Results 1  10
of
176
A Formal Approach to Software Architecture
, 1997
"... As software systems become more complex, the overall system structureor software architecturebecomes a central design problem. A system's architecture provides a model of the system that suppresses implementation detail, allowing the architect to concentrate on the analyses and decisions that ..."
Abstract

Cited by 284 (14 self)
 Add to MetaCart
As software systems become more complex, the overall system structureor software architecturebecomes a central design problem. A system's architecture provides a model of the system that suppresses implementation detail, allowing the architect to concentrate on the analyses and decisions that are most crucial to structuring the system to satisfy its requirements. Unfortunately, current representations of software architecture are informal and ad hoc. While architectural concepts are often embodied in infrastructure to support specific architectural styles and in the initial conceptualization of a system configuration, the lack of an explicit, independentlycharacterized architecture or architectural style significantly limits the benefits of software architectural design in current practice. In this dissertation, I show that an Architecture Description Language based on a formal, abstract model of system behavior can provide a practical means of describing and analyzing softwar...
Relations in Concurrency
"... The theme of this paper is profunctors, and their centrality and ubiquity in understanding concurrent computation. Profunctors (a.k.a. distributors, or bimodules) are a generalisation of relations to categories. Here they are first presented and motivated via spans of event structures, and the seman ..."
Abstract

Cited by 261 (33 self)
 Add to MetaCart
The theme of this paper is profunctors, and their centrality and ubiquity in understanding concurrent computation. Profunctors (a.k.a. distributors, or bimodules) are a generalisation of relations to categories. Here they are first presented and motivated via spans of event structures, and the semantics of nondeterministic dataflow. Profunctors are shown to play a key role in relating models for concurrency and to support an interpretation as higherorder processes (where input and output may be processes). Two recent directions of research are described. One is concerned with a language and computational interpretation for profunctors. This addresses the duality between input and output in profunctors. The other is to investigate general spans of event structures (the spans can be viewed as special profunctors) to give causal semantics to higherorder processes. For this it is useful to generalise event structures to allow events which “persist.”
A Design Framework for InternetScale Event Observation and Notification
 In Proc. of the 6 th European Software Engineering Conf. held jointly with the 5 th ACM SIGSOFT Symp. on the Foundations of Software Engineering (ESEC/FSE97), number 1301 in LNCS
, 1997
"... There is increasing interest in having software systems execute and interoperate over the Internet. Execution and interoperation at this scale imply a degree of loose coupling and heterogeneity among the components from which such systems will be built. One common architectural style for distributed ..."
Abstract

Cited by 153 (8 self)
 Add to MetaCart
There is increasing interest in having software systems execute and interoperate over the Internet. Execution and interoperation at this scale imply a degree of loose coupling and heterogeneity among the components from which such systems will be built. One common architectural style for distributed; looselycoupled, heterogeneous software systems is a structure based on event generation, observation and notification. The technology to support this approach is welldeveloped for local area networks, but it is illsuited to networks on the scale of the Internet. Hence, new technologies are needed to support the construction of largescale, eventbased software systems for the Internet. We have begun to design a new facility for event observation and notification that better serves the needs of Internetscale applications. In this paper we present results from our first step in this design process, in which we defined a framework that captures many of the relevant design dimensions. Our framework comprises seven modelsan object model, an event model, a naming model, an observation model, a time model, a notification model, and a resource model. The paper discusses each of these models in detail and illustrates them using an example involving an update to a Web page. The paper also evaluates three existing technologies with respect to the seven models.
Model checking of message sequence charts
, 1999
"... Scenariobased specifications such as message sequence charts (MSC) or an intuitive and visual way of describing design requirements. Such specifications focus on message exchanges among communicating entities in distributed software systems. Structured specifications such as MSCgraphs and Hierarch ..."
Abstract

