Refinement sensitive formal semantics of state machines with persistent choice

Modeling languages usually support two kinds of nondeterminism, an external one for interactions of a system with its environment, and one that stems from under-specification as familiar in models of behavioral requirements. Both forms of nondeterminism are resolvable by composing a system with an environment model and by refining under-specified behavior (respectively). Modeling languages usually dont support nondeterminism that is persistent in that neither the composition with an environment nor refinements of under-specification will resolve it. Persistent nondeterminism is used, e.g., for modeling faulty systems. We present a formal semantics for UML state machines enriched with an operator persistent choice that models persistent nondeterminism. This semantics is based on abstract models - μ-automata with a novel refinement relation - and a sound three-valued satisfaction relation for properties expressed in the μ-calculus. © 2009 Elsevier B.V. All rights reserved

Behavior description and safety in real time models

This paper includes a survey on sorne modern methods that are used for describing and analyzing behavior of complex systems. It is believed that most safety problems arise in the interface between the controlling parts and other controlled subsystems. Therefore, a prerequisite for a good interface is an accurate definition of the system. Two objectives are evaluated: the description power and the analysis power for safety and timing properties. This is done by describing and analyzing a simple system that is composed of two doors, which are restricted by time and "safety" requirements. It is found that although good description methods do exist, their usefulness for analyzing safety timed properties is very limited

Bialgebraic Semantics for String Diagrams

Turi and Plotkin's bialgebraic semantics is an abstract approach to specifying the operational semantics of a system, by means of a distributive law between its syntax (encoded as a monad) and its dynamics (an endofunctor). This setup is instrumental in showing that a semantic specification (a coalgebra) satisfies desirable properties: in particular, that it is compositional. In this work, we use the bialgebraic approach to derive well-behaved structural operational semantics of string diagrams, a graphical syntax that is increasingly used in the study of interacting systems across different disciplines. Our analysis relies on representing the two-dimensional operations underlying string diagrams in various categories as a monad, and their bialgebraic semantics in terms of a distributive law over that monad. As a proof of concept, we provide bialgebraic compositional semantics for a versatile string diagrammatic language which has been used to model both signal flow graphs (control theory) and Petri nets (concurrency theory). Moreover, our approach reveals a correspondence between two different interpretations of the Frobenius equations on string diagrams and two synchronisation mechanisms for processes, \`a la Hoare and \`a la Milner.Comment: Accepted for publications in the proceedings of the 30th International Conference on Concurrency Theory (CONCUR 2019

Coalgebra for the working software engineer

Often referred to as ‘the mathematics of dynamical, state-based systems’, Coalgebra claims to provide a compositional and uniform framework to spec ify, analyse and reason about state and behaviour in computing. This paper addresses this claim by discussing why Coalgebra matters for the design of models and logics for computational phenomena. To a great extent, in this domain one is interested in properties that are preserved along the system’s evolution, the so-called ‘business rules’ or system’s invariants, as well as in liveness requirements, stating that e.g. some desirable outcome will be eventually produced. Both classes are examples of modal assertions, i.e. properties that are to be interpreted across a transition system capturing the system’s dynamics. The relevance of modal reasoning in computing is witnessed by the fact that most university syllabi in the area include some incursion into modal logic, in particular in its temporal variants. The novelty is that, as it happens with the notions of transition, behaviour, or observational equivalence, modalities in Coalgebra acquire a shape . That is, they become parametric on whatever type of behaviour, and corresponding coinduction scheme, seems appropriate for addressing the problem at hand. In this context, the paper revisits Coalgebra from a computational perspective, focussing on three topics central to software design: how systems are modelled, how models are composed, and finally, how properties of their behaviours can be expressed and verified.Fuzziness, as a way to express imprecision, or uncertainty, in computation is an important feature in a number of current application scenarios: from hybrid systems interfacing with sensor networks with error boundaries, to knowledge bases collecting data from often non-coincident human experts. Their abstraction in e.g. fuzzy transition systems led to a number of mathematical structures to model this sort of systems and reason about them. This paper adds two more elements to this family: two modal logics, framed as institutions, to reason about fuzzy transition systems and the corresponding processes. This paves the way to the development, in the second part of the paper, of an associated theory of structured specification for fuzzy computational systems

