Analysing Coloured Petri Nets by the Occurrence Graph Method

This paper provides an overview og the work done for the author's PhD thesis. The research area of Coloured Petri Nets is introduced, and the available analysis methods are presented. The occurrence graph method, which is the main subject of this thesis, is described in more detail. Summaries of the six papers which, together with this overview, comprise the thesis are given, and the contributions are discussed.A large portion of this overview is dedicated to a description of related work. The aim is twofold: First, to survey pertinent results within the research areas of -- in increasing generality -- Coloured Petri Nets, High-level Petri Nets, and formalisms for modelling and analysis of parallel and distributed systems. Second, to put the results obtained in this thesis in a wider perspective by comparing them with important related work

Formal verification of concurrent programs

Interactive theorem proving provides a general approach to modeling and verification of both finite-state and infinite-state systems but requires significant human efforts to deal with many tedious proofs. On the other hand, model-checking is limited to some application domain with small finite-state space. A natural thought for this problem is to integrate these two approaches. To keep the consistency of the integration and ensure the correctness of verification, we suggest to use type theory based theorem provers (e.g. Lego) as the platform for the integration and build a model-checker to do parts of the verification automatically. We formalise a verification system of both CCS and an imperative language in the proof development system Lego which can be used to verify both finite-state and infinite-state problems. Then a model-checker, LegoMC, is implemented to generate Lego proof terras for finite-state problems automatically. Therefore people can use Lego to verify a general problem with some of its finite sub-problems verified by LegoMC. On the other hand, this integration extends the power of model-checking to verify more complicated and infinite-state models as well. The development of automatic techniques and the integration of different reasoning methods would directly benefit the verification community. It is expected that further extension and development of this verification environment would be able to handle real life systems. On the other hand, the research gives us some experiences about how to automate proofs in interactive theorem provers and therefore will improve the usability and applicability of the theorem proving technology

Formal Methods Specification and Analysis Guidebook for the Verification of Software and Computer Systems

This guidebook, the second of a two-volume series, is intended to facilitate the transfer of formal methods to the avionics and aerospace community. The 1st volume concentrates on administrative and planning issues [NASA-95a], and the second volume focuses on the technical issues involved in applying formal methods to avionics and aerospace software systems. Hereafter, the term "guidebook" refers exclusively to the second volume of the series. The title of this second volume, A Practitioner's Companion, conveys its intent. The guidebook is written primarily for the nonexpert and requires little or no prior experience with formal methods techniques and tools. However, it does attempt to distill some of the more subtle ingredients in the productive application of formal methods. To the extent that it succeeds, those conversant with formal methods will also nd the guidebook useful. The discussion is illustrated through the development of a realistic example, relevant fragments of which appear in each chapter. The guidebook focuses primarily on the use of formal methods for analysis of requirements and high-level design, the stages at which formal methods have been most productively applied. Although much of the discussion applies to low-level design and implementation, the guidebook does not discuss issues involved in the later life cycle application of formal methods

Measuring concurrency in CCS

A research report submitted to the Faculty of Science, University of the Witwatersrand, Johannesburg, in partial fulfilment of the requirements for the degree of Master of ScienceThis research report investigates the application of Charron-Bost's measure of currency m to Milner's Calculus of Communicating Systems (CCS). The aim of this is twofold: first to evaluate the measure m in terms of criteria gathered from the literature: and second to determine the feasiblllty of measuring concurrency in CCS and hence provide a new tool for understanding concurrency using CCS. The approach taken is to identify the differences hetween the message-passing formalism in which the measure m is defined, and CCS and to modify this formalism to-enable the mapping of CCS agents to it. A software tool, the Concurrency Measurement Tool, is developed to permit experimentation with chosen CCS agents. These experiments show that the measure m, although intuitively appealing, is defined by an algebraic expression that is ill-behaved. A new measure is defined and it is shown that it matches the evaluation criteria better than m, although it is still not ideal. This work demonstrates that it is feasible to measure concurrency in CCS and that a methodology has been developed for evaluating concurrency measures.Andrew Chakane 201

An extended interval temporal logic and a framing technique for temporal logic programming

