Results 1  10
of
17
A tutorial on EMPA: A theory of concurrent processes with nondeterminism, priorities, probabilities and time
 Theoretical Computer Science
, 1998
"... In this tutorial we give an overview of the process algebra EMPA, a calculus devised in order to model and analyze features of realworld concurrent systems such as nondeterminism, priorities, probabilities and time, with a particular emphasis on performance evaluation. The purpose of this tutorial ..."
Abstract

Cited by 95 (9 self)
 Add to MetaCart
In this tutorial we give an overview of the process algebra EMPA, a calculus devised in order to model and analyze features of realworld concurrent systems such as nondeterminism, priorities, probabilities and time, with a particular emphasis on performance evaluation. The purpose of this tutorial is to explain the design choices behind the development of EMPA and how the four features above interact, and to show that a reasonable trade off between the expressive power of the calculus and the complexity of its underlying theory has been achieved.
Embedded Software
 Advances in Computers
, 2002
"... The science of computation has systematically abstracted away the physical world. Embedded software systems, however, engage the physical world. Time, concurrency, liveness, robustness, continuums, reactivity, and resource management must be remarried to computation. Prevailing abstractions of compu ..."
Abstract

Cited by 52 (7 self)
 Add to MetaCart
The science of computation has systematically abstracted away the physical world. Embedded software systems, however, engage the physical world. Time, concurrency, liveness, robustness, continuums, reactivity, and resource management must be remarried to computation. Prevailing abstractions of computational systems leave out these "nonfunctional" aspects. This chapter explains why embedded software is not just software on small computers, and why it therefore needs fundamentally new views of computation. It suggests component architectures based on a principle called "actororiented design," where actors interact according to a model of computation, and describes some models of computation that are suitable for embedded software. It then suggests that actors can define interfaces that declare dynamic aspects that are essential to embedded software, such as temporal properties. These interfaces can be structured in a "systemlevel type system" that supports the sort of designtime and runtime type checking that conventional software benefits from.
A timed LOTOS supporting a dense time domain and including new timed operators
, 1992
"... A time extended version of LOTOS, denoted Timed LOTOS, is proposed for the modelling of quantitative timed behaviours. In this language neither the syntax nor the semantics are restricted to a specific time domain, i.e. a dense time domain is supported as well. Timed LOTOS incorporates a notion of u ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
A time extended version of LOTOS, denoted Timed LOTOS, is proposed for the modelling of quantitative timed behaviours. In this language neither the syntax nor the semantics are restricted to a specific time domain, i.e. a dense time domain is supported as well. Timed LOTOS incorporates a notion of urgency which is restricted to the internal actions. This is usually referred to as the maximal progress or minimum delay property. Timed LOTOS processes have also some pleasing properties such as the deadlock freeness property (i.e. processes can never stop the progression of time), and the persistency property (i.e. by idling, a process will not lose any capability of performing an action). In Timed LOTOS the delay operator is powerful because it allows the specification of a time interval in which the delay is nonderministically chosen. Two other powerful timed operators are defined which allow the expression of timed constraints on interactions, i.e. on actions involving several processe...
Embedded Software  An Agenda for Research
, 1999
"... ions that can be used include the eventbased model of Java Beans, semaphores based on Dijkstra's P/V systems [21], guarded communication [40], rendezvous, synchronous message passing, active messages [84], asynchronous message passing, streams (as in Kahn process networks [45]), dataflow (commonly ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
ions that can be used include the eventbased model of Java Beans, semaphores based on Dijkstra's P/V systems [21], guarded communication [40], rendezvous, synchronous message passing, active messages [84], asynchronous message passing, streams (as in Kahn process networks [45]), dataflow (commonly used in signal and image processing), synchronous/reactive systems [10], Linda [18], and many others. These abstractions partially or completely define a model of computation, the modular organizational and operational principles of a system. Applications are built on a model of computation, whether the designer is aware of this or not. Each possibility has strengths and weaknesses. Some guarantee determinacy, some can execute in bounded memory, and some are provably free from deadlock. Different styles of concurrency are often dictated by the application, and the 6 choice of model of computation can subtly affect the choice of algorithms. While dataflow is a good match for signal processi...
Deciding Properties Of Regular Real Timed Processes
 In Proceedings of CAV'91. LNCS 575
, 1991
"... . We discuss the decidability problem associated with verifying properties of processes expressed in the real time process calculus TCCS of [W90]. A regular subcalculus TC of TCCS is considered. Two operational semantics, and associated timed notions of bisimulation, are given: a standard infinit ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
. We discuss the decidability problem associated with verifying properties of processes expressed in the real time process calculus TCCS of [W90]. A regular subcalculus TC of TCCS is considered. Two operational semantics, and associated timed notions of bisimulation, are given: a standard infinite semantics, and a symbolic finite semantics. The consistency between the two semantics is proved. We show that both the equivalences are decidable for regular processes relative to comparisons between real numbers. As an alternative specification formalism, we present a timed modal logic. It turns out that this logic characterises timed bisimulation equivalence in the sense that equivalent processes enjoy exactly the same properties expressed within the logic. Moreover, we prove that the problem of deciding whether a given regular real timed process satisfies a given property of the logic is decidable, relative to first order assertions about real numbers. Two interpretations of th...
Breaking the Model: finalisation and a taxonomy of security attacks
 REFINE 2005 workshop. Electronic
, 2004
"... It is well known that security properties are not preserved by refinement, and that refinement can introduce new, covert, channels, such as timing channels. The finalisation step in refinement can be analysed to identify some of these channels, as unwanted finalisations that can break the assumption ..."
Abstract

