Behavioural and abstractor specifications revisited

In the area of algebraic specification there are two main approaches for defining observational abstraction: behavioural specifications use a notion of observational satisfaction for the axioms of a specification, whereas abstractor specifications define an abstraction from the standard semantics of a specification w.r.t. an observational equivalence relation between algebras. Earlier work by Bidoit, Hennicker, Wirsing has shown that in the case of first-order logic specifications both concepts coincide semantically under mild assumptions. Analogous results have been shown by Sannella and Hofmann for higher-order logic specifications and recently, by Hennicker and Madeira, for specifications of reactive systems using a dynamic logic with binders. In this paper, we bring these results into a common setting: we isolate a small set of characteristic principles to express the behaviour/abstractor equivalence and show that all three mentioned specification frameworks satisfy these principles and therefore their behaviour and abstractor specifications coincide semantically (under mild assumptions). As a new case we consider observational modal logic where observational satisfaction of Hennessy–Milner logic formulae is defined “up to” silent transitions and observational abstraction is defined by weak bisimulation. We show that in this case the behaviour/abstractor equivalence can only be obtained, if we restrict models to weakly deterministic labelled transition systems.publishe

A logic for the stepwise development of reactive systems

D↓is a new dynamic logic combining regular modalities with the binder constructor typical of hybrid logic, which provides a smooth framework for the stepwise development of reactive systems. Actually, the logic is able to capture system properties at different levels of abstraction, from high-level safety and liveness requirements, to constructive specifications representing concrete processes. The paper discusses its semantics, given in terms of reachable transition systems with initial states, its expressive power and a proof system. The methodological framework is in debt to the landmark work of D.Sannella and A.Tarlecki, instantiating the generic concepts of constructor and abstractor implementations by standard operators on reactive components, e.g. relabelling and parallel composition, as constructors, and bisimulation for abstraction.This work was funded by ERDF European Regional Development Fund, through the COMPETE Programme, and by National Funds through FCT – Portuguese Foundation for Science and Technology – within projects POCI-01-0145-FEDER-016692 (DaLí – Dynamic logics for cyber-physical systems: towards contract based design) and UID/MAT/04106/2013 at CIDMA. Further support was given by the project SmartEGOV, NORTE-01-0145-FEDER000037, supported by Norte Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, through the EFDR. The first author is also supported by a FCT individual grant SFRH/BPD/103004/201

Dynamic logic with binders and its application to the development of reactive systems

Publicado em "Theoretical aspects of computing - ICTAC 2016: 13th International Colloquium, Taipei, Taiwan, ROC, October 24–31, 2016, Proceedings". ISBN 978-3-319-46749-8This paper introduces a logic to support the specification and development of reactive systems on various levels of abstraction, from property specifications, concerning e.g. safety and liveness requirements, to constructive specifications representing concrete processes. This is achieved by combining binders of hybrid logic with regular modalities of dynamic logics in the same formalism, which we call D↓-logic. The semantics of our logic focuses on effective processes and is therefore given in terms of reachable transition systems with initial states. The second part of the paper resorts to this logic to frame stepwise development of reactive systems within the software development methodology proposed by Sannella and Tarlecki. In particular, we instantiate the generic concepts of constructor and abstractor implementations by using standard operators on reactive components, like relabelling and parallel composition, as constructors, and bisimulation for abstraction. We also study vertical composition of implementations which relies on the preservation of bisimularity by the constructions on labeleld transition systems.FCT individual grants SFRH/BPD/103004/2014 and SFRH/BSAB/113890/2015ERDF European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation - COMPETE 2020 Programme and by National Funds through the Portuguese funding agency, FCT - Fundação para a Cência e a Tecnologia within project POCI-01-0145-FEDER-016692 and UID/MAT/04106/2013 at CIDM

