├── .gitignore ├── CLAs ├── CORPORATE_CONTRIBUTOR_LICENSE_AGREEMENT-v1.pdf └── INDIVIDUAL_CONTRIBUTOR_LICENSE_AGREEMENT-v1.pdf ├── DevGuide ├── ACSL.tex ├── CompileCopilot.tex ├── Core.tex ├── GitDirs.tex ├── Interpreter.tex ├── Kind.tex ├── Language.tex ├── Overview.tex ├── Preprocessing.tex ├── PrettyPrinter.tex ├── SBV.tex ├── bcprules.sty ├── guide.tex ├── images │ ├── graph.ps │ └── label │ │ ├── main.hs │ │ ├── main.ps │ │ ├── splitted.ps │ │ └── splitted2.ps └── mybib.bib ├── EMendelson ├── Compcert_Pipeline.png ├── Copilot_architecture.png ├── EliMendelson_branch_presentation.pdf ├── EliMendelson_branch_presentation.tex ├── FramaC_logo.png ├── Homer_Simpson.jpg └── NASA_logo.png ├── GAJaloyan ├── The manual │ ├── Grammar │ │ ├── BNF-paper.tex │ │ ├── BNF.pdf │ │ ├── BNF.tex │ │ ├── Typing.pdf │ │ ├── Typing.tex │ │ └── bcprules.sty │ ├── The manual.pdf │ ├── The manual.tex │ └── bcprules.sty ├── conference │ ├── README.txt │ ├── _minted-expose │ │ ├── 1c9666455b369c94a2fd2e013fdd6f840363a800.pygtex │ │ ├── 2de70edfc31743d5dff15596cb1d7c4c4a956aef.pygtex │ │ ├── 3209adbec3552456c525fe1b65d2c4bee01b9680.pygtex │ │ ├── 3551e7b51f5fa168b6d95f89622bd5fe1dc6f1c9.pygtex │ │ ├── 3676cd23c36f97ae5e63392fc7b1f5b35837e01e.pygtex │ │ ├── 3ba0a53c5a4af076acdca6c4af8c799f3c7b58dc.pygtex │ │ ├── 3ebefe3cfb723c9a1c1457b6281f828719c1f5c7.pygtex │ │ ├── 4b64a88f6f1817fdadd0d7dde824440c28a32051.pygtex │ │ ├── 5711d0e98778aa2162e161212eaf2f893cc0456a.pygtex │ │ ├── 6a7a963dcc86b124d28578049c0886b6f58e1d72.pygtex │ │ ├── 803ec2fa3319077ac5e864dc93d01f5326da88f4.pygtex │ │ ├── b4d8e4e07d6ca95207b8d626f9a51391c043926d.pygtex │ │ ├── b4e9e0f124beb33e480c80cbe4555410bee5e582.pygtex │ │ ├── d04da801c0e6c66e657bcf7bc0028701cae623a6.pygtex │ │ ├── default.pygstyle │ │ ├── f1a9f38b06a041c1307acbd6d3c29f2aa4dccb8c.pygtex │ │ ├── f4779f40d4f6c8611995d867e0d3aec7de1d737d.pygtex │ │ └── fc4c5d3837e5b63d509dfb59722d59986126d469.pygtex │ ├── bcprules.sty │ ├── cludein.sty │ ├── expose.aux │ ├── expose.log │ ├── expose.nav │ ├── expose.out │ ├── expose.pdf │ ├── expose.snm │ ├── expose.synctex.gz │ ├── expose.tex │ ├── expose.toc │ ├── expose.vrb │ ├── images │ │ ├── ENS-logo.jpg │ │ ├── NASA.png │ │ ├── NIA-logo.jpg │ │ ├── WCV │ │ │ ├── graph.pdf │ │ │ ├── tau.pdf │ │ │ ├── taumod.pdf │ │ │ ├── tcoa.pdf │ │ │ ├── tcpa.pdf │ │ │ ├── tep.pdf │ │ │ ├── theta.pdf │ │ │ └── wcv.pdf │ │ ├── graph.ps │ │ └── label │ │ │ ├── main.hs │ │ │ ├── main.ps │ │ │ ├── splitted.ps │ │ │ └── splitted2.ps │ ├── mathpartir.sty │ └── ref.bib ├── presentation │ ├── README.txt │ ├── _minted-expose │ │ └── default.pygstyle │ ├── bcprules.sty │ ├── cludein.sty │ ├── expose.nav │ ├── expose.snm │ ├── expose.tex │ ├── expose.vrb │ ├── images │ │ ├── ENS-logo.jpg │ │ ├── NASA.png │ │ ├── NIA-logo.jpg │ │ ├── WCV │ │ │ ├── graph.pdf │ │ │ ├── tau.pdf │ │ │ ├── taumod.pdf │ │ │ ├── tcoa.pdf │ │ │ ├── tcpa.pdf │ │ │ ├── tep.pdf │ │ │ ├── theta.pdf │ │ │ └── wcv.pdf │ │ ├── graph.ps │ │ └── label │ │ │ ├── main.hs │ │ │ ├── main.ps │ │ │ ├── splitted.ps │ │ │ └── splitted2.ps │ ├── mathpartir.sty │ └── ref.bib └── sample_report │ ├── README.txt │ ├── bcprules.sty │ ├── cludein.sty │ ├── images │ ├── CAMsep.jpg │ ├── ENS-logo.jpg │ ├── NASA.png │ ├── NIA-logo.jpg │ ├── TCASRA1.jpg │ ├── WCV │ │ ├── graph.pdf │ │ ├── tau.pdf │ │ ├── taumod.pdf │ │ ├── tcoa.pdf │ │ ├── tcpa.pdf │ │ ├── tep.pdf │ │ ├── theta.pdf │ │ └── wcv.pdf │ ├── graph.ps │ └── label │ │ ├── main.hs │ │ ├── main.ps │ │ ├── splitted.ps │ │ └── splitted2.ps │ ├── mathpartir.sty │ ├── rapport.aux │ ├── rapport.bbl │ ├── rapport.blg │ ├── rapport.log │ ├── rapport.out │ ├── rapport.pdf │ ├── rapport.synctex.gz │ ├── rapport.tex │ ├── rapport.toc │ ├── ref.bib │ └── ref.log ├── ICFP2012 ├── .gitignore ├── Makefile ├── paper.bib ├── paper.tex ├── sigplanconf.cls └── talk │ ├── pike-copilot.odp │ └── pike-copilot.pdf ├── ISSE12 ├── Figs │ ├── OOPlane-stack.pdf │ ├── Stack-Schema.jpg │ ├── Stack-Schema.pdf │ ├── Tubes_rs.jpg │ ├── architecture.fig │ ├── architecture.pdf │ ├── architecture_sensors.pdf │ ├── experiment.png │ ├── flight1.png │ ├── flight1_7_22_2011.pdf │ ├── flight1_7_22_2011.png │ ├── flight1_8_5_2011.pdf │ ├── flight1_8_5_2011.png │ ├── flight2.pdf │ ├── flight2_7_22_2011.pdf │ ├── flight2_7_22_2011.png │ ├── flight2_8_5_2011.pdf │ ├── flight2_8_5_2011.png │ ├── flight3.png │ ├── flight3_8_5_2011.pdf │ ├── flight3_8_5_2011.png │ ├── inside_R3.jpg │ └── interconnects.graffle ├── Letter │ └── letter.tex ├── Makefile ├── Reviews ├── biblio.bib ├── conclusion.tex ├── copilot_tutorial.tex ├── flight-tests.tex ├── intro.tex ├── main.tex ├── mavlink.tex ├── mybib.bib ├── overview.tex ├── report-templates │ ├── history.txt │ ├── readme.txt │ ├── spbasic.bst │ ├── spmpsci.bst │ ├── spphys.bst │ ├── svglov3.clo │ ├── svjour3.cls │ ├── template.tex │ ├── usrguid3.dvi │ └── usrguid3.pdf ├── sampling.tex ├── svglov3.clo └── watchmen.tex ├── ISoLA16 ├── FT.tex ├── Related.tex ├── codecorrect.tex ├── conclusion.tex ├── copilot.tex ├── intro.tex ├── llncs.cls ├── noninterference.tex ├── observ.tex ├── opportunities.tex ├── paper.bib ├── paper.tex ├── predictive.tex ├── security.tex ├── spec.tex ├── steer.tex ├── trace.tex └── verispec.tex ├── LPick ├── MTL │ ├── monitor │ │ ├── Makefile │ │ ├── monitor.hs │ │ ├── monitor_test.c │ │ ├── triggers.c │ │ └── triggers.h │ ├── mtlTester │ │ ├── Makefile │ │ ├── mtl_test.hs │ │ └── tester.c │ ├── slides.pdf │ └── slides.tex └── WaypointMonitor │ ├── angleMonitor │ ├── angle_driver.c │ ├── angle_driver_gen.hs │ ├── angle_monitor.hs │ └── lla.txt │ └── fullMonitor │ ├── monitor.hs │ └── triggers.c ├── README.md ├── RSpring ├── documents │ ├── NASA_Branch_Presentation.pptx │ ├── NASA_RTR_Monitor_CoPilot.pdf │ └── NASA_RTR_Monitor_CoPilot.zip └── rtr_copilot │ ├── CMakeLists.txt │ ├── Makefile │ ├── README.md │ ├── haskell_rtr │ ├── Makefile │ └── rtr.hs │ ├── include │ ├── constants.h │ ├── hyper_rect.h │ ├── interval.h │ ├── monitor.h │ ├── rt_face_lift.h │ └── util.h │ ├── inverted_pendulum_rtr_ompl │ ├── Makefile │ ├── animate.py │ ├── include │ │ └── pid_ctrl.h │ ├── inv_pen_sim.py │ ├── inverted_pendulum_model.cpp │ └── pid_ctrl.cpp │ ├── linear_system │ ├── include │ │ ├── linear.h │ │ └── linear_control.h │ ├── linear.c │ └── linear_control.c │ ├── nonlinear_pendulum_autogen │ ├── include │ │ └── nonlinear_pendulum_params.h │ └── nonlinear_pendulum_params.c │ ├── pendulum_autogen │ ├── include │ │ ├── pendulum_params.h │ │ └── pendulum_vector_field.h │ └── pendulum_params.c │ ├── pendulum_results │ ├── pendulum_step0006.png │ ├── pendulum_step0025.png │ └── pendulum_step0075.png │ ├── plotPendulum.py │ ├── plotSolution.py │ ├── plotVectorField.py │ ├── rt_reachability.c │ ├── src │ ├── interval.c │ ├── rt_face_lift.c │ └── util.c │ ├── vanderpol_autogen │ ├── include │ │ ├── vanderpol_params.h │ │ └── vanderpol_vector_field.h │ └── vanderpol_params.c │ ├── vanderpol_results │ ├── vanderpol_step0006.png │ ├── vanderpol_step0025.png │ └── vanderpol_step0075.png │ └── vector_field.c ├── RV2015 ├── Background.tex ├── CaseStudy.tex ├── Makefile ├── OrigStructureDiag.tex ├── Related.tex ├── Structure.tex ├── Structure.tex~ ├── conclusion.tex ├── copilot-intro.tex ├── copilot-intro.tex~ ├── intro.tex ├── intro.tex~ ├── llncs.cls ├── paper.bib ├── paper.tex ├── paper.tex~ └── prover.tex ├── Tutorial ├── Domain.tex ├── Interpret.tex ├── Language.tex ├── MajVoteExample.tex ├── MonProofs.tex ├── RemovedTools.tex ├── Tools.tex ├── bcprules.sty ├── example.tex ├── images │ └── label │ │ ├── main.hs │ │ ├── main.pdf │ │ ├── main.ps │ │ ├── splitted.pdf │ │ ├── splitted.ps │ │ ├── splitted2.pdf │ │ └── splitted2.ps ├── introduction.tex ├── mybib.bib ├── preliminaries.tex └── tutorial.tex ├── announcement-haskell-3.0 ├── cbackend-pres2018 ├── cbackend-pres2018.tex └── toolchain.tex ├── co-kind-report ├── IL.tex ├── biblio.bib ├── conclusion.tex ├── copilot-intro.tex ├── interface.tex ├── introduction.tex ├── main.bbl ├── main.tex ├── mc-kind.tex ├── mybib.bib ├── nia.cls ├── overview.tex ├── paper.bib ├── sexpr.tex └── transition.tex ├── core-language.md └── questions.md /CLAs/CORPORATE_CONTRIBUTOR_LICENSE_AGREEMENT-v1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/CLAs/CORPORATE_CONTRIBUTOR_LICENSE_AGREEMENT-v1.pdf -------------------------------------------------------------------------------- /CLAs/INDIVIDUAL_CONTRIBUTOR_LICENSE_AGREEMENT-v1.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/CLAs/INDIVIDUAL_CONTRIBUTOR_LICENSE_AGREEMENT-v1.pdf -------------------------------------------------------------------------------- /DevGuide/Core.tex: -------------------------------------------------------------------------------- 1 | \section{Copilot Core}~\label{sec:core} 2 | 3 | \todo{Discuss the implemenation of Copilot Core} 4 | 5 | \todo{Discuss the issues surroudning GADT} 6 | 7 | 8 | There are a few key issues when implementing structs: 9 | \begin{itemize} 10 | \item 11 | While structs are \emph{type-less}, there is currently no easy way to use records in Copilot. Therefore, a type of \texttt{Bool} is attached to structs in Copilot. 12 | \item 13 | Fields are currently passed through Core as Externs using tags that prepend the name of the struct. 14 | \item 15 | Using a struct in a Copilot specification is not syntactically pleasant and done in a roundabout manner. 16 | \item 17 | It is still difficult to nest structs in Haskell. 18 | \end{itemize} 19 | To improve structs in Copilot, they need to be mapped more appropriately in Core, beginning with switching their implementation to that of either a record or a tuple. 20 | 21 | \begin{itemize} 22 | \item \texttt{Core.hs} : The main file. Is used for exporting prototypes only. 23 | \end{itemize} 24 | 25 | Folder : Core 26 | \begin{itemize} 27 | \item \texttt{Error.hs} : The file for crashing everything with the functions \texttt{badUsage} and \texttt{impossible}. Use those functions with parsimony (especially impossible, because it will ask the user to send a mail to Lee). 28 | \item \texttt{Expr.hs} : The place where the Expressions of the Core AST is defined. 29 | \item \texttt{External.hs} : The file where External variables, functions, arrays, structs, and struct fields are gathered from the specification (for use by the back end). 30 | \item \texttt{Interpret.hs} : 31 | \item \texttt{Locals.hs} : 32 | \item \texttt{MakeTags.hs} : The file in which you MakeTags. A tag is a unique identifier (a tag), which is added to some nodes of the AST so that it is possible to distinguish them in a map (external variables call, etc ...). 33 | \item \texttt{Operators.hs} : The place where all the operators of the Core AST are defined. 34 | \item \texttt{PrettyDot.hs} : The dot pretty printer. Cf the section \ref{sec:pretty} 35 | \item \texttt{PrettyPrint.hs} : The text pretty printer. Cf the section \ref{sec:pretty} 36 | \item \texttt{Random.hs} : 37 | \item \texttt{Spec.hs} : The place where the Core AST is defined. This AST is not the same as the Reified AST from the Language module (confusion may occur). 38 | \item \texttt{StructMarshal.hs} : DEPRECATED - Eli 39 | \item \texttt{Type.hs} : The place defining typing for Core, but not for the back end. 40 | \end{itemize} 41 | 42 | Subfolder : Type 43 | \begin{itemize} 44 | \item \texttt{Dynamic.hs} : 45 | \item \texttt{Eq.hs} : 46 | \item \texttt{Equality.hs} : The file where different instances of Core types can be compared. 47 | \item \texttt{Read.hs} : 48 | \item \texttt{Show.hs} : 49 | \item \texttt{Uninitialized.hs} : 50 | \end{itemize} 51 | 52 | 53 | Subfolder : Random 54 | \begin{itemize} 55 | \item \texttt{Gen.hs} : 56 | \item \texttt{Weight.hs} : 57 | \end{itemize} 58 | 59 | 60 | Subfolder : Interpret 61 | \begin{itemize} 62 | \item \texttt{Eval.hs} : 63 | \item \texttt{Render.hs} : 64 | \end{itemize} -------------------------------------------------------------------------------- /DevGuide/GitDirs.tex: -------------------------------------------------------------------------------- 1 | \section{Git Directory Structure}~\label{sec:Git} 2 | Copilot is an open source development effort with a github repository at 3 | https://github.com/Copilot-Language 4 | 5 | \begin{enumerate} 6 | \item Copilot: https://github.com/Copilot-Language/Copilot This is the basic directory. Many branches but only two really active. Master and Struct. This repository contains all unit tests, basic documentation, and so on. Those two branches should be merged into master soon. 7 | %\item atom\_for\_copilot : https://github.com/Copilot-Language/atom\_for\_copilot The modified package ATOM for generating ACSL contracts with Copilot. Some headers modified so NOT BACKWARD COMPATIBLE. One branch, probably deprecated. 8 | \item sbv-for-copilot: https://github.com/Copilot-Language/sbv-for-copilot This used to be a modified package for SBV. Deprecated, DO NOT USE. All the changes have been merged into the official SBV version 5.0. 9 | \item examplesForACSL: https://github.com/Copilot-Language/examplesForACSL Some examples and projects in it to test. Makefiles provided. One branch : master. When using it, do not forget at each example to initialize the sandbox by cabal sandbox init --sandbox ../../Copilot/.cabal-sandbox/ 10 | \subitem Becareful! Some examples are not fitted to be used with frama-c, or other tools (splint). Always check before running it, or you comnputer can crash by swapping. 11 | \item copilot-cbmc: https://github.com/Copilot-Language/copilot-cbmc insert description here TODO. One branch : master 12 | \item copilot-c99: https://github.com/Copilot-Language/copilot-c99 : atom backend for SBV. We no longer target the Atom backend for new development so new features such as ACSL contracts, monitoring structs, etc. will only work work with SBV. We may consider fully depreciating Atom support at some point. 13 | \item copilot-discussion: https://github.com/Copilot-Language/copilot-discussion Here is where papers, tutorials, and working documents are kept. 14 | \item copilot-librairies: https://github.com/Copilot-Language/copilot-libraries If you do not want to reinvent the wheel. 15 | 16 | \end{enumerate} 17 | 18 | -------------------------------------------------------------------------------- /DevGuide/Interpreter.tex: -------------------------------------------------------------------------------- 1 | \section{Interpreter}~\label{sec:interp} 2 | 3 | \todo{Give Overview of Copilot Interpreter} 4 | 5 | 6 | -------------------------------------------------------------------------------- /DevGuide/Kind.tex: -------------------------------------------------------------------------------- 1 | \section{Model Checking Copilot}~\label{sec:kind} 2 | 3 | \todo{Give overview of the Model Checking implemenation} 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /DevGuide/Language.tex: -------------------------------------------------------------------------------- 1 | \section{Copilot Language}~\label{sec:language} 2 | 3 | \todo{Discuss Copilot Language implementation } 4 | 5 | 6 | -------------------------------------------------------------------------------- /DevGuide/Overview.tex: -------------------------------------------------------------------------------- 1 | \section{Overview}~\label{sec:overview} 2 | 3 | 4 | \todo{Give overview of the toolchain} 5 | 6 | \todo{Update Diagram} 7 | 8 | The Figure~\ref{fig:Copilot backend} shows a global view of the different tools used in Copilot. 9 | \begin{figure}[ht!] 10 | \centering 11 | \begin{tikzpicture}[->, node distance=3cm, auto, shorten >=1pt, bend angle=45, 12 | thick] 13 | \tikzstyle{every state}=[rectangle, rounded corners] 14 | 15 | 16 | \node[state] (Int) {Interpreter}; 17 | \node[state] (Lang) [above right of=Int] 18 | { 19 | \begin{tabular}[b]{l} 20 | Copilot Libraries\\ \hline Copilot Language 21 | \end{tabular}}; 22 | \node[state] (Core) [below right of=Lang] {Copilot Core}; 23 | \node[state] (PP) [right of=Core] {Pretty Printer}; 24 | 25 | 26 | \node[state] (Atom) [below left of=Core] {Atom Back-End}; 27 | \node[state] (SBV) [below right of=Core] {SBV Back-End}; 28 | \node[state] (C99A) [below of=Atom] {C99}; 29 | \node[state] (C99S) [below of=SBV] {C99}; 30 | 31 | 32 | \tikzstyle{every node}=[] 33 | 34 | 35 | \path %% (Libs) edge node {0,1,L} (Lang); 36 | %% edge node {1,1,R} (C) 37 | (Lang) edge [bend left, anchor=west, text width=2.5cm] node {Reification and DSL-specific type-checking} (Core) 38 | %% edge node {0,1,L} (C) 39 | (Core) edge node {Translation} (Atom) 40 | edge node {} (SBV) 41 | edge node {} (PP) 42 | edge node [swap] {Evaluation} (Int) 43 | (Int) edge [<->, bend right] node {QuickCheck} (Atom) 44 | (Atom) edge node {Compilation} (C99A) 45 | (SBV) edge node {Compilation} (C99S) 46 | (C99A) edge [<->] node {Model checking} (C99S); 47 | %% edge [bend left] node {Translation} (SBV) 48 | %% (Atom) edge [loop below] node {1,1,R} (D) 49 | %% edge node {0,1,R} (Libs) 50 | %% (SBV) edge [bend left] node {1,0,R} (); 51 | \end{tikzpicture} 52 | \caption{The Copilot toolchain\cite{Copilot03}} 53 | \label{fig:Copilot backend} 54 | \end{figure} 55 | 56 | -------------------------------------------------------------------------------- /DevGuide/Preprocessing.tex: -------------------------------------------------------------------------------- 1 | \section{Preprocessing}~\label{sec:preprocessing} 2 | 3 | In order to allow us writing constants in capital letters (like PI, DEG, RAD). We decided to use preprocessing that will just expand the values into their real ones (PI into 3.14159265358979323846264338327950). The best language to use for that is m4, given that it is a very powerful preprocessor (Turing complete), in which it is possible to write further features (using an other preprocessor like the C's one would limit a lot the further developments in this field). The detailed manual can be found here : http://www.gnu.org/software/m4/manual/m4.html 4 | A shorter manual is available here : http://mbreen.com/m4.html 5 | 6 | 7 | A basic utilization example can also be found in the WCV stuff https://github.com/Copilot-Language/examplesForACSL/blob/master/WCV/main.hs : 8 | 9 | \begin{figure}[!htb] 10 | \begin{lstlisting} 11 | divert(-1) 12 | changequote({,}) 13 | define({LQ},{changequote(`,'){dnl} 14 | changequote({,})}) 15 | define({RQ},{changequote(`,')dnl{ 16 | }changequote({,})}) 17 | changecom({--}) 18 | 19 | 20 | --some basic stuff : everything in SI 21 | define({PI}, {(label "?pi" $ 3.14159265358979323846264338327950)}) 22 | define({E}, {(label "?e" $ 2.718281828459045235360287471352)}) 23 | define({REARTH}, {6371000}) --in meters 24 | 25 | define({RAD},{1}) 26 | define({DEG}, {(label "?deg" $ PI/180)}) 27 | define({NM}, {(label "?nm" $ 1852)}) 28 | define({FT},{0.3048}) 29 | 30 | define({SEC},{1}) 31 | define({MIN},{60}) 32 | define({HOUR},{3600}) 33 | 34 | define({KTS},{(label "?kts" $ NM/HOUR)}) 35 | define({FPM},{(label "?fpm" $ FT/MIN)}) 36 | 37 | 38 | 39 | define({ZTHR}, {(475*FT)}) -- altitude threshold 40 | define({DTHR}, {(1*NM)}) -- horizontal distance threshold 41 | define({TTHR}, {(30.0*SEC)}) -- time threshold 42 | define({TCOA}, {(30.0*SEC)}) -- vertical time threshold 43 | 44 | 45 | divert(0)dnl 46 | \end{lstlisting} 47 | \end{figure} 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /DevGuide/PrettyPrinter.tex: -------------------------------------------------------------------------------- 1 | \section{Pretty Printer}~\label{sec:pretty} 2 | 3 | \todo{Discuss Pretty printer Implementation} 4 | 5 | There are several prettyPrinter. 6 | \begin{itemize} 7 | \item One in copilot-sbv that prettyprints and expression to an ACSL contract 8 | \item One in copilore-core that prettyprints an expression to an Dot graph. This prettyPrinter has two entry points : prettyPrintDot, which prints the whole spec, and prettyExprDot which has a boolean value as a parameter which tells if the prettyPrinter has to go through the external functions (print parameters recursively, ..., True for yes, False for no). When generating the dot source for each C source file, we do not go through the external functions, because SBV does not do so. But if you want a more global view, you should go through. In this case, it is better to use the prettyPrintDot function, which sets this parameter as True directly. 9 | \item One in core that prettyprints (and hence it is a text version of the Dot one). 10 | \end{itemize} 11 | 12 | 13 | The prettyPrinting technology, specially developed for Copilot by Interns, Supervisors and Associates Inc.$\circledR$, consists in an induction on the syntax of the language, or by induction on the AST. If the node of the AST is an addition, it prints "+", if it is a multiplication, it prints "*", and the same for all kind of nodes. This unique technology allows us to prettyPrint efficiently an expression originally in the form of (sin a + cos b * ln 3) into (sin a + cos b * ln 3). 14 | 15 | A more evolved version of it, adds a unique tag to all nodes, in order to print a dot graph of it. This could have been written using a monad, but why using monads, when gore ways exist for doing this (cf prettyDot, which is not so pretty). Actually, we take one parameter, which is an integer (the current tag) and an other integer parameter, which is the parent node to which we should create an edge. Whenever we create a new node, make an edge to the father, and we increment the tag. Now the new node is a father for all of its sons. Colors for each node are added, according to the type of the node (unary, binary operation, label, function call, ...), and those colors were chosen randomly by a Drunken Sailor. -------------------------------------------------------------------------------- /DevGuide/SBV.tex: -------------------------------------------------------------------------------- 1 | \section{SBV Backend}~\label{sec:sbv} 2 | 3 | \todo{Give an overview of SBV backend} 4 | 5 | The SBV backend has a lot of files, some of which are useful, other are useless (and if you have time you should factor all the useless code), and others are AST transformers which are located here because we do not know how to put them elsewhere. 6 | 7 | \subsection{AST transformmers} 8 | 9 | \begin{itemize} 10 | \item \texttt{Transform.hs}: The one that transforms all math functions to external functions. 11 | \item \texttt{ACSLproof.hs}: The one that does the same thing, but for ACSL (splitting abs functions for example using magic labels). (This is a useless code as defined in Section~\ref{sec:sbv}) 12 | \item \texttt{ACSLexpr.hs}: The one that makes you think that it's a AST transformer, but it is actually a pretty printer (for \texttt{ACSLexpr.hs}). 13 | \item \texttt{Copilot2SBV.hs}: The one that is technically one, but is not an official one because it transforms the AST too much to be a transformer (\texttt{Copilot2SBV.hs} which transforms a reified AST from the Core to an SBV AST for an expression). We will call this one a translator. 14 | \end{itemize} 15 | 16 | \subsection{Other useful functions} 17 | 18 | \begin{itemize} 19 | \item \texttt{Code.hs}: As said previously, Copilot2SBV only transforms the expressions, the rest of the AST is transformed by Code.hs 20 | \item \texttt{Common.hs}: Some (almost) useful functions to prepend "ext\_" to strings, or append a number to a string. 21 | \item \texttt{Driver.hs}:This create a file called driver.c that contains all the function calls to the ones that you created using the code.hs file. 22 | \item \texttt{Makefile.hs}: The most important file, without this one, you would not be able to make the C code generated, or even use splint on it ! 23 | \item \texttt{Metatable.hs}: the metatable, what else ? (TODO, insert a real description for this one) 24 | \item \texttt{Params.hs}: its description is a empty as the file. 25 | \item \texttt{Queue.hs}: I don't know 26 | \item \texttt{Witness.hs}: A collection of hacks to make everything work with SBV (because our Floats are Core floats, and SBV is using SBV Floats, so you have to convert everything from to the other). Do not open this file unless you are obliged to. 27 | \end{itemize} 28 | 29 | Everything is centralized in a file named \texttt{SBV.hs} whose only function is to call functions from the other files, in the right order, so that it produces you a non aberrant output. -------------------------------------------------------------------------------- /DevGuide/images/label/main.hs: -------------------------------------------------------------------------------- 1 | divert(-1) 2 | changequote({,}) 3 | define({LQ},{changequote(`,'){dnl} 4 | changequote({,})}) 5 | define({RQ},{changequote(`,')dnl{ 6 | }changequote({,})}) 7 | changecom({--}) 8 | 9 | 10 | divert(0)dnl 11 | import Copilot.Language.Reify 12 | import Copilot.Language 13 | import Copilot.Language.Operators.Eq 14 | import Copilot.Library.Clocks 15 | 16 | import qualified Copilot.Compile.SBV as S 17 | import qualified Copilot.Compile.C99 as C 18 | import qualified Prelude as P 19 | import Debug.Trace 20 | import Control.Monad (foldM_) 21 | 22 | -------------------------------------------------------------------------------- 23 | -- NEVER USE THIS PIECE OF CODE FOR WRITING A REAL MONITOR (cf ARIANE 5 fail) 24 | -- Implementation of http://shemesh.larc.nasa.gov/people/cam/publications/NASA-TM-2014-218280.pdf 25 | -------------------------------------------------------------------------------- 26 | 27 | import qualified Data.List as L 28 | 29 | ----------------------------------------- 30 | -- Spec 31 | ----------------------------------------- 32 | 33 | alt :: Stream Bool 34 | alt = (label "?splitting" $ not $ externB "externvar" Nothing) 35 | 36 | 37 | 38 | spec :: Spec 39 | spec = do 40 | -- trigger "alert_WCVtau" (wellClearViolation tau relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 41 | -- trigger "alert_WCVtcpa" (wellClearViolation tcpa relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 42 | -- trigger "alert_WCVtaumod" (wellClearViolation taumod relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 43 | -- trigger "alert_WCVtep" (wellClearViolation tep relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 44 | trigger "trigger" (alt) [] 45 | 46 | 47 | main = do 48 | reify spec >>= S.proofACSL S.defaultParams 49 | 50 | 51 | -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- /EMendelson/Compcert_Pipeline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/EMendelson/Compcert_Pipeline.png -------------------------------------------------------------------------------- /EMendelson/Copilot_architecture.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/EMendelson/Copilot_architecture.png -------------------------------------------------------------------------------- /EMendelson/EliMendelson_branch_presentation.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/EMendelson/EliMendelson_branch_presentation.pdf -------------------------------------------------------------------------------- /EMendelson/FramaC_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/EMendelson/FramaC_logo.png -------------------------------------------------------------------------------- /EMendelson/Homer_Simpson.