F. Moller. The Edinburgh Concurrency Workbench (Version 6.1). Department of Computer Science, University of Edinburgh, October 1992.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....In this paper we want to focus on model checking. Several case studies showed that especially model checking can help to find errors during the design process (see [CW96] for an overview) One main reason for this success is the availability of tools supporting the analysis of formal systems (CWB [Mol92], NCSU CWB [CS96] SMV [K.L92] SPIN [GHP97] Truth [LT98] Despite these developments, however, there are still two main problems which limit the use of model checking techniques in practical situations: 1. There is a number of design notions (CCS [Mil89] ACP [BV94] LOTOS [BB89] B(PN) ....

F. Moller. The Edinburgh Concurrency Workbench (Version 6.1). Department of Computer Science, University of Edinburgh, October 1992.

....the tool provides a counter example showing under which circumstances the error can be generated. Model checking originates from the independent work of Emerson and Clarke [EC82] and Quielle and Sifakis [QS82] Several prototypes of model checking tools like the Edinburgh Concurrency Workbench [Mol92] SPIN [GHP97] the symbolic model checker SMV [McM92] and Truth [LN01] have been developed and are used to demonstrate the benefits of this approach. Model checking is especially suited when the implementation is given by (or can be translated into) a finite state model and the ....

F. Moller. The Edinburgh Concurrency Workbench (Version 6.1). Department of Computer Science, University of Edinburgh, October 1992.

....is one particularly successful automated approach to veri cation, called model checking, in which one tries to prove that (a model of) a system has certain properties speci ed in a suitable logic. During the recent years several prototypes of model checking tools have been developed, e.g. CWB [13], NCSU CWB [4] SPIN [5] and the symbolic model checker SMV [9] Most of these are tailored to a speci c setting, choosing, e.g. the CCS process algebra with transition system semantics as the speci cation language and o ering model checking for the modal calculus. However, in the ....

F. Moller. The Edinburgh Concurrency Workbench (Version 6.1). Department of Computer Science, University of Edinburgh, October 1992.

....to combine set based specifications with some sort of process calculi over the set of declared operations. The Process Prototyper allows for the annotation of Camila components with behavioral patterns, which can be simulated and further analyzed by a typical process algebra tool, like the Cwb [MS96]. It also includes a small configuration language enabling the (eventually dynamic) association of each node of the system to an independent process (e.g. a Unix process) communication being achieved through a set of specific primitives. Application dependent constraints of the communication ....

F. Moller and P. Stevens. The edinburgh concurrency workbench (version 7). User's manual, LFCS, Edinburgh University, 1996.

....skills and preferences with respect to programming languages di#er heavily. However, everyone has at least attended one of the introductory Haskell courses. The core system was implemented as a master thesis project in 1997. Besides Truth there is long list of comparable tools like CWB ([26]) NCSU CWB ( 10] SMV ( 23] and Spin ( 15] Since verification is a kind of symbolic computation, programming languages providing algebraic data types are prominent candidates for developing corresponding tools. The first two systems mentioned are implemented in ML ( 25] In the SMV and ....

F. Moller. The Edinburgh Concurrency Workbench (Version 6.1). Department of Computer Science, University of Edinburgh, Oct. 1992.

....skills and preferences with respect to programming languages differ heavily. However, everyone has at least attended one of the introductory courses to Haskell. The core system was implemented as a master thesis project in 1997. Besides Truth there is long list of comparable tools like CWB ([26]) NCSU CWB ( 10] SMV ( 23] and Spin ( 15] Since verification is a kind of symbolic computation, programming languages providing algebraic data types are prominent candidates for developing corresponding tools. The first two systems mentioned are implemented in ML ( 25] In the SMV and ....

F. Moller. The Edinburgh Concurrency Workbench (Version 6.1). Department of Computer Science, University of Edinburgh, Oct. 1992.

....turns out that the implementation of these preorders in a model checking tool requires algorithms with the same complexity as those for bisimulations. Indeed the notions described in both [1] and [2] have been implemented and added to (the IIT Delhi version of) the Edinburgh concurrency workbench [8] and succesfully tested on several examples. The advantage of such an approach is that a single notion (or a single algorithm) is sucient to verify correctness and the same may be used to compare di erent implementations. More accurately, di erent mixtures of speci cation and implementation ....

