Results 1  10
of
54
The Linear TimeBranching Time Spectrum II  The semantics of sequential systems with silent moves
, 1993
"... ion Rule (KFAR) (Baeten, Bergstra & Klop [3]), expresses a global fairness assumption. It says that when possible a system will escape from any cycle of internal actions. Some form of KFAR is crucial for many protocal verifications with unreliable channels, and for that reason preorders and equi ..."
Abstract

Cited by 350 (17 self)
 Add to MetaCart
ion Rule (KFAR) (Baeten, Bergstra & Klop [3]), expresses a global fairness assumption. It says that when possible a system will escape from any cycle of internal actions. Some form of KFAR is crucial for many protocal verifications with unreliable channels, and for that reason preorders and equivalences that satisfy KFAR are of special interest. Must preorders and divergence sensitive ones cannot satisfy KFAR. In Bergstra, Klop & Olderog [7] it is shown that the combination of KFAR with failure semantics is inconsistent, but they formulate a weaker version of KFAR that is satisfied in failure maysemantics. Still the combination of KFAR \Gamma and the liveness requirement appears to require global testing, and is only satisfied in the semantics between contrasimulation (C) and stability respecting branching bisimulation (BB s ). These requirements would reduce the number of suitable preorders to 18. It is in general a good strategy to do your verifications using the finest preorde...
The Linear TimeBranching Time Spectrum I  The Semantics of Concrete, Sequential Processes
 Handbook of Process Algebra, chapter 1
"... this paper various semantics in the linear time  branching time spectrum are presented in a uniform, modelindependent way. Restricted to the class of finitely branching, concrete, sequential processes, only fifteen of them turn out to be different, and most semantics found in the literature that ..."
Abstract

Cited by 115 (4 self)
 Add to MetaCart
this paper various semantics in the linear time  branching time spectrum are presented in a uniform, modelindependent way. Restricted to the class of finitely branching, concrete, sequential processes, only fifteen of them turn out to be different, and most semantics found in the literature that can be defined uniformly in terms of action relations coincide with one of these fifteen. Several testing scenarios, motivating these semantics, are presented, phrased in terms of `button pushing experiments' on generative and reactive machines. Finally twelve of these semantics are applied to a simple language for finite, concrete, sequential, nondeterministic processes, and for each of them a complete axiomatization is provided.
Fair testing
 Concur ’95: Concurrency Theory, volume 962 of Lecture Notes in Computer Science
, 1995
"... In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one base ..."
Abstract

Cited by 79 (1 self)
 Add to MetaCart
(Show Context)
In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one based on a De NicolaHennessylike testing modality which we call shouldtesting, and a denotational one based on a refined notion of failures. One of the distinguishing characteristics of the shouldtesting precongruence is that it abstracts from divergences in the same way as Milner’s observation congruence, and as a consequence is strictly coarser than observation congruence. In other words, shouldtesting has a builtin fairness assumption. This is in itself a property long soughtafter; it is in notable contrast to the wellknown musttesting of De Nicola and Hennessy (denotationally characterised by a combination of failures and divergences), which treats divergence as catrastrophic and hence is incompatible with observation congruence. Due to these characteristics, shouldtesting supports modular reasoning and allows to use the proof techniques of observation congruence, but also supports additional laws and techniques.
Metric spaces as models for realtime concurrency
, 1987
"... Abstract. We propose a denotational model for real time concurrent systems, based on the failures model for CSP. The fixed point theory is based on the Banach fixed point theorem for complete metric spaces, since the introduction of time as a measure makes all recursive operators naturally contracti ..."
Abstract

Cited by 45 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a denotational model for real time concurrent systems, based on the failures model for CSP. The fixed point theory is based on the Banach fixed point theorem for complete metric spaces, since the introduction of time as a measure makes all recursive operators naturally contractive. This frees us from many of the constraints imposed by partial orders on the treatment of nondeterminism and divergence. 1
A formal account of contracts for web services
 In WSFM, 3rd Int. Workshop on Web Services and Formal Methods, number 4184 in LNCS
, 2006
"... Abstract. We define a formal contract language along with subcontract and compliance relations. We then extrapolate contracts out of processes, that are a recursionfree fragment of ccs. We finally demonstrate that a client completes its interactions with a service provided the corresponding contrac ..."
Abstract

