Results 1  10
of
364
Symbolic Model Checking: 10^20 States and Beyond
, 1992
"... Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of st ..."
Abstract

Cited by 753 (40 self)
 Add to MetaCart
Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of states. We describe a general method that represents the state space symbolical/y instead of explicitly. The generality of our method comes from using a dialect of the MuCalculus as the primary specification language. We describe a model checking algorithm for MuCalculus formulas that uses Bryant’s Binary Decision Diagrams (Bryant, R. E., 1986, IEEE Trans. Comput. C35) to represent relations and formulas. We then show how our new MuCalculus model checking algorithm can be used to derive efficient decision procedures for CTL model checking, satistiability of lineartime temporal logic formulas, strong and weak observational equivalence of finite transition systems, and language containment for finite wautomata. The fixed point computations for each decision procedure are sometimes complex. but can be concisely expressed in the MuCalculus. We illustrate the practicality of our approach to symbolic model checking by discussing how it can be used to verify a simple synchronous pipeline circuit.
The synchronous dataflow programming language LUSTRE
 Proceedings of the IEEE
, 1991
"... This paper describes the language Lustre, which is a dataflow synchronous language, designed for programming reactive systems  such as automatic control and monitoring systems  as well as for describing hardware. The dataflow aspect of Lustre makes it very close to usual description tools in t ..."
Abstract

Cited by 647 (53 self)
 Add to MetaCart
(Show Context)
This paper describes the language Lustre, which is a dataflow synchronous language, designed for programming reactive systems  such as automatic control and monitoring systems  as well as for describing hardware. The dataflow aspect of Lustre makes it very close to usual description tools in these domains (blockdiagrams, networks of operators, dynamical samplessystems, etc: : : ), and its synchronous interpretation makes it well suited for handling time in programs. Moreover, this synchronous interpretation allows it to be compiled into an efficient sequential program. Finally, the Lustre formalism is very similar to temporal logics. This allows the language to be used for both writing programs and expressing program properties, which results in an original program verification methodology. 1 Introduction Reactive systems Reactive systems have been defined as computing systems which continuously interact with a given physical environment, when this environment is unable to sy...
Concurrent Constraint Programming
, 1993
"... This paper presents a new and very rich class of (concurrent) programming languages, based on the notion of comput.ing with parhal information, and the concommitant notions of consistency and entailment. ’ In this framework, computation emerges from the interaction of concurrently executing agent ..."
Abstract

Cited by 502 (16 self)
 Add to MetaCart
This paper presents a new and very rich class of (concurrent) programming languages, based on the notion of comput.ing with parhal information, and the concommitant notions of consistency and entailment. ’ In this framework, computation emerges from the interaction of concurrently executing agents that communicate by placing, checking and instantiating constraints on shared variables. Such a view of computation is interesting in the context of programming languages because of the ability to represent and manipulate partial information about the domain of discourse, in the context of concurrency because of the use of constraints for communication and control, and in the context of AI because of the availability of simple yet powerful mechanisms for controlling inference, and the promise that very rich representational/programming languages, sharing the same set of abstract properties, may be possible. To reflect this view of computation, [Sar89] develops the cc family of languages. We present here one member of the family, CC(.L,+) (pronounced “cc with Ask and Choose”) which provides the basic operations of blocking Ask and atomic Tell and an algebra of behaviors closed under prefixing, indeterministic choice, interleaving, and hiding, and provides a mutual recursion operator. cc(.L,t) is (intentionally!) very similar to Milner’s CCS, but for the radically different underlying concept of communication, which, in fact, pro’ The class is founded on the notion of “constraint logic programming ” [JL87,Mah87], fundamentally generalizes concurrent logic programming, and is the subject of the first author’s dissertation [Sar89], on which this paper is substantially based.
Introduction to the ISO specification language Lotos
 Computer Networks
, 1988
"... ..."
(Show Context)
An Object Calculus for Asynchronous Communication
 Proceedings of the European Conference on ObjectOriented Programming (ECOOP
, 1991
"... This paper presents a formal system based on the notion of objects and asynchronous communication. Built on Milner's work on ßcalculus, the communication primitive of the formal system is purely asynchronous, which makes it unique among various concurrency formalisms. Computationally this resu ..."
Abstract

Cited by 392 (34 self)
 Add to MetaCart
(Show Context)
This paper presents a formal system based on the notion of objects and asynchronous communication. Built on Milner's work on ßcalculus, the communication primitive of the formal system is purely asynchronous, which makes it unique among various concurrency formalisms. Computationally this results in a consistent reduction of Milner's calculus, while retaining the same expressive power. Seen semantically asynchronous communication induces a surprisingly different framework where bisimulation is strictly more general than its synchronous counterpart. This paper shows basic construction of the formal system along with several illustrative examples. 1 Introduction The formal system introduced in this paper is intended to accomplish two purposes. First, it provides a simple and rigorous formalism which encapsulates essential features of concurrent objectorientation [26, 25]. Being successful as a programming methodology for dynamic concurrent computing, its theoretical contents are far f...
Branching Time and Abstraction in Bisimulation Semantics
 Journal of the ACM
, 1996
"... Abstract. In comparative concurrency semantics, one usually distinguishes between linear time and branching time semantic equivalences. Milner’s notion of ohsen~ation equirlalence is often mentioned as the standard example of a branching time equivalence. In this paper we investigate whether observa ..."
Abstract

Cited by 322 (17 self)
 Add to MetaCart
Abstract. In comparative concurrency semantics, one usually distinguishes between linear time and branching time semantic equivalences. Milner’s notion of ohsen~ation equirlalence is often mentioned as the standard example of a branching time equivalence. In this paper we investigate whether observation equivalence really does respect the branching structure of processes, and find that in the presence of the unobservable action 7 of CCS this is not the case. Therefore, the notion of branching hisimulation equivalence is introduced which strongly preserves the branching structure of processes, in the sense that it preserves computations together with the potentials in all intermediate states that are passed through, even if silent moves are involved. On closed KSterms branching bisimulation congruence can be completely axiomatized by the single axiom scheme: a.(7.(y + z) + y) = a.(y + z) (where a ranges over all actions) and the usual laws for strong congruence. WC also establish that for sequential processes observation equivalence is not preserved under refinement of actions, whereas branching bisimulation is. For a large class of processes, it turns out that branching bisimulation and observation equivalence are the same. As far as we know, all protocols that have been verified in the setting of observation equivalence happen to fit in this class, and hence are also valid in the stronger setting of branching hisimulation equivalence.
Relations in Concurrency
"... The theme of this paper is profunctors, and their centrality and ubiquity in understanding concurrent computation. Profunctors (a.k.a. distributors, or bimodules) are a generalisation of relations to categories. Here they are first presented and motivated via spans of event structures, and the seman ..."
Abstract

Cited by 304 (36 self)
 Add to MetaCart
The theme of this paper is profunctors, and their centrality and ubiquity in understanding concurrent computation. Profunctors (a.k.a. distributors, or bimodules) are a generalisation of relations to categories. Here they are first presented and motivated via spans of event structures, and the semantics of nondeterministic dataflow. Profunctors are shown to play a key role in relating models for concurrency and to support an interpretation as higherorder processes (where input and output may be processes). Two recent directions of research are described. One is concerned with a language and computational interpretation for profunctors. This addresses the duality between input and output in profunctors. The other is to investigate general spans of event structures (the spans can be viewed as special profunctors) to give causal semantics to higherorder processes. For this it is useful to generalise event structures to allow events which “persist.”
LUSTRE: A declarative language for programming synchronous systems
 In 14th Symposium on Principles of Programming Languages (POPL’87). ACM
, 1987
"... LUSTRE is a synchronous dataflow language for programming syetema which interact. with their environments in realtime. After an informal presentation of the language, we describe its semantics by means of structural inference rules. Moreover, we ehow how to use this semantics in order to generate ..."
Abstract

Cited by 287 (20 self)
 Add to MetaCart
(Show Context)
LUSTRE is a synchronous dataflow language for programming syetema which interact. with their environments in realtime. After an informal presentation of the language, we describe its semantics by means of structural inference rules. Moreover, we ehow how to use this semantics in order to generate efficient, sequential code, namely, a finite state automaton which represents the control of the program. Formal rules for program transformation are also presented.
Modelling Concurrency with Partial Orders
, 1986
"... Concurrency has been expressed variously in terms of formal languages (typically via the shuffle operator), partial orders, and temporal logic, inter alia. In this paper we extract from these three approaches a single hybrid approach having a rich language that mixes algebra and logic and having a n ..."
Abstract

Cited by 263 (18 self)
 Add to MetaCart
Concurrency has been expressed variously in terms of formal languages (typically via the shuffle operator), partial orders, and temporal logic, inter alia. In this paper we extract from these three approaches a single hybrid approach having a rich language that mixes algebra and logic and having a natural class of models of concurrent processes. The heart of the approach is a notion of partial string derived from the view of a string as a linearly ordered multiset by relaxing the linearity constraint, thereby permitting partially ordered multisets or pomsets. Just as sets of strings form languages, so do sets of pomsets form processes. We introduce a number of operations useful for specifying concurrent processes and demonstrate their utility on some basic examples. Although none of the operations is particularly oriented to nets it is nevertheless possible to use them to express processes constructed as a net of subprocesses, and more generally as a system consisting of components. Th...
A Foundation for Actor Computation
 Journal of Functional Programming
, 1998
"... We present an actor language which is an extension of a simple functional language, and provide a precise operational semantics for this extension. Actor configurations represent open distributed systems, by which we mean that the specification of an actor system explicitly takes into account the in ..."
Abstract

Cited by 257 (51 self)
 Add to MetaCart
(Show Context)
We present an actor language which is an extension of a simple functional language, and provide a precise operational semantics for this extension. Actor configurations represent open distributed systems, by which we mean that the specification of an actor system explicitly takes into account the interface with external components. We study the composability of such systems. We define and study various notions of testing equivalence on actor expressions and configurations. The model we develop provides fairness. An important result is that the three forms of equivalence, namely, convex, must, and may equivalences, collapse to two in the presence of fairness. We further develop methods for proving laws of equivalence and provide example proofs to illustrate our methodology.