Neeraj Kumar Singh

Proof-Based Approach to Hybrid Systems Development: Dynamic Logic and Event-B

The design of hybrid systems controllers requires one to handle both discrete and continuous functionalities in a single development framework. In this paper, we propose the design and verification of such controllers using a correct-by-construction approach. We use proof-based formal methods to model and verify the required safety properties of the given controllers. Both Event-B with Rodin, and hybrid programs and dynamic differential logic with KeYmaera are experimented on a common case study related to the modelling of a car controller. Finally, we discuss the lessons learnt from these experiments and draw the first steps towards a generic method for modelling hybrid systems in Event-B.

Handling Continuous Functions in Hybrid Systems Reconfigurations: A Formal Event-B Development

This paper presents a substitution mechanism for systems having a continuous behavior. It shall preserve the safety property stating that the output of both systems remain in a safety envelope. The whole approach is formalized using Event-B, and relies on the Rodin tools and a theory of Reals provided by the Rodin Theory Plug-in to check the internal consistency with respect to safety properties, invariants and events.

Correct-by-Construction Evolution of Realisable Conversation Protocols

Distributed software systems are often built by composing independent and autonomous peers with cross-organisational interaction and no centralised control. These peers can be administrated and executed by geographically distributed and autonomous companies. In a top-down design of distributed software systems, the peers’ interaction is often described by a global specification called Conversation Protocol (CP) and one have to check its realisability i.e., whether there exists a set of peers implementing this CP. In dynamic environments, CP needs to be updated wrt. new environment changes and end-user interaction requirements. This paper tackles CP evolution such that its realisability must be preserved. We define some evolution patterns and prove that they ensure the realisability. We also show how our proposal can be supported by existing methods and tools based on refinement and theorem proving, using the event-B langage and RODIN development tools.

A System Substitution Mechanism for Hybrid Systems in Event-B

Changes like failure or loss of QoS are key aspects of hybrid systems that must be handled during their design. Preserving the system state is a common requirement that can be ensured by reconfiguration relying on system substitution. The specification and design of these systems usually rely on continuous functions whereas their implementation is discrete. Moreover, the associated safety properties are characterized by a safety envelope defining safe system states. This paper presents a novel approach for formalizing the system substitution mechanism for hybrid systems, in which the system substitution maintains a safety envelope of the given hybrid system during system failure or switching from one supporting system to another. Proving the correctness of the discrete implementation of the defined reconfiguration mechanism for hybrid systems is a challenging problem. In this purpose, we propose to combine system substitution and incremental system modeling to ensure correct discretization. We rely on the Event-B method and the Rodin Platform with the Theory plug-in to develop the system models and carry out the proofs on dense real numbers.

Stepwise Formal Modeling and Verification of Self-Adaptive Systems with Event-B. The Automatic Rover Protection Case Study

For a long time, formal methods have been effectively applied to design and develop safety-critical systems to ensure safety and the correctness of desired functional behaviors through formal reasoning. The development of high confidence self-adaptive autonomous systems, such as Automatic Rover Protection(ARP), is one of the challenging problems in the area of verified software that needs formal reasoning and proof-based development. In this paper, we propose a methodology that reveals the issues involved in the formal modeling and verification of self-adaptive autonomous systems using correct by construction approach. This work also provides a set of guidelines for tacking the different issues to avoid collision by preserving the local and global properties of an autonomous system. We cater for the specification of functional requirements, timing requirements, spatial and temporal behavior, and safety properties. We present a refinement strategy, modeling patterns to capture the essence of a self-adaptive autonomous system, and a substantial example based approach on an industrial case study: TwIRTee. For developing the formal models of autonomous system, we use the Event-B modeling language and associated Rodin tools to check and verify the correctness of required system behavior and internal consistency under the given safety properties.

Stateflow to Tabular Expressions

Stateflow is a visual tool that is used extensively in industry for designing the reactive behaviour of embedded systems. Stateflow relies on techniques like simulation to aid the user in finding flaws in the model. However, simulation is inadequate as a means of detecting inconsistencies and incompleteness in the model. Tabular Expressions (function tables) have been used successfully in software development for more than thirty years. Tabular expressions are also visual representations of functions, but include the important properties of completeness and disjointness. In other words, a tabular expression is well-formed only when the input domain is covered completely (completeness), and when there is no ambiguity in the behaviour described by the tabular expression (disjointness). The goal of our work is to use the completeness and disjointness properties of well-formed tabular expressions to aid us in establishing those properties in Stateflow models. From the Stateflow models, we generate a new kind of tabular expression that includes extended output options. We use the informal Stateflow semantics from MathWorks documentation as the basis for generating our tabular expressions. The generated tabular expressions are then used to guarantee completeness and disjointness. We provide a transformation algorithm that we plan to implement in a tool to automatically generate tabular expressions from Stateflow models.

Hybrid Systems and Event-B: A Formal Approach to Signalised Left-Turn Assist

Hybrid systems represent a major part of nowadays’s technology. They are present under many forms and in many safety-critical applications. Hence, the question of guaranteeing such systems’ behaviour is a key issue that must be addressed.

On the Importance of Explicit Domain Modelling in Refinement-Based Modelling Design. Experiments with Event-B

Although several authors like Zave and Jackson [11, 17], Bjorner [5], Van Lamsweerde [13] have drawn the attention of system designers on the necessity to handle domain knowledge, while designing systems, it is still a major concern nowadays.

Use of Tabular Expressions for Refinement Automation

We aim to develop sound and effective techniques to automate formal modelling and refinement from tabular expressions using a correct-by-construction approach. In this work, we present a refinement strategy to generate formal models from tabular expressions, as they can be used in the Event-B modelling paradigm. The proposed refinement strategy permits us to develop an abstract model using tabular expressions and a series of Event-B models using refinement from the set of tabular expressions. Further the proofs associated with the refinement strategy used to generate the model are examined through the Rodin tools. Our work is an important step towards eliciting patterns of automatic refinement for Event-B models from tabular expressions and to meet the properties of completeness and disjointness in a rigorous manner. To assess the effectiveness of our proposed approach, we use a medical device case study: the Insulin Infusion Pump (IIP).

Detection of hesitant dynamic postural control

Postural balance is often studied in order to understand the effect of sensory degradation with age. The aim of this study is to identify a hesitant step-up pattern that could be linked to an increasing risk of falling in the elderly. The methods used are autoregressive moving average (ARMA) (rate of changes or fluctuation) and the area of a curve under the slope of the Z-force signal (Z-Area) during stepping up. Dynamic balance is evaluated using a force plate for 10 control subjects, 10 elderly subjects and 10 rest home subjects under control (eyes open) conditions. Each subject is tested once per weekday for three weeks. Temporal and ground reaction force parameters are measured. Lower values of ARMA variance or rate of changes, and a higher value of Z-Area are indicative of a more hesitant step up. Control subjects have significantly higher values of ARMA than the rest-home dwelling elderly, thus providing a sensitive method for identifying the subtle changes in z-force signals associated with a hesitant step-up. Similarly, elderly subjects have significantly greater Z-Area values than the control subjects. The ARMA and Z-Area parameters enable the detection of a hesitant step-up that could be related to an increasing risk of falling.