Results 1  10
of
51
The NCSU Concurrency Workbench
, 1996
"... . The NCSU Concurrency Workbench is a tool for verifying finitestate systems. A key feature is its flexibility; its modular design eases the task of adding new analyses and changing the language users employ for describing systems. This note gives an overview of the system 's features, including it ..."
Abstract

Cited by 146 (22 self)
 Add to MetaCart
. The NCSU Concurrency Workbench is a tool for verifying finitestate systems. A key feature is its flexibility; its modular design eases the task of adding new analyses and changing the language users employ for describing systems. This note gives an overview of the system 's features, including its capacity for generating diagnostic information for incorrect systems, and discusses some of its applications. 1 Introduction The NCSU Concurrency Workbench (NCSUCWB) [1] supports the automatic verification of finitestate concurrent systems. The main goal of the system is to provide users with a tool that is flexible and easy to use and yet whose performance is competitive with that of existing specialpurpose tools. In support of the former, and like its predecessor, the (Edinburgh) Concurrency Workbench [9, 15], the NCSUCWB includes implementations of decision procedures for calculating a number of different behavioral equivalences and preorders between systems and for determining whe...
A LinearTime ModelChecking Algorithm for the AlternationFree Modal MuCalculus
 Formal Methods in System Design
, 1993
"... We develop a modelchecking algorithm for a logic that permits propositions to be defined using greatest and least fixed points of mutually recursive systems of equations. This logic is as expressive as the alternationfree fragment of the modal mucalculus identified by Emerson and Lei, and it may ..."
Abstract

Cited by 109 (15 self)
 Add to MetaCart
We develop a modelchecking algorithm for a logic that permits propositions to be defined using greatest and least fixed points of mutually recursive systems of equations. This logic is as expressive as the alternationfree fragment of the modal mucalculus identified by Emerson and Lei, and it may therefore be used to encode a number of temporal logics and behavioral preorders. Our algorithm determines whether a process satisfies a formula in time proportional to the product of the sizes of the process and the formula; this improves on the best known algorithm for similar fixedpoint logics. 1 Introduction Behavioral equivalences and preorders, and temporal logics, have been used extensively in automated verification tools for finitestate processes [3, 12, 18, 19, 20]. The relations are typically used to relate a highlevel specification process to a more detailed implementation process, while the logics enable system designers to formulate collections of properties that implementa...
Priorities in process algebra
, 1999
"... This chapter surveys the semantic rami cations of extending traditional process algebras with notions of priority that allow for some transitions to be given precedence over others. The need for these enriched formalisms arises when one wishes to model system features such asinterrupts, prioritized ..."
Abstract

Cited by 102 (11 self)
 Add to MetaCart
This chapter surveys the semantic rami cations of extending traditional process algebras with notions of priority that allow for some transitions to be given precedence over others. The need for these enriched formalisms arises when one wishes to model system features such asinterrupts, prioritized choice, orrealtime behavior. Approaches to priority in process algebras can be classi ed according to whether the induced notion of preemption on transitions is global or local and whether priorities are static or dynamic. Early work in the area concentrated on global preemption and static priorities and led to formalisms for modeling interrupts and aspects of realtime, such as maximal progress, in centralized computing environments. More recent research has investigated localized notions of preemption in which the distribution of systems is taken into account, as well as dynamic priority approaches, i.e., those where priority values may change as systems evolve. The latter allows one to model behavioral phenomena such as scheduling algorithms and also enables the e cient encoding of realtime semantics. Technically, this chapter studies the di erent models of priorities by presenting extensions of Milner's Calculus of Communicating Systems (CCS) with static and dynamic priority as well as with notions of global and local preemption. In each case the operational semantics of CCS is modi ed appropriately, behavioral theories based on strong and weak bisimulation are given, and related approaches for di erent processalgebraic settings are discussed.
Fair testing
 Concur ’95: Concurrency Theory, volume 962 of Lecture Notes in Computer Science
, 1995
"... In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one base ..."
Abstract

Cited by 58 (0 self)
 Add to MetaCart
In this paper we present a solution to the longstanding problem of characterising the coarsest livenesspreserving precongruence with respect to a full (TCSPinspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one based on a De NicolaHennessylike testing modality which we call shouldtesting, and a denotational one based on a refined notion of failures. One of the distinguishing characteristics of the shouldtesting precongruence is that it abstracts from divergences in the same way as Milner’s observation congruence, and as a consequence is strictly coarser than observation congruence. In other words, shouldtesting has a builtin fairness assumption. This is in itself a property long soughtafter; it is in notable contrast to the wellknown musttesting of De Nicola and Hennessy (denotationally characterised by a combination of failures and divergences), which treats divergence as catrastrophic and hence is incompatible with observation congruence. Due to these characteristics, shouldtesting supports modular reasoning and allows to use the proof techniques of observation congruence, but also supports additional laws and techniques.
Online Testing of Realtime Systems using UPPAAL
 INTERNATIONAL WORKSHOP ON FORMAL APPROACHES TO TESTING OF SOFTWARE. COLOCATED WITH IEEE CONFERENCE ON AUTOMATES SOFTWARE ENGINEERING 2004
, 2004
"... This chapter presents principles and techniques for modelbased blackbox conformance testing of realtime systems using the Uppaal modelchecking toolsuite. The basis for testing is given as a network of concurrent timed automata specified by the test engineer. Relativized input/output conformance ..."
Abstract

