Extended Fault Trees Analysis supported by Stochastic Petri Nets

This work presents several extensions to the Fault Tree [90] formalism used to build models oriented to the Dependability [103] analysis of systems. In this way, we increment the modelling capacity of Fault Trees which turn from simple combinatorial models to an high level language to represent more complicated aspects of the behaviour and of the failure mode of systems. Together with the extensions to the Fault Tree formalism, this work proposes solution methods for extended Fault Trees in order to cope with the new modelling facilities. These methods are mainly based on the use of Stochastic Petri Nets. Some of the formalisms described in this work are already present in the literature; for them we propose alternative solution methods with respect to the existing ones. Other formalisms are instead part of the original contribution of this work

Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Evaluation of Development Process and Methodology for Co-Models

An embedded control system often requires a tight association between computational and physical system components. In such cases, embedded system development is difficult, as it requires the collaboration among stakeholders with different backgrounds (software engineers, mechanical engineers, managers etc.). With the constant increase in design complexity, caused by advances in implementation technologies, new ways of approaching embedded system development are needed.This thesis presents an evaluation of a tool-oriented development process and methodology, supporting embedded system development. The philosophy of the development process and methodology, is that design complexity can be managed through collaborative work and multi-disciplinary modeling. To obtain input for the evaluation work, the development process is applied during a case study, involving the development of a route following robot and a model of this. To demonstrate the value of this model, it is simulated to predict route completion times for the physical robot.The evaluation work identifies possibilities and challenges of the development process and methodology, with respect to traditional physicalprototyping. This will support developers in choosing the most optimal way of approaching development. In addition to this, suggestions for extensions to the methodology are provided. These intend to increasethe value the development process and methodology may bring thedevelopment work

Certifying planning systems : witnesses for unsolvability

Classical planning tackles the problem of finding a sequence of actions that leads from an initial state to a goal. Over the last decades, planning systems have become significantly better at answering the question whether such a sequence exists by applying a variety of techniques which have become more and more complex. As a result, it has become nearly impossible to formally analyze whether a planning system is actually correct in its answers, and we need to rely on experimental evidence. One way to increase trust is the concept of certifying algorithms, which provide a witness which justifies their answer and can be verified independently. When a planning system finds a solution to a problem, the solution itself is a witness, and we can verify it by simply applying it. But what if the planning system claims the task is unsolvable? So far there was no principled way of verifying this claim. This thesis contributes two approaches to create witnesses for unsolvable planning tasks. Inductive certificates are based on the idea of invariants. They argue that the initial state is part of a set of states that we cannot leave and that contains no goal state. In our second approach, we define a proof system that proves in an incremental fashion that certain states cannot be part of a solution until it has proven that either the initial state or all goal states are such states. Both approaches are complete in the sense that a witness exists for every unsolvable planning task, and can be verified efficiently (in respect to the size of the witness) by an independent verifier if certain criteria are met. To show their applicability to state-of-the-art planning techniques, we provide an extensive overview how these approaches can cover several search algorithms, heuristics and other techniques. Finally, we show with an experimental study that generating and verifying these explanations is not only theoretically possible but also practically feasible, thus making a first step towards fully certifying planning systems