Previous work on type-theoretic foundations for object-oriented programming languages has mostly focused on applying or extending functional type theory to functional "objects." This approach, while benefiting from a vast body of existing literature, has the disadvantage of dealing with state change either in a roundabout way or not at all, and completely sidestepping issues of concurrency. In particular, dynamic issues of non-uniform service availability and conformance to protocols are not addressed by functional types. We propose a new type framework that characterizes objects as regular (finite state) processes that provide guarantees of service along public channels. We also propose a new notion of subtyping for active objects, based on Brinksma's notion of extension, that extends Wegner and Zdonik's "principle of substitutability" to non-uniform service availability. Finally, we formalize what it means to "satisfy a client's expectations," and we show how regular types canbe used...

Abstract The Concurrency Workbench is an automated tool for analyzing networks of finite-state processes expressed in Milner's Calculus of Communicating Systems. Its key feature is its breadth: a variety of different verification methods, including equivalence checking, preorder checking, and model checking, are supported for several different process semantics. One experience from our work is that a large number of interesting verification methods can be formulated as combinations of a small number of primitive algorithms. The Workbench has been applied to the verification of communications protocols and mutual exclusion algorithms and has proven a valuable aid in teaching and research. 1 Introduction This paper describes the Concurrency Workbench [11, 12, 13], a tool that supports the automatic verification of finite-state processes. Such tools are practically motivated: the development of complex distributed computer systems requires sophisticated verification techniques to guarantee correctness, and the increase in detail rapidly becomes unmanageable without computer assistance. Finite-state systems, such as communications protocols and hardware, are particularly suitable for automated analysis because their finitary nature ensures the existence of decision procedures for a wide range of system properties.

This paper describes a procedure, based around the construction of tableau proofs, for determining whether finite-state systems enjoy properties formulated in the propositional mu-calculus. It presents a tableau-based proof system for the logic and proves it sound and complete, and it discusses techniques for the efficient construction of proofs that states enjoy properties expressed in the logic. The approach is the basis of an ongoing implementation of a model checker in the Concurrency Workbench, an automated tool for the analysis of concurrent systems. 1 Introduction One area of program verification that has proven amenable to automation involves the analysis of finite-state processes. While computer systems in general are not finite-state, many interesting ones, including a variety of communication protocols and hardware systems, are, and their finitary nature enables the development and implementation of decision procedures that test for various properties. Model checking has p...

We develop a model-checking algorithm that decides for a given context-free process whether it satisfies a property written in the alternation-free modal mu-calculus. The central idea behind this algorithm is to raise the standard iterative model-checking techniques to higher order: in contrast to the usual approaches, in which the set of formulas that are satisfied by a certain state are iteratively computed, our algorithm iteratively computes a property transformer for each state class of the finite process representation. These property transformers can then simply be applied to solve the model-checking problem. The complexity of our algorithm is linear in the size of the system's representation and exponential in the size of the property being investigated.

We introduce a temporal logic for the polyadic ß-calculus based on fixed point extensions of Hennessy-Milner logic. Features are added to account for parametrisation, generation, and passing of names, including the use, following Milner, of dependent sum and product to account for (unlocalised) input and output, and explicit parametrisation on names using lambda-abstraction and application. The latter provides a single name binding mechanism supporting all parametrisation needed. A proof system and decision procedure is developed based on Stirling and Walker's approach to model checking the modal ¯-calculus using constants. One difficulty, for both conceptual and efficiency-based reasons, is to avoid the explicit use of the !-rule for parametrised processes. A key idea, following Hennessy and Lin's approach to deciding bisimulation for certain types of value-passing processes, is the relativisation of correctness assertions to conditions on names. Based on this idea a proof system and ...

Model-checking is a successful technique for automatically verifying concurrent finite-state systems. When building a model-checker, a good compromise must be made between the expressive power of the property description formalism, the complexity of the model-checking problem, and the user-friendliness of the interface. We present a temporal logic and an associated model-checking method that attempt to fulfill these criteria. The logic is an extension of the alternation-free µ-calculus with ACTL-like action formulas and PDL-like regular expressions, allowing a concise and intuitive description of safety, liveness, and fairness properties over labeled transition systems. The model-checking method is based upon a succinct translation of the verification problem into a boolean equation system, which is solved by means of an efficient local algorithm having a good average complexity. The algorithm also allows to generate full diagnostic information (examples and counterexamples) for temporal for...

This paper develops a model-checking algorithm for a fragment of the modal mu-calculus and shows how it may be applied to the efficient computation of behavioral relations between processes. The algorithm's complexity is proportional to the product of the size of the process and the size of the formula, and thus improves on the best existing algorithm for such a fixed point logic. The method for computing preorders that the model checker induces is also more efficient than known algorithms.

In this paper we consider a strict generalization of context-free processes, the pushdown processes, and show that this class of processes is 1) closed under parallel composition with finite state systems, and can 2) be model checked by means of an elegant adaptation of the higher order model checker introduced in [BS92]. This shows the advantages of pushdown processes over context-free processes, which are not sufficiently general in order to support parallel composition.

The paper develops a framework that is based on the idea that modal logic provides an appropriate framework for the specification of data flow analysis (DFA) algorithms as soon as programs are represented as models of the logic. This can be exploited to construct a DFA-generator that generates efficient implementations of DFA-algorithms from modal specifications by partially evaluating a specific model checker with respect to the specifying modal formula. Moreover, the use of a modal logic as specification language for DFA-algorithms supports the compositional development of specifications and structured proofs of properties of DFA-algorithms. -- The framework is illustrated by means of a real life example: the problem of determining optimal computation points within flow graphs.

this paper we want to demonstrate that --- from a practical