Results 1  10
of
21
All from one, one for all: on model checking using representatives
 LNCS
, 1993
"... Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based ..."
Abstract

Cited by 185 (6 self)
 Add to MetaCart
(Show Context)
Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based on infinite traces such that for each equivalence class, either all or none of the sequences satisfy the checked formula. We present an algorithm for constructing a state graph that contains at least one representative sequence for each equivalence class. This allows applying existing model checking algorithms to the reduced state graph rather than on the larger full state graph of the program. It also allows model checking under fairness assumptions, and exploits these assumptions to obtain smaller state graphs. A formula rewriting technique is presented to allow coarser equivalence relation among sequences, such that less representatives are needed. 1
Temporal Logics For Trace Systems: On Automated Verification
, 1993
"... We investigate an extension of CTL (Computation Tree Logic) by past modalities, called CTLP , interpreted over Mazurkiewicz's trace systems. The logic is powerful enough to express most of the partial order properties of distributed systems like serializability of database transactions, snapsho ..."
Abstract

Cited by 18 (7 self)
 Add to MetaCart
We investigate an extension of CTL (Computation Tree Logic) by past modalities, called CTLP , interpreted over Mazurkiewicz's trace systems. The logic is powerful enough to express most of the partial order properties of distributed systems like serializability of database transactions, snapshots, parallel execution of program segments, or inevitability under concurrency fairness assumption. We show that the model checking problem for the logic is NPhard, even if past modalities cannot be nested. Then, we give a one exponential time model checking algorithm for the logic without nested past modalities. We show that all the interesting partial order properties can be model checked using our algorithm. Next, we show that it is possible to extend the model checking algorithm to cover the whole language and its extension to CTL*P . Finally, we prove that the logic is undecidable and we discuss consequences of our results on using propositional versions of partial order temporal logics to s...
A compositional framework for faulttolerance by specification transformation
 Theoretical Computer Science
, 1994
"... A verification method for proving the correctness of specification transformations is presented. This makes it possible to prove just once that a specification transformation corresponds to a program transformation, removing the need to prove separately the correctness of each transformed program. K ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
(Show Context)
A verification method for proving the correctness of specification transformations is presented. This makes it possible to prove just once that a specification transformation corresponds to a program transformation, removing the need to prove separately the correctness of each transformed program. Keywords: Parallel Algorithms, Distributed Algorithms, FaultTolerance, Specification, Verification.
A Simple Generalization of Kahn's Principle to Indeterminate Dataflow Networks
 Semantics for Concurrency, Leicester
, 1990
"... Kahn's principle states that if each process in a dataflow network computes a continuous input/output function, then so does the entire network. Moreover, in that case the function computed by the network is the least fixed point of a continuous functional determined by the structure of the net ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
(Show Context)
Kahn's principle states that if each process in a dataflow network computes a continuous input/output function, then so does the entire network. Moreover, in that case the function computed by the network is the least fixed point of a continuous functional determined by the structure of the network and the functions computed by the individual processes. Previous attempts to generalize this principle in a straightforward way to "indeterminate" networks, in which processes need not compute functions, have been either too complex or have failed to give results consistent with operational semantics. In this paper, we give a simple, direct generalization of Kahn's fixedpoint principle to a large class of indeterminate dataflow networks, and we prove that results obtained by the generalized principle are in agreement with a natural operational semantics. 1 Introduction Dataflow networks are a parallel programming paradigm in which a collection of concurrently and asynchronously executing s...
Infinite Behaviour and Fairness in Concurrent Constraint Programming
, 1992
"... In concurrent constraint programming, divergence (i.e. an infinite computation) and failure are often identified. This is undesirable when modelling systems in which infinite behaviour arises naturally. This paper sets out a framework for an axiomatic and denotational view of concurrent constraint p ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
In concurrent constraint programming, divergence (i.e. an infinite computation) and failure are often identified. This is undesirable when modelling systems in which infinite behaviour arises naturally. This paper sets out a framework for an axiomatic and denotational view of concurrent constraint programming, and considers the relationship of both views as an instance of Stone duality. We propose a construction of a constraint system which allows both finite and infinite constraints. Subsequently, we provide semantic, topological definitions of safety, liveness and fairness properties in a given constraint system. The process language considered is parametrized by the constraint system. It allows the actions ask and tell, the prefix operator !, the (angelic) nondeterministic choice operator \Phi, the procedure call p(X), and the concurrency operator k. Keywords: concurrent constraint programming, liveness, fairness, semantic properties. This paper was partly written when the autho...
