*banner
 

Time for High-Confidence Software Systems
Edward A. Lee

Citation
Edward A. Lee. "Time for High-Confidence Software Systems". Talk or presentation, 1, May, 2011.

Abstract
All widely used software abstractions lack temporal semantics. The notion of correct execution of a program written in every widely-used programming language today does not depend on the temporal behavior of the program. But temporal behavior matters in almost all systems. Even in systems with no particular real-time requirements, timing of programs is relevant to the value delivered by programs, and in the case of concurrent programs, also affects the functionality. In systems with real-time requirements, such as most cyber-physical systems, temporal behavior affects not just the value delivered by a system but also its correctness. The lack of temporal semantics in programs has many consequences that can undermine confidence in systems. For example, without temporal semantics, denial-of-service attacks are no threat. Typically, a denial-of-service attack only affects the timing of services, and if timing is irrelevant to correctness, then such an attacks is also irrelevant. But we know that such attacks are not irrelevant. Worse, without temporal semantics in programs, there is no semantic basis for distinguishing between normal behavior and behavior under attack. Hence, detection of denial-of-service attacks is at best a heuristic. In this talk, we will argue that time can and must become part of the semantics of programs for a large class of applications. To illustrate that this is both practical and useful, we will describe two recent efforts at Berkeley in the design and analysis of timing-centric software systems. On the design side, we will describe PTIDES, a programming model for distributed real-time systems. PTIDES rests on a rigorous semantics of discrete-event systems and reflects the realities in distributed real-time, where measuring the passage of time is imperfect. PTIDES enables deterministic time-sensitive distributed actions. It relies on certain assumptions about networks that are not trivial (time synchronization with bounded error and bounded latency), but which have been shown in some contexts to be achievable and economical. PTIDES is also robust to subsystem failures, and, perhaps most interestingly, provides a semantic basis for detecting such failures at the earliest possible time.

Electronic downloads

Citation formats  
  • HTML
    Edward A. Lee. <a
    href="http://chess.eecs.berkeley.edu/pubs/840.html"
    ><i>Time for High-Confidence Software
    Systems</i></a>, Talk or presentation,  1, May,
    2011.
  • Plain text
    Edward A. Lee. "Time for High-Confidence Software
    Systems". Talk or presentation,  1, May, 2011.
  • BibTeX
    @presentation{Lee11_TimeForHighConfidenceSoftwareSystems,
        author = {Edward A. Lee},
        title = {Time for High-Confidence Software Systems},
        day = {1},
        month = {May},
        year = {2011},
        abstract = {All widely used software abstractions lack
                  temporal semantics. The notion of correct
                  execution of a program written in every
                  widely-used programming language today does not
                  depend on the temporal behavior of the program.
                  But temporal behavior matters in almost all
                  systems. Even in systems with no particular
                  real-time requirements, timing of programs is
                  relevant to the value delivered by programs, and
                  in the case of concurrent programs, also affects
                  the functionality. In systems with real-time
                  requirements, such as most cyber-physical systems,
                  temporal behavior affects not just the value
                  delivered by a system but also its correctness.
                  The lack of temporal semantics in programs has
                  many consequences that can undermine confidence in
                  systems. For example, without temporal semantics,
                  denial-of-service attacks are no threat.
                  Typically, a denial-of-service attack only affects
                  the timing of services, and if timing is
                  irrelevant to correctness, then such an attacks is
                  also irrelevant. But we know that such attacks are
                  not irrelevant. Worse, without temporal semantics
                  in programs, there is no semantic basis for
                  distinguishing between normal behavior and
                  behavior under attack. Hence, detection of
                  denial-of-service attacks is at best a heuristic.
                  In this talk, we will argue that time can and must
                  become part of the semantics of programs for a
                  large class of applications. To illustrate that
                  this is both practical and useful, we will
                  describe two recent efforts at Berkeley in the
                  design and analysis of timing-centric software
                  systems. On the design side, we will describe
                  PTIDES, a programming model for distributed
                  real-time systems. PTIDES rests on a rigorous
                  semantics of discrete-event systems and reflects
                  the realities in distributed real-time, where
                  measuring the passage of time is imperfect. PTIDES
                  enables deterministic time-sensitive distributed
                  actions. It relies on certain assumptions about
                  networks that are not trivial (time
                  synchronization with bounded error and bounded
                  latency), but which have been shown in some
                  contexts to be achievable and economical. PTIDES
                  is also robust to subsystem failures, and, perhaps
                  most interestingly, provides a semantic basis for
                  detecting such failures at the earliest possible
                  time. },
        URL = {http://chess.eecs.berkeley.edu/pubs/840.html}
    }
    

Posted by Mary Stewart on 5 May 2011.
For additional information, see the Publications FAQ or contact webmaster at chess eecs berkeley edu.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.

©2002-2018 Chess