Timed Soft Concurrent Constraint Programs: An Interleaved and a Parallel Approach

We propose a timed and soft extension of Concurrent Constraint Programming. The time extension is based on the hypothesis of bounded asynchrony: the computation takes a bounded period of time and is measured by a discrete global clock. Action prefixing is then considered as the syntactic marker which distinguishes a time instant from the next one. Supported by soft constraints instead of crisp ones, tell and ask agents are now equipped with a preference (or consistency) threshold which is used to determine their success or suspension. In the paper we provide a language to describe the agents behavior, together with its operational and denotational semantics, for which we also prove the compositionality and correctness properties. After presenting a semantics using maximal parallelism of actions, we also describe a version for their interleaving on a single processor (with maximal parallelism for time elapsing). Coordinating agents that need to take decisions both on preference values and time events may benefit from this language. To appear in Theory and Practice of Logic Programming (TPLP)

Extending and Relating Semantic Models of Compensating CSP

Business transactions involve multiple partners coordinating and interacting with each other. These transactions have hierarchies of activities which need to be orchestrated. Usual database approaches (e.g.,checkpoint, rollback) are not applicable to handle faults in a long running transaction due to interaction with multiple partners. The compensation mechanism handles faults that can arise in a long running transaction. Based on the framework of Hoare's CSP process algebra, Butler et al introduced Compensating CSP (cCSP), a language to model long-running transactions. The language introduces a method to declare a transaction as a process and it has constructs for orchestration of compensation. Butler et al also defines a trace semantics for cCSP. In this thesis, the semantic models of compensating CSP are extended by defining an operational semantics, describing how the state of a program changes during its execution. The semantics is encoded into Prolog to animate the specification. The semantic models are further extended to define the synchronisation of processes. The notion of partial behaviour is defined to model the behaviour of deadlock that arises during process synchronisation. A correspondence relationship is then defined between the semantic models and proved by using structural induction. Proving the correspondence means that any of the presentation can be accepted as a primary definition of the meaning of the language and each definition can be used correctly at different times, and for different purposes. The semantic models and their relationships are mechanised by using the theorem prover PVS. The semantic models are embedded in PVS by using Shallow embedding. The relationships between semantic models are proved by mutual structural induction. The mechanisation overcomes the problems in hand proofs and improves the scalability of the approach

Context-Aware and Secure Workflow Systems

Businesses do evolve. Their evolution necessitates the re-engineering of their existing "business processes”, with the objectives of reducing costs, delivering services on time, and enhancing their profitability in a competitive market. This is generally true and particularly in domains such as manufacturing, pharmaceuticals and education). The central objective of workflow technologies is to separate business policies (which normally are encoded in business logics) from the underlying business applications. Such a separation is desirable as it improves the evolution of business processes and, more often than not, facilitates the re-engineering at the organisation level without the need to detail knowledge or analyses of the application themselves. Workflow systems are currently used by many organisations with a wide range of interests and specialisations in many domains. These include, but not limited to, office automation, finance and banking sector, health-care, art, telecommunications, manufacturing and education. We take the view that a workflow is a set of "activities”, each performs a piece of functionality within a given "context” and may be constrained by some security requirements. These activities are coordinated to collectively achieve a required business objective. The specification of such coordination is presented as a set of "execution constraints” which include parallelisation (concurrency/distribution), serialisation, restriction, alternation, compensation and so on. Activities within workflows could be carried out by humans, various software based application programs, or processing entities according to the organisational rules, such as meeting deadlines or performance improvement. Workflow execution can involve a large number of different participants, services and devices which may cross the boundaries of various organisations and accessing variety of data. This raises the importance of _ context variations and context-awareness and _ security (e.g. access control and privacy). The specification of precise rules, which prevent unauthorised participants from executing sensitive tasks and also to prevent tasks from accessing unauthorised services or (commercially) sensitive information, are crucially important. For example, medical scenarios will require that: _ only authorised doctors are permitted to perform certain tasks, _ a patient medical records are not allowed to be accessed by anyone without the patient consent and _ that only specific machines are used to perform given tasks at a given time. If a workflow execution cannot guarantee these requirements, then the flow will be rejected. Furthermore, features/characteristics of security requirement are both temporal- and/or event-related. However, most of the existing models are of a static nature – for example, it is hard, if not impossible, to express security requirements which are: _ time-dependent (e.g. A customer is allowed to be overdrawn by 100 pounds only up-to the first week of every month. _ event-dependent (e.g. A bank account can only be manipulated by its owner unless there is a change in the law or after six months of his/her death). Currently, there is no commonly accepted model for secure and context-aware workflows or even a common agreement on which features a workflow security model should support. We have developed a novel approach to design, analyse and validate workflows. The approach has the following components: = A modelling/design language (known as CS-Flow). The language has the following features: – support concurrency; – context and context awareness are first-class citizens; – supports mobility as activities can move from one context to another; – has the ability to express timing constrains: delay, deadlines, priority and schedulability; – allows the expressibility of security policies (e.g. access control and privacy) without the need for extra linguistic complexities; and – enjoy sound formal semantics that allows us to animate designs and compare various designs. = An approach known as communication-closed layer is developed, that allows us to serialise a highly distributed workflow to produce a semantically equivalent quasi-sequential flow which is easier to understand and analyse. Such re-structuring, gives us a mechanism to design fault-tolerant workflows as layers are atomic activities and various existing forward and backward error recovery techniques can be deployed. = Provide a reduction semantics to CS-Flow that allows us to build a tool support to animate a specifications and designs. This has been evaluated on a Health care scenario, namely the Context Aware Ward (CAW) system. Health care provides huge amounts of business workflows, which will benefit from workflow adaptation and support through pervasive computing systems. The evaluation takes two complementary strands: – provide CS-Flow’s models and specifications and – formal verification of time-critical component of a workflow