Towards a specification theory for fuzzy modal logic

Fuzziness, as a way to express imprecision, or uncertainty, in computation is an important feature in a number of current application scenarios: from hybrid systems interfacing with sensor networks with error boundaries, to knowledge bases collecting data from often non-coincident human experts. Their abstraction in e.g. fuzzy transition systems led to a number of mathematical structures to model this sort of systems and reason about them. This paper adds two more elements to this family: two modal logics, framed as institutions, to reason about fuzzy transition systems and the corresponding processes. This paves the way to the development, in the second part of the paper, of an associated theory of structured specification for fuzzy computational systems.This work is financed by the ERDF - European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation -COMPETE 2020 Programme and by National Funds through the Portuguese funding agency, FCT -Fundacao para a Ciencia e a Tecnologia within project POCI-01-0145-FEDER-029946 -PTDC/CCI-COM/29946/2017

Design and Implementation of Role-based Architectural Event Modules

This diploma thesis attempts to improve the language-support for coping with the problem of negative emergence in dynamic Systems-of-Systems (SoS). Negative emergence is understood to be the emergence of unintended behaviour among constituent systems of a SoS in response to certain changes to the composition of constituent systems in the SoS. The architecture description language (ADL) "EventArch 2.0" approaches this problem by allowing the SoS-manager to define certain rules to manipulate the original behaviour of certain constituent systems at certain critical points of execution of the SoS to prevent unintended behaviour ("coordination rules"). This thesis approaches a solution to the following problem: to prevent the introduction of unintended behaviour through overly- or underly-restrictive coordination rules, more- or less-restrictive variants of a coordination rule would have to be applied to the SoS depending on the current composition of constituent systems in the SoS. This thesis has the goal to approach this problem by devising a mechanism to dynamically exchange a coordination rule depending on the current composition of constituent systems in the SoS. To achieve that goal, the ADL "EventArch 2.0" is extended to support the dynamic application of a coordination rule to a System-of-Systems. The dynamic application is achieved by connecting coordinators and constituent systems at runtime. As a special characteristic, each coordinator is dedicated to a specific constituent system and is responsible for achieving compliance of that system with respect to a specific coordination rule. It is shown that this architectural setup can be nicely modeled using concepts from the field of "role-based modeling". The solution does therefore employ concepts that are central to the "role-based modeling"-approach: "Role", "Base", and "Compartment". The applicability of the extended language to practical coordination-problems is shown by applying it to a constructed use case in the field of energy-efficient computing.:1 Introduction 1 1.1 Motivation and Problem Statement 1 1.2 Overview 2 2 Background 4 2.1 System of Systems 4 2.2 EventArch 2.0 8 2.2.1 Concepts 8 2.2.2 Implementation 10 2.2.3 Diagrams 15 2.3 Role-based Modeling 19 2.4 Coupling Strategies 22 3 Related Work 25 3.1 Requirements 25 3.2 Features 28 3.3 OT/J 29 3.4 Other Role-based Languages 31 3.5 Areas of Improvement 35 3.5.1 OT/J 35 3.5.2 Other Role-based Languages 40 4 Concepts of EventArch 3.0 45 4.1 Base, Role, and Compartment 45 4.2 Dynamic Composite AEM and Role-Binder 46 4.3 Inner Roles and Atomic Block 48 4.4 Diagrams 49 5 Internal Design of EventArch 3.0 55 5.1 Implementation of the Concepts 55 5.1.1 Base, Role, and Compartment 56 5.1.2 Dynamic Composite AEM and Role-Binder 58 5.1.3 Inner Roles and Atomic Block 60 5.1.4 Other Concepts 62 5.2 Further Discussion and Design Alternatives 63 6 Evaluation of EventArch 3.0 66 6.1 Advantages 66 6.2 Disadvantages 74 6.3 Reflections on the Fulfillment of the Requirements 77 6.4 Use case 81 6.5 Application to the Example Use case 83 6.5.1 Presentation of the implementation 83 6.5.2 Advantages shown by the implementation 90 7 Conclusion 93 7.1 Future Work 95 8 Appendix 99 8.1 Additional Source-Code 99 8.1.1 OT/J source-code 99 8.1.2 “State”-coordination rule 105 8.2 Internal Design of EventArch 2.0 109 8.2.1 Abstract 109 8.2.2 Detailed 116 8.3 Grammar of EventArch 3.0 . 