Results 1  10
of
17
Branching Time and Abstraction in Bisimulation Semantics
 Journal of the ACM
, 1996
"... Abstract. In comparative concurrency semantics, one usually distinguishes between linear time and branching time semantic equivalences. Milner’s notion of ohsen~ation equirlalence is often mentioned as the standard example of a branching time equivalence. In this paper we investigate whether observa ..."
Abstract

Cited by 273 (14 self)
 Add to MetaCart
Abstract. In comparative concurrency semantics, one usually distinguishes between linear time and branching time semantic equivalences. Milner’s notion of ohsen~ation equirlalence is often mentioned as the standard example of a branching time equivalence. In this paper we investigate whether observation equivalence really does respect the branching structure of processes, and find that in the presence of the unobservable action 7 of CCS this is not the case. Therefore, the notion of branching hisimulation equivalence is introduced which strongly preserves the branching structure of processes, in the sense that it preserves computations together with the potentials in all intermediate states that are passed through, even if silent moves are involved. On closed KSterms branching bisimulation congruence can be completely axiomatized by the single axiom scheme: a.(7.(y + z) + y) = a.(y + z) (where a ranges over all actions) and the usual laws for strong congruence. WC also establish that for sequential processes observation equivalence is not preserved under refinement of actions, whereas branching bisimulation is. For a large class of processes, it turns out that branching bisimulation and observation equivalence are the same. As far as we know, all protocols that have been verified in the setting of observation equivalence happen to fit in this class, and hence are also valid in the stronger setting of branching hisimulation equivalence.
Fair testing
 Concur ’95: Concurrency Theory, volume 962 of Lecture Notes in Computer Science
, 1995
"... In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one base ..."
Abstract

Cited by 64 (0 self)
 Add to MetaCart
(Show Context)
In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one based on a De NicolaHennessylike testing modality which we call shouldtesting, and a denotational one based on a refined notion of failures. One of the distinguishing characteristics of the shouldtesting precongruence is that it abstracts from divergences in the same way as Milner’s observation congruence, and as a consequence is strictly coarser than observation congruence. In other words, shouldtesting has a builtin fairness assumption. This is in itself a property long soughtafter; it is in notable contrast to the wellknown musttesting of De Nicola and Hennessy (denotationally characterised by a combination of failures and divergences), which treats divergence as catrastrophic and hence is incompatible with observation congruence. Due to these characteristics, shouldtesting supports modular reasoning and allows to use the proof techniques of observation congruence, but also supports additional laws and techniques.
Fair Simulation
 Information and Computation
, 1997
"... The simulation preorder for labeled transition systems is defined locally as a game that relates states with their immediate successor states. Simulation enjoys many appealing properties. First, simulation has a fully abstract semantics: system S simulates system I iff every computation tree embedd ..."
Abstract

Cited by 47 (17 self)
 Add to MetaCart
The simulation preorder for labeled transition systems is defined locally as a game that relates states with their immediate successor states. Simulation enjoys many appealing properties. First, simulation has a fully abstract semantics: system S simulates system I iff every computation tree embedded in the unrolling of I can be embedded also in the unrolling of S. Second, simulation has a logical characterization: S simulates I iff every universal branchingtime formula satisfied by S is satisfied also by I. It follows that simulation is a suitable notion of implementation, and it is the coarsest abstraction of a system that preserves universal branchingtime properties. Third, based on its local definition, simulation between finitestate systems can be checked in polynomial time. Finally, simulation implies tracecontainment, which cannot be defined locally and requires polynomial space for verification. Hence simulation is widely used both in manual and in automatic verification. ...
Divergence and Fair Testing
, 1995
"... This paper develops a new testingbased semantic theory of processes that aims to circumvent difficulties that traditional testing/failures theories have in dealing with divergent behavior. Our framework incorporates a notion of fairness into the determination of when a process passes a test; we co ..."
Abstract

Cited by 44 (5 self)
 Add to MetaCart
This paper develops a new testingbased semantic theory of processes that aims to circumvent difficulties that traditional testing/failures theories have in dealing with divergent behavior. Our framework incorporates a notion of fairness into the determination of when a process passes a test; we contrast this definition with existing approaches and give characterizations of the induced semantic preorders. An example highlights the utility of our results. 1 Introduction Research into algebraic models of concurrency has focused on the use of semantic equivalences and preorders for establishing that systems meet their specifications. In such an approach to verification one formulates a specification as a system describing the required highlevel behavior; a design/implementation then meets such a specification if its behavior is indistinguishable from the specification's (if one is using an equivalence) or if its behavior is in some sense better than the specification's (if one is using...
On the Relationship Between Process Algebra and Input/Output Automata (Extended Abstract)
 In Proceedings 6 th Annual Symposium on Logic in Computer Science
, 1991
"... ) Frits W. Vaandrager MIT Laboratory for Computer Science Cambridge, MA 02139, USA frits@theory.lcs.mit.edu Abstract The relation between process algebra and I/O automata models is investigated in a general setting of structured operational semantics (SOS). For a series of (approximations of) key p ..."
Abstract

