Results 1  10
of
13
Simulation Techniques For Proving Properties Of RealTime Systems
 IN REX WORKSHOP '93, LECTURE NOTES IN COMPUTER SCIENCE
, 1993
"... The method of simulations is an important technique for reasoning about realtime and other timingbased systems. It is adapted from an analogous method for untimed systems. This paper presents the simulation method in the context of a very general automaton (i.e., labelled transition system) mo ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
(Show Context)
The method of simulations is an important technique for reasoning about realtime and other timingbased systems. It is adapted from an analogous method for untimed systems. This paper presents the simulation method in the context of a very general automaton (i.e., labelled transition system) model for timingbased systems. Sketches are presented of several typical examples for which the method has been used successfully. Other complementary tools are also described, in particular, invariants for safety proofs, progress functions for timing proofs, and execution correspondences for liveness proofs.
Multivalued Possibilities Mappings
 Stepwise Refinement of Distributed Systems, volume LNCS 430
, 1989
"... Abstraction mappings are one of the major tools used to construct correctness proofs for concurrent algorithms. Several examples axe given of situations in which it is useful to allow the abstraction mappings to be multivalued, The examples involve algorithm optimization, algorithm distribution, and ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
Abstraction mappings are one of the major tools used to construct correctness proofs for concurrent algorithms. Several examples axe given of situations in which it is useful to allow the abstraction mappings to be multivalued, The examples involve algorithm optimization, algorithm distribution, and proofs of time bounds.
The verified incremental design of a distributed spanning tree algorithm (Extended Abstract)
, 1997
"... The paper announces an incremental mechanicallyverified design of the algorithm of Gallager, Humblet, and Spira for the distributed determination of the minimumweight spanning tree in a graph of processes. The processes communicate by means of asynchronous messages with their neighbours in the gr ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
The paper announces an incremental mechanicallyverified design of the algorithm of Gallager, Humblet, and Spira for the distributed determination of the minimumweight spanning tree in a graph of processes. The processes communicate by means of asynchronous messages with their neighbours in the graph. Messages over one link may pass each other. The proof of the algorithm is based on ghost variables, invariants, and a decreasing variant function. The verification is mechanized by means of the theorem prover Nqthm of Boyer and Moore. This extended abstract is an introduction to the full paper that can be obtained by ftp. 1 Introduction Given is a connected undirected graph in which all edges have different weights. So this graph has a unique minimumweight spanning tree. The nodes of the graph are processes that can asynchronously send messages to neighbour processes. Every process only knows the weights of its incident edges and the names of its neighbours. In 1983, Gallager, Humble...
A Comparison of Simulation Techniques and Algebraic Techniques for Verifying Concurrent Systems
 Formal Aspects of Computing
, 1997
"... Simulationbased assertional techniques and process algebraic techniques are two of the major methods that have been proposed for the verification of concurrent and distributed systems. It is shown how each of these techniques can be applied to the task of verifying systems described as input/output ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Simulationbased assertional techniques and process algebraic techniques are two of the major methods that have been proposed for the verification of concurrent and distributed systems. It is shown how each of these techniques can be applied to the task of verifying systems described as input/output automata; both safety and liveness properties are considered. A small but typical circuit is verified in both of these ways, first using forward simulations, an execution correspondence lemma, and a simple fairness argument, and second using deductions within the process algebra DIOA for I/O automata. An extended evaluation and comparison of the two methods is given.
A mechanical proof of Segall's PIF algorithm
, 1997
"... . We describe the construction of a distributed algorithm with asynchronous communication together with a mechanically verified proof of correctness. For this purpose we treat Segall's PIF algorithm (propagation of information with feedback). The proofs are based on invariants, and variant func ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
. We describe the construction of a distributed algorithm with asynchronous communication together with a mechanically verified proof of correctness. For this purpose we treat Segall's PIF algorithm (propagation of information with feedback). The proofs are based on invariants, and variant functions for termination. The theorem prover NQTHM is used to deal with the many case distinctions due to asynchronous distributed computation. Emphasis is on the modelling assumptions, the treatment of nondeterminacy, the forms of termination detection, and the proof obligations for a complete mechanical proof. Finally, a comparison is made with (the proof of) the minimum spanning tree algorithm of Gallager, Humblet, and Spira, for which the technique was developed. 1. Introduction The purpose of this paper is to present a mechanically supported, verified design of Segall's PIF algorithm and its extension to a distributed summation algorithm, cf. [Vaa95]. PIF stands for Propagation of Information ...
der Universität des Saarlandes
"... PlanckInstitut für Informatik in Saarbrücken und an Chalmers Tekniska Högskola in Göteborg angefertigt. Hiermit erkläre ich an Eides Statt, daß ich diese Diplomarbeit selbständig verfaßt und nur die angegebenen Quellen benutzt habe. Ferner habe ich die Arbeit noch keinem anderen Prüfungsamt vorgele ..."
Abstract
 Add to MetaCart
(Show Context)
PlanckInstitut für Informatik in Saarbrücken und an Chalmers Tekniska Högskola in Göteborg angefertigt. Hiermit erkläre ich an Eides Statt, daß ich diese Diplomarbeit selbständig verfaßt und nur die angegebenen Quellen benutzt habe. Ferner habe ich die Arbeit noch keinem anderen Prüfungsamt vorgelegt. Saarbrücken, den 30. Mai 1999 I would like to thank a lot Marina Papatriantafilou and Philippas Tsigas for their great support during my thesis and in particular for organizing that I could write a big part of this thesis at their department in Gothenborg. Further, I thank the members of the computer science department at Chalmers in Gothenborg and the members of the MPI for the very nice working conditions. Special thanks belong to my parents for all their support. i �ÓÒØ�ÒØ×
Constraintbased Structuring of Network Protocols
"... The complexity of designing protocols has led to compositional techniques for designing and verifying protocols. We propose a technique based on the notion of parallel composition of protocols. We view a composite protocol as an interleaved execution of the component protocols subject to a set of ..."
Abstract
 Add to MetaCart
(Show Context)
The complexity of designing protocols has led to compositional techniques for designing and verifying protocols. We propose a technique based on the notion of parallel composition of protocols. We view a composite protocol as an interleaved execution of the component protocols subject to a set of constraints. Using the constraints as building blocks, we define several constraintbased structures with each structure combining the properties of the component protocols in a different way. For instance, the component protocols of a multifunction protocol can be structured so that the composite protocol performs all the individual functions concurrently or performs only one of them depending on the order of initiation of the component protocols. We provide inference rules to infer safety and liveness properties of the composite protocol. Some properties are derived from those of the component protocols while others are derived from the structuring mechanism (the set of constraint...