ACGhttps://event.cwi.nl/acg/2021-07-27T13:30:00+02:00Correlated Pseudorandom Functions from Variable-Density Learning Parity with Noise2021-07-27T13:30:00+02:002021-07-27T13:30:00+02:00Lisa Kohl (CWI)tag:event.cwi.nl,2021-07-27:/acg/presentations/correlated-pseudorandom-functions-from-variable-density-learning-parity-with-noise<p>Correlated randomness is a ubiquitous resource in cryptography. A one-time pad, namely a pair of identical random keys, enables perfectly secure communication. More complex forms of correlated randomness can similarly facilitate protocols for secure multiparty computation that allow two or more parties to jointly compute a function of secret inputs …</p><p>Correlated randomness is a ubiquitous resource in cryptography. A one-time pad, namely a pair of identical random keys, enables perfectly secure communication. More complex forms of correlated randomness can similarly facilitate protocols for secure multiparty computation that allow two or more parties to jointly compute a function of secret inputs revealing nothing beyond the output. An example for a useful correlation is oblivious transfer, where one party is given two random bits (s<sub>0</sub>,s<sub>1</sub>) and another party gets (b,s<sub>b</sub>) for a random bit b.</p>
<p>In this work we initiate the study of correlated pseudorandom functions that offer the ability to generate an essentially unbounded amount of correlated pseudorandomness from short correlated keys using only local computation. We present efficient constructions of correlated pseudorandom functions for a broad class of useful correlations, including oblivious transfer, from a variable-density variant of the learning parity with noise assumption.</p>
<p>This is joint work with Elette Boyle, Geoffroy Couteau, Niv Gilboa, Yuval Ishai and Peter Scholl.</p>Security evaluation of industrial control systems using system emulation and fuzzing2021-07-13T13:30:00+02:002021-07-13T13:30:00+02:00Mihalis Maniatakos (NYU)tag:event.cwi.nl,2021-07-13:/acg/presentations/security-evaluation-of-industrial-control-systems-using-system-emulation-and-fuzzing<p>Recent years have been pivotal in the field of Industrial Control Systems (ICS) security, with a large number of high-profile attacks exposing the lack of a design-for-security initiative in ICS, as well as a substantial number of research works that try to proactively uncover underlying vulnerabilities. The main focus on …</p><p>Recent years have been pivotal in the field of Industrial Control Systems (ICS) security, with a large number of high-profile attacks exposing the lack of a design-for-security initiative in ICS, as well as a substantial number of research works that try to proactively uncover underlying vulnerabilities. The main focus on both sides, though, has been the first and obvious choices when it comes to exploitation, namely the network level as the main gateway to an ICS and the control operation performed by it. As ICS evolve abstracting the control logic to a purely software level hosted on a generic OS, software level evaluation of multiple levels of an ICS is a straightforward choice. In this talk, we will motivate the use of system emulation for the cybersecurity assessment of ICS such as Programmable Logic Controllers (PLC) for in-field security evaluation with no disruption to the actual process. More specifically, we will deploy system emulation to eliminate the need for experiments directly on the actual hardware device, massively improve scalability and compatibility for easy deployment on a multitude of platforms. On the emulated platform, we will apply fuzzing across software levels of the device, the system itself, the hosted PLC abstracting platform as well as the application performing the control logic. Through fuzzing we expose vulnerabilities existing on the system either by poor maintenance or sloppy programming. The PLC platform of choice is the Codesys runtime, an industry-leading solution existing in a quarter of the currently deployed PLC.</p>A Semantic Model for Interacting Cyber-Physical Systems2021-06-15T13:30:00+02:002021-06-15T13:30:00+02:00Benjamin Lion (CWI)tag:event.cwi.nl,2021-06-15:/acg/presentations/a-semantic-model-for-interacting-cyber-physical-systems<p>We propose a component-based semantic model for Cyber-Physical Systems (CPSs) wherein the notion of a component abstracts the internal details of both cyber and physical processes. Our semantic model uniformly exposes externally observable behaviors of components expressed as sets of sequences of observations. We introduce algebraic operations on such sequences …</p><p>We propose a component-based semantic model for Cyber-Physical Systems (CPSs) wherein the notion of a component abstracts the internal details of both cyber and physical processes. Our semantic model uniformly exposes externally observable behaviors of