By Stig Andersen, Aalborg University

The five-day MOVEP Summer School 2022 (June 13-17) on modelling and verification of parallel processes had attracted 70+ participants, primarily PhD students, but also people from the industry.

With the lecture hall of the Department of Architecture, Design and Media Technology right at Aalborg’s harbour front as a great venue, they enjoyed a packed programme of talks and tutorials from 11 leading researchers on model checking, controller synthesis, software verification, temporal logics, real-time and hybrid systems, stochastic systems, security, run-time verification, etc.

An exciting field

One of the speakers was Christel Baier, Professor and Head of the chair for Algebraic and Logic Foundations of Computer Science at the Faculty of Computer Science of the Technische Universität Dresden, and together with Joost-Pieter Katoen, the author of a key publication in the field, Principles of Model Checking (MIT Press, 2008). She has been working within the broad field of verification and analysis techniques for stochastic operational models for more than twenty years.

– I really had not expected to work so long within this area, but as it often turns out in science, apparently simple problems are not at all simple and will require more research. So, if the students at this summer school would take the message that this is an exciting and very important field and choose to explore it further, I would be very happy. MOVEP is a very nice event, and being able to come to Denmark and not least being able to meet again after the Corona shutdown is really great, she says.

Application in different fields

Another speaker was Nir Piterman, Professor in the Department of Computer Science and Engineering, University of Gothenburg and Chalmers, and a prominent figure within formal verification and automata theory. He kicked off the summer school programme Monday morning with a tutorial on reactive synthesis, which is a technique for automatically generating correct-by-construction reactive systems from high-level descriptions.

 – In my tutorial, I tried to give the participants a taste of the so-called discrete two-player turn-based games technique, where you think about the environment as one player and the system as another player. The interaction is like a game between the two, and the system has to come up with a strategy to satisfy some goal, he explains.

Nir Piterman also sees an event like MOVEP as a very good opportunity for young researchers to be exposed to concepts and techniques that they would not necessarily be exposed to otherwise.

– It is my hope that the talks and tutorials at this event will fertilize their work and provide them with new ideas about how to apply these techniques in different fields. One possible usage of two-player games is synthesis, but the usage could be wider and potentially applied to other problems, he says.

Nir Piterman is currently the holder of an ERC consolidator grant to study the usage of reactive synthesis for multiple collaborating programs.

Explainability

In her tutorial, Christel Baier focused on explication, which refers to a mathematical concept that in some way sheds light on why a verification process has returned a given result.

– Explainability is important. We have to make systems more understandable to everyone – scientists, designers, users, etc. Today, everybody is an IT user, so this is not only relevant for computer scientists, she says.
According to Christel Baier, there is a higher purpose:

– Since systems make decisions, users should have the opportunity to understand why decisions were made. Moreover, users should be supported in making decisions by themselves and be given an understanding of the configuration of these systems and their possible effects. Again, it comes down to the question of cause and effect, which was a recurring theme of my tutorial.

The research on the results presented by Christel Baier at her tutorial has been carried out within and is motivated by the missions of the collaborative projects “Center for Perspicuous Computing (CPEC)” and “Centre for Tactile Internet with Human-in-the-Loop (CeTI)”.

Correct-by-construction

Research within modelling and verification of parallel processes may also explore the question: Could we automatically generate systems that perform exactly according to the specifications instead of checking afterwards that they do? Nir Piterman dealt with this topic in his tutorial.

– Techniques to automatically generate correct-by-construction reactive systems from high-level descriptions have been explored in academia for quite a number of years. It has proven to work in some domains, but it would not be realistic to set as an ambition to build one synthesizer that you feed a specification to and expect it to auto-generate safe and error-free systems for all possible programming domains, he says.

According to Nir Piterman, the most successful applications so far have been within robotics. However, this success makes us think about what is the meaning of correct-by-construction.

– What does “correct” really mean? If it means that the system does exactly what was described in the specification, what happens if the specification is flawed? So, the focus of the correctness problem might change: Rather than making sure that the system matches the specification, the task is to ensure that the specification is thorough enough and reflects what the designer had in mind.