We propose a language for testing concurrent processes and examine its strength in terms of the processes that are distinguished by a test. By using probabilistic transition systems as the underlying semantic model, we show how a testing algorithm can distinguish, with a probability arbitrarily close to one, between processes that are not bisimulation equivalent. We also show a similar result (in a slightly stronger form) for a new process relation called $-bisimulation-which lies strictly between that of simulation and bisimulation. Finally, the ultimately strength of the testing language is shown to identify a new process relation called probabilistic bisimulation-which is strictly stronger than bisimulation. li? 1991 Academic Press. Inc. 1.

Abstract. Bisimulation is the primi-tive notion of equivalence between concur-rent processes in Milner’s Calculus of Com-municating Systems (CCS); there is a non-trivial game-like protocol for distinguishing nonbisimular processes. In contrast, pro-cess distinguishability in Hoare’s theory of Communicating Sequential Processes (CSP) is determined solely on the basis of traces of visible actions. We examine what ad-ditional operations are needed to explain bisimulation similarly-specifically in the case of finitely branching processes with-out silent moves. We formulate a general notion of Structured Operational Seman-tics for processes with Guarded recursion (GSOS), and demonstrate that bisimulation does not agree with trace congruence with respect to any set of GSOS-definable con-texts. In justifying the generality and sig-nificance of GSOS’s, we work out some of the basic proof theoretic facts which justify the SOS discipline.

Substantial experience with the use of formal specification languages in the design of distributed systems has shown that finding appropriate structures for formal specifications presents a serious, and often underestimated problem. Its solutions are of great importance for ensuring the quality of the various designs that need to be developed at different levels of abstraction along the design trajectory of a system. This paper introduces four specification styles that allow to structure formal specifications in different ways: the monolithic, the constraint-oriented, the state-oriented, and the resource-oriented style. These styles have been selected on the basis of their suitability to express design concerns by structuring specifications and their suitability to pursue qualitative design principles such as generality, orthogonality, and open-endedness. By giving a running example, a queryanswer service, in the ISO specification language LOTOS, these styles are discussed in detail. The support of verification and correctness preserving transformation by these styles is shown by verifying designs, expressed in different styles, with respect to each other. This verification is based on equational laws for (weak) bisimulation equivalence. 1.

We prove a general conservative extension theorem for transition system based process theories with easy-to-check and reasonable conditions. The core of this result is another general theorem which gives sufficient conditions for a system of operational rules and an extension of it in order to ensure conservativity, that is, provable transitions from an original term in the extension are the same as in the original system. As a simple corollary of the conservative extension theorem we prove a completeness theorem. We also prove a general theorem giving sufficient conditions to reduce the question of ground confluence modulo some equations for a large term rewriting system associated with an equational process theory to a small term rewriting system under the condition that the large system is a conservative extension of the small one. We provide many applications to show that our results are useful. The applications include (but are not limited to) various real and discrete time settings in ACP, ATP, and CCS and the notions

We prove that testing preorder of De Nicola and Hennessy is preserved by all operators of De Simone process languages. Building upon this result we propose an algorithm for generating axiomatisations of testing preorder for arbitrary De Simone process languages. The axiom systems produced by our algorithm are finite and complete for processes with nite behaviour. In order to achieve completeness for a subclass of processes with infiite behaviour we use one infinitary induction rule. The usefulness of our results is illustrated in specification and verification of small concurrent systems, where suspension, resumption and alternation of execution of component systems occur. We argue that better speci cations can be written in customised De Simone process languages, which contain both the standard operators as well as new De Simone operators that are specifically tailored for the task in hand. Moreover, the automatically generated axiom systems for such specification languages make the verification more straightforward.

We present a general and uniform method for defining structural operational semantics (SOS) of process operators by traditional Plotkin-style transition rules equipped with orderings. This new feature allows one to control the order of application of rules when deriving transitions of process terms. Our method is powerful enough to deal with rules with negative premises and copying. We show that rules with orderings, called ordered SOS rules, have the same expressive power as GSOS rules. We identify several classes of process languages with operators defined by rules with and without orderings in the setting with silent actions and divergence. We prove that branching bisimulation and eager bisimulation relations are preserved by all operators in process languages in the relevant classes.

The application of formal methods to conformance testing becomes a more and more active research area. This paper presents the results and perspectives of the application of these languages for tests and test generation methods. These results are analyzed in the framework of the activity of the joint ISO/ITU-TS working group on "Formal Methods for Conformance Testing." Keywords: Conformance Testing, Formal Description Techniques, Testing Theory, Standardization. 1. INTRODUCTION With the aim of providing open markets and allowing competition between equipment manufacturers, international agreements on testing methods and procedures become a priority. Such agreed methods should simultaneously provide a very good technical basis, in order to guarantee the optimal efficiency of the testing process, and result from a general consensus in order to achieve world-wide mutual recognition of the test results. The ISO 9646 standard [ISO91] provides a methodology and framework applicable to th...

Groote, J.F., Transition system specifications with negative premises. Theoretical Computer Science

In this paper we are interested in general properties of classes of transition system specifications in Plotkin style. The discussion takes place in a setting of labelled transition systems. The states of the transition systems are terms generated by a single sorted signature and the transitions between states are defined by conditional rules over tne syntax. It is argued that in this setting it is natural to require that strong bisimulation equivalence be a congruence on the states of the transition systems. A general format, called the fyft/tyxt format, is presented for the rules in a transition system specification, such that bisimulation is always a congruence when all the rules fit this format. With a series of examples it is demonstrated that the f.vft/tyxf format cannot be generalized in any obvious way. Another series of examples illustrates the usefulness of our congruence theorem. BriefIy we touch upon the issue of modularity of transition system specifications. It is argued that certain pathological fyfi/ryxt rules (the ones which are not pure) can be disqualified because they behave badly with respect to modularization. Next we address the issue of full abstraction. We characterize the completed trace congruence induced by the operators in pure t~$/fyxf format as 2-nested simulation equivalence. The pure fyj”f/fysf format includes the format given by de Simone (Theoref. Compuf. Sci. 37, 2455267 (1985)) but is incomparable to the GSOS format of Bloom, Istrail, and

Abstract. Although the object-oriented paradigm has been gaining wide popularity in recent years, little work has been done on how to test objectoriented software systems. We believe that many special programming features found in the object-oriented paradigm will also play important roles during the testing phase. In this paper, we propose a conformance testing method for object-oriented software systems. The conformance relation that can be tested by this method is based on a modified version of the acceptance tree model and takes into account the special requirements imposed by the inheritance mechanism-- which we believe is the most important feature provided by the object-oriented paradigm. The proposed method allows us to test, under certain assumptions, whether an object instance implementation conforms to a given class specification by applying to the implementation the test cases derived from the given class specification. 1