Results 1  10
of
36
Software Specification: A Comparison of Formal Methods
, 2001
"... Data Types and Software Validation ," Communications of the ACM, Vol. 21, No. 12, 1978, pp. 10481064. ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
Data Types and Software Validation ," Communications of the ACM, Vol. 21, No. 12, 1978, pp. 10481064.
Foundations of a Theory of Specification for Distributed Systems
, 1984
"... This thesis investigates a particular approach, called statetransition specification, to the problem of describing the behavior of modules in a distributed or concurrent computer ,stem. A statetransition specification consists off (1) a state machine, which incorporates the safety or invariance pr ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
This thesis investigates a particular approach, called statetransition specification, to the problem of describing the behavior of modules in a distributed or concurrent computer ,stem. A statetransition specification consists off (1) a state machine, which incorporates the safety or invariance properties of the module, and (2) validity conditions on the computations of the machine, which'capture the desired liveness or eventu;lity properties. The theory and techniques of state. transition specification are developed'from first principles to a point at which it is possible to write example sPeCificatiOns,'to checkthe Specifications for coraiatency, and to perform correctlse examples.
Branching vs. linear time – semantical perspective
 In Proc. 5th Int’l Symp. on ATVA, LNCS 4762
"... Abstract. The discussion in the computerscience literature of the relative merits of linear versus branchingtime frameworks goes back to early 1980s. One of the beliefs dominating this discussion has been that the lineartime framework is not expressive enough semantically, making lineartime log ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
Abstract. The discussion in the computerscience literature of the relative merits of linear versus branchingtime frameworks goes back to early 1980s. One of the beliefs dominating this discussion has been that the lineartime framework is not expressive enough semantically, making lineartime logics lacking in expressiveness. In this work we examine the branchinglinear issue from the perspective of process equivalence, which is one of the most fundamental notions in concurrency theory, as defining a notion of process equivalence essentially amounts to defining semantics for processes. Over the last three decades numerous notions of process equivalence have been proposed. Researchers in this area do not anymore try to identify the “right ” notion of equivalence. Rather, focus has shifted to providing taxonomic frameworks, such as “the linearbranching spectrum”, for the many proposed notions and trying to determine suitability for different applications. We revisit this issue here from a fresh perspective. We postulate three principles that we view as fundamental to any discussion of process equivalence. First, we borrow from research in denotational semantics and take contextual equivalence as the primary notion of equivalence. This eliminates many testing scenarios as either too strong or too weak. Second, we require the description of a process to fully specify all relevant behavioral aspects of the process. Finally, we require observable process behavior to be reflected in its input/output behavior. Under these postulates the distinctions between the linear and branching semantics tend to evaporate. As an example, we apply these principles to the framework of transducers, a classical notion of statebased processes that dates back to the 1950s and is well suited to hardware modeling. We show that our postulates result in a unique notion of process equivalence, which is trace based, rather than tree based. 1
Propositional Temporal Logics and Equivalences
 the Proc. of CONCUR
, 1992
"... We compare propositional temporal logics by comparing the equivalences that they induce on models. Linear time, branching time and partial order temporal logics are considered. The logics are interpreted on occurrence transition systems, generated by labelled prime event structures without autoco ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
We compare propositional temporal logics by comparing the equivalences that they induce on models. Linear time, branching time and partial order temporal logics are considered. The logics are interpreted on occurrence transition systems, generated by labelled prime event structures without autoconcurrency. The induced equivalences are also compared to directly defined equivalences, e.g., history preserving bisimulation, pomset bisimulation, pomset trace equivalence, and others. It is then shown which of the induced equivalences are and which are not preserved under action refinement. Rather unexpectedly, the addition of the backward next step operator to the weakest logic considered yields a logic stronger than all others. It is shown that weak history preserving bisimulation can be obtained as the equivalence induced by a slightly constrained version of that logic. 1 Introduction Currently a lot of formalisms to describe concurrent computations exist. Even only regarding ...
