GUESSING, MODEL CHECKING AND THEOREM PROVING OF STATE MACHINE PROPERTIES – A CASE STUDY ON QLOCK

It is worth understanding state machines better because various kinds of systems can be formalized as state machines and therefore understanding state machines has something to do with comprehension of systems. Understanding state machines can be interpreted as knowing properties they enjoy and comprehension of systems is interpreted as knowing whether they satisfy requirements. We (mainly the second author) have developed a tool called SMGA that basically takes a finite sequence of states from a state machine and generates a graphical animation of the finite sequence or the state machine. Observing such a graphical animation helps us guess properties of the state machine. We should confirm whether the state machine enjoys the guessed properties because such guessed properties may not be true properties of the state machine. Model checking is one possible technique to do so. If the state machine has a fixed small number of reachable states, model checking is enough. Otherwise, however, it is not. If that is the case, we should use some other techniques to make sure that the system enjoys the guessed properties. Interactive theorem proving is one such technique. The paper reports on a case study in which a mutual exclusion protocol called Qlock is used as an example to exemplify the abovementioned idea or methodology

A Software Tool to Support Scenario-Based Formal Specification for Error Prevention

Formal specification can be an error-prone process for complex systems and how to efficiently write correct specifications is still a challenge for practitioners in industry. This paper presents a software tool to support the scenario-based formal specification approach developed in the SOFL formal engineering method. Using the tool, some suggestion of the further contents of the specification may be automatically predicated to facilitate the user in completing the specification. To improve the readability of the formal specification, the tool can also automatically translate the textual format of the specification into a comprehensible tabular format. Both of these functions can be helpful to prevent errors during the construction of the specification. We discuss each of the functions by first presenting its principle and then illustrating it with examples. We present a case study to show how the tool supports the scenario-based specification approach. Finally, we conclude the paper and suggest topics for future research

Execution/Simulation of Context/Constraint-aware Composite Services using GIPSY

For fulfilling a complex requirement comprising of several sub-tasks, a composition of simple web services, each of which is dedicated to performing a specific sub-task involved, proves to be a more competent solution in comparison to an equivalent atomic web service. Owing to advantages such as re-usability of components, broader options for composition requesters and liberty to specialize for component providers, for over two decades now, composite services have been extensively researched to the point of being perfected in many aspects. Yet, most of the studies undertaken in this field fail to acknowledge that every web service has a limited context in which it can successfully perform its tasks, the boundaries of which are defined by the internal constraints placed on the service by its providers. When used as part of a composition, the restricted context-spaces of all such component services together define the contextual boundaries of the composite service as a unit, which makes internal constraints an influential factor for composite service functionality. However, due to the limited exposure received by them, no systems have yet been proposed to cater to the specific verification of internal constraints imposed on components of a composite service. In an attempt to address this gap in service composition research, in this thesis, we propose a multi-faceted solution capable of not only automatically constructing context-aware composite web services with their internal constraints positioned for optimum resource-utilization but also of validating the generated compositions using the General Intensional Programming SYstem (GIPSY) as a time- and cost-efficient simulation/execution environment

Care and Capability:Understanding Quality of Life in Older Adults Living at Home

The central aim of this thesis is to gain a better understanding about what is important for the quality of life (QoL) of older adults living at home receiving professional care services, and how to assess outcomes of this care in terms of QoL. Specifically, this thesis focuses on how the Adult Social Care Outcomes Toolkit (ASCOT) can be used for determining QoL of older adults in the Netherlands. The ASCOT is an instrument developed in the UK that was designed to evaluate outcomes of social care services by capturing information about an individual’s QoL in eight domains: control over daily life, personal cleanliness and comfort, food and drink, personal safety, social participation and involvement, occupation, accommodation cleanliness and comfort and dignity. The ASCOT is inspired by the Capability Approach (CA). In CA, a distinction is made between capabilities - the things a person has, and functionings - the things a person does. When someone has a capability, they can choose to use it or not. Someone who has access to food can choose to eat but can also consciously refrain from eating, for example in the case of a hunger strike. Central to this are both having access to possibilities, and the freedom to use them or not. . Older adults increasingly live at home and, in this setting, may be confronted with difficulties in their daily life affecting their QoL, for instance a decrease in mobility. The opportunities to engage in various activities and autonomy, i.e. control over one’s life, often decrease because of these difficulties. Care services can support older adults in dealing with challenges and maintaining a preferred level of functioning, contributing to their QoL. The ASCOT is introduced as an instrument to measure outcomes of care for older adults living at home, focusing on the perspective of the care receiver. Four questions are formulated that are the focus of this thesis: 1) How can the ASCOT be understood from the philosophical perspective of the CA? 2) What are important aspects of QoL from the perspective of older adults living at home? 3) How can care services contribute to QoL in older adults living at home? 4) How can important aspects of QoL from the perspective of older adults living at home be addressed in QoL instruments? Within this thesis, different methodologies are combined to answer these questions, in line with and inspired by an empirical ethics approach. In this way, the question how to define QoL in older adults is explored drawing on the strengths of both philosophical and empirical analysis. We conclude that there is a need for a broad QoL tool to evaluate care in older adults living at home. The ASCOT is such a tool. It operationalizes the core assumptions of the capability approach, translating this approach in a practical instrument. From the point of view of older adults, some important domains are missing in the ASCOT. These domains have been included in an extension of the ASCOT, i.e. the EQLT. The domains identified in the EQLT should not be used as tick boxes, but should serve as issues to be discussed in a conversation between clients and care providers. Further implementation of the ASCOT and the EQLT is recommended, not only in professional care, but also in informal care in the community

A new dialect of SOFL-Syntax formal semantics and tool support

Structured Object Orientated Formal Language (SOFL) is a formal method design methodology that combines data flows diagrams and predicates in order to describe processes that can be refined. This methodology creates a very versatile method of describing a system, which system properties can be proven rigorously. Data flows are grouped by ports that define from which data flows data can be consumed or on which flows data can be generated. For predicates, Logic of Partial Functions (LFP) are used; and an undefined element that is also used to indicate if a data flows do not contain any data. Over time SOFL “evolved organically” and a number of features were added: usability was the main consideration for a feature being added. For a formal language to be useful there must be no uncertainty of a specific design’s meaning. With SOFL, there is a possible contradiction between the requirement that a process's precondition must be true when the process fire, and the fire rules. This contradiction is due to the use of LPF. Semantics (the meaning) of SOFL was not always updated to keep track of the changes made to SOFL which resulted in an outdated and incomplete semantic. The incompleteness of the semantics is a significant factor motivating the work done in this dissertation. In this dissertation, a dialect of SOFL is created to define a semantic. Not all the elements of SOFL are added in order that a simpler semantic can be defined. Elements that were removed include: LPF, Classes, and Non-deterministic broadcast nodes. Semantics of the dialect is created by a two-step process: firstly, an intuitive understanding of the dialect is created, and secondly, both static and dynamic semantics are defined by means of translations. A translation is a mapping from the dialect to a formal language that describes a certain aspect of the dialect. Static semantics defines the meaning of the elements that are “fixed” in their state: SMT-LIB is used as the target language to describe the static semantics of the dialect. Dynamic semantics describes how an element in a design changes over time: the process algebra mCRL2 is used as the formal language which describes the dynamic behaviour of the dialect. The SMT-Solver Z3 and tools included in mCLR2 are used to analyse the translation of the dialect. Use of these tools allows properties that are necessary for a design to have a well defined meaning, to be proven. Properties that can be proven include: a process can fire, a process can fire an infinite number of times, and a predicate that described a property. An Eclipse plug-in is created so that translation is not required to be done manually. After a design is translated the tools Z3 and mCRL2 are run using script files and the results of the analysis are displayed on the screen. The desired properties could be proven but for a moderate size design, but as the size of the design increased the analysis of the translation could not be completed due to computational problem. Usability of the tool can be improved by not only using a textual representation of a design, but also visual representations as in SOFL. As a result, properties that are necessary for a design to have a well-defined meaning, can be proven using these tools.Dissertation (MSc)--University of Pretoria, 2018.Computer ScienceMScUnrestricte