A Modern Mathematical Theory of Co-operating State Machines
|
|
- Jocelyn Webb
- 5 years ago
- Views:
Transcription
1 201 A Modern Mathematical Theory of Co-operating State Machines Antti Valmari Abstract Valmari, Antti (2005). A Modern Mathematical Theory of Co-operating State Machines In Proceedings of the Algorithmic Information Theory Conference, Vaasa Proceedings of the University of Vaasa,Reports 124, Eds S. Hassi, V. Keränen, C.-G. Källman, M. Laaksonen, and M. Linna. In this work we apply theoretical results from so-called process algebras to state machines, and develop the theory further. State machines are a central concept in the development of telecommunication protocols and embedded software in practice. Unfortunately, the engineers notion of state machine is vague and varying. We hope that with the aid of our theory, engineers could improve their understanding of state machines and systems that consist of them, and thus become capable of designing better systems with less effort. This article focuses on the theoretical part of our endeavour. Antti Valmari, Institute of Software Systems, Tampere University of Technology, P.O. Box 553, FI Tampere, Finland, Antti.Valmari@tut.fi Keywords: Formal Systems. Mathematics Subject Classification (2000): 68Q85; 68N Introduction Process algebras were originated by Tony Hoare and Robin Milner around 1980, and have become an extensive research topic. Hoare s version is known as Communicating Sequential Processes or CSP. Roscoe (1998) is a good book about it. Milner s Calculus of Communicating Systems (CCS) is explained in Milner (1989). Process algebras were intended as theories of concurrency. Such theories have a lot of potential applications in the design of telecommunication systems, embedded software, and so on. Although many practice-oriented process-algebraic analysis methods and tools and even an ISO standard for notation, see Bolognesi, and Brinksma (1987) have been developed, process algebras have had very limited success in the industry. This is certainly to a large extent due to the fact that practical engineers use state machines
2 202 extensively, but the corresponding concept in process algebras is expressed with clumsy mysterious-looking algebraic notation, as was criticised by Karsisto (2003). Furthermore, giving a sound meaning to recursive algebraic definitions has been a major and mathematically demanding problem in process algebras. For explicit state machines this issue and thus much of process-algebraic literature is not relevant at all. Another problem is that process algebras put emphasis solely on actions, while engineers need actions, states, or both, depending on the application. Furthermore, there has been a proliferation of mutually inconsistent process-algebraic formalisations of the important notion of abstracted, or externally observable, behaviour, as evidenced by van Glabbeek (1993). This has caused a lot of confusion among (at least) the outsiders. Altogether, engineers cannot find what they need in process algebra literature, although much of it is there. It is often assumed that state machines can be understood in terms of the theory of finite automata. This is incorrect, mostly but not only because finite automata theory does not consider concurrently executing entities. An example of this can be seen in early versions of the widely used CCITT specification language SDL (see, e.g., Færgemand (1993)). In them, a system is modelled as a collection of Mealy machines with multiple output. Each machine has a single input queue. This model runs into big problems in certain common design situations, so an obscure save mechanism had to be added. As a whole, the design is absurd. The goal of this work is to develop a solid mathematical theory of co-operating state machines that can be easily applied to practical engineering needs. Its basic concepts should be simple and elegant but they need not be handy in practical engineering work, like in good fundamental theories and unlike in practical programming languages. This part of the theory is not meant for designing systems, but for understanding the fundamental concepts and phenomena. However, the theory should facilitate the introduction of powerful practical constructs, whose meaning can be defined via clear, straightforward mappings to the concepts of the theory. Our theory inherits a lot from process algebras. To meet engineering needs, concepts for talking about the properties of states were added. Furthermore, picking the right
3 203 pieces from the variety of possibilities offered by different process algebras was nontrivial, and putting the pieces together with each other and the state-related concepts required fine-tuning or even more work here and there. Although some details still need polishing, the big picture is clear enough for presentation. 2. Plain state machines We reserve the symbol τ for a special purpose that will be explained later. A plain state machine M can be defined as a tuple (S, Σ, Π,, val, Ŝ) whose components are as follows. S is a (not necessarily finite) set of states. Ŝ is the set of initial states and = Ŝ S. Σ is any set that does not contain τ, and it is known as the action alphabet. It will be important when defining the interaction of (plain) state machines with each other. The transition relation is any collection of triples of the form (s, a, s ), where s and s are states and either a = τ or a Σ. The middle element a is the label of the transition. The elements of the set Π are called state propositions, and val is a function from S to subsets of Π. We (unfortunately have to) assume that if ŝ 1 Ŝ and ŝ 2 Ŝ, then val(ŝ 1) = val(ŝ 2 ). Clearly S and induce a directed graph. The idea is, of course, that M starts its life in a nondeterministically chosen element of Ŝ, and repeatedly moves from one state to another along the elements of. If M is isolated, then it can freely choose from among the output transitions of its current state, but if it is connected to other state machines, then they may prevent M from executing transitions, as will be discussed later. The environment of M cannot block those transitions whose label is τ. M either makes infinitely many moves (one move for each natural number, to be more precise), or stops because of reaching a state without output transitions or because of the environment blocking all output transitions of the state. The label of a transition determines how the outside world sees the execution of the transition. If the label is τ, then the outside world does not see it at all (but may be able to see its consequences later on). The components Π and val model what the outsiders see of the state of M: val(s) lists precisely the state propositions that hold in s. This information is structured as a set of propositions mainly because later definitions need that. Furthermore, many
4 204 concurrency researchers use state-based formalisms that have Π and val with this structure, and no Σ (e.g., Browne, Clarke, and Grumberg (1988)). Such a system can be interpreted as a Kripke structure whose properties can be analysed with temporal logics. Those techniques naturally carry over to state machines. As was discussed in the introduction, process algebras have Σ but no Π. An important, partly open but fortunately not critical issue is what (or who) precisely are the outsiders that see the values val(s). Certainly one task of Π and val is to give the atomic entities, with which the correctness criteria of the system in question can be stated. For instance, the Π of a mutual exclusion system could consist of the propositions customer i is requesting for service and customer i is using the service for i {1, 2}. Then one can write (and hopefully verify) a formula stating that customers 1 and 2 are never simultaneously using the service, and if customer 1 is now requesting for the service, then it will be using the service in some future moment in time. Π and val are thus important for people who try to analyse the correctness of the system. What is open is whether it is reasonable to let other state machines of the system observe, or even block, transitions based on values of val(s). The current intuition is that it does not matter whether observing is allowed, but blocking should not be allowed. The important insight is that what the verifier should be shown of a state machine is a different issue from what the neighbouring state machines should be shown. Process algebras do not make this distinction, as they use actions for both roles. Most other theories fail to make this distinction, because they consider only closed systems, that is, all components of the system and even the necessary parts of its environment are in the model. Therefore, the nature of the connections between state machines is irrelevant for those theories. Unfortunately, a discussion on potential benefits of the distinction would require more background on abstract semantics (Section 6) than space allows. Nothing in the model corresponds to the final states of finite automata.