Cited by 42 (11 self)
 Add to MetaCart
(Show Context)
Abstract. We define a formal contract language along with subcontract and compliance relations. We then extrapolate contracts out of processes, that are a recursionfree fragment of ccs. We finally demonstrate that a client completes its interactions with a service provided the corresponding contracts comply. Our contract language may be used as a foundation of Web services technologies, such as wsdl and wscl. 1
Stuckfree conformance
 In CAV 04: ComputerAided Verification, LNCS
, 2000
"... Abstract. We present a novel refinement relation (stuckfree conformance) for CCS processes, which satisfies the substitutability property: If I conforms to S, andP is any environment such that P  S is stuckfree, then P  I is stuckfree. Stuckfreedom is related to the CSP notion of deadlock, but ..."
Abstract

Cited by 39 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present a novel refinement relation (stuckfree conformance) for CCS processes, which satisfies the substitutability property: If I conforms to S, andP is any environment such that P  S is stuckfree, then P  I is stuckfree. Stuckfreedom is related to the CSP notion of deadlock, but it is more discriminative by taking orphan messages in asynchronous systems into account. We prove that conformance is a precongruence on CCS processes, thereby supporting modular refinement. We distinguish conformance from the related preorders, stable failures refinement in CSP and refusal preorder in CCS. We have implemented conformance checking in a new software model checker, zing, andwe report on how we used it to find errors in distributed programs. 1
Supervisory Control of Nondeterministic Systems with Driven Events via Prioritized Synchronization and Trajectory Models
 SIAM Journal of Control and Optimization
, 1995
"... We study the supervisory control of nondeterministic discrete event dynamical systems (DEDS's) with driven events in the setting of prioritized synchronization and trajectory models introduced by Heymann. Prioritized synchronization captures the notions of controllable, uncontrollable, and dri ..."
Abstract

Cited by 32 (9 self)
 Add to MetaCart
(Show Context)
We study the supervisory control of nondeterministic discrete event dynamical systems (DEDS's) with driven events in the setting of prioritized synchronization and trajectory models introduced by Heymann. Prioritized synchronization captures the notions of controllable, uncontrollable, and driven events in a natural way, and we use it for constructing supervisory controllers. The trajectory model is used for characterizing the behavior of nondeterministic DEDS's since it is a sufficiently detailed model (in contrast to the less detailed language or failures models), and serves as a language congruence with respect to the operation of prioritized synchronization. We obtain results concerning controllability and observability in this general setting. Keywords: discrete event systems, supervisory control, nondeterministic automata, driven events, prioritized synchronization, trajectory models AMS (MOS) subject classifications: 68Q75, 93B25, 93C83 1 Introduction Supervisory control o...
Representing Nondeterministic and Probabilistic Behaviour in Reactive Processes
, 1993
"... . In this paper we investigate ways of modelling communicating processes that display both nondeterministic and probabilistic behaviour. We present an operational model for a probabilistic version of CSP, and describe a number of ways of abstracting a denotational semantics from such a model, so as ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
(Show Context)
. In this paper we investigate ways of modelling communicating processes that display both nondeterministic and probabilistic behaviour. We present an operational model for a probabilistic version of CSP, and describe a number of ways of abstracting a denotational semantics from such a model, so as to represent a process by a set of probability functions, one function for each way of resolving the nondeterministic choices. We then prove an interesting although disappointingresult, which shows that no such denotational model can be compositional. We end by identifying a problem with the operational model, which is shared by all similar models known to us, and briefly give some indications as to how this problem might be overcome. 1. Introduction In recent years, an important problem in the study of communicating systems has been the modelling of probabilistic behaviour. This is necessary if we are to argue formally about unreliable behaviour (for example that displayed by an unre...
Nonblocking supervisory control of nondeterministic systems via prioritized synchronization
 IEEE Transactions on Automatic Control
, 1996
"... In a previous paper we showed that supervisory control of nondeterministic discrete event systems, in the presence of driven events, can be achieved using prioritized synchronous composition as a mechanism of control, and trajectory models as a modeling formalism, rst introduced by Heymann. The spe ..."
Abstract

Cited by 22 (7 self)
 Add to MetaCart
(Show Context)
In a previous paper we showed that supervisory control of nondeterministic discrete event systems, in the presence of driven events, can be achieved using prioritized synchronous composition as a mechanism of control, and trajectory models as a modeling formalism, rst introduced by Heymann. The specications considered in this earlier work were given by pre xclosed languages. In this paper, we extend this work to include markings so that nonclosed specications and issues such as blocking can be addressed. It is shown that the usual notion of nonblocking, called language model nonblocking, may not be adequate in the setting of nondeterministic systems, and a stronger notion, called trajectory model nonblocking, is introduced. Necessary and sucient conditions for the existence of language model nonblocking as well as trajectory model nonblocking supervisors are obtained for nondeterministic systems in the presence of driven events in terms of extended controllability and relativeclosure conditions, and a new condition called the trajectoryclosure condition.