Walter Vogler's research while affiliated with Universität Augsburg and other places
What is this page?
This page lists the scientific contributions of an author, who either does not have a ResearchGate profile, or has not yet added these contributions to their profile.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
It was automatically created by ResearchGate to create a record of this author's body of work. We create such pages to advance our goal of creating and maintaining the most comprehensive scientific repository possible. In doing so, we process publicly available (personal) data relating to the author as a member of the scientific community.
If you're a ResearchGate member, you can follow this page to keep up with this author's work.
If you are this author, and you don't want us to display this page anymore, please let us know.
Publications (156)
![Customer C with signature ({atVMC\documentclass[12pt]{minimal}...](publication/354230119/figure/fig2/AS:11431281086040955@1664070582969/CustomerC-with-signature-atVMCdocumentclass12ptminimal-usepackageamsmath_Q320.jpg)
![Parallel product M⊗¯C\documentclass[12pt]{minimal} \usepackage{amsmath}...](publication/354230119/figure/fig3/AS:11431281086049905@1664070583063/Parallel-productMCdocumentclass12ptminimal-usepackageamsmath_Q320.jpg)
![Refined customer C′\documentclass[12pt]{minimal} \usepackage{amsmath}...](publication/354230119/figure/fig4/AS:11431281086040956@1664070583142/Refined-customerCdocumentclass12ptminimal-usepackageamsmath-usepackagewasysym_Q320.jpg)
Interface theories based on Interface Automata (IA) are formalisms for the component-based specification of concurrent systems. Extensions of their basic synchronization mechanism permit the modelling of data, but are studied in more complex settings involving modal transition systems or do not abstract from internal computation. In this article, w...
Many partial order methods use some special condition for ensuring that the analysis is not terminated prematurely. In the case of stubborn set methods for safety properties, implementation of the condition is usually based on recognizing the terminal strong components of the reduced state space and, if necessary, expanding the stubborn sets used i...
Over the past two decades, de Alfaro and Henzinger’s interface automata (IA) have become a popular formal framework for the component-based specification of concurrent systems. IA’s parallel composition assumes that a component may wait on inputs but never on outputs, implying that an output must be consumed immediately or a communication error occ...
Interface theories based on Interface Automata (IA) areformalisms for the component-based specification of concurrent systems. Extensions of their basic synchronization mechanism permit the modelling of data, but are studied in more complex and expressive settings involving modal transition systems, imply severe restrictions such as determinacy, or...
Open nets have an interface of input and output places for modelling asynchronous communication; these places serve as channels when open nets are composed. We study a variant that inherits modalities from Larsen’s modal transition systems. Instantiating a framework for open nets we have developed in the past, we present a refinement preorder in th...
![Illustrating Lemma 4; ai\documentclass[12pt]{minimal}...](publication/321739182/figure/fig3/AS:960335997579264@1605973352188/Illustrating-Lemma4-aidocumentclass12ptminimal-usepackageamsmath_Q320.jpg)
![The “⇝s^\documentclass[12pt]{minimal} \usepackage{amsmath}...](publication/321739182/figure/fig5/AS:960335997566989@1605973352465/The-sdocumentclass12ptminimal-usepackageamsmath-usepackagewasysym_Q320.jpg)
Partial order methods alleviate state explosion by considering only a subset of actions in each constructed state. The choice of the subset depends on the properties that the method promises to preserve. Many methods have been developed ranging from deadlock-preserving to CTL\(^*\)-preserving and divergence-sensitive branching bisimilarity preservi...
A refinement preorder for a model of concurrent systems should be compositional (i.e. a precongruence for parallel composition) and should not introduce faults into a fault-free specification. Arguably, the coarsest such precongruence is the optimal refinement preorder. For the model of interface automata, faults are communication errors in the for...
In previous work, we developed Modal Interface Automata (MIA), an interface theory combining the input/output behaviour of de Alfaro and Henzinger's Interface Automata with the modalities of Larsen's Modal Transition Systems and featuring a conjunction on MIAs. In this paper, we add a temporal logics to MIA based on De Nicola's ACTL. We show how to...
