Clare Dixon

• University of Liverpool

We introduce a variant of a formalism appearing in recent work geared towards modelling systems in which a distinguished entity (leader) orchestrates the operation of an arbitrary number of identical entities (followers). Our variant is better suited for the verification of system properties involving complex arithmetic conditions. Whereas the orig...

We present deterministic model construction algorithms for sets of modal clauses saturated with respect to three refinements of the modal-layered resolution calculus implemented in the prover "Image missing" . The model construction algorithms are inspired by the Bachmair-Ganzinger method for constructing a model for a set of ground first-order cla...

In this paper we present an extension of Belief-Desire-Intention agents which can adapt their performance in response to changes in their environment. We consider situations in which the agent’s actions no longer perform as anticipated. Our agents maintain explicit descriptions of the expected behaviour of their actions, are able to track action pe...

The need for AI systems to explain themselves is increasingly recognised as a priority, particularly in domains where incorrect decisions can result in harm and, in the worst cases, death. Explainable Artificial Intelligence (XAI) tries to produce human-understandable explanations for AI decisions. However, most XAI systems prioritize factors such...

We are interested in widening the reasoning support for propositional modal logics in the so-called modal cube. The modal cube consists of extensions of the basic modal logic $$\textsf{K}_{}$$ K with an arbitrary combination of the modal axioms $$\textsf{B}$$ B , $$\textsf{D}$$ D , $$\textsf{T}$$ T , $$\textsf{4}$$ 4 and $$\textsf{5}$$ 5 . We revis...

Autonomous robotic systems systems are both safety- and security-critical, since a breach in system security may impact safety. In such critical systems, formal verification is used to model the system and verify that it obeys specific functional and safety properties. Independently, threat modelling is used to analyse and manage the cyber security...

The Autonomy and Verification group11 Part of a wider, international, Autonomy and Verification Network of activity: https://autonomy-and-verification.github.io sits within the Department of Computer Science22 https://www.cs.manchester.ac.uk at the University of Manchester. The group has a long history of research into agents and multi-agent system...

The modal logic \({\mathsf {K}}\) is commonly used to represent and reason about necessity and possibility and its extensions with combinations of additional axioms are used to represent knowledge, belief, desires and intentions. Here we present local reductions of all propositional modal logics in the so-called modal cube, that is, extensions of \...

Verifying that autonomous space robotic software behaves correctly is crucial, particularly since such software is often mission-critical, that is, a software failure can lead to mission failure. In this paper, we describe the process that we used to verify the autonomous grasp generation and capturing operation of a spent rocket stage in space. Th...

We present novel reductions of extensions of the basic modal logic $${\textsf {K} }$$ K with axioms $$\textsf {B} $$ B , $$\textsf {D} $$ D , $$\textsf {T} $$ T , $$\textsf {4} $$ 4 and $$\textsf {5} $$ 5 to Separated Normal Form with Sets of Modal Levels $$\textsf {SNF} _{sml}$$ SNF sml . The reductions typically result in smaller formulae than th...

We introduce a framework for the verification of protocols involving a distinguished machine (referred to as a leader) orchestrating the operation of an arbitrary number of identical machines (referred to as followers) in a network. At the core of our framework is a high-level formalism capturing the operation of these types of machines together wi...

Active debris removal in space has become a necessary activity to maintain and facilitate orbital operations. Current approaches tend to adopt autonomous robotic systems which are often furnished with a robotic arm to safely capture debris by identifying a suitable grasping point. These systems are controlled by mission-critical software, where a s...

We present an extension of the semantics for action execution in the Gwendolen BDI programming language. This extension firstly explicitly assumes that actions have durations and, moreover, that the reasoning cycle of the agent can not be stopped while such an action is executing but needs to continue in order to monitor for important external even...

When studying the use of assistive robots in home environments, and especially how such robots can be personalised to meet the needs of the resident, key concerns are issues related to behaviour verification, behaviour interference and safety. Here, personalisation refers to the teaching of new robot behaviours by both technical and non-technical e...

