Results 1  10
of
304
An OldFashioned Recipe for Real Time
, 1993
"... this paper appeared in ACM Transactions on Programming Languages and Systems 16, 5 (September 1994) 1543 1571. The appendix was published electronically by the ACM. Contents ..."
Abstract

Cited by 211 (18 self)
 Add to MetaCart
this paper appeared in ACM Transactions on Programming Languages and Systems 16, 5 (September 1994) 1543 1571. The appendix was published electronically by the ACM. Contents
Recognizing Safety and Liveness
 Distributed Computing
, 1986
"... This paper substantiates that experience by formalizing safety and liveness in a way that permits the relationship between safety and invariance and between liveness and wellfoundedness to be demonstrated for a large class of properties. In so doing, we give new characterizations of safety and liven ..."
Abstract

Cited by 179 (6 self)
 Add to MetaCart
This paper substantiates that experience by formalizing safety and liveness in a way that permits the relationship between safety and invariance and between liveness and wellfoundedness to be demonstrated for a large class of properties. In so doing, we give new characterizations of safety and liveness and prove that they satisfy the formal definitions in [Alpera & Schneider 85a]
A General Theory of Composition for Trace Sets Closed under Selective Interleaving Functions
, 1994
"... This paper presents a general theory of system composition for #possibilistic" security properties. We see that these properties fall outside of the AlpernSchneider safety#liveness domain and hence, are not subject to the AbadiLamport Composition Principle. We then introduce a set of trace construc ..."
Abstract

Cited by 153 (2 self)
 Add to MetaCart
This paper presents a general theory of system composition for #possibilistic" security properties. We see that these properties fall outside of the AlpernSchneider safety#liveness domain and hence, are not subject to the AbadiLamport Composition Principle. We then introduce a set of trace constructors called selective interleaving functions and show that possibilistic security properties are closure properties with respect to di#erent classes of selectiveinterleaving functions. This provides a uniform framework for analyzing these properties and allows us to construct a partial ordering for them. We presentanumber of composition constructs, show the extent to which each preserves closure with respect to di#erent classes of selectiveinterleaving functions, and show that they are su#cient for forming the general hookup construction. We see that although closure under a class of selectiveinterleaving functions is generally preserved by product and cascading, it is not generally preserv...
All from one, one for all: on model checking using representatives
 LNCS
, 1993
"... Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based ..."
Abstract

Cited by 150 (6 self)
 Add to MetaCart
Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based on infinite traces such that for each equivalence class, either all or none of the sequences satisfy the checked formula. We present an algorithm for constructing a state graph that contains at least one representative sequence for each equivalence class. This allows applying existing model checking algorithms to the reduced state graph rather than on the larger full state graph of the program. It also allows model checking under fairness assumptions, and exploits these assumptions to obtain smaller state graphs. A formula rewriting technique is presented to allow coarser equivalence relation among sequences, such that less representatives are needed. 1
Forward and Backward Simulations Part I: Untimed Systems
 Information and Computation
, 1995
"... A unified, comprehensive presentation of simulation techniques for verification of concurrent systems is given, in terms of a simple untimed automaton model. In particular, (1) refinements, (2) forward and backward simulations, (3) hybrid forwardbackward and backwardforward simulations, and (4) hi ..."
Abstract

Cited by 134 (18 self)
 Add to MetaCart
A unified, comprehensive presentation of simulation techniques for verification of concurrent systems is given, in terms of a simple untimed automaton model. In particular, (1) refinements, (2) forward and backward simulations, (3) hybrid forwardbackward and backwardforward simulations, and (4) history and prophecy relations are defined. History and prophecy relations are abstract versions of the history and prophecy variables of Abadi and Lamport, as well as the auxiliary variables of Owicki and Gries. Relationships between the different types of simulations, as well as soundness and completeness results, are stated and proved. Finally, it is shown how invariants can be incorporated into all the simulations. Even though many results are presented here for the first time, this paper can also be read as a survey (in a simple setting) of the research literature on simulation techniques. The development for untimed automata is designed to support a similar development for timed automata...
Interaction Categories and the Foundations of Typed Concurrent Programming
 In Deductive Program Design: Proceedings of the 1994 Marktoberdorf Summer School, NATO ASI Series F
, 1995
"... We propose Interaction Categories as a new paradigm for the semantics of functional and concurrent computation. Interaction categories have specifications as objects, processes as morphisms, and interaction as composition. We introduce two key examples of interaction categories for concurrent compu ..."
Abstract

Cited by 123 (19 self)
 Add to MetaCart
We propose Interaction Categories as a new paradigm for the semantics of functional and concurrent computation. Interaction categories have specifications as objects, processes as morphisms, and interaction as composition. We introduce two key examples of interaction categories for concurrent computation and indicate how a general axiomatisation can be developed. The upshot of our approach is that traditional process calculus is reconstituted in functorial form, and integrated with type theory and functional programming.
A Simple Approach to Specifying Concurrent Systems
, 1988
"... In the transition axiom method, safety properties of a concurrent system can be specified by programs; liveness properties are specified by assertions in a simple temporal logic. The method is described with some simple examples, and its logical foundation is informally explored through a careful ex ..."
Abstract

Cited by 118 (7 self)
 Add to MetaCart
In the transition axiom method, safety properties of a concurrent system can be specified by programs; liveness properties are specified by assertions in a simple temporal logic. The method is described with some simple examples, and its logical foundation is informally explored through a careful examination of what it means to implement a specification. Language issues and other practical details are largely ignored.