A Supervisory Control Algorithm Based on Property-Directed Reachability

We present an algorithm for synthesising a controller (supervisor) for a discrete event system (DES) based on the property-directed reachability (PDR) model checking algorithm. The discrete event systems framework is useful in both software, automation and manufacturing, as problems from those domains can be modelled as discrete supervisory control problems. As a formal framework, DES is also similar to domains for which the field of formal methods for computer science has developed techniques and tools. In this paper, we attempt to marry the two by adapting PDR to the problem of controller synthesis. The resulting algorithm takes as input a transition system with forbidden states and uncontrollable transitions, and synthesises a safe and minimally-restrictive controller, correct-by-design. We also present an implementation along with experimental results, showing that the algorithm has potential as a part of the solution to the greater effort of formal supervisory controller synthesis and verification.Comment: 16 pages; presented at Haifa Verification Conference 2017, the final publication is available at Springer via https://doi.org/10.1007/978-3-319-70389-3_

Towards Model Checking Executable UML Specifications in mCRL2

We describe a translation of a subset of executable UML (xUML) into the process algebraic specification language mCRL2. This subset includes class diagrams with class generalisations, and state machines with signal and change events. The choice of these xUML constructs is dictated by their use in the modelling of railway interlocking systems. The long-term goal is to verify safety properties of interlockings modelled in xUML using the mCRL2 and LTSmin toolsets. Initial verification of an interlocking toy example demonstrates that the safety properties of model instances depend crucially on the run-to-completion assumptions

531 new spectroscopic redshifts from the CDFS and a test on the cosmological relevance of the GOODS-South field

(Abbrev.) This paper prepares a series of papers analysing the Intermediate MAss Galaxy Evolution Sequence (IMAGES) up to z=1. Intermediate mass galaxies (MJ <=-20.3) are selected from the Chandra Deep Field South (CDFS) for which we identify a serious lack of spectroscopically determined redshifts..... We have spectroscopically identified 691 objects including 580 gal., 7 QSOs, and 104 stars. This study provides 531 new redshifts in the CDFS. It confirms the presence of several large scale structures in the CDFS. To test the impact of these structures in the GOODS-South field, we ... compare the evolution of rest-frame U, B, V and K galaxy luminosity densities to that derived from the CFRS. The CDFS field shows a significant excess of luminosity densities in the z=0.5-0.75 range, which increases with the wavelength, reaching up to 0.5 dex at 2.1 um. Stellar mass and specific star formation evolutions might be significantly affected by the presence of the peculiar large scale structures at z= 0.668 and at z= 0.735, that contain a significant excess of evolved, massive galaxies when compared to other fields. This leads to a clear warning to results based on the CDFS/GOODS South fields, especially those related to the evolution of red luminosity densities, i.e. stellar mass density and specific star formation rate. Photometric redshift techniques, when applied to that field, are producing quantities which are apparently less affected by cosmic variance (0.25 dex at 2.1 um), however at the cost of the difficulty in disentangling between evolutionary and cosmic variance effects.Comment: Accepted for publication in A&A, 19 pages, 13 figure

Open Issues on the Synthesis of Evolved Stellar Populations at Ultraviolet Wavelengths

In this paper we briefly review three topics that have motivated our (and others') investigations in recent years within the context of evolutionary population synthesis techniques. These are: The origin of the FUV up-turn in elliptical galaxies, the age-metallicity degeneracy, and the study of the mid-UV rest-frame spectra of distant red galaxies. We summarize some of our results and present a very preliminary application of a UV grid of theoretical spectra in the analysis of integrated properties of aged stellar populations. At the end, we concisely suggest how these topics can be tackled once the World Space Observatory enters into operation in the midst of this decade.Comment: 8 pages, 4 figures, accepted for publication in Astrophysics & Space Science, UV Universe special issu

Software Model Checking with Explicit Scheduler and Symbolic Threads

In many practical application domains, the software is organized into a set of threads, whose activation is exclusive and controlled by a cooperative scheduling policy: threads execute, without any interruption, until they either terminate or yield the control explicitly to the scheduler. The formal verification of such software poses significant challenges. On the one side, each thread may have infinite state space, and might call for abstraction. On the other side, the scheduling policy is often important for correctness, and an approach based on abstracting the scheduler may result in loss of precision and false positives. Unfortunately, the translation of the problem into a purely sequential software model checking problem turns out to be highly inefficient for the available technologies. We propose a software model checking technique that exploits the intrinsic structure of these programs. Each thread is translated into a separate sequential program and explored symbolically with lazy abstraction, while the overall verification is orchestrated by the direct execution of the scheduler. The approach is optimized by filtering the exploration of the scheduler with the integration of partial-order reduction. The technique, called ESST (Explicit Scheduler, Symbolic Threads) has been implemented and experimentally evaluated on a significant set of benchmarks. The results demonstrate that ESST technique is way more effective than software model checking applied to the sequentialized programs, and that partial-order reduction can lead to further performance improvements.Comment: 40 pages, 10 figures, accepted for publication in journal of logical methods in computer scienc

