Results 11  20
of
42
Pushdown module checking
, 2005
"... Model checking is a useful method to verify automatically the correctness of a system with respect to a desired behavior, by checking whether a mathematical model of the system satisfies a formal specification of this behavior. Many systems of interest are open, in the sense that their behavior depe ..."
Abstract

Cited by 17 (13 self)
 Add to MetaCart
Model checking is a useful method to verify automatically the correctness of a system with respect to a desired behavior, by checking whether a mathematical model of the system satisfies a formal specification of this behavior. Many systems of interest are open, in the sense that their behavior depends on the interaction with their environment. The model checking problem for finite– state open systems (called module checking) has been intensively studied in the literature. In this paper, we focus on open pushdown systems and we study the related model–checking problem (pushdown module checking, for short) with respect to properties expressed by CTL and CTL ∗ formulas. We show that pushdown module checking against CTL (resp., CTL ∗ ) is 2Exptimecomplete (resp., 3Exptimecomplete). Moreover, we prove that for a fixed CTL (resp., CTL ∗ ) formula, the problem is Exptimecomplete. 1
A Correctness Criterion for Asynchronous Circuit Validation and Optimization
, 1992
"... In order to reason about the correctness of asynchronous circuit implementations and specifications, Dill has developed a variant of trace theory[ 1]. Tracetheory describes the behavior of an asynchronous circuit by representing its possible executions as strings called"traces". A useful relation ..."
Abstract

Cited by 14 (7 self)
 Add to MetaCart
In order to reason about the correctness of asynchronous circuit implementations and specifications, Dill has developed a variant of trace theory[ 1]. Tracetheory describes the behavior of an asynchronous circuit by representing its possible executions as strings called"traces". A useful relation defined in this theory is called conformance, which holds when one tracespecification can be safely substituted for another. We propose a new relation in the context of Dill's trace theory, called strong conformance. We show that this relation is capable of detecting certain errors in asynchronouscircuits that cannot bedetectedthrough conformance. Strong conformance also helps to justify circuit optimization rules whereacomponent is replaced by another component having extra capabilities (e.g.,itcan accept more inputs). The structural operators of Dill's tracetheory  compose, rename and hide  are shown to be monotonic with respect to strong conformance. Experiments arepresented using a modified version of Dill's tracetheory verifier which implements the check for strong conformance.
Specifying Communication in Distributed Information Systems
 Acta Informatica
, 1998
"... . In this paper, we present two logics that allow for specifying distributed information systems, emphasizing communication among sites. The lowlevel logic D 0 offers features that are easy to implement but awkward to use for specification, while the highlevel logic D 1 offers convenient specifica ..."
Abstract

