The systematic construction of information systems

Process modelling is a vital issue for communicating with experts of the application domain. Depending on the roles and responsibilities of the application domain experts involved, process models are discussed on different levels of abstraction. These may range from detailed regulation for process execution to the interrelation of basic core processes on a strategic level. To ensure consistency and to allow for a flexible integration of process information on different levels of abstraction, we introduce a transformational calculus that allows the incremental addition to and refinement of the information in a process model, while maintaining the validity of more abstract high level processes. A complete formal treatment of model and the calculus is given and is illustrated on a small banking example.Funding received from the UK Engineering and Physical Sciences Research Council (EPSRC) through the Research Grant GR/M/0258

Fractional permissions and non-deterministic evaluators in interval temporal logic

We propose Interval Temporal Logic as a basis for reasoning about concurrent programs with fine-grained atomicity due to the generality it provides over reasoning with standard pre/post-state relations. To simplify the semantics of parallel composition over intervals, we use fractional permissions, which allows one to ensure that conflicting reads and writes to a variable do not occur simultaneously. Using non-deterministic evaluators over intervals, we enable reasoning about the apparent states over an interval, which may differ from the actual states in the interval. The combination of Interval Temporal Logic, non-deterministic evaluators and fractional permissions results in a generic framework for reasoning about concurrent programs with fine-grained atomicity. We use our logic to develop rely/guarantee-style rules for decomposing a proof of a large system into proofs of its subcomponents, where fractional permissions are used to ensure that the behaviours of a program and its environment do not conflict

ATOM: an object-based formal method for real-time systems

An object based formal method for the development of real-time systems, called ATOM, is presented. The method is an integration of the real-time formal technique TAM (Temporal Agent Model) with an industry-strength structured methodology known as HRT-HOOD. ATOM is a systematic formal approach based on the refinement calculus. Within ATOM, a formal specification (or abstract description statement) contains Interval Temporal Logic (ITL) description of the timing, functional, and communication behavior of the proposed real-time system. This formal specification can be analyzed and then refined into concrete statements through successive applications of sound refinement laws. Both abstract and concrete statements are allowed to freely intermix. The semantics of the concrete statements in ATOM are defined denotationally in specification-oriented style using ITL.Funding received from the UK Engineering and Physical Sciences Research Council (EPSRC) through the Research Grant GR/M/0258

Designing a provably correct robot control system using a "lean" formal method

A development method for the construction of provably correct robot control systems together with its supporting tool environment are described. The method consists of four stages: 1. specification, 2. refinement, 3. simulation and 4. code. The method is centered around the notion of wide-spectrum formalism within which an abstract Interval Temporal Logic (ITL) representation is intermixed freely with the concrete Temporal Agent Model (TAM) representation of the system under consideration. The method with its associated tool support is applied to the design of a robot control system.Funded by EPSRC Research Grant GR/K25922: A compositional approach to the specification of systems using ITL and Tempura

Proving the correctness of the interlock mechanism in processor design.

In this paper, Interval Temporal Logic (ITL) us used to specify and verify the event processor EP/3, which is a multi-threaded pipeline processor capable of executing parallel programs. We first give the high level specification of the EP/3 with emphasis on the interlock mechanism. The interlock mechanism is used in processor design especially for dealing with pipeline conflict problems. We prove that the specification satisfies certain safety and liveness properties. An advantage of ITL is that it has an executable part, i.e., we can simulate a specification before proving properties about it. This will help us to get the right specification.Nick Coleman - full name J. Nick Colema

Compositional modelling: The formal perspective

We provide a formal framework within which an Information System (IS) could be modelled, analysed, and verified in a compositional manner. Our work is based on Interval Temporal Logic (ITL) and its programming language subset, Tempura. This is achieved by considering IS, of an enterprise, as a class of reactive systems in which it is continually reacting to asynchronously occurring events within a given period of time. Such a reactive nature permits an enterprise to pursue its business activities to best compete with others in the market place. The technique is illustrated by applying it to a small case study from Public Service Systems (PSS).Funding received from the UK Engineering and Physical Sciences Research Council (EPSRC) through the Research Grant GR/M/0258

Capacity : un modèle abstraite du contrôle sur les données personnelles

While the control of individuals over their personal data is increasingly seen as an essential component of their privacy, the word “control” is usually used in a very vague way, both by lawyers and by computer scientists.This lack of precision may lead to misunderstandings and makes it difficult to check compliance.To address this issue, we propose a formal framework based on capacities to specify the notion of control over personal data and to reason about control properties.We illustrate our framework with social network systems and show that it makes it possible to characterize the types of control over personal data that they provide to their users and to compare them in a rigorous way.Tandis que le contrôle des individus sur leurs données personnelles est de plus en plus perçu comme un élément essentiel du respect de leur vie privée, le terme "contrôle" est la plupart du temps utilisé de manière vague, autant par les juristes que les informaticiens.Ce manque de rigueur pourrait causer des mécompréhensions et rend difficile les vérifications de conformité.Pour résoudre ce problème, nous proposons un cadre formel basé sur les capacités pour spécifier la notion de contrôle sur les données personnelles et raisonner sur les propriétés de ce contrôle.Nous appliquons notre cadre formel à des systèmes de réseaux sociaux et montrons qu'il rend possible la caractérisation du type de contrôle des données personnelles que ces systèmes fournissent à leurs utilisateurs ainsi que la comparaison rigoureuse de ces systèmes du point de vu du contrôle

A Complete Axiom System for Propositional Interval Temporal Logic with Infinite Time

Interval Temporal Logic (ITL) is an established temporal formalism for reasoning about time periods. For over 25 years, it has been applied in a number of ways and several ITL variants, axiom systems and tools have been investigated. We solve the longstanding open problem of finding a complete axiom system for basic quantifier-free propositional ITL (PITL) with infinite time for analysing nonterminating computational systems. Our completeness proof uses a reduction to completeness for PITL with finite time and conventional propositional linear-time temporal logic. Unlike completeness proofs of equally expressive logics with nonelementary computational complexity, our semantic approach does not use tableaux, subformula closures or explicit deductions involving encodings of omega automata and nontrivial techniques for complementing them. We believe that our result also provides evidence of the naturalness of interval-based reasoning

Introduction to Runtime Verification

International audienceThe aim of this chapter is to act as a primer for those wanting to learn about Runtime Verification (RV). We start by providing an overview of the main specification languages used for RV. We then introduce the standard terminology necessary to describe the monitoring problem, covering the pragmatic issues of monitoring and instrumentation, and discussing extensively the monitorability problem