## Fair testing (1995)

### Cached

### Download Links

- [eprints.eemcs.utwente.nl]
- [www.cs.utwente.nl]
- [doc.utwente.nl]
- [para.inria.fr]
- [www.ub.utwente.nl]
- DBLP

### Other Repositories/Bibliography

Venue: | Concur ’95: Concurrency Theory, volume 962 of Lecture Notes in Computer Science |

Citations: | 62 - 0 self |

### BibTeX

@INPROCEEDINGS{Rensink95fairtesting,

author = {Arend Rensink and Walter Vogler},

title = {Fair testing},

booktitle = {Concur ’95: Concurrency Theory, volume 962 of Lecture Notes in Computer Science},

year = {1995},

pages = {313--327},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

In this paper we present a solution to the long-standing problem of characterising the coarsest liveness-preserving pre-congruence with respect to a full (TCSP-inspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one based on a De Nicola-Hennessy-like testing modality which we call should-testing, and a denotational one based on a refined notion of failures. One of the distinguishing characteristics of the should-testing pre-congruence is that it abstracts from divergences in the same way as Milner’s observation congruence, and as a consequence is strictly coarser than observation congruence. In other words, should-testing has a built-in fairness assumption. This is in itself a property long sought-after; it is in notable contrast to the well-known must-testing of De Nicola and Hennessy (denotationally characterised by a combination of failures and divergences), which treats divergence as catrastrophic and hence is incompatible with observation congruence. Due to these characteristics, should-testing supports modular reasoning and allows to use the proof techniques of observation congruence, but also supports additional laws and techniques.

### Citations

3605 | Communicating sequential processes
- Hoare
- 1978
(Show Context)
Citation Context ...s denoted T; we use F, G to range over T. In order for T to be adequate, we impose a number of saturation conditions on elements F ∈ T, which extend the closure conditions on failure sets; see, e.g., =-=[13]-=-: • F may not be empty: even a completely deadlocked system has failures (namely, at least (ε, ∅) is a failure). • The refusal part of F is saturated in the sense that the upward-closure ↑V of the ref... |

3384 |
Communication and Concurrency
- Milner
- 1989
(Show Context)
Citation Context ...ysis of distributed systems by means of process-algebraic languages and theories has become an established field of theoretical and applied research. Basic process algebraic theories like CCS (Milner =-=[28]-=-), CSP (Hoare [21]) and ACP (Baeten and Weijland [1]) as well as standardised specification formalisms like LOTOS (Bolognesi and Brinksma [5], ISO [22]) are being routinely applied. One of the most in... |

1408 |
A Calculus of Communicating Systems
- Milner
- 1980
(Show Context)
Citation Context ...y successful family of pre-orders (most of them actually equivalences) arises out of the principle of (mutual) simulation of systems. The prime representatives of this family are bisimilarity (Milner =-=[26]-=-, Park [33]) and especially also observation congruence (Milner [28]). In favour of testing We recall that, at least in principle, bisimulations provide the finer equivalences that keep track of the b... |

693 |
Concurrency and automata on infinite sequences
- Park
- 1981
(Show Context)
Citation Context ...l family of pre-orders (most of them actually equivalences) arises out of the principle of (mutual) simulation of systems. The prime representatives of this family are bisimilarity (Milner [26], Park =-=[33]-=-) and especially also observation congruence (Milner [28]). In favour of testing We recall that, at least in principle, bisimulations provide the finer equivalences that keep track of the branching st... |

433 | Testing equivalences for processes
- Nicola, Hennessy
- 1984
(Show Context)
Citation Context ... such as for example the availability of a mathematically tractable and well-understood theory, so that in practice a compromise between the various requirements must be found. In their seminal paper =-=[17]-=-, De Nicola and Hennessy present a framework for defining pre-orders that is widely acknowledged as a realistic scenario for system testing. They use their framework to define the must-testing and may... |

417 | Introduction to the ISO Specification Language LOTOS
- Bolognesi, Brinksma
- 1989
(Show Context)
Citation Context ...search. Basic process algebraic theories like CCS (Milner [28]), CSP (Hoare [21]) and ACP (Baeten and Weijland [1]) as well as standardised specification formalisms like LOTOS (Bolognesi and Brinksma =-=[5]-=-, ISO [22]) are being routinely applied. One of the most interesting and fruitful areas of research in process algebra is that of behavioural equalities and pre-orders. Such a relation defines formall... |

