Reuse and integration of specification logics: the hybridisation perspective

Hybridisation is a systematic process along which the characteristic features of hybrid logic, both at the syntactic and the semantic levels, are developed on top of an arbitrary logic framed as an institution. It also captures the construction of first-order encodings of such hybridised institutions into theories in first-order logic. The method was originally developed to build suitable logics for the specification of reconfigurable software systems on top of whatever logic is used to describe local requirements of each system’s configuration. Hybridisation has, however, a broader scope, providing a fresh example of yet another development in combining and reusing logics driven by a problem from Computer Science. This paper offers an overview of this method, proposes some new extensions, namely the introduction of full quantification leading to the specification of dynamic modalities, and exemplifies its potential through a didactical application. It is discussed how hybridisation can be successfully used in a formal specification course in which students progress from equational to hybrid specifications in a uniform setting, integrating paradigms, combining data and behaviour, and dealing appropriately with systems evolution and reconfiguration.This work is financed by the ERDF—European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation—COMPETE 2020 Programme, and by National Funds through the FCT (Portuguese Foundation for Science and Technology) within project POCI-01-0145-FEDER-006961. M. Martins was further supported by project UID/MAT/04106/2013. A. Madeira and R. Neves research was carried out in the context of a post-doc and a Ph.D. grant with references SFRH/BPD/103004/2014 and SFRH/BD/52234/2013, respectively. L.S. Barbosa is also supported by SFRH/BSAB/ 113890/2015

Hybridization of institutions

Extended version including all proofsModal logics are successfully used as specification logics for reactive systems. However, they are not expressive enough to refer to individual states and reason about the local behaviour of such systems. This limitation is overcome in hybrid logics which introduce special symbols for naming states in models. Actually, hybrid logics have recently regained interest, resulting in a number of new results and techniques as well as applications to software specification. In this context, the first contribution of this paper is an attempt to ‘universalize’ the hybridization idea. Following the lines of [DS07], where a method to modalize arbitrary institutions is presented, the paper introduces a method to hybridize logics at the same institution-independent level. The method extends arbitrary institutions with Kripke semantics (for multi-modalities with arbitrary arities) and hybrid features. This paves the ground for a general result: any encoding (expressed as comorphism) from an arbitrary institution to first order logic (FOL) deter- mines a comorphism from its hybridization to FOL. This second contribution opens the possibility of effective tool support to specification languages based upon logics with hybrid features.Fundação para a Ciência e a Tecnologia (FCT

Encoding hybridised institutions into first order logic

"First published online: 12 November 2014"A ‘hybridization’ of a logic, referred to as the base logic, consists of developing the characteristic features of hybrid logic on top of the respective base logic, both at the level of syntax (i.e. modalities, nominals, etc.) and of the semantics (i.e. possible worlds). By ‘hybridized institutions’ we mean the result of this process when logics are treated abstractly as institutions (in the sense of the institution theory of Goguen and Burstall). This work develops encodings of hybridized institutions into (many-sorted) first order logic (abbreviated FOL) as a ‘hybridization’ process of abstract encodings of institutions into FOL, which may be seen as an abstraction of the well known standard translation of modal logic into first order logic. The concept of encoding employed by our work is that of comorphism from institution theory, which is a rather comprehensive concept of encoding as it features encodings both of the syntax and of the semantics of logics/institutions. Moreover we consider the so-called theoroidal version of comorphisms that encode signatures to theories, a feature that accommodates a wide range of concrete applications. Our theory is also general enough to accomodate various constraints on the possible worlds semantics as well a wide variety of quantifications. We also provide pragmatic sufficient conditions for the conservativity of the encodings to be preserved through the hybridization process, which provides the possibility to shift a formal verification process from the hybridized institution to FOL.We thank both Till Mossakowski and Andrzej Tarlecki for the technical suggestion of using the predicates D. The work of the first author has been supported by a grant of the Romanian National Authority for Scientific Research, CNCS-UEFISCDI, project number PN-II-ID-PCE-2011-3-0439. The work of the second author was funded by the European Regional Development Fund through the COMPETE Programme, and by the Portuguese Foundation for Science and Technology through the projects FCOMP-01-0124-FEDER-028923 and NORTE-01-0124-FEDER-000060

A Deductive Verification Infrastructure for Probabilistic Programs

This paper presents a quantitative program verification infrastructure for discrete probabilistic programs. Our infrastructure can be viewed as the probabilistic analogue of Boogie: its central components are an intermediate verification language (IVL) together with a real-valued logic. Our IVL provides a programming-language-style for expressing verification conditions whose validity implies the correctness of a program under investigation. As our focus is on verifying quantitative properties such as bounds on expected outcomes, expected run-times, or termination probabilities, off-the-shelf IVLs based on Boolean first-order logic do not suffice. Instead, a paradigm shift from the standard Boolean to a real-valued domain is required. Our IVL features quantitative generalizations of standard verification constructs such as assume- and assert-statements. Verification conditions are generated by a weakest-precondition-style semantics, based on our real-valued logic. We show that our verification infrastructure supports natural encodings of numerous verification techniques from the literature. With our SMT-based implementation, we automatically verify a variety of benchmarks. To the best of our knowledge, this establishes the first deductive verification infrastructure for expectation-based reasoning about probabilistic programs