Cited by 11 (7 self)
 Add to MetaCart
It is well known that security properties are not preserved by refinement, and that refinement can introduce new, covert, channels, such as timing channels. The finalisation step in refinement can be analysed to identify some of these channels, as unwanted finalisations that can break the assumptions of the formal model. We introduce a taxonomy of such unwanted finalisations, and give examples of attacks that exploit them.
Computing for Embedded Systems
 IEEE Instrumentation and Measurement Technology Conference
, 2001
"... Embedded software is increasingly a composition of concurrent components. Components in such systems interact in a rich variety of ways, not limited to the simple transfer of control of method calls in objectoriented design. I describe a view where the systems are modeled as assemblages of componen ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
Embedded software is increasingly a composition of concurrent components. Components in such systems interact in a rich variety of ways, not limited to the simple transfer of control of method calls in objectoriented design. I describe a view where the systems are modeled as assemblages of components within one of several models of computation, where components with welldefined interfaces are composed. The declaration of these component interfaces becomes a central problem, and the composition of properties becomes the central benefit. Unlike objectoriented interfaces, these interfaces must declare dynamic properties such as communication protocols and temporal properties. The model of computation must include shared information, such as time (a total ordering constraint), or causality (a partial ordering constraint). The properties of a model of computation strongly determine the problems that it matches, and frequently, practical systems are forced to use multiple models of computation. I briefly describe how this can be done systematically.
Stochastic Process Algebras  Constructive Specification Techniques Integrating Functional, Performance and Dependability Aspects
 Quantitative Methods in Parallel Systems
, 1995
"... Q uantitative M odeling I n P arallel S ystems ..."
Scheduling Algebra
 Proceedings of AMAST’99
, 1999
"... The goal of this paper is to develop an algebraic theory of process scheduling. We specify a syntax for denoting processes composed of actions with given durations. Subsequently, we propose axioms for transforming any specification term of a scheduling problem into a term of all valid schedules. In ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
The goal of this paper is to develop an algebraic theory of process scheduling. We specify a syntax for denoting processes composed of actions with given durations. Subsequently, we propose axioms for transforming any specification term of a scheduling problem into a term of all valid schedules. In particular, we axiomatize an operator that restricts attention to the efficient schedules. These schedules turn out to be representable as trees, because in an efficient schedule actions can only start at time zero or when a resource is released, i.e. upon termination of the action binding a required resource. All further delay would be useless. Nevertheless, we do not consider resource constraints explicitly at the time being. We show that a normal form exists for every closed term of the algebra and establish soundness of our axiom system with respect to a schedule semantics, as well as completeness for efficient processes. Introduction The goal of this paper is to develop an algebraic t...