We present an approach for producing oracles from TLA (temporal logic of action) specification of a system. Such oracles are useful, for monitoring purposes, to detect temporal faults by checking a running implementation of a system against a verified behavioral model. We use the Ben-Ari classical incremental garbage collection algorithm for illustration.
我们提出了一种从系统的TLA (temporal logic of action)规范中生成oracle的方法。从监控的角度来看,这样的oracle非常有用,可以通过对照已验证的行为模型检查系统的运行实现来检测时间错误。我们使用Ben-Ari经典增量垃圾收集算法进行说明。
{"title":"On monitoring concurrent systems with TLA: an example","authors":"N. Rivierre, F. Horn, F. Tran","doi":"10.1109/ACSD.2005.29","DOIUrl":"https://doi.org/10.1109/ACSD.2005.29","url":null,"abstract":"We present an approach for producing oracles from TLA (temporal logic of action) specification of a system. Such oracles are useful, for monitoring purposes, to detect temporal faults by checking a running implementation of a system against a verified behavioral model. We use the Ben-Ari classical incremental garbage collection algorithm for illustration.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126058333","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We provide an automata-theoretic solution to one of the main open questions about the UML standard, namely how to assign a formal semantics to a set of sequence diagrams without compromising refinement? Our solution relies on a rather obvious idea, but to our knowledge has not been used before in this context: that bad and good sequence diagrams in the UML standard should be regarded as safety and liveness properties, respectively. Proceeding in this manner, we obtain a semantics that essentially complements the set of behaviors associated with the set of sequence diagrams, thereby allowing us to use the standard notion of refinement as language inclusion. We show that refinement in this setting is compositional with respect to sequential composition, alternative composition, parallel composition, and star+ composition.
{"title":"Safety-liveness semantics for UML 2.0 sequence diagrams","authors":"R. Grosu, S. Smolka","doi":"10.1109/ACSD.2005.31","DOIUrl":"https://doi.org/10.1109/ACSD.2005.31","url":null,"abstract":"We provide an automata-theoretic solution to one of the main open questions about the UML standard, namely how to assign a formal semantics to a set of sequence diagrams without compromising refinement? Our solution relies on a rather obvious idea, but to our knowledge has not been used before in this context: that bad and good sequence diagrams in the UML standard should be regarded as safety and liveness properties, respectively. Proceeding in this manner, we obtain a semantics that essentially complements the set of behaviors associated with the set of sequence diagrams, thereby allowing us to use the standard notion of refinement as language inclusion. We show that refinement in this setting is compositional with respect to sequential composition, alternative composition, parallel composition, and star+ composition.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122987640","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Asynchronous data communication mechanisms (ACMs) have been extensively studied as data connectors between independently timed processes in digital systems. In previous work, systematic ACM synthesis methods have been proposed. In this paper, we advance this work by developing algorithms and software tools which automate the major part of the ACM synthesis process. Firstly, an interleaving specification is constructed in the form of a state graph, and secondly, a Petri net model of an "ACM-type" is derived using the notion of an ACM-region. The method is applied to a number of "standard" writing and reading policies of ACMs with shared memory and unidirectional control variables.
{"title":"Automating synthesis of asynchronous communication mechanisms","authors":"K. Gorgônio, J. Cortadella, F. Xia, A. Yakovlev","doi":"10.1109/ACSD.2005.5","DOIUrl":"https://doi.org/10.1109/ACSD.2005.5","url":null,"abstract":"Asynchronous data communication mechanisms (ACMs) have been extensively studied as data connectors between independently timed processes in digital systems. In previous work, systematic ACM synthesis methods have been proposed. In this paper, we advance this work by developing algorithms and software tools which automate the major part of the ACM synthesis process. Firstly, an interleaving specification is constructed in the form of a state graph, and secondly, a Petri net model of an \"ACM-type\" is derived using the notion of an ACM-region. The method is applied to a number of \"standard\" writing and reading policies of ACMs with shared memory and unidirectional control variables.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"31 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129726406","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents our approach to model distributed discrete event simulation systems in the framework of distributed graph transformation. We use distributed typed attributed graph transformation to describe a conservative simulation protocol. We use local control flows for rule execution in each process, as the use of a global control would imply a completely synchronized evolution of all processes. These are specified by a Statechart in which transitions are labelled with rule executions. States are encoded as process attributes, in such a way that rules are only applicable if the process is in a particular state. For the analysis, we introduce a flattening construction as a functor from distributed to normal graphs. Global consistency conditions can be defined for normal graphs which specify safety properties for the protocol. Once the flattening construction is applied to each rule, the global conditions can then be translated into pre-conditions for the protocol rules, which ensure that the protocol fulfils the global constraints in any possible execution. Finally, the paper also discusses tool support using the AToM/sup 3/ environment.
