Results 11  20
of
75
Modelchecking processes with data
 In Science of Computer Programming
, 2005
"... We propose a procedure for automatically verifying properties (expressed in an extension of the modal µcalculus) over processes with data, specified in µCRL. We first briefly review existing work, such as the theory of µCRL and we discuss the logic, called first order modal µcalculus in more detai ..."
Abstract

Cited by 14 (5 self)
 Add to MetaCart
(Show Context)
We propose a procedure for automatically verifying properties (expressed in an extension of the modal µcalculus) over processes with data, specified in µCRL. We first briefly review existing work, such as the theory of µCRL and we discuss the logic, called first order modal µcalculus in more detail. Then, we introduce the formalism of first order boolean equation systems and focus on several lemmata that are at the basis of the soundness of our decision procedure. We discuss our findings on three nontrivial applications for a prototype implementation of this procedure. The results show that our prototype can deal with quite complex and interesting properties and systems, showing the efficacy of the approach.
From μCRL to mCRL2  Motivation and Outline
, 2006
"... We sketch the language mCRL2, the successor of μCRL, which is a process algebra with data, devised in 1990 to model and study the behaviour of interacting programs and systems. The language is improved in several respects guided by the experience obtained from numerous applications where realistic s ..."
Abstract

Cited by 14 (8 self)
 Add to MetaCart
We sketch the language mCRL2, the successor of μCRL, which is a process algebra with data, devised in 1990 to model and study the behaviour of interacting programs and systems. The language is improved in several respects guided by the experience obtained from numerous applications where realistic systems have been modelled and analysed. Just as with μCRL, the leading principle is to provide a minimal set of primitives that allow effective specifications, that conform to standard mathematics and that allow datatypes have been enhanced with higherorder constructs and standard data types, ranging from booleans, numbers and lists to sets, bags and higherorder function types. In the second place multiactions have been introduced to allow a seamless integration with Petri nets. In the last place communication is made local to enable compositionality.
Calculating τConfluence Compositionally
 in ComputerAided Verification (CAV 2003), in Lecture Notes in Computer Science
, 2003
"... Abstract. τconfluence is a reduction technique used in enumerative modelchecking of labeled transition systems to avoid the state explosion problem. In this paper, we propose a new onthefly algorithm to calculate partial τconfluence, and propose new techniques to do so on large systems in a com ..."
Abstract

Cited by 12 (9 self)
 Add to MetaCart
Abstract. τconfluence is a reduction technique used in enumerative modelchecking of labeled transition systems to avoid the state explosion problem. In this paper, we propose a new onthefly algorithm to calculate partial τconfluence, and propose new techniques to do so on large systems in a compositional manner. Using information inherent in the way a large system is composed of smaller systems, we show how we can deduce partial τconfluence in a computationally cheap manner. Finally, these techniques are applied to a number of case studies, including the rel/REL atomic multicast protocol. 1
Partial Order Reductions using Compositional Confluence Detection
 16TH INTERNATIONAL SYMPOSIUM ON FORMAL METHODS FM'2009
, 2009
"... Explicit state methods have proven useful in verifying safetycritical systems containing concurrent processes that run asynchronously and communicate. Such methods consist of inspecting the states and transitions of a graph representation of the system. Their main limitation is state explosion, wh ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
Explicit state methods have proven useful in verifying safetycritical systems containing concurrent processes that run asynchronously and communicate. Such methods consist of inspecting the states and transitions of a graph representation of the system. Their main limitation is state explosion, which happens when the graph is too large to be stored in the available computer memory. Several techniques can be used to palliate state explosion, such as onthefly verification, compositional verification, and partial order reductions. In this paper, we propose a new technique of partial order reductions based on compositional confluence detection (Ccd), which can be combined with the techniques mentioned above. Ccd is based upon a generalization of the notion of confluence defined by Milner and exploits the fact that synchronizing transitions that are confluent in the individual processes yield a confluent transition in the system graph. It thus consists of analysing the transitions of the individual process graphs and the synchronization structure to identify such confluent transitions compositionally. Under some additional conditions, the confluent transitions can be given priority over the other transitions, thus enabling graph reductions. We propose two such additional conditions: one ensuring that the generated graph is equivalent to the original system graph modulo branching bisimulation, and one ensuring that the generated graph contains the same deadlock states as the original system graph. We also describe how Ccdbased reductions were implemented in the Cadp toolbox, and present examples and a case study in which adding Ccd improves reductions with respect to compositional verification and other partial order reductions.
Dynamic Consistency in Process Algebra: From Paradigm to ACP
, 2010
"... The coordination modelling language Paradigm addresses collaboration between components in terms of dynamic constraints. Within a Paradigm model, component dynamics are consistently specified at various levels of abstraction. The operational semantics of Paradigm is given. For a large, general subcl ..."
Abstract