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/EMendelson/Homer_Simpson.jpg -------------------------------------------------------------------------------- /EMendelson/NASA_logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/EMendelson/NASA_logo.png -------------------------------------------------------------------------------- /GAJaloyan/The manual/Grammar/BNF-paper.tex: -------------------------------------------------------------------------------- 1 | $$\begin{array}{llcl} 2 | \mbox{stream definition}&EXP &=& VAR \ |\ CVAR \ | \ APP \ | \ DROP \ | \ FUN \ | \ CONST\\ 3 | \mbox{monitor variable}& VAR &=& VARTYPE \ \bnfit{Identifier} \\ 4 | \mbox{typed stream variable}& VARTYPE &=& varB \ | \ varI8 \ | \ varI16 \ | \ varI32 \ | \ varI64 \ | \\ 5 | &&& varW8 \ | \ varW16 \ | \ varW32 \ | \ varW64 \ | \ varF \ | \ varD \\ 6 | \mbox{sample expression}& CVAR &=& CTYPE \ \bnfit{Identifier} \ \bnfit{n}\\ 7 | \mbox{typed program variable} &CTYPE &=& boolV \ | \ int8V \ | \ int32V \ | \ int64V \ | \ word8V \ | \\ 8 | &&& word32V \ | \ word64V \ | \ floatV \ | \ doubleV\\ 9 | \mbox{stream drop} &DROP &=& \drp{e}{\bnfit{n}}\\ 10 | &&& \mbox{ where } % \bnfit{i} \in \mathbb{N} \mbox{ and } 11 | e = VAR \ | \ CVAR \ | \ DROP \ | \ CONST\\ 12 | \mbox{stream append} &APP &=& \streaml{EXP}{l}\\ 13 | &&&\mbox{ where $l$ is a finite list of constants}\\ 14 | % \mbox{drop-append} &APP' &=& \streaml{e}{l}, \mbox{ where $l$ is a finite 15 | % list of constants and }\\ 16 | % &&& e = APP' \ | \ DROP \ | \ CONST \ | \ VAR\\ 17 | \mbox{function application} &FUN &=& f(\seqzero{e}{n})\\ 18 | &&& \mbox{ where } e_i = VAR \ | \ CVAR \ | \ DROP \ | \ FUN \ | \ CONST\\ 19 | \mbox{constant stream} &CONST &=& const \ c\\ 20 | &&& \mbox{ where $c$ is a constant} 21 | \end{array}$$ 22 | -------------------------------------------------------------------------------- /GAJaloyan/The manual/Grammar/BNF.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/The manual/Grammar/BNF.pdf -------------------------------------------------------------------------------- /GAJaloyan/The manual/Grammar/Typing.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/The manual/Grammar/Typing.pdf -------------------------------------------------------------------------------- /GAJaloyan/The manual/The manual.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/The manual/The manual.pdf -------------------------------------------------------------------------------- /GAJaloyan/conference/README.txt: -------------------------------------------------------------------------------- 1 | README ! 2 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/1c9666455b369c94a2fd2e013fdd6f840363a800.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{n+nf}{x} \PYGdefault{o+ow}{=} \PYGdefault{n}{externFun} \PYGdefault{l+s}{\PYGdefaultZdq{}f\PYGdefaultZdq{}} \PYGdefault{p}{[}\PYGdefault{n}{arg} \PYGdefault{l+m+mi}{0}\PYGdefault{p}{]} 3 | \PYGdefault{n+nf}{y} \PYGdefault{o+ow}{=} \PYGdefault{n}{externFun} \PYGdefault{l+s}{\PYGdefaultZdq{}f\PYGdefaultZdq{}} \PYGdefault{p}{[}\PYGdefault{n}{arg} \PYGdefault{l+m+mi}{1}\PYGdefault{p}{]} 4 | \PYGdefault{n+nf}{s} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Stream} \PYGdefault{k+kt}{Double} 5 | \PYGdefault{n+nf}{s} \PYGdefault{o+ow}{=} \PYGdefault{n}{x} \PYGdefault{o}{+} \PYGdefault{p}{(}\PYGdefault{n}{y} \PYGdefault{o}{+} \PYGdefault{n}{x}\PYGdefault{p}{)} 6 | \end{Verbatim} 7 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/2de70edfc31743d5dff15596cb1d7c4c4a956aef.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{k+kr}{import} \PYGdefault{k}{qualified} \PYGdefault{n+nn}{Copilot.Compile.SBV} \PYGdefault{k}{as} \PYGdefault{n}{S} 3 | 4 | \PYGdefault{n+nf}{alt} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Stream} \PYGdefault{k+kt}{Bool} 5 | \PYGdefault{n+nf}{alt} \PYGdefault{o+ow}{=} \PYGdefault{p}{(}\PYGdefault{n}{label} \PYGdefault{l+s}{\PYGdefaultZdq{}?splitting\PYGdefaultZdq{}} \PYGdefault{o}{\PYGdefaultZdl{}} \PYGdefault{n}{not} \PYGdefault{o}{\PYGdefaultZdl{}} 6 | \PYGdefault{n}{externB} \PYGdefault{l+s}{\PYGdefaultZdq{}externvar\PYGdefaultZdq{}} \PYGdefault{k+kt}{Nothing}\PYGdefault{p}{)} 7 | 8 | \PYGdefault{n+nf}{spec} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Spec} 9 | \PYGdefault{n+nf}{spec} \PYGdefault{o+ow}{=} \PYGdefault{k+kr}{do} 10 | \PYGdefault{n+nf}{trigger} \PYGdefault{l+s}{\PYGdefaultZdq{}trigger\PYGdefaultZdq{}} \PYGdefault{p}{(}\PYGdefault{n}{alt}\PYGdefault{p}{)} \PYGdefault{k+kt}{[]} 11 | 12 | \PYGdefault{n+nf}{main} \PYGdefault{o+ow}{=} \PYGdefault{k+kr}{do} 13 | \PYGdefault{n+nf}{reify} \PYGdefault{n}{spec} \PYGdefault{o}{\PYGdefaultZgt{}\PYGdefaultZgt{}=} \PYGdefault{k+kt}{S}\PYGdefault{o}{.}\PYGdefault{n}{proofACSL} \PYGdefault{k+kt}{Spec} \PYGdefault{o}{\PYGdefaultZgt{}\PYGdefaultZgt{}=} \PYGdefault{k+kt}{S}\PYGdefault{o}{.}\PYGdefault{n}{proofACSL} \PYGdefault{k+kt}{S}\PYGdefault{o}{.}\PYGdefault{n}{defaultParams} 14 | \end{Verbatim} 15 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/3209adbec3552456c525fe1b65d2c4bee01b9680.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{n+nf}{extern} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Typed} \PYGdefault{n}{a} \PYGdefault{o+ow}{=\PYGdefaultZgt{}} \PYGdefault{k+kt}{String} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Maybe} \PYGdefault{p}{[}\PYGdefault{n}{a}\PYGdefault{p}{]} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{n}{a} 3 | \end{Verbatim} 4 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/3551e7b51f5fa168b6d95f89622bd5fe1dc6f1c9.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{n+nf}{x} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Stream} \PYGdefault{k+kt}{Word64} 3 | \PYGdefault{n+nf}{x} \PYGdefault{o+ow}{=} \PYGdefault{n}{extern} \PYGdefault{l+s}{\PYGdefaultZdq{}x\PYGdefaultZdq{}} \PYGdefault{p}{(}\PYGdefault{k+kt}{Just} \PYGdefault{p}{[}\PYGdefault{l+m+mi}{0}\PYGdefault{p}{,}\PYGdefault{l+m+mi}{0}\PYGdefault{o}{..}\PYGdefault{p}{])} 4 | 5 | \PYGdefault{n+nf}{x2} \PYGdefault{o+ow}{=} \PYGdefault{n}{externW64} \PYGdefault{l+s}{\PYGdefaultZdq{}x\PYGdefaultZdq{}} \PYGdefault{k+kt}{Nothing} 6 | \end{Verbatim} 7 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/3676cd23c36f97ae5e63392fc7b1f5b35837e01e.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{n+nf}{drop} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Int} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{n}{a} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{n}{a} 3 | \end{Verbatim} 4 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/3ba0a53c5a4af076acdca6c4af8c799f3c7b58dc.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{n+nf}{cast} \PYGdefault{o+ow}{::} \PYGdefault{p}{(}\PYGdefault{k+kt}{Typed} \PYGdefault{n}{a}\PYGdefault{p}{,} \PYGdefault{k+kt}{Typed} \PYGdefault{n}{b}\PYGdefault{p}{)} \PYGdefault{o+ow}{=\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{n}{a} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{n}{b} 3 | \PYGdefault{n+nf}{unsafeCast} \PYGdefault{o+ow}{::} \PYGdefault{p}{(}\PYGdefault{k+kt}{Typed} \PYGdefault{n}{a}\PYGdefault{p}{,} \PYGdefault{k+kt}{Typed} \PYGdefault{n}{b}\PYGdefault{p}{)} \PYGdefault{o+ow}{=\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{n}{a} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{n}{b} 4 | \end{Verbatim} 5 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/3ebefe3cfb723c9a1c1457b6281f828719c1f5c7.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{n+nf}{observer} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Typed} \PYGdefault{n}{a} \PYGdefault{o+ow}{=\PYGdefaultZgt{}} \PYGdefault{k+kt}{String} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{n}{a} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Spec} 3 | \end{Verbatim} 4 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/4b64a88f6f1817fdadd0d7dde824440c28a32051.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{k+kr}{import} \PYGdefault{n+nn}{Copilot.Language.Reify} 3 | \PYGdefault{k+kr}{import} \PYGdefault{n+nn}{Copilot.Language} 4 | \PYGdefault{k+kr}{import} \PYGdefault{k}{qualified} \PYGdefault{n+nn}{Copilot.Compile.SBV} \PYGdefault{k}{as} \PYGdefault{n}{S} 5 | 6 | \PYGdefault{n+nf}{logic} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Stream} \PYGdefault{k+kt}{Bool} 7 | \PYGdefault{n+nf}{logic} \PYGdefault{o+ow}{=} \PYGdefault{p}{[}\PYGdefault{k+kt}{True}\PYGdefault{p}{,} \PYGdefault{k+kt}{False}\PYGdefault{p}{]} \PYGdefault{o}{++} \PYGdefault{n}{logic} \PYGdefault{o}{\PYGdefaultZam{}\PYGdefaultZam{}} \PYGdefault{n}{drop} \PYGdefault{l+m+mi}{1} \PYGdefault{n}{logic} 8 | 9 | \PYGdefault{n+nf}{spec} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Spec} 10 | \PYGdefault{n+nf}{spec} \PYGdefault{o+ow}{=} \PYGdefault{k+kr}{do} 11 | \PYGdefault{n+nf}{observer} \PYGdefault{l+s}{\PYGdefaultZdq{}obs1\PYGdefaultZdq{}} \PYGdefault{n}{logic} 12 | 13 | \PYGdefault{n+nf}{main} \PYGdefault{o+ow}{=} \PYGdefault{k+kr}{do} 14 | \PYGdefault{n+nf}{interpret} \PYGdefault{l+m+mi}{10} \PYGdefault{n}{spec} 15 | \PYGdefault{n+nf}{reify} \PYGdefault{n}{spec} \PYGdefault{o}{\PYGdefaultZgt{}\PYGdefaultZgt{}=} \PYGdefault{k+kt}{S}\PYGdefault{o}{.}\PYGdefault{n}{compile} \PYGdefault{k+kt}{S}\PYGdefault{o}{.}\PYGdefault{n}{defaultParams} \PYGdefault{c+c1}{\PYGdefaultZhy{}\PYGdefaultZhy{}SBV Backend} 16 | \end{Verbatim} 17 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/5711d0e98778aa2162e161212eaf2f893cc0456a.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{n+nf}{trigger} \PYGdefault{o+ow}{::} 3 | \PYGdefault{k+kt}{String} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{k+kt}{Bool} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{p}{[}\PYGdefault{k+kt}{TriggerArg}\PYGdefault{p}{]} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Spec} 4 | \end{Verbatim} 5 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/6a7a963dcc86b124d28578049c0886b6f58e1d72.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{k+kr}{import} \PYGdefault{k}{qualified} \PYGdefault{n+nn}{Copilot.Compile.SBV} \PYGdefault{k}{as} \PYGdefault{n}{S} 3 | 4 | \PYGdefault{n+nf}{alt} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Stream} \PYGdefault{k+kt}{Bool} 5 | \PYGdefault{n+nf}{alt} \PYGdefault{o+ow}{=} \PYGdefault{p}{(}\PYGdefault{n}{label} \PYGdefault{l+s}{\PYGdefaultZdq{}?splitting\PYGdefaultZdq{}} \PYGdefault{o}{\PYGdefaultZdl{}} \PYGdefault{n}{not} \PYGdefault{o}{\PYGdefaultZdl{}} 6 | \PYGdefault{n}{externB} \PYGdefault{l+s}{\PYGdefaultZdq{}externvar\PYGdefaultZdq{}} \PYGdefault{k+kt}{Nothing}\PYGdefault{p}{)} 7 | 8 | \PYGdefault{n+nf}{spec} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Spec} 9 | \PYGdefault{n+nf}{spec} \PYGdefault{o+ow}{=} \PYGdefault{k+kr}{do} 10 | \PYGdefault{n+nf}{trigger} \PYGdefault{l+s}{\PYGdefaultZdq{}trigger\PYGdefaultZdq{}} \PYGdefault{p}{(}\PYGdefault{n}{alt}\PYGdefault{p}{)} \PYGdefault{k+kt}{[]} 11 | 12 | \PYGdefault{n+nf}{main} \PYGdefault{o+ow}{=} \PYGdefault{k+kr}{do} 13 | \PYGdefault{n+nf}{reify} \PYGdefault{n}{spec} \PYGdefault{o}{\PYGdefaultZgt{}\PYGdefaultZgt{}=} \PYGdefault{k+kt}{S}\PYGdefault{o}{.}\PYGdefault{n}{proofACSL} \PYGdefault{k+kt}{S}\PYGdefault{o}{.}\PYGdefault{n}{defaultParams} 14 | \end{Verbatim} 15 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/803ec2fa3319077ac5e864dc93d01f5326da88f4.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{n+nf}{externFun} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Typed} \PYGdefault{n}{a} \PYGdefault{o+ow}{=\PYGdefaultZgt{}} 3 | \PYGdefault{k+kt}{String} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{p}{[}\PYGdefault{k+kt}{FunArg}\PYGdefault{p}{]} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Maybe} \PYGdefault{p}{[}\PYGdefault{n}{a}\PYGdefault{p}{]} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{n}{a} 4 | \end{Verbatim} 5 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/b4d8e4e07d6ca95207b8d626f9a51391c043926d.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{n+nf}{x} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Stream} \PYGdefault{k+kt}{Word16} 3 | \PYGdefault{n+nf}{x} \PYGdefault{o+ow}{=} \PYGdefault{l+m+mi}{0} 4 | \PYGdefault{c+c1}{\PYGdefaultZhy{}\PYGdefaultZhy{} x = \PYGdefaultZob{}0, 0, 0, ...\PYGdefaultZcb{}} 5 | \PYGdefault{n+nf}{y} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Stream} \PYGdefault{k+kt}{Bool} 6 | \PYGdefault{n+nf}{y} \PYGdefault{o+ow}{=} \PYGdefault{n}{x} \PYGdefault{p}{`}\PYGdefault{n}{mod}\PYGdefault{p}{`} \PYGdefault{l+m+mi}{2} \PYGdefault{o}{==} \PYGdefault{l+m+mi}{0} 7 | \PYGdefault{c+c1}{\PYGdefaultZhy{}\PYGdefaultZhy{} y = \PYGdefaultZob{}T, T, ...\PYGdefaultZcb{}} 8 | \PYGdefault{n+nf}{nats} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Stream} \PYGdefault{k+kt}{Word64} 9 | \PYGdefault{n+nf}{nats} \PYGdefault{o+ow}{=} \PYGdefault{p}{[}\PYGdefault{l+m+mi}{0}\PYGdefault{p}{]} \PYGdefault{o}{++} \PYGdefault{p}{(}\PYGdefault{l+m+mi}{1} \PYGdefault{o}{+} \PYGdefault{n}{nats}\PYGdefault{p}{)} 10 | \PYGdefault{c+c1}{\PYGdefaultZhy{}\PYGdefaultZhy{} nats = \PYGdefaultZob{}0,1,2, ..., 2\PYGdefaultZca{}64\PYGdefaultZhy{}1, 0, 1, ..\PYGdefaultZcb{}} 11 | \end{Verbatim} 12 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/b4e9e0f124beb33e480c80cbe4555410bee5e582.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{n+nf}{externArray} \PYGdefault{o+ow}{::} \PYGdefault{p}{(}\PYGdefault{k+kt}{Typed} \PYGdefault{n}{a}\PYGdefault{p}{,} \PYGdefault{k+kt}{Typed} \PYGdefault{n}{b}\PYGdefault{p}{,} \PYGdefault{k+kt}{Integral} \PYGdefault{n}{a}\PYGdefault{p}{)} \PYGdefault{o+ow}{=\PYGdefaultZgt{}} 3 | \PYGdefault{k+kt}{String} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{n}{a} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Int} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Maybe} \PYGdefault{p}{[[}\PYGdefault{n}{a}\PYGdefault{p}{]]} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{n}{b} 4 | \end{Verbatim} 5 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/d04da801c0e6c66e657bcf7bc0028701cae623a6.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{n+nf}{x} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Stream} \PYGdefault{k+kt}{Double} 3 | \PYGdefault{n+nf}{x} \PYGdefault{o+ow}{=} \PYGdefault{n}{externDouble} \PYGdefault{l+s}{\PYGdefaultZdq{}x\PYGdefaultZdq{}} \PYGdefault{k+kt}{Nothing} 4 | 5 | \PYGdefault{n+nf}{sinx} \PYGdefault{o+ow}{=} \PYGdefault{n}{externFun} \PYGdefault{l+s}{\PYGdefaultZdq{}sin\PYGdefaultZdq{}} \PYGdefault{p}{[}\PYGdefault{n}{arg} \PYGdefault{n}{x}\PYGdefault{p}{]} \PYGdefault{k+kt}{Nothing} 6 | \end{Verbatim} 7 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/f1a9f38b06a041c1307acbd6d3c29f2aa4dccb8c.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{c+c1}{\PYGdefaultZhy{}\PYGdefaultZhy{} nat = [0] ++ (nats + 1)} 3 | \PYGdefault{n+nf}{x} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Stream} \PYGdefault{k+kt}{Word64} 4 | \PYGdefault{n+nf}{x} \PYGdefault{o+ow}{=} \PYGdefault{n}{externArray} \PYGdefault{l+s}{\PYGdefaultZdq{}tab\PYGdefaultZdq{}} \PYGdefault{n}{nats} \PYGdefault{l+m+mi}{1000} \PYGdefault{k+kt}{Nothing} 5 | 6 | \PYGdefault{n+nf}{x2} \PYGdefault{o+ow}{=} \PYGdefault{n}{externArrayW64} \PYGdefault{l+s}{\PYGdefaultZdq{}tab\PYGdefaultZdq{}} \PYGdefault{n}{nats} \PYGdefault{l+m+mi}{1000} \PYGdefault{k+kt}{Nothing} 7 | \end{Verbatim} 8 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/f4779f40d4f6c8611995d867e0d3aec7de1d737d.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{n+nf}{fib} \PYGdefault{o+ow}{::} \PYGdefault{k+kt}{Stream} \PYGdefault{k+kt}{Word64} 3 | \PYGdefault{n+nf}{fib} \PYGdefault{o+ow}{=} \PYGdefault{p}{[}\PYGdefault{l+m+mi}{1}\PYGdefault{p}{,}\PYGdefault{l+m+mi}{1}\PYGdefault{p}{]} \PYGdefault{o}{++} \PYGdefault{p}{(}\PYGdefault{n}{fib} \PYGdefault{o}{+} \PYGdefault{n}{drop} \PYGdefault{l+m+mi}{1} \PYGdefault{n}{fib}\PYGdefault{p}{)} 4 | \PYGdefault{c+c1}{\PYGdefaultZhy{}\PYGdefaultZhy{} fib = \PYGdefaultZob{}1,1,2,3,5,8,13,...,} 5 | \PYGdefault{c+c1}{\PYGdefaultZhy{}\PYGdefaultZhy{} 12200160415121876738,} 6 | \PYGdefault{c+c1}{\PYGdefaultZhy{}\PYGdefaultZhy{} /!\PYGdefaultZbs{} 1293530146158671551,...\PYGdefaultZcb{}} 7 | \end{Verbatim} 8 | -------------------------------------------------------------------------------- /GAJaloyan/conference/_minted-expose/fc4c5d3837e5b63d509dfb59722d59986126d469.pygtex: -------------------------------------------------------------------------------- 1 | \begin{Verbatim}[commandchars=\\\{\}] 2 | \PYGdefault{p}{(}\PYGdefault{o}{++}\PYGdefault{p}{)} \PYGdefault{o+ow}{::} \PYGdefault{p}{[}\PYGdefault{n}{a}\PYGdefault{p}{]} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{n}{a} \PYGdefault{o+ow}{\PYGdefaultZhy{}\PYGdefaultZgt{}} \PYGdefault{k+kt}{Stream} \PYGdefault{n}{a} 3 | \end{Verbatim} 4 | -------------------------------------------------------------------------------- /GAJaloyan/conference/expose.out: -------------------------------------------------------------------------------- 1 | \BOOKMARK [2][]{Outline0.1}{Preliminaries}{}% 1 2 | \BOOKMARK [3][]{Outline0.1.1.2}{Copilot\040language}{Outline0.1}% 2 3 | \BOOKMARK [3][]{Outline0.1.2.12}{ACSL}{Outline0.1}% 3 4 | \BOOKMARK [3][]{Outline0.1.3.20}{Copilot\040toolchain}{Outline0.1}% 4 5 | \BOOKMARK [2][]{Outline0.2}{Working\040on\040the\040backend}{}% 5 6 | \BOOKMARK [3][]{Outline0.2.1.22}{Hand-written\040ACSL}{Outline0.2}% 6 7 | \BOOKMARK [3][]{Outline0.2.2.30}{ACSL\040generation}{Outline0.2}% 7 8 | \BOOKMARK [3][]{Outline0.2.3.43}{Bug\040finding}{Outline0.2}% 8 9 | \BOOKMARK [2][]{Outline0.3}{Applications}{}% 9 10 | \BOOKMARK [3][]{Outline0.3.1.47}{Self-separation\040criteria}{Outline0.3}% 10 11 | \BOOKMARK [3][]{Outline0.3.2.49}{TCAS\040II}{Outline0.3}% 11 12 | \BOOKMARK [3][]{Outline0.3.3.53}{Well-Clear}{Outline0.3}% 12 13 | -------------------------------------------------------------------------------- /GAJaloyan/conference/expose.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/expose.pdf -------------------------------------------------------------------------------- /GAJaloyan/conference/expose.snm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/expose.snm -------------------------------------------------------------------------------- /GAJaloyan/conference/expose.synctex.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/expose.synctex.gz -------------------------------------------------------------------------------- /GAJaloyan/conference/expose.toc: -------------------------------------------------------------------------------- 1 | \beamer@endinputifotherversion {3.36pt} 2 | \beamer@sectionintoc {1}{Preliminaries}{2}{0}{1} 3 | \beamer@subsectionintoc {1}{1}{Copilot language}{2}{0}{1} 4 | \beamer@subsectionintoc {1}{2}{ACSL}{12}{0}{1} 5 | \beamer@subsectionintoc {1}{3}{Copilot toolchain}{20}{0}{1} 6 | \beamer@sectionintoc {2}{Working on the backend}{22}{0}{2} 7 | \beamer@subsectionintoc {2}{1}{Hand-written ACSL}{22}{0}{2} 8 | \beamer@subsectionintoc {2}{2}{ACSL generation}{30}{0}{2} 9 | \beamer@subsectionintoc {2}{3}{Bug finding}{43}{0}{2} 10 | \beamer@sectionintoc {3}{Applications}{47}{0}{3} 11 | \beamer@subsectionintoc {3}{1}{Self-separation criteria}{47}{0}{3} 12 | \beamer@subsectionintoc {3}{2}{TCAS II}{49}{0}{3} 13 | \beamer@subsectionintoc {3}{3}{Well-Clear}{53}{0}{3} 14 | -------------------------------------------------------------------------------- /GAJaloyan/conference/expose.vrb: -------------------------------------------------------------------------------- 1 | \frametitle{Well-Clear : Global structure} 2 | ^^I\begin{figure}[ht!] 3 | ^^I^^I\centering 4 | ^^I^^I\footnotesize 5 | ^^I^^I\begin{tikzpicture}[->, node distance=2.3cm, auto, shorten >=1pt, bend angle=45,thick] 6 | ^^I^^I\tikzstyle{every state}=[rectangle, rounded corners] 7 | 8 | ^^I^^I\node[state] (Plane) {Planes}; 9 | ^^I^^I\node[state] (GUI) [right of=Plane] {GUI}; 10 | ^^I^^I\node[state] (Mon) [right=2cm of GUI] {monitor.c}; 11 | ^^I^^I\node[state] (dr) [right of=Mon] {driver.c}; 12 | ^^I^^I\node[state] (ex) [above right of=Mon] {external}; 13 | 14 | 15 | ^^I^^I\node[state] (AL) [below of=GUI] {ALERT}; 16 | ^^I^^I\node[state] (Co) [below of=Mon] {Converter}; 17 | 18 | 19 | ^^I^^I\tikzstyle{every node}=[] 20 | 21 | 22 | ^^I^^I\path 23 | ^^I^^I(Plane) edge node {UDP} (GUI) 24 | ^^I^^I(GUI) edge [bend right] node {stdin} (Mon) 25 | ^^I^^I(Mon) edge [bend right] node {stdout} (GUI) 26 | ^^I^^I(Mon) edge [bend left, anchor=west] node {lat-long} (Co) 27 | ^^I^^I(Co) edge [bend left, anchor=west] node[left] {x,y,z} (Mon) 28 | ^^I^^I(Mon) edge [anchor=west] node {assign} (ex) 29 | ^^I^^I(Mon) edge [anchor=south] node {call} (dr) 30 | ^^I^^I(ex) edge [anchor=west] node {feed} (dr) 31 | ^^I^^I(GUI) edge node {} (AL); 32 | ^^I^^I\end{tikzpicture} 33 | ^^I\end{figure} 34 | -------------------------------------------------------------------------------- /GAJaloyan/conference/images/ENS-logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/images/ENS-logo.jpg -------------------------------------------------------------------------------- /GAJaloyan/conference/images/NASA.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/images/NASA.png -------------------------------------------------------------------------------- /GAJaloyan/conference/images/NIA-logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/images/NIA-logo.jpg -------------------------------------------------------------------------------- /GAJaloyan/conference/images/WCV/graph.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/images/WCV/graph.pdf -------------------------------------------------------------------------------- /GAJaloyan/conference/images/WCV/tau.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/images/WCV/tau.pdf -------------------------------------------------------------------------------- /GAJaloyan/conference/images/WCV/taumod.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/images/WCV/taumod.pdf -------------------------------------------------------------------------------- /GAJaloyan/conference/images/WCV/tcoa.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/images/WCV/tcoa.pdf -------------------------------------------------------------------------------- /GAJaloyan/conference/images/WCV/tcpa.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/images/WCV/tcpa.pdf -------------------------------------------------------------------------------- /GAJaloyan/conference/images/WCV/tep.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/images/WCV/tep.pdf -------------------------------------------------------------------------------- /GAJaloyan/conference/images/WCV/theta.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/images/WCV/theta.pdf -------------------------------------------------------------------------------- /GAJaloyan/conference/images/WCV/wcv.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/images/WCV/wcv.pdf -------------------------------------------------------------------------------- /GAJaloyan/conference/images/label/main.hs: -------------------------------------------------------------------------------- 1 | divert(-1) 2 | changequote({,}) 3 | define({LQ},{changequote(`,'){dnl} 4 | changequote({,})}) 5 | define({RQ},{changequote(`,')dnl{ 6 | }changequote({,})}) 7 | changecom({--}) 8 | 9 | 10 | divert(0)dnl 11 | import Copilot.Language.Reify 12 | import Copilot.Language 13 | import Copilot.Language.Operators.Eq 14 | import Copilot.Library.Clocks 15 | 16 | import qualified Copilot.Compile.SBV as S 17 | import qualified Copilot.Compile.C99 as C 18 | import qualified Prelude as P 19 | import Debug.Trace 20 | import Control.Monad (foldM_) 21 | 22 | -------------------------------------------------------------------------------- 23 | -- NEVER USE THIS PIECE OF CODE FOR WRITING A REAL MONITOR (cf ARIANE 5 fail) 24 | -- Implementation of http://shemesh.larc.nasa.gov/people/cam/publications/NASA-TM-2014-218280.pdf 25 | -------------------------------------------------------------------------------- 26 | 27 | import qualified Data.List as L 28 | 29 | ----------------------------------------- 30 | -- Spec 31 | ----------------------------------------- 32 | 33 | alt :: Stream Bool 34 | alt = (label "?splitting" $ not $ externB "externvar" Nothing) 35 | 36 | 37 | 38 | spec :: Spec 39 | spec = do 40 | -- trigger "alert_WCVtau" (wellClearViolation tau relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 41 | -- trigger "alert_WCVtcpa" (wellClearViolation tcpa relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 42 | -- trigger "alert_WCVtaumod" (wellClearViolation taumod relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 43 | -- trigger "alert_WCVtep" (wellClearViolation tep relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 44 | trigger "trigger" (alt) [] 45 | 46 | 47 | main = do 48 | reify spec >>= S.proofACSL S.defaultParams 49 | 50 | 51 | -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- /GAJaloyan/conference/mathpartir.sty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/conference/mathpartir.sty -------------------------------------------------------------------------------- /GAJaloyan/presentation/README.txt: -------------------------------------------------------------------------------- 1 | README ! 2 | -------------------------------------------------------------------------------- /GAJaloyan/presentation/expose.snm: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/presentation/expose.snm -------------------------------------------------------------------------------- /GAJaloyan/presentation/expose.vrb: -------------------------------------------------------------------------------- 1 | \frametitle{Well-Clear : Global structure of the ground station} 2 | \begin{figure}[ht!] 3 | \centering 4 | \footnotesize 5 | \begin{tikzpicture}[->, node distance=2.3cm, auto, shorten >=1pt, bend angle=45,thick] 6 | \tikzstyle{every state}=[rectangle, rounded corners] 7 | 8 | \node[state] (Plane) {Planes}; 9 | \node[state] (GUI) [right of=Plane] {GUI}; 10 | \node[state] (Mon) [right=2cm of GUI] {monitor.c}; 11 | \node[state] (dr) [right of=Mon] {driver.c}; 12 | \node[state] (ex) [above right of=Mon] {external}; 13 | 14 | 15 | \node[state] (AL) [below of=GUI] {ALERT}; 16 | \node[state] (Co) [below of=Mon] {Converter}; 17 | 18 | 19 | \tikzstyle{every node}=[] 20 | 21 | 22 | \path 23 | (Plane) edge node {UDP} (GUI) 24 | (GUI) edge [bend right] node {stdin} (Mon) 25 | (Mon) edge [bend right] node {stdout} (GUI) 26 | (Mon) edge [bend left, anchor=west] node {lat-long} (Co) 27 | (Co) edge [bend left, anchor=west] node[left] {x,y,z} (Mon) 28 | (Mon) edge [anchor=west] node {assign} (ex) 29 | (Mon) edge [anchor=south] node {call} (dr) 30 | (ex) edge [anchor=west] node {feed} (dr) 31 | (GUI) edge node {} (AL); 32 | \end{tikzpicture} 33 | \end{figure} 34 | -------------------------------------------------------------------------------- /GAJaloyan/presentation/images/ENS-logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/presentation/images/ENS-logo.jpg -------------------------------------------------------------------------------- /GAJaloyan/presentation/images/NASA.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/presentation/images/NASA.png -------------------------------------------------------------------------------- /GAJaloyan/presentation/images/NIA-logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/presentation/images/NIA-logo.jpg -------------------------------------------------------------------------------- /GAJaloyan/presentation/images/WCV/graph.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/presentation/images/WCV/graph.pdf -------------------------------------------------------------------------------- /GAJaloyan/presentation/images/WCV/tau.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/presentation/images/WCV/tau.pdf -------------------------------------------------------------------------------- /GAJaloyan/presentation/images/WCV/taumod.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/presentation/images/WCV/taumod.pdf -------------------------------------------------------------------------------- /GAJaloyan/presentation/images/WCV/tcoa.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/presentation/images/WCV/tcoa.pdf -------------------------------------------------------------------------------- /GAJaloyan/presentation/images/WCV/tcpa.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/presentation/images/WCV/tcpa.pdf -------------------------------------------------------------------------------- /GAJaloyan/presentation/images/WCV/tep.