F. Moller. The Edinburgh Concurrency Workbench (Version 6.1). Department of Computer Science, University of Edinburgh, 1992.

....however M unfolds, then our translation from M to M guarantees that it cannot happen in M either. Once we have an algebraic characterisation of M , we can then check its characteristic properties using the modal calculus [18] on the public domain Concurrency Workbench 1 (henceforth the CWB [13, 30]) Since M and M are structurally the same, once M has been corrected, it is straightforward to rectify the actual model M. The most popular styles of programming simulation models have been the activity based approach of (E)CSL [9, 14, 15, 32, 41] the event based approach of GASP and early ....

F. G. Moller. The Edinburgh Concurrency Workbench, Version 6.0. Technical Report, Computer Science Department, University of Edinburgh, 1991.

....up to a preorder, a preorder up to an equivalence, and so on. One does not even have to limit oneself to a single closure relation, but different equivalences preorders may be employed in different positions. Some (simple) up to facilities are also implemented in the Concurrency Workbench [3], a software tool which supports mechanical reasoning with processes. For instance, the Workbench can systematically remove the 0 process (i.e. the inactive process) which may reduce an infinite state transition system to a finite one and permit the termination of the Workbench algorithms. The ....

....tractable preorder, in that it is preserved by all CCS operators but sum, and that it has a complete proof system for finite terms based on a modification of the standard laws for CCS. A preorder called contraction, very close indeed to expansion, has been implemented in the Concurrency Workbench [3]. The following two theorems are from [1] 7 Theorem 3.2 . is preserved by all CCS operators but sum. Theorem 3.3 It holds that ae . and . ae ; moreover each inclusion is strict. Proof: The inclusions are obvious. For the strictness, we have that P 6 :P , P . P , and :P 6 . P , P P . We ....

Moller, F. The Edinburgh Concurrency Workbench (Version 6.12) Report No. LFCSTN -34, Dept of Computer Science, University of Edinburgh, April 1993.

....of the processes usually does not involve any conceptual problems, the concurrent behaviour makes the system di#cult to understand. Therefore, we put our emphasis on analysing concurrent systems. During the last years several prototypes of model checking tools have been developed, e.g. CWB (Moller (1992)) NCSU CWB (Cleaveland and Sims (1996) SPIN (Gregoire et al. 1997) and the symbolic model checker SMV (McMillan (1992) Most of the tools are tailored for a specific setting, e.g. CCS with transition system semantics and calculus model checking. In contrast, we are aiming at a modular tool ....

F. Moller. The Edinburgh Concurrency Workbench (Version 6.1). Department of Computer Science, University of Edinburgh, October 1992.

....checkers usually cannot be applied in applications where recursive functions and data structures are used. Furthermore, most systems are not able to produce a formal proof (as a sequence of inference steps) which can be checked (or proof read) externally (but see e.g. the Concurrency Workbench (Moller, 1992; Cleaveland et al. 1993) Rather, the user has to rely on the correctness of the implementation 1 . The most severe reduction for the practical applicability of Model Checkers is the limit of the size of the state JOHANN SCHUMANN space they can handle. Despite numerous approaches (e.g. ....

Moller, F. (1992). The Edinburgh Concurrency Workbench (Version 6.1). Department of Computer Science, University of Edinburgh.

....preceding e ciency) our preorders enable one to combine the two issues into one for which the e ort required is no more than that required for nding an appropriate bisimulation. In fact, the two preorders and precongruences have been implemented on the Edinburgh Concurrency Workbench [4]. However, in the implementation of the precongruences, we have departed from the method used to implement observational congruence [2] by actually de ning a new special action (which is internally generated) and taking recourse to de nition 4.1. This yields a simpler and more general method that ....

F. Moller. The Edinburgh Concurrency Workbench (Version 6.1). Department of Computer Science, University of Edinburgh, 1992. 12

....of trace theory to verify circuits using the speed independent hazard model [Dil89] His tool was invaluable for the verification of the AFSMs in the Post Office. Process algebras, such as CCS and Circal, have recently been applied to the verification of asynchronous circuits [Bai94, Liu92, MM91, Mol91] While simulation systems such as VHDL and CSP based programming languages have been successfully applied to the synthesis of synchronous and asynchronous circuits, automated synthesis has not been achieved with systems capable of formal verification. 1.5 Automated Formal Asynchronous Design ....

....based on trace semantics for delay insensitive implementations [EG93] The delay insensitive model, although extremely useful for protocols and high level circuit verification, cannot verify gate level implementations nor many of the common hazard models. The general purpose Concurrency Workbench [Mol91] supports more powerful equivalence theories, but none of the equivalences or partial orders introduced before this thesis are directly applicable to verifying hardware components. This section reviews the most important equalities used in CCS and by modern asynchronous verifiers and formal ....

[Article contains additional citation context not shown here]

Faron Moller. The Edinburgh Concurrency Workbench (Version 6.0). University of Edinburgh, August 1991.

....of the processes usually does not involve any conceptual problems, the concurrent behaviour makes the system di#cult to understand. Therefore, we put our emphasis on analyzing concurrent systems. During the last years several prototypes of model checking tools have been developed, e.g. CWB [Mol92] NCSU CWB [CS96] SMV [McM92] SPIN [GHP97] and Truth [LT98] Most of the tools are tailored for a specific setting, e.g. CCS with transition system semantics and calculus model checking. In contrast, we are aiming at a modular tool which can easily be adjusted to di#erent specification ....

F. Moller. The Edinburgh Concurrency Workbench (Version 6.1). Department of Computer Science, University of Edinburgh, October 1992.

....of the processes usually does not involve any conceptual problems, the concurrent behaviour makes the system di#cult to understand. Therefore, we put our emphasis on analysing concurrent systems. In the last years several prototypes of model checking tools have been developed, e.g. CWB [Mol92] NCSU CWB [CS96] SMV [McM92] SPIN and [GHP97] The aim of this paper is to give an overview of the tool Truth which is 1 Note that in this paper we concentrate on the design of a system. We do not consider the problem of assuring that the concrete realization of a system is according to its ....

F. Moller. The Edinburgh Concurrency Workbench (Version 6.1). Department of Computer Science, University of Edinburgh, October 1992.

....establish equivalence between the model and the specification. For model checking, desired properties of the system, rather than its entire behaviour, are specified using a logical formalism. Tools exist to support the checking of such expressions against derived behaviour of a process expression [21]. In this paper we are concerned with the analysis of the behaviour of a system in a more abstract sense, using a traversal of the state space, or reachability analysis. The state space is searched for states exhibiting undesirable behaviour. For example, in a model intended to represent a system ....

F. Moller. The Edinburgh Concurrency Workbench (Version 6.0). LFCS, Dept. of Computer Science, University of Edinburgh., August 1991.

.... We can build a mini system two jobs of type 4 and two repairers who handle jobs of type 4 only by S 1 def = SPANNER1 j SPANNER2 j J4 j J4 j R4 j R4) nfgR4; pR4; gS1; pS1; gS2; pS2g Does this system have desirable properties We first check for deadlock using the CWB (Concurrency Workbench [9, 10, 19]) a mechanized support tool for CCS. The CWB command is fd find deadlock. The CWB uses t a for a resulting from an a=a interaction. fd S1 use4 t gR4 t gS1 use4 t gR4 t gS2 ( pS1.SPANNER1 pS2.SPANNER2 pR4.J4 pR4.J4 gS1.st4.et4. pS1. pS2. pR4.Rman ....

F. G. Moller. The Edinburgh Concurrency Workbench, Version 6.0. Tech Report, Computer Science Department, University of Edinburgh, 1991.

....concurrent systems. The main goal of the system is to provide users with a tool that is flexible and easy to use and yet whose performance is competitive with that of existing special purpose tools. In support of the former, and like its predecessor, the (Edinburgh) Concurrency Workbench [9, 15], the NCSU CWB includes implementations of decision procedures for calculating a number of different behavioral equivalences and preorders between systems and for determining whether systems satisfy formulas written in an expressive temporal logic, the modal mu calculus. In contrast with the ....

F. Moller and P. Stevens. The Edinburgh Concurrency Workbench (Version 7.0). University of Edinburgh, November 1994.

....property in a temporal logic (the Workbench also provides such a logic) and showing that the SCCS specification satisfies the logic expression. Appendix A ToyP in the Concurrency Workbench In this chapter we list how the SCCS specification of ToyP is implemented using the Concurrency Workbench [CPS93, Mol92]. A few notes about the SCCS description and the CWB SCCS description. The Concurrency Workbench implements the basic SCCS calculus. Consequently, this means that there is no generalized summation (e.g. P ) in the Workbench. In order to keep the description tangible, I have given only a ....

Faron Moller. The Edinburgh Concurrency Workbench (Version 6.1). University of Edinburgh, 1992.

....as perceived by an external observer unchanged. It is from the definition of congruence that equational laws may be derived. In addition to the three types of equivalence defined by Milner, there are a number of other equivalences and partial order relations defined on CCS agents [Hen88, Hoa85, Mol92, Wal88] Given the definition of congruence it is possible to define another form of analysis applicable to CCS agents called equational reasoning. Equational reasoning allows the practitioner to prove the congruence of two specified agents without the direct employment of any of the semantic ....

....language through set theory and predicate logic based on the sequences of actions traces an agent can exhibit. University of Teesside, 1996 Page: Section 1.1 Integrated Formal Methods for Multi perspective Systems and a tool exists which does this. The Edinburgh Concurrency Workbench [CPS89, Mol92, Jen91] accepts the specification of agents in basic CCS, the expression of properties in the mu calculus, and as well as demonstrating conformance to such properties and equivalence between agents, also allows the user to animate the agents in various ways, find deadlocks in specifications and ....

[Article contains additional citation context not shown here]

Faron Moller. The edinburgh concurrency workbench (version 6.1). Technical report, University of Edinburgh, 1992.

....son implantation. Plusieurs environnements de preuves ont et e d evelopp es ces derni eres ann ees. Ces outils permettent de v erifier si deux processus sont equivalent ou non. La v erification est accomplie soit automatiquement, soit interactivement. Les outils automatiques, voir par exemple, [1, 2, 3] sont bas es sur des algorithmes raisonnablement efficaces et manipulent des sp ecifications repr esent ees par des automates. Cependant, cette approche pr esente quelques probl emes relatifs a l explosion combinatoire des etats et une limitations de leurs champs d applications aux seules ....

F Moller. The Edinburgh Concurrency Workbench (version 6.0). University of Edinburgh, August 1991.

....of the processes usually does not involve any conceptual problems, the concurrent behaviour makes the system di#cult to understand. Therefore, we put our emphasis on analysing concurrent systems. During the last years several prototypes of corresponding tools have been developed, e.g. CWB ([3]) NCSUCWB ( 4] SPIN ( 5] and the symbolic model checker SMV ( 6] Most of the tools are tailored for a specific syntactic and semantic setting, e.g. CCS with transition system semantics and calculus model checking. Our goal is to support rapid prototyping of distributed systems by ....

F. Moller, The Edinburgh Concurrency Workbench (Version 6.1), Department of Computer Science, University of Edinburgh, Oct. 1992.

....for the uninitiated reader to understand our specifications. For a more detailed description of each of these systems we refer the reader to the following: 6] for a definitive treatment of CCS; 9] for an explanation of the modal calculus and its use for expressing properties of systems; and [2, 7] for a description of the CWB and its functionalities. Acknowledgement I am grateful to Jan Tijman Udding for pointing out the design of the asynchronous message router, as well as motivating my study of it. The design itself is proposed in [5] as a method for connecting INMOS transputers ....

Moller, F. (1991). The Edinburgh Concurrency Workbench (Version 6.0). Department of Computer Science Technical Note LFCS-TN-34, University of Edinburgh, Edinburgh, Scotland.

No context found.

F. Moller. The Edinburgh Concurrency Workbench (Version 6.0). Technical Report LFCS-TN-34, LFCS, University of Edinburgh, 1991.

No context found.

F. Moller. The Edinburgh Concurrency Workbench (Version 6.0). Technical Report LFCS-TN-34, LFCS, University of Edinburgh, 1991.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC