Results 1  10
of
34
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2407 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Probabilistic Simulations for Probabilistic Processes
, 1994
"... Several probabilistic simulation relations for probabilistic systems are defined and evaluated according to two criteria: compositionality and preservation of "interesting" properties. Here, the interesting properties of a system are identified with those that are expressible in an untimed version o ..."
Abstract

Cited by 270 (18 self)
 Add to MetaCart
Several probabilistic simulation relations for probabilistic systems are defined and evaluated according to two criteria: compositionality and preservation of "interesting" properties. Here, the interesting properties of a system are identified with those that are expressible in an untimed version of the Timed Probabilistic concurrent Computation Tree Logic (TPCTL) of Hansson. The definitions are made, and the evaluations carried out, in terms of a general labeled transition system model for concurrent probabilistic computation. The results cover weak simulations, which abstract from internal computation, as well as strong simulations, which do not.
Deriving Bisimulation Congruences for Reactive Systems
 In Proc. of CONCUR 2000, 2000. LNCS 1877
, 2000
"... . The dynamics of reactive systems, e.g. CCS, has often been de ned using a labelled transition system (LTS). More recently it has become natural in de ning dynamics to use reaction rules  i.e. unlabelled transition rules  together with a structural congruence. But LTSs lead more naturally to beha ..."
Abstract

Cited by 116 (14 self)
 Add to MetaCart
. The dynamics of reactive systems, e.g. CCS, has often been de ned using a labelled transition system (LTS). More recently it has become natural in de ning dynamics to use reaction rules  i.e. unlabelled transition rules  together with a structural congruence. But LTSs lead more naturally to behavioural equivalences. So one would like to derive from reaction rules a suitable LTS. This paper shows how to derive an LTS for a wide range of reactive systems. A label for an agent a is de ned to be any context F which intuitively is just large enough so that the agent Fa (\a in context F ") is able to perform a reaction. The key contribution of this paper is a precise de nition of \just large enough", in terms of the categorical notion of relative pushout (RPO), which ensures that bisimilarity is a congruence when sucient RPOs exist. Two examples  a simpli ed form of action calculi and termrewriting  are given, for which it is shown that su cient RPOs indeed exist. The thrust of thi...
Noninterference for concurrent programs and thread systems
 Theoretical Computer Science
, 2002
"... ..."
A Coinductive Calculus of Component Connectors
, 2002
"... Reo is a recently introduced channelbased coordination model, wherein complex coordinators, called connectors, are compositionally built out of simpler ones. Using a more liberal notion of a channel, Reo generalises existing dataflow networks. In this paper, we present a simple and transparent sema ..."
Abstract

Cited by 58 (25 self)
 Add to MetaCart
Reo is a recently introduced channelbased coordination model, wherein complex coordinators, called connectors, are compositionally built out of simpler ones. Using a more liberal notion of a channel, Reo generalises existing dataflow networks. In this paper, we present a simple and transparent semantical model for Reo, in which connectors are relations on timed data streams. Timed data streams constitute a characteristic of our model and consist of twin pairs of separate data and time streams. Furthermore, coinduction is our main reasoning principle and we use it to prove properties such as connector equivalence.
Modal Logics and muCalculi: An Introduction
, 2001
"... We briefly survey the background and history of modal and temporal logics. We then concentrate on the modal mucalculus, a modal logic which subsumes most other commonly used logics. We provide an informal introduction, followed by a summary of the main theoretical issues. We then look at modelchec ..."
Abstract

Cited by 44 (3 self)
 Add to MetaCart
We briefly survey the background and history of modal and temporal logics. We then concentrate on the modal mucalculus, a modal logic which subsumes most other commonly used logics. We provide an informal introduction, followed by a summary of the main theoretical issues. We then look at modelchecking, and finally at the relationship of modal logics to other formalisms.
Correctness of Pipelined Machines
 Formal Methods in ComputerAided Designâ€“FMCAD 2000, volume 1954 of LNCS
"... The correctness of pipelined machines is a subject that has been studied extensively. Most of the recent work has used variants of the Burch and Dill notion of correctness [4]. As new features are modeled, e.g., interrupts, new notions of correctness are developed. Given the plethora of correctness ..."
Abstract

Cited by 26 (13 self)
 Add to MetaCart
The correctness of pipelined machines is a subject that has been studied extensively. Most of the recent work has used variants of the Burch and Dill notion of correctness [4]. As new features are modeled, e.g., interrupts, new notions of correctness are developed. Given the plethora of correctness conditions, the question arises: what is a reasonable notion of correctness? We discuss the issue at length and show, by mechanical proof, that variants of the Burch and Dill notion of correctness are awed. We propose a notion of correctness based on WEBs (Wellfounded Equivalence Bisimulations) [16, 19]. Briey, our notion of correctness implies that the ISA (Instruction Set Architecture) and MA (MicroArchitecture) machines have the same observable in nite paths, up to stuttering. This implies that the two machines satisfy the same CTL* X properties and the same safety and liveness properties (up to stuttering). To test the utility of the idea, we use ACL2 to verify s...
Iterating Transducers
, 2001
"... Regular languages have proved useful for the symbolic state exploration of infinite state systems. They can be used to represent infinite sets of system configurations; the transitional semantics of the system consequently can be modeled by finitestate transducers. A standard problem encountered ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
Regular languages have proved useful for the symbolic state exploration of infinite state systems. They can be used to represent infinite sets of system configurations; the transitional semantics of the system consequently can be modeled by finitestate transducers. A standard problem encountered when doing symbolic state exploration for infinite state systems is how to explore all states in a finite amount of time. When representing the onestep transition relation of a system by a finitestate transducer T , this problem boils down to finding an appropriate finitestate representation T for its transitive closure. In this
Bisimulation, Modal Logic and Model Checking Games
, 1999
"... We give a very brief introduction to how concurrent systems can be modelled within process calculi, as terms of an algebraic language whose behaviours are described using transitions. Reasoning has centred on two kinds of questions. One is relationships between descriptions of concurrent systems. Th ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
We give a very brief introduction to how concurrent systems can be modelled within process calculi, as terms of an algebraic language whose behaviours are described using transitions. Reasoning has centred on two kinds of questions. One is relationships between descriptions of concurrent systems. The other is appropriate logics for describing crucial properties of concurrent systems. Bisimulation equivalence is briefly described. It can also be characterised in terms of modal logic (HennessyMilner logic). However as a logic it is not very expressive. So we also describe modal mucalculus which is a very expressive temporal logic. In the main part of the paper we show that property checking can be understood in terms of game playing. In the finite state case, games underpin ecient model checking algorithms. The games are also denable independently of property checking as graph games which can be reduced to other combinatorial games.