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/presentation/images/WCV/tep.pdf -------------------------------------------------------------------------------- /GAJaloyan/presentation/images/WCV/theta.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/presentation/images/WCV/theta.pdf -------------------------------------------------------------------------------- /GAJaloyan/presentation/images/WCV/wcv.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/presentation/images/WCV/wcv.pdf -------------------------------------------------------------------------------- /GAJaloyan/presentation/images/label/main.hs: -------------------------------------------------------------------------------- 1 | divert(-1) 2 | changequote({,}) 3 | define({LQ},{changequote(`,'){dnl} 4 | changequote({,})}) 5 | define({RQ},{changequote(`,')dnl{ 6 | }changequote({,})}) 7 | changecom({--}) 8 | 9 | 10 | divert(0)dnl 11 | import Copilot.Language.Reify 12 | import Copilot.Language 13 | import Copilot.Language.Operators.Eq 14 | import Copilot.Library.Clocks 15 | 16 | import qualified Copilot.Compile.SBV as S 17 | import qualified Copilot.Compile.C99 as C 18 | import qualified Prelude as P 19 | import Debug.Trace 20 | import Control.Monad (foldM_) 21 | 22 | -------------------------------------------------------------------------------- 23 | -- NEVER USE THIS PIECE OF CODE FOR WRITING A REAL MONITOR (cf ARIANE 5 fail) 24 | -- Implementation of http://shemesh.larc.nasa.gov/people/cam/publications/NASA-TM-2014-218280.pdf 25 | -------------------------------------------------------------------------------- 26 | 27 | import qualified Data.List as L 28 | 29 | ----------------------------------------- 30 | -- Spec 31 | ----------------------------------------- 32 | 33 | alt :: Stream Bool 34 | alt = (label "?splitting" $ not $ externB "externvar" Nothing) 35 | 36 | 37 | 38 | spec :: Spec 39 | spec = do 40 | -- trigger "alert_WCVtau" (wellClearViolation tau relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 41 | -- trigger "alert_WCVtcpa" (wellClearViolation tcpa relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 42 | -- trigger "alert_WCVtaumod" (wellClearViolation taumod relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 43 | -- trigger "alert_WCVtep" (wellClearViolation tep relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 44 | trigger "trigger" (alt) [] 45 | 46 | 47 | main = do 48 | reify spec >>= S.proofACSL S.defaultParams 49 | 50 | 51 | -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- /GAJaloyan/presentation/mathpartir.sty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/presentation/mathpartir.sty -------------------------------------------------------------------------------- /GAJaloyan/sample_report/README.txt: -------------------------------------------------------------------------------- 1 | Exemple de rapport par Bruno Voisin (Hiko Seijûrô) 2 | http://blog.hikoweb.net/ 3 | 4 | 5 | Tutorial Latex : 6 | http://www.ukonline.be/programmation/latex/tutoriel/index.php 7 | Page titre : 8 | http://en.wikibooks.org/wiki/LaTeX/Title_Creation 9 | 10 | 11 | ### Pour installer LaTeX ### 12 | 13 | sudo apt-get install texlive texlive-lang-french 14 | 15 | 16 | ### Pour générer le fichier PDF ### 17 | 18 | # Près-requis : ajouter les droits d'exécution à make.sh et clean.sh 19 | chmod +x make.sh clean.sh 20 | 21 | ./make.sh 22 | 23 | # Nettoyer les fichiers temporaires : 24 | ./clean.sh 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/CAMsep.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/images/CAMsep.jpg -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/ENS-logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/images/ENS-logo.jpg -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/NASA.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/images/NASA.png -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/NIA-logo.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/images/NIA-logo.jpg -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/TCASRA1.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/images/TCASRA1.jpg -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/WCV/graph.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/images/WCV/graph.pdf -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/WCV/tau.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/images/WCV/tau.pdf -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/WCV/taumod.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/images/WCV/taumod.pdf -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/WCV/tcoa.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/images/WCV/tcoa.pdf -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/WCV/tcpa.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/images/WCV/tcpa.pdf -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/WCV/tep.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/images/WCV/tep.pdf -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/WCV/theta.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/images/WCV/theta.pdf -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/WCV/wcv.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/images/WCV/wcv.pdf -------------------------------------------------------------------------------- /GAJaloyan/sample_report/images/label/main.hs: -------------------------------------------------------------------------------- 1 | divert(-1) 2 | changequote({,}) 3 | define({LQ},{changequote(`,'){dnl} 4 | changequote({,})}) 5 | define({RQ},{changequote(`,')dnl{ 6 | }changequote({,})}) 7 | changecom({--}) 8 | 9 | 10 | divert(0)dnl 11 | import Copilot.Language.Reify 12 | import Copilot.Language 13 | import Copilot.Language.Operators.Eq 14 | import Copilot.Library.Clocks 15 | 16 | import qualified Copilot.Compile.SBV as S 17 | import qualified Copilot.Compile.C99 as C 18 | import qualified Prelude as P 19 | import Debug.Trace 20 | import Control.Monad (foldM_) 21 | 22 | -------------------------------------------------------------------------------- 23 | -- NEVER USE THIS PIECE OF CODE FOR WRITING A REAL MONITOR (cf ARIANE 5 fail) 24 | -- Implementation of http://shemesh.larc.nasa.gov/people/cam/publications/NASA-TM-2014-218280.pdf 25 | -------------------------------------------------------------------------------- 26 | 27 | import qualified Data.List as L 28 | 29 | ----------------------------------------- 30 | -- Spec 31 | ----------------------------------------- 32 | 33 | alt :: Stream Bool 34 | alt = (label "?splitting" $ not $ externB "externvar" Nothing) 35 | 36 | 37 | 38 | spec :: Spec 39 | spec = do 40 | -- trigger "alert_WCVtau" (wellClearViolation tau relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 41 | -- trigger "alert_WCVtcpa" (wellClearViolation tcpa relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 42 | -- trigger "alert_WCVtaumod" (wellClearViolation taumod relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 43 | -- trigger "alert_WCVtep" (wellClearViolation tep relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 44 | trigger "trigger" (alt) [] 45 | 46 | 47 | main = do 48 | reify spec >>= S.proofACSL S.defaultParams 49 | 50 | 51 | -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- /GAJaloyan/sample_report/mathpartir.sty: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/mathpartir.sty -------------------------------------------------------------------------------- /GAJaloyan/sample_report/rapport.blg: -------------------------------------------------------------------------------- 1 | This is BibTeX, Version 0.99d (TeX Live 2014/W32TeX) 2 | Capacity: max_strings=35307, hash_size=35307, hash_prime=30011 3 | The top-level auxiliary file: rapport.aux 4 | The style file: IEEEtrans.bst 5 | Reallocated singl_function (elt_size=4) to 100 items from 50. 6 | Reallocated singl_function (elt_size=4) to 100 items from 50. 7 | Reallocated singl_function (elt_size=4) to 100 items from 50. 8 | Reallocated wiz_functions (elt_size=4) to 6000 items from 3000. 9 | Reallocated singl_function (elt_size=4) to 100 items from 50. 10 | Database file #1: ref.bib 11 | -- IEEEtranS.bst version 1.13 (2008/09/30) by Michael Shell. 12 | -- http://www.michaelshell.org/tex/ieeetran/bibtex/ 13 | -- See the "IEEEtran_bst_HOWTO.pdf" manual for usage information. 14 | ** Sorting version - not for normal IEEE work. 15 | 16 | Done. 17 | You've used 14 entries, 18 | 4498 wiz_defined-function locations, 19 | 1001 strings with 11577 characters, 20 | and the built_in function-call counts, 12457 in all, are: 21 | = -- 1089 22 | > -- 413 23 | < -- 53 24 | + -- 209 25 | - -- 113 26 | * -- 699 27 | := -- 1944 28 | add.period$ -- 33 29 | call.type$ -- 14 30 | change.case$ -- 97 31 | chr.to.int$ -- 114 32 | cite$ -- 14 33 | duplicate$ -- 800 34 | empty$ -- 928 35 | format.name$ -- 126 36 | if$ -- 2734 37 | int.to.chr$ -- 0 38 | int.to.str$ -- 14 39 | missing$ -- 175 40 | newline$ -- 77 41 | num.names$ -- 30 42 | pop$ -- 460 43 | preamble$ -- 1 44 | purify$ -- 80 45 | quote$ -- 2 46 | skip$ -- 861 47 | stack$ -- 0 48 | substring$ -- 358 49 | swap$ -- 607 50 | text.length$ -- 15 51 | text.prefix$ -- 0 52 | top$ -- 6 53 | type$ -- 152 54 | warning$ -- 0 55 | while$ -- 47 56 | width$ -- 16 57 | write$ -- 176 58 | -------------------------------------------------------------------------------- /GAJaloyan/sample_report/rapport.out: -------------------------------------------------------------------------------- 1 | \BOOKMARK [1][-]{section*.1}{Introduction}{}% 1 2 | \BOOKMARK [1][-]{section.1}{Preliminaries}{}% 2 3 | \BOOKMARK [2][-]{subsection.1.1}{Copilot\040language}{section.1}% 3 4 | \BOOKMARK [3][-]{subsubsection.1.1.1}{Syntax}{subsection.1.1}% 4 5 | \BOOKMARK [3][-]{subsubsection.1.1.2}{Interaction}{subsection.1.1}% 5 6 | \BOOKMARK [2][-]{subsection.1.2}{Introduction\040to\040ACSL\040and\040frama-c}{section.1}% 6 7 | \BOOKMARK [2][-]{subsection.1.3}{Copilot\040toolchain}{section.1}% 7 8 | \BOOKMARK [2][-]{subsection.1.4}{Main\040objective\040and\040first\040modifications}{section.1}% 8 9 | \BOOKMARK [1][-]{section.2}{First\040attempt}{}% 9 10 | \BOOKMARK [2][-]{subsection.2.1}{Hand-written\040ACSL}{section.2}% 10 11 | \BOOKMARK [2][-]{subsection.2.2}{Automatic\040generation\040of\040contracts\040by\040induction\040on\040the\040syntax}{section.2}% 11 12 | \BOOKMARK [2][-]{subsection.2.3}{Values\040Analysis\040vs\040Weakest\040Liberal\040Precondition.}{section.2}% 12 13 | \BOOKMARK [2][-]{subsection.2.4}{CompCert}{section.2}% 13 14 | \BOOKMARK [2][-]{subsection.2.5}{Bug\040finding}{section.2}% 14 15 | \BOOKMARK [2][-]{subsection.2.6}{Ensuring\040traceability}{section.2}% 15 16 | \BOOKMARK [1][-]{section.3}{Practical\040steps}{}% 16 17 | \BOOKMARK [2][-]{subsection.3.1}{First\040application\040:\040Self-separation\040criteria}{section.3}% 17 18 | \BOOKMARK [2][-]{subsection.3.2}{Second\040application\040:\040TCAS\040II}{section.3}% 18 19 | \BOOKMARK [2][-]{subsection.3.3}{Third\040application\040:\040Well-clear\040criterion}{section.3}% 19 20 | \BOOKMARK [1][-]{section*.3}{Conclusion}{}% 20 21 | \BOOKMARK [1][-]{section*.4}{Références}{}% 21 22 | -------------------------------------------------------------------------------- /GAJaloyan/sample_report/rapport.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/rapport.pdf -------------------------------------------------------------------------------- /GAJaloyan/sample_report/rapport.synctex.gz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/rapport.synctex.gz -------------------------------------------------------------------------------- /GAJaloyan/sample_report/rapport.toc: -------------------------------------------------------------------------------- 1 | \select@language {english} 2 | \contentsline {section}{Introduction}{1}{section*.1} 3 | \contentsline {section}{\numberline {1}Preliminaries}{2}{section.1} 4 | \contentsline {subsection}{\numberline {1.1}Copilot language}{2}{subsection.1.1} 5 | \contentsline {subsubsection}{\numberline {1.1.1}Syntax}{2}{subsubsection.1.1.1} 6 | \contentsline {subsubsection}{\numberline {1.1.2}Interaction}{2}{subsubsection.1.1.2} 7 | \contentsline {subsection}{\numberline {1.2}Introduction to ACSL and frama-c}{3}{subsection.1.2} 8 | \contentsline {subsection}{\numberline {1.3}Copilot toolchain}{4}{subsection.1.3} 9 | \contentsline {subsection}{\numberline {1.4}Main objective and first modifications}{4}{subsection.1.4} 10 | \contentsline {section}{\numberline {2}First attempt}{4}{section.2} 11 | \contentsline {subsection}{\numberline {2.1}Hand-written ACSL}{4}{subsection.2.1} 12 | \contentsline {subsection}{\numberline {2.2}Automatic generation of contracts by induction on the syntax}{6}{subsection.2.2} 13 | \contentsline {subsection}{\numberline {2.3}Values Analysis vs Weakest Liberal Precondition.}{6}{subsection.2.3} 14 | \contentsline {subsection}{\numberline {2.4}CompCert}{7}{subsection.2.4} 15 | \contentsline {subsection}{\numberline {2.5}Bug finding}{7}{subsection.2.5} 16 | \contentsline {subsection}{\numberline {2.6}Ensuring traceability}{8}{subsection.2.6} 17 | \contentsline {section}{\numberline {3}Practical steps}{10}{section.3} 18 | \contentsline {subsection}{\numberline {3.1}First application : Self-separation criteria}{10}{subsection.3.1} 19 | \contentsline {subsection}{\numberline {3.2}Second application : TCAS II}{11}{subsection.3.2} 20 | \contentsline {subsection}{\numberline {3.3}Third application : Well-clear criterion}{12}{subsection.3.3} 21 | \contentsline {section}{Conclusion}{13}{section*.3} 22 | \contentsline {section}{Références}{14}{section*.4} 23 | -------------------------------------------------------------------------------- /GAJaloyan/sample_report/ref.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/GAJaloyan/sample_report/ref.log -------------------------------------------------------------------------------- /ICFP2012/.gitignore: -------------------------------------------------------------------------------- 1 | pdflatex 2 | -------------------------------------------------------------------------------- /ICFP2012/Makefile: -------------------------------------------------------------------------------- 1 | DIR=pdflatex 2 | DOC=paper 3 | BIB=$(DOC).bib 4 | LATEX=pdflatex 5 | 6 | FIGS=./Figs 7 | 8 | all: $(DIR) $(DOC).tex $(BIB) 9 | $(LATEX) -output-directory $(DIR) $(DOC) 10 | bibtex $(DIR)/$(DOC).aux 11 | $(LATEX) -output-directory $(DIR) $(DOC) 12 | $(LATEX) -output-directory $(DIR) $(DOC) 13 | cp $(DIR)/$(DOC).pdf . 14 | 15 | # twopi -Tps $(FIGS)/architecture_sensors.dot > $(FIGS)/architecture_sensors.ps 16 | # ps2epsi $(FIGS)/architecture_sensors.ps $(FIGS)/architecture_sensors.epsi 17 | # epstopdf $(FIGS)/architecture_sensors.epsi 18 | 19 | $(DIR): 20 | mkdir -p $(DIR) 21 | 22 | .PHONY: clean 23 | clean: 24 | rm -rf $(DIR) 25 | -------------------------------------------------------------------------------- /ICFP2012/talk/pike-copilot.odp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ICFP2012/talk/pike-copilot.odp -------------------------------------------------------------------------------- /ICFP2012/talk/pike-copilot.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ICFP2012/talk/pike-copilot.pdf -------------------------------------------------------------------------------- /ISSE12/Figs/OOPlane-stack.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/OOPlane-stack.pdf -------------------------------------------------------------------------------- /ISSE12/Figs/Stack-Schema.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/Stack-Schema.jpg -------------------------------------------------------------------------------- /ISSE12/Figs/Stack-Schema.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/Stack-Schema.pdf -------------------------------------------------------------------------------- /ISSE12/Figs/Tubes_rs.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/Tubes_rs.jpg -------------------------------------------------------------------------------- /ISSE12/Figs/architecture.fig: -------------------------------------------------------------------------------- 1 | #FIG 3.2 2 | Landscape 3 | Center 4 | Metric 5 | A4 6 | 100.00 7 | Single 8 | -2 9 | 1200 2 10 | 6 7470 1125 8415 1800 11 | 2 4 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5 12 | 8415 1800 8415 1125 7470 1125 7470 1800 8415 1800 13 | 4 0 0 50 -1 0 12 0.0000 4 135 555 7650 1395 STM32\001 14 | 4 0 0 50 -1 0 12 0.0000 4 135 540 7650 1620 Node 1\001 15 | -6 16 | 6 7470 2205 8415 2880 17 | 2 4 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5 18 | 8415 2880 8415 2205 7470 2205 7470 2880 8415 2880 19 | 4 0 0 50 -1 0 12 0.0000 4 135 555 7650 2475 STM32\001 20 | 4 0 0 50 -1 0 12 0.0000 4 135 540 7650 2700 Node 2\001 21 | -6 22 | 6 7470 3285 8415 3960 23 | 2 4 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5 24 | 8415 3960 8415 3285 7470 3285 7470 3960 8415 3960 25 | 4 0 0 50 -1 0 12 0.0000 4 135 555 7650 3555 STM32\001 26 | 4 0 0 50 -1 0 12 0.0000 4 135 540 7650 3780 Node 3\001 27 | -6 28 | 6 7695 315 8235 810 29 | 2 4 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5 30 | 8235 810 8235 315 7695 315 7695 810 8235 810 31 | 4 0 0 50 -1 0 12 0.0000 4 135 240 7830 540 SD\001 32 | 4 0 0 50 -1 0 12 0.0000 4 135 360 7785 720 Card\001 33 | -6 34 | 6 7470 4365 8415 5040 35 | 2 4 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5 36 | 8415 5040 8415 4365 7470 4365 7470 5040 8415 5040 37 | 4 0 0 50 -1 0 12 0.0000 4 135 555 7650 4635 STM32\001 38 | 4 0 0 50 -1 0 12 0.0000 4 135 540 7650 4860 Node 4\001 39 | -6 40 | 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 1 4 41 | 1 1 1.00 60.00 120.00 42 | 1 1 1.00 60.00 120.00 43 | 8415 2520 8730 2520 8730 4680 8415 4680 44 | 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 1 4 45 | 1 1 1.00 60.00 120.00 46 | 1 1 1.00 60.00 120.00 47 | 8415 1350 8820 1350 8820 4815 8415 4815 48 | 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 1 4 49 | 1 1 1.00 60.00 120.00 50 | 1 1 1.00 60.00 120.00 51 | 8415 1485 8640 1485 8640 3645 8370 3645 52 | 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2 53 | 1 1 1.00 60.00 120.00 54 | 6975 2520 7470 2520 55 | 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 3 56 | 1 1 1.00 60.00 120.00 57 | 7155 2520 7155 1485 7470 1485 58 | 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 3 59 | 1 1 1.00 60.00 120.00 60 | 7155 2520 7155 3645 7470 3645 61 | 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 3 62 | 1 1 1.00 60.00 120.00 63 | 7155 3645 7155 4680 7470 4680 64 | 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 1 2 65 | 1 1 1.00 60.00 120.00 66 | 1 1 1.00 60.00 120.00 67 | 7965 810 7965 1125 68 | 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 1 2 69 | 1 1 1.00 60.00 120.00 70 | 1 1 1.00 60.00 120.00 71 | 7965 1800 7965 2205 72 | 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 1 2 73 | 1 1 1.00 60.00 120.00 74 | 1 1 1.00 60.00 120.00 75 | 7965 2880 7965 3285 76 | 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 1 2 77 | 1 1 1.00 60.00 120.00 78 | 1 1 1.00 60.00 120.00 79 | 7965 3960 7965 4365 80 | 2 4 0 1 0 7 50 -1 -1 0.000 0 0 7 0 0 5 81 | 6975 3105 6975 2205 5310 2205 5310 3105 6975 3105 82 | 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2 83 | 1 1 1.00 60.00 120.00 84 | 4860 2835 5310 2835 85 | 2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2 86 | 1 1 1.00 60.00 120.00 87 | 4860 2475 5310 2475 88 | 4 0 0 50 -1 0 12 0.0000 4 165 525 5445 2475 Power,\001 89 | 4 0 0 50 -1 0 12 0.0000 4 135 1335 5445 2700 Pressure Sensors\001 90 | 4 0 0 50 -1 0 12 0.0000 4 180 1425 5445 2925 Signal conditioning\001 91 | 4 0 0 50 -1 0 12 0.0000 4 135 945 4320 2385 max. 500mA\001 92 | 4 0 0 50 -1 0 12 0.0000 4 135 750 4410 2205 16.8 VDC\001 93 | 4 0 0 50 -1 0 12 1.5708 4 180 3585 9000 4815 Nodes communicate through serial connections\001 94 | 4 0 0 50 -1 0 12 0.0000 4 180 1440 3870 2790 Static and dynamic\001 95 | 4 0 0 50 -1 0 12 0.0000 4 180 1290 3960 2970 air pressure from\001 96 | 4 0 0 50 -1 0 12 0.0000 4 180 945 4140 3150 5 pitot tubes\001 97 | -------------------------------------------------------------------------------- /ISSE12/Figs/architecture.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/architecture.pdf -------------------------------------------------------------------------------- /ISSE12/Figs/architecture_sensors.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/architecture_sensors.pdf -------------------------------------------------------------------------------- /ISSE12/Figs/experiment.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/experiment.png -------------------------------------------------------------------------------- /ISSE12/Figs/flight1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/flight1.png -------------------------------------------------------------------------------- /ISSE12/Figs/flight1_7_22_2011.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/flight1_7_22_2011.pdf -------------------------------------------------------------------------------- /ISSE12/Figs/flight1_7_22_2011.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/flight1_7_22_2011.png -------------------------------------------------------------------------------- /ISSE12/Figs/flight1_8_5_2011.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/flight1_8_5_2011.pdf -------------------------------------------------------------------------------- /ISSE12/Figs/flight1_8_5_2011.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/flight1_8_5_2011.png -------------------------------------------------------------------------------- /ISSE12/Figs/flight2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/flight2.pdf -------------------------------------------------------------------------------- /ISSE12/Figs/flight2_7_22_2011.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/flight2_7_22_2011.pdf -------------------------------------------------------------------------------- /ISSE12/Figs/flight2_7_22_2011.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/flight2_7_22_2011.png -------------------------------------------------------------------------------- /ISSE12/Figs/flight2_8_5_2011.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/flight2_8_5_2011.pdf -------------------------------------------------------------------------------- /ISSE12/Figs/flight2_8_5_2011.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/flight2_8_5_2011.png -------------------------------------------------------------------------------- /ISSE12/Figs/flight3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/flight3.png -------------------------------------------------------------------------------- /ISSE12/Figs/flight3_8_5_2011.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/flight3_8_5_2011.pdf -------------------------------------------------------------------------------- /ISSE12/Figs/flight3_8_5_2011.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/flight3_8_5_2011.png -------------------------------------------------------------------------------- /ISSE12/Figs/inside_R3.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/Figs/inside_R3.jpg -------------------------------------------------------------------------------- /ISSE12/Letter/letter.tex: -------------------------------------------------------------------------------- 1 | \documentclass{letter} \signature{Lee Pike} \address{Lee Pike \\ 421 SW 6th Ave, 2 | Suite 300 \\ Portland OR. 97204} 3 | \begin{document} 4 | \begin{letter}{Editors \\ Innovations in Systems and Software Engineering} 5 | \opening{Dear Sirs:} 6 | 7 | We would like to thank the reviewers for their comments and the opportunity 8 | to improve both the presentation and content of our paper. In response, we 9 | have made a number of revisions. Our response to each of the reviewers 10 | comment are given below. 11 | 12 | 13 | {\bf Responses to Requested Revisions} 14 | \begin{description} 15 | \item[Requested Revision] Discuss the notation for external variables in more 16 | detail. 17 | \item[Response] Several sentences were added providing more detail. 18 | \item[Requested Revision] Provide more detail on variable sharing. 19 | \item[Response] Done. 20 | \item[Requested Revision] Include further discussion on eDSL efficiency. 21 | \item[Response] Discussion expanded. 22 | \item[Requested Revision] Give explanation of Haskell syntax. 23 | \item[Response] Text has been added throughout to explain Haskell syntax that 24 | may be unfamiliar to some programmers, but there is a general assumption that 25 | the reader understands the style of programming in modern typed functional 26 | programming languages such as ML, OCAML, Haskell, Clean, etc. as some exposure 27 | to this style of programming is now included in most graduate CS programs. 28 | \item[Requested Revision] For the definition of observer, why single quotes on 29 | one example and double quoted on another. 30 | \item[Response] Corrected to be double quoted on both examples. 31 | \item[Requested Revision] Add comments to code in the section on examples. 32 | \item[Response] Revised section. 33 | \item[Requested Revision] Correct misspellings on pages 13 and 18 and 34 | capitalized Boyer-More for reference 15. 35 | \item[Response] Done. 36 | \item[Requested Revision] Add figure to the paper to show the flow of the 37 | toolchain and better illustrate structure of the paper. 38 | \item[Response] A new introduction to the toolchain section has been added 39 | including a figure. We believe this makes the section easier to read. 40 | \item[Requested Revision] Assume/Guarantees of the methods should be 41 | highlighted. What can claimed about the generated code? 42 | \item[Response] Text was added briefly discussing this, but this is the main 43 | topic of a recent ICFP paper and we included a reference. 44 | \item[Requested Revision] Discuss scheduling solutions more thoroughly. 45 | \item[Response] A paragraph added to the future work section includes a 46 | discussion of future work planed in scheduling aimed at the 47 | \item[Requested Revision] Add more related work on eDSL and compare our work to 48 | their approach. 49 | \item[Response] Added related work section. 50 | \item[Requested Revision] Discuss the assurance on the generated monitors. 51 | \item[Response] Added a paragraph to future work section that discusses the 52 | issues related to 178 as well as other approaches to assurance as suggested by 53 | Reviewer 3. 54 | \item[Requested Revision] 3.2 Time-Triggered should become Time Triggered 55 | \item[Response] We disagree with the reviewer here. 56 | \item[Requested Revision] Engine is not shut off --> engine is shut off 57 | \item[Response] We disagree with the reviewer (changed wording to make intent 58 | more clear). 59 | \item[Requested Revision] WCET is more complicated than just nominal execution 60 | time. 61 | \item[Response] Revised claim. 62 | \item[Requested Revision] Add performance and timing comparisons for the case 63 | studies. 64 | \item[Response] We don't think there's remaining room in the paper for these (irrelevant to the point at hand, I think) details. 65 | \item[Requested Revision] Fix captions on plots. 66 | \item[Response] Done. 67 | \item[Requested Revision] Discuss the system integration issues relating to 68 | "bolting on" fault tolerance using the monitors. 69 | \item[Response] Added text. 70 | \item[Requested Revision] LeTex hbox overflows and generally overflowing column 71 | limits. 72 | \item[Response] egregious overflows fixed. 73 | 74 | \end{description} 75 | \vspace{1in} Sincerely, 76 | 77 | \vspace{.3in} Lee Pike 78 | \end{letter} 79 | \end{document} 80 | 81 | -------------------------------------------------------------------------------- /ISSE12/Makefile: -------------------------------------------------------------------------------- 1 | DIR=pdflatex 2 | DOC=main 3 | BIB=mybib.bib biblio.bib 4 | 5 | FIGS=./Figs 6 | 7 | all: $(DIR) $(DOC).tex $(BIB) 8 | pdflatex -output-directory $(DIR) $(DOC) 9 | bibtex $(DIR)/$(DOC).aux 10 | pdflatex -output-directory $(DIR) $(DOC) 11 | pdflatex -output-directory $(DIR) $(DOC) 12 | cp $(DIR)/$(DOC).pdf . 