Results 1  10
of
53
The Linear TimeBranching Time Spectrum II  The semantics of sequential systems with silent moves
, 1993
"... ion Rule (KFAR) (Baeten, Bergstra & Klop [3]), expresses a global fairness assumption. It says that when possible a system will escape from any cycle of internal actions. Some form of KFAR is crucial for many protocal verifications with unreliable channels, and for that reason preorders and equi ..."
Abstract

Cited by 311 (17 self)
 Add to MetaCart
ion Rule (KFAR) (Baeten, Bergstra & Klop [3]), expresses a global fairness assumption. It says that when possible a system will escape from any cycle of internal actions. Some form of KFAR is crucial for many protocal verifications with unreliable channels, and for that reason preorders and equivalences that satisfy KFAR are of special interest. Must preorders and divergence sensitive ones cannot satisfy KFAR. In Bergstra, Klop & Olderog [7] it is shown that the combination of KFAR with failure semantics is inconsistent, but they formulate a weaker version of KFAR that is satisfied in failure maysemantics. Still the combination of KFAR \Gamma and the liveness requirement appears to require global testing, and is only satisfied in the semantics between contrasimulation (C) and stability respecting branching bisimulation (BB s ). These requirements would reduce the number of suitable preorders to 18. It is in general a good strategy to do your verifications using the finest preorde...
The Linear TimeBranching Time Spectrum I  The Semantics of Concrete, Sequential Processes
 Handbook of Process Algebra, chapter 1
"... this paper various semantics in the linear time  branching time spectrum are presented in a uniform, modelindependent way. Restricted to the class of finitely branching, concrete, sequential processes, only fifteen of them turn out to be different, and most semantics found in the literature that ..."
Abstract

Cited by 102 (4 self)
 Add to MetaCart
this paper various semantics in the linear time  branching time spectrum are presented in a uniform, modelindependent way. Restricted to the class of finitely branching, concrete, sequential processes, only fifteen of them turn out to be different, and most semantics found in the literature that can be defined uniformly in terms of action relations coincide with one of these fifteen. Several testing scenarios, motivating these semantics, are presented, phrased in terms of `button pushing experiments' on generative and reactive machines. Finally twelve of these semantics are applied to a simple language for finite, concrete, sequential, nondeterministic processes, and for each of them a complete axiomatization is provided.
Fair testing
 Concur ’95: Concurrency Theory, volume 962 of Lecture Notes in Computer Science
, 1995
"... In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one base ..."
Abstract

Cited by 64 (0 self)
 Add to MetaCart
(Show Context)
In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one based on a De NicolaHennessylike testing modality which we call shouldtesting, and a denotational one based on a refined notion of failures. One of the distinguishing characteristics of the shouldtesting precongruence is that it abstracts from divergences in the same way as Milner’s observation congruence, and as a consequence is strictly coarser than observation congruence. In other words, shouldtesting has a builtin fairness assumption. This is in itself a property long soughtafter; it is in notable contrast to the wellknown musttesting of De Nicola and Hennessy (denotationally characterised by a combination of failures and divergences), which treats divergence as catrastrophic and hence is incompatible with observation congruence. Due to these characteristics, shouldtesting supports modular reasoning and allows to use the proof techniques of observation congruence, but also supports additional laws and techniques.
Metric spaces as models for realtime concurrency
, 1987
"... Abstract. We propose a denotational model for real time concurrent systems, based on the failures model for CSP. The fixed point theory is based on the Banach fixed point theorem for complete metric spaces, since the introduction of time as a measure makes all recursive operators naturally contracti ..."
Abstract

Cited by 45 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a denotational model for real time concurrent systems, based on the failures model for CSP. The fixed point theory is based on the Banach fixed point theorem for complete metric spaces, since the introduction of time as a measure makes all recursive operators naturally contractive. This frees us from many of the constraints imposed by partial orders on the treatment of nondeterminism and divergence. 1
Stuckfree conformance
 In CAV 04: ComputerAided Verification, LNCS
, 2000
"... Abstract. We present a novel refinement relation (stuckfree conformance) for CCS processes, which satisfies the substitutability property: If I conforms to S, andP is any environment such that P  S is stuckfree, then P  I is stuckfree. Stuckfreedom is related to the CSP notion of deadlock, but ..."
Abstract

Cited by 32 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present a novel refinement relation (stuckfree conformance) for CCS processes, which satisfies the substitutability property: If I conforms to S, andP is any environment such that P  S is stuckfree, then P  I is stuckfree. Stuckfreedom is related to the CSP notion of deadlock, but it is more discriminative by taking orphan messages in asynchronous systems into account. We prove that conformance is a precongruence on CCS processes, thereby supporting modular refinement. We distinguish conformance from the related preorders, stable failures refinement in CSP and refusal preorder in CCS. We have implemented conformance checking in a new software model checker, zing, andwe report on how we used it to find errors in distributed programs. 1
Supervisory Control of Nondeterministic Systems with Driven Events via Prioritized Synchronization and Trajectory Models
 SIAM Journal of Control and Optimization
, 1995
"... We study the supervisory control of nondeterministic discrete event dynamical systems (DEDS's) with driven events in the setting of prioritized synchronization and trajectory models introduced by Heymann. Prioritized synchronization captures the notions of controllable, uncontrollable, and dri ..."
Abstract

