Results 1  10
of
34
Secure Implementation of Channel Abstractions
, 2000
"... Communication in distributed systems often relies on useful abstractions such as channels, remote procedure calls, and remote method invocations. The ..."
Abstract

Cited by 77 (29 self)
 Add to MetaCart
Communication in distributed systems often relies on useful abstractions such as channels, remote procedure calls, and remote method invocations. The
Fair testing
 Concur ’95: Concurrency Theory, volume 962 of Lecture Notes in Computer Science
, 1995
"... In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one base ..."
Abstract

Cited by 58 (0 self)
 Add to MetaCart
In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one based on a De NicolaHennessylike testing modality which we call shouldtesting, and a denotational one based on a refined notion of failures. One of the distinguishing characteristics of the shouldtesting precongruence is that it abstracts from divergences in the same way as Milner’s observation congruence, and as a consequence is strictly coarser than observation congruence. In other words, shouldtesting has a builtin fairness assumption. This is in itself a property long soughtafter; it is in notable contrast to the wellknown musttesting of De Nicola and Hennessy (denotationally characterised by a combination of failures and divergences), which treats divergence as catrastrophic and hence is incompatible with observation congruence. Due to these characteristics, shouldtesting supports modular reasoning and allows to use the proof techniques of observation congruence, but also supports additional laws and techniques.
The Join Calculus: A Language for Distributed Mobile Programming
 In Proceedings of the Applied Semantics Summer School (APPSEM), Caminha
, 2000
"... In these notes, we give an overview of the join calculus, its semantics, and its equational theory. The join calculus is a language that models distributed and mobile programming. It is characterized by an explicit notion of locality, a strict adherence to local synchronization, and a direct emb ..."
Abstract

Cited by 56 (2 self)
 Add to MetaCart
In these notes, we give an overview of the join calculus, its semantics, and its equational theory. The join calculus is a language that models distributed and mobile programming. It is characterized by an explicit notion of locality, a strict adherence to local synchronization, and a direct embedding of the ML programming language. The join calculus is used as the basis for several distributed languages and implementations, such as JoCaml and functional nets.
Fair Simulation
 Information and Computation
, 1997
"... The simulation preorder for labeled transition systems is defined locally as a game that relates states with their immediate successor states. Simulation enjoys many appealing properties. First, simulation has a fully abstract semantics: system S simulates system I iff every computation tree embedd ..."
Abstract

Cited by 49 (18 self)
 Add to MetaCart
The simulation preorder for labeled transition systems is defined locally as a game that relates states with their immediate successor states. Simulation enjoys many appealing properties. First, simulation has a fully abstract semantics: system S simulates system I iff every computation tree embedded in the unrolling of I can be embedded also in the unrolling of S. Second, simulation has a logical characterization: S simulates I iff every universal branchingtime formula satisfied by S is satisfied also by I. It follows that simulation is a suitable notion of implementation, and it is the coarsest abstraction of a system that preserves universal branchingtime properties. Third, based on its local definition, simulation between finitestate systems can be checked in polynomial time. Finally, simulation implies tracecontainment, which cannot be defined locally and requires polynomial space for verification. Hence simulation is widely used both in manual and in automatic verification. ...
Basic Observables for Processes
 Information and Computation
, 1999
"... A general approach for defining behavioural preorders over process terms as the maximal precongruences induced by basic observables is examined. Three different observables, that provide information about the initial communication capabilities of processes and about the possibility that processes ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
A general approach for defining behavioural preorders over process terms as the maximal precongruences induced by basic observables is examined. Three different observables, that provide information about the initial communication capabilities of processes and about the possibility that processes get engaged in divergent computations, will be considered. We show that the precongruences induced by our basic observables coincide with intuitive and/or widely studied behavioural preorders. In particular, we retrieve in our setting the must preorder of De Nicola and Hennessy and the fair/should preorder introduced by Cleaveland and Natarajan and by Brinksma, Rensink and Vogler. A new form of testing preorder, which we call safemust, also emerges. The alternative characterizations we offer shed light on the differences between these preorders, and on the role played in their definition by tests for divergence. 1 Introduction In the classical theory of functional programming, the point...
A callbyneed lambdacalculus with locally bottomavoiding choice: Context lemma and correctness of transformations
 MATHEMATICAL STRUCTURES IN COMPUTER SCIENCE
, 2008
"... We present a higherorder callbyneed lambda calculus enriched with constructors, caseexpressions, recursive letrecexpressions, a seqoperator for sequential evaluation and a nondeterministic operator amb that is locally bottomavoiding. We use a smallstep operational semantics in form of a sin ..."
Abstract

Cited by 15 (9 self)
 Add to MetaCart
We present a higherorder callbyneed lambda calculus enriched with constructors, caseexpressions, recursive letrecexpressions, a seqoperator for sequential evaluation and a nondeterministic operator amb that is locally bottomavoiding. We use a smallstep operational semantics in form of a singlestep rewriting system that defines a (nondeterministic) normal order reduction. This strategy can be made fair by adding resources for bookkeeping. As equational theory we use contextual equivalence, i.e. terms are equal if plugged into any program context their termination behaviour is the same, where we use a combination of may as well as mustconvergence, which is appropriate for nondeterministic computations. We show that we can drop the fairness condition for equational reasoning, since the valid equations w.r.t. normal order reduction are the same as for fair normal order reduction. We evolve different proof tools for proving correctness of program transformations, in particular, a context lemma for may as well as mustconvergence is proved, which restricts the number of contexts that need to be examined for proving contextual equivalence. In combination with socalled complete sets of commuting and forking diagrams we show that
all the deterministic reduction rules and also some additional transformations preserve contextual equivalence.We also prove a standardisation theorem for fair normal order reduction. The structure of the ordering <= c is also analysed: Ω is not a least element, and <=c already implies contextual equivalence w.r.t. mayconvergence.
Priority and Maximal Progress are completely axiomatisable (Extended Abstract)
, 1998
"... . During the last decade, CCS has been extended in different directions, among them priority and real time. One of the most satisfactory results for CCS is Milner's complete proof system for observational congruence [28]. Observational congruence is fair in the sense that it is possible to escape di ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
. During the last decade, CCS has been extended in different directions, among them priority and real time. One of the most satisfactory results for CCS is Milner's complete proof system for observational congruence [28]. Observational congruence is fair in the sense that it is possible to escape divergence, reflected by an axiom recX:(ø:X + P ) = recX:ø:P . In this paper we discuss observational congruence in the context of interactive Markov chains, a simple stochastic timed variant CCS with maximal progress. This property implies that observational congruence becomes unfair, i.e. it is not always possible to escape divergence. This problem also arises in calculi with priority. So, completeness results for such calculi modulo observational congruence have been unknown until now. We obtain a complete proof system by replacing the above axiom by a set of axioms allowing to escape divergence by means of a silent alternative. This treatment can be profitably adapted to other calculi. 1 I...
ProofChecking Protocols using Bisimulations
 IN PROC. CONCUR’99, LNCS 1664
, 1999
"... We report on our experience in using the Isabelle/HOL theorem prover to mechanize proofs of observation equivalence for systems with infinitely many states, and for parameterized systems. We follow the direct approach: An infinite relation containing the pair of systems to be shown equivalent is def ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
We report on our experience in using the Isabelle/HOL theorem prover to mechanize proofs of observation equivalence for systems with infinitely many states, and for parameterized systems. We follow the direct approach: An infinite relation containing the pair of systems to be shown equivalent is defined, and then proved to be a weak bisimulation. The weak bisimilarity proof is split into many cases, corresponding to the derivatives of the pairs in the relation. Isabelle/HOL automatically proves simple cases, and guarantees that no case is forgotten. The strengths and weaknesses of the approach are discussed.
Fair Bisimulation
 TACAS 00
, 2000
"... Bisimulations enjoy numerous applications in the analysis of labeled transition systems. Many of these applications are based on two central observations: first, bisimilar systems satisfy the same branchingtime properties; second, bisimilarity can be checked efficiently for finitestate systems. ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Bisimulations enjoy numerous applications in the analysis of labeled transition systems. Many of these applications are based on two central observations: first, bisimilar systems satisfy the same branchingtime properties; second, bisimilarity can be checked efficiently for finitestate systems. The local character of bisimulation, however, makes it difficult to address liveness concerns. Indeed, the definitions of fair bisimulation that have been proposed in the literature sacrifice locality, and with it, also efficient checkability. We put forward a new definition of fair bisimulation which does not suffer from this drawback. The bisimilarity of
Applications of Fair Testing
, 1996
"... In this paper we present the application of the fair testing preorder , introduced in a previous paper, to the specification and analysis of distributed systems. This preorder combines some features of the standard testing preorders, viz. the possibility to refine a specification by the resolutio ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
In this paper we present the application of the fair testing preorder , introduced in a previous paper, to the specification and analysis of distributed systems. This preorder combines some features of the standard testing preorders, viz. the possibility to refine a specification by the resolution of nondeterminism, with a powerful feature of standard observation congruence, viz. the fair abstraction from divergences. Moreover, it is a precongruence with respect to all standard processalgebraic combinators, thus allowing for the standard algebraic proof techniques by substitution and rewriting. In this paper we will demonstrate advantages of the fair testing preorder by the application to a number of examples, including a scheduling problem, a version of the Alternating Bitprotocol, and fair communication channels. Keywords FDTapplication; verification, validation and testing; process algebras; fairness. 1 INTRODUCTION In the past decade, the specification and analysis of dis...