326 |
Calculi for synchrony and asynchrony
- Milner
- 1983
(Show Context)
Citation Context ... a process environment (see below) and X ∈ dom(θ). θ can be regarded as a vector of equations X := θ(X), of which the recursion operator builds a fixpoint at each given coordinate X. (See also Milner =-=[27]-=- for another example of this operator.) A special case is θ = {X := B}, in which case we sometimes simply write recX. B. We sometimes use rec θ to denote the function dom(θ) → L that maps each X ∈ dom... |

306 | The linear time–branching time spectrum II: the semantics of sequential systems with silent moves
- Glabbeek
- 1993
(Show Context)
Citation Context ...ical notion of observable behaviour; rather, depending on the formalisation of observability, many different notions of behavioural equivalence or inclusion arise (the reader may consult Van Glabbeek =-=[39, 38]-=- for an overview). Of course, other criteria apply as well, such as for example the availability of a mathematically tractable and well-understood theory, so that in practice a compromise between the ... |

231 | Barbed bisimulation
- Milner, Sangiorgi
- 1992
(Show Context)
Citation Context ...d by three basic observables”. That is, they start with “basic observables” and investigate the coarsest pre-congruences generated by those, in the barbed bisimulation style (see Milner and Sangiorgi =-=[29]-=-). One of these basic observables corresponds to our liveness predicate, and indeed our coarsest liveness-preserving pre-congruence result corresponds to the characterisation of should-testing in that... |

218 |
Information Processing Systems - Open Systems Interconnection - LOTOS - A Formal Description Technique Based on temporal Ordering
- ISO
- 1988
(Show Context)
Citation Context ...asic process algebraic theories like CCS (Milner [28]), CSP (Hoare [21]) and ACP (Baeten and Weijland [1]) as well as standardised specification formalisms like LOTOS (Bolognesi and Brinksma [5], ISO =-=[22]-=-) are being routinely applied. One of the most interesting and fruitful areas of research in process algebra is that of behavioural equalities and pre-orders. Such a relation defines formally when one... |

200 |
Bisimulation can’t be traced
- Bloom, Istrail, et al.
- 1995
(Show Context)
Citation Context ...ation such that for all s1 ≃bis s2 and s1 − α → s ′ 1 there is a s′ 2 ≈ s′ 1 such that s2 = α ⇒ s ′ 2 . 12The following result is standard; see Milner [28] for the corresponding property of CCS, and =-=[4, 3]-=- for meta-results applying to the language L considered here. Proposition 2.8 ∼ and ≃bis are full congruences. Strong bisimulation is often regarded as the most distinguishing reasonable equivalence r... |

123 |
A theory for the derivation of tests
- Brinksma
- 1988
(Show Context)
Citation Context ...ptance testing) that shares the fairness property of observation congruence is in fact not too difficult to find: it has been defined and studied under the name of reduction by Brinksma and Scollo in =-=[12, 8]-=- and the corresponding equivalence relation also by Vogler in [40] (see also Section 3.3 of [41]). Denotationally, acceptance 4a b a b B1 a a B2 a a a c a c Figure 1.3: B1 and B2 are acceptance testi... |

98 |
Extensional equivalences for transition systems
- Nicola
- 1987
(Show Context)
Citation Context ...es [12, 14] is isomorphic to [7], and therefore also identifies thesprocesses of Fig. 9. An overview of many other characterizations of unfair must-sequivalence for transition systems can be found in =-=[8]-=-. Another approach tosfairness is described in [13], where fairness is modelled as a structural propertysof the operator for parallel composition. This interpretation f fairness is com-spatible with t... |

70 | Probabilistic extensions of process algebras
- Jonsson, Larsen, et al.
- 2001
(Show Context)
Citation Context ...mber of transitions, including internal ones) from an arbitrary state of the system under test to the nearest success state. On the other hand, the testing pre-orders studied by, e.g., Jonsson et al. =-=[23]-=- and Cleaveland et al. [15] are different in that they compare the likelihood of success for arbitrary tests (and hence do not restrict themselves to tests for which success is certain, as in [32]). T... |

