Modelling of cyber-physical or robotic systems provides a way by which to explore the possibilities and limits of systems without the need to actually construct the system. We can abstract the behaviour as a formal model to enable the use of model checking tools to
investigate prediction of quantifiable reliability measures of the behaviours of the robots.
Several model checkers exist which provide a range of abilities to check properties of a model. Each has its own language for specifying models, and for specifying the properties to be checked. The properties to be checked are specified to conform to some logical formalism. For example, LTL, CTL, and PCTL are some logics in common use.
In order to work towards being able to guarantee properties of real-time cyber-physical scenarios, requires that the tools used to model them and check their properties provide a convenient mechanism to model interactions in the spatial environment.
This thesis describes work that progresses our ability to perform such predictions through extending the abilities of the formal model checker environment PRISM. PRISM is a model checker which supports PCTL property checking. However it does not currently provide any convenient mechanisms for representing spatial relationships such as arise in a grid situation, particularly in the case where adjacent cells need to be referenced. Current mechanisms require explicitly describing behaviour individually for each cell separately.
In this thesis, we propose the inclusion of array-like variables in the modelling language of PRISM that can be used for index-based access to different variables depending on situational circumstances. Such indexed variables are a necessity if grid-based environments are to be conveniently specified in PRISM models that are easy to understand and maintain by humans. When used in situations representing grids of cells, this will enable being able to refer to other cells through formulas that calculate adjacent cells. Such indexed variables could also be used in modelling other aspects including lists and stacks.
The thesis demonstrates how models can be specified more succinctly and generically when there are patterns of behaviour to be modelled for a group of variables as represented by indexed variables. Specifying behaviour generically can reduce the possibility of errors being introduced when instead specifying behaviour explicitly for each cell. Edge cases that might need to be treated specially compared to the typical cases are shown to be easily accommodated by adding special constraints to the generically specified behaviour.
Several model scenarios are presented to form the basis of evaluation. To motivate the need for the extension to PRISM, a scenario of a cleaning robot operating in a 1-dimensional grid environment is developed. We then present an alternative model that is specified generically. Characteristics of the two different models are compared, and we see that the generically specified model, using indexed variables to represent the environment are shorter and simpler to specify.
In a second evaluation, we consider a set of scenarios about Unmanned Aerial Vehicles that search for some number of objects of interest in cells forming a 2-dimensional grid that were developed for PRISM by other authors. We show how we can rewrite those scenarios using indexed variables to represent the grid environment, and that the built versions of the revised models are equivalent to the built versions of the original models by having the same number of states, transitions, nodes and other key characteristics as the original models, even though the revised model is much shorter to specify and is specified generically.
On the basis of equivalence established by that second evaluation, we proceed on to a third evaluation where we specify a model for a more complex scenario of multiple robots operating in a shared environment. The thesis explores to some degree what sort of limitations there are when dealing with large complex models consisting of indexed variables and associated generic behaviour. It additionally proposes a mechanism for allowing greater control by the modeller over the ordering of variables in the translated models of the PRISM model checker.
Some of the key insights of this exploration include: that when multiple entities are being modelled, care must be taken to limit the combinations of state that could arise between the different entities, particularly where parallel operation is modelled; and that the ordering of variables in the built model can have significant influence on whether or not a model can be built quickly and within memory limits, and for this reason care must be given as to ‘where’ the indexed variables should be placed in relation to other variables of the model.