Hyperproperties
, 2008
"... Properties, which have long been used for reasoning about systems, are sets of traces. Hyperproperties, introduced here, are sets of properties. Hyperproperties can express security policies, such as secure information flow, that properties cannot. Safety and liveness are generalized to hyperpropert ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Properties, which have long been used for reasoning about systems, are sets of traces. Hyperproperties, introduced here, are sets of properties. Hyperproperties can express security policies, such as secure information flow, that properties cannot. Safety and liveness are generalized to hyperproperties, and every hyperproperty is shown to be the intersection of a safety hyperproperty and a liveness hyperproperty. A verification technique for safety hyperproperties is given and is shown to generalize prior techniques for verifying secure information flow. Refinement is shown to be valid for safety hyperproperties. A topological characterization of hyperproperties is given. 1
I Do Declare: Consensus in a Logic Language ∗
"... The Paxos consensus protocol can be specified concisely, but is notoriously difficult to implement in practice. We recount our experience building Paxos in Overlog, a distributed declarative programming language. We found that the Paxos algorithm is easily translated to declarative logic, in large p ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
The Paxos consensus protocol can be specified concisely, but is notoriously difficult to implement in practice. We recount our experience building Paxos in Overlog, a distributed declarative programming language. We found that the Paxos algorithm is easily translated to declarative logic, in large part because the primitives used in consensus protocol specifications map directly to simple Overlog constructs such as aggregation and selection. We discuss the programming idioms that appear frequently in our implementation, and the applicability of declarative programming to related application domains. 1.
A model checking verification environment for UML Statecharts
 IN: PROCEEDINGS OF XLIII CONGRESSO
, 2005
"... In this paper we present the state/eventbased temporal logic µUCTL which is a logic oriented towards a natural description of dynamic properties of UML models. This logic allows to specify the basic properties that a runtime system configuration should satisfy and to combine these basic predicates ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
In this paper we present the state/eventbased temporal logic µUCTL which is a logic oriented towards a natural description of dynamic properties of UML models. This logic allows to specify the basic properties that a runtime system configuration should satisfy and to combine these basic predicates with logic and temporal operators which allow to take into consideration also the events performed by the system when evolving from one system configuration to another. Doubly Labelled Transition Systems are the semantic domain for µUCTL. The logic is supported by a prototypical verification environment under development at ISTI built around the ”on the fly” UMC model checker.
From Philosophical to Industrial Logics ⋆
"... Abstract. One of the surprising developments in the area of program verification is how ideas introduced by logicians in the early part of the 20th Century ended up yielding by the 21 Century industrialstandard propertyspecification languages. This development was enabled by the equally unlikely t ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
Abstract. One of the surprising developments in the area of program verification is how ideas introduced by logicians in the early part of the 20th Century ended up yielding by the 21 Century industrialstandard propertyspecification languages. This development was enabled by the equally unlikely transformation of the mathematical machinery of automata on infinite words, introduced in the early 1960s for secondorder logic, into effective algorithms for modelchecking tools. This paper attempts to trace the tangled threads of this development.
Robust Satisfaction
, 1999
"... In order to check whether an open system satisfies a desired property, we need to check the behavior of the system with respect to an arbitrary environment. In the most general setting, the environment is another open system. Given an open system � and a property � , we say that � robustly satisfie ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
In order to check whether an open system satisfies a desired property, we need to check the behavior of the system with respect to an arbitrary environment. In the most general setting, the environment is another open system. Given an open system � and a property � , we say that � robustly satisfies � iff for every open system �� � , which serves as an environment to � , the composition ���� � � satisfies �. The problem of robust model checking is then to decide, given � and � , whether � robustly satisfies �. In this paper we study the robustmodelchecking problem. We consider systems modeled by nondeterministic Moore machines, and properties specified by branching temporal logic (for linear temporal logic, robust satisfaction coincides with usual satisfaction). We show that the complexity of the problem is EXPTIMEcomplete for CTL and the �calculus, and is 2EXPTIMEcomplete for CTL �. We partition branching temporal logic formulas into three classes: universal, existential, and mixed formulas. We show that each class has different sensitivity to the robustness requirement. In particular, unless the formula is mixed, robust model checking can ignore nondeterministic environments. In addition, we show that the problem of classifying a CTL formula into these classes is EXPTIMEcomplete.