Petri Nets, Traces, and Local Model Checking
 Proceedings of the 4th International Conference on Algebraic Methodology and Software Technology, Lecture Notes in Computer Science 936, SpringerVerlag
, 1995
"... It has been observed that the behavioural view of concurrent systems that all possible sequences of actions are relevant is too generous; Not all sequences should be considered as likely behaviours. By taking progress fairness assumptions into account one obtains a more realistic behavioural view of ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
It has been observed that the behavioural view of concurrent systems that all possible sequences of actions are relevant is too generous; Not all sequences should be considered as likely behaviours. By taking progress fairness assumptions into account one obtains a more realistic behavioural view of the systems. In this paper we consider the problem of performing model checking relative to this behavioural view. We present a CTLlike logic which is interpreted over the model of concurrent systems labeled 1safe nets. It turns out that Mazurkiewicz trace theory provides a useful setting in which the progress fairness assumptions can be formalized in a natural way. We provide the first, to our knowledge, set of sound and complete tableau rules for a CTLlike logic interpreted under progress fairness assumptions. keywords: fair progress, labeled 1safe nets, local model checking, maximal traces, partial orders, inevitability 1 Introduction Recently attention has focused on behavioural v...
Axiomatizations of Temporal Logics on Trace Systems
 Information Processing Letters 43
, 1996
"... Partial order temporal logics interpreted on trace systems have been shown not to have finitary complete axiomatizations due to the fact that the complexity of their decidability problem is in \Pi 1 1 . This paper gives infinitary complete proof systems for several temporal logics on trace systems ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
Partial order temporal logics interpreted on trace systems have been shown not to have finitary complete axiomatizations due to the fact that the complexity of their decidability problem is in \Pi 1 1 . This paper gives infinitary complete proof systems for several temporal logics on trace systems e.g. Computation Tree Logic with past operators and an essential subset of Interleaving Set Temporal Logic. 1 Introduction Partial order temporal logics are becoming an important formalism used for specification and verification of concurrent systems [KP87, PP94, Pe90, Pe91, PKP91, Re89, Si90]. These logics are more expressive than linear and branching time temporal logics. They allow for expressing and proving important properties of concurrent systems as serializability of database transactions [PP94, PKP91], inevitability under concurrency fairness assumption [Pe90, Pe93a], causal successor [Re89], layering of a program [PP94], snapshots or the concurrency of program segments [PP94, Pe93...
Modelling Component Behaviour with Concurrent Automata
 In Proc. of FESCA’05
, 2005
"... The effective (re)use of components requires languages for the precise description of observable behaviour, along with methods for checking the compatibility of component interfaces in a design. This is even more challenging in the presence of concurrency. In previous work we have considered a setb ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
The effective (re)use of components requires languages for the precise description of observable behaviour, along with methods for checking the compatibility of component interfaces in a design. This is even more challenging in the presence of concurrency. In previous work we have considered a setbased model of components and their composition, in a concurrent setting. In this paper, we present a class of automata, called Σautomata, in which trueconcurrency is treated as an explicit structural property. We show how an automaton can be derived from a component and that every such automaton generates back a component. Apart from determining a usage protocol for the underlying component, this extension to our model provides useful insights on component composition.
On Topological Hierarchies of Temporal Properties
, 1996
"... . The classification of properties of concurrent programs into safety and liveness was first proposed by Lamport [20]. Since then several characterizations of hierarchies of properties have been given, see e.g. [4, 18, 8, 19]; this includes syntactic characterizations (in terms classes of formula ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
. The classification of properties of concurrent programs into safety and liveness was first proposed by Lamport [20]. Since then several characterizations of hierarchies of properties have been given, see e.g. [4, 18, 8, 19]; this includes syntactic characterizations (in terms classes of formulas of logics such as the linear temporal logic) as well as extensional (as sets of computations in some abstract domain). The latter often admits a topological characterization with respect to the natural topologies of the domain of computations. We introduce a general notion of a linear time model of computation which consists of partial and completed computations satisfying certain axioms. The model is endowed with a natural topology. We show that the usual topologies on strings, Mazurkiewicz traces and pomsets arise as special cases. We then introduce a hierarchy of properties including safety, liveness, guarantee, response and persistence properties, and show that our definition ...