Cited by 13 (8 self)
 Add to MetaCart
. In this paper, we present two logics that allow for specifying distributed information systems, emphasizing communication among sites. The lowlevel logic D 0 offers features that are easy to implement but awkward to use for specification, while the highlevel logic D 1 offers convenient specification features that are not easy to implement. We show that D 1 specifications may be automatically translated to D 0 in a sound and complete way. In order to prove soundness and completeness, we define our translation as a simple map of institutions. Our result may be useful for making implementation platforms like Corba easier accessible by providing highlevel planning and specification methods for communication. 1 Introduction Two logics are presented that allow for specifying distributed information systems, emphasizing communication among sites. The lowlevel logic D 0 offers features that are easy to implement but awkward to use for specification, while the highlevel logic D 1 offers...
A Formal Semantics of Data Flow Diagrams
 Formal Aspects of Computing
, 1994
"... This document presents a full version of the formal semantics of data ow diagrams reported in [Larsen&93]. Data Flow Diagrams are used in Structured Analysis and are based on an abstract model for data flow transformations. The semantics consists of a collection of VDM functions, transforming an abs ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
This document presents a full version of the formal semantics of data ow diagrams reported in [Larsen&93]. Data Flow Diagrams are used in Structured Analysis and are based on an abstract model for data flow transformations. The semantics consists of a collection of VDM functions, transforming an abstract syntax representation of a data flow diagram into an abstract syntax representation of a VDM specification. Since this transformation is executable, it becomes possible to provide a software analyst/designer with two `views' of the system being modeled: a graphical view in terms of a data flow diagram, and a textual view in terms of a VDM specification. The specification presented in this document have been processed by The IFAD VDMSL Toolbox [Lassen93] and the LATEX output is produced directly by means of this tool. The complete transformation has been syntaxchecked, typechecked and tested using the IFAD VDMSL Toolbox [Lassen93]; this has given us confidence that the transformation...
A Stepwise Refinement Heuristic for Protocol Construction
 ACM Transactions on Programming Languages and Systems
, 1992
"... A stepwise refinement heuristic to construct distributed systems is presented The heuristic is based on a conditional refinement relation between system specifications, and a “Marking. ” It is applied to construct four sliding window protocols that provide reliable data transfer over unreliable comm ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
A stepwise refinement heuristic to construct distributed systems is presented The heuristic is based on a conditional refinement relation between system specifications, and a “Marking. ” It is applied to construct four sliding window protocols that provide reliable data transfer over unreliable communication channels. The protocols use moduloN sequence numbers. The first protocol is for channels that can only lose messages in transit. By refining this protocol, we obtain three protocols for channels that can lose, reorder, and duplicate messages in transit. The protocols herein are less restrictive and easier to implement than sliding window protocols previously studied in the protocol verification literature.
Final semantics for eventpattern reactive programs
 of Lecture Notes in Computer Science
, 2005
"... Abstract. Eventpattern reactive programs are frontend programs for distributed reactive components that preprocess an incoming stream of event stimuli. Their purpose is to recognize temporal patterns of events that are relevant to the serviced program and ignore all other events, outsourcing some ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
Abstract. Eventpattern reactive programs are frontend programs for distributed reactive components that preprocess an incoming stream of event stimuli. Their purpose is to recognize temporal patterns of events that are relevant to the serviced program and ignore all other events, outsourcing some of the component’s complexity and shielding it from event overload. Correctness of eventpattern reactive programs is essential, because bugs may result in loss of relevant events and hence failure to react appropriately. We introduce PAR, a specification language for eventpattern reactive programs. We propose a new approach for defining such languages in terms of observations and actions. This approach applies standard techniques from coalgebra to obtain instances of the corecursion and coinduction principles. Corecursion is used to formally define the operational semantics of PAR, and coinduction allows to prove general equivalences between (ground and parameterized) PAR programs. This is the first of a series of papers in which we study questions of expressive completeness, complexity, and formal verification techniques for specification languages of eventpattern reactive programs. 1
Reconciling RealTime with Asynchronous Message Passing
 in FME'97 Proceedings
, 1997
"... . At first sight, realtime and asynchronous message passing like in SDL and ROOM seem to be incompatible. Indeed these languages fail to model realtime constraints accurately. In this paper, we show how to reconcile realtime with asynchronous message passing, by using an assumption which is s ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
. At first sight, realtime and asynchronous message passing like in SDL and ROOM seem to be incompatible. Indeed these languages fail to model realtime constraints accurately. In this paper, we show how to reconcile realtime with asynchronous message passing, by using an assumption which is supported by every mailing system throughout the world, namely that messages are timestamped with their sending and arrival time. This assumption allows us to develop a formalism which is adequate to model and to specify realtime constraints. The proposed formalism is shown at work on a small realtime example. 1 Introduction Asynchronous message passing has gained a lot of popularity in the industrial community. Two of the most prominent specification and description languages for realtime systems use it as their basic communication and synchronization scheme between processes: the ITUT specification and description language SDL [OFMP + 94, IT93] and the ObjecTime specification a...
A Complete Finite Prefix for Process Algebra
 In Proceeding of 11th International Conference on Computer Aided Verification (CAV’99
, 1999
"... . In this paper we show how to use McMillan's complete finite prefix approach for process algebra. We present the model of component event structures as a semantics for process algebra, and show how to construct a complete finite prefix for this model. We present a simple adequate order (using an or ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
. In this paper we show how to use McMillan's complete finite prefix approach for process algebra. We present the model of component event structures as a semantics for process algebra, and show how to construct a complete finite prefix for this model. We present a simple adequate order (using an order on process algebra expressions) as an optimization to McMillan's original algorithm. 1 Introduction A major problem in the verification of distributed systems is the state explosion problem. This problem results when the modelling a system consisting of parallel subsystems causes the model to have a number of states that is of the same order of magnitude as the product of the states of the subsystems. In process algebra (e.g. [Hoa85,BB87,BW90] state explosion may occur when using the standard interleaving semantics. In order to deal with this problem one line of research has been to look for alternative semantic models based on partial orders, of which event structures [Win89,BC94,Lan92...
Stochastic Process Algebras  Constructive Specification Techniques Integrating Functional, Performance and Dependability Aspects
 Quantitative Methods in Parallel Systems
, 1995
"... Q uantitative M odeling I n P arallel S ystems ..."