Results 1  10
of
30
SemanticallySmart Disk Systems
, 2003
"... We propose and evaluate the concept of a semanticallysmart disk system (SDS). As opposed to a traditional "smart" disk, an SDS has detailed knowledge of how the file system above is using the disk system, including information about the ondisk data structures of the file system. An SDS e ..."
Abstract

Cited by 100 (13 self)
 Add to MetaCart
(Show Context)
We propose and evaluate the concept of a semanticallysmart disk system (SDS). As opposed to a traditional "smart" disk, an SDS has detailed knowledge of how the file system above is using the disk system, including information about the ondisk data structures of the file system. An SDS exploits this knowledge to transparently improve performance or enhance functionality beneath a standard block read/write interface. To automatically acquire this knowledge, we introduce a tool (EOF) that can discover filesystem structure for certain types of file systems, and then show how an SDS can exploit this knowledge online to understand filesystem behavior. We quantify the space and time overheads that are common in an SDS, showing that they are not excessive. We then study the issues surrounding SDS construction by designing and implementing a number of prototypes as case studies; each case study exploits knowledge of some aspect of the file system to implement powerful functionality beneath the standard SCSI interface. Overall, we find that a surprising amount of functionality can be embedded within an SDS, hinting at a future where disk manufacturers can compete on enhanced functionality and not simply costperbyte and performance.
Quantified Differential Dynamic Logic for Distributed Hybrid Systems
, 2010
"... We address a fundamental mismatch between the combinations of dynamics that occur in complex physical systems and the limited kinds of dynamics supported in analysis. Modern applications combine communication, computation, and control. They may even form dynamic networks, where neither structure nor ..."
Abstract

Cited by 21 (15 self)
 Add to MetaCart
(Show Context)
We address a fundamental mismatch between the combinations of dynamics that occur in complex physical systems and the limited kinds of dynamics supported in analysis. Modern applications combine communication, computation, and control. They may even form dynamic networks, where neither structure nor dimension stay the same while the system follows mixed discrete and continuous dynamics. We provide the logical foundations for closing this analytic gap. We develop a system model for distributed hybrid systems that combines quantified differential equations with quantified assignments and dynamic dimensionalitychanges. We introduce a dynamic logic for verifying distributed hybrid systems and present a proof calculus for it. We prove that this calculus is a sound and complete axiomatization of the behavior of distributed hybrid systems relative to quantified differential equations. In our calculus we have proven collision freedom in distributed car control even when new cars may appear dynamically on the road.
Logics of Dynamical Systems
"... We study the logic of dynamical systems, that is, logics and proof principles for properties of dynamical systems. Dynamical systems are mathematical models describing how the state of a system evolves over time. They are important in modeling and understanding many applications, including embedded ..."
Abstract

Cited by 18 (17 self)
 Add to MetaCart
We study the logic of dynamical systems, that is, logics and proof principles for properties of dynamical systems. Dynamical systems are mathematical models describing how the state of a system evolves over time. They are important in modeling and understanding many applications, including embedded systems and cyberphysical systems. In discrete dynamical systems, the state evolves in discrete steps, one step at a time, as described by a difference equation or discrete state transition relation. In continuous dynamical systems, the state evolves continuously along a function, typically described by a differential equation. Hybrid dynamical systems or hybrid systems combine both discrete and continuous dynamics. Distributed hybrid systems combine distributed systems with hybrid systems, i.e., they are multiagent hybrid systems that interact through remote communication or physical interaction. Stochastic hybrid systems combine stochastic
A Logic of File Systems
 In Proceedings of the 4th USENIX Symposium on File and Storage Technologies (FAST ’05
, 2005
"... Years of innovation in file systems have been highly successful in improving their performance and functionality, but at the cost of complicating their interaction with the disk. A variety of techniques exist to ensure consistency and integrity of file system data, but the precise set of correctness ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
(Show Context)
Years of innovation in file systems have been highly successful in improving their performance and functionality, but at the cost of complicating their interaction with the disk. A variety of techniques exist to ensure consistency and integrity of file system data, but the precise set of correctness guarantees provided by each technique is often unclear, making them hard to compare and reason about. The absence of a formal framework has hampered detailed verification of file system correctness. We present a logical framework for modeling the interaction of a file system with the storage system, and show how to apply the logic to represent and prove correctness properties. We demonstrate that the logic provides three main benefits. First, it enables reasoning about existing file system mechanisms, allowing developers to employ aggressive performance optimizations without fear of compromising correctness. Second, the logic simplifies the introduction and adoption of new file system functionality by facilitating rigorous proof of their correctness. Finally, the logic helps reason about smart storage systems that track semantic information about the file system. A key aspect of the logic is that it enables incremental modeling, significantly reducing the barrier to entry in terms of its actual use by file system designers. In general, we believe that our framework transforms the hitherto esoteric and errorprone “art ” of file system design into a readily understandable and formally verifiable process. 1
I.: RCharon, a Modeling Language for Reconfigurable Hybrid Systems
 In: Hybrid Systems: Computation and Control. Volume 3927 of LNCS
, 2006
"... For more information, please contact ..."
(Show Context)
On modular pluggable analyses using set interfaces
, 2003
"... Abstract. We present a technique that enables the focused application of multiple analyses to different modules in the same program. Our research has two goals: 1) to address the scalability limitations of precise analyses by focusing the analysis on only those parts of the program that are relevant ..."
Abstract

