Results 1  10
of
120
The Compositional Security Checker: A Tool for the Verification of Information Flow Security Properties
 IEEE TRANSACTIONS ON SOFTWARE ENGINEERING
, 1996
"... ..."
Model Checking Mobile Processes
, 1993
"... We introduce a temporal logic for the polyadic ßcalculus based on fixed point extensions of HennessyMilner logic. Features are added to account for parametrisation, generation, and passing of names, including the use, following Milner, of dependent sum and product to account for (unlocalised) inpu ..."
Abstract

Cited by 63 (11 self)
 Add to MetaCart
We introduce a temporal logic for the polyadic ßcalculus based on fixed point extensions of HennessyMilner logic. Features are added to account for parametrisation, generation, and passing of names, including the use, following Milner, of dependent sum and product to account for (unlocalised) input and output, and explicit parametrisation on names using lambdaabstraction and application. The latter provides a single name binding mechanism supporting all parametrisation needed. A proof system and decision procedure is developed based on Stirling and Walker's approach to model checking the modal ¯calculus using constants. One difficulty, for both conceptual and efficiencybased reasons, is to avoid the explicit use of the !rule for parametrised processes. A key idea, following Hennessy and Lin's approach to deciding bisimulation for certain types of valuepassing processes, is the relativisation of correctness assertions to conditions on names. Based on this idea a proof system and ...
Bisimulation for higherorder process calculi
 INFORMATION AND COMPUTATION
, 1996
"... A higherorder process calculus is a calculus for communicating systems which contains higherorder constructs like communication of terms. We analyse the notion of bisimulation in these calculi. We argue that both the standard definition of bisimulation (i.e., the one for CCS and related calculi), ..."
Abstract

Cited by 62 (5 self)
 Add to MetaCart
A higherorder process calculus is a calculus for communicating systems which contains higherorder constructs like communication of terms. We analyse the notion of bisimulation in these calculi. We argue that both the standard definition of bisimulation (i.e., the one for CCS and related calculi), as well as higherorder bisimulation [E. Astesiano,
A Calculus of Broadcasting Systems
 SCIENCE OF COMPUTER PROGRAMMING
, 1991
"... CBS is a simple and natural CCSlike calculus where processes speak one at a time and are heard instantaneously by all others. Speech is autonomous, contention between speakers being resolved nondeterministically, but hearing only happens when someone else speaks. Observationally meaningful laws dif ..."
Abstract

Cited by 61 (8 self)
 Add to MetaCart
CBS is a simple and natural CCSlike calculus where processes speak one at a time and are heard instantaneously by all others. Speech is autonomous, contention between speakers being resolved nondeterministically, but hearing only happens when someone else speaks. Observationally meaningful laws differ from those of CCS. The change from handshake communication in CCS to broadcast in CBS permits several advances. (1) Priority, which attaches only to autonomous actions, is simply added to CBS in contrast to CCS, where such actions are the result of communication. (2) A CBS simulator runs a process by returning a list of values it broadcasts. This permits a powerful combination, CBS with the host language. It yields several elegant algorithms. Only processes with a unique response to each input are needed in practice, so weak bisimulation is a congruence. (3) CBS subsystems are interfaced by translators; by mapping messages to silence, these can restrict hearing and hide speech. Reversi...
Explicit Fusions
, 2000
"... We introduce explicit fusions of names. An explicit fusion is a process that exists concurrently with the rest of the system and enables two names to be used interchangeably. Explicit fusions provide a smallstep account of reaction in process calculi such as the pi calculus and the fusion calcu ..."
Abstract

Cited by 50 (7 self)
 Add to MetaCart
We introduce explicit fusions of names. An explicit fusion is a process that exists concurrently with the rest of the system and enables two names to be used interchangeably. Explicit fusions provide a smallstep account of reaction in process calculi such as the pi calculus and the fusion calculus. In this respect they are similar to the explicit substitutions of Abadi, Cardelli and Curien, which do the same for the lambda calculus. In this paper, we give a technical foundation for explicit fusions. We present the piF calculus, a simple process calculus with explicit fusions, and define a strong bisimulation congruence. We study the embeddings of the fusion calculus and the pi calculus. The former is fully abstract with respect to bisimulation.
Algebraic Theories for NamePassing Calculi
, 1996
"... In a theory of processes the names are atomic data items which can be exchanged and tested for identity. A wellknown example of a calculus for namepassing is the πcalculus, where names additionally are used as communication ports. We provide complete axiomatisations of late and early bisimulation ..."
Abstract

