Certifying derivation of state machines from coroutines

One of the biggest implementation challenges in security-critical network protocols is nested state machines. In practice today, state machines are either implemented manually at a low level, risking bugs easily missed in audits; or are written using higher-level abstractions like threads, depending on runtime systems that may sacrifice performance or compatibility with the ABIs of important platforms (e.g., resource-constrained IoT systems). We present a compiler-based technique allowing the best of both worlds, coding protocols in a natural high-level form, using freer monads to represent nested coroutines , which are then compiled automatically to lower-level code with explicit state. In fact, our compiler is implemented as a tactic in the Coq proof assistant, structuring compilation as search for an equivalence proof for source and target programs. As such, it is straightforwardly (and soundly) extensible with new hints, for instance regarding new data structures that may be used for efficient lookup of coroutines. As a case study, we implemented a core of TLS sufficient for use with popular Web browsers, and our experiments show that the extracted Haskell code achieves reasonable performance.

Download Full-text

High-level synthesis of dynamic data structures: A case study using Vivado HLS

2013 International Conference on Field-Programmable Technology (FPT) ◽

10.1109/fpt.2013.6718388 ◽

2013 ◽

Cited By ~ 62

Author(s):

Felix Winterstein ◽

Samuel Bayliss ◽

George A. Constantinides

Keyword(s):

Data Structures ◽

High Level Synthesis ◽

Dynamic Data Structures ◽

Dynamic Data ◽

High Level ◽

Vivado Hls

Download Full-text

Verification of MILS Partition Scheduling Module Using Layered Methods

International Journal of Future Computer and Communication ◽

10.18178/ijfcc.2021.10.4.578 ◽

2021 ◽

pp. 45-52

Author(s):

Yang Gao ◽

◽

Xia Yang ◽

Wensheng Guo ◽

Xiutai Lu

Keyword(s):

Operating Systems ◽

Data Structures ◽

Data Representation ◽

Separation Logic ◽

Proof Assistant ◽

The Coq Proof Assistant ◽

Function Calls ◽

Coq Proof Assistant ◽

Data Structures And Algorithms ◽

Secure Strategies

MILS partition scheduling module ensures isolation of data between different domains completely by enforcing secure strategies. Although small in size, it involves complicated data structures and algorithms that make monolithic verification of the scheduling module difficult using traditional verification logic (e.g., separation logic). In this paper, we simplify the verification task by dividing data representation and data operation into different layers and then to link them together by composing a series of abstraction layers. The layered method also supports function calls from higher implementation layers into lower abstraction layers, allowing us to ignore implementation details in the lower implementation layers. Using this methodology, we have verified a realistic MILS partition scheduling module that can schedule operating systems (Ubuntu 14.04, VxWorks 6.8 and RTEMS 11.0) located in different domains. The entire verification has been mechanized in the Coq Proof Assistant.

Download Full-text

Verification of Concurrent Programs Using the Coq Proof Assistant: A Case Study

IPSJ Digital Courier ◽

10.2197/ipsjdc.1.117 ◽

2005 ◽

Vol 1 ◽

pp. 117-127 ◽

Cited By ~ 2

Author(s):

Reynald Affeldt ◽

Naoki Kobayashi ◽

Akinori Yonezawa

Keyword(s):

Concurrent Programs ◽

Proof Assistant ◽

The Coq Proof Assistant ◽

Coq Proof Assistant

Download Full-text

Calculating correct compilers

Journal of Functional Programming ◽

10.1017/s0956796815000180 ◽

2015 ◽

Vol 25 ◽

Cited By ~ 8

Author(s):

PATRICK BAHR ◽

GRAHAM HUTTON

Keyword(s):

Proof Assistant ◽

General Technique ◽

New Approach ◽

Equational Reasoning ◽

Systematic Calculation ◽

The Coq Proof Assistant ◽

Wide Range ◽

Calculation Process ◽

Coq Proof Assistant ◽

High Level

AbstractIn this article, we present a new approach to the problem of calculating compilers. In particular, we develop a simple but general technique that allows us to derive correct compilers from high-level semantics by systematic calculation, with all details of the implementation of the compilers falling naturally out of the calculation process. Our approach is based upon the use of standard equational reasoning techniques, and has been applied to calculate compilers for a wide range of language features and their combination, including arithmetic expressions, exceptions, state, various forms of lambda calculi, bounded and unbounded loops, non-determinism and interrupts. All the calculations in the article have been formalised using the Coq proof assistant, which serves as a convenient interactive tool for developing and verifying the calculations.

