21 research outputs found
Verification of Branching-Time and Alternating-Time Properties for Exogenous Coordination Models
Information and communication systems enter an increasing number of areas of daily lives. Our reliance and dependence on the functioning of such systems is rapidly growing together with the costs and the impact of system failures. At the same time the complexity of hardware and software systems extends to new limits as modern hardware architectures become more and more parallel, dynamic and heterogenous. These trends demand for a closer integration of formal methods and system engineering to show the correctness of complex systems within the design phase of large projects.
The goal of this thesis is to introduce a formal holistic approach for modeling, analysis and synthesis of parallel systems that potentially addresses complex system behavior at any layer of the hardware/software stack. Due to the complexity of modern hardware and software systems, we aim to have a hierarchical modeling framework that allows to specify the behavior of a parallel system at various levels of abstraction and that facilitates designing complex systems in an iterative refinement procedure, in which more detailed behavior is added successively to the system description. In this context, the major challenge is to provide modeling formalisms that are expressive enough to address all of the above issues and are at the same time amenable to the application of formal methods for proving that the system behavior conforms to its specification. In particular, we are interested in specification formalisms that allow to apply formal verification techniques such that the underlying model checking problems are still decidable within reasonable time and space bounds.
The presented work relies on an exogenous modeling approach that allows a clear separation of coordination and computation and provides an operational semantic model where formal methods such as model checking are well suited and applicable. The channel-based exogenous coordination language Reo is used as modeling formalism as it supports hierarchical modeling in an iterative top-down refinement procedure. It facilitates reusability, exchangeability, and heterogeneity of components and forms the basis to apply formal verification methods. At the same time Reo has a clear formal semantics based on automata, which serve as foundation to apply formal methods such as model checking.
In this thesis new modeling languages are presented that allow specifying complex systems in terms of Reo and automata models which yield the basis for a holistic approach on modeling, verification and synthesis of parallel systems. The second main contribution of this thesis are tailored branching-time and alternating time temporal logics as well as corresponding model checking algorithms. The thesis includes results on the theoretical complexity of the underlying model checking problems as well as practical results. For the latter the presented approach has been implemented in the symbolic verification tool set Vereofy. The implementation within Vereofy and evaluation of the branching-time and alternating-time model checker is the third main contribution of this thesis
Reconfigurable component connectors
This thesis provides formal methods for reconfigurable component connectors.UBL - phd migration 201
Reo + mCRL2: A Framework for Model-Checking Dataflow in Service Compositions
The paradigm of service-oriented computing revolutionized the field of software
engineering. According to this paradigm, new systems are composed of existing
stand-alone services to support complex cross-organizational business
processes. Correct communication of these services is not possible without a
proper coordination mechanism. The Reo coordination language is a channel-based
modeling language that introduces various types of channels and their
composition rules. By composing Reo channels, one can specify Reo connectors
that realize arbitrary complex behavioral protocols. Several formalisms have
been introduced to give semantics to Reo. In their most basic form, they
reflect service synchronization and dataflow constraints imposed by connectors.
