Results 1  10
of
19
Branching Time and Abstraction in Bisimulation Semantics
 Journal of the ACM
, 1996
"... Abstract. In comparative concurrency semantics, one usually distinguishes between linear time and branching time semantic equivalences. Milner’s notion of ohsen~ation equirlalence is often mentioned as the standard example of a branching time equivalence. In this paper we investigate whether observa ..."
Abstract

Cited by 249 (14 self)
 Add to MetaCart
Abstract. In comparative concurrency semantics, one usually distinguishes between linear time and branching time semantic equivalences. Milner’s notion of ohsen~ation equirlalence is often mentioned as the standard example of a branching time equivalence. In this paper we investigate whether observation equivalence really does respect the branching structure of processes, and find that in the presence of the unobservable action 7 of CCS this is not the case. Therefore, the notion of branching hisimulation equivalence is introduced which strongly preserves the branching structure of processes, in the sense that it preserves computations together with the potentials in all intermediate states that are passed through, even if silent moves are involved. On closed KSterms branching bisimulation congruence can be completely axiomatized by the single axiom scheme: a.(7.(y + z) + y) = a.(y + z) (where a ranges over all actions) and the usual laws for strong congruence. WC also establish that for sequential processes observation equivalence is not preserved under refinement of actions, whereas branching bisimulation is. For a large class of processes, it turns out that branching bisimulation and observation equivalence are the same. As far as we know, all protocols that have been verified in the setting of observation equivalence happen to fit in this class, and hence are also valid in the stronger setting of branching hisimulation equivalence.
On Observational Equivalence and Algebraic Specification
, 1987
"... The properties of a simple and natural notion of observational equivalence of algebras and the corresponding specificationbuilding operation are studied. We begin with a defmition of observational equivalence which is adequate to handle reachable algebras only, and show how to extend it to cope wit ..."
Abstract

Cited by 66 (17 self)
 Add to MetaCart
The properties of a simple and natural notion of observational equivalence of algebras and the corresponding specificationbuilding operation are studied. We begin with a defmition of observational equivalence which is adequate to handle reachable algebras only, and show how to extend it to cope with unreachable algebras and also how it may be generalised to make sense under an arbitrary institution. Behavioural equivalence is treated as an important special case of observational equivalence, and its central role in program development is shown by means of an example.
Specification Styles in Distributed Systems Design and Verification," in "Theoretical Computer Science '89", NorthHolland
 University of Pisa. From
, 1991
"... Substantial experience with the use of formal specification languages in the design of distributed systems has shown that finding appropriate structures for formal specifications presents a serious, and often underestimated problem. Its solutions are of great importance for ensuring the quality of t ..."
Abstract

Cited by 52 (6 self)
 Add to MetaCart
Substantial experience with the use of formal specification languages in the design of distributed systems has shown that finding appropriate structures for formal specifications presents a serious, and often underestimated problem. Its solutions are of great importance for ensuring the quality of the various designs that need to be developed at different levels of abstraction along the design trajectory of a system. This paper introduces four specification styles that allow to structure formal specifications in different ways: the monolithic, the constraintoriented, the stateoriented, and the resourceoriented style. These styles have been selected on the basis of their suitability to express design concerns by structuring specifications and their suitability to pursue qualitative design principles such as generality, orthogonality, and openendedness. By giving a running example, a queryanswer service, in the ISO specification language LOTOS, these styles are discussed in detail. The support of verification and correctness preserving transformation by these styles is shown by verifying designs, expressed in different styles, with respect to each other. This verification is based on equational laws for (weak) bisimulation equivalence. 1.
Fast Asynchronous Systems in Dense Time
 TCS
, 1995
"... A testing scenario in the sense of De Nicola and Hennessy is developed to measure the worstcase efficiency of asynchronous systems using dense time. For all three variants considered, it is shown that one can equivalently use discrete time; in the discrete versions, one variant coincides with an ap ..."
Abstract

Cited by 13 (10 self)
 Add to MetaCart
A testing scenario in the sense of De Nicola and Hennessy is developed to measure the worstcase efficiency of asynchronous systems using dense time. For all three variants considered, it is shown that one can equivalently use discrete time; in the discrete versions, one variant coincides with an approach based on discrete time in [Vog95b], and thus we can clarify the assumptions behind this approach. The resulting testingpreorders are characterized with some kind of refusal traces and shown to satisfy some properties that make them attractive as fasterthan relations. The three testingpreorders are incomparable in general, but for some interesting classes of systems implications are shown. 1 Introduction In the testing approach of [DNH84], reactive systems are compared by embedding them  with a parallel composition operator k  in arbitrary test environments. One variant of testing (musttesting) considers the worstcase behaviour: a system N performs successfully in an environm...
Adequacy of compositional translations for observational semantics
 INTERNATIONAL CONFERENCE ON THEORETICAL COMPUTER SCIENCE
, 2008
"... We investigate methods and tools for analyzing translations between programming languages with respect to observational semantics. The behavior of programs is observed in terms of may and mustconvergence in arbitrary contexts, and adequacy of translations, i.e., the reflection of program equivalenc ..."
Abstract

Cited by 10 (7 self)
 Add to MetaCart
We investigate methods and tools for analyzing translations between programming languages with respect to observational semantics. The behavior of programs is observed in terms of may and mustconvergence in arbitrary contexts, and adequacy of translations, i.e., the reflection of program equivalence, is taken to be the fundamental correctness condition. For compositional translations we propose a notion of convergence equivalence as a means for proving adequacy. This technique avoids explicit reasoning about contexts, and is able to deal with the subtle role of typing in implementations of language extensions.
Finite axiom systems for testing preorder and De Simone Process Languages
, 2000
"... We prove that testing preorder of De Nicola and Hennessy is preserved by all operators of De Simone process languages. Building upon this result we propose an algorithm for generating axiomatisations of testing preorder for arbitrary De Simone process languages. The axiom systems produced by our alg ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
We prove that testing preorder of De Nicola and Hennessy is preserved by all operators of De Simone process languages. Building upon this result we propose an algorithm for generating axiomatisations of testing preorder for arbitrary De Simone process languages. The axiom systems produced by our algorithm are finite and complete for processes with nite behaviour. In order to achieve completeness for a subclass of processes with infiite behaviour we use one infinitary induction rule. The usefulness of our results is illustrated in specification and verification of small concurrent systems, where suspension, resumption and alternation of execution of component systems occur. We argue that better speci cations can be written in customised De Simone process languages, which contain both the standard operators as well as new De Simone operators that are specifically tailored for the task in hand. Moreover, the automatically generated axiom systems for such specification languages make the verification more straightforward.
Vertical Implementation
 Information and Computation
, 2001
"... We investigate criteria to relate specifications and implementations belonging to conceptually different levels of abstraction. For this purpose, we introduce the generic concept of a vertical implementation relation, which is a family of binary relations indexed by a refinement function that maps a ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
We investigate criteria to relate specifications and implementations belonging to conceptually different levels of abstraction. For this purpose, we introduce the generic concept of a vertical implementation relation, which is a family of binary relations indexed by a refinement function that maps abstract actions onto concrete processes and thus determines the basic connection between the abstraction levels. If the refinement function is the identity, the vertical implementation relation collapses to a standard (horizontal) implementation relation. As desiderata for vertical implementation relations we formulate a number of congruencelike proof rules (notably a structural rule for recursion) that offer a powerful, compositional proof technique for vertical implementation. As a candidate vertical implementation relation we propose vertical bisimulation. Vertical bisimulation is compatible with the standard interleaving semantics of process algebra; in fact, the corresponding horizontal relation is rooted weak bisimulation. We prove that vertical bisimulation satisfies the proof rules for vertical implementation, thus establishing the consistency of the rules. Moreover, we define a corresponding notion of abstraction that strengthens the intuition behind vertical bisimulation and also provides a decision algorithm for finitestate systems. Finally, we give a number of small examples to demonstrate the advantages of vertical implementation in general and vertical bisimulation in particular. 1
On Conservativity of Concurrent Haskell
, 2011
"... Abstract. The calculus CHF models Concurrent Haskell extended by concurrent, implicit futures. It is a process calculus with concurrent threads, monadic concurrent evaluation, and includes a pure functional lambdacalculus which comprises data constructors, caseexpressions, letrecexpressions, and ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract. The calculus CHF models Concurrent Haskell extended by concurrent, implicit futures. It is a process calculus with concurrent threads, monadic concurrent evaluation, and includes a pure functional lambdacalculus which comprises data constructors, caseexpressions, letrecexpressions, and Haskell’s seq. Futures can be implemented in Concurrent Haskell using the primitive unsafeInterleaveIO, which is available in most implementations of Haskell. Our main result is conservativity of CHF, that is, all equivalences of pure functional expressions are also valid in CHF. This implies that compiler optimizations and transformations from pure Haskell remain valid in Concurrent Haskell even if it is extended by futures. We also show that this is no longer valid if Concurrent Haskell is extended by the arbitrary use of unsafeInterleaveIO. 1
ArchitectureDriven Verification of Concurrent Systems
, 1997
"... This paper proposes a method to construct a set of proof obligations from the architectural specification of a concurrent system. The architectural specifications used express correctness requirements of a concurrent system at a high level without any reference to component functionality. Then the p ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
This paper proposes a method to construct a set of proof obligations from the architectural specification of a concurrent system. The architectural specifications used express correctness requirements of a concurrent system at a high level without any reference to component functionality. Then the proof obligations derived from such specifications are discharged as model checking tasks in a suitable behavioral model where components are assigned their respective functionalities. An experimental extension to the SPIN tool is used as the model checker. The block diagram notation used to specify architectures allows interchangeable components with equivalent intended functionalities to be encapsulated within a representative module. A proof obligation of such a system is discharged as an equivalence checking task in the behavioral model chosen. It is shown how infeasible proof obligations can be decomposed by decomposing the architectural specification. Obligation decomposition relies on assumeguarantee conditions.
Modular construction of fast asynchronous systems
, 1996
"... A testing scenario in the sense of De Nicola and Hennessy is developed to measure the worstcase efficiency of asynchronous systems using dense time, and it is shown that one can equivalently use discrete time. The resulting testingpreorder is characterized with some kind of refusal traces. Further ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
A testing scenario in the sense of De Nicola and Hennessy is developed to measure the worstcase efficiency of asynchronous systems using dense time, and it is shown that one can equivalently use discrete time. The resulting testingpreorder is characterized with some kind of refusal traces. Furthermore, the testingpreorder is refined to a precongruence for standard operators known from process algebras. Beside the usual complications with the choice operator, it turns out that even the prefix operation requires a refinement. Finally, the testingpreorder is compared to those gained from similar approaches.