Results 11  20
of
301
The concurrency workbench: A semantics based tool for the verification of concurrent systems
 In Proceedings of the Workshop on Automatic Verification Methods for Finite State Machines
, 1991
"... Abstract The Concurrency Workbench is an automated tool for analyzing networks of finitestate processes expressed in Milner's Calculus of Communicating Systems. Its key feature is its breadth: a variety of different verification methods, including equivalence checking, preorder checking, and model ..."
Abstract

Cited by 102 (3 self)
 Add to MetaCart
Abstract The Concurrency Workbench is an automated tool for analyzing networks of finitestate processes expressed in Milner's Calculus of Communicating Systems. Its key feature is its breadth: a variety of different verification methods, including equivalence checking, preorder checking, and model checking, are supported for several different process semantics. One experience from our work is that a large number of interesting verification methods can be formulated as combinations of a small number of primitive algorithms. The Workbench has been applied to the verification of communications protocols and mutual exclusion algorithms and has proven a valuable aid in teaching and research. 1 Introduction This paper describes the Concurrency Workbench [11, 12, 13], a tool that supports the automatic verification of finitestate processes. Such tools are practically motivated: the development of complex distributed computer systems requires sophisticated verification techniques to guarantee correctness, and the increase in detail rapidly becomes unmanageable without computer assistance. Finitestate systems, such as communications protocols and hardware, are particularly suitable for automated analysis because their finitary nature ensures the existence of decision procedures for a wide range of system properties.
The πcalculus as a theory in linear logic: Preliminary results
 3rd Workshop on Extensions to Logic Programming, LNCS 660
, 1993
"... The agent expressions of the πcalculus can be translated into a theory of linear logic in such a way that the reflective and transitive closure of πcalculus (unlabeled) reduction is identified with “entailedby”. Under this translation, parallel composition is mapped to the multiplicative disjunct ..."
Abstract

Cited by 101 (17 self)
 Add to MetaCart
The agent expressions of the πcalculus can be translated into a theory of linear logic in such a way that the reflective and transitive closure of πcalculus (unlabeled) reduction is identified with “entailedby”. Under this translation, parallel composition is mapped to the multiplicative disjunct (“par”) and restriction is mapped to universal quantification. Prefixing, nondeterministic choice (+), replication (!), and the match guard are all represented using nonlogical constants, which are specified using a simple form of axiom, called here a process clause. These process clauses resemble Horn clauses except that they may have multiple conclusions; that is, their heads may be the par of atomic formulas. Such multiple conclusion clauses are used to axiomatize communications among agents. Given this translation, it is nature to ask to what extent proof theory can be used to understand the metatheory of the πcalculus. We present some preliminary results along this line for π0, the “propositional ” fragment of the πcalculus, which lacks restriction and value passing (π0 is a subset of CCS). Using ideas from prooftheory, we introduce coagents and show that they can specify some testing equivalences for π0. If negationasfailuretoprove is permitted as a coagent combinator, then testing equivalence based on coagents yields observational equivalence for π0. This latter result follows from observing that coagents directly represent formulas in the HennessyMilner modal logic. 1
A tutorial on EMPA: A theory of concurrent processes with nondeterminism, priorities, probabilities and time
 Theoretical Computer Science
, 1998
"... In this tutorial we give an overview of the process algebra EMPA, a calculus devised in order to model and analyze features of realworld concurrent systems such as nondeterminism, priorities, probabilities and time, with a particular emphasis on performance evaluation. The purpose of this tutorial ..."
Abstract

Cited by 95 (9 self)
 Add to MetaCart
In this tutorial we give an overview of the process algebra EMPA, a calculus devised in order to model and analyze features of realworld concurrent systems such as nondeterminism, priorities, probabilities and time, with a particular emphasis on performance evaluation. The purpose of this tutorial is to explain the design choices behind the development of EMPA and how the four features above interact, and to show that a reasonable trade off between the expressive power of the calculus and the complexity of its underlying theory has been achieved.
Turning SOS Rules into Equations
, 1994
"... Many process algebras are defined by structural operational semantics (SOS). Indeed, most such definitions are nicely structured and fit the GSOS format of [15]. We give a procedure for converting any GSOS language definition to a finite complete equational axiom system (possibly with one infinit ..."
Abstract

Cited by 89 (20 self)
 Add to MetaCart
Many process algebras are defined by structural operational semantics (SOS). Indeed, most such definitions are nicely structured and fit the GSOS format of [15]. We give a procedure for converting any GSOS language definition to a finite complete equational axiom system (possibly with one infinitary induction principle) which precisely characterizes strong bisimulation of processes.
Process Algebra and Noninterference
 JOURNAL OF COMPUTER SECURITY
, 1999
"... The information security community has long debated the exact definition of the term `security'. Even if we focus on the more modest notion of confidentiality the precise definition remains controversial. In their seminal paper [4], Goguen and Meseguer took an important step towards a formalisation ..."
Abstract

Cited by 83 (1 self)
 Add to MetaCart
The information security community has long debated the exact definition of the term `security'. Even if we focus on the more modest notion of confidentiality the precise definition remains controversial. In their seminal paper [4], Goguen and Meseguer took an important step towards a formalisation of the notion of absence of information flow with the concept of non interference. This too was found to have problems and limitations, particularly when applied to systems displaying nondeterminism which led to a proliferation of refinements of this notion and there is still no consensus as to which of these is `correct'. We show
An Efficiency Preorder for Processes
"... A simple efficiency preorder for CCS processes is introduced, in which p ! q means that q is at least as fast as p, or more generally, p uses at least as much resources as q. It is shown to be preserved by all CCS contexts except summation and it is used to analyse a nontrivial example: differe ..."
Abstract

Cited by 70 (10 self)
 Add to MetaCart
A simple efficiency preorder for CCS processes is introduced, in which p ! q means that q is at least as fast as p, or more generally, p uses at least as much resources as q. It is shown to be preserved by all CCS contexts except summation and it is used to analyse a nontrivial example: different implementations of a bounded buffer. Finally a sound and complete proof system for finite processes is given. This paper appeared earlier in [1] and [2]. This version of the paper has been revised, corrected and extended to include more operators, more examples and some additional remarks and observations by the first author. Hence all errors are entirely his responsiblity. Most of this work was done while the first author was at the University of Sussex and supported by SERC grant GR/D 97368 of the Science and Engineering Research Council of Great Britain. y The second author would like to acknowledge the support of ESPIRIT II. 1 Introduction A large number of behavioural equivale...
Testing Equivalence as a Bisimulation Equivalence
 Formal Aspects of Computing
, 1993
"... In this paper we show how the testing equivalences and preorders on transition systems may be interpreted as instances of generalized bisimulation equivalences and prebisimulation preorders. The characterization relies on defining transformations on the transition systems in such a way that the te ..."
Abstract

Cited by 65 (11 self)
 Add to MetaCart
In this paper we show how the testing equivalences and preorders on transition systems may be interpreted as instances of generalized bisimulation equivalences and prebisimulation preorders. The characterization relies on defining transformations on the transition systems in such a way that the testing relations on the original systems correspond to (pre)bisimulation relations on the altered systems. Using these results, it is possible to use algorithms for determining the (pre)bisimulation relations in the case of finitestate transition systems to compute the testing relations.
A Calculus of Broadcasting Systems
 SCIENCE OF COMPUTER PROGRAMMING
, 1991
"... CBS is a simple and natural CCSlike calculus where processes speak one at a time and are heard instantaneously by all others. Speech is autonomous, contention between speakers being resolved nondeterministically, but hearing only happens when someone else speaks. Observationally meaningful laws dif ..."
Abstract

Cited by 61 (8 self)
 Add to MetaCart
CBS is a simple and natural CCSlike calculus where processes speak one at a time and are heard instantaneously by all others. Speech is autonomous, contention between speakers being resolved nondeterministically, but hearing only happens when someone else speaks. Observationally meaningful laws differ from those of CCS. The change from handshake communication in CCS to broadcast in CBS permits several advances. (1) Priority, which attaches only to autonomous actions, is simply added to CBS in contrast to CCS, where such actions are the result of communication. (2) A CBS simulator runs a process by returning a list of values it broadcasts. This permits a powerful combination, CBS with the host language. It yields several elegant algorithms. Only processes with a unique response to each input are needed in practice, so weak bisimulation is a congruence. (3) CBS subsystems are interfaced by translators; by mapping messages to silence, these can restrict hearing and hide speech. Reversi...
Compositional Reachability Analysis Using Process Algebra
 IN PROCEEDINGS OF THE SYMPOSIUM ON TESTING, ANALYSIS, AND VERIFICATION (TAV4
, 1991
"... State explosion is the primary obstacle to practical application of reachability analysis techniques for concurrent systems. State explosion can be substantially controlled by using process algebra to achieve compositional (divideandconquer) analysis. A prototype tool incorporating process algebra ..."
Abstract

Cited by 59 (3 self)
 Add to MetaCart
State explosion is the primary obstacle to practical application of reachability analysis techniques for concurrent systems. State explosion can be substantially controlled by using process algebra to achieve compositional (divideandconquer) analysis. A prototype tool incorporating process algebra is described. The promise and problems of the approach are illustrated by applying the tool to an example that incorporates the alternating bit protocol as a module.
A Process Algebraic Approach to the Specification and Analysis of ResourceBound RealTime Systems
 PROCEEDINGS OF THE IEEE
, 1994
"... Recently, significant progress has been made in the development of timed process algebras for the specification and analysis of realtime systems. This paper describes a timed process algebra called ACSR, which supports synchronous timed actions and asynchronous instantaneous events. Timed actions a ..."
Abstract

Cited by 58 (40 self)
 Add to MetaCart
Recently, significant progress has been made in the development of timed process algebras for the specification and analysis of realtime systems. This paper describes a timed process algebra called ACSR, which supports synchronous timed actions and asynchronous instantaneous events. Timed actions are used to represent the usage of resources and to model the passage of time. Events are used to capture synchronization between processes. To be able to specify real systems accurately, ACSR supports a notion of priority that can be used to arbitrate among timed actions competing for the use of resources and among events that are ready for synchronization. The paper also includes a brief overview of other timed process algebras and discusses similarities and differences between them and ACSR.