Coloured Petri Net Refinement Specification and Correctness Proof with Coq

In this work, we address the formalisation of symmetric nets, a subclass of coloured Petri nets, refinement in COQ. We first provide a formalisation of the net models, and of their type refinement in COQ. Then the COQ proof assistant is used to prove the refinement correctness lemma. An example adapted from a protocol example illustrates our work

Petri nets with may/must semantics: Preserving properties through data refinements

Many systems used in process managements, like workflow systems, are developed in a top-down fashion, when the original design is refined at each step bringing it closer to the underlying reality. Underdefined specifications cannot however be used for verification, since both false positives and false negatives can be reported. In this paper we introduce colored Petri nets where guards can be evaluated to true, false and indefinite values, the last ones reflecting underspecification. This results in the semantics of Petri nets with may- and must-enableness and firings. In this framework we introduce property-preserving refinements that allow for verification in an early design phase. We present results on property preservation through refinements. We also apply our framework to workflow nets, introduce notions of may- and must-soundness and show that they are preserved through refinements. We shortly describe a prototype under implementation

Executable system architecting using systems modeling language in conjunction with Colored Petri Nets - a demonstration using the GEOSS network centric system

Models and simulation furnish abstractions to manage complexities allowing engineers to visualize the proposed system and to analyze and validate system behavior before constructing it. Unified Modeling Language (UML) and its systems engineering extension, Systems Modeling Language (SysML), provide a rich set of diagrams for systems specification. However, the lack of executable semantics of such notations limits the capability of analyzing and verifying defined specifications. This research has developed an executable system architecting framework based on SysML-CPN transformation, which introduces dynamic model analysis into SysML modeling by mapping SysML notations to Colored Petri Net (CPN), a graphical language for system design, specification, simulation, and verification. A graphic user interface was also integrated into the CPN model to enhance the model-based simulation. A set of methodologies has been developed to achieve this framework. The aim is to investigate system wide properties of the proposed system, which in turn provides a basis for system reconfiguration --Abstract, page iii

Context-aware workflow management in eHealth applications

Workflows are a technology to structure work in functional, non-overlapping steps. They define not only the order of execution of the steps, and describe whether steps are executed in parallel, they also specify who or what tool has to fulfill which step. Workflows offer the possibility to automate work, to increase the understandability of processes, and they ease the control of process execution. The tools to manage workflows, so called workflow management systems (WfMSs), are traditionally rigid as they separate workflow definition done at build time from workflow execution done at run time. This makes them ill-suited for managing flexible and unstructured workflows. In this thesis, we focus on the support of flexible processes in eHealth, which are affected by more foreseen than unforeseen events. To bridge the gap between rigid WfMSs and flexible workflows, we developed a concept for dynamic and context-aware workflow management called Flexwoman. Although our focus lies on flexible eHealth processes, Flexwoman is a generic approach that can be applied to several different application domains. Flexwoman supports the usage of context information to adapt processes automatically at run time to foreseen events. Processes can also be manually adapted to handle unforeseen events. To achieve this flexibility, context information from different sensors is unified and thus can be analyzed in the same way. The analysis and adaptation of workflows is executed with a rule engine. A rule engine can store, reason about and apply knowledge automatically and efficiently. Rules and application logic are separated, thus, rules can be changed during run time without affecting application logic or process description. Workflows are internally described by Hierarchical Colored Petri nets (HCPNs) and executed by a HCPN execution engine. HCPNs allow for a deterministic execution of workflows and can represent workflows on different levels of detail. In summary, in Flexwoman, significant context changes (events) trigger automated adaptations that replace parts of the workflow by sub workflows, which can in turn be adapted. The adaptations and the rules for context-aware adaptation are saved in the organizational memory for later reuse. Flexwoman’s event based behavior facilitates proactive adaptations instead of only allowing for adaptations while entering or leaving a task. Replacements are not bound to special places defined at build time but each part of the workflow, which has not been executed yet, can be replaced at run time. We implemented and evaluated the concept. The evaluations show i) that all required functionality is available, ii) that the system scales with a growing number of rules, and iii) that the system correctly handles failure situations

Proceedings of the First NASA Formal Methods Symposium

Topics covered include: Model Checking - My 27-Year Quest to Overcome the State Explosion Problem; Applying Formal Methods to NASA Projects: Transition from Research to Practice; TLA+: Whence, Wherefore, and Whither; Formal Methods Applications in Air Transportation; Theorem Proving in Intel Hardware Design; Building a Formal Model of a Human-Interactive System: Insights into the Integration of Formal Methods and Human Factors Engineering; Model Checking for Autonomic Systems Specified with ASSL; A Game-Theoretic Approach to Branching Time Abstract-Check-Refine Process; Software Model Checking Without Source Code; Generalized Abstract Symbolic Summaries; A Comparative Study of Randomized Constraint Solvers for Random-Symbolic Testing; Component-Oriented Behavior Extraction for Autonomic System Design; Automated Verification of Design Patterns with LePUS3; A Module Language for Typing by Contracts; From Goal-Oriented Requirements to Event-B Specifications; Introduction of Virtualization Technology to Multi-Process Model Checking; Comparing Techniques for Certified Static Analysis; Towards a Framework for Generating Tests to Satisfy Complex Code Coverage in Java Pathfinder; jFuzz: A Concolic Whitebox Fuzzer for Java; Machine-Checkable Timed CSP; Stochastic Formal Correctness of Numerical Algorithms; Deductive Verification of Cryptographic Software; Coloured Petri Net Refinement Specification and Correctness Proof with Coq; Modeling Guidelines for Code Generation in the Railway Signaling Context; Tactical Synthesis Of Efficient Global Search Algorithms; Towards Co-Engineering Communicating Autonomous Cyber-Physical Systems; and Formal Methods for Automated Diagnosis of Autosub 6000