Results 1  10
of
16
Interface Automata
 Proceedings of the Ninth Annual Symposium on Foundations of Software Engineering (FSE), ACM
, 2001
"... Conventional type systems specify interfaces in terms of values and domains. ..."
Abstract

Cited by 333 (22 self)
 Add to MetaCart
Conventional type systems specify interfaces in terms of values and domains.
Alternating refinement relations
 In Proceedings of the Ninth International Conference on Concurrency Theory (CONCUR’98), volume 1466 of LNCS
, 1998
"... Abstract. Alternating transition systems are a general model for composite systems which allow the study of collaborative as well as adversarial relationships between individual system components. Unlike in labeled transition systems, where each transition corresponds to a possible step of the syste ..."
Abstract

Cited by 123 (16 self)
 Add to MetaCart
Abstract. Alternating transition systems are a general model for composite systems which allow the study of collaborative as well as adversarial relationships between individual system components. Unlike in labeled transition systems, where each transition corresponds to a possible step of the system (which may involve some or all components), in alternating transition systems, each transition corresponds to a possible move in a game between the components. In this paper, we study refinement relations between alternating transition systems, such as “Does the implementation refine the set £ of specification components without constraining the components not in £? ” In particular, we generalize the definitions of the simulation and trace containment preorders from labeled transition systems to alternating transition systems. The generalizations are called alternating simulation and alternating trace containment. Unlike existing refinement relations, they allow the refinement of individual components within the context of a composite system description. We show that, like ordinary simulation, alternating simulation can be checked in polynomial time using a fixpoint computation algorithm. While ordinary trace containment is PSPACEcomplete, we establish alternating trace containment to be EXPTIMEcomplete. Finally, we present logical characterizations for the two preorders in terms of ATL, a temporal logic capable of referring to games between system components. 1
Fair Simulation
 Information and Computation
, 1997
"... The simulation preorder for labeled transition systems is defined locally as a game that relates states with their immediate successor states. Simulation enjoys many appealing properties. First, simulation has a fully abstract semantics: system S simulates system I iff every computation tree embedd ..."
Abstract

Cited by 49 (18 self)
 Add to MetaCart
The simulation preorder for labeled transition systems is defined locally as a game that relates states with their immediate successor states. Simulation enjoys many appealing properties. First, simulation has a fully abstract semantics: system S simulates system I iff every computation tree embedded in the unrolling of I can be embedded also in the unrolling of S. Second, simulation has a logical characterization: S simulates I iff every universal branchingtime formula satisfied by S is satisfied also by I. It follows that simulation is a suitable notion of implementation, and it is the coarsest abstraction of a system that preserves universal branchingtime properties. Third, based on its local definition, simulation between finitestate systems can be checked in polynomial time. Finally, simulation implies tracecontainment, which cannot be defined locally and requires polynomial space for verification. Hence simulation is widely used both in manual and in automatic verification. ...
On the Complexity of Verifying Concurrent Transition Systems
, 2000
"... In implementation verification, we check that an implementation is correct with respect to a specification by checking whether the behaviors of a transition system that models the program's implementation correlate with the behaviors of a transition system that models its specification. In this p ..."
Abstract

