Results 1  10
of
17
Compiling RealTime Specifications into Extended Automata
 IEEE Transactions on Software Engineering
, 1992
"... We propose a method for the implementation and analysis of realtime systems, based on the compilation of specifications into extended automata. Such a method has been already adopted for the so called "synchronous" realtime programming languages. ..."
Abstract

Cited by 75 (8 self)
 Add to MetaCart
We propose a method for the implementation and analysis of realtime systems, based on the compilation of specifications into extended automata. Such a method has been already adopted for the so called "synchronous" realtime programming languages.
An Algebraic Verification of a Mobile Network
 Formal Aspects of Computing
, 1991
"... . In a mobile communication network some nodes change locations, and are therefore connected to different other nodes at different points in time. We show how some important aspects of such a network can be formally defined and verified using the \picalculus, which is a development of CCS (Calculus ..."
Abstract

Cited by 37 (1 self)
 Add to MetaCart
. In a mobile communication network some nodes change locations, and are therefore connected to different other nodes at different points in time. We show how some important aspects of such a network can be formally defined and verified using the \picalculus, which is a development of CCS (Calculus of Communicating Systems) allowing port names to be sent as parameters in communication events. As an example of a mobile network we consider the Public Land Mobile Network currently being developed by the European Telecommunication Standards Institute and concentrate on the handover procedure which controls the dynamic topology of the network. 1. Introduction The need for mathematically rigorous definitions of communication protocol standards is today widely acknowledged. Such definitions are needed to specify protocols and services, and to verify that the protocols fulfil their services. Unfortunately most protocols still rely on informal definitions. One reason for this is that many aspec...
Deciding Bisimulation Equivalences for a Class of NonFiniteState Programs
, 1991
"... Traditionally, many automatic program verification techniques are applicable only to finitestate programs. In this paper we extend some of these techniques to a class of infinitestate programs that, in addition to having a finitestate control component, may read, store, and write but not perfo ..."
Abstract

Cited by 36 (8 self)
 Add to MetaCart
Traditionally, many automatic program verification techniques are applicable only to finitestate programs. In this paper we extend some of these techniques to a class of infinitestate programs that, in addition to having a finitestate control component, may read, store, and write but not perform any other computations on data. Such programs are dataindependent in the sense that their behavior does not depend on the actual data values supplied. We consider the problems of deciding strong equivalence and observation equivalence, defined by bisimulations (as in CCS), between such programs. These equivalences have major applications in verification of communication protocols. We present reductions of these problems to the problem of deciding strong equivalence and observation equivalence between finitestate programs, for which polynomial time algorithms exist. The equivalence problems on dataindependent programs are shown to be NPhard in the size of the programs. 4 1 I...
Practical Verification And Synthesis Of Low Latency Asynchronous Systems
, 1994
"... A new theory and methodology for the practical verification and synthesis of asynchronous systems is developed to aid in the rapid and correct implementation of complex control structures. Specifications are based on a simple process algebra called CCS that is concise and easy to understand and use. ..."
Abstract

Cited by 26 (12 self)
 Add to MetaCart
A new theory and methodology for the practical verification and synthesis of asynchronous systems is developed to aid in the rapid and correct implementation of complex control structures. Specifications are based on a simple process algebra called CCS that is concise and easy to understand and use. A software prototype CAD tool called Analyze was written as part of this dissertation to allow the principles of this work to be tested and applied. Attention to complexity, efficient algorithms, and compositional methods has resulted in a tool that can be several orders of magnitude faster than currently available tools for comparable applications. A new theory for loose specifications based on partial orders is developed for both trace and bisimulation semantics. Formal verification uses these partial orders as the foundation of conformance between a specification and its refinement. The definitions support freedom of design choices by identifying the necessary behaviors, the illegal beh...
Feasibility of model checking software requirements: A case study
 IN COMPASS'96, PROCEEDINGS OF THE 11TH ANNUAL CONFERENCE ON COMPUTER ASSURANCE
, 1996
"... ..."
TestingBased Abstractions for ValuePassing Systems
 In CONCUR'94, number 836 in Lecture Notes in Computer Science
, 1994
"... ions for ValuePassing Systems ? Rance Cleaveland ?? and James Riely ??? 1 Dept. of Computer Science, N.C. State University, Raleigh, NC 276958206, USA 2 Dept. of Computer Science, University of N.C., Chapel Hill, NC 275993175, USA email: rance@csc.ncsu.edu, riely@cs.unc.edu Abstract. ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
ions for ValuePassing Systems ? Rance Cleaveland ?? and James Riely ??? 1 Dept. of Computer Science, N.C. State University, Raleigh, NC 276958206, USA 2 Dept. of Computer Science, University of N.C., Chapel Hill, NC 275993175, USA email: rance@csc.ncsu.edu, riely@cs.unc.edu Abstract. This paper presents a framework for the abstract interpretation of processes that pass values. We define a process description language that is parameterized with respect to the set of values that processes may exchange and show that an abstraction over values induces an abstract semantics for processes. Our main results state that if the abstract value interpretation safely/optimally approximates the ground interpretation, then the resulting abstracted processes safely/optimally approximate those derived from the ground semantics (in a precisely defined sense). As the processes derived from an abstract semantics in general have far fewer states than those derived from a concrete sem...
Systematic Testing of Multicast Routing Protocols: Analysis of Forward and Backward Search Techniques
 Analysis of Forward and Backward Search Techniques.” IEEE ICCCN
, 2000
"... In this paper, we present a new methodology for developing systematic and automatic test generation algorithms for multipoint protocols. These algorithms attempt to synthesize network topologies and sequences of events that stress the protocol’s correstness or performance. This problem can be viewed ..."
Abstract

