Results 1  10
of
20
Applying sourcecode verification to a microkernel  The VFiasco project
, 2002
"... Sourcecode verification works by reasoning about the semantics of the full source code of a program. Traditionally it is limited to small programs written in an academic programming language. In this paper we present the VFiasco (Verified Fiasco) project, in which we apply sourcecode verification ..."
Abstract

Cited by 31 (4 self)
 Add to MetaCart
Sourcecode verification works by reasoning about the semantics of the full source code of a program. Traditionally it is limited to small programs written in an academic programming language. In this paper we present the VFiasco (Verified Fiasco) project, in which we apply sourcecode verification to a complete operatingsystem kernel written in C++. The aim of the VFiasco project is to establish security relevant properties of the Fiasco microkernel using source code verification. The project's main challenges are to develop a clean semantics for the subset of C++ used by the kernel and to enable highlevel reasoning about typed data starting from only lowlevel knowledge about the hardware. In this paper we present our ideas for tackling these challenges. We sketch a semantics of C++ and develop a typesafe object store for reasoning about C++ programs. This object store is based on a hardware model that closely resembles the IA32 virtualmemory architecture, and on guarantees provided by the kernel itself.
Automata and fixed point logics: a coalgebraic perspective
 Electronic Notes in Theoretical Computer Science
, 2004
"... This paper generalizes existing connections between automata and logic to a coalgebraic level. Let F: Set → Set be a standard functor that preserves weak pullbacks. We introduce various notions of Fautomata, devices that operate on pointed Fcoalgebras. The criterion under which such an automaton a ..."
Abstract

Cited by 26 (11 self)
 Add to MetaCart
(Show Context)
This paper generalizes existing connections between automata and logic to a coalgebraic level. Let F: Set → Set be a standard functor that preserves weak pullbacks. We introduce various notions of Fautomata, devices that operate on pointed Fcoalgebras. The criterion under which such an automaton accepts or rejects a pointed coalgebra is formulated in terms of an infinite twoplayer graph game. We also introduce a language of coalgebraic fixed point logic for Fcoalgebras, and we provide a game semantics for this language. Finally we show that any formula p of the language can be transformed into an Fautomaton Ap which is equivalent to p in the sense that Ap accepts precisely those pointed Fcoalgebras in which p holds.
Simulations in Coalgebra
 THEOR. COMP. SCI
, 2003
"... A new approach to simulations is proposed within the theory of coalgebras by taking a notion of order on a functor as primitive. Such an order forms a basic building block for a "lax relation lifting", or "relator" as used by other authors. Simulations appear as coalgebras of thi ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
A new approach to simulations is proposed within the theory of coalgebras by taking a notion of order on a functor as primitive. Such an order forms a basic building block for a "lax relation lifting", or "relator" as used by other authors. Simulations appear as coalgebras of this lifted functor, and similarity as greatest simulation. Twoway similarity is then similarity in both directions. In general, it is different from bisimilarity (in the usual coalgebraic sense), but a su#cient condition is formulated (and illustrated) to ensure that bisimilarity and twoway similarity coincide. Also, suitable conditions are identified which ensures that similarity on a final coalgebra forms an (algebraic) dcpo structure. This involves a close investigation of the iterated applications F (#) and F (1) of a functor F with an order to the initial and final sets.
Trace Semantics for Coalgebras
, 2003
"... Traditionally, traces are the sequences of labels associated with paths in transition systems X # P(A X). ..."
Abstract

Cited by 23 (7 self)
 Add to MetaCart
Traditionally, traces are the sequences of labels associated with paths in transition systems X # P(A X).
Inductive and Coinductive Components of Corecursive Functions in Coq
, 2008
"... ..."
(Show Context)
The least fibred lifting and the expressivity of coalgebraic modal logic
 In Proc. CALCO 2005, volume 3629 of LNCS
, 2005
"... and relationpreserving functions. In this paper, the least (fibrewise) of such liftings, L(B), is characterized for essentially any B. The lifting has all the useful properties of the relation lifting due to Jacobs, without the usual assumption of weak pullback preservation; if B preserves weak pu ..."
Abstract

Cited by 10 (1 self)
 Add to MetaCart
(Show Context)
and relationpreserving functions. In this paper, the least (fibrewise) of such liftings, L(B), is characterized for essentially any B. The lifting has all the useful properties of the relation lifting due to Jacobs, without the usual assumption of weak pullback preservation; if B preserves weak pullbacks, the two liftings coincide. Equivalence relations can be viewed as Boolean algebras of subsets (predicates, tests). This correspondence relates L(B) to the least test suite lifting T (B), which is defined in the spirit of predicate lifting as used in coalgebraic modal logic. Properties of T (B) translate to a general expressivity result for a modal logic for Bcoalgebras. In the resulting logic, modal operators of any arity can appear. 1
When is a function a fold or an unfold
 Coalgebraic Methods in Computer Science, number 44.1 in Electronic Notes in Theoretical Computer Science
, 2001
"... We give a necessary and sufficient condition for when a settheoretic function can be written using the recursion operator fold, and a dual condition for the recursion operator unfold. The conditions are simple, practically useful, and generic in the underlying datatype. 1 ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
We give a necessary and sufficient condition for when a settheoretic function can be written using the recursion operator fold, and a dual condition for the recursion operator unfold. The conditions are simple, practically useful, and generic in the underlying datatype. 1
Dialgebraic Specification and Modeling
"... corecursive functions COALGEBRA state model constructors destructors data model recursive functions reachable hidden abstraction observable hidden restriction congruences invariants visible abstraction ALGEBRA visible restriction!e Swinging Cube ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
(Show Context)
corecursive functions COALGEBRA state model constructors destructors data model recursive functions reachable hidden abstraction observable hidden restriction congruences invariants visible abstraction ALGEBRA visible restriction!e Swinging Cube
A modal proof theory for final polynomial coalgebras. Theoret
 Comput. Sci
"... An infinitary proof theory is developed for modal logics whose models are coalgebras of polynomial functors on the category of sets. The canonical model method from modal logic is adapted to construct a final coalgebra for any polynomial functor. The states of this final coalgebra are certain “maxim ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
An infinitary proof theory is developed for modal logics whose models are coalgebras of polynomial functors on the category of sets. The canonical model method from modal logic is adapted to construct a final coalgebra for any polynomial functor. The states of this final coalgebra are certain “maximal ” sets of formulas that have natural syntactic closure properties. The syntax of these logics extends that of previously developed modal languages for polynomial coalgebras by adding formulas that express the “termination ” of certain functions induced by transition paths. A completeness theorem is proven for the logic of functors which have the Lindenbaum property that every consistent set of formulas has a maximal extension. This property is shown to hold if if the deducibility relation is generated by countably many inference rules. A counterexample to completeness is also given. This is a polynomial functor that is not Lindenbaum: it has an uncountable set of formulas that is deductively consistent but has no maximal extension and is unsatisfiable, even though all of its countable subsets are satisfiable. 1
Context Petri Nets Enabling Consistent Composition of ContextDependent Behavior ⋆
"... Abstract. Ensuring the consistent composition of contextdependent behavior is a major challenge in contextaware systems. Developers have to manually identify and validate existing interactions between behavioral adaptations, which is far from trivial. This paper presents a runtime model for the c ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Ensuring the consistent composition of contextdependent behavior is a major challenge in contextaware systems. Developers have to manually identify and validate existing interactions between behavioral adaptations, which is far from trivial. This paper presents a runtime model for the consistency management of contextdependent behavior, called context Petri nets. Context Petri nets provide a concrete representation of the execution context of a system, in which it is possible to represent the interactions due to dynamic and concurrent context changes. In addition, our model allows the definition of dependency relations between contexts, which are internally managed to avoid inconsistencies. We have successfully integrated context Petri nets with SubjectiveC, a contextoriented programming language. We show how our model can be cleanly combined with the abstractions of the language to define and manage contextdependent behavior. 1