A semantics for Behavior Trees using CSP with specification commands

AbstractIn this paper we give a formal definition of the requirements translation language Behavior Trees. This language has been used with success in industry to systematically translate large, complex, and often erroneous requirements documents into a structured model of the system. It contains a mixture of state-based manipulations, synchronisation, message passing, and parallel, conditional, and iterative control structures. The formal semantics of a Behavior Tree is given via a translation to a version of Hoare’s process algebra CSP, extended with state-based constructs such as guards and updates, and a message passing facility similar to that used in publish/subscribe protocols. We first provide the extension of CSP and its operational semantics, which preserves the meaning of the original CSP operators, and then the Behavior Tree notation and its translation into the extended version of CSP

A semantics for behavior trees

In this paper we give a formal definition of the requirements translation language Behavior Trees. This language has been used with success in industry to systematically translate large, complex, and often erroneous requirements documents into a structured model of the system. It contains a mixture of state-based manipulations, synchronisation, message passing, and parallel, conditional, and iterative control structures. The formal semantics of a Behavior Tree is given via a structure-preserving translation to a version of Hoare’s process algebra CSP, extended with state-based constructs such as guards and updates, and a message passing facility similar to that used in publish/subscribe protocols. We first provide the extension of CSP and its operational semantics, which preserves the meaning of the original CSP operators, and then the Behavior Tree notation and its translation into the extended version of CSP

A Denotational Semantics for Communicating Unstructured Code

An important property of programming language semantics is that they should be compositional. However, unstructured low-level code contains goto-like commands making it hard to define a semantics that is compositional. In this paper, we follow the ideas of Saabas and Uustalu to structure low-level code. This gives us the possibility to define a compositional denotational semantics based on least fixed points to allow for the use of inductive verification methods. We capture the semantics of communication using finite traces similar to the denotations of CSP. In addition, we examine properties of this semantics and give an example that demonstrates reasoning about communication and jumps. With this semantics, we lay the foundations for a proof calculus that captures both, the semantics of unstructured low-level code and communication.Comment: In Proceedings FESCA 2015, arXiv:1503.0437

Design-time formal verification for smart environments: an exploratory perspective

Smart environments (SmE) are richly integrated with multiple heterogeneous devices; they perform the operations in intelligent manner by considering the context and actions/behaviors of the users. Their major objective is to enable the environment to provide ease and comfort to the users. The reliance on these systems demands consistent behavior. The versatility of devices, user behavior and intricacy of communication complicate the modeling and verification of SmE's reliable behavior. Of the many available modeling and verification techniques, formal methods appear to be the most promising. Due to a large variety of implementation scenarios and support for conditional behavior/processing, the concept of SmE is applicable to diverse areas which calls for focused research. As a result, a number of modeling and verification techniques have been made available for designers. This paper explores and puts into perspective the modeling and verification techniques based on an extended literature survey. These techniques mainly focus on some specific aspects, with a few overlapping scenarios (such as user interaction, devices interaction and control, context awareness, etc.), which were of the interest to the researchers based on their specialized competencies. The techniques are categorized on the basis of various factors and formalisms considered for the modeling and verification and later analyzed. The results show that no surveyed technique maintains a holistic perspective; each technique is used for the modeling and verification of specific SmE aspects. The results further help the designers select appropriate modeling and verification techniques under given requirements and stress for more R&D effort into SmE modeling and verification researc

Nondeterminism and Guarded Commands

The purpose of this paper is to discuss the relevance of nondeterminism in computer science, with a special emphasis on Dijkstra's guarded commands language.Comment: 34 pages. This is authors' version of Chapter 8 of the book K.R. Apt and C.A.R. Hoare (editors), Edsger Wybe Dijkstra: His Life, Work, and Legacy, volume 45 of ACM Books. ACM/Morgan & Claypool, 202

Causal reasoning about distributed programs

We present an integrated approach to the specification, verification and testing of distributed programs. We show how global properties defined by transition axiom specifications can be interpreted as definitions of causal relationships between process states. We explain why reasoning about causal rather than global relationships yields a clearer picture of distributed processing.;We present a proof system for showing the partial correctness of CSP programs that places strict restrictions on assertions. It admits no global assertions. A process annotation may reference only local state. Glue predicates relate pairs of process states at points of interprocess communication. No assertion references auxiliary variables; appropriate use of control predicates and vector clock values eliminates the need for them. Our proof system emphasizes causality. We do not prove processes correct in isolation. We instead track causality as we write our annotations. When we come to a send or receive, we consider all the statements that could communicate with it, and use the semantics of CSP message passing to derive its postcondition. We show that our CSP proof system is sound and relatively complete, and that we need only recursive assertions to prove that any program in our fragment of CSP is partially correct. Our proof system is, therefore, as powerful as other proof systems for CSP.;We extend our work to develop proof systems for asynchronous communication. For each proof system, our motivation is to be able to write proofs that show that code satisfies its specification, while making only assertions we can use to define the aspects of process state that we should trace during test runs, and check during postmortem analysis. We can trace the assertions we make without having to modify program code or add synchronization or message passing.;Why, if we verify correctness, would we want to test? We observe that a proof, like a program, is susceptible to error. By tracing and analyzing program state during testing, we can build our confidence that our proof is valid

Design Time Methodology for the Formal Modeling and Verification of Smart Environments

Smart Environments (SmE) are intelligent and complex due to smart connectivity and interaction of heterogeneous devices achieved by complicated and sophisticated computing algorithms. Based on their domotic and industrial applications, SmE system may be critical in terms of correctness, reliability, safety, security and other such vital factors. To achieve error-free and requirement-compliant implementation of these systems, it is advisable to enforce a design process that may guarantee these factors by adopting formal models and formal verification techniques at design time. The e-Lite research group at Politecnico di Torino is developing solutions for SmE based on integration of commercially available home automation technologies with an intelligent ecosystem based on a central OSGi-based gateway, and distributed collaboration of intelligent applications, with the help of semantic web technologies and applications. The main goal of my research is to study new methodologies which are used for the modeling and verification of SmE. This goal includes the development of a formal methodology which ensures the reliable implementation of the requirements on SmE, by modeling and verifying each component (users, devices, control algorithms and environment/context) and the interaction among them, especially at various stages in design time, so that all the complexities and ambiguities can be reduced

Clafer: Lightweight Modeling of Structure, Behaviour, and Variability

Embedded software is growing fast in size and complexity, leading to intimate mixture of complex architectures and complex control. Consequently, software specification requires modeling both structures and behaviour of systems. Unfortunately, existing languages do not integrate these aspects well, usually prioritizing one of them. It is common to develop a separate language for each of these facets. In this paper, we contribute Clafer: a small language that attempts to tackle this challenge. It combines rich structural modeling with state of the art behavioural formalisms. We are not aware of any other modeling language that seamlessly combines these facets common to system and software modeling. We show how Clafer, in a single unified syntax and semantics, allows capturing feature models (variability), component models, discrete control models (automata) and variability encompassing all these aspects. The language is built on top of first order logic with quantifiers over basic entities (for modeling structures) combined with linear temporal logic (for modeling behaviour). On top of this semantic foundation we build a simple but expressive syntax, enriched with carefully selected syntactic expansions that cover hierarchical modeling, associations, automata, scenarios, and Dwyer's property patterns. We evaluate Clafer using a power window case study, and comparing it against other notations that substantially overlap with its scope (SysML, AADL, Temporal OCL and Live Sequence Charts), discussing benefits and perils of using a single notation for the purpose