Results 1 
8 of
8
Simulation Techniques For Proving Properties Of RealTime Systems
 IN REX WORKSHOP '93, LECTURE NOTES IN COMPUTER SCIENCE
, 1993
"... The method of simulations is an important technique for reasoning about realtime and other timingbased systems. It is adapted from an analogous method for untimed systems. This paper presents the simulation method in the context of a very general automaton (i.e., labelled transition system) mo ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
The method of simulations is an important technique for reasoning about realtime and other timingbased systems. It is adapted from an analogous method for untimed systems. This paper presents the simulation method in the context of a very general automaton (i.e., labelled transition system) model for timingbased systems. Sketches are presented of several typical examples for which the method has been used successfully. Other complementary tools are also described, in particular, invariants for safety proofs, progress functions for timing proofs, and execution correspondences for liveness proofs.
Multivalued Possibilities Mappings
 Stepwise Refinement of Distributed Systems, volume LNCS 430
, 1989
"... Abstraction mappings are one of the major tools used to construct correctness proofs for concurrent algorithms. Several examples axe given of situations in which it is useful to allow the abstraction mappings to be multivalued, The examples involve algorithm optimization, algorithm distribution, and ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
Abstraction mappings are one of the major tools used to construct correctness proofs for concurrent algorithms. Several examples axe given of situations in which it is useful to allow the abstraction mappings to be multivalued, The examples involve algorithm optimization, algorithm distribution, and proofs of time bounds.
The verified incremental design of a distributed spanning tree algorithm (Extended Abstract)
, 1997
"... The paper announces an incremental mechanicallyverified design of the algorithm of Gallager, Humblet, and Spira for the distributed determination of the minimumweight spanning tree in a graph of processes. The processes communicate by means of asynchronous messages with their neighbours in the gr ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
The paper announces an incremental mechanicallyverified design of the algorithm of Gallager, Humblet, and Spira for the distributed determination of the minimumweight spanning tree in a graph of processes. The processes communicate by means of asynchronous messages with their neighbours in the graph. Messages over one link may pass each other. The proof of the algorithm is based on ghost variables, invariants, and a decreasing variant function. The verification is mechanized by means of the theorem prover Nqthm of Boyer and Moore. This extended abstract is an introduction to the full paper that can be obtained by ftp. 1 Introduction Given is a connected undirected graph in which all edges have different weights. So this graph has a unique minimumweight spanning tree. The nodes of the graph are processes that can asynchronously send messages to neighbour processes. Every process only knows the weights of its incident edges and the names of its neighbours. In 1983, Gallager, Humble...
A Comparison of Simulation Techniques and Algebraic Techniques for Verifying Concurrent Systems
 Formal Aspects of Computing
, 1997
"... Simulationbased assertional techniques and process algebraic techniques are two of the major methods that have been proposed for the verification of concurrent and distributed systems. It is shown how each of these techniques can be applied to the task of verifying systems described as input/output ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Simulationbased assertional techniques and process algebraic techniques are two of the major methods that have been proposed for the verification of concurrent and distributed systems. It is shown how each of these techniques can be applied to the task of verifying systems described as input/output automata; both safety and liveness properties are considered. A small but typical circuit is verified in both of these ways, first using forward simulations, an execution correspondence lemma, and a simple fairness argument, and second using deductions within the process algebra DIOA for I/O automata. An extended evaluation and comparison of the two methods is given.
A mechanical proof of Segall's PIF algorithm
, 1997
"... . We describe the construction of a distributed algorithm with asynchronous communication together with a mechanically verified proof of correctness. For this purpose we treat Segall's PIF algorithm (propagation of information with feedback). The proofs are based on invariants, and variant functions ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
. We describe the construction of a distributed algorithm with asynchronous communication together with a mechanically verified proof of correctness. For this purpose we treat Segall's PIF algorithm (propagation of information with feedback). The proofs are based on invariants, and variant functions for termination. The theorem prover NQTHM is used to deal with the many case distinctions due to asynchronous distributed computation. Emphasis is on the modelling assumptions, the treatment of nondeterminacy, the forms of termination detection, and the proof obligations for a complete mechanical proof. Finally, a comparison is made with (the proof of) the minimum spanning tree algorithm of Gallager, Humblet, and Spira, for which the technique was developed. 1. Introduction The purpose of this paper is to present a mechanically supported, verified design of Segall's PIF algorithm and its extension to a distributed summation algorithm, cf. [Vaa95]. PIF stands for Propagation of Information ...