Global ETD Search

301	Multi-Robot Motion Planning With Control Barrier Functions for Signal Temporal Logic Tasks Brage, Cecilia, Johansson, Johanna January 2021 (has links) Autonomous robots have the potential to accomplisha wide variety of assignments. For this to work in reality, therobots need to be able to perform specific tasks while safety forboth them and their environment is ensured. Signal temporallogic (STL) was used to define timed tasks for the agents toperform and control barrier functions (CBFs) were used to designa controller for their movements. In this paper, a set of STL taskswere considered, which two robots were instructed to satisfy in asimulation of a warehouse environment. The two agents startednext to each other, then the set of tasks instructed them to move totwo separate areas, then meet up again and move in a formationback towards their starting area. Control barrier functions wereemployed to ensure the satisfaction of the set of STL tasks.The agents designed their actions towards satisfying the giventasks without considering a safety distance to the other robot atfirst. To later ensure safety, a collision avoidance mechanism wasintroduced. The scenario without collision avoidance proved moreeffective paths for the agents. They moved to satisfy the tasks withless disturbance than the scenario where collision avoidance wasconsidered. However, the scenario with the collision avoidancemechanism proved successful and the agents satisfied their taskswithout colliding with each other. / Autonoma robotar har potential att utföra en stor mängd olika uppgifter. För att detta ska fungera i verkligheten, behöver robotarna kunna genomföra specifika uppgifter medans både deras egen och omgivningens säkerhet är säkerställd. Signal temporal logic (STL) användes för att definiera tidsinställda uppgifter åt robotarna att utföra och control barrier functions (CBFs) användes för att designa en controller för deras rörelser. I den här rapporten betraktades en uppsättning av STL-uppgifter, vilka två robotar instruerades att uppfylla i en simulering av en lagermiljö. De två robotarna startade bredvid varandra, sen instruerade STL-uppgifterna dem att röra sig till två separata områden, sen mötas upp igen och röra sig i formation tillbaka mot sitt startområde. Control barrier functions användes för att garantera uppfyllandet av STL-uppgifterna. Robotarna anpassade sina rörelser till att uppfylla de givna uppgifterna, först utan hänsyn till någon säkerhetsmarginal till den andra roboten. För att senare garantera säkerhet introducerades en extra mekanism för att undvika kollision. Scenariot utan att undvika kollision visade på effektivare rörelsebanor hos robotarna. De rörde sig mot att uppfylla uppgifterna med färre störningar än scenariot då kollision aktivt undveks. Scenariot med mekanismen för att dock framgångsrikt och robotarna e sina uppgifter utan att kollidera med varandra. / Kandidatexjobb i elektroteknik 2021, KTH, Stockholm autonomous robots autonomous systems signal temporal logic control barrier function formation control collision avoidance formal methods Elektroteknik och elektronik
302	Specification Decomposition and Formal Behavior Generation in Multi-Robot Systems Schillinger, Philipp January 2017 (has links) While autonomous robot systems are becoming increasingly common, their usage is still mostly limited to rather simple tasks. This primarily results from the need for manually programming the execution plans of the robots. Instead, as shown in this thesis, their behavior can be automatically generated from a given goal specification. This forms the basis for providing formal guarantees regarding optimality and satisfaction of the mission goal specification and creates the opportunity to deploy these robots in increasingly sophisticated scenarios. Well-defined robot capabilities of comparably low complexity can be developed independently from a specific high-level goal and then, using a behavior planner, be automatically composed to achieve complex goals in a verifiably correct way. Considering multiple robots introduces significant additional planning complexity. Not only actions need to be planned, but also allocation of parts of the mission to the individual robots needs to be considered. Classically, either are planning and allocation seen as two independent problems which requires to solve an exponential number of planning problems, or the formulation of a joint team model leads to a