Abstract not found

A unified, comprehensive presentation of simulation techniques for verification of concurrent systems is given, in terms of a simple untimed automaton model. In particular, (1) refinements, (2) forward and backward simulations, (3) hybrid forward-backward and backward-forward simulations, and (4) history and prophecy relations are defined. History and prophecy relations are abstract versions of the history and prophecy variables of Abadi and Lamport, as well as the auxiliary variables of Owicki and Gries. Relationships between the different types of simulations, as well as soundness and completeness results, are stated and proved. Finally, it is shown how invariants can be incorporated into all the simulations. Even though many results are presented here for the first time, this paper can also be read as a survey (in a simple setting) of the research literature on simulation techniques. The development for untimed automata is designed to support a similar development for timed automata...

) Michael Merritt AT&T Bell Laboratories 600 Mountain Avenue Murray Hill, NJ 07974 merritt@research.att.com Francesmary Modugno School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 fmm@cs.cmu.edu Mark R. Tuttle DEC Cambridge Research Lab One Kendall Sq., Bldg. 700 Cambridge, MA 02139 tuttle@crl.dec.com Abstract In this paper, we augment the input-output automaton model in order to reason about time in concurrent systems, and we prove simple properties of this augmentation. The input-output automata model is a useful model for reasoning about computation in concurrent and distributed systems because it allows fundamental properties such as fairness and compositionality to be expressed easily and naturally. A unique property of the model is that systems are modeled as the composition of autonomous components. This paper describes a way to add a notion of time to the model in a way that preserves these properties. The result is a simple, compositional model fo...

A general automaton model for timing-based systems is presented and is used as the context for developing a variety of simulation proof techniques for such systems. As a first step, a comprehensive overview of simulation techniques for simple untimed automata is given. In particular, soundness and completeness results for (1) refinements, (2) forward and backward simulations, (3) forward-backward and backward-forward simulations, and (4) history and prophecy relations are given. History and prophecy relations are new and are abstractions of the history variables of Owicki and Gries and the prophecy variables of Abadi and Lamport, respectively. As a subsequent step, it is shown how most of the results for untimed automata can be carried over to the setting of timed automata. In fact, many of the results for the timed case are obtained as consequences of the analogous results for the untimed case.

. In this survey paper we present some of the recent developments in the temporal formal system for the specification, verification and development of reactive programs. While the general methodology remains very much the one presented in some earlier works on the subject, such as [MP83c, MP83a, Pnu86], there have been several technical improvements and gained insights in understanding the computational model, the logic itself, the proof system and its presentation, and connections with alternative formalisms, such as finite automata. In this paper we explicate some of these improvements and extensions. The main difference between this and preceding versions is that here we consider a notion of validity for temporal formulae, which is anchored at the initial state of the computation. The paper discusses some of the consequences of this decision. Key words: Temporal Logic, Reactive Systems, Concurrent Programs, Specification, Verification, Proof System, Classification of Prtoperties, Sa...

We present a strategy for nding algebraic correctness proofs for communication systems. It is described in the setting of CRL [11], which is, roughly, ACP [2, 3] extended with a formal treatment of the interaction between data and processes. The strategy has already been applied successfully in [4] and [10], but was not explicitly identi ed as such. Moreover, the protocols that were veri ed in these papers were rather complex, so that the general picture was obscured by the amount of details. In this paper, the proof strategy is materialised in the form of de nitions and theorems. These results reduce a large part of protocol veri cation to a number of trivial facts concerning data parameters occurring in implementation and speci cation. This greatly simpli es protocol veri cations and makes our approach amenable to mechanical assistance � experiments in this direction seem promising. The strategy is illustrated by several small examples and one larger example, the Concurrent Alternating Bit Protocol (CABP). Although simple, this protocol contains a large amount ofinternal parallelism, so that all relevant issuesmaketheir appearance.

We investigate the power of Kahn-style dataflow networks, with processes that may exhibit indeterminate behavior. Our main result is a theorem about networks of "monotone" processes, which shows: (1) that the input/output relation of such a network is a total and monotone relation; and (2) every relation that is total, monotone, and continuous in a certain sense, is the input/output relation of such a network. Now, the class of monotone networks includes networks that compute arbitrary continuous input/output functions, an "angelic merge" network, and an "infinity-fair merge" network that exhibits countably indeterminate branching. Since the "fair merge" relation is neither monotone nor continuous, a corollary of our main result is the impossibility of implementing fair merge in terms of continuous functions, angelic merge, and infinity-fair merge. Our results are established by applying the powerful technique of "residuals" to the computations of a network. Residuals, which have previ...

work may not be copied or reproduced in whole or in part for any commercial

A team automaton is said to satisfy compositionality if its behaviour can be described in terms of the behaviour of its constituting component automata. As an initial investigation of the conditions under which team automata satisfy compositionality, we study their computations and behaviour in relation to those of their constituting component automata. We show that the construction of team automata according to certain natural types of synchronization guarantees compositionality.

Abstract The paper presents an axiomatic system for quantified propositional temporal logic (qptl), which is propositional temporal logic equipped with quantification over propositions (boolean variables). The advantages of this extended temporal logic is that its expressive power is strictly higher than that of the unquantified version (ptl) and is equal to that of S1S, as well as that of !-automata. Another important application of qptl is its use for formulating and verifying refinement relations between reactive systems. In fact, the completeness proof is based on the reduction of a qptl formula into a Buchi automaton, and performing equivalence transformations on this automata, formally justifying these transformations. 1 Introduction For a long time, temporal logics have been mainly used for the specification and verification of properties of reactive systems. According to this approach, a system is specified by a list of properties, all of which should be satisfied by any acc...