Process Algebra

In this paper we present an embedding of the most common branching time logics (CTL/CTL * ) in an extension of interval temporal logic (ITL + ). The significance of this result is threefold: first the theoretical aspect is, that branching time and linear time are not so much different. A more practical aspect is that the intuitive interactive proof method of symbolic execution of ITL + can be used for branching time logics as well. The opposite direction is interesting as well, for a subset of finite state systems, interactive verification of ITL + formulas can be translated into a model checking problem. The proof presented in this paper has been done with the interactive theorem prover KIV. So this contribution can also be seen as a case study on reasoning about temporal logics in an interactive verification environment.

We present a bio-inspired calculus for describing 3D shapes moving in a space. A shape forms a 3D process when combined with a behaviour. Behaviours are specified with a timed CCS-like process algebra using a notion of channel that models naturally binding sites on the surface of shapes. Processes can represent molecules or other mobile objects. The calculus embeds collision detection and response, binding of compatible 3D processes and splitting of previously established bonds.

We present a model for describing a portion of cytoplasm with components involved in metabolic pathways. Each enzyme, metabolite and complex is represented by an autonomous software agent. The molecules have 3D shapes, i.e. spheres with a radius proportional to their weight and move with Brownian motion in a virtual cell space. When an enzyme or a complex encounters an affine substrate for a metabolic reaction, then such reaction can take place, according to Michaelis-Menten kinetics. We have developed a prototype simulator with which we have tested our model using the glycolysis as a sample pathway. The validation of the model has been performed on a small portion of cytoplasm with a limited number of components.

Systems biology, the formal description of the structure and of the dynamics of biomolecular systems, is acquiring capital importance in the modern, "-omics" based, life sciences. But the classical mathematical approaches to modeling and simulation of inter-and intra-cellular processes reveal inadequate to tame the inherent complexity of life's molecular basis. Formal approaches from theoretical computer science appear more promising, permitting to describe the structure and the behavior of the complex biological systems composing the structure and the behavior of its components. We present a novel approach for modeling and simulation of metabolic pathways. Each enzyme, metabolite and complex involved in a pathway is represented by an autonomous software agent. We abstract the molecules at the mesoscale as spheres with a radius proportional to their weight. The molecules move with Brownian motion in a 3D virtual cell space. When an enzyme or a complex encounters an affine substrate for a metabolic reaction, than such reaction can take place, according to Michaelis-Menten kinetics. The system has been implemented as a society of agents on a mobile computing middleware and can be therefore executed on a network of computers.

Batanin and Leinster's work on globular operads has provided one of many potential defnitions of a weak $\omega$-category. Through the language of globular operads they construct a monad whose algebras encode weak $\omega$-categories. The purpose of this work is to show how to construct a similar monad which will allow us to formulate weak $\omega$-categorifications of any equational algebraic theory. We first review the classical theory of operads and PROs. We then present how Leinster's globular operads can be extended to a theory of globular PROs via categorical enrichment over the category of collections. It is then shown how a process called globularization allows us to construct from a classical PRO P a globular PRO whose algebras are those algebras for P which are internal to the category of strict $\omega$-categories and strict $\omega$-functors. Leinster's notion of a contraction structure on a globular operad is then extended to this setting of globular PROs in...

In today’s world , computing systems serve many purposes, we can not imagine a world without them. So it gives us the ability to do tasks at great speeds and it opens a new world of possibilities that we are just starting to explore . One of the most important factors of computing systems is the ability to run several processes at once, or at least a good scheduler gives that impression. So to achieve this, the scheduler causes the system to switch quickly between processes. Each process runs for a certain time, and when a process times out the scheduler chooses which process to execute next on the CPU and for what amount of time. Therefore, the behaviour of a system mainly depends on the scheduler. The scheduler must balance fairness and efficiency to offer the appropriate behaviour. In this paper, we have proposed a new variant of MLFQ algorithm, in which time slice is assigned to each queue for MLFQ scheduling such that it changes with each round of execution dynamically and neur...