Cited by 30 (8 self)
 Add to MetaCart
(Show Context)
We study the supervisory control of nondeterministic discrete event dynamical systems (DEDS's) with driven events in the setting of prioritized synchronization and trajectory models introduced by Heymann. Prioritized synchronization captures the notions of controllable, uncontrollable, and driven events in a natural way, and we use it for constructing supervisory controllers. The trajectory model is used for characterizing the behavior of nondeterministic DEDS's since it is a sufficiently detailed model (in contrast to the less detailed language or failures models), and serves as a language congruence with respect to the operation of prioritized synchronization. We obtain results concerning controllability and observability in this general setting. Keywords: discrete event systems, supervisory control, nondeterministic automata, driven events, prioritized synchronization, trajectory models AMS (MOS) subject classifications: 68Q75, 93B25, 93C83 1 Introduction Supervisory control o...
A formal account of contracts for web services
 In WSFM, 3rd Int. Workshop on Web Services and Formal Methods, number 4184 in LNCS
, 2006
"... Abstract. We define a formal contract language along with subcontract and compliance relations. We then extrapolate contracts out of processes, that are a recursionfree fragment of ccs. We finally demonstrate that a client completes its interactions with a service provided the corresponding contrac ..."
Abstract

Cited by 28 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We define a formal contract language along with subcontract and compliance relations. We then extrapolate contracts out of processes, that are a recursionfree fragment of ccs. We finally demonstrate that a client completes its interactions with a service provided the corresponding contracts comply. Our contract language may be used as a foundation of Web services technologies, such as wsdl and wscl. 1
Representing Nondeterministic and Probabilistic Behaviour in Reactive Processes
, 1993
"... . In this paper we investigate ways of modelling communicating processes that display both nondeterministic and probabilistic behaviour. We present an operational model for a probabilistic version of CSP, and describe a number of ways of abstracting a denotational semantics from such a model, so as ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
(Show Context)
. In this paper we investigate ways of modelling communicating processes that display both nondeterministic and probabilistic behaviour. We present an operational model for a probabilistic version of CSP, and describe a number of ways of abstracting a denotational semantics from such a model, so as to represent a process by a set of probability functions, one function for each way of resolving the nondeterministic choices. We then prove an interesting although disappointingresult, which shows that no such denotational model can be compositional. We end by identifying a problem with the operational model, which is shared by all similar models known to us, and briefly give some indications as to how this problem might be overcome. 1. Introduction In recent years, an important problem in the study of communicating systems has been the modelling of probabilistic behaviour. This is necessary if we are to argue formally about unreliable behaviour (for example that displayed by an unre...
Equivalences on Observable Processes
 In Proceedings of the 7th Annual IEEE Symposium on Logic in Computer Science
, 1992
"... The aim of this paper is to nd the nest `observable ' and `implementable' equivalence on concurrent processes. This is a part of a larger programme to develop a theory of observable processes where semantics of processes are based on locally and nitely observable process behaviour, and ..."
Abstract

Cited by 19 (6 self)
 Add to MetaCart
The aim of this paper is to nd the nest `observable ' and `implementable' equivalence on concurrent processes. This is a part of a larger programme to develop a theory of observable processes where semantics of processes are based on locally and nitely observable process behaviour, and all process constructs are allowed, provided their operational meaning is de ned by realistically implementable transition rules.
Discrete Analysis of Continuous Behaviour in RealTime Concurrent Systems
, 2001
"... This thesis concerns the relationship between continuous and discrete modelling paradigms for timed concurrent systems, and the exploitation of this relationship towards applications, in particular model checking. The framework we have chosen is Reed and Roscoe's process algebra Timed CSP, in w ..."
Abstract

Cited by 19 (7 self)
 Add to MetaCart
This thesis concerns the relationship between continuous and discrete modelling paradigms for timed concurrent systems, and the exploitation of this relationship towards applications, in particular model checking. The framework we have chosen is Reed and Roscoe's process algebra Timed CSP, in which semantic issues can be examined from both a denotational and an operational perspective. The continuoustime model we use is the timed failures model; on the discretetime side, we build a suitable model in a CSPlike setting by incorporating a distinguished tock event to model the passage of time. We study the connections between these two models and show that our framework can be used to verify certain speci cations on continuoustime processes, by building upon and extending results of Henzinger, Manna, and Pnueli's. Moreover, this veri cation can in many cases be carried out directly on the model checker FDR . Results are illustrated with a small railway level crossing case study. We also construct a second, more sophisticated discretetime model which reects continuous behaviour in a manner more consistent with one's intuition, and show that our results carry over this second model as well.