13 | 14 | # twopi -Tps $(FIGS)/architecture_sensors.dot > $(FIGS)/architecture_sensors.ps 15 | # ps2epsi $(FIGS)/architecture_sensors.ps $(FIGS)/architecture_sensors.epsi 16 | # epstopdf $(FIGS)/architecture_sensors.epsi 17 | 18 | $(DIR): 19 | mkdir -p $(DIR) 20 | 21 | .PHONY: clean 22 | clean: 23 | rm -rf $(DIR) 24 | -------------------------------------------------------------------------------- /ISSE12/report-templates/history.txt: -------------------------------------------------------------------------------- 1 | Version history for the SVJour3 LaTeX2e package 2 | 3 | date filename version action/reason/acknowledgements 4 | ----------------------------------------------------------------- 5 | 1.03.06 svjour3.cls 3.0 first official release, version number 3.0 6 | 7 | 15.03.06 svjour3.cls 3.1 introducing 3rd journal format "smallextended" 8 | 9 | 08.05.07 svjour3.cls 3.2 alias for option "onecolumn": "smallcondensed" 10 | 11 | 18.12.09 svglov3.clo 3.2 allowed half-integral font sizes, made option 12 | "runningheads" default, fixes Underfull \hbox-es 13 | bug reported by Tobias Bruell (TU Berlin) 14 | 15 | 18.12.09 template.tex - added \usepackage{fix-cm} to cure Font Warning 16 | 17 | 02.06.10 template.tex - added two more exemplary \documentclass lines, 18 | variants of options 19 | 20 | 16.09.10 template.tex - added one more \documentclass offering to suit 21 | the instructions 22 | -------------------------------------------------------------------------------- /ISSE12/report-templates/readme.txt: -------------------------------------------------------------------------------- 1 | % readme.txt 2 | % LaTeX class SVJour3 for Springer journals - 3 | % version 3.1 as of 2006/03/15 4 | % 5 | % read-me file 6 | % (c) Springer 7 | %----------------------------------------------------------------------- 8 | % 9 | 10 | This package contains the LaTeX2e support for Springer journals 11 | Base-URL for updates: ftp://ftp.springer.de/pub/tex/latex/svjour3/ 12 | 13 | The following files are part of the macro package 14 | 15 | readme.txt This file 16 | history.txt The version history of the package 17 | svjour3.cls The document class file for Springer journals 18 | usrguid3.* Main User's Guide (dvi, pdf) 19 | svglov3.clo The global class option file 20 | template.tex A fill-in form for a standard article with usage comments 21 | 22 | In due course: 23 | example.* Example of an article (tex, dvi) 24 | example.pdf The file example.pdf contains a ready to print version 25 | that can be produced at the publisher only, when page 26 | numbers are fixed 27 | 28 | 29 | Bibliographic references in author-year form can be made using the 30 | "natbib" package of Patrick W. Daly. You can find it on CTAN, e.g. at 31 | ftp://ftp.dante.de/tex-archive/macros/latex/contrib/natbib/ 32 | or look for a mirror next to you at 33 | http://www.ctan.org/getmirror/?action=/search/ 34 | 35 | 36 | INSTALLATION 37 | 38 | Copy svjour3.cls and svglov3.clo to a place where LaTeX can find them. 39 | 40 | 41 | GETTING STARTED 42 | 43 | You should first read the "Main User's Guide" to get an overview. 44 | Alternatively to reading the entire documentation, it is 45 | also possible to proceed by merely filling out the template and then 46 | looking up additional commands as needed. 47 | 48 | -------------------------------------------------------------------------------- /ISSE12/report-templates/svglov3.clo: -------------------------------------------------------------------------------- 1 | % SVJour3 DOCUMENT CLASS OPTION SVGLOV3 -- for standardised journals 2 | % 3 | % This is an enhancement for the LaTeX 4 | % SVJour3 document class for Springer journals 5 | % 6 | %% 7 | %% 8 | %% \CharacterTable 9 | %% {Upper-case \A\B\C\D\E\F\G\H\I\J\K\L\M\N\O\P\Q\R\S\T\U\V\W\X\Y\Z 10 | %% Lower-case \a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\u\v\w\x\y\z 11 | %% Digits \0\1\2\3\4\5\6\7\8\9 12 | %% Exclamation \! Double quote \" Hash (number) \# 13 | %% Dollar \$ Percent \% Ampersand \& 14 | %% Acute accent \' Left paren \( Right paren \) 15 | %% Asterisk \* Plus \+ Comma \, 16 | %% Minus \- Point \. Solidus \/ 17 | %% Colon \: Semicolon \; Less than \< 18 | %% Equals \= Greater than \> Question mark \? 19 | %% Commercial at \@ Left bracket \[ Backslash \\ 20 | %% Right bracket \] Circumflex \^ Underscore \_ 21 | %% Grave accent \` Left brace \{ Vertical bar \| 22 | %% Right brace \} Tilde \~} 23 | \ProvidesFile{svglov3.clo} 24 | [2009/12/18 v3.2 25 | style option for standardised journals] 26 | \typeout{SVJour Class option: svglov3.clo for standardised journals} 27 | \def\validfor{svjour3} 28 | \global\let\if@runhead\iftrue 29 | \ExecuteOptions{final,10pt} 30 | % No size changing allowed, hence a "copy" of size10.clo is included 31 | \DeclareFontShape{OT1}{cmr}{m}{n}{ 32 | <-6> cmr5 33 | <6-7> cmr6 34 | <7-8> cmr7 35 | <8-9> cmr8 36 | <9-10> cmr9 37 | <10-12> cmr10 38 | <12-17> cmr12 39 | <17-> cmr17 40 | }{} 41 | % 42 | \renewcommand\normalsize{% 43 | \if@twocolumn 44 | \@setfontsize\normalsize\@xpt{12.5pt}% 45 | \else 46 | \if@smallext 47 | \@setfontsize\normalsize\@xpt\@xiipt 48 | \else 49 | \@setfontsize\normalsize{9.5pt}{11.5pt}% 50 | \fi 51 | \fi 52 | \abovedisplayskip=3 mm plus6pt minus 4pt 53 | \belowdisplayskip=3 mm plus6pt minus 4pt 54 | \abovedisplayshortskip=0.0 mm plus6pt 55 | \belowdisplayshortskip=2 mm plus4pt minus 4pt 56 | \let\@listi\@listI} 57 | \normalsize 58 | \newcommand\small{% 59 | \if@twocolumn 60 | \@setfontsize\small{8.5pt}\@xpt 61 | \else 62 | \if@smallext 63 | \@setfontsize\small\@viiipt{9.5pt}% 64 | \else 65 | \@setfontsize\small\@viiipt{9.25pt}% 66 | \fi 67 | \fi 68 | \abovedisplayskip 8.5\p@ \@plus3\p@ \@minus4\p@ 69 | \abovedisplayshortskip \z@ \@plus2\p@ 70 | \belowdisplayshortskip 4\p@ \@plus2\p@ \@minus2\p@ 71 | \def\@listi{\leftmargin\leftmargini 72 | \parsep 0\p@ \@plus1\p@ \@minus\p@ 73 | \topsep 4\p@ \@plus2\p@ \@minus4\p@ 74 | \itemsep0\p@}% 75 | \belowdisplayskip \abovedisplayskip 76 | } 77 | \let\footnotesize\small 78 | \newcommand\scriptsize{\@setfontsize\scriptsize\@viipt\@viiipt} 79 | \newcommand\tiny{\@setfontsize\tiny\@vpt\@vipt} 80 | \if@twocolumn 81 | \newcommand\large{\@setfontsize\large\@xiipt\@xivpt} 82 | \newcommand\LARGE{\@setfontsize\LARGE{16pt}{18pt}} 83 | \else 84 | \newcommand\large{\@setfontsize\large\@xipt\@xiipt} 85 | \newcommand\LARGE{\@setfontsize\LARGE{13pt}{15pt}} 86 | \fi 87 | \newcommand\Large{\@setfontsize\Large\@xivpt{16dd}} 88 | \newcommand\huge{\@setfontsize\huge\@xxpt{25}} 89 | \newcommand\Huge{\@setfontsize\Huge\@xxvpt{30}} 90 | % 91 | \def\runheadhook{\rlap{\smash{\lower6.5pt\hbox to\textwidth{\hrulefill}}}} 92 | \if@twocolumn 93 | \setlength{\textwidth}{17.4cm} 94 | \setlength{\textheight}{234mm} 95 | \AtEndOfClass{\setlength\columnsep{6mm}} 96 | \else 97 | \if@smallext 98 | \setlength{\textwidth}{11.9cm} 99 | \setlength{\textheight}{19.4cm} 100 | \else 101 | \setlength{\textwidth}{12.2cm} 102 | \setlength{\textheight}{19.8cm} 103 | \fi 104 | \fi 105 | % 106 | \AtBeginDocument{% 107 | \@ifundefined{@journalname} 108 | {\typeout{Unknown journal: specify \string\journalname\string{% 109 | \string} in preambel^^J}}{}} 110 | % 111 | \endinput 112 | %% 113 | %% End of file `svglov3.clo'. 114 | -------------------------------------------------------------------------------- /ISSE12/report-templates/usrguid3.dvi: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/report-templates/usrguid3.dvi -------------------------------------------------------------------------------- /ISSE12/report-templates/usrguid3.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/ISSE12/report-templates/usrguid3.pdf -------------------------------------------------------------------------------- /ISSE12/sampling.tex: -------------------------------------------------------------------------------- 1 | \subsection{Timed-Triggered Monitoring} \label{sec:sampling} 2 | 3 | Monitoring based on sampling state-variables has historically been disregarded 4 | as a runtime monitoring approach, for good reason: without the assumption of 5 | synchrony between the monitor and observed software, monitoring via sampling may 6 | lead to false positives and false negatives~\cite{DwyerDE08}. For example, 7 | consider the property $(0;1;1)^*$, written as a regular expression, denoting the 8 | sequence of values a monitored variable may take. If the monitor samples the 9 | variable at the inappropriate time, then both false negatives (the monitor 10 | erroneously rejects the sequence of values) and false positives (the monitor 11 | erroneously accepts the sequence) are possible. For example, if the actual 12 | sequence of values is $0,1,1,0,1,1$, then an observation of $0,1,1,1,1$ is a 13 | false negative by skipping a value, and if the actual sequence is $0,1,0,1,1$, 14 | then an observation of $0,1,1,0,1,1$ is a false positive by sampling a value 15 | twice. 16 | 17 | 18 | %Suppose the values $0$ and $1$ are the values a monitored variable $v$ may 19 | %take. values or by sampling the same value twice. For example, if $v$ 20 | %contains the sequence of values $0,1,1,0,1,1$, then skipping the second `$0$' 21 | %yields the observation $0,1,1,1,1$, a false negative. If $v$ contains 22 | %$0,1,1,1,0,1,1$, then skipping the third `$1$' yields the observation 23 | %$0,1,1,0,1,1$, a false positive. 24 | 25 | However, in a hard real-time context, sampling is a suitable strategy. Often, 26 | the purpose of real-time programs is to deliver output signals at a predicable 27 | rate and properties of interest are generally data-flow oriented. In this 28 | context, and under the assumption that the monitor and the observed program 29 | share a global clock and a static periodic schedule, while false positives are 30 | possible, false negatives are not. A false positive is possible, for example, 31 | if the program does not execute according to its schedule but just happens to 32 | have the expected values when sampled. If a monitor samples an unacceptable 33 | sequence of values, then either the program is in error, the monitor is in 34 | error, or they are not synchronized, all of which are faults to be reported. 35 | 36 | Most of the popular runtime monitoring frameworks inline monitors in 37 | the observed program to avoid the aforementioned problems with 38 | sampling. However, inlining monitors changes the real-time behavior 39 | of the observed program, perhaps in unpredicable ways. Recalling our 40 | four criteria from Section~\ref{sec:constraints}, monitors that 41 | introduce such unpredictability are not a viable solution for 42 | ultra-critical hard real-time systems. In a sampling-based approach, 43 | the monitor can be integrated as a separate scheduled process during 44 | available time slices (this is made possible by generating efficient 45 | constant-time monitors). Indeed, sampling-based monitors may even be 46 | scheduled on a separate processor (albeit doing so requires additional 47 | synchronization mechanisms), ensuring time and space partitioning from 48 | the observed programs. Such an architecture may even be necessary if 49 | the monitored program is physically distributed. 50 | 51 | Recent work in RV investigates the use of time-triggered sampling for arbitrary 52 | programs and control-flow oriented 53 | properties~\cite{sampling,borzoo,rv11stoller}, which is a harder problem than in 54 | our hard real-time context. 55 | 56 | % Another shortcoming of inlining monitors is that certified code (e.g., DO-178B 57 | %for avionics~\cite{DO178B}) is common in this domain. Inlining monitors could 58 | %necessitate re-certifying the observed program. We cannot claim our approach 59 | %would obviate the need for re-certification, but it is a more modular approach 60 | %than one based on instrumenting the source code of the observed program, which 61 | %may result in a less onerous re-certification process. 62 | -------------------------------------------------------------------------------- /ISSE12/svglov3.clo: -------------------------------------------------------------------------------- 1 | % SVJour3 DOCUMENT CLASS OPTION SVGLOV3 -- for standardised journals 2 | % 3 | % This is an enhancement for the LaTeX 4 | % SVJour3 document class for Springer journals 5 | % 6 | %% 7 | %% 8 | %% \CharacterTable 9 | %% {Upper-case \A\B\C\D\E\F\G\H\I\J\K\L\M\N\O\P\Q\R\S\T\U\V\W\X\Y\Z 10 | %% Lower-case \a\b\c\d\e\f\g\h\i\j\k\l\m\n\o\p\q\r\s\t\u\v\w\x\y\z 11 | %% Digits \0\1\2\3\4\5\6\7\8\9 12 | %% Exclamation \! Double quote \" Hash (number) \# 13 | %% Dollar \$ Percent \% Ampersand \& 14 | %% Acute accent \' Left paren \( Right paren \) 15 | %% Asterisk \* Plus \+ Comma \, 16 | %% Minus \- Point \. Solidus \/ 17 | %% Colon \: Semicolon \; Less than \< 18 | %% Equals \= Greater than \> Question mark \? 19 | %% Commercial at \@ Left bracket \[ Backslash \\ 20 | %% Right bracket \] Circumflex \^ Underscore \_ 21 | %% Grave accent \` Left brace \{ Vertical bar \| 22 | %% Right brace \} Tilde \~} 23 | \ProvidesFile{svglov3.clo} 24 | [2009/12/18 v3.2 25 | style option for standardised journals] 26 | \typeout{SVJour Class option: svglov3.clo for standardised journals} 27 | \def\validfor{svjour3} 28 | \global\let\if@runhead\iftrue 29 | \ExecuteOptions{final,10pt} 30 | % No size changing allowed, hence a "copy" of size10.clo is included 31 | \DeclareFontShape{OT1}{cmr}{m}{n}{ 32 | <-6> cmr5 33 | <6-7> cmr6 34 | <7-8> cmr7 35 | <8-9> cmr8 36 | <9-10> cmr9 37 | <10-12> cmr10 38 | <12-17> cmr12 39 | <17-> cmr17 40 | }{} 41 | % 42 | \renewcommand\normalsize{% 43 | \if@twocolumn 44 | \@setfontsize\normalsize\@xpt{12.5pt}% 45 | \else 46 | \if@smallext 47 | \@setfontsize\normalsize\@xpt\@xiipt 48 | \else 49 | \@setfontsize\normalsize{9.5pt}{11.5pt}% 50 | \fi 51 | \fi 52 | \abovedisplayskip=3 mm plus6pt minus 4pt 53 | \belowdisplayskip=3 mm plus6pt minus 4pt 54 | \abovedisplayshortskip=0.0 mm plus6pt 55 | \belowdisplayshortskip=2 mm plus4pt minus 4pt 56 | \let\@listi\@listI} 57 | \normalsize 58 | \newcommand\small{% 59 | \if@twocolumn 60 | \@setfontsize\small{8.5pt}\@xpt 61 | \else 62 | \if@smallext 63 | \@setfontsize\small\@viiipt{9.5pt}% 64 | \else 65 | \@setfontsize\small\@viiipt{9.25pt}% 66 | \fi 67 | \fi 68 | \abovedisplayskip 8.5\p@ \@plus3\p@ \@minus4\p@ 69 | \abovedisplayshortskip \z@ \@plus2\p@ 70 | \belowdisplayshortskip 4\p@ \@plus2\p@ \@minus2\p@ 71 | \def\@listi{\leftmargin\leftmargini 72 | \parsep 0\p@ \@plus1\p@ \@minus\p@ 73 | \topsep 4\p@ \@plus2\p@ \@minus4\p@ 74 | \itemsep0\p@}% 75 | \belowdisplayskip \abovedisplayskip 76 | } 77 | \let\footnotesize\small 78 | \newcommand\scriptsize{\@setfontsize\scriptsize\@viipt\@viiipt} 79 | \newcommand\tiny{\@setfontsize\tiny\@vpt\@vipt} 80 | \if@twocolumn 81 | \newcommand\large{\@setfontsize\large\@xiipt\@xivpt} 82 | \newcommand\LARGE{\@setfontsize\LARGE{16pt}{18pt}} 83 | \else 84 | \newcommand\large{\@setfontsize\large\@xipt\@xiipt} 85 | \newcommand\LARGE{\@setfontsize\LARGE{13pt}{15pt}} 86 | \fi 87 | \newcommand\Large{\@setfontsize\Large\@xivpt{16dd}} 88 | \newcommand\huge{\@setfontsize\huge\@xxpt{25}} 89 | \newcommand\Huge{\@setfontsize\Huge\@xxvpt{30}} 90 | % 91 | \def\runheadhook{\rlap{\smash{\lower6.5pt\hbox to\textwidth{\hrulefill}}}} 92 | \if@twocolumn 93 | \setlength{\textwidth}{17.4cm} 94 | \setlength{\textheight}{234mm} 95 | \AtEndOfClass{\setlength\columnsep{6mm}} 96 | \else 97 | \if@smallext 98 | \setlength{\textwidth}{11.9cm} 99 | \setlength{\textheight}{19.4cm} 100 | \else 101 | \setlength{\textwidth}{12.2cm} 102 | \setlength{\textheight}{19.8cm} 103 | \fi 104 | \fi 105 | % 106 | \AtBeginDocument{% 107 | \@ifundefined{@journalname} 108 | {\typeout{Unknown journal: specify \string\journalname\string{% 109 | \string} in preambel^^J}}{}} 110 | % 111 | \endinput 112 | %% 113 | %% End of file `svglov3.clo'. 114 | -------------------------------------------------------------------------------- /ISSE12/watchmen.tex: -------------------------------------------------------------------------------- 1 | \subsection{Monitor Assurance}\label{sec:assurance} 2 | ``Who watches the watchmen?'' Nobody. For this reason, monitors in 3 | ultra-critical systems are the last line of defense and cannot fail. Here, we 4 | outline our approach to generate high-assurance monitors. First, as mentioned, 5 | the compiler is statically and strongly typed, and by implementing an eDSL, much 6 | of the infrastructure of a well-tested Haskell implementation is reused. 7 | Copilot contains a custom QuickCheck~\cite{qc}-like test harness that generates 8 | random Copilot programs and tests the interpreted output against the compiler to 9 | ensure correspondence between the two. We have tested millions of randomly-generated programs 10 | between the compiler and interpreter. 11 | 12 | We use the CBMC model checker~\cite{cbmc} to verify C code generated by Copilot 13 | specifications. CBMC provides an independent check on the compiler. CBMC can 14 | prove that the C code is memory-safe, including proving there are no arithmetic 15 | underflows or overflows, no division by zero, no not-a-number floating-point 16 | values, no null-pointer dereferences, and no uninitialized local variables. 17 | Some of these potential violations are impossible for the Copilot compiler to 18 | generate (e.g., null-pointer dereferences), provided it is bug-free. Sometimes 19 | CBMC cannot prove that a C program is memory-safe, since it requires the program 20 | to be loop-free. The C code generated by Copilot implements a state machine 21 | that generates the next values of the stream equations (see~\cite{copilot} for 22 | details). CBMC can symbolically unroll the state machine a small fixed number 23 | of steps. A separate (so far informal) proof must be given that the program has 24 | been unrolled sufficiently to prove memory-safety. %% Calls to CBMC are integrated 25 | -------------------------------------------------------------------------------- /ISoLA16/Related.tex: -------------------------------------------------------------------------------- 1 | \section{Related Works}~\label{sec:related} 2 | 3 | -------------------------------------------------------------------------------- /ISoLA16/conclusion.tex: -------------------------------------------------------------------------------- 1 | \section{Conclusion}~\label{sec:conclusion} High-assurance RV has 2 | the potential of becoming the avenue to assuring 3 | otherwise unassurable IA safety-critical systems. We have presented a 4 | number of challenges that we have identified as barriers to 5 | actualizing high-assurance RV and surveyed how we have addressed these 6 | challenges in the course of our research using the Copilot 7 | framework. We hope this list will be useful to RV researchers as they 8 | apply their own work to safety-critical systems. In addition, we 9 | believe we have demonstrated the efficacy of applying light-weight 10 | formal methods tools to address many of these challenges. Progress on 11 | these issues is likely to come faster if a multidisciplinary approach 12 | is taken with domain specialists, safety engineers and verification tool 13 | builders collaborating with RV researchers. Much work 14 | remains and the list of challenges is likely to grow even as researchers 15 | solve many of the issues raised. 16 | 17 | \paragraph{Acknowledgements:} The Copilot project has 18 | been conducted in collaboration with Dr. Lee Pike (Galois). Jonathan 19 | Laurent (ENS Paris) and Chris Hathhorn (University of Missouri) did 20 | most of the coding of the {\tt Copilot.Theorem}. Georges-Axel 21 | Jaloyan (ENS Paris) recently added the monitor verification capabilities. -------------------------------------------------------------------------------- /ISoLA16/intro.tex: -------------------------------------------------------------------------------- 1 | \section{Introduction}~\label{sec:intro} Safety-critical systems, such 2 | as aircraft, automobiles, and medical devices are those systems whose 3 | failure could result in loss of life, significant property damage, or 4 | damage to the environment~\cite{Knight2002}. The grave consequences 5 | of failure have compelled industry and regulatory authorities to adopt 6 | conservative design approaches and exhaustive verification and 7 | validation (V\&V) procedures to prevent mishaps. In addition, strict 8 | licensing requirements are often placed on human operators of many 9 | safety-critical systems. In practice, the verification and validation 10 | of avionics and other safety-critical software systems relies heavily 11 | on system predictability; and existing regulatory guidance, such as 12 | DO-178C~\cite{DO178B}, do not have provisions to assure 13 | safety-critical systems that do not exhibit predictable behavior at 14 | certification. Yet technological advances are enabling the 15 | development of increasingly autonomous (IA) cyber-physical systems (CPS) 16 | that modify their behavior in response to the external environment and 17 | learn from their experience. While unmanned aircraft systems (UAS) 18 | and self-driving cars have the potential of transforming society in 19 | many beneficial ways, they also pose new dangers to public safety. The 20 | algorithmic methods such as machine learning that enable autonomy lack 21 | the salient feature of predictability since the system's behavior 22 | depends on what it has learned. Consequently, the problem of assuring 23 | safety-critical IA CPS is both a barrier to industrial use and a 24 | significant research challenge~\cite{NRC14}. 25 | 26 | 27 | \emph{Runtime verification} (RV)~\cite{monitors}, where monitors 28 | detect and respond to property violations at runtime, has the 29 | potential to enable the safe operation of safety-critical systems that 30 | are too complex to formally verify or fully test. Technically 31 | speaking, a RV monitor takes a logical specification $\phi$ and 32 | execution trace $\tau$ of state information of the system under 33 | observation (SUO) and decides whether $\tau$ satisfies $\phi$. The 34 | \emph{Simplex Architecture}~\cite{simplex} provides a model 35 | architectural pattern for RV, where a monitor checks that the 36 | executing SUO satisfies a specification and, if the property is 37 | violated, the RV system will switch control to a more conservative 38 | component that can be assured using conventional means that 39 | \emph{steers} the system into a safe state. \emph{High-assurance} RV 40 | provides an assured level of safety even when the SUO itself cannot be 41 | verified by conventional means. 42 | 43 | \paragraph{Contributions:} During the course of our research we have 44 | been guided by the question ``what issues must be addressed in a 45 | convincing argument that high-assurance RV can safeguard a system that 46 | cannot be otherwise assured?'' In this paper, we chronicle a number 47 | of challenges we have identified that must be thoroughly addressed in 48 | order to actualize high-assurance RV. We hope that this helps inform 49 | other researchers that wish to apply RV to safety-critical 50 | systems. We 51 | examine how these issues have been addressed in our work on the 52 | Copilot RV framework~\cite{copilot, pike-isse-13}. A theme of our research has been the 53 | application of lightweight formal methods to achieve high-assurance 54 | and we identify opportunities for closer collaboration between the RV 55 | and tool communities. 56 | 57 | %\paragraph{Outline:} This paper proceeds as follows. Section\ref{sec:copilot} introduces the Copilot RV 58 | %framework targeted at safety-critical 59 | %systems. Sections~\ref{sec:req} and~\ref{sec:observ} focus 60 | %%on the problems of specifying 61 | %high-assurance monitors. Section~\ref{sec:trace} i 62 | -------------------------------------------------------------------------------- /ISoLA16/noninterference.tex: -------------------------------------------------------------------------------- 1 | \section{Do No Harm} \label{sec:noninter} The RV components must be 2 | composed with the SUO so that they are executing in parallel with the 3 | SUO. Care must be taken that the RV system itself does not compromise 4 | the correct functioning of the SUO. For instance executing monitors 5 | may impact timing and scheduling. Care must also be taken that any 6 | instrumentation of the SUO does not affect the functional 7 | correctness. In large systems, there are likely to be many monitors 8 | running; each monitor might trigger different steering procedures. A common 9 | pattern when things go wrong in complex safety-critical systems is 10 | that many alerts are sounded simultaneously often placing a burden on 11 | a human operator to sort things out. One can easily envision an 12 | analogous situation where several monitors detect violations, 13 | triggering their respective steering procedures. Hence it is necessary 14 | to verify that these different steering procedures do not interact with 15 | each other in ways that could compromise safety. In summary, 16 | high-assurance RV must uphold the Hippocratic oath ``to do no harm''. 17 | Ideally, we would formulate a noninterference theorem and the RV 18 | framework would produce a proof certificate that the composed system 19 | satisfies the property. 20 | 21 | 22 | \paragraph{Challenge:} \emph{Assured RV must safely compose with the 23 | SUO.} 24 | 25 | \paragraph{Copilot Approach:} 26 | The Copilot research group has yet to develop a general theory of RV 27 | noninterference, but we have made a number of design decisions with 28 | this in mind. For instance, the choice of monitoring system state 29 | through sampling was a deliberate attempt to minimize interference 30 | with the SUO. Running monitors in separate partitions on an ARINC 653 31 | compliant RTOS as discussed in Section~\ref{sec:ft} ensures that any fault 32 | in the RV will not negatively affect the executing SUO. The RTOS 33 | scheduler also provides guarantees that a missed deadline in the RV 34 | does not affect the SUO. 35 | 36 | 37 | 38 | %\begin{itemize} 39 | %\item Safety is known not to be compositional. 40 | %\item Keeping monitors independent help,but not a cure all. 41 | %\item Can the steering interact with the SUO to create problems. 42 | %\item Suppose I have a UAS with two monitors. One says if the vehicle violates a 43 | %geofence another says it's gone way off the reservation so fly into 44 | %%the ground. 45 | %\item Maybe another example? 46 | %\item Basically we have to make sure that the composition of SUO and 47 | %monitors+steering don't impact safety. 48 | %\end{itemize} -------------------------------------------------------------------------------- /ISoLA16/opportunities.tex: -------------------------------------------------------------------------------- 1 | \section{Better Together}\label{sec:oportunities} 2 | High-assurance RV will only become practical if there is accompanying 3 | integrated tool support for verification and validation. From the 4 | perspective of a researcher in high-assurance RV, engaging with the 5 | communities building static analysis tools and proof engines seems 6 | obvious, especially in light of the fact that regulatory bodies that 7 | govern many safety-critical systems are increasingly willing to accept 8 | the analysis produced from such tools as evidence that can be applied to 9 | certification ~\cite{DO333}. Similarly, there are many features of RV 10 | that make it a great target for the tool builder. For instance, there are formal 11 | specifications to work with and monitor code is generally small and 12 | conforms to coding practices that are friendly to static analysis. 