Safety Contracts for Timed Reactive Components Iulia Dragomir , - PowerPoint PPT Presentation

Contract-based Reasoning � � � � � � � � � � � � � � � � � � �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 9 / 38

Contract-based Reasoning �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 9 / 38

Contract-based Reasoning � � � �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 9 / 38

Contract-based Reasoning �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 9 / 38

Contract-based approach for component-based systems Formalization of component framework Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 10 / 38

Contract-based approach for component-based systems Formalization of component framework Verification relations Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 10 / 38

Contract-based approach for component-based systems Formalization of component framework Verification relations Contract satisfaction 1 Dominance between contracts 2 Conformance 3 Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 10 / 38

Outline 3 Component framework: Timed Input/Output Automata Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 11 / 38

Component: Timed Input/Output Automaton Definition Timed input/output automaton A Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, I , �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, I , O , �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, I , O , V , �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, I , O , V , H , �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, I , O , V , H , D , �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

Component: Timed Input/Output Automaton Definition Timed input/output automaton A = ( X , Clk , Q , θ, I , O , V , H , D , T ) �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 12 / 38

Properties of a timed input/output automaton 1 Existence of point trajectories : ∀ x ∈ Q , γ ( x ) : [0 , 0] → x ∈ T Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 13 / 38

Properties of a timed input/output automaton 1 Existence of point trajectories : ∀ x ∈ Q , γ ( x ) : [0 , 0] → x ∈ T 2 Prefix, suffix and concatenation closure of T Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 13 / 38

Properties of a timed input/output automaton 1 Existence of point trajectories : ∀ x ∈ Q , γ ( x ) : [0 , 0] → x ∈ T 2 Prefix, suffix and concatenation closure of T 3 Input actions enabling: ∀ x ∈ Q , ∀ a ∈ I , ∃ x ′ ∈ Q such that x ? a → x ′ Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 13 / 38

Properties of a timed input/output automaton 1 Existence of point trajectories : ∀ x ∈ Q , γ ( x ) : [0 , 0] → x ∈ T 2 Prefix, suffix and concatenation closure of T 3 Input actions enabling: ∀ x ∈ Q , ∀ a ∈ I , ∃ x ′ ∈ Q such that x ? a → x ′ 4 Time-passage enabling: ∀ x ∈ Q , ∃ τ ∈ T such that τ (0) = x and either τ. limit time = ∞ or τ is closed and some l ∈ O ∪ V ∪ H is enabled is τ ( τ. limit time ) Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 13 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0] • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ] • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] • Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , δ ] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , δ ][0 , δ ] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0][0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA behaviour �� Execution fragment : sequence of trajectories and actions Example: α = [0 , 0]! a [0 , δ ] ǫ [0 , δ ]? b [0 , 0] c [0 , 0] ↓ b [0 , 0] Trace : sequence of time-passage lengths and external actions Example: trace ( α ) = [0 , 0]! a [0 , 2 ∗ δ ]? b [0 , 0] c [0 , 0] Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 14 / 38

TIOA composition Composition compatibility: Y i ∩ Y j = H i ∩ A j = V i ∩ A j = O i ∩ O j = I i ∩ I j = ∅ , for i � = j Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 15 / 38

TIOA composition Composition compatibility: Y i ∩ Y j = H i ∩ A j = V i ∩ A j = O i ∩ O j = I i ∩ I j = ∅ , for i � = j Parallel composition: a → x ′ x 1 1 ( a ∈ A 1 \ A 2 ) a → ( x ′ ( x 1 ∪ x 2 ) 1 ∪ x 2 ) a → x ′ x 2 2 ( a ∈ A 2 \ A 1 ) a → ( x 1 ∪ x ′ ( x 1 ∪ x 2 ) 2 ) Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 15 / 38

TIOA composition Composition compatibility: Y i ∩ Y j = H i ∩ A j = V i ∩ A j = O i ∩ O j = I i ∩ I j = ∅ , for i � = j Parallel composition: a → x ′ x 1 1 ( a ∈ A 1 \ A 2 ) a → ( x ′ ( x 1 ∪ x 2 ) 1 ∪ x 2 ) a → x ′ x 2 2 ( a ∈ A 2 \ A 1 ) a → ( x 1 ∪ x ′ ( x 1 ∪ x 2 ) 2 ) a a → x ′ → x ′ 1 ∧ x 2 x 1 2 ( a ∈ ( A 1 ∩ A 2 ) ∪ ( T 1 ∧ T 2 )) a → ( x ′ 1 ∪ x ′ ( x 1 ∪ x 2 ) 2 ) Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 15 / 38

TIOA composition Composition compatibility: Y i ∩ Y j = H i ∩ A j = V i ∩ A j = O i ∩ O j = I i ∩ I j = ∅ , for i � = j Parallel composition: a → x ′ x 1 1 ( a ∈ A 1 \ A 2 ) a → ( x ′ ( x 1 ∪ x 2 ) 1 ∪ x 2 ) a → x ′ x 2 2 ( a ∈ A 2 \ A 1 ) a → ( x 1 ∪ x ′ ( x 1 ∪ x 2 ) 2 ) a a → x ′ → x ′ 1 ∧ x 2 x 1 2 ( a ∈ ( A 1 ∩ A 2 ) ∪ ( T 1 ∧ T 2 )) a → ( x ′ 1 ∪ x ′ ( x 1 ∪ x 2 ) 2 ) Theorem The parallel composition operator is commutative and associative. Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 15 / 38

Outline 4 A toy example Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 16 / 38

Running example �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 17 / 38

Property ϕ to be checked Property Given δ 1 < δ 2 , the subsystem doesn’t emit consecutive a ’s or b ’s. � �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 18 / 38 ��

Outline 5 Contract framework for Timed Input/Output Automata Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 19 / 38

Formal contract Component K : a timed input/output automaton Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 20 / 38

Formal contract Component K : a timed input/output automaton Closed component: I = O = ∅ Open component: it is not closed Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 20 / 38

Formal contract Component K : a timed input/output automaton Closed component: I = O = ∅ Open component: it is not closed Environment E for K : a timed input/output automaton compatible with K such that I E ⊆ O K and O E ⊆ I K Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 20 / 38

Formal contract Component K : a timed input/output automaton Closed component: I = O = ∅ Open component: it is not closed Environment E for K : a timed input/output automaton compatible with K such that I E ⊆ O K and O E ⊆ I K Definition A contract for a component K is a pair ( A , G ) of TIOA such that I A = O G and O A = I G (i.e. the composition is a closed system) and I G ⊆ I K and O G ⊆ O K (i.e. the interface of K is a refinement of that of G ). Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 20 / 38

Contracts for the running example � � �� Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 21 / 38 � � ��

Conformance relation Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 22 / 38

Conformance relation Definition Let K 1 and K 2 be two comparable components (i.e. having the same external interface). K 1 � K 2 if traces K 1 ⊆ traces K 2 . Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 22 / 38

Conformance relation Definition Let K 1 and K 2 be two comparable components (i.e. having the same external interface). K 1 � K 2 if traces K 1 ⊆ traces K 2 . Theorem Conformance is a preorder relation. Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 22 / 38

Conformance relation Definition Let K 1 and K 2 be two comparable components (i.e. having the same external interface). K 1 � K 2 if traces K 1 ⊆ traces K 2 . Theorem Conformance is a preorder relation. Theorem Let K 1 and K 2 be two comparable components with K 1 � K 2 and E a component compatible with both K 1 and K 2 . Then K 1 � E � K 2 � E . Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 22 / 38

Refinement under context relation Definition Let K 1 and K 2 be two components such that I K 2 ⊆ I K 1 ∪ V K 1 , O K 2 ⊆ O K 1 ∪ V K 1 and V K 2 ⊆ V K 1 . Let E be an environment for K 1 compatible with both K 1 and K 2 . We say that K 1 refines K 2 in the context of E , denoted K 1 ⊑ E K 2 , if K 1 � E � E ′ � K 2 � E � K ′ � E ′ where K ′ and E ′ are defined such that both members of the conformance relation are comparable and closed. Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 23 / 38

Safety Contracts for Timed Reactive Components Iulia Dragomir , - PowerPoint PPT Presentation

Safety Contracts for Timed Reactive Components Iulia Dragomir , Iulian Ober and Christian Percebois IRIT - University of Toulouse March 21, 2013 Iulia Dragomir (IRIT) Safety Contracts for Timed Reactive Components March 21, 2013 1 / 38

Know the basic components of a commercial contracts Identify these components in

News on Safety Properties for Timed Petri Nets Patrick Totzke Edinburgh 2018-09-24 1 / 15 2 /

Specification and Analysis of Contracts Lecture 2 Components, Services and Contracts Gerardo

Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

PowerUp Team Palindrome Key Challenges Reactive, rather than proactive, safety management

Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Dr. Karine Arnout

Contracts 7 January 2019 OSU CSE 1 Contract Details Contracts in the APIs for OSU CSE

Analysis of Inconsistent Routing Components in Reactive Routing Protocols Habib-ur Rehman, Lars

Real-Time Modeling and Test Case Generation Konrad Krentz A Convincing Safety Case [1] 2 A

Time-critical reactive systems (modelling) Jos Proena HASLab - INESC TEC Universidade do

Simulating Timed UML2 Sequence Diagrams with Timed CSP M Roggenbach (Swansea, Wales, UK)

Runtime Enforcement of Timed Properties Srinivas Pinisetty 1 ,Yli` es Falcone 2 , Thierry J eron

OUTLINE Model Checking in a Nutshell Timed automata and TCTL Timed Automata, TCTL A

Time-critical reactive systems (modelling) Lus Soares Barbosa HASLab - INESC TEC Universidade

Trusted Components Reuse, Contracts and Patterns Prof. Dr. Bertrand Meyer Till G. Bay Chair of

1 Recent Advances in Reactive Planning: Past Approaches to Planning BDD-based Universal Planning

Reactive design patterns for microservices on multicore Reactive summit - 22/10/18

Timed Automata and Logics for Real-time Systems Luca Aceto ICE-TCS, School of Computer Science

Behavior based Safety Psychological components to consider Presented at AEB meeting, December 7

11-823 Conlanging Prosody 2: so what does it all mean? Prosody Timing Stress timed vs

A Formal Framework for UML Modeling with Timed Constraints: Application to Railway Control