A Deductive Verification Infrastructure for Probabilistic Programs

This paper presents a quantitative program verification infrastructure for discrete probabilistic programs. Our infrastructure can be viewed as the probabilistic analogue of Boogie: its central components are an intermediate verification language (IVL) together with a real-valued logic. Our IVL provides a programming-language-style for expressing verification conditions whose validity implies the correctness of a program under investigation. As our focus is on verifying quantitative properties such as bounds on expected outcomes, expected run-times, or termination probabilities, off-the-shelf IVLs based on Boolean first-order logic do not suffice. Instead, a paradigm shift from the standard Boolean to a real-valued domain is required. Our IVL features quantitative generalizations of standard verification constructs such as assume- and assert-statements. Verification conditions are generated by a weakest-precondition-style semantics, based on our real-valued logic. We show that our verification infrastructure supports natural encodings of numerous verification techniques from the literature. With our SMT-based implementation, we automatically verify a variety of benchmarks. To the best of our knowledge, this establishes the first deductive verification infrastructure for expectation-based reasoning about probabilistic programs

Behavioral equivalence of hidden k-logics: an abstract algebraic approach

This work advances a research agenda which has as its main aim the application of Abstract Algebraic Logic (AAL) methods and tools to the specification and verification of software systems. It uses a generalization of the notion of an abstract deductive system to handle multi-sorted deductive systems which differentiate visible and hidden sorts. Two main results of the paper are obtained by generalizing properties of the Leibniz congruence — the central notion in AAL. In this paper we discuss a question we posed in [1] about the relationship between the behavioral equivalences of equivalent hidden logics. We also present a necessary and sufficient intrinsic condition for two hidden logics to be equivalent

