Results 1  10
of
83
The Tile Model
 PROOF, LANGUAGE AND INTERACTION: ESSAYS IN HONOUR OF ROBIN MILNER
, 1996
"... In this paper we introduce a model for a wide class of computational systems, whose behaviour can be described by certain rewriting rules. We gathered our inspiration both from the world of term rewriting, in particular from the rewriting logic framework [Mes92], and of concurrency theory: among the ..."
Abstract

Cited by 74 (27 self)
 Add to MetaCart
(Show Context)
In this paper we introduce a model for a wide class of computational systems, whose behaviour can be described by certain rewriting rules. We gathered our inspiration both from the world of term rewriting, in particular from the rewriting logic framework [Mes92], and of concurrency theory: among the others, the structured operational semantics [Plo81], the context systems [LX90] and the structured transition systems [CM92] approaches. Our model recollects many properties of these sources: first, it provides a compositional way to describe both the states and the sequences of transitions performed by a given system, stressing their distributed nature. Second, a suitable notion of typed proof allows to take into account also those formalisms relying on the notions of synchronization and sideeffects to determine the actual behaviour of a system. Finally, an equivalence relation over sequences of transitions is defined, equipping the system under analysis with a concurrent semantics, ...
Action Transducers and Timed Automata
 Formal Aspects of Computing
, 1996
"... The timed automaton model of [LV92, LV93] is a general model for timingbased systems. A notion of timed action transducer is here defined as an automatatheoretic way of representing operations on timed automata. It is shown that two timed trace inclusion relations are substitutive with respect to ..."
Abstract

Cited by 39 (13 self)
 Add to MetaCart
The timed automaton model of [LV92, LV93] is a general model for timingbased systems. A notion of timed action transducer is here defined as an automatatheoretic way of representing operations on timed automata. It is shown that two timed trace inclusion relations are substitutive with respect to operations that can be described by timed action transducers. Examples are given of operations that can be described in this way, and a preliminary proposal is given for an appropriate language of operators for describing timingbased systems.
Compositional Minimisation of Finite State Systems Using Interface Specifications
, 1996
"... We present a method for the compositional construction of the minimal transition system that represents the semantics of a given distributed system. Our aim is to control the state explosion caused by the interleavings of actions of communicating parallel components by reduction steps that exploit g ..."
Abstract

Cited by 39 (7 self)
 Add to MetaCart
(Show Context)
We present a method for the compositional construction of the minimal transition system that represents the semantics of a given distributed system. Our aim is to control the state explosion caused by the interleavings of actions of communicating parallel components by reduction steps that exploit global communication constraints given in terms of interface specifications. The effect of the method, which is developed for bisimulation semantics here, depends on the structure of the distributed system under consideration, and the accuracy of the interface specifications. However, its correctness is independent of the correctness of the interface specifications provided by the program designer.
Analysis of security protocols as open systems
 Theoretical Computer Science
, 2003
"... We propose a methodology for the formal analysis of security protocols. This originates from the observation that the verification of security protocols can be conveniently treated as the verification of open systems, i.e. systems which may have unspecified components. These might be used to represe ..."
Abstract

Cited by 36 (17 self)
 Add to MetaCart
(Show Context)
We propose a methodology for the formal analysis of security protocols. This originates from the observation that the verification of security protocols can be conveniently treated as the verification of open systems, i.e. systems which may have unspecified components. These might be used to represent a hostile environment wherein the protocol runs and whose behavior cannot be predicted a priori. We define a language for the description of security protocols, namely CryptoCCS, and a logical language for expressing their properties. We provide an effective verification method for security protocols which is based on a suitable extension of partial model checking. Indeed, we obtain a decidability result for the secrecy analysis of protocols with a finite number of sessions, bounded message size and new nonce generation.
Partial Model Checking (Extended Abstract)
 In Proceedings, Tenth Annual IEEE Symposium on Logic in Computer Science
, 1995
"... ) Henrik Reif Andersen Department of Computer Science Technical University of Denmark Building 344, DK2800 Lyngby, Denmark. Abstract A major obstacle in applying finitestate model checking to the verification of large systems is the combinatorial explosion of the state space arising when many ..."
Abstract

Cited by 35 (6 self)
 Add to MetaCart
(Show Context)
) Henrik Reif Andersen Department of Computer Science Technical University of Denmark Building 344, DK2800 Lyngby, Denmark. Abstract A major obstacle in applying finitestate model checking to the verification of large systems is the combinatorial explosion of the state space arising when many loosely coupled parallel processes are considered. The problem also known as the stateexplosion problem has been attacked from various sides. This paper presents a new approach based on partial model checking: Parts of the concurrent system are gradually removed while transforming the specification accordingly. When the intermediate specifications constructed in this manner can be kept small, the stateexplosion problem is avoided. Experimental results with a prototype implemented in Standard ML, shows that for Milner's Scheduler  an often used benchmark  this approach improves on the published results on Binary Decision Diagrams and is comparable to results obtained using generalized...
Expressiveness Results for Process Algebras
, 1993
"... The expressive power of process algebras is investigated in a general setting of structural operational semantics. The notion of an effective operational semantics is introduced and it is observed that no effective operational semantics for an enumerable language can specify all effective process ..."
Abstract

Cited by 26 (2 self)
 Add to MetaCart
(Show Context)
The expressive power of process algebras is investigated in a general setting of structural operational semantics. The notion of an effective operational semantics is introduced and it is observed that no effective operational semantics for an enumerable language can specify all effective process graphs up to trace equivalence. A natural class of Plotkin style SOS specifications is identified, containing the guarded versions of calculi like CCS, SCCS, Meije and ACP, and it is proved that any specification in this class induces an effective operational semantics. Using techniques introduced by Bloom, it is shown that for the guarded versions of CCSlike calculi, there is a double exponential bound on the speed with which the number of outgoing transitions in a state can grow. As a corollary of this result it follows that two expressiveness results of De Simone for Meije and SCCS depend in a fundamental way on the use of unguarded recursion. A final result of this paper is that all operators definable via a finite number of rules in a format due to De Simone, are derived operators in the simple process calculus PC. 1991 Mathematics Subject Classification: 68Q05, 68Q10, 68Q55, 68Q75, 03D20. 1991 CR Categories: D.3.1, D.3.3, F.1.1, F.1.2, F.3.2, F.4.1. Keywords & Phrases: process algebra, PC, labeled transition systems, process graphs, effective process graphs, effective operational semantics, structural operational semantics, expressiveness, bisimulation equivalence, trace equivalence, action transducers. Notes: Most of this work was carried out while the author was at the MIT Laboratory for Computer Science, supported by ONR contract N0001485K0168. Part of this work took place in the context of the ESPRIT Basic Research Action 7166, CONCUR2. This p...
A practical technique for process abstraction
 4th Int. Conf. on Concurrency Theory (CONCUR'93), Lecture Notes in Computer Science 715
, 1993
"... Abstract. With algebraic laws a process can be simpli¯ed before verifying its equivalence with another process. Also needed are laws to allow a process to be simpli¯ed before verifying that it satis¯es a temporal logic formula. Most previous work on this problem is based on propertypreserving ma ..."
Abstract

Cited by 23 (1 self)
 Add to MetaCart
(Show Context)
Abstract. With algebraic laws a process can be simpli¯ed before verifying its equivalence with another process. Also needed are laws to allow a process to be simpli¯ed before verifying that it satis¯es a temporal logic formula. Most previous work on this problem is based on propertypreserving mappings between transition systems. The results presented here allow direct simpli¯cation of process terms for some important classes of temporal properties. 1
Bisimilarity of Open Terms
, 2000
"... Traditionally, in process calculi, relations over open terms, i.e., terms with free process variables, are defined as extensions of closedterm relations: two open terms are related if and only if all their closed instantiations are related. Working in the context of bisimulation, in this paper we s ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
Traditionally, in process calculi, relations over open terms, i.e., terms with free process variables, are defined as extensions of closedterm relations: two open terms are related if and only if all their closed instantiations are related. Working in the context of bisimulation, in this paper we study a different approach; we define semantic models for open terms, socalled conditional transition systems, and define bisimulation directly on those models. It turns out that this can be done in at least two different ways, one giving rise to De Simone's formal hypothesis bisimilarity and the other to a variation which we call hypothesispreserving bisimilarity (denoted t fh and t hp, respectively). For open terms, we have (strict) inclusions t fh /t hp / t ci (the latter denoting the standard ``closed instance' ' extension); for closed terms, the three coincide. Each of these relations is a congruence in the usual sense. We also give an alternative characterisation of t hp in terms of nonconditional transitions, as substitutionclosed bisimilarity (denoted t sb). Finally, we study the issue of recursion congruence: we prove that each of the above relations is a congruence with respect to the recursion operator; however, for t ci this result holds under more restrictive conditions than for tfh and thp.]
Cartesian Closed Double Categories, their LambdaNotation, and the PiCalculus
, 1999
"... We introduce the notion of cartesian closed double category to provide mobile calculi for communicating systems with specific semantic models: One dimension is dedicated to compose systems and the other to compose their computations and their observations. Also, inspired by the connection between s ..."
Abstract

Cited by 22 (12 self)
 Add to MetaCart
We introduce the notion of cartesian closed double category to provide mobile calculi for communicating systems with specific semantic models: One dimension is dedicated to compose systems and the other to compose their computations and their observations. Also, inspired by the connection between simply typed calculus and cartesian closed categories, we define a new typed framework, called double notation, which is able to express the abstraction /application and pairing/projection operations in all dimensions. In this development, we take the categorical presentation as a guidance in the interpretation of the formalism. A case study of the ßcalculus, where the double  notation straightforwardly handles name passing and creation, concludes the presentation.