Towards a Formal Framework for Mobile, Service-Oriented Sensor-Actuator Networks

Service-oriented sensor-actuator networks (SOSANETs) are deployed in health-critical applications like patient monitoring and have to fulfill strong safety requirements. However, a framework for the rigorous formal modeling and analysis of SOSANETs does not exist. In particular, there is currently no support for the verification of correct network behavior after node failure or loss/addition of communication links. To overcome this problem, we propose a formal framework for SOSANETs. The main idea is to base our framework on the \pi-calculus, a formally defined, compositional and well-established formalism. We choose KLAIM, an existing formal language based on the \pi-calculus as the foundation for our framework. With that, we are able to formally model SOSANETs with possible topology changes and network failures. This provides the basis for our future work on prediction, analysis and verification of the network behavior of these systems. Furthermore, we illustrate the real-life applicability of this approach by modeling and extending a use case scenario from the medical domain.Comment: In Proceedings FESCA 2013, arXiv:1302.478

Fault-Tolerance by Graceful Degradation for Car Platoons

The key advantage of autonomous car platoons are their short inter-vehicle distances that increase traffic flow and reduce fuel consumption. However, this is challenging for operational and functional safety. If a failure occurs, the affected vehicles cannot suddenly stop driving but instead should continue their operation with reduced performance until a safe state can be reached or, in the case of temporal failures, full functionality can be guaranteed again. To achieve this degradation, platoon members have to be able to compensate sensor and communication failures and have to adjust their inter-vehicle distances to ensure safety. In this work, we describe a systematic design of degradation cascades for sensor and communication failures in autonomous car platoons using the example of an autonomous model car. We describe our systematic design method, the resulting degradation modes, and formulate contracts for each degradation level. We model and test our resulting degradation controller in Simulink/Stateflow

A Denotational Semantics for Communicating Unstructured Code

An important property of programming language semantics is that they should be compositional. However, unstructured low-level code contains goto-like commands making it hard to define a semantics that is compositional. In this paper, we follow the ideas of Saabas and Uustalu to structure low-level code. This gives us the possibility to define a compositional denotational semantics based on least fixed points to allow for the use of inductive verification methods. We capture the semantics of communication using finite traces similar to the denotations of CSP. In addition, we examine properties of this semantics and give an example that demonstrates reasoning about communication and jumps. With this semantics, we lay the foundations for a proof calculus that captures both, the semantics of unstructured low-level code and communication.Comment: In Proceedings FESCA 2015, arXiv:1503.0437

Towards an Automated Design of Application-specific Reconfigurable Logic

Reconfigurable logic is known to have the potential to provide better solutions than direct ASIC implementations or processors in some situations. A necessary prerequisite for area advantages compared to ASICs or a better energy efficiency than processors is an application specific design of the reconfigurable unit. Adapting it to the specific requirements of an application helps to compensate for the area and speed penalty introduced by reconfigurability. The data paths of reconfigurable units are best suited for data flow oriented tasks, but for many applications, both control flow and data flow must be handled, so a integration of the reconfigurable unit into a processor environment is an appropriate choice. By analysing the existing design flow and integration possibilities for reconfigurable units, a basis for discussing possible automation schemes and a standardised interface is defined. Possible future research could investigate an automated design support for the building blocks of reconfigurable units and the definition of a standard processor interface for some classes of reconfigurable units

Machine-Checkable Timed CSP

The correctness of safety-critical embedded software is crucial, whereas non-functional properties like deadlock-freedom and real-time constraints are particularly important. The real-time calculus Timed Communicating Sequential Processes (CSP) is capable of expressing such properties and can therefore be used to verify embedded software. In this paper, we present our formalization of Timed CSP in the Isabelle/HOL theorem prover, which we have formulated as an operational coalgebraic semantics together with bisimulation equivalences and coalgebraic invariants. Furthermore, we apply these techniques in an abstract specification with real-time constraints, which is the basis for current work in which we verify the components of a simple real-time operating system deployed on a satellite

An introduction to (Co)algebras and (Co)induction and their application to the semantics of programming languages

This report summarizes operational approaches to the formal semantics of programming languages and shows that they can be interpreted inductively by least fixed points as well as coinductively by greatest fixed points. While the inductive interpretation gives semantics to all terminating programs, the coinductive one defines moreover also a semantics for all non-terminating programs. This is especially important in areas where programs do not terminate in general, e.g. data bases, operating systems, or control software in embedded systems. The semantic foundations described in this report can be used to verify that transformations (e.g. in compilers) of such software systems are correct. In the course of this report, coalgebras and coinduction are introduced, starting with a gentle intuitive motivation and ending with a detailed mathematical description within the notions of category theory

Out of the Shadows: What Legal Research Instruction Reveals about Incorporating Skills throughout the Curriculum

The article first examines the politics of curricular reform. Before a law school will be able to increase or improve any skills instruction, the targeted skill must be important to enough to affect the curriculum. For example, sometimes law schools send inconsistent messages about the importance of legal research instruction. While external voices such as ABA accreditation standards and surveys of the practicing bar have long-recognized importance of the skills of legal research, evidence of the importance of the skill in the law school curriculum is mixed. If asked, most faculty members will agree that a given skill, such as legal research, is important. However, for that skill to be integrated into the curriculum in a way that will substantially affect graduate competencies, the skill must be important enough in the hierarchy of the faculty and curriculum to justify the costs of curricular change

Three Views of the Academy: Legal Education and the Legal Profession in Transition

Reviewing James E. Milterno, The American Legal Profession in Crisis: Resistance and Responses to Change (Oxford University Press 2013); Deborah L. Rhode, Lawyers as Leaders (Oxford University Press 2013), and Robin L. West, Teaching Law: Justice, Politics, and the Demands of Professionalism (Cambridge University Press 2013)