Reasoning about real-time teleo-reactive programs

The teleo-reactive programming model is a high-level approach to implementing real-time control programs that react dynamically to changes in their environment. Teleo-reactive programs are particularly useful for implementing controllers in autonomous agents. In this paper we present formal techniques for reasoning about robust teleo-reactive programs.We develop a temporal logic over continuous intervals, which we use to formalise the semantics of teleo-reactive programs. To facilitate compositional reasoning about a program and its environment, we use rely/guarantee style specications. We also present several theorems for simplifying proofs of teleo-reactive programs that control goal-directed agents

Fractional permissions and non-deterministic evaluators in interval temporal logic

We propose Interval Temporal Logic as a basis for reasoning about concurrent programs with fine-grained atomicity due to the generality it provides over reasoning with standard pre/post-state relations. To simplify the semantics of parallel composition over intervals, we use fractional permissions, which allows one to ensure that conflicting reads and writes to a variable do not occur simultaneously. Using non-deterministic evaluators over intervals, we enable reasoning about the apparent states over an interval, which may differ from the actual states in the interval. The combination of Interval Temporal Logic, non-deterministic evaluators and fractional permissions results in a generic framework for reasoning about concurrent programs with fine-grained atomicity. We use our logic to develop rely/guarantee-style rules for decomposing a proof of a large system into proofs of its subcomponents, where fractional permissions are used to ensure that the behaviours of a program and its environment do not conflict

Reasoning about teleo-reactive programs under parallel composition

The teleo-reactive programming model is a high-level approach to implementing real-time controllers that react dynamically to changes in their environment. Teleo-reactive actions can be hierarchically nested, which facilitates abstraction from lower-level details. Furthermore, teleo-reactive programs can be composed using renaming, hiding, and parallelism to form new programs. In this paper, we present a framework for reasoning about safety, progress, and real-time properties of teleo-reactive programs under program composition. We use a logic that extends the duration calculus to formalise the semantics of teleo-reactive programs and to reason about their properties. We present rely/guarantee style specifications to allow compositional proofs and we consider an application of our theory by verifying a real-time controller for an industrial press

Towards reasoning about teleo-reactive programs for robust real-time systems

The teleo-reactive programming approach was developed by Nilsson for application in domains like robotics. It has a high-level programming model that allows real-time control programs to be written in a manner that allows them to react robustly to changes in the environment. In this paper we give a formalisation of the semantics of teleo-reactive programs and provide rely/guarantee rules for reasoning about them. The semantics are given in a form that partitions the behaviour of the system into its behaviour over a sequence of time intervals

Desarrollo automatizado de sistemas teleo-reactivos a partir de objetivos: un enfoque basado en componentes y dirigido por modelos

