Hierarchical Communication Diagrams

Formal modelling languages range from strictly textual ones like process algebra scripts to visual modelling languages based on hierarchical graphs like coloured Petri nets. Approaches equipped with visual modelling capabilities make developing process easier and help users to cope with more complex systems. Alvis is a modelling language that combines possibilities of formal models verification with flexibility and simplicity of practical programming languages. The paper deals with hierarchical communication diagrams - the visual layer of the Alvis modelling language. It provides all necessary information to model system structure with Alvis, to manipulate a model hierarchy and to understand a model semantics. All considered concepts are discussed using illustrative examples

Probabilistic and Epistemic Model Checking for Multi-Agent Systems

Model checking is a formal technique widely used to verify security and communication protocols in epistemic multi-agent systems against given properties. Qualitative properties such as safety and liveliness have been widely analysed in the literature. However, systems also have quantitative and uncertain (i.e., probabilistic) properties such as degree of reliability and reachability, which still need further attention from the model checking perspective. In this dissertation, we analyse such properties and present a new method for probabilistic model checking of epistemic multi-agent systems specified by a new probabilistic-epistemic logic PCTLK. We model multiagent systems distributed knowledge bases using probabilistic interpreted systems. We also define transformations from those interpreted systems into discrete-time Markov chains and from PCTLK formulae to PCTL formulae, an existing extension of CTL with probabilities. By so doing, we are able to convert the PCTLK model checking problem into the PCTL one. We address the problem of verifying probabilistic properties and epistemic properties in concurrent probabilistic systems as well. We then prove that model checking a formula of PCTLK in concurrent probabilistic systems is PSPACE-complete. Furthermore, we represent models associated with PCTLK logic symbolically with Multi-Terminal Binary Decision Diagrams (MTBDDs). Finally, we make use of PRISM, the model checker of PCTL without adding new computation cost. Dining cryptographers protocol is implemented to show the applicability of the proposed technique along with performance analysis and comparison in terms of execution time and state space scalability with MCK, an existing epistemic-probabilistic model checker, and MCMAS, a model checker for multi-agent systems. Another example, NetBill protocol, is also implemented with PRISM to verify probabilistic epistemic properties and to evaluate the complexity of this verification

A formal framework for heterogeneous systems semantics

Cyber physical systems are usually complex systems which are often critical, meaning their failure can have significant negative impacts on human lives. A key point in their development is the verification and validation (V & V) activities which are used to assess their correctness towards user requirements and the associated specifications. This process aims at avoiding failure cases, thus preventing any incident or accident. In order to conduct these V & V steps on such complex systems, separations of concerns of various nature are used. In that purpose, the system is modeled using heterogeneous models that have to be combined together. The nature of these separations of concerns can be as follows: horizontal, which corresponds to a structural decomposition of the system; vertical, which corresponds to the different steps leading from the abstract specification to the concrete implementation; and transversal, which consists in gathering together the parts that are thematically identical (function, performance, security, safety...). These parts are usually expressed using domain specific modeling languages, while the V & V activities are historically conducted using testing and proofreading, and more and more often, using formal methods, which is advocated in our approach. In all these cases, the V & V activities must take into account these separations in order to provide confidence in the global system from the confidence of its sub-parts bound to the separation in question. In other words, to ensure the correctness of the system, a behavioral semantics is needed which has to rely on the ad-hoc semantics of the subsystems. In order to define it, these semantics must be successfully combined in a single formalism. This thesis stems from the GEMOC project a workbench that allows the definition of various languages along with their coordination properties, and target the formal modeling of the GEMOC core through the association of trace semantics to each preoccupation and the expression of constraints between them to encode the correct behavior of the system. This thesis follows several other works conducted under the TOPCASED, OPEES, QuarteFt, P and GEMOC projects, and provides four contributions in that global context: the first one proposes a methodology to give an operational semantics to executable models illustrated through two case studies: Petri nets and models of processes. The second one proposes a formal context on which refinement can be expressed to tackle vertical separation. The third one gives a denotational semantics to CCSL which is the language that is currently used in the GEMOC projects to express behavioural properties between events from one or several models, possibly heterogeneous. Finally, the fourth one proposes an investigation on how to extend CCSL with the notion of refinement we proposed. All these contribution are mechanized in the Agda proof assistant, and thus have been modeled and proven in a formal manner

