Mechanizing a Process Algebra for Network Protocols

This paper presents the mechanization of a process algebra for Mobile Ad hoc Networks and Wireless Mesh Networks, and the development of a compositional framework for proving invariant properties. Mechanizing the core process algebra in Isabelle/HOL is relatively standard, but its layered structure necessitates special treatment. The control states of reactive processes, such as nodes in a network, are modelled by terms of the process algebra. We propose a technique based on these terms to streamline proofs of inductive invariance. This is not sufficient, however, to state and prove invariants that relate states across multiple processes (entire networks). To this end, we propose a novel compositional technique for lifting global invariants stated at the level of individual nodes to networks of nodes.Comment: This paper is an extended version of arXiv:1407.3519. The Isabelle/HOL source files, and a full proof document, are available in the Archive of Formal Proofs, at http://afp.sourceforge.net/entries/AWN.shtm

Towards a Mobile Temporal Logic of Actions

I would like to thank my supervisor Fred Kröger. He was willing to discuss at any time, and I could always rely on his full support. I am also thankful to him for his encouragement, especially in some of the rather dragging phases of my work. I am particularly grateful to Stephan Merz. Without his constant support and admirable patience throughout the whole period of writing I probably would not have been able to finish this thesis. I have not only benefited from his extraordinary professional competence, but have also taken advantage of his exceptional human qualities. I also would like to express my gratitude towards Martin Wirsing for providing me with a pleasant working environment by taking me into his group. He always has shown much interest in my work. The idea for the subject of this thesis was initiated by him and Stephan Merz. I feel a need to thank all my friends and my family for not leaving me alone, not even in times when I tended to be almost unbearable... I am aware that I have demanded much of you by asking to share the burden with me. Thank you for no

Safety Proofs for Automated Driving using Formal Methods

The introduction of driving automation in road vehicles can potentially reduce road traffic crashes and significantly improve road safety. Automation in road vehicles also brings other benefits such as the possibility to provide independent mobility for people who cannot and/or should not drive. Correctness of such automated driving systems (ADSs) is crucial as incorrect behaviour may have catastrophic consequences.Automated vehicles operate in complex and dynamic environments, which requires decision-making and control at different levels. The aim of such decision-making is for the vehicle to be safe at all times. Verifying safety of these systems is crucial for the commercial deployment of full autonomy in vehicles. Testing for safety is expensive, impractical, and can never guarantee the absence of errors. In contrast, formal methods, techniques that use rigorous mathematical models to build hardware and software systems, can provide mathematical proofs of the correctness of the systems.The focus of this thesis is to address some of the challenges in the safety verification of decision and control systems for automated driving. A central question here is how to establish formal methods as an efficient approach to develop a safe ADS. A key finding is the need for an integrated formal approach to prove correctness of ADS. Several formal methods to model, specify, and verify ADS are evaluated. Insights into how the evaluated methods differ in various aspects and the challenges in the respective methods are discussed. To help developers and safety experts design safe ADSs, the thesis presents modelling guidelines and methods to identify and address subtle modelling errors that might inadvertently result in proving a faulty design to be safe. To address challenges in the manual modelling process, a systematic approach to automatically obtain formal models from ADS software is presented and validated by a proof of concept. Finally, a structured approach on how to use the different formal artifacts to provide evidence for the safety argument of an ADS is shown

Dynamic Behavior Sequencing in a Hybrid Robot Architecture

Hybrid robot control architectures separate plans, coordination, and actions into separate processing layers to provide deliberative and reactive functionality. This approach promotes more complex systems that perform well in goal-oriented and dynamic environments. In various architectures, the connections and contents of the functional layers are tightly coupled so system updates and changes require major changes throughout the system. This work proposes an abstract behavior representation, a dynamic behavior hierarchy generation algorithm, and an architecture design to reduce this major change incorporation process. The behavior representation provides an abstract interface for loose coupling of behavior planning and execution components. The hierarchy generation algorithm utilizes the interface allowing dynamic sequencing of behaviors based on behavior descriptions and system objectives without knowledge of the low-level implementation or the high-level goals the behaviors achieve. This is accomplished within the proposed architecture design, which is based on the Three Layer Architecture (TLA) paradigm. The design provides functional decomposition of system components with respect to levels of abstraction and temporal complexity. The layers and components within this architecture are independent of surrounding components and are coupled only by the linking mechanisms that the individual components and layers allow. The experiments in this thesis demonstrate that the: 1) behavior representation provides an interface for describing a behavior’s functionality without restricting or dictating its actual implementation; 2) hierarchy generation algorithm utilizes the representation interface for accomplishing high-level tasks through dynamic behavior sequencing; 3) representation, control logic, and architecture design create a loose coupling, but defined link, between the planning and behavior execution layer of the hybrid architecture, which creates a system-of-systems implementation that requires minimal reprogramming for system modifications