Cited by 44 (1 self)
 Add to MetaCart
(Show Context)
) Frits W. Vaandrager MIT Laboratory for Computer Science Cambridge, MA 02139, USA frits@theory.lcs.mit.edu Abstract The relation between process algebra and I/O automata models is investigated in a general setting of structured operational semantics (SOS). For a series of (approximations of) key properties of I/O automata, syntactic constraints on inference rules are proposed which guarantee these properties. A first result is that, in a setting without assumptions about actions, the wellknown trace and failure preorders are substitutive for any set of rules in a format due to De Simone. Next additional constraints are imposed which capture the notion of internal actions and guarantee substitutivity of the testing preorders of De Nicola and Hennessy, and also of a preorder related to the failure semantics with fair abstraction of unstable divergence of Bergstra, Klop and Olderog. Subsequent constraints guarantee that input actions are always enabled and output actions cannot be bl...
Process Algebra with Iteration
, 1994
"... We introduce iteration in process algebra by means of (the binary version of) Kleene's star operator: x y is the process that chooses between x and y, and upon termination of x has this choice again. It is proved that adding respectively interleaving, communication and abstraction operators ..."
Abstract

Cited by 18 (7 self)
 Add to MetaCart
We introduce iteration in process algebra by means of (the binary version of) Kleene's star operator: x y is the process that chooses between x and y, and upon termination of x has this choice again. It is proved that adding respectively interleaving, communication and abstraction operators increases expressivity up to the regular processes. However, if the distinction between (successful) termination and deadlock is dropped, ACP (the Algebra of Communicating Processes, [BK84b]) with is expressive up to the regular processes. Finally, some attention is paid to other iteration operators and fairness issues, and some open questions are formulated. Key words & Phrases: process algebra, iteration, Kleene star. 1987 CR Categories: F.1.1, F.1.2, F.3.2, F.4.3, I.1.0. Note: An earlier version of this work was presented at the REX Symposium, Noordwijkerhout, June 14, 1993. 1 Introduction In 1956, Kleene introduced in [Kle56] the binary operator for describing `regular events'. T...
Priority and Maximal Progress are completely axiomatisable (Extended Abstract)
, 1998
"... . During the last decade, CCS has been extended in different directions, among them priority and real time. One of the most satisfactory results for CCS is Milner's complete proof system for observational congruence [28]. Observational congruence is fair in the sense that it is possible to esca ..."
Abstract

Cited by 15 (5 self)
 Add to MetaCart
. During the last decade, CCS has been extended in different directions, among them priority and real time. One of the most satisfactory results for CCS is Milner's complete proof system for observational congruence [28]. Observational congruence is fair in the sense that it is possible to escape divergence, reflected by an axiom recX:(ø:X + P ) = recX:ø:P . In this paper we discuss observational congruence in the context of interactive Markov chains, a simple stochastic timed variant CCS with maximal progress. This property implies that observational congruence becomes unfair, i.e. it is not always possible to escape divergence. This problem also arises in calculi with priority. So, completeness results for such calculi modulo observational congruence have been unknown until now. We obtain a complete proof system by replacing the above axiom by a set of axioms allowing to escape divergence by means of a silent alternative. This treatment can be profitably adapted to other calculi. 1 I...
Verifying a compiler for Java threads
 in European conference on Programming Languages and Systems, 2010
"... Abstract. A verified compiler is an integral part of every security infrastructure. Previous work has come up with formal semantics for sequential and concurrent variants of Java and has proven the correctness of compilers for the sequential part. This paper presents a rigorous formalisation (in ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
Abstract. A verified compiler is an integral part of every security infrastructure. Previous work has come up with formal semantics for sequential and concurrent variants of Java and has proven the correctness of compilers for the sequential part. This paper presents a rigorous formalisation (in the proof assistant Isabelle/HOL) of concurrent Java source and byte code together with an executable compiler and its correctness proof. It guarantees that the generated byte code shows exactly the same observable behaviour as the semantics for the multithreaded source code. 1
Process Algebra with Combinators
 Proceedings CSL'93, Swansea. LNCS 280
, 1994
"... We introduce typed combinatory process algebra, a system combining process algebra with types and combinators. We describe its syntax and semantics, and by way of example, verify within this framework the Simple Alternating Bit Protocol. Key Words & Phrases: protocol verification, process algeb ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
We introduce typed combinatory process algebra, a system combining process algebra with types and combinators. We describe its syntax and semantics, and by way of example, verify within this framework the Simple Alternating Bit Protocol. Key Words & Phrases: protocol verification, process algebra, typed combinatory logic. 1991 Mathematics Subject Classification: 69C20, 69M10, 03B15, 03B40. 1
Fair Bisimulation
 TACAS 00
, 2000
"... Bisimulations enjoy numerous applications in the analysis of labeled transition systems. Many of these applications are based on two central observations: first, bisimilar systems satisfy the same branchingtime properties; second, bisimilarity can be checked efficiently for finitestate systems. ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Bisimulations enjoy numerous applications in the analysis of labeled transition systems. Many of these applications are based on two central observations: first, bisimilar systems satisfy the same branchingtime properties; second, bisimilarity can be checked efficiently for finitestate systems. The local character of bisimulation, however, makes it difficult to address liveness concerns. Indeed, the definitions of fair bisimulation that have been proposed in the literature sacrifice locality, and with it, also efficient checkability. We put forward a new definition of fair bisimulation which does not suffer from this drawback. The bisimilarity of