To provide hierarchical description from different software architectural viewpoints we need more than one abstraction hierarchy and connection mechanisms to support the interactions among components. Also, these mechanisms will support the refinement and traceability of architectural elements through the different levels of each hierarchy. Current methods and tools provide poor support for the challenge posed by developing system using hierarchical description. This paper describes an architecture-centric approach allowing the user to describe the logical architecture view where a physical architecture view is generated automatically for all application instances of the logical architecture.

Many developers who could benefit from building and analysing formal models of their systems are deterred from doing so by the process algebra style input languages of formal modelling languages which they find difficult to read and understand. This barrier to the adoption of formal modelling techniques can be significantly reduced if the process algebra is replaced with a graphical notation supported by a model generation tool. However, whilst having a diagrammatic base for the language appeals to the novice modeller, the diagrams can become cluttered for larger models. In this paper we address the issues of how to add hierarchical features to a graphical language without losing the fundamental benefits and appeal of a having the graphical interface to the language. We illustrate these ideas using an existing formal modelling language.

Formal methods can bring many advantages to software practitioners and their adoption has been often advocated. In recent years usage of formal techniques certainly increased, nevertheless there is still ample room for further adoption and a wide gap exists between formal methods experts, with knowledge on formal tools, and domain experts, which possess the knowledge on the problems to solve and on users requirements. In this paper we introduce a user-friendly approach for Business Process assessment based on formal verification techniques. Starting from a semi-formal notation, well understood and largely used by domain experts, we provide a denotational mapping to a formal specification in the form of a process algebra. This transformation makes possible formal and automatic verification of desired quality requirements. The approach has been already applied, with encouraging results, in the e-government domain to verify the quality of Business Processes related to the delivery of e-Government Digital Services. Moreover the approach is supported by a plug-in for the Eclipse platform permitting to have an integrated environment in which to design the Business Process model and to assess its quality.

The problems of todays software engineering for complex distributed software systems with control as well as data processing aspects are manifold. Besides the general problem of software complexity we additionally have to deal with the problems of concurrency and distribution. A set of well evolved formalisms especially w.r.t. concurrency exists, while their integration into the common software engineering framework is still missing and related attempts have often not gained the intended acceptance. But ever increasing system complexity as well as a fast growing market for distributed software effectuate a shift towards high level behavior modeling. The presented OCoN approach does provide a high level behavior modeling as extension to the UML de-facto standard for object-oriented modeling. It is an approach to integrate an adjusted Petri net formalism with the software engineering world.

The information security community has long debated the exact definition of the term 'security'. Even if we focus on the more modest notion of confidentiality the precise definition remains controversial. In their seminal paper , Goguen and Meseguer took an important step towards a formalisation of the notion of absence of information flow with the concept of non-interference. This too was found to have problems and limitations, particularly when applied to systems displaying non-determinism which led to a proliferation of refinements of this notion and there is still no consensus as to which of these is 'correct'. We show that this central concept in information security is closely related to a central concept of computer science: that of the equivalence of systems. The notion of noninterference depends ultimately on our notion of process equivalence. However what constitutes the equivalence of two processes is itself a deep and controversial question in computer science with a number of distinct definitions proposed in the literature. We illustrate how several of the leading candidates for a definition of non-interference mirror notions of system equivalence. Casting these security concepts in a process algebraic framework clarifies the relationship between them and allows many results to be carried over regarding, for example, composition and unwinding. We also outline some generalisations of non-interference to handle partial and conditional information flows.

This paper attempts to accurately model security requirements for computational grid environments with particular focus on authentication. We introduce the Audited Credential Delegation (ACD) architecture as a solution to some of the virtual organisations (VO) identity management usability problems. The approach uses two complementary models: one is state based, described in Z notation, and the other is event-based, expressed in the Process Algebra of Hoares Communicating Sequential Processes (CSP). The former will be used to capture the state of the VO and to model "back-end" operations on it whereas the latter will be used to model behavior, and in particular, "front-end" interactions and communications. The modelling helps to clearly and precisely understand functional and security requirements and provide a basis for verifying that the system meets its intended requirements.

