Deadness and how to disprove liveness in hybrid dynamical systems

© 2016 The Authors. Published by Elsevier. This is an open access article available under a Creative Commons licence. The published version can be accessed at the following link on the publisher’s website: https://doi.org/10.1016/j.tcs.2016.06.009What if we designed a tool to automatically prove the dynamical properties of systems for which analytic proof is difficult or impossible to obtain? Such a tool would represent a significant advance in the understanding of complex dynamical systems with nonlinearities. This is precisely what this paper offers: a solution to the problem of automatically proving some dynamic stability properties of complex systems with multiple discontinuities and modes of operation modelled as hybrid dynamical systems. For this purpose, we propose a reinterpretation of some stability properties from a computational viewpoint, chiefly by using the computer science concepts of safety and liveness. However, these concepts need to be redefined within the framework of hybrid dynamical systems. In computer science terms, here, we consider the problem of automatically disproving the liveness properties of nonlinear hybrid dynamical systems. For this purpose, we define a new property, which we call deadness. This is a dynamically-aware property of a hybrid system which, if true, disproves the liveness property by means of a finite execution. We formally define this property, and give an algorithm which can derive deadness properties automatically for a type of liveness property called inevitability. We show how this algorithm works for three different examples that represent three classes of hybrid systems with complex behaviours.This work has been supported by the Engineering and Physical Sciences Research Council (EPSRC) of the UK under the framework of the project DYVERSE: A New Kind of Control for Hybrid Systems (EP/I001689/1). The first author also acknowledges the support of the Research Councils UK under the grant EP/E50048/1.Published versio

Formal Modeling of Connectionism using Concurrency Theory, an Approach Based on Automata and Model Checking

This paper illustrates a framework for applying formal methods techniques, which are symbolic in nature, to specifying and verifying neural networks, which are sub-symbolic in nature. The paper describes a communicating automata [Bowman & Gomez, 2006] model of neural networks. We also implement the model using timed automata [Alur & Dill, 1994] and then undertake a verification of these models using the model checker Uppaal [Pettersson, 2000] in order to evaluate the performance of learning algorithms. This paper also presents discussion of a number of broad issues concerning cognitive neuroscience and the debate as to whether symbolic processing or connectionism is a suitable representation of cognitive systems. Additionally, the issue of integrating symbolic techniques, such as formal methods, with complex neural networks is discussed. We then argue that symbolic verifications may give theoretically well-founded ways to evaluate and justify neural learning systems in the field of both theoretical research and real world applications

Formal Verification of Autonomous Vehicle Platooning

The coordination of multiple autonomous vehicles into convoys or platoons is expected on our highways in the near future. However, before such platoons can be deployed, the new autonomous behaviors of the vehicles in these platoons must be certified. An appropriate representation for vehicle platooning is as a multi-agent system in which each agent captures the "autonomous decisions" carried out by each vehicle. In order to ensure that these autonomous decision-making agents in vehicle platoons never violate safety requirements, we use formal verification. However, as the formal verification technique used to verify the agent code does not scale to the full system and as the global verification technique does not capture the essential verification of autonomous behavior, we use a combination of the two approaches. This mixed strategy allows us to verify safety requirements not only of a model of the system, but of the actual agent code used to program the autonomous vehicles

Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Requirements modelling of real-time systems

Real-time systems are characterised by the critical nature of their missions, and the demanding environment with which they interact. Real-time systems are used for dedicated applications. Every application is the subject of special requirements enforced by the customer. Considering the vital role that these systems play, it is imperative that a systematic approach be adopted in modelling their unique requirements. In this thesis I propose such a treatment. Real-time systems are time critical. Temporal requirements are the timing restrictions imposed by the application environment. Previous studies in requirements modelling of real-time systems have focused on adding the notion of time to modelling techniques of traditional systems without regard to the realities of requirements modelling. The information should be presented in the way the user handles it, and not the way which is convenient to the software engineer. I attempt to understand the needs of the users better by modelling the real world as close to the user's perspective as possible, and propose the Real World Model (RWM). RWM is assumed to be developed by users, and requirements engineers. An engineering approach to building the model is provided. A real-time system has a well defined use to its community. A requirements model must rely on the user level activities, and aid the human understanding and communication. In the RWM, a real-time system is viewed as a set of concurrently acting automata, each representing a system entity. This model supports temporal reasoning in easily described ways, for all classes of timing properties. A generalised classification of timing constraints is provided. A requirements modelling language facilitates the description of requirements, and serves as a medium of communication among developers and stakeholders. Jarke et al [Jarke 94] observe that there is a need for a requirements language that manages the relationship between the meta-level domain scheme, and the scenarios that actually instantiate the scheme under development. Here I propose Timed Requirements Language (TRL) to bridge this gulf between the world of stakeholders, and the world of specifiers. TRL has natural looking expressions for formulating the needs. TRL has a number of novel features including the treatment of causality, and the description of static, and dynamic constraints all integrated into one uniform framework. TRL has been used with a number of systems. The generality of the language is validated through its application to specific systems