Generalizing the Paige-Tarjan Algorithm by Abstract Interpretation

The Paige and Tarjan algorithm (PT) for computing the coarsest refinement of a state partition which is a bisimulation on some Kripke structure is well known. It is also well known in model checking that bisimulation is equivalent to strong preservation of CTL, or, equivalently, of Hennessy-Milner logic. Drawing on these observations, we analyze the basic steps of the PT algorithm from an abstract interpretation perspective, which allows us to reason on strong preservation in the context of generic inductively defined (temporal) languages and of possibly non-partitioning abstract models specified by abstract interpretation. This leads us to design a generalized Paige-Tarjan algorithm, called GPT, for computing the minimal refinement of an abstract interpretation-based model that strongly preserves some given language. It turns out that PT is a straight instance of GPT on the domain of state partitions for the case of strong preservation of Hennessy-Milner logic. We provide a number of examples showing that GPT is of general use. We first show how a well-known efficient algorithm for computing stuttering equivalence can be viewed as a simple instance of GPT. We then instantiate GPT in order to design a new efficient algorithm for computing simulation equivalence that is competitive with the best available algorithms. Finally, we show how GPT allows to compute new strongly preserving abstract models by providing an efficient algorithm that computes the coarsest refinement of a given partition that strongly preserves the language generated by the reachability operator.Comment: Keywords: Abstract interpretation, abstract model checking, strong preservation, Paige-Tarjan algorithm, refinement algorith

Concurrent and Reactive Constraint Programming

The Italian Logic Programming community has given several contributions to the theory of Concurrent Constraint Programming. In particular, in the topics of semantics, verification, and timed extensions. In this paper we review the main lines of research and contributions of the community in this fiel

Specification and verification issues in a process language

PhD ThesisWhile specification formalisms for reactive concurrent systems are now reasonably well-understood theoretically, they have not yet entered common, widespread design practice. This motivates the attempt made in this work to enhance the applicability of an important and popular formal framework: the CSP language, endowed with a failure-based denotational semantics and a logic for describing failures of processes. The identification of behaviour with a set of failures is supported by a convincing intuitive reason: processes with different failures can be distinguished by easily realizable experiments. But, most importantly, many interesting systems can be described and studied in terms of their failures. The main technique employed for this purpose is a logic in which process expressions are required to satisfy an assertion with each failure of the behaviour they describe. The theory of complete partial orders, with its elegant treatment of recursion and fixpoint-based verification, can be applied to this framework. However, in spite of the advantages illustrated, the practical applicability of standard failure semantics is impaired by two weaknesses. The first is its inability to describe many important systems, constructed by connecting modules that can exchange values of an infinite set across ports invisible to the environment. This must often be assumed for design and verification purposes (e.g. for the many protocols relying upon sequence numbers to cope with out-of-sequence received messages). Such a deficiency is due to the definition of the hiding operator in standard failure semantics. This thesis puts forward a solution based on an interesting technical result about infinite sets of sequences. Another difficulty with standard failure semantics is its treatment of divergence, the phenomenon in which some components of a system interact by performing an infinite, uninterrupted sequence of externally invisible actions. Within failure semantics, divergence cannot be abstracted from on the basis of the implicit fairness assumption that, if there is a choice leading out of divergence, it will eventually be made. This 'fair abstraction' is essential for the verification of many important systems, including communication protocols. The solution proposed in this thesis is an extended failure semantics which records refused traces, rather than just actions. Not only is this approach compatible with fair abstraction, but it also permits, like ordinary failure semantics, verification in a compositional calculus with fixpoint induction. Rather interestingly, these results can be obtained outside traditional fixpoint theory, which cannot be applied in this case. The theory developed is based on the novel notion of 'trace-based' process functions. These can be shown to possess a particular fixpoint that, unlike the least fixpoint of traditional treatments, is compatible with fair abstraction. Moreover, they form a large class, sufficient to give a compositional denotational semantics to a useful eSP-like process language. Finally, a logic is proposed in which the properties of a process' extended failures can be expressed and analyzed; the methods developed are applied to the verification of two example communication protocols: a toy one and a large case study inspired by a real transport protocol

A logic for complex computing systems: Properties preservation along integration and abstraction

International audienceIn a previous paper, we defined both a unified formal framework based on L.-S. Barbosa's components for modeling complex software systems, and a generic formalization of integration rules to combine their behavior. In the present paper, we propose to continue this work by proposing a variant of first-order fixed point modal logic to express both components and systems requirements. We establish the important property for this logic to be adequate with respect to bisimulation. We then study the conditions to be imposed to our logic (characterization of sub-families of formulas) to preserve properties along integration operators, and finally show correctness by construction results. The complexity of computing systems results in the definition of formal means to manage their size. To deal with this issue, we propose an abstraction (resp. simulation) of components by components. This enables us to build systems and check their correctness in an incremental way

Asynchronous Distributed Execution of Fixpoint-Based Computational Fields

Coordination is essential for dynamic distributed systems whose components exhibit interactive and autonomous behaviors. Spatially distributed, locally interacting, propagating computational fields are particularly appealing for allowing components to join and leave with little or no overhead. Computational fields are a key ingredient of aggregate programming, a promising software engineering methodology particularly relevant for the Internet of Things. In our approach, space topology is represented by a fixed graph-shaped field, namely a network with attributes on both nodes and arcs, where arcs represent interaction capabilities between nodes. We propose a SMuC calculus where mu-calculus- like modal formulas represent how the values stored in neighbor nodes should be combined to update the present node. Fixpoint operations can be understood globally as recursive definitions, or locally as asynchronous converging propagation processes. We present a distributed implementation of our calculus. The translation is first done mapping SMuC programs into normal form, purely iterative programs and then into distributed programs. Some key results are presented that show convergence of fixpoint computations under fair asynchrony and under reinitialization of nodes. The first result allows nodes to proceed at different speeds, while the second one provides robustness against certain kinds of failure. We illustrate our approach with a case study based on a disaster recovery scenario, implemented in a prototype simulator that we use to evaluate the performance of a recovery strategy

Abstract State Machines 1988-1998: Commented ASM Bibliography

An annotated bibliography of papers which deal with or use Abstract State Machines (ASMs), as of January 1998.Comment: Also maintained as a BibTeX file at http://www.eecs.umich.edu/gasm