Foundations and techniques for software reconfigurability

Programa de doutoramento em Informática das Universidades do Minho, de Aveiro e do PortoThe qualifier reconfigurable is used for software systems which behave differently in different modes of operation (often called configurations) and commute between them along their lifetime. Such systems, which evolve in response to external or internal stimulus, are everywhere: from e-Health or e-Government integrated services to sensor networks, from domestic appliances to complex systems distributed and collaborating over the web, from safety or mission-critical applications to massive parallel software. There are two basic approaches to formally capture requirements of this sort of systems: one emphasizes behaviour and its evolution; the other focus on data and their transformations. Within the first paradigm, reconfigurable systems are regarded as (some variant of) state-machines whose states correspond to the different configurations they may assume. On the other hand, in data-oriented approaches the system’s functionality is specified in terms of input-output relations modelling operations on data. A specification presents a theory in a suitable logic, expressed over a signature which captures its syntactic interface. Its semantics is a class of concrete algebras or relational structures, acting as models for the specified theory. The observation that whatever services a reconfigurable system may offer, at each moment, may depend on the stage of its evolution, suggests that both dimensions (data and behaviour) are interconnected and should be combined. In particular, each node in the transition system which describes a reconfiguration space, may be endowed with a local structure modelling the functionality of the respective configuration. This is the basic insight of a configurations-as-local-models specification style. These specifications are modeled by structured state-machines, states denoting complex structures, rather than sets. A specification for this sort of system should be able to make assertions both about the transition dynamics and, locally, about each particular configuration. This leads to the adoption of hybrid logic, which adds to the modal description of transition structures the ability to refer to specific states, as the lingua franca for a suitable specification method. On the other hand, specific applications may require specific logics to describe their configurations. For example, requirements expressed equationally lead to a configurations-as-algebras perspective. But depending on their nature one could also naturally end up in configurations-as-relational-structutres, or probabilistic spaces or even in configurations-as-Kripke-structutres, if first-order, fuzzy or modal logic is locally used. The aim of this thesis is to develop the foundations for a specification method based on these principles. To subsume all the possibilities above our approach builds on very general grounds. Therefore, instead of committing to a particular version of hybrid logic, we start by choosing a specific logic for expressing requirements at the configuration (static) level. This is later taken as the base logic on top of which the characteristic features of hybrid logic, both at the level of syntax (i.e. modalities, nominals, etc.) and of the semantics (i.e. possible worlds), are developed. This process is called hybridisation and is one of the main technical contributions of this thesis. To be completely general, it is framed in the context of the theory of institutions of J. Goguen and R. Burstall, each logic (base and hybridised) being treated abstractly as an institution. In this setting the thesis’ contributions are the following: A method to hybridise arbitrary institutions; this can be understood as a source of logics to support arbitrary configurations-as-local-models specifications. A method to lift encodings (technically, comorphisms) from an institution to a presentation in first-order logic, into encodings from its hybridisation to a presentation in first-order logic; this result paves the way to the introduction of suitable automatised proof support for a wide range of hybridised logics. Suitable characterisations of bisimulation and refinement for models of (generic) hybridisations, which provide canonical, satisfaction preserving relations to identify and relate models. A two-stage specification method for reconfigurable systems based on a global transition structure to capture the system’s reconfiguration space, and a local specification of configurations in whatever logic is found expressive enough for the requirements at hands. A set of additional technics to assist the process of specifying and verifying requirements for reconfigurable systems, with partial tool support.O termo reconfigurável é usado para sistemas de software que se comportam de forma diferente em diferentes modos de operação (frequentemente chamados de configurações) comutando entre eles, ao longo do seu ciclo de vida. Estes sistemas, que evoluem em resposta a estímulos externos e internos, estão por toda a parte, desde sistemas de e-Health ou sistemas integrados de e-Governement, às redes de sensores, das aplicações domésticas aos complexos sistemas distribuidos, dos sistemas críticos de missão ao software de computação paralela. Existem duas abordagens formais para captar requisitos deste tipo de sistemas: uma focada no comportamento e evolução; e outra focada nos dados e respectivas transformações. Segundo o primeiro paradigma, os sistemas reconfiguráveis são abordados por (alguma variante) de máquinas-de-estados, correspondendo, cada um dos seus estados, a uma configuração que o sistema possa assumir. A outra abordagem, orientada aos dados, especifica as funcionalidades do sistema em função de relações de input-output, que modelam operações nos dados. Uma especificação apresenta uma teoria numa lógica adequada, expressa sobre uma assinatura que capta a sua interface sintática. A sua semântica consiste na classe de álgebras, ou estruturas de primeira ordem, que modelam a teoria especificada. A observação de que, a cada momento, os serviços oferecidos por um sistema reconfigurável possam depender do estado da sua evolução, sugere-nos que ambas as dimensões (dados e comportamento) estejam interligados e devam ser combinados. Em particular, cada nó do sistema de transição, que descreve o espaço de reconfigurabilidade, pode ser dotado de uma estrutura local onde as funcionalidades do sistema, na respectiva configuração, são modeladas. Esta é a ideia base da especificação configurações-como-modeloslocais. Tecnicamente, as especificações são modeladas por máquinas de estados estruturadas, onde cada estado denota uma estrutura complexa, ao invés de um conjunto. Uma especificação para este tipo de sistemas deve ser adequada à expressão de asserções acerca da dinâmica de transições, assim como, ao nível local de cada configuração particular. Isto leva-nos à adopção de lógica híbrida, que adiciona, mecanismos para referir estados específicos à expressividade modal dos sistemas de transição, como lingua franca para um método adequado de especificação. Por outro lado, aplicações podem requerer lógicas específicas para descrever as suas configurações. Por exemplo, requisitos expressos por equações devem ser modelados numa perspectiva configurações-como-álgebras. Dependendo da sua natureza, podemos considerar configurações-como-estruturas de primeira ordem, ou configurações-como-espaços probabilísticos ou mesmo configurações-como-estruturas de Kripke quando usadas, localmente, lógica de primeira ordem, lógica fuzzy, ou lógica modal respectivamente. O objectivo da tese é desenvolver os fundamentos para um método de especificação baseado nestes princípios. Por forma a acomodar todas estas possibilidades, a abordagem é desenvolvida sob fundamentos muito genéricos. Ao invés de comprometer a abordagem com uma lógica híbrida particular, partimos da escolha da lógica específica para especificar requisitos ao nível (estáctico) local. Esta lógica é então tomada como lógica de base, sobre a qual os mecanismos da lógica híbrida, tanto ao nível sintáctico (i.e., modalidades, nominais, etc.) como ao semântico (i.e., mundos possíveis), são desenvolvidos. Este processo, que chamamos de hibridização, é uma das principais contribuições técnicas da tese. A generalidade do método resulta do seu desenvolvimento no contexto da teoria das instituições de J. Goguen e R. Burstall. As peincipais contribuições da tese são: • um método para hibridizar instituições arbitrárias; o que pode ser entendido como uma fonte de lógicas para suportar especificações configurações- como-modelos-locais arbitrárias • um método para transportar codificações de uma instituição nas apresentações de primeira ordem (tecnicamente comorfismos), em codificações da sua hibridização em apresentações em primeira ordem; este resultado abre o caminho para a introdução do suporte de prova automático para uma ampla classe de lógicas híbridas; • caracterização de relações de bissimulação e de refinamento para modelos de hibridizações genéricas. Isto oferece relações canónicas, que preservam satisfação, para identificar e relacionar modelos; • um método de especificação para sistemas reconfiguráveis com dois estágios, baseado numa estrutura de transição global, onde o espaço de reconfigurações do sistema é modelado; e numa especificação local das configurações expressa numa lógica escolhida como adequada, aos requisitos a tratar; • um conjunto de técnicas adicionais para assistir o processo de especificação e de verificação de requisitos de sistemas reconfiguráveis com suporte parcial de ferramentas.Fundação para a Ciência e Tecnologia (FCT) and Critical Software S.A., under BDE grant under the contract SFRH/BDE/33650/2009 and by the MONDRIAN Project (FCT) under the contract PTDC/EIA-CCO/108302/2008

Abordagem algébrica à igualdade observacional

Mestrado em MatemáticaA especificação algébrica de sistemas de software é um importante tópico dos denominados métodos formais de desenvolvimento de software. Neste contexto, modelam-se programas por álgebras e as suas computações por termos, recorrendo-se aos resultados da Álgebra Universal e da Lógica, como ferramentas de verificação e apoio ao processo de implementação. Em grande parte dos trabalhos sobre o tema presentes na literatura, usa-se a Lógica Equacional como lógica de suporte a estes processos. Contudo, esta lógica mostra-se limitada para a especificação de programas Orientados a Objectos, nomeadamente na especificação de programas com dados encapsulados. A separação entre os aspectos internos e externos do sistema induz uma nova perspectiva do conceito de modelação, segundo a qual, um objecto se considera como sendo uma realização correcta do sistema, se satisfaz os seus requisitos observacionalmente, isto é, se os resultados das computações sobre si executadas satisfazem esses requisitos, podendo não os satisfazer em sentido estrito. Seguindo esta linha de ideias, dois objectos de software são considerados equivalentes quando se comportam da mesma forma perante todas as possíveis computações. Este paradigma é denominado por Abordagem Observacional de Sistemas. Uma forma de adequar a Lógica Equacional a esta abordagem, é pela substituição da igualdade estrita pela relação de Igualdade Observacional, segundo a qual dois elementos se consideram iguais quando se comportam da mesma forma perante qualquer computação, isto é, se produzem os mesmos outputs perante as mesmas computações. Neste trabalho estuda-se a abordagem observacional de sistemas segundo diferentes grupos de investigação, com especial atenção aos trabalhos da Lógica Escondida (por Goguen-Rosu), Lógica Comportamental e Observacional (por Bidoit-Hennicker) e da Lógica Algébrica (por Pigozzi- Martins). Um ponto central do texto é a generalização do processo de desenvolvimento de software por Refinamento Passo-a-Passo a este paradigma. Aprofundam-se aqui algumas variantes deste tópico, incluindo o caso onde se admitem encapsulamentos e desencapsulamentos de dados durante o processo de refinamento. Numa primeira fase do texto o assunto é apresentado ao nível mais geral das especificações algébricas estruturadas (e não exclusivamente do caso das especificações flat) e das igualdades comportamentais (congruências parciais arbitrárias). ABSTRACT: The algebraic specification of software systems is an important topic of socalled formal methods of software development. In this context, programmes are modelled by algebras and computations executed over them by terms, using up the results from Universal Algebra and Logic, as verification and support tools for the implementation process. In a large majority of the works about this subject, it uses the Equational Logic as support logic for these processes. However, this logic is too restrictive for the specification of objectoriented programs, namely, in the programs specification with encapsulated data. The split between the internal and external aspects of the system, induces a new perspective of the modelling concept, whereby an object is considered a correct realization of the system if satisfies observationally their requirements, that is, if the results of computations over it executed satisfies these requirements and being able not to satisfy them in the strict sense. Following this principle, two software objects are considered equivalent when behave the same way at all possible computations. This paradigm is called Observational Approach of Systems. One way to adjust the Equational Logic to the observational approach is by replacing the strict equality by the relation of Observational Equality, according to which two elements are considered equal when behave the same way at the same computations, i.e., if they produce the same outputs before the same computations. We follow this approach according to different research groups, with special attention to the work of Behavioural and Observational Logic (by Bidoit- Hennicker), the Hidden Logic (by Goguen-Rosu) and Abstract Algebraic Logic (by Pigozzi-Martins). A central point of the text is the generalization of the software development process by stepwise refinement to this paradigm. Here some variants of this topic are explored including the case where encapsulated and desencapsulated data are allowed during the refinement process. In a first stage of the text, the subject is presented to a more general level of structured specifications (and not exclusively the case of flat specifications) and the Behavioural Equalities (arbitrary partial congruence)

On kleene algebras for weighted computation

Kleene algebra with tests (KAT) was introduced as an alge- braic structure to model and reason about classic imperative programs, i.e. sequences of discrete actions guarded by Boolean tests. This paper introduces two generalisations of this structure able to ex- press programs as weighted transitions and tests with outcomes in a not necessary bivalent truth space, namely graded Kleene algebra with tests (GKAT) and Heyting Kleene algebra with tests (HKAT). On these contexts, in analogy to Kozen's encoding of Propositional Hoare Logic (PHL) in KAT [10], we discuss the encoding of a graded PHL in HKAT and of its while-free fragment in GKAT.This work is financed by the ERDF - European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation - COMPETE 2020 Programme and by National Funds through the Portuguese funding agency, FCT - Fundacao para a Ciencia e a Tecnologia, within projects POCI-01-0145-FEDER-016692 and UID/MAT/04106/2013. The second author is also supported by the individual grant SFRH/BPD/103004/2014

A semantics and a logic for Fuzzy Arden Syntax

Fuzzy programming languages, such as the Fuzzy Arden Syntax (FAS), are used to describe behaviours which evolve in a fuzzy way and thus cannot be characterized neither by a Boolean outcome nor by a probability distribution. This paper introduces a semantics for FAS, focusing on the weighted parallel interpretation of its conditional statement. The proposed construction is based on the notion of a fuzzy multirelation which associates with each state in a program a fuzzy set of weighted possible evolutions. The latter is parametric on a residuated lattice which models the underlying semantic ‘truth space’. Finally, a family of dynamic logics, equally parametric on the residuated lattice, is introduced to reason about FAS programsThis work was founded by the ERDF — European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation — COMPETE 2020 Pro gramme and by National Funds through the Portuguese funding agency, FCT — Fundação para a Ciência e a Tecnologia, within projects POCI-01-0145-FEDER-030947and POCI-01-0145-FEDER-02994

Refinement in hybridised institutions

Hybrid logics, which add to the modal description of transition structures the ability to refer to specific states, offer a generic framework to approach the specification and design of reconfigurable systems, i.e., systems with reconfiguration mechanisms governing the dynamic evolution of their execution configurations in response to both external stimuli or internal performance measures. A formal representation of such systems is through transition structures whose states correspond to the different configurations they may adopt. Therefore, each node is endowed with, for example, an algebra, or a first-order structure, to precisely characterise the semantics of the services provided in the corresponding configuration. This paper characterises equivalence and refinement for these sorts of models in a way which is independent of (or parametric on) whatever logic (propositional, equational, fuzzy, etc) is found appropriate to describe the local configurations. A Hennessy–Milner like theorem is proved for hybridised logics.This work is funded by ERDF-European Regional Development Fund, through the COMPETE Programme, and by National Funds through FCT within project FCOMP-01-0124-FEDER-028923 and by project NORTE-07-0124-FEDER-000060, co-financed by the North Portugal Regional Operational Programme (ON.2), under the National Strategic Reference Framework (NSRF), through the European Regional Development Fund (ERDF). The work had also partial financial assistance by the project PEst-OE/MAT/UI4106/2014 at CIDMA, FCOMP-01-0124-FEDER-037281 at INESC TEC and the Marie Curie project FP7-PEOPLE-2012-IRSES (GetFun)

Dynamic logic with binders and its application to the development of reactive systems

Publicado em "Theoretical aspects of computing - ICTAC 2016: 13th International Colloquium, Taipei, Taiwan, ROC, October 24–31, 2016, Proceedings". ISBN 978-3-319-46749-8This paper introduces a logic to support the specification and development of reactive systems on various levels of abstraction, from property specifications, concerning e.g. safety and liveness requirements, to constructive specifications representing concrete processes. This is achieved by combining binders of hybrid logic with regular modalities of dynamic logics in the same formalism, which we call D↓-logic. The semantics of our logic focuses on effective processes and is therefore given in terms of reachable transition systems with initial states. The second part of the paper resorts to this logic to frame stepwise development of reactive systems within the software development methodology proposed by Sannella and Tarlecki. In particular, we instantiate the generic concepts of constructor and abstractor implementations by using standard operators on reactive components, like relabelling and parallel composition, as constructors, and bisimulation for abstraction. We also study vertical composition of implementations which relies on the preservation of bisimularity by the constructions on labeleld transition systems.FCT individual grants SFRH/BPD/103004/2014 and SFRH/BSAB/113890/2015ERDF European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation - COMPETE 2020 Programme and by National Funds through the Portuguese funding agency, FCT - Fundação para a Cência e a Tecnologia within project POCI-01-0145-FEDER-016692 and UID/MAT/04106/2013 at CIDM

A logic for the stepwise development of reactive systems

D↓is a new dynamic logic combining regular modalities with the binder constructor typical of hybrid logic, which provides a smooth framework for the stepwise development of reactive systems. Actually, the logic is able to capture system properties at different levels of abstraction, from high-level safety and liveness requirements, to constructive specifications representing concrete processes. The paper discusses its semantics, given in terms of reachable transition systems with initial states, its expressive power and a proof system. The methodological framework is in debt to the landmark work of D.Sannella and A.Tarlecki, instantiating the generic concepts of constructor and abstractor implementations by standard operators on reactive components, e.g. relabelling and parallel composition, as constructors, and bisimulation for abstraction.This work was funded by ERDF European Regional Development Fund, through the COMPETE Programme, and by National Funds through FCT – Portuguese Foundation for Science and Technology – within projects POCI-01-0145-FEDER-016692 (DaLí – Dynamic logics for cyber-physical systems: towards contract based design) and UID/MAT/04106/2013 at CIDMA. Further support was given by the project SmartEGOV, NORTE-01-0145-FEDER000037, supported by Norte Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement, through the EFDR. The first author is also supported by a FCT individual grant SFRH/BPD/103004/201