Cited by 30 (6 self)
 Add to MetaCart
In implementation verification, we check that an implementation is correct with respect to a specification by checking whether the behaviors of a transition system that models the program's implementation correlate with the behaviors of a transition system that models its specification. In this paper, we investigate the effect of concurrency on the complexity of implementation verification. We consider tracebased and treebased approaches to the verification of concurrent transition systems, with and without fairness. Our results show that in almost all cases the complexity of the problem is exponentially harder than that of the sequential case. Thus, as in the modelchecking verification methodology, the stateexplosion problem cannot be avoided. A preliminary version of this work appeared in the proceedings of the 8th Conference on Concurrency Theory. y Department of Applied Mathematics & Computer Science, Weizmann institute, Rehovot 76100, Israel. Email: harel@wisdom.weizm...
On Object Systems and Behavioral Inheritance
 IEEE Transactions on Software Engineering
, 2002
"... We consider statebased behavior in objectoriented analysis and design, as it arises, for example, in specifying behavior in the UML using statecharts. We first provide a rigorous and analyzable model of object systems and their reactivity. The definition is for basic onethread systems, but can ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
We consider statebased behavior in objectoriented analysis and design, as it arises, for example, in specifying behavior in the UML using statecharts. We first provide a rigorous and analyzable model of object systems and their reactivity. The definition is for basic onethread systems, but can be extended in appropriate ways to more elaborate models. We then address the notion of inheritance and behavioral conformity and the resulting substitutability of classes, whereby inheriting should retain the system's original behaviors. Inheritance is a central issue of crucial importance to the modeling, design, and verification of objectoriented systems, and the many deep and unresolved questions around it cannot be addressed without a precise definition of the systems under consideration. We use our definition to give a clear and rigorous picture of what exactly is meant by behavioral conformity and how computationally complex it is to detect.
Fair Bisimulation
 TACAS 00
, 2000
"... Bisimulations enjoy numerous applications in the analysis of labeled transition systems. Many of these applications are based on two central observations: first, bisimilar systems satisfy the same branchingtime properties; second, bisimilarity can be checked efficiently for finitestate systems. ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Bisimulations enjoy numerous applications in the analysis of labeled transition systems. Many of these applications are based on two central observations: first, bisimilar systems satisfy the same branchingtime properties; second, bisimilarity can be checked efficiently for finitestate systems. The local character of bisimulation, however, makes it difficult to address liveness concerns. Indeed, the definitions of fair bisimulation that have been proposed in the literature sacrifice locality, and with it, also efficient checkability. We put forward a new definition of fair bisimulation which does not suffer from this drawback. The bisimilarity of
Reasoning About Systems with Transition Fairness
 In Proc. of LPAR’04, volume 3452 of LNCS
, 2005
"... Abstract. Formal verification methods model systems by Kripke structures. In order to model live behaviors of systems, Kripke structures are augmented with fairness conditions. Such conditions partition the computations of the systems into fair computations, with respect to which verification procee ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Abstract. Formal verification methods model systems by Kripke structures. In order to model live behaviors of systems, Kripke structures are augmented with fairness conditions. Such conditions partition the computations of the systems into fair computations, with respect to which verification proceeds, and unfair computations, which are ignored. Reasoning about Kripke structures augmented with fairness is typically harder than reasoning about nonfair Kripke structures. We consider the transition fairness condition, where a computation π is fair iff each transition that is enabled in π infinitely often is also taken in π infinitely often. Transition fairness is a natural and useful fairness condition. We show that reasoning about Kripke structures augmented with transition fairness is not harder than reasoning about nonfair Kripke structures. We demonstrate it for fair CTL and LTL model checking, and the problem of calculating the dominators and postdominators. 1
Applicability of fair simulation
 In TACAS, LNCS 2280
, 2002
"... We developed two practical applications that are based on this comparison. The first is an efficient approximated minimization algorithm for the delay,game,exists simulations. The second is a new implementation for the assumeguarantee modular framework presented in [11]. The new implementation sign ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
We developed two practical applications that are based on this comparison. The first is an efficient approximated minimization algorithm for the delay,game,exists simulations. The second is a new implementation for the assumeguarantee modular framework presented in [11]. The new implementation significantly improves the complexity of the framework. 1
Fair Equivalence Relations
"... . Equivalence between designs is a fundamental notion in verification. The linear and branching approaches to verification induce different notions of equivalence. When the designs are modeled by fair statetransition systems, equivalence in the linear paradigm corresponds to fair trace equivalen ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
. Equivalence between designs is a fundamental notion in verification. The linear and branching approaches to verification induce different notions of equivalence. When the designs are modeled by fair statetransition systems, equivalence in the linear paradigm corresponds to fair trace equivalence, and in the branching paradigm corresponds to fair bisimulation. In this work we study the expressive power of various types of fairness conditions. For the linear paradigm, it is known that the Buchi condition is sufficiently strong (that is, a fair system that uses Rabin or Streett fairness can be translated to an equivalent Buchi system). We show that in the branching paradigm the expressiveness hierarchy depends on the types of fair bisimulation one chooses to use. We consider three types of fair bisimulation studied in the literature: 9 bisimulation, gamebisimulation, and 8bisimulation. We show that while gamebisimulation and 8bisimulation have the same expressiveness hi...
Formal Methods in VLSI System Design
, 1996
"... We apply mathematical logic to a number of problems arising in very large scale integration (VLSI) design automation. The first stage of this dissertation is concerned with techniques for the efficient verification of digital systems. We introduce heuristics based on Binary Decision Diagrams for eff ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
We apply mathematical logic to a number of problems arising in very large scale integration (VLSI) design automation. The first stage of this dissertation is concerned with techniques for the efficient verification of digital systems. We introduce heuristics based on Binary Decision Diagrams for efficiently representing designs specified as gatelevel circuits. We also present an approach to verifying hierarchical designs which uses novel notions of state equivalence to simplify components. The second stage addresses the problem of synthesizing digital designs. We use the logic S1S to demonstrate that the flexibility available for optimizing components in hierarchical designs can be characterized by a finite state automaton. This approach is extended to the problem of synthesizing p...