Results 1  10
of
39
Algebraic Process Verification
 Handbook of Process Algebra, chapter 17
"... This chapter addresses the question how to verify distributed and communicating systems in an e#ective way from an explicit process algebraic standpoint. This means that all calculations are based on the axioms and principles of the process algebras. ..."
Abstract

Cited by 62 (16 self)
 Add to MetaCart
This chapter addresses the question how to verify distributed and communicating systems in an e#ective way from an explicit process algebraic standpoint. This means that all calculations are based on the axioms and principles of the process algebras.
The safety guaranteeing system at station HoornKersenboogerd

"... At the Dutch station HoornKersenboogerd, computer equipment is used for the safe and in time movement of trains. The computer equipment can be divided in two layers. A top layer offering an interface and means to help a human operator in scheduling train movement. And a bottom layer which checks wh ..."
Abstract

Cited by 41 (4 self)
 Add to MetaCart
At the Dutch station HoornKersenboogerd, computer equipment is used for the safe and in time movement of trains. The computer equipment can be divided in two layers. A top layer offering an interface and means to help a human operator in scheduling train movement. And a bottom layer which checks whether commands issued by the top layer can safely be executed by the rail hardware and which acts appropriately on detection of a hazardous situation. The bottom layer is implemented with a programmable piece of equipment namely a Vital Processor Interlocking (VPI). This paper introduces the most important features of the VPI at HoornKersenboogerd. This particular VPI is modelled in CRL. Furthermore, the paper touches upon correctness criteria and tool support for VPIs, and suggests ways for verification of properties of VPIs. Experiments show that it is indeed possible to efficiently verify these correctness criteria.
Action Transducers and Timed Automata
 Formal Aspects of Computing
, 1996
"... The timed automaton model of [LV92, LV93] is a general model for timingbased systems. A notion of timed action transducer is here defined as an automatatheoretic way of representing operations on timed automata. It is shown that two timed trace inclusion relations are substitutive with respect to ..."
Abstract

Cited by 40 (13 self)
 Add to MetaCart
The timed automaton model of [LV92, LV93] is a general model for timingbased systems. A notion of timed action transducer is here defined as an automatatheoretic way of representing operations on timed automata. It is shown that two timed trace inclusion relations are substitutive with respect to operations that can be described by timed action transducers. Examples are given of operations that can be described in this way, and a preliminary proposal is given for an appropriate language of operators for describing timingbased systems.
Focus points and convergent process operators: A proof strategy for protocol veri cation
, 1995
"... We present a strategy for nding algebraic correctness proofs for communication systems. It is described in the setting of CRL [11], which is, roughly, ACP [2, 3] extended with a formal treatment of the interaction between data and processes. The strategy has already been applied successfully in [4] ..."
Abstract

Cited by 39 (11 self)
 Add to MetaCart
We present a strategy for nding algebraic correctness proofs for communication systems. It is described in the setting of CRL [11], which is, roughly, ACP [2, 3] extended with a formal treatment of the interaction between data and processes. The strategy has already been applied successfully in [4] and [10], but was not explicitly identi ed as such. Moreover, the protocols that were veri ed in these papers were rather complex, so that the general picture was obscured by the amount of details. In this paper, the proof strategy is materialised in the form of de nitions and theorems. These results reduce a large part of protocol veri cation to a number of trivial facts concerning data parameters occurring in implementation and speci cation. This greatly simpli es protocol veri cations and makes our approach amenable to mechanical assistance � experiments in this direction seem promising. The strategy is illustrated by several small examples and one larger example, the Concurrent Alternating Bit Protocol (CABP). Although simple, this protocol contains a large amount ofinternal parallelism, so that all relevant issuesmaketheir appearance.
A Conservative Look at Operational Semantics with Variable Binding
 INFORMATION AND COMPUTATION
, 1998
"... We set up a formal framework to describe transition system specifications in the style of Plotkin. This framework has the power to express manysortedness, general binding mechanisms and substitutions, among other notions such as negative hypotheses and unary predicates on terms. The framework i ..."
Abstract

Cited by 31 (4 self)
 Add to MetaCart
We set up a formal framework to describe transition system specifications in the style of Plotkin. This framework has the power to express manysortedness, general binding mechanisms and substitutions, among other notions such as negative hypotheses and unary predicates on terms. The framework is used to present a conservativity format in operational semantics, which states sufficient criteria to ensure that the extension of a transition system specification with new transition rules does not affect the semantics of the original terms.
ModelChecking CSPOZ Specifications with FDR
 IN ARAKI ET AL
, 1999
"... CSPOZ is a formal method integrating two different specifications formalisms into one: the formalism ObjectZ for the description of static aspects, and the process algebra CSP for the description of the dynamic behaviour of systems. The semantics of CSPOZ is failure divergence taken from the ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
CSPOZ is a formal method integrating two different specifications formalisms into one: the formalism ObjectZ for the description of static aspects, and the process algebra CSP for the description of the dynamic behaviour of systems. The semantics of CSPOZ is failure divergence taken from the process algebra side. In this paper we propose a method for checking correctness of CSPOZ specifications via a translation into the CSP dialect of the model checker FDR.
A Bounded Retransmission Protocol for Large Data Packets. A Case Study in Computer Checked Algebraic Verification
"... This note describes a protocol for the transmission of data packets that are too large to be transferred in their entirety. Therefore, the protocol splits the data packets and broadcasts it in parts. It is assumed that in case of failure of transmission through data channels, only a limited number o ..."
Abstract

Cited by 20 (8 self)
 Add to MetaCart
This note describes a protocol for the transmission of data packets that are too large to be transferred in their entirety. Therefore, the protocol splits the data packets and broadcasts it in parts. It is assumed that in case of failure of transmission through data channels, only a limited number of retries are allowed (bounded retransmission). If repeated failure occurs, the protocol stops trying and the sending and receiving protocol users are informed accordingly. The protocol and its external behaviour are speci ed in CRL. The correspondence between these is shown using the axioms of CRL. The whole proof of this correspondence has been computer checked using the proof checker Coq. This provides an example showing that proof checking of realistic protocols is feasible within the setting of process algebras.
Formalizing Process Algebraic Verifications in the Calculus of Constructions
"... This paper reports on the first steps towards the formal verification of correctness proofs of reallife protocols in process algebra. We show that proofs can be verified, and partly constructed, by a general purpose proof checker. The process algebra we use is µCRL, ACP augmented with data, wh ..."
Abstract

Cited by 18 (7 self)
 Add to MetaCart
This paper reports on the first steps towards the formal verification of correctness proofs of reallife protocols in process algebra. We show that proofs can be verified, and partly constructed, by a general purpose proof checker. The process algebra we use is µCRL, ACP augmented with data, which is small enough to make the verification feasible, and at the same time expressive enough for the specification of reallife protocols. The proof checker we use is Coq, which is based on the Calculus of Constructions, an extension of simply typed lambda calculus. The focus is on the translation of the proof theory of µCRL and µCRLspecifications to Coq. As a case study, we verified the Alternating Bit Protocol.
Specification of Rewriting Strategies
 2nd International Workshop on the Theory and Practice of Algebraic Specifications (ASF+SDF'97), Electronic Workshops in Computing
, 1997
"... Userdefinable strategies for the application of rewrite rules provide a means to construct transformation systems that apply rewrite rules in a controlled way. This paper describes a strategy language and its interpretation. The language is used to control the rewriting of terms using labeled rewri ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
Userdefinable strategies for the application of rewrite rules provide a means to construct transformation systems that apply rewrite rules in a controlled way. This paper describes a strategy language and its interpretation. The language is used to control the rewriting of terms using labeled rewrite rules. Rule labels are atomic strategies. Compound strategies are formed by means of sequential composition, nondeterministic choice, left choice, fixed point recursion, and two primitives for expressing term traversal. Several complex strategies such as bottomup and topdown application and (parallel) innermost and (parallel) outermost reduction can be defined in terms of these primitives. The paper contains two case studies of the application of strategies. 1 Introduction Term rewriting is an ideal technique for program transformation where the transformation of one construct into another is defined by means of rewrite rules. Usually, the rewrite engine contracts redexes according to ...
The Parallel Composition of Uniform Processes with Data
 Theoretical Computer Science
, 2001
"... A general basis for the definition of a finite but unbounded number of parallel processes is the equation S(n; dt) = P (0; get(0; dt))/ eq(n; 0) .(P (n; get(n; dt)) k S(n \Gamma 1; dt)). In this formula eq(n; 0) is an equality test, and get(n; dt) denotes the nth data element in table dt . We deri ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
A general basis for the definition of a finite but unbounded number of parallel processes is the equation S(n; dt) = P (0; get(0; dt))/ eq(n; 0) .(P (n; get(n; dt)) k S(n \Gamma 1; dt)). In this formula eq(n; 0) is an equality test, and get(n; dt) denotes the nth data element in table dt . We derive a linear process equation with the same behaviour as S(n; dt ), and show that this equation is welldefined, provided one adopts the principle CLRSP from [4]. In order to demonstrate the strength of our result, we use it for the analysis of a standard example. We show that n + 1 concatenated buffers form a queue of capacity n + 1. 1 Introduction Distributed algorithms are often configured as an arbitrarily large but finite set of processors that run a similar program. Using the formalism CRL (micro Common Representation Language [9]) this can be described, using recursion and operators for parallelism. Several benchmark verifications in CRL and process algebra are therefore based on the...