When proving the correctness of algorithms in distributed systems, one generally considers safety conditions and liveness conditions. The Input/Output (I/O) automaton model and its timed version have been used successfully, but have focused on safety conditions and on a restricted form of liveness called fairness. In this paper we develop a new I/O automaton model, and a new timed I/O automaton model, that permit the verification of general liveness properties on the basis of existing verification techniques. Our models include a notion of environment-freedom which generalizes the idea of receptiveness of other existing formalisms, and enables the use of compositional verification techniques.

Layered communication protocols frequently implement a FIFO message facility On top of an unreliable non-FIFO service such as that provided by a packet-switching network. This paper investigates the possibility of implementing a reliable message layer on top of an underlying layer that can lose packets and deliver them out of order, with the additional restriction that the implementation uses only a fixed finite number of different packets. A new formalism is presented to specify communication layers and their properties, the notion of their implementation by I/O automata, and the properties of such implementations. An I/O automaton that implements a reliable layer over an unreliable layer is presented. In this implementation, the number of packets needed to deliver each succeeding message increases permanently as additional packetloss and reordering faults occur. A proof is given that no protocol can avoid such performance degradation.

. Two different formalisms for concurrency are compared and are shown to have common foundations. The Input/Output automaton model and the theory of testing are analyzed in the framework of transition systems. The relationship between the fair and quiescent preorders of I/O automata is investigated and the two preorders are shown to coincide on a large class of automata. I/O automata are encoded into the theory of testing and the reversed must preorder is shown to be equivalent to the quiescent preorder for strongly convergent, finitely branching automata up to encoding. Conversely, a theory of testing is defined directly on I/O automata, and the new reversed must preorder is shown to coincide with the quiescent preorder on strongly convergent, finitely branching automata. Finally, some considerations are given on the issue of divergence, and on other existing theories with an I/O distinction. 1 Introduction Several theories of concurrency deal with the idea of implementa...

Abstract — We propose a formal framework for the specification of the behavior of a system of agents, as well as those of the constituting agents. This framework allows us to model each agent’s effectoric capability including its interactions with the other agents. We also provide an algorithm based on Milner’s ”observation equivalence ” to derive an agent’s perception of its task domain situations from its effectoric capability, and use ”system computations ” to model the coordinated efforts of the agents in the system. Formal definitions of the concept of ”behavior equivalence ” of two agents and that of system computations equivalence for an agent are also provided. Keywords—Multiagent system, object system, observation equivalence, reactive systems.

Abstract — We propose a formal framework for the specification of the behavior of a system of agents, as well as those of the constituting agents. This framework allows us to model each agent’s effectoric capability including its interactions with the other agents. We also provide an algorithm based on Milner’s ”observation equivalence ” to derive an agent’s perception of its task domain situations from its effectoric capability, and use ”system computations ” to model the coordinated efforts of the agents in the system. Formal definitions of the concept of ”behavior equivalence ” of two agents and that of system computations equivalence for an agent are also provided. Keywords—Multiagent system, object system, observation equivalence, reactive systems.