19,763 research outputs found
Temporalized logics and automata for time granularity
Suitable extensions of the monadic second-order theory of k successors have
been proposed in the literature to capture the notion of time granularity. In
this paper, we provide the monadic second-order theories of downward unbounded
layered structures, which are infinitely refinable structures consisting of a
coarsest domain and an infinite number of finer and finer domains, and of
upward unbounded layered structures, which consist of a finest domain and an
infinite number of coarser and coarser domains, with expressively complete and
elementarily decidable temporal logic counterparts.
We obtain such a result in two steps. First, we define a new class of
combined automata, called temporalized automata, which can be proved to be the
automata-theoretic counterpart of temporalized logics, and show that relevant
properties, such as closure under Boolean operations, decidability, and
expressive equivalence with respect to temporal logics, transfer from component
automata to temporalized ones. Then, we exploit the correspondence between
temporalized logics and automata to reduce the task of finding the temporal
logic counterparts of the given theories of time granularity to the easier one
of finding temporalized automata counterparts of them.Comment: Journal: Theory and Practice of Logic Programming Journal Acronym:
TPLP Category: Paper for Special Issue (Verification and Computational Logic)
Submitted: 18 March 2002, revised: 14 Januari 2003, accepted: 5 September
200
Lost in Abstraction: Monotonicity in Multi-Threaded Programs (Extended Technical Report)
Monotonicity in concurrent systems stipulates that, in any global state,
extant system actions remain executable when new processes are added to the
state. This concept is not only natural and common in multi-threaded software,
but also useful: if every thread's memory is finite, monotonicity often
guarantees the decidability of safety property verification even when the
number of running threads is unknown. In this paper, we show that the act of
obtaining finite-data thread abstractions for model checking can be at odds
with monotonicity: Predicate-abstracting certain widely used monotone software
results in non-monotone multi-threaded Boolean programs - the monotonicity is
lost in the abstraction. As a result, well-established sound and complete
safety checking algorithms become inapplicable; in fact, safety checking turns
out to be undecidable for the obtained class of unbounded-thread Boolean
programs. We demonstrate how the abstract programs can be modified into
monotone ones, without affecting safety properties of the non-monotone
abstraction. This significantly improves earlier approaches of enforcing
monotonicity via overapproximations
Symbolic semantics and bisimulation for full LOTOS
No abstract avaliabl
Parameterized Model-Checking for Timed-Systems with Conjunctive Guards (Extended Version)
In this work we extend the Emerson and Kahlon's cutoff theorems for process
skeletons with conjunctive guards to Parameterized Networks of Timed Automata,
i.e. systems obtained by an \emph{apriori} unknown number of Timed Automata
instantiated from a finite set of Timed Automata templates.
In this way we aim at giving a tool to universally verify software systems
where an unknown number of software components (i.e. processes) interact with
continuous time temporal constraints. It is often the case, indeed, that
distributed algorithms show an heterogeneous nature, combining dynamic aspects
with real-time aspects. In the paper we will also show how to model check a
protocol that uses special variables storing identifiers of the participating
processes (i.e. PIDs) in Timed Automata with conjunctive guards. This is
non-trivial, since solutions to the parameterized verification problem often
relies on the processes to be symmetric, i.e. indistinguishable. On the other
side, many popular distributed algorithms make use of PIDs and thus cannot
directly apply those solutions
Refinement Calculus of Reactive Systems
Refinement calculus is a powerful and expressive tool for reasoning about
sequential programs in a compositional manner. In this paper we present an
extension of refinement calculus for reactive systems. Refinement calculus is
based on monotonic predicate transformers, which transform sets of post-states
into sets of pre-states. To model reactive systems, we introduce monotonic
property transformers, which transform sets of output traces into sets of input
traces. We show how to model in this semantics refinement, sequential
composition, demonic choice, and other semantic operations on reactive systems.
We use primarily higher order logic to express our results, but we also show
how property transformers can be defined using other formalisms more amenable
to automation, such as linear temporal logic (suitable for specifications) and
symbolic transition systems (suitable for implementations). Finally, we show
how this framework generalizes previous work on relational interfaces so as to
be able to express systems with infinite behaviors and liveness properties
A synchronous program algebra: a basis for reasoning about shared-memory and event-based concurrency
This research started with an algebra for reasoning about rely/guarantee
concurrency for a shared memory model. The approach taken led to a more
abstract algebra of atomic steps, in which atomic steps synchronise (rather
than interleave) when composed in parallel. The algebra of rely/guarantee
concurrency then becomes an instantiation of the more abstract algebra. Many of
the core properties needed for rely/guarantee reasoning can be shown to hold in
the abstract algebra where their proofs are simpler and hence allow a higher
degree of automation. The algebra has been encoded in Isabelle/HOL to provide a
basis for tool support for program verification.
In rely/guarantee concurrency, programs are specified to guarantee certain
behaviours until assumptions about the behaviour of their environment are
violated. When assumptions are violated, program behaviour is unconstrained
(aborting), and guarantees need no longer hold. To support these guarantees a
second synchronous operator, weak conjunction, was introduced: both processes
in a weak conjunction must agree to take each atomic step, unless one aborts in
which case the whole aborts. In developing the laws for parallel and weak
conjunction we found many properties were shared by the operators and that the
proofs of many laws were essentially the same. This insight led to the idea of
generalising synchronisation to an abstract operator with only the axioms that
are shared by the parallel and weak conjunction operator, so that those two
operators can be viewed as instantiations of the abstract synchronisation
operator. The main differences between parallel and weak conjunction are how
they combine individual atomic steps; that is left open in the axioms for the
abstract operator.Comment: Extended version of a Formal Methods 2016 paper, "An algebra of
synchronous atomic steps
A synchronous program algebra: a basis for reasoning about shared-memory and event-based concurrency
This research started with an algebra for reasoning about rely/guarantee
concurrency for a shared memory model. The approach taken led to a more
abstract algebra of atomic steps, in which atomic steps synchronise (rather
than interleave) when composed in parallel. The algebra of rely/guarantee
concurrency then becomes an instantiation of the more abstract algebra. Many of
the core properties needed for rely/guarantee reasoning can be shown to hold in
the abstract algebra where their proofs are simpler and hence allow a higher
degree of automation. The algebra has been encoded in Isabelle/HOL to provide a
basis for tool support for program verification.
In rely/guarantee concurrency, programs are specified to guarantee certain
behaviours until assumptions about the behaviour of their environment are
violated. When assumptions are violated, program behaviour is unconstrained
(aborting), and guarantees need no longer hold. To support these guarantees a
second synchronous operator, weak conjunction, was introduced: both processes
in a weak conjunction must agree to take each atomic step, unless one aborts in
which case the whole aborts. In developing the laws for parallel and weak
conjunction we found many properties were shared by the operators and that the
proofs of many laws were essentially the same. This insight led to the idea of
generalising synchronisation to an abstract operator with only the axioms that
are shared by the parallel and weak conjunction operator, so that those two
operators can be viewed as instantiations of the abstract synchronisation
operator. The main differences between parallel and weak conjunction are how
they combine individual atomic steps; that is left open in the axioms for the
abstract operator.Comment: Extended version of a Formal Methods 2016 paper, "An algebra of
synchronous atomic steps
Kleene algebra with domain
We propose Kleene algebra with domain (KAD), an extension of Kleene algebra
with two equational axioms for a domain and a codomain operation, respectively.
KAD considerably augments the expressiveness of Kleene algebra, in particular
for the specification and analysis of state transition systems. We develop the
basic calculus, discuss some related theories and present the most important
models of KAD. We demonstrate applicability by two examples: First, an
algebraic reconstruction of Noethericity and well-foundedness; second, an
algebraic reconstruction of propositional Hoare logic.Comment: 40 page
- …