Powerful Specification Language Research Articles

Bounded model checking for interval probabilistic timed graph transformation systems against properties of probabilistic metric temporal graph logic

Cyber-physical systems often encompass complex concurrent behavior with timing constraints and probabilistic failures on demand. The analysis whether such systems with probabilistic timed behavior adhere to a given specification is essential. The formalism of Interval Probabilistic Timed Graph Transformation Systems (IPTGTSs) is often a suitable choice to model cyber-physical systems because (a) its rule-based approach to graph transformation can capture a wide range of system's structure dynamics when the states of the system can be represented by graphs while (b) it employs interval specifications for probabilistic behavior as well as lower and upper bounds on delays of steps to support systems where precise probabilities and delays are not known or may change during the runtime of the system. Probabilistic Metric Temporal Graph Logic (PMTGL) has been introduced as a powerful specification language to express worst-case/best-case probabilistic timed requirements such as actor-based soft deadlines using (a) path properties relying on its Metric Temporal Graph Logic fragment to track individual graph elements and (b) an operator inherited from Probabilistic Timed Computation Tree Logic to express worst-case/best-case probabilistic requirements identifying worst-case/best-case resolutions of non-determinism. Bounded Model Checking (BMC) support for Probabilistic Timed Graph Transformation Systems (PTGTSs) w.r.t. properties specified using PMTGL has been already presented. However, for IPTGTSs no analysis support w.r.t. PMTGL properties has been developed for stating metric temporal properties on identified subgraphs and their structural changes over time.In this paper, we adapt the BMC approach developed for PTGTSs to the case of IPTGTSs extending modeling and analysis support to the usage of probability intervals more appropriately covering cyber-physical systems where probabilistic effects cannot be specified precisely and need to be approximated instead. In our evaluation, we apply an implementation of our BMC approach in AutoGraph to a novel running example demonstrating the effect of using probability intervals instead of precise probability values.

Generating Optimal Monitors for Extended Regular Expressions

Ordinary software engineers and programmers can easily understand regular patterns, as shown by the immense interest in and the success of scripting languages like Perl, based essentially on regular expression pattern matching. We believe that regular expressions provide an elegant and powerful specification language also for monitoring requirements, because an execution trace of a program is in fact a string of states. Extended regular expressions (EREs) add complementation to regular expressions, which brings additional benefits by allowing one to specify patterns that must not occur during an execution. Complementation gives one the power to express patterns on strings more compactly. In this paper we present a technique to generate optimal monitors from EREs. Our monitors are deterministic finite automata (DFA) and our novel contribution is to generate them using a modern coalgebraic technique called coinduction. Based on experiments with our implementation, which can be publicly tested and used over the web, we believe that our technique is more efficient than the simplistic method based on complementation of automata which can quickly lead to a highly-exponential state explosion.

Verification of non-functional programs using interpretations in type theory

We study the problem of certifying programs combining imperative and functional features within the general framework of type theory. Type theory is a powerful specification language which is naturally suited for the proof of purely functional programs. To deal with imperative programs, we propose a logical interpretation of an annotated program as a partial proof of its specification. The construction of the corresponding partial proof term is based on a static analysis of the effects of the program which excludes aliases. The missing subterms in the partial proof term are seen as proof obligations, whose actual proofs are left to the user. We show that the validity of those proof obligations implies the total correctness of the program. This work has been implemented in the Coq proof assistant. It appears as a tactic taking an annotated program as argument and generating a set of proof obligations. Several nontrivial algorithms have been certified using this tactic.

Distributed implementation of the disabling operator in lotos

lotos is a process algebra-based formal description technique (FDT). It has been standardized by the International Standards Organization (ISO) for the specification of communication and distributed software systems. The disabling operator of lotos is a unique feature not found in other FDTs. Though lotos is a powerful specification language, it is not used in the industries. This is because it is very difficult to implement its various operators. In this paper, we propose a scheme for distributed implementation of the disabling operator. Our main contribution lies in transforming the operational semantics of the disabling operator to a distributed implementation. The distributed implementation is specified as a hierarchy of communicating finite-state machines which are easy to implement.

A Computational Model for ADA and other concurrent languages

An earlier report [PB-157] presented the argument for diagrams as the most suitable models for programs with concurrency. In a diagram the configurations correspond to points of the program, there is a move from m to n if n can be the next program point after m and the move is labelled by the program <em>action</em> when the computation follows the move. This report shows that this computational model is suitable for ADA and other languages with concurrency. In Section 1 we give the computational model for the guarded command language GCL; in Section 2, a powerful specification language SCSS is modelled; in Section 3 we give the model for the language CSP of communicating sequential processes; then the techniques introduced in these sections are used when ADA programs are modelled in Section 4.