A theory of normed simulations

Griffioen, David; Vaandrager, Frits

doi:10.1145/1024922.1024923

Cited by 6 publications

(8 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We refer the reader to [17,20] for details. The conditions can be verified using theorem provers such as PVS [47].…”

Section: Mechanization Of Our Methodsmentioning

confidence: 99%

“…The conditions can be verified using theorem provers such as PVS [47]. For lack of space, we omit an extended discussion of these issues, which can be found, for example, in [20]. That paper presents normed simulations, where the existence of a finite execution fragment at the abstract level that matches a concrete transition is replaced by the existence of either a single matching transition, or an internal transition that decreases a supplied norm (a function over a well-founded domain).…”

Section: Mechanization Of Our Methodsmentioning

confidence: 99%

See 1 more Smart Citation

On the refinement of liveness properties of distributed systems

Attie

2011

Form Methods Syst Des

View full text Add to dashboard Cite

We present a new approach, based on simulation relations, for reasoning about liveness properties of distributed systems. Our contribution consists of (1) a formalism for defining liveness properties, (2) a proof method for liveness properties based on that formalism, and (3) two expressive completeness results: our formalism can express any liveness property which satisfies a natural "robustness" condition; and also any liveness property at all, provided that history variables can be used. To define liveness, we generalize complemented-pairs (Streett) automata to an infinite state-space, and an infinite number of complemented-pairs. Our proof method provides two techniques: one for refining liveness properties across levels of abstraction, and another for refining liveness properties within a level of abstraction. The first is based on extending simulation relations so that they relate the liveness properties of an abstract automaton to those of a concrete automaton. The second is based on a deductive method for inferring new liveness properties of an automaton from already established liveness properties of the same automaton. This deductive method is diagrammatic, and is based on constructing "lattices" of liveness properties.

show abstract

“…We refer the reader to [17,20] for details. The conditions can be verified using theorem provers such as PVS [47].…”

Section: Mechanization Of Our Methodsmentioning

confidence: 99%

Section: Mechanization Of Our Methodsmentioning

confidence: 99%

On the refinement of liveness properties of distributed systems

Attie

2011

Form Methods Syst Des

View full text Add to dashboard Cite

show abstract

“…One may replace the integers in (SF1) by a well-founded partial order as in Ladkin et al [16,Fig. 21], Manolios [20], and Griffioen and Vaandrager [5]. This gives somewhat more flexibility, but it is also semantically equivalent.…”

Section: Stuttering Forward Simulationsmentioning

confidence: 99%

“…Note that there are numerous related notions of simulations and bisimulations for transition systems, automata, process algebra terms, Kripke structures etc., cf. Milner [21], Park [24], Lynch and Vaandrager [18], de Nicola and Vaandrager [3], van Glabbeek and Weijland [26], Attie [2], Manolios [20], Griffioen and Vaandrager [5], Nejati et al [22], but in none of these papers arbitrary liveness properties are taken care of.…”

Section: Introductionmentioning

confidence: 99%

Universal extensions to simulate specifications

Hesselink

2008

Information and Computation

View full text Add to dashboard Cite

A previous paper introduced eternity variables as an alternative to the prophecy variables of Abadi and Lamport and proved the formalism to be semantically complete: every simulation F: K − L that preserves quiescence contains a composition of a history extension, an extension with eternity variables, and a refinement mapping. This result is strengthened here in three ways.First, the assumption of preservation of quiescence is eliminated. Second, it is shown that the intermediate extension only depends on K, and is independent of L and F. Third, in order to accommodate implementation relations where the concrete specification (occasionally) does fewer steps than the abstract specification, we weaken the concept of simulation, in such a way that it precisely corresponds to the implementation concept of Abadi and Lamport. We add stuttering history extensions to the repertoire of variable extensions, and show that this extended repertoire suffices to factorize an arbitrary (weakened) simulation.The proofs have been verified with the theorem prover PVS. The methodology of using eternity extensions in correctness proofs is briefly discussed.

show abstract

“…The idea to use simulations (or refinements) as a compositional abstraction device is well-known, both in untimed and timed settings, and has already been studied theoretically and practically in many papers during the last three decades, see for instance [28,23,19,26,22,20,1,27,16,17,14,12,21]. Nevertheless, when we attempted to apply these existing approaches to fight state space explosions in a model of an industrial protocol [13], we ran into the problem that these approaches do not handle two fundamental modeling concepts that are frequently used in Uppaal.…”

Section: Introductionmentioning

confidence: 99%

Compositional Abstraction in Real-Time Model Checking

Berendsen

Vaandrager

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. The idea to use simulations (or refinements) as a compositional abstraction device is well-known, both in untimed and timed settings, and has already been studied theoretically and practically in many papers during the last three decades. Nevertheless, existing approaches do not handle two fundamental modeling concepts which, for instance, are frequently used in the popular Uppaal model checker: (1) a parallel composition operator that supports communication via shared variables as well as synchronization of actions, and (2) committed locations. In this paper, we describe a framework for compositional abstraction based on simulation relations that does support both concepts, and that is suitable for Uppaal. Our approach is very general and the only essential restriction is that the guards of input transitions do not depend on external variables. We have applied our compositional framework to verify the Zeroconf protocol for an arbitrary number of hosts.

show abstract

A theory of normed simulations

Cited by 6 publications

References 39 publications

On the refinement of liveness properties of distributed systems

On the refinement of liveness properties of distributed systems

Universal extensions to simulate specifications

Compositional Abstraction in Real-Time Model Checking

Contact Info

Product

Resources

About