In the semantics of programming, nite data types such as finite lists, have traditionally been modelled by initial algebras. Later final coalgebras were used in order to deal with in finite data types. Coalgebras, which are the dual of algebras, turned out to be suited, moreover, as models for certain types of automata and more generally, for (transition and dynamical) systems. An important property of initial algebras is that they satisfy the familiar principle of induction. Such a principle was missing for coalgebras until the work of Aczel (Non-Well-Founded sets, CSLI Leethre Notes, Vol. 14, center for the study of Languages and information, Stanford, 1988) on a theory of non-wellfounded sets, in which he introduced a proof principle nowadays called coinduction. It was formulated in terms of bisimulation, a notion originally stemming from the world of concurrent programming languages. Using the notion of coalgebra homomorphism, the definition of bisimulation on coalgebras can be shown to be formally dual to that of congruence on algebras. Thus, the three basic notions of universal algebra: algebra, homomorphism of algebras, and congruence, turn out to correspond to coalgebra, homomorphism of coalgebras, and bisimulation, respectively. In this paper, the latter are taken

Abstract not found

We survey logic-based and automata-based languages and techniques for the specification and verification of real-time systems. In particular, we discuss three syntactic extensions of temporal logic: time-bounded operators, freeze quantification, and time variables. We also discuss the extension of finite-state machines with clocks and the extension of transition systems with time bounds on the transitions. All of the resulting notations can be interpreted over a variety of different models of time and computation, including linear and branching time, interleaving and true concurrency, discrete and continuous time. For each choice of syntax and semantics, we summarize the results that are known about expressive power, algorithmic finite-state verification, and deductive verification.

. Real-time systems operate in "real," continuous time and state changes may occur at any real-numbered time point. Yet many verification methods are based on the assumption that states are observed at integer time points only. What can we conclude if a real-time system has been shown "correct" for integral observations? Integer time verification techniques suffice if the problem of whether all real-numbered behaviors of a system satisfy a property can be reduced to the question of whether the integral observations satisfy a (possibly modified) property. We show that this reduction is possible for a large and important class of systems and properties: the class of systems includes all systems that can be modeled as timed transition systems; the class of properties includes time-bounded invariance and time-bounded response. 1 Introduction Over the past few years, we have seen a proliferation of formal methodologies for software and hardware design that emphasize the treatm...

action calculi and tile logic �

In this paper we investigate parallel program verification with directed graphs and assertion matrices. The parallel computational model is that with shared variables and each comprising process runs asynchronously. A program graph is a direct product of the owcharts of comprising processes. The vertices of the graph correspond to global control points of the given parallel program, and edges correspond to an execution of one statement of one process, whereby the control moves in the process. We attach assertions to the vertices in the graph, and statements to edges which are either assignment statements or branching operations. If we can verify the consistencies of the assertions over edges, we say the set of assertions are induced by the parallel program and the pre-condition. It is usually difficult to find these assertions. When we only have two processes, the set of assertions becomes an assertion matrix. We show that the assertion matrix can be decomposed into an independent part and dependent part uniquely. Using this property, we can prove the