Dr. Bob Bonneau, Program Manager
To develop the theory and techniques for Survivable Software, a new breed of software for real-world systems in general, and embedded and mission-critical applications in particular. Our vision of survivable software is based on the core principles of dependability, reliability, timeliness and, ultimately, survivability.
Key components of the Survivable Software paradigm include:
- Highly flexible aspect-oriented instrumentation framework, InterAspect, based on GCC plug-in architecture, for specifying and implementing runtime monitors.
- Software Monitoring with Controllable Overhead, which provides cost-effective runtime monitoring with bounded-overhead guarantees (PDF of STTT article).
- Runtime Verification with State Estimation (RVSE), a technique that can estimate the probabality that a runtime property holds, even when the monitor reduces overhead by sampling execution events. RVSE won the best paper award at Runtime Verification 2011 (PDF).
- Adaptive Runtime Verification (ARV), which focuses limited monitoring resources on the most critical system objects (PDF of RV12 paper).
- Hierarchical Simplified Redundancy (HSR), which takes advantage of two primary strategies for achieving system reliability: simplicity and redundancy. In HSR, developers implement one or more simpler versions of each system. In the event of an error in the main implementation, the system can failover to the simpler but potentially more robust version.
- Formalisms for specifying trace properties.
We are investigating concurrency property verification as a showcase for these SSW components. Our Redflag system is designed to monitor running kernel components for concurrency errors. With SMCO and state estimation, we can significantly reduce Redflag's monitoring overhead, making it practical for more environments.
The Survivable Software approach can potentially have a major impact in the domain of safety and mission-critical software. In this setting, it represents the opportunity to equip an embedded application with software that continues to function in the presence of residual defects.