Cited by 124 (6 self)
 Add to MetaCart
Scenariobased specifications such as message sequence charts (MSC) or an intuitive and visual way of describing design requirements. Such specifications focus on message exchanges among communicating entities in distributed software systems. Structured specifications such as MSCgraphs and Hierarchical MSCgraphs (HMSC) allow convenient expression of multiple scenarios, and can be viewed as an early model of the system. In this paper, we present a comprehensive study of the problem of verifying whether this model satisfies a temporal requirement given by an automaton, by developing algorithms for the different cases along with matching lower bounds. When the model is given as an MSC, model checking can be done by constructing a suitable automaton for the linearizations of the partial order specified by the MSC, and the problem is coNPcomplete. When the model is given by an MSCgraph, we consider two possible semantics depending on the synchronous or asynchronous interpretation of concatenating two MSCs. For synchronous model checking of MSCgraphs and HMSCs, we present algorithms whose time complexity is proportional to the product of the size of the description and the cost of processing MSCs at individual vertices. Under the asynchronous interpretation, we prove undecidability of the model checking problem. We, then, identify a natural requirement of boundedness, give algorithms to check boundedness, and establish asynchronous model checking to be Pspacecomplete for bounded MSCgraphs and Expspacecomplete for bounded HMSCs.
Modeling Concurrency with Geometry
"... The phenomena of branching time and true or noninterleaving concurrency find their respective homes in automata and schedules. But these two models of computation are formally equivalent via Birkhoff duality, an equivalence we expound on here in tutorial detail. So why should these phenomena prefer ..."
Abstract

Cited by 124 (13 self)
 Add to MetaCart
The phenomena of branching time and true or noninterleaving concurrency find their respective homes in automata and schedules. But these two models of computation are formally equivalent via Birkhoff duality, an equivalence we expound on here in tutorial detail. So why should these phenomena prefer one home over the other? We identify dimension as the culprit: 1dimensional automata are skeletons permitting only interleaving concurrency, whereas true nfold concurrency resides in transitions of dimension n. The truly concurrent automaton dual to a schedule is not a skeletal distributive lattice but a solid one. We introduce true nondeterminism and define it as monoidal homotopy; from this perspective nondeterminism in ordinary automata arises from forking and joining creating nontrivial homotopy. The automaton dual to a poset schedule is simply connected whereas that dual to an event structure schedule need not be, according to monoidal homotopy though not to group homotopy. We conclude with a formal definition of higher dimensional automaton as an ncomplex or ncategory, whose two essential axioms are associativity of concatenation within dimension and an interchange principle between dimensions.
Modelling Knowledge and Action in Distributed Systems
 Distributed Computing
, 1988
"... : We present a formal model that captures the subtle interaction between knowledge and action in distributed systems. We view a distributed system as a set of runs, where a run is a function from time to global states and a global state is a tuple consisting of an environment state and a local state ..."
Abstract

Cited by 85 (28 self)
 Add to MetaCart
: We present a formal model that captures the subtle interaction between knowledge and action in distributed systems. We view a distributed system as a set of runs, where a run is a function from time to global states and a global state is a tuple consisting of an environment state and a local state for each process in the system. This model is a generalization of those used in many previous papers. Actions in this model are associated with functions from global states to global states. A protocol is a function from local states to actions. We extend the standard notion of a protocol by defining knowledgebased protocols, ones in which a process' actions may depend explicitly on its knowledge. Knowledgebased protocols provide a natural way of describing how actions should take place in a distributed system. Finally, we show how the notion of one protocol implementing another can be captured in our model. Some material in this paper appeared in preliminary form in [HF85]. An abridge...
Rapide: A Language and Toolset for Simulation of Distributed Systems by Partial Orderings of Events
 Princeton University
, 1996
"... This paper describes the Rapide concepts of system architecture, causal event simulation, and some of the tools for viewing and analysis of causal event simulations. Illustration of the language and tools is given by a detailed small example. 1 Introduction Rapide1.0 [LKA + 95],[LV95] is a compu ..."
Abstract