123 8.4 EventArch 3.0 Diagrams 126 Bibliography 134Die vorliegende Diplomarbeit ist mit der Verbesserung der Sprachunterstützung zur Vermeidung negativer Emergenz in dynamischen Systems-of-Systems (SoS) befasst. Negative Emergenz wird dabei als unerwünschtes Verhalten von an einem SoS beteiligten Systemen verstanden, welches auf Grund von Änderungen in der Zusammensetzung des SoS (d.h. auf Grund des Eintritts oder Austritts von konstituierenden Systemen) aufgetreten ist. Die Architekturbeschreibungssprache "EventArch 2.0" unterstützt den SoS-manager bei der Lösung dieses Problems durch die Möglichkeit das Verhalten der beteiligten Systeme in bestimmten Ausführungsmomenten durch die Definition von Koordinationsregeln zu manipulieren und auf diesem Wege das Auftreten negativer Emergenz zu vermeiden. Die Diplomarbeit ist ein Beitrag zur Lösung des folgenden Problems: Um die Einführung von unerwünschtem Verhalten durch übermäßig- oder unzureichend restriktive Koordinationsregeln zu verhindern, müssten unterschiedliche Varianten einer Koordinationsregel, die sich im Grade ihrer Restriktivität unterscheiden, auf das SoS angewendet werden. Diese Anwendung müßte in Abhängigkeit der aktuellen Zusammensetzung des SoS aus konstituierenden Systemen erfolgen. In der vorliegenden Diplomarbeit wird eine Möglichkeit entwickelt um eine Koordinationsregel zur Laufzeit in Abhängigkeit der aktuellen Zusammensetzung des SoS aus konstituierenden Systemen auszutauschen. Sie leistet damit einen Beitrag zur Lösung des vorgenannten Problems. In der Arbeit wird die Architekturbeschreibungssprache "EventArch 2.0" um die Möglichkeit des dynamischen Austausches von Koordinationsregeln erweitert. Dabei werden Koordinationsregeln angewendet durch die gezielte Verbindung von Koordinatoren und konstituierenden Systemen. Die Besonderheit des Ansatzes besteht darin, dass jedem konstituierenden System ein persönlicher Koordinator zugeordnet wird, d.h. ein Koordinator der ausschließlich für die Anpassung des Verhaltens des jeweiligen Systems an eine bestimmte Koordinationsregel verantwortlich ist. In der Arbeit wird gezeigt, dass dieser architektonische Ansatz durch zentrale Konzepte des Modellierungsansatzes "rollenbasierte Modellierung" modelliert werden kann. In der entwickelten Spracherweiterung werden daher die Konzepte "Rolle", "Basis" und "Compartment" verwendet. Die Anwendbarkeit der erweiterten Sprache, wird durch deren Anwendung auf einen konstruierten Anwendungsfall aus dem Bereich der Energie-effizienten Berechnung gezeigt.:1 Introduction 1 1.1 Motivation and Problem Statement 1 1.2 Overview 2 2 Background 4 2.1 System of Systems 4 2.2 EventArch 2.0 8 2.2.1 Concepts 8 2.2.2 Implementation 10 2.2.3 Diagrams 15 2.3 Role-based Modeling 19 2.4 Coupling Strategies 22 3 Related Work 25 3.1 Requirements 25 3.2 Features 28 3.3 OT/J 29 3.4 Other Role-based Languages 31 3.5 Areas of Improvement 35 3.5.1 OT/J 35 3.5.2 Other Role-based Languages 40 4 Concepts of EventArch 3.0 45 4.1 Base, Role, and Compartment 45 4.2 Dynamic Composite AEM and Role-Binder 46 4.3 Inner Roles and Atomic Block 48 4.4 Diagrams 49 5 Internal Design of EventArch 3.0 55 5.1 Implementation of the Concepts 55 5.1.1 Base, Role, and Compartment 56 5.1.2 Dynamic Composite AEM and Role-Binder 58 5.1.3 Inner Roles and Atomic Block 60 5.1.4 Other Concepts 62 5.2 Further Discussion and Design Alternatives 63 6 Evaluation of EventArch 3.0 66 6.1 Advantages 66 6.2 Disadvantages 74 6.3 Reflections on the Fulfillment of the Requirements 77 6.4 Use case 81 6.5 Application to the Example Use case 83 6.5.1 Presentation of the implementation 83 6.5.2 Advantages shown by the implementation 90 7 Conclusion 93 7.1 Future Work 95 8 Appendix 99 8.1 Additional Source-Code 99 8.1.1 OT/J source-code 99 8.1.2 “State”-coordination rule 105 8.2 Internal Design of EventArch 2.0 109 8.2.1 Abstract 109 8.2.2 Detailed 116 8.3 Grammar of EventArch 3.0 . 123 8.4 EventArch 3.0 Diagrams 126 Bibliography 13

