Klaus Havelund | Jet Propulsion Laboratory, California Institute of Technology (original) (raw)

A computer scientist on a space flight.

less

Uploads

Papers by Klaus Havelund

Lecture Notes in Computer Science, 2021

From January 26 2007 the Dagstuhl Seminar 07011`Run07011`Run-time Verication' was held in the... more From January 26 2007 the Dagstuhl Seminar 07011`Run07011`Run-time Verication' was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar have been put together in this paper. The rst section is an executive summary that describes the seminar topics in general. Over the past few years, runtime verication has emerged as a focused subject in program analysis that bridges the gap between the complexity-haunted eld of fully formal verication methods and the ad-hoc eld 1 The website for the seminar:

As part of the design of a space mission, an important part is the design of so-called flight rul... more As part of the design of a space mission, an important part is the design of so-called flight rules. Flight rules express constraints on various parts and processes of the mission, that if followed, will reduce the risk of failure. One such set of flight rules constrain the format of command sequences regularly (e.g. daily) sent to the spacecraft to control its next near term behavior. We present a high-level view of the automated flight rule checker Frc for checking command sequences sent to NASA’s LADEE Lunar mission spacecraft, used throughout its entire mission. A command sequence is in this case essentially a program (a sequence of commands) with no loops or conditionals, and it can therefore be verified with a trace analysis tool. Frc is implemented using the TraceContract runtime verification tool, an internal Scala DSL for checking event sequences against “formal specifications”. The paper illustrates this untraditional use of runtime verification in a real context, with str...

In Runtime Verification (RV), monitoring a system means checking an execution trace of a program ... more In Runtime Verification (RV), monitoring a system means checking an execution trace of a program for satisfactions and violations of properties. The question of which properties can be effectively monitored over ideal channels has mostly been answered by prior work. However, program monitoring is often deployed for remote systems where communications may be unreliable. In this work, we address the question of what properties are monitorable over an unreliable communication channel. We describe the different types of mutations that may be introduced to an execution trace and examine their effects on program monitoring. We propose a fixed-parameter tractable algorithm for determining the immunity of a finite automaton to a trace mutation and show how it can be used to classify \(\omega \)-regular properties as monitorable over channels with that mutation.

This article is an introduction to Professor Howard Barringer, in honor of his 60th birthday on D... more This article is an introduction to Professor Howard Barringer, in honor of his 60th birthday on December 20, 2011, which was celebrated by the HOWARD-60 workshop (Higher-Order Workshop on Automated Runtime verification and Debugging), held on the same day at University of Manchester.

International Journal on Software Tools for Technology Transfer, 2021

Runtime Verification, 2020

Lecture Notes in Computer Science, 2017

Lecture Notes in Computer Science, 2017

Formal Methods in System Design, 2018

Lecture Notes in Computer Science, 2016

International Journal on Software Tools for Technology Transfer, 2015

Communications in Computer and Information Science, 2015

Lecture Notes in Computer Science, 2021

From January 26 2007 the Dagstuhl Seminar 07011`Run07011`Run-time Verication' was held in the... more From January 26 2007 the Dagstuhl Seminar 07011`Run07011`Run-time Verication' was held in the International Conference and Research Center (IBFI), Schloss Dagstuhl. During the seminar, several participants presented their current research, and ongoing work and open problems were discussed. Abstracts of the presentations given during the seminar have been put together in this paper. The rst section is an executive summary that describes the seminar topics in general. Over the past few years, runtime verication has emerged as a focused subject in program analysis that bridges the gap between the complexity-haunted eld of fully formal verication methods and the ad-hoc eld 1 The website for the seminar:

As part of the design of a space mission, an important part is the design of so-called flight rul... more As part of the design of a space mission, an important part is the design of so-called flight rules. Flight rules express constraints on various parts and processes of the mission, that if followed, will reduce the risk of failure. One such set of flight rules constrain the format of command sequences regularly (e.g. daily) sent to the spacecraft to control its next near term behavior. We present a high-level view of the automated flight rule checker Frc for checking command sequences sent to NASA’s LADEE Lunar mission spacecraft, used throughout its entire mission. A command sequence is in this case essentially a program (a sequence of commands) with no loops or conditionals, and it can therefore be verified with a trace analysis tool. Frc is implemented using the TraceContract runtime verification tool, an internal Scala DSL for checking event sequences against “formal specifications”. The paper illustrates this untraditional use of runtime verification in a real context, with str...

In Runtime Verification (RV), monitoring a system means checking an execution trace of a program ... more In Runtime Verification (RV), monitoring a system means checking an execution trace of a program for satisfactions and violations of properties. The question of which properties can be effectively monitored over ideal channels has mostly been answered by prior work. However, program monitoring is often deployed for remote systems where communications may be unreliable. In this work, we address the question of what properties are monitorable over an unreliable communication channel. We describe the different types of mutations that may be introduced to an execution trace and examine their effects on program monitoring. We propose a fixed-parameter tractable algorithm for determining the immunity of a finite automaton to a trace mutation and show how it can be used to classify \(\omega \)-regular properties as monitorable over channels with that mutation.

This article is an introduction to Professor Howard Barringer, in honor of his 60th birthday on D... more This article is an introduction to Professor Howard Barringer, in honor of his 60th birthday on December 20, 2011, which was celebrated by the HOWARD-60 workshop (Higher-Order Workshop on Automated Runtime verification and Debugging), held on the same day at University of Manchester.

International Journal on Software Tools for Technology Transfer, 2021

Runtime Verification, 2020

Lecture Notes in Computer Science, 2017

Lecture Notes in Computer Science, 2017

Formal Methods in System Design, 2018

Lecture Notes in Computer Science, 2016

International Journal on Software Tools for Technology Transfer, 2015

Communications in Computer and Information Science, 2015

Log In