A flexible approach for finding optimal paths with minimal conflicts

This research is supported by EPSRC grant EP/M014290/1.Complex systems are usually modelled through a combination of structural and behavioural models, where separate behavioural models make it easier to design and understand partial behaviour. When partial models are combined, we need to guarantee that they are consistent, and several automated techniques have been developed to check this. We argue that in some cases it is impossible to guarantee total consistency, and instead we want to find execution paths across such models with minimal conflicts with respect to a certain metric of interest. We present an efficient and scalable solution to find optimal paths through a combination of the theorem prover Isabelle with the constraint solver Z3. Our approach has been inspired by a healthcare problem, namely how to detect conflicts between medications taken by patients with multiple chronic conditions, and how to find preferable alternatives automatically.Postprin

Mind the gap : addressing behavioural inconsistencies with formal methods

In complex system design, it is important to construct several design models focusing on different aspects of a system to gain a better understanding of individual component structure and behaviour. Scenarios of execution are commonly used to specify partial behaviour and interactions between a group of system objects or components. However, partial specifications may hide inconsistencies or an otherwise unintentionally incomplete or underspecified behavioural model. This paper proposes a new powerful technique combining constraint solvers and theorem provers to complete partial specifications and determine overall model inconsistencies. We use a true-concurrent model, namely labelled event structures, which can be used as the underlying semantics of widely used work flow or scenario-based languages. We show how an interplay between the theorem prover Isabelle and constraint solver Z3 can be used for detecting and solving partial specifications and inconsistencies over event structures.Postprin

An integrated framework for verifying multiple care pathways

Common chronic conditions are routinely treated following standardised procedures known as clinical pathways. For patients suffering from two or more chronic conditions, referred to as multimorbidities, several pathways have to be applied simultaneously. However, since pathways rarely consider the presence of comorbidities, applying several pathways may lead to potentially harmful (medication) conflicts. This paper proposes an automated framework to detect, highlight and resolve conflicts in the treatments used for patients with multimorbidites. We use BPMN as a modelling language for capturing care guidelines. A BPMN model is transformed into an intermediate formal model capturing the possible unfoldings of the pathway. Through a combination of the constraint solver Z3 and the theorem prover Isabelle, we check the correctness of combined treatment plans. We illustrate the approach with an example from the medical domain and discuss future work.Postprin

Basic first-order model theory in Mizar

The author has submitted to Mizar Mathematical Library a series of five articles introducing a framework for the formalization of classical first-order model theory.In them, Goedel's completeness and Lowenheim-Skolem theorems have also been formalized for the countable case, to offer a first application of it and to showcase its utility.This is an overview and commentary on some key aspects of this setup.It features exposition and discussion of a new encoding of basic definitions and theoretical gears needed for the task, remarks about the design strategies and approaches adopted in their implementation, and more general reflections about proof checking induced by the work done

Custom automations in Mizar

The central aim of the Mizar project is to produce strictly formalized mathematical statements with mechanically certified proofs. When writing a Mizar formalization, a significant amount of the user’s time typically goes into browsing the Mizar Mathematical Library (MML) for the already-proved results he needs. Here a few techniques to reduce this time are illustrated

A formally verified SMT approach to true concurrency

Funding: This research is supported by MRC grant MR/S003819/1 and Health Data Research UK, an initiative funded by UK Research and Innovation, Department of Healthand Social Care (England) and the devolved administrations, and leading medical research charitiesMany problems related to distributed and parallel systems, such as scheduling and optimisation, are computationally hard, thereby justifying the adoption of SMT solvers. The latter provide standard arithmetic as interpreted functions, naturally leading to express concurrent executions as a linearly-ordered sequentialisation (or interleaving) of events, which have an obvious correspondence with integer segments and therefore permit to take advantage of such arithmetical capabilities. However, there are alternative semantic approaches (also known as true concurrent) not imposing the extra step of interleaving events, which brings the question of how to computationally exploit SMT solvers inthese approaches. This paper presents a solution to this problem, and introduces a metric, made possible by adopting a true concurrent paradigm, which relates mutually distinct solutions of a family of distributed optimisation problems. We also contribute an original, computational definition of degree of parallelism, which we compare with the existing ones. Finally,we use theorem proving to formally certify a basic correctness property of our true concurrent approach.Publisher PD

Correct composition in the presence of behavioural conflicts and dephasing

Funding: UK EPSRC grant EP/M014290/1, MRC grant MR/S003819/1, and Health Data Research UK, an initiative funded by UK Research and Innovation, Department of Health and Social Care (England) and the devolved administrations, and leading medical research charities.Scenarios of execution are commonly used to specify partial behaviour and interactions between different objects and components in a system. To avoid overall inconsistency in specifications, various automated methods have emerged in the literature to compose scenario-based models. In recent work, we have shown how the theorem prover Isabelle/HOL can be combined with an SMT solver to detect inconsistencies between sequence diagrams and, only in their absence, generate the behavioural composition. In this paper, we exploit this combination further and present an efficient approach that generates all valid composed traces giving us an equivalent representation of the conflict-free valid composed model. In addition, we show a novel way to prove the correctness of the computed results, and compare this method with the implementation and verification done within Isabelle alone. To reduce the complexity of our technique, we consider priority constraints and a notion of dephased models, i.e., models which start execution at different times. This work has been inspired by a problem from a medical domain where different clinical guidelines for chronic conditions may be applied to the same patient at different points in time. We illustrate the approach with a realistic example from this domain.PostprintPeer reviewe