components expressed as sets of sequences of observations. We introduce algebraic operations on such sequences to model different kinds of component interaction. As a result, these composition operators yield the externally observable behavior of their resulting composite components. We provide a co-inductive framework to construct such algebraic operations that compose components to, e.g., synchronize with or mutually exclude each other's alternative behaviors. Our framework is expressive enough to allow articulation of properties that coordinate desired interactions among composed components within the framework, also as component behavior. We demonstrate the usefulness of our formalism through examples of coordination properties in a CPS consisting of two robots interacting through shared physical resources. </p>Symbolic Execution Formally Explained2021-06-01T13:30:00+02:002021-06-01T13:30:00+02:00Frank de Boer (CWI)tag:event.cwi.nl,2021-06-01:/acg/presentations/symbolic-execution-formally-explained<p>The topic of this talk is a formal explanation of symbolic execution in terms of a symbolic transition system and prove its correctness and completeness with respect to an operational semantics which models the execution on concrete values. I will first introduce a formal model for a basic programming language …</p><p>The topic of this talk is a formal explanation of symbolic execution in terms of a symbolic transition system and prove its correctness and completeness with respect to an operational semantics which models the execution on concrete values. I will first introduce a formal model for a basic programming language with a statically fixed number of programming variables. This model is extended to a programming language with recursive procedures which are called by a call-by-value parameter mechanism. Finally, I will introduce a more general formal framework for proving the soundness and completeness of the symbolic execution of a basic object-oriented language which features dynamically allocated variables. </p>Verification of Distributed Epistemic Gossip Protocols (2)2021-05-18T13:30:00+02:002021-05-18T13:30:00+02:00Krzysztof R. Apt (CWI)tag:event.cwi.nl,2021-05-18:/acg/presentations/verification-of-distributed-epistemic-gossip-protocols-2<p>Gossip protocols are concerned with the spread of knowledge in a
social network. They aim at arriving, by means of point-to-point or
group communications, at a situation in which all agents know each
other's secrets.</p>
<p>We consider distributed gossip protocols that are expressed in a
simple programming language that employs …</p><p>Gossip protocols are concerned with the spread of knowledge in a
social network. They aim at arriving, by means of point-to-point or
group communications, at a situation in which all agents know each
other's secrets.</p>
<p>We consider distributed gossip protocols that are expressed in a
simple programming language that employs epistemic logic (for instance
in statements such as `if I do not know whether agent i knows my
secret I communicate it to him'). They are examples of so-called
knowledge-based programs.</p>
<p>To discuss these protocols we introduce an appropriate epistemic logic
and its semantics. These distributed epistemic gossip protocols are
implementable and their partial correctness, termination, and two
forms of fair termination are decidable.</p>
<p>We also analyze various forms of communication and their impact on the
agents' knowledge, and discuss some open problems.</p>
<p>The talk is based on joint works with Davide Grossi, Wiebe van der
Hoek, and Dominik Wojtczak. The relevant references can be found at
https://arxiv.org/abs/1907.09097 ,
https://arxiv.org/abs/1807.05283 , and
https://jair.org/index.php/jair/article/view/11204</p>On Dynamic Software Updates2021-05-04T13:30:00+02:002021-05-04T13:30:00+02:00Kasper Dokter (CWI)tag:event.cwi.nl,2021-05-04:/acg/presentations/on-dynamic-software-updates<p>Software updates are dynamic if they are applied at run time. In this talk, we
present ongoing work on dynamic updates for modular software. In the last
decades, most research on dynamic software updates propose a practical update
framework for specific monolithic software (such as C or Java programs). In …</p><p>Software updates are dynamic if they are applied at run time. In this talk, we
present ongoing work on dynamic updates for modular software. In the last
decades, most research on dynamic software updates propose a practical update
framework for specific monolithic software (such as C or Java programs). In our
work, we take a theoretical approach and study dynamic updates of a general
system. We provide a formal definition of an update in terms of (local) trace
theory, and distinguish between atomic updates and incremental updates. An
atomic update stops the software, applies the update, and restarts the software.
