formal methods for interactive systems
play

Formal Methods for Interactive Systems Part 8 Cognitive - PowerPoint PPT Presentation

Sep 16, 2023 •48 likes •1.42k views

Formal Methods for Interactive Systems Part 8 Cognitive Architectures Antonio Cerone United Nations University International Institute for Software Technology Macau SAR China email: antonio@iist.unu.edu web: www.iist.unu.edu A. Cerone,

  1. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Knowledge Role • goal formulation • operation selection • operation application • goal completion A. Cerone, UNU-IIST – p.9/46

  2. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Knowledge Role • goal formulation • operation selection • operation application • goal completion Steps are triggered by knowledge availability A. Cerone, UNU-IIST – p.9/46

  3. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Knowledge Role • goal formulation • operation selection • operation application • goal completion Steps are triggered by knowledge availability knowledge availability = ⇒ recursion: new space problem invoked with goal = find needed knowledge A. Cerone, UNU-IIST – p.9/46

  4. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs SOAR Executable Cognitive Architecture developped by Allen Newell, John Laird and Paul Rosembloom in 1983 [Newell et a. 87] Used by the University of Michigan http://sitemaker.umich.edu/soar/ A. Cerone, UNU-IIST – p.10/46

  5. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs PUM Programmable User Models Psychologically Constrained Architecture which an interface designer is invited to program to simulate a user performing a range of tasks with a proposed interface [Young et a. 89] A. Cerone, UNU-IIST – p.11/46

  6. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs PUM Philosophy The interface designer • must program the PUM respecting the constraints = ⇒ driven interface design = ⇒ explicit “user program” A. Cerone, UNU-IIST – p.12/46

  7. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs PUM Philosophy The interface designer • must program the PUM respecting the constraints = ⇒ driven interface design = ⇒ explicit “user program” • run the model ( = ⇒ “user program” is executable) to make predictions = ⇒ show source of predictions and strategy options A. Cerone, UNU-IIST – p.12/46

  8. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs PUM Purposes • Outcome: predictive evaluation to tell the designer usability of a proposed design before it is actually built A. Cerone, UNU-IIST – p.13/46

  9. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs PUM Purposes • Outcome: predictive evaluation to tell the designer usability of a proposed design before it is actually built • Benefits for the designer: • to draw the designer attention to issues of usability • to provide a way of reasoning about usability A. Cerone, UNU-IIST – p.13/46

  10. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs PUMA: PUM Applications Research Project aim to • Bring the PUM metodology into industrial design • Using formal methods to effectively implement PUM PUMA Research Group Website: http://www.cs.mdx.ac.uk/puma/ A. Cerone, UNU-IIST – p.14/46

  11. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Detecting User Errors Work by Curzon and Blandford [Curzon et al. 01]: • PUM defined in the HOL Theorem Prover = ⇒ Generic User Model described by sets of non-deterministic rules A. Cerone, UNU-IIST – p.15/46

  12. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Detecting User Errors Work by Curzon and Blandford [Curzon et al. 01]: • PUM defined in the HOL Theorem Prover = ⇒ Generic User Model described by sets of non-deterministic rules • Programming performed using SML = ⇒ target the Generic User Model to a particular design A. Cerone, UNU-IIST – p.15/46

  13. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Detecting User Errors Work by Curzon and Blandford [Curzon et al. 01]: • PUM defined in the HOL Theorem Prover = ⇒ Generic User Model described by sets of non-deterministic rules • Programming performed using SML = ⇒ target the Generic User Model to a particular design • Automated Correctness Proof A. Cerone, UNU-IIST – p.15/46

  14. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Detecting User Errors Work by Curzon and Blandford [Curzon et al. 01]: • PUM defined in the HOL Theorem Prover = ⇒ Generic User Model described by sets of non-deterministic rules • Programming performed using SML = ⇒ target the Generic User Model to a particular design • Automated Correctness Proof • Informal reasoning to detect errors A. Cerone, UNU-IIST – p.15/46

  15. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving Well-Formed Formulae A. Cerone, UNU-IIST – p.16/46

  16. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving false ❍ ❨ ❍ ❍ Well-Formed Formulae ✟ ✟ ✟ ✙ true A. Cerone, UNU-IIST – p.16/46

  17. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving false ✟ ❍ ❨ ✟ ❍ ✙ ✟ ❍ Class of Models Well-Formed Formulae ❍ ❨ ✟ ❍ ✟ ❍ ✙ ✟ true A. Cerone, UNU-IIST – p.16/46

  18. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving false ✟ ❍ ❨ ✟ ❍ ✙ ✟ ❍ Class of Models Well-Formed Formulae ❍ ❨ ✟ ❍ ✟ ❍ ✙ ✟ true ∈ System Model A. Cerone, UNU-IIST – p.16/46

  19. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving false ✟ ❨ ❍ ✟ ❍ ✙ ✟ ❍ Class of Models Well-Formed Formulae ❍ ❨ ✟ ❍ ✟ ❍ ✟ ✙ true ⊆ ∈ System Model Properties A. Cerone, UNU-IIST – p.16/46

  20. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving false ✟ ❍ ❨ ✟ ❍ ✙ ✟ ❍ Class of Models Well-Formed Formulae ❨ ❍ ✟ ❍ ✟ ❍ ✙ ✟ true ⊆ ∈ ✂ ✂ System Model Properties ✂ ✂ ✂ ✛ ✂ ✂ Axioms A. Cerone, UNU-IIST – p.16/46

  21. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving false ✟ ❍ ❨ ✟ ❍ ✙ ✟ ❍ Class of Models Well-Formed Formulae ❨ ❍ ✟ ❍ ✟ ❍ ✟ ✙ true ⊆ ∈ ✂ ✂ System Model Properties ✂ ✂ ✂ ✛ ✂ ✂ Axioms ✲ Inference Rules A. Cerone, UNU-IIST – p.16/46

  22. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving false ✟ ❍ ❨ ✟ ❍ ✙ ✟ ❍ Class of Models Well-Formed Formulae ❍ ❨ ✟ ❍ ✟ ❍ ✟ ✙ true ⊆ ∈ ✂ ✂ System Model Properties ✂ ✂ ✂ ✛ ✂ ✂ Axioms Theorems ✻ ✲ Inference Rules A. Cerone, UNU-IIST – p.16/46

  23. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving false ✟ ❍ ❨ ✟ ❍ ✙ ✟ ❍ Class of Models Well-Formed Formulae ❍ ❨ ✟ ❍ ✟ ❍ ✙ ✟ true ⊆ ∈ ✂ ✂ System Model Properties ✂ ✂ ✂ ✛ ✂ ✂ Axioms Theorems ✻ ❄ ✲ Inference Rules A. Cerone, UNU-IIST – p.16/46

  24. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving false ✟ ❍ ❨ ✟ ❍ ✙ ✟ ❍ Class of Models Well-Formed Formulae ❨ ❍ ✟ ❍ ✟ ❍ ✟ ✙ true ⊆ ∈ ✂ ✂ System Model Properties ✂ ✂ ⊆ ✂ ✛ ✂ ✂ Axioms Theorems ✻ ❄ ✲ Inference Rules A. Cerone, UNU-IIST – p.16/46

  25. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving: Pros & Cons • Advantages A. Cerone, UNU-IIST – p.17/46

  26. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving: Pros & Cons • Advantages • Maximum Modelling Expressivity A. Cerone, UNU-IIST – p.17/46

  27. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving: Pros & Cons • Advantages • Maximum Modelling Expressivity • Infinite State Systems A. Cerone, UNU-IIST – p.17/46

  28. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving: Pros & Cons • Advantages • Maximum Modelling Expressivity • Infinite State Systems • Complex data structure A. Cerone, UNU-IIST – p.17/46

  29. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving: Pros & Cons • Advantages • Maximum Modelling Expressivity • Infinite State Systems • Complex data structure • Disadvantages A. Cerone, UNU-IIST – p.17/46

  30. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving: Pros & Cons • Advantages • Maximum Modelling Expressivity • Infinite State Systems • Complex data structure • Disadvantages • Semidecidability A. Cerone, UNU-IIST – p.17/46

  31. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving: Pros & Cons • Advantages • Maximum Modelling Expressivity • Infinite State Systems • Complex data structure • Disadvantages • Semidecidability • Verification procedure not fully automated A. Cerone, UNU-IIST – p.17/46

  32. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving: Pros & Cons • Advantages • Maximum Modelling Expressivity • Infinite State Systems • Complex data structure • Disadvantages • Semidecidability • Verification procedure not fully automated • Tools difficult to use A. Cerone, UNU-IIST – p.17/46

  33. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving: Pros & Cons • Advantages • Maximum Modelling Expressivity • Infinite State Systems • Complex data structure • Disadvantages • Semidecidability • Verification procedure not fully automated • Tools difficult to use • No scalability A. Cerone, UNU-IIST – p.17/46

  34. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Theorem-proving: Pros & Cons • Advantages • Maximum Modelling Expressivity • Infinite State Systems • Complex data structure • Disadvantages • Semidecidability • Verification procedure not fully automated • Tools difficult to use • No scalability • Does not allow debugging A. Cerone, UNU-IIST – p.17/46

  35. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Model-Checking: Pros & Cons • Advantages A. Cerone, UNU-IIST – p.18/46

  36. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Model-Checking: Pros & Cons • Advantages • Decidability A. Cerone, UNU-IIST – p.18/46

  37. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Model-Checking: Pros & Cons • Advantages • Decidability • May be fully automated A. Cerone, UNU-IIST – p.18/46

  38. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Model-Checking: Pros & Cons • Advantages • Decidability • May be fully automated • Better usability tools A. Cerone, UNU-IIST – p.18/46

  39. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Model-Checking: Pros & Cons • Advantages • Decidability • May be fully automated • Better usability tools • Good scalability A. Cerone, UNU-IIST – p.18/46

  40. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Model-Checking: Pros & Cons • Advantages • Decidability • May be fully automated • Better usability tools • Good scalability • Allows debugging A. Cerone, UNU-IIST – p.18/46

  41. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Model-Checking: Pros & Cons • Advantages • Decidability • May be fully automated • Better usability tools • Good scalability • Allows debugging • Disadvantages A. Cerone, UNU-IIST – p.18/46

  42. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Model-Checking: Pros & Cons • Advantages • Decidability • May be fully automated • Better usability tools • Good scalability • Allows debugging • Disadvantages • Limited Expressivity A. Cerone, UNU-IIST – p.18/46

  43. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Model-Checking: Pros & Cons • Advantages • Decidability • May be fully automated • Better usability tools • Good scalability • Allows debugging • Disadvantages • Limited Expressivity • Finite State Systems A. Cerone, UNU-IIST – p.18/46

  44. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Model-Checking: Pros & Cons • Advantages • Decidability • May be fully automated • Better usability tools • Good scalability • Allows debugging • Disadvantages • Limited Expressivity • Finite State Systems • Limited data structure A. Cerone, UNU-IIST – p.18/46

  45. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Sets of Rules to describe • reactive behaviour: user reacts to a stimulus that clearly indicates that a particular action should be taken (independently of the goal) A. Cerone, UNU-IIST – p.19/46

  46. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Sets of Rules to describe • reactive behaviour: user reacts to a stimulus that clearly indicates that a particular action should be taken (independently of the goal) • communication goals: user knows a task-dependent mental list of information that must be communicated to the device A. Cerone, UNU-IIST – p.19/46

  47. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Sets of Rules to describe • reactive behaviour: user reacts to a stimulus that clearly indicates that a particular action should be taken (independently of the goal) • communication goals: user knows a task-dependent mental list of information that must be communicated to the device • completion: subsidiary tasks generated in achieving the goal A. Cerone, UNU-IIST – p.19/46

  48. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Sets of Rules to describe • reactive behaviour: user reacts to a stimulus that clearly indicates that a particular action should be taken (independently of the goal) • communication goals: user knows a task-dependent mental list of information that must be communicated to the device • completion: subsidiary tasks generated in achieving the goal • abort: no rational action is available A. Cerone, UNU-IIST – p.19/46

  49. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Sets of Rules to describe • reactive behaviour: user reacts to a stimulus that clearly indicates that a particular action should be taken (independently of the goal) • communication goals: user knows a task-dependent mental list of information that must be communicated to the device • completion: subsidiary tasks generated in achieving the goal • abort: no rational action is available nondeterministic rules = ⇒ rule disjunction A. Cerone, UNU-IIST – p.19/46

  50. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Reactive Behaviour ( stimulus t ) ∧ NEXT reaction t A. Cerone, UNU-IIST – p.20/46

  51. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Reactive Behaviour ( stimulus t ) ∧ NEXT reaction t NEXT does not require that the action is taken on the next cycle, but rather that it is taken before any other user action A. Cerone, UNU-IIST – p.20/46

  52. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Reactive Behaviour ( stimulus t ) ∧ NEXT reaction t To target the generic user model to a particular device, it is applied to a concrete list in SML [( stimulus 1 , reaction 1 ) ; ... ; ( stimulus n , reaction n )] A. Cerone, UNU-IIST – p.20/46

  53. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Reactive Behaviour ( stimulus t ) ∧ NEXT reaction t [( stimulus 1 , reaction 1 ) ; ... ; ( stimulus n , reaction n )] Example: [( light , push button ) ; ( wait msg , pause ) ; ( card msg , take card ) ; ( cash msg , take cash )] A. Cerone, UNU-IIST – p.20/46

  54. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Reactive Behaviour ( stimulus t ) ∧ NEXT reaction t ✓✏ ✓✏ stimulus ✲ ✲ ✒✑ ✒✑ ✻ ✚ ✙ action [( stimulus 1 , reaction 1 ) ; ... ; ( stimulus n , reaction n )] Example: [( light , push button ) ; ( wait msg , pause ) ; ( card msg , take card ) ; ( cash msg , take cash )] A. Cerone, UNU-IIST – p.20/46

  55. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Reactive Behaviour ( stimulus t ) ∧ NEXT reaction t ✓✏ ✓✏ stimulus ✲ ✲ R ✒✑ ✒✑ ✻ ✚ ✙ action R 1 = R / f 1 where f 1 ( stimulus ) = light f 1 ( reactions ) = push button [( stimulus 1 , reaction 1 ) ; ... ; ( stimulus n , reaction n )] Example: [( light , push button ) ; ( wait msg , pause ) ; ( card msg , take card ) ; ( cash msg , take cash )] A. Cerone, UNU-IIST – p.20/46

  56. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Communication Goals ∼ ( goalachieved t ) ∧ ( guard t ) ∧ NEXT action t A. Cerone, UNU-IIST – p.21/46

  57. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Communication Goals ∼ ( goalachieved t ) ∧ ( guard t ) ∧ NEXT action t Example: [( has card , insert card ) ; ( TRUE , insert pin )] A. Cerone, UNU-IIST – p.21/46

  58. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Communication Goals ∼ ( goalachieved t ) ∧ ( guard t ) ∧ NEXT action t Example: [( has card , insert card ) ; ( TRUE , insert pin )] Goal: HasGotCash A. Cerone, UNU-IIST – p.21/46

  59. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Communication Goals ∼ ( goalachieved t ) ∧ ( guard t ) ∧ NEXT action t Example: [( has card , insert card ) ; ( TRUE , insert pin )] Goal: HasGotCash ✓✏ ✓✏ ✓✏ ✓✏ notach cond action ✲ ✲ ✲ ✲ C ✒✑ ✒✑ ✒✑ ✒✑ A. Cerone, UNU-IIST – p.21/46

  60. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Communication Goals ∼ ( goalachieved t ) ∧ ( guard t ) ∧ NEXT action t Example: [( has card , insert card ) ; ( TRUE , insert pin )] Goal: HasGotCash ✓✏ ✓✏ ✓✏ ✓✏ notach cond action ✲ ✲ ✲ ✲ C ✒✑ ✒✑ ✒✑ ✒✑ ✞ ☎ notach ✓✏ ✓✏ ❄ goal ✲ ✲ G ✒✑ ✒✑ A. Cerone, UNU-IIST – p.21/46

  61. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Completion if ((( invariant t ) ∧ ( goalachieved t )) ∨ (( finished ( t − 1 )) then action finished t else — disjunction of nondeterministic rules — Invariant: VALUE possession t ≥ VALUE possession 1 ✓✏ ✓✏ ✓✏ ✓✏ notach cond action ✲ ✲ ✲ ✲ C ✒✑ ✒✑ ✒✑ ✒✑ ✞ ☎ notach ✓✏ ✓✏ ❄ goal ✲ ✲ G ✒✑ ✒✑ A. Cerone, UNU-IIST – p.22/46

  62. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Completion if ((( invariant t ) ∧ ( goalachieved t )) ∨ (( finished ( t − 1 )) then action finished t else — disjunction of nondeterministic rules — Invariant: VALUE possession t ≥ VALUE possession 1 ✓✏ ✓✏ ✓✏ ✓✏ notach cond action ✲ ✲ ✲ ✲ C ✒✑ ✒✑ ✒✑ ✒✑ ✞ ☎ notach ✓✏ ✓✏ ❄ goal ✲ ✲ G ✒✑ ✒✑ finished ✓✏ ❄ ✒✑ A. Cerone, UNU-IIST – p.22/46

  63. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Completion if ((( invariant t ) ∧ ( goalachieved t )) ∨ (( finished ( t − 1 )) then action finished t else — disjunction of nondeterministic rules — Invariant: VALUE possession t ≥ VALUE possession 1 ✓✏ ✓✏ ✓✏ ✓✏ notach cond action ✲ ✲ ✲ ✲ C ✒✑ ✒✑ ✒✑ ✒✑ ✞ ☎ ✞ ☎ notach invariant ✓✏ ✓✏ ✓✏ ✓✏ ❄ ❄ pert goal ✲ ✲ ✲ ✲ G I ✒✑ ✒✑ ✒✑ ✒✑ ✻ finished finished ✚ ✙ ✓✏ ✓✏ ❄ ❄ restore ✒✑ ✒✑ A. Cerone, UNU-IIST – p.22/46

  64. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Completion if ((( invariant t ) ∧ ( goalachieved t )) ∨ (( finished ( t − 1 )) then action finished t else — disjunction of nondeterministic rules — Invariant: VALUE possession t ≥ VALUE possession 1 ✓✏ ✓✏ ✓✏ ✓✏ notach cond action ✲ ✲ ✲ ✲ C ✒✑ ✒✑ ✒✑ ✒✑ ✞ ☎ ✞ ☎ notach invariant ✓✏ ✓✏ ✓✏ ✓✏ ❄ ❄ pert goal ✲ ✲ ✲ ✲ G I ✒✑ ✒✑ ✒✑ ✒✑ ✻ finished finished ✚ ✙ ✓✏ ✓✏ ❄ ✞ ✞ ❄ finished finished ✲ ✲ restore ✝ ✝ ✒✑ ✒✑ A. Cerone, UNU-IIST – p.22/46

  65. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs CSP Architecture ✓✏ ✓✏ ✓✏ ☎ stimulus ✲ ✲ ✲ ✆ finished R ✛ finished ✒✑ ✒✑ ✒✑ ✻ ✚ ✙ action ✞ ☎ finished ✓✏ ✓✏ ✓✏ ✓✏ ✓✏ ❄ notach cond action finished ✲ ✲ ✲ ✲ ✲ C ✒✑ ✒✑ ✒✑ ✒✑ ✒✑ ✞ ☎ ✞ ☎ notach invariant ✓✏ ✓✏ ✓✏ ✓✏ ❄ ❄ pert goal ✲ ✲ ✲ ✲ G I ✒✑ ✒✑ ✒✑ ✒✑ ✻ finished finished ✚ ✙ ✓✏ ✓✏ ❄ ✞ ✞ ❄ finished finished ✲ ✲ restore ✝ ✝ ✒✑ ✒✑ A. Cerone, UNU-IIST – p.23/46

  66. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs User Model HOL A. Cerone, UNU-IIST – p.24/46

  67. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs User Model HOL Rule disjunction A. Cerone, UNU-IIST – p.24/46

  68. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs User Model HOL Rule disjunction CSP A. Cerone, UNU-IIST – p.24/46

  69. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs User Model HOL Rule disjunction CSP U = R 1 � ... � R m � (( C 1 � G ) | [ { goal , finished } ] | ... ... | [ { goal , finished } ] | ( C n � G )) � I 1 � ... � I s A. Cerone, UNU-IIST – p.24/46

  70. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs User Model HOL Rule disjunction CSP U = R 1 � ... � R m � (( C 1 � G ) | [ { goal , finished } ] | ... ... | [ { goal , finished } ] | ( C n � G )) � I 1 � ... � I s What’s missing? A. Cerone, UNU-IIST – p.24/46

  71. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs EXERCISE How to guarantee that all reactive behaviours and communication goals are performed atomically within the user model? A. Cerone, UNU-IIST – p.25/46

  72. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Formal Verification HOL — Correctness Theorem A. Cerone, UNU-IIST – p.26/46

  73. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Formal Verification HOL — Correctness Theorem ⊢ ∀ state traces . initial state ∧ device specification ∧ user model ⊃ ∃ t . ( invariant t ) ∧ ( goalachieved t ) A. Cerone, UNU-IIST – p.26/46

  74. Models | Architectures | SOAR | PUM | PUMA | Theorem Proving | Model Checking | Rules | Exams | Refs Formal Verification HOL — Correctness Theorem ⊢ ∀ state traces . initial state ∧ device specification ∧ user model ⊃ ∃ t . ( invariant t ) ∧ ( goalachieved t ) CSP A. Cerone, UNU-IIST – p.26/46

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011,

Presentation for 4th International Workshop on Formal Methods for Interactive Systems: FMIS 2011, Limerick, Ireland, 21 June 2011 Formal Modeling and Analysis For Interactive Hybrid Systems Ellen J. Bass Systems and Information Engineering,

280 views • 26 slides
Formal Methods for Interactive Systems Part 10 Reverse Engineering with Matrix Algebra

Formal Methods for Interactive Systems Part 10 Reverse Engineering with Matrix Algebra

Formal Methods for Interactive Systems Part 10 Reverse Engineering with Matrix Algebra Antonio Cerone United Nations University International Institute for Software Technology Macau SAR China email: antonio@iist.unu.edu web:

1.36k views • 94 slides
Formal Methods for Interactive Systems Part 1 Motivations and History Antonio Cerone

Formal Methods for Interactive Systems Part 1 Motivations and History Antonio Cerone

Formal Methods for Interactive Systems Part 1 Motivations and History Antonio Cerone United Nations University International Institute for Software Technology Macau SAR China email: antonio@iist.unu.edu web: www.iist.unu.edu A. Cerone,

983 views • 77 slides
Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why

Formal Methods Michael Collins. 18-849, Section B Spring 1999 Formal Methods Why Formalisms? Relationships Flaws Some systems Conclusions Why Formal Methods? We already can build systems. Roman Engineers built

671 views • 12 slides
Interactive theorem proving, automated reasoning, and dynamical systems Jeremy Avigad

Interactive theorem proving, automated reasoning, and dynamical systems Jeremy Avigad

Interactive theorem proving, automated reasoning, and dynamical systems Jeremy Avigad Department of Philosophy and Department of Mathematical Sciences Carnegie Mellon University April 2016 Formal methods Formal methods = logic-based

459 views • 43 slides
Formal Methods for Interactive Systems Part 3 Task Analysis Antonio Cerone United Nations

Formal Methods for Interactive Systems Part 3 Task Analysis Antonio Cerone United Nations

Formal Methods for Interactive Systems Part 3 Task Analysis Antonio Cerone United Nations University International Institute for Software Technology Macau SAR China email: antonio@iist.unu.edu web: www.iist.unu.edu A. Cerone, UNU-IIST

1.24k views • 100 slides
Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical

Formal Methods and Cryptography Lecture 24 1 Formal Methods 2 Formal Methods Logical foundations of computer science 2 Formal Methods Logical foundations of computer science A language that machines can understand 2 Formal Methods

1.22k views • 121 slides
1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January

Preliminaries Hallmarks of a Formal Approach Formal Systems in Information Technology 1Initial Ideas on Formal Methods UIT2206: The Importance of Being Formal Martin Henz January 15, 2014 Generated on Wednesday 15 th January, 2014, 09:54

517 views • 49 slides
Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3.

Lecture Outline 1. The lecturer 2. Introduction to Formal Methods DD2452 Formal Methods 3. Course syllabus 4. Course objectives Introductory Lecture 5. Course organization 1. Lecturer 2. Formal Methods Name: Dilian Gurov Formal

56 views • 3 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

631 views • 33 slides
Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember

3BA31 Formal Methods 1 3BA31: Formal Methods Andrew Butterfield Foundations & Methods Group, Software Systems Laboratory Andrew.Butterfield@cs.tcd.ie Room F.13, OReilly Institute 3BA31 Formal Methods 2 Remember This? A Stock

1.75k views • 151 slides
Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations

Formal Methods and Cryptography Lecture 25 Formal Methods Formal Methods Logical foundations of computer science Formal Methods Logical foundations of computer science A language that machines can understand Formal Methods Logical

1.67k views • 123 slides
Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in

Where Are We? How to model systems CISC422/853: Formal Methods Theoretically : FSAs in Software Engineering: Practically : BIR, PROMELA How to express properties Computer-Aided Verification Assertions, invariants

196 views • 9 slides
Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems

Deductive Verification Of Hybrid Systems Lectures on Formal Methods for Cyber-Physical Systems SOKENDAI, 07/29/19 Jrmy Dubut National Institute of Informatics Japanese-French Laboratory of Informatics Objectives of this lecture

986 views • 84 slides
Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges

Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges

Formal Methods and Systems David Cock, ETH Zrich 18/01/16 Overview Correctness challenges in Barrelfish. System configuration using SAT. Tracing and online invariant checking. Better languages for Systems. 18 January 2016

359 views • 18 slides
Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Testing/Simulation Formal Analysis Real System Formal Model Partial coverage Complete coverage

Formal Methods Assurance for TTP John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I Formal Methods Assurance for TTP: 1 Formal Methods for Analysis and Assurance: The Idea Testing/Simulation Formal

200 views • 6 slides
On Stability theory for C 0 -Semigroups and applications Francis Flix Crdova Puma

On Stability theory for C 0 -Semigroups and applications Francis Flix Crdova Puma

C 0 -Semigroup Stability Theory Applications Stabilization Results - Ideas of demonstrations On Stability theory for C 0 -Semigroups and applications Francis Flix Crdova Puma Departamento de Cincias Exatas e Educao / UFSC 23 06

1.01k views • 83 slides
Big Data Architectures@ Facebook QCon London 2012 Ashish Thusoo Thursday, March 8, 12 Outline

Big Data Architectures@ Facebook QCon London 2012 Ashish Thusoo Thursday, March 8, 12 Outline

Big Data Architectures@ Facebook QCon London 2012 Ashish Thusoo Thursday, March 8, 12 Outline Big Data @ Facebook - Scope & Scale Evolution of Big Data Architectures @ FB Past, Present and Future Questions Thursday, March

572 views • 54 slides
ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks Yandong Li* 1 Lijun Li* 1 Liqiang Wang 1 Tong Zhang 2 Boqing Gong 3 *Equal Contribution 1 University of Central Florida 2 Hong

440 views • 11 slides
The Aspect-Oriented Design of the ++ Parser Framework Puma C/C Matthias Urban Daniel Lohmann

The Aspect-Oriented Design of the ++ Parser Framework Puma C/C Matthias Urban Daniel Lohmann

The Aspect-Oriented Design of the ++ Parser Framework Puma C/C Matthias Urban Daniel Lohmann Olaf Spinczyk pure systems GmbH Friedrich-Alexander University Technical University Magdeburg Erlangen-Nuremberg Dortmund 9th International

595 views • 56 slides
A Generic Framework for Interprocedural Analysis of Numerical Properties + Markus Mller-Olm

A Generic Framework for Interprocedural Analysis of Numerical Properties + Markus Mller-Olm

A Generic Framework for Interprocedural Analysis of Numerical Properties + Markus Mller-Olm Helmut Seidl + Mnster Mnchen PUMA Ringvorlesung, 2009 1 Outline: Background The framework for affine relations Grangers

1.53k views • 113 slides
CCDSC 2016 10/4/2016 Equivalent platforms for unmodified application c o r e Application

CCDSC 2016 10/4/2016 Equivalent platforms for unmodified application c o r e Application

Tiziano Passerini, Jaroslaw Slawinski, Umberto Villa, Sofia Guzzetti Alessandro Veneziani, Vaidy Sunderam Mathematics & Computer Science Emory University, Atlanta, USA CCDSC 2016 10/4/2016 Equivalent platforms for unmodified application c

447 views • 18 slides
AI and Predictive Analytics in Data-Center Environments Distributed Computing using Spark

AI and Predictive Analytics in Data-Center Environments Distributed Computing using Spark

AI and Predictive Analytics in Data-Center Environments Distributed Computing using Spark SparkML (Hands On) Josep Ll. Berral @BSC Intel Academic Education Mindshare Initiative for AI Hands-On: SparkML SparkML Training models

98 views • 5 slides
Vectors, Matrices, Rotations Why are we studying this? You want to put your hand on the cup

Vectors, Matrices, Rotations Why are we studying this? You want to put your hand on the cup

Vectors, Matrices, Rotations Why are we studying this? You want to put your hand on the cup Suppose your eyes tell you where the mug is and its orientation in the robot base frame (big assumption) In order to put your hand on the

425 views • 38 slides

More recommend