5 Co-operating plain state machines Let M 1,..., M n be plain state machines that we intend to connect together, and let s 1,..., s n be their current states. We assume that their Π s are mutually disjoint. Our theory uses the simple form of interaction where the system can make a transition to s 1,..., s n with the label a, if and only if either a τ, (s i, a, s i) is a transition for those M i to whose action alphabet a belongs, and s i = s i for the remaining M i ; or a = τ, some M i has the transition (s i, τ, s i), and s j = s j for the remaining M j. This kind of interaction is synchronous in the sense that an interaction consists of all participating state machines executing an action simultaneously. Process algebras use synchronous interaction, although often not this precise form. Long experience has shown that synchronous interaction is entirely general in the sense that all other forms of interaction can be easily modelled with it, whereas constructing synchronous interaction from other forms is often difficult or impossible. (This result relies on the assumption that more than two entities can participate the same interaction, and all of them may freely have alternative transitions from their current state, including alternative interactions. CCS does not satisfy the former, see Milner (1989).) For instance, communication via message queues is modelled by treating the queue as a state machine in its own right, with whom first the sending state machine and later on the receiving state machine interacts. The intuitively natural notions of input and output prove to be certain kinds of roles in restricted forms of synchronous interaction. Let us consider the communication of a value from the range 0, 1,..., 9. Ten different actions, say a0, a1,..., a9, are reserved for the purpose. A state machine O that is ready to output has one transition from its current state, and its label corresponds to the value that it wants to output. For instance, if O wants to output the value 6, then the label is a6. A state machine I that is ready to input has a transition for each label from its current state, and they lead to different states. If O and I are connected together, they execute synchronously their a6-labelled transitions. Thus O determines the value that is communicated, and the value determines the next state of I.
6 206 All this indicates that synchronous interaction is the fundamental form of interaction. The precise form of synchronous interaction presented above is common but not pervasive in process algebras. It was chosen, because intuitively it looks more fundamental than alternative forms. Together with two other natural process-algebraic operations, namely relational renaming and hiding, quite complicated synchronous interaction schemes can be easily built from it (with potential exponential blow-up), as was demonstrated by Karsisto (2003). They include all that are commonly used in process algebras. Furthermore, Valmari, and Kervinen (2002) proved that a certain natural family of problems is PSPACE-complete with it, but EXPSPACE-complete with its common alternatives. This is rather concrete complexity-theoretic evidence. The parallel composition operator of Karsisto (2003) is an example of a powerful, practice-oriented engineering construct whose meaning is defined in terms of the basic concepts of the theory via a clear mapping. The result of connecting M 1,..., M n together is a plain state machine, namely the one with S = S 1 S n, Σ = Σ 1 Σ n, Π = Π 1 Π n, consists of the transitions explained above, val((s 1,..., s n )) = val 1 (s 1 ) val n (s n ), and Ŝ = Ŝ1 Ŝn. It is common to use a refined definition where those states and their evaluations and adjacent transitions are thrown away, which cannot be reached from any element of Ŝ via zero or more elements of. This operation is usually denoted with the expression M 1 M n. There are also other operators, although we skip them here. With and them, one can write an expression that describes how the system is built from individual state machines, and formally produces a state machine. This state machine represents or is the behaviour of the system. 4. Equivalence of state machines at detailed level It is very generally accepted in process algebras and to some extent also elsewhere (e.g., Browne et al. (1988)) that the right notion to compare state machines at this level of treatment is bisimilarity, also known as strong bisimilarity. Two state machines
7 207 M i = (S i, Σ i, Π i, i, val i, Ŝi) are bisimilar if and only if Σ 1 = Σ 2, Π 1 = Π 2, and there is a relation S 1 S 2 such that all of the following hold: For every element ŝ 1 of Ŝ1, there is an element ŝ 2 of Ŝ2 such that ŝ 1 ŝ 2. For every element ŝ 2 of Ŝ2, there is an element ŝ 1 of Ŝ1 such that ŝ 1 ŝ 2. If s 1 s 2, then val 1 (s 1 ) = val 2 (s 2 ). If (s 1, a, s 1) 1 and s 1 s 2, then there is an s 2 such that (s 2, a, s 2) 2 and s 1 s 2. If (s 2, a, s 2) 2 and s 1 s 2, then there is an s 1 such that (s 1, a, s 1) 1 and s 1 s 2. (We say that the latter transition (s 3 i, a, s 3 i) simulates the former transition (s i, a, s i).) The important remark in this context is that this equivalence is neither isomorphism, nor the language equivalence in finite automata theory. Bisimilarity can be thought of as a generalisation of isomorphism, where the bijection is replaced by the relation. Assume that is a relation that satisfies the last two items of the definition of under the assumption that S 1 = S 2, 1 = 2, val 1 = val 2 and Ŝ1 = Ŝ2 (that is, compares the states of a single state machine to each other). Then the largest exists and it is an equivalence. If, furthermore, each state is reachable from some initial state via transitions, then the result of merging the equivalence classes of the largest to single states is the unique smallest state machine that is bisimilar with the original one. 5. Adding variables Variables (in the sense used in conventional programming languages) are crucial from the practical engineering point of view. Fortunately, there is a pleasant way of adding them to our state machine formalism, which facilitates formal reasoning in their presence, while at the same time completely avoids issues regarding concrete syntax. We assume that each state has an associated set of variables, and each variable has an associated, nonempty set called its type. Furthermore, actions a (where a τ) are replaced by entities of the form a p 1,..., p k, where the p i are the parameters of the action. They represent values that the state machine communicates during an interaction. For instance, when talking about communication between a bankteller machine and the bank, it may be that a = withdrawal, p 1 is the account number,
