Results 1  10
of
185
A Framework for Comparing Models of Computation
 IEEE Transactions on ComputerAided Design of Integrated Circuits and Systems
, 1998
"... Abstract—We give a denotational framework (a “meta model”) within which certain properties of models of computation can be compared. It describes concurrent processes in general terms as sets of possible behaviors. A process is determinate if, given the constraints imposed by the inputs, there are e ..."
Abstract

Cited by 245 (54 self)
 Add to MetaCart
Abstract—We give a denotational framework (a “meta model”) within which certain properties of models of computation can be compared. It describes concurrent processes in general terms as sets of possible behaviors. A process is determinate if, given the constraints imposed by the inputs, there are exactly one or exactly zero behaviors. Compositions of processes are processes with behaviors in the intersection of the behaviors of the component processes. The interaction between processes is through signals, which are collections of events. Each event is a valuetag pair, where the tags can come from a partially ordered or totally ordered set. Timed models are where the set of tags is totally ordered. Synchronous events share the same tag, and synchronous signals contain events with the same set of tags. Synchronous processes have only synchronous signals as behaviors. Strict causality (in timed tag systems) and continuity (in untimed tag systems) ensure determinacy under certain technical conditions. The framework is used to compare certain essential features of various models of computation, including Kahn process networks, dataflow, sequential processes, concurrent sequential processes with rendezvous, Petri nets, and discreteevent systems. I.
Vigilante: EndtoEnd Containment of Internet Worm Epidemics
, 2008
"... Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work proposed networklevel techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. ..."
Abstract

Cited by 245 (6 self)
 Add to MetaCart
Worm containment must be automatic because worms can spread too fast for humans to respond. Recent work proposed networklevel techniques to automate worm containment; these techniques have limitations because there is no information about the vulnerabilities exploited by worms at the network level. We propose Vigilante, a new endtoend architecture to contain worms automatically that addresses these limitations. In Vigilante, hosts detect worms by instrumenting vulnerable programs to analyze infection attempts. We introduce dynamic dataflow analysis: a broadcoverage hostbased algorithm that can detect unknown worms by tracking the flow of data from network messages and disallowing unsafe uses of this data. We also show how to integrate other hostbased detection mechanisms into the Vigilante architecture. Upon detection, hosts generate selfcertifying alerts (SCAs), a new type of security alert that can be inexpensively verified by any vulnerable host. Using SCAs, hosts can cooperate to contain an outbreak, without having to trust each other. Vigilante broadcasts SCAs over an overlay network that propagates alerts rapidly and resiliently. Hosts receiving an SCA protect themselves by generating filters with vulnerability condition slicing: an algorithm that performs dynamic analysis of the vulnerable program to identify controlflow conditions that lead
Simple Relational Correctness Proofs for Static Analyses and Program Transformations
, 2004
"... We show how some classical static analyses for imperative programs, and the optimizing transformations which they enable, may be expressed and proved correct using elementary logical and denotational techniques. The key ingredients are an interpretation of program properties as relations, rather tha ..."
Abstract

Cited by 82 (9 self)
 Add to MetaCart
We show how some classical static analyses for imperative programs, and the optimizing transformations which they enable, may be expressed and proved correct using elementary logical and denotational techniques. The key ingredients are an interpretation of program properties as relations, rather than predicates, and a realization that although many program analyses are traditionally formulated in very intensional terms, the associated transformations are actually enabled by more liberal extensional properties.
Model Checking MultiAgent Systems with MABLE
, 2002
"... MABLE is a language for the design and automatic verification of multiagent systems. MABLE is essentially a conventional imperative programming language, enriched by constructs from the agentoriented programming paradigm. A MABLE system contains a number of agents, programmed using the MABLE imper ..."
Abstract

Cited by 73 (10 self)
 Add to MetaCart
MABLE is a language for the design and automatic verification of multiagent systems. MABLE is essentially a conventional imperative programming language, enriched by constructs from the agentoriented programming paradigm. A MABLE system contains a number of agents, programmed using the MABLE imperative programming language. Agents in MABLE have a mental state consisting of beliefs, desires and intentions. Agents communicate using request and inform performatives, in the style of the FIPA agent communication language. MABLE systems may be augmented by the addition of formal claims about the system, expressed using a quantified, linear temporal beliefdesireintention logic. MABLE has been fully implemented, and makes use of the SPIN model checker to automatically verify the truth or falsity of claims.
Temporal Concurrent Constraint Programming: Denotation, Logic and Applications
, 2002
"... The tcc model is a formalism for reactive concurrent constraint programming. We present a model of temporal concurrent constraint programming which adds to tcc the capability of modeling asynchronous and nondeterministic timed behavior. We call this tcc extension the ntcc calculus. We also give a d ..."
Abstract

