Results 1  10
of
90
ConGolog, a concurrent programming language based on the situation calculus: language and implementation
, 2000
"... ..."
A Generic Type System for the PiCalculus
 Theoretical Computer Science
, 2003
"... We propose a general, powerful framework of type systems for the #calculus, and show that we can obtain as its instances a variety of type systems guaranteeing nontrivial properties like deadlockfreedom and racefreedom. A key idea is to express types and type environments as abstract processe ..."
Abstract

Cited by 106 (9 self)
 Add to MetaCart
(Show Context)
We propose a general, powerful framework of type systems for the #calculus, and show that we can obtain as its instances a variety of type systems guaranteeing nontrivial properties like deadlockfreedom and racefreedom. A key idea is to express types and type environments as abstract processes: We can check various properties of a process by checking the corresponding properties of its type environment. The framework clarifies the essence of recent complex type systems, and it also enables sharing of a large amount of work such as a proof of type preservation, making it easy to develop new type systems.
Model Checking Mobile Processes
, 1993
"... We introduce a temporal logic for the polyadic ßcalculus based on fixed point extensions of HennessyMilner logic. Features are added to account for parametrisation, generation, and passing of names, including the use, following Milner, of dependent sum and product to account for (unlocalised) inpu ..."
Abstract

Cited by 83 (12 self)
 Add to MetaCart
We introduce a temporal logic for the polyadic ßcalculus based on fixed point extensions of HennessyMilner logic. Features are added to account for parametrisation, generation, and passing of names, including the use, following Milner, of dependent sum and product to account for (unlocalised) input and output, and explicit parametrisation on names using lambdaabstraction and application. The latter provides a single name binding mechanism supporting all parametrisation needed. A proof system and decision procedure is developed based on Stirling and Walker's approach to model checking the modal ¯calculus using constants. One difficulty, for both conceptual and efficiencybased reasons, is to avoid the explicit use of the !rule for parametrised processes. A key idea, following Hennessy and Lin's approach to deciding bisimulation for certain types of valuepassing processes, is the relativisation of correctness assertions to conditions on names. Based on this idea a proof system and ...
Combining Deduction and Model Checking into Tableaux and Algorithms for ConversePDL
 Information and Computation
, 1998
"... . This paper presents a prefixed tableaux calculus for Propositional Dynamic Logic with Converse based on a combination of different techniques such as prefixed tableaux for modal logics and model checkers for ¯calculus. We prove the correctness and completeness of the calculus and illustrate its f ..."
Abstract

Cited by 66 (7 self)
 Add to MetaCart
. This paper presents a prefixed tableaux calculus for Propositional Dynamic Logic with Converse based on a combination of different techniques such as prefixed tableaux for modal logics and model checkers for ¯calculus. We prove the correctness and completeness of the calculus and illustrate its features. We also discuss the transformation of the tableaux method (naively NEXPTIME) into an EXPTIME algorithm. 1 Introduction Propositional Dynamic Logics (PDLs) are modal logics introduced in [10] to model the evolution of the computation process by describing the properties of states reached by programs during their execution [15, 24, 27]. Over the years, PDLs have been proved to be a valuable formal tool in Computer Science, Logic, Computational Linguistics, and Artificial Intelligence far beyond their original use for program verification (e.g. [4, 12, 14, 15, 24, 23]). In this paper we focus on ConversePDL (CPDL) [10], obtained from the basic logic PDL by adding the converse operat...
Reasoning About Concurrent Execution, Prioritized Interrupts, and Exogenous Actions in the Situation Calculus
, 1997
"... As an alternative to planning, an approach to highlevel agent control based on concurrent program execution is considered. A formal definition in the situation calculus of such a programming language is presented and illustrated with a detailed example. The language includes facilities for prioritiz ..."
Abstract

Cited by 66 (12 self)
 Add to MetaCart
As an alternative to planning, an approach to highlevel agent control based on concurrent program execution is considered. A formal definition in the situation calculus of such a programming language is presented and illustrated with a detailed example. The language includes facilities for prioritizing the concurrent execution, interrupting the execution when certain conditions become true, and dealing with exogenous actions. The language differs from other procedural formalisms for concurrency in that the initial state can be incompletely specified and the primitive actions can be userdefined by axioms in the situation calculus.
How Much Memory is Needed to Win Infinite Games?
, 1997
"... We consider a class of infinite twoplayer games on finitely coloured graphs. Our main question is: given a winning condition, what is the inherent blowup (additional memory) of the size of the I/O automata realizing winning strategies in games with this condition. This problem is relevant to synth ..."
Abstract

