基于线性时序逻辑的实时系统模型检查

模型检查是一种用于并发系统的性质验证的算法技术.LTLC(linear temporal logic with clocks)是一种连续时间时序逻辑,它是线性时序逻辑LTL的一种实时扩充.讨论实时系统关于LTLC公式的模型检查问题,将实时系统关于LTLC公式的模型检查化归为有穷状态转换系统关于LTL公式的模型检查,从而可以利用LTL的模型检查工具来对LTLC进行模型检查.由于LTLC既能表示实时系统的性质,又能表示实时系统的实现,这就使得时序逻辑LTLC的模型检查过程既能用于实时系统的性质验证,又能用于实时系统之间的一致性验证.     

带有时钟变量的线性时序逻辑与实时系统验证

为了描述实时系统的性质和行为,10多年来,各种不同的时序逻辑,如Timed Computation Tree Logic,Metric Interval Temporal Logic和Real-Time Temporal Logic等相继提出来.这些时序逻辑适于表示实时系统的性质和规范,但不适于表示实时系统的实现模型.这样,在基于时序逻辑的实时系统的研究中,系统的性质和实现通常是用两种不同的语言来表示的.定义了一个带有时钟变量的线性时序逻辑(linear temporal logic with clocks,简称LTLC).它是由Manna和Pnueli提出的线性时序逻辑在实时情况下的一个推广.LTLC既能表示实时系统的性质,又能很方便地表示实时系统的实现.它能在统一的语义框架中表示出从高级的需求规范到低级的实现模型之间的不同抽象层次上的系统描述,并且能用逻辑蕴涵来表示不同抽象层次的系统描述之间的语义一致性.LTLC的这个特点将有助于实时系统的性质验证和实时系统的逐步求精.     

用带时钟变量的线性时态逻辑扩充Object-Z*

Object-Z是形式规格说明语言Z的面向对象扩充,适合描述大型面向对象软件规格说明,但它不能很好地描述连续性实时变量和时间限制。线性时态逻辑能够描述实时系统,但不能很好地处理连续时间关系,也不能很好地模块化描述形式规格说明。首先用时钟变量扩充线性时态逻辑,接着提出了一个方法——用带时钟变量的时态逻辑(LTLC)来扩充Object-Z。用LTLC扩充的Object-Z是一个模块化规格说明语言,是Object-Z语法和语义的最小扩充,其最大优点在于它能方便地描述和验证复杂的实时软件规格说明。     

基于蕴涵树的冗余添加和删除技术

可替换线逻辑综合（如ＰＡＭＢＯ）是近年来兴起的一种方法,它采用测试向量自动生成（ＡＴＰＧ）方法来实现冗余添加和删除．但是,频繁调用逻辑蕴涵过程使得整个逻辑综合的速度较慢．因此,如何减少ＡＴＰＧ过程的调用次数便成为提高这类算法的速度之关键．该文提出一种逻辑蕴涵树来存储节点间的逻辑蕴涵关系,并设计了一个基于逻辑蕴涵树的可替换线源节点的挑选法．在此基础上形成一个快速的可替换线逻辑变换算法ＩＢＡＷ,实验结     

关于择优逻辑单调性的几个结果

本文在Ｓｈｏｈａｍ给出的择优模和择优蕴涵概念的基础上．进一步研究了择优逻辑的单调性．首先，讨论了择优逻辑的若干基本性质，并给出了单调性的一个充要条件；其次，证明了单调性与反证律等价，并给出了单调性的一个更为简洁的充要条件；最后，讨论了解释集合是归纳集时的单调性，证明了单调性与择优蕴涵的退化等价．这些结果，揭示了择优蕴涵、传统蕴涵、单调性、反证律之间的关系．     

一个统一的程序验证框架

本文提出了一个简单的方法，其中程序和其性质都由一个逻辑：时序逻辑中的公式表示．文中给出了一个程序的转换模块的定义，提出了时序执行语义的概念．它是一个时序公式，精确地说明了一个程序．将时序逻辑作为规范语言，程序正确性就意味着说明程序的公式蕴含说明性质的公式，其中蕴含即为一般的逻辑蕴含．因此，本文的方法为并发程序的规范及验证提供了一个统一的框架．它允许充分利用现有的用于证明并发系统时序性质的各种完全证明系统．一个缓冲系统的简单例子用来说明本文的方法．此例子表明本文的方法是可行的.     

基于描述逻辑的主体服务匹配

多主体系统中的服务匹配是智能主体和多主体系统等领域中的重要研究课题．描述逻辑是知识表示和推理的形式化工具，它提供了可判定的和可靠的推理服务．该文利用描述逻辑有效的推理功能，特别是它对概念包含关系的有效判断，把它与多主体系统的服务推理结合起来．充分利用描述逻辑具有清晰模型一理论语义和有效的概念分层推理服务等功能，该文提出了基于描述逻辑的主体服务匹配算法，详细研究了如何利用描述逻辑的理论和推理机制来实现自动的服务分层及服务匹配．并提出了五种服务匹配算法．这些方法都是基于语义的服务匹配，利用服务分层机制实现了有效和高效的多主体系统中的服务匹配，克服了基于语义距离进行服务匹配的不足．     

完备剩余格上的蕴涵闭包系统

在完备剩余格上引入了蕴涵闭包系统的概念,讨论了蕴涵闭包系统与闭包系统之间的关系。给出了蕴涵闭包系统的一些性质及其表示定理。进一步研究了蕴涵闭包算子和蕴涵闭包系统的关系。     

一种用于基于知识系统开发的形式化模型*

LKo是一个将面向对象和逻辑范型相结合，用于基于知识系统的形式化开发模型，其中逻辑对象是集状态、约束、行为、继承于一体的抽象实体．它支持框架、规则、语义网络、黑板等多种知识表示，因而可用来形式地描述基于知识系统的需求规范．在知识获取过程中通过对形式规范反复地修改、验证及确认而形成软件原型．     

用于反应系统的修改时序逻辑

本文提出了一个用于反应系统规范及验证的修改时序逻辑．它包含一个用于显示区分程序执行步同环境执行步的机制．环境的特性可以在系统开发时进行考虑．文中首先给出了程序的一个可复合计算模型──模块转换系统．基于此模型，给出了修改时序逻辑以及它的证明规则．本文提出的方法基于Manna－Pnueli的时序逻辑框架．经典的资源分配问题的例子用于说明此方法．最后给出了并行复合原理，它可以看成是Abadi和LamPort的关于复合假设／保证规范研究工作的具体应用．     

A logic of argumentation for specification and verification of abstract argumentation frameworks

In this paper, we propose a logic of argumentation for the specification and verification (LA4SV) of requirements on Dung??s abstract argumentation frameworks. We distinguish three kinds of decision problems for argumentation verification, called extension verification, framework verification, and specification verification respectively. For example, given a political requirement like ??if the argument to increase taxes is accepted, then the argument to increase services must be accepted too,?? we can either verify an extension of acceptable arguments, or all extensions of an argumentation framework, or all extensions of all argumentation frameworks satisfying a framework specification. We introduce the logic of argumentation verification to specify such requirements, and we represent the three verification problems of argumentation as model checking and theorem proving properties of the logic. Moreover, we recast the logic of argumentation verification in a modal framework, in order to express multiple extensions, and properties like transitivity and reflexivity of the attack relation. Finally, we introduce a logic of meta-argumentation where abstract argumentation is used to reason about abstract argumentation itself. We define the logic of meta-argumentation using the fibring methodology in such a way to represent attack relations not only among arguments but also among attacks. We show how to use this logic to verify the requirements of argumentation frameworks where higher-order attacks are allowed [A preliminary version of the logic of argumentation compliance was called the logic of abstract argumentation?(2005).]     

QRDChecker:一个QRDC模型检验工具

反应式系统通常是不终止的,其行为定义为系统状态的无限序列的集合.形式化验证时,检验需求一般使用时序逻辑给出.当使用诸如LTL(linear temporal logic)这样的逻辑时,由于这类逻辑的模型同样是无限序列,系统与需求之间的满足性关系可以简单定义为集合的包含关系.但是,当使用时段时序逻辑(interval temporal logic)作为说明逻辑时,由于逻辑模型的有限性,使得上面的满足关系不再适用.称这类有限序列集合表达的性质为有限性性质.对于不同的有限性性质,它们对应的满足性关系是有区别的.针对两类有限性定义了它们各自的满足性关系,并将这两种关系统一为一个更一般的满足性关系.在此基础上,提出模型检验这两类性质的算法,并将其实现为一个针对时段时序逻辑QRDC(quantified RDC (restricted duration calculus))的检验工具QRDChecker.QRDChecker可以检验QRDC公式在连续时间模型和离散时间模型下的有效性.在离散时间条件下,它还可以将QRDC公式转换成模型检验系统Spin能够接受的自动机的形式,从而可以检查反应式系统是否满足用QRDC公式表达的性质.     

Model Checking Temporal Aspects of Inconsistent Concurrent Systems Based on Paraconsistent Logic

Classical logic cannot be used to effectively reason about concurrent systems with inconsistencies (inconsistencies often occur, especially in the early stage of the development, when large and complex concurrent systems are developed). In this paper, we propose the use of a paraconsistent temporal logic (QCTL) for supporting the verification of temporal properties of such systems even where the consistent model is not available. We introduce a novel notion of paraKripke models, which grasps the paraconsistent character of the entailment relation of QCTL. Furthermore, we explore the methodology of model checking over QCTL, and describe the detailed algorithm of implementing QCTL model checker. In the sequel, a simple example is presented, showing how to exploit the proposed model checking technique to verify the temporal properties of inconsistent concurrent systems.     

一种新的Statechart模型验证方法

在传统的基于时序逻辑的模型检查框架下验证Statcchart模型面临三大挑战:全状态空间搜索、多次重复搜索和复杂时序逻辑公式难写。基于上述问题和实践工作,提出一种新的Statechart模型验证方法。该方法的中心是一种强化了的属性描述语言—属性状态图,并利用属性状态图中存在的先后关系和并发关系,把各个属性状态图有机地结合成一个树结构—属性树。属性树涵盖了目标系统要求验证的属性空间,因此可自上而下的验证整棵属性树。在验证过程中系统Statechart模型对应状态空间是逐步展开的,每验证部分属性就展开相应的部分状态空间并对其进行验证,验证过程是基于属性树转换并以step为单位,验证step的初始status和结束status是否满足对应属性树节点公式对其的属性约束,这样既能够迅速找出错误又能屏蔽step内部系统Statcchart模型的状态变化,使得验证过程更简单快捷。为了说明属性状态图和基于其的验证算法是实用和易用的,通过一个例子说明了从模型设计到具体验证整个过程。     

新型属性图文法反应式规约验证方法

属性图文法广泛应用在软件设计阶段建模和分析阶段。命题式时序逻辑（propositional temporal logic）无法直接表达建模实体包含随时间演化的关联属性反应式规约,提出一种可支持通用图文法转换系统中相应规约的验证方法,通过引入标记节点及属性,将包含相应关联属性的规约公式等价转换为命题式时序逻辑,从而可以间接支持该类型规约的验证。以流行的对象式属性图文法模型检测工具GROOVE为平台,结合启发案例,验证了所提出方法的有效性。     

Verification of reactive systems using temporal logic with clocks

This paper presents a framework for the specification and verification of timing properties of reactive systems using Temporal Logic with Clocks (TLC). Reactive systems usually contain a number of parallel processes, therefore, it is essential to study and analyse each process based on its own local time. TLC is a temporal logic extended with multiple clocks, and it is in particular suitable for the specification of reactive systems. In our framework, the behavior of a reactive system is described through a formal specification; its timing properties, including safety and liveness properties, are expressed by TLC formulas. We also propose several demonstration techniques, such as an application of local reasoning and deriving fixed-time rules from the proof system of TLC, for proving that a reactive system meets its temporal specification. Under the proposed framework, the timing properties of a reactive system can therefore be directly reasoned about from the formal specification of the system.     

Differential Dynamic Logic for Hybrid Systems

Hybrid systems are models for complex physical systems and are defined as dynamical systems with interacting discrete transitions and continuous evolutions along differential equations. With the goal of developing a theoretical and practical foundation for deductive verification of hybrid systems, we introduce a dynamic logic for hybrid programs, which is a program notation for hybrid systems. As a verification technique that is suitable for automation, we introduce a free variable proof calculus with a novel combination of real-valued free variables and Skolemisation for lifting quantifier elimination for real arithmetic to dynamic logic. The calculus is compositional, i.e., it reduces properties of hybrid programs to properties of their parts. Our main result proves that this calculus axiomatises the transition behaviour of hybrid systems completely relative to differential equations. In a case study with cooperating traffic agents of the European Train Control System, we further show that our calculus is well-suited for verifying realistic hybrid systems with parametric system dynamics.     

How to model and prove hybrid systems with KeYmaera: a tutorial on safety

This paper is a tutorial on how to model hybrid systems as hybrid programs in differential dynamic logic and how to prove complex properties about these complex hybrid systems in KeYmaera, an automatic and interactive formal verification tool for hybrid systems. Hybrid systems can model highly nontrivial controllers of physical plants, whose behaviors are often safety critical such as trains, cars, airplanes, or medical devices. Formal methods can help design systems that work correctly. This paper illustrates how KeYmaera can be used to systematically model, validate, and verify hybrid systems. We develop tutorial examples that illustrate challenges arising in many real-world systems. In the context of this tutorial, we identify the impact that modeling decisions have on the suitability of the model for verification purposes. We show how the interactive features of KeYmaera can help users understand their system designs better and prove complex properties for which the automatic prover of KeYmaera still takes an impractical amount of time. We hope this paper is a helpful resource for designers of embedded and cyber–physical systems and that it illustrates how to master common practical challenges in hybrid systems verification.