Results 1  10
of
12
Coverage Preserving Reduction Strategies for Reachability Analysis
"... We study the effect of three new reduction strategies for conventional reachability analysis, as used in automated protocol validation algorithms. The first two strategies are implementations of partial order semantics rules that attempt to minimize the number of execution sequences that need to be ..."
Abstract

Cited by 58 (8 self)
 Add to MetaCart
We study the effect of three new reduction strategies for conventional reachability analysis, as used in automated protocol validation algorithms. The first two strategies are implementations of partial order semantics rules that attempt to minimize the number of execution sequences that need to be explored for a full state space exploration. The third strategy is the implementation of a state compression scheme that attempts to minimize the amount of memory that is used to built a state space. The three strategies are shown to have a potential for substantially improving the performance of a conventional search. The paper discusses the optimal choices for reducing either run time or memory requirements by four to six times. The strategies can readily be combined with each other and with alternative state space reduction techniques such as supertrace or state space caching methods.
Fair testing
 Concur ’95: Concurrency Theory, volume 962 of Lecture Notes in Computer Science
, 1995
"... In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one base ..."
Abstract

Cited by 58 (0 self)
 Add to MetaCart
In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one based on a De NicolaHennessylike testing modality which we call shouldtesting, and a denotational one based on a refined notion of failures. One of the distinguishing characteristics of the shouldtesting precongruence is that it abstracts from divergences in the same way as Milner’s observation congruence, and as a consequence is strictly coarser than observation congruence. In other words, shouldtesting has a builtin fairness assumption. This is in itself a property long soughtafter; it is in notable contrast to the wellknown musttesting of De Nicola and Hennessy (denotationally characterised by a combination of failures and divergences), which treats divergence as catrastrophic and hence is incompatible with observation congruence. Due to these characteristics, shouldtesting supports modular reasoning and allows to use the proof techniques of observation congruence, but also supports additional laws and techniques.
A Toolbox for the Verification of LOTOS Programs
, 1992
"... This paper presents the tools Ald' ebaran, Caesar, Caesar.adt and Cl' eop atre which constitute a toolbox for compiling and verifying Lotos programs. The principles of these tools are described, as well as their performances and limitations. Finally, the formal verification of the rel/REL atomic mu ..."
Abstract

Cited by 33 (4 self)
 Add to MetaCart
This paper presents the tools Ald' ebaran, Caesar, Caesar.adt and Cl' eop atre which constitute a toolbox for compiling and verifying Lotos programs. The principles of these tools are described, as well as their performances and limitations. Finally, the formal verification of the rel/REL atomic multicast protocol is given as an example to illustrate the practical use of the toolbox. Keywords: reliability, formal methods, Lotos, verification, validation, modelbased methods, modelchecking, transition systems, bisimulations, temporal logics, diagnostics Introduction There is an increasing need for reliable software, which is especially critical in some areas such as communication protocols, distributed systems, realtime control systems, and hardware synthesis systems. It is now agreed that reliability can only be achieved through the use of rigorous design techniques. This has motivated a lot of research on specification formalisms and associated verification methods and tools. Ver...
The Weakest Compositional Semantic Equivalence Preserving Nexttimeless Linear Temporal Logic
 In CONCUR '92, vol. 630 of LNCS
, 1992
"... . Temporal logic model checking is a useful method for verifying properties of finitestate concurrent systems. However, due to the state explosion problem modular methods like compositional minimisation based on semantic congruences are essential in making the verification task manageable. In this ..."
Abstract

Cited by 27 (2 self)
 Add to MetaCart
. Temporal logic model checking is a useful method for verifying properties of finitestate concurrent systems. However, due to the state explosion problem modular methods like compositional minimisation based on semantic congruences are essential in making the verification task manageable. In this paper we show that the socalled CFFDequivalence defined by initial stability, infinite traces, divergence traces and stable failures is exactly the weakest compositional equivalence preserving nexttimeless linear temporal logic with an extra operator distinguishing deadlocks from divergences. Furthermore, a slight modification of CFFD, called the NDFDequivalence, is exactly the weakest compositional equivalence preserving standard nexttimeless linear temporal logic. 1 Introduction Many important correctness considerations of concurrent systems lend themselves to representing the system by a finitestate model, and consequently, to automatic verification. However, due to the stateexplo...
An Application Of Petri Net Reduction For Ada Tasking Deadlock Analysis
, 1996
"... As part of our continuing research on using Petri nets to support automated analysis of Ada tasking behavior, we have investigated the application of Petri net reduction for deadlock analysis. Although reachability analysis is an important method to detect deadlocks, it is in general inefficient or ..."
Abstract

Cited by 23 (6 self)
 Add to MetaCart
As part of our continuing research on using Petri nets to support automated analysis of Ada tasking behavior, we have investigated the application of Petri net reduction for deadlock analysis. Although reachability analysis is an important method to detect deadlocks, it is in general inefficient or even intractable. Net reduction can aid the analysis by reducing the size of the net while preserving relevant properties. We introduce a number of reduction rules and show how they can be applied to Ada nets, which are automatically generated Petri net models of Ada tasking. We define a reduction process and a method by which a useful description of a detected deadlock state can be obtained from the reduced net's information. A reduction tool and experimental results from applying the reduction process are discussed.
An Efficient Verifier of Truly Concurrent Properties
 PROCEEDINGS OF PACT'95, LNCS 964
, 1995
"... We present a parametric tool for the analysis of distributed concurrent systems. Processes are internally represented as proved transition systems. Actually, we use a fragment of them, in which only one transition exits from a node among those mutually concurrent. This permits to have compact repres ..."
Abstract

