Results 1  10
of
247
Symbolic Model Checking: 10^20 States and Beyond
, 1992
"... Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of st ..."
Abstract

Cited by 574 (30 self)
 Add to MetaCart
Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of states. We describe a general method that represents the state space symbolical/y instead of explicitly. The generality of our method comes from using a dialect of the MuCalculus as the primary specification language. We describe a model checking algorithm for MuCalculus formulas that uses Bryant’s Binary Decision Diagrams (Bryant, R. E., 1986, IEEE Trans. Comput. C35) to represent relations and formulas. We then show how our new MuCalculus model checking algorithm can be used to derive efficient decision procedures for CTL model checking, satistiability of lineartime temporal logic formulas, strong and weak observational equivalence of finite transition systems, and language containment for finite wautomata. The fixed point computations for each decision procedure are sometimes complex. but can be concisely expressed in the MuCalculus. We illustrate the practicality of our approach to symbolic model checking by discussing how it can be used to verify a simple synchronous pipeline circuit.
The synchronous dataflow programming language LUSTRE
 Proceedings of the IEEE
, 1991
"... This paper describes the language Lustre, which is a dataflow synchronous language, designed for programming reactive systems  such as automatic control and monitoring systems  as well as for describing hardware. The dataflow aspect of Lustre makes it very close to usual description tools in t ..."
Abstract

Cited by 488 (42 self)
 Add to MetaCart
This paper describes the language Lustre, which is a dataflow synchronous language, designed for programming reactive systems  such as automatic control and monitoring systems  as well as for describing hardware. The dataflow aspect of Lustre makes it very close to usual description tools in these domains (blockdiagrams, networks of operators, dynamical samplessystems, etc: : : ), and its synchronous interpretation makes it well suited for handling time in programs. Moreover, this synchronous interpretation allows it to be compiled into an efficient sequential program. Finally, the Lustre formalism is very similar to temporal logics. This allows the language to be used for both writing programs and expressing program properties, which results in an original program verification methodology. 1 Introduction Reactive systems Reactive systems have been defined as computing systems which continuously interact with a given physical environment, when this environment is unable to sy...
Concurrent Constraint Programming
, 1993
"... This paper presents a new and very rich class of (concurrent) programming languages, based on the notion of comput.ing with parhal information, and the concommitant notions of consistency and entailment. ’ In this framework, computation emerges from the interaction of concurrently executing agent ..."
Abstract

Cited by 442 (15 self)
 Add to MetaCart
This paper presents a new and very rich class of (concurrent) programming languages, based on the notion of comput.ing with parhal information, and the concommitant notions of consistency and entailment. ’ In this framework, computation emerges from the interaction of concurrently executing agents that communicate by placing, checking and instantiating constraints on shared variables. Such a view of computation is interesting in the context of programming languages because of the ability to represent and manipulate partial information about the domain of discourse, in the context of concurrency because of the use of constraints for communication and control, and in the context of AI because of the availability of simple yet powerful mechanisms for controlling inference, and the promise that very rich representational/programming languages, sharing the same set of abstract properties, may be possible. To reflect this view of computation, [Sar89] develops the cc family of languages. We present here one member of the family, CC(.L,+) (pronounced “cc with Ask and Choose”) which provides the basic operations of blocking Ask and atomic Tell and an algebra of behaviors closed under prefixing, indeterministic choice, interleaving, and hiding, and provides a mutual recursion operator. cc(.L,t) is (intentionally!) very similar to Milner’s CCS, but for the radically different underlying concept of communication, which, in fact, pro’ The class is founded on the notion of “constraint logic programming ” [JL87,Mah87], fundamentally generalizes concurrent logic programming, and is the subject of the first author’s dissertation [Sar89], on which this paper is substantially based.
An Object Calculus for Asynchronous Communication
 Proceedings of the European Conference on ObjectOriented Programming (ECOOP
, 1991
"... This paper presents a formal system based on the notion of objects and asynchronous communication. Built on Milner's work on ßcalculus, the communication primitive of the formal system is purely asynchronous, which makes it unique among various concurrency formalisms. Computationally this results i ..."
Abstract

Cited by 363 (29 self)
 Add to MetaCart
This paper presents a formal system based on the notion of objects and asynchronous communication. Built on Milner's work on ßcalculus, the communication primitive of the formal system is purely asynchronous, which makes it unique among various concurrency formalisms. Computationally this results in a consistent reduction of Milner's calculus, while retaining the same expressive power. Seen semantically asynchronous communication induces a surprisingly different framework where bisimulation is strictly more general than its synchronous counterpart. This paper shows basic construction of the formal system along with several illustrative examples. 1 Introduction The formal system introduced in this paper is intended to accomplish two purposes. First, it provides a simple and rigorous formalism which encapsulates essential features of concurrent objectorientation [26, 25]. Being successful as a programming methodology for dynamic concurrent computing, its theoretical contents are far f...
Relations in Concurrency
"... The theme of this paper is profunctors, and their centrality and ubiquity in understanding concurrent computation. Profunctors (a.k.a. distributors, or bimodules) are a generalisation of relations to categories. Here they are first presented and motivated via spans of event structures, and the seman ..."
Abstract

Cited by 263 (33 self)
 Add to MetaCart
The theme of this paper is profunctors, and their centrality and ubiquity in understanding concurrent computation. Profunctors (a.k.a. distributors, or bimodules) are a generalisation of relations to categories. Here they are first presented and motivated via spans of event structures, and the semantics of nondeterministic dataflow. Profunctors are shown to play a key role in relating models for concurrency and to support an interpretation as higherorder processes (where input and output may be processes). Two recent directions of research are described. One is concerned with a language and computational interpretation for profunctors. This addresses the duality between input and output in profunctors. The other is to investigate general spans of event structures (the spans can be viewed as special profunctors) to give causal semantics to higherorder processes. For this it is useful to generalise event structures to allow events which “persist.”
Branching Time and Abstraction in Bisimulation Semantics
 Journal of the ACM
, 1996
"... Abstract. In comparative concurrency semantics, one usually distinguishes between linear time and branching time semantic equivalences. Milner’s notion of ohsen~ation equirlalence is often mentioned as the standard example of a branching time equivalence. In this paper we investigate whether observa ..."
Abstract

Cited by 249 (14 self)
 Add to MetaCart
Abstract. In comparative concurrency semantics, one usually distinguishes between linear time and branching time semantic equivalences. Milner’s notion of ohsen~ation equirlalence is often mentioned as the standard example of a branching time equivalence. In this paper we investigate whether observation equivalence really does respect the branching structure of processes, and find that in the presence of the unobservable action 7 of CCS this is not the case. Therefore, the notion of branching hisimulation equivalence is introduced which strongly preserves the branching structure of processes, in the sense that it preserves computations together with the potentials in all intermediate states that are passed through, even if silent moves are involved. On closed KSterms branching bisimulation congruence can be completely axiomatized by the single axiom scheme: a.(7.(y + z) + y) = a.(y + z) (where a ranges over all actions) and the usual laws for strong congruence. WC also establish that for sequential processes observation equivalence is not preserved under refinement of actions, whereas branching bisimulation is. For a large class of processes, it turns out that branching bisimulation and observation equivalence are the same. As far as we know, all protocols that have been verified in the setting of observation equivalence happen to fit in this class, and hence are also valid in the stronger setting of branching hisimulation equivalence.
The Lazy Lambda Calculus
 Research Topics in Functional Programming
, 1990
"... Introduction The commonly accepted basis for functional programming is the calculus; and it is folklore that the calculus is the prototypical functional language in puri ed form. But what is the calculus? The syntax is simple and classical; variables, abstraction and application in the pure cal ..."
Abstract

Cited by 239 (3 self)
 Add to MetaCart
Introduction The commonly accepted basis for functional programming is the calculus; and it is folklore that the calculus is the prototypical functional language in puri ed form. But what is the calculus? The syntax is simple and classical; variables, abstraction and application in the pure calculus, with applied calculi obtained by adding constants. The further elaboration of the theory, covering conversion, reduction, theories and models, is laid out in Barendregt's already classical treatise [Bar84]. It is instructive to recall the following crux, which occurs rather early in that work (p. 39): Meaning of terms: rst attempt The meaning of a term is its normal form (if it exists). All terms without normal forms are identi ed. This proposal incorporates such a simple and natural interpretation of the calculus as
Modelling Concurrency with Partial Orders
, 1986
"... Concurrency has been expressed variously in terms of formal languages (typically via the shuffle operator), partial orders, and temporal logic, inter alia. In this paper we extract from these three approaches a single hybrid approach having a rich language that mixes algebra and logic and having a n ..."
Abstract

Cited by 239 (18 self)
 Add to MetaCart
Concurrency has been expressed variously in terms of formal languages (typically via the shuffle operator), partial orders, and temporal logic, inter alia. In this paper we extract from these three approaches a single hybrid approach having a rich language that mixes algebra and logic and having a natural class of models of concurrent processes. The heart of the approach is a notion of partial string derived from the view of a string as a linearly ordered multiset by relaxing the linearity constraint, thereby permitting partially ordered multisets or pomsets. Just as sets of strings form languages, so do sets of pomsets form processes. We introduce a number of operations useful for specifying concurrent processes and demonstrate their utility on some basic examples. Although none of the operations is particularly oriented to nets it is nevertheless possible to use them to express processes constructed as a net of subprocesses, and more generally as a system consisting of components. Th...
Domain Theory in Logical Form
 Annals of Pure and Applied Logic
, 1991
"... The mathematical framework of Stone duality is used to synthesize a number of hitherto separate developments in Theoretical Computer Science: • Domain Theory, the mathematical theory of computation introduced by Scott as a foundation for denotational semantics. • The theory of concurrency and system ..."
Abstract

Cited by 231 (10 self)
 Add to MetaCart
The mathematical framework of Stone duality is used to synthesize a number of hitherto separate developments in Theoretical Computer Science: • Domain Theory, the mathematical theory of computation introduced by Scott as a foundation for denotational semantics. • The theory of concurrency and systems behaviour developed by Milner, Hennessy et al. based on operational semantics. • Logics of programs. Stone duality provides a junction between semantics (spaces of points = denotations of computational processes) and logics (lattices of properties of processes). Moreover, the underlying logic is geometric, which can be computationally interpreted as the logic of observable properties—i.e. properties which can be determined to hold of a process on the basis of a finite amount of information about its execution. These ideas lead to the following programme:
A Foundation for Actor Computation
 Journal of Functional Programming
, 1998
"... We present an actor language which is an extension of a simple functional language, and provide a precise operational semantics for this extension. Actor configurations represent open distributed systems, by which we mean that the specification of an actor system explicitly takes into account the in ..."
Abstract

Cited by 222 (51 self)
 Add to MetaCart
We present an actor language which is an extension of a simple functional language, and provide a precise operational semantics for this extension. Actor configurations represent open distributed systems, by which we mean that the specification of an actor system explicitly takes into account the interface with external components. We study the composability of such systems. We define and study various notions of testing equivalence on actor expressions and configurations. The model we develop provides fairness. An important result is that the three forms of equivalence, namely, convex, must, and may equivalences, collapse to two in the presence of fairness. We further develop methods for proving laws of equivalence and provide example proofs to illustrate our methodology.