We present a strategy for nding algebraic correctness proofs for communication systems. It is described in the setting of CRL [11], which is, roughly, ACP [2, 3] extended with a formal treatment of the interaction between data and processes. The strategy has already been applied successfully in [4] and [10], but was not explicitly identi ed as such. Moreover, the protocols that were veri ed in these papers were rather complex, so that the general picture was obscured by the amount of details. In this paper, the proof strategy is materialised in the form of de nitions and theorems. These results reduce a large part of protocol veri cation to a number of trivial facts concerning data parameters occurring in implementation and speci cation. This greatly simpli es protocol veri cations and makes our approach amenable to mechanical assistance � experiments in this direction seem promising. The strategy is illustrated by several small examples and one larger example, the Concurrent Alternating Bit Protocol (CABP). Although simple, this protocol contains a large amount ofinternal parallelism, so that all relevant issuesmaketheir appearance.

An often mentioned obstacle for the use of Dempster-Shafer theory for the handling of uncertainty in expert systems is the computational complexity of the theory. One cause of this complexity is the fact that in Dempster-Shafer theory the evidence is represented by a belief function which is induced by a basic probability assignment, i.e. a probability measure on the powerset of possible answers to a question, and not by a probability measure on the set of possible answers to a question, like in a Bayesian approach. In this paper, we define a Bayesian approximation of a belief function and show that combining the Bayesian approximations of belief functions is computationally less involving than combining the belief functions themselves, while in many practical applications replacing the belief functions by their Bayesian approximations will not essentially affect the result.

Abstract. We define a cones and foci proof method, which rephrases the question whether two system specifications are branching bisimilar in terms of proof obligations on relations between data objects. Compared to the original cones and foci method from Groote and Springintveld [22], our method is more generally applicable, and does not require a preprocessing step to eliminate τ-loops. We prove soundness of our approach and give an application. 1

We answer a question of Lambek and Scott (see [LS] p.99) by proving the following: Theorem. Let 9vt be a C-monoid, with C-structure (7t, 7t', £, (_)*, <_,_>). Then there exists a cartesian closed category A with exactly two objects U and T, such that End(U) =!M The construction of. is entirely by hand. The intuitive idea is as follows.!may be viewed as a collection of endomorphisms of a set U. Let T _ { *I be a one-point set; then u- X*.u is a one-to-one correspondence between U and the set of all functions from T to U. Now if. is a cartesian closed category with just U and T for its objects, where T is terminal, then in A we must have Hom(U,U) = Hom(TxU,U) = Hom(T,UU) = _ Hom(T,U); so if we put Hom(U,U) = iM, and like to think of Hom(T,U) as HomSets({*},U), we must have M _ U, as sets. Since it does not matter much what the elements of U are, we take M=U. Then we have functions ft _ k*.f: ku.*:U-{*}, we have (X*.f) o (ku.*) = ku f: U- U. *I- U for every f E U. Composing with o

Partial-order reduction is a well-known technique to cope with the state-space-explosion problem in the verification of concurrent systems. Using the hierarchical structure of concurrent systems, we present an enhancement of the partial-order-reduction scheme of [12, 19]. A prototype of the new algorithm has been implemented on top of the verification tool SPIN. The first experimental results are encouraging.

An axiom system ACP ø lm is presented as a variant of the process algebra ACP (Algebra of Communicating Processes). The acronym ACP ø lm stands for ACP with abstraction, extended with operators and axioms for language matching . Language matching is a technique based on trace information for labelling and cutting off process terms that do not match some given trace (or set of traces). It is shown that in combination with the axioms for action alphabets interesting results are derivable, the most important of which is the Redundancy Theorem 3.3.6, which roughly states that if no trace labels occur in the expression @H (p l k q), where p l is a labelled version of some process p, then it holds that @H (p l k q) = @H (p k q). It is shown that under certain natural conditions a similar result holds when abstraction is applied to p l and p, respectively. As an example the Concurrent Alternating Bit Protocol (CABP) is verified. The CABP is a simple communication protocol, which can be re...

Abstract: We extend the real time process algebra of [BB91a] with the state operator of [BB88]. We show the usefulness of this extension in several examples. We use concepts from (classical) real space process algebra of [BB91b] in order to deal with different locations.

li!mi ill ' d1il

Abstract not found

as UtAech.t ty I, r n tpri n- er es No. 29 Department of Philosophy