Towards formal models and languages for verifiable Multi-Robot Systems

Incorrect operations of a Multi-Robot System (MRS) may not only lead to unsatisfactory results, but can also cause economic losses and threats to safety. These threats may not always be apparent, since they may arise as unforeseen consequences of the interactions between elements of the system. This call for tools and techniques that can help in providing guarantees about MRSs behaviour. We think that, whenever possible, these guarantees should be backed up by formal proofs to complement traditional approaches based on testing and simulation. We believe that tailored linguistic support to specify MRSs is a major step towards this goal. In particular, reducing the gap between typical features of an MRS and the level of abstraction of the linguistic primitives would simplify both the specification of these systems and the verification of their properties. In this work, we review different agent-oriented languages and their features; we then consider a selection of case studies of interest and implement them useing the surveyed languages. We also evaluate and compare effectiveness of the proposed solution, considering, in particular, easiness of expressing non-trivial behaviour.Comment: Changed formattin

On Global Types and Multi-Party Session

Global types are formal specifications that describe communication protocols in terms of their global interactions. We present a new, streamlined language of global types equipped with a trace-based semantics and whose features and restrictions are semantically justified. The multi-party sessions obtained projecting our global types enjoy a liveness property in addition to the traditional progress and are shown to be sound and complete with respect to the set of traces of the originating global type. Our notion of completeness is less demanding than the classical ones, allowing a multi-party session to leave out redundant traces from an underspecified global type. In addition to the technical content, we discuss some limitations of our language of global types and provide an extensive comparison with related specification languages adopted in different communities

An engine for coordination-based architectural reconfigurations

Master Course in Computing EngineeringIn service-oriented architectures (SOA), services are seen as loosely-coupled components interacting with each other via connection of their public interfaces. Such interaction follows a (coordination) protocol usually established at design-time. However, in an environment where change is the rule rather than the exception, several aspects may contribute to a need for change in the way these services interact. To perceive the consequences of applying these changes beforehand is an ultimate requirement for SOA design. The dissertation of this MSc project proposes a practical approach to model reconfigurations of service coordination patterns. Its main contributions are a language for coordination reconfiguration design and a reconfiguration engine. This project is the part of a broader research initiative aiming at formally modelling, reasoning and analysing reconfigurations of coordination patterns in the context of SOA and cloud-computing.Em arquiteturas orientadas a serviços (SOA), os serviços são vistos como componentes independentes que interagem uns com os outros através da ligação das suas interfaces públicas. Tal interação segue um protocolo (de coordenação) que normalmente é estabelecido durante o design. No entanto, num ambiente onde a mudança é a regra e não a excepção, vários factores podem contribuir para uma necessidade de alterar a forma como estes serviços interagem. Compreender as consequências da aplicação destas alterações com antecedência é uma exigência final para o desenho de uma SOA. Esta dissertação de mestrado propõe uma abordagem prática para modelar reconfigurações de padrões de coordenação de serviços. Para tal, as reconfigurações são especificadas (antes de serem aplicadas em tempo de execução) através de uma linguagem de domínio específico – ReCooPLa – que visa a manipulação de estruturas de coordenação de software, tipicamente utilizadas em SOA. Posteriormente, é apresentado um processador para a linguagem, construído de acordo com a abordagem tradicional para a construção de compiladores. Este processador inclui o parser, o analisador semântico e o tradutor. O principal resultado deste trabalho é um motor de reconfiguração, que usa as especificações ReCooPLa convenientemente traduzidas em código Java e aplica-as a estruturas de coordenação. Este projeto é parte de uma iniciativa de pesquisa mais ampla que visa modelar e analisar formalmente reconfigurações de padrões de coordenação no contexto de SOA e cloud-computing

