Visual verification of safety and liveness

Valmari, Antti; Setälä, Mikko

doi:10.1007/3-540-60973-3_90

Cited by 13 publications

(9 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Roughly the same modelling, but in which the request r 1 is identified with setting the shared variable readyA to true, occurs in Valmari & Setälä [59]. The consequences are the same.…”

Section: (In)correct Correctness Proofs Of Peterson's and Dekker's Prmentioning

confidence: 93%

See 1 more Smart Citation

CCS: It’s not fair!

Glabbeek

Höfner

2015

Acta Informatica

View full text Add to dashboard Cite

In the process algebra community it is sometimes suggested that, on some level of abstraction, any distributed system can be modelled in standard process-algebraic specification formalisms like CCS. This sentiment is strengthened by results testifying that CCS, like many similar formalisms, is Turing powerful and provides a mechanism for interaction. This paper counters that sentiment by presenting a simple fair scheduler-one that in suitable variations occurs in many distributed systems-of which no implementation can be expressed in CCS, unless CCS is enriched with a fairness assumption.Since Dekker's and Peterson's mutual exclusion protocols implement fair schedulers, it follows that these protocols cannot be rendered correctly in CCS without imposing a fairness assumption. Peterson expressed this algorithm correctly in pseudocode without resorting to a fairness assumption, so it furthermore follows that CCS lacks the expressive power to accurately capture such pseudocode.

show abstract

“…Roughly the same modelling, but in which the request r 1 is identified with setting the shared variable readyA to true, occurs in Valmari & Setälä [59]. The consequences are the same.…”

Section: (In)correct Correctness Proofs Of Peterson's and Dekker's Prmentioning

confidence: 93%

“…In fact Peterson's algorithm has been specified in CCS-like languages several times, e.g. [61,10,59,1]. All these papers present essentially the same rendering of Peterson's algorithm in CCS or some other progress algebra, differing only in insignificant implementation details.…”

Section: (In)correct Correctness Proofs Of Peterson's and Dekker's Prmentioning

confidence: 99%

CCS: It’s not fair!

Glabbeek

Höfner

2015

Acta Informatica

View full text Add to dashboard Cite

show abstract

“…Close approximations of Dekker's and Peterson's protocols rendered in CCS or similar formalisms abound in the literature [34,5,32,16,2]. Unless one makes a fairness assumption these renderings do not possess the liveness property that when a process leaves its non-critical section, and thus wants to enter the critical section, it will eventually succeed in doing so.…”

Section: Introductionmentioning

confidence: 99%

Analysing Mutual Exclusion using Process Algebra with Signals

Dyseryn

Glabbeek

Höfner

2017

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

In contrast to common belief, the Calculus of Communicating Systems (CCS) and similar process algebras lack the expressive power to accurately capture mutual exclusion protocols without enriching the language with fairness assumptions. Adding a fairness assumption to implement a mutual exclusion protocol seems counter-intuitive. We employ a signalling operator, which can be combined with CCS, or other process calculi, and show that this minimal extension is expressive enough to model mutual exclusion: we confirm the correctness of Peterson's mutual exclusion algorithm for two processes, as well as Lamport's bakery algorithm, under reasonable assumptions on the underlying memory model. The correctness of Peterson's algorithm for more than two processes requires stronger, less realistic assumptions on the underlying memory model.

show abstract

“…Furthermore, we do not claim that our observations and tricks are fundamentally new. As a matter of fact, the key ideas are two decades old [2,10]. We do claim, however, that their benefits are not sufficiently widely known or have been under-appreciated.…”

Section: Introductionmentioning

confidence: 89%

Progress Checking for Dummies

Valmari

Hansen

2018

Formal Methods for Industrial Critical Systems

Self Cite

View full text Add to dashboard Cite

Verification of progress properties is both conceptually and technically significantly more difficult than verification of safety and deadlock properties. In this study we focus on the conceptual side. We make a simple modification to a well-known model to demonstrate that it passes progress verification although the resulting model is intuitively badly incorrect. Then we point out that the error can be caught easily by adding a termination branch to the system. We compare the use of termination branches to the established method of addressing the same need, that is, weak fairness. Then we discuss another problem that may cause failure of catching progress errors even with weak fairness. Finally we point out an alternative notion of progress that needs no explicit fairness assumptions. Our ideas are especially well-suited for newcomers in model checking, and work well with stubborn set methods.

show abstract

Visual verification of safety and liveness

Cited by 13 publications

References 15 publications

CCS: It’s not fair!

CCS: It’s not fair!

Analysing Mutual Exclusion using Process Algebra with Signals

Progress Checking for Dummies

Contact Info

Product

Resources

About