The development and deployment of formal methods in the UK

UK researchers have made major contributions to the technical ideas underpinning formal approaches to the specification and development of computer systems. Perhaps as a consequence of this, some of the significant attempts to deploy theoretical ideas into practical environments have taken place in the UK. The authors of this paper have been involved in formal methods for many years and both have tracked a significant proportion of the whole story. This paper both lists key ideas and indicates where attempts were made to use the ideas in practice. Not all of these deployment stories have been a complete success and an attempt is made to tease out lessons that influence the probability of long-term impact.Comment: This work has been submitted to the IEEE for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessibl

User's guide to four-body and three-body trajectory optimization programs

A collection of computer programs and subroutines written in FORTRAN to calculate 4-body (sun-earth-moon-space) and 3-body (earth-moon-space) optimal trajectories is presented. The programs incorporate a variable step integration technique and a quadrature formula to correct single step errors. The programs provide capability to solve initial value problem, two point boundary value problem of a transfer from a given initial position to a given final position in fixed time, optimal 2-impulse transfer from an earth parking orbit of given inclination to a given final position and velocity in fixed time and optimal 3-impulse transfer from a given position to a given final position and velocity in fixed time

Proceedings of the 11th Overture Workshop

The 11th Overture Workshop was held in Aarhus, Denmark on Wed/Thu 28–29th Au- gust 2013. It was the 11th workshop in the current series focusing on the Vienna De- velopment Method (VDM) and particularly its community-based tools development project, Overture (http://www.overturetool.org/), and related projects such as COMPASS(http://www.compass-research.eu/) and DESTECS (http://www.destecs.org). Invited talks were given by Yves Ledru and Joe Kiniry. The workshop attracted 25 participants representing 10 nationalities. The goal of the workshop was to provide a forum to present new ideas, to identify and encourage new collaborative research, and to foster current strands of work towards publication in the mainstream conferences and journals. The Overture initiative held its first workshop at FM’05. Workshops were held subsequently at FM’06, FM’08 and FM’09, FM’11, FM’12 and in between

Fundamental Constructs in Programming Languages

Specifying the semantics of a programming language formally can have many benefits. However, it can also require a huge effort. The effort can be significantly reduced by translating language syntax to so-called fundamental constructs (funcons). A translation to funcons is easy to update when the language evolves, and it exposes relationships between individual language constructs. The PLanCompS project has developed an initial collection of funcons (primarily for translation of functional and imperative languages). The behaviour of each funcon is defined, once and for all, using a modular variant of structural operational semantics. The definitions are available online. This paper introduces and motivates funcons. It illustrates translation of language constructs to funcons, and how funcons are defined. It also relates funcons to notation used in previous frameworks, including monadic semantics and action semantics.Comment: 20 pages plus appendix, submitted to ISoLA 202

Animation prototyping of formal specifications

At the present time one of the key issues relating to the design of real-time systems is the specification of software requirements. It is now clear that specification correctness is an essential factor for the design and implementation of high quality software. As a result considerable emphasis is placed on producing specifications which are not only correct, but provably so. This has led to the application of mathematically-based formal specification techniques in the software life-cycle model. Unfortunately, experience in safety-critical systems has shown that specification correctness is not, in itself, sufficient. Such specifications must also be comprehensible to all involved in the system development. The topic of this thesis—Animation Prototyping—is a methodology devised to make such specifications understandable and usable. Its primary objective is to demonstrate key properties of formal specifications to non-software specialists. This it does through the use of computer-animated pictures which respond to the dictates of the formal specification. [Continues.

Constructing a tractable reasoning framework upon a fine-grained structural operational semantics

The primary focus of this thesis is the semantic gap between a fine-grained structural operational semantics and a set of rely/guarantee-style development rules. The semantic gap is bridged by considering the development rules to be a part of the same logical framework as the operational semantics, and a set of soundness proofs show that the development rules, though making development easier for a developer, do not add any extra power to the logical framework as a whole. The soundness proofs given are constructed to take advantage of the structural nature of the language and its semantics; this allows for the addition of new development rules in a modular fashion. The particular language semantics allows for very fine-grained concurrency. The language itself includes a construct for nested parallel execution of statements, and the semantics is written so that statements can interfere with each other between individual variable reads. The language also includes an atomic block construct for which the semantics is an embodiment of a form of software transactional memory. The inclusion of the atomic construct helps illustrate the inherent expressive weakness present in the rely/guarantee rules with respect to termination properties. As such, two development rules are proposed for the atomic construct, one of which has serious restrictions in its application, and another for which the termination property does not hold.EThOS - Electronic Theses Online ServiceRODIN project UK EPSRCGBUnited Kingdo

Issues in the analysis of Yoruba tone.

This thesis presents an autosegmental analysis of the tonal phonology of Yoruba. It utilizes a fully specified matrix of Yoruba tone features by contrast with recent 'underspecified-autosegmental' accounts. My contention is that, in the bid to apply tonal underspecification theory to Yoruba, my predecessors have not provided a proper account of certain processes. The work is laid out in eight chapters. Chapter One gives a general overview of the whole work. Chapter Two provides a brief introduction to Yoruba and highlights the controversial and non-controversial aspects of its tonology. The claims of autosegmental phonology and its application and relevance to Yoruba are discussed in Chapter Three. Chapters Four and Five deal with explanations of tonal processes within lexical items and across word boundaries respectively. Processes of linking, delinking, relinking, spreading, and freeing involving High, Mid and Low tones provide evidence that, whatever the diachronic facts of the Mid tone, Yoruba is still better analysed synchronically as having an underlying three-term tonal contrast. Claims relating to the hierarchical representation of tone features and the theory of tonal underspecification and proposals for the representation of multiple tone heights are examined in Chapter Six. It is also suggested that the Yoruba Mid tone is not to be seen exclusively as involving a split in either the lower or the higher register; and the analysis of the Yoruba mid tone as null or zero is challenged on the basis of the data discussed in Chapters Four and Five. I propose that, though certain instances of Yoruba mid tone may be analysed as being derived, not all cases can be explained in this manner. Finally, I propose further that a "base three" tone feature system rather than a "base two" system be adapted to suit Yoruba. Chapter Seven examines tone deletion both in the underspecified-autosegmental model and in the present analysis. It is pointed out that the analysis of tone deletion within the underspecified-autosegmental model has a number of problems, and that it is preferable to distinguish "tone deletion proper" from cases of tone lowering and tone raising. Chapter Eight, which examines a number of residual problems relating to polarity in a three-term tone system such as that of Yoruba, concludes the thesis

Network-based vehicle collision detection and simulation

Vehicle driving simulation, collision detection, and collision simulation of rigid bodies are not new in their corresponding literature, but the integration of all of these techniques is a challenging and interesting topic. Some special requirements arise when they are combined, especially when multiple vehicles, located at different places on a network, are involved in collision simulation. This thesis implements a network-based vehicle collision detection and response simulation system. This system has all the components that are required by vehicle driving simulation. It supports vehicle-to-scene and vehicle-to-vehicle collision detection and response simulation in real-time required by human-in-the-loop driving simulation. Additionally, it supports collaborative driving simulation for multiple vehicles in the same virtual environment operated from different physical locations. It provides consistent and realistic collision response for vehicles that collide. A network-based collision server is developed to accommodate vehicle-to-vehicle collision detection and response simulation. A general collision algorithm supplies consistent collision result for all collided vehicles. The method takes advantage of Open Scene Graph\u27s (OSG) built-in collision detection functionality for vehicle-to-scene collision detection. For vehicle-vehicle collision detection, a two stage process is introduced which employs a bounding circle localization technique and Cohen-Sutherland clipping. A simple but realistic vehicle-to-vehicle and vehicle-to-scene collision simulation algorithm is developed with a friction model and a modified coefficient of restitution model, based on a vehicle collision simulation algorithm presented by Macmillan. Implementation testing shows that the network-based collision simulation system can provide a real-time, realistic, and robust system in a network with relatively small time lags delay, such as a LAN, a city network, and some inter-city networks. The implementation has demonstrated support for simultaneous collision simulation with up to 32 vehicles operating at reasonable speed in local area network