68 | Observation equivalences as a testing equivalence - Abramsky - 1987 |

67 |
An improved failures model for communicating processes
- Brookes, Roscoe
- 1985
(Show Context)
Citation Context ...h of these pre-orders are backed up by a relatively simple and appealing denotational semantics, combining notions of failure and divergence in the case of must-testing (see Brookes, Hoare and Roscoe =-=[13, 14]-=-), and based on traces in the case of may-testing. Another very successful family of pre-orders (most of them actually equivalences) arises out of the principle of (mutual) simulation of systems. The ... |

67 |
Modular Construction and Partial Order Semantics of Petri Nets
- Vogler
- 1992
(Show Context)
Citation Context ...icult to find: it has been defined and studied under the name of reduction by Brinksma and Scollo in [12, 8] and the corresponding equivalence relation also by Vogler in [40] (see also Section 3.3 of =-=[41]-=-). Denotationally, acceptance 4a b a b B1 a a B2 a a a c a c Figure 1.3: B1 and B2 are acceptance testing equivalent, but not after hiding a B1 a B2 a a Figure 1.4: B1 is an acceptance testing implem... |

66 | Testing Equivalence as a Bisimulation Equivalence - Cleaveland, Hennessy - 1993 |

66 | Higher-level synchronising devices in Meije-SCCS
- Simone
- 1985
(Show Context)
Citation Context ...ill be one case for each of the operational rules in Table 2.1. The cases for the first-order operators really follow from the fact that the corresponding rules are all in the SOS format of De Simone =-=[18]-=-. As an example, we show the case of the synchronisation rule. • B = B1 || A B2 such that Bk[θω ] − α1 −→ Ck for k = 1,2 and C = C1 || A C2. By the induction hypothesis, for k = 1,2 there are transiti... |

62 | A hierarchy of equivalences for asynchronous calculi
- Fournet, Gonthier
- 1998
(Show Context)
Citation Context ...was not considered in [41], but our denotational semantics is derived from this study. The issue of fair testing has also been investigated in the context of the join calculus by Fournet and Gonthier =-=[20]-=-; it turns out that in that setting, part of the hierarchy of equivalences collapses so that fair testing comes to coincide with coupled simulation. A preorder closely related to our full pre-congruen... |

51 |
Acceptance trees
- Hennessy
- 1985
(Show Context)
Citation Context ...nstant D. Algebraically,sY~ plays the role of the underspecified process that can be refined by arbitrarysother behaviour, avoiding the drawback of [6]. The related model of (strong)sacceptance trees =-=[12, 14]-=- is isomorphic to [7], and therefore also identifies thesprocesses of Fig. 9. An overview of many other characterizations of unfair must-sequivalence for transition systems can be found in [8]. Anothe... |

51 |
Testing preorders for probabilistic processes
- Cleaveland, Smolka, et al.
- 1992
(Show Context)
Citation Context ...ing internal ones) from an arbitrary state of the system under test to the nearest success state. On the other hand, the testing pre-orders studied by, e.g., Jonsson et al. [23] and Cleaveland et al. =-=[15]-=- are different in that they compare the likelihood of success for arbitrary tests (and hence do not restrict themselves to tests for which success is certain, as in [32]). This leads to greater distin... |

49 |
Refusal testing
- Phillips
- 1987
(Show Context)
Citation Context ... systems which are different after hiding aswill always refuse either b or c.sNote that this example is invalidated in some of the stronger notions of test-sing, such as refusal testing (cf. Phillips =-=[21]-=- or Langerak [15]) where testing mayscontinue after a refusal has been observed. Consider, however, the behaviourssin Fig. 4. The left hand system has strictly fewer failures than the right handssyste... |

43 | Divergence and fair testing
- Natarajan, Cleaveland
- 1995
(Show Context)
Citation Context ...ducing the notion of should-testing, elaborating on and extending our preliminary papers [10, 11]. This notion of testing was also concurrently and independently developed by Natarajan and Cleaveland =-=[31]-=-; again, see Section 8 for a more detailed comparison of the respective contributions. A closely related approach based on liveness in Petri nets, giving an interesting characterization for a coarsest... |

