James Ivers

Formal modeling and analysis of the HLA component integration standard

An increasingly important trend in the engineering of complex systems is the design of component integration standards. Such standards define rules of interaction and shared communication infrastructure that permit composition of systems out of independently-developed parts. A problem with these standards is that it is often difficult to understand exactly what they require and provide, and to analyze them in order to understand their deeper properties. In this paper we use our experience in modeling the High Level Architecture (HLA) for Distributed Simulation to show how one can capture the structured protocol inherent in an integration standard as a formal architectural model that can be analyzed to detect anomalies, race conditions, and deadlocks.

The ComFoRT reasoning framework

Model checking is a promising technology for verifying critical behavior of software. However, software model checking is hamstrung by scalability issues and is difficult for software engineers to use directly. The second challenge arises from the gap between model checking concepts and notations, and those used by engineers to develop large-scale systems. ComFoRT [15] addresses both of these challenges. It provides a model checker, Copper, that implements a suite of complementary complexity management techniques to address state space explosion. But ComFoRT is more than a model checker. The ComFoRTreasoning framework includes additional support for building systems in a particular component-based idiom. This addresses transition issues.

Architecture evaluation without an architecture: experience with the smart grid

This paper describes an analysis of some of the challenges facing one portion of the Electrical Smart Grid in the United States - residential Demand Response (DR) systems. The purposes of this paper are twofold: 1) to discover risks to residential DR systems and 2) to illustrate an architecture-based analysis approach to uncovering risks that span a collection of technical and social concerns. The results presented here are specific to residential DR but the approach is general and it could be applied to other systems within the Smart Grid and to other critical infrastructure domains. Our architecture-based analysis is different from most other approaches to analyzing complex systems in that it addresses multiple quality attributes simultaneously (e.g., performance, reliability, security, modifiability, usability, etc.) and it considers the architecture of a complex system from a socio-technical perspective where the actions of the people in the system are as important, from an analysis perspective, as the physical and computational elements of the system. This analysis can be done early in a systems lifetime, before substantial resources have been committed to its construction or procurement, and so it provides extremely cost-effective risk analysis.

Automated distributed system testing: designing an RTI verification system

A project is currently underway which involves testing a distributed system-the Run Time Infrastructure (RTI) component of the High Level Architecture (HLA). As part of this effort, a test suite has been designed and implemented to provide a coordinated and automated approach to testing this distributed system. This suite includes the creation and application of a Script Definition Language (SDL) to specify test sequences, and a test executive to control execution of the tests, coordinate the test environment, and record test results. This paper describes the design and implementation of this test environment.

Model-driven development with predictable quality

The PACC Starter Kit is an eclipse-based development environment that combines a model-driven development approach with reasoning frameworks that apply performance, safety, and security analyses. These analyses predict runtime behavior based on specifications of component behavior and are accompanied by some measure of confidence.

Encapsulating Quality Attribute Knowledge

This paper presents a technique developed at the Software Engineering Institute (SEI) for encapsulating quality attribute knowledge for use in the design and validation of software architectures. A reasoning framework, our encapsulation mechanism, can be used by nonexperts to analyze a specific quality (e.g., performance, modifiability, availability) of a system.

Model-driven construction of certified binaries

Proof-Carrying Code (PCC) and Certifying Model Checking (CMC) are established paradigms for certifying the run-time behavior of programs. While PCC allows us to certify low-level binary code against relatively simple (e.g., memory-safety) policies, CMC enables the certification of a richer class of temporal logic policies, but is typically restricted to high-level (e.g., source) descriptions. In this paper, we present an automated approach to generate certified software component binaries from UML Statechart specifications. The proof certificates are constructed using information that is generated via CMC at the specification level and transformed, along with the component, to the binary level. Our technique combines the strengths of PCC and CMC, and demonstrates that formal certification technology is compatible with, and can indeed exploit, model-driven approaches to software development. We describe an implementation of our approach that targets the Pin component technology, and present experimental results on a collection of benchmarks.

PACC starter kit: developing software with predictable behavior

The PACC Starter Kit is an Eclipse-based development environment that combines a model-driven development approach with reasoning frameworks that apply performance, safety, and security analyses. These analyses predict runtime behavior based on specifications of component behavior and are accompanied by some measure of confidence.

Software model checking without source code

We present a framework, called air, for verifying safety properties of assembly language programs via software model checking. air extends the applicability of predicate abstraction and counterexample guided abstraction refinement to the automated verification of low-level software. By working at the assembly level, air allows verification of programs for which source code is unavailable—such as legacy and COTS software—and programs that use features—such as pointers, structures, and object-orientation—that are problematic for source-level software verification tools. In addition, air makes no assumptions about the underlying compiler technology. We have implemented a prototype of air and present encouraging results on several non-trivial examples.

Automated distributed system testing: application of an RTI verification system

A new distributed test system is used to verify the Runtime Infrastructure (RTI) component of the High Level Architecture (HLA). As part of this effort, a test suite has been designed and implemented to provide a coordinated and automated approach to testing this distributed system. This paper describes the application of this test environment and its utility in verifying an HLA RTI.