Showing papers by "Paolo Traverso published in 1998"
Proceedings Article•
01 Jul 1998
TL;DR: This paper presents a practical algorithm for the automatic generation of solutions to planning problems in nondeterministic domains and exploits the compactness of OBDDS (Ordered Binary Decision Diagrams) to express in a practical way universal plans of extremely large size.
Abstract: Most real world environments are non-deterministic. Automatic plan formation in non-deterministic domains is, however, still an open problem. In this paper we present a practical algorithm for the automatic generation of solutions to planning problems in nondeterministic domains. Our approach has the followmg main features. First, the planner generates Universal Plans. Second, it generates plans which are guaranteed to achieve the goal in spite of non-determinism, if such plans exist. Otherwise, the planner generates plans which encode iterative trial-and-error strategies (e.g. try to pick up a block until succeed), which are guaranteed to achieve the goal under the assumption that if there is a non-deterministic possibility for the iteration to terminate, this will not be ignored forever. Third, the implementation of the planner is based on symbolic model checking techniques which have been designed to explore efficiently large state spaces. The implementation exploits the compactness of OBDDS (Ordered Binary Decision Diagrams) to express in a practical way universal plans of extremely large size.
119 citations
Proceedings Article•
06 Jul 1998
TL;DR: A notion of planning solution which is guaranteed to achieve the goal independently of non-determinism, a notion of plan including conditionals and iterations, and an automatic decision procedure for strong planning based on model checking techniques are defined.
Abstract: Most real world domains are non-deterministic: the state of the world can be incompletely known, the effect of actions can not be completely foreseen, and the environment can change in unpredictable ways. Automatic plan formation in non-deterministic domains is, however, still an open problem. In this paper we show how to do strong planning in non-deterministic domains, i.e. finding automatically plans which are guaranteed to achieve the goal regardless of non-determinism. We define a notion of planning solution which is guaranteed to achieve the goal independently of non-determinism, a notion of plan including conditionals and iterations, and an automatic decision procedure for strong planning based on model checking techniques. The procedure is correct, complete and returns optimal plans. The work has been implemented in MBP, a planner based on model checking techniques.
104 citations
TL;DR: This paper has assessed the possibility of introducing the novel technique in the development cycle with an advantageous costs/benefits relation and used model checking techniques to model and formally verify a rather complex software, i.e. part of the “safety logic” of a railway interlocking system.
Abstract: In this paper we describe an industrial application of formal methods We have used model checking techniques to model and formally verify a rather complex software, ie part of the “safety logic” of a railway interlocking system The formal model is structured to retain the reusability and scalability properties of the system being modelled Part of it is defined once for all at a low cost, and re-used The rest of the model can be mechanically generated from the designers' current specification language The model checker is “hidden” to the user, it runs as a powerful debugger Its performances are impressive: exhaustive analysis of quite complex configurations with respect to rather complex properties are run in the order of minutes The main reason for this achievement is essentially a carefully designed model, which exploits all the behaviour evolution constraints The re-usability/scalability of the model and the fact that formal verification is automatic and efficient are the key factors which open up the possibility of a real usage by designers at design time We have thus assessed the possibility of introducing the novel technique in the development cycle with an advantageous costs/benefits relation
62 citations
05 Oct 1998
TL;DR: This paper describes how a formal model of the Safety Logic has been develped in the language of the spin model checker and discusses how the automated verification of several significant process configurations was carried out without incurring into the state explosion problem.
Abstract: This paper describes an industrial application in formal verification. The analyzed system is the Safety Logic of an interlocking system for the control of railway stations developed by Ansaldo. The Safety Logic is a process-based software architecture, which can be configured to implement different functions and control stations of different topology.
The applied technique, model checking, allows for the representation of the analyzed system as a finite state machines. Specialized algorithms allow for the automatic and efficient verification of requirements by means of an exhaustive exploration of the state space.
In this paper we describe how a formal model of the Safety Logic has been develped in the language of the spin model checker. This model retains the configurability features of the Safety Logic. Furthermore, we discuss how the automated verification of several significant process configurations was carried out without incurring into the state explosion problem.
42 citations
05 Oct 1998
TL;DR: On-line and on-line logging-and-checking methodology, its application in the frame of an industrial project, and the ongoing logging- and-checking redesign of a state-of-the-art prover which the author intends to use in future applications are described.
Abstract: Safety-critical systems are often designed using development support tools which perform translations of high-level specifications into lower-level counterparts. The correctness of the translation is critical to the safety of the resulting systems. However, using non failure-safe components to implement translators is desirable because of the extremely high cost of certified components. In order to ensure the correct behavior of development tools, we adopt a solution based on the idea of verifying each of their executions. In order to perform the verification in an automatic and efficient way, we follow an innovative approach, by distinguishing an on-line and an on-line verification phases. Each proof in the two phases is guaranteed correct by designing the certifying tools according to a logging-and-checking architecture. We describe the on-line and on-line logging-and-checking methodology, its application in the frame of an industrial project, and the ongoing logging-and-checking redesign of a state-of-the-art prover which we intend to use in future applications.
3 citations
TL;DR: It is shown how a system for automated deduction can be given computational reflection, i.e., can affect its own computation mechanism, by using the very same machinery implementing logical deduction.
Abstract: In this article, we show how a system for automated deduction can be given computational reflection, i.e., can affect its own computation mechanism, by using the very same machinery implementing logical deduction. This feature, which we call computational reflection via mechanized logical deduction, provides both theoretical and practical advantages. First, the theorem prover can inspect, extend, and modify its own underlying theorem-proving strategies automatically. Second, mechanized logical deduction can be used to reason about the ways these strategies can be extended and modified and to prove correctness statements. This opens up the possibility of building systems that are able to perform correct and safe, reflective self-extension and self-modification.
1 citations