Using formal methods to support testing

Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing

Resiliency in numerical algorithm design for extreme scale simulations

This work is based on the seminar titled ‘Resiliency in Numerical Algorithm Design for Extreme Scale Simulations’ held March 1–6, 2020, at Schloss Dagstuhl, that was attended by all the authors. Advanced supercomputing is characterized by very high computation speeds at the cost of involving an enormous amount of resources and costs. A typical large-scale computation running for 48 h on a system consuming 20 MW, as predicted for exascale systems, would consume a million kWh, corresponding to about 100k Euro in energy cost for executing 1023 floating-point operations. It is clearly unacceptable to lose the whole computation if any of the several million parallel processes fails during the execution. Moreover, if a single operation suffers from a bit-flip error, should the whole computation be declared invalid? What about the notion of reproducibility itself: should this core paradigm of science be revised and refined for results that are obtained by large-scale simulation? Naive versions of conventional resilience techniques will not scale to the exascale regime: with a main memory footprint of tens of Petabytes, synchronously writing checkpoint data all the way to background storage at frequent intervals will create intolerable overheads in runtime and energy consumption. Forecasts show that the mean time between failures could be lower than the time to recover from such a checkpoint, so that large calculations at scale might not make any progress if robust alternatives are not investigated. More advanced resilience techniques must be devised. The key may lie in exploiting both advanced system features as well as specific application knowledge. Research will face two essential questions: (1) what are the reliability requirements for a particular computation and (2) how do we best design the algorithms and software to meet these requirements? While the analysis of use cases can help understand the particular reliability requirements, the construction of remedies is currently wide open. One avenue would be to refine and improve on system- or application-level checkpointing and rollback strategies in the case an error is detected. Developers might use fault notification interfaces and flexible runtime systems to respond to node failures in an application-dependent fashion. Novel numerical algorithms or more stochastic computational approaches may be required to meet accuracy requirements in the face of undetectable soft errors. These ideas constituted an essential topic of the seminar. The goal of this Dagstuhl Seminar was to bring together a diverse group of scientists with expertise in exascale computing to discuss novel ways to make applications resilient against detected and undetected faults. In particular, participants explored the role that algorithms and applications play in the holistic approach needed to tackle this challenge. This article gathers a broad range of perspectives on the role of algorithms, applications and systems in achieving resilience for extreme scale simulations. The ultimate goal is to spark novel ideas and encourage the development of concrete solutions for achieving such resilience holistically.Peer Reviewed"Article signat per 36 autors/es: Emmanuel Agullo, Mirco Altenbernd, Hartwig Anzt, Leonardo Bautista-Gomez, Tommaso Benacchio, Luca Bonaventura, Hans-Joachim Bungartz, Sanjay Chatterjee, Florina M. Ciorba, Nathan DeBardeleben, Daniel Drzisga, Sebastian Eibl, Christian Engelmann, Wilfried N. Gansterer, Luc Giraud, Dominik G ̈oddeke, Marco Heisig, Fabienne Jezequel, Nils Kohl, Xiaoye Sherry Li, Romain Lion, Miriam Mehl, Paul Mycek, Michael Obersteiner, Enrique S. Quintana-Ortiz, Francesco Rizzi, Ulrich Rude, Martin Schulz, Fred Fung, Robert Speck, Linda Stals, Keita Teranishi, Samuel Thibault, Dominik Thonnes, Andreas Wagner and Barbara Wohlmuth"Postprint (author's final draft

Monotonic Set-Extended Prefix Rewriting and Verification of Recursive Ping-Pong Protocols

Ping-pong protocols with recursive definitions of agents, but without any active intruder, are a Turing powerful model. We show that under the environment sensitive semantics (i.e. by adding an active intruder capable of storing all exchanged messages including full analysis and synthesis of messages) some verification problems become decidable. In particular we give an algorithm to decide control state reachability, a problem related to security properties like secrecy and authenticity. The proof is via a reduction to a new prefix rewriting model called Monotonic Set-extended Prefix rewriting (MSP). We demonstrate further applicability of the introduced model by encoding a fragment of the ccp (concurrent constraint programming) language into MSP

Extending the Finite Domain Solver of GNU Prolog

International audienceThis paper describes three significant extensions for the Finite Domain solver of GNU Prolog. First, the solver now supports negative integers. Second, the solver detects and prevents integer overflows from occurring. Third, the internal representation of sparse domains has been redesigned to overcome its current limitations. The preliminary performance evaluation shows a limited slowdown factor with respect to the initial solver. This factor is widely counterbalanced by the new possibilities and the robustness of the solver. Furthermore these results are preliminary and we propose some directions to limit this overhead

Fast RFID counting under unreliable radio channels.

Sze, Wai Kit.Thesis (M.Phil.)--Chinese University of Hong Kong, 2009.Includes bibliographical references (leaves 77-83).Abstracts in English and Chinese.Abstract --- p.iAcknowledgement --- p.viChapter 1 --- Introduction --- p.1Chapter 2 --- Background and Related Work --- p.8Chapter 3 --- RFID Tag-set Cardinality estimation based on a Two-parameter implicit Channel Model --- p.13Chapter 3.1 --- System Model --- p.14Chapter 3.2 --- Number of Empty Slots Observed by the Reader --- p.16Chapter 3.3 --- Estimator Accuracy and Performance Analysis --- p.25Chapter 3.4 --- Results and Discussions --- p.32Chapter 3.5 --- Chapter Summary --- p.41Chapter 4 --- RFID Tag-set Cardinality estimation over Unknown Channel --- p.42Chapter 4.1 --- System Model --- p.43Chapter 4.2 --- Baseline: The Union-based approach --- p.45Chapter 4.2.1 --- Motivation --- p.46Chapter 4.2.2 --- Union Algorithm --- p.46Chapter 4.2.3 --- Analysis of the Union algorithm --- p.47Chapter 4.3 --- "Probabilistic Tag-counting over Lossy, Unknown channels via the Mh model" --- p.52Chapter 4.3.1 --- "Novel Interpretation of Mh for RFID Counting over Lossy, Unknown Channels" --- p.52Chapter 4.3.2 --- The Moment Estimator --- p.55Chapter 4.3.3 --- Sample Coverage Estimator --- p.57Chapter 4.3.4 --- Estimating the overall Tag population t --- p.59Chapter 4.4 --- Performance Validation and Comparison --- p.62Chapter 4.5 --- Chapter Summary --- p.65Chapter 5 --- Conclusions and Future Work --- p.73Chapter A --- Proof of Equation (3.6) in Chapter 3 --- p.75Bibliography --- p.7