Cited by 12 (6 self)
 Add to MetaCart
In this paper, we present a new methodology for developing systematic and automatic test generation algorithms for multipoint protocols. These algorithms attempt to synthesize network topologies and sequences of events that stress the protocol’s correstness or performance. This problem can be viewed as a domainspecific search problem that suffen from the state space explosion problem. One goal of this work is to circumvent the state space explosion problem utilizing knowledge of network and fault modeling, and multipoint protocols. The two approaches investigated in this study are based on forward and backward search techniques. We use an extended finite state machine (FSM) model of the protocol. The fint algorithm uses forward search to perform reduced reachability analysis. Using domainspecific information for multicast routing over LANs, the algorithm complexity is reduced from exponential to polynomial in the number of routers. This approach, however, does not fully automate topology synthesis. The second algorithm, the faultoriented test generation, uses backward search for topology synthesis and uses backtracking to generate event sequences instead of searching forward from initial states. Using these algorithms, we have conducted studies for correctness of the multicast routing protocol PIM. I.
A semanticsbased verification tool for finitestate systems
 IN PROC. OF PROTOCOL SPECIFICATION, TESTING, AND VERIFICATION, IX
, 1990
"... The Concurrency Workbench is an automated tool that caters for the analysis of concurrent finitestate processes expressed in Milner's Calculus of Communicating Systems. Its key feature is its scope: a variety of different verification methods, including equivalence checking, preorder checking, and ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
The Concurrency Workbench is an automated tool that caters for the analysis of concurrent finitestate processes expressed in Milner's Calculus of Communicating Systems. Its key feature is its scope: a variety of different verification methods, including equivalence checking, preorder checking, and model checking, are supported for several different process semantics. One experience from our work is that a large number of interesting verification methods can be formulated as combinations of a small number of primitive algorithms. The Workbench has been applied to examples involving the verification of communications protocols and mutual exclusion algorithms and has proven a valuable aid in teaching and research. We will present the architecture of the Workbench and illustrate the verification methods through some simple examples.
A Stochastic Automata Model and its Algebraic Approach
 University of Twente
, 1995
"... We discuss a new model for the analysis and simulation of stochastic systems which we call stochastic automata. Basically, they are a combination of the timed automata model and generalised semimarkovian processes (GSMPs for short). We discuss their behaviour and we compare them to the GSMPs model. ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
We discuss a new model for the analysis and simulation of stochastic systems which we call stochastic automata. Basically, they are a combination of the timed automata model and generalised semimarkovian processes (GSMPs for short). We discuss their behaviour and we compare them to the GSMPs model. In addition, we define a stochastic process algebra that supports general distribution (both continuous and discrete). Its semantics is given in terms of stochastic automata. We show that stochastic automata can be expressed in terms of the process algebra. We discuss a concrete example and we finish by discussing our current work on the topic and possible future directions. 1 Introduction In the world of performance modelling, many models have been defined to analyse and simulate systems such as queuing networks, stochastic Petrinets, or generalised semimarkovian processes. It has been argued many times that, in these kind of models, the difficulty of the design and modelling of a syste...
Systematic Testing of Multicast Protocol Robustness
, 1997
"... The past few years have witnessed unprecedented growth of the Internet. Several new service models have been introduced since. In particular, the advent of the IP multicast technology has contributed to the success of the Internet as a medium for widearea group communication. Multicast protocols su ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
The past few years have witnessed unprecedented growth of the Internet. Several new service models have been introduced since. In particular, the advent of the IP multicast technology has contributed to the success of the Internet as a medium for widearea group communication. Multicast protocols support an important class of applications ranging from multimedia conferencing to network games. Due to this growth, the degree of heterogeneity of the network components has radically increased, leading to added complexity in the design and testing of network protocols. In the presence of network failures, unexpected combinations of events can drive protocols into undesirable states and may lead to errors. Anticipating all such cases is often impossible and at best may require extensive simulation and testing. In large systems, the cost of testing all possible scenarios exhaustively is prohibitive, and many unexpected cases are not observed until deployment. This problem is even more complex...