Computation Tree Logic (CTL) is one of the central formalisms in formal verification. As a specification language, it is used to express a property that the system at hand is expected to satisfy. From both the verification and the system design points of view, some information content of such property might become irrelevant for the system due to various reasons, e.g., it might become obsolete by time, or perhaps infeasible due to practical difficulties. Then, the problem arises on how to subtract such piece of information without altering the relevant system behaviour or violating the existing specifications over a given signature. Moreover, in such a scenario, two crucial notions are informative: the strongest necessary condition (SNC) and the weakest sufficient condition (WSC) of a given property. To address such a scenario in a principled way, we introduce a forgetting-based approach in CTL and show that it can be used to compute SNC and WSC of a property under a given model and over a given signature. We study its theoretical properties and also show that our notion of forgetting satisfies existing essential postulates of knowledge forgetting. Furthermore, we analyse the computational complexity of some basic reasoning tasks for the fragment CTLAF in particular.

Institution theory represents the fully axiomatic approach to model theory in which all components of logical systems are treated fully abstractly by reliance on category theory. Here, we survey some developments over the last decade or so concerning the institution theoretic approach to non-classical aspects of model theory. Our focus will be on many-valued truth and on models with states, which are addressed by the two extensions of ordinary institution theory known as L-institutions and stratified institutions, respectively. The discussion will include relevant concepts, techniques, and results from these two areas.

Saturated models constitute one of the powerful methods of conventional model theory, with many applications. Here we develop a categorical abstract model theoretic approach to saturated models within the theory of institutions. The most important consequence is that the method of saturated models becomes thus available to a multitude of logical systems from logic or from computing science. In this paper we define the concept of saturated model at an abstract institution-independent level and develop the fundamental existence and uniqueness theorems. As an application we prove a general institution-independent version of the Keisler-Shelah isomorphism theorem "any two elementarily equivalent models have isomorphic ultrapowers" (assuming Generalized Continuum Hypothesis).

On the one hand, the extension of ordinary institution theory, known as the theory of stratified institutions, is a general axiomatic approach to model theories where the satisfaction is parameterized by states of the models. On the other hand, the theory of 3/2-institutions is an extension of ordinary institution theory that accommodates the partiality of the signature morphisms and its syntactic and semantic effects. The latter extension is motivated by applications to conceptual blending and software evolution. In this paper, we develop a general representation theorem of 3/2-institutions as stratified institutions. This enables a transfer of conceptual infrastructure from stratified to 3/2-institutions. We provide some examples in this direction.

Saturated models constitute one of the powerful methods of conventional model theory, with many applications. Here we develop a categorical abstract model theoretic approach to saturated models within the theory of institutions. The most important consequence is that the method of saturated models becomes thus available to a multitude of logical systems from logic or from computing science. In this paper we define the concept of saturated model at an abstract institution-independent level and develop the fundamental existence and uniqueness theorems. As an application we prove a general institution-independent version of the Keisler-Shelah isomorphism theorem "any two elementarily equivalent models have isomorphic ultrapowers" (assuming Generalized Continuum Hypothesis).

As the complexity of designed Systems on Chip (SoC) increases, due to the ever growing number of transistors that can be integrated on a chip, methods have been developed to validate a de- sign before it is actually manufactured. Currently, the method that is the most used is based on software simulation, which does not ensure that all the behaviors are correct. In order to provide exhaustive verification, formal methods such as model-checking can be used. However those approaches are often confronted by the state explosion problem. Among the different components embedded on SoCs, memories are of particular interest, since the SoCs require both large memory capacities (leading to a large number of transistors dedicated to the memories) and high performance level. The aim of the paper is to verify a small synchronous memory component with the real-time model checkers Hytech and Uppaal, taking into account the electrical propagation delays through gates and along wires.

