Mark-Oliver Stehr

Maude as a Formal Meta-tool

Given the different perspectives from which a complex software system has to be analyzed, the multiplicity of formalisms is unavoidable. This poses two important technical challenges: how to rigorously meet the need to interrelate formalisms, and how to reduce the duplication of effort in tool and specification building across formalisms. These challenges could be answered by adequate formal meta-tools that, when given the specification of a formal inference system, generate an efficient inference engine, and when given a specification of two formalisms and a translation, generate an actual translator between them. Similarly, module composition operations that are logic-independent, but that at present require costly implementation efforts for each formalism, could be provided for logics in general by module algebra generator meta-tools. The foundations of meta-tools of this kind can be based on a metatheory of general logics. Their actual design and implementation can be based on appropriate logical frameworks having efficient implementations. This paper explains how the reflective logical framework of rewriting logic can be used, in conjunction with an efficient reflective implementation such as the Maude language, to design formal meta-tools such as those described above. The feasibility of these ideas and techniques has been demonstrated by a number of substantial experiments in which new formal tools and new translations between formalisms, efficient enough to be used in practice, have been generated.

Policy-Based Cognitive Radios

We present a new language for expressing policies that allow opportunistic spectrum access while not causing interference. CoRaL has expressive constructs for numerical constraints, supports efficient reasoning, and will be verifiable. The language is extensible so that unanticipated policy types can be encoded. We also describe a policy reasoner that reasons about CoRaL policies, and show how this reasoner can be used with various cognitive radios (in this case, an XG radio) to guarantee policy-specified behaviors while allowing spectrum sharing.

CoRaL--Policy Language and Reasoning Techniques for Spectrum Policies

We present the cognitive radio (policy) language (CoRaL), a new language for expressing policies that govern the behavior of cognitive radios that opportunistically share spectrum. A Policy Reasoner validates radio transmissions to ensure that they are compliant with the spectrum policies. The Policy Reasoner also discovers spectrum sharing opportunities by deriving what requirements must be fulfilled for transmissions to be valid, i.e., in compliance with policies. A novel mix of reasoning techniques is required to implement such a reasoner.

Plan in Maude Specifying an Active Network Programming Language

PLAN is a language designed for programming active networks, and can more generally be regarded as a model of mobile computation. PLAN generalizes the paradigm of imperative functional programming in an elegant way that allows for recursive, remote function calls, and it provides a clear mechanism for the interaction between host and mobile code. Techniques for specifying and reasoning about such languages are of growing importance. In this paper we describe our specification of PLAN in the rewriting logic language Maude. We show how techniques for specifying the operational semantics of imperative functional programs (syntax-based semantics) and for formalizing variable binding constructs and mobile environments (CINNI calculus) are used in combination with the natural representation of concurrency and distribution provided by rewriting logic to develop a faithful description of the informal PLAN semantics. We also illustrate the wide-spectrum approach to formal modeling supported by Maude: executing PLAN programs; analyzing PLAN programs using search and model-checking; proving properties of particular PLAN programs; and proving general properties of the PLAN language.

An Application Framework for Loosely Coupled Networked Cyber-Physical Systems

Networked Cyber-Physical Systems (NCPSs) present many challenges since they require a tight combination with the physical world as well as a balance between autonomous operation and coordination among heterogeneous nodes. These fundamental challenges range from how NCPSs are architected, implemented, composed, and programmed to how they can be validated. In this paper, we describe a new paradigm for programming an NCPS that enables users to specify their needs and nodes to contribute capabilities and resources. This new paradigm is based on the partially ordered knowledge-sharing model that makes explicit the abstract structure of a computation in space and time. Based on this model, we propose an application framework that provides a uniform abstraction for a wide range of NCPS applications, especially those concerned with distributed sensing, optimization, and control. The proposed framework provides a generic service to represent, manipulate, and share knowledge across the network under minimal assumptions on connectivity. Our framework is tested on a new distributed version of an evolutionary optimization algorithm that runs on a computing cluster and is also used to solve a dynamic distributed optimization problem in a simulated NCPS that uses mobile robots as controllable data mules.