We study open systems modeled as Petri nets with an interface for asynchronous communication with other open systems. As a minimal requirement for successful communication, we investigate bounded responsiveness, which guarantees that an open system and its environment always have the possibility to mutually terminate or to communicate, while the nu...
Testing preorders on component specifications ensure that replacing a specification by a refined one does not introduce unwanted behavior in an overall system. Considering deadlocks as unwanted, the preorder can be characterized by a failure semantics on Labeled Transition Systems (LTSs). In previous work, we have generalized this to Modal Transiti...
Interface theories are employed in the component-based design of concurrent systems. They often emerge as combinations of Interface Automata (IA) and Modal Transition Systems (MTS), e.g., Nyman et al.'s IOMTS, Bauer et al.'s MIO, Raclet et al.'s MI or our MIA. In this paper, we generalise MI to nondeterministic interfaces, for which we properly res...
Partial-order methods alleviate state explosion by considering only a subset of transitions in each constructed state. The choice of the subset depends on the properties that the method promises to preserve. Many methods have been developed ranging from deadlock-preserving to CTL\(^*\)- and divergence-sensitive branching bisimilarity preserving. Th...
With the aim to preserve deadlock freedom,we define a new refinement preorder for modal transition systems (MTSs), using an MTS-specific variant of testing inspired by De Nicola and Hennessy. We characterize this refinement with a kind of failure semantics and show that it "supports itself," for example, in the sense of thoroughness-in contrast to...
De Alfaro and Henzinger introduced interface automata to model and study behavioural types. These come with alternating simulation as refinement and with a specific parallel composition: if one component receives an unexpected input, this is regarded as an error and the resp. error states are removed with a special pruning operation. In this paper,...
Interface theories are employed in the component-based design of concurrent systems. They often emerge as combinations of Interface Automata (IA) and Modal Transition Systems (MTS), e.g., Nyman et al.’s IOMTS, Bauer et al.’s MIO, Raclet et al.’s MI or our MIA. In this paper, we generalise MI to nondeterministic interfaces, for which we resolve the...
Modal transition systems are a popular semantic underpinning of interface theories, such as Nyman et al.’s IOMTS and Bauer et al.’s MIO, which facilitate component-based reasoning for concurrent systems. Our interface theory MIA repaired a compositional flaw of IOMTS-refinement and introduced a conjunction operator. In this paper, we first modify M...
We study asynchronously communicating open systems modeled as Petri nets with an interface. An accordance preorder describes when one open system can be safely replaced by another open system without affecting some behavioral property of the overall system. Although accordance is decidable for several behavioral properties if we assume a previously...
![Fig. 3 The open net S modeling a patched time server. We have Ω S = {[ ]}](profile/Richard-Mueller-7/publication/271924507/figure/fig2/AS:332624661893121@1456315307078/The-open-net-S-modeling-a-patched-time-server-We-have-O-S_Q320.jpg)
We study open systems modeled as Petri nets with an interface for asynchronous (i.e., buffered) communication with other open systems. As a minimal requirement for successful communication, we investigate responsiveness, which guarantees that an open system and its environment always have the possibility to communicate. We investigate responsivenes...
We propose a new, and to date the most general, framework for Petri net unfolding, which broadens its applicability, makes it easier to use, and increases its efficiency. In particular: (i) we propose a user-oriented view of the unfolding technique, which simply tells which information will be preserved in the final prefix and how to declare an eve...
Balsa provides a rapid development flow, where asynchronous circuits are created from high-level specifications, but the syntax-driven translation used by the Balsa compiler often results in performance overhead. To reduce this performance penalty, various control resynthesis and peephole optimization techniques are used, in this paper, STG-based r...
De Alfaro and Henzinger’s Interface Automata (IA) and Nyman et al.’s recent combination IOMTS of IA and Larsen’s Modal Transition Systems (MTS) are established frameworks for specifying interfaces of system components. However, neither IA nor IOMTS consider conjunction that is needed in practice when a component satisfies multiple interfaces, while...