43 |
Structural operational semantics for weak bisimulations
- Bloom
- 1995
(Show Context)
Citation Context ...ation such that for all s1 ≃bis s2 and s1 − α → s ′ 1 there is a s′ 2 ≈ s′ 1 such that s2 = α ⇒ s ′ 2 . 12The following result is standard; see Milner [28] for the corresponding property of CCS, and =-=[4, 3]-=- for meta-results applying to the language L considered here. Proposition 2.8 ∼ and ≃bis are full congruences. Strong bisimulation is often regarded as the most distinguishing reasonable equivalence r... |

25 | M.: Compositional Failure-based Semantics Models for Basic LOTOS. Formal Aspects of Computing 7
- Valmari, Tienari
- 1995
(Show Context)
Citation Context ...ocess B, if B = w ⇒ C such that L(C) ∩ A = ∅ and C is stable. Clearly, this semantics ignores runs that lead to a diverging process. The second and third approaches are defined by Valmari and Tienari =-=[35, 36]-=-. The CFFDsemantics (Chaos-Free Failures Divergences, see [35]) refines the FAUD-semantics by additionally considering the set of traces that lead to a diverging process and the set of infinite traces... |

22 |
A testing theory for lotos using deadlock detection
- Langerak
- 1990
(Show Context)
Citation Context ...e different after hiding aswill always refuse either b or c.sNote that this example is invalidated in some of the stronger notions of test-sing, such as refusal testing (cf. Phillips [21] or Langerak =-=[15]-=-) where testing mayscontinue after a refusal has been observed. Consider, however, the behaviourssin Fig. 4. The left hand system has strictly fewer failures than the right handssystem, or in other wo... |

20 |
An improved failures equivalence for finite-state systems with a reduction algorithm
- Valmari, Tienari
- 1991
(Show Context)
Citation Context ...ocess B, if B = w ⇒ C such that L(C) ∩ A = ∅ and C is stable. Clearly, this semantics ignores runs that lead to a diverging process. The second and third approaches are defined by Valmari and Tienari =-=[35, 36]-=-. The CFFDsemantics (Chaos-Free Failures Divergences, see [35]) refines the FAUD-semantics by additionally considering the set of traces that lead to a diverging process and the set of infinite traces... |

17 |
Failurs without chaos: a new process semantics for fair abstraction
- Bergstra, Klop, et al.
- 1987
(Show Context)
Citation Context ...ction (or hiding), a construction which internalises visible actions and may thereby introduce new divergences. 1 We give two examples illustrating this fact. Figure 1.3 is taken from Bergstra et al. =-=[2]-=-; it shows two acceptance testing equivalent systems that differ when a is hidden. According to the acceptance testing scenario, the only observable fact is that after an arbitrary nonempty sequence o... |

15 |
An algebraic theory of fair asynchronous communicating processes, Theoretical Computer Science
- Hennessy
- 1987
(Show Context)
Citation Context ...so identifies thesprocesses of Fig. 9. An overview of many other characterizations of unfair must-sequivalence for transition systems can be found in [8]. Another approach tosfairness is described in =-=[13]-=-, where fairness is modelled as a structural propertysof the operator for parallel composition. This interpretation f fairness is com-spatible with the unfair interpretation f divergences of the under... |

15 | Basic observables for processes
- Boreale, Nicola, et al.
- 1999
(Show Context)
Citation Context ...terisation (but no denotational constructions), and moreover give a topological argument that the difference with must-testing is small. However, they do not address congruence issues. Boreale et al. =-=[6]-=- discuss and compare our should-testing to some other testing scenarios in “a general approach to define behavioural pre-orders by considering the pre-congruences induced by three basic observables”. ... |

14 |
Verifying a protocol using relativized bisimulation
- Larsen, Milner
- 1987
(Show Context)
Citation Context ...unication media. In such cases τ-loops represent an unbounded but finite number of message losses. Interesting proofs of protocol correctness based on this principle are given by Larsen and Milner in =-=[24]-=- and by Brinksma in [9]. Most of the standard testing-preorders, on the other hand, are based on the interpretation of τ-loops as divergences, making them quasi-observable as a chaotic or under-specif... |