To ensure that the composed system behaves as intended, we need a wide range of
automated verification tools to assist service composition designers. In this
paper, we present our framework for the verification of Reo using the mCRL2
toolset. We unify our previous work on mapping various semantic models for Reo,
namely, constraint automata, timed constraint automata, coloring semantics and
the newly developed action constraint automata, to the process algebraic
specification language of mCRL2, address the correctness of this mapping,
discuss tool support, and present a detailed example that illustrates the use
of Reo empowered with mCRL2 for the analysis of dataflow in service-based
process models
Reo + mCRL2: A Framework for Model-checking Dataflow in Service Compositions
The paradigm of service-oriented computing revolutionized the field of software engineering. According to this paradigm, new systems are composed of existing stand-alone services to support complex cross-organizational business processes. Correct communication of these services is not possible without a proper coordination mechanism. The Reo coordination language is a channel-based modeling language that introduces various types of channels and their composition rules. By composing Reo channels, one can specify Reo connectors that realize arbitrary complex behavioral protocols. Several formalisms have been introduced to give semantics to Reo. In their most basic form, they reflect service synchronization and dataflow constraints imposed by connectors. To ensure that the composed system behaves as intended, we need a wide range of automated verification tools to assist service composition designers. In this paper, we present our framework for the verification of Reo using the toolset. We unify our previous work on mapping various semantic models for Reo, namely, constraint automata, timed constraint automata, coloring semantics and the newly developed action constraint automata, to the process algebraic specification language of , address the correctness of this mapping, discuss tool support, and present a detailed example that illustrates the use of Reo empowered with for the analysis of dataflow in service-based process models
A Compositional Framework for Preference-Aware Agents
A formal description of a Cyber-Physical system should include a rigorous
specification of the computational and physical components involved, as well as
their interaction. Such a description, thus, lends itself to a compositional
model where every module in the model specifies the behavior of a
(computational or physical) component or the interaction between different
components. We propose a framework based on Soft Constraint Automata that
facilitates the component-wise description of such systems and includes the
tools necessary to compose subsystems in a meaningful way, to yield a
description of the entire system. Most importantly, Soft Constraint Automata
allow the description and composition of components' preferences as well as
environmental constraints in a uniform fashion. We illustrate the utility of
our framework using a detailed description of a patrolling robot, while
highlighting methods of composition as well as possible techniques to employ
them.Comment: In Proceedings V2CPS-16, arXiv:1612.0402
Treo: Textual Syntax for Reo Connectors
Reo is an interaction-centric model of concurrency for compositional
specification of communication and coordination protocols. Formal verification
tools exist to ensure correctness and compliance of protocols specified in Reo,
which can readily be (re)used in different applications, or composed into more
complex protocols. Recent benchmarks show that compiling such high-level Reo
specifications produces executable code that can compete with or even beat the
performance of hand-crafted programs written in languages such as C or Java
using conventional concurrency constructs.
The original declarative graphical syntax of Reo does not support intuitive
constructs for parameter passing, iteration, recursion, or conditional
specification. This shortcoming hinders Reo's uptake in large-scale practical
applications. Although a number of Reo-inspired syntax alternatives have
appeared in the past, none of them follows the primary design principles of
Reo: a) declarative specification; b) all channel types and their sorts are
user-defined; and c) channels compose via shared nodes. In this paper, we offer
a textual syntax for Reo that respects these principles and supports flexible
parameter passing, iteration, recursion, and conditional specification. In
on-going work, we use this textual syntax to compile Reo into target languages
such as Java, Promela, and Maude.Comment: In Proceedings MeTRiD 2018, arXiv:1806.0933
PrDK: Protocol programming with automata
We present PrDK: a development kit for programming protocols. PrDK is based on syntactic separation of process code, presumably written in an existing general-purpose language, and protocol code, written in a domain-specific language with explicit, high-level elements of syntax for programming protocols. PrDK supports two complementary syntaxes (one graphical, one textual) with a common automata-theoretic semantics. As a tool for construction of systems, PrDK consists of syntax editors, a translator, a parser, an interpreter, and a compiler into Java. Performance in the NAS Parallel Benchmarks is promising
A Component-oriented Framework for Autonomous Agents
The design of a complex system warrants a compositional methodology, i.e.,
composing simple components to obtain a larger system that exhibits their
collective behavior in a meaningful way. We propose an automaton-based paradigm
for compositional design of such systems where an action is accompanied by one
or more preferences. At run-time, these preferences provide a natural fallback
mechanism for the component, while at design-time they can be used to reason
about the behavior of the component in an uncertain physical world. Using
structures that tell us how to compose preferences and actions, we can compose
formal representations of individual components or agents to obtain a
representation of the composed system. We extend Linear Temporal Logic with two
unary connectives that reflect the compositional structure of the actions, and
show how it can be used to diagnose undesired behavior by tracing the
falsification of a specification back to one or more culpable components