As the complexity of designed Systems on Chip (SoC) increases, due to the ever growing number of transistors that can be integrated on a chip, methods have been developed to validate a design before it is actually manufactured. Currently, the method that is the most used is based on software simulation, which does not ensure that all the behaviors are correct. In order to provide exhaustive verification, formal methods such as model-checking can be used. However those approaches are often confronted by the state explosion problem. Among the different components embedded on SoCs, memories are of particular interest, since the SoCs require both large memory capacities (leading to a large number of transistors dedicated to the memories) and high performance level. The aim of the paper is to verify a very simple memory component with the real-time model checker Uppaal, taking into account the electrical propagation delays.

In this paper we propose an agent modeling language named CAML that provides a comprehensive frameworkfor representing all relevant aspects of a multiagent system: specially, its configuration and the reasoning abilities of its constituent agents. The configuration modeling aspect of the language supports natural grouping and mobility, and the reasoning framework is inspired by an extension of the popular BDI theory of modeling cognitive skills ofagents. We present the motivation behind the development of the language, its syntax, and an informal semantics.

This paper introduces a meta-logical framework-based on the theory of institutions (a categorical version of abstract model theory)-to be used as a tool for the formalization of the two main views regarding the structure of scientific theories, namely the syntactic and the semantic views, as they have emerged from the relevant contemporary discussion. The formalization leads to a proof of the equivalence of the two views, which supports the claim that the two approaches are not really in tension. The proof is based on the Galois connection between classes of sentences and classes of models defined over some institution. First, the history of the syntactic-semantic debate is recalled and the theory of institutions formally introduced. Secondly, the notions of syntactic and semantic theories are formalized within the institution and their equivalence proved. Finally, the novelty of the proposed framework is highlighted with respect to existing formalizations.

Communicating Sequential Processes for Java (JCSP) is a mature library that implements CSP‐derived concurrency primitives in Java. A JCSP system is a hierarchical network of autonomous processes communicating over synchronous (optionally buffered) channels, and multiway synchronising through barriers. This paper presents a significant extension to the barrier mechanism: the fast resolution of choice between any number of barrier events, channel communications (in either direction) and timeouts. Previously, and in line with all currently released libraries and languages offering the CSP concurrency model, choice was restricted to channel inputs and timeouts. The paper demonstrates an application of alting barriers and explains the mechanisms used in their implementation that enables their use as guards in a choice. It also shows how choice over channel outputs becomes possible, as a simple consequence of having choice over barriers. Finally, an efficient implementation of CSP's b...

In this paper we represent a new form of condition for the consistency of the matrix equation AXB = C. If the matrix equation AXB = C is consistent, we determine a form of general solution which contains both reproductive and non-reproductive solutions. Also, we consider applications of the concept of reproductivity for obtaining general solutions of some matrix systems which are in relation to the matrix equation AXB = C.

CPDP is a class of automata designed for compositional specification/analysis of certain stochastic hybrid processes. We prove equivalence of the stochastic behaviors of CPDPs (newly defined here) and PDPs. With this result we obtain a clear stochastic processes semantics for CPDPs and we obtain the opportunity to use the powerful PDP analysis techniques in the context of the compositional framework CPDP.

This article describes the novel stochastic modeling tool OpenSESAME which allows for a quantitative evaluation of fault-tolerant High-Availability systems. The input models are traditional reliability block diagrams (RBD) which can be enriched with inter-component dependencies like failure propagation, failures with a common cause, different redundancy types, and non-dedicated repair. OpenSESAME offers a novel set of graphical diagrams to specify these dependencies. Due to the dependencies, traditional solution methods for RBDs cannot be applied to OpenSESAME models. We therefore present a novel evaluation method, which is based on the automatic generation of several state-based models, which are semantically equivalent to the high-level input model. Alternatively, either stochastic Petri nets or textual models based on a stochastic process algebra can be generated. The state based models are then analyzed using existing solvers for these types of models. Three case studies exemplify the modeling power and usability of OpenSESAME.

This paper presents a new result in the equational theory of regular languages, which emerged from lively discussions between the authors about Stone and Priestley duality. Let us call lattice of languages a class of regular languages closed under finite intersection and finite union. The main results of this paper (Theorems 5.2 and 6.1) can be summarized in a nutshell as follows: A set of regular languages is a lattice of languages if and only if it can be defined by a set of profinite equations. The product on profinite words is the dual of the residuation operations on regular languages.