In the context of asynchronously communicating services, responsiveness guarantees that a service and its environment have always the possibility to communicate. The responsiveness preorder describes when one service can be replaced by another such that responsiveness is preserved. We study responsiveness for possibly unbounded services with and wi...
We revise the accordance preorder in the context of deadlock freedom for asynchronously communicating services. Accordance considers all controllers of a service—that is, all environments that can interact with the service without deadlocking. A service Impl accords with a service Spec if every controller of Spec is also a controller of Impl. We mo...
Logic synthesis of speed independent circuits based on signal transition graph (STG) decomposition is a promising approach to tackle complexity problems like state-space explosion. Unfortunately, decomposition can result in components that in isolation have irreducible complete state coding conflicts. In earlier work, the authors showed how to reso...
We study two different ways to enhance PAFAS, a process algebra for modelling
asynchronous timed concurrent systems, with non-blocking reading actions. We
first add reading in the form of a read-action prefix operator. This operator
is very flexible, but its somewhat complex semantics requires two types of
transition relations. We also present a re...
In this paper we study the liveness of several MUTEX solutions by
representing them as processes in PAFAS s, a CCS-like process algebra with a
specific operator for modelling non-blocking reading behaviours. Verification
is carried out using the tool FASE, exploiting a correspondence between
violations of the liveness property and a special kind of...
STG decomposition is well-known as a promising approach to tackle complexity issues in logic synthesis of asynchronous circuits. It is guided by a partition of output signals and generates a component STG for each partition member. Using the finest partition ‐ one output per component ‐ the resulting circuits might not be optimal (e.g. in terms of...
Previous work has introduced the setting of Logic Labelled Transition Systems, called Logic LTS or LLTS for short, together with a variant of ready simulation as its fully-abstract refinement preorder, which allows one to compose operational specifications using a CSP-style parallel operator and the propositional connectives conjunction and disjunc...
In this paper, we present FASE (Faster Asynchronous Systems Evaluation), a
tool for evaluating the worst-case efficiency of asynchronous systems. The tool
is based on some well-established results in the setting of a timed process
algebra (PAFAS: a Process Algebra for Faster Asynchronous Systems). To show the
applicability of FASE to concrete meani...
Operating guidelines have been introduced to characterize all controllers for a given service S. A controller of S is a service that interacts with S without deadlocking. An operating guideline of S can be used to decide whether S
refines another service. It is a special-purpose structure to describe the behavior of service S from the perspective o...
Logic synthesis of speed independent circuits based on STG decomposition is a promising approach to tackle complexity problems like state-space explosion. Unfortunately, decomposition can result in components that in isolation have irreducible CSC conflicts. Generalising earlier work, we show how to resolve such conflicts by introducing internal co...
This paper provides new insight into the connection between the trace-based lower part of van Glabbeek's linear-time, branchingtime spectrum and its simulation-based upper part. We establish that ready simulation is fully abstract with respect to failures inclusion, when adding the conjunction operator that was proposed by the authors in [TCS 373(1...
For synthesising efficient asynchronous circuits one has to deal with the state space explosion problem. In order to alleviate
this problem one can decompose the STG into smaller components. This paper deals with the decomposition method of Vogler and
Wollowski and introduces several strategies for its efficient implementations. Furthermore, this a...
In earlier work, we have shown that two variants of weak fairness can be expressed comparatively easily in the timed process
algebra PAFAS. To demonstrate the usefulness of these results, we complement work by Walker (Form Asp Comput 1:273–292, 1989)
and study the liveness property of Dekker’s mutual exclusion algorithm within our process algebraic...
Previous work has introduced the setting of Logic LTS, together with a variant of ready simulation as fully-abstract refinement preorder, which allows one to compose operational specifications using a CSP-style parallel operator as well as the propositional connectives conjunction and disjunction. In this paper, we show how a temporal logic for spe...
We introduce the first process algebra with non-blocking reading actions for modelling concurrent asynchronous systems. We
study the impact this new kind of actions has on fairness, liveness and the timing of systems, using as application Dekker’s
mutual exclusion algorithm we already considered in [4]. Regarding some actions as reading, this algor...