Formal verification of infinite-state BIP models

We propose two expressive and complementary techniques for the verification of safety properties of infinite-state BIP models. Both our techniques deal with the full BIP specification, while the existing approaches impose con- siderable restrictions: they either verify finite-state systems or they do not handle the transfer of data on the interactions and priorities. Firstly, we propose an instantiation of the ESST (Explicit Scheduler Symbolic Thread) framework to verify BIP models. The key insight is to apply symbolic reasoning to analyze the behavior of the system described by the BIP compo- nents, and an explicit-state search to analyze the behavior of the system induced by the BIP interactions and priorities. The combination of symbolic and explicit exploration techniques allow to benefit from abstraction, useful when reasoning about data, and from partial order reduction, useful to mitigate the state space explosion due to concurrency. Secondly, we propose an encoding from a BIP model into a symbolic, infinite- state transition system. This technique allows us to leverage the state of the art verification algorithms for the analysis of infinite-state systems. We implemented both techniques and we evaluated their performance against the existing approaches. The results show the effectiveness of our approaches with respect to the state of the art, and their complementarity for the analysis of safe and unsafe BIP models

LNCS

We introduce the monitoring of trace properties under assumptions. An assumption limits the space of possible traces that the monitor may encounter. An assumption may result from knowledge about the system that is being monitored, about the environment, or about another, connected monitor. We define monitorability under assumptions and study its theoretical properties. In particular, we show that for every assumption A, the boolean combinations of properties that are safe or co-safe relative to A are monitorable under A. We give several examples and constructions on how an assumption can make a non-monitorable property monitorable, and how an assumption can make a monitorable property monitorable with fewer resources, such as integer registers

Cosmological Constraints on Lorentz Violation in Electrodynamics

Infrared, optical, and ultraviolet spectropolarimetry of cosmological sources is used to constrain the pure electromagnetic sector of a general Lorentz-violating standard-model extension. The coefficients for Lorentz violation are bounded to less than 3x10^{-32}.Comment: 4 pages, accepted for publication in Physical Review Letter

Constraining the expansion rate of the Universe using low-redshift ellipticals as cosmic chronometers

We present a new methodology to determine the expansion history of the Universe analyzing the spectral properties of early type galaxies (ETG). We found that for these galaxies the 4000\AA break is a spectral feature that correlates with the relative ages of ETGs. In this paper we describe the method, explore its robustness using theoretical synthetic stellar population models, and apply it using a SDSS sample of $\sim$14 000 ETGs. Our motivation to look for a new technique has been to minimise the dependence of the cosmic chronometer method on systematic errors. In particular, as a test of our method, we derive the value of the Hubble constant $H_0 = 72.6 \pm 2.8$ (stat) $\pm2.3$ (syst) (68% confidence), which is not only fully compatible with the value derived from the Hubble key project, but also with a comparable error budget. Using the SDSS, we also derive, assuming w=constant, a value for the dark energy equation of state parameter $w = -1 \pm 0.2$ (stat) $\pm0.3$ (syst). Given the fact that the SDSS ETG sample only reaches $z \sim 0.3$, this result shows the potential of the method. In future papers we will present results using the high-redshift universe, to yield a determination of H(z) up to $z \sim 1$.Comment: 25 pages, 17 figures, JCAP accepte

Lyman Alpha Emitters at Redshift 5.7 in the COSMOS Field

We present results from a narrow-band optical survey of a contiguous area of 1.95 deg^2, covered by the Cosmic Evolution Survey (COSMOS). Both optical narrow-band (lambda_c = 8150 AA and Delta_lambda = 120 AA) and broad-band (B, V, g', r', i', and z') imaging observations were performed with the Subaru prime-focus camera, Suprime-Cam on the Subaru Telescope. We provide the largest contiguous narrow-band survey, targetting Ly alpha emitters (LAEs) at z~5.7. We find a total of 119 LAE candidates at z~5.7. Over the wide-area covered by this survey, we find no strong evidence for large scale clustering of LAEs. We estimate a star formation rate (SFR) density of ~7*10^-4 M_sun yr^-1 Mpc^-3 for LAEs at z~5.7, and compare it with previous measurements.Comment: 26 pages, 19 figures. to appear in the ApJ Supplement COSMOS Special Issu