Results 1  10
of
218
Reflections on Standard ML
 FUNCTIONAL PROGRAMMING, CONCURRENCY, SIMULATION AND AUTOMATED REASONING, VOLUME 693 OF LNCS
, 1992
"... Standard ML is one of a number of new programming languages developed in the 1980s that are seen as suitable vehicles for serious systems and applications programming. It offers an excellent ratio of expressiveness to language complexity, and provides competitive efficiency. Because of its type an ..."
Abstract

Cited by 210 (4 self)
 Add to MetaCart
Standard ML is one of a number of new programming languages developed in the 1980s that are seen as suitable vehicles for serious systems and applications programming. It offers an excellent ratio of expressiveness to language complexity, and provides competitive efficiency. Because of its type and module system, Standard ML manages to combine safety, security, and robustness with much of the flexibility of dynamically typed languages like Lisp. It is also has the most welldeveloped scientific foundation of any major language. Here I review the strengths and weaknesses of Standard ML and describe some of what we have learned through the design, implementation, and use of the language.
Computing Simulations on Finite and Infinite Graphs
, 1996
"... . We present algorithms for computing similarity relations of labeled graphs. Similarity relations have applications for the refinement and verification of reactive systems. For finite graphs, we present an O(mn) algorithm for computing the similarity relation of a graph with n vertices and m edges ..."
Abstract

Cited by 171 (6 self)
 Add to MetaCart
(Show Context)
. We present algorithms for computing similarity relations of labeled graphs. Similarity relations have applications for the refinement and verification of reactive systems. For finite graphs, we present an O(mn) algorithm for computing the similarity relation of a graph with n vertices and m edges (assuming m n). For effectively presented infinite graphs, we present a symbolic similaritychecking procedure that terminates if a finite similarity relation exists. We show that 2D rectangular automata, which model discrete reactive systems with continuous environments, define effectively presented infinite graphs with finite similarity relations. It follows that the refinement problem and the 8CTL modelchecking problem are decidable for 2D rectangular automata. 1 Introduction A labeled graph G = (V; E;A; hh\Deltaii) consist of a (possibly infinite) set V of vertices, a set E ` V 2 of edges, a set A of labels, and a function hh\Deltaii : V ! A that maps each vertex v to a label hh...
The PEPA Workbench: A Tool to Support a Process Algebrabased Approach to Performance Modelling
 In Proceedings of the Seventh International Conference on Modelling Techniques and Tools for Computer Performance Evaluation, number 794 in Lecture Notes in Computer Science
, 1994
"... . In this paper we present a new technique for performance modelling and a tool supporting this approach. Performance Evaluation Process Algebra (PEPA) [1] is an algebraic language which can beused to build models of computer systems which capture information about the performance of the system. The ..."
Abstract

Cited by 168 (61 self)
 Add to MetaCart
(Show Context)
. In this paper we present a new technique for performance modelling and a tool supporting this approach. Performance Evaluation Process Algebra (PEPA) [1] is an algebraic language which can beused to build models of computer systems which capture information about the performance of the system. The PEPA language serves two purposes as a formal description language for computer system models. The performancerelated information in the model may be used to predict the performance of the system whereas the behavioural information in the model may be exploited when reasoning about the functional behaviour of the system (e.g. when finding deadlocks or when exhibiting equivalences between subcomponents). In this paper we concentrate on the performance aspects of the language. A method of reasoningaboutPEPA modelsproceedsby considering the derivation graph obtained from the model using the underlying operational semantics of the PEPA language. The derivation graph is systematically reduced ...
The NCSU Concurrency Workbench
, 1996
"... . The NCSU Concurrency Workbench is a tool for verifying finitestate systems. A key feature is its flexibility; its modular design eases the task of adding new analyses and changing the language users employ for describing systems. This note gives an overview of the system 's features, includi ..."
Abstract

Cited by 155 (22 self)
 Add to MetaCart
(Show Context)
. The NCSU Concurrency Workbench is a tool for verifying finitestate systems. A key feature is its flexibility; its modular design eases the task of adding new analyses and changing the language users employ for describing systems. This note gives an overview of the system 's features, including its capacity for generating diagnostic information for incorrect systems, and discusses some of its applications. 1 Introduction The NCSU Concurrency Workbench (NCSUCWB) [1] supports the automatic verification of finitestate concurrent systems. The main goal of the system is to provide users with a tool that is flexible and easy to use and yet whose performance is competitive with that of existing specialpurpose tools. In support of the former, and like its predecessor, the (Edinburgh) Concurrency Workbench [9, 15], the NCSUCWB includes implementations of decision procedures for calculating a number of different behavioral equivalences and preorders between systems and for determining whe...
HYTECH: The next generation
 In Proceedings of the 16th IEEE RealTime Systems Symposium
, 1995
"... Abstract. We describe a new implementation of HyTech 1,asymbolic model checker for hybrid systems. Given a parametric description of an embedded system as a collection of communicating automata, HyTech automatically computes the conditions on the parameters under which the system satis es its safety ..."
Abstract