A method for rigorous design of reconfigurable systems

Reconfigurability, understood as the ability of a system to behave differently in different modes of operation and commute between them along its lifetime, is a cross-cutting concern in modern Software Engineering. This paper introduces a specification method for reconfigurable software based on a global transition structure to capture the system's reconfiguration space, and a local specification of each operation mode in whatever logic (equational, first-order, partial, fuzzy, probabilistic, etc.) is found expressive enough for handling its requirements. In the method these two levels are not only made explicit and juxtaposed, but formally interrelated. The key to achieve such a goal is a systematic process of hybridisation of logics through which the relationship between the local and global levels of a specification becomes internalised in the logic itself.This work is financed by the ERDF – European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation – COMPETE 2020 Programme and by National Funds through the Portuguese funding agency, FCT – Fundação para a Ciência e a Tecnologia within projects POCI-01-0145-FEDER-016692 and UID/MAT/04106/2013. The first author is further supported by the BPD FCT Grant SFRH/BPD/103004/2014, and R. Neves is sponsored by FCT Grant SFRH/BD/52234/2013. M.A. Martins is also funded by the EU FP7 Marie Curie PIRSESGA-2012-318986 project GeTFun: Generalizing Truth-Functionality

Achieving Operational Integrity: A Case Study of A Long-Term Care Operation

This dissertation explores the phenomenon of operational integrity (OI), defined here as the congruence between planned operational tasks and their execution by employees. I seek to answer the question of “how is OI achieved in human-reliant operational systems” on the premise that if the operational tasks are not executed as planned, the desired outcomes (e.g., service quality) are less likely to be realized resulting in the exposure of an organization to operational risks. To date, the literature pertaining to OI relies heavily on the notion of reliability particularly in manufacturing settings characterized by machine-based production systems. While few studies offer valuable insight into the execution of planned operational tasks in service operations, the understanding of OI within a system wherein the employees–as opposed to machines– are central to the value creation is rather underdeveloped. To build a greater understanding of OI and provide rich descriptive analysis of how it is achieved, I embarked on an interpretive study to understand the phenomenon in a Canadian long-term care facility. During 48 episodes of visits, I spent nearly 280 hours in the field to collect data from over 45 key informants through interviews and meetings (seven sessions), shadowing and observation (41 sessions), and archival documents (100 pages). The findings revealed during the planning process, when planning the tasks that are thought to reflect strategic priorities, three challenges emerge: the challenges of cognitive barriers, insufficient resources, and interdependent decisions. These are dampened by the organizational counteractions of tackling cognitive barriers, offsetting insufficient resources, and coordinating the function of decision-makers. During the execution process, where employees act on planned tasks, there are challenges resulting from both behavioural characteristics and operational system characteristics, and the organization reduces the negative impact of challenges through compliance-stimulant mechanisms and completeness-restorative mechanisms. As such, achieving OI is a multilayered, multifaceted, dynamic process in which both employees and management craft plans and attempt to fulfill those plans while faced with numerous barriers. This study expands the current understanding on executing planned operational tasks necessary for realizing critical desired outcomes and preventing operational risk, and opens up research avenues to scholarly efforts more attuned to everyday operational tasks. The research also offers key insights applicable beyond the context of study to achieving OI in human-reliant services