Cited by 10 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We present a technique that enables the focused application of multiple analyses to different modules in the same program. Our research has two goals: 1) to address the scalability limitations of precise analyses by focusing the analysis on only those parts of the program that are relevant to the properties that the analysis is designed to verify, and 2) to enable the application of specialized analyses that verify properties of specific classes of data structures to programs that simultaneously manipulate several different kinds of data structures. In our approach, each module encapsulates a data structure and uses membership in abstract sets to characterize how objects participate in its data structure. Each analysis verifies that the implementation of the module 1) preserves important internal data structure representation invariants and 2) conforms to a specification that uses formulas in a set algebra to characterize the effects of operations on the data structure. The analyses use the common set abstraction to 1) characterize how objects participate in multiple data structures and to 2) enable the interanalysis communication required to verify properties that depend on multiple modules analyzed by different analyses. We characterize the key soundness property that an analysis plugin must satisfy to successfully participate in our system and present several analysis plugins that satisfy this property: a flag plugin that analyzes modules in which abstract set membership is determined by a flag field in each set membership is determined by reachability properties of objects stored in treelike data structures.
Quantified differential invariants
"... We address the verification problem for distributed hybrid systems with nontrivial dynamics. Consider air traffic collision avoidance maneuvers, for example. Verifying dynamic appearance of aircraft during an ongoing collision avoidance maneuver is a longstanding and essentially unsolved problem. Th ..."
Abstract

Cited by 9 (7 self)
 Add to MetaCart
(Show Context)
We address the verification problem for distributed hybrid systems with nontrivial dynamics. Consider air traffic collision avoidance maneuvers, for example. Verifying dynamic appearance of aircraft during an ongoing collision avoidance maneuver is a longstanding and essentially unsolved problem. The resulting systems are not hybrid systems and their state space is not of the form R n. They are distributed hybrid systems with nontrivial continuous and discrete dynamics in distributed state spaces whose dimension and topology changes dynamically over time. We present the first formal verification technique that can handle the complicated nonlinear dynamics of these systems. We introduce quantified differential invariants, which are properties that can be checked for invariance along the dynamics of the distributed hybrid system based on differentiation, quantified substitution, and quantifier elimination in realclosed fields. This gives a computationally attractive technique, because it works without having to solve the infinitedimensional differential equation systems underlying distributed hybrid systems. We formally verify a roundabout maneuver in which aircraft can appear dynamically.
A COMPLETE AXIOMATIZATION OF QUANTIFIED DIFFERENTIAL DYNAMIC LOGIC FOR DISTRIBUTED HYBRID SYSTEMS
"... Abstract. We address a fundamental mismatch between the combinations of dynamics that occur in cyberphysical systems and the limited kinds of dynamics supported in analysis. Modern applications combine communication, computation, and control. They may even form dynamic distributed networks, where n ..."
Abstract

Cited by 7 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We address a fundamental mismatch between the combinations of dynamics that occur in cyberphysical systems and the limited kinds of dynamics supported in analysis. Modern applications combine communication, computation, and control. They may even form dynamic distributed networks, where neither structure nor dimension stay the same while the system follows hybrid dynamics, i.e., mixed discrete and continuous dynamics. We provide the logical foundations for closing this analytic gap. We develop a formal model for distributed hybrid systems. It combines quantified differential equations with quantified assignments and dynamic dimensionalitychanges. We introduce a dynamic logic for verifying distributed hybrid systems and present a proof calculus for this logic. This is the first formal verification approach for distributed hybrid systems. We prove that our calculus is a sound and complete axiomatization of the behavior of distributed hybrid systems relative to quantified differential equations. In our calculus we have proven collision freedom in distributed car control even when an unbounded number of new cars may appear dynamically on the road. 1.
Synthesis of large dynamic concurrent programs from dynamic specifications
 Northeastern University
, 2003
"... We present a tractable method for synthesizing arbitrarily large concurrent programs, for a shared memory model with common hardwareavailable primitives such as atomic registers, compareandswap, loadlinked/store conditional, etc. The programs we synthesize are dynamic: new processes can be creat ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
We present a tractable method for synthesizing arbitrarily large concurrent programs, for a shared memory model with common hardwareavailable primitives such as atomic registers, compareandswap, loadlinked/store conditional, etc. The programs we synthesize are dynamic: new processes can be created and added at runtime, and so our programs are not finitestate, in general. Nevertheless, we successfully exploit automatic synthesis and modelchecking methods based on propositional temporal logic. Our method is algorithmically efficient, with complexity polynomial in the number of component processes (of the program) that are “alive ” at any time. Our method does not explicitly construct the automatatheoretic product of all processes that are alive, thereby avoiding state explosion. Instead, for each pair of processes which interact, our method constructs an automatatheoretic product (pairmachine) which embodies all the possible interactions of these two processes. From each pairmachine, we can synthesize a correct pairprogram which coordinates the two involved processes as needed. We allow such pairprograms to be added dynamically at runtime. They are then “composed conjunctively” with the currently alive pairprograms to resynthesize the program as it results after addition of the new pairprogram. We are thus able to add new behaviors, which result in new properties being satisfied, at runtime. This “incremental composition ” step has complexity independent of the total number of processes, it only requires the mechanical analysis of the two processes in the pairprogram, and their immediate neighbors, i.e., the other processes which they interact directly with. We establish a “large model ” theorem which shows that the synthesized large program inherits correctness properties from the pairprograms. 1