Cited by 120 (9 self)
 Add to MetaCart
(Show Context)
Abstract. We describe a new implementation of HyTech 1,asymbolic model checker for hybrid systems. Given a parametric description of an embedded system as a collection of communicating automata, HyTech automatically computes the conditions on the parameters under which the system satis es its safety and timing requirements. While the original HyTech prototype was based on the symbolic algebra tool Mathematica, the new implementation is written in C ++ and builds on geometric algorithms instead of formula manipulation. The new HyTech o ers a cleaner and more expressive input language, greater portability, superior performance (typically two to three orders of magnitude), and new features such as diagnostic errortrace generation. We illustrate the e ectiveness of the new implementation by applying HyTech to the automatic parametric analysis of the generic railroad crossing benchmark problem [HJL93] and to an active structure control algorithm [ECB94]. 1
Priorities in process algebra
, 1999
"... This chapter surveys the semantic rami cations of extending traditional process algebras with notions of priority that allow for some transitions to be given precedence over others. The need for these enriched formalisms arises when one wishes to model system features such asinterrupts, prioritized ..."
Abstract

Cited by 113 (11 self)
 Add to MetaCart
(Show Context)
This chapter surveys the semantic rami cations of extending traditional process algebras with notions of priority that allow for some transitions to be given precedence over others. The need for these enriched formalisms arises when one wishes to model system features such asinterrupts, prioritized choice, orrealtime behavior. Approaches to priority in process algebras can be classi ed according to whether the induced notion of preemption on transitions is global or local and whether priorities are static or dynamic. Early work in the area concentrated on global preemption and static priorities and led to formalisms for modeling interrupts and aspects of realtime, such as maximal progress, in centralized computing environments. More recent research has investigated localized notions of preemption in which the distribution of systems is taken into account, as well as dynamic priority approaches, i.e., those where priority values may change as systems evolve. The latter allows one to model behavioral phenomena such as scheduling algorithms and also enables the e cient encoding of realtime semantics. Technically, this chapter studies the di erent models of priorities by presenting extensions of Milner's Calculus of Communicating Systems (CCS) with static and dynamic priority as well as with notions of global and local preemption. In each case the operational semantics of CCS is modi ed appropriately, behavioral theories based on strong and weak bisimulation are given, and related approaches for di erent processalgebraic settings are discussed.
The Generalized Railroad Crossing: A Case Study in Formal Verification of RealTime Systems
 IN PROC., REALTIME SYSTEMS SYMP
, 1994
"... A new solution to the Generalized Railroad Crossing problem, based on timed automata, invariants and simulation mappings, is presented and evaluated. The solution shows formally the correspondence between four system descriptions: an axiomatic specification, an operational specification, a discrete ..."
Abstract

Cited by 99 (20 self)
 Add to MetaCart
A new solution to the Generalized Railroad Crossing problem, based on timed automata, invariants and simulation mappings, is presented and evaluated. The solution shows formally the correspondence between four system descriptions: an axiomatic specification, an operational specification, a discrete system implementation, and a system implementation that works with a continuous gate model.
Fluent Model Checking for Eventbased Systems
 In Proceedings of FSE
, 2003
"... Model checking is an automated technique for verifying that a system satisfies a set of required properties. Such properties are typically expressed as temporal logic formulas, in which atomic propositions are predicates over state variables of the system. In eventbased system descriptions, states ..."
Abstract

Cited by 63 (7 self)
 Add to MetaCart
Model checking is an automated technique for verifying that a system satisfies a set of required properties. Such properties are typically expressed as temporal logic formulas, in which atomic propositions are predicates over state variables of the system. In eventbased system descriptions, states are not characterized by state variables, but rather by the behavior that originates in these states in terms of actions. In this context, it is natural for temporal formulas to be built from atomic propositions that are predicates on the occurrence of actions. The paper identifies limitations in this approach and introduces "fluent" propositions that permit formulas to naturally express properties that combine state and action. A fluent is a property of the world that holds after it is initiated by an action and ceases to hold when terminated by another action. The paper describes an approach to model checking fluentbased lineartemporal logic properties, with its implementation and application in the LTSA tool.
Saturation: an efficient iteration strategy for symbolic state space generation
 PROC. TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS (TACAS), LNCS 2031
, 2001
"... We present a novel algorithm for generating state spaces of asynchronous systems using Multi–valued Decision Diagrams. In contrast to related work, we encode the next–state function of a system not as a single Boolean function, but as cross–products of integer functions. This permits the applicati ..."
Abstract

Cited by 62 (33 self)
 Add to MetaCart
(Show Context)
We present a novel algorithm for generating state spaces of asynchronous systems using Multi–valued Decision Diagrams. In contrast to related work, we encode the next–state function of a system not as a single Boolean function, but as cross–products of integer functions. This permits the application of various iteration strategies to build a system’s state space. In particular, we introduce a new elegant strategy, called saturation, and implement it in the tool SMART. On top of usually performing several orders of magnitude faster than existing BDD–based state–space generators, our algorithm’s required peak memory is often close to the final memory needed for storing the overall state space.