Operational Semantics of Process Monitors

CSPe is a specification language for runtime monitors that can directly express concurrency in a bottom-up manner that composes the system from simpler, interacting components. It includes constructs to explicitly flag failures to the monitor, which unlike deadlocks and livelocks in conventional process algebras, propagate globally and aborts the whole system's execution. Although CSPe has a trace semantics along with an implementation demonstrating acceptable performance, it lacks an operational semantics. An operational semantics is not only more accessible than trace semantics but also indispensable for ensuring the correctness of the implementation. Furthermore, a process algebra like CSPe admits multiple denotational semantics appropriate for different purposes, and an operational semantics is the basis for justifying such semantics' integrity and relevance. In this paper, we develop an SOS-style operational semantics for CSPe, which properly accounts for explicit failures and will serve as a basis for further study of its properties, its optimization, and its use in runtime verification

A Branching Time Model of CSP

I present a branching time model of CSP that is finer than all other models of CSP proposed thus far. It is obtained by taking a semantic equivalence from the linear time - branching time spectrum, namely divergence-preserving coupled similarity, and showing that it is a congruence for the operators of CSP. This equivalence belongs to the bisimulation family of semantic equivalences, in the sense that on transition systems without internal actions it coincides with strong bisimilarity. Nevertheless, enough of the equational laws of CSP remain to obtain a complete axiomatisation for closed, recursion-free terms.Comment: Dedicated to Bill Roscoe, on the occasion of his 60th birthda

An O(mlog⁡n)O(m\log n) Algorithm for Stuttering Equivalence and Branching Bisimulation

We provide a new algorithm to determine stuttering equivalence with time complexity $O(m \log n)$, where $n$ is the number of states and $m$ is the number of transitions of a Kripke structure. This algorithm can also be used to determine branching bisimulation in $O(m(\log |\mathit{Act}|+ \log n))$ time where $\mathit{Act}$ is the set of actions in a labelled transition system. Theoretically, our algorithm substantially improves upon existing algorithms which all have time complexity $O(m n)$ at best. Moreover, it has better or equal space complexity. Practical results confirm these findings showing that our algorithm can outperform existing algorithms with orders of magnitude, especially when the sizes of the Kripke structures are large. The importance of our algorithm stretches far beyond stuttering equivalence and branching bisimulation. The known $O(m n)$ algorithms were already far more efficient (both in space and time) than most other algorithms to determine behavioural equivalences (including weak bisimulation) and therefore it was often used as an essential preprocessing step. This new algorithm makes this use of stuttering equivalence and branching bisimulation even more attractive.Comment: A shortened version of this technical report has been published in the proceedings of TACAS 201

Family-Based Model Checking with mCRL2

\u3cp\u3eFamily-based model checking targets the simultaneous verfication of multiple system variants, a technique to handle feature-based variability that is intrinsic to software product lines (SPLs). We present an approach for family-based verification based on the feature μ-calculus μL\u3csub\u3ef\u3c/sub\u3e, which combines modalities with feature expressions. This logic is interpreted over featured transition systems, a well-accepted model of SPLs, which allows one to reason over the collective behavior of a number of variants (a family of products). Via an embedding into the modal μ-calculus with data, underpinned by the general-purpose mCRL2 toolset, off-the-shelf tool support for μLf becomes readily available. We illustrate the feasibility of our approach on an SPL benchmark model and show the runtime improvement that family-based model checking with mCRL2 offers with respect to model checking the benchmark product-by-product.\u3c/p\u3

Automated Validation of State-Based Client-Centric Isolation with TLA ⁺

Clear consistency guarantees on data are paramount for the design and implementation of distributed systems. When implementing distributed applications, developers require approaches to verify the data consistency guarantees of an implementation choice. Crooks et al. define a state-based and client-centric model of database isolation. This paper formalizes this state-based model in, reproduces their examples and shows how to model check runtime traces and algorithms with this formalization. The formalized model in enables semi-automatic model checking for different implementation alternatives for transactional operations and allows checking of conformance to isolation levels. We reproduce examples of the original paper and confirm the isolation guarantees of the combination of the well-known 2-phase locking and 2-phase commit algorithms. Using model checking this formalization can also help finding bugs in incorrect specifications. This improves feasibility of automated checking of isolation guarantees in synthesized synchronization implementations and it provides an environment for experimenting with new designs.</p

Pure-glue hidden valleys through the Higgs portal

We consider the possibility that the Higgs boson can act as a link to a hidden sector in the context of pure-glue hidden valley models. In these models the standard model is weakly coupled, through loops of heavy messengers fields, to a hidden sector whose low energy dynamics is described by a pure-Yang-Mills theory. Such a hidden sector contains several metastable hidden glueballs. In this work we shall extend earlier results on hidden valleys to include couplings of the messengers to the standard model Higgs sector. The effective interactions at one-loop couple the hidden gluons to the standard model particles through the Higgs sector. These couplings in turn induce hidden glueball decays to fermion pairs, or cascade decays with multiple Higgs emission. The presence of effective operators of different mass dimensions, often competing with each other, together with a great diversity of states, leads to a great variability in the lifetimes and decay modes of the hidden glueballs. We find that most of the operators considered in this paper are not heavily constrained by precision electroweak physics, therefore leaving plenty of room in the parameter space to be explored by the future experiments at the LHC.Comment: 44 pages, 16 figures. Major revision for JHEP, corrected an error in Eq. 5.1, comments adde

Applications of Fair Testing

In this paper we present the application of the fair testing pre-order, introduced in a previous paper, to the specification and analysis of distributed systems. This pre-order combines some features of the standard testing pre-orders, viz. the possibility to refine a specification by the resolution of nondeterminism, with a powerful feature of standard observation congruence, viz. the fair abstraction from divergences. Moreover, it is a pre-congruence with respect to all standard process-algebraic combinators, thus allowing for the standard algebraic proof techniques by substitution and rewriting. In this paper we will demonstrate advantages of the fair testing pre-order by the application to a number of examples, including a scheduling problem, a version of the Alternating Bit-protocol, and fair communication channels