Resynthesis of handshake specifications obtained e. g. from BALSA or TANGRAM with speed-independent logic synthesis from STGs is a promising approach. To deal with state-space explosion, we suggested STG decomposition; a problem is that decomposition can lead to irreducible CSC conflicts. Here, we present a new approach to solve such conflicts by i...
Resynthesis of handshake specifications obtained e.g. from BALSA or TANGRAM with speed-independent logic synthesis from STGs is a promising approach. To deal with state-space-explosion, we suggested STG decomposition; a problem is that decomposition can lead to irreducible CSC conflicts. Here, we present a new approach to solve such conflicts by in...
When a new item is written into a cache, an old item must be evicted; the latter can be chosen by the offline MIN algorithm, which was first proven to be optimal by Mattson et al. [R.L. Mattson, J. Gecsei, D.R. Slutz, I.L. Traiger, Evaluation techniques for storage hierarchies, IBM Systems J. 9 (2) (1970) 78–117]. Recently a new, short proof was gi...
STGs (Signal Transition Graphs) give a formalism for the description of asynchronous circuits based on Petri nets. To overcome the state explosion problem one may encounter during circuit synthesis, a nondeterministic algorithm for decomposing STGs was suggested by Chu and improved by one of the present authors.Here we study how CSC-solving–which i...
This paper provides new insight into the connection between the trace-based lower part of van Glabbeek’s linear-time, branching-time
spectrum and its simulation-based upper part. We establish that ready simulation is fully abstract with respect to failures
inclusion, when adding the conjunction operator that was proposed by the authors in [TCS373(1...
Signal Transition Graphs (STG) are a formalism for the description of asynchronous circuit behaviour. In this paper we propose (and justify) a formal semantics of non-deterministic STGs with dummies and OR-causality. For this, we introduce the concept of output-determinacy, which is a relaxation of determinism, and argue that it is reasonable and u...
Signal Transition Graphs (STGs) are a version of Petri nets for the specification of asynchronous circuit behaviour. It has been suggested to decompose such a specification as a first step; this leads to a modular implementation, which can support circuit synthesis by possibly avoiding state explosion or allowing the use of library elements. In a p...
A key problem in mixing operational (e.g. process-algebraic) and declarative (e.g. logical) styles of specification is how to deal with inconsistencies arising when composing processes under conjunction. This article introduces a conjunction operator on labelled transition systems capturing the basic intuition of ‘a and b = false’, and considers a...
A testing-based faster-than relation has previously been developed that compares the worst-case efficiency of asynchronous systems. This approach reveals that pipelining does not improve efficiency in general; that it does so in practice depends on assumptions about the user behaviour. Accordingly, the approach was adapted to a setting where user b...
. We investigate the notion of fair testing, a formal testing theory in the style of De Nicola and Hennessy, where divergences are disregarded as long as there are visible outgoing transitions. The usual testing theories, such as the standard model of failure pre-order, do not allow such fair interpretations because of the way in which they ensure...
Model checking based on Petri net unfoldings is an approach widely applied to cope with the state space explosion problem. In this paper, we propose a new condensed representation of a Petri net’s behaviour called merged processes, which copes well not only with concurrency, but also with other sources of state space explosion, viz sequences of cho...
Local First Search (LFS) is a partial order technique for reducing the number of states to be explored when trying to decide reachability of a local (component) property in a parallel system; it is based on an analysis of the structure of the partial orders of executions in such systems. Intuitively, LFS is based on a criterion that allows to guide...
For event structures with silent moves we consider several types of bisimulation that incorporate true concurrency to a varying degree, and show how each can be lifted in a uniform way to a congruence w.r.t. action refinement. We prove that we have constructed the coarsest congruences that respect interleaving, pomset and history preserving bisimul...
This paper contrasts two important features of parallel system computations: fairness and timing. The study is carried out at a specification system level by resorting to a well-known process description language. The language is extended with labels which allow to filter out those process executions that are not (weakly) fair [as in Costa and Stir...