product state space between the robots. The resulting exponential complexity prevents most existing approaches from being practically useful in more complex and realistic scenarios. In this thesis, an approach is presented to utilize the interplay of allocation and planning, which avoids the exponential complexity for independently executable parts of the mission specification. Furthermore, an approach is presented to identify these independent parts automatically when only being given a single goal specification for the team. This bears the potential of improving the efficiency to find an optimal solution and is a significant step towards the application of formal multi-robot behavior planning to real-world problems. The effectiveness of the proposed methods is therefore illustrated in experiments based on an existing office environment and in realistic scenarios. / Även om autonoma robotsystem blir allt vanligare är deras användning fortfarande mestadels begränsad till ganska enkla uppgifter. Detta beror främst på att manuell programmering av robotarnas exekveringsplaner behövs. Istället, som det visas i denna avhandling, kan deras beteende genereras automatiskt från en given målspecifikation. Detta utgör fundamentet för att ge en formell garanti att det resulterande beteendet är optimalt och uppdragsmålspecifikationen är uppfylld. Därför skapar det möjlighet att använda dessa robotar i alltmer sofistikerade scenarier. Väldefinierade robotkompetenser med relativt låg komplexitet kan utvecklas oberoende av ett specifikt mål på hög nivå och sedan sammansättas automatiskt med hjälp av en beteendeplanerare för att uppnå komplexa mål på ett verifierbar korrekt sätt. Om det handlar om flera robotar så introduceras ytterligare planeringskomplexitet som är betydande. Inte bara åtgärder behöver planeras, men även fördelning av uppdragets olika delar till de enskilda robotarna måste hanteras. Traditionellt anses planering och allokering som två oberoende problem som kräver att man löser ett exponentiellt antal planeringsproblem, eller så leder formuleringen av en gemensam modell för hela gruppen till ett produkttillståndsutrymme mellan robotarna. Den resulterande exponentiella komplexiteten förhindrar att de flesta befintliga metoderna är praktiskt användbara i mer komplexa och realistiska scenarier. I denna avhandling presenteras ett tillvägagångssätt för att utnyttja samspelet mellan allokering och planering, som undviker exponentiell komplexitet för oberoende exekverbara delar av uppdragsspecifikationen. Dessutom presenteras ett tillvägagångssätt för att automatiskt identifiera dessa oberoende delar när endast en enda målspecifikation ges för arbetslaget. Detta har potential att förbättra effektiviteten för att hitta en optimal lösning och är ett viktigt steg mot tillämpningen av formell multi-robot-beteendeplanering för realistiska problem. Effektiviteten av de föreslagna metoderna illustreras därför i experiment baserade på en befintlig kontorsmiljö och i realistiska scenarier. / <p>QC 20170928</p> ltl robot robotics multi-agent behavior synthesis formal methods decomposition high-level planning multi-objective search resource constraints Robotics Robotteknik och automation
303	Formal Methods for Constraint-Based Testing and Reversible Debugging in Erlang Palacios Corella, Adrián 20 March 2020 (has links) Tesis por compendio / [ES] Erlang es un lenguaje de programación funcional con concurrencia mediante paso de mensajes basado en el modelo de actores. Éstas y otras características lo hacen especialmente adecuado para aplicaciones distribuidas en tiempo real acrítico. En los últimos años, la popularidad de Erlang ha aumentado debido a la demanda de servicios concurrentes. No obstante, desarrollar sistemas Erlang libres de errores es un reto considerable. A pesar de que Erlang evita muchos problemas por diseño (por ejemplo, puntos muertos), algunos otros problemas pueden aparecer. En este contexto, las técnicas de testing y depuración basadas en métodos formales pueden ser útiles para detectar, localizar y arreglar errores de programación en Erlang. En esta tesis proponemos varios métodos para testing y depuración en Erlang. En particular, estos métodos están basados en modelos semánticos para concolic testing, pruebas basadas en propiedades, depuración reversible con consistencia causal y repetición reversible con consistencia causal de programas Erlang. Además, probamos formalmente las principales propiedades de nuestras propuestas y diseñamos herramientas de código abierto que implementan estos métodos. / [CA] Erlang és un llenguatge de programació funcional amb concurrència mitjançant pas de missatges basat en el model d'actors. Estes i altres característiques el fan especialment adequat per a aplicacions distribuïdes en temps real acrític. En els últims anys, la popularitat d'Erlang ha augmentat degut a la demanda de servicis concurrents. No obstant, desenvolupar sistemes Erlang lliures d'errors és un repte considerable. Encara que Erlang evita molts problemes per disseny (per exemple, punts morts), alguns altres problemes poden aparéixer. En este context, les tècniques de testing y depuració basades en mètodes formals poden ser útils per a detectar, localitzar y arreglar errors de programació en Erlang. En esta tesis proposem diversos mètodes per a testing i depuració en Erlang. En particular, estos mètodes estan basats en models semàntics per a concolic testing, testing basat en propietats, depuració reversible amb consistència causal i repetició reversible amb consistència causal de programes Erlang. A més, provem formalment les principals propietats de les nostres propostes i dissenyem ferramentes de codi obert que implementen estos mètodes. / [EN] Erlang is a message-passing concurrent, functional programming language based on the actor model. These and other features make it especially appropriate for distributed, soft real-time applications. In the recent years, Erlang's popularity has increased due to the demand for concurrent services. However, developing error-free systems in Erlang is quite a challenge. Although Erlang avoids many problems by design (e.g., deadlocks), some other problems may appear. Here, testing and debugging techniques based on formal methods may be helpful to detect, locate and fix programming errors in Erlang. In this thesis we propose several methods for testing and debugging in Erlang. In particular, these methods are based on semantics models for concolic testing, property-based testing, causal-consistent reversible debugging and causal-consistent replay debugging of Erlang programs. We formally prove the main properties of our proposals and design open-source tools that implement these methods. / Palacios Corella, A. (2020). Formal Methods for Constraint-Based Testing and Reversible Debugging in Erlang [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/139076 / Compendio Formal methods Erlang Constraint-based testing Reversible debugging Concolic testing Property-based testing Replay debugging Term rewriting LENGUAJES Y SISTEMAS INFORMATICOS
304	Achieving Compositional Security and Privacy in IoT Environments Muslum Ozgur Ozmen (18870154) 11 September 2024 (has links) <p dir="ltr">The Internet of Things (IoT) systems include sensors that measure the physical world, actuators that influence it, and IoT apps that automate these sensors and actuators. Although IoT environments have revolutionized our lives by integrating digital connectivity into physical processes, they also introduce unique security and privacy concerns. Particularly, these systems include multiple components that are unified through the cyber and physical domains. For instance, smart homes include various devices and multiple IoT apps that control these devices. Thus, attacks against any single component can have rippling effects, amplifying due to the composite behavior of sensors, actuators, apps, and the physical environment.</p><p dir="ltr">In this dissertation, I explore the emerging security and privacy issues that arise from the complex physical interactions in IoT environments. To discover and mitigate these emerging issues, there is a need for composite reasoning techniques that consider the interplay between digital and physical domains. This dissertation addresses these challenges to build secure IoT environments and enhance user privacy with new formal techniques and systems.</p><p dir="ltr">To this end, I first describe my efforts in ensuring the safety and security of IoT en- vironments. Particularly, I introduced IoTSeer, a security service that discovers physical interaction vulnerabilities among IoT apps. I then proposed attacks that evade prior event verification systems by exploiting the complex physical interactions between IoT sensors and actuators. To address them, I developed two defenses, software patching and sensor placement, to make event verification systems robust against evasion attacks. These works provide a suite of tools to achieve compositional safety and security in IoT environments. </p><p dir="ltr">Second, I discuss my work that identifies the privacy risks of emerging IoT devices. I designed DMC-Xplorer to find vulnerabilities in voice assistant platforms and showed that an adversary can eavesdrop on privacy-sensitive device states and prevent users from controlling devices. I then developed a remote side-channel attack against intermittent devices to infer privacy-sensitive information about the environment in which they are deployed. These works highlight new privacy issues in emerging commodity devices used in IoT environments.</p> Data and information privacy System and network security IoT Security Cyber-physical systems security Internet of Things Privacy Formal Methods
305	A TRANSLATION OF OCAML GADTS INTO COQ Pedro da Costa Abreu Junior (18422613) 23 April 2024 (has links) <p dir="ltr">Proof assistants based on dependent types are powerful tools for building certified software. In order to verify programs written in a different language, however, a representation of those programs in the proof assistant is required. When that language is sufficiently similar to that of the proof assistant, one solution is to use a <i>shallow embedding</i> to directly encode source programs as programs in the proof assistant. One challenge with this approach is ensuring that any semantic gaps between the two languages are accounted for. In this thesis, we present <i>GSet</i>, a mixed embedding that bridges the gap between OCaml GADTs and inductive datatypes in Coq. This embedding retains the rich typing information of GADTs while also allowing pattern matching with impossible branches to be translated without additional axioms. We formalize this with GADTml, a minimal calculus that captures GADTs in OCaml, and gCIC, an impredicative variant of the Calculus of Inductive Constructions. Furthermore, we present the translation algorithm between GADTml and gCIC, together with a proof of the soundness of this translation. We have integrated this technique into coq-of-ocaml, a tool for automatically translating OCaml programs into Coq. Finally, we demonstrate the feasibility of our approach by using our enhanced version of coq-of-ocaml, to translate a portion of the Tezos code base into Coq.</p> Automated software engineering Formal methods for software Programming languages Type Theory Programming Languages (cs.PL) OCaml Coq Compilers & Tools Compilers (Computer programs)
306	Explanation of the Model Checker Verification Results Kaleeswaran, Arut Prakash 20 December 2023 (has links) Immer wenn neue Anforderungen an ein System gestellt werden, müssen die Korrektheit und Konsistenz der Systemspezifikation überprüft werden, was in der Praxis in der Regel manuell erfolgt. Eine mögliche Option, um die Nachteile dieser manuellen Analyse zu überwinden, ist das sogenannte Contract-Based Design. Dieser Entwurfsansatz kann den Verifikationsprozess zur Überprüfung, ob die Anforderungen auf oberster Ebene konsistent verfeinert wurden, automatisieren. Die Verifikation kann somit iterativ durchgeführt werden, um die Korrektheit und Konsistenz des Systems angesichts jeglicher Änderung der Spezifikationen sicherzustellen. Allerdings ist es aufgrund der mangelnden Benutzerfreundlichkeit und der Schwierigkeiten bei der Interpretation von Verifizierungsergebnissen immer noch eine Herausforderung, formale Ansätze in der Industrie einzusetzen. Stellt beispielsweise der Model Checker bei der Verifikation eine Inkonsistenz fest, generiert er ein Gegenbeispiel (Counterexample) und weist gleichzeitig darauf hin, dass die gegebenen Eingabespezifikationen inkonsistent sind. Hier besteht die gewaltige Herausforderung darin, das generierte Gegenbeispiel zu verstehen, das oft sehr lang, kryptisch und komplex ist. Darüber hinaus liegt es in der Verantwortung der Ingenieurin bzw. des Ingenieurs, die inkonsistente Spezifikation in einer potenziell großen Menge von Spezifikationen zu identifizieren. Diese Arbeit schlägt einen Ansatz zur Erklärung von Gegenbeispielen (Counterexample Explanation Approach) vor, der die Verwendung von formalen Methoden vereinfacht und fördert, indem benutzerfreundliche Erklärungen der Verifikationsergebnisse der Ingenieurin bzw. dem Ingenieur präsentiert werden. Der Ansatz zur Erklärung von Gegenbeispielen wird mittels zweier Methoden evaluiert: (1) Evaluation anhand verschiedener Anwendungsbeispiele und (2) eine Benutzerstudie in Form eines One-Group Pretest-Posttest Experiments. / Whenever new requirements are introduced for a system, the correctness and consistency of the system specification must be verified, which is often done manually in industrial settings. One viable option to traverse disadvantages of this manual analysis is to employ the contract-based design, which can automate the verification process to determine whether the refinements of top-level requirements are consistent. Thus, verification can be performed iteratively to ensure the system’s correctness and consistency in the face of any change in specifications. Having said that, it is still challenging to deploy formal approaches in industries due to their lack of usability and their difficulties in interpreting verification results. For instance, if the model checker identifies inconsistency during the verification, it generates a counterexample while also indicating that the given input specifications are inconsistent. Here, the formidable challenge is to comprehend the generated counterexample, which is often lengthy, cryptic, and complex. Furthermore, it is the engineer’s responsibility to identify the inconsistent specification among a potentially huge set of specifications. This PhD thesis proposes a counterexample explanation approach for formal methods that simplifies and encourages their use by presenting user-friendly explanations of the verification results. The proposed counterexample explanation approach identifies and explains relevant information from the verification result in what seems like a natural language statement. The counterexample explanation approach extracts relevant information by identifying inconsistent specifications from among the set of specifications, as well as erroneous states and variables from the counterexample. The counterexample explanation approach is evaluated using two methods: (1) evaluation with different application examples, and (2) a user-study known as one-group pretest and posttest experiment. formale Methoden Benutzerstudie Verifizierungsergebnisse Modell-Checker Counterexample explanation Formal methods Model checker Error comprehension 004 Informatik ST 620 ST 233 ST 277 ddc:004
307	Optimale Partner offener Systeme / Modellierung, Analyse, Synthese Sürmeli, Jan 05 May 2015 (has links) Heutzutage besteht ein komplexes Software-System häufig aus lose gekoppelten, interagierenden Komponenten. Eine Komponente ist ein offenes System, das unabhängig von anderen offenen Systemen entwickelt und später mit diesen komponiert wird. Die Komposition L+R zweier offener Systeme L und R kann sich jedoch inkorrekt verhalten, beispielsweise verklemmen (die Komponenten warten gegenseitig aufeinander), in eine Endlosschleife geraten oder unbeschränkten Speicherplatz erfordern. Ist L+R dagegen ein korrektes System, bezeichnet man L und R als Partner voneinander. Formale Methoden der Modellierung, Analyse und Synthese ermöglichen die systematische Konstruktion eines korrekten Systems durch Komposition von Partnern. Die Kosten, die ein offenes System L verursacht, variieren in Abhängigkeit von der konkreten Wahl eines Partners. Es ist daher wünschenswert, L nur mit solchen Partnern zu komponieren, welche die Kosten von L beschränken oder sogar minimieren. Ein Partner, der die Kosten von L minimiert, ist ein optimaler Partner von L. Ziel dieser Arbeit ist die Erarbeitung von Techniken, die garantieren, dass L nur mit optimalen Partnern komponiert wird. Dazu entwickeln wir formale Methoden zur Modellierung, Analyse und Synthese kostenbehafteter offener Systeme und ihrer optimalen Partner. Wir präsentieren einen Formalismus zur Modellierung funktionaler (d.h. Zustandsübergänge) und nicht-funktionaler Verhaltenseigenschaften (d.h. Kosten). In diesem Formalismus definieren wir Kostenbeschränktheit und Optimalität von Partnern. Darauf aufbauend entwickeln wir formale Methoden zur Entscheidung der kostenbeschränkten Bedienbarkeit (d.h. der Existenz kostenbeschränkter Partner), der Synthese optimaler Partner und der endlichen Repräsentation aller optimalen Partner. / Nowadays, a complex software system usually consists of loosely-coupled, interacting components. Such a component is an independently developed open system that one composes with other open systems. The composition L+R of two open systems L and R can be faulty: For instance, the components deadlock (i.e. mutually wait for each other) or require an unbounded amount of memory. If L+R is correct, L and R are called partners of each other. Formal methods for modeling, analysis and synthesis yield a systematic approach to constructing a correct system by means of composing partners. The costs of executing a given open system L vary based on a chosen partner. Therefore, it is desirable to choose a partner that bounds or even minimizes the costs of executing L. If a partner R minimizes the costs of executing L, then R is an optimal partner of L. Our goal is to develop techniques that guarantee the composition of L with optimal partners. To this end, we develop formal methods of modeling, analysis and synthesis of open systems incorporating costs. We present a formalism to model functional aspects (i.e. states and transitions) and non-functional aspects (costs) of behavior. We define the properties of cost boundedness and cost optimality for partners in this formalism. Based thereon, we develop formal methods to decide cost bounded controllability (i.e. the existence of cost bounded partners), to synthesize optimal partners, and to finitely represent the set of all optimal partners. Komposition offene Systeme Partnersynthese formale Methoden gewichtete Netze composition open systems partner synthesis formal methods weighted nets 004 Informatik 28 Informatik, Datenverarbeitung ST 237 ddc:004
308	Automating Formal Verification of Distributed Systems via Property-Driven Reductions Christopher Wagner (20817524) 05 March 2025 (has links) <p dir="ltr">Distributed protocols, with their immense state spaces and complex behaviors, have long been popular targets for formal verification. Cutoff reductions offer an enticing path for verifying parameterized distributed systems, composed of arbitrarily many processes. While parameterized verification (i.e., algorithmically checking correctness of a system with an arbitrary number of processes) is generally undecidable, these reductions allow one to verify certain classes of parameterized systems by reducing verification of an infinite family of systems to that of a single finite instance. The finiteness of the resulting target system enables fully-automated verification of the entire unbounded system family. In this work, we aim to establish pathways for automated verification via cutoff reductions which emphasize a modular approach to establishing correctness.</p><p dir="ltr">First, we consider distributed, agreement-based (DAB) systems. That is, systems which are built on top of agreement protocols, such as agreement and consensus. While much attention has been paid to the correctness of the protocols themselves, relatively little consideration as been given to systems which utilize these protocols to achieve some higher-level functionality. To this end, we present the GSP model, a system model based on two types of globally-synchronous transitions: k-sender and k-maximal, the latter of which was introduced by this author. This model enables us to formalize systems built on distributed consensus and leader election, and define conditions under which such systems may be verified automatically, despite the involvement of an arbitrary number of participant processes (a problem which is generally undecidable). Further, we identify conditions under which these systems can be verified efficiently and provide proofs of their correctness developed in part by this author. We then present QuickSilver, a user-friendly framework for designing and verifying parameterized DAB systems and, on this author’s suggestion, lift the GSP decidability results to QuickSilver using this author’s notion of when the behavior of all processes in the system can be separated into sections of their control flow, called “phase analysis”.</p><p dir="ltr">Next, we address verification of systems beyond agreement-based protocols. We find that, among parameterized systems, a class of systems we refer to as star-networked systems has received limited attention as the subject of cutoff reductions. These systems combine heterogeneous client and server process definitions with both pairwise and broadcast communication, so they often fall outside the requirements of existing cutoff computations. We address these challenges in a novel cutoff reduction based on careful analysis of the interactions between a central process and an arbitrary number of peripheral client processes as they progress toward an error state. The key to our approach rests on identifying systems in which the central process coordinates primarily with a finite number of core client processes, and outside of such core clients, the system’s progress can be enabled by a finite number of auxiliary clients.</p><p dir="ltr">Finally, we examine systems that are doubly-unbounded, in particular, parameterized DAB systems that additionally have unbounded data domains. We present a novel reduction which leverages value symmetry and a new notion of data saturation to reduce verification of doubly-unbounded DAB systems to model checking of small, finite-state systems. We also demonstrate that this domain reduction can be applied beyond DAB systems, including to star-networked systems.</p><p dir="ltr">We implement our reductions in several frameworks to enable efficient verification of sophisticated DAB and star-networked system models, including the arbitration mechanism for a consortium blockchain, a simple key-value store, and a lock server. We show that, by reducing the complexity of verification problems, cutoff reductions open up avenues for the application of a variety of verification techniques, including further reduction.</p> Distributed systems and algorithms Formal methods for software Programming languages Distributed Systems Parameterized Verification Cutoff Reduction Model Checking Automated Verification
309	Formalising non-functional requirements embedded in user requirements notation (URN) models Dongmo, Cyrille 11 1900 (has links) The growing need for computer software in different sectors of activity, (health, agriculture, industries, education, aeronautic, science and telecommunication) together with the increasing reliance of the society as a whole on information technology, is placing a heavy and fast growing demand on complex and high quality software systems. In this regard, the anticipation has been on non-functional requirements (NFRs) engineering and formal methods. Despite their common objective, these techniques have in most cases evolved separately. NFRs engineering proceeds firstly, by deriving measures to evaluate the quality of the constructed software (product-oriented approach), and secondarily by improving the engineering process (process-oriented approach). With the ability to combine the analysis of both functional and non-functional requirements, Goal-Oriented Requirements Engineering (GORE) approaches have become de facto leading requirements engineering methods. They propose through refinement/operationalisation, means to satisfy NFRs encoded in softgoals at an early phase of software development. On the other side, formal methods have kept, so far, their promise to eliminate errors in software artefacts to produce high quality software products and are therefore particularly solicited for safety and mission critical systems for which a single error may cause great loss including human life. This thesis introduces the concept of Complementary Non-functional action (CNF-action) to extend the analysis and development of NFRs beyond the traditional goals/softgoals analysis, based on refinement/operationalisation, and to propagate the influence of NFRs to other software construction phases. Mechanisms are also developed to integrate the formal technique Z/Object-Z into the standardised User Requirements Notation (URN) to formalise GRL models describing functional and non-functional requirements, to propagate CNF-actions of the formalised NFRs to UCMs maps, to facilitate URN construction process and the quality of URN models. / School of Computing / D. Phil (Computer Science) Semi-formal specification techniques URN GRL UCMs Goal model NFR CNF-actions Formal methods Z Object-Z Specification validation Enterprise organogram Specification animation Z/Eves Four-way framework 005.12 Formal methods (Computer science) Z (Computer program language) Computer software\|xDevelopment. Requirements engineering
310	Synthesis for a weak real-time logic / Synthèse pour une logique temps-réel faible Nguena-Timo, Omer 07 December 2009 (has links) Dans cette thèse, nous nous intéressons à la spécification et à la synthèse de contrôleurs des systèmes temps-réels. Les modèles pour ces systèmes sont des Event-recording Automata. Nous supposons que les contrôleurs observent tous les évènements se produisant dans le système et qu'ils peuvent interdirent uniquement des évènements contrôlables. Tous les évènements ne sont pas nécessairement contrôlables. Une première étude est faite sur la logique Event-recording Logic (ERL). Nous proposons des nouveaux algorithmes pour les problèmes de vérification et de satisfaisabilité. Ces algorithmes présentent les similitudes entre les problèmes de décision cité ci-dessus et les problèmes de décision similaires étudiés dans le cadre du $\mu$-calcul. Nos algorithmes corrigent aussi des algorithmes présents dans la littérature. Les similitudes relevées nous permettent de prouver l'équivalence entre les formules de ERL et les formules de ERL en forme normale disjonctive. La logique ERL n'étant pas suffisamment expressive pour décrire certaines propriétés des systèmes, en particulier des propriétés des contrôleurs, nous introduisons une nouvelle logique WT$_\mu$. La logique WT$_\mu$ est une extension temps-réel faible du $\mu$-calcul. Nous proposons des algorithmes pour la vérification des systèmes lorsque les propriétés sont écrites en WT$_\mu$. Nous identifions deux fragments de WT$_\mu$ appelés WT$_\mu$ bien guardé ($WG$-WT$_\mu$) et WT$_\mu$ pour le contrôle ($C$-WT$_\mu$). La logique $WG$-WT$_\mu$ est plus expressif que $C$-WT$_\mu$. Nous proposons un algorithme qui permet de vérifier si une formule de $WG$-WT$_\mu$ possède un modèle (éventuellement déterministe). Cet algorithme nécessite de connaître les ressources (horloges et constante maximale comparée avec les horloges) des modèles. Dans le cadre de $C$-WT$_\mu$ l'algorithme que nous proposons et qui permet de décider si une formule possède un modèle n'a pas besoin de connaître les ressources des modèles. En utilisant $C$-WT$_\mu$ comme langage de spécification des systèmes, nous proposons des algorithmes de décision pour le contrôle centralisé et le $\Delta$-contrôle centralisé. Ces algorithmes permettent aussi de construire des modèles de contr\^oleurs. Lorsque les objectifs de contrôle sont décrits à l'aide des formules de $WG$-WT$_\mu$, nous montrons également comment synthétiser des contrôleurs décentralisés avec des ressources fixées à l'avance et ceci, lorsqu'au plus un contrôleur est non déterministe. / In this dissertation, we consider the specification and the controller synthesis problem for real-time systems. Our models for systems are kinds of Event-recording automata. We assume that controllers observe all the events occurring in the system and can prevent occurrences of controllable events. We study Event-recording Logic (ERL). We propose new algorithms for the model-checking and the satisfiability problems of that logic. Our algorithms are similar to some algorithms proposed for the same problems in the setting of the standard $\mu$-calculus. They also correct earlier proposed algorithms. We define disjunctive normal form formulas and we show that every formula is equivalent to a formula in disjunctive normal form. Unfortunately, ERL is rather weak and can not describe some interesting real-time properties, in particular some important properties for controllers. We define a new logic that we call WT$_\mu$. The logic WT$_\mu$ is a weak real-time extension of the standard $\mu$-calculus. We present an algorithm for the model-checking problem of WT$_\mu$. We consider two fragments of WT$_\mu$ called well guarded WT$_\mu$ ($WG$-WT$_\mu$) and WT$_\mu$ for control ($C$-WT$_\mu$). We show that the satisfiability of $WG$-WT$_\mu$ is decidable if the maximal constants appearing in models are known a priori. Our algorithm allows to check whether a formula of $WG$-WT$_\mu$ has a deterministic model. The algorithm we propose to decide whether a formula of $C$-WT$_\mu$ has a model does not need to know the maximal constant used in models. All the algorithms for the satisfiability checking construct witness models. Using $C$-WT$_\mu$, we present algorithms for a centralised controller synthesis problem and a centralised $\Delta$-controller synthesis problems. The construction of witness controllers is effective. We also consider the decentralised controller synthesis problem with limited resources (the maximal constants used in controllers is known a priory) when the properties are described with $WG$-WT$_\mu$. We show that this problem is decidable and the computation of witness controllers is effective. Systèmes temps-réel Event-Recording automata Logique temps-réel Satisfaisabilité Event-Recording Logic Méthodes formelles Vérification Synthèse de contrôleurs Real-time systems Event-recording automata Formal methods Real-time logic Μ-calculus Event-recording logic Satisfiability Model-checking Controller synthesis

Search results