EOS: A project to investigate the design and construction of real-time distributed embedded operating systems

The EOS project is investigating the design and construction of a family of real-time distributed embedded operating systems for reliable, distributed aerospace applications. Using the real-time programming techniques developed in co-operation with NASA in earlier research, the project staff is building a kernel for a multiple processor networked system. The first six months of the grant included a study of scheduling in an object-oriented system, the design philosophy of the kernel, and the architectural overview of the operating system. In this report, the operating system and kernel concepts are described. An environment for the experiments has been built and several of the key concepts of the system have been prototyped. The kernel and operating system is intended to support future experimental studies in multiprocessing, load-balancing, routing, software fault-tolerance, distributed data base design, and real-time processing

Constructive tool design for formal languages : from semantics to executing models

Embedded, distributed, real-time, electronic systems are becoming more and more dominant in our lives. Hidden in cars, televisions, mp3-players, mobile phones and other appliances, these hardware/software systems influence our daily activities. Their design can be a huge effort and has to be carried out by engineers in a limited amount of time. Computer-aided modelling and design automation shorten the design cycle of these systems enabling companies to deliver their products sooner than their competitors. The design process is divided into different levels of abstraction, starting with a vague product idea (abstract) and ending up with a concrete description ready for implementation. Recently, research has started to focus on the system level, being a promising new area at which the product design could start. This dissertation develops a constructive approach to building tools for system-level design/description/modelling/specification languages, and shows the applicability of this method to the system-level language POOSL (Parallel Object-Oriented Specification Language). The formal semantics of this language is redefined and partly redeveloped, adding probabilistic features, real-time, inheritance, concurrency within processes, dynamic ports and atomic (indivisible) expressions, making the language suitable for performance analysis/modelling. The semantics is two-layered, using a probabilistic denotational semantics for stating the meaning of POOSL’s data layer, and using a probabilistic structural operational semantics for the process layer and architecture layer. The constructive approach has yielded the system-level simulation tool rotalumis, capable of executing large industrial designs, which has been demonstrated by two successful case studies—an ATM-packet switch (in conjunction with IBM Research at Z¨urich) and a packet routing switch for the Internet (in association with Alcatel/Bell at Antwerp). The more generally applicable optimisations of the execution engine (rotalumis) and the decisions taken in its design are discussed in full detail. Prototyping, where the system-level model functions as a part of the prototype implementation of the designed product, is supported by rotalumis-rt, a real-time variant of the execution engine. The viability of prototyping is shown by a case study of a learning infrared remote control, partially realised in hardware and completed with a system-level model. Keywords formal languages / formal specification / modelling languages / systemlevel design / embedded systems / real-time systems / performance analysis / discrete event simulation / probabilistic process algebra / design automation / prototyping / simulation tool

Denotational Semantics of Mobility in Unifying Theories of Programming (UTP)

UTP promotes the unification of programming theories and has been used successfully for giving denotational semantics to Imperative Programming, CSP process algebra, and the Circus family of programming languages, amongst others. In this thesis, we present an extension of UTP-CSP (the UTP semantics for CSP) with the concept of mobility. Mobility is concerned with the movement of an entity from one location (the source) to another (the target). We deal with two forms of mobility: • Channel mobility, concerned with the movement of links between processes, models networks with a dynamic topology; and • Strong process mobility, which requires to suspend a running process first, and then move both its code and its state upon suspension, and finally resume the process on the target upon reception. Concerning channel mobility: • We model channels as concrete entities in CSP, and show that it does not affect the underlying CSP semantics. • A requirement is that a process may not own a channel prior to receiving it. In CSP, the set of channels owned by a process (called its interface) is static by definition. We argue that making the interface variable introduces a paradox. We resolve this by introducing a new concept: the capability of a process, and show how it relates to the interface. We then define channel mobility as the operation that changes the interface of a process, but not its capability. We also provide a functional link between static CSP and its mobile version. Concerning strong mobility, we provide: • The first extension of CSP with jump features, using the concept of continuations. • A novel semantics for the generic interrupt (a parallel-based interrupt operator), using the concept of Bulk Synchronous Parallelism. We then define strong mobility as a specific interrupt operator in which the interrupt routine migrates the suspended program

Functional real-time programming: the language Ruth and its semantics

Real-time systems are amongst the most safety critical systems involving computer software and the incorrect functioning of this software can cause great damage, up to and including the loss of life. If seems sensible therefore to write real-time software in a way that gives us the best chance of correctly implementing specifications. Because of the high level of functional programming languages, their semantic simplicity and their amenability to formal reasoning and correctness preserving transformation it thus seems natural to use a functional language for this task. This thesis explores the problems of applying functional programming languages to real-time by defining the real-time functional programming language Ruth. The first part of the thesis concerns the identification of the particular problems associated with programming real-time systems. These can broadly be stated as a requirement that a real-time language must be able to express facts about time, a feature we have called time expressibility. The next stage is to provide time expressibility within a purely functional framework. This is accomplished by the use of timestamps on inputs and outputs and by providing a real-time clock as an input to Ruth programs. The final major part of the work is the construction of a formal definition of the semantics of Ruth to serve as a basis for formal reasoning and transformation. The framework within which the formal semantics of a real-time language are defined requires time expressibility in the same way as the real-time language itself. This is accomplished within the framework of domain theory by the use of specialised domains for timestamped objects, called herring-bone domains. These domains could be used as the basis for the definition of the semantics of any real-time language