PhD ThesisTemporal logic programming is a paradigm for specification and verification of concurrent programs in which a program can be written, and the properties of the program can be described and verified in a same notation. However, there are many aspects of programming in temporal logics that are not well-understood. One such an aspect is concurrent programming, another is framing and the third is synchronous communication for parallel processes. This thesis extends the original Interval Temporal Logic (ITL) to include infinite models, past operators, and a new projection operator for dealing with concurrent computation, synchronous communication, and framing in the context of temporal logic programming. The thesis generalizes the original ITL to include past operators such as previous and past chop, and extends the model to include infinite intervals. A considerable collection of logic laws regarding both propositional and first order logics is formalized and proved within model theory. After that, a subset of the extended ITL is formalized as a programming language, called extended Tempura. These extensions, as in their logic basis, include infinite models, the previous operator, projection and framing constructs. A normal form for programs within the extended Tempura is demonstrated. Next, a new projection operator is introduced. In the new construct, the sub-processes are autonomous; each process has the right to specify its own interval over which it is executed. The thesis presents a framing technique for temporal logic programming, which includes the definitions of new assignments, the assignment flag and the framing operator, the formalization of algebraic properties of the framing operator, the minimal model semantics of framed programs, as well as an executable framed interpreter. The synchronous communication operator await is based directly on the proposed framing technique. It enables us to deal with concurrent computation. Based on EITL and await operator, a framed concurrent temporal logic programming language, FTLL, is formally defined within EITL. Finally, the thesis describes a framed interpreter for the extended Tempura which has been developed in SICSTUS prolog. In the new interpreter, the implementation of new assignments, the frame operator, the await operator, and the new projection operator are all included

A formal framework for the specification of interactive systems

We are primarily concerned with interactive systems whose behaviour is highly reliant on end user activity. A framework for describing and synthesising such systems is developed. This consists of a functional description of the capabilities of a system together with a means of expressing its desired 'usability'. Previous work in this area has concentrated on capturing 'usability properties' in discrete mathematical models. We propose notations for describing systems in a 'requirements' style and a 'specification' style. The requirements style is based on a simple temporal logic and the specification style is based on Lamport's Temporal Logic of Actions (TLA) [74]. System functionality is specified as a collection of 'reactions', the temporal composition of which define the behaviour of the system. By observing and analysing interactions it is possible to determine how 'well' a user performs a given task. We argue that a 'usable' system is one that encourages users to perform their tasks efficiently (i.e. to consistently perform their tasks well) hence a system in which users perform their tasks well in a consistent manner is likely to be a usable system. The use of a given functionality linked with different user interfaces then gives a means by which interfaces (and other aspects) can be compared and suggests how they might be harnessed to bias system use so as to encourage the desired user behaviour. Normalising across different users anq different tasks moves us away from the discrete nature of reactions and hence to comfortably describe the use of a system we employ probabilistic rather than discrete mathematics. We illustrate that framework with worked examples and propose an agenda for further work

Extending Event-B with discrete timing properties

Event-B is a formal language for systems modelling, based on set theory and predicate logic. It has the advantage of mechanized proof, and it is possible to model a system in several levels of abstraction by using refinement. Discrete timing properties are important in many critical systems. However, modelling of timing properties is not directly supported in Event-B. In this work, we identify three main categories of discrete timing properties for trigger response patterns, deadline, delay and expiry. We introduce language constructs for each of these timing properties that augment the Event-B language. We describe how these constructs have been given a semantics in terms of the standard Event-B constructs. To ease the process of using timing properties in a refinement-based development, we introduce patterns for refining the timing constructs that allow timing properties on abstract models to be replaced by timing properties on refined models. The language constructs and refinement patterns are illustrated through some generic examples.We have developed a tool to support our approach. Our tool is a plug-in to the Rodin tool-set for Event-B and automates the translation of timing properties to Event-B as well as the generation of gluing invariants, required to verify the consistency of timing properties refinement. In the end, we demonstrate the practicality of our approach, by going through the modelling and verifying process of two real-time case studies. The main focus will be the usefulness of the timing refinement patterns in a step-wise modelling and verification process of a real-time system

On Usage Control for Data Grids: Models, Architectures, and Specifications

This thesis reasons on usage control in Data Grids, by presenting models, architectures and specifications. This work is a step toward a continuous monitoring and control of the data access and usage in a Data Grid. First, the thesis presents a background on Grids, security, and security for Grids, by making an abstraction to the current Grid implementations. We argue that usage control in Data Grids should be considered as a process composed by two black boxes. We analysed the requirements for Grid security, and propose a distributed usage control model suitable for Grids and distributed systems alike. Then, we apply such model to a Data Grid abstraction, and present a usage control architecture for Data Grids that uses the functional components of the currents Grids. We also present an abstract specification for an enforcing mechanism for usage control policies. To do so, we use a formal requirement engineering methodology with a bottom-up approach, that proves that the specification is sound and complete. With the methodology, we show formally that such abstract specification can enforce all the different typologies of usage control policies. Finally, we consider how existing prototypes can fit in the proposed architecture, and the advantages derived from using Semantic Grid techologies for the specification of policies subjects and objects