Results 1  10
of
1,033
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2407 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Statecharts: A Visual Formalism For Complex Systems
, 1987
"... We present a broad extension of the conventional formalism of state machines and state diagrams, that is relevant to the specification and design of complex discreteevent systems, such as multicomputer realtime systems, communication protocols and digital control units. Our diagrams, which we cal ..."
Abstract

Cited by 2120 (49 self)
 Add to MetaCart
We present a broad extension of the conventional formalism of state machines and state diagrams, that is relevant to the specification and design of complex discreteevent systems, such as multicomputer realtime systems, communication protocols and digital control units. Our diagrams, which we call statecharts, extend conventional statetransition diagrams with essentially three olements, dealing, respectively, with the notions of hierarchy, concurrency and communication. These transform the language of state diagrams into a highly structured' and economical description language. Statecharts are thus compact and expressivesmall diagrams can express complex behavioras well as compositional and modular. When coupled with the capabilities of computerized graphics, statecharts enable viewing the description at different levels of detail, and make even very large specifications manageable and comprehensible. In fact, we intend to demonstrate here that statecharts counter many of the objections raised against conventional state diagrams, and thus appear to render specification by diagrams an attractive and plausible approach. Statecharts can be used either as a standalone behavioral description or as part of a more general design methodology that deals also with the system's other aspects, such as functional decomposition and dataflow specification. We also discuss some practical experience that was gained over the last three years in applying the statechart formalism to the specification of a particularly complex system.
Bigraphs and Mobile Processes
, 2003
"... A bigraphical reactive system (BRS) involves bigraphs, in which the nesting of nodes represents locality, independently of the edges connecting them; it also allows bigraphs to reconfigure themselves. BRSs aim to provide a uniform way to model spatially distributed systems that both compute and comm ..."
Abstract

Cited by 1000 (29 self)
 Add to MetaCart
A bigraphical reactive system (BRS) involves bigraphs, in which the nesting of nodes represents locality, independently of the edges connecting them; it also allows bigraphs to reconfigure themselves. BRSs aim to provide a uniform way to model spatially distributed systems that both compute and communicate. In this memorandum we develop their static and dynamic theory. In part I, we illustrate...
Mobile ambients
 In Proceedings of POPL'98
, 1998
"... Laboratory We introduce a calculus describing the movement of processes and devices, including movement through administrative domains. ..."
Abstract

Cited by 814 (29 self)
 Add to MetaCart
Laboratory We introduce a calculus describing the movement of processes and devices, including movement through administrative domains.
Symbolic Model Checking: 10^20 States and Beyond
, 1992
"... Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of st ..."
Abstract

Cited by 574 (30 self)
 Add to MetaCart
Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of states. We describe a general method that represents the state space symbolical/y instead of explicitly. The generality of our method comes from using a dialect of the MuCalculus as the primary specification language. We describe a model checking algorithm for MuCalculus formulas that uses Bryant’s Binary Decision Diagrams (Bryant, R. E., 1986, IEEE Trans. Comput. C35) to represent relations and formulas. We then show how our new MuCalculus model checking algorithm can be used to derive efficient decision procedures for CTL model checking, satistiability of lineartime temporal logic formulas, strong and weak observational equivalence of finite transition systems, and language containment for finite wautomata. The fixed point computations for each decision procedure are sometimes complex. but can be concisely expressed in the MuCalculus. We illustrate the practicality of our approach to symbolic model checking by discussing how it can be used to verify a simple synchronous pipeline circuit.
Algebraic laws for nondeterminism and concurrency
 Journal of the ACM
, 1985
"... Abstract. Since a nondeterministic and concurrent program may, in general, communicate repeatedly with its environment, its meaning cannot be presented naturally as an input/output function (as is often done in the denotational approach to semantics). In this paper, an alternative is put forth. Firs ..."
Abstract

Cited by 495 (12 self)
 Add to MetaCart
Abstract. Since a nondeterministic and concurrent program may, in general, communicate repeatedly with its environment, its meaning cannot be presented naturally as an input/output function (as is often done in the denotational approach to semantics). In this paper, an alternative is put forth. First, a definition is given of what it is for two programs or program parts to be equivalent for all observers; then two program parts are said to be observation congruent iff they are, in all program contexts, equivalent. The behavior of a program part, that is, its meaning, is defined to be its observation congruence class. The paper demonstrates, for a sequence of simple languages expressing finite (terminating) behaviors, that in each case observation congruence can be axiomatized algebraically. Moreover, with the addition of recursion and another simple extension, the algebraic language described here becomes a calculus for writing and specifying concurrent programs and for proving their properties.
Concurrent Constraint Programming
, 1993
"... This paper presents a new and very rich class of (concurrent) programming languages, based on the notion of comput.ing with parhal information, and the concommitant notions of consistency and entailment. ’ In this framework, computation emerges from the interaction of concurrently executing agent ..."
Abstract

Cited by 442 (15 self)
 Add to MetaCart
This paper presents a new and very rich class of (concurrent) programming languages, based on the notion of comput.ing with parhal information, and the concommitant notions of consistency and entailment. ’ In this framework, computation emerges from the interaction of concurrently executing agents that communicate by placing, checking and instantiating constraints on shared variables. Such a view of computation is interesting in the context of programming languages because of the ability to represent and manipulate partial information about the domain of discourse, in the context of concurrency because of the use of constraints for communication and control, and in the context of AI because of the availability of simple yet powerful mechanisms for controlling inference, and the promise that very rich representational/programming languages, sharing the same set of abstract properties, may be possible. To reflect this view of computation, [Sar89] develops the cc family of languages. We present here one member of the family, CC(.L,+) (pronounced “cc with Ask and Choose”) which provides the basic operations of blocking Ask and atomic Tell and an algebra of behaviors closed under prefixing, indeterministic choice, interleaving, and hiding, and provides a mutual recursion operator. cc(.L,t) is (intentionally!) very similar to Milner’s CCS, but for the radically different underlying concept of communication, which, in fact, pro’ The class is founded on the notion of “constraint logic programming ” [JL87,Mah87], fundamentally generalizes concurrent logic programming, and is the subject of the first author’s dissertation [Sar89], on which this paper is substantially based.
Bisimulation through probabilistic testing
 in “Conference Record of the 16th ACM Symposium on Principles of Programming Languages (POPL
, 1989
"... We propose a language for testing concurrent processes and examine its strength in terms of the processes that are distinguished by a test. By using probabilistic transition systems as the underlying semantic model, we show how a testing algorithm can distinguish, with a probability arbitrarily clos ..."
Abstract

Cited by 405 (5 self)
 Add to MetaCart
We propose a language for testing concurrent processes and examine its strength in terms of the processes that are distinguished by a test. By using probabilistic transition systems as the underlying semantic model, we show how a testing algorithm can distinguish, with a probability arbitrarily close to one, between processes that are not bisimulation equivalent. We also show a similar result (in a slightly stronger form) for a new process relation called $bisimulationwhich lies strictly between that of simulation and bisimulation. Finally, the ultimately strength of the testing language is shown to identify a new process relation called probabilistic bisimulationwhich is strictly stronger than bisimulation. li? 1991 Academic Press. Inc. 1.