Foundations and techniques for software reconfigurability

Programa de doutoramento em Informática das Universidades do Minho, de Aveiro e do PortoThe qualifier reconfigurable is used for software systems which behave differently in different modes of operation (often called configurations) and commute between them along their lifetime. Such systems, which evolve in response to external or internal stimulus, are everywhere: from e-Health or e-Government integrated services to sensor networks, from domestic appliances to complex systems distributed and collaborating over the web, from safety or mission-critical applications to massive parallel software. There are two basic approaches to formally capture requirements of this sort of systems: one emphasizes behaviour and its evolution; the other focus on data and their transformations. Within the first paradigm, reconfigurable systems are regarded as (some variant of) state-machines whose states correspond to the different configurations they may assume. On the other hand, in data-oriented approaches the system’s functionality is specified in terms of input-output relations modelling operations on data. A specification presents a theory in a suitable logic, expressed over a signature which captures its syntactic interface. Its semantics is a class of concrete algebras or relational structures, acting as models for the specified theory. The observation that whatever services a reconfigurable system may offer, at each moment, may depend on the stage of its evolution, suggests that both dimensions (data and behaviour) are interconnected and should be combined. In particular, each node in the transition system which describes a reconfiguration space, may be endowed with a local structure modelling the functionality of the respective configuration. This is the basic insight of a configurations-as-local-models specification style. These specifications are modeled by structured state-machines, states denoting complex structures, rather than sets. A specification for this sort of system should be able to make assertions both about the transition dynamics and, locally, about each particular configuration. This leads to the adoption of hybrid logic, which adds to the modal description of transition structures the ability to refer to specific states, as the lingua franca for a suitable specification method. On the other hand, specific applications may require specific logics to describe their configurations. For example, requirements expressed equationally lead to a configurations-as-algebras perspective. But depending on their nature one could also naturally end up in configurations-as-relational-structutres, or probabilistic spaces or even in configurations-as-Kripke-structutres, if first-order, fuzzy or modal logic is locally used. The aim of this thesis is to develop the foundations for a specification method based on these principles. To subsume all the possibilities above our approach builds on very general grounds. Therefore, instead of committing to a particular version of hybrid logic, we start by choosing a specific logic for expressing requirements at the configuration (static) level. This is later taken as the base logic on top of which the characteristic features of hybrid logic, both at the level of syntax (i.e. modalities, nominals, etc.) and of the semantics (i.e. possible worlds), are developed. This process is called hybridisation and is one of the main technical contributions of this thesis. To be completely general, it is framed in the context of the theory of institutions of J. Goguen and R. Burstall, each logic (base and hybridised) being treated abstractly as an institution. In this setting the thesis’ contributions are the following: A method to hybridise arbitrary institutions; this can be understood as a source of logics to support arbitrary configurations-as-local-models specifications. A method to lift encodings (technically, comorphisms) from an institution to a presentation in first-order logic, into encodings from its hybridisation to a presentation in first-order logic; this result paves the way to the introduction of suitable automatised proof support for a wide range of hybridised logics. Suitable characterisations of bisimulation and refinement for models of (generic) hybridisations, which provide canonical, satisfaction preserving relations to identify and relate models. A two-stage specification method for reconfigurable systems based on a global transition structure to capture the system’s reconfiguration space, and a local specification of configurations in whatever logic is found expressive enough for the requirements at hands. A set of additional technics to assist the process of specifying and verifying requirements for reconfigurable systems, with partial tool support.O termo reconfigurável é usado para sistemas de software que se comportam de forma diferente em diferentes modos de operação (frequentemente chamados de configurações) comutando entre eles, ao longo do seu ciclo de vida. Estes sistemas, que evoluem em resposta a estímulos externos e internos, estão por toda a parte, desde sistemas de e-Health ou sistemas integrados de e-Governement, às redes de sensores, das aplicações domésticas aos complexos sistemas distribuidos, dos sistemas críticos de missão ao software de computação paralela. Existem duas abordagens formais para captar requisitos deste tipo de sistemas: uma focada no comportamento e evolução; e outra focada nos dados e respectivas transformações. Segundo o primeiro paradigma, os sistemas reconfiguráveis são abordados por (alguma variante) de máquinas-de-estados, correspondendo, cada um dos seus estados, a uma configuração que o sistema possa assumir. A outra abordagem, orientada aos dados, especifica as funcionalidades do sistema em função de relações de input-output, que modelam operações nos dados. Uma especificação apresenta uma teoria numa lógica adequada, expressa sobre uma assinatura que capta a sua interface sintática. A sua semântica consiste na classe de álgebras, ou estruturas de primeira ordem, que modelam a teoria especificada. A observação de que, a cada momento, os serviços oferecidos por um sistema reconfigurável possam depender do estado da sua evolução, sugere-nos que ambas as dimensões (dados e comportamento) estejam interligados e devam ser combinados. Em particular, cada nó do sistema de transição, que descreve o espaço de reconfigurabilidade, pode ser dotado de uma estrutura local onde as funcionalidades do sistema, na respectiva configuração, são modeladas. Esta é a ideia base da especificação configurações-como-modeloslocais. Tecnicamente, as especificações são modeladas por máquinas de estados estruturadas, onde cada estado denota uma estrutura complexa, ao invés de um conjunto. Uma especificação para este tipo de sistemas deve ser adequada à expressão de asserções acerca da dinâmica de transições, assim como, ao nível local de cada configuração particular. Isto leva-nos à adopção de lógica híbrida, que adiciona, mecanismos para referir estados específicos à expressividade modal dos sistemas de transição, como lingua franca para um método adequado de especificação. Por outro lado, aplicações podem requerer lógicas específicas para descrever as suas configurações. Por exemplo, requisitos expressos por equações devem ser modelados numa perspectiva configurações-como-álgebras. Dependendo da sua natureza, podemos considerar configurações-como-estruturas de primeira ordem, ou configurações-como-espaços probabilísticos ou mesmo configurações-como-estruturas de Kripke quando usadas, localmente, lógica de primeira ordem, lógica fuzzy, ou lógica modal respectivamente. O objectivo da tese é desenvolver os fundamentos para um método de especificação baseado nestes princípios. Por forma a acomodar todas estas possibilidades, a abordagem é desenvolvida sob fundamentos muito genéricos. Ao invés de comprometer a abordagem com uma lógica híbrida particular, partimos da escolha da lógica específica para especificar requisitos ao nível (estáctico) local. Esta lógica é então tomada como lógica de base, sobre a qual os mecanismos da lógica híbrida, tanto ao nível sintáctico (i.e., modalidades, nominais, etc.) como ao semântico (i.e., mundos possíveis), são desenvolvidos. Este processo, que chamamos de hibridização, é uma das principais contribuições técnicas da tese. A generalidade do método resulta do seu desenvolvimento no contexto da teoria das instituições de J. Goguen e R. Burstall. As peincipais contribuições da tese são: • um método para hibridizar instituições arbitrárias; o que pode ser entendido como uma fonte de lógicas para suportar especificações configurações- como-modelos-locais arbitrárias • um método para transportar codificações de uma instituição nas apresentações de primeira ordem (tecnicamente comorfismos), em codificações da sua hibridização em apresentações em primeira ordem; este resultado abre o caminho para a introdução do suporte de prova automático para uma ampla classe de lógicas híbridas; • caracterização de relações de bissimulação e de refinamento para modelos de hibridizações genéricas. Isto oferece relações canónicas, que preservam satisfação, para identificar e relacionar modelos; • um método de especificação para sistemas reconfiguráveis com dois estágios, baseado numa estrutura de transição global, onde o espaço de reconfigurações do sistema é modelado; e numa especificação local das configurações expressa numa lógica escolhida como adequada, aos requisitos a tratar; • um conjunto de técnicas adicionais para assistir o processo de especificação e de verificação de requisitos de sistemas reconfiguráveis com suporte parcial de ferramentas.Fundação para a Ciência e Tecnologia (FCT) and Critical Software S.A., under BDE grant under the contract SFRH/BDE/33650/2009 and by the MONDRIAN Project (FCT) under the contract PTDC/EIA-CCO/108302/2008