The SSP: an example of high-assurance systems engineering

The SSP is a high assurance systems engineering effort spanning both hardware and software. Extensive design review, first principle design, n-version programming, program transformation, verification, and consistency checking are the techniques used to provide assurance in the correctness of the resulting system.

[1]  James Moore,et al.  Proving Theorems about Java and the JVM with ACL2 , 2002 .

[2]  Claude Kirchner,et al.  An overview of ELAN , 1998, WRLA.

[3]  Terence J. Harmer,et al.  The TAMPR Program Transformation System: Simplifying the Development of Numerical Software , 1997, SciTools.

[4]  Algirdas Avizienis,et al.  The N-Version Approach to Fault-Tolerant Software , 1985, IEEE Transactions on Software Engineering.

[5]  Harvey Siy,et al.  The Role of Aspects in Domain Engineering , 2005 .

[6]  James A. McCoy An embedded system for safe, secure and reliable execution of high consequence software , 2000, Proceedings. Fifth IEEE International Symposium on High Assurance Systems Engineering (HASE 2000).

[7]  James M. Boyle,et al.  Proving refinement transformations for deriving high-assurance software , 1996, Proceedings. IEEE High-Assurance Systems Engineering Workshop (Cat. No.96TB100076).

[8]  Eelco Visser,et al.  Language Independent Traversals for Program Transformation , 2000 .

[9]  A. Mametjanov,et al.  Comprehension of Generative Techniques ∗ , 2006 .

[10]  Victor L. Winter,et al.  Risk Assessment and Integrity in System Design , 1998, ICECCS.

[11]  Robert S. Boyer,et al.  Mechanized formal reasoning about programs and computing machines , 1997 .

[12]  Nils J. Nilsson,et al.  Artificial Intelligence , 1974, IFIP Congress.

[13]  Victor L. Winter An overview of HATS: a language independent high assurance transformation system , 1999, Proceedings 1999 IEEE Symposium on Application-Specific Systems and Software Engineering and Technology. ASSET'99 (Cat. No.PR00122).

[14]  Farokh B. Bastani,et al.  Design for Independent Composition and Evaluation of High-Confidence Embedded Software Systems , 2001 .

[15]  Eelco Visser Scoped Dynamic Rewrite Rules , 2001, Electron. Notes Theor. Comput. Sci..

[16]  Victor L. Winter,et al.  Bay area rapid transit district advance automated train control system case study description , 2001 .

[17]  Deepak Kapur,et al.  On the construction of a domain language for a class of reactive systems , 1999 .

[18]  James M. Boyle,et al.  Do You Trust Your Compiler? , 1999, Computer.

[19]  Ralf Lämmel,et al.  Typed generic traversal with term rewriting strategies , 2002, J. Log. Algebraic Methods Program..

[20]  J. Strother Moore Piton: A Mechanically Verified Assembly-Level Language , 1996 .

[21]  Steve Roach,et al.  A transformational overview of the core functionality of an abstract class loader for the SSP , 2005, 10th IEEE International Workshop on Object-Oriented Real-Time Dependable Systems.

[22]  Steve Roach,et al.  An Abstract Class Loader for the SSP and its Implementation in TL , 2004 .

[23]  Bojan Cukic,et al.  Virtual environment modeling for requirements validation of high consequence systems , 2001, Proceedings Fifth IEEE International Symposium on Requirements Engineering.

[24]  Steve Roach,et al.  A transformational perspective into the core of an abstract class loader for the SSP , 2006, TECS.

[25]  Farokh B. Bastani,et al.  Dependability of Relational Safety-Critical Programs , 1999 .

[26]  Victor L. Winter,et al.  Using virtual reality to validate system models , 1999 .

[27]  J. Strother Moore,et al.  A Mechanically Checked Proof of the AMD5K86TM Floating Point Division Program , 1998, IEEE Trans. Computers.

[28]  Deepak Kapur,et al.  Designing a Controller for a Multi-Train Multi-Track System , 2001, Electron. Notes Theor. Comput. Sci..