Cited by 55 (2 self)
 Add to MetaCart
This paper describes the Rapide concepts of system architecture, causal event simulation, and some of the tools for viewing and analysis of causal event simulations. Illustration of the language and tools is given by a detailed small example. 1 Introduction Rapide1.0 [LKA + 95],[LV95] is a computer language for defining and executing models of system architectures. The result of executing a Rapide model is a set of events that occurred during the execution together with causal and timing relationships between events. The production of causal history as a simulation result is, at present, unique to Rapide among eventbased languages. Sets of events with causal histories are called posets (partially ordered event sets). 1 Simulators that produce posets provide many new opportunities for analysis of models of distributed and concurrent systems. Rapide1.0 is structured as a set of languages consisting of the Types, Patterns, Architecture, Constraint, and Executable Module languages...
A Graphical Interval Logic for Specifying Concurrent Systems
 ACM Transactions on Software Engineering and Methodology
, 1994
"... The paper describes a graphical interval logic that is the foundation of a toolset supporting formal specification and verification of concurrent software systems. Experience has shown that most software engineers find standard temporal logics difficult to understand and to use. The objective of ..."
Abstract

Cited by 53 (13 self)
 Add to MetaCart
The paper describes a graphical interval logic that is the foundation of a toolset supporting formal specification and verification of concurrent software systems. Experience has shown that most software engineers find standard temporal logics difficult to understand and to use. The objective of this work is to enable software engineers to specify and reason about temporal properties of concurrent systems more easily by providing them with a logic that has an intuitive graphical representation and with tools that support its use. To illustrate the use of the graphical logic, the paper provides some specifications for an elevator system and proves several properties of the specifications. The paper also describes the toolset and the implementation. 1 Introduction One of the great challenges facing today's software engineers is the development of correct programs for real applications. Recent advances in hardware reliability and fault tolerance technology can assure extremely lo...
Deciding Properties for Message Sequence Charts
, 1998
"... Message sequence charts (MSC) are commonly used in designing communication systems. They allow describing the communication skeleton of a system and can be used for finding design errors. First, a specification formalism that is based on MSC graphs, combining finite message sequence charts, is p ..."
Abstract

Cited by 52 (9 self)
 Add to MetaCart
Message sequence charts (MSC) are commonly used in designing communication systems. They allow describing the communication skeleton of a system and can be used for finding design errors. First, a specification formalism that is based on MSC graphs, combining finite message sequence charts, is presented. We present then an automatic validation algorithm for systems described using the message sequence charts notation. The validation problem is tightly related to a natural languagetheoretic problem over semitraces (a generalization of Mazurkiewicz traces, which represent partially ordered executions). We show that a similar and natural decision problem is undecidable. 1
Action Logic and Pure Induction
 Logics in AI: European Workshop JELIA '90, LNCS 478
, 1991
"... In FloydHoare logic, programs are dynamic while assertions are static (hold at states). In action logic the two notions become one, with programs viewed as onthefly assertions whose truth is evaluated along intervals instead of at states. Action logic is an equational theory ACT conservatively ex ..."
Abstract

Cited by 50 (6 self)
 Add to MetaCart
In FloydHoare logic, programs are dynamic while assertions are static (hold at states). In action logic the two notions become one, with programs viewed as onthefly assertions whose truth is evaluated along intervals instead of at states. Action logic is an equational theory ACT conservatively extending the equational theory REG of regular expressions with operations preimplication a!b (had a then b) and postimplication b/a (b ifever a). Unlike REG, ACT is finitely based, makes a reflexive transitive closure, and has an equivalent Hilbert system. The crucial axiom is that of pure induction, (a!a) = a!a. This work was supported by the National Science Foundation under grant number CCR8814921. 1 Introduction Many logics of action have been proposed, most of them in the past two decades. Here we define action logic, ACT, a new yet simple juxtaposition of old ideas, and show off some of its attractive aspects. The language of action logic is that of equational regular expressio...