Results 1 
6 of
6
Interface Automata
 Proceedings of the Ninth Annual Symposium on Foundations of Software Engineering (FSE), ACM
, 2001
"... Conventional type systems specify interfaces in terms of values and domains. ..."
Abstract

Cited by 373 (22 self)
 Add to MetaCart
Conventional type systems specify interfaces in terms of values and domains.
Interface Theories for Componentbased Design
, 2001
"... We classify componentbased models of computation into component models and interface models. A component model specifies for each component how the component behaves in an arbitrary environment; an interface model specifies for each component what the component expects from the environment. ..."
Abstract

Cited by 120 (17 self)
 Add to MetaCart
We classify componentbased models of computation into component models and interface models. A component model specifies for each component how the component behaves in an arbitrary environment; an interface model specifies for each component what the component expects from the environment.
Symbolic Algorithms for InfiniteState Games
, 2001
"... A procedure for the analysis of state spaces is called symbolic if it manipulates not individual states, but sets of states that are represented by constraints. Such a procedure can be used for the analysis of infinite state spaces, provided termination is guaranteed. We present symbolic procedures, ..."
Abstract

Cited by 44 (6 self)
 Add to MetaCart
A procedure for the analysis of state spaces is called symbolic if it manipulates not individual states, but sets of states that are represented by constraints. Such a procedure can be used for the analysis of infinite state spaces, provided termination is guaranteed. We present symbolic procedures, and corresponding termination criteria, for the solution of infinitestate games, which occur in the control and modular verification of infinitestate systems. To characterize the termination of symbolic procedures for solving infinitestate games, we classify these game structures into four increasingly restrictive categories: 1. Class 1 consists of infinitestate structures for which all safety and reachability games can be solved...
Rectangular Hybrid Games
 In CONCUR 99, LNCS 1664
, 1999
"... In order to study control problems for hybrid systems, we generalize hybrid automata to hybrid games  say, controller vs. plant. If we specify the continuous dynamics by constant lower and upper bounds, we obtain rectangular games. We show that for rectangular games with objectives expressed in Lt ..."
Abstract

Cited by 33 (4 self)
 Add to MetaCart
(Show Context)
In order to study control problems for hybrid systems, we generalize hybrid automata to hybrid games  say, controller vs. plant. If we specify the continuous dynamics by constant lower and upper bounds, we obtain rectangular games. We show that for rectangular games with objectives expressed in Ltl (linear temporal logic), the winning states for each player can be computed, and winning strategies can be synthesized. Our result is sharp, as already reachability is undecidable for generalizations of rectangular systems, and optimal  singly exponential in the size of the game structure and doubly exponential in the size of the Ltl objective. Our proof systematically generalizes the theory of hybrid systems from automata (singleplayer structures) [9] to games (multiplayer structures): we show that the successively more general infinitestate classes of timed, 2d rectangular, and rectangular games induce successively weaker, but still finite, quotient structures called game bisimilarity, game similarity, and game trace equivalence. These quotients can be used, in particular, to solve the Ltl control problem.
Abstract interpretation of game properties
 In SAS 2000: Intertional Symposium on Static Analysis, Lecture Notes in Computer Science
, 2000
"... Abstract. We apply the theory of abstract interpretation to the veri cation of game properties for reactive systems. Unlike properties expressed in standard temporal logics, game properties can distinguish adversarial from collaborative relationships between the processes of a concurrent program, or ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We apply the theory of abstract interpretation to the veri cation of game properties for reactive systems. Unlike properties expressed in standard temporal logics, game properties can distinguish adversarial from collaborative relationships between the processes of a concurrent program, or the components of a parallel system. We consider twoplayer concurrent games say, component vs. environment  and specify properties of such games say, the component has a winning strategy to obtain a resource, no matter how the environment behaves in the alternatingtimecalculus (A). A sound abstraction of such a game must at the same time restrict the behaviors of the component and increase the behaviors of the environment: if a less powerful component can win against a more powerful environment, then surely the original component can win against the original environment. We formalize the concrete semantics of a concurrent game in terms of controllable and uncontrollable predecessor predicates, which su ce for
Integrating Model Checking and Deduction for Rebeca
"... Rebeca is an actorbased language for modeling concurrent and distributed systems. Its Javalike syntax makes it easytouse for practitioners and its formal foundation is a basis to make di erent formal veri cation approaches applicable. Compositional veri cation and abstraction techniques are used ..."
Abstract
 Add to MetaCart
(Show Context)
Rebeca is an actorbased language for modeling concurrent and distributed systems. Its Javalike syntax makes it easytouse for practitioners and its formal foundation is a basis to make di erent formal veri cation approaches applicable. Compositional veri cation and abstraction techniques are used in formal veri cation of Rebeca models to overcome state explosion problems. The main contribution of this paper is to show how model checking and deduction are integrated for verifying certain properties of these models. Deduction is used to prove that abstraction techniques preserve a set of behavioral speci cations in temporal logic and is also used in applying the compositional veri cation approach, on the basis of the model checked components.