Cited by 8 (7 self)
 Add to MetaCart
We present a parametric tool for the analysis of distributed concurrent systems. Processes are internally represented as proved transition systems. Actually, we use a fragment of them, in which only one transition exits from a node among those mutually concurrent. This permits to have compact representations that are linear in average with the number of actions in the term of the language that describes the system. Another important property of these compact transition systems is that they preserve truly concurrent bisimulations, that can be checked in average in polynomial time. Parametricity is achieved by resorting to the rich labelling of the transitions encoding the parallel structure of processes. These labels are then "observed" for retrieving the interleaving, causal and locational semantics.
Using TruthPreserving Reductions to Improve the Clarity of KripkeModels
 in CONCUR'91, LNCS
, 1991
"... We present an approach by means of which temporal logic models may be replaced by smaller ones without affecting the truth values of any formulas of a fairly standard lineartime temporal logic without a nexttimeoperator. The main advantage of the approach is the increased readability of a model, a ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
We present an approach by means of which temporal logic models may be replaced by smaller ones without affecting the truth values of any formulas of a fairly standard lineartime temporal logic without a nexttimeoperator. The main advantage of the approach is the increased readability of a model, as we can concentrate on some features of the model and hide irrelevant details. Two other advantages are the potential for increased modelchecking speed, and the inherent compositionality of the method. Our method is based on the observation that instead of recording the truth values of atomic propositions in the states of a model, it is enough to record the truth values in the initial state of the model and attach to each transition a label telling how the truth values of the atomic propositions change when that transition is taken. This allows us to handle a temporal logic model as a labelled transition system and apply processalgebraic reduction methods to it. Specifically, it is noted ...
A Compact Representation of Finite State Processes
, 1993
"... We generate in SOS style compact representations of finite state concurrent processes. The representation of a possibly recursive process with n actions requires O(n) space in average. Our starting point are proved transition systems, that record in the labels of transitions their proofs. The concu ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
We generate in SOS style compact representations of finite state concurrent processes. The representation of a possibly recursive process with n actions requires O(n) space in average. Our starting point are proved transition systems, that record in the labels of transitions their proofs. The concurrency and conflict relation on the transitions of a term are derived from labels and are used to discard some transitions. In the compact transition system, all the paths originated by the possible interleavings of concurrent actions are represented by at least one path, actually a single one if all the actions are visible and there is no autoconcurrency. The generation of the compact transition system is correct, because the complete one can be retrieved from it. Finally, it is shown that our reduction preserves bisimulations when applied to truly concurrent models, thus giving evidence that these representations may be more economic than the interleaving ones. The compact representation o...
The Successes and Failures of Behavioural Models
 In Millennial Perspectives in Computer Science, Palgrave
, 2000
"... We examine the advantages and disadvantages of modelling concurrent processes in the style of Hoare, where a process is modelled as a set of relatively simple behavioours, as opposed to modelling them as transition systems. A special study is made of the way these two theories handle the topic of no ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
We examine the advantages and disadvantages of modelling concurrent processes in the style of Hoare, where a process is modelled as a set of relatively simple behavioours, as opposed to modelling them as transition systems. A special study is made of the way these two theories handle the topic of noninterference from computer security. 1
Failurebased Congruences, Unfair Divergences and New Testing Theory
, 1994
"... ion of Unstable Divergence (FAUD) presented in [BKO 87]. This terminology will be explained later. Propositions 3.3 (i) FAUD is a preorder (i.e. a reflexive and transitive relation) 1 The `(un)fair' or `(un)stable' attributes of divergences will be defined and explained later. Failurebased Congru ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
ion of Unstable Divergence (FAUD) presented in [BKO 87]. This terminology will be explained later. Propositions 3.3 (i) FAUD is a preorder (i.e. a reflexive and transitive relation) 1 The `(un)fair' or `(un)stable' attributes of divergences will be defined and explained later. Failurebased Congruences, Unfair Divergences and New Testing Theory 6 (ii) P 1 = FAUD P 2 iff P 1 FAUD P 2 P 2 FAUD P 1 (iii) All LOTOS operators are monotonic w.r.t. FAUD , i.e. FAUD is a precongruence. (iv) = FAUD is a congruence The proofs of (i) and (ii) are obvious. The proof of (iii) can found in [VaT 91], and (iv) is derived directly from (iii). The next propositions will clearly indicate that the differences between FAUD and cred, = FAUD and tc only appear on divergent processes. Propositions 3.4 For convergent processes, FAUD = cred, = FAUD = tc. Note that for divergent processes these relations are not comparable (see figure 3 for an illustration of = FAUD tc). i a i a i i a tc tc / P 1 P ...