We consider atomic updates to be correct by construction. An incremental update
can upgrade one or more parts of the software to a new version, while other
parts still run the old version. Correctness of incremental updates is
non-trivial and we propose a notion of correctness for incremental updates. We
present two (abstract) update strategies and justify their correctness. Finally,
we give some hints on how our update framework can be implemented in a
microservices architecture, such as Kubernetes.</p>Reasoning about call-by-value recursive procedures in Hoare logic2021-04-06T13:30:00+02:002021-04-06T13:30:00+02:00Hans-Dieter Hiep(CWI)tag:event.cwi.nl,2021-04-06:/acg/presentations/reasoning-about-call-by-value-recursive-procedures-in-hoare-logic<p>Basic Hoare logic, without recursive procedures, admits proofs
of correctness that are linear in the size of the program under
consideration. This is why proof outlines, which annotate programs with
assertions that must hold of intermediate states, are so useful. In this
talk, we discuss how to reason about programs …</p><p>Basic Hoare logic, without recursive procedures, admits proofs
of correctness that are linear in the size of the program under
consideration. This is why proof outlines, which annotate programs with
assertions that must hold of intermediate states, are so useful. In this
talk, we discuss how to reason about programs which have recursive
procedures, and how one traditionally verifies their correctness: using
proofs that are quadratic in the size of the program. But, in case of
call-by-value parameter passing, we can implode proofs by introducing
new proof rules, "contracts," and a beautiful proof normalization
procedure, leading again to proofs linear in the size of the program!</p>
<p>Collaborators: Krzysztof Apt, Frank de Boer</p>PwoP: Intrusion-Tolerant and Privacy-Preserving Sensor Fusion2021-03-23T13:30:00+01:002021-03-23T13:30:00+01:00Chenglu Jin (CWI)tag:event.cwi.nl,2021-03-23:/acg/presentations/pwop-intrusion-tolerant-and-privacy-preserving-sensor-fusion<p>We design and implement, PwoP, an efficient and scalable system for intrusion-tolerant and privacy-preserving multi-sensor fusion. PwoP develops and unifies techniques from dependable distributed systems and modern cryptography, and in contrast to prior works, can 1) provably defend against pollution attacks where some malicious sensors lie about their values to …</p><p>We design and implement, PwoP, an efficient and scalable system for intrusion-tolerant and privacy-preserving multi-sensor fusion. PwoP develops and unifies techniques from dependable distributed systems and modern cryptography, and in contrast to prior works, can 1) provably defend against pollution attacks where some malicious sensors lie about their values to sway the final result, and 2) perform within the computation and bandwidth limitations of cyber-physical systems.
PwoP is flexible and extensible, covering a variety of application scenarios. We demonstrate the practicality of our system using Raspberry Pi Zero W, and we show that PwoP is efficient in both failure-free and failure scenarios.</p>Integrating ADTs in KeY and their Application to History-based Reasoning2021-03-09T13:30:00+01:002021-03-09T13:30:00+01:00Jinting Bian (CWI)tag:event.cwi.nl,2021-03-09:/acg/presentations/integrating-adts-in-key-and-their-application-to-history-based-reasoning<p>We discuss integrating abstract data types (ADTs) in the KeY theorem
prover, and how to reason about the correctness of the Java Collection
interface using histories. We introduce a new method to model histories
logically (using the Isabelle theorem prover), and translate inferred
rules to user-defined taclets in KeY to …</p><p>We discuss integrating abstract data types (ADTs) in the KeY theorem
prover, and how to reason about the correctness of the Java Collection
interface using histories. We introduce a new method to model histories
logically (using the Isabelle theorem prover), and translate inferred
rules to user-defined taclets in KeY to improve reasoning. As a case
study, we prove the correctness of complex programs, that involve binary
methods and client code that operates on multiple objects. This is an
extension of our previous work on "History-based Specification and
Verification of Java Collection in KeY".</p>Scheduling Protocols2021-02-23T13:30:00+01:002021-02-23T13:30:00+01:00Kasper Dokter (CWI)tag:event.cwi.nl,2021-02-23:/acg/presentations/scheduling-protocols<p>Interactions amongst different processes in concurrent software are governed by
a protocol. The blocking I/O operations involved in a protocol may temporarily
suspend the execution of some processes in an application. Scheduling consists
of the allocation of available processors to the appropriate non-suspended
processes in an application, such that …</p><p>Interactions amongst different processes in concurrent software are governed by
a protocol. The blocking I/O operations involved in a protocol may temporarily
suspend the execution of some processes in an application. Scheduling consists
of the allocation of available processors to the appropriate non-suspended
processes in an application, such that some specified criteria (e.g., shortest
execution time or highest throughput) are met. We use a generic, game-theoretic
scheduling framework to find optimal non-preemptive schedules for an
application. We then show how such schedules themselves can be encoded as
protocols, which in our framework, can be composed with the original application
protocol. The resulting composed protocol restricts the number of ready
processes to the number of available processors, which enables standard
preemptive schedulers of modern operating-systems to closely approximate the
behavior and the performance of the optimal non-preemptive scheduler of the
application. We evaluate our work by comparing the throughput of two versions of
a cyclo-static dataflow network: one version with the usual protocol, and the
other version with a restricted protocol.</p>Problem of coordination in cyber-physical system2021-02-09T13:30:00+01:002021-02-09T13:30:00+01:00Benjamin Lion (CWI)tag:event.cwi.nl,2021-02-09:/acg/presentations/problem-of-coordination-in-cyber-physical-system<p>The design and analysis of cyber-physical systems bring many challenges, some of them resulting from
the difficulty to express within the same formalism the interaction between discrete (cyber) and
continuous (physical) processes.