Cited by 60 (2 self)
 Add to MetaCart
(Show Context)
We consider a class of infinite twoplayer games on finitely coloured graphs. Our main question is: given a winning condition, what is the inherent blowup (additional memory) of the size of the I/O automata realizing winning strategies in games with this condition. This problem is relevant to synthesis of reactive programs and to the theory of automata on infinite objects. We provide matching upper and lower bounds for the size of memory needed by winning strategies in games with a fixed winning condition. We also show that in the general case the LAR (latest appearance record) data structure of Gurevich and Harrington is optimal. Then we propose a more succinct way of representing winning strategies by means of parallel compositions of transition systems. We study the question: which classes of winning conditions admit only polynomialsize blowup of strategies in this representation. 1 Introduction We consider games played on (not necessarily finite) graphs coloured with a finite nu...
Information Flow Security in Dynamic Contexts
, 2002
"... We study a security property for processes in dynamic contexts, i.e., contexts that can be reconfigured at runtime. The security property that we propose in this paper, named Persistent BNDC, is such that a process is "secure" when every state reachable from it satisfies a basic NonInterf ..."
Abstract

Cited by 59 (20 self)
 Add to MetaCart
(Show Context)
We study a security property for processes in dynamic contexts, i.e., contexts that can be reconfigured at runtime. The security property that we propose in this paper, named Persistent BNDC, is such that a process is "secure" when every state reachable from it satisfies a basic NonInterference property. We define a suitable bisimulation based equivalence relation among processes, that allows us to express the new property as a single equivalence check, thus avoiding the universal quantifications over all the reachable states (required by Persistent BNDC) and over all the possible hostile environments (implicit in the basic NonInterference property we adopt). We show that the novel security property is compositional and we discuss how it can be efficiently checked.
Practical ModelChecking Using Games
 Lecture
, 1998
"... . We describe how modelchecking games can be the foundation for efficient local modelchecking of the modal mucalculus on transition systems. Gamebased algorithms generate winning strategies for a certain game, which can then be used interactively to help the user understand why the property ..."
Abstract

Cited by 43 (0 self)
 Add to MetaCart
(Show Context)
. We describe how modelchecking games can be the foundation for efficient local modelchecking of the modal mucalculus on transition systems. Gamebased algorithms generate winning strategies for a certain game, which can then be used interactively to help the user understand why the property is or is not true of the model. This kind of feedback has advantages over traditional techniques such as error traces. We give a proof technique for verifying such algorithms, and apply it to one which we have implemented in the Edinburgh Concurrency Workbench. We discuss its usability and performance. 1 Introduction The modal mucalculus (see e.g. [9]) is an expressive logic which can be used to describe properties of systems modelled as labelled transition systems (LTSs). The problem of modelchecking the mucalculus on transition systems is that of deciding whether an LTS satisfies a formula. Many modelchecking algorithms have been developed and implemented in tools. One such tool ...
Coalgebras and Modal Logic
 Coalgebraic Methods in Computer Science, Volume 33 in Electronic Notes in Theoretical Computer Science
, 2000
"... Coalgebras are of growing importance in theoretical computer science. To develop languages for them is significant for the specification and verification of systems modelled with them. Modal logic has proved to be suitable for this purpose. So far, most approaches have presented a language to descri ..."
Abstract

Cited by 37 (0 self)
 Add to MetaCart
Coalgebras are of growing importance in theoretical computer science. To develop languages for them is significant for the specification and verification of systems modelled with them. Modal logic has proved to be suitable for this purpose. So far, most approaches have presented a language to describe only deterministic coalgebras. The present paper introduces a generalization that also covers nondeterministic systems. As a special case, we obtain the "usual" modal logic for Kripkestructures. Models for our modal language L F are Fcoalgebras where the functor F is inductively constructed from constant sets and the identity functor using product, coproduct, exponentiation, and the power set functor. We define a language L F and show that it embeds into L F . We prove that, for imagefinite coalgebras, L F is expressive enough to distinguish elements up to bisimilarity and therefore L F does so, too. Moreover, we also give a complete calculus for L F in case the constants...
Analysis of security protocols as open systems
 Theoretical Computer Science
, 2003
"... We propose a methodology for the formal analysis of security protocols. This originates from the observation that the verification of security protocols can be conveniently treated as the verification of open systems, i.e. systems which may have unspecified components. These might be used to represe ..."
Abstract

Cited by 36 (17 self)
 Add to MetaCart
(Show Context)
We propose a methodology for the formal analysis of security protocols. This originates from the observation that the verification of security protocols can be conveniently treated as the verification of open systems, i.e. systems which may have unspecified components. These might be used to represent a hostile environment wherein the protocol runs and whose behavior cannot be predicted a priori. We define a language for the description of security protocols, namely CryptoCCS, and a logical language for expressing their properties. We provide an effective verification method for security protocols which is based on a suitable extension of partial model checking. Indeed, we obtain a decidability result for the secrecy analysis of protocols with a finite number of sessions, bounded message size and new nonce generation.