Deriving real-time action systems with multiple time bands using algebraic reasoning

The verify-while-develop paradigm allows one to incrementally develop programs from their specifications using a series of calculations against the remaining proof obligations. This paper presents a derivation method for real-time systems with realistic constraints on their behaviour. We develop a high-level interval-based logic that provides flexibility in an implementation, yet allows algebraic reasoning over multiple granularities and sampling multiple sensors with delay. The semantics of an action system is given in terms of interval predicates and algebraic operators to unify the logics for an action system and its properties, which in turn simplifies the calculations and derivations

Convolution, Separation and Concurrency

A notion of convolution is presented in the context of formal power series together with lifting constructions characterising algebras of such series, which usually are quantales. A number of examples underpin the universality of these constructions, the most prominent ones being separation logics, where convolution is separating conjunction in an assertion quantale; interval logics, where convolution is the chop operation; and stream interval functions, where convolution is used for analysing the trajectories of dynamical or real-time systems. A Hoare logic is constructed in a generic fashion on the power series quantale, which applies to each of these examples. In many cases, commutative notions of convolution have natural interpretations as concurrency operations.Comment: 39 page

Deriving specifications of control programs for cyber physical systems

Cyber Physical Systems (CPS) exist in a physical environment and comprise both physical components and a control program. Physical components are inherently liable to failure and yet an overall CPS is required to operate safely, reliably and cost effectively. This paper proposes a framework for deriving the specification of the software control component of a CPS from an understanding of the behaviour required of the overall system in its physical environment. The two key elements of this framework are (i) an extension to the use of rely/guarantee conditions to allow specifications to be obtained systematically from requirements (as expressed in terms of the required behaviour in the environment) and nested assumptions (about the physical components of the CPS); and (ii) the use of time bands to record the temporal properties required of the CPS at a number of different granularities. The key contribution is in combining these ideas; using time bands overcomes a significant drawback in earlier work. The paper also addresses the means by which the reliability of a CPS can be addressed by challenging each rely condition in the derived specification and, where appropriate, improve robustness and/or define weaker guarantees that can be delivered with respect to the corresponding weaker rely conditions

Theory of localization and resonance phenomena in the quantum kicked rotor

We present an analytic theory of quantum interference and Anderson localization in the quantum kicked rotor (QKR). The behavior of the system is known to depend sensitively on the value of its effective Planck's constant \he. We here show that for rational values of \he/(4\pi)=p/q, it bears similarity to a disordered metallic ring of circumference $q$ and threaded by an Aharonov-Bohm flux. Building on that correspondence, we obtain quantitative results for the time--dependent behavior of the QKR kinetic energy, $E(\tilde t)$ (this is an observable which sensitively probes the system's localization properties). For values of $q$ smaller than the localization length $\xi$, we obtain scaling $E(\tilde t) \sim \Delta \tilde t^2$, where $\Delta=2\pi/q$ is the quasi--energy level spacing on the ring. This scaling is indicative of a long time dynamics that is neither localized nor diffusive. For larger values $q\gg \xi$, the functions $E(\tilde t)\to \xi^2$ saturates (up to exponentially small corrections $\sim\exp(-q/\xi)$), thus reflecting essentially localized behavior.Comment: 27 pages, 3 figure

Fractional permissions and non-deterministic evaluators in interval temporal logic

We propose Interval Temporal Logic as a basis for reasoning about concurrent programs with fine-grained atomicity due to the generality it provides over reasoning with standard pre/post-state relations. To simplify the semantics of parallel composition over intervals, we use fractional permissions, which allows one to ensure that conflicting reads and writes to a variable do not occur simultaneously. Using non-deterministic evaluators over intervals, we enable reasoning about the apparent states over an interval, which may differ from the actual states in the interval. The combination of Interval Temporal Logic, non-deterministic evaluators and fractional permissions results in a generic framework for reasoning about concurrent programs with fine-grained atomicity. We use our logic to develop rely/guarantee-style rules for decomposing a proof of a large system into proofs of its subcomponents, where fractional permissions are used to ensure that the behaviours of a program and its environment do not conflict

Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions

As computation spreads from computers to networks of computers, and migrates into cyberspace, it ceases to be globally programmable, but it remains programmable indirectly: network computations cannot be controlled, but they can be steered by local constraints on network nodes. The tasks of "programming" global behaviors through local constraints belong to the area of security. The "program particles" that assure that a system of local interactions leads towards some desired global goals are called security protocols. As computation spreads beyond cyberspace, into physical and social spaces, new security tasks and problems arise. As networks are extended by physical sensors and controllers, including the humans, and interlaced with social networks, the engineering concepts and techniques of computer security blend with the social processes of security. These new connectors for computational and social software require a new "discipline of programming" of global behaviors through local constraints. Since the new discipline seems to be emerging from a combination of established models of security protocols with older methods of procedural programming, we use the name procedures for these new connectors, that generalize protocols. In the present paper we propose actor-networks as a formal model of computation in heterogenous networks of computers, humans and their devices; and we introduce Procedure Derivation Logic (PDL) as a framework for reasoning about security in actor-networks. On the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL) that evolved through our work in security in last 10 years. Both formalisms are geared towards graphic reasoning and tool support. We illustrate their workings by analysing a popular form of two-factor authentication, and a multi-channel device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended references, added discussio

A Rely-Guarantee Specification of Mixed-Criticality Scheduling

The application considered is mixed-criticality scheduling. The core formal approaches used are Rely-Guarantee conditions and the Timeband framework; these are applied to give a layered description of job scheduling which includes resilience to jobs overrunning their expected execution time. A novel formal modelling idea is proposed to handle the relationship between actual time and its approximation in hardware clocks.Comment: This paper will appear in a Festschrift - on publication we will insert a pointer to the boo

On MMSE and MAP Denoising Under Sparse Representation Modeling Over a Unitary Dictionary

Among the many ways to model signals, a recent approach that draws considerable attention is sparse representation modeling. In this model, the signal is assumed to be generated as a random linear combination of a few atoms from a pre-specified dictionary. In this work we analyze two Bayesian denoising algorithms -- the Maximum-Aposteriori Probability (MAP) and the Minimum-Mean-Squared-Error (MMSE) estimators, under the assumption that the dictionary is unitary. It is well known that both these estimators lead to a scalar shrinkage on the transformed coefficients, albeit with a different response curve. In this work we start by deriving closed-form expressions for these shrinkage curves and then analyze their performance. Upper bounds on the MAP and the MMSE estimation errors are derived. We tie these to the error obtained by a so-called oracle estimator, where the support is given, establishing a worst-case gain-factor between the MAP/MMSE estimation errors and the oracle's performance. These denoising algorithms are demonstrated on synthetic signals and on true data (images).Comment: 29 pages, 10 figure

A random tunnel number one 3-manifold does not fiber over the circle

We address the question: how common is it for a 3-manifold to fiber over the circle? One motivation for considering this is to give insight into the fairly inscrutable Virtual Fibration Conjecture. For the special class of 3-manifolds with tunnel number one, we provide compelling theoretical and experimental evidence that fibering is a very rare property. Indeed, in various precise senses it happens with probability 0. Our main theorem is that this is true for a measured lamination model of random tunnel number one 3-manifolds. The first ingredient is an algorithm of K Brown which can decide if a given tunnel number one 3-manifold fibers over the circle. Following the lead of Agol, Hass and W Thurston, we implement Brown's algorithm very efficiently by working in the context of train tracks/interval exchanges. To analyze the resulting algorithm, we generalize work of Kerckhoff to understand the dynamics of splitting sequences of complete genus 2 interval exchanges. Combining all of this with a "magic splitting sequence" and work of Mirzakhani proves the main theorem. The 3-manifold situation contrasts markedly with random 2-generator 1-relator groups; in particular, we show that such groups "fiber" with probability strictly between 0 and 1.Comment: This is the version published by Geometry & Topology on 15 December 200