Hiding variables when decomposing specifications into GR(1) contracts

We propose a method for eliminating variables from component specifications during the decomposition of GR(1) properties into contracts. The variables that can be eliminated are identified by parameterizing the communication architecture to investigate the dependence of realizability on the availability of information. We prove that the selected variables can be hidden from other components, while still expressing the resulting specification as a game with full information with respect to the remaining variables. The values of other variables need not be known all the time, so we hide them for part of the time, thus reducing the amount of information that needs to be communicated between components. We improve on our previous results on algorithmic decomposition of GR(1) properties, and prove existence of decompositions in the full information case. We use semantic methods of computation based on binary decision diagrams. To recover the constructed specifications so that humans can read them, we implement exact symbolic minimal covering over the lattice of integer orthotopes, thus deriving minimal formulae in disjunctive normal form over integer variable intervals

From Agent Game Protocols to Implementable Roles

kostas.stathis-at-cs.rhul.ac.uk Abstract. We present a formal framework for decomposing agent interaction protocols to the roles their participants should play. The framework allows an Authority Agent that knows a protocol to compute the protocol’s roles so that it can allocate them to interested parties. We show how the Authority Agent can use the role descriptions to identify problems with the protocol and repair it on the fly, to ensure that participants will be able to implement their role requirements without compromising the protocol’s interactions. Our representation of agent interaction protocols is a game-based one and the decomposition of a game protocol into its constituent roles is based upon the branching bisimulation equivalence reduction of the game. The work extends our previous work on using games to admit agents in an artificial society by checking their competence according to the society rules. The applicability of the overall approach is illustrated by showing how to decompose the NetBill protocol into its roles. We also show how to automatically repair the interactions of a protocol that cannot be implemented in its original form.

Layering Assume-Guarantee Contracts for Hierarchical System Design

Specifications for complex engineering systems are typically decomposed into specifications for individual subsystems in a manner that ensures they are implementable and simpler to develop further. We describe a method to algorithmically construct component specifications that implement a given specification when assembled. By eliminating variables that are irrelevant to realizability of each component, we simplify the specifications and reduce the amount of information necessary for operation. We parametrize the information flow between components by introducing parameters that select whether each variable is visible to a component. The decomposition algorithm identifies which variables can be hidden while preserving realizability and ensuring correct composition, and these are eliminated from component specifications by quantification and conversion of binary decision diagrams to formulas. The resulting specifications describe component viewpoints with full information with respect to the remaining variables, which is essential for tractable algorithmic synthesis of implementations. The specifications are written in TLA + , with liveness properties restricted to an implication of conjoined recurrence properties, known as GR(1). We define an operator for forming open systems from closed systems, based on a variant of the “while-plus” operator. This operator simplifies the writing of specifications that are realizable without being vacuous. To convert the generated specifications from binary decision diagrams to readable formulas over integer variables, we symbolically solve a minimal covering problem. We show with examples how the method can be applied to obtain contracts that formalize the hierarchical structure of system design

Automated goal operationalisation based on interpolation and SAT solving

Goal oriented methods have been successfully employed for eliciting and elaborating software requirements. When goals are assigned to an agent, they have to be operationalised: the agent’s operations have to be refined, by equipping them with appropriate enabling and triggering conditions, so that the goals are fulfilled. Goal operationalisation generally demands a significant effort of the engineer. Although there exist approaches that tackle this problem, they are either in-formal or at most semi automated, requiring the engineer to assist in the process. In this paper, we present an approach for goal operationalisation that automatically computes required preconditions and required triggering conditions for operations, so that the resulting operations establish the goals. The process is iterative, is able to deal with safety goals and particular kinds of liveness goals, and is based on the use of interpolation and SAT solving

Transforming timing diagrams into knowledge acquisition in automated specification

Requirements engineering is an important part of developing programs. It is an essential stage of the software development process that defines what a product or system should to achieve. The UML Timing diagram and Knowledge Acquisition in Automated Specification (KAOS) model are requirements engineering techniques. KAOS is a goal-oriented requirements approach while the Timing diagram is a graphical notation used for explaining software timing requirements. KAOS uses linear temporal logic (LTL) to describe time constraints in goal and operation models. Similarly, the Timing diagram can describe some temporal operators such as X (next), U (until) and R (release) over some period of time. Thus, our aim is to use the Timing diagram to generate parts of a KAOS model. In this paper we demonstrate techniques for creating a KAOS goal model from a Timing diagram. The Timing diagram which is used in this paper is adapted from the UML 2.0 Timing diagram and includes features to support translation into KAOS. We use a case study of a Lift system as an example to explain the translation processes described here

Reasoning about real-time systems with temporal interval logic constraints on multi-state automata

Models of real-time systems using a single paradigm often turn out to be inadequate, whether the paradigm is based on states, rules, event sequences, or logic. A model-based approach to reasoning about real-time systems is presented in which a temporal interval logic called TIL is employed to define constraints on a new type of high level automata. The combination, called hierarchical multi-state (HMS) machines, can be used to model formally a real-time system, a dynamic set of requirements, the environment, heuristic knowledge about planning-related problem solving, and the computational states of the reasoning mechanism. In this framework, mathematical techniques were developed for: (1) proving the correctness of a representation; (2) planning of concurrent tasks to achieve goals; and (3) scheduling of plans to satisfy complex temporal constraints. HMS machines allow reasoning about a real-time system from a model of how truth arises instead of merely depending of what is true in a system