When synthesising an asynchronous circuit from an STG, one often encounters the state explosion problem. In order to alleviate this problem one can decompose the STG into smaller components. This paper deals with the decomposition method of (W. Vogler et al., 2005), (W. Vogler et al., 2002) and introduces several strategies for efficient implementa...
In this paper we provide a simple characterization of (weak) fairness of components as defined by Costa and Stirling. The study is carried out at system specification level by resorting to a common process description language. This paper follows and exploits similar techniques as those developed in an earlier paper -- where fairness of actions was...
Trace theory has been developed to describe the behaviour of concurrent systems. For a modular approach synchronization of traces is of special interest. We characterize those trace monoids for which synchronization can be described locally.
A key problem in mixing operational (e.g., process–algebraic) and declarative (e.g., logical) styles of specification is how
to deal with inconsistencies arising when composing processes under conjunction. This paper introduces a conjunction operator
on labelled transition systems capturing the basic intuition of “a and b = false”, and considers a...
A testing scenario in the sense of De Nicola and Hennessy is developed to measure the worst-case efficiency of asynchronous systems. The resulting testing-preorder is characterized with a variant of refusal traces and shown to satisfy some properties that make it attractive as a faster-than relation. Finally, one implementation of a bounded buffer...
Splitting is a simple form of action refinement that may be used to express the duration of actions. In particular, splitn subdivides each action into n phases. Petri nets N
1 and N
2 are splitn-language equivalent, if split
n
(N
1) and split
n
(N
2) are language equivalent. It is known that these equivalences get finer and finer with increasing n....
It is shown that up to vertex labelling BNLC grammars of bounded nonterminal degree generate the same languages of simple graphs as hyperedge replacement grammars. This does not hold if the vertex labelling is taken into account. Vice versa hyperedge replacement grammars generate the same languages of simple graphs as BNLC grammars of bounded nonte...
In this paper concurrent systems are modelled with safe Petri nets. The coarsest equivalence contained in failures equivalence is determined that is a congruence with respect to refinement. It is shown that in this context partial orders are necessary for the description of system runs: What is needed here are so-called interval orders.
Consider a class C of hyperedge-replacement graph grammars and a numeric function on graphs like the number of edges, the degree (i.e., the maximum of the degrees of all nodes of a graph), the number of simple paths, the size of a maximum set of independent nodes, etc. Each such function induces a Boundedness Problem for the class C: Given a gramma...
. McMillan has recently proposed a new technique to avoid the state explosion problem in the verification of systems modelled with finite-state Petri nets. The technique requires to construct a finite initial part of the unfolding of the net. McMillan's algorithm for this task may yield initial parts that are larger than necessary (exponential...
A key problem in mixing operational (e.g., process-algebraic) and declarative (e.g., logical) styles of specification is how to deal with inconsistencies arising when composing processes under conjunction. This paper introduces a conjunction operator on labelled transition systems capturing the basic intuition of “aandb=false”, and considers a naiv...
In earlier work, we have shown that two variants of weak fairness can be expressed comparatively easily in the timed process
algebra PAFAS. To demonstrate the usefulness of these results, we complement work by Walker [11] and study the liveness property
of Dekker’s mutual exclusion algorithm within our process algebraic setting. We also present som...
Model checking based on Petri net unfoldings is an approach widely applied to cope with the state space explosion problem.
In this paper we propose a new condensed representation of a Petri net’s behaviour called merged processes, which copes well not only with concurrency, but also with other sources of state space explosion, viz. sequences of cho...
Signal transition graphs (STGs) are a version of Petri nets for the specification of asynchronous circuit behaviour. It has been suggested to decompose such a specification as a first step; this leads to a modular implementation, which can support circuit synthesis by possibly avoiding state explosion or allowing the use of library elements. In a p...
More than a decade ago, Moller and Tofts published their seminal work on relating processes that are annotated with lower time bounds, with respect to speed. Their paper has left open many questions concerning the semantic theory for their suggested bisimulation–based faster–than preorder, the MT–preorder, which have not been addressed since. The e...