Purpose of Review The deployment of hardware (e.g., robots, satellites, etc.) to space is a costly and complex endeavor. It is of extreme importance that on-board systems are verified and validated through a variety of verification and validation techniques, especially in the case of autonomous systems. In this paper, we discuss a number of approac...

We present novel reductions of the propositional modal logics , , , and to Separated Normal Form with Sets of Modal Levels. The reductions result in smaller formulae than the well-known reductions by Kracht and allow us to use the local reasoning of the prover to determine the satisfiability of modal formulae in these logics. We show experimentally...

The advent of sophisticated robotics and AI technology makes sending humans into hazardous and distant environments to carry out inspections increasingly avoidable. Being able to send a robot, rather than a human, into a nuclear facility or deep space is very appealing. However, building these robotic systems is just the start and we still need to...

We study translations from metric temporal logic (MTL) over the natural numbers to linear temporal logic (LTL). In particular, we present two approaches for translating from MTL to LTL which preserve the ExpSpace complexity of the satisfiability problem for MTL. In each of these approaches we consider the case where the mapping between states and t...

Algorithms for the synchronisation of clocks across networks are both common and important within distributed systems. We here address not only the formal modelling of these algorithms, but also the formal verification of their behaviour. Of particular importance is the strong link between the very different levels of abstraction at which the algor...

Wireless communication protocols are often used in critical applications, e.g., urban water supply networks or healthcare monitoring within the Internet of Things. It is essential that control software and protocols for such systems are verified to be both robust and reliable. The effects on the hardware caused by environmental conditions and the c...

We develop a taxonomy that categorizes HRI failure types and their impact on trust to structure the broad range of knowledge contributions. We further identify research gaps in order to support fellow researchers in the development of trustworthy robots. Studying trust repair in HRI has only recently been given more interest and we propose a taxono...

We present an approach for the verification and validation (V&V) of robot assistants in the context of human–robot interactions, to demonstrate their trustworthiness through corroborative evidence of their safety and functional correctness. Key challenges include the complex and unpredictable nature of the real world in which assistant and service...

In this paper, we present a methodology for analysing security protocols using scenario based simulation. A scenario of a potential attack specifies the flow but not the content of messages. Using scenarios can reduce the number of protocol runs to be explored during attack searching via simulation. The number of runs can be further reduced by mini...

Autonomous robotic systems are complex, hybrid, and often safety-critical; this makes their formal specification and verification uniquely challenging. Though commonly used, testing and simulation alone are insufficient to ensure the correctness of, or provide sufficient evidence for the certification of, autonomous robotics. Formal methods for aut...

Autonomous robotic systems are complex, hybrid, and often safety critical; this makes their formal specification and verification uniquely challenging. Though commonly used, testing and simulation alone are insufficient to ensure the correctness of, or provide sufficient evidence for the certification of, autonomous robotics. Formal methods for aut...

Autonomous robotic systems such as Connected and Autonomous Vehicle (CAV) systems are both safety-and security-critical, since a breach in system security may impact safety. Generally, safety and security concerns for such systems are treated separately during the development process. In this paper, we consider an algorithm for sending Cooperative...

Ensuring that autonomous space robot control software behaves as it should is crucial, particularly as software failure in space often equates to mission failure and could potentially endanger nearby astronauts and costly equipment. To minimise mission failure caused by software errors, we can utilise a variety of tools and techniques to verify tha...

Resolution-based provers for multimodal normal logics require pruning of the search space for a proof to ameliorate the inherent intractability of the satisfiability problem for such logics. We present a clausal modal-layered hyper-resolution calculus for the basic multimodal logic, which divides the clause set according to the modal level at which...

In this paper we study sublogics of RoCTL* a recently proposed logic for specifying robustness. RoCTL* allows specifying robustness in terms of properties that are robust to a certain number of failures. RoCTL* is an extension of the branching time logic CTL* which in turn extends CTL by removing the requirement that temporal operators be paired wi...

In this paper we describe the implementation of Open image in new window , a resolution-based prover for the basic multimodal logic \({\textsf {K}}_{n}^{}\). The prover implements a resolution-based calculus for both local and global reasoning. The user can choose different normal forms, refinements of the basic resolution calculus, and strategies....