8 208 and p 2 is the amount. We assume that there is some set U that contains at least all the values that are needed as p i. Let the types of the variables of the states s and s be T 1,..., T n and T 1,..., T m. A transition is now of the form (s, a, k, R, s ), where k is a natural number, and R T 1 T n U k T 1 T m. The interpretation is that the configuration consisting of the state s together with the values v 1,..., v n in its variables is really one state of a plain state machine known as the unfolded machine, and there is the transition from s v 1,..., v n to s v 1,..., v m with label a p 1,..., p k if and only if R(v 1,..., v n, p 1,..., p k, v 1,..., v m) holds. (Any experience with practical state machines entices to stipulate that the v h should be defined as a function of the v i and the p j, and those p j that represent output should be a function of the v i. Indeed, all earlier formalisms of this kind that I remember reflect this kind of thinking in one way or another. However, when modelling more and more systems, one eventually realises that these functions must sometimes be nondeterministic. So, it is better to replace them with a relation.) All the fancy notation used in practical state machine languages for specifying preconditions (or guards), transition-time assignments to variables, input parameters, output parameters and postconditions can now be thought of as means of specifying R. Thus the problem of choosing or designing a notation has been totally isolated from our theory of state machines. The designer of the notation need not know our theory, and we can continue without worrying about the notation. Unfolding is an old idea. Textbooks on Turing machines often say that some piece of information is stored in the finite control of the machine. That is unfolding. The semantics of Coloured Petri Nets has been defined via unfolding. The meaning of a state machine with variables is its unfolded plain state machine. Thus, variables can be thought of as just a notational convenience. However, it is relatively simple to define interconnection of state machines with variables (denoted here with ) such that unfold(m 1 M n ) = unfold(m 1 ) unfold(m n ) (where = denotes isomorphism), and the same holds for other common operators used in building systems. This makes it possible to lift formal results and reasoning to the
9 209 case where variables are present. The fact that practical (i.e., variable-containing) co-operating state machines can be formally combined to one (variable-containing) state machine is little known. It is true that combinations tend to grow quickly in size as more and more state machines are added. Even so, when the idea becomes more widely known, it will perhaps find important uses. 6. Externally observable behaviour An unparallelled aspect of process algebras is full abstraction (ACM (1991) mentions it among the reasons for giving the Turing award to Milner). Roughly speaking, it means that the behaviour of a component is described at such a level that everything, but nothing more, that is essential regarding its co-operation with other components which are unknown and may be just anything is presented. When a system is built from state machines one at a time, it is common that some actions that were needed for connecting state machines together are entirely uninteresting from a larger point of view. For instance, a person is interested in the actions that happen between her and the bankteller machine, and very interested in the actions that concern her bank account, but the activity in the telecommunication link that connects the bankteller machine to the bank is implementation technology that should do its duty out of sight. For this purpose, process algebras contain in one form or another a hiding operator, with which actions can be removed from the action alphabet, converting them to τ wherever they are used as transition labels. After hiding, instead of containing 73 properly named transitions between pressing the button and giving the money, the system shows 73 τ-transitions. To get rid of them, each process algebra contains an abstract semantics. A good start towards an abstract semantics is to mimic language equivalence of finite automata, with every state treated as a final state. We ignore the state propositions for the moment. Under this assumption, a trace of a plain state machine is any finite sequence that can be constructed by starting at any initial state, taking a finite number of successive transitions, writing down their labels, and removing all τ s from the result. Two plain
10 210 state machines with an empty Π are trace equivalent, iff they have the same action alphabet and same traces. Trace equivalence is, however, insufficient (even with an empty Π), because it throws away most information regarding deadlocks, livelocks and other situations where, although not providing any wrong service, the machine fails to provide the right service. Thus something must be added to the abstract semantics. (So we get away from the realm of finite automata theory.) Unfortunately, unanimity ends at this point. Literally hundreds of different abstract semantics have been suggested, representing different opinions as to what aspects of the behaviour of the system should be taken into account, and different solutions to the difficult problems that arise when trying to ensure nice mathematical properties for the semantics. (van Glabbeek (1993) lists quite a few semantics.) The most important property is that the equivalence induced by the semantics must be a congruence. That is, if M M and f(m) is a system containing M as a component, then it must hold that f(m ) f(m). This property is an essential ingredient of full abstraction. One major group of abstract equivalencies consists of Milner s (1989) observation equivalence and its variants. Let us write s =a 1 a n s whenever there is a path from state s to state s such that the sequence of the non-τ transition labels along the path is a 1 a n. (Thus the traces are { σ Σ ŝ Ŝ : s : ŝ =σ s }.) Observation equivalence, also known as weak bisimilarity, is defined like the strong bisimilarity of Section 4, except that instead of transitions (s i, a, s i) i, sequences s i =a s i are used, where a Σ or a = ε (the empty sequence). The definition may be written equivalently as stating that the (s i, a, s i) i are simulated by paths s 3 i =b s 3 i, where a = b Σ or a = τ and b = ε. Π-less state machines can be minimised and compared according to observation equivalence in polynomial time. This is because there is a polynomial time saturation operation whose output is observation equivalent to input such that saturated machines are observation equivalent if and only if they are strongly bisimilar. It consists of adding the transition (s, a, s ) wherever a Σ and s =a s ; and the transition (s, τ, s ) wherever s =ε s. The branching bisimilarity of van Glabbeek, and Weijland (1989) is strictly stronger than observation equivalence. In it, each (s 1, a, s 1) 1 is simulated either by
11 211 s 2 =ε s 2 and (s 2, a, s 2) 2, where s 2 is a state such that s 1 s 2; or by s 2 = s 2, in which case a must be τ. Of course, elements of 2 must be simulated in the same way by M 1. A saturated Π-less state machine is not necessarily branching bisimilar to the original one. Even so, polynomial time algorithms for minimisation and comparison are known. Branching bisimilarity is much less popular than observation equivalence, perhaps because of its later publication and more complicated definition. It has, however, the advantage that a variant of it preserves properties stated in the very natural and widely used state-based logic next-less CTL (De Nicola, and Vaandrager (1995)). No natural state-based logic counterpart for observation equivalence is known. Yet another popular group of semantics is built around the notion of (stable) failure. A stable failure is a pair (σ, A) such that σ is a trace of the Π-less state machine in question, A Σ, and the machine can execute σ so that it ends up in a state, none of whose outgoing transitions is labelled with an element of A {τ}. A failure is a related strictly weaker concept. Valmari (1995) proved that if one tries to generalise the notion of deadlock that is, a situation where the machine cannot do anything at all such that the resulting equivalence is a congruence, then stable failures are what one ends up with. The trace σ leads to a deadlock if and only if (σ, Σ) is a stable failure. (Stable) failures are a