14 |
Observation equivalence as a testing equivalence. Theoretical Corn- put. ScL
- Abramsky
(Show Context)
Citation Context ...vide the finer equivalences that keepstrack of the branching structure of behaviours, and have a rather elegant proofstheory based of the construction of bisimulation relations. Abramsky has shownsin =-=[1]-=- that bisimulation equivalences are also induced by a notion of testing, butsonly in the presence of a very strong notion of observability. Testing equiva-slences that can be characterised following t... |

11 |
Algebraic Theory of Processes. Foundations of Computing Series
- Hennessy
- 1988
(Show Context)
Citation Context ... Two important fam-silies of equivalences are those that employ the notion of bisimulatio, [18, 20],sand those that are induced by a formalised notion of testing, the so-called test-sing equivalences =-=[9, 14, 6]-=-. Bisimulations provide the finer equivalences that keepstrack of the branching structure of behaviours, and have a rather elegant proofstheory based of the construction of bisimulation relations. Abr... |

9 | Cache consistency by design
- Brinksma
(Show Context)
Citation Context ... cases τ-loops represent an unbounded but finite number of message losses. Interesting proofs of protocol correctness based on this principle are given by Larsen and Milner in [24] and by Brinksma in =-=[9]-=-. Most of the standard testing-preorders, on the other hand, are based on the interpretation of τ-loops as divergences, making them quasi-observable as a chaotic or under-specified process. In this in... |

8 |
The weakest deadlock-preserving congruence
- Valmari
- 1995
(Show Context)
Citation Context ...sX = a;X + r ;YsX/a = r; (Y/a) (KFAR-)sIn comparison to KFAK an extra r appears as the guard of Y. (Cshoul d failssKFAR-, for the same reason that it did KFAR; see however below.)sValmari revisits in =-=[22]-=- the FS-equivalence of [3], and shows it to be thesweakest deadlock-preserving congruence for the LOTOS operators I]a and [>.sHe also analyses two weaker equivalences that are congruences for other op... |

6 | Applications of fair testing
- Brinksma, Rensink, et al.
- 1996
(Show Context)
Citation Context ... Section 8 we list some previous attempts at solving it. In the present article, we propose a solution by introducing the notion of should-testing, elaborating on and extending our preliminary papers =-=[10, 11]-=-. This notion of testing was also concurrently and independently developed by Natarajan and Cleaveland [31]; again, see Section 8 for a more detailed comparison of the respective contributions. A clos... |

6 |
Failure-based equivalences are faster than many believe
- Valmari
- 1995
(Show Context)
Citation Context ...is really coarser than the former. Processes shown observation congruent by providing a bisimulation or by using suitable axioms are also seen to be testing equivalent. And, as e.g. Valmari argues in =-=[34]-=-, the efficient reduction of a process to a minimal observation congruent one provides also a reduction w.r.t. testing equivalence, which then can be improved further; thus, one can only fare better w... |

6 |
Failures semantics and deadlocking of modular petri nets
- Vogler
- 1988
(Show Context)
Citation Context ...ruence is in fact not too difficult to find: it has been defined and studied under the name of reduction by Brinksma and Scollo in [12, 8] and the corresponding equivalence relation also by Vogler in =-=[40]-=- (see also Section 3.3 of [41]). Denotationally, acceptance 4a b a b B1 a a B2 a a a c a c Figure 1.3: B1 and B2 are acceptance testing equivalent, but not after hiding a B1 a B2 a a Figure 1.4: B1 i... |

3 |
Process Algebra. Cambridge Univ
- Baeten, Weijlaad
- 1990
(Show Context)
Citation Context ... are visible transitions, r-loops in a system are ignored. This kind of fair-sness can be expressed algebraically by the so-called Koomen's Fair AbstractionsRule (KFAI~);ssee e.g. Baeten and Weijland =-=[2]-=-:sXi =ai;Xi+l+Yi ai eA (ieN,) (1)sXjA = r; ~ie~,,(Yi/A)swhere Xi, Y/E L are arbitrary and Nn denotes the natural numbers modulo n. Itsis a standard result that ~c satisfies (1). For Cfmus t the situat... |