Nature-inspired synchronisation protocols have been widely adopted to achieve consensus within wireless sensor networks. We analyse the power consumption of such protocols, particularly the energy required to synchronise all nodes across a network. We use the model of bio-inspired, pulse-coupled oscillators to achieve network-wide synchronisation a...

Algorithms for the synchronisation of clocks across networks are both common and important within distributed systems. We here address not only the formal modelling of these algorithms, but also the formal verification of their behaviour. Of particular importance is the strong link between the very different levels of abstraction at which the algor...

Robotic systems are complex and critical: they are inherently hybrid, combining both hardware and software; they typically exhibit both cyber-physical attributes and autonomous capabilities; and are required to be at least safe and often ethical. While for many engineered systems testing, either through real deployment or via simulation, is deemed...

State Machine (ASM) method is a formal specification and modeling technique that allows us to specify computational systems at the required abstraction level and facilitates formal analysis and verification. System Theoretic Process Analysis (STPA) is a semi-formal hazard analysis method that aims to identify safety requirements emerging from the a...

The Care-O-bot is an autonomous robotic assistant that can support people in domestic and other environments. The behaviour of the robot can be defined by a set of high level control rules. The adoption and further development of such robotic assistants is inhibited by the absence of assurances about their safety. In previous work, formal models of...

We assess the power consumption of network synchronisation protocols, particularly the energy required to synchronise all nodes across a network. We use the widely adopted approach of bio-inspired, pulse-coupled oscillators to achieve network-wide synchronisation and provide an extended formal model of just such a protocol, enhanced with structures...

The Care-O-bot is an autonomous robotic assistant that can support people in domestic and other environments. The behaviour of the robot can be defined by a set of high level control rules. The adoption and further development of such robotic assistants is inhibited by the absence of assurances about their safety. In previous work, formal models of...

Synchronisation is an emergent phenomenon observable in nature. Natural synchronising systems have inspired the development of protocols for achieving coordination in a diverse range of distributed dynamic systems. Spontaneously synchronising systems can be mathematically modelled as coupled oscillators. In this paper we present a novel approach us...

In this paper, we briefly describe an implementation of a hyper-resolution-based calculus for the propositional basic multimodal logic, Kn. The prover, KSP, is designed to support experimentation with different combinations of refinements for its basic calculus. The prover allows for both local and global reasoning. We present an experimental evalu...

We study translations from Metric Temporal Logic (MTL) over the natural numbers to Linear Temporal Logic (LTL). In particular, we present two approaches for translating from MTL to LTL which preserve the ExpSpace complexity of the satisfiability problem for MTL. In each of these approaches we consider the case where the mapping between states and t...

This book constitutes the proceedings of the 11th International Symposium on Frontiers of Combining Systems, FroCoS 2017, held in Brasília, Bazil, in September 2017. The 17 papers presented in this volume were carefully reviewed and selected from 26 submissions. They were organized in topical sections named: description and temporal logics, decisi...

We present an approach for the verification and validation (V\&V) of robot assistants in the context of human-robot interactions (HRI), to demonstrate their trustworthiness through integral assurances on their safety and functional correctness. Trust in robot assistants will allow them to transition from the laboratory into our everyday lives. The...

In this paper, we describe an implementation of a hyper-resolution-based calculus for the propositional basic multimodal logic, . The prover was designed to support experimentation with different combinations of refinements for its basic calculus: it is primarily based on the set of support strategy, which can then be combined with other refinement...

Robot swarms are collections of simple robots cooperating without centralized control. Control algorithms for swarms are often inspired by decentralised problem-solving systems found in nature. In this paper we conduct a formal analysis of an algorithm inspired by the foraging behaviour of ants, where a swarm of flying vehicles searches for a targe...

In this paper we introduce a calculus based on ordered resolution for Coalition Logic (CL), improving our previous approach based on unrefined resolution, and discuss the problems associated with imposing an ordering refinement in the context of CL. The calculus operates on `coalition problems', a normal form for CL where we use coalition vectors t...

Resolution-based provers for multimodal normal logics require pruning of the search space for a proof in order to deal with the inherent intractability of the satisfiability problem for such logics. We present a clausal modal-layered hyper-resolution calculus for the basic multimodal logic, which divides the clause set according to the modal depth...