linear time notion in that, unlike observation equivalence and branching bisimilarity, they do not keep track of what alternative choices the Π-less state machine could have done in the middle of its execution. Consider a professor who sometimes drinks coffee and sometimes tea. Both stable failures and observation equivalence tell what she takes today, but only observation equivalence reveals whether she decided between tea and coffee before or after entering the cafeteria. The failures family of equivalences is complicated because of problems in dealing with livelocks or divergences. A divergence trace is such a trace that after at least one way of executing it, the Π-less state machine can execute an infinite sequence of τ-labelled transitions. One mathematically well-working possibility is to keep track of traces and stable failures and ignore divergences, see e.g., Roscoe (1998) or Valmari (1995). Then almost all information on livelocks is lost. In the solution known as catastrophic divergence those divergence traces are preserved whose proper prefixes are not divergence traces, and absolutely no information is preserved about the behaviour after
12 212 them. This solution is popular in the CSP world, because it gives unique meanings to recursive process-algebraic definitions. The Chaos-Free Failures Divergences (CFFD) semantics presented by Valmari, and Tienari (1991) preserves precise information on stable failures and divergence traces, but does not facilitate (easy) algebraic recursive definition of processes. With state machines this deficiency does not matter, however. To ensure the congruence property with infinite machines, infinite traces were later added to it. See Valmari (2000) for a discussion on CFFD and its relation to the semantics used with CSP. As defined above, observation equivalence and branching bisimilarity ignore divergences. They can be made divergence-sensitive in more than one way. Yet another source of diversity is a congruence problem that is related to the operators used for specifying alternative behaviours in process algebras. This semantics explosion is actually a consequence of the fact that concurrent systems are often nondeterministic. Namely, all semantics that were discussed in this section collapse to the same if the systems are deterministic in the following sense: there are neither τ-transitions from initial states nor divergence traces, and for every σ Σ and a Σ, if at least one way of executing σ from an initial state leads to a state s such that s =a, then the end state s of any way of executing σ from any initial state satisfies s =a. Here s =a denotes that there is some s such that s =a s. This notion of deterministic allows the presence of τ-transitions. No matter what semantics we choose, we still have the problem of extending it to a non-empty Π. The requirement that if s 1 s 2, then val(s 1 ) = val(s 2 ) works well with branching bisimilarity, provided that divergences are handled in a certain complicated way; but it does not work well with observation equivalence, and it does not apply to failure-based equivalences. Hansen, Virtanen, and Valmari (2003) solved the problem by replacing actions by pairs (a, P ) in the =σ -relation, where a is an action and P is the set of those state propositions, whose values change during the transition. One should also record val(ŝ) for each (equivalently, any) initial state ŝ. The earlier role of τ as the hidden action is now taken by the pair (τ, ); so, if P is non-empty, then (τ, P ) is included in the trace. It is important that the semantics keeps track of the changes of values of state propositions instead of the values per se, because that
13 213 gives us a unique value for no change, adequately with the goal of full abstraction. Naturally, we introduce a new operator for removing state propositions from Π and val. 7. Concluding remarks An area where the theory is still being developed further is the relation of state information to action information. It seems that Π and val can be reduced to transition labels in a certain precise sense. Such reduction would, on one hand, reveal whether letting state propositions affect synchronisation would change the expressible power of the formalism or invalidate important properties; and, on the other hand, greatly simplify the importing of more results from process algebras to the theory. This reduction also sheds new light on a result by Kaivola, and Valmari (1992) and Valmari (2000) on the relationship between well-known state-based logics and process-algebraic semantics. Many of the ideas in this work have been implemented in the Tampere Verification Tool of Virtanen, Hansen, Valmari, Nieminen, and Erkkilä (2004). The tool is being developed simultaneously with the theory. References ACM (1991). citations/milner.html Bolognesi, T. & E. Brinksma (1987). Introduction to the ISO Specification Language LOTOS. Computer Networks and ISDN Systems 14, Browne, M.C., E.M. Clarke & O. Grumberg (1988). Characterizing Finite Kripke Structures in Propositional Temporal Logic. Theoretical Computer Science 59, De Nicola, R. & F. Vaandrager (1995). Three Logics for Branching Bisimulation. Journal of the ACM 42:2, Færgemand, O. (1993). Introduction to SDL. Chapter 4 of K. Turner (ed.), Using Formal Description Techniques, Wiley. Hansen, H., H. Virtanen & A. Valmari (2003). Merging State-based and Action-based Verification. Proc. ACSD 03, Third International Conference on Application
14 214 of Concurrency to System Design, Guimaraes, Portugal, June 18 20, IEEE, Kaivola, R. & A. Valmari (1992). The Weakest Compositional Semantic Equivalence Preserving Nexttime-less Linear Temporal Logic. Proc. CONCUR 92, Third International Conference on Concurrency Theory. Lecture Notes in Computer Science 630, Springer-Verlag. Karsisto, K. (2003). A New Parallel Composition Operator for Verification Tools. Dr.Tech. Thesis, Tampere University of Technology Publications 420, Tampere, Finland, 114 p. Milner, R. (1989). Communication and Concurrency. Prentice-Hall, 260 p. Roscoe, A.W. (1998). The Theory and Practice of Concurrency. Prentice-Hall, 565 p. Valmari, A. (1995). The Weakest Deadlock-Preserving Congruence. Information Processing Letters 53, Valmari, A. (2000). A Chaos-Free Failures Divergences Semantics with Applications to Verification. Millennial Perspectives in Computer Science, Proc Oxford Microsoft Symposium in Honour of sir Tony Hoare, Palgrave. Valmari, A. & A. Kervinen (2002). Alphabet-Based Synchronisation is Exponentially Cheaper. Proc. CONCUR 2002 Concurrency Theory, 13th International Conference, Brno, Czech Republic, August Lecture Notes in Computer Science 2421, Springer-Verlag. Valmari, A. & M. Tienari (1991). An Improved Failures Equivalence for Finite-State Systems with a Reduction Algorithm. Proc. Protocol Specification, Testing and Verification XI, North-Holland. van Glabbeek, R. (1993). The Linear Time Branching Time Spectrum II: The Semantics of Sequential Systems with Silent Moves. Proc. CONCUR 93, Fourth International Conference on Concurrency Theory, Lecture Notes in Computer Science 715, Springer-Verlag. van Glabbeek, R. & P. Weijland (1989). Branching Time and Abstraction in Bisimulation Semantics (Extended Abstract). Proc. IFIP International Conference on Information Processing 89, North-Holland. Virtanen, H., H. Hansen, A. Valmari, J. Nieminen & T. Erkkilä (2004). Tampere Verification Tool. Proc. TACAS 2004, Tools and Algorithms for the Construction and Analysis of Systems, 10th International Conference, Barcelona, Spain, March 29 April 2, Lecture Notes in Computer Science 2988, Springer-Verlag.