Understanding eruption dynamics: insights from volcanic seismicity in Ecuador

Persistently active volcanoes in close proximity to society can pose a huge danger to infrastructure, lives and the economy. Careful monitoring of volcanic seismicity is integral to successful hazard assessment and risk management. Geophysical monitoring at active volcanoes can provide rich datasets to examine internal systems. Specifically, seismic monitoring offers the potential to develop real time analysis and forecasts. The generation of volcanic seismicity has been linked to processes such as magma ascent, degassing and rock fracturing. However, studies are often limited to individual volcanoes or specific episodes of unrest, and so it is difficult to compare interpretations. This aim of this thesis is twofold: to develop methodologies to better quantify and characterise volcanic seismicity, and to use these to provide new understanding of volcanic systems, the hazards they might pose and how we can better forecast and monitor unrest. First, I present an extensive literature review of our current understanding of volcanic seismicity. As there is no standardised procedure for the analysis of volcanic earthquakes, there are inconsistent uses of techniques and ambiguous terminology. Existing studies also tend to focus on a handful of well monitored volcanoes where dense arrays can be used to calculate source mechanisms and depths to interpret seismic swarms. In order to address this, I develop a thorough signal processing routine which generates a suite of metrics to characterise a single earthquake event. These metrics can be used across a sequence of earthquakes to track changes in the behaviour of seismicity, and distinguish different types of earthquakes. It is developed with poorly monitored volcanoes in mind, as metrics can be determined for signal from a single station, and even a single component instrument. I use parameters in the time domain including amplitude, duration and cross correlation, and compare three different approaches to calculate the quality (Q) factor, in the frequency domain. I then present two candidate volcanoes to apply the methodology and attempt to describe the internal processes at each. Tungurahua and Cayambe are two relatively understudied volcanoes and yet they are potentially the most dangerous natural hazards in Ecuador. Tungurahua’s most recent eruptive phase (1999-2016) was explosive and persistent. In contrast, Cayambe volcano has not erupted in over 200 years and yet has been seismically restless in recent years. This presents an opportunity to compare the seismicity associated with ongoing, and reawakening volcanic processes. In chapter 4, I characterise the seismicity atTungurahua between 2012 and the final explosions in 2016. Seismicity at Tungurahua was dominated by long-period (LP) earthquakes, particularly episodes of highly periodic, repeating LP seismicity, known as drumbeats. In this chapter, I show that persistent drumbeats occur in phase with cyclical Vulcanian eruptions. These events are attributed to the initial failure and subsequent resealing of an upper conduit plug. In each explosive episode, the signal metrics are able to distinguish a shift in the signal properties of drumbeat LPs. In chapter 5, I focus specifically on accelerating rates of drumbeat LPs, often considered precursors to eruptions. I use temporal statistics and a Markov chain Monte Carlo (MCMC) approach to model three episodes of drumbeats. In one significant episode, the last ever recorded drumbeats at Tungurahua, I show these events are precursors to a ‘failed’ attempt at an explosion. In chapter 6 I then compare these findings at Tungurahua, with the 2016 seismic crisis at Cayambe. Here I demonstrate the repeating LP seismicity is likely a result of shallow hydrothermal systems, rather than surficial ‘icequakes’ or magmatic ascent. However, swarms of volcano-tectonic events (VTs) in 2016, are likely attributed to stresses on regional faults and ascent of a new pulse of magma. Finally, I begin to explore the complex volcano-tectonic interactions at both Tungurahua and Cayambe. Where there are high rates of tectonic events globally, and high rates of eruptions, it is important to distinguish causality and coincidence. VT swarms at Cayambe occur two months after the Mw7.8 Pedernales earthquake, 200km west. Using models of static stress change I suggest the crust at Cayambe was subject to a dilational regime, prompting resumed activity in 2016. However, the Pedernales earthquake occurs just two months after the final eruption at Tungurahua and yet does not appear to promote or restrict further explosive activity. This thesis presents case studies of two active volcanoes that are subject to limited seismic monitoring. These methods are not computationally intensive and could be readily adopted into routine volcano monitoring, to further inform hazard assessment. Although Cayambe and Tungurahua are neighbouring volcanoes, comparable in their rheology, they are very different in their current dynamic state, and this is evident in the seismicity. An enhanced understanding of these systems should inform further assessment of seismicity at intermediate-composition, arc volcanoes

A controlled comparative evaluation of conjoint counselling and self-help behavioural treatment for sexual dysfunction

Forty-eight couples representing four of the most commonly referred forms of sexual dysfunction in this country (viz. female sexual unresponsiveness, vaginismus, premature ejaculation and erectile impotence) were treated by either a modified form of Masters and Johnson's approach (i.e. directed practice and once weekly counselling with a single therapist) or a minimal contact bibliotherapy programme, based on the same behavioural lines. Half of the couples were randomly allocated to a no treatment control condition before receiving either therapy. Treatment effects with both approaches were evident but those of the self-help approach were more circumscribed with respect to not only the sexual but also the non-sexual relationship. Thus, some evidence was obtained in support of the hypotheses that practice plus counselling would be superior to self-help in facilitating change in the general relationship and in sexual attitudes. However, a wide range of significant pre-treatment differences among the four problem subgroups comprising the sample was found. In particular, the sexually unresponsive female complainants reported less satisfaction with the general relationship, whereas the reported difficulties of those with vaginismus were less generalised, being restricted mainly to coital fears. In general higher baseline levels, i.e. less disturbance of the sexual and marital relationship, were reported by each of the two male subgroups. There was also evidence that the differential response to the two treatments was not uniform across forms of sexual dysfunction. As hypothesised, guided practice plus counselling was significantly more effective than the self-help regime in enhancing marital and sexual adjustment for female unresponsiveness. On the other hand, in contrast to other problem subgroups, vaginismus was shown to respond favourably to both treatments. In general, few significant changes with either treatment and few notable differences between treatments, were observed within the male problem subgroups. The implications of these results for the design and analysis of future treatment outcome research in this field are discussed