Fluent temporal logic for discrete-time event-based models

Fluent model checking is an automated technique for verifying that an event-based operational model satisfies some state-based declarative properties. The link between the event-based and state-based formalisms is defined through fluents which are state predicates whose value are determined by the occurrences of initiating and terminating events that make the fluents values become true or false, respectively. The existing fluent temporal logic is convenient for reasoning about untimed event-based models but difficult to use for timed models. The paper extends fluent temporal logic with temporal operators for modelling timed properties of discrete-time event-based models. It presents two approaches that differ on whether the properties model the system state after the occurrence of each event or at a fixed time rate. Model checking of timed properties is made possible by translating them into the existing untimed framework. Copyright 2005 ACM

Static deadlock detection for concurrent go by global session graph synthesis

© 2016 ACM.Go is a programming language developed at Google, with channelbased concurrent features based on CSP. Go can detect global communication deadlocks at runtime when all threads of execution are blocked, but deadlocks in other paths of execution could be undetected. We present a new static analyser for concurrent Go code to find potential communication errors such as communication mismatch and deadlocks at compile time. Our tool extracts the communication operations as session types, which are then converted into Communicating Finite State Machines (CFSMs). Finally, we apply a recent theoretical result on choreography synthesis to generate a global graph representing the overall communication pattern of a concurrent program. If the synthesis is successful, then the program is free from communication errors. We have implemented the technique in a tool, and applied it to analyse common Go concurrency patterns and an open source application with over 700 lines of code

Automated Verification of Go Programs via Bounded Model Checking

The artifact of the ASE 2021 paper entitled "Automated Verification of Go Programs via Bounded Model Checking"

Resilient middleware for a multi-robot team

Tese de mestrado em Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2010Actualmente, equipas de robôs móveis intervém em diversos contextos e ambientes onde a intervenção humana é perigosa ou mesmo impossível, podemos mencionar como exemplo a vigilância de espaços físicos, como zonas militares ou nucleares. Devido à crescente complexidade inserida nos seus sistemas, esses robôs ficam mais poderosos mas paradoxalmente mais susceptíveis a falhas de hardware e software. Além disso, a incerteza na comunicação wireless pode privá-los temporariamente do seu suporte de informação remoto. Este tipo de problema pode ser causado pelo alcance limitado do emissor wireless e pelas zonas de sombra criadas pelo terreno. Por todas essas razões, desenhar arquitecturas capazes de oferecer mais resiliência para controlo das aplicações, tornou-se um verdadeiro desafio. Este documento aborda um motor cooperativo e resiliente para equipas de robôs que lhes permite partilharem uma vista comum e lidar com novos eventos de uma forma fiável e resiliente. Este middleware tem como função estabelecer a guarda de uma qualquer zona física e detectar eventos inabituais como os intrusos. Neste ultimo caso, um robô tem que encontrar uma maneira de bloquear o intruso para o impedir de fugir. O sistema apoia-se em duas características chave, a primeira é uma camada de controlo baseado em dois sub-módulos de controlo, o payload e o wormhole, a segunda é uma arquitectura baseada em eventos que executam tarefas do payload. Em relação à camada de controlo, o payload pode ser complexo e acede à informação partilhada pelos robôs enquanto que o wormhole é confiável mas apenas utiliza a informação local. O payload utiliza uma estrutura de dados chamada “promessa” na qual fornece o deadline correspondente ao momento mais tarde onde deve enviar a próxima promessa. No caso de receber esta promessa depois do deadline, o wormhole considera que o payload falhou, toma o controlo e executa as tarefas criticas no lugar do payload. Os eventos são propagados às traves de uma estrutura em forma de alvor, da raiz até as folhas. Cada folha do alvor é um módulo que pode ser executado e produz eventos. A produção dos eventos no alvor pode ser assimilado a uma reacção em cadeia. Durante o ciclo dos eventos as traves do alvor não são possíveis, o que permite evitar as reacções não controladas e garantem assim a estabilidade do sistema. A juntar a essa arquitectura, propomos também neste documento alguns mecanismos de sincronizações resilientes, para manter uma vista coerente num mundo ou de navegação para dar ao robô a possibilidade de se mover no mundo e de encontrar o melhor caminho. Guardar uma vista homogénea do mundo é um ponto fundamental que pode não ser fácil em caso de uma reunião de dois grupos. Introduzimos três implementações de middleware, uma versão simulada usada para validar arquitectura e testar a sincronização dos algoritmos num ambiente multi-robô, uma versão móvel apontada para ser implementado em plataformas de hardware compostas por robôs móveis reais e finalmente uma versão de posição capaz de comunicar com robôs móveis, recolher informação e enviar ordens remotas.Nowadays, teams of mobile robots are involved in many contexts and environments where human intervention would be risky or even impossible, we can mention the surveillance of physical areas as military zones or nuclear plants. Due to increasing complexity in their embedded systems, these robots become more powerful but paradoxically more susceptible to face a hardware or software failure. What’s more, unreliability in the wireless communication could deprive them temporally of their remote information support. For all these reasons, designing architectures able to offer more resilience to the control application has become a real challenge. In this document, we present a middleware architecture for the robots to share a common view and to handle new events in a safe and resilient way. The system relies on two key features, first a control layer based on two sub-modules, the payload and the wormhole, and secondly a cycle-proof event-based architecture used to run critical tasks in the payload. Regarding the control layer, the payload could be complex and has access to information shared among robots, while the wormhole is reliable but only uses local information. The wormhole controls the timely execution of the critical tasks by the payload. In case of timing failure, the wormhole takes control and runs these tasks in place of the payload. In addition to this architecture, we propose as well in this document some resilient synchronization mechanisms to maintain a coherent view of the world when two groups of robots are merging. We introduce three implementations of the middleware, a simulation version used to validate the architecture and test the synchronization algorithms in a multi-robot environment, a mobile version aimed to be ported to hardware platforms composed by real mobile robots and finally a station version able to communicate with mobiles, collect information and send remote orders

Determinism Should Ensure Deadlock-Freedom

The advent of multicore processors has made concurrent programming models mandatory. However, most concurrent programming models come with two major pitfalls: non-determinism and deadlocks. By determinism, we mean the output behavior of the program is independent of the scheduling choices (e.g., the operating system) and depends only on the input behavior. A few concurrent models provide deterministic behavior by providing constructs that impose additional synchronization, but improper or out-of-order use of these constructs leads to problems like deadlocks. In this paper, we argue for both determinism and deadlock-freedom. We propose a design of a deterministic, deadlock-free model. Any program that uses this model is guaranteed to produce the same output for a given input. Additionally, the program will never deadlock: the program will either terminate or run forever

Analysis and identification of possible automation approaches for embedded systems design flows

Sophisticated and high performance embedded systems are present in an increasing number of application domains. In this context, formal-based design methods have been studied to make the development process robust and scalable. Models of computation (MoC) allows the modeling of an application at a high abstraction level by using a formal base. This enables analysis before the application moves to the implementation phase. Different tools and frameworks supporting MoCs have been developed. Some of them can simulate the models and also verify their functionality and feasibility before the next design steps. In view of this, we present a novel method for analysis and identification of possible automation approaches applicable to embedded systems design flow supported by formal models of computation. A comprehensive case study shows the potential and applicability of our method11212