Model checking combined Z and Statechart specifications

Eine der bedeutendsten Herausforderungen der Softwareentwicklung besteht darin, einen Entwicklungsprozess zu garantieren, der Fehlerfreiheit nicht nur gewährleistet sondern auch nachweisbar macht. Beides ist von besonderer Bedeutung, wenn sicherheitskritische Systeme entwickelt werden, etwa in den Bereichen der Medizin, der Produktionssteuerung oder der Verkehrstechnik. Softwarefehler können hier lebensbedrohlich sein. Aus diesem Grund ist es meist auch notwendig, die Fehlerfreiheit der Software einem Dritten nachzuweisen. Die Steuerung einer Verkehrsampel muss beispielsweise nicht nur fehlerfrei funktionieren, sondern auch vom TÜV abgenommen werden. Der Einsatz formaler Methoden stellt einen vielversprechenden Ansatz dar, diese Probleme zu lösen. Formale Sprachen haben gegenüber den üblichen, nicht-formalen Methoden (umgangssprachliche Spezifikationsdokumente oder Spezifikationssprachen ohne eindeutige Semantik) den Vorteil einer eindeutigen Semantik. Damit können Anforderungen an ein System eindeutig beschrieben und seine Eigenschaften mathematisch bewiesen werden. In der Praxis haben sich diese Methoden allerdings bisher noch nicht durchgesetzt. Zwei herausragende Ursachen hierfür sind: 1. Die formalen Spezifikationssprachen orientieren sich meist mehr an mathematischer Eleganz als an einfachen und intuitiven Sprachmitteln. Das stellt eine große Hürde für den praktischen Einsatz dar. Die Spezifikationssprache mSZ versucht dieses Problem zu lösen. Sie verbindet die von Harel entwickelte und in der Industrie akzeptierte grafische Sprache Statecharts mit der formalen Sprache Z. Damit liegt eine intuitive Sprache vor, die den Anforderungen einer formalen Sprache genügt. 2.Formale Spezifikationen haben zwar eine präzise Semantik, sie lassen aber dem Spezifikateur immer noch die Freiheit, inkonsistente oder fehlerhafte (nicht den tatsächlichen Anforderungen entsprechende) Spezifikationen zu erstellen. Andererseits ermöglichen sie es, Konsistenz und Eigenschaften formal zu beweisen und so zu einer fehlerfreien Spezifikation zu gelangen. Werden solche Beweise nicht geführt, ist gegenüber einer nicht-formalen Spezifikation wenig gewonnen. Um die aufwändige Beweisführung praktikabel zu machen, ist eine möglichst weitgehende Automatisierung unverzichtbar. Der Nachweis der Konsistenz sowie der Eigenschaften einer mSZ Spezifikation ist Ziel der vorliegenden Arbeit. Hierfür werden Model Checking Techniken eingesetzt. Um dies zu ermöglichen, wird die mSZ Spezifikation in drei Schritten übersetzt: 1. Übersetzung des Statechartanteils einer mSZ-Spezifikation nach Z. Damit werden zusätzlich die Semantik der Statecharts und die Semantik die Integration von Statecharts und Z definiert. Außerdem erlaubt diese Vorgehensweise andere, reine Z-Werkzeuge für die Analyse zu benutzen. 2. Vereinfachung der Z-Spezifikation in ein vereinfachtes Z (Simple Z), das vom Sprachumfang der Eingabesprache eines Model Checkers entspricht. Dieser Schritt erlaubt es, sowohl mSZ-Spezifikationen wie auch reine Z Spezifikationen für das Model Checking vorzubereiten. Das vereinfachte Z kann leicht in die Eingabesprache eines Model Checkers übersetzt werden. 3. Übersetzung von Simple Z in die Eingabesprache des SMV Model Checkers von McMillan. Der Model Checker kann dann Konsistenz und Eigenschaften der Spezifikation beweisen.One of today's major problems in software engineering is to achieve a high and comprehensive quality standard for the software development process, in order to maintain a reliable high quality for the resulting products. This holds particularly true for safety critical systems, where failure of the software may have life-threatening consequences. Here, not only the quality of the software itself is important, but also the ability to convince a third party of this very quality. The usage of formal methods is one promising approach to achieve these goals. Roughly speaking, formal methods introduce mathematical precision to the development process. They do so by using formalisms with well defined semantics, and so stipulate formal proofs to verify development steps. This approach is all too well feasible in theory. In practice, however, one will encounter various problems that impede a consequent usage of formal methods: 1. The formal character of the proposed languages and the need to use them for every aspect of the described system makes them too bulky. The reason for this is that they often times concentrate more on the mathematical elegance of their underlying semantics than on comfortable and intuitive usage. The specification language mSZ tackles this problem. It combines Harel s Statecharts with the formal specification language Z and offers very intuitive means to describe a system. 2. As adequate tool support is often missing, implementation of the formal proof obligations becomes practically impossible, because without any tools, these proofs are quite complicated, and their development takes a lot of time. Providing tool support for the verification of consistency and properties of an mSZ specification is the objective of this work. Model checking is used for the verification. An mSZ specification is translated in three steps into the input language of a model checker: 1. The Statecharts are translated to Z. With this, the Statechart semantics and the semantics of the Statechart integration with Z are defined. The result of this translation can also be used by Z tools that do not know Statecharts for analysis. 2. The Z specification is rewritten to a Z subset (Simple Z) that contains only language constructs, supported by the model checker. This step allows preparing mSZ as well as pure Z specifications for model checking. 3. Simple Z is translated to the input language of the SMV model checker