13 | 14 | 15 | Several of the challenges we have raised for high-assurance RV are 16 | really at the system level. Tools that can assist domain experts in 17 | validating safety properties are sorely needed. As in our case study, 18 | the safety properties of cyber-physical systems involve continuous 19 | mathematics. While advances in \textsc{smt} solvers have been 20 | impressive, it is still necessary to often resort to using an interactive 21 | theorem prover. There are many opportunities to design 22 | domain specific decision procedures that would increase the utility of 23 | automated proof 24 | tools. 25 | 26 | The problem of RV observability provides a rich source of problems for tool builders. If the RV 27 | approach involves instrumenting code, then static analysis can both 28 | assist in the instrumentation and prove that the instrumentation did 29 | not affect the correctness of the code. If sampling, static analysis 30 | has the potential to inform when to sample. 31 | 32 | Floating point arithmetic is a source of problems that is readily 33 | amenable to static analysis and proof. In our work, we applied 34 | abstract interpretation to monitor source code, but analysis could be 35 | done at the specification level with proof obligations flowing down to 36 | the monitor code. 37 | 38 | Applying tools to verify monitor correctness makes so much sense that 39 | it should be de rigueur. In Copilot, we applied deductive 40 | verification to verify the correctness of the translation from 41 | specification to monitor code. Monitors have many characteristics 42 | that make automatic proofs tractable, but the monitor synthesis must 43 | generate code suitable for the tool being used. -------------------------------------------------------------------------------- /ISoLA16/predictive.tex: -------------------------------------------------------------------------------- 1 | \section{Predictive RV} \label{sec:predictive} 2 | 3 | \noindent\fbox{% 4 | \parbox{\textwidth}{ 5 | Question: Can the monitor detect a violation of the specification and invoke the safety controller in time to preserve safe operation. 6 | } 7 | } 8 | 9 | Complex real-time cyber-physical systems are a natural target for 10 | RV. Applying RV to functions such as an adaptive control system 11 | that have to act in strict time windows posses technical 12 | challenges. The monitor needs to detect that the adaptive 13 | controller is about to loose stability in time to switch to a safe 14 | controller. In the case of aircraft flight management, the RV system 15 | needs to detect that two airplanes are about to lose separation in 16 | time for the aircraft to take corrective action. Assured predictive 17 | monitors are needed, but much work remains to be done. A promising 18 | approach to monitoring controllers against a loss of stability is 19 | given in~\cite{}. Researchers using Copilot have shown how timing 20 | analysis and hard real-time scheduling of monitors can ensure that 21 | monitors are executed at a set time. Assured predictive monitoring 22 | remains a research challenge for the RV community. 23 | 24 | 25 | 26 | 27 | %\item In the case of control s/w, the RV must detect a possible 28 | %violation of stability in time to react. Mention Stan and Taylor's 29 | %work. 30 | %\item A flight management s/w it's hard to say. Need to take action if the 31 | %FMS goes off and doesn't generate plans in time - a real possibility 32 | %for genetic algorithms and what not. 33 | %\item Scheduling monitors in a RTOS so we know they at least execute 34 | %at a certain rate is how we have tried to address this with our 35 | %investigations of 653 RTOS. 36 | %\end{itemize} -------------------------------------------------------------------------------- /ISoLA16/security.tex: -------------------------------------------------------------------------------- 1 | \section{Secure Monitors} \label{sec:secure} 2 | 3 | \noindent\fbox{% 4 | \parbox{\textwidth}{% 5 | Question: Does the RV create introduce security vulnerabilities? 6 | }% 7 | } 8 | 9 | \begin{itemize} 10 | \item The RV system shouldn't introduce new security vulnerabilities. 11 | \item So analysis needs to be conducted. 12 | \item Replication and what not needed for FT may simply create more 13 | attack surfaces. 14 | \item Privacy may not or may not be an issue with this 15 | \item Does the monitor or steering communicate to outside parties? If 16 | so you may have security issues. 17 | \item If the RV has a single point of failure like dependence on GPS, 18 | it enables an obvious attack on the system. 19 | \item Consider a UAS where RV checks if a geofence has been violated 20 | and brings down the aircraft in a controlled fashion. Could spoofing 21 | GPS be turned into a denial of service attack or transform the vehicle 22 | into a weapon to hurt someone. 23 | \end{itemize} -------------------------------------------------------------------------------- /ISoLA16/steer.tex: -------------------------------------------------------------------------------- 1 | \section{Additional Challenges }\label{sec:future} 2 | The presentation so far has examined challenges in assured RV that 3 | have been addressed in our research. In this section, we will 4 | raise three of the key additional challenges that we have identified 5 | as critical to address in future work. 6 | 7 | \paragraph{Safe Steering:} The problem of what to do when a 8 | specification has been violated is one of the most thorny problems in 9 | high-assurance RV and almost completely application dependent. The 10 | simplest action is to log the violation for further analysis or raise 11 | an alarm for humans to intervene, but in many cases, the RV system must 12 | take proactive steps to preserve safety. For an autonomous robot, 13 | putting the system into a quiescent state may be a safe default 14 | operation depending on the operating environment. In the case of an 15 | adaptive control system, the RV framework may switch to a conventional 16 | controller, but whether this re-establishes safety depends on many 17 | factors. In many domains, the challenge in constructing an assured 18 | safe steering algorithm may be as difficult as constructing the 19 | adaptive autonomous algorithm itself. 20 | 21 | \paragraph{Challenge:} \emph{Verify the correctness and safety of the 22 | steering performed from any viable system state once a specification violation is detected.} 23 | 24 | 25 | \paragraph{Predictive Monitors:} Applying RV to application domains 26 | that have strict timing constraints, such as an adaptive control 27 | system, raises many technical challenges. It is imperative that the 28 | monitor detects that the adaptive controller is about to lose 29 | stability in time to switch to a safe controller. In the case of our 30 | running example, the RV system needs to detect that two aircraft are 31 | about to lose separation in time for them to take corrective action. 32 | Assured predictive monitors are needed, but much work remains to be 33 | done. Johnson et. al.~\cite{johnson2015tecs} is a promising approach 34 | to predictive monitoring for controllers, but the general problem is 35 | very domain specific. Assured predictive monitoring remains a research 36 | challenge for the RV community. 37 | 38 | \paragraph{Challenge:} \emph{The monitor should detect impending violations of 39 | the specification and invoke the safety controller in time to 40 | preserve safe operation.} 41 | 42 | 43 | \paragraph{Secured RV:} Adding more software or hardware to a system 44 | has the potential to introduce vulnerabilities that can be 45 | exploited by an attacker. Copilot and many other RV frameworks 46 | generate monitors that have constant time and constant space execution 47 | footprints and while this eliminates some common attacks, it does not 48 | provide general protection. Every sensor and unauthenticated message 49 | may contribute to the attack surface. If an attacker can trick the 50 | systems into a monitor specification violation, the triggered steering 51 | behavior may itself constitute a denial-of-service attack. Future 52 | research is needed in identifying attack surfaces and suitable 53 | techniques to thwart adversaries from turning the RV meant to protect 54 | a system into a liability that exposes the system to attack. 55 | 56 | \paragraph{Challenge:} \emph{Assured RV should not introduce security 57 | vulnerabilities into a system.} 58 | 59 | 60 | 61 | %Our experience in participating in UAS flight tests 62 | %illustrate how difficult the steering problem can be as simply 63 | %directing the vehicle into the ground, so that it does not leave a 64 | %test range, is require the need to consider aircraft dynamics. -------------------------------------------------------------------------------- /ISoLA16/trace.tex: -------------------------------------------------------------------------------- 1 | \section{Traceability}~\label{sec:trace} 2 | To ensure that the requirements and safety analyses performed early in 3 | systems development are reflected throughout the lifecycle, many 4 | guidelines for safety-critical software, such as DO-178C, require 5 | documentation of traceability from requirements to object 6 | code. Consequently, to promote the acceptance of high-assurance RV, the 7 | monitor generation frameworks should produce documentation that 8 | supports traceability from specification to monitor code. 9 | 10 | \paragraph{Challenge:} \emph{Support traceability from the requirements and system level analysis to the actual monitor code.} 11 | 12 | \paragraph{Copilot Approach:} Using SBV to generate C monitors may 13 | create many small files and it can be quite difficult to relate this to 14 | the specification. The code generation module has recently been 15 | revised to generate documentation that improves traceability. The 16 | user can insert labels in their specifications that flow down to the 17 | documentation. The translation process creates C header files with 18 | documentation formatted to be processed by the plain text graph 19 | description language processor DOT~\cite{dot}. Each C function has 20 | accompanying auto-generated graphical documentation. 21 | 22 | In the case of the following example: 23 | \begin{lstlisting}[frame=single] 24 | hor_rr sx sy = (label "?hor_rr_dividend" $ sqrt $ 25 | (normsq2dim sx sy) - (minHorSep * minHorSep)) 26 | / (label "?hor_rr_divisor" $ minHorSep) 27 | \end{lstlisting} 28 | the SBV translation breaks this relatively simple expression into 29 | numerous small C functions and function parameters get instantiated 30 | with the variables being monitored. The auto-generated documentation for one 31 | of these files appears similar to Figure~\ref{fig:trace2}, where the labels have 32 | the names of the program variables being monitored. 33 | 34 | 35 | %\begin{figure}[ht!] 36 | % \centering 37 | % \resizebox {0.5\textwidth} {!} { 38 | %\begin{tikzpicture}[->, node distance=1.5cm, auto, shorten >=1pt, bend angle=45 ] 39 | %\tikzstyle{every state}=[rectangle] 40 | %\node[state] (fil1) {ext\_ident\_double\_10\_arg0}; 41 | %\node[state](la)[below of = fil1]{label:hor\_rr\_dividend}; 42 | %\node[state](sqrt) [below of = la]{ext\_sqrt9}; 43 | % \tikzstyle{every node}=[] 44 | % \path 45 | % (fil1) edge [->, anchor=east] node {} (la) 46 | % (la) edge [->, anchor=east] node {}(sqrt); 47 | % \end{tikzpicture} 48 | %} 49 | % \caption{Autogenerated } 50 | % \label{fig:trace}% \end{figure} 51 | 52 | \begin{figure}[ht!] 53 | \centering 54 | \resizebox {0.5\textwidth} {!} { 55 | \begin{tikzpicture}[->, node distance=2.3cm, auto, shorten >=1pt, bend angle=45 ] 56 | \tikzstyle{every state}=[rectangle] 57 | \node[state] (fil2) {ext\_sqrt}; 58 | \node[state](opmin)[right of = fil2]{OP2:-}; 59 | \node[state](v1)[below left of = opmin]{ext\_ident\_double\_8}; 60 | \node[state](opmul)[below right of = opmin]{OP2:*}; 61 | \node[state](mv1)[below left of =opmul]{ext\_min\_hor\_sep}; 62 | \node[state](mv2)[below right of =opmul]{ext\_min\_hor\_sep}; 63 | 64 | \tikzstyle{every node}=[] 65 | \path 66 | (fil2) edge [->, anchor=east] node {} (opmin) 67 | (opmin) edge [->, anchor=east] node {}(v1) 68 | (opmin) edge [->, anchor=west] node {}(opmul) 69 | (opmul) edge [->, anchor=east] node {}(mv1) 70 | (opmul) edge [->, anchor=west] node {}(mv2); 71 | \end{tikzpicture} 72 | } 73 | \caption{Autogenerated Documentation } 74 | \label{fig:trace2} 75 | \end{figure} 76 | 77 | 78 | %\begin{figure}[ht] 79 | %\begin{center} 80 | %\includegraphics[width=\textwidth,height=10cm]{rrfig2.pdf} 81 | % \label{fig:label} 82 | %\end{center} 83 | %\end{figure} 84 | 85 | 86 | 87 | %\begin{itemize} 88 | %\item Many conventional processes based guidance 89 | % documents require ``traceability'' from the requirements to the 90 | % executable. 91 | %\item In assured RV we should be able to trace from requirements to 92 | % monitor spec to monitor. 93 | %\item We have developed a feature for adding labels to Copilot specs 94 | % facilitating traceability. 95 | %\item We leveraged the GNU dot tool to help visualize what is going 96 | % on. 97 | 98 | %\end{itemize} 99 | -------------------------------------------------------------------------------- /LPick/MTL/monitor/Makefile: -------------------------------------------------------------------------------- 1 | test: 2 | cabal exec -- ghc monitor.hs 3 | ./monitor 4 | gcc monitor_test.c copilot-c99-codegen/copilot.c triggers.c -o monitor_test 5 | ./monitor_test 6 | 7 | compile: 8 | cabal exec -- ghc monitor.hs 9 | ./monitor 10 | -------------------------------------------------------------------------------- /LPick/MTL/monitor/monitor_test.c: -------------------------------------------------------------------------------- 1 | #include "copilot-c99-codegen/copilot.h" 2 | #include "triggers.h" 3 | #include 4 | #include 5 | 6 | // externs 7 | uint64_t clk_nanosec = 0; 8 | bool stall_warning = false; 9 | bool afterburner_on = false; 10 | double airspeed = 0; 11 | double max_airspeed = 2; 12 | bool takeoff = false; 13 | float pitch_deg = 0; 14 | double altitude_ft = 0; 15 | 16 | void to_monitor (void) { 17 | for (clk_nanosec = 0; clk_nanosec < 600000000000; clk_nanosec += 100000000) { 18 | takeoff = false; 19 | // takeoff 20 | if (clk_nanosec < 30000000000) { 21 | airspeed += 0.00025; 22 | if (clk_nanosec > 2000000000) { 23 | pitch_deg += 0.1; 24 | } 25 | } 26 | else if (clk_nanosec < 48000000000) { 27 | airspeed += 0.0025; 28 | pitch_deg += 0.0025; 29 | } 30 | else if (clk_nanosec == 52000000000) { 31 | takeoff = true; 32 | printf("%" PRId64 ": Takeoff\n", clk_nanosec); 33 | altitude_ft += 0.5; 34 | } 35 | else if (clk_nanosec < 66000000000) { 36 | airspeed += 0.025; 37 | altitude_ft += 3; 38 | } 39 | else if (clk_nanosec < 90000000000) { 40 | pitch_deg += 0.005; 41 | altitude_ft += 5.5; 42 | } 43 | // stall 44 | else if (clk_nanosec < 126000000000) { 45 | pitch_deg += 0.01; 46 | } 47 | // afterburner 48 | else if (clk_nanosec < 145000000000) { 49 | afterburner_on = true; 50 | airspeed += 0.25; 51 | pitch_deg -= 0.1; 52 | } 53 | else if (clk_nanosec < 168000000000){ 54 | afterburner_on = false; 55 | altitude_ft += 2.5; 56 | } 57 | else if (clk_nanosec < 170000000000){ 58 | afterburner_on = true; 59 | airspeed += 0.005; 60 | altitude_ft += 3.5; 61 | } 62 | 63 | // stall warning alarm 64 | if (pitch_deg >= 16) { 65 | stall_warning = true; 66 | airspeed -= 0.06; 67 | } 68 | else { 69 | stall_warning = false; 70 | } 71 | step(); 72 | 73 | } 74 | } 75 | 76 | int main (void) { 77 | to_monitor(); 78 | return 0; 79 | } 80 | -------------------------------------------------------------------------------- /LPick/MTL/monitor/triggers.h: -------------------------------------------------------------------------------- 1 | void takeoff_altitude_violation (double measured0, uint64_t clk0, 2 | double measured1, uint64_t clk1, 3 | double measured2, uint64_t clk2, 4 | double measured3, uint64_t clk3, 5 | double measured4, uint64_t clk4, 6 | double measured5, uint64_t clk5, 7 | double measured6, uint64_t clk6, 8 | double measured7, uint64_t clk7, 9 | double measured8, uint64_t clk8, 10 | double measured9, uint64_t clk9, 11 | double measured10, uint64_t clk10, 12 | double expected); 13 | 14 | void airspeed_violation (double measured0, uint64_t clk0, 15 | double measured1, uint64_t clk1, 16 | double measured2, uint64_t clk2, 17 | double measured3, uint64_t clk3, 18 | double measured4, uint64_t clk4, 19 | double measured5, uint64_t clk5, 20 | double measured6, uint64_t clk6, 21 | double measured7, uint64_t clk7, 22 | double measured8, uint64_t clk8, 23 | double measured9, uint64_t clk9, 24 | double measured10, uint64_t clk10, 25 | double max); 26 | 27 | void afterburner_violation (bool measured0, uint64_t clk0, 28 | bool measured1, uint64_t clk1, 29 | bool measured2, uint64_t clk2, 30 | bool measured3, uint64_t clk3, 31 | bool measured4, uint64_t clk4, 32 | bool measured5, uint64_t clk5, 33 | bool measured6, uint64_t clk6, 34 | bool measured7, uint64_t clk7, 35 | bool measured8, uint64_t clk8, 36 | bool measured9, uint64_t clk9, 37 | bool measured10, uint64_t clk10); 38 | 39 | void stall_warning_pitch_violation (bool measured0, uint64_t clk0, float pitch0, 40 | bool measured1, uint64_t clk1, float pitch1, 41 | bool measured2, uint64_t clk2, float pitch2, 42 | bool measured3, uint64_t clk3, float pitch3, 43 | bool measured4, uint64_t clk4, float pitch4, 44 | bool measured5, uint64_t clk5, float pitch5, 45 | bool measured6, uint64_t clk6, float pitch6, 46 | bool measured7, uint64_t clk7, float pitch7, 47 | bool measured8, uint64_t clk8, float pitch8, 48 | bool measured9, uint64_t clk9, float pitch9, 49 | bool measured10, uint64_t clk10, float pitch10); 50 | -------------------------------------------------------------------------------- /LPick/MTL/mtlTester/Makefile: -------------------------------------------------------------------------------- 1 | test: 2 | cabal exec -- ghc mtl_test 3 | ./mtl_test 4 | gcc tester.c test_copilot-c99-codegen/test_copilot.c -o tester 5 | ./tester 6 | -------------------------------------------------------------------------------- /LPick/MTL/slides.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/LPick/MTL/slides.pdf -------------------------------------------------------------------------------- /LPick/WaypointMonitor/angleMonitor/angle_driver_gen.hs: -------------------------------------------------------------------------------- 1 | import System.IO 2 | import Data.Char 3 | 4 | -- Generate angle_driver.c: 5 | -- Reads LLA values in from lla.txt 6 | 7 | driver steps = 8 | "#include \"copilot-c99-codegen/copilot.h\"\n" ++ 9 | "#include\n\n" ++ 10 | (declareExterns 255) ++ (triggers 253) ++ 11 | "int main (void) {\n" ++ 12 | (updateExterns steps) ++ 13 | "}" 14 | 15 | where 16 | 17 | declareExterns 0 = 18 | "bool waypoint_in_path_0;\n" ++ 19 | "float waypoint_alt_0;\n" ++ 20 | "float waypoint_long_0;\n" ++ 21 | "float waypoint_lat_0;\n" 22 | declareExterns n = 23 | "bool waypoint_in_path_" ++ (show n) ++ ";\n" ++ 24 | "float waypoint_alt_" ++ (show n) ++ ";\n" ++ 25 | "float waypoint_long_" ++ (show n) ++ ";\n" ++ 26 | "float waypoint_lat_" ++ (show n) ++ ";\n" 27 | ++ (declareExterns $ n - 1) 28 | 29 | updateExterns [] = "" 30 | updateExterns (s:ss) = 31 | " printf(\"Next Set of Waypoints:\\n\");\n" 32 | ++ (assignExterns 256 0 s) ++ " step();\n" 33 | ++ (updateExterns ss) 34 | 35 | assignExterns 0 _ _ = "" 36 | assignExterns n k [] = 37 | " waypoint_in_path_" ++ (show k) ++ " = false;\n" ++ 38 | " waypoint_alt_" ++ (show k) ++ " = 0;\n" ++ 39 | " waypoint_long_" ++ (show k) ++ " = 0;\n" ++ 40 | " waypoint_lat_" ++ (show k) ++ " = 0;\n" 41 | ++ (assignExterns (n - 1) (k + 1) []) 42 | assignExterns n k (vec:vecs) = 43 | " waypoint_in_path_" ++ (show k) ++ " = true;\n" ++ 44 | " waypoint_alt_" ++ (show k) ++ " = " ++ (vec !! 2) ++ ";\n" ++ 45 | " waypoint_long_" ++ (show k) ++ " = " ++ (vec !! 1) ++ ";\n" ++ 46 | " waypoint_lat_" ++ (show k) ++ " = " ++ (vec !! 0) ++ ";\n" 47 | ++ (assignExterns (n - 1) (k + 1) vecs) 48 | 49 | triggers 0 = 50 | "void angleBetween0 (float f) {\n" ++ 51 | " printf(\"Angle 0: %f radians\\n\", f);\n" ++ 52 | "}\n" 53 | triggers n = 54 | "void angleBetween" ++ (show n) ++ " (float f) {\n" ++ 55 | " printf(\"Angle " ++ (show n) ++ ": %f radians\\n\", f);\n" ++ 56 | "}\n" ++ (triggers $ n - 1) 57 | 58 | parseLLAs :: String -> [[[String]]] 59 | parseLLAs llas = break (lines llas) [] 60 | where 61 | break [] acc = [map words (reverse acc)] 62 | break (l:ls) acc = if (l == "---") 63 | then (map words (reverse acc)):(break ls []) 64 | else (break ls (l:acc)) 65 | 66 | main = do 67 | handle <- openFile "lla.txt" ReadMode 68 | llas <- hGetContents handle 69 | writeFile "angle_driver.c" (driver (parseLLAs llas)) 70 | -------------------------------------------------------------------------------- /LPick/WaypointMonitor/angleMonitor/lla.txt: -------------------------------------------------------------------------------- 1 | 1 2 0 2 | 4 1 0 3 | 2 5 0 4 | 5 3 0 5 | --- 6 | 2 0 0 7 | 2 2 0 8 | 1 2 0 9 | 2 3 0 10 | 3 1 0 11 | --- 12 | 1 0 0 13 | 3 2 0 14 | 3 2 2 15 | --- 16 | 1 2 0 17 | 3 0 0 18 | 3 0 3 19 | --- 20 | 1 2 0 21 | 2 3 0 22 | 4 0 0 23 | -------------------------------------------------------------------------------- /LPick/WaypointMonitor/fullMonitor/triggers.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | void nfz_0 (void) { 5 | printf("No fly zone 0 entered.\n"); 6 | } 7 | void nfz_1 (void) { 8 | printf("No fly zone 1 entered.\n"); 9 | } 10 | void nfz_2 (void) { 11 | printf("No fly zone 2 entered.\n"); 12 | } 13 | void nfz_3 (void) { 14 | printf("No fly zone 3 entered.\n"); 15 | } 16 | void nfz_4 (void) { 17 | printf("No fly zone 4 entered.\n"); 18 | } 19 | void nfz_5 (void) { 20 | printf("No fly zone 5 entered.\n"); 21 | } 22 | void nfz_6 (void) { 23 | printf("No fly zone 6 entered.\n"); 24 | } 25 | void nfz_7 (void) { 26 | printf("No fly zone 7 entered.\n"); 27 | } 28 | void nfz_8 (void) { 29 | printf("No fly zone 8 entered.\n"); 30 | } 31 | void nfz_9 (void) { 32 | printf("No fly zone 9 entered.\n"); 33 | } 34 | void nfz_10 (void) { 35 | printf("No fly zone 10 entered.\n"); 36 | } 37 | void nfz_11 (void) { 38 | printf("No fly zone 11 entered.\n"); 39 | } 40 | void nfz_12 (void) { 41 | printf("No fly zone 12 entered.\n"); 42 | } 43 | void nfz_13 (void) { 44 | printf("No fly zone 13 entered.\n"); 45 | } 46 | void nfz_14 (void) { 47 | printf("No fly zone 14 entered.\n"); 48 | } 49 | void nfz_15 (void) { 50 | printf("No fly zone 15 entered.\n"); 51 | } 52 | void angleBetween (float f, int64_t i) { 53 | printf("Angle %" PRId64 " is %f radians\n", i, f); 54 | } 55 | void sum (float f) { 56 | printf("Sum of average reward/distances per waypoint is: %f\n",f); 57 | } 58 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Copilot: a stream DSL 2 | Repository containg reports and documentation on Copilot. 3 | 4 | Copilot is a runtime verification framework written in Haskell. It allows the 5 | user to write programs in a simple but powerful way using a stream-based 6 | approach. 7 | 8 | Programs can be interpreted for testing, or translated C99 code to be 9 | incorporated in a project, or as a standalone application. The C99 backend 10 | ensures us that the output is constant in memory and time, making it suitable 11 | for systems with hard realtime requirements. 12 | 13 | 14 | ## Further information 15 | For further information, install instructions and documentation, please visit 16 | the Copilot website: 17 | [https://copilot-language.github.io](https://copilot-language.github.io) 18 | 19 | 20 | ## License 21 | Copilot is distributed under the BSD-3-Clause license, which can be found 22 | [here](https://raw.githubusercontent.com/Copilot-Language/Copilot/master/LICENSE). 23 | -------------------------------------------------------------------------------- /RSpring/documents/NASA_Branch_Presentation.pptx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/RSpring/documents/NASA_Branch_Presentation.pptx -------------------------------------------------------------------------------- /RSpring/documents/NASA_RTR_Monitor_CoPilot.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/RSpring/documents/NASA_RTR_Monitor_CoPilot.pdf -------------------------------------------------------------------------------- /RSpring/documents/NASA_RTR_Monitor_CoPilot.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/RSpring/documents/NASA_RTR_Monitor_CoPilot.zip -------------------------------------------------------------------------------- /RSpring/rtr_copilot/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required (VERSION 2.8) 2 | project (rtr_copilot) 3 | 4 | set (CMAKE_C_FLAGS "-std=c99 -pedantic -g -O0") 5 | set (CMAKE_CXX_FLAGS "-std=c++11 -pedantic -g -O0") 6 | set (CMAKE_EXE_LINKER_FLAGS "-Wl,-rpath /usr/local/lib/x86_64-linux-gnu") 7 | 8 | include_directories ("${PROJECT_SOURCE_DIR}/include") 9 | include_directories (${CMAKE_SOURCE_DIR}) 10 | 11 | file(GLOB PENDULUM_AUTOGEN_SRC_FILES "pendulum_autogen/*.c") 12 | file(GLOB VANDERPOL_AUTOGEN_SRC_FILES "vanderpol_autogen/*.c") 13 | file(GLOB PROJECT_SRC_FILES "src/*.c") 14 | file(GLOB LINEAR_SRC_FILES "linear_system/*.c") 15 | file(GLOB NONLINEAR_PENDULUM_SRC_FILES "nonlinear_pendulum_autogen/*.c") 16 | file(GLOB OMPL_SRC_FILES "inverted_pendulum_rtr_ompl/*.cpp") 17 | 18 | add_executable(rt_reachability ${PENDULUM_AUTOGEN_SRC_FILES} ${LINEAR_SRC_FILES} ${NONLINEAR_PENDULUM_SRC_FILES} ${VANDERPOL_AUTOGEN_SRC_FILES} ${PROJECT_SRC_FILES} rt_reachability.c) 19 | target_include_directories(rt_reachability PUBLIC "${PROJECT_SOURCE_DIR}/linear_system/include") 20 | target_include_directories(rt_reachability PUBLIC "${PROJECT_SOURCE_DIR}/pendulum_autogen/include") 21 | target_include_directories(rt_reachability PUBLIC "${PROJECT_SOURCE_DIR}/nonlinear_pendulum_autogen/include") 22 | target_include_directories(rt_reachability PUBLIC "${PROJECT_SOURCE_DIR}/vanderpol_autogen/include") 23 | target_link_libraries(rt_reachability m) 24 | 25 | add_executable(vector_field ${PENDULUM_AUTOGEN_SRC_FILES} ${LINEAR_SRC_FILES} ${VANDERPOL_AUTOGEN_SRC_FILES} ${PROJECT_SRC_FILES} vector_field.c) 26 | target_include_directories(vector_field PUBLIC "${PROJECT_SOURCE_DIR}/linear_system/include") 27 | target_include_directories(vector_field PUBLIC "${PROJECT_SOURCE_DIR}/pendulum_autogen/include") 28 | target_include_directories(vector_field PUBLIC "${PROJECT_SOURCE_DIR}/vanderpol_autogen/include") 29 | target_link_libraries(vector_field m) 30 | 31 | set(Boost_USE_STATIC_LIBS OFF) 32 | set(Boost_USE_MULTITHREADED ON) 33 | set(Boost_USE_STATIC_RUNTIME OFF) 34 | find_package(Boost 1.49.0 COMPONENTS system program_options REQUIRED) 35 | 36 | add_executable(ompl_rtr_monitor ${OMPL_SRC_FILES} ${NONLINEAR_PENDULUM_SRC_FILES} ${PROJECT_SRC_FILES}) 37 | target_include_directories(ompl_rtr_monitor PUBLIC "${PROJECT_SOURCE_DIR}/nonlinear_pendulum_autogen/include") 38 | target_include_directories(ompl_rtr_monitor PUBLIC "${PROJECT_SOURCE_DIR}/inverted_pendulum_rtr_ompl/include") 39 | target_link_libraries (ompl_rtr_monitor 40 | ${Boost_SYSTEM_LIBRARY} 41 | ${Boost_PROGRAM_OPTIONS_LIBRARY} 42 | ompl 43 | ompl_app 44 | ompl_app_base 45 | ) 46 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/Makefile: -------------------------------------------------------------------------------- 1 | all: compile 2 | 3 | compile: clean 4 | mkdir build 5 | cd build && cmake .. && $(MAKE) 6 | 7 | ompl: compile 8 | ./build/ompl_rtr_monitor > path.txt 9 | /usr/bin/python ./inverted_pendulum_rtr_ompl/animate.py path.txt 10 | 11 | nlp: compile 12 | ./build/rt_reachability NONLINEAR_PENDULUM > data.txt 13 | ./plotPendulum.py 14 | 15 | pendulum: compile 16 | ./build/rt_reachability PENDULUM > data.txt 17 | ./plotSolution.py 18 | 19 | vanderpol: compile 20 | ./build/rt_reachability VANDERPOL > data.txt 21 | ./plotSolution.py 22 | 23 | visual_pendulum: compile 24 | ./build/vector_field PENDULUM > data.txt 25 | ./plotVectorField.py 26 | 27 | visual_vanderpol: compile 28 | ./build/vector_field VANDERPOL > data.txt 29 | ./plotVectorField.py 30 | 31 | ctags: 32 | ctags -R -f ./.git/tags . 