[SPA] Esta tesis doctoral se presenta bajo la modalidad de compendio de publicaciones. Está formada por un total de cuatro artículos publicados en revistas del segundo cuartil del Journal Citation Reports. El artículo “A systematic literature review of the Teleo-Reactive paradigm” ofrece una completa revisión sistemática de la literatura existente sobre el paradigma Teleo-Reactivo desde su presentación por el profesor Nils Nilsson en el año 1994. Su papel en esta tesis es el de servir de estado del arte de dicho paradigma, ofreciendo una buena perspectiva de la evolución de los sistemas Teleo-Reactivos desde su formulación hasta el presente. Para poder desarrollar sistemas Teleo-Reactivos a partir de objetivos, surgió la necesidad de especificar los requisitos de estos sistemas usando el lenguaje más apropiado. Ese es uno de los objetivos principales del artículo “A controlled experiment to evaluate the understandability of KAOS and i* for modeling Teleo-Reactive systems”. Como resultado de dicho trabajo se decidió utilizar i* dado que el experimento realizado mostró que las especificaciones realizadas con dicho lenguaje resultaban ligeramente más comprensibles que las realizadas con KAOS. Aunque i* resultaba más comprensible a la hora de especificar requisitos para sistemas Teleo-Reactivos, también presentaba ciertas debilidades. Estas debilidades han sido descritas detalladamente en el artículo “A family of experiments to evaluate the understandability of TRiStar and i* for modeling Teleo-Reactive systems”, en el que además se propone una extensión al lenguaje que permite superarlas. La extensión propuesta se denomina TRiStar y fue inicialmente presentada en [Morales15]. TRiStar ha demostrado superar los problemas de comprensibilidad identificados en i* en el modelado de sistemas Teleo-Reactivos mediante una familia de experimentos realizada con estudiantes de últimos cursos de grado y con desarrolladores software experimentados, cuyos resultados se exponen exhaustivamente en el artículo mencionado. En él se describe, además, un mecanismo que permite obtener mediante transformación de modelos el programa Teleo-Reactivo equivalente a un diagrama TRiStar dado. TRiStar permite, por lo tanto, partiendo de los objetivos de un sistema Teleo-Reactivo obtener un diagrama que especifique su comportamiento. Ese diagrama puede ser transformado en un programa Teleo-Reactivo equivalente. Y siguiendo las transformaciones descritas en “From Teleo-Reactive specifications to architectural components: a model-driven approach” se puede obtener a partir del programa Teleo-Reactivo el modelo de componentes y la máquina de estados que describe el comportamiento de cada uno de esos componentes. Con estos elementos y usando un framework como el descrito en [Iborra09] se cerraría el proceso de desarrollo del sistema Teleo-Reactivo. Como resultado de las investigaciones realizadas en el transcurso de esta tesis, y aunque no forma parte del compendio, hay un quinto artículo [Sánchez16] que está en segunda revisión en el Journal of Systems and Software en el que se estudian las posibilidades de introducir requisitos de tiempo real cuando se sigue el enfoque Teleo-Reactivo desde el modelado a la implementación de un sistema. Tras realizar un estudio del tipo de restricciones temporales que se pueden imponer desde el punto de vista Teleo-Reactivo, se considera la posibilidad de utilizar TeleoR [Clark14] para incorporar dichas restricciones y se proponene una serie de extensiones a TRiStar para permitir representar requisitos temporales. Estas extensiones dan lugar a lo que hemos llamado TRiStar+. [ENG] This doctoral dissertation has been presented in the form of thesis by publication. It is comprised of four articles indexed in the second quartile of the Journal Citation Reports. The article “A systematic literature review of the Teleo-Reactive paradigm” offers a complete systematic review of the existing literature on the Teleo-Reactive paradigm since Prof. Nils Nilsson presented it in 1994. It plays the role of state of the art of that paradigm, showing a perspective of the evolution of Teleo-Reactive systems from their formulation to present time. In order to develop Teleo-Reactive systems starting from its goals, there is the need of specifying the requirements of these systems using the most adequate language. That is one of the main objectives of the article “A controlled experiment to evaluate the understandability of KAOS and i* for modeling Teleo-Reactive systems”. As a result, we decided to use i* because the experiment showed that i* specifications where slightly more understandable than those made using KAOS. Although i* was more understandable when specifying requirements for Teleo-Reactive systems, the experiment also showed some shortcomings. These shortcomings have been deeply described in the article “A family of experiments to evaluate the understandability of TRiStar and i* for modeling Teleo-Reactive systems”. In this article, an extension to i* is proposed in order to overcome the identified limitations. The proposed extension is named TRiStar and was initially presented at [Morales15]. TRiStar has shown to be more understandable than i* when modeling Teleo-Reactive systems through a family of experiments done with last year students and experienced software developers, whose results are described in the aforementioned article. In that article, a mechanism to obtain a Teleo-Reactive program starting from a TRiStar diagram is also described. Therefore, TRiStar allows obtaining a diagram which specifies the behavior of a Teleo-Reactive system starting from its goals. That diagram can be transformed into an equivalent Teleo-Reactive program. Then, following the transformations described in “From Teleo-Reactive specifications to architectural components: a model-driven approach”, a component model and the state machine describing the behavior of each of those components can be obtained. With these elements and using a framework as that described in [Iborra09], the development process of the Teleo-Reactive system would be finished. As a result of the research carried out during this dissertation there is another article, which is not comprised in the compilation, in second revision at the Journal of Systems and Software [Sánchez16]. In that article, after making a study of the type of timing constraints from the TR perspective, we consider the possibility of using TeleoR [Clark14] for incorporating such constraints. Some extensions on TRiStar notation are proposed to represent temporal requirements. Those extensions have been named TRiStar+.[ENG] This doctoral dissertation has been presented in the form of thesis by publication. It is comprised of four articles indexed in the second quartile of the Journal Citation Reports. The article “A systematic literature review of the Teleo-Reactive paradigm” offers a complete systematic review of the existing literature on the Teleo-Reactive paradigm since Prof. Nils Nilsson presented it in 1994. It plays the role of state of the art of that paradigm, showing a perspective of the evolution of Teleo-Reactive systems from their formulation to present time. In order to develop Teleo-Reactive systems starting from its goals, there is the need of specifying the requirements of these systems using the most adequate language. That is one of the main objectives of the article “A controlled experiment to evaluate the understandability of KAOS and i* for modeling Teleo-Reactive systems”. As a result, we decided to use i* because the experiment showed that i* specifications where slightly more understandable than those made using KAOS. Although i* was more understandable when specifying requirements for Teleo-Reactive systems, the experiment also showed some shortcomings. These shortcomings have been deeply described in the article “A family of experiments to evaluate the understandability of TRiStar and i* for modeling Teleo-Reactive systems”. In this article, an extension to i* is proposed in order to overcome the identified limitations. The proposed extension is named TRiStar and was initially presented at [Morales15]. TRiStar has shown to be more understandable than i* when modeling Teleo-Reactive systems through a family of experiments done with last year students and experienced software developers, whose results are described in the aforementioned article. In that article, a mechanism to obtain a Teleo-Reactive program starting from a TRiStar diagram is also described. Therefore, TRiStar allows obtaining a diagram which specifies the behavior of a Teleo-Reactive system starting from its goals. That diagram can be transformed into an equivalent Teleo-Reactive program. Then, following the transformations described in “From Teleo-Reactive specifications to architectural components: a model-driven approach”, a component model and the state machine describing the behavior of each of those components can be obtained. With these elements and using a framework as that described in [Iborra09], the development process of the Teleo-Reactive system would be finished. As a result of the research carried out during this dissertation there is another article, which is not comprised in the compilation, in second revision at the Journal of Systems and Software [Sánchez16]. In that article, after making a study of the type of timing constraints from the TR perspective, we consider the possibility of using TeleoR [Clark14] for incorporating such constraints. Some extensions on TRiStar notation are proposed to represent temporal requirements. Those extensions have been named TRiStar+.Universidad Politécnica de CartagenaPrograma Oficial de Doctorado en Tecnologías de la Información y Comunicacione