Constructive formal methods and protocol standardization

This research is part of the NWO project "Improving the Quality of Protocol Standards". In this project we have cooperated with industrial standardization committees that are developing protocol standards. Thus we have contributed to these international standards, and we have generated relevant research questions in the field of formal methods. The first part of this thesis is related to the ISO/IEEE 1073.2 standard, which addresses medical device communication. The protocols in this standard were developed from a couple of MSC scenarios that describe typical intended behavior. Upon synthesizing a protocol from such scenarios, interference between these scenarios may be introduced, which leads to undesired behaviors. This is called the realizability problem. To address the realizability problem, we have introduced a formal framework that is based on partial orders. In this way the problem that causes the interference can be clearly pointed out. We have provided a complete characterization of realizability criteria that can be used to determine whether interference problems are to be expected. Moreover, we have provided a new constructive approach to solve the undesired interference in practical situations. These techniques have been used to improve the protocol standard under consideration. The second part of this thesis is related to the IEEE 1394.1-2004 standard, which addresses High Performance Serial Bus Bridges. This is an extension of the IEEE 1394-1995 standard, also known as FireWire. The development of the distributed spanning tree algorithm turned out to be a serious problem. To address this problem, we have first developed and proposed a much simpler algorithm. We have also studied the algorithm proposed by the developers of the standard, namely by formally reconstructing a version of it, starting from the specification. Such a constructive approach to verification and analysis uses mathematical techniques, or formal methods, to reveal the essential mechanisms that play a role in the algorithm. We have shown the need for different levels of abstraction, and we have illustrated that the algorithm is in fact distributed at two levels. These techniques are usually applied manually, but we have also developed an approach to automate parts of it using state-of-the-art theorem provers

A distributed spanning tree algorithm for topology-aware networks

Abstract. A topology-aware network is a dynamic network in which the nodes can detect whether locally topology changes occur. Many modern networks, like IEEE 1394.1, are topology-aware networks. We present a distributed algorithm for computing and maintaining an arbitrary spanning tree in such a topology-aware network. Although usually minimal spanning trees are studied, in practice arbitrary spanning trees are often sufficient. Since our algorithm is not involved in the detection of topology changes, it performs better than the spanning tree algorithms in standards like IEEE 802.1. Because reasoning about distributed algorithms is rather tricky, we use a systematic approach to prove our algorithm

User-guided discovery of declarative process models

Process mining techniques can be used to effectively discover process models from logs with example behaviour. Cross-correlating a discovered model with information in the log can be used to improve the underlying process. However, existing process discovery techniques have two important drawbacks. The produced models tend to be large and complex, especially in flexible environments where process executions involve multiple alternatives. This "overload" of information is caused by the fact that traditional discovery techniques construct procedural models explicitly showing all possible behaviours. Moreover, existing techniques offer limited possibilities to guide the mining process towards specific properties of interest. These problems can be solved by discovering declarative models. Using a declarative model, the discovered process behaviour is described as a (compact) set of rules. Moreover, the discovery of such models can easily be guided in terms of rule templates. This paper uses DECLARE, a declarative language that provides more flexibility than conventional procedural notations such as BPMN, Petri nets, UML ADs, EPCs and BPEL. We present an approach to automatically discover DECLARE models. This has been implemented in the process mining tool ProM. Our approach and toolset have been applied to a case study provided by the company Thales in the domain of maritime safety and security

Assertion-based proof checking of Chang-Roberts leader election in PVS

We report a case study in automated incremental assertion-based proof checking with PVS. Given an annotated distributed algorithm, our tool ProPar generates the proof obligations for partial correctness, plus a proof script per obligation. ProPar then lets PVS attempt to discharge all obligations by running the proof scripts. The Chang-Roberts algorithm elects a leader on a unidirectional ring with unique identities. With ProPar, we check its correctness with a very high degree of automation: over 90% of the proof obligations is discharged automatically. This case study underlines the feasibility of the approach and is, to the best of our knowledge, the first verification of the Chang-Roberts algorithm for arbitrary ring size in a proof checker

Soundness-preserving refinements of service compositions

Soundness is one of the well-studied properties of processes; it denotes that a final state can be reached from every state that is reachable from the initial state. Soundness-preserving refinements are important for enabling the compositional design of systems. In this paper we concentrate on refinements of service compositions. We model service compositions using Petri nets, and consider specific pairs of places that belong to different services. Starting from a sound service composition, we show how to check whether such a pair of places can be refined by another sound service composition, so that soundness is preserved through the refinement

Quantum Computing with Atomic Josephson Junction Arrays

We present a quantum computing scheme with atomic Josephson junction arrays. The system consists of a small number of atoms with three internal states and trapped in a far-off resonant optical lattice. Raman lasers provide the "Josephson" tunneling, and the collision interaction between atoms represent the "capacitive" couplings between the modes. The qubit states are collective states of the atoms with opposite persistent currents. This system is closely analogous to the superconducting flux qubit. Single qubit quantum logic gates are performed by modulating the Raman couplings, while two-qubit gates result from a tunnel coupling between neighboring wells. Readout is achieved by tuning the Raman coupling adiabatically between the Josephson regime to the Rabi regime, followed by a detection of atoms in internal electronic states. Decoherence mechanisms are studied in detail promising a high ratio between the decoherence time and the gate operation time.Comment: 7 figure

Single and double qubit gates by manipulating degeneracy

A novel mechanism is proposed for single and double qubit state manipulations in quantum computation with four-fold degenerate energy levels. The principle is based on starting with a four fold degeneracy, lifting it stepwise adiabatically by a set of control parameters and performing the quantum gate operations on non-degenerate states. A particular realization of the proposed mechanism is suggested by using inductively coupled rf-squid loops in the macroscopic quantum tunnelling regime where the energy eigen levels are directly connected with the measurable flux states. The one qubit and two qubit controlled operations are demonstrated explicitly. The appearance of the flux states also allows precise read-in and read-out operations by the measurement of flux.Comment: 6 pages + 5 figures (separately included