Results 1  10
of
41
Secure Implementation of Channel Abstractions
, 2000
"... Communication in distributed systems often relies on useful abstractions such as channels, remote procedure calls, and remote method invocations. The ..."
Abstract

Cited by 79 (29 self)
 Add to MetaCart
Communication in distributed systems often relies on useful abstractions such as channels, remote procedure calls, and remote method invocations. The
Fair testing
 Concur ’95: Concurrency Theory, volume 962 of Lecture Notes in Computer Science
, 1995
"... In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one base ..."
Abstract

Cited by 58 (0 self)
 Add to MetaCart
In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one based on a De NicolaHennessylike testing modality which we call shouldtesting, and a denotational one based on a refined notion of failures. One of the distinguishing characteristics of the shouldtesting precongruence is that it abstracts from divergences in the same way as Milner’s observation congruence, and as a consequence is strictly coarser than observation congruence. In other words, shouldtesting has a builtin fairness assumption. This is in itself a property long soughtafter; it is in notable contrast to the wellknown musttesting of De Nicola and Hennessy (denotationally characterised by a combination of failures and divergences), which treats divergence as catrastrophic and hence is incompatible with observation congruence. Due to these characteristics, shouldtesting supports modular reasoning and allows to use the proof techniques of observation congruence, but also supports additional laws and techniques.
The Join Calculus: A Language for Distributed Mobile Programming
 In Proceedings of the Applied Semantics Summer School (APPSEM), Caminha
, 2000
"... In these notes, we give an overview of the join calculus, its semantics, and its equational theory. The join calculus is a language that models distributed and mobile programming. It is characterized by an explicit notion of locality, a strict adherence to local synchronization, and a direct emb ..."
Abstract

Cited by 57 (2 self)
 Add to MetaCart
In these notes, we give an overview of the join calculus, its semantics, and its equational theory. The join calculus is a language that models distributed and mobile programming. It is characterized by an explicit notion of locality, a strict adherence to local synchronization, and a direct embedding of the ML programming language. The join calculus is used as the basis for several distributed languages and implementations, such as JoCaml and functional nets.
Fair Simulation
 Information and Computation
, 1997
"... The simulation preorder for labeled transition systems is defined locally as a game that relates states with their immediate successor states. Simulation enjoys many appealing properties. First, simulation has a fully abstract semantics: system S simulates system I iff every computation tree embedd ..."
Abstract

Cited by 47 (17 self)
 Add to MetaCart
The simulation preorder for labeled transition systems is defined locally as a game that relates states with their immediate successor states. Simulation enjoys many appealing properties. First, simulation has a fully abstract semantics: system S simulates system I iff every computation tree embedded in the unrolling of I can be embedded also in the unrolling of S. Second, simulation has a logical characterization: S simulates I iff every universal branchingtime formula satisfied by S is satisfied also by I. It follows that simulation is a suitable notion of implementation, and it is the coarsest abstraction of a system that preserves universal branchingtime properties. Third, based on its local definition, simulation between finitestate systems can be checked in polynomial time. Finally, simulation implies tracecontainment, which cannot be defined locally and requires polynomial space for verification. Hence simulation is widely used both in manual and in automatic verification. ...
A callbyneed lambdacalculus with locally bottomavoiding choice: Context lemma and correctness of transformations
 MATHEMATICAL STRUCTURES IN COMPUTER SCIENCE
, 2008
"... We present a higherorder callbyneed lambda calculus enriched with constructors, caseexpressions, recursive letrecexpressions, a seqoperator for sequential evaluation and a nondeterministic operator amb that is locally bottomavoiding. We use a smallstep operational semantics in form of a sin ..."
Abstract