The State Explosion Problem
The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis
More informationWhat You Must Remember When Processing Data Words
What You Must Remember When Processing Data Words Michael Benedikt, Clemens Ley, and Gabriele Puppis Oxford University Computing Laboratory, Park Rd, Oxford OX13QD UK Abstract. We provide a Myhill-Nerode-like
More informationStructure Preserving Bisimilarity,
Structure Preserving Bisimilarity, Supporting an Operational Petri Net Semantics of CCSP Rob van Glabbeek NICTA, Sydney, Australia University of New South Wales, Sydney, Australia September 2015 Milner:
More informationReview of The π-calculus: A Theory of Mobile Processes
Review of The π-calculus: A Theory of Mobile Processes Riccardo Pucella Department of Computer Science Cornell University July 8, 2001 Introduction With the rise of computer networks in the past decades,
More informationA Logical Viewpoint on Process-Algebraic Quotients
! A Logical Viewpoint on Process-Algebraic Quotients Antonín Kučera and avier sparza Faculty of nformatics, Masaryk University, Botanická 68a, 62 Brno, Czech Republic, nstitut für nformatik, Technische
More informationModels of Concurrency
Models of Concurrency GERARDO SCHNEIDER UPPSALA UNIVERSITY DEPARTMENT OF INFORMATION TECHNOLOGY UPPSALA, SWEDEN Thanks to Frank Valencia Models of Concurrency p.1/57 Concurrency is Everywhere Concurrent
More informationTemporal logics and explicit-state model checking. Pierre Wolper Université de Liège
Temporal logics and explicit-state model checking Pierre Wolper Université de Liège 1 Topics to be covered Introducing explicit-state model checking Finite automata on infinite words Temporal Logics and
More informationIntroduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either
Introduction to Temporal Logic The purpose of temporal logics is to specify properties of dynamic systems. These can be either Desired properites. Often liveness properties like In every infinite run action
More informationTrace Refinement of π-calculus Processes
Trace Refinement of pi-calculus Processes Trace Refinement of π-calculus Processes Manuel Gieseking manuel.gieseking@informatik.uni-oldenburg.de) Correct System Design, Carl von Ossietzky University of
More informationTemporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.
EE 244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2016 Temporal logic Stavros Tripakis University of California, Berkeley Stavros Tripakis (UC Berkeley) EE 244, Fall 2016
More informationCompositional Abstractions for Interacting Processes
Proceedings of the International Multiconference on Computer Science and Information Technology pp. 745 754 ISSN 1896-7094 c 2007 PIPS Compositional Abstractions for Interacting Processes Maciej Koutny
More informationThe Turing machine model of computation
The Turing machine model of computation For most of the remainder of the course we will study the Turing machine model of computation, named after Alan Turing (1912 1954) who proposed the model in 1936.
More informationSequence convergence, the weak T-axioms, and first countability
Sequence convergence, the weak T-axioms, and first countability 1 Motivation Up to now we have been mentioning the notion of sequence convergence without actually defining it. So in this section we will
More informationModal and Temporal Logics
Modal and Temporal Logics Colin Stirling School of Informatics University of Edinburgh July 23, 2003 Why modal and temporal logics? 1 Computational System Modal and temporal logics Operational semantics
More informationSemantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr
Semantic Equivalences and the Verification of Infinite-State Systems Richard Mayr Department of Computer Science Albert-Ludwigs-University Freiburg Germany Verification of Infinite-State Systems 1 c 2004
More informationAutomata-based Verification - III
COMP30172: Advanced Algorithms Automata-based Verification - III Howard Barringer Room KB2.20: email: howard.barringer@manchester.ac.uk March 2009 Third Topic Infinite Word Automata Motivation Büchi Automata
More informationFinite-State Model Checking
EECS 219C: Computer-Aided Verification Intro. to Model Checking: Models and Properties Sanjit A. Seshia EECS, UC Berkeley Finite-State Model Checking G(p X q) Temporal logic q p FSM Model Checker Yes,
More informationA Compositional Approach to Bisimulation of Arenas of Finite State Machines
A Compositional Approach to Bisimulation of Arenas of Finite State Machines Giordano Pola, Maria D. Di Benedetto and Elena De Santis Department of Electrical and Information Engineering, Center of Excellence
More informationHelsinki University of Technology Laboratory for Theoretical Computer Science Research Reports 66
Helsinki University of Technology Laboratory for Theoretical Computer Science Research Reports 66 Teknillisen korkeakoulun tietojenkäsittelyteorian laboratorion tutkimusraportti 66 Espoo 2000 HUT-TCS-A66
More informationCombining Propositional Dynamic Logic with Formal Concept Analysis
Proc. CS&P '06 Combining Propositional Dynamic Logic with Formal Concept Analysis (extended abstract) N.V. Shilov, N.O. Garanina, and I.S. Anureev A.P. Ershov Institute of Informatics Systems, Lavren ev
More informationLecture 22: Quantum computational complexity
CPSC 519/619: Quantum Computation John Watrous, University of Calgary Lecture 22: Quantum computational complexity April 11, 2006 This will be the last lecture of the course I hope you have enjoyed the
More informationCorrespondence between Kripke Structures and Labeled Transition Systems for Model Minimization
Correspondence between Kripke Structures and Labeled Transition Systems for Model Minimization Rob Schoren Abstract This document is mainly an extension of the work of Michel Reniers and Tim Willemse,
More informationAutomata-based Verification - III
CS3172: Advanced Algorithms Automata-based Verification - III Howard Barringer Room KB2.20/22: email: howard.barringer@manchester.ac.uk March 2005 Third Topic Infinite Word Automata Motivation Büchi Automata
More informationChapter 4: Computation tree logic
INFOF412 Formal verification of computer systems Chapter 4: Computation tree logic Mickael Randour Formal Methods and Verification group Computer Science Department, ULB March 2017 1 CTL: a specification
More informationCSE 331 Winter 2018 Reasoning About Code I
CSE 331 Winter 2018 Reasoning About Code I Notes by Krysta Yousoufian Original lectures by Hal Perkins Additional contributions from Michael Ernst, David Notkin, and Dan Grossman These notes cover most
More informationDesign of Distributed Systems Melinda Tóth, Zoltán Horváth
Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052
More informationLecture Notes on Software Model Checking
15-414: Bug Catching: Automated Program Verification Lecture Notes on Software Model Checking Matt Fredrikson André Platzer Carnegie Mellon University Lecture 19 1 Introduction So far we ve focused on
More informationDISTINGUING NON-DETERMINISTIC TIMED FINITE STATE MACHINES
DISTINGUING NON-DETERMINISTIC TIMED FINITE STATE MACHINES Maxim Gromov 1, Khaled El-Fakih 2, Natalia Shabaldina 1, Nina Yevtushenko 1 1 Tomsk State University, 36 Lenin Str.. Tomsk, 634050, Russia gromov@sibmail.com,
More informationA framework based on implementation relations for implementing LOTOS specifications
Published in: Computer Networks and ISDN Systems, 25 (1992), 23-41 A framework based on implementation relations for implementing LOTOS specifications Guy Leduc Research Associate of the National Fund
More informationPetri nets. s 1 s 2. s 3 s 4. directed arcs.
Petri nets Petri nets Petri nets are a basic model of parallel and distributed systems (named after Carl Adam Petri). The basic idea is to describe state changes in a system with transitions. @ @R s 1
More informationProcess Algebras and Concurrent Systems
Process Algebras and Concurrent Systems Rocco De Nicola Dipartimento di Sistemi ed Informatica Università di Firenze Process Algebras and Concurrent Systems August 2006 R. De Nicola (DSI-UNIFI) Process
More informationFormal Techniques for Software Engineering: CCS: A Calculus for Communicating Systems
Formal Techniques for Software Engineering: CCS: A Calculus for Communicating Systems Rocco De Nicola IMT Institute for Advanced Studies, Lucca rocco.denicola@imtlucca.it June 2013 Lesson 10 R. De Nicola
More informationIntroducing Proof 1. hsn.uk.net. Contents
Contents 1 1 Introduction 1 What is proof? 1 Statements, Definitions and Euler Diagrams 1 Statements 1 Definitions Our first proof Euler diagrams 4 3 Logical Connectives 5 Negation 6 Conjunction 7 Disjunction
More informationState-Space Exploration. Stavros Tripakis University of California, Berkeley
EE 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2014 State-Space Exploration Stavros Tripakis University of California, Berkeley Stavros Tripakis (UC Berkeley) EE
More informationModel Checking: An Introduction
Model Checking: An Introduction Meeting 3, CSCI 5535, Spring 2013 Announcements Homework 0 ( Preliminaries ) out, due Friday Saturday This Week Dive into research motivating CSCI 5535 Next Week Begin foundations
More informationSafety and Liveness Properties
Safety and Liveness Properties Lecture #6 of Model Checking Joost-Pieter Katoen Lehrstuhl 2: Software Modeling and Verification E-mail: katoen@cs.rwth-aachen.de November 5, 2008 c JPK Overview Lecture
More informationAlan Bundy. Automated Reasoning LTL Model Checking
Automated Reasoning LTL Model Checking Alan Bundy Lecture 9, page 1 Introduction So far we have looked at theorem proving Powerful, especially where good sets of rewrite rules or decision procedures have
More informationAn Intuitive Introduction to Motivic Homotopy Theory Vladimir Voevodsky
What follows is Vladimir Voevodsky s snapshot of his Fields Medal work on motivic homotopy, plus a little philosophy and from my point of view the main fun of doing mathematics Voevodsky (2002). Voevodsky
More informationTESTING is one of the most important parts of the
IEEE TRANSACTIONS 1 Generating Complete Controllable Test Suites for Distributed Testing Robert M. Hierons, Senior Member, IEEE Abstract A test suite is m-complete for finite state machine (FSM) M if it
More informationNotes on ordinals and cardinals
Notes on ordinals and cardinals Reed Solomon 1 Background Terminology We will use the following notation for the common number systems: N = {0, 1, 2,...} = the natural numbers Z = {..., 2, 1, 0, 1, 2,...}
More informationCommunicating Parallel Processes. Stephen Brookes
Communicating Parallel Processes Stephen Brookes Carnegie Mellon University Deconstructing CSP 1 CSP sequential processes input and output as primitives named parallel composition synchronized communication
More informationIntroduction. Pedro Cabalar. Department of Computer Science University of Corunna, SPAIN 2013/2014
Introduction Pedro Cabalar Department of Computer Science University of Corunna, SPAIN cabalar@udc.es 2013/2014 P. Cabalar ( Department Introduction of Computer Science University of Corunna, SPAIN2013/2014
More informationExternal Behaviour of Systems of State Machines with Variables
External Behaviour of Systems of State Machines with Variables This text appeared as Antti Valmari Antti Valmari: External Behaviour of Systems of State Machines with Variables. Kurt Jensen, Wil M.P. van
More informationTakeaway Notes: Finite State Automata
Takeaway Notes: Finite State Automata Contents 1 Introduction 1 2 Basics and Ground Rules 2 2.1 Building Blocks.............................. 2 2.2 The Name of the Game.......................... 2 3 Deterministic
More informationSimulation Preorder on Simple Process Algebras
Simulation Preorder on Simple Process Algebras Antonín Kučera and Richard Mayr Faculty of Informatics MU, Botanická 68a, 6000 Brno, Czech Repubic, tony@fi.muni.cz Institut für Informatik TUM, Arcisstr.,
More informationT Reactive Systems: Temporal Logic LTL
Tik-79.186 Reactive Systems 1 T-79.186 Reactive Systems: Temporal Logic LTL Spring 2005, Lecture 4 January 31, 2005 Tik-79.186 Reactive Systems 2 Temporal Logics Temporal logics are currently the most
More informationAnalysis and Optimization of Discrete Event Systems using Petri Nets
Volume 113 No. 11 2017, 1 10 ISSN: 1311-8080 (printed version); ISSN: 1314-3395 (on-line version) url: http://www.ijpam.eu ijpam.eu Analysis and Optimization of Discrete Event Systems using Petri Nets
More informationEfficient Algorithm for Reachability Checking in Modeling
Efficient Algorithm for Reachability Checking in Modeling Alexander Letichevsky 1, Olexander Letychevskyi 1, and Vladimir Peschanenko 2 1 Glushkov Institute of Cybernetics of NAS of Ukraine, 40 Glushkova
More informationThe efficiency of identifying timed automata and the power of clocks
The efficiency of identifying timed automata and the power of clocks Sicco Verwer a,b,1,, Mathijs de Weerdt b, Cees Witteveen b a Eindhoven University of Technology, Department of Mathematics and Computer
More informationModels for Concurrency
Models for Concurrency (A revised version of DAIMI PB-429) Glynn Winskel Mogens Nielsen Computer Science Department, Aarhus University, Denmark November 1993 Abstract This is, we believe, the final version
More informationUniversal Algebra for Logics
Universal Algebra for Logics Joanna GRYGIEL University of Czestochowa Poland j.grygiel@ajd.czest.pl 2005 These notes form Lecture Notes of a short course which I will give at 1st School on Universal Logic
More informationThe Turing Machine. CSE 211 (Theory of Computation) The Turing Machine continued. Turing Machines
The Turing Machine Turing Machines Professor Department of Computer Science and Engineering Bangladesh University of Engineering and Technology Dhaka-1000, Bangladesh The Turing machine is essentially
More informationDecidable Subsets of CCS
Decidable Subsets of CCS based on the paper with the same title by Christensen, Hirshfeld and Moller from 1994 Sven Dziadek Abstract Process algebra is a very interesting framework for describing and analyzing
More informationLecture Notes on Inductive Definitions
Lecture Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 September 2, 2004 These supplementary notes review the notion of an inductive definition and
More informationTimo Latvala. March 7, 2004
Reactive Systems: Safety, Liveness, and Fairness Timo Latvala March 7, 2004 Reactive Systems: Safety, Liveness, and Fairness 14-1 Safety Safety properties are a very useful subclass of specifications.
More informationTimed Test Generation Based on Timed Temporal Logic
Timed Test Generation Based on Timed Temporal Logic STEFAN D. BRUDA and CHUN DAI Department of Computer Science Bishop s University Sherbrooke, Quebec J1M 1Z7 CANADA stefan@bruda.ca, cdai@cs.ubishops.ca
More informationProbabilistic Bisimilarity as Testing Equivalence
Probabilistic Bisimilarity as Testing Equivalence Yuxin Deng a,, Yuan Feng b a Shanghai Key Laboratory of Trustworthy Computing, MOE International Joint Lab of Trustworthy Software, and International Research
More informationOn the coinductive nature of centralizers
On the coinductive nature of centralizers Charles Grellois INRIA & University of Bologna Séminaire du LIFO Jan 16, 2017 Charles Grellois (INRIA & Bologna) On the coinductive nature of centralizers Jan
More informationHoare Logic: Reasoning About Imperative Programs
Hoare Logic: Reasoning About Imperative Programs COMP1600 / COMP6260 Dirk Pattinson Australian National University Semester 2, 2017 Catch Up / Drop in Lab When Fridays, 15.00-17.00 Where N335, CSIT Building
More informationModern Algebra Prof. Manindra Agrawal Department of Computer Science and Engineering Indian Institute of Technology, Kanpur
Modern Algebra Prof. Manindra Agrawal Department of Computer Science and Engineering Indian Institute of Technology, Kanpur Lecture 02 Groups: Subgroups and homomorphism (Refer Slide Time: 00:13) We looked
More informationMATH2206 Prob Stat/20.Jan Weekly Review 1-2
MATH2206 Prob Stat/20.Jan.2017 Weekly Review 1-2 This week I explained the idea behind the formula of the well-known statistic standard deviation so that it is clear now why it is a measure of dispersion
More informationCHAPTER 1: Functions
CHAPTER 1: Functions 1.1: Functions 1.2: Graphs of Functions 1.3: Basic Graphs and Symmetry 1.4: Transformations 1.5: Piecewise-Defined Functions; Limits and Continuity in Calculus 1.6: Combining Functions
More informationTheory of Computation Prof. Kamala Krithivasan Department of Computer Science and Engineering Indian Institute Of Technology, Madras
Theory of Computation Prof. Kamala Krithivasan Department of Computer Science and Engineering Indian Institute Of Technology, Madras Lecture No. # 25 Problems and Solutions (Refer Slide Time: 00:16) Today,
More informationModel for reactive systems/software
Temporal Logics CS 5219 Abhik Roychoudhury National University of Singapore The big picture Software/ Sys. to be built (Dream) Properties to Satisfy (caution) Today s lecture System Model (Rough Idea)
More informationNondeterministic finite automata
Lecture 3 Nondeterministic finite automata This lecture is focused on the nondeterministic finite automata (NFA) model and its relationship to the DFA model. Nondeterminism is an important concept in the
More informationModel Checking. Boris Feigin March 9, University College London
b.feigin@cs.ucl.ac.uk University College London March 9, 2005 Outline 1 2 Techniques Symbolic 3 Software 4 Vs. Deductive Verification Summary Further Reading In a nutshell... Model checking is a collection
More informationPartial model checking via abstract interpretation
Partial model checking via abstract interpretation N. De Francesco, G. Lettieri, L. Martini, G. Vaglini Università di Pisa, Dipartimento di Ingegneria dell Informazione, sez. Informatica, Via Diotisalvi
More informationAN ALGEBRA PRIMER WITH A VIEW TOWARD CURVES OVER FINITE FIELDS
AN ALGEBRA PRIMER WITH A VIEW TOWARD CURVES OVER FINITE FIELDS The integers are the set 1. Groups, Rings, and Fields: Basic Examples Z := {..., 3, 2, 1, 0, 1, 2, 3,...}, and we can add, subtract, and multiply
More informationLogic Model Checking
Logic Model Checking Lecture Notes 10:18 Caltech 101b.2 January-March 2004 Course Text: The Spin Model Checker: Primer and Reference Manual Addison-Wesley 2003, ISBN 0-321-22862-6, 608 pgs. the assignment
More informationMATH 25 CLASS 21 NOTES, NOV Contents. 2. Subgroups 2 3. Isomorphisms 4
MATH 25 CLASS 21 NOTES, NOV 7 2011 Contents 1. Groups: definition 1 2. Subgroups 2 3. Isomorphisms 4 1. Groups: definition Even though we have been learning number theory without using any other parts
More informationIntroduction to Model Checking. Debdeep Mukhopadhyay IIT Madras
Introduction to Model Checking Debdeep Mukhopadhyay IIT Madras How good can you fight bugs? Comprising of three parts Formal Verification techniques consist of three parts: 1. A framework for modeling
More information(Refer Slide Time: 0:21)
Theory of Computation Prof. Somenath Biswas Department of Computer Science and Engineering Indian Institute of Technology Kanpur Lecture 7 A generalisation of pumping lemma, Non-deterministic finite automata
More informationEmbedded systems specification and design
Embedded systems specification and design David Kendall David Kendall Embedded systems specification and design 1 / 21 Introduction Finite state machines (FSM) FSMs and Labelled Transition Systems FSMs
More informationGetting Started with Communications Engineering
1 Linear algebra is the algebra of linear equations: the term linear being used in the same sense as in linear functions, such as: which is the equation of a straight line. y ax c (0.1) Of course, if we
More information1 Computational problems
80240233: Computational Complexity Lecture 1 ITCS, Tsinghua Univesity, Fall 2007 9 October 2007 Instructor: Andrej Bogdanov Notes by: Andrej Bogdanov The aim of computational complexity theory is to study
More informationReal Analysis Prof. S.H. Kulkarni Department of Mathematics Indian Institute of Technology, Madras. Lecture - 13 Conditional Convergence
Real Analysis Prof. S.H. Kulkarni Department of Mathematics Indian Institute of Technology, Madras Lecture - 13 Conditional Convergence Now, there are a few things that are remaining in the discussion
More informationSome Remarks on Alternating Temporal Epistemic Logic
Some Remarks on Alternating Temporal Epistemic Logic Corrected version: July 2003 Wojciech Jamroga Parlevink Group, University of Twente, Netherlands Institute of Mathematics, University of Gdansk, Poland
More informationLecture Notes on Inductive Definitions
Lecture Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 August 28, 2003 These supplementary notes review the notion of an inductive definition and give
More informationA Brief Introduction to Model Checking
A Brief Introduction to Model Checking Jan. 18, LIX Page 1 Model Checking A technique for verifying finite state concurrent systems; a benefit on this restriction: largely automatic; a problem to fight:
More informationAutomata-Theoretic Model Checking of Reactive Systems
Automata-Theoretic Model Checking of Reactive Systems Radu Iosif Verimag/CNRS (Grenoble, France) Thanks to Tom Henzinger (IST, Austria), Barbara Jobstmann (CNRS, Grenoble) and Doron Peled (Bar-Ilan University,
More informationNotes on Complexity Theory Last updated: November, Lecture 10
Notes on Complexity Theory Last updated: November, 2015 Lecture 10 Notes by Jonathan Katz, lightly edited by Dov Gordon. 1 Randomized Time Complexity 1.1 How Large is BPP? We know that P ZPP = RP corp
More informationA Enforceable Security Policies Revisited
A Enforceable Security Policies Revisited DAVID BASIN, ETH Zurich VINCENT JUGÉ, MINES ParisTech FELIX KLAEDTKE, ETH Zurich EUGEN ZĂLINESCU, ETH Zurich We revisit Schneider s work on policy enforcement
More informationClojure Concurrency Constructs, Part Two. CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014
Clojure Concurrency Constructs, Part Two CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014 1 Goals Cover the material presented in Chapter 4, of our concurrency textbook In particular,
More informationThe Underlying Semantics of Transition Systems
The Underlying Semantics of Transition Systems J. M. Crawford D. M. Goldschlag Technical Report 17 December 1987 Computational Logic Inc. 1717 W. 6th St. Suite 290 Austin, Texas 78703 (512) 322-9951 1
More informationDiscrete Mathematics for CS Fall 2003 Wagner Lecture 3. Strong induction
CS 70 Discrete Mathematics for CS Fall 2003 Wagner Lecture 3 This lecture covers further variants of induction, including strong induction and the closely related wellordering axiom. We then apply these
More informationFurther discussion of Turing machines
Further discussion of Turing machines In this lecture we will discuss various aspects of decidable and Turing-recognizable languages that were not mentioned in previous lectures. In particular, we will
More informationCMPSCI 250: Introduction to Computation. Lecture #22: From λ-nfa s to NFA s to DFA s David Mix Barrington 22 April 2013
CMPSCI 250: Introduction to Computation Lecture #22: From λ-nfa s to NFA s to DFA s David Mix Barrington 22 April 2013 λ-nfa s to NFA s to DFA s Reviewing the Three Models and Kleene s Theorem The Subset
More informationAdvanced topic: Space complexity
Advanced topic: Space complexity CSCI 3130 Formal Languages and Automata Theory Siu On CHAN Chinese University of Hong Kong Fall 2016 1/28 Review: time complexity We have looked at how long it takes to
More informationSupplementary Notes on Inductive Definitions
Supplementary Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 August 29, 2002 These supplementary notes review the notion of an inductive definition
More informationAutomata with modulo counters and nondeterministic counter bounds
Loughborough University Institutional Repository Automata with modulo counters and nondeterministic counter bounds This item was submitted to Loughborough University's Institutional Repository by the/an
More informationProbabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford
Probabilistic Model Checking Michaelmas Term 2011 Dr. Dave Parker Department of Computer Science University of Oxford Overview Temporal logic Non-probabilistic temporal logic CTL Probabilistic temporal
More informationchapter 12 MORE MATRIX ALGEBRA 12.1 Systems of Linear Equations GOALS
chapter MORE MATRIX ALGEBRA GOALS In Chapter we studied matrix operations and the algebra of sets and logic. We also made note of the strong resemblance of matrix algebra to elementary algebra. The reader
More informationPSPACE-completeness of LTL/CTL model checking
PSPACE-completeness of LTL/CTL model checking Peter Lohmann April 10, 2007 Abstract This paper will give a proof for the PSPACE-completeness of LTLsatisfiability and for the PSPACE-completeness of the
More informationTime-bounded computations
Lecture 18 Time-bounded computations We now begin the final part of the course, which is on complexity theory. We ll have time to only scratch the surface complexity theory is a rich subject, and many
More informationcis32-ai lecture # 18 mon-3-apr-2006
cis32-ai lecture # 18 mon-3-apr-2006 today s topics: propositional logic cis32-spring2006-sklar-lec18 1 Introduction Weak (search-based) problem-solving does not scale to real problems. To succeed, problem
More informationCDS 270 (Fall 09) - Lecture Notes for Assignment 8.
CDS 270 (Fall 09) - Lecture Notes for Assignment 8. ecause this part of the course has no slides or textbook, we will provide lecture supplements that include, hopefully, enough discussion to complete
More informationTimo Latvala. February 4, 2004
Reactive Systems: Temporal Logic LT L Timo Latvala February 4, 2004 Reactive Systems: Temporal Logic LT L 8-1 Temporal Logics Temporal logics are currently the most widely used specification formalism
More information6-1 Computational Complexity
6-1 Computational Complexity 6. Computational Complexity Computational models Turing Machines Time complexity Non-determinism, witnesses, and short proofs. Complexity classes: P, NP, conp Polynomial-time
More informationAutomata, Logic and Games: Theory and Application
Automata, Logic and Games: Theory and Application 1. Büchi Automata and S1S Luke Ong University of Oxford TACL Summer School University of Salerno, 14-19 June 2015 Luke Ong Büchi Automata & S1S 14-19 June
More informationCS4026 Formal Models of Computation
CS4026 Formal Models of Computation Turing Machines Turing Machines Abstract but accurate model of computers Proposed by Alan Turing in 1936 There weren t computers back then! Turing s motivation: find
More information