Refinement of communication and states in models of embedded systems

This thesis addresses two particular issues related to the design of embedded systems; namely, refinement of communication and refinement of states. The refinement of communication deals with the issue of implementing a synchronous system in an asynchronous way such that two systems are behaviourally equivalent. As a result, correctness of an asynchronous system can be achieved by establishing correctness on its synchronous version, which is computationally cheaper than analysing the latter. The research objective was to find conditions that ensure the addition of buffers do not modify the behaviour of a given synchronous system. We show that it is possible to obtain better desynchronisability conditions (even for finer equivalence like branching bisimulation) by changing the properties of the communication protocol. This is in contrast with the previous works where the focus was only on restricting the communicating components. The refinement of states deals with the stepwise development of hybrid systems. Such a concept was absent in the Compositional Interchange Format (CIF), a modelling language for embedded systems based on hybrid automata and some process algebraic operators. The research objective was to develop a compositional operational semantics of CIF with hierarchy (HCIF). We show that by referring only to the transition system of the substructures (not to their syntactic representation), the semantics of HCIF operators is almost unchanged with respect to their CIF versions. Furthermore, a definition to eliminate hierarchy in a HCIF model is presented. As a result, the existing simulation tools and the transformation tools to other timed or hybrid languages can be reused upon the elimination of hierarchy from a HCIF model

On path-based coalgebras and weak notions of bisimulation

It is well known that the theory of coalgebras provides an abstract definition of behavioural equivalence that coincides with strong bisimulation across a wide variety of state-based systems. Unfortunately, the theory in the presence of so-called silent actions is not yet fully developed. In this paper, we give a coalgebraic characterisation of branching (delay) bisimulation in the context of labelled transition systems (fully probabilistic systems). It is shown that recording executions (up to a notion of stuttering), rather than the set of successor states, from a state is sufficient to characterise the respected bisimulation relations in both cases

Avoiding diamonds in desynchronisation

The design of concurrent systems often assumes synchronous communication between different parts of a system. When system components are physically apart, this assumption becomes inappropriate. Desynchronisation is a technique that aims to implement a synchronous design in an asynchronous manner by placing buffers between the components of the synchronous design. When queues are used as buffers, the so-called ‘diamond property’ (among others) ensures correct operation of the desynchronised design. However, this property is difficult to establish in practice. In this paper, we give sufficient and necessary conditions under which a concrete synchronous design (i.e., without the unobservable action) is equivalent to an asynchronous design and formally prove that the diamond property is no longer needed for desynchronisation when half-duplex queues are used as a communication buffer. Furthermore, we discuss how the half-duplex condition can be further relaxed when the diamond property can be partially guaranteed. To illustrate how this theory may be applied, we desynchronise the synchronous systems that are synthesised using supervisory control theory

A coalgebraic treatment of conditional transition systems with upgrades

We consider conditional transition systems, that model software product lines with upgrades, in a coalgebraic setting. By using Birkhoff's duality for distributive lattices, we derive two equivalent Kleisli categories in which these coalgebras live: Kleisli categories based on the reader and on the so-called lattice monad over Poset. We study two different functors describing the branching type of the coalgebra and investigate the resulting behavioural equivalence. Furthermore we show how an existing algorithm for coalgebra minimisation can be instantiated to derive behavioural equivalences in this setting

A Process Algebra for Supervisory Coordination

A supervisory controller controls and coordinates the behavior of different components of a complex machine by observing their discrete behaviour. Supervisory control theory studies automated synthesis of controller models, known as supervisors, based on formal models of the machine components and a formalization of the requirements. Subsequently, code generation can be used to implement this supervisor in software, on a PLC, or embedded microprocessor. In this article, we take a closer look at the control loop that couples the supervisory controller and the machine. We model both event-based and state-based observations using process algebra and bisimulation-based semantics. The main application area of supervisory control that we consider is coordination, referred to as supervisory coordination, and we give an academic and an industrial example, discussing the process-theoretic concepts employed.Comment: In Proceedings PACO 2011, arXiv:1108.145

Family-Based Model Checking with mCRL2

\u3cp\u3eFamily-based model checking targets the simultaneous verfication of multiple system variants, a technique to handle feature-based variability that is intrinsic to software product lines (SPLs). We present an approach for family-based verification based on the feature μ-calculus μL\u3csub\u3ef\u3c/sub\u3e, which combines modalities with feature expressions. This logic is interpreted over featured transition systems, a well-accepted model of SPLs, which allows one to reason over the collective behavior of a number of variants (a family of products). Via an embedding into the modal μ-calculus with data, underpinned by the general-purpose mCRL2 toolset, off-the-shelf tool support for μLf becomes readily available. We illustrate the feasibility of our approach on an SPL benchmark model and show the runtime improvement that family-based model checking with mCRL2 offers with respect to model checking the benchmark product-by-product.\u3c/p\u3

ACE (I/D) polymorphism and response to treatment in coronary artery disease: a comprehensive database and meta-analysis involving study quality evaluation

<p>Abstract</p> <p>Background</p> <p>The role of angiotensin-converting enzyme (<it>ACE</it>) gene insertion/deletion (<it>I/D</it>) polymorphism in modifying the response to treatment modalities in coronary artery disease is controversial.</p> <p>Methods</p> <p>PubMed was searched and a database of 58 studies with detailed information regarding <it>ACE I/D </it>polymorphism and response to treatment in coronary artery disease was created. Eligible studies were synthesized using meta-analysis methods, including cumulative meta-analysis. Heterogeneity and study quality issues were explored.</p> <p>Results</p> <p>Forty studies involved invasive treatments (coronary angioplasty or coronary artery by-pass grafting) and 18 used conservative treatment options (including anti-hypertensive drugs, lipid lowering therapy and cardiac rehabilitation procedures). Clinical outcomes were investigated by 11 studies, while 47 studies focused on surrogate endpoints. The most studied outcome was the restenosis following coronary angioplasty (34 studies). Heterogeneity among studies (p < 0.01) was revealed and the risk of restenosis following balloon angioplasty was significant under an additive model: the random effects odds ratio was 1.42 (95% confidence interval:1.07–1.91). Cumulative meta-analysis showed a trend of association as information accumulates. The results were affected by population origin and study quality criteria. The meta-analyses for the risk of restenosis following stent angioplasty or after angioplasty and treatment with angiotensin-converting enzyme inhibitors produced non-significant results. The allele contrast random effects odds ratios with the 95% confidence intervals were 1.04(0.92–1.16) and 1.10(0.81–1.48), respectively. Regarding the effect of <it>ACE I/D </it>polymorphism on the response to treatment for the rest outcomes (coronary events, endothelial dysfunction, left ventricular remodeling, progression/regression of atherosclerosis), individual studies showed significance; however, results were discrepant and inconsistent.</p> <p>Conclusion</p> <p>In view of available evidence, genetic testing of <it>ACE I/D </it>polymorphism prior to clinical decision making is not currently justified. The relation between <it>ACE </it>genetic variation and response to treatment in CAD remains an unresolved issue. The results of long-term and properly designed prospective studies hold the promise for pharmacogenetically tailored therapy in CAD.</p

Desynchronisability of (partial) closed loop systems

The task of implementing supervisory controllers is non-trivial, even though there are different theories that allow automatic synthesis of such controllers in the form of automata. One of the reasons for this discord, is the asynchronous interaction between a plant and its controller in implementations, whereas the existing supervisory control theories assume synchronous interaction. As a consequence the implementation suffers from the so-called inexact synchronization problem. To address this issue, we find sufficient conditions under which a synchronous closed loop system is branching bisimilar to its corresponding asynchronous closed loop system. Furthermore, we extend this result to include interaction of plant or supervisor with its environment