Compositional verification and specification of refinement for reactive systems in a dense time temporal logic

Dissertation zur Erlangung des Doktorgrades der Technischen Fakultat der Christian-Albrechts-Universitat zu Kiel. Originally available in German?This thesis introduces a compostitional dense time temporal logic for the compositions and refinement of reactive systems. A reactive system is specified by a pair consisting of a machine and a condition on the computations of this machine. In order to compose reactive systems, each step in a computation has additionally composition information such as “this is a system step”, or “this is an environment step” or “this is a communication step”. By defining a merge operator that merges two steps into one step compostionality is achieved. Because a dense time temporal logic is used refinement can be expressed easily in this logic. Existing proof rules for refinement are reformulated in our formalism. The notion of relative refinement is introduced to handle refinement of systems that only under certain conditions are considered to be correct refinements. The proof rules for “normal” refinement are extended to handle relative refinement of systems. Relative refinement is used to formalize Dijkstra’s development strategy for the solution of the readers/writers problem and to formalize a development strategy for certain fault tolerant systems. This development strategy is applied to the development of a fault tolerant storage system

The systematic construction of information systems

Process modelling is a vital issue for communicating with experts of the application domain. Depending on the roles and responsibilities of the application domain experts involved, process models are discussed on different levels of abstraction. These may range from detailed regulation for process execution to the interrelation of basic core processes on a strategic level. To ensure consistency and to allow for a flexible integration of process information on different levels of abstraction, we introduce a transformational calculus that allows the incremental addition to and refinement of the information in a process model, while maintaining the validity of more abstract high level processes. A complete formal treatment of model and the calculus is given and is illustrated on a small banking example.Funding received from the UK Engineering and Physical Sciences Research Council (EPSRC) through the Research Grant GR/M/0258

Using PVS for Interval Temporal Logic proofs, part 1: The syntactic and semantic encoding

Interval temporal logic (ITL) is a logic that is used to specify and reason about systems. The logic has a powerful proof system but rather than doing proofs by hand, which is tedious and error prone, we want a tool that can check each proof step. Instead of developing a new tool we will use the existing prototype verification system (PVS) as a basic tool. The specification language of PVS is used to encode interval temporal logic semantically and syntactically. With this we can encode the ITL proof system within PVS. Several examples of proofs in ITL that are done per hand are checked with PVS.Funded by EPSRC Research Grant GR/K2592

ATOM: an object-based formal method for real-time systems

An object based formal method for the development of real-time systems, called ATOM, is presented. The method is an integration of the real-time formal technique TAM (Temporal Agent Model) with an industry-strength structured methodology known as HRT-HOOD. ATOM is a systematic formal approach based on the refinement calculus. Within ATOM, a formal specification (or abstract description statement) contains Interval Temporal Logic (ITL) description of the timing, functional, and communication behavior of the proposed real-time system. This formal specification can be analyzed and then refined into concrete statements through successive applications of sound refinement laws. Both abstract and concrete statements are allowed to freely intermix. The semantics of the concrete statements in ATOM are defined denotationally in specification-oriented style using ITL.Funding received from the UK Engineering and Physical Sciences Research Council (EPSRC) through the Research Grant GR/M/0258

A framework for analysing the effect of "change" in legacy code

We propose a sound and practical approach, based on a formal method (known as Interval Temporal Logic), to cope with “change” and analyse its effect. The approach allows us to capture a snapshot of system’s behaviour over which various interesting properties, such as liveness, timeliness and safety properties, can be validated compositionally. These properties may include invariants that are required to be valid after changes have taken place. We also present and evaluate design and implementation of a formal tool, AnaTempura, which supports the developed approach. A case study is presented to illustrate our approach and the tool.Funding received from the UK Engineering and Physical Sciences Research Council (EPSRC) through the Research Grant GR/M/0258

CCA: a calculus of context-aware ambients.

We present a process calculus, CCA, for the modelling and verification of mobile systems that are context-aware. This process calculus is built upon the calculus of mobile ambients and introduces new constructs to enable ambients and processes to be aware of the environment in which they are being executed. This results in a powerful calculus where mobility and context-awareness are first-class citizens. We present the syntax and a formal semantics of the calculus. We show that CCA can encode the -calculus, and illustrate the pragmatics of the calculus through a case study of a context-aware hospital bed

Designing a provably correct robot control system using a "lean" formal method

A development method for the construction of provably correct robot control systems together with its supporting tool environment are described. The method consists of four stages: 1. specification, 2. refinement, 3. simulation and 4. code. The method is centered around the notion of wide-spectrum formalism within which an abstract Interval Temporal Logic (ITL) representation is intermixed freely with the concrete Temporal Agent Model (TAM) representation of the system under consideration. The method with its associated tool support is applied to the design of a robot control system.Funded by EPSRC Research Grant GR/K25922: A compositional approach to the specification of systems using ITL and Tempura

Compositional modelling: The formal perspective

We provide a formal framework within which an Information System (IS) could be modelled, analysed, and verified in a compositional manner. Our work is based on Interval Temporal Logic (ITL) and its programming language subset, Tempura. This is achieved by considering IS, of an enterprise, as a class of reactive systems in which it is continually reacting to asynchronously occurring events within a given period of time. Such a reactive nature permits an enterprise to pursue its business activities to best compete with others in the market place. The technique is illustrated by applying it to a small case study from Public Service Systems (PSS).Funding received from the UK Engineering and Physical Sciences Research Council (EPSRC) through the Research Grant GR/M/0258

Proving the correctness of the interlock mechanism in processor design.

In this paper, Interval Temporal Logic (ITL) us used to specify and verify the event processor EP/3, which is a multi-threaded pipeline processor capable of executing parallel programs. We first give the high level specification of the EP/3 with emphasis on the interlock mechanism. The interlock mechanism is used in processor design especially for dealing with pipeline conflict problems. We prove that the specification satisfies certain safety and liveness properties. An advantage of ITL is that it has an executable part, i.e., we can simulate a specification before proving properties about it. This will help us to get the right specification.Nick Coleman - full name J. Nick Colema

Cytogenetical studies in five Atlantic Anguilliformes fishes

The order Anguilliformes comprises 15 families, 141 genera and 791 fish species. Eight families had at least one karyotyped species, with a prevalence of 2n = 38 chromosomes and high fundamental numbers (FN). The only exception to this pattern is the family Muraenidae, in which the eight species analyzed presented 2n = 42 chromosomes. Despite of the large number of Anguilliformes species, karyotypic reports are available for only a few representatives. In the present work, a species of Ophichthidae, Myrichthys ocellatus (2n = 38; 8m+14sm+10st+6a; FN = 70) and four species of Muraenidae, Enchelycore nigricans (2n = 42; 6m+8sm+12st+16a; FN = 68), Gymnothorax miliaris (2n = 42; 14m+18sm+10st; FN = 84), G. vicinus (2n = 42; 8m+6sm+28a; FN = 56) and Muraena pavonina (2n = 42; 6m+4sm+32a; FN = 52), collected along the Northeastern coast of Brazil and around the St Peter and St Paul Archipelago were analyzed. Typical large metacentric chromosomes were observed in all species. Conspicuous polymorphic heterochromatic regions were observed at the centromeres of most chromosomes and at single ribosomal sites. The data obtained for Ophichthidae corroborate the hypothesis of a karyotypic diversification mainly due to pericentric inversions and Robertsonian rearrangements, while the identification of constant chromosome numbers in Muraenidae (2n = 42) suggests a karyotype diversification through pericentric inversions and heterochromatin processes