Cited by 15 (10 self)
 Add to MetaCart
We present a higherorder callbyneed lambda calculus enriched with constructors, caseexpressions, recursive letrecexpressions, a seqoperator for sequential evaluation and a nondeterministic operator amb that is locally bottomavoiding. We use a smallstep operational semantics in form of a singlestep rewriting system that defines a (nondeterministic) normal order reduction. This strategy can be made fair by adding resources for bookkeeping. As equational theory we use contextual equivalence, i.e. terms are equal if plugged into any program context their termination behaviour is the same, where we use a combination of may as well as mustconvergence, which is appropriate for nondeterministic computations. We show that we can drop the fairness condition for equational reasoning, since the valid equations w.r.t. normal order reduction are the same as for fair normal order reduction. We evolve different proof tools for proving correctness of program transformations, in particular, a context lemma for may as well as mustconvergence is proved, which restricts the number of contexts that need to be examined for proving contextual equivalence. In combination with socalled complete sets of commuting and forking diagrams we show that
all the deterministic reduction rules and also some additional transformations preserve contextual equivalence.We also prove a standardisation theorem for fair normal order reduction. The structure of the ordering <= c is also analysed: Ω is not a least element, and <=c already implies contextual equivalence w.r.t. mayconvergence.
Basic Observables for Processes
 Information and Computation
, 1999
"... A general approach for defining behavioural preorders over process terms as the maximal precongruences induced by basic observables is examined. Three different observables, that provide information about the initial communication capabilities of processes and about the possibility that processes ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
A general approach for defining behavioural preorders over process terms as the maximal precongruences induced by basic observables is examined. Three different observables, that provide information about the initial communication capabilities of processes and about the possibility that processes get engaged in divergent computations, will be considered. We show that the precongruences induced by our basic observables coincide with intuitive and/or widely studied behavioural preorders. In particular, we retrieve in our setting the must preorder of De Nicola and Hennessy and the fair/should preorder introduced by Cleaveland and Natarajan and by Brinksma, Rensink and Vogler. A new form of testing preorder, which we call safemust, also emerges. The alternative characterizations we offer shed light on the differences between these preorders, and on the role played in their definition by tests for divergence. 1 Introduction In the classical theory of functional programming, the point...
Priority and Maximal Progress are completely axiomatisable (Extended Abstract)
, 1998
"... . During the last decade, CCS has been extended in different directions, among them priority and real time. One of the most satisfactory results for CCS is Milner's complete proof system for observational congruence [28]. Observational congruence is fair in the sense that it is possible to esca ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
. During the last decade, CCS has been extended in different directions, among them priority and real time. One of the most satisfactory results for CCS is Milner's complete proof system for observational congruence [28]. Observational congruence is fair in the sense that it is possible to escape divergence, reflected by an axiom recX:(ø:X + P ) = recX:ø:P . In this paper we discuss observational congruence in the context of interactive Markov chains, a simple stochastic timed variant CCS with maximal progress. This property implies that observational congruence becomes unfair, i.e. it is not always possible to escape divergence. This problem also arises in calculi with priority. So, completeness results for such calculi modulo observational congruence have been unknown until now. We obtain a complete proof system by replacing the above axiom by a set of axioms allowing to escape divergence by means of a silent alternative. This treatment can be profitably adapted to other calculi. 1 I...
ProofChecking Protocols using Bisimulations
 IN PROC. CONCUR’99, LNCS 1664
, 1999
"... We report on our experience in using the Isabelle/HOL theorem prover to mechanize proofs of observation equivalence for systems with infinitely many states, and for parameterized systems. We follow the direct approach: An infinite relation containing the pair of systems to be shown equivalent is def ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
We report on our experience in using the Isabelle/HOL theorem prover to mechanize proofs of observation equivalence for systems with infinitely many states, and for parameterized systems. We follow the direct approach: An infinite relation containing the pair of systems to be shown equivalent is defined, and then proved to be a weak bisimulation. The weak bisimilarity proof is split into many cases, corresponding to the derivatives of the pairs in the relation. Isabelle/HOL automatically proves simple cases, and guarantees that no case is forgotten. The strengths and weaknesses of the approach are discussed.
Fair Bisimulation
 TACAS 00
, 2000
"... Bisimulations enjoy numerous applications in the analysis of labeled transition systems. Many of these applications are based on two central observations: first, bisimilar systems satisfy the same branchingtime properties; second, bisimilarity can be checked efficiently for finitestate systems. ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Bisimulations enjoy numerous applications in the analysis of labeled transition systems. Many of these applications are based on two central observations: first, bisimilar systems satisfy the same branchingtime properties; second, bisimilarity can be checked efficiently for finitestate systems. The local character of bisimulation, however, makes it difficult to address liveness concerns. Indeed, the definitions of fair bisimulation that have been proposed in the literature sacrifice locality, and with it, also efficient checkability. We put forward a new definition of fair bisimulation which does not suffer from this drawback. The bisimilarity of
A Contextual Semantics for Concurrent Haskell with Futures
, 2011
"... In this paper we analyze the semantics of a higherorder functional language with concurrent threads, monadic IO and synchronizing variables as in Concurrent Haskell. To assure declarativeness of concurrent programming we extend the language by implicit, monadic, and concurrent futures. As semanti ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
In this paper we analyze the semantics of a higherorder functional language with concurrent threads, monadic IO and synchronizing variables as in Concurrent Haskell. To assure declarativeness of concurrent programming we extend the language by implicit, monadic, and concurrent futures. As semantic model we introduce and analyze the process calculus CHF, which represents a typed core language of Concurrent Haskell extended by concurrent futures. Evaluation in CHF is defined by a smallstep reduction relation. Using contextual equivalence based on may and shouldconvergence as program equivalence, we show that various transformations preserve program equivalence. We establish a context lemma easing those correctness proofs. An important result is that callbyneed and callbyname evaluation are equivalent in CHF, since they induce the same program equivalence. Finally we show that the monad laws hold in CHF under mild restrictions on Haskell’s seqoperator, which for instance justifies the use of the donotation.