Abstract not found

Abstract not found

this paper appeared in ACM Transactions on Programming Languages and Systems 16, 5 (September 1994) 1543-- 1571. The appendix was published electronically by the ACM. Contents

We study property preserving transformations for reactive systems. The main idea is the use of simulations parameterized by Galois connections ( �), relating the lattices of properties of two systems. We propose and study a notion of preservation of properties expressed by formulas of a logic, by a function mapping sets of states of a system S into sets of states of a system S'. We give results on the preservation of properties expressed in sublanguages of the branching time-calculus when two systems S and S' are related via h � i-simulations. They can be used to verify a property for a system by verifying the same property on a simpler system which is an abstraction of it. We show also under which conditions abstraction of concurrent systems can be computed from the abstraction of their components. This allows a compositional application of the proposed verification method. This is a revised version of the papers [2] and [16] � the results are fully developed in [27].

We present the notion of translation validation as a new approach to the verification of translators (compilers, code generators). Rather than proving in advance that the compiler always produces a target code which correctly implements the source code (compiler verification), each individual translation (i.e. a run of the compiler) is followed by a validation phase which verifies that the target code produced on this run correctly implements the submitted source program. Several ingredients are necessary to set up the -- fully automatic -- translation validation process, among which are: 1. A common semantic framework for the representation of the source code and the generated target code. 2. A formalization of the notion of "correct implementation" as a refinement relation. 3. A syntactic simulation-based proof method which allows to automatically verify that one model of the semantic framework, representing the produced target code, correctly implements another model which repres...

. In this survey paper we present some of the recent developments in the temporal formal system for the specification, verification and development of reactive programs. While the general methodology remains very much the one presented in some earlier works on the subject, such as [MP83c, MP83a, Pnu86], there have been several technical improvements and gained insights in understanding the computational model, the logic itself, the proof system and its presentation, and connections with alternative formalisms, such as finite automata. In this paper we explicate some of these improvements and extensions. The main difference between this and preceding versions is that here we consider a notion of validity for temporal formulae, which is anchored at the initial state of the computation. The paper discusses some of the consequences of this decision. Key words: Temporal Logic, Reactive Systems, Concurrent Programs, Specification, Verification, Proof System, Classification of Prtoperties, Sa...

Abstract not found

this paper we consider remote creation, migration, and reachability snapshot services: their specification at different levels of abstraction, and their composition. 1.1 About Actors

this document allude to potential changes in this document, as well as in the IOA language. Additional details concerning the formal semantics of IOA, plus references to papers about IOA, will be incorporated into this document

We give the description of a verification tool taking boolean programs of guarded commands as input; internal representation of programs are sets of Binary Decision Diagrams (BDD) (one for each guarded command). It allows to construct an abstract program of the same form obtained using an abstraction relation given by a boolean expression on "concrete" and "abstract" variables. The tool allows the verification of CTL formulas on programs. We illustrate its possibilities on an example. 1 Introduction In the domain of program verification an obvious idea is to verify some abstract program instead of the complete specification (called concrete program) depending on the properties to be verified. The motivation is to make the representation of the program model smaller and this for two reasons: one is to make the verification faster; the other is that in most practical cases the model of the concrete program is too large to be verified, whereas an abstraction of it may be sufficiently sma...