33 | 34 | clean: 35 | rm -rf build/ 36 | rm -rf *.*~ 37 | rm -rf data.txt 38 | rm -rf path*.txt 39 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/README.md: -------------------------------------------------------------------------------- 1 | # rtr_monitor_copilot 2 | Real-Time Reachability Copilot Monitor 3 | Ryan Spring 4 | rds4@rice.edu 5 | Summer 2015 6 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/haskell_rtr/Makefile: -------------------------------------------------------------------------------- 1 | all: clean 2 | ghc --make -O0 rtr.hs 3 | ./rtr > data.txt 2>&1 4 | ../plotSolution.py data.txt 5 | 6 | clean: 7 | rm -rf *.hi 8 | rm -rf *.o 9 | rm -rf rtr 10 | rm -rf data.txt 11 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/include/constants.h: -------------------------------------------------------------------------------- 1 | #ifndef _CONSTANTS_H_ 2 | #define _CONSTANTS_H_ 3 | 4 | #define STEPS100 0.0075 5 | #define STEPS300 0.0025 6 | #define STEPS1250 0.0006 7 | 8 | #endif // _CONSTANTS_H_ 9 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/include/hyper_rect.h: -------------------------------------------------------------------------------- 1 | #ifndef _HYPER_RECT_H_ 2 | #define _HYPER_RECT_H_ 3 | 4 | #include "interval.h" 5 | 6 | struct HyperRect 7 | { 8 | struct Interval * const dims; 9 | }; 10 | 11 | #endif // _HYPER_RECT_H_ 12 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/include/interval.h: -------------------------------------------------------------------------------- 1 | #ifndef _INTERVAL_H_ 2 | #define _INTERVAL_H_ 3 | 4 | #include 5 | 6 | struct Interval 7 | { 8 | double min; 9 | double max; 10 | }; 11 | 12 | bool contains(struct Interval* intv, double value); 13 | double avg(struct Interval* intv); 14 | #endif // _INTERVAL_H_ 15 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/include/monitor.h: -------------------------------------------------------------------------------- 1 | #ifndef _MONITOR_H_ 2 | #define _MONITOR_H_ 3 | 4 | #include "hyper_rect.h" 5 | 6 | typedef double (*derivativeFunDef)(int dim, double* state); 7 | typedef void (*UIPFunDef)(struct Interval* rv, int dim, struct HyperRect* box); 8 | 9 | struct Monitor 10 | { 11 | const unsigned NUM_STATES; 12 | const double reachTimeStep; 13 | const struct Interval * const state_constraints; 14 | derivativeFunDef derivative; 15 | UIPFunDef updateInflectionPoints; 16 | struct HyperRect * const rset; 17 | struct HyperRect * const neighborhood; 18 | }; 19 | 20 | #endif // _MONITOR_H_ 21 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/include/rt_face_lift.h: -------------------------------------------------------------------------------- 1 | #ifndef RT_FACE_LIFT_H 2 | #define RT_FACE_LIFT_H 3 | 4 | #include "monitor.h" 5 | #include "util.h" 6 | 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | 13 | bool face_lift(struct Monitor* params, double reachTimeRemaining, bool debug); 14 | static bool check_rset(struct Monitor * const params); 15 | static void constructNeighborhoods(struct Monitor * const params, struct Interval* allDerivatives, struct Interval* neighborhoodWidths); 16 | static bool resample_derivative(bool* reconstruct, int max, double prevDerivative, double currDerivative); 17 | static struct Interval getMinMaxDerivative(struct Monitor * const params, int dim, struct HyperRect* box); 18 | static double minCrossReachTime(struct Monitor * const params, struct Interval* allDerivatives, struct Interval* neighborhoodWidths); 19 | static void advanceBox(struct Monitor * const params, struct Interval* allDerivatives, double reachTime); 20 | #endif // RT_FACE_LIFT_H 21 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/include/util.h: -------------------------------------------------------------------------------- 1 | #ifndef _UTIL_H_ 2 | #define _UTIL_H_ 3 | 4 | #include "monitor.h" 5 | 6 | #include 7 | #include 8 | 9 | extern const double EPSILON; 10 | 11 | bool check_bound(struct Interval i, double value); 12 | bool check_state(struct Monitor * const params, double* state); 13 | void print_state(struct Monitor * const params, double* state); 14 | void print_rset(struct Monitor * const params); 15 | double min(double a, double b); 16 | double max(double a, double b); 17 | double absolute(double x); 18 | void updateInterval(struct Interval* rv, double value); 19 | void compressRset(struct Monitor * const params, const double DELTA); 20 | void updateNeighborhood(struct Monitor * const params); 21 | #endif // _UTIL_H_ 22 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/inverted_pendulum_rtr_ompl/Makefile: -------------------------------------------------------------------------------- 1 | sim: 2 | /usr/bin/python inv_pen_sim.py 3 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/inverted_pendulum_rtr_ompl/animate.py: -------------------------------------------------------------------------------- 1 | from numpy import sin, cos 2 | import numpy as np 3 | import matplotlib.pyplot as plt 4 | import scipy.integrate as integrate 5 | import matplotlib.animation as animation 6 | import math 7 | import fileinput 8 | 9 | dims = 4 10 | xaxis = 5 11 | L = 0.5 12 | l = 0.5 13 | 14 | data_points = [] 15 | rtr_predict = [] 16 | status = [] 17 | 18 | #------------------------------------------------------------ 19 | count = 1 20 | for line in fileinput.input(): 21 | if (count % 3) == 1: 22 | data_points.append([x for x in line.split(' ')]) 23 | elif (count % 3) == 2: 24 | rtr_predict.append([[float(x) for x in interval[1:-1].split(' ')] for interval in line.strip().split('\t')]) 25 | else: 26 | status.append(line.strip()) 27 | count = count + 1 28 | 29 | # set up figure and animation 30 | fig = plt.figure() 31 | ax = fig.add_subplot(111, aspect='equal', autoscale_on=False, 32 | xlim=(-xaxis, xaxis), ylim=(-4, 4)) 33 | ax.grid() 34 | 35 | line, = ax.plot([], [], 'o-', lw=2) 36 | predict, = ax.plot([], [], 'o-', lw=2) 37 | rtr_monitor_text = ax.text(0.02, 0.95, '', transform=ax.transAxes) 38 | 39 | def init(): 40 | """initialize animation""" 41 | line.set_data([], []) 42 | predict.set_data([], []) 43 | rtr_monitor_text.set_text('') 44 | return line 45 | 46 | def animate(i): 47 | """perform animation step""" 48 | line.set_data(get_data_pt(i)) 49 | predict.set_data(get_predict_pt(i)) 50 | rtr_monitor_text.set_text(status[i]) 51 | # set rtr predict line color 52 | if status[i] == "Safe": 53 | predict.set_color('g') 54 | else: 55 | predict.set_color('r') 56 | return line 57 | 58 | def get_predict_pt(i): 59 | minV = 0 60 | maxV = 1 61 | pos = 0 62 | theta = 1 63 | hyperRect = rtr_predict[i] 64 | x = np.cumsum([L + hyperRect[pos][maxV], l * sin(hyperRect[theta][maxV])]) 65 | y = np.cumsum([0, l * cos(hyperRect[theta][minV])]) 66 | return (x, y) 67 | 68 | def get_data_pt(i): 69 | x = np.cumsum([float(data_points[i][0]), L, l * sin(float(data_points[i][1]))]) 70 | y = np.cumsum([0, 0, l * cos(float(data_points[i][1]))]) 71 | return (x, y) 72 | 73 | from time import time 74 | frame_rate = 60.0 75 | interval = 1000.0/frame_rate 76 | 77 | # choose the interval based on dt and the time to animate one step 78 | ani = animation.FuncAnimation(fig, animate, frames=len(data_points)-1, init_func=init, 79 | interval=interval, blit=False) 80 | 81 | # save the animation as an mp4. This requires ffmpeg or mencoder to be 82 | # installed. The extra_args ensure that the x264 codec is used, so that 83 | # the video can be embedded in html5. You may need to adjust this for 84 | # your system: for more information, see 85 | # http://matplotlib.sourceforge.net/api/animation_api.html 86 | #ani.save('inverted_pendulum.mp4', fps=30, extra_args=['-vcodec', 'libx264']) 87 | 88 | plt.show() 89 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/inverted_pendulum_rtr_ompl/include/pid_ctrl.h: -------------------------------------------------------------------------------- 1 | #ifndef PID_CTRL_ 2 | #define PID_CTRL_ 3 | 4 | #include "ompl/control/planners/PlannerIncludes.h" 5 | #include 6 | #include 7 | #include 8 | 9 | namespace ompl 10 | { 11 | 12 | namespace control 13 | { 14 | 15 | class PID : public base::Planner 16 | { 17 | public: 18 | 19 | /** \brief Constructor */ 20 | PID(const SpaceInformationPtr &si); 21 | 22 | virtual ~PID(void); 23 | 24 | /** \brief Continue solving for some amount of time. Return true if solution was found. */ 25 | virtual base::PlannerStatus solve(const base::PlannerTerminationCondition &ptc); 26 | 27 | /** \brief Clear datastructures. Call this function if the 28 | input data to the planner has changed and you do not 29 | want to continue planning */ 30 | virtual void clear(void); 31 | 32 | virtual void getPlannerData(base::PlannerData &data) const; 33 | 34 | virtual void setup(void); 35 | protected: 36 | 37 | 38 | /** \brief Representation of a motion 39 | 40 | This only contains pointers to parent motions as we 41 | only need to go backwards in the tree. */ 42 | class Motion 43 | { 44 | public: 45 | 46 | Motion(void) : state(NULL), control(NULL) {} 47 | 48 | /** \brief Constructor that allocates memory for the state and the control */ 49 | Motion(const SpaceInformation *si) : state(si->allocState()), control(si->allocControl()) {} 50 | 51 | ~Motion(void) {} 52 | 53 | /** \brief The state contained by the motion */ 54 | base::State *state; 55 | 56 | /** \brief The control contained by the motion */ 57 | Control *control; 58 | }; 59 | 60 | void control_action(Control*& control, base::State*& state); 61 | 62 | /** \brief State sampler */ 63 | base::StateSamplerPtr sampler_; 64 | 65 | /** \brief Control sampler */ 66 | DirectedControlSamplerPtr controlSampler_; 67 | 68 | /** \brief The base::SpaceInformation cast as control::SpaceInformation, for convenience */ 69 | const SpaceInformation *siC_; 70 | 71 | /** \brief List of PID motions **/ 72 | std::vector motions; 73 | 74 | const double EPSILON = 0.1; 75 | }; 76 | } 77 | } 78 | 79 | #endif 80 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/inverted_pendulum_rtr_ompl/pid_ctrl.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #include "pid_ctrl.h" 9 | 10 | namespace ob = ompl::base; 11 | namespace oc = ompl::control; 12 | 13 | ompl::control::PID::PID(const SpaceInformationPtr &si) : base::Planner(si, "PID") 14 | { 15 | specs_.approximateSolutions = true; 16 | siC_ = si.get(); 17 | } 18 | 19 | ompl::control::PID::~PID(void) 20 | { 21 | } 22 | 23 | void ompl::control::PID::setup(void) 24 | { 25 | base::Planner::setup(); 26 | } 27 | 28 | void ompl::control::PID::clear(void) 29 | { 30 | Planner::clear(); 31 | sampler_.reset(); 32 | controlSampler_.reset(); 33 | } 34 | 35 | void ompl::control::PID::control_action(oc::Control*& control, ob::State*& state) 36 | { 37 | static const double KP = 25.0; 38 | static const double KD = 5.0; 39 | //static const double KP = 0.0; 40 | //static const double KD = 0.0; 41 | double* u = control->as()->values; 42 | 43 | const ompl::base::CompoundState* cstate = state->as(); 44 | const ompl::base::SO2StateSpace::StateType* theta = cstate->as(1); 45 | const ompl::base::SO2StateSpace::StateType* omega = cstate->as(3); 46 | 47 | *u = KP * theta->value + KD * omega->value; 48 | } 49 | ompl::base::PlannerStatus ompl::control::PID::solve(const base::PlannerTerminationCondition &ptc) 50 | { 51 | checkValidity(); 52 | base::Goal *goal = pdef_->getGoal().get(); 53 | 54 | while (const base::State *st = pis_.nextStart()) 55 | { 56 | motions.push_back(new Motion(siC_)); 57 | si_->copyState(motions.back()->state, st); 58 | siC_->nullControl(motions.back()->control); 59 | } 60 | 61 | if(motions.empty()) 62 | { 63 | OMPL_ERROR("Invalid Start State"); 64 | return base::PlannerStatus::INVALID_START; 65 | } 66 | 67 | if (!sampler_) 68 | { 69 | sampler_ = si_->allocStateSampler(); 70 | } 71 | 72 | if (!controlSampler_) 73 | { 74 | controlSampler_ = siC_->allocDirectedControlSampler(); 75 | } 76 | 77 | bool solved = false; 78 | double approxdif = std::numeric_limits::infinity(); 79 | while (ptc == false) 80 | { 81 | /* create a motion */ 82 | // Add PID control action 83 | Motion* new_motion = new Motion(siC_); 84 | new_motion->state = si_->allocState(); 85 | siC_->nullControl(new_motion->control); 86 | control_action(new_motion->control, motions.back()->state); 87 | 88 | // Add State Propagation 89 | unsigned int cd = siC_->propagateWhileValid(motions.back()->state, new_motion->control, siC_->getMinControlDuration(), new_motion->state); 90 | motions.push_back(new_motion); 91 | 92 | double dist = 0.0; 93 | bool solv = goal->isSatisfied(new_motion->state, &dist); 94 | if(solv) 95 | { 96 | solved = true; 97 | } 98 | 99 | if(dist < approxdif) 100 | { 101 | approxdif = dist; 102 | } 103 | } 104 | 105 | /* set the solution path */ 106 | PathControl *path = new PathControl(si_); 107 | for (unsigned i = 0 ; i < motions.size()-1; ++i) 108 | { 109 | path->append(motions[i]->state, motions[i]->control, siC_->getPropagationStepSize()); 110 | } 111 | path->append(motions[motions.size()-1]->state); 112 | pdef_->addSolutionPath(base::PathPtr(path), false, approxdif); 113 | return base::PlannerStatus(true, solved); 114 | } 115 | 116 | void ompl::control::PID::getPlannerData(base::PlannerData &data) const 117 | { 118 | Planner::getPlannerData(data); 119 | double delta = siC_->getPropagationStepSize(); 120 | 121 | if (motions.back()) 122 | { 123 | data.addGoalVertex(base::PlannerDataVertex(motions.back()->state)); 124 | } 125 | 126 | for (int i = motions.size()-1 ; i >= 1 ; --i) 127 | { 128 | const Motion* m = motions[i]; 129 | data.addEdge(base::PlannerDataVertex(motions[i-1]->state), base::PlannerDataVertex(m->state), control::PlannerDataEdgeControl(m->control, delta)); 130 | } 131 | data.addStartVertex(base::PlannerDataVertex(motions.front()->state)); 132 | } 133 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/linear_system/include/linear.h: -------------------------------------------------------------------------------- 1 | #ifndef LINEAR_H 2 | #define LINEAR_H 3 | 4 | #include "interval.h" 5 | 6 | struct LinearParams 7 | { 8 | const unsigned NUM_STATES; 9 | const unsigned NUM_INPUTS; 10 | const double * const A; 11 | const double * const B; 12 | const double * const K; 13 | const struct Interval * input_constraints; 14 | double * const u; 15 | }; 16 | 17 | double linear_derivative(struct LinearParams * const params, int dim, double* state); 18 | 19 | #endif // LINEAR_H 20 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/linear_system/include/linear_control.h: -------------------------------------------------------------------------------- 1 | #ifndef INPUT_H 2 | #define INPUT_H 3 | 4 | #include "linear.h" 5 | #include 6 | 7 | static double bound(struct Interval i, double value); 8 | static void check_input(struct LinearParams * const params, double* values); 9 | void generate_input(struct LinearParams * const params, double* state); 10 | 11 | #endif // INPUT_H 12 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/linear_system/linear.c: -------------------------------------------------------------------------------- 1 | #include "linear.h" 2 | #include "linear_control.h" 3 | 4 | double linear_derivative(struct LinearParams * const params, int dim, double* state) 5 | { 6 | // return value 7 | double rv = 0; 8 | 9 | // AX 10 | for(int i = 0; i < params->NUM_STATES; ++i) 11 | { 12 | rv += params->A[dim * params->NUM_STATES + i] * state[i]; 13 | } 14 | 15 | // input saturation 16 | // u = KX 17 | generate_input(params, state); 18 | 19 | // Bu 20 | for(int i = 0; i < params->NUM_INPUTS; ++i) 21 | { 22 | rv += params->B[dim * params->NUM_INPUTS + i] * params->u[i]; 23 | } 24 | return rv; 25 | } 26 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/linear_system/linear_control.c: -------------------------------------------------------------------------------- 1 | #include "linear_control.h" 2 | #include "linear.h" 3 | 4 | double bound(struct Interval i, double value) 5 | { 6 | if(value > i.max) 7 | { 8 | return i.max; 9 | } 10 | else if(value < i.min) 11 | { 12 | return i.min; 13 | } 14 | else 15 | { 16 | return value; 17 | } 18 | } 19 | 20 | void check_input(struct LinearParams * const params, double* values) 21 | { 22 | for(unsigned i = 0; i < params->NUM_INPUTS; ++i) 23 | { 24 | values[i] = bound(params->input_constraints[i], values[i]); 25 | } 26 | } 27 | 28 | void generate_input(struct LinearParams * const params, double* state) 29 | { 30 | for(unsigned i = 0; i < params->NUM_INPUTS; ++i) 31 | { 32 | for(unsigned j = 0; j < params->NUM_STATES; ++j) 33 | { 34 | params->u[i] += params->K[i * params->NUM_INPUTS + j] * state[j]; 35 | } 36 | } 37 | check_input(params, params->u); 38 | } 39 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/nonlinear_pendulum_autogen/include/nonlinear_pendulum_params.h: -------------------------------------------------------------------------------- 1 | #ifndef _NONLINEAR_PENDULUM_PARAMS_H_ 2 | #define _NONLINEAR_PENDULUM_PARAMS_H_ 3 | 4 | #define NONLINEAR_PENDULUM_NUM_STATES 4 5 | 6 | #include "constants.h" 7 | #include "hyper_rect.h" 8 | #include "util.h" 9 | 10 | #include 11 | 12 | static double control_action(double* state); 13 | static double pos_derivative(double* state); 14 | static double theta_derivative(double* state); 15 | static double vel_derivative(double* state); 16 | static double omega_derivative(double* state); 17 | void nonlinear_pendulum_updateInflectionPoints(struct Interval* rv, int dim, struct HyperRect* box); 18 | double nonlinear_pendulum_derivative(int dim, double* state); 19 | #endif // _NONLINEAR_PENDULUM_PARAMS_H_ 20 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/nonlinear_pendulum_autogen/nonlinear_pendulum_params.c: -------------------------------------------------------------------------------- 1 | #include "nonlinear_pendulum_params.h" 2 | #include 3 | #include 4 | 5 | #define G 9.81 6 | #define l 0.3 7 | #define m 0.25 8 | #define M 0.5 9 | 10 | double control_action(double* state) 11 | { 12 | static const double KP = 25.0; 13 | static const double KD = 5.0; 14 | //static const double KP = 0.0; 15 | //static const double KD = 0.0; 16 | return KP * state[1] + KD * state[3]; 17 | } 18 | 19 | double pos_derivative(double* state) 20 | { 21 | return state[2]; 22 | } 23 | 24 | double theta_derivative(double* state) 25 | { 26 | return state[3]; 27 | } 28 | 29 | double vel_derivative(double* state) 30 | { 31 | double u = control_action(state); 32 | double dt2_num = u + m * l * sin(state[1]) * pow(state[3], 2.0) - m * G * cos(state[1]) * sin(state[1]); 33 | double dt2_den = M + m - m * pow(cos(state[1]), 2.0); 34 | return dt2_num / dt2_den; 35 | } 36 | 37 | double omega_derivative(double* state) 38 | { 39 | double u = control_action(state); 40 | double dt3_num = u * cos(state[1]) - (M+m) * G * sin(state[1]) + m * l * (cos(state[1]) * sin(state[1])) * state[3]; 41 | double dt3_den = m * l * pow(cos(state[1]), 2.0) - (M+m) * l; 42 | return dt3_num / dt3_den; 43 | } 44 | 45 | double nonlinear_pendulum_derivative(int dim, double* state) 46 | { 47 | switch(dim) 48 | { 49 | case 0: 50 | { 51 | return pos_derivative(state); 52 | } 53 | case 1: 54 | { 55 | return theta_derivative(state); 56 | } 57 | case 2: 58 | { 59 | return vel_derivative(state); 60 | } 61 | case 3: 62 | { 63 | return omega_derivative(state); 64 | } 65 | default: 66 | { 67 | return 0.0; 68 | } 69 | } 70 | } 71 | 72 | void nonlinear_pendulum_updateInflectionPoints(struct Interval* rv, int dim, struct HyperRect* box) 73 | { 74 | // TODO Calulate Inflection Points for Nonlinear Pendulum 75 | } 76 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/pendulum_autogen/include/pendulum_params.h: -------------------------------------------------------------------------------- 1 | #ifndef _PENDULUM_PARAMS_H_ 2 | #define _PENDULUM_PARAMS_H_ 3 | 4 | #define PENDULUM_NUM_STATES 4 5 | #define PENDULUM_NUM_INPUTS 1 6 | 7 | #include "constants.h" 8 | #include "hyper_rect.h" 9 | #include "util.h" 10 | 11 | #include 12 | 13 | extern const double pendulum_A[PENDULUM_NUM_STATES][PENDULUM_NUM_STATES]; 14 | extern const double pendulum_B[PENDULUM_NUM_STATES][PENDULUM_NUM_INPUTS]; 15 | 16 | extern const double pendulum_K[PENDULUM_NUM_INPUTS][PENDULUM_NUM_STATES]; 17 | extern const struct Interval pendulum_input_constraints[PENDULUM_NUM_INPUTS]; 18 | 19 | void pendulum_updateInflectionPoints(struct Interval* rv, int dim, struct HyperRect* box); 20 | double pendulum_derivative(int dim, double* state); 21 | #endif // _PENDULUM_PARAMS_H_ 22 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/pendulum_autogen/include/pendulum_vector_field.h: -------------------------------------------------------------------------------- 1 | #ifndef _PENDULUM_VECTOR_FIELD_H 2 | #define _PENDULUM_VECTOR_FIELD_H 3 | 4 | #include "pendulum_params.h" 5 | #include "rt_face_lift.h" 6 | 7 | const struct Interval PENDULUM_STATE_BOUNDS[PENDULUM_NUM_STATES] = 8 | { 9 | {0, 1.25}, 10 | {0, 1.2}, 11 | {-20, 20}, 12 | {-30, 30} 13 | }; 14 | 15 | const double PENDULUM_STEP = 0.05; 16 | const double PENDULUM_SAMPLES = 15.0; 17 | 18 | double pendulum_hyperPoint[PENDULUM_NUM_STATES] = { 0 }; 19 | #endif // _PENDULUM_VECTOR_FIELD_H 20 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/pendulum_autogen/pendulum_params.c: -------------------------------------------------------------------------------- 1 | #include "pendulum_params.h" 2 | #include "linear.h" 3 | 4 | /* RTR Monitor Parameters */ 5 | struct Interval pendulum_dims[PENDULUM_NUM_STATES] = 6 | { 7 | {-0.001, 0.001}, 8 | {0.85, 0.85}, 9 | {0, 0}, 10 | {0, 0} 11 | }; 12 | 13 | struct HyperRect pendulum_rset = 14 | { 15 | pendulum_dims 16 | }; 17 | 18 | struct Interval pendulum_neighborhood_dims[PENDULUM_NUM_STATES] = { 0 }; 19 | struct HyperRect pendulum_neighborhood_rset = { pendulum_neighborhood_dims }; 20 | 21 | // state contraints 22 | const struct Interval pendulum_constraints[PENDULUM_NUM_STATES] = 23 | { 24 | {-1.0, 1.0}, 25 | {-1.0, 1.0}, 26 | {-30.0, 30.0}, 27 | {-DBL_MAX, DBL_MAX} 28 | }; 29 | 30 | struct Monitor pendulum_params = 31 | { 32 | PENDULUM_NUM_STATES, 33 | STEPS1250, 34 | pendulum_constraints, 35 | &pendulum_derivative, 36 | &pendulum_updateInflectionPoints, 37 | &pendulum_rset, 38 | &pendulum_neighborhood_rset 39 | }; 40 | 41 | /* Linear Model Parameters */ 42 | // x' = Ax + Bu 43 | const double pendulum_A[PENDULUM_NUM_STATES][PENDULUM_NUM_STATES] = 44 | { 45 | {0,1,0,0}, 46 | {0,-10.95,-2.75,0.0043}, 47 | {0,0,0,1}, 48 | {0,24.92,28.58,-0.044} 49 | }; 50 | 51 | const double pendulum_B[PENDULUM_NUM_STATES][PENDULUM_NUM_INPUTS] = 52 | { 53 | {0}, 54 | {1.94}, 55 | {0}, 56 | {-4.44} 57 | }; 58 | 59 | const double pendulum_K[PENDULUM_NUM_INPUTS][PENDULUM_NUM_STATES] = 60 | { 61 | {0.4072, 7.2373, 18.6269, 3.6725} 62 | //{7.6, 13.54, 42.85, 8.25} 63 | //{3.16, 19.85, 69.92, 14.38} 64 | //{10.0, 27.72, 103.36, 23.04} 65 | //{0,0,0,0} 66 | }; 67 | 68 | // input constraints 69 | const struct Interval pendulum_input_constraints[PENDULUM_NUM_INPUTS] = 70 | { 71 | {-4.95, 4.95} 72 | }; 73 | 74 | double pendulum_derivative(int dim, double* state) 75 | { 76 | double u[PENDULUM_NUM_INPUTS] = {0}; 77 | struct LinearParams params = 78 | { 79 | PENDULUM_NUM_STATES, 80 | PENDULUM_NUM_INPUTS, 81 | (const double *) pendulum_A, 82 | (const double *) pendulum_B, 83 | (const double *) pendulum_K, 84 | pendulum_input_constraints, 85 | u 86 | }; 87 | return linear_derivative(¶ms, dim, state); 88 | } 89 | 90 | void pendulum_updateInflectionPoints(struct Interval* rv, int dim, struct HyperRect* box) 91 | { 92 | return; 93 | } 94 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/pendulum_results/pendulum_step0006.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/RSpring/rtr_copilot/pendulum_results/pendulum_step0006.png -------------------------------------------------------------------------------- /RSpring/rtr_copilot/pendulum_results/pendulum_step0025.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/RSpring/rtr_copilot/pendulum_results/pendulum_step0025.png -------------------------------------------------------------------------------- /RSpring/rtr_copilot/pendulum_results/pendulum_step0075.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/RSpring/rtr_copilot/pendulum_results/pendulum_step0075.png -------------------------------------------------------------------------------- /RSpring/rtr_copilot/plotPendulum.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from numpy import sin, cos 4 | from mpl_toolkits.mplot3d import Axes3D, art3d 5 | import matplotlib.pyplot as plt 6 | import matplotlib.patches as patches 7 | import sys 8 | import math 9 | 10 | l = 0.5 11 | 12 | def plot_projection(data): 13 | newdata = [] 14 | for hyperRect in data: 15 | avgx = (hyperRect[0][0] + hyperRect[0][1]) / 2.0 16 | theta = hyperRect[1][0] 17 | for theta in hyperRect[1]: 18 | x = [] 19 | y = [] 20 | # base point of pendulum 21 | x.append(avgx) 22 | y.append(0) 23 | # end point of pendulum 24 | x.append(avgx + l * sin(theta)) 25 | y.append(l * cos(theta)) 26 | newdata.append([x,y]) 27 | return newdata 28 | 29 | def plot(data, endpoints = False): 30 | fig = plt.figure() 31 | ax = fig.gca() 32 | 33 | total = len(data) 34 | count = 0.0 35 | # Plot data 36 | for line in data: 37 | count = count + 1.0 38 | ax.plot(line[0], line[1], str(0.5-(count/total)*0.50)) 39 | if endpoints: 40 | ax.plot(line[0][1], line[1][1], 'ro') 41 | 42 | plt.axis('equal') 43 | plt.show() 44 | 45 | # Read the data from the file 46 | def readPath(filename): 47 | lines = [line.rstrip() for line in open(filename) if len(line.rstrip()) > 0] 48 | 49 | if len(lines) == 0: 50 | print "Empty File" 51 | sys.exit(1) 52 | 53 | return [[[float(x) for x in interval[1:-1].split(' ')] for interval in line.strip().split('\t')] for line in lines] 54 | 55 | if __name__ == '__main__': 56 | filename = 'data.txt' 57 | data = readPath(filename) 58 | plot(plot_projection(data)) 59 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/plotSolution.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from mpl_toolkits.mplot3d import Axes3D, art3d 4 | import matplotlib.pyplot as plt 5 | import matplotlib.patches as patches 6 | import sys 7 | import math 8 | 9 | lineSegs = [[[0, 0], [1, 0]], [[1, 0], [1, 1]], [[1, 1], [0, 1]], [[0, 1], [0, 0]]] 10 | 11 | def sign(value): 12 | if value > 0: 13 | return 1 14 | elif value < 0: 15 | return -1 16 | else: 17 | return 0 18 | 19 | def round_scale(value, axis_range): 20 | most_sig = int(math.floor(math.log10(abs(value)))) 21 | return round(value, -most_sig) 22 | 23 | def plot_projection(data, xaxis, yaxis): 24 | newdata = [] 25 | for hyperRect in data: 26 | for lineSeg in lineSegs: 27 | x = [] 28 | y = [] 29 | for pt in lineSeg: 30 | xval = hyperRect[xaxis][pt[0]] 31 | yval = hyperRect[yaxis][pt[1]] 32 | x.append(xval) 33 | y.append(yval) 34 | newdata.append([x,y]) 35 | return newdata 36 | 37 | def plot(data, endpoints = False, color_scheme = 'k'): 38 | fig = plt.figure() 39 | ax = fig.gca() 40 | 41 | # Plot data 42 | for line in data: 43 | ax.plot(line[0], line[1], color_scheme) 44 | if endpoints: 45 | ax.plot(line[0][1], line[1][1], 'ro') 46 | 47 | plt.axis('equal') 48 | plt.show() 49 | 50 | # Read the data from the file 51 | def readPath(filename): 52 | lines = [line.rstrip() for line in open(filename) if len(line.rstrip()) > 0] 53 | 54 | if len(lines) == 0: 55 | print "Empty File" 56 | sys.exit(1) 57 | 58 | return [[[float(x) for x in interval[1:-1].split(' ')] for interval in line.strip().split('\t')] for line in lines] 59 | 60 | if __name__ == '__main__': 61 | if len(sys.argv) > 1: 62 | filename = sys.argv[1] 63 | else: 64 | filename = 'data.txt' 65 | 66 | if len(sys.argv) > 3: 67 | xaxis = int(sys.argv[2]) 68 | yaxis = int(sys.argv[3]) 69 | else: 70 | xaxis = 0 71 | yaxis = 1 72 | 73 | data = readPath(filename) 74 | plot(plot_projection(data, xaxis, yaxis)) 75 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/plotVectorField.