Cited by 8 (6 self)
 Add to MetaCart
The coordination modelling language Paradigm addresses collaboration between components in terms of dynamic constraints. Within a Paradigm model, component dynamics are consistently specified at various levels of abstraction. The operational semantics of Paradigm is given. For a large, general subclass of Paradigm models a translation into process algebra is provided. Once expressed in process algebra, relying on a correctness result, Paradigm models are amenable to process algebraic reasoning and to verification via the mCRL2 toolset. Examples of a scheduling problem illustrate the approach.
Hybrid Transition Systems
"... this report. In practice, often the discrete part of a hybrid system is described and analysed using methods from computer science, while the continuous part is handled by control science. Because the analysis of the interaction between the discrete and continuous part is extremely difficult, the d ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
this report. In practice, often the discrete part of a hybrid system is described and analysed using methods from computer science, while the continuous part is handled by control science. Because the analysis of the interaction between the discrete and continuous part is extremely difficult, the design of the complete system is usually such that this interaction is suppressed to a minimum. This is the main *This work was financed by Progress/STW Grant EES5173 reason for the development of a theory on hybrid systems. If we can obtain more insight in the interaction between discrete and continuous behaviour, we can get rid of the current restrictions on the design of a hybrid system. In the remainder of this report, system theory, automata theory and process theory, are referred to as classical theories, as opposed to combinations of those in hybrid theories. Our ultimate goal is a syntactical algebraic structure that can serve as a modeling framework for hybrid systems and in which we can do symbolic analysis. As will become clear in the next section, such an algebra should have an underlying mathematical structure that reflects the meaning of the algebraic operators. This underlying structure must be intuitive from both a control science and a computer science point of view
PartialOrder Process Algebra (and its Relation to Petri Nets)
 Handbook of Process Algebra. Elsevier Science
, 2000
"... To date, many different formalisms exist for describing and analyzing the behavior of concurrent systems. Petri nets and process algebras are two wellknown classes of such formalisms. Petrinet theory is well suited for reasoning about concurrent systems in a partialorder framework; it handles c ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
To date, many different formalisms exist for describing and analyzing the behavior of concurrent systems. Petri nets and process algebras are two wellknown classes of such formalisms. Petrinet theory is well suited for reasoning about concurrent systems in a partialorder framework; it handles causal relationships between actions of concurrent systems in an explicit way. Process algebras, on the other hand, often provide a totalorder framework, which means that information about causalities is not always accurate. This chapter illustrates how to develop a partialorder process algebra in the style of ACP. It is shown how to extend such an algebraic theory with a causality mechanism inspired by Petrinet theory. In addition, the chapter clarifies the concepts of interleaving and noninterleaving process algebra; totalorder semantics for concurrent systems are often incorrectly referred to as interleaving semantics. Key words: process algebra  Petri nets  concurrency  ...
Verified design of an automated parking garage
 Formal Methods: Applications and Technology
, 2007
"... Abstract. Parking garages that stow and retrieve cars automatically are becoming viable solutions for parking shortages. However, these are complex systems and a number of severe incidents involving such garages have been reported. Many of these are related to safety issues in software. We apply ver ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Parking garages that stow and retrieve cars automatically are becoming viable solutions for parking shortages. However, these are complex systems and a number of severe incidents involving such garages have been reported. Many of these are related to safety issues in software. We apply verification techniques to develop a software design for an automated parking garage. This design meets a number of safety requirements. We provide a software architecture that allows one to split implementation, safety and algorithmic aspects of the software. Consequently, we give a highlevel description of the safety aspects and verify a number of safety requirements on this model. Also, we briefly discuss how this analysis is simplified by using a custom visualization tool. 1
Architecting security with Paradigm
 Architecting Dependable Systems VI
"... Abstract. For large security systems a clear separation of concerns is achieved through architecting. Particularly the dynamic consistency between the architectural components should be addressed, in addition to individual component behaviour. In this paper, relevant dynamic consistency is specified ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
Abstract. For large security systems a clear separation of concerns is achieved through architecting. Particularly the dynamic consistency between the architectural components should be addressed, in addition to individual component behaviour. In this paper, relevant dynamic consistency is specified through Paradigm, a coordination modeling language based on dynamic constraints. As it is argued, this fits well with security issues. A smaller example introduces the architectural approach towards implementing security policies. A larger casestudy illustrates the use of Paradigm in analyzing the FOO voting scheme. In addition, translating the Paradigm models into process algebra brings model checking within reach. Security properties of the examples discussed, are formally verified with the model checker mCRL2. 1
Action and predicate safety of hybrid processes
, 2004
"... Safety, put simply, means that a certain property, which is considered bad, does not hold at any time, during any of the possible executions of a system. The analysis of safety properties of a model of a system, is an important way to study correctness of a design or implementation. A famous example ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
Safety, put simply, means that a certain property, which is considered bad, does not hold at any time, during any of the possible executions of a system. The analysis of safety properties of a model of a system, is an important way to study correctness of a design or implementation. A famous example is that, when studying a design of a nuclear plant, one might want to verify that