Download Full-text

Work Life Balance Of Female Crew In The Aviation Industry: A Case Study

GIS Business ◽

10.26643/gis.v14i6.11699 ◽

2019 ◽

Vol 14 (6) ◽

pp. 206-212

Author(s):

Dr. D. Shoba ◽

Dr. G. Suganthi

Keyword(s):

Family Life ◽

Work Life ◽

Work Life Balance ◽

Aviation Industry ◽

Life Balance ◽

International Airport ◽

Work Pressure ◽

Women Employees ◽

High Level

Employees and employers are facing issues in work life balance. It has become a difficult domain now, because the work needs have increased due to an increase in work pressure and complexities in handling the technology. As there are drastic changes in the rules and regulations in the work scenario of the aviation industry, it makes work life balance of employees difficult and set more hurdles. Hence there are many distractions and imbalances in the life of women employees in the aviation industry working across all levels. This work pressure is creating high level of hurdles in maintaining a harmonious job and family life, especially for female aviation employees. Data is collected from 50 female crew members working at Cochin International Airport. The objective of this study is to analyze the work life balance of working females of Cochin International Airport and its influence on their personal and specialized lives. The result of the study shows that the management should frame certain policies which will help employees to have the balance among their personal and expert lives.

Download Full-text

Spatial Analysis of the Drivers, Characteristics, and Effects of Forest Fragmentation

Sustainability ◽

10.3390/su13063246 ◽

2021 ◽

Vol 13 (6) ◽

pp. 3246

Author(s):

Zoe Slattery ◽

Richard Fenner

Keyword(s):

Forest Fragmentation ◽

Forest Fires ◽

Geographical Information ◽

Agricultural Expansion ◽

Forest Patches ◽

Mato Grosso ◽

Remote Imaging ◽

Landscape Characteristics ◽

High Level

Building on the existing literature, this study examines whether specific drivers of forest fragmentation cause particular fragmentation characteristics, and how these characteristics can be linked to their effects on forest-dwelling species. This research uses Landsat remote imaging to examine the changing patterns of forests. It focuses on areas which have undergone a high level of a specific fragmentation driver, in particular either agricultural expansion or commodity-driven deforestation. Seven municipalities in the states of Rondônia and Mato Grosso in Brazil are selected as case study areas, as these states experienced a high level of commodity-driven deforestation and agricultural expansion respectively. Land cover maps of each municipality are created using the Geographical Information System software ArcGIS Spatial Analyst extension. The resulting categorical maps are input into Fragstats fragmentation software to calculate quantifiable fragmentation metrics for each municipality. To determine the effects that these characteristics are likely to cause, this study uses a literature review to determine how species traits affect their responses to forest fragmentation. Results indicate that, in areas that underwent agricultural expansion, the remaining forest patches became more complex in shape with longer edges and lost a large amount of core area. This negatively affects species which are either highly dispersive or specialist to core forest habitat. In areas that underwent commodity-driven deforestation, it was more likely that forest patches would become less aggregated and create disjunct core areas. This negatively affects smaller, sedentary animals which do not naturally travel long distances. This study is significant in that it links individual fragmentation drivers to their landscape characteristics, and in turn uses these to predict effects on species with particular traits. This information will prove useful for forest managers, particularly in the case study municipalities examined in this study, in deciding which species require further protection measures. The methodology could be applied to other drivers of forest fragmentation such as forest fires.

Download Full-text

CSim 2

ACM Transactions on Programming Languages and Systems ◽

10.1145/3436808 ◽

2021 ◽

Vol 43 (1) ◽

pp. 1-46

Author(s):

David Sanan ◽

Yongwang Zhao ◽

Shang-Wei Lin ◽

Liu Yang

Keyword(s):

Programming Languages ◽

Concurrent Systems ◽

Theorem Prover ◽

Compositional Techniques ◽

Machine Code ◽

Top Down ◽

Hol Theorem Prover ◽

High Level ◽

High Degree

To make feasible and scalable the verification of large and complex concurrent systems, it is necessary the use of compositional techniques even at the highest abstraction layers. When focusing on the lowest software abstraction layers, such as the implementation or the machine code, the high level of detail of those layers makes the direct verification of properties very difficult and expensive. It is therefore essential to use techniques allowing to simplify the verification on these layers. One technique to tackle this challenge is top-down verification where by means of simulation properties verified on top layers (representing abstract specifications of a system) are propagated down to the lowest layers (that are an implementation of the top layers). There is no need to say that simulation of concurrent systems implies a greater level of complexity, and having compositional techniques to check simulation between layers is also desirable when seeking for both feasibility and scalability of the refinement verification. In this article, we present CSim 2 a (compositional) rely-guarantee-based framework for the top-down verification of complex concurrent systems in the Isabelle/HOL theorem prover. CSim 2 uses CSimpl, a language with a high degree of expressiveness designed for the specification of concurrent programs. Thanks to its expressibility, CSimpl is able to model many of the features found in real world programming languages like exceptions, assertions, and procedures. CSim 2 provides a framework for the verification of rely-guarantee properties to compositionally reason on CSimpl specifications. Focusing on top-down verification, CSim 2 provides a simulation-based framework for the preservation of CSimpl rely-guarantee properties from specifications to implementations. By using the simulation framework, properties proven on the top layers (abstract specifications) are compositionally propagated down to the lowest layers (source or machine code) in each concurrent component of the system. Finally, we show the usability of CSim 2 by running a case study over two CSimpl specifications of an Arinc-653 communication service. In this case study, we prove a complex property on a specification, and we use CSim 2 to preserve the property on lower abstraction layers.

Download Full-text

High-level financial assessment of colored BIPV façades: Case study in Singapore

2019 IEEE 46th Photovoltaic Specialists Conference (PVSC) ◽

10.1109/pvsc40753.2019.9198989 ◽

2019 ◽

Author(s):

Veronika Shabunko ◽

Thomas Reindl

Keyword(s):

Financial Assessment ◽

High Level

Download Full-text

An Experimental Study on the Sources of Strontium in Mineral Water and General Rules of Its Dissolution—A Case Study of Chengde, Hebei

Water ◽

10.3390/w13050699 ◽

2021 ◽

Vol 13 (5) ◽

pp. 699

Author(s):

Ruifeng Wang ◽

Xiong Wu ◽

Yanliang Zhai ◽

Yuxuan Su ◽

Chenhui Liu

Keyword(s):

Experimental Study ◽

Mineral Water ◽

Surrounding Rock ◽

Mechanism Of Formation ◽

High Quality ◽

General Rules ◽

Leaching Experiment ◽

High Level ◽

Impact Experiments

Chengde City boasts a wealth of high-quality mineral water resources characterized by a high level of strontium (Sr), a low level of sodium, and low alkalinity. In order to study the mechanism of formation of Sr-bearing mineral water in Chengde and to scientifically guide future mineral water exploration, taking three typical mineral water exploration areas in Chengde as examples, this paper studies the sources of Sr in mineral water and the general rules of its dissolution via a laboratory static leaching experiment and impact experiments, and it provides an analysis of the characteristics of typical rock samples. The research results indicate that the content of Sr in surrounding rock and the characteristics of minerals existing in surrounding rock jointly control the dissolution of Sr in water; that CO2 can promote the formation of mineral water containing Sr; and that temperature increases may boost the dissolution of Sr from carbonate minerals but also inhibit the dissolution of Sr from silicate minerals.

Download Full-text

E-learning-Oriented Software Architecture Design and Case Study

International Journal of Emerging Technologies in Learning (iJET) ◽

10.3991/ijet.v10i4.4698 ◽

2015 ◽

Vol 10 (4) ◽

pp. 59

Author(s):

Peng Lu ◽

Xiao Cong ◽

Dongdai Zhou

Keyword(s):

Software Architecture ◽

Building Blocks ◽

Domain Model ◽

Learning System ◽

Application Framework ◽

Component Library ◽

E Learning ◽

The Difference ◽

High Level

Nowadays, E-learning system has been widely applied to practical teaching. It was favored by people for its characterized course arrangement and flexible learning schedule. However, the system does have some problems in the process of application such as the functions of single software are not diversified enough to satisfy the requirements in teaching completely. In order to cater more applications in the teaching process, it is necessary to integrate functions from different systems. But the difference in developing techniques and the inflexibility in design makes it difficult to implement. The major reason of these problems is the lack of fine software architecture. In this article, we build domain model and component model of E-learning system and components integration method on the basis of WebService. And we proposed an abstract framework of E-learning which could express the semantic relationship among components and realize high level reusable on the basis of informationized teaching mode. On this foundation, we form an E-learning oriented layering software architecture contain component library layer, application framework layer and application layer. Moreover, the system contains layer division multiplexing and was not built upon developing language and tools. Under the help of the software architecture, we could build characterized E-learning system flexibly like building blocks through framework selection, component assembling and replacement. In addition, we exemplify how to build concrete E-learning system on the basis of this software architecture.

Download Full-text