We propose in this work a component based description of cyber-physical systems. Components abstract from
internal operations of …</p><p>The design and analysis of cyber-physical systems bring many challenges, some of them resulting from
the difficulty to express within the same formalism the interaction between discrete (cyber) and
continuous (physical) processes.
We propose in this work a component based description of cyber-physical systems. Components abstract from
internal operations of both cyber and physical processes to only expose sequences of observable events.
Algebraic operations are introduced to model interaction between components, and set the ground to build
expressions for cyber-physical systems. The problem of coordinating multiple cyber components
interacting through shared physical resources is finally presented.</p>Push-down automata and context-free grammars in bisimulation semantics2021-01-26T13:30:00+01:002021-01-26T13:30:00+01:00Jos Baeten (CWI)tag:event.cwi.nl,2021-01-26:/acg/presentations/push-down-automata-and-context-free-grammars-in-bisimulation-semantics<p>The Turing machine models an old-fashioned computer, that does not
interact with the user or with other computers, and only does batch processing.
Therefore, we came up with a Reactive Turing Machine that does not have these
shortcomings. In the Reactive Turing Machine, transitions have labels to give a
notion …</p><p>The Turing machine models an old-fashioned computer, that does not
interact with the user or with other computers, and only does batch processing.
Therefore, we came up with a Reactive Turing Machine that does not have these
shortcomings. In the Reactive Turing Machine, transitions have labels to give a
notion of interactivity. In the resulting transition systems, we use bisimilarity
instead of language equivalence.
Subsequently, we considered other classical theorems and notions from automata
theory and formal languages theory. In this paper, we consider the classical theorem
of the correspondence between pushdown automata and context-free grammars.
By changing the process operator of sequential composition to a sequencing
operator with intermediate acceptance, we get a better correspondence in our setting.
We find that the missing ingredient to recover the full correspondence is the
addition of a notion of state awareness.
