26 research outputs found
A mechanized proof of loop freedom of the (untimed) AODV routing protocol
The Ad hoc On-demand Distance Vector (AODV) routing protocol allows the nodes
in a Mobile Ad hoc Network (MANET) or a Wireless Mesh Network (WMN) to know
where to forward data packets. Such a protocol is 'loop free' if it never leads
to routing decisions that forward packets in circles. This paper describes the
mechanization of an existing pen-and-paper proof of loop freedom of AODV in the
interactive theorem prover Isabelle/HOL. The mechanization relies on a novel
compositional approach for lifting invariants to networks of nodes. We exploit
the mechanization to analyse several improvements of AODV and show that
Isabelle/HOL can re-establish most proof obligations automatically and identify
exactly the steps that are no longer valid.Comment: The Isabelle/HOL source files, and a full proof document, are
available in the Archive of Formal Proofs, at
http://afp.sourceforge.net/entries/AODV.shtm
Mechanizing a Process Algebra for Network Protocols
This paper presents the mechanization of a process algebra for Mobile Ad hoc
Networks and Wireless Mesh Networks, and the development of a compositional
framework for proving invariant properties. Mechanizing the core process
algebra in Isabelle/HOL is relatively standard, but its layered structure
necessitates special treatment. The control states of reactive processes, such
as nodes in a network, are modelled by terms of the process algebra. We propose
a technique based on these terms to streamline proofs of inductive invariance.
This is not sufficient, however, to state and prove invariants that relate
states across multiple processes (entire networks). To this end, we propose a
novel compositional technique for lifting global invariants stated at the level
of individual nodes to networks of nodes.Comment: This paper is an extended version of arXiv:1407.3519. The
Isabelle/HOL source files, and a full proof document, are available in the
Archive of Formal Proofs, at http://afp.sourceforge.net/entries/AWN.shtm
Characterising Testing Preorders for Finite Probabilistic Processes
In 1992 Wang & Larsen extended the may- and must preorders of De Nicola and
Hennessy to processes featuring probabilistic as well as nondeterministic
choice. They concluded with two problems that have remained open throughout the
years, namely to find complete axiomatisations and alternative
characterisations for these preorders. This paper solves both problems for
finite processes with silent moves. It characterises the may preorder in terms
of simulation, and the must preorder in terms of failure simulation. It also
gives a characterisation of both preorders using a modal logic. Finally it
axiomatises both preorders over a probabilistic version of CSP.Comment: 33 page
On the expressiveness of higher dimensional automata
In this paper I compare the expressive power of several models of concurrency based on their ability to represent causal dependence. To this end, I translate these models, in behaviour preserving ways, into the model of higher dimensional automata (HDA), which is the most expressive model under investigation. In particular, I propose four different translations of Petri nets, corresponding to the four different computational interpretations of nets found in the literature. I also extend various equivalence relations for concurrent systems to HDA. These include the history preserving bisimulation, which is the coarsest equivalence that fully respects branching time, causality and their interplay, as well as the ST-bisimulation, a branching time respecting equivalence that takes causality into account to the extent that it is expressible by actions overlapping in time. Through their embeddings in HDA, it is now well-defined whether members of different models of concurrency are equivalent. (c) 2006 Elsevier B.V. All rights reserved
On the Expressiveness of Higher Dimensional Automata: (Extended Abstract)
In this paper I compare the expressive power of several models of concurrency based on their ability to represent causal dependence. To this end, I translate these models, in behaviour preserving ways, into the model of higher dimensional automata, which is the most expressive model under investigation. In particular, I propose four different translations of Petri nets, corresponding to the four different computational interpretations of nets found in the literature.I also extend various equivalence relations for concurrent systems to higher dimensional automata. These include the history preserving bisimulation, which is the coarsest equivalence that fully respects branching time, causality and their interplay, as well as the ST-bisimulation, a branching time respecting equivalence that takes causality into account to the extent that it is expressible by actions overlapping in time. Through their embeddings in higher dimensional automata, it is now well-defined whether members of different models of concurrency are equivalent
CONCUR Test-Of-Time Award 2021
International audienceThis short article announces the recipients of the CONCUR Test-of-Time Award 2021
Distributed Branching Bisimulation Minimization by Inductive Signatures
We present a new distributed algorithm for state space minimization modulo
branching bisimulation. Like its predecessor it uses signatures for refinement,
but the refinement process and the signatures have been optimized to exploit
the fact that the input graph contains no tau-loops.
The optimization in the refinement process is meant to reduce both the number
of iterations needed and the memory requirements. In the former case we cannot
prove that there is an improvement, but our experiments show that in many cases
the number of iterations is smaller. In the latter case, we can prove that the
worst case memory use of the new algorithm is linear in the size of the state
space, whereas the old algorithm has a quadratic upper bound.
The paper includes a proof of correctness of the new algorithm and the
results of a number of experiments that compare the performance of the old and
the new algorithms
Robustness of Equations Under Operational Extensions
Sound behavioral equations on open terms may become unsound after
conservative extensions of the underlying operational semantics. Providing
criteria under which such equations are preserved is extremely useful; in
particular, it can avoid the need to repeat proofs when extending the specified
language.
This paper investigates preservation of sound equations for several notions
of bisimilarity on open terms: closed-instance (ci-)bisimilarity and
formal-hypothesis (fh-)bisimilarity, both due to Robert de Simone, and
hypothesis-preserving (hp-)bisimilarity, due to Arend Rensink. For both
fh-bisimilarity and hp-bisimilarity, we prove that arbitrary sound equations on
open terms are preserved by all disjoint extensions which do not add labels. We
also define slight variations of fh- and hp-bisimilarity such that all sound
equations are preserved by arbitrary disjoint extensions. Finally, we give two
sets of syntactic criteria (on equations, resp. operational extensions) and
prove each of them to be sufficient for preserving ci-bisimilarity.Comment: In Proceedings EXPRESS'10, arXiv:1011.601
Using schedulers to test probabilistic distributed systems
This is the author's accepted manuscript. The final publication is available at Springer via http://dx.doi.org/10.1007/s00165-012-0244-5. Copyright © 2012, British Computer Society.Formal methods are one of the most important approaches to increasing the confidence in the correctness of software systems. A formal specification can be used as an oracle in testing since one can determine whether an observed behaviour is allowed by the specification. This is an important feature of formal testing: behaviours of the system observed in testing are compared with the specification and ideally this comparison is automated. In this paper we study a formal testing framework to deal with systems that interact with their environment at physically distributed interfaces, called ports, and where choices between different possibilities are probabilistically quantified. Building on previous work, we introduce two families of schedulers to resolve nondeterministic choices among different actions of the system. The first type of schedulers, which we call global schedulers, resolves nondeterministic choices by representing the environment as a single global scheduler. The second type, which we call localised schedulers, models the environment as a set of schedulers with there being one scheduler for each port. We formally define the application of schedulers to systems and provide and study different implementation relations in this setting