Cited by 41 (10 self)
 Add to MetaCart
In a theory of processes the names are atomic data items which can be exchanged and tested for identity. A wellknown example of a calculus for namepassing is the πcalculus, where names additionally are used as communication ports. We provide complete axiomatisations of late and early bisimulation equivalences in such calculi. Since neither of the equivalences is a congruence we also axiomatise the corresponding largest congruences. We consider a few variations of the signature of the language; among these, a calculus of deterministic processes which is reminiscent of sequential functional programs with a conditional construct. Most of our axioms are shown to be independent. The axiom systems differ only by a few simple axioms and reveal the similarities and the symmetries of the calculi and the equivalences.
A symbolic semantics and bisimulation for Full LOTOS
 PROC. FORMAL TECHNIQUES FOR NETWORKED AND DISTRIBUTED SYSTEMS (FORTE XIV
, 2001
"... A symbolic semantics for Full LOTOS in terms of symbolic transition systems is defined; the semantics extends the standard one by giving meaning to symbolic, or (data) parameterised processes. Symbolic bisimulation is defined and illustrated with reference to examples. The approachtaken follows that ..."
Abstract

Cited by 32 (6 self)
 Add to MetaCart
A symbolic semantics for Full LOTOS in terms of symbolic transition systems is defined; the semantics extends the standard one by giving meaning to symbolic, or (data) parameterised processes. Symbolic bisimulation is defined and illustrated with reference to examples. The approachtaken follows that applied to message passing CCS in [HL95], but differs in several significant aspects, taking account of the particular features of LOTOS: multiway synchronisation, value negotiation, selection predicates.
History Dependent Automata
, 2001
"... In this paper we present historydependent automata (HDautomata in brief). They are an extension of ordinary automata that overcomes their limitations in dealing with historydependent formalisms. In a historydependent formalism the actions that a system can perform carry information generated i ..."
Abstract

Cited by 29 (8 self)
 Add to MetaCart
In this paper we present historydependent automata (HDautomata in brief). They are an extension of ordinary automata that overcomes their limitations in dealing with historydependent formalisms. In a historydependent formalism the actions that a system can perform carry information generated in the past history of the system. The most interesting example is calculus: channel names can be created by some actions and they can then be referenced by successive actions. Other examples are CCS with localities and the historypreserving semantics of Petri nets. Ordinary
Timing and Causality in Process Algebra
 Acta Informatica
, 1992
"... . There has been considerable controversy in concurrency theory between the `interleaving' and `true concurrency' schools. The former school advocates associating a transition system with a process which captures concurrent execution via the interleaving of occurrences; the latter adopts more comple ..."
Abstract

Cited by 27 (0 self)
 Add to MetaCart
. There has been considerable controversy in concurrency theory between the `interleaving' and `true concurrency' schools. The former school advocates associating a transition system with a process which captures concurrent execution via the interleaving of occurrences; the latter adopts more complex semantic structures to avoid reducing concurrency to interleaving. In this paper we show that the two approaches are not irreconcilable. We define a timed process algebra where occurrences are associated with intervals of time, and give it a transition system semantics. This semantics has many of the advantages of the interleaving approach; the algebra admits an expansion theorem, and bisimulation semantics can be used as usual. Our transition systems, however, incorporate timing information, and this enables us to express concurrency: merely adding timing appropriately generalises transition systems to asynchronous transition systems, showing that time gives a link between true concurrenc...
Symbolic Transition Graph with Assignment
, 1996
"... A new model for messagepassing processes is proposed which generalizes the notion of symbolic transition graph as introduced in [HL95], by allowing assignments to be carried in transitions. The main advantage of this generalization is that a wider class of processes can be represented as finite sta ..."
Abstract

Cited by 27 (2 self)
 Add to MetaCart
A new model for messagepassing processes is proposed which generalizes the notion of symbolic transition graph as introduced in [HL95], by allowing assignments to be carried in transitions. The main advantage of this generalization is that a wider class of processes can be represented as finite state graphs. Two kinds of operational semantics, ground and symbolic, are given to such graphs. On top of them both ground and symbolic bisimulations are defined and are shown to agree with each other.