[29]  Victor L. Winter Program Transformation in HATS , 1999 .

[30]  Frank Yellin,et al.  The Java Virtual Machine Specification , 1996 .

[31]  Robert S. Boyer,et al.  Automated proofs of object code for a widely used microprocessor , 1996, JACM.

[32]  Victor L. Winter Visualization and animation as a technique to assist in the construction of high assurance software , 1996 .

[33]  Carl Machover,et al.  Virtual reality , 1994, IEEE Computer Graphics and Applications.

[34]  Victor L. Winter,et al.  Program Transformation Using HATS 1.84 , 2005, GTTSE.

[35]  Harvey Siy,et al.  Aspect Traceability through Invertible Weaving , 2006 .

[36]  Eelco Visser,et al.  Strategic Pattern Matching , 1999, RTA.

[37]  Victor L. Winter Strategy application, observability, and the choice combinator. , 2004 .

[38]  Victor L. Winter,et al.  Software with partial functions: Automating correctness proofs via nonstrict explicit domains , 1996 .

[39]  Nancy G. Leveson,et al.  A reply to the criticisms of the Knight & Leveson experiment , 1990, SOEN.

[40]  Victor L. Winter,et al.  Passive Safety in High-Consequence Systems , 1998 .

[41]  Steve Roach,et al.  Transformation-oriented programming: A development methodology for high assurance software , 2003, Adv. Comput..

[42]  J. S. Moore,et al.  Proving Theorems About Java-Like Byte Code , 1999, Correct System Design.

[43]  Fabrice Kordon,et al.  A survey: applying formal methods to a software intensive system , 2001, Proceedings Sixth IEEE International Symposium on High Assurance Systems Engineering. Special Topic: Impact of Networking.

[44]  Mahadevan Subramaniam,et al.  The transient combinator, higher-order strategies, and the distributed data problem , 2004, Sci. Comput. Program..

[45]  Dave E. Eckhardt,et al.  A Theoretical Basis for the Analysis of Multiversion Software Subject to Coincident Errors , 1985, IEEE Transactions on Software Engineering.

[46]  Victor L. Winter,et al.  Use of integrity techniques and risk assessment in system design , 1998, Proceedings. 1998 IEEE Workshop on Application-Specific Software Engineering and Technology. ASSET-98 (Cat. No.98EX183).

[47]  Victor L. Winter A synchronous paradigm for modeling stable reactive systems , 1999, Proceedings 4th IEEE International Symposium on High-Assurance Systems Engineering.

[48]  Steve Roach,et al.  Dependable software through higher-order strategic programming. , 2004 .

[49]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[50]  Victor L. Winter,et al.  Proving the Correctness of Program Transformations , 1997 .

[51]  Victor L. Winter,et al.  Risk-based system refinement , 1998 .

[52]  Paul Eggert,et al.  Toward special-purpose program verification , 1990, Formal Methods in Software Development.

[53]  Victor L. Winter,et al.  Proving refinement transformations using extended denotational semantics , 1996 .

[54]  Paul Klint,et al.  Term rewriting with traversal functions , 2003, TSEM.

[55]  Victor L. Winter Strategy Construction in the Higher-Order Framework of TL , 2005, Electron. Notes Theor. Comput. Sci..

[56]  Fabrice Kordon,et al.  Formal Methods for Embedded Distributed Systems , 2004, Springer US.

[57]  M. James,et al.  The TAMPR Program Transformation System : Design and Applications , 1997 .

[58]  Mahadevan Subramaniam,et al.  Higher-order transformation and the distributed data problem. , 2003 .

[59]  Deepak Kapur,et al.  Towards Dynamic Partitioning of States of a Reactive System : Train Controller Case Study , 2005 .

[60]  Steve Roach,et al.  Higher-order strategic programming: A road to software assurance , 2004, IASTED Conf. on Software Engineering and Applications.

[61]  David Gries,et al.  Specification and Transformation of Programs: A Formal Approach to Software Development , 1990 .

[62]  Victor L. Winter,et al.  A formal model for verification of abstract properties , 1992 .