Control design for hybrid systems with TuLiP: The Temporal Logic Planning toolbox

This tutorial describes TuLiP, the Temporal Logic Planning toolbox, a collection of tools for designing controllers for hybrid systems from specifications in temporal logic. The tools support a workflow that starts from a description of desired behavior, and of the system to be controlled. The system can have discrete state, or be a hybrid dynamical system with a mixed discrete and continuous state space. The desired behavior can be represented with temporal logic and discrete transition systems. The system description can include uncontrollable variables that take discrete or continuous values, and represent disturbances and other environmental factors that affect the dynamics, as well as communication signals that affect controller decisions

Computing refactorings of state machines

For behavior models expressed in statechart-like formalisms, we show how to compute semantically equivalent yet structurally different models. These refactorings are defined by user-provided logical predicates that partition the system's state space and that characterize coherent parts - modes or control states-of the behavior. We embed the refactorings into an incremental development process that uses a combination of both tables and graphically represented state machines for describing system

A formal framework for the specification of interactive systems

We are primarily concerned with interactive systems whose behaviour is highly reliant on end user activity. A framework for describing and synthesising such systems is developed. This consists of a functional description of the capabilities of a system together with a means of expressing its desired 'usability'. Previous work in this area has concentrated on capturing 'usability properties' in discrete mathematical models. We propose notations for describing systems in a 'requirements' style and a 'specification' style. The requirements style is based on a simple temporal logic and the specification style is based on Lamport's Temporal Logic of Actions (TLA) [74]. System functionality is specified as a collection of 'reactions', the temporal composition of which define the behaviour of the system. By observing and analysing interactions it is possible to determine how 'well' a user performs a given task. We argue that a 'usable' system is one that encourages users to perform their tasks efficiently (i.e. to consistently perform their tasks well) hence a system in which users perform their tasks well in a consistent manner is likely to be a usable system. The use of a given functionality linked with different user interfaces then gives a means by which interfaces (and other aspects) can be compared and suggests how they might be harnessed to bias system use so as to encourage the desired user behaviour. Normalising across different users anq different tasks moves us away from the discrete nature of reactions and hence to comfortably describe the use of a system we employ probabilistic rather than discrete mathematics. We illustrate that framework with worked examples and propose an agenda for further work

Detecting interference through graph reduction

Parallel programs which run in a shared-memory model have several threads that may interfere. There are constraints between the threads and these constraints can be modelled by a net. We present TLA nets, which are interesting for the representation of concurrent executions. A reduction operation is defined on these nets, in order to detect interferences. These interferences can be eliminated by adding components such as delays to the net. TLA nets are a graphical tool to explore the constraints of parallel programming

Testing Temporal Logic Properties in Distributed Systems

The concept of event-based behavioral abstraction (EBBA) is shown to facilitate the Design For Testability (DFT) if the set of events is well-chosen. We provide a predefined set of events which, together with linear-time temporal logic, can be used for expressing behavioral properties in object-oriented distributed systems. This allows automizing several steps in the testing process: instrumenting the source code, constructing test-oracles and generating an observer. Taking an industrial example as basis, we discuss how our proposal can be integrated into the software design- and testing process

User Interface Design With Matrix Algebra •

It is usually very hard, both for designers and users, to reason reliably about user interfaces. This article shows that 'push button' and 'point and click' user interfaces are algebraic structures. Users effectively do algebra when they interact, and therefore we can be precise about some important design issues and issues of usability. Matrix algebra, in particular, is useful for explicit calculation and for proof of various user interface properties. With matrix algebra, we are able to undertake with ease unusally thorough reviews of real user interfaces: this article examines a mobile phone, a handheld calculator and a digital multimeter as case studies, and draws general conclusions about the approach and its relevance to design

Formal Methods for Communication Services

We survey formal methods as they are applied to the development of communication services. We report on industrial and academic projects, consider different communication architectures and work related to the feature interaction problem. Based on our survey, the results reported in the literature and most importantly, on extensive discussions with industry, we investigate important industrial concerns and criticisms about the use of formal methods for the development of communication services. We report on a collaborative project between the Swiss Federal Institute of Technology in Lausanne, Swisscom, Alcatel and Thomson in which these industrial concerns have been taken into account from the very beginning. The results of this project are currently being integrated into an industrial software development platform

Predicate Diagrams as Basis for the Verification of Reactive Systems

This thesis proposes a diagram-based formalism for verifying temporal properties of reactive systems. Diagrams integrate deductive and algorithmic verification techniques for the verification of finite and infinite-state systems, thus combining the expressive power and flexibility of deduction with the automation provided by algorithmic methods. Our formal framework for the specification and verification of reactive systems includes the Generalized Temporal Logic of Actions (TLA*) from Merz for both mathematical modeling reactive systems and specifying temporal properties to be verified. As verification method we adopt a class of diagrams, the so-called predicate diagrams from Cansell et al. We show that the concept of predicate diagrams can be used to verify not only discrete systems, but also some more complex classes of reactive systems such as real-time systems and parameterized systems. We define two variants of predicate diagrams, namely timed predicate diagrams and parameterized predicate diagrams, which can be used to verify real-time and parameterized systems. We prove the completeness of predicate diagrams and study an approach for the generation of predicate diagrams. We develop prototype tools that can be used for supporting the generation of diagrams semi-automatically.In dieser Arbeit schlagen wir einen diagramm-basierten Formalismus für die Verifikation reaktiver Systeme vor. Diagramme integrieren die deduktiven und algorithmischen Techniken zur Verifikation endlicher und unendlicher Systeme, dadurch kombinieren sie die Ausdrucksstärke und die Flexibilität von Deduktion mit der von algoritmischen Methoden unterstützten Automatisierung. Unser Ansatz für Spezifikation und Verifikation reaktiver Systeme schließt die Generalized Temporal Logic of Actions (TLA*) von Merz ein, die für die mathematische Modellierung sowohl reaktiver Systeme als auch ihrer Eigenschaften benutzt wird. Als Methode zur Verifikation wenden wir Prädikaten-diagramme von Cansell et al. an. Wir zeigen, daß das Konzept von Prädikatendiagrammen verwendet werden kann, um nicht nur diskrete Systeme zu verifizieren, sondern auch kompliziertere Klassen von reaktiven Systemen wie Realzeitsysteme und parametrisierte Systeme. Wir definieren zwei Varianten von Prädikatendiagrammen, nämlich gezeitete Prädikatendiagramme und parametrisierte Prädikatendiagramme, die benutzt werden können, um die Realzeit- und parametrisierten Systeme zu verifizieren. Die Vollständigkeit der Prädikatendiagramme wird nachgewiesen und ein Ansatz für die Generierung von Prädikatendiagrammen wird studiert. Wir entwickeln prototypische Werkzeuge, die die semi-automatische Generierung von Diagrammen unterstützen