Journal of Logical and Algebraic Methods in Programming最新文献

{"title":"Coherent modal transition systems refinement","authors":"Davide Basile ,&nbsp;Maurice H. ter Beek ,&nbsp;Alessandro Fantechi ,&nbsp;Stefania Gnesi","doi":"10.1016/j.jlamp.2024.100954","DOIUrl":"https://doi.org/10.1016/j.jlamp.2024.100954","url":null,"abstract":"<div><p>Modal Transition Systems (MTS) are a well-known formalism that extend Labelled Transition Systems (LTS) with the possibility of specifying necessary and permitted behaviour. Coherent MTS (CMTS) have been introduced to model Software Product Lines (SPL) based on a correspondence between the necessary and permitted modalities of MTS transitions and their associated actions, and the core and optional features of SPL. In this paper, we address open problems of the coherent fragment of MTS and introduce the notions of refinement and thorough refinement of CMTS. Most notably, we prove that refinement and thorough refinement coincide for CMTS, while it is known that this is not the case for MTS. We also define (thorough) equivalence and strong bisimilarity of both MTS and CMTS. We show their relations and, in particular, we prove that also strong bisimilarity and equivalence coincide for CMTS, whereas they do not for MTS. Finally, we extend our investigation to CMTS equipped with Constraints (MTSC), originally introduced to express alternative behaviour, and we prove that novel notions of refinement and strong thorough refinement coincide for MTSC, and so do their extensions to strong (thorough) equivalence and strong bisimilarity.</p></div>","PeriodicalId":48797,"journal":{"name":"Journal of Logical and Algebraic Methods in Programming","volume":"138 ","pages":"Article 100954"},"PeriodicalIF":0.9,"publicationDate":"2024-02-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2352220824000129/pdfft?md5=f3454b411ac825e2a7452e39b5a346f5&pid=1-s2.0-S2352220824000129-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139992455","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Verification of data-aware process models: Checking soundness of data Petri nets","authors":"Nikolai M. Suvorov,&nbsp;Irina A. Lomazova","doi":"10.1016/j.jlamp.2024.100953","DOIUrl":"https://doi.org/10.1016/j.jlamp.2024.100953","url":null,"abstract":"<div><p>During recent years, significant research has been done in the direction of enriching the traditional control-flow perspective of processes with additional dimensions, such as data and decisions. To represent data-aware process models, various formalisms have been proposed. In this work, we focus on Data Petri nets (DPNs), an extension to a Petri net with data. Data in a DPN is set as variable values. Process activities, represented as transitions, can inspect and update variable values. This work is dedicated to soundness verification of data-aware process models represented as DPNs. We show the flaw in one of the algorithms for checking soundness of DPNs with variable-operator-variable conditions. The algorithm fails to detect some types of livelocks and, thus, is incorrect in the general case. In this report, we propose an advanced version of this algorithm, which correctly verifies soundness of DPNs and which can also be used for DPNs has composite conditions on transitions. To verify soundness, the algorithm refines a DPN by splitting some of its transitions, constructs an abstract state space of a refined DPN, and inspects it for soundness properties. The report justifies correctness of the proposed algorithm for DPNs with variables of real data type or any finite data types. The algorithm is implemented, and the results of its performance evaluation demonstrate practical applicability of the algorithm for process models of small and medium sizes.</p></div>","PeriodicalId":48797,"journal":{"name":"Journal of Logical and Algebraic Methods in Programming","volume":"138 ","pages":"Article 100953"},"PeriodicalIF":0.9,"publicationDate":"2024-02-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139714998","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Reversible debugging of concurrent Erlang programs: Supporting imperative primitives","authors":"Pietro Lami ,&nbsp;Ivan Lanese ,&nbsp;Jean-Bernard Stefani ,&nbsp;Claudio Sacerdoti Coen ,&nbsp;Giovanni Fabbretti","doi":"10.1016/j.jlamp.2024.100944","DOIUrl":"10.1016/j.jlamp.2024.100944","url":null,"abstract":"<div><p>Reversible computing is a programming paradigm allowing one to execute programs both in the standard, forward direction as well as backwards, recovering past states. A relevant application of reversible computing is causal-consistent reversible debugging, which allows one to explore concurrent computations backwards and forwards to find a bug. The basic idea is that any action can be undone, provided that its consequences are undone beforehand. This approach has been put into practice in CauDEr, a Causal-consistent reversible Debugger<span> for the Erlang programming language. CauDEr provides the ability to explore a concurrent computation back and forward in a step-by-step way as well as to undo an action far in the past including all and only its consequences (rollback), and to replay an action from a log, together with its causes. CauDEr supports the functional, concurrent and distributed fragment of Erlang. However, Erlang also includes imperative primitives to manage a map (shared among all the processes of a same node) associating process identifiers to names. Here we extend CauDEr and the related theory, including rollback and replay, to support such imperative primitives. From a theoretical point of view, the imperative primitives create different causal structures to those derived from the concurrent Erlang fragment previously handled in CauDEr, yet we show that the main results proved for previous versions of CauDEr are still valid. From a practical point of view, this allows one to debug a larger subset of Erlang programs, as shown with a small case study of a server providing mathematical functionalities.</span></p></div>","PeriodicalId":48797,"journal":{"name":"Journal of Logical and Algebraic Methods in Programming","volume":"138 ","pages":"Article 100944"},"PeriodicalIF":0.9,"publicationDate":"2024-01-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139498019","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Trace preservation in B and Event-B refinements","authors":"Sebastian Stock ,&nbsp;Atif Mashkoor ,&nbsp;Michael Leuschel ,&nbsp;Alexander Egyed","doi":"10.1016/j.jlamp.2024.100943","DOIUrl":"10.1016/j.jlamp.2024.100943","url":null,"abstract":"<div><p>Refinement guarantees that the concrete version of a model does not violate the constraints introduced at the abstract level. The peculiarity of refinement, however, is that we have no guarantee about the preservation of the behavior of the model. For example, a trace (a set of desirable states and transitions) created on the abstract model may not replay on the concrete model. Its manual recreation, usually via animation, is necessary to run the trace, as the model may have changed significantly during refinement. However, this is a labor-intensive and error-prone task. To this end, this article presents an automatic trace refining technique and tool called <em>BERT</em> (<u>B</u> and <u>E</u>vent-B Trace <u>R</u>efinement <u>T</u>echnique) that allows modelers to ensure the behavioral integrity of high-level traces at the concrete level. The cost- and time-effectiveness of BERT are shown in industrial-strength case studies from the automotive and aviation domains.</p></div>","PeriodicalId":48797,"journal":{"name":"Journal of Logical and Algebraic Methods in Programming","volume":"137 ","pages":"Article 100943"},"PeriodicalIF":0.9,"publicationDate":"2024-01-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2352220824000014/pdfft?md5=014ec80e27c6d35f0f8d4a7e25c9564e&pid=1-s2.0-S2352220824000014-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139375928","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Protocol choice and iteration for the free cornering","authors":"Chad Nester ,&nbsp;Niels Voorneveld","doi":"10.1016/j.jlamp.2023.100942","DOIUrl":"10.1016/j.jlamp.2023.100942","url":null,"abstract":"<div><p>We extend the free cornering of a symmetric monoidal category, a double categorical model of concurrent interaction, to support branching communication protocols and iterated communication protocols. We validate our constructions by showing that they inherit significant categorical structure from the free cornering, including that they form monoidal double categories. We also establish some elementary properties of the novel structure they contain. Further, we give a model of the free cornering in terms of strong functors and strong natural transformations, inspired by the literature on computational effects.</p></div>","PeriodicalId":48797,"journal":{"name":"Journal of Logical and Algebraic Methods in Programming","volume":"137 ","pages":"Article 100942"},"PeriodicalIF":0.9,"publicationDate":"2023-12-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139068328","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Bridging formal methods and machine learning with model checking and global optimisation","authors":"Saddek Bensalem ,&nbsp;Xiaowei Huang ,&nbsp;Wenjie Ruan ,&nbsp;Qiyi Tang ,&nbsp;Changshun Wu ,&nbsp;Xingyu Zhao","doi":"10.1016/j.jlamp.2023.100941","DOIUrl":"10.1016/j.jlamp.2023.100941","url":null,"abstract":"<div><p>Formal methods and machine learning are two research fields with drastically different foundations and philosophies. Formal methods utilise mathematically rigorous techniques for software and hardware systems' specification, development and verification. Machine learning focuses on pragmatic approaches to gradually improve a parameterised model by observing a training data set. While historically, the two fields lack communication, this trend has changed in the past few years with an outburst of research interest in the robustness verification of neural networks. This paper will briefly review these works, and focus on the urgent need for broader and more in-depth communication between the two fields, with the ultimate goal of developing learning-enabled systems with excellent performance and acceptable safety and security. We present a specification language, MLS², and show that it can express a set of known safety and security properties, including generalisation, uncertainty, robustness, data poisoning, backdoor, model stealing, membership inference, model inversion, interpretability, and fairness. To verify MLS² properties, we promote the global optimisation-based methods, which have provable guarantees on the convergence to the optimal solution. Many of them have theoretical bounds on the gap between current solutions and the optimal solution.</p></div>","PeriodicalId":48797,"journal":{"name":"Journal of Logical and Algebraic Methods in Programming","volume":"137 ","pages":"Article 100941"},"PeriodicalIF":0.9,"publicationDate":"2023-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2352220823000950/pdfft?md5=524bb8cc97eab39538606c56c0fd3849&pid=1-s2.0-S2352220823000950-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139068888","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Formally verified animation for RoboChart using interaction trees","authors":"Kangfeng Ye,&nbsp;Simon Foster,&nbsp;Jim Woodcock","doi":"10.1016/j.jlamp.2023.100940","DOIUrl":"10.1016/j.jlamp.2023.100940","url":null,"abstract":"<div><p>RoboChart is a core notation in the RoboStar framework. It is a timed and probabilistic domain-specific and state machine-based language for robotics. RoboChart supports shared variables and communication across entities in its component model. It has formal denotational semantics given in CSP. The semantic technique of Interaction Trees (ITrees) represents behaviours of reactive and concurrent programs interacting with their environments. Recent mechanisation of ITrees, ITree-based CSP semantics and a Z mathematical toolkit in Isabelle/HOL bring new applications of verification and animation for state-rich process languages, such as RoboChart. In this paper, we use ITrees to give RoboChart novel operational semantics, implement it in Isabelle, and use Isabelle's code generator to generate verified and executable animations. We illustrate our approach using an autonomous chemical detector and patrol robot models, exhibiting nondeterminism and using shared variables. With animation, we show two concrete scenarios for the chemical detector when the robot encounters different environmental inputs and three for the patrol robot when its calibrated position is in other corridor sections. We also verify that the animated scenarios are trace refinements of the CSP denotational semantics of the RoboChart models using FDR, a refinement model checker for CSP. This ensures that our approach to resolve nondeterminism using CSP operators with priority is sound and correct.</p></div>","PeriodicalId":48797,"journal":{"name":"Journal of Logical and Algebraic Methods in Programming","volume":"137 ","pages":"Article 100940"},"PeriodicalIF":0.9,"publicationDate":"2023-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2352220823000949/pdfft?md5=5312a452edca31ae541827e9147a0d84&pid=1-s2.0-S2352220823000949-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"139067982","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"On proving that an unsafe controller is not proven safe","authors":"Yuvaraj Selvaraj ,&nbsp;Jonas Krook ,&nbsp;Wolfgang Ahrendt ,&nbsp;Martin Fabian","doi":"10.1016/j.jlamp.2023.100939","DOIUrl":"10.1016/j.jlamp.2023.100939","url":null,"abstract":"<div><p>Cyber-physical systems are often safety-critical and their correctness is crucial, such as in the case of automated driving. Using formal mathematical methods is one way to guarantee correctness and improve safety. Although these methods have shown their usefulness, care must be taken because modelling errors might result in proving a faulty controller safe, which is potentially catastrophic in practice. This paper deals with two such modelling errors in <em>differential dynamic logic</em>, a formal specification and verification language for <em>hybrid systems</em>, which are mathematical models of cyber-physical systems. The main contributions are to provide conditions under which these two modelling errors cannot cause a faulty controller to be proven safe, and to show how these conditions can be proven with help of the interactive theorem prover KeYmaera X. The problems are illustrated with a real world example of a safety controller for automated driving, and it is shown that the formulated conditions have the intended effect both for a faulty and a correct controller. It is also shown how the formulated conditions aid in finding a <em>loop invariant</em> candidate to prove properties of hybrid systems with feedback loops. Furthermore, the relation between such a loop invariant and the characterisation of the <em>maximal control invariant set</em> is discussed.</p></div>","PeriodicalId":48797,"journal":{"name":"Journal of Logical and Algebraic Methods in Programming","volume":"137 ","pages":"Article 100939"},"PeriodicalIF":0.9,"publicationDate":"2023-12-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2352220823000937/pdfft?md5=a0255d67f0ba6855c0bca13111b7ef6d&pid=1-s2.0-S2352220823000937-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138816599","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Bounded model checking for interval probabilistic timed graph transformation systems against properties of probabilistic metric temporal graph logic","authors":"Sven Schneider,&nbsp;Maria Maximova,&nbsp;Holger Giese","doi":"10.1016/j.jlamp.2023.100938","DOIUrl":"10.1016/j.jlamp.2023.100938","url":null,"abstract":"<div><p>Cyber-physical systems often encompass complex concurrent behavior with timing constraints and probabilistic failures on demand. The analysis whether such systems with probabilistic timed behavior adhere to a given specification is essential. The formalism of Interval Probabilistic Timed Graph Transformation Systems (IPTGTSs) is often a suitable choice to model cyber-physical systems because <em>(a)</em> its rule-based approach to graph transformation can capture a wide range of system's structure dynamics when the states of the system can be represented by graphs while <em>(b)</em><span> it employs interval specifications for probabilistic behavior as well as lower and upper bounds on delays of steps to support systems where precise probabilities and delays are not known or may change during the runtime of the system. Probabilistic Metric Temporal Graph Logic (PMTGL) has been introduced as a powerful specification language to express worst-case/best-case probabilistic timed requirements such as actor-based soft deadlines using </span><em>(a)</em> path properties relying on its Metric Temporal Graph Logic fragment to track individual graph elements and <em>(b)</em><span> an operator inherited from Probabilistic Timed Computation Tree Logic to express worst-case/best-case probabilistic requirements identifying worst-case/best-case resolutions of non-determinism. Bounded Model Checking (BMC) support for Probabilistic Timed Graph Transformation Systems (PTGTSs) w.r.t. properties specified using PMTGL has been already presented. However, for IPTGTSs no analysis support w.r.t. PMTGL properties has been developed for stating metric temporal properties on identified subgraphs and their structural changes over time.</span></p><p>In this paper, we adapt the BMC approach developed for PTGTSs to the case of IPTGTSs extending modeling and analysis support to the usage of probability intervals more appropriately covering cyber-physical systems where probabilistic effects cannot be specified precisely and need to be approximated instead. In our evaluation, we apply an implementation of our BMC approach in <span>AutoGraph</span> to a novel running example demonstrating the effect of using probability intervals instead of precise probability values.</p></div>","PeriodicalId":48797,"journal":{"name":"Journal of Logical and Algebraic Methods in Programming","volume":"137 ","pages":"Article 100938"},"PeriodicalIF":0.9,"publicationDate":"2023-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"138512609","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

{"title":"Back to the format: A survey on SOS for probabilistic processes","authors":"Valentina Castiglioni ,&nbsp;Ruggero Lanotte ,&nbsp;Simone Tini","doi":"10.1016/j.jlamp.2023.100929","DOIUrl":"10.1016/j.jlamp.2023.100929","url":null,"abstract":"<div><p>In probabilistic process algebras the classic qualitative description of process behaviour is enriched with quantitative information on it, usually modelled in terms of probabilistic weights and/or distributions over the qualitative behaviour. In this setting, we use behavioural equivalences to check whether two processes show exactly the same behaviour, and, if this is not the case, we can use behavioural metrics to measure the distance between them. Compositional reasoning requires that equivalence, or closeness, of behaviour of two processes are not destroyed when language operators are applied on top of them in order to build larger processes. Formally, the equivalence must be a congruence, and the metric must be uniformly continuous, with respect to language operators. Instead of verifying these compositional properties by hand, operator-by-operator, it is much more convenient to prove them for a class of operators once for all, and to check that the operators one is dealing with are in that class. This is achieved by means of SOS specification formats: they consist in a set of syntactical constraints characterising a class of operators on the patterns of SOS rules, that define the operational semantics of languages. With this survey, we aim to collect and describe the specification formats that have been proposed in the literature to guarantee the compositional properties of (variants of) bisimulation equivalences and bisimulation metrics in the probabilistic setting.</p></div>","PeriodicalId":48797,"journal":{"name":"Journal of Logical and Algebraic Methods in Programming","volume":"137 ","pages":"Article 100929"},"PeriodicalIF":0.9,"publicationDate":"2023-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S2352220823000834/pdfft?md5=ce48feb3ed771dee50dbe8f80129e90b&pid=1-s2.0-S2352220823000834-main.pdf","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135715196","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}