<a href="https://ir.cwi.nl/pub/30302/">Link</a>.</p>Erasable PUFs: Formal Treatment and Generic Design2020-12-15T13:30:00+01:002020-12-15T13:30:00+01:00Chenglu Jin (CWI)tag:event.cwi.nl,2020-12-15:/acg/presentations/erasable-pufs-formal-treatment-and-generic-design<p>Physical Unclonable Functions (PUFs) have not only been suggested as new key storage mechanism, but in the form of so-called "Strong PUF" also as cryptographic primitives in advanced
schemes, including key exchange, oblivious transfer, or secure multiparty computation. This notably extends their application spectrum, and has led to a sequence …</p><p>Physical Unclonable Functions (PUFs) have not only been suggested as new key storage mechanism, but in the form of so-called "Strong PUF" also as cryptographic primitives in advanced
schemes, including key exchange, oblivious transfer, or secure multiparty computation. This notably extends their application spectrum, and has led to a sequence of publications at leading venues such as IEEE S&P, CRYPTO, and EUROCRYPT in the past. However, one important unresolved problem is that adversaries can break the security of all these advanced protocols if they gain
physical access to the employed Strong PUFs after protocol completion. It has been formally proven that this issue cannot be overcome by techniques on the protocol side alone, but requires
resolution on the hardware level the only fully effective known countermeasure being so-called Erasable PUFs. Building on this work, this paper is the first to describe a generic method how
any given silicon Strong PUF with digital CRP-interface can be turned into an Erasable PUF. We describe how the Strong PUF can be surrounded with a trusted control logic that allows the blocking (or "erasure") of single CRPs. We implement our approach, which we call "GeniePUF", on FPGA, reporting detailed performance data and practicality figures. Furthermore, we develop the first comprehensive definitional framework for Erasable PUFs. Our work so re-establishes the effective usability of Strong PUFs in advanced cryptographic applications, and in the realistic case adversaries get access to the Strong PUF after protocol completion.</p>Toward Secure Computing Environments2020-11-24T13:30:00+01:002020-11-24T13:30:00+01:00Marten van Dijk (CWI)tag:event.cwi.nl,2020-11-24:/acg/presentations/toward-secure-computing-environments<p>I will briefly explain the development of secure processor architectures in industry and academia – in particular, the impact of the Aegis and Ascend architectures in 2003 and 2012. This teaches us that minimizing the Trusted Computing Base in any architecture or system is a HW/SW/Crypto co-design in which …</p><p>I will briefly explain the development of secure processor architectures in industry and academia – in particular, the impact of the Aegis and Ascend architectures in 2003 and 2012. This teaches us that minimizing the Trusted Computing Base in any architecture or system is a HW/SW/Crypto co-design in which we combine HW isolation, efficient crypto, and small trusted SW kernels. This motivates current ongoing research trajectories which will also be described in general terms. </p>
<p>If time permits (but this seems unlikely), I will explain Oblivious RAM (ORAM), explain Path ORAM and its application to secure processor architectures, and we will revisit its definitional framework showing a Bogus ORAM which satisfies ORAM's orginal definition but defeats the whole purpose for introducing ORAM. (May be one/some of you like to collaborate and extend this into a paper.)</p>History-based Specification and Verification of Java Collections in KeY2020-11-10T13:30:00+01:002020-11-10T13:30:00+01:00Hans-Dieter Hiep (CWI)tag:event.cwi.nl,2020-11-10:/acg/presentations/history-based-specification-and-verification-of-java-collections-in-key<p>In this feasibility study we discuss reasoning about the correctness of Java interfaces using histories, with a particular application to Java's Collection interface. We introduce a new specification method (in the KeY theorem prover) using histories, that record method invocations and their parameters on an interface. We outline the challenges …</p><p>In this feasibility study we discuss reasoning about the correctness of Java interfaces using histories, with a particular application to Java's Collection interface. We introduce a new specification method (in the KeY theorem prover) using histories, that record method invocations and their parameters on an interface. We outline the challenges of proving client code correct with respect to arbitrary implementations, and describe a practical specification and verification effort of part of the Collection interface using KeY.</p>
<p>(Talk to be also virtually presented at iFM2020, 18th November 2020. Joint work with: Jinting Bian, Frank de Boer, Stijn de Gouw) </p>Overview of the Reowolf Project2020-10-27T13:30:00+01:002020-10-27T13:30:00+01:00Christopher Esterhuyse (CWI)tag:event.cwi.nl,2020-10-27:/acg/presentations/overview-of-the-reowolf-project<p>The Reowolf project introduces connectors as a replacement for BSD-style sockets for multi-party network programming. Connectors encourage applications to make explicit their requirements on the behavior of the session, by facilitating configuration using protocol code, expressed in a domain-specific protocol language (based on Reo). These protocols are retained, and shared …</p><p>The Reowolf project introduces connectors as a replacement for BSD-style sockets for multi-party network programming. Connectors encourage applications to make explicit their requirements on the behavior of the session, by facilitating configuration using protocol code, expressed in a domain-specific protocol language (based on Reo). These protocols are retained, and shared over the network, such that the underlying runtime and middleware can cooperate on realizing the session as safely, and efficiently as possible. The presentation summarizes the project's developments, and lays out promising directions for the sequel.</p>Safety, Precisely: Quasi-Multidimensional Dyck Languages and a Kleene Theorem2020-03-10T13:30:00+01:002020-03-10T13:30:00+01:00Luc Edixhoