Model checkers and other finite-state verification tools allow developers to detect certain kinds of errors automatically. Nevertheless, the transition of this technology from research to practice has been slow. While there are a number of potential causes for reluctance to adopt such formal methods, we believe that a primary cause is that practitioners are unfamiliar with specification processes, notations, and strategies. In a recent paper, we proposed a pattern-based approach to the presentation, codification and reuse of property specifications for finite-state verification. Since then, we have carried out a survey of available specifications, collecting over 500 examples of property specifications. We found that most are instances of our proposed patterns. Furthermore, we have updated our pattern system to accommodate new patterns and variations of existing patterns encountered in this survey. This paper reports the results of the survey and the current status of our pattern system.

We develop a model for timed, reactive computation by extending the asynchronous, untimed concurrent constraint programming model in a simple and uniform way. In the spirit of process algebras, we develop some combinators expressible in this model, and reconcile their operational, logical and denotational character. We show how programs may be compiled into finite-state machines with loop-free computations at each state, thus guaranteeing bounded response time. 1 Introduction and Motivation Reactive systems [12,3,9] are those that react continuously with their environment at a rate controlled by the environment. Execution in a reactive system proceeds in bursts of activity. In each phase, the environment stimulates the system with an input, obtains a response in bounded time, and may then be inactive (with respect to the system) for an arbitrary period of time before initiating the next burst. Examples of reactive systems are controllers and signal-processing systems. The primary issu...

Synchronous programming (Berry (1989)) is a powerful approach to programming reactive systems. Following the idea that "processes are relations extended over time" (Abramsky (1993)), we propose a simple but powerful model for timed, determinate computation, extending the closure-operator model for untimed concurrent constraint programming (CCP). In (Saraswat et al. 1994a) we had proposed a model for this called tcc--- here we extend the model of tcc to express strong time-outs: if an event A does not happen through time t, cause event B to happen at time t. Such constructs arise naturally in practice (e.g. in modeling transistors) and are supported in synchronous programming languages. The fundamental conceptual difficulty posed by these operations is that they are nonmonotonic. We provide a compositional semantics to the non-monotonic version of concurrent constraint programming (Default cc) obtained by changing the underlying logic from intuitionistic logic to Reiter's default logic...

In the future, webs of unmanned air and space vehicles will act together to robustly perform elaborate missions in uncertain environments. We coordinate these systems by introducing a reactive model-based programming language (RMPL) that combines within a single unified representation the flexibility of embedded programming and reactive execution languages, and the deliberative reasoning power of temporal planners. The KIRK planning system takes as input a problem expressed as a RMPL program, and compiles it into a temporal plan network (TPN), similar to those used by temporal planners, but extended for symbolic constraints and decisions. This intermediate representation clarifies the relation between temporal planning and causal-link planning, and permits a single task model to be used for planning and execution. Such a

This paper explores Lhc expressive power of Lhc tcc paradigm. The origin of Lhc work in Lhc inLcgraLion of synchronous and consLrainL programming is described. The basic conceptual and maLhcmaLical framework developed in Lhc spirk of Lhc model-based approach characLcrisLic of LhcorcLical compuLcr science is reviewed. Wc show LhaL a range of consLrucLs for expressing LimcouLs, prccmpLion and oLhcr complicaLcd paLLcrns of Lcmporal acLivky arc expressible in the basic model and language-framework. Indeed, we present a single construct on processes, definable in the language, that can simulate the effect of other preemption constructs

) Vineet Gupta Radha Jagadeesan Prakash Panangaden y vgupta@mail.arc.nasa.gov radha@cs.luc.edu prakash@cs.mcgill.ca Caelum Research Corporation Dept. of Math. and Computer Sciences School of Computer Science NASA Ames Research Center Loyola University--Lake Shore Campus McGill University Moffett Field CA 94035, USA Chicago IL 60626, USA Montreal, Quebec, Canada Abstract This paper describes a stochastic concurrent constraint language for the description and programming of concurrent probabilistic systems. The language can be viewed both as a calculus for describing and reasoning about stochastic processes and as an executable language for simulating stochastic processes. In this language programs encode probability distributions over (potentially infinite) sets of objects. We illustrate the subtleties that arise from the interaction of constraints, random choice and recursion. We describe operational semantics of these programs (programs are run by sampling random choices), deno...

. We present a language, Hybrid cc, for modeling hybrid systems compositionally. This language is declarative, with programs being understood as logical formulas that place constraints upon the temporal evolution of a system. We show the expressiveness of our language by presenting several examples, including a model for the paperpath of a photocopier. We describe an interpreter for our language, and provide traces for some of the example programs. 1 Introduction and Motivation The constant marketplace demand of ever greater functionality at ever lower price is forcing the artifacts our industrial society designs to become ever more complex. Before the advent of silicon, this complexity would have been unmanageable. Now, the economics and power of digital computation make it the medium of choice for gluing together and controlling complex systems composed of electro-mechanical and computationally realized elements. As a result, the construction of the software to implement, monitor, c...

Deductive mode-estimation has become an essential component of robotic space systems, like NASA’s deep space probes. Future robots will serve as components of large robotic networks. Monitoring these networks will require modeling languages and estimators that handle the sophisticated behaviors of robotic components. This paper introduces RMPL, a rich modeling language that combines reactive programming constructs with probabilistic, constraint-based modeling, and that offers a simple semantics in terms of hidden Markov models (HMMs). To support efficient realtime deduction, we translate RMPL models into a compact encoding of HMMs called probabilistic hierarchical constraint automata (PHCA). Finally, we use these models to track a system’s most likely states by extending traditional HMM belief update. 1

Abstract Effective use of the memory hierarchy is critical for achievinghigh performance on embedded systems. We focus on the class of

We extend the model of [SJG94b] to express strong timeouts (and pre-emption): if an event A does not happen through time t, cause event B to happen at time t. Such constructs arise naturally in practice (e.g. in modeling transistors) and are supported in languages such as Esterel (through instantaneous watchdogs) and Lustre (through the "current" operator). The fundamental conceptual difficulty posed by these operators is that they are non-monotonic. We provide a simple compositional semantics to the non-monotonic version of concurrent constraint programming (CCP) obtained by changing the underlying logic from intuitionistic logic to Reiter 's default logic [Rei80]. This allows us to use the same construction (uniform extension through time) to develop Default Timed CCP (Default tcc) as we had used to develop Timed CCP (tcc) from CCP [SJG94b]. Indeed the smooth embedding of CCP processes into Default cc processes lifts to a smooth embedding of tcc processes into Default t...