Results 1  10
of
98
WellStructured Transition Systems Everywhere!
 THEORETICAL COMPUTER SCIENCE
, 1998
"... Wellstructured transition systems (WSTS's) are a general class of infinite state systems for which decidability results rely on the existence of a wellquasiordering between states that is compatible with the transitions. In this article, we provide an extensive treatment of the WSTS idea and show ..."
Abstract

Cited by 197 (9 self)
 Add to MetaCart
Wellstructured transition systems (WSTS's) are a general class of infinite state systems for which decidability results rely on the existence of a wellquasiordering between states that is compatible with the transitions. In this article, we provide an extensive treatment of the WSTS idea and show several new results. Our improved definitions allow many examples of classical systems to be seen as instances of WSTS's.
Verification on Infinite Structures
, 2000
"... In this chapter, we present a hierarchy of infinitestate systems based on the primitive operations of sequential and parallel composition; the hierarchy includes a variety of commonlystudied classes of systems such as contextfree and pushdown automata, and Petri net processes. We then examine the ..."
Abstract

Cited by 69 (2 self)
 Add to MetaCart
In this chapter, we present a hierarchy of infinitestate systems based on the primitive operations of sequential and parallel composition; the hierarchy includes a variety of commonlystudied classes of systems such as contextfree and pushdown automata, and Petri net processes. We then examine the equivalence and regularity checking problems for these classes, with special emphasis on bisimulation equivalence, stressing the structural techniques which have been devised for solving these problems. Finally, we explore the model checking problem over these classes with respect to various linear and branchingtime temporal logics.
Process Rewrite Systems
 INFORMATION AND COMPUTATION
, 1997
"... Many formal models for infinitestate concurrent systems are equivalent to special classes of rewrite systems. We classify these models by their expressiveness and define a hierarchy of classes of rewrite systems. We show that this hierarchy is strict with respect to bisimulation equivalence. The mo ..."
Abstract

Cited by 62 (9 self)
 Add to MetaCart
Many formal models for infinitestate concurrent systems are equivalent to special classes of rewrite systems. We classify these models by their expressiveness and define a hierarchy of classes of rewrite systems. We show that this hierarchy is strict with respect to bisimulation equivalence. The most general and most expressive class of systems in this hierarchy is called Process Rewrite Systems (PRS). They subsume Petri nets, PAProcesses and pushdown processes and are strictly more expressive than any of these. Intuitively, PRS can be seen as an extension of Petri nets by subroutines that can return a value to their caller. We show that the reachability problem is decidable for PRS. It is even decidable if there is a reachable state that satisfies certain properties that can be encoded in a simple logic. Thus PRS are more expressive than Petri nets, but not Turingpowerful.
Program extraction from classical proofs
 Annals of Pure and Applied Logic
, 1994
"... 1 Introduction It is well known that it is undecidable in general whether a given program meets its specification. In contrast, it can be checked easily by a machine whether a formal proof is correct, and from a constructive proof one can automatically extract a corresponding program, which by its v ..."
Abstract

Cited by 54 (9 self)
 Add to MetaCart
1 Introduction It is well known that it is undecidable in general whether a given program meets its specification. In contrast, it can be checked easily by a machine whether a formal proof is correct, and from a constructive proof one can automatically extract a corresponding program, which by its very construction is correct as well. This at least in principle opens a way to produce correct software, e.g. for safetycritical applications. Moreover, programs obtained from proofs are "commented " in a rather extreme sense. Therefore it is easy to maintain them, and also to adapt them to particular situations. We will concentrate on the question of classical versus constructive proofs. It is known that any classical proof of a specification of the form 8x9yB with B quantifierfree can be transformed into a constructive proof of the same formula. However, when it comes to extraction of a program from a proof obtained in this way, one easily ends up with a mess. Therefore, some refinements of the standard transformation are necessary.
What's so special about Kruskal's Theorem AND THE ORDINAL Γ0? A SURVEY OF SOME RESULTS IN PROOF THEORY
 ANNALS OF PURE AND APPLIED LOGIC, 53 (1991), 199260
, 1991
"... This paper consists primarily of a survey of results of Harvey Friedman about some proof theoretic aspects of various forms of Kruskal’s tree theorem, and in particular the connection with the ordinal Γ0. We also include a fairly extensive treatment of normal functions on the countable ordinals, an ..."
Abstract

Cited by 43 (3 self)
 Add to MetaCart
This paper consists primarily of a survey of results of Harvey Friedman about some proof theoretic aspects of various forms of Kruskal’s tree theorem, and in particular the connection with the ordinal Γ0. We also include a fairly extensive treatment of normal functions on the countable ordinals, and we give a glimpse of Veblen hierarchies, some subsystems of secondorder logic, slowgrowing and fastgrowing hierarchies including Girard’s result, and Goodstein sequences. The central theme of this paper is a powerful theorem due to Kruskal, the “tree theorem”, as well as a “finite miniaturization ” of Kruskal’s theorem due to Harvey Friedman. These versions of Kruskal’s theorem are remarkable from a prooftheoretic point of view because they are not provable in relatively strong logical systems. They are examples of socalled “natural independence phenomena”, which are considered by most logicians as more natural than the metamathematical incompleteness results first discovered by Gödel. Kruskal’s tree theorem also plays a fundamental role in computer science, because it is one of the main tools for showing that certain orderings on trees are well founded. These orderings play a crucial role in proving the termination of systems of rewrite rules and the correctness of KnuthBendix completion procedures. There is also a close connection between a certain infinite countable ordinal called Γ0 and Kruskal’s theorem. Previous definitions of the function involved in this connection are known to be incorrect, in that, the function is not monotonic. We offer a repaired definition of this function, and explore briefly the consequences of its existence.
The computational power of population protocols
 Distributed Computing
"... We consider the model of population protocols introduced by Angluin et al. [AAD + 04], in which anonymous finitestate agents stably compute a predicate of the multiset of their inputs via twoway interactions in the allpairs family of communication networks. We prove that all predicates stably com ..."
Abstract

Cited by 29 (4 self)
 Add to MetaCart
We consider the model of population protocols introduced by Angluin et al. [AAD + 04], in which anonymous finitestate agents stably compute a predicate of the multiset of their inputs via twoway interactions in the allpairs family of communication networks. We prove that all predicates stably computable in this model (and certain generalizations of it) are semilinear, answering a central open question about the power of the model. Removing the assumption of twoway interaction, we also consider several variants of the model in which agents communicate by anonymous messagepassing where the recipient of each message is chosen by an adversary and the sender is not identified to the recipient. These oneway models are distinguished by whether messages are delivered immediately or after a delay, whether a sender can record that it has sent a message, and whether a recipient can queue incoming messages, refusing to accept new messages until it has had a chance to send out messages of its own. We characterize the classes of predicates stably computable in each of these oneway models using natural subclasses of the semilinear predicates. 1
Model checking multithreaded programs with asynchronous atomic methods
 In 18th International Conference on Computer Aided Verification (CAV’06). LNCS
, 2006
"... Abstract. In order to make multithreaded programming manageable, programmers often follow a design principle where they break the problem into tasks which are then solved asynchronously and concurrently on different threads. This paper investigates the problem of model checking programs that follow ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
Abstract. In order to make multithreaded programming manageable, programmers often follow a design principle where they break the problem into tasks which are then solved asynchronously and concurrently on different threads. This paper investigates the problem of model checking programs that follow this idiom. We present a programming language SPL that encapsulates this design pattern. SPL extends simplified form of sequential Java to which we add the capability of making asynchronous method invocations in addition to the standard synchronous method calls and the ability to execute asynchronous methods in threads atomically and concurrently. Our main result shows that the control state reachability problem for finite SPL programs is decidable. Therefore, such multithreaded programs can be model checked using the counterexample guided abstractionrefinement framework. 1
Interprocedural Analysis of Asynchronous Programs
, 2007
"... An asynchronous program is one that contains procedure calls which are not immediately executed from the callsite, but stored and “dispatched” in a nondeterministic order by an external scheduler at a later point. We formalize the problem of interprocedural dataflow analysis for asynchronous progra ..."
Abstract

Cited by 26 (2 self)
 Add to MetaCart
An asynchronous program is one that contains procedure calls which are not immediately executed from the callsite, but stored and “dispatched” in a nondeterministic order by an external scheduler at a later point. We formalize the problem of interprocedural dataflow analysis for asynchronous programs as AIFDS problems, a generalization of the IFDS problems for interprocedural dataflow analysis. We give an algorithm for computing the precise meetovervalidpaths solution for any AIFDS instance, as well as a demanddriven algorithm for solving the corresponding demand AIFDS instances. Our algorithm can be easily implemented on top of any existing interprocedural dataflow analysis framework. We have implemented the algorithm on top of BLAST, thereby obtaining the first safety verification tool for unbounded asynchronous programs. Though the problem of solving AIFDS instances is EXPSPACEhard, we find that in practice our technique can efficiently analyze programs by exploiting standard optimizations of interprocedural dataflow analyses.