Towards a Theory of Glue

We propose and study the notions of behaviour type and composition operator making a first step towards the definition of a formal framework for studying behaviour composition in a setting sufficiently general to provide insight into how the component-based systems should be modelled and compared. We illustrate the proposed notions on classical examples (Traces, Labelled Transition Systems and Coalgebras). Finally, the definition of memoryless glue operators, takes us one step closer to a formal understanding of the separation of concerns principle stipulating that computational aspects of a system should be localised within its atomic components, whereas coordination layer responsible for managing concurrency should be realised by memoryless glue operators.Comment: In Proceedings ICE 2012, arXiv:1212.345

Tools and Algorithms for the Construction and Analysis of Systems

This book is Open Access under a CC BY licence. The LNCS 11427 and 11428 proceedings set constitutes the proceedings of the 25th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2019, which took place in Prague, Czech Republic, in April 2019, held as part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2019. The total of 42 full and 8 short tool demo papers presented in these volumes was carefully reviewed and selected from 164 submissions. The papers are organized in topical sections as follows: Part I: SAT and SMT, SAT solving and theorem proving; verification and analysis; model checking; tool demo; and machine learning. Part II: concurrent and distributed systems; monitoring and runtime verification; hybrid and stochastic systems; synthesis; symbolic verification; and safety and fault-tolerant systems

Realisability of Global Models of Interaction (Extended Version)

We consider global models of communicating agents specified as transition systems labelled by interactions in which multiple senders and receivers can participate. A realisation of such a model is a set of local transition systems—one per agent—which are executed concurrently using synchronous communication. Our core challenge is how to check whether a global model is realisable and, if it is, how to synthesise a realisation. We identify and compare two variants to realise global interaction models, both relying on bisimulation equivalence. Then we investigate, for both variants, realisability conditions to be checked on global models. We propose a synthesis method for the construction of realisations by grouping locally indistinguishable states. The paper is accompanied by a tool that implements realisability checks and synthesises realisations. This document extends a publication accepted at the International Colloquium on Theoretical Aspects of Computing 2023 (ICTAC 2023), including the proofs of all results, more examples, and a more detailed explanation of the companion prototype tool

Feature Nets: behavioural modelling of software product lines

Software product lines (SPL) are diverse systems that are developed using a dual engineering process: (a)family engineering defines the commonality and variability among all members of the SPL, and (b) application engineering derives specific products based on the common foundation combined with a variable selection of features. The number of derivable products in an SPL can thus be exponential in the number of features. This inherent complexity poses two main challenges when it comes to modelling: Firstly, the formalism used for modelling SPLs needs to be modular and scalable. Secondly, it should ensure that all products behave correctly by providing the ability to analyse and verify complex models efficiently. In this paper we propose to integrate an established modelling formalism (Petri nets) with the domain of software product line engineering. To this end we extend Petri nets to Feature Nets. While Petri nets provide a framework for formally modelling and verifying single software systems, Feature Nets offer the same sort of benefits for software product lines. We show how SPLs can be modelled in an incremental, modular fashion using Feature Nets, provide a Feature Nets variant that supports modelling dynamic SPLs, and propose an analysis method for SPL modelled as Feature Nets. By facilitating the construction of a single model that includes the various behaviours exhibited by the products in an SPL, we make a significant step towards efficient and practical quality assurance methods for software product lines

Formální komponentový model pro mobilní architektury

Disertační práce se zabývá modelováním komponentových systémů a formálním popisem jejich chování. Řešení je založeno na vlastním komponentovém modelu, který je popsán meta-modelem, z logického pohledu, a popisem v pi-kalkulu, z procesního pohledu. Je ukázáno, že komponentový model pokrývá dynamické aspekty softwarových architektur včetně mobility jejich komponent. Dále je popsán způsob modelování chování v architekturách orientovaných na služby a přechod ke komponentovým systémům. Chování konkrétní architektury orientované na služby lze pak vyjádřit jako jediný proces v pi-kalkulu. V závěru práce je navržené řešení ověřeno na případové studii prostředí pro testování kritických aplikací. Přínosem disertační práce je zejména zmíněná podpora dynamických architektur a integrace s architekturami orientovanými na služby.In the thesis, we propose an approach to modelling of component-based systems and formal description of their behaviour. The approach is based on a novel component model defined by a metamodel in a logical view and by description in the pi-calculus in a process view. We show that the component model addresses the dynamic aspects of software architectures including the component mobility. Furthermore, we propose a method of behavioural modelling of service-oriented architectures to pass smoothly from service level to component level and to describe behaviour of a whole system, services and components, as a single pi-calculus process. Finally, we illustrate an application of our approach on a case study of an environment for functional testing of complex safety-critical systems. The support of dynamic architecture and the integration with service-oriented architecture compromise the main advantages of our approach.Katedra softwarového inženýrstvíDepartment of Software EngineeringFaculty of Mathematics and PhysicsMatematicko-fyzikální fakult

A compositional analysis of broadcasting embedded systems

This work takes as its starting point D Kendall's CANdle/bCANdle algebraic framework for formal modelling and specification of broadcasting embedded systems based on CAN networks. Checking real-time properties of such systems is beset by problems of state-space explosion and so a scheme is given for recasting systems specified in Kendall's framework as parallel compositions of timed automata; a CAN network channel is modelled as an automaton. This recasting is shown to be bi-similar to the original bCANdle model. In the recast framework,"compositionality" theorems allow one to infer that a model of a system is simulated by some abstraction of the model, and hence that properties of the model expressible in ACTL can be inferred from analogous properties of the abstraction. These theorems are reminiscent of "assume-guarantee" reasoning allowing one to build simulations component-wise although, unfortunately, components participating in a "broadcast" are required to be abstracted "atomically". Case studies are presented to show how this can be used in practice, and how systems which take impossibly long to model-check can tackled by compositional methods. The work is of broader interest also, as the models are built as UPPAAL systems and the compositionality theorems apply to any UPPAAL system in which the components do not share local variables. The method could for instance extend to systems using some network other than CAN, provided it can be modelled by timed automata. Possibilities also exist for building it into an automated tool, complementing other methods such as counterexample- guided abstraction refinement

Probabilistic Guarded KAT Modulo Bisimilarity: Completeness and Complexity

We introduce Probabilistic Guarded Kleene Algebra with Tests (ProbGKAT), an extension of GKAT that allows reasoning about uninterpreted imperative programs with probabilistic branching. We give its operational semantics in terms of special class of probabilistic automata. We give a sound and complete Salomaa-style axiomatisation of bisimilarity of ProbGKAT expressions. Finally, we show that bisimilarity of ProbGKAT expressions can be decided in O(n3 log n) time via a generic partition refinement algorithm