3 |
Infinite probabilistic and nonprobabilistic testing
- Kumar, Cleaveland, et al.
- 1998
(Show Context)
Citation Context ...compare the likelihood of success for arbitrary tests (and hence do not restrict themselves to tests for which success is certain, as in [32]). This leads to greater distinguishing power, as shown in =-=[30]-=-. With respect to the examples we treat in Section 7, especially the Alternating Bit Protocol, comparable proofs in the literature have been carried out for observation congruence; see, e.g., Larsen a... |

2 |
Implementation of events in LOTOS-specifications
- Groote
- 1998
(Show Context)
Citation Context ...ble. The transition systems B1 and B2 in Fig. 1 are notsweak bisimulation equivalent, but are testing equivalent.sIn practice, we would sometimes like to implement behaviour B1 by B2, seesfor example =-=[11]-=-, by resolving the choice between the two a-actions internallys(hence the internal r-actions in B~), and not in the interaction with the environ-sment. As the environment cannot influence the choice i... |

2 | Failure-based congruences, unfair divergences, and new testing theory
- Leduc
(Show Context)
Citation Context ...s still correct modulo observation congruence. We close with a short review of earlier attempts to solve the problem to find a fair testing precongruence. In fact, we can here rely very much on Leduc =-=[25]-=-, who compares three approaches and presents a new one. To ease the discussion, we limit this review to equalities, although there are related pre-orders in all cases. The first approach, called FAUD-... |

2 | On the operational semantics of nondeterminism and divergence
- Erdogmus, Johnston, et al.
- 1996
(Show Context)
Citation Context ...nces, and the coarsest congruence refining these equivalences turns out to be NDFD-equivalence. Thus, this contribution actually supports NDFD-equivalence. Finally, we want to mention Erdogmus et al. =-=[19]-=-. They introduce a variant of labelled transition systems where internal transitions are avoided; instead, the system has a kind of macro states corresponding to processes, where each macro state corr... |

2 | Fair testing through probabilistic testing
- Nunez, Ruperez
- 1999
(Show Context)
Citation Context ...ly if it satisfies that test under a uniform distribution of probabilities over outgoing transitions, where satisfaction becomes “even56tually reaching success with probability 1”. Núñez and Rupérez =-=[32]-=- show that this correspondence indeed holds, under certain restrictions stating essentially that (i) the system under test may not be infinitely branching and (ii) there is an upper bound to the ‘dist... |

2 |
Failures without chaos: A new process emantics for fair abstraction
- Bergstra, Klop, et al.
- 1987
(Show Context)
Citation Context ...able actions and may thus producesnew divergences. We give two examples showing that the fair failure preorder issnot a pre-congruence with respect o abstraction.sFig. 3 is taken from Bergstra et al. =-=[3]-=-; it shows two failure equivalent systemssthat differ when a is hidden. According to the standard testing scenario, the onlysobservable fact is that after an arbitrary nonempty sequence of a's, either... |

1 | On the existence of canonical testers. Memorandum INF-87-5 - Brinksma - 1987 |

1 |
The characterization of implementations of LOTOS specifications
- Brinksma, Scollo
- 1986
(Show Context)
Citation Context ...ptance testing) that shares the fairness property of observation congruence is in fact not too difficult to find: it has been defined and studied under the name of reduction by Brinksma and Scollo in =-=[12, 8]-=- and the corresponding equivalence relation also by Vogler in [40] (see also Section 3.3 of [41]). Denotationally, acceptance 4a b a b B1 a a B2 a a a c a c Figure 1.3: B1 and B2 are acceptance testi... |

1 |
A congruence result for impossible futures. Private communication
- Glabbeek
- 2005
(Show Context)
Citation Context ... an axiomatisation. Voorhoeve and Van Glabbeek have announced that this preorder is the coarsest full pre-congruence refining acceptance testing and satisfying RSP; this is currently work in progress =-=[37]-=-. There is a natural link between fairness and probability theory. Roughly, one would expect that a process satisfies a test under a fairness assumption if and only if it satisfies that test under a u... |