Toward distributed declarative control of networked cyber-physical systems

Networked Cyber-Physical Systems (NCPS) present many challenges that are not suitably addressed by existing distributed computing paradigms. They must be reactive and maintain an overall situation awareness that emerges from partial distributed knowledge. They must achieve system goals through local, asynchronous actions, using (distributed) control loops through which the environment provides essential feedback. Typical NCPS are open, dynamic, and heterogeneous in many dimensions, and often need to be rapidly instantiated and deployed for a given mission. To address these challenges, we pursue a declarative approach to provide an abstraction from the high complexity of NCPS and avoid error-prone and time-consuming low-level programming. A longer-term goal is to develop a distributed computational and logical foundation that supports a wide spectrum of system operation between autonomy and cooperation to adapt to resource constraints, in particular to limitations of computational, energy, and networking resources. Here, we present first steps toward a logical framework for NCPS that combines distributed reasoning and asynchronous control in space and time. The logical framework is based on partially ordered knowledge sharing, a distributed computing paradigm for loosely coupled systems that does not require continuous network connectivity. We illustrate our approach with a simulation prototype of our logical framework in the context of networked mobile robot teams that operate in an abstract instrumented cyber-physical space with sensors.

A probabilistic formal analysis approach to cross layer optimization in distributed embedded systems

We present a novel approach, based on probabilistic formal methods, to developing cross-layer resource optimization policies for resource limited distributed systems. One objective of this approach is to enable system designers to analyze designs in order to study design tradeoffs and predict the possible property violations as the system evolves dynamically over time. Specifically, an executable formal specification is developed for each layer under consideration (for example, application, middleware, operating system). The formal specification is then analyzed using statistical model checking and statistical quantitative analysis, to determine the impact of various resource management policies for achieving desired end-to-end QoS properties. We describe how existing statistical approaches have been adapted and improved to provide analyses of given cross-layered optimization policies with quantifiable confidence. The ideas are tested in a multi-mode multi-media case study. Experiments from both theoretical analysis and Monte-Carlo simulation followed by statistical analyses demonstrate the applicability of this approach to the design of resource-limited distributed systems.

ICEMAN: A System for Efficient, Robust and Secure Situational Awareness at the Network Edge

Situational awareness applications in disaster response and tactical scenarios require efficient communication without a managed infrastructure. In principle, the performance, size, weight, and power of commercial off-the-shelf mobile phones and tablets are sufficient to support such applications, provided that efficient protocols and mechanisms are put in place for the efficient and secure sharing and storage of content among such devices. ICEMAN (Information CEntric Mobile Ad-hoc Networking) is a system that allows applications to request content objects by their attributes, and integrates its API with utility-based dissemination, caching, and network-coding mechanisms to deliver content. ICEMAN is implemented based on the Haggle architecture running in the Android operating system, and supports distributed situational-awareness applications operating in networks subject to severe disruption. Its functionality is described, and performance results of the ICEMAN implementation running in mobile phones and the CORE/EMANE network emulation are presented for several test scenarios.

Fractionated software for networked cyber-physical systems: research directions and long-term vision

An emerging generation of mission-critical systems employs distributed, dynamically reconfigurable open architectures. These systems may include a variety of devices that sense and affect their environment and the configuration of the system itself. We call such systems Networked Cyber-Physical Systems (NCPS). NCPS can provide complex, situation-aware, and often critical services in applications such as distributed sensing and surveillance, crisis response, self-assembling structures or systems, networked satellite and unmanned vehicle missions, or distributed critical infrastructure monitoring and control. In this paper we lay out research directions centered around a new paradigm for the design of NCPS based on a notion of software fractionation that we are currently exploring which can serve as the basis for a new generation of runtime assurance techniques. The idea of software fractionation is inspired by and complementary to hardware fractionation -- the basis for the fractionated satellites of DARPAs F6 program. Fractionated software has the potential of leading to software that is more robust, leveraging both diversity and redundancy. It raises the level of abstraction at which assurance techniques are applied. We specifically propose research in just-in-time verification and validation techniques, which are agile -- adapting to changing situations and requirements, and efficient -- focusing on properties of immediate concern in the context of locally reachable states, thus largely avoiding the state space explosion problem. We propose an underlying reflective architecture that maintains models of itself, the environment, and the mission that is key for adaptation, verification, and validation.

The HOL/NuPRL Proof Translator

We have developed a proof translator from HOL into a classical extension of NuPRL which is based on two lines of previous work. First, it draws on earlier work by Doug Howe, who developed a translator of theorems from HOL into a classical extension of NuPRL which is justified by a hybrid set-theoretic/computational semantics. Second, we rely on our own previous work, which investigates this mapping from a proof-theoretic viewpoint and gives a constructive meta-logical proof of its soundness. In this paper the logical foundations of the embedding of HOL into this classical extension of NuPRL as well as technical aspects of the proof translator implementation are discussed.