{"title":"Modelling and analysis of distributed simulation protocols with distributed graph transformation","authors":"J. Lara, G. Taentzer","doi":"10.1109/ACSD.2005.27","DOIUrl":"https://doi.org/10.1109/ACSD.2005.27","url":null,"abstract":"This paper presents our approach to model distributed discrete event simulation systems in the framework of distributed graph transformation. We use distributed typed attributed graph transformation to describe a conservative simulation protocol. We use local control flows for rule execution in each process, as the use of a global control would imply a completely synchronized evolution of all processes. These are specified by a Statechart in which transitions are labelled with rule executions. States are encoded as process attributes, in such a way that rules are only applicable if the process is in a particular state. For the analysis, we introduce a flattening construction as a functor from distributed to normal graphs. Global consistency conditions can be defined for normal graphs which specify safety properties for the protocol. Once the flattening construction is applied to each rule, the global conditions can then be translated into pre-conditions for the protocol rules, which ensure that the protocol fulfils the global constraints in any possible execution. Finally, the paper also discusses tool support using the AToM/sup 3/ environment.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128055668","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Message sequence charts (MSC) are a graphical notation standardized by the ITU and used for the description of communication scenarios between asynchronous processes. This talk concerns the formal analysis of MSC-based specifications in relation with communicating finite-state machines. We discuss two basic validation problems about MSCs specifications, model-checking and implementability.
{"title":"Message sequence charts: a survey","authors":"B. Genest, A. Muscholl","doi":"10.1109/ACSD.2005.25","DOIUrl":"https://doi.org/10.1109/ACSD.2005.25","url":null,"abstract":"Message sequence charts (MSC) are a graphical notation standardized by the ITU and used for the description of communication scenarios between asynchronous processes. This talk concerns the formal analysis of MSC-based specifications in relation with communicating finite-state machines. We discuss two basic validation problems about MSCs specifications, model-checking and implementability.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125661227","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Dead-path-elimination (DPE) is a key ingredient of the business process execution language for Web services (BPELAWS). In this paper, we introduce a small language called the BPE-calculus which contains those constructs of BPELAWS that are most relevant to DPE. We present three models for the BPE-calculus: one without DPE, one with DPE, and one with our proposed modification of DPE. We formulate a condition and show that it is sufficient and necessary for (modified) DPE to be free of (unintended) side effects. More precisely, we prove the following two properties. First of all, if the condition is satisfied, then the behaviour of a BPE-process is the same in the model without DPE and the model with (modified) DPE. Secondly, if the condition is not satisfied, then we can construct a BPE-process that behaves differently in the models. As a consequence, if the condition is satisfied, then DPE becomes an optimisation. In that case, programmers can ignore DPE and, hence, programming in BPELAWS becomes simpler.
{"title":"Dead-path-elimination in BPEL4WS","authors":"F. Breugel, M. Koshkina","doi":"10.1109/ACSD.2005.11","DOIUrl":"https://doi.org/10.1109/ACSD.2005.11","url":null,"abstract":"Dead-path-elimination (DPE) is a key ingredient of the business process execution language for Web services (BPELAWS). In this paper, we introduce a small language called the BPE-calculus which contains those constructs of BPELAWS that are most relevant to DPE. We present three models for the BPE-calculus: one without DPE, one with DPE, and one with our proposed modification of DPE. We formulate a condition and show that it is sufficient and necessary for (modified) DPE to be free of (unintended) side effects. More precisely, we prove the following two properties. First of all, if the condition is satisfied, then the behaviour of a BPE-process is the same in the model without DPE and the model with (modified) DPE. Secondly, if the condition is not satisfied, then we can construct a BPE-process that behaves differently in the models. As a consequence, if the condition is satisfied, then DPE becomes an optimisation. In that case, programmers can ignore DPE and, hence, programming in BPELAWS becomes simpler.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125839321","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we develop a method for analysing and comparing the performance of different testing techniques for concurrent systems, and use it to give some evidence that the so-called "exploration testing" finds errors faster than traditional testing based on test cases. We model the system under test as a state space with a weight and cost assigned to each transition, and find the probability and expected cost of reaching terminal states. From this information, the probabilities and expected costs of finding errors using each method can be computed. A drawback of our method is that it is not feasible for arbitrarily large systems, but, in return, it gives results much quicker and with much higher precision than possible by running actual tests.
{"title":"A method for analysing the performance of certain testing techniques for concurrent systems","authors":"Timo Kellomäki, A. Valmari","doi":"10.1109/ACSD.2005.1","DOIUrl":"https://doi.org/10.1109/ACSD.2005.1","url":null,"abstract":"In this paper we develop a method for analysing and comparing the performance of different testing techniques for concurrent systems, and use it to give some evidence that the so-called \"exploration testing\" finds errors faster than traditional testing based on test cases. We model the system under test as a state space with a weight and cost assigned to each transition, and find the probability and expected cost of reaching terminal states. From this information, the probabilities and expected costs of finding errors using each method can be computed. A drawback of our method is that it is not feasible for arbitrarily large systems, but, in return, it gives results much quicker and with much higher precision than possible by running actual tests.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130030104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We present a bundled data communication scheme that is robust to crosstalk effects, and to manufacturing and environmental variations. Unlike a data bus, where each receiver always connects to all data lines from the sender, we consider the case where each receiver can have a subset of all data lines routed to it. Such generalization can be used for a bundled data communication method applicable to both local and global communication. It can be used to make a clock unnecessary in a design. It also leads to a new routing problem for which we present an algorithm based on MRSA tree construction to solve it.
{"title":"Gaining predictability and noise immunity in global interconnects","authors":"Yinghua Li, A. Kondratyev, R. Brayton","doi":"10.1109/ACSD.2005.19","DOIUrl":"https://doi.org/10.1109/ACSD.2005.19","url":null,"abstract":"We present a bundled data communication scheme that is robust to crosstalk effects, and to manufacturing and environmental variations. Unlike a data bus, where each receiver always connects to all data lines from the sender, we consider the case where each receiver can have a subset of all data lines routed to it. Such generalization can be used for a bundled data communication method applicable to both local and global communication. It can be used to make a clock unnecessary in a design. It also leads to a new routing problem for which we present an algorithm based on MRSA tree construction to solve it.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"71 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130731078","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
An asynchronous wrapper of a fabricated GALS system is analyzed for hazards. For this purpose a Petri net based modelling approach of this GALS wrapper is presented. In our model the question whether a hazard can occur in a gate is reduced to a model checking problem: the reachability of a particular marking in the Petri net. In order to alleviate state space explosion two techniques to reduce the model's state space are presented. By use of these techniques we detected several potential hazards and a deadlock in the wrapper.
{"title":"Hazard detection in a GALS wrapper: a case study","authors":"C. Stahl, W. Reisig, M. Krstic","doi":"10.1109/ACSD.2005.20","DOIUrl":"https://doi.org/10.1109/ACSD.2005.20","url":null,"abstract":"An asynchronous wrapper of a fabricated GALS system is analyzed for hazards. For this purpose a Petri net based modelling approach of this GALS wrapper is presented. In our model the question whether a hazard can occur in a gate is reduced to a model checking problem: the reachability of a particular marking in the Petri net. In order to alleviate state space explosion two techniques to reduce the model's state space are presented. By use of these techniques we detected several potential hazards and a deadlock in the wrapper.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132993100","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
We describe a toolbox for the analysis of systems-on-a-chip described in SystemC at the transactional level. The tools are able to extract information from SystemC code, and to build a set of parallel automata that capture the semantics of a SystemC design, including the transaction-level specific constructs. As far as we know, this provides the first executable formal semantics of SystemC. Being implemented as a traditional compiler front-end, it is able to deal with general SystemC designs. The intermediate representation is now connected to existing formal verification tools via appropriate encodings. The toolbox is open and other tools will be used in the future.
{"title":"LusSy: a toolbox for the analysis of systems-on-a-chip at the transactional level","authors":"M. Moy, F. Maraninchi, L. Maillet-Contoz","doi":"10.1109/ACSD.2005.23","DOIUrl":"https://doi.org/10.1109/ACSD.2005.23","url":null,"abstract":"We describe a toolbox for the analysis of systems-on-a-chip described in SystemC at the transactional level. The tools are able to extract information from SystemC code, and to build a set of parallel automata that capture the semantics of a SystemC design, including the transaction-level specific constructs. As far as we know, this provides the first executable formal semantics of SystemC. Being implemented as a traditional compiler front-end, it is able to deal with general SystemC designs. The intermediate representation is now connected to existing formal verification tools via appropriate encodings. The toolbox is open and other tools will be used in the future.","PeriodicalId":279517,"journal":{"name":"Fifth International Conference on Application of Concurrency to System Design (ACSD'05)","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129114705","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: