Results 1  10
of
15
WellStructured Transition Systems Everywhere!
 THEORETICAL COMPUTER SCIENCE
, 1998
"... Wellstructured transition systems (WSTS's) are a general class of infinite state systems for which decidability results rely on the existence of a wellquasiordering between states that is compatible with the transitions. In this article, we provide an extensive treatment of the WSTS idea and ..."
Abstract

Cited by 258 (9 self)
 Add to MetaCart
Wellstructured transition systems (WSTS's) are a general class of infinite state systems for which decidability results rely on the existence of a wellquasiordering between states that is compatible with the transitions. In this article, we provide an extensive treatment of the WSTS idea and show several new results. Our improved definitions allow many examples of classical systems to be seen as instances of WSTS's.
Types as Models: Model Checking MessagePassing Programs
 In Principles of Programming Languages (POPL
, 2001
"... Abstraction and composition are the fundamental issues in making model checking viable for software. This paper proposes new techniques for automating abstraction and decomposition using source level type information provided by the programmer. Our system includes two novel components to achieve thi ..."
Abstract

Cited by 91 (3 self)
 Add to MetaCart
(Show Context)
Abstraction and composition are the fundamental issues in making model checking viable for software. This paper proposes new techniques for automating abstraction and decomposition using source level type information provided by the programmer. Our system includes two novel components to achieve this end: (1) a new behavioral typeandeffect system for the picalculus, which extracts sound models as types, and (2) a new assumeguarantee proof rule for carrying out compositional model checking on the types. Open simulation between CCS processes is used as both the subtyping relation in the type system and the abstraction relation for compositional model checking. We have implemented these ideas in a tool  Piper. Piper exploits type signatures provided by the programmer to partition the model checking problem, and emit model checking obligations that are discharged using the Spin model checker. We present the details on applying Piper on two examples: (1) the SIS standard for managing trouble tickets across multiple organizations and (2) a file reader from the pipelined implementation of a web server.
The Regular Viewpoint on PAProcesses
 Theoretical Computer Science
, 1999
"... PA is the process algebra allowing nondeterminism, sequential and parallel compositions, and recursion. We suggest viewing PAprocesses as trees, and using treeautomata techniques for verification problems on PA. Our main result is that the set of iterated predecessors of a regular set of PAproce ..."
Abstract

Cited by 44 (1 self)
 Add to MetaCart
PA is the process algebra allowing nondeterminism, sequential and parallel compositions, and recursion. We suggest viewing PAprocesses as trees, and using treeautomata techniques for verification problems on PA. Our main result is that the set of iterated predecessors of a regular set of PAprocesses is a regular tree language, and similarly for iterated successors. Furthermore, the corresponding treeautomata can be built effectively in polynomialtime. This has many immediate applications to verification problems for PAprocesses, among which a simple and general modelchecking algorithm.
On the Expressiveness and Decidability of HigherOrder Process Calculi
, 2008
"... In higherorder process calculi the values exchanged in communications may contain processes. A core calculus of higherorder concurrency is studied; it has only the operators necessary to express higherorder communications: input prefix, process output, and parallel composition. By exhibiting a ne ..."
Abstract

Cited by 19 (8 self)
 Add to MetaCart
(Show Context)
In higherorder process calculi the values exchanged in communications may contain processes. A core calculus of higherorder concurrency is studied; it has only the operators necessary to express higherorder communications: input prefix, process output, and parallel composition. By exhibiting a nearly deterministic encoding of Minsky Machines, the calculus is shown to be Turing Complete and therefore its termination problem is undecidable. Strong bisimilarity, however, is proved to be decidable. Further, the main forms of strong bisimilarity for higherorder processes (higherorder bisimilarity, context bisimilarity, normal bisimilarity, barbed congruence) coincide. They also coincide with their asynchronous versions. A sound and complete axiomatization of bisimilarity is given. Finally, bisimilarity is shown to become undecidable if at least four static (i.e., toplevel) restrictions are added to the calculus.
A Behavioral Module System for the PiCalculus
 In Proc. of Static Analysis Symposium (SAS
, 2001
"... Distributed messagepassing based asynchronous systems are becoming increasingly important. Such systems are notoriously hard to design and test. A promising approach to help programmers design such programs is to provide a behavioral type system that checks for behavioral properties such as deadloc ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
(Show Context)
Distributed messagepassing based asynchronous systems are becoming increasingly important. Such systems are notoriously hard to design and test. A promising approach to help programmers design such programs is to provide a behavioral type system that checks for behavioral properties such as deadlock freedom using a combination of type inference and model checking. The fundamental challenge in making a behavioral type system work for realistic concurrent programs is state explosion. This paper develops the theory to design a behavioral module system that permits decomposing the type checking problem, saving exponential cost in the analysis. Unlike module systems for sequential programming languages, a behavioral specification for a module typically assumes that the module operates in an appropriate concurrent context. We identify assumeguarantee reasoning as a fundamental principle in designing such a module system. Concretely, we propose a behavioral module system for picalculus programs. Types are CCS processes that correctly approximate the behavior of programs, and by applying model checking techniques to process types one can check many interesting program properties, including deadlockfreedom and communication progress. We show that modularity can be achieved in our type system by applying circular assumeguarantee reasoning principles whose soundness requires an induction over time. We state and prove an assumeguarantee rule for CCS. Our module system integrates this assumeguarantee rule into our behavioral type system.
Compositional reasoning for probabilistic finitestate behaviors
 In Processes, Terms and Cycles: Steps on the Road to Infinity, Essays Dedicated to Jan Willem Klop, on the Occasion of His 60th Birthday, LNCS 3838
, 2005
"... Abstract. We study a process algebra which combines both nondeterministic and probabilistic behavior in the style of Segala and Lynch’s simple probabilistic automata. We consider strong bisimulation and observational equivalence, and provide complete axiomatizations for a language that includes para ..."
Abstract

Cited by 15 (6 self)
 Add to MetaCart
(Show Context)
Abstract. We study a process algebra which combines both nondeterministic and probabilistic behavior in the style of Segala and Lynch’s simple probabilistic automata. We consider strong bisimulation and observational equivalence, and provide complete axiomatizations for a language that includes parallel composition and (guarded) recursion. The presence of the parallel composition introduces various technical difficulties and some restrictions are necessary in order to achieve complete axiomatizations. 1
Workflows, Transactions, and Datalog
 In Proc. ACM Symposium on Principles of Database Systems (PODS’99
, 1999
"... Transaction Datalog (abbreviated T D) is a concurrent programming language that provides process modeling, database access, and advanced transactions. This paper illustrates the use of T D for specifying and simulating workflows, with examples based on the needs of a highthroughput genome laborator ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
(Show Context)
Transaction Datalog (abbreviated T D) is a concurrent programming language that provides process modeling, database access, and advanced transactions. This paper illustrates the use of T D for specifying and simulating workflows, with examples based on the needs of a highthroughput genome laboratory. In addition to database support, these needs include concurrent access to shared resources, synchronization of work, and networks of cooperating workflows. We also use T D to explore the computational complexity of workflows in dataintensive applications. We show, for instance, that workflows can be vastly more complex than database transactions, largely because concurrent processes can interact and communicate via the database (i:e:, one process can read what another one writes). We then investigate the sources of this complexity, focusing on features for data modeling and process modeling. We show that by carefully controlling these features, the complexity of workflows can be reduced ...
Decidability Results in Automata and Process Theory
"... The study of Process Algebra has received a great deal of attention since the pioneering work in the 1970s of the likes of R. Milner and C.A.R. Hoare. This attention has been merited as the formalism provides a natural framework for describing and analysing systems: concurrent systems are described ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
The study of Process Algebra has received a great deal of attention since the pioneering work in the 1970s of the likes of R. Milner and C.A.R. Hoare. This attention has been merited as the formalism provides a natural framework for describing and analysing systems: concurrent systems are described naturally using constructs which have intuitive interpretations, such as notions of abstractions and sequential nd parallel composition. The goal of such a formalism is to provide techniques for verifying the correctness of a system. Typically this verification takes the form of demonstrating the equivalence of two systems expressed within the formalism, respectively representing an abstract specification of the system in question and its implementation. However, any reasonable process algebra allows the description of any computable function, and the equivalence problemregardless of what reasonable notion of equivalence you consideris readily seen to be undecidable in general. Much can be accomplished by restricting attention to (communicating) finitestate systems where the equivalence problem is just as quickly seen to be
Type abstractions of namepassing processes
 In Proceedings of IPM International Symposium on Fundamentals of Software Engineering (FSEN
, 2007
"... Abstract. We study methods to statically approximate “firstorder ” process calculi (Pi, Join) by “propositional” models (CCS, BPP, Petri nets). We consider both open and closed behaviors of processes. In the case of open behavior, we propose a type system to associate picalculus processes with res ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We study methods to statically approximate “firstorder ” process calculi (Pi, Join) by “propositional” models (CCS, BPP, Petri nets). We consider both open and closed behaviors of processes. In the case of open behavior, we propose a type system to associate picalculus processes with restrictionfree CCS types. A process is shown to be in simulation relation with each of its types, hence safety properties that hold of the types also hold of the process. We refine this approach in the case of closed behavior: in this case, types are BPP processes. Sufficient conditions are given under which a minimal BPP type can be computed that is bisimilar to a given process. These results are extended to the Join calculus using place/transition Petri nets as types.
On bisimilarity and substitution in presence of replication
 In 37th International Colloquium on Automata, Languages and Programming (ICALP), volume 6199 of LNCS
, 2010
"... Abstract. We prove a new congruence result for the picalculus: bisimilarity is a congruence in the subcalculus that does not include restriction nor sum, and features toplevel replications. Our proof relies on algebraic properties of replication, and on a new syntactic characterisation of bisi ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. We prove a new congruence result for the picalculus: bisimilarity is a congruence in the subcalculus that does not include restriction nor sum, and features toplevel replications. Our proof relies on algebraic properties of replication, and on a new syntactic characterisation of bisimilarity. We obtain this characterisation using a rewriting system rather than a purely equational axiomatisation. We then deduce substitution closure, and hence, congruence. Whether bisimilarity is a congruence when replications are unrestricted remains open. 1