We propose a language for testing concurrent processes and examine its strength in terms of the processes that are distinguished by a test. By using probabilistic transition systems as the underlying semantic model, we show how a testing algorithm can distinguish, with a probability arbitrarily close to one, between processes that are not bisimulation equivalent. We also show a similar result (in a slightly stronger form) for a new process relation called $-bisimulation-which lies strictly between that of simulation and bisimulation. Finally, the ultimately strength of the testing language is shown to identify a new process relation called probabilistic bisimulation-which is strictly stronger than bisimulation. li? 1991 Academic Press. Inc. 1.

Substantial experience with the use of formal specification languages in the design of distributed systems has shown that finding appropriate structures for formal specifications presents a serious, and often underestimated problem. Its solutions are of great importance for ensuring the quality of the various designs that need to be developed at different levels of abstraction along the design trajectory of a system. This paper introduces four specification styles that allow to structure formal specifications in different ways: the monolithic, the constraint-oriented, the state-oriented, and the resource-oriented style. These styles have been selected on the basis of their suitability to express design concerns by structuring specifications and their suitability to pursue qualitative design principles such as generality, orthogonality, and open-endedness. By giving a running example, a queryanswer service, in the ISO specification language LOTOS, these styles are discussed in detail. The support of verification and correctness preserving transformation by these styles is shown by verifying designs, expressed in different styles, with respect to each other. This verification is based on equational laws for (weak) bisimulation equivalence. 1.

We survey various notions of probabilistic automata and probabilistic bisimulation, accumulating in an expressiveness hierarchy of probabilistic system types. The aim of this paper is twofold: On the one hand it provides an overview of existing types of probabilistic systems and, on the other hand, it explains the relationship between these models.

A program development methodology based on verified program transformations is described and illustrated through derivations of a high level bisimulation algorithm and an improved minimum-state DFA algorithm. Certain doubts that were raised about the correctness of an initial paper-and-pencil derivation of the DFA minimizationalgorithm were laid to rest by machine-checked formal proofs of the most difficult derivational steps. Although the protracted labor involved in designing and checking these proofs was almost overwhelming, the expense was somewhat offset by a successful reuse of major portions of these proofs. In particular, the DFA minimization algorithm is obtained by specializing and then extending the last step in the derivation of the high level bisimulation algorithm. Our experience suggests that a major focus of future research should be aimed towards improving the technology of machine checkable proofs --- their construction, presentation, and reuse. This paper demonstrat...

This paper describes the analysis, modeling, and simulation of a notional air defense system using SMOOCHES (State Machines for Object-Oriented, Concurrent, Hierarchical Engineering Specifications) . SMOOCHES is an object-oriented environment based on hierarchical state machines and extensions to Statecharts, specifically developed as an environment to specify, model, simulate and analyze / evaluate distributed, reactive systems. I. INTRODUCTION In this paper, we use SMOOCHES, an object-oriented environment developed for the hierarchical state modeling and simulation of distributed, reactive systems, to specify, model, simulate and analyze a notional air defense system. SMOOCHES [1] considers real world systems development as an iterative and interactive process, wherein system requirements and subsystem functionalities are not completely pre-defined as part of the initial requirements specification, but evolve along with the system development process. Moreover, SMOOC...

We explore an algebraic language for networks consisting of a fixed number of reactive units, communicating synchronously over a fixed linking structure. The language has only two operators: disjoint parallelism, where two networks are composed in parallel without any interconnections, and linking, where an interconnection is formed between two ports. The intention is that these operators correspond to the primitive steps when constructing networks, and that they therefore are conceptually simpler than the operators in existing process algebras. We investigate the expressive power of our language. The results are: (1) Definability of behaviours: with only three simple processing units, every finite-state behaviour can be constructed. (2) Definability of operators: we characterise the network operators which are definable within the language," these turn out to include most operators previously suggested for describing parallelism. Our results hold for any congruence between trace equivalence and observation equivalence.

Abstract not found

Reo is a coordination model based on circuit-like connectors which coordinate components through the interplay of data flow, synchronisation and mutual exclusion, state, and context-dependent behaviour. This paper proposes a scheme based on connector colouring for determining the behaviour of a Reo connector by resolving its context dependent synchronisation and mutual exclusion constraints. Colouring a Reo connector in a specific state with given boundary conditions (I/O requests) provides a means to determine the routing alternatives for data flow. Our scheme has the advantage over previous models in that it is simpler to implement and that it models Reo connectors more closely to their envisaged semantics than existing formal models.

This work has been motivated by the study of the S=R models which allow to represent systems as a set of communicating state machines cooperating through a shared memory. We show that S=R models can be expressed in terms of a process algebra called Boolean SCCS which is a special case of Milner's SCCS, in the sense that the actions are elements of some boolean algebra. We define for Boolean SCCS an operational and a symbolic semantics modulo strong bisimulation equivalence. A complete axiomatisation of bisimulation and simulation equivalences on this algebra is proposed. Furthermore, we propose a very general renaming operator, and show by means of examples that it allows the definition of abstractions. 1 Introduction Most existing algebraic specification languages for concurrent systems such as process algebras, are based on the communicating processes model. They suppose that a system is composed of a set of components with disjoint state spaces, interacting by exchanging messages. ...

In this paper we are interested in general properties of classes of transition system specifications in Plotkin style. The discussion takes place in a setting of labelled transition systems. The states of the transition systems are terms generated by a single sorted signature and the transitions between states are defined by conditional rules over tne syntax. It is argued that in this setting it is natural to require that strong bisimulation equivalence be a congruence on the states of the transition systems. A general format, called the fyft/tyxt format, is presented for the rules in a transition system specification, such that bisimulation is always a congruence when all the rules fit this format. With a series of examples it is demonstrated that the f.vft/tyxf format cannot be generalized in any obvious way. Another series of examples illustrates the usefulness of our congruence theorem. BriefIy we touch upon the issue of modularity of transition system specifications. It is argued that certain pathological fyfi/ryxt rules (the ones which are not pure) can be disqualified because they behave badly with respect to modularization. Next we address the issue of full abstraction. We characterize the completed trace congruence induced by the operators in pure t~$/fyxf format as 2-nested simulation equivalence. The pure fyj”f/fysf format includes the format given by de Simone (Theoref. Compuf. Sci. 37, 2455267 (1985)) but is incomparable to the GSOS format of Bloom, Istrail, and