Cited by 42 (9 self)
 Add to MetaCart
This chapter presents principles and techniques for modelbased blackbox conformance testing of realtime systems using the Uppaal modelchecking toolsuite. The basis for testing is given as a network of concurrent timed automata specified by the test engineer. Relativized input/output conformance serves as the notion of implementation correctness, essentially timed trace inclusion taking environment assumptions into account. Test cases can be generated offline and later executed, or they can be generated and executed online. For both approaches this chapter discusses how to specify test objectives, derive test sequences, apply these to the system under test, and assign a verdict.
Deciding Bisimulation Equivalences for a Class of NonFiniteState Programs
, 1991
"... Traditionally, many automatic program verification techniques are applicable only to finitestate programs. In this paper we extend some of these techniques to a class of infinitestate programs that, in addition to having a finitestate control component, may read, store, and write but not perfo ..."
Abstract

Cited by 36 (8 self)
 Add to MetaCart
Traditionally, many automatic program verification techniques are applicable only to finitestate programs. In this paper we extend some of these techniques to a class of infinitestate programs that, in addition to having a finitestate control component, may read, store, and write but not perform any other computations on data. Such programs are dataindependent in the sense that their behavior does not depend on the actual data values supplied. We consider the problems of deciding strong equivalence and observation equivalence, defined by bisimulations (as in CCS), between such programs. These equivalences have major applications in verification of communication protocols. We present reductions of these problems to the problem of deciding strong equivalence and observation equivalence between finitestate programs, for which polynomial time algorithms exist. The equivalence problems on dataindependent programs are shown to be NPhard in the size of the programs. 4 1 I...
Computing Behavioural Relations, Logically
 In Proceedings of 18th International Colloquium on Automata, Languages and Programming
, 1991
"... This paper develops a modelchecking algorithm for a fragment of the modal mucalculus and shows how it may be applied to the efficient computation of behavioral relations between processes. The algorithm's complexity is proportional to the product of the size of the process and the size of the f ..."
Abstract

Cited by 28 (7 self)
 Add to MetaCart
This paper develops a modelchecking algorithm for a fragment of the modal mucalculus and shows how it may be applied to the efficient computation of behavioral relations between processes. The algorithm's complexity is proportional to the product of the size of the process and the size of the formula, and thus improves on the best existing algorithm for such a fixed point logic. The method for computing preorders that the model checker induces is also more efficient than known algorithms.
Triggered Message Sequence Charts
, 2006
"... This paper introduces Triggered Message Sequence Charts (TMSCs), a graphical, mathematically wellfounded framework for capturing scenariobased system requirements of distributed systems. Like Message Sequence Charts (MSCs), TMSCs are graphical depictions of scenarios, or exchanges of messages be ..."
Abstract

Cited by 27 (2 self)
 Add to MetaCart
This paper introduces Triggered Message Sequence Charts (TMSCs), a graphical, mathematically wellfounded framework for capturing scenariobased system requirements of distributed systems. Like Message Sequence Charts (MSCs), TMSCs are graphical depictions of scenarios, or exchanges of messages between processes in a distributed system. Unlike MSCs, however, TMSCs are equipped with a notion of trigger that permits requirements to be made conditional; a notion of partiality indicating that a scenario may be subsequently extended; and a notion of refinement for assessing whether or not a more detailed specification correctly elaborates on a less detailed one. The TMSC notation also includes a collection of composition operators allowing structure to be introduced into scenario specifications, so that interactions among different scenarios may be studied. In the first part of this paper, TMSCs are introduced, and their use in support of requirements modeling is illustrated via two extended examples. The second part develops the mathematical underpinnings of the language.
The Weakest Compositional Semantic Equivalence Preserving Nexttimeless Linear Temporal Logic
 In CONCUR '92, vol. 630 of LNCS
, 1992
"... . Temporal logic model checking is a useful method for verifying properties of finitestate concurrent systems. However, due to the state explosion problem modular methods like compositional minimisation based on semantic congruences are essential in making the verification task manageable. In this ..."
Abstract

Cited by 27 (2 self)
 Add to MetaCart
. Temporal logic model checking is a useful method for verifying properties of finitestate concurrent systems. However, due to the state explosion problem modular methods like compositional minimisation based on semantic congruences are essential in making the verification task manageable. In this paper we show that the socalled CFFDequivalence defined by initial stability, infinite traces, divergence traces and stable failures is exactly the weakest compositional equivalence preserving nexttimeless linear temporal logic with an extra operator distinguishing deadlocks from divergences. Furthermore, a slight modification of CFFD, called the NDFDequivalence, is exactly the weakest compositional equivalence preserving standard nexttimeless linear temporal logic. 1 Introduction Many important correctness considerations of concurrent systems lend themselves to representing the system by a finitestate model, and consequently, to automatic verification. However, due to the stateexplo...
TestingBased Abstractions for ValuePassing Systems
 In CONCUR'94, number 836 in Lecture Notes in Computer Science
, 1994
"... ions for ValuePassing Systems ? Rance Cleaveland ?? and James Riely ??? 1 Dept. of Computer Science, N.C. State University, Raleigh, NC 276958206, USA 2 Dept. of Computer Science, University of N.C., Chapel Hill, NC 275993175, USA email: rance@csc.ncsu.edu, riely@cs.unc.edu Abstract. ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
ions for ValuePassing Systems ? Rance Cleaveland ?? and James Riely ??? 1 Dept. of Computer Science, N.C. State University, Raleigh, NC 276958206, USA 2 Dept. of Computer Science, University of N.C., Chapel Hill, NC 275993175, USA email: rance@csc.ncsu.edu, riely@cs.unc.edu Abstract. This paper presents a framework for the abstract interpretation of processes that pass values. We define a process description language that is parameterized with respect to the set of values that processes may exchange and show that an abstraction over values induces an abstract semantics for processes. Our main results state that if the abstract value interpretation safely/optimally approximates the ground interpretation, then the resulting abstracted processes safely/optimally approximate those derived from the ground semantics (in a precisely defined sense). As the processes derived from an abstract semantics in general have far fewer states than those derived from a concrete sem...