Cited by 68 (24 self)
 Add to MetaCart
The tcc model is a formalism for reactive concurrent constraint programming. We present a model of temporal concurrent constraint programming which adds to tcc the capability of modeling asynchronous and nondeterministic timed behavior. We call this tcc extension the ntcc calculus. We also give a denotational semantics for the strongestpostcondition of ntcc processes and, based on this semantics, we develop a proof system for lineartemporal properties of these processes. The expressiveness of ntcc is illustrated by modeling cells, timed systems such as RCX controllers, multiagent systems such as the Predator /Prey game, and musical applications such as generation of rhythms patterns and controlled improvisation. 1
A Foundation for Higherorder Concurrent Constraint Programming
, 1994
"... We present the flcalculus, a computational calculus for higherorder concurrent programming. The calculus can elegantly express higherorder functions (both eager and lazy) and concurrent objects with encapsulated state and multiple inheritance. The primitives of the flcalculus are logic variables ..."
Abstract

Cited by 60 (13 self)
 Add to MetaCart
We present the flcalculus, a computational calculus for higherorder concurrent programming. The calculus can elegantly express higherorder functions (both eager and lazy) and concurrent objects with encapsulated state and multiple inheritance. The primitives of the flcalculus are logic variables, names, procedural abstraction, and cells. Cells provide a notion of state that is fully compatible with concurrency and constraints. Although it does not have a dedicated communication primitive, the flcalculus can elegantly express onetomany and manytoone communication. There is an interesting relationship between the flcalculus and the ßcalculus: The flcalculus is subsumed by a calculus obtained by extending the asynchronous and polyadic ßcalculus with logic variables. The flcalculus can be extended with primitives providing for constraintbased problem solving in the style of logic programming. A such extended flcalculus has the remarkable property that it combines firstor...
Game Theoretic Analysis Of CallByValue Computation
, 1997
"... . We present a general semantic universe of callbyvalue computation based on elements of game semantics, and validate its appropriateness as a semantic universe by the full abstraction result for callbyvalue PCF, a generic typed programming language with callbyvalue evaluation. The key idea is ..."
Abstract

Cited by 59 (20 self)
 Add to MetaCart
. We present a general semantic universe of callbyvalue computation based on elements of game semantics, and validate its appropriateness as a semantic universe by the full abstraction result for callbyvalue PCF, a generic typed programming language with callbyvalue evaluation. The key idea is to consider the distinction between callbyname and callbyvalue as that of the structure of information flow, which determines the basic form of games. In this way the callbyname computation and callbyvalue computation arise as two independent instances of sequential functional computation with distinct algebraic structures. We elucidate the type structures of the universe following the standard categorical framework developed in the context of domain theory. Mutual relationship between the presented category of games and the corresponding callbyname universe is also clarified. 1. Introduction The callbyvalue is a mode of calling procedures widely used in imperative and function...
Algorithmic Game Semantics
 In Schichtenberg and Steinbruggen [16
, 2001
"... Introduction SAMSON ABRAMSKY (samson@comlab.ox.ac.uk) Oxford University Computing Laboratory 1. Introduction Game Semantics has emerged as a powerful paradigm for giving semantics to a variety of programming languages and logical systems. It has been used to construct the first syntaxindependen ..."
Abstract

Cited by 47 (3 self)
 Add to MetaCart
Introduction SAMSON ABRAMSKY (samson@comlab.ox.ac.uk) Oxford University Computing Laboratory 1. Introduction Game Semantics has emerged as a powerful paradigm for giving semantics to a variety of programming languages and logical systems. It has been used to construct the first syntaxindependent fully abstract models for a spectrum of programming languages ranging from purely functional languages to languages with nonfunctional features such as control operators and locallyscoped references [4, 21, 5, 19, 2, 22, 17, 11]. A substantial survey of the state of the art of Game Semantics circa 1997 was given in a previous Marktoberdorf volume [6]. Our aim in this tutorial presentation is to give a first indication of how Game Semantics can be developed in a new, algorithmic direction, with a view to applications in computerassisted verification and program analysis. Some promising steps have already been taken in this
An observationally complete program logic for imperative higherorder functions
 In Proc. LICS’05
, 2005
"... Abstract. We propose a simple compositional program logic for an imperative extension of callbyvalue PCF, built on Hoare logic and our preceding work on program logics for pure higherorder functions. A systematic use of names and operations on them allows precise and general description of comple ..."
Abstract

Cited by 39 (11 self)
 Add to MetaCart
Abstract. We propose a simple compositional program logic for an imperative extension of callbyvalue PCF, built on Hoare logic and our preceding work on program logics for pure higherorder functions. A systematic use of names and operations on them allows precise and general description of complex higherorder imperative behaviour. The proof rules of the logic exactly follow the syntax of the language and can cleanly embed, justify and extend the standard proof rules for total correctness of Hoare logic. The logic offers a foundation for general treatment of aliasing and local state on its basis, with minimal extensions. After establishing soundness, we prove that valid assertions for programs completely characterise their behaviour up to observational congruence, which is proved using a variant of finite canonical forms. The use of the logic is illustrated through reasoning examples which are hard to assert and infer using existing program logics.