Assurance is a demonstration that a complex system (such as a car or a communication network) possesses an importantproperty, such as safety or security, with a high level of confidence. In contrast to currently dominant approaches to building assurance cases, which are focused on goal structuring and/or logical inference, we propose considering assurance as a model transformation (MT) enterprise: saying that a system possesses an assured property amounts to saying that a particular assurance view of the system comprising the assurance data, satisfies acceptance criteria posed as assurance constraints. While the MT realizing this view is very complex, we show that it can be decomposed into elementary MTs via a hierarchy of refinement steps. The transformations at the bottom level are ordinary MTs that can be executed for data specifying the system, thus providing the assurance data to be checked against the assurance constraints. In this way, assurance amounts to traversing the hierarchy from the top to the bottom and assuring the correctness of each MT in the path. Our approach has a precise mathematical foundation (rooted in process algebra and category theory) -a necessity if we are to model precisely and then analyze our assurance cases. We discuss the practical applicability of the approach, and argue that it has several advantages over existing approaches.

Detecting functional errors on generic hardware components is often a complex task. This task becomes more complex in a componentwise approach when analyzing components without their embedded context that is the entire system description. In this paper, we propose a methodology that successfully detects just from the component's description a pure functional error that neither extensive tests nor formal methods could find.

We present a verification environment for imperative programs (using Hoare logic) and for functional programs (using fixpoint theory) in the frame of the Theorema system (www.theorema.org). In particular, we discuss some methods for finding the invariants of loops and specifications of auxiliary tail recursive functions. These methods use techniques from (polynomial) algebra and combinatorics, namely Groebner bases, variable elimination and symbolic summation (the Gosper algorithm, the technique of generating functions). The methods are demonstrated on several examples which have been treated automatically by our implementation.

We present an experimental prototype environment for defining and verifying recursive functional programs, which is part of the Theorema system. A distinctive feature of our approach is the hint on "what is wrong" in case of a verification failure. The prototype is designed in order to improve the education of future software engineers by exposing them to successful examples of using formal methods (and in particular automated reasoning) for the verification and the debugging of concrete programs.

We report work concerning the theoretical basis and the imple-mentation in the Theorema system of a methodology for the gen-eration of verification conditions for recursive procedures, with the aim of practical verification of recursive programs. We develop a method for proving total correctness properties of programs which have simple functional recursive definitions, and we discuss its dif-ferent aspects. We also define a class of programs for which the method is complete and we give a detailed proof of the complete-ness statement.

We present a method for verifying recursive functional pro-grams. We define a Verification Condition Generator (VCG) which covers the most frequent types of recursive programs. These programs may op-erate on arbitrary domains. Soundness and Completeness of the VCG are proven on the meta level, and this provides a warranty that any system based on our results will be sound.

We present a verification environment for imperative pro- grams (using Hoare logic) and for functional programs (using fixpoint theory) in the frame of the Theorema system (www.theorema.org). In particular, we discuss some methods for finding the invariants of loops and of specifications of auxiliary tail recursive functions. These meth- ods use algorithms from (polynomial) algebra and combinatorics, namely Groebner bases,

We study and implement concrete methods for the verification of both imperative as well as functional programs in the frame of the Theorema system. The distinctive features of our approach consist in the automatic generation of loop invariants (by using combinatorial and algebraic techniques), and the generation of verification conditions as first-order logical formulae which do not refer to a specific model of computation.

We report work in progress concerning the theoretical basis and the implementation in the Theorema system of a methodology for the generation of verification conditions for recursive procedures, with the aim of practical verification of recursive programs. Proving total correctness is achieved by proving separately partial correctness and then termination. We develop a pattern for proving partial correctness properties of programs which have simple functional recursive definitions, and we discuss how this can be extended to recursive programs having multiple recursive calls. The method for proving partial correctness is based on Scott Induction, from which we extract the essential features. Furthermore we develop a pattern for proving termination of simple recursive functional programs, uder the assumption that total correctness of all the auxiliary functions used in the program definition is provided. Combining the verification conditions from the two parts (partial correctness and termination) we construct verification conditions for proving total correctness.

We report work in progress concerning the theoretical basis and the implementation in the Theorema system of a methodology for the generation of verification conditions for recursive procedures, with the aim of practical verification of recursive programs. Proving total correctness is achieved by proving separately partial correctness and then termination. In contrast to other approaches, which use a special theory describing the behavior of programs, we use such a theory only "in the background", for developing a general rule for generating verification conditions, while the conditions themselves are presented (and provable) using the theories relevant to the program text only. This is very important for automatic proving, since it reduces significantly the effort of the provers. We performed practical experiments in which various programs are completely verified using the verification condition generator and the provers of the Theorema system.

When generating verification conditions for a program, one is faced with one major task, namely with the situation when some additional assertions are needed (e.g. loop invariants). These assertions have the property that either they are invariant during execution of the program, or they depend on some other invariant properties. Therefore, automated formal verification is sensitive to the automated generation of invariants. In this paper, we present an alternative to expecting programmers to fully annotate code with invariants, namely a method for automatic generation of invariants from the program itself, using combinatorial algorithms and equational elimination, as well as an ongoing research work with some results based on applications of polynomial ideal theory. The implementation and the verification process is done in a prototype verification condition generator for imperative programs, which is part of the Theorema system, a computer aided mathematical assistant that offers automated reasoning and computer algebra facilities for the working mathematician. The verification conditions for programs containing loops are generated fully automatically, in a form which can be immediately used by the automatic provers of Theorema in order to check whether they hold. We illustrate the effectiveness of our method by few examples.

We present a method that generates automatically algebraic invariant properties of a loop. The implementation and verification process is done in a prototype verification condition generator for imperative programs. This verification tool is integrated into the overall framework of the Theorema system, which is based on a version of higher order predicate logic and includes verification procedures for functional and rewrite algorithms but also for procedural programs. The main contribution of this paper is the algorithm that generates invariants for loops with conditionals. In the proposed algorithm program analysis is performed in order to transform the code into a form for which algebraic and combinatorial techniques (symbolic summation, variable elimination, polynomial algebra) can be applied to obtain an invariant property. The application of the method is demonstrated in few examples.

An approach utilizing combinatorics, algebraic methods and logic is presented for generating polynomial loop invariants for a family of imperative programs operating on numbers. The approach has been implemented in the Theorema system, which seems ideal for such an integration given that it is built on top of the computer algebra system Mathematica, has a theorem prover for first-order logic as well as for mechanizing induction. These invariant assertions are then used for generating the necessary verification conditions as first-order logical formulae, based on Hoare logic and the weakest precondition strategy. The approach has been successfully tried on many programs implementing interesting number theoretic algorithms. It is also shown that for a subfamily of loops, called P-solvable loops, the approach is complete in generating polynomial equations as invariants.

We present a verification environment for imperative programs (using Hoare logic) and for functional programs (using fixpoint theory) in the frame of the Theorema system (www.theorema.org). In particular, we discuss some methods for finding the invariants of loops and specifications of auxiliary tail recursive functions. These methods use techniques from (polynomial) algebra and combinatorics, namely Groebner bases, variable elimination and symbolic summation (the Gosper algorithm, the technique of generating functions). The methods are demonstrated on several examples which have been treated automatically by our implementation.

We present the design and the implementation of a prototype verification condition generator for imperative programs. The generator is part of the Theorema system, a computer aided mathematical assistant which offers automated reasoning and computer algebra facilities. We use Hoare Logic and the weakest precondition strategy, but in addition we propose a novel method for analyzing loop constructs by aid of algebraic computations: combinatorial summation and equational elimination. The verification conditions and the termination term for programs containing loops and procedure calls are generated fully automatically, in a form which can be immediately used by the automatic provers of Theorema in order to check whether they hold.

We present an algorithm for finding valid polynomial relations (i.e. invariants) among program variables for imperative loops. The algorithm is implemented in the verification environment for imperative programs (using Hoare logic) in the frame of the Theorema system (www.theorema.org). The algorithm uses techniques from (polynomial) algebra and combinatorics, namely Gröbner Bases, variable elimination, algebraic dependencies and symbolic summation (the Gosper algorithm, handling geometric series, C-finite solving). These methods are demonstrated on several examples which have been treated automatically by our implementation.

This chapter looks at these issues in process algebras. As a canonical example we look at CSP, but we also discuss CCS and LOTOS. The link to the semantics is made to Chap. 1 as well as elements of Chap. 5. Process algebras describe a system in terms of interacting components which evolve concurrently. The components are called processes. The use of the word algebra refers to the fact that these languages are often equipped with a rich algebraic theory in terms of laws giving equivalence of processes. The alternative term of "process calculi" is sometimes used. CSP (for Communicating Sequential Processes) describes a system as a collection of interacting communicating components running concurrently. The components are called processes, and the interaction between them is in terms of the synchronisation on events. We will think of a process as a self-contained component with an interface, through which it interacts with the environment, and the interface is described as a set of events. Events are instantaneous and atomic, just as the actions in a labelled transition system. Notation: We will use the following notation. Σ is the set of all possible events. will be a termination event, not in Σ. We define the set Σ to be Σ ∪ { } (and similarly for A ). TRACE is the set of all traces over Σ . As usual traces(P) is the set of all finite traces of a process P. Processes are described by guarded equations as in the following small example (c.f. Fig. 1.1 in Chap. 1): V M = pound →((coffee_button → coffee → stop) (tea_button → tea → stop))

This paper discusses the refinement of systems specified in Z when we relax the assumption that the refinement will preserve the atomicity of operations. Data refinement is a well established technique for transforming specifications of abstract data types into ones which are closer to an eventual implementation. To verify a refinement a retrieve relation is used which relates the concrete to abstract states and allow the comparison between the data types to be made on a step by step basis by comparing an abstract operation with its concrete counterpart. A step by step comparison is possible because the two abstract data types are assumed to be conformal, i.e. there is a one-one correspondence between abstract and concrete operations, so each abstract operation has a concrete counterpart. In this paper we relax that assumption to discuss refinements where an abstract operation is refined by, not one, but a sequence of concrete operations. Such non-conformal or non-atomic refinements arise naturally in a number of settings and we illustrate our derivations with a simple example of a bank accounting system.

We give an algebraic characterization of a new variety of languages that will be called bilateral locally testable languages and denoted as BLT. Given k ¿ 0, the membership of a word x to a BLT (k-BT) language can be decided by means of exploring the segments of length k of x, as well as considering the order of appearance of those segments when we scan the preÿxes and the su xes of x. In this paper, we also characterize the syntactic semigroup of BLT languages in terms of the equations of the variety they belong to, as well as in terms of the join of two previously studied varieties.

A system supporting video on demand is modeled in the process calculus CCS (Calculus of Communicating Systems), while some properties are expressed in a temporal logic and verified by means of the model checkers of the North Carolina Concurrency Workbench. This application was chosen as a case study to evaluate the usefulness of a methodology, by means of which a property is checked on reduced models obtained issuing abstractions of the system on the basis of the formula. Experimental results are shown and discussed.

In model checking environments, system requirements are usually expressed by means of temporal logic formulas. We propose a user-friendly interface (UFI) with the aim of simplifying the writing of concurrent system properties. The tool is endowed with a graphical interface that supplies a set of patterns from the natural language; the defined patterns constitute a logic (UFL) that is adequate to express the classes of properties usually checked on actual systems. Moreover, UFI is integrated with the CWB-NC tool-kit which is a verification environment based on process algebras and the mu-calculus temporal logic; UFI supports the automatic translation of UFL formulas into mu-calculus formulas and save the translation in the format required by the CWB-NC. Nevertheless, UFI is a flexible tool that can be easily integrated with other environments.