory Washington, DC 20375-5320 NRL/MR/5546--06-8952 Basing a Modeling Environment on a General Purpose Theorem Prover Myla Archer Center for High Assurance Computer Systems Information Technology Division December 29, 2006 Approved for public release; distribution is unlimited.

Form Approved REPORT DOCUMENTATION PAGE OMB No. 0704-0188 Public reporting burden for this collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing this collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden to Department of Defense, Washington Headquarters Services, Directorate for Information Operations and Reports (0704-0188), 1215 Jefferson Davis Highway, Suite 1204, Arlington, VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to any penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. PLEASE DO NOT RETURN YOUR FORM TO THE ABOVE ADDRESS. 1. REPORT DATE (DD-MM-YYYY) 2. REPORT TYPE 3. DATES COVERED (From - To) 29-12-2006 Memorandum Report 4. TITLE AND SUBTITLE Basing a Modeling Environment on a General Purpose Theorem Prover 5a. CONTRACT NUMBER N0001406WX20708 5b. GRANT NUMBER 6. AUTHOR(S) Myla Archer 5c. PROGRAM ELEMENT NUMBER 61153N 5d. PROJECT NUMBER 55-8956-0-7 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Naval Research Laboratory 4555 Overlook Avenue, SW Washington, DC 20375-5320 8. PERFORMING ORGANIZATION REPORT NUMBER NRL/MR/5546--06-8952 9. SPONSORING / MONITORING AGENCY NAME(S) AND ADDRESS(ES) Office of Naval Research One Liberty Center 875 North Randolph Street, Suite 1425 Arlington, VA 22203-1995 10. SPONSOR / MONITOR S ACRONYM(S) 11. SPONSOR / MONITOR S REPORT NUMBER(S) 12. DISTRIBUTION / AVAILABILITY STATEMENT Approved for public release; distribution is unlimited. 13. SUPPLEMENTARY NOTES 14. ABSTRACT A general purpose theorem prover can be thought of as an extremely flexible modeling environment in which one can define and analyze almost any kind of model. A disadvantage to the full flexibility of a general purpose theorem prover is the lack of any guidance on how to construct a model and how then to apply the theorem prover to analyzing the model. In the general environment supplied by the prover, much time can be consumed in deciding how to specify a model and in interacting with and understanding feedback from the prover. However, specification templates, together with proof strategies whose design follows certain principles, can be used in many general purpose provers to create specialized modeling environments that address these difficulties. A specialized modeling environment created in this way can be further extended and/or further specialized by drawing on the underlying theorem prover for additional capabilities, and provides a means of integrating powerful theorem proving capabilities into existing software development environments by way of appropriate translation schemes. This paper will use TAME (Timed Automata Modeling Environment) to illustrate the creation, extension, and specialization of a modeling environment based on PVS, and its integration into several software development environments. 15. SUBJECT TERMS Modeling environments Tool compatibility Software engineering tools Tool integration 16. SECURITY CLASSIFICATION OF: a. REPORT b. ABSTRACT c. THIS PAGE Unclassified Unclassified Unclassified Automata models Specification 17. LIMITATION OF ABSTRACT i Verification Theorem proving 18. NUMBER OF PAGES UL 24 Automated deduction 19a. NAME OF RESPONSIBLE PERSON Myla Archer 19b. TELEPHONE NUMBER (include area code) (202) 404-6304 Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std. Z39.18

CONTENTS 1 Introduction...1 2 TAME...3 3 Example: SCR...6 3.1 Specification in SCR...6 3.2 Representing SCR specifications in TAME...8 3.3 TAME proof support in SCR...12 4 Example: TIOA...13 5 Example: SELinux...16 6 Related Work...18 7 Conclusions and Future Work...18 Acknowledgements...19 References...19 iii

Manuscript approved November 2, 2006.

TAME Strategy AUTO_INDUCT DIRECT_PROOF DIRECT_INDUCTION APPLY_SPECIFIC_PRECOND APPLY_GENERAL_PRECOND APPLY_IND_HYP APPLY_INV_LEMMA APPLY_LEMMA SUPPOSE COMPUTE_POSTSTATE SKOLEM_IN INST_IN TRY_SIMP Purpose Set up a reachable-state induction proof Set up a non-induction proof Set up a mathematical induction proof Introduce the specified precondition Introduce the timing constraints Apply the inductive hypothesis Apply an invariant lemma Apply any general lemma Do a case split and label the cases Compute the poststate of the current transition Skolemize an embedded quantified formula Instantiate an embedded quantified formula Try to complete the proof automatically

Inv_5(s:states): bool = (FORALL (e:edges): length(mq(e,s)) <= 1); ("" (AUTO_INDUCT) (("1" ;;Case add_child(adde_action) (APPLY_SPECIFIC_PRECOND) (SUPPOSE "e_theorem = adde_action") (("1.1" ;;Suppose e_theorem = adde_action (TRY_SIMP)) ("1.2" ;;Suppose not [e_theorem = adde_action] (TRY_SIMP)))) ("2" ;;Case children_known(childv_action) (SUPPOSE "source(e_theorem) = childv_action") (("2.1" ;;Suppose source(e_theorem) = childv_action (APPLY_SPECIFIC_PRECOND) (APPLY_INV_LEMMA "2" "e_theorem") (TRY_SIMP)) ("2.2" ;;Suppose not [source(e_theorem) = childv_action] (TRY_SIMP)))) ("3" ;;Case ack(acke_action) (SUPPOSE "e_theorem = acke_action") (("3.1" ;;Suppose e_theorem = acke_action (APPLY_SPECIFIC_PRECOND) (TRY_SIMP)) ("3.2" ;;Suppose not [e_theorem = acke_action] (TRY_SIMP))))))

Condition Table Mode Transition Table mode 1 event 1 mode 2......... mode 1 event i mode k......... mode n event j mode m Event Table mode 1 cond 1,1... cond 1,m mode 1 event 1,1... event1,m........................ mode n cond n,1... cond n,m mode 1 event n,1... eventn,m var = val 1... val m var = val 1... val m

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback