Results 1  10
of
82
Branching Time and Abstraction in Bisimulation Semantics
 Journal of the ACM
, 1996
"... Abstract. In comparative concurrency semantics, one usually distinguishes between linear time and branching time semantic equivalences. Milner’s notion of ohsen~ation equirlalence is often mentioned as the standard example of a branching time equivalence. In this paper we investigate whether observa ..."
Abstract

Cited by 249 (14 self)
 Add to MetaCart
Abstract. In comparative concurrency semantics, one usually distinguishes between linear time and branching time semantic equivalences. Milner’s notion of ohsen~ation equirlalence is often mentioned as the standard example of a branching time equivalence. In this paper we investigate whether observation equivalence really does respect the branching structure of processes, and find that in the presence of the unobservable action 7 of CCS this is not the case. Therefore, the notion of branching hisimulation equivalence is introduced which strongly preserves the branching structure of processes, in the sense that it preserves computations together with the potentials in all intermediate states that are passed through, even if silent moves are involved. On closed KSterms branching bisimulation congruence can be completely axiomatized by the single axiom scheme: a.(7.(y + z) + y) = a.(y + z) (where a ranges over all actions) and the usual laws for strong congruence. WC also establish that for sequential processes observation equivalence is not preserved under refinement of actions, whereas branching bisimulation is. For a large class of processes, it turns out that branching bisimulation and observation equivalence are the same. As far as we know, all protocols that have been verified in the setting of observation equivalence happen to fit in this class, and hence are also valid in the stronger setting of branching hisimulation equivalence.
Reasoning about Rings
, 1995
"... The ring is a useful means of structuring concurrent processes. Processes communicate by passing a token in a fixed direction; the process that possesses the token is allowed to perfrom certain actions. Usually, correctness properties are expected to hold irrespective of the size of the ring. We sho ..."
Abstract

Cited by 80 (6 self)
 Add to MetaCart
The ring is a useful means of structuring concurrent processes. Processes communicate by passing a token in a fixed direction; the process that possesses the token is allowed to perfrom certain actions. Usually, correctness properties are expected to hold irrespective of the size of the ring. We show that the problem of checking many useful correctness properties for rings of all sizes can be reduced to checking them on ring of sizes up to a small cutoff size. We apply our results to the verification of a mutual exclusion protocol and Milner's scheduler protocol. 1
Modal and Temporal Logics for Processes
, 1996
"... this paper have been presented at the 4th European Summer School in Logic, Language and Information, University of Essex, 1992; at the Tempus Summer School for Algebraic and Categorical Methods in Computer Science, Masaryk University, Brno, 1993; and the Summer School in Logic Methods in Concurrency ..."
Abstract

Cited by 69 (2 self)
 Add to MetaCart
this paper have been presented at the 4th European Summer School in Logic, Language and Information, University of Essex, 1992; at the Tempus Summer School for Algebraic and Categorical Methods in Computer Science, Masaryk University, Brno, 1993; and the Summer School in Logic Methods in Concurrency, Aarhus University, 1993. I would like to thank the organisers and the participants of these summer schools, and of the Banff higher order workshop. I would also like to thank Julian Bradfield for use of his Tex tree constructor for building derivation trees and Carron Kirkwood, Faron Moller, Perdita Stevens and David Walker for comments on earlier drafts.
A Partial Order Approach to Branching Time Logic Model Checking
 Information and Computation
, 1994
"... Partial order techniques enable reducing the size of the state graph used for model checking, thus alleviating the `state space explosion' problem. These reductions are based on selecting a subset of the enabled operations from each program state. So far, these methods have been studied, implemented ..."
Abstract

Cited by 53 (12 self)
 Add to MetaCart
Partial order techniques enable reducing the size of the state graph used for model checking, thus alleviating the `state space explosion' problem. These reductions are based on selecting a subset of the enabled operations from each program state. So far, these methods have been studied, implemented and demonstrated for assertional languages that model the executions of a program as computation sequences, in particular the logic LTL (linear temporal logic). The present paper shows, for the first time, how this approach can be applied to languages that model the behavior of a program as a tree. We study here partial order reductions for branching temporal logics, e.g., the logics CTL and CTL (all logics with the nexttime operator removed) and process algebras such as CCS. Conditions on the subset of successors from each node to guarantee reduction that preserves CTL properties are given. Provided experimental results show that the reduction is substantial. 1 Introduction Partial ord...
Fluent Model Checking for Eventbased Systems
 In Proceedings of FSE
, 2003
"... Model checking is an automated technique for verifying that a system satisfies a set of required properties. Such properties are typically expressed as temporal logic formulas, in which atomic propositions are predicates over state variables of the system. In eventbased system descriptions, states ..."
Abstract

Cited by 46 (6 self)
 Add to MetaCart
Model checking is an automated technique for verifying that a system satisfies a set of required properties. Such properties are typically expressed as temporal logic formulas, in which atomic propositions are predicates over state variables of the system. In eventbased system descriptions, states are not characterized by state variables, but rather by the behavior that originates in these states in terms of actions. In this context, it is natural for temporal formulas to be built from atomic propositions that are predicates on the occurrence of actions. The paper identifies limitations in this approach and introduces "fluent" propositions that permit formulas to naturally express properties that combine state and action. A fluent is a property of the world that holds after it is initiated by an action and ceases to hold when terminated by another action. The paper describes an approach to model checking fluentbased lineartemporal logic properties, with its implementation and application in the LTSA tool.
Hereditary History Preserving Bisimulations or What is the Power of the Future Perfect in Program Logics
 Polish Academy of Sciences
, 1991
"... Contents 1 History Preserving Bisimulations on Labelled Event Structures 2 1.1 Finitary Prime Event Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Labelled Event Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 History Preserving Bisimulations ..."
Abstract

Cited by 36 (0 self)
 Add to MetaCart
Contents 1 History Preserving Bisimulations on Labelled Event Structures 2 1.1 Finitary Prime Event Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Labelled Event Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.3 History Preserving Bisimulations . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.4 Relations Between History Preserving Bisimulations . . . . . . . . . . . . . . . . 5 2 History Preserving Bisimulations and Refinement 7 2.1 Refinement of Labelled Event Structures . . . . . . . . . . . . . . . . . . . . . . . 7 2.2 History Preserving Bisimulations vs Refinement . . . . . . . . . . . . . . . . . . . 8 3 Back and Forth Bisimulation on Sequential Systems 8 3.1 Unfolding transition systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.2 Unfolding versus BackandForth Bisimulation . . . . . . . . . . . . . . . . . . . 12 3.3 The Power of the Future Pe
Branching bisimilarity is an equivalence indeed
 Inform. Process. Lett
, 1996
"... Communicated by P.M.B. Vitiyi This note presents a detailed proof of a result in the theory of concurrency semantics that is already considered folklore, namely that branching bisimilarity is an equivalence relation. The “simple proof ‘, which in the literature is always assumed to exist, is shown t ..."
Abstract

Cited by 33 (3 self)
 Add to MetaCart
Communicated by P.M.B. Vitiyi This note presents a detailed proof of a result in the theory of concurrency semantics that is already considered folklore, namely that branching bisimilarity is an equivalence relation. The “simple proof ‘, which in the literature is always assumed to exist, is shown to be incorrect. The proof in this note is based on the notion of a semibranching bisimulation taken from (Van Glabbeek and Weijland, 1991). Branching bisimilarity can equivalently be defined in terms of semibranching bisimulations; the results suggest that such a definition is more intuitive than the original definition of Van Glabbeek and Weijland ( 1989).
State/eventbased software model checking
 In Integrated Formal Methods
, 2004
"... Abstract. We present a framework for model checking concurrent software systems which incorporates both states and events. Contrary to other state/event approaches, our work also integrates two powerful verification techniques, counterexampleguided abstraction refinement and compositional reasoning ..."
Abstract

Cited by 32 (8 self)
 Add to MetaCart
Abstract. We present a framework for model checking concurrent software systems which incorporates both states and events. Contrary to other state/event approaches, our work also integrates two powerful verification techniques, counterexampleguided abstraction refinement and compositional reasoning. Our specification language is a state/event extension of linear temporal logic, and allows us to express many properties of software in a concise and intuitive manner. We show how standard automatatheoretic LTL model checking algorithms can be ported to our framework at no extra cost, enabling us to directly benefit from the large body of research on efficient LTL verification. We have implemented this work within our concurrent C model checker, MAGIC, and checked a number of properties of OpenSSL0.9.6c (an opensource implementation of the SSL protocol) and MicroC OS version 2 (a realtime operating system for embedded applications). Our experiments show that this new approach not only eases the writing of specifications, but also yields important gains both in space and in time during verification. In certain cases, we even encountered specifications that could not be verified using traditional pure eventbased or statebased approaches, but became tractable within our state/event framework. We report a bug in the source code of MicroC OS version 2, which was found during our experiments. 1
Towards Model Checking Stochastic Process Algebra
, 2000
"... . Stochastic process algebra have been proven useful because they allow behaviouroriented performance and reliability modelling. As opposed to traditional performance modelling techniques, the behaviouroriented style supports composition and abstraction in a natural way. However, analysis of stocha ..."
Abstract

Cited by 23 (9 self)
 Add to MetaCart
. Stochastic process algebra have been proven useful because they allow behaviouroriented performance and reliability modelling. As opposed to traditional performance modelling techniques, the behaviouroriented style supports composition and abstraction in a natural way. However, analysis of stochastic process algebra models is stateoriented, because standard numerical analysis is typically based on the calculation of (transient and steady) state probabilities. This shift of paradigms hampers the acceptance of the process algebraic approach by performance modellers. In this paper, we develop an entirely behaviouroriented analysis technique for stochastic process algebra. The key contribution is an actionbased temporal logic to describe behavioursofinterest, together with a model checking algorithm to derive the probability with which a stochastic process algebra model exhibits a given behaviourofinterest. 1 Introduction The analysis of systems with respect to their performance...
Modal Logic, Transition Systems and Processes
, 1994
"... Transition systems can be viewed either as process diagrams or as Kripke structures. The first perspective is that of process theory, the second that of modal logic. This paper shows how various formalisms of modal logic can be brought to bear on processes. Notions of bisimulation can not only be mo ..."
Abstract

Cited by 22 (3 self)
 Add to MetaCart
Transition systems can be viewed either as process diagrams or as Kripke structures. The first perspective is that of process theory, the second that of modal logic. This paper shows how various formalisms of modal logic can be brought to bear on processes. Notions of bisimulation can not only be motivated by operations on transition systems, but they can also be suggested by investigations of modal formalisms. To show that the equational view of processes from process algebra is closely related to modal logic, we consider various ways of looking at the relation between the calculus of basic process algebra and propositional dynamic logic. More concretely, the paper contains preservation results for various bisimulation notions, a result on the expressive power of propositional dynamic logic, and a definition of bisimulation which is the proper notion of invariance for concurrent propositional dynamic logic. Keywords: modal logic, transition systems, bisimulation, process algebra 1 In...