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | from mpl_toolkits.mplot3d import Axes3D, art3d 4 | import matplotlib.pyplot as plt 5 | import matplotlib.patches as patches 6 | import sys 7 | import math 8 | 9 | lineSegs = [[[0, 0], [1, 0]], [[1, 0], [1, 1]], [[1, 1], [0, 1]], [[0, 1], [0, 0]]] 10 | 11 | def sign(value): 12 | if value > 0: 13 | return 1 14 | elif value < 0: 15 | return -1 16 | else: 17 | return 0 18 | 19 | def round_scale(value, axis_range): 20 | most_sig = int(math.floor(math.log10(abs(value)))) 21 | return round(value, -most_sig) 22 | 23 | def plot_vector_field(data): 24 | newdata = [] 25 | for line in data: 26 | x = [] 27 | y = [] 28 | for pt in line: 29 | x.append(pt[0]) 30 | y.append(pt[1]) 31 | newdata.append([x,y]) 32 | return newdata 33 | 34 | def plot(data, endpoints = False, color_scheme = 'k'): 35 | fig = plt.figure() 36 | ax = fig.gca() 37 | 38 | # Plot data 39 | for line in data: 40 | ax.plot(line[0], line[1], color_scheme) 41 | if endpoints: 42 | ax.plot(line[0][1], line[1][1], 'ro') 43 | 44 | plt.axis('equal') 45 | plt.show() 46 | 47 | # Read the data from the file 48 | def readPath(filename): 49 | lines = [line.rstrip() for line in open(filename) if len(line.rstrip()) > 0] 50 | 51 | if len(lines) == 0: 52 | print "Empty File" 53 | sys.exit(1) 54 | 55 | return [[[float(x) for x in interval[1:-1].split(' ')] for interval in line.strip().split('\t')] for line in lines] 56 | 57 | if __name__ == '__main__': 58 | if len(sys.argv) > 1: 59 | filename = sys.argv[1] 60 | else: 61 | filename = 'data.txt' 62 | 63 | data = readPath(filename) 64 | plot(plot_vector_field(data), False) 65 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/rt_reachability.c: -------------------------------------------------------------------------------- 1 | #define PARAMS 2 2 | #define PHI 0.00001 3 | #define PENDULUM "PENDULUM" 4 | #define VANDERPOL "VANDERPOL" 5 | #define NONLINEAR_PENDULUM "NONLINEAR_PENDULUM" 6 | 7 | #include "rt_face_lift.h" 8 | #include "util.h" 9 | 10 | #include "pendulum_params.h" 11 | #include "nonlinear_pendulum_params.h" 12 | #include "vanderpol_params.h" 13 | 14 | #include 15 | #include 16 | #include 17 | #include 18 | 19 | #ifndef M_PI 20 | #define M_PI 3.14159 21 | #endif 22 | 23 | // Objective: Keep angle of inverted pendulum upright 24 | int main(int argc, char** argv) 25 | { 26 | if(argc != PARAMS) 27 | { 28 | printf("Missing RTR Monitor Type Parameter\n"); 29 | } 30 | else if(!strcmp(argv[1], PENDULUM)) 31 | { 32 | extern struct Monitor pendulum_params; 33 | const double PENDULUM_REACH_TIME = 0.75; 34 | face_lift(&pendulum_params, PENDULUM_REACH_TIME, true); 35 | } 36 | else if(!strcmp(argv[1], NONLINEAR_PENDULUM)) 37 | { 38 | /* RTR Monitor Global Variables */ 39 | struct Interval nonlinear_pendulum_dims[NONLINEAR_PENDULUM_NUM_STATES] = { 0 }; 40 | struct HyperRect nonlinear_pendulum_rset = { nonlinear_pendulum_dims }; 41 | 42 | struct Interval nonlinear_pendulum_neighborhood_dims[NONLINEAR_PENDULUM_NUM_STATES] = { 0 }; 43 | struct HyperRect nonlinear_pendulum_neighborhood_rset = { nonlinear_pendulum_neighborhood_dims }; 44 | 45 | const struct Interval nonlinear_pendulum_constraints[NONLINEAR_PENDULUM_NUM_STATES] = 46 | { 47 | {-DBL_MAX, DBL_MAX}, 48 | {-M_PI / 3.0, M_PI / 3.0}, 49 | {-5.0, 5.0}, 50 | {-DBL_MAX, DBL_MAX} 51 | }; 52 | 53 | struct Monitor nonlinear_pendulum_params = 54 | { 55 | NONLINEAR_PENDULUM_NUM_STATES, 56 | STEPS300, 57 | nonlinear_pendulum_constraints, 58 | &nonlinear_pendulum_derivative, 59 | &nonlinear_pendulum_updateInflectionPoints, 60 | &nonlinear_pendulum_rset, 61 | &nonlinear_pendulum_neighborhood_rset 62 | }; 63 | 64 | const double NONLINEAR_PENDULUM_REACH_TIME = 0.75; 65 | 66 | nonlinear_pendulum_params.rset->dims[0].min = 0; 67 | nonlinear_pendulum_params.rset->dims[0].max = 0; 68 | 69 | nonlinear_pendulum_params.rset->dims[1].min = 1.00; 70 | nonlinear_pendulum_params.rset->dims[1].max = 1.00 + PHI; 71 | 72 | nonlinear_pendulum_params.rset->dims[2].min = 0; 73 | nonlinear_pendulum_params.rset->dims[2].max = 0; 74 | 75 | nonlinear_pendulum_params.rset->dims[3].min = 0; 76 | nonlinear_pendulum_params.rset->dims[3].max = 0; 77 | 78 | // Print Current State and RTR Monitor State 79 | face_lift(&nonlinear_pendulum_params, NONLINEAR_PENDULUM_REACH_TIME, true); 80 | } 81 | else if(!strcmp(argv[1], VANDERPOL)) 82 | { 83 | extern struct Monitor vanderpol_params; 84 | const double DELTA = 0.01; 85 | const double VANDERPOL_REACH_TIME = 2.0; 86 | const double MAX_VANDERPOL_REACH_TIME = 12.0; 87 | 88 | for(double n = 0; n < MAX_VANDERPOL_REACH_TIME; n += VANDERPOL_REACH_TIME) 89 | { 90 | face_lift(&vanderpol_params, VANDERPOL_REACH_TIME, true); 91 | compressRset(&vanderpol_params, DELTA); 92 | } 93 | } 94 | return 0; 95 | } 96 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/src/interval.c: -------------------------------------------------------------------------------- 1 | #include "interval.h" 2 | 3 | bool contains(struct Interval* intv, double value) 4 | { 5 | return (intv->min <= value) && (intv->max >= value); 6 | } 7 | 8 | double avg(struct Interval* intv) 9 | { 10 | return ((intv->max + intv->min) / 2.0); 11 | } 12 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/src/util.c: -------------------------------------------------------------------------------- 1 | #include "util.h" 2 | 3 | const double EPSILON = 0.00001; 4 | 5 | bool check_bound(struct Interval i, double value) 6 | { 7 | return ((value > i.max) || (value < i.min)) ? false : true; 8 | } 9 | 10 | void print_rset(struct Monitor * const params) 11 | { 12 | for(int i = 0; i < params->NUM_STATES; ++i) 13 | { 14 | printf("[%f %f]\t", params->rset->dims[i].min, params->rset->dims[i].max); 15 | } 16 | printf("\n"); 17 | } 18 | 19 | void print_state(struct Monitor * const params, double* state) 20 | { 21 | for(int i = 0; i < params->NUM_STATES; ++i) 22 | { 23 | printf("%f ", state[i]); 24 | } 25 | printf("\n"); 26 | } 27 | 28 | bool check_state(struct Monitor * const params, double* state) 29 | { 30 | for(int i = 0; i < params->NUM_STATES; ++i) 31 | { 32 | if(!check_bound(params->state_constraints[i], state[i])) 33 | { 34 | return false; 35 | } 36 | } 37 | return true; 38 | } 39 | 40 | double min(double a, double b) 41 | { 42 | return (a < b) ? a : b; 43 | } 44 | 45 | double max(double a, double b) 46 | { 47 | return (a > b) ? a : b; 48 | } 49 | 50 | double absolute(double x) 51 | { 52 | return (x < 0) ? (x * -1.0) : x; 53 | } 54 | 55 | void updateInterval(struct Interval* rv, double value) 56 | { 57 | rv->min = min(rv->min, value); 58 | rv->max = max(rv->max, value); 59 | } 60 | 61 | void compressRset(struct Monitor * const params, const double DELTA) 62 | { 63 | double avg0 = avg(¶ms->rset->dims[0]); 64 | //printf("%f %f %f \n", params->rset->dims[0].min, params->rset->dims[0].max, avg0); 65 | params->rset->dims[0].min = avg0; 66 | params->rset->dims[0].max = avg0 + DELTA; 67 | for(int d = 1; d < params->NUM_STATES; ++d) 68 | { 69 | double average = avg(¶ms->rset->dims[d]); 70 | //printf("%f %f %f\n", params->rset->dims[d].min, params->rset->dims[d].max, average); 71 | params->rset->dims[d].min = average; 72 | params->rset->dims[d].max = average; 73 | } 74 | } 75 | 76 | void updateNeighborhood(struct Monitor * const params) 77 | { 78 | for(int i = 0; i < params->NUM_STATES; ++i) 79 | { 80 | params->neighborhood->dims[i].min = params->rset->dims[i].min; 81 | params->neighborhood->dims[i].max = params->rset->dims[i].max; 82 | } 83 | } 84 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/vanderpol_autogen/include/vanderpol_params.h: -------------------------------------------------------------------------------- 1 | #ifndef _VANDERPOL_PARAMS_H_ 2 | #define _VANDERPOL_PARAMS_H_ 3 | 4 | #define VANDERPOL_NUM_STATES 2 5 | 6 | #include "constants.h" 7 | #include "hyper_rect.h" 8 | #include "util.h" 9 | 10 | #include 11 | 12 | static double x_derivative(double* state); 13 | static double y_derivative(double* state); 14 | void vanderpol_updateInflectionPoints(struct Interval* rv, int dim, struct HyperRect* box); 15 | double vanderpol_derivative(int dim, double* state); 16 | #endif // _VANDERPOL_PARAMS_H_ 17 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/vanderpol_autogen/include/vanderpol_vector_field.h: -------------------------------------------------------------------------------- 1 | #ifndef VANDERPOL_VECTOR_FIELD_H 2 | #define VANDERPOL_VECTOR_FIELD_H 3 | 4 | #include "vanderpol_params.h" 5 | #include "rt_face_lift.h" 6 | 7 | const struct Interval VANDERPOL_STATE_BOUNDS[VANDERPOL_NUM_STATES] = 8 | { 9 | {-2.5, 2.5}, 10 | {-2.5, 2.5}, 11 | }; 12 | 13 | const double VANDERPOL_STEP = 0.05; 14 | const double VANDERPOL_SAMPLES = 30.0; 15 | 16 | double vanderpol_hyperPoint[VANDERPOL_NUM_STATES] = {0}; 17 | #endif // VANDERPOL_VECTOR_FIELD_H 18 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/vanderpol_autogen/vanderpol_params.c: -------------------------------------------------------------------------------- 1 | #include "vanderpol_params.h" 2 | 3 | struct Interval vanderpol_dims[VANDERPOL_NUM_STATES] = 4 | { 5 | {1.0, 1.0}, 6 | {0.20, 0.21} 7 | }; 8 | 9 | struct HyperRect vanderpol_rset = { vanderpol_dims }; 10 | 11 | struct Interval vanderpol_neighborhood_dims[VANDERPOL_NUM_STATES] = { 0 }; 12 | struct HyperRect vanderpol_neighborhood_rset = { vanderpol_neighborhood_dims }; 13 | 14 | const struct Interval vanderpol_constraints[VANDERPOL_NUM_STATES] = 15 | { 16 | {-10.0, 10.0}, 17 | {-10.0, 10.0} 18 | }; 19 | 20 | struct Monitor vanderpol_params = 21 | { 22 | VANDERPOL_NUM_STATES, 23 | STEPS300, 24 | vanderpol_constraints, 25 | &vanderpol_derivative, 26 | &vanderpol_updateInflectionPoints, 27 | &vanderpol_rset, 28 | &vanderpol_neighborhood_rset 29 | }; 30 | 31 | double x_derivative(double* state) 32 | { 33 | return state[1]; 34 | } 35 | 36 | double y_derivative(double* state) 37 | { 38 | return (1 - pow(state[0], 2)) * state[1] - state[0]; 39 | } 40 | 41 | double vanderpol_derivative(int dim, double* state) 42 | { 43 | switch(dim) 44 | { 45 | case 0: 46 | { 47 | return x_derivative(state); 48 | } 49 | case 1: 50 | { 51 | return y_derivative(state); 52 | } 53 | default: 54 | { 55 | return 0.0; 56 | } 57 | } 58 | } 59 | 60 | void vanderpol_updateInflectionPoints(struct Interval* rv, int dim, struct HyperRect* box) 61 | { 62 | if(contains(&box->dims[0], 1.0) && contains(&box->dims[1], -0.5)) 63 | { 64 | double HyperPoint[VANDERPOL_NUM_STATES] = {1,-0.5}; 65 | double dv = vanderpol_derivative(dim, HyperPoint); 66 | updateInterval(rv, dv); 67 | } 68 | 69 | if(contains(&box->dims[0], -1.0) && contains(&box->dims[1], 0.5)) 70 | { 71 | double HyperPoint[VANDERPOL_NUM_STATES] = {-1,0.5}; 72 | double dv = vanderpol_derivative(dim, HyperPoint); 73 | updateInterval(rv, dv); 74 | } 75 | 76 | double xmin = -1/(2 * box->dims[1].min); 77 | if(contains(&box->dims[0], xmin)) 78 | { 79 | double HyperPoint[VANDERPOL_NUM_STATES] = {xmin, box->dims[1].min}; 80 | double dv = vanderpol_derivative(dim, HyperPoint); 81 | updateInterval(rv, dv); 82 | } 83 | 84 | double xmax = -1/(2 * box->dims[1].max); 85 | if(contains(&box->dims[0], xmax)) 86 | { 87 | double HyperPoint[VANDERPOL_NUM_STATES] = {xmax, box->dims[1].max}; 88 | double dv = vanderpol_derivative(dim, HyperPoint); 89 | updateInterval(rv, dv); 90 | } 91 | } 92 | -------------------------------------------------------------------------------- /RSpring/rtr_copilot/vanderpol_results/vanderpol_step0006.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/RSpring/rtr_copilot/vanderpol_results/vanderpol_step0006.png -------------------------------------------------------------------------------- /RSpring/rtr_copilot/vanderpol_results/vanderpol_step0025.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/RSpring/rtr_copilot/vanderpol_results/vanderpol_step0025.png -------------------------------------------------------------------------------- /RSpring/rtr_copilot/vanderpol_results/vanderpol_step0075.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/RSpring/rtr_copilot/vanderpol_results/vanderpol_step0075.png -------------------------------------------------------------------------------- /RSpring/rtr_copilot/vector_field.c: -------------------------------------------------------------------------------- 1 | #define PARAMS 4 2 | #define PENDULUM "PENDULUM" 3 | #define VANDERPOL "VANDERPOL" 4 | 5 | #include "pendulum_vector_field.h" 6 | #include "vanderpol_vector_field.h" 7 | 8 | #include 9 | #include 10 | 11 | void clear_hyperPoint(double * const hyperPoint, const int NUM_STATES) 12 | { 13 | for(int i = 0; i < NUM_STATES; ++i) 14 | { 15 | hyperPoint[i] = 0.0; 16 | } 17 | } 18 | 19 | void build_vector_field(const int xaxis, 20 | const int yaxis, 21 | double * const hyperPoint, 22 | const struct Interval * const STATE_BOUNDS, 23 | const int NUM_STATES, 24 | const double SAMPLES, 25 | const double STEP, 26 | derivativeFunDef derivative) 27 | { 28 | assert(xaxis >= 0); 29 | assert(yaxis >= 0); 30 | assert(xaxis < NUM_STATES); 31 | assert(yaxis < NUM_STATES); 32 | 33 | double xrange = STATE_BOUNDS[xaxis].max - STATE_BOUNDS[xaxis].min; 34 | double xstep = xrange / SAMPLES; 35 | 36 | double yrange = STATE_BOUNDS[yaxis].max - STATE_BOUNDS[yaxis].min; 37 | double ystep = yrange / SAMPLES; 38 | 39 | for(double i = 0; i < SAMPLES; ++i) 40 | { 41 | for(double j = 0; j < SAMPLES; ++j) 42 | { 43 | clear_hyperPoint(hyperPoint, NUM_STATES); 44 | hyperPoint[xaxis] = STATE_BOUNDS[xaxis].min + i * xstep; 45 | hyperPoint[yaxis] = STATE_BOUNDS[yaxis].min + j * ystep; 46 | printf("[%f %f]\t", hyperPoint[xaxis], hyperPoint[yaxis]); 47 | 48 | double xdiv = derivative(xaxis, hyperPoint); 49 | double ydiv = derivative(yaxis, hyperPoint); 50 | 51 | hyperPoint[xaxis] += STEP * xdiv; 52 | hyperPoint[yaxis] += STEP * ydiv; 53 | printf("[%f %f]\n", hyperPoint[xaxis], hyperPoint[yaxis]); 54 | } 55 | } 56 | } 57 | 58 | int main(int argv, char** argc) 59 | { 60 | const int xaxis = (argv >= PARAMS) ? atoi(argc[2]) : 0; 61 | const int yaxis = (argv >= PARAMS) ? atoi(argc[3]) : 1; 62 | 63 | if(argv < PARAMS-2) 64 | { 65 | printf("Missing RTR Monitor Type Parameter\n"); 66 | } 67 | else if(!strcmp(PENDULUM, argc[1])) 68 | { 69 | build_vector_field(xaxis, yaxis, pendulum_hyperPoint, PENDULUM_STATE_BOUNDS, PENDULUM_NUM_STATES, PENDULUM_SAMPLES, PENDULUM_STEP, &pendulum_derivative); 70 | } 71 | else if(!strcmp(VANDERPOL, argc[1])) 72 | { 73 | build_vector_field(xaxis, yaxis, vanderpol_hyperPoint, VANDERPOL_STATE_BOUNDS, VANDERPOL_NUM_STATES, VANDERPOL_SAMPLES, VANDERPOL_STEP, &vanderpol_derivative); 74 | } 75 | return 0; 76 | } 77 | -------------------------------------------------------------------------------- /RV2015/Background.tex: -------------------------------------------------------------------------------- 1 | \section{Background on SMT-based $k$-induction}~\label{sec:background} 2 | The focus of our investigation has been on applying model checking to prove 3 | invariant properties of our monitors. We 4 | employ a technique known as $k$-induction~\cite{Sheeran00,EenS03} for verifying inductive 5 | properties of infinite state systems. $k$-induction has the 6 | advantage that it is well suited to \textsc{smt} 7 | based bounded model checking. This section profiles the 8 | basic concepts of the $k$-induction proof technique needed in the 9 | remainder of the paper. In practice, we use tools that implement enhancements of the basic procedure such as path compression~\cite{dMRS03} that help the process scale, but are beyond the focus of the paper. 10 | 11 | Consider a state transition system $(S,I,T),$ 12 | where $S$ is a set of states, $I \subseteq S$ is the set of initial 13 | states and $T \subseteq S \times S $ is a transition relation over 14 | $S.$ To show $P$ holds in the transition system one must show that (1) 15 | the base case holds---that $P$ holds in all states reachable 16 | from an initial state in $k$ steps, and (2) the induction step holds---that if $P$ holds in states $s_0,\ldots,s_{k-1}$ then it holds in 17 | state $s_k.$ The $k$-induction principle is formally expressed in the 18 | following two entailments: 19 | \begin{eqnarray*} 20 | I(s_0) \tland T(s_0,s_1) \tland \cdots \tland T(s_{k-1},s_k) &\models& 21 | P(s_k) \\ 22 | P(s_0) \tland \cdots \tland P(s_{k-1}) \tland T(s_0,s_1) \tland \cdots \tland T(s_{k-1},s_k) &\models& 23 | P(s_k) 24 | \end{eqnarray*} 25 | If one cannot show the property to be true, the 26 | property is strengthened by either extending the formula or 27 | progressively increasing the length of the reachable states 28 | considered. 29 | 30 | Property $P$ said to be a $k$-inductive property with respect to 31 | $(S,I,T)$ if there exists some $k \in \mathbb{N}^{0<}$ such that $P$ 32 | satisfies the $k$-induction principle. As $k$ increases, weaker 33 | invariants may be proved. If $P$ is a safety property that does not hold, then the first entailment will break for a finite $k$ and a counterexample will be provided. The trick is to find an invariant that is 34 | tractable by the \textsc{smt} solver yet weak enough to satisfy the desired 35 | property. 36 | -------------------------------------------------------------------------------- /RV2015/Makefile: -------------------------------------------------------------------------------- 1 | DIR=pdflatex 2 | DOC=paper 3 | BIB=$(DOC).bib 4 | LATEX=pdflatex 5 | 6 | FIGS=./Figs 7 | 8 | all: $(DIR) $(DOC).tex $(BIB) 9 | $(LATEX) -output-directory $(DIR) $(DOC) 10 | bibtex $(DIR)/$(DOC).aux 11 | $(LATEX) -output-directory $(DIR) $(DOC) 12 | $(LATEX) -output-directory $(DIR) $(DOC) 13 | cp $(DIR)/$(DOC).pdf . 14 | 15 | # twopi -Tps $(FIGS)/architecture_sensors.dot > $(FIGS)/architecture_sensors.ps 16 | # ps2epsi $(FIGS)/architecture_sensors.ps $(FIGS)/architecture_sensors.epsi 17 | # epstopdf $(FIGS)/architecture_sensors.epsi 18 | 19 | $(DIR): 20 | mkdir -p $(DIR) 21 | 22 | .PHONY: clean 23 | clean: 24 | rm -rf $(DIR) 25 | -------------------------------------------------------------------------------- /RV2015/OrigStructureDiag.tex: -------------------------------------------------------------------------------- 1 | \section{Structure of the Toolchain}~\label{sec:structure} 2 | 3 | 4 | \begin{figure}[ht!] 5 | \begin{tikzpicture}[->, node distance=3.00cm, auto, shorten >=1pt, bend angle=45, 6 | thick] 7 | \tikzstyle{every state}=[rectangle, rounded corners] 8 | 9 | \node[state] (Lang) 10 | { 11 | \begin{tabular}[b]{l} 12 | Copilot Libraries\\ \hline Copilot Language 13 | \end{tabular}}; 14 | \node[state] (Core) [below of =Lang] {Copilot Core}; 15 | %\node[state] (Cnub) [below of = Core] {Cnub}; 16 | \node[state] (TransSys) [left of=Core] {$\mathrm{Transition Sys}^{m}$}; 17 | \node[state] (IL) [right of =Core] {IL}; 18 | \node[state] (SmtLib) [below of=IL] {SMT LIB Format}; 19 | \node[state] (NMTransSys)[below left of = TransSys] {$\mathrm{Transition Sys}^{nm}$} ; 20 | \node[state] (MprimeTransSys)[below right of = TransSys] {$\mathrm{Transition Sys}^{m}$} ; 21 | \node[state] (Kind2Native) [below of = NMTransSys]{Kind 2 Native Format} ; 22 | \tikzstyle{every node}=[] 23 | 24 | \path 25 | (Lang) edge [ anchor=west, text width=5.00cm] node {Reification and DSL-specific type-checking} (Core) 26 | % (Core) edge node {} (Cnub) 27 | (Core) edge node {} (TransSys) 28 | edge node {} (IL) 29 | (TransSys) edge node[swap] {Inline} (NMTransSys) 30 | edge node {Remove Cycles} (MprimeTransSys) 31 | (NMTransSys) edge node {} (Kind2Native) 32 | (MprimeTransSys) edge node {} (Kind2Native) 33 | (IL) edge node{} (SmtLib) ; 34 | \end{tikzpicture} 35 | \caption{The Copilot verification toolchain.} 36 | \label{fig:toolchain} 37 | \end{figure} -------------------------------------------------------------------------------- /RV2015/Related.tex: -------------------------------------------------------------------------------- 1 | \section{Related Work}\label{sec:related} 2 | The research reported here builds on recent research conducted in a number 3 | of areas including formal verification, functional programming and 4 | DSL design, and RV. 5 | 6 | Copilot has many features common to other RV frameworks aimed at 7 | monitoring distributed or real-time systems. There are few other 8 | instances of RV frameworks targeted to C code. One exception is {\sc 9 | Rmor}, which generates constant-memory C monitors~\cite{havelundc}. 10 | {\sc Rmor} does not address real-time behavior or distributed system 11 | RV, though. To our knowledge no other RV framework has integrated 12 | monitor verification tools into their systems. 13 | 14 | % JavaMOP~\cite{javamop} uses aspect-oriented techniques 15 | % to allow one to write sophisticated monitors. 16 | 17 | %Research at the University of Waterloo also investigates the use of 18 | % RV using periodic sampling~\cite{sampling}. Unlike with Copilot, the authors 19 | %do not make the assumptions that the target programs are hard real-time 20 | %themselves. 21 | 22 | Haskell-based DSLs are of growing popularity and given that they are all 23 | embedded into the same programming language, they share many 24 | similarities with Copilot. For instance, 25 | Kansas Lava~\cite{Gill:14:DSLs}, which is designed for 26 | programming field programmable gate arrays, and 27 | Ivory~\cite{pike-plpv14}, which is designed for writing secure autonomous 28 | systems, are both implemented using techniques similar to Copilot. 29 | 30 | The ROSETTE extension to the Racket language~\cite{Torlak} provides a 31 | framework for building DSLs that integrate \textsc{smt} 32 | solvers. Smten~\cite{Uhler} is a DSL with embedded \textsc{smt} 33 | solvers that is targeted at writing satisfiability based searches. 34 | 35 | %For instance FeldSpar~\cite{feldspar} is designed for digital signal processing 36 | 37 | As we have already mentioned, Copilot is similar in spirit to other 38 | languages with stream-based semantics, notably represented by the 39 | Lustre family of languages~\cite{lustre-intro}. Copilot is a simpler 40 | language, particularly with respect to Lustre's clock calculus, 41 | focused on monitoring (as opposed to developing control systems). 42 | The work that is most 43 | relevant the research presented in this paper is the application of 44 | the Kind model checking tool to verify Lustre programs~\cite{Hagen08}. 45 | Kind and its most recent incarnation~\cite{kind} is designed to model 46 | check Lustre programs and due to the similarities between Copilot and 47 | Lustre we targeted the Kind2 prover to be one of our back ends as 48 | well. Yet, to the best of our knowledge, the Boyer-Moore majority 49 | voting examples given in Section~\ref{sec:mvote} are more 50 | sophisticated than published results using Kind with Lustre. 51 | 52 | 53 | 54 | %Copilot can be seen as an generalization of the idea of Lustre's 55 | %``synchronous observers''~\cite{Halbwachs93}, which are Boolean-valued 56 | %streams used to track properties about Lustre programs. Whereas 57 | %Lustre uses synchronous observers to monitor Lustre programs, we apply 58 | %the idea to monitoring arbitrary periodically-scheduled real-time 59 | %systems. Canovas-Dumas and Caspi have built a tool for verifying 60 | %Lustre programs using the Prototype Verification System (PVS) 61 | %interactive prover~\cite{Canovas-Dumas:2000} and as such can be 62 | %applied to a much wider range of properties than the bounded model 63 | %checking tools used in \texttt{Copilot-Kind}. -------------------------------------------------------------------------------- /RV2015/Structure.tex~: -------------------------------------------------------------------------------- 1 | \section{Structure of the Toolchain}~\label{sec:structure} 2 | 3 | 4 | \begin{figure}[ht!] 5 | \begin{tikzpicture}[->, node distance=3.00cm, auto, shorten >=1pt, bend angle=45, 6 | thick] 7 | \tikzstyle{every state}=[rectangle, rounded corners] 8 | 9 | \node[state] (Lang) 10 | { 11 | \begin{tabular}[b]{l} 12 | Copilot Libraries\\ \hline Copilot Language 13 | \end{tabular}}; 14 | \node[state] (Core) [below of =Lang] {Copilot Core}; 15 | %\node[state] (Cnub) [below of = Core] {Cnub}; 16 | \node[state] (TransSys) [left of=Core] {$\mathrm{Transition Sys}^{m}$}; 17 | \node[state] (IL) [right of =Core] {IL}; 18 | \node[state] (SmtLib) [below of=IL] {SMT LIB Format}; 19 | \node[state] (NMTransSys)[below left of = TransSys] {$\mathrm{Transition Sys}^{nm}$} ; 20 | \node[state] (MprimeTransSys)[below right of = TransSys] {$\mathrm{Transition Sys}^{m}$} ; 21 | \node[state] (Kind2Native) [below of = NMTransSys]{Kind 2 Native Format} ; 22 | \tikzstyle{every node}=[] 23 | 24 | \path 25 | (Lang) edge [ anchor=west, text width=5.00cm] node {Reification and DSL-specific type-checking} (Core) 26 | % (Core) edge node {} (Cnub) 27 | (Core) edge node {} (TransSys) 28 | edge node {} (IL) 29 | (TransSys) edge node[swap] {Inline} (NMTransSys) 30 | edge node {Remove Cycles} (MprimeTransSys) 31 | (NMTransSys) edge node {} (Kind2Native) 32 | (MprimeTransSys) edge node {} (Kind2Native) 33 | (IL) edge node{} (SmtLib) ; 34 | \end{tikzpicture} 35 | \caption{The Copilot verification toolchain.} 36 | \label{fig:toolchain} 37 | \end{figure} -------------------------------------------------------------------------------- /RV2015/conclusion.tex: -------------------------------------------------------------------------------- 1 | \section{Conclusion}\label{sec:conclusion} 2 | 3 | %Ultra-Critical systems are quickly evolving in complexity, and assured 4 | %RV is a necessary complement to traditional assurance techniques. 5 | In this paper, we have presented the development of 6 | \texttt{copilot-kind} that enhances the Copilot RV framework with an 7 | integrated model-checking capability for verifying monitors and 8 | illustrated its applicability to verify a range of monitors. 9 | 10 | In practice, our tool turned out to be very useful, indeed, even when 11 | the property being checked is not inductive or the induction step is 12 | too hard, it is very useful to test the first entailment of the 13 | $k$-induction algorithm for small values of $k$, proving the property 14 | cannot be violated in the first $k$ time steps or displaying a 15 | counterexample trace. Many subtle bugs can be captured for reasonable 16 | values of $k$. 17 | 18 | Yet, $k$-induction does have limitations. For instance, writing $k$-inductive 19 | specifications can be difficult. Newer advances like the 20 | \textsc{IC}3 algorithm, implemented by Kind2, are aimed at proving 21 | non-inductive properties by splitting it into concise and relevant 22 | inductive lemmas. However, our experiments showed that currently 23 | available tools fail at proving very simple properties as soon as 24 | basic arithmetic is involved. 25 | 26 | The development of \texttt{copilot-kind} has reinforced the efficacy 27 | of the embedded DSL approach. Being embedded in a higher-order 28 | functional language facilitated the creation of a number of features 29 | such as our proof scheme capability. We have also found it quite 30 | advantageous to be able to write properties in the familiar style of 31 | Haskell programs. For instance, in Section~\ref{sec:mvote}, the 32 | function \texttt{forAllCst} for the serial Boyer-Moore example in that 33 | it uses both a \texttt{fold} and a \texttt{map} operator to model 34 | finite conjunctions. Beyond our own purposes, we believe that other 35 | embedded DSL developers could use our designs in order to interface 36 | their languages with proof engines. 37 | 38 | %Verified monitors are by no means sufficient for achieving assured RV, 39 | %since a safety case is far more encompassing, but it is a necessary 40 | %condition. 