A method for rigorous design of reconfigurable systems

Reconfigurability, understood as the ability of a system to behave differently in different modes of operation and commute between them along its lifetime, is a cross-cutting concern in modern Software Engineering. This paper introduces a specification method for reconfigurable software based on a global transition structure to capture the system's reconfiguration space, and a local specification of each operation mode in whatever logic (equational, first-order, partial, fuzzy, probabilistic, etc.) is found expressive enough for handling its requirements. In the method these two levels are not only made explicit and juxtaposed, but formally interrelated. The key to achieve such a goal is a systematic process of hybridisation of logics through which the relationship between the local and global levels of a specification becomes internalised in the logic itself.This work is financed by the ERDF – European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation – COMPETE 2020 Programme and by National Funds through the Portuguese funding agency, FCT – Fundação para a Ciência e a Tecnologia within projects POCI-01-0145-FEDER-016692 and UID/MAT/04106/2013. The first author is further supported by the BPD FCT Grant SFRH/BPD/103004/2014, and R. Neves is sponsored by FCT Grant SFRH/BD/52234/2013. M.A. Martins is also funded by the EU FP7 Marie Curie PIRSESGA-2012-318986 project GeTFun: Generalizing Truth-Functionality

Reuse and integration of specification logics: the hybridisation perspective

Hybridisation is a systematic process along which the characteristic features of hybrid logic, both at the syntactic and the semantic levels, are developed on top of an arbitrary logic framed as an institution. It also captures the construction of first-order encodings of such hybridised institutions into theories in first-order logic. The method was originally developed to build suitable logics for the specification of reconfigurable software systems on top of whatever logic is used to describe local requirements of each system’s configuration. Hybridisation has, however, a broader scope, providing a fresh example of yet another development in combining and reusing logics driven by a problem from Computer Science. This paper offers an overview of this method, proposes some new extensions, namely the introduction of full quantification leading to the specification of dynamic modalities, and exemplifies its potential through a didactical application. It is discussed how hybridisation can be successfully used in a formal specification course in which students progress from equational to hybrid specifications in a uniform setting, integrating paradigms, combining data and behaviour, and dealing appropriately with systems evolution and reconfiguration.This work is financed by the ERDF—European Regional Development Fund through the Operational Programme for Competitiveness and Internationalisation—COMPETE 2020 Programme, and by National Funds through the FCT (Portuguese Foundation for Science and Technology) within project POCI-01-0145-FEDER-006961. M. Martins was further supported by project UID/MAT/04106/2013. A. Madeira and R. Neves research was carried out in the context of a post-doc and a Ph.D. grant with references SFRH/BPD/103004/2014 and SFRH/BD/52234/2013, respectively. L.S. Barbosa is also supported by SFRH/BSAB/ 113890/2015

Hierarchical hybrid logic

We introduce HHL, a hierarchical variant of hybrid logic. We study first order correspondence results and prove a Hennessy-Milner like theorem relating (hierarchical) bisimulation and modal equivalence for HHL. Combining hierarchical transition structures with the ability to refer to specific states at different levels, this logic seems suitable to express and verify properties of hierarchical transition systems, a pervasive semantic structure in Computer Science.ERDF European Regional Development Fund, through the COMPETE Programme, and by National Funds through FCT - Portuguese Foundation for Science and Technology - within projects POCI-01-0145-FEDER-016692 and UID/MAT/04106/2013, as well by project “SmartEGOV: Harnessing EGOV for Smart Governance (Foundations, Methods, Tools) / NORTE-01-0145-FEDER-000037”, supported by Norte Portugal Regional Operational Programme (NORTE 2020), under the PORTUGAL 2020 Partnership Agreement. A. Madeira and R. Neves are further supported by the FCT individual grants SFRH/BPD/103004/2014 and SFRH/BD/52234/201