STGs give a formalism for the description of asynchronous circuits based on Petri nets. To overcome the state explosion problem
one may encounter during circuit synthesis, a nondeterministic algorithm for decomposing STGs was suggested by Chu and improved
by one of the present authors. To find the best possible result the algorithm might produce, i...
In this paper we provide a simple characterization of (weak) fairness of components as defined by Costa and Stirling in [Weak and strong fairness in CCS, Inform. and Comput. 73 (1987) 207–244]. The study is carried out at system specification level by resorting to a common process description language. This paper follows and exploits similar techni...
Two process–algebraic approaches have been developed for comparing two bisimulation–equivalent processes with respect to speed:
the one of Moller/Tofts equips actions with lower time bounds, while the one by Lüttgen/Vogler considers upper time bounds
instead.
This paper sheds new light on both approaches by testifying to their close relationship....
Two process-algebraic approaches have been developed for comparing two bisimulation-equivalent processes with respect to speed: the one of Moller/Tofts equips actions with lower time bounds, while the one by Lfittgen/Vogler considers upper time bounds instead. This paper sheds new light on both approaches by testifying to their close relationship....
In this paper we present a solution to the long-standing problem of characterising the coarsest liveness-preserving pre-congruence with respect to a full (TCSP-inspired) process algebra. In fact, we present two distinct characterisations, which give rise to the same relation: an operational one based on a De Nicola–Hennessy-like testing modality wh...
A testing-based faster-than relation has previously been developed that compares the worst-case efficiency of asynchronous systems. This approach reveals that pipelining does not improve efficiency in general; that it does so in practice depends on assumptions about the user behaviour. Accordingly, the approach was adapted to a setting where user b...
This paper introduces a novel (bi)simulation-based faster-than preorder which relates asynchronous processes, where the relative speeds of system components are indeterminate, with respect to their worst-case timing behavior. The study is conducted for a conservative extension of the process algebra CCS, called TACS, which permits the specification...
We shortly discuss how Petri nets have been extended with timing constraints and then choose to associate clocks to tokens
and time intervals to arcs from places to transitions. In this model, we present a timed testing approach derived from the
testing scenario of De Nicola and Hennessy; timed testing gives rise to an implementation relation that...
McMillan has recently proposed a new technique to avoid the state explosion problem in the verification of systems modelled with finite-state Petri nets. The technique requires to construct a finite initial part of the unfolding of the net. McMillan's algorithm for this task may yield initial parts that are larger than necessary (exponentially larg...
This paper contrasts two important features of parallel system computations: fairness and timing. The study is carried out at specification system level by resorting to a well-known process description language. The language
is extended with labels which allow to filter out those process executions that are not (weakly) fair (as in [5,6]), and with...
In this paper, we develop a general technique for truncating Petri net unfoldings, parameterised according to the level of information about the original unfolding one wants to preserve. Moreover, we propose a new notion of completeness of a truncated unfolding. A key aspect of our approach is an algorithm-independent notion of cut-o# events, used...
Signal Transition Graphs (STGs) are a version of Petri nets for the specification of asynchronous circuit behaviour. As a first step in the indirect synthesis of a circuit corresponding to a given STG N, one usually constructs the reachability graph (e.g. when using the tool petrify) or the step graph (e.g. using CASCADE (BEW00)). A serious problem...
. A timed CCS-like process algebra PAFAS and a testing scenario are developed for evaluating the temporal worst-case efficiency
of asynchronous concurrent systems. Each action is associated with a maximal time delay, which allows components to work with
arbitrary relative speeds; for simplicity, the maximal delay is 1 or 0, but time is continuous....
Petri nets with read arcs are investigated w.r.t their unfolding, where read arcs model reading without consuming, which is often more adequate than the destructive-read-and-rewrite modeled with loops in ordinary nets. The paper redefines the concepts of a branching process and unfolding for nets with read arcs and proves that the set of reachable...
McMillan has recently proposed a new technique to avoid the state explosion problem in the verification of systems modelled with finite-state Petri nets. The technique requires to construct a finite initial part of the unfolding of the net. McMillan's algorithm for this task may yield initial parts that are larger than necessary (exponentially larg...
A large class of systems can be specified and verified by abstracting away from the temporal aspects. This is the class of systems where time affects the performance but not the functional behaviour. In time-critical systems, instead, time issues become essential. Their correctness depends not only on which actions a system can perform but also on...
Signal Transition Graphs (STGs) are a version of Petri nets for the speci - cation of asynchronous circuit behaviour. It has been suggested to decompose such a speci cation as a rst step; this leads to a modular implementation, which is often more ecient, and it can support circuit synthesis by possibly avoiding state explosion or allowing the use...
Citations
... As an aside, also note that a formal treatment of linear-time semantics for IA can be found in[6,8,30,31]; lifting such semantics to IAM is left to future work. ...
Reference: Interface Automata for Shared Memory
... This article expands the published extended abstract [16] in multiple ways. First, a detailed introduction to IA and discussion of closely related work on extending IA with data is given here (see Sect. 2), in order to make the article accessible to an as broad audience of concurrency theoreticians as possible. ...
Reference: Interface Automata for Shared Memory
... The actual buffer size can be the result of a static analysis of the underlying middleware or of the communication behavior of an open system, or simply be chosen sufficiently large. In recent work [48], we gave a trace-based characterization for bounded responsiveness conformance, thereby adapting and combining results from the unbounded variant in [47] and work on traces that cannot be used reliably by any controller [30]. Due to the latter traces, conforming systems may violate language inclusion. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/272450021752837-1441968555130_Q64/Christian-Stahl-2.jpg)
![[object Object]](https://i1.rgstatic.net/ii/profile.image/272565566439469-1441996103765_Q64/Richard-Mueller-7.jpg)
... The aim is to support distributed and decentralized system design based on a proper definition of interfaces supporting the specification of subsystems having a partially specified context of operation, and subsequently guaranteeing safe system integration. Over the last few decades, we have seen the introduction of several formalisms to do this: interface automata [6,[9][10][11]20], process spaces [23], modal interfaces [3,[17][18][19]26], assume-guarantee contracts [4], rely-guarantee reasoning [8,13,15,16], and variants of these. The system interfaces state ( ) what the component guarantees and ( ) what it assumes from its environment in order for those guarantees to hold. ...
Reference: Hypercontracts
... LTS-composition enables the perspective-based specification of interfaces. Typically, this is done by using a conjunction or a shared refinement operator [9], [10], [11], [12], which gives the greatest lower bound of two interfaces. However, in the context of IAs [12], conjunction only applies to interfaces with the same alphabet and this is often insufficient in a parametrised setting. ...
Reference: Parametrised Interface Automata
... Note that the meaning of =⇒ on dMTS is not obvious; a weak transition ( α =⇒) is defined in [52], and we will use a slightly different definition in Chapter 4 later on. Here, we will use =⇒ only for LTS or MTS. ...
... The internal and output signals of a circuit must be output-persistent, and the environment must provide persistency of the input signals. Yet another property that must be met is output determinacy, which means that the STG is free from irreducible (CSC) conflicts [5]. Otherwise, it cannot be synthesized into output persistent circuit. ...
![[object Object]](https://i1.rgstatic.net/ii/profile.image/272421466931207-1441961747194_Q64/Victor-Khomenko.jpg)
... As an aside, also note that a formal treatment of linear-time semantics for IA can be found in[6,8,30,31]; lifting such semantics to IAM is left to future work. ...
Reference: Interface Automata for Shared Memory
... An approach that does preserve a branching semantics but does not need a singleton proviso is proposed by Valmari and Vogler [41]. Their POR conditions are sufficient for preservation of fair testing equivalence, which is the weakest congruence that preserves livelocks that cannot be exited. ...
... We will finally examine MIA in Chapter 4. This chapter is based on [13] (extended abstract [12]), which first introduced MIA, and on [21] (extended abstract [20]), which added temporal logics. However, contrary to these papers, we will here work with a modified version of the refinement relation, as will be discussed in the chapter itself. ...