A Rewriting Logic Approach to Stochastic and Spatial Constraint System Specification and Verification

This paper addresses the issue of specifying, simulating, and verifying reactive systems in rewriting logic. It presents an executable semantics for probabilistic, timed, and spatial concurrent constraint programming ---here called stochastic and spatial concurrent constraint systems (SSCC)--- in the rewriting logic semantic framework. The approach is based on an enhanced and generalized model of concurrent constraint programming (CCP) where computational hierarchical spaces can be assigned to belong to agents. The executable semantics faithfully represents and operationally captures the highly concurrent nature, uncertain behavior, and spatial and epistemic characteristics of reactive systems with flow of information. In SSCC, timing attributes ---represented by stochastic duration--- can be associated to processes, and exclusive and independent probabilistic choice is also supported. SMT solving technology, available from the Maude system, is used to realize the underlying constraint system of SSCC with quantifier-free formulas over integers and reals. This results in a fully executable real-time symbolic specification that can be used for quantitative analysis in the form of statistical model checking. The main features and capabilities of SSCC are illustrated with examples throughout the paper. This contribution is part of a larger research effort aimed at making available formal analysis techniques and tools, mathematically founded on the CCP approach, to the research community.Comment: arXiv admin note: text overlap with arXiv:1805.0743

A Temporal Logic for Hyperproperties

Hyperproperties, as introduced by Clarkson and Schneider, characterize the correctness of a computer program as a condition on its set of computation paths. Standard temporal logics can only refer to a single path at a time, and therefore cannot express many hyperproperties of interest, including noninterference and other important properties in security and coding theory. In this paper, we investigate an extension of temporal logic with explicit path variables. We show that the quantification over paths naturally subsumes other extensions of temporal logic with operators for information flow and knowledge. The model checking problem for temporal logic with path quantification is decidable. For alternation depth 1, the complexity is PSPACE in the length of the formula and NLOGSPACE in the size of the system, as for linear-time temporal logic

Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

A multi-paradigm language for reactive synthesis

This paper proposes a language for describing reactive synthesis problems that integrates imperative and declarative elements. The semantics is defined in terms of two-player turn-based infinite games with full information. Currently, synthesis tools accept linear temporal logic (LTL) as input, but this description is less structured and does not facilitate the expression of sequential constraints. This motivates the use of a structured programming language to specify synthesis problems. Transition systems and guarded commands serve as imperative constructs, expressed in a syntax based on that of the modeling language Promela. The syntax allows defining which player controls data and control flow, and separating a program into assumptions and guarantees. These notions are necessary for input to game solvers. The integration of imperative and declarative paradigms allows using the paradigm that is most appropriate for expressing each requirement. The declarative part is expressed in the LTL fragment of generalized reactivity(1), which admits efficient synthesis algorithms, extended with past LTL. The implementation translates Promela to input for the Slugs synthesizer and is written in Python. The AMBA AHB bus case study is revisited and synthesized efficiently, identifying the need to reorder binary decision diagrams during strategy construction, in order to prevent the exponential blowup observed in previous work.Comment: In Proceedings SYNT 2015, arXiv:1602.0078

Synthesis of Distributed Longitudinal Control Protocols for a Platoon of Autonomous Vehicles

We develop a framework for control protocol synthesis for a platoon of autonomous vehicles subject to temporal logic specifications. We describe the desired behavior of the platoon in a set of linear temporal logic formulas, such as collision avoidance, close spacing or comfortability. The problem of decomposing a global specification for the platoon into distributed specification for each pair of adjacent vehicles is hard to solve. We use the invariant specifications to tackle this problem and the decomposition is proved to be scalable.. Based on the specifications in Assumption/Guarantee form, we can construct a two-player game (between the vehicle and its closest leader) locally to automatically synthesize a controller protocol for each vehicle. Simulation example for a distributed vehicles control problem is also shown

Probabilistic Hybrid Action Models for Predicting Concurrent Percept-driven Robot Behavior

This article develops Probabilistic Hybrid Action Models (PHAMs), a realistic causal model for predicting the behavior generated by modern percept-driven robot plans. PHAMs represent aspects of robot behavior that cannot be represented by most action models used in AI planning: the temporal structure of continuous control processes, their non-deterministic effects, several modes of their interferences, and the achievement of triggering conditions in closed-loop robot plans. The main contributions of this article are: (1) PHAMs, a model of concurrent percept-driven behavior, its formalization, and proofs that the model generates probably, qualitatively accurate predictions; and (2) a resource-efficient inference method for PHAMs based on sampling projections from probabilistic action models and state descriptions. We show how PHAMs can be applied to planning the course of action of an autonomous robot office courier based on analytical and experimental results