It is essential for robots working in close proximity to people to be both safe and trustworthy. We present a case study on formal verification for a high-level planner/scheduler for the Care-O-bot, an autonomous personal robotic assistant. We describe how a model of the Care-O-bot and its environment was developed using Brahms, a multiagent workfl...

The work presented in this papers is directed at mechanisms where by 3D surfaces can be represented to support the generation and application of classification techniques. Three different mechanisms are presented to allow for the representation of 3D surfaces in such a way that key features are retained while at the same time ensuring compatibility...

Robotic assistants are being designed to help, or work with, humans in a variety of situations from assistance within domestic situations, through medical care, to industrial settings. Whilst robots have been used in industry for some time they are often limited in terms of their range of movement or range of tasks. A new generation of robotic assi...

We present a clausal resolution-based method for normal multimodal logics of confluence, whose Kripke semantics are based on frames characterised by appropriate instances of the Church-Rosser property. Here we restrict attention to eight families of such logics. We show how the inference rules related to the normal logics of confluence can be syste...

We present a prototype tool for automated reasoning for Coalition Logic, a non-normal modal logic that can be used for reasoning about cooperative agency. The theorem prover CLProver is based on recent work on a resolution-based calculus for Coalition Logic that operates on coalition problems, a normal form for Coalition Logic. We provide an overvi...

The branching-time temporal logic CTL is useful for specifying systems that change over time and involve quantification over possible futures. Here we present a resolution calculus for CTL that involves the translation of formulae to a normal form and the application of a number of resolution rules. We use indices in the normal form to represent pa...

This paper proposes an intelligent process model (IPM), founded on the concept of data mining, for predicting springback in the context of sheet metal forming, in particular, single point incremental forming (SPIF). A limitation with the SPIF process is that the application of the process results in geometric deviations, which means that the result...

We present a resolution-based calculus for Coalition Logic CL, a non-normal modal logic used for reasoning about cooperative agency. We introduce a normal form and a set of inference rules to solve the satisfiability problem in CL. We also show that the calculus presented here is sound, complete, and terminating.

Human-robot teams are likely to be used in a variety of situations wherever humans require the assistance of robotic systems. Obvious examples include healthcare and manufacturing, in which people need the assistance of machines to perform key tasks. It is essential for robots working in close proximity to people to be both safe and trustworthy. In...

This paper presents an integrated framework for learning to predict geometry related features with respect to 3D surfaces. The idea is to use a training set of known prediction values to create a model founded on local 3D geometries associated with a given surfaces so that predictions with respect to a new “unseen” surfaces can be made. The local g...

When modelling realistic systems, physical constraints on the resources available are often required. For example, we might say that at most N processes can access a particular resource at any moment, exactly M participants are needed for an agreement, or an agent can be in exactly one mode at any moment. Such situations are concisely modelled wher...

Robotic assistants are being developed to assist with a range of tasks at work and home. Besides designing and developing such robotic assistants, a key issue that needs to be addressed is showing that they are both safe and trustworthy. We discuss our approach to this using formal verification, simulation-based testing and formative user evaluatio...

A robot swarm is a collection of simple robots designed to work together to carry out some task. Such swarms rely on the simplicity of the individual robots; the fault tolerance inherent in having a large population of identical robots; and the self-organised behaviour of the swarm as a whole. Although robot swarms present an attractive solution to...

Collaboration between robots and humans is an increasingly important aspect of industrial and scientific settings. In addition, significant effort is being put into the development of robot helpers for more general use in the workplace, at home, and in health-care environments. However, before such robots can be fully utilised, a comprehensive anal...

Frequently when formalising systems that change over time, we must represent statements, coming from physical constraints or representational issues, stating that exactly n literals (or less than n literals) of a set hold. While we can write temporal formulae to represent this information, such formulae both complicate and increase the size of the...

A mechanism for describing 3-D local geometries is presented which is suitable for input into a classifier generator. The objective is to predict the springback that will occur when Asymmetric Incremental Sheet Forming (AISF) is applied to sheet metal to produce a desired shape so that corrective measures can be applied. The springback is localised...