41 | 42 | Having successfully applied our tool to rather 43 | sophisticated monitors, future extensions are planned. Given that we are 44 | focused on cyber-physical systems, the limitations 45 | of \textsc{smt}-based provers go beyond the fact that they become prohibitively slow as the 46 | size of their input increases. 47 | \textsc{smt}-solvers do not generally handle quantifiers or special real-valued 48 | functions well. A promising way to deal with both these issues 49 | would be an extension of the \textit{proof scheme} system where 50 | properties involving arbitrary streams are seen as universally 51 | quantified lemmas which can be specialized and added to the proof 52 | context by an explicit use of a new \texttt{apply} directive. An interface to 53 | MetiTarski~\cite{AkbarpourPaulson} will also allow us to automatically 54 | prove some of 55 | the mathematical properties of interest, but connecting to an 56 | interactive prover may also be necessary. 57 | 58 | 59 | -------------------------------------------------------------------------------- /RV2015/intro.tex~: -------------------------------------------------------------------------------- 1 | \section{Introduction}\label{sec:intro} 2 | Runtime Verification (RV), where monitors detect and respond to 3 | property violations at runtime, can help address several of the 4 | verification challenges facing ultra-critical systems. As RV matures 5 | it will be employed to verify more and more sophisticated 6 | properties. For instance, checking complex stability properties of a 7 | control system or ensuring that a critical system is 8 | fault-tolerant~\cite{XXX}. Strictly regulated ultra-critical areas such 9 | as civil aviation, systems must demonstrate highly predicable behavior 10 | in order to be certified. As interest grows in techniques such as 11 | adaptive flight control and fully autonomous vehicles that utilize 12 | learning to adapt to unpredictable environments, architectures have 13 | been proposed~\cite{} that use RV to switch from the more exotic 14 | uncertified software to a certified, but less capable, system when 15 | safety properties are violated. If monitors in ultra-critical systems 16 | are to be the last line of defense, then we need to ensure they are 17 | correct. As the monitors we execute at runtime become more and more 18 | sophisticated, applying formal verification tools to the monitors to 19 | ensure they are correct can help safeguard that the last line of 20 | defense is actually effective. 21 | 22 | 23 | The case study applies our approach to the Copilot language and 24 | framework initially developed at the National Institute of Aerospace 25 | and Galois Inc under a contract to NASA. Copilot is a stream 26 | language for generating embedded C-code monitors for verifying 27 | system properties of hard real time embedded systems. The overall 28 | approach we take was initially inspired by the integration of model 29 | checking in Lustre~\cite{YY}. 30 | 31 | 32 | 33 | % In this short paper, we describe 34 | %initial results of an ongoing effort to integrate model checking 35 | %technology into the Copilot RV framework in order to verify 36 | %our monitors before they are deployed in unltra-critical systems. 37 | 38 | 39 | 40 | 41 | 42 | 43 | -------------------------------------------------------------------------------- /Tutorial/Domain.tex: -------------------------------------------------------------------------------- 1 | \section{Domain} 2 | 3 | Copilot is a domain-specific language tailored to programming \emph{runtime 4 | monitors} for \emph{hard real-time}, \emph{distributed}, \emph{reactive systems}. 5 | Briefly, a runtime monitor is program that runs concurrently with a target program 6 | with the sole purpose of assuring that the target program behaves in accordance with a 7 | pre-established specification. Copilot is a language for writing such specifications. 8 | 9 | A reactive system is a system that responds continuously to its environment. 10 | All data to and from a reactive system are communicated progressively during 11 | execution. Reactive systems differ from transformational systems which transform 12 | data in a single pass and then terminate, as for example compilers and numerical 13 | computation software. 14 | 15 | A hard real-time system is a system that has a statically bounded execution time 16 | and memory usage. Typically, hard real-time systems are used in 17 | mission-critical software, such as avionics, medical equipment, and nuclear power 18 | plants; hence, occasional dropouts in the response time or crashes are not 19 | tolerated. 20 | 21 | A distributed system is a system which is layered out on multiple pieces of hardware. 22 | The distributed systems we consider are all synchronized, i.e., all components agree on 23 | a shared global clock. 24 | -------------------------------------------------------------------------------- /Tutorial/Tools.tex: -------------------------------------------------------------------------------- 1 | \section{Tools} \label{sec:tools} 2 | 3 | Copilot comes with a variety of tools, including a pretty-printer, an 4 | interpreter, a compiler targeting C, and a verifier front-end. In the following 5 | section, we will demonstrate some of these tools and their usage. All the tools 6 | are shown in the Figure~\ref{fig:new-toolchain}. 7 | 8 | \begin{figure}[ht!] 9 | \centering 10 | \begin{tikzpicture}[->, node distance=3cm, auto, shorten >=1pt, bend angle=45, 11 | thick] 12 | \tikzstyle{every state}=[rectangle, rounded corners] 13 | 14 | 15 | \node[state] (Int) {Interpreter}; 16 | \node[state] (Lang) [above right of=Int] {% 17 | \begin{tabular}[b]{l} 18 | Copilot Libraries\\ \hline Copilot Language 19 | \end{tabular}}; 20 | 21 | \node[state] (M4) [left=3cm of Lang] {M4}; 22 | \node[state] (Core) [below right of=Lang] {Copilot Core}; 23 | \node[state] (PP) [right of=Core] {Pretty Printer}; 24 | 25 | 26 | 27 | \node[state] (ACSL) [below of=PP] {\begin{tabular}[b]{l} 28 | ACSL\\ generator 29 | \end{tabular}}; 30 | \node[state] (DOTc) [right of=ACSL] {\begin{tabular}[b]{l} 31 | DOT\\ generator 32 | \end{tabular}}; 33 | \node[state] (SBV) [below of=Core] {SBV Back-End}; 34 | 35 | \node[state] (SMT) [below left=1.6cm and 1.2cm of Int] {SMT Lib}; 36 | \node[state] (C99S) [below of=SBV] {\begin{tabular}[b]{l} 37 | DOT\\ \hline ACSL\\ \hline C99 38 | \end{tabular}}; 39 | \node[state] (DOT) [below right of=C99S] {DOT/graphviz}; 40 | \node[state] (CCOMP) [below left=0.3cm and 0.3cm of C99S] {CompCert}; 41 | \node[state] (ASM) [below=1cm of CCOMP] {Assembly code}; 42 | 43 | 44 | \tikzstyle{every node}=[] 45 | 46 | 47 | \path %% (Libs) edge node {0,1,L} (Lang); 48 | %% edge node {1,1,R} (C) 49 | (Lang) edge [bend left, anchor=west, text width=2.5cm] node {Reification and DSL-specific type-checking} (Core) 50 | %% edge node {0,1,L} (C) 51 | (M4) edge [text width=2.5cm] node {Preprocessing} (Lang) 52 | (Core) edge [anchor=east] node {Translation} (SBV) 53 | edge node {} (PP) 54 | edge node [swap] {Evaluation} (Int) 55 | (ACSL) edge [bend left, anchor=west] node {Integration} (C99S) 56 | (DOTc) edge [bend left, anchor=east] node {} (C99S) 57 | (Int) edge [<->,red, bend right, anchor=east] node {QuickCheck} (SBV) 58 | (PP) edge [->, anchor=east, text width=2cm] node {ACSL generation} (ACSL) 59 | (PP) edge [->, anchor=west] node {DOT generation} (DOTc) 60 | (C99S) edge [->, anchor=north west] node {make} (CCOMP) 61 | (Core) edge [->, anchor=south east, text width=3cm] node {proof generation} (SMT) 62 | (CCOMP) edge [->, anchor=east] node {Cross-compilation} (ASM) 63 | (C99S) edge [loop left, ->, anchor=east] node {Verification with frama-c WP plugin} (C99S) 64 | (C99S) edge [->, anchor=west] node {Extraction and graph generation} (DOT) 65 | (SBV) edge [->,anchor=east] node {Compilation} (C99S); 66 | %% edge [bend left] node {Translation} (SBV) 67 | %% (Atom) edge [loop below] node {1,1,R} (D) 68 | %% edge node {0,1,R} (Libs) 69 | %% (SBV) edge [bend left] node {1,0,R} (); 70 | \end{tikzpicture} 71 | \caption{The new Copilot toolchain. The red arrows are the one to implement in the future.} 72 | \label{fig:new-toolchain} 73 | \end{figure} 74 | 75 | \subsection{Pretty-Printing} \label{sec:pretty-printing} 76 | Pretty-printing is straightforward. For some specification {\tt spec}, 77 | % 78 | \begin{code} 79 | prettyPrint spec 80 | \end{code} 81 | % 82 | \noindent 83 | returns the specification after static macro expansion. Pretty-printing can 84 | provide some indication about the complexity of the specification to be 85 | evaluated. Specifications that are built by recursive Haskell programs (e.g., 86 | the majority voting example in Section~\ref{subsec:boyer_moore}) can generate 87 | expressions that are large. Large expressions can take significant 88 | time to interpret or compile. 89 | 90 | \subsubsection{Dot Pretty-Printing} 91 | 92 | In order to use the Dot Pretty-Printter, you have to generate C source code. When generating C source code with SBV, each C source file (except driver.c), will have a dot source code output inside, which summaries what the file is. If the generation is on proof mode (using the function \texttt{proofACSL}), then Copilot will generate one more file named "main.gv", which contains the code for the whole AST of your program. 93 | 94 | -------------------------------------------------------------------------------- /Tutorial/images/label/main.hs: -------------------------------------------------------------------------------- 1 | divert(-1) 2 | changequote({,}) 3 | define({LQ},{changequote(`,'){dnl} 4 | changequote({,})}) 5 | define({RQ},{changequote(`,')dnl{ 6 | }changequote({,})}) 7 | changecom({--}) 8 | 9 | 10 | divert(0)dnl 11 | import Copilot.Language.Reify 12 | import Copilot.Language 13 | import Copilot.Language.Operators.Eq 14 | import Copilot.Library.Clocks 15 | 16 | import qualified Copilot.Compile.SBV as S 17 | import qualified Copilot.Compile.C99 as C 18 | import qualified Prelude as P 19 | import Debug.Trace 20 | import Control.Monad (foldM_) 21 | 22 | -------------------------------------------------------------------------------- 23 | -- NEVER USE THIS PIECE OF CODE FOR WRITING A REAL MONITOR (cf ARIANE 5 fail) 24 | -- Implementation of http://shemesh.larc.nasa.gov/people/cam/publications/NASA-TM-2014-218280.pdf 25 | -------------------------------------------------------------------------------- 26 | 27 | import qualified Data.List as L 28 | 29 | ----------------------------------------- 30 | -- Spec 31 | ----------------------------------------- 32 | 33 | alt :: Stream Bool 34 | alt = (label "?splitting" $ not $ externB "externvar" Nothing) 35 | 36 | 37 | 38 | spec :: Spec 39 | spec = do 40 | -- trigger "alert_WCVtau" (wellClearViolation tau relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 41 | -- trigger "alert_WCVtcpa" (wellClearViolation tcpa relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 42 | -- trigger "alert_WCVtaumod" (wellClearViolation taumod relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 43 | -- trigger "alert_WCVtep" (wellClearViolation tep relPositionX relPositionY relPositionZ relVelocityX relVelocityY relVelocityZ) [] 44 | trigger "trigger" (alt) [] 45 | 46 | 47 | main = do 48 | reify spec >>= S.proofACSL S.defaultParams 49 | 50 | 51 | -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- /Tutorial/images/label/main.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/Tutorial/images/label/main.pdf -------------------------------------------------------------------------------- /Tutorial/images/label/splitted.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/Tutorial/images/label/splitted.pdf -------------------------------------------------------------------------------- /Tutorial/images/label/splitted2.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/Copilot-Language/copilot-discussion/67231900efc9cb78a1a30d068b2e6345935aadb0/Tutorial/images/label/splitted2.pdf -------------------------------------------------------------------------------- /Tutorial/preliminaries.tex: -------------------------------------------------------------------------------- 1 | 2 | 3 | \section{Preliminaries} 4 | \label{sec:preliminaries} 5 | 6 | Copilot is embedded into the functional programming language Haskell 7 | \cite{PeytonJones02}. A working knowledge of Haskell is necessary to use 8 | Copilot effectively; a variety of books and free web resources introduce Haskell. 9 | Copilot uses Haskell language extensions 10 | specific to the Glasgow Haskell Compiler (GHC); hence in order to start 11 | using Copilot, you must first install an up-to-date version of GHC. 12 | (The minimal required version is 7.10.1) 13 | The easiest way to do this is to download and install the Haskell Platform, 14 | which is freely distributed from here: 15 | 16 | \begin{center} 17 | \url{http://hackage.haskell.org/platform} 18 | \end{center} 19 | 20 | \noindent After having installed the Haskell Platform, Copilot is downloaded and 21 | installed by executing the following command: 22 | 23 | \begin{code} 24 | > cabal install copilot 25 | \end{code} 26 | 27 | \noindent This should, if everything goes well, install Copilot on your system. 28 | 29 | Copilot is distributed through a series of packages at Hackage: 30 | 31 | \begin{itemize} 32 | \item copilot-language: Contains the language front-end. 33 | \item copilot-theorem: Contains some extensions to the language for proving 34 | properties about copilot programs using various SMT solvers and model checkers. 35 | \item copilot-core: Contains an intermediate representation for Copilot programs (shared by all back-ends). 36 | \item copilot-c99: A back-end for Copilot targeting C99 (based on Atom, \url{http://hackage.haskell.org/package/atom}). \textbf{Not updated anymore, might be deprecated soon.} 37 | \item copilot-sbv: A back-end for Copilot targeting C99 (based on SBV, \url{http://hackage.haskell.org/package/sbv}). 38 | \item copilot-libraries: A set of utility functions for Copilot, including a clock-library, a linear temporal logic framework, 39 | a voting library, and a regular expression framework. 40 | \item copilot-cbmc: A driver for proving the correspondence between code 41 | generated by the copilot-c99 and copilot-sbv back-ends. 42 | \end{itemize} 43 | 44 | Many of the examples in this paper can be found at 45 | \url{https://github.com/Copilot-Language/Copilot/tree/copilot2.0/Examples}. 46 | 47 | To use the language, your Haskell module should contain the following import: 48 | % 49 | \begin{code} 50 | import Language.Copilot 51 | \end{code} 52 | % 53 | To use the back-ends, import them, respectively: 54 | % 55 | \begin{code} 56 | import Copilot.Compile.C99 57 | import Copilot.Compile.SBV 58 | \end{code} 59 | % 60 | If you need to use functions defined in the Prelude that are redefined by 61 | Copilot (e.g., arithmetic operators), import the Prelude as qualified: 62 | % 63 | \begin{code} 64 | import qualified Prelude as P 65 | \end{code} 66 | 67 | -------------------------------------------------------------------------------- /announcement-haskell-3.0: -------------------------------------------------------------------------------- 1 | Dear all, 2 | 3 | We are very pleased to announce the release of Copilot 3.0, a stream-based DSL 4 | for writing and monitoring embedded C programs, with an emphasis on correctness 5 | and hard realtime requirements. 6 | 7 | Copilot is typically used as a runtime verification framework, where programs 8 | serve as specifications to the system we want to monitor. Additional libraries 9 | provide utility functions for temporal logic (LTL, PTLTL and MTL), clocks and 10 | voting algorithms. 11 | 12 | Over the years, Copilot has been used at the Safety Critical Avionics Systems 13 | Branch of NASA Langley Research Center for monitoring test flights of drones. 14 | 15 | This new release contains a number of additional features that make writing 16 | programs easier: 17 | 18 | * The extended language with support for monitoring and generating 19 | structs and arrays in a type-safe manner. 20 | 21 | * A completely rewritten C99 code generator to support the new features. 22 | 23 | * Significant improvements on the quality and readability of the output code, 24 | which help in traceability and certification of the code. 25 | 26 | * Internal simplifications for a more future proof codebase. 27 | 28 | Copilot is available on hackage [1]. For more information, including 29 | documentation, examples and links to the source code, please visit the webpage 30 | [2]. 31 | 32 | Kind regards, 33 | The Copilot developers: 34 | - Frank Dedden (maintainer) 35 | - Alwyn Goodloe 36 | - Ivan Perez 37 | 38 | [1] http://hackage.haskell.org/package/copilot 39 | [2] https://copilot-language.github.io 40 | -------------------------------------------------------------------------------- /cbackend-pres2018/toolchain.tex: -------------------------------------------------------------------------------- 1 | \begin{tikzpicture}[->, node distance=3cm, auto, shorten >=1pt, bend angle=45, 2 | thick] 3 | \tikzstyle{every state}=[rectangle, rounded corners] 4 | 5 | 6 | \node[state] (Int) {Interpreter}; 7 | \node[state] (Lang) [above right of=Int] 8 | { 9 | \begin{tabular}[b]{l} 10 | Copilot Libraries\\ \hline Copilot Language 11 | \end{tabular}}; 12 | \node[state] (Core) [below right of=Lang] {Copilot Core}; 13 | \node[state] (PP) [right of=Core] {Pretty Printer}; 14 | 15 | 16 | \node[state] (Atom) [below left of=Core] {Atom Back-End}; 17 | \node[state] (SBV) [below right of=Core] {SBV Back-End}; 18 | \node[state] (C99A) [below of=Atom] {C99}; 19 | \node[state] (C99S) [below of=SBV] {C99}; 20 | 21 | 22 | \tikzstyle{every node}=[] 23 | 24 | 25 | \path %% (Libs) edge node {0,1,L} (Lang); 26 | %% edge node {1,1,R} (C) 27 | (Lang) edge [bend left, anchor=west, text width=2.5cm] node {Reification and DSL-specific type-checking} (Core) 28 | %% edge node {0,1,L} (C) 29 | (Core) edge node {Translation} (Atom) 30 | edge node {} (SBV) 31 | edge node {} (PP) 32 | edge node [swap] {Evaluation} (Int) 33 | (Int) edge [<->, bend right] node {QuickCheck} (Atom) 34 | (Atom) edge node {Compilation} (C99A) 35 | (SBV) edge node {Compilation} (C99S) 36 | (C99A) edge [<->] node {Model checking} (C99S); 37 | %% edge [bend left] node {Translation} (SBV) 38 | %% (Atom) edge [loop below] node {1,1,R} (D) 39 | %% edge node {0,1,R} (Libs) 40 | %% (SBV) edge [bend left] node {1,0,R} (); 41 | \end{tikzpicture} 42 | -------------------------------------------------------------------------------- /co-kind-report/conclusion.tex: -------------------------------------------------------------------------------- 1 | \section{Conclusion}~\label{sec:conclusion} 2 | 3 | The conclusion 4 | -------------------------------------------------------------------------------- /co-kind-report/interface.tex: -------------------------------------------------------------------------------- 1 | \section{General Prover Interface}~\label{sec:interface} 2 | \alwyn{Jonathan. Please complete this section} 3 | \alwyn{Jonathan. If you want we can discuss more details about this section on skype} 4 | General solver interface 5 | 6 | Modular proposition 7 | 8 | Graph represenation 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /co-kind-report/introduction.tex: -------------------------------------------------------------------------------- 1 | \section{Introduction}~\label{sec:intro} 2 | 3 | %In this section we shall put an introduction 4 | 5 | %What are we trying to accomplish 6 | 7 | %Why 8 | 9 | %How (by connecting copilot with model checking) 10 | 11 | Critical cyber-physical systems that require correct software behavior 12 | such as aircraft, spacecraft, medical devices, and nuclear reactors 13 | undergo extensive testing and may require certification by regulatory 14 | bodies before being deployed. Despite being constructed with thorough 15 | engineering processes there continue to be well documented incidents 16 | that demonstrate how hard it is to build robust software systems. 17 | 18 | 19 | Runtime verification (RV)~\cite{KimVBKLS99, monitors} is a family of 20 | approaches that employ {\em monitors} to observe the behavior of an 21 | executing system and to detect if it is consistent with a formal 22 | specification. Copilot is a RV framework that has been developed as 23 | part of a NASA project investigating applying RV to safety-critical 24 | hard real-time systems as a ``last line of defense.'' Given that RV 25 | acts in the role last defense the natural question arises 26 | ``who watches the watchmen?'' Nobody. For this reason, monitors for 27 | safety-critical systems cannot fail. Consequently, the Copilot team 28 | has been investigating the question of how to produce monitors in 29 | which we can be assured of a high-degree of confidence that they will 30 | not fail when needed most. Earlier work focused on the light-weight 31 | verification of the monitor compilation 32 | process~\cite{pike-icfp-12}. The current report focuses on applying 33 | SMT-based model checking to ensure that the monitor itself is correct. 34 | 35 | 36 | -------------------------------------------------------------------------------- /co-kind-report/main.bbl: -------------------------------------------------------------------------------- 1 | \begin{thebibliography}{} 2 | 3 | \end{thebibliography} 4 | -------------------------------------------------------------------------------- /co-kind-report/nia.cls: -------------------------------------------------------------------------------- 1 | %% This is file `nia.cls', a simple extension of `article.cls', to be used 2 | %% for the preparation of NIA Technical Reports. 3 | %% 4 | %% Version 1.d 5 | %% 6 | %% By Cesar A. Munoz (munoz@nianet.org) 7 | %% 8 | %% Modifications: 9 | %% 10 | %% Jul 2005 (Version 1d) 11 | %% Modified NIA address 12 | %% 13 | %% Jul 2004 (Version 1c) 14 | %% Added \nia to print National Institute of Aerospace (NIA), 15 | %% Added \niaemail{} to print @nianet.org 16 | %% Added \niaweb{} to print http://research.nianet.org/~ 17 | %% 18 | %% Sep 2003 (Version 1b) 19 | %% \draftbanner : Prints a DRAFT banner across the pages in postscript file 20 | %% \doubleline : Double space. 21 | %% 22 | %% Jun 2003 (Version 1a) 23 | %% \acknowledegments --> \acknowledgments 24 | %% 25 | %% Jan 2003 (Version 1) 26 | %% First version. 27 | 28 | \NeedsTeXFormat{LaTeX2e} 29 | \ProvidesClass{nia}[2003/09/10 NIA (Technical Reports) Style class] 30 | \LoadClass[12pt]{article} 31 | 32 | \bibliographystyle{plain} 33 | 34 | \newcommand{\draftbanner}{\special{!userdict begin /bop-hook{gsave 200 30 translate 35 | 65 rotate /Times-Roman findfont 216 scalefont setfont 36 | 0 0 moveto 0.9 setgray (DRAFT) show grestore}def end}} 37 | 38 | \newcommand{\doubleline}{\renewcommand\baselinestretch{1.5}} 39 | 40 | \newcommand{\nia}{National Institute of Aerospace (NIA), 100 Exploration Way, Hampton VA, 23666} 41 | 42 | \DeclareOption{draft}{\doubleline\draftbanner} 43 | \ProcessOptions 44 | 45 | \RequirePackage{url} 46 | \RequirePackage{ifthen} 47 | 48 | \setlength{\textwidth}{6.5in} 49 | \setlength{\textheight}{9in} 50 | \setlength{\topmargin}{-0.5in} 51 | \setlength{\oddsidemargin}{0in} 52 | \pagenumbering{arabic} 53 | 54 | %+++ Definitions +++ 55 | 56 | \renewcommand{\section}{% 57 | \@startsection 58 | {section}{1}{\z@}% 59 | {-1.5ex plus -1ex minus -.2ex}% 60 | {1ex plus .2ex} 61 | {\normalsize\bf\MakeUppercase}% 62 | } 63 | \renewcommand{\subsection}{% 64 | \@startsection 65 | {subsection}{2}{\z@} 66 | {-1.5ex plus -1ex minus -.2ex}% 67 | {1ex plus .2ex}{\normalsize\bf}% 68 | } 69 | \newcounter{thanks} 70 | \renewcommand{\thethanks}{\fnsymbol{thanks}} 71 | \newcommand{\email}{\url} 72 | \newcommand{\web}{\url} 73 | \newcommand{\niaemail}[1]{\email{#1@nianet.org}} 74 | \newcommand{\niaweb}[1]{\web{http://research.nianet.org/~#1}} 75 | \newcommand{\address}{\thanks} 76 | 77 | \renewenvironment{abstract}{\begin{quote}\small\centerline{\bf ABSTRACT}}{\end{quote}} 78 | \renewcommand{\title}[2][0]{\begin{center}{\large\MakeUppercase{\bf #2}}\ifthenelse{\equal{#1}{0}}{}{\thanks{#1}}\end{center}} 79 | \newcommand{\subtitle}[1]{\vspace*{-9mm}\begin{center}{\small\MakeUppercase{\bf #1}}\end{center}} 80 | \renewcommand{\author}[1]{\begin{center}#1\end{center}\bigskip} 81 | \renewcommand{\thanks}[1]{\stepcounter{thanks}\renewcommand\thefootnote\thethanks\footnote{#1}\setcounter{footnote}{0}} 82 | 83 | \long\def\@makecaption#1#2{% 84 | \vskip\abovecaptionskip 85 | \sbox\@tempboxa{#1: {\it #2}}% 86 | \ifdim \wd\@tempboxa >\hsize 87 | #1: {\it #2}\par 88 | \else 89 | \global \@minipagefalse 90 | \hb@xt@\hsize{\hfil\box\@tempboxa\hfil}% 91 | \fi 92 | \vskip\belowcaptionskip} 93 | 94 | \newcommand{\acknowledgments}{\subsection*{ACKNOWLEDGMENTS}} 95 | 96 | \renewcommand{\refname}{REFERENCES} 97 | 98 | 99 | 100 | -------------------------------------------------------------------------------- /co-kind-report/sexpr.tex: -------------------------------------------------------------------------------- 1 | \section{SMT Lib}~\label{sec:sexpr} 2 | 3 | Discuss the interface to smt-lib via sexpressions 4 | 5 | 6 | -------------------------------------------------------------------------------- /co-kind-report/transition.tex: -------------------------------------------------------------------------------- 1 | \section{Transition System}~\label{sec:trans} 2 | 3 | Describe the transition system 4 | 5 | Operations on transitions 6 | 7 | -------------------------------------------------------------------------------- /core-language.md: -------------------------------------------------------------------------------- 1 | The Copilot Core Language 2 | ========================= 3 | 4 | This document describes the Copilot Core language. 5 | 6 | Syntax 7 | ------ 8 | 9 | A Copilot specification, _p_, in the core language consists of: 10 | 11 | 1. A list of *streams*, _s_.1 ... _s_._n_. 12 | 13 | 2. A list of *triggers*, _t_.1 ... _t_._n_. 14 | 15 | A stream, _s_, consists of 16 | 17 | 1. a finitite list of atomic values, _x_.1 ... _x_._n_, which we denote 18 | *buffer*(_s_). The length of the list we denote *size*(_s_). 19 | 20 | 2. An expression, _e_, which we denote *exp*(_s_). 21 | 22 | A trigger, _t_, consists of: 23 | 24 | 1. An expression of type __bool__, _g_, which we denote *guard*(_t_). 25 | 26 | 2. A list of trigger arguments, _a_.1 ... _a_._n_, which we denote 27 | *args*(_t_). 28 | 29 | A trigger argument, _a_, consists of: 30 | 31 | 1. An expression, _e_, which we denote *exp*(a). 32 | 33 | Expressions are constructed as follows: 34 | 35 | 1. If _e_ is an expression and _x_ is an *atomic* value, 36 | then __const__(_x_) is an expression. 37 | 38 | 2. If _s_ is a stream with a buffer of length _i_ and _k_ is an integer such 39 | that 0 <= _k_ < _i_, then _s_[_k_]_ is an expression. 40 | 41 | 3. If _op_ is an *n*-ary atomic operator and _e_.1 ... _e_._n_ are 42 | expressions, then _op_(_e_.1 ... _e_._n_) is an expression. 43 | 44 | Atomic values 45 | ------------- 46 | 47 | T.B.D. 48 | 49 | Typing rules 50 | ------------ 51 | 52 | T.B.D. 53 | 54 | Semantics 55 | --------- 56 | 57 | Program execution is devided into a well ordered sequence of atomic instants, 58 | where each instant, _i_, corresponds to a natural number. 59 | 60 | The value of an expression _e_ at the instant _i_ is denoted *E*|_i_|(_e_) and is 61 | defined by: 62 | 63 | + *E*|_i_|(__const__(_x_)) = *V*(_x_) 64 | 65 | + *E*|_i_|(_s_|_k_|) = E|_i_-_k_|(_s_) 66 | 67 | + *E*|_i_|(_op_(_e_.1, ..., _e_._n_)) = 68 | (*V*(_op_))(*E*|_i_|(_e_.0), ...,*E*|_i_|(_e_._n_)) 69 | 70 | The value of a stream _s_ at the instant _i_ is denoted *E*|_i_|(_s_) and is defined 71 | by: 72 | 73 | + *E*|_i_|(_s_) = if _i_ < 0 then *buffer*(_s_).(_i_ + *size*(_s_)) 74 | else *E*|_i_|(*exp(_s_)). 75 | --------------------------------------------------------------------------------