Correctness of model-based software composition (CMC). Proceedings. ECOOP 2003 Workshop #11 in association with the 17th European Conference on Object-Oriented Programming, Darmstadt, Germany, July 22, 2003

This proceedings contains the contributions to the Workshop on Correctness of Model-based Software Composition, held in conjunction with the 17th European Conference on Object-Oriented Programming (ECOOP), Darmstadt, Germany on July 22, 2003. While most events concentrate on realisations of composition on the technological level this workshop aims at closing the gap of ensuring the intended composition result supported by the usage of models. Two important problems in composition are first how to model the different assets (such as components, features or aspects) and second the composition of assets such that consistency and correctness is guaranteed. The first problem has been addressed in the Workshop on Model-based Software Reuse (ECOOP 2002). The latter problem occurs when dealing with, e.g., component interoperability, aspect weaving, feature interaction and (on a more abstract level) traceability between different views or models. One approach to deal with the composition problem is to use models allowing to model the composition. This allows checking the interoperability of the different assets to compose, the correctness of the configuration of assets and predicting properties of the assembled system (especially compliance with user requirements). In case of problem detection suitable resolution algorithms can be applied. 10 reviewed contributions give an overview about current research directions in correctness of model-based software compositions. Results from the discussions during the workshop may be found in the ECOOP 2003 workshop reader to be published by Springer LNCS. The web page of the workshop as well as the contributions of this proceedings may be found at URL: http://ssel.vub.ac.be/workshops/ECOOP2003/ Affiliated to previous ECOOP conferences a related workshop about feature interaction (ECOOP 2001) and an additional about model-based software reuse (ECOOP 2002) have been held. Their contributions are published as technical report No. 2001-14 and as technical report No. 2002-4, respectively, at the Universitaet Karlsruhe, Fakultaet fuer Informatik. URLs: http://www.info.uni-karlsruhe.de/~pulvermu/workshops/ecoop2001/ http://www.ubka.uni-karlsruhe.de/cgi-bin/psview?document=/ira/2001/14 http://www.info.uni-karlsruhe.de/~pulvermu/workshops/ECOOP2002/ http://www.ubka.uni-karlsruhe.de/cgi-bin/psview?document=/ira/2002/4 We would like to thank the program committee for their support as well as the authors and participants for their engaged contributions. The Workshop Organisers Ragnhild Van Der Straeten, Andreas Speck, Elke Pulvermueller, Matthias Clauss, Andreas Pleus

Dynamic UNITY

Dynamic distributed systems, where a changing set of communicating processes must interoperate to accomplish particular computational tasks, are becoming extremely important. Designing and implementing these systems, and verifying the correctness of the designs and implementations, are difficult tasks. The goal of this thesis is to make these tasks easier. This thesis presents a specification language for dynamic distributed systems, based on Chandy and Misra's UNITY language. It extends the UNITY language to enable process creation, process deletion, and dynamic communication patterns. The thesis defines an execution model for systems specified in this language, which leads to a proof logic similar to that of UNITY. While extending UNITY logic to correctly handle systems with dynamic behavior, this logic retains the familiar UNITY operators and most of the proof rules associated with them. The thesis presents specifications for three example dynamic distributed systems to demonstrate the use of the specification language, and full correctness proofs for two of these systems and a partial correctness proof for the third to demonstrate the use of the proof logic. The thesis details a method for determining whether a system in the specification language can be transformed into an implementation in a standard programming language, as well as a method for performing this transformation on those specifications that can. This guarantees a correct implementation for any specification that can be so transformed