In this paper, we describe an implementation of a new cal- culus for a fragment of propositional linear-time logic (PLTL). This fragment is a sub-class of PLTL which can be used to capture B uchi automata. Further, the complexity of this calculus for the fragment is polynomial, whereas the complexity of satisabilit y for full PLTL is PSPACE-comple...

An alternative to deploying a single robot of high complexity can be to utilize robot swarms comprising large numbers of identical, and much simpler, robots. Such swarms have been shown to be adaptable, fault-tolerant and widely applicable. However, designing individual robot algorithms to ensure effective and correct overall swarm behaviour is act...

A robot swarm is a collection of simple robots designed to work together to carry out some task. Such swarms rely on: the simplicity of the individual robots; the fault tolerance inherent in having a large population of often identical robots; and the self-organised behaviour of the swarm as a whole. Although robot swarms are being deployed in incr...

Intrusion Detection Systems (IDS) aim to detect the actions that attempt to compromise the confidentiality, availability, and integrity of a resource by monitoring the events occurring in computer systems and/or networks. Stream data processing is a database technology applied to flows of data. Temporal Logic is a formalism for representing change...

The formal analysis of computational processes is by now a wellestablished field. However, in practical scenarios, the problem of how we can formally verify interactions with humans still remains. In this paper we are concerned with addressing this problem. Our overall goal is to provide formal verification techniques for human-agent teamwork, part...

The logic RoCTL* is an extension of the branching time temporal logic CTL* to represent robustness of systems to transient failures such as loss of data packets. New operators are introduced dealing with obligation (where no failures occur) and robustness (where at most one additional failure occurs). The only known decision procedures for the temp...

Robot swarms provide a way for a number of simple robots to work together to carry out a task. While swarms have been found to be adaptable, fault-tolerant and widely applicable, designing individual robot algorithms so as to ensure effective and correct swarm behaviour is very difficult. In order to assess swarm effectiveness, either experiments w...

In this paper, we present a resolution-based calculus R CTL>,S for Computation Tree Logic (CTL) as well as an implementation of that calculus in the theorem prover CTL-RP. The calculus R CTL>,S requires a transformation of an arbitrary CTL formula to an equi-satisfiable clausal normal form formulated in an extension of CTL with indexed path formula...

Purpose The purpose of this paper is to consider the logical specification, and automated verification, of high‐level robotic behaviours. Design/methodology/approach The paper uses temporal logic as a formal language for providing abstractions of foraging robot behaviour, and successively extends this to multiple robots, items of food for the robo...

Temporal logic of knowledge is a combination of temporal and epistemic logic that has been shown to be very useful in areas such as distributed systems, security, and multi-agent systems. However, the complexity of the logic can be prohibitive. We here develop a rened version of such a logic and associated tableau procedure with improved complexity...

In this paper, we present a refined resolution-based calculus for Computation Tree Logic (CTL). The calculus requires a polynomial time computable transformation of an arbitrary CTL formula to an equi-satisfiable clausal normal form formulated in an extension of CTL with indexed existential path quantifiers. The calculus itself consists of a set of...

In this paper we consider the specification and verification of infinite-state systems using temporal logic. In particular, we describe parameterised systems using a new variety of first-order temporal logic that is both powerful enough for this form of specification and tractable enough for practical deductive verification. Importantly, the power...

The logic RoCTL* is an extension of the branching time temporal logic CTL* to represent robustness and reliability in systems. New operators are introduced dealing with obligation (where no failures occur) and robustness (where at most one additional failure occurs). The only known decision procedure for the temporal logic of robustness RoCTL* invo...

Often when modelling systems, physical constraints on the resources available are needed. For example, we might say that at most N processes can access a particular resource at any moment or exactlyM participants are needed for an agreement. Such situations are concisely modelled where propositions are constrained such that at mostN , or exactlyM ,...

In this paper we consider proof techniques for branching-time temporal logics. While a considerable amount of research has been carried out regarding the relationship between finite automata and such logics, practical proof techniques for such logics have received relatively little attention. Recently, however, several applications requiring refine...

We present a clausal resolution-based method for normal modal logics. Differently from other approaches, where inference rules are based on the syntax of a particular set of axioms, we focus on the restrictions imposed on the binary accessibility relation for each particular normal logic. We provide soundness and completeness results for all fiftee...

Temporal logics of knowledge are useful for reasoning about situations where the knowledge of an agent or component is important, and where change in this knowledge may occur over time. Here we investigate the application of temporal logics of knowledge to the specification and verification of security protocols. We show how typical assumptions rel...

In this paper we consider the specification and verification of infinite-state systems using temporal logic. In particular, we describe parameterised systems using a new variety of first-order temporal logic that is both powerful enough for this form of specification and tractable enough for practical deductive verification. Importantly, the power...

Temporal reasoning is widely used within both Computer Science and A.I. However, the underly- ing complexity of temporal proof in discrete tempo- ral logics has led to the use of simplified formalisms and techniques, such as temporal interval algebras or model checking. In this paper we show that tractable sub-classes of propositional linear tem- p...

In this paper we present a framework for the combination of modal and temporal logic. This framework allows us to combine different normal forms, in particular, a separated normal form for temporal logic and a first-order clausal form for modal logics. The calculus of the framework consists of temporal resolution rules and standard first-order reso...

Efficient proof methods for normal modal logics are highly desirable, as such logical systems have been widely used in computer science to represent complex situations. Resolution-based methods are often designed to deal with formulae in a normal form and the efficiency of the method (also) relies on how efficient (in the sense of producing fewer...

We present a clausal resolution-based method for normal modal log-ics. Differently from other approaches, where inference rules are based on the syntax of a particular set of axioms, we focus on the restrictions imposed on the binary accessibility relation for each particular normal logic.

In this paper, we consider a tractable sub-class of propositional linear time temporal logic, and provide a complete clausal resolution calculus for it. The fragment is important as it can be used to represent simple B¨uchi automata. We also show that, just as the emptiness check for a B¨uchi automaton is tractable, the complexity of deciding unsat...

Efficient proof methods for proving properties specified by means of normal modal logics are highly desirable, as such logical sys-tems have been widely used in computer science to represent complex situations. Resolution-based methods are often designed to deal with for-mulae in a normal form and the efficiency of the method (also) relies on how e...

Temporal logics of knowledge are useful for reasoning about situations where the knowledge of an agent or component is important, and where change in this knowledge may occur over time. Here we use temporal logics of knowledge to reason about the game Cluedo. We show how to specify Cluedo using temporal logics of knowledge and prove statements abou...

This chapter proposes two new methods for realising automated reasoning within agent-based systems. We concentrate on a core of the KARO framework, which is a specification framework for modelling intelligent agent behaviour. We discuss the advantages of each approach and suggest ways of extending each variant to cover more of the KARO framework.

It is a characteristic of swarm robotics that specifying overall emergent swarm behaviours in terms of the low-level behaviours of individual robots is very difficult. Yet if swarm robotics is to make the transition from the laboratory to real-world engineering realisation we need such specifications. This paper explores the use of temporal logic t...

We provide a translation from SNFPLTL, a normal form for propositional linear time temporal logic, into alternating automata on infinite words, and vice versa. We show this translation has the property that the set of SNFPLTL clauses is satisfiable if and only if the alternating automaton has an accepting run. As there is no direct method known for...

First-order temporal logic, the extension of first-order logic with operators dealing with time, is a powerful and expressive formalism with many potential applications. This expressive logic can be viewed as a framework in which to investigate problems specified in other logics. The monodic fragment of first-order temporal logic is a useful fragme...

We present a clausal resolution-based method for temporal logics of knowledge withsynchrony and no learning. This and related logics admit axioms which include operators fromboth the temporal and epistemic logics, which enable the description of how knowledge evolvesover time. Instead of proposing new resolution rules, further information is added...

We present a clausal resolution-based method for temporal logics of knowledge with synchrony and no learning. This and related logics admit axioms which include operators from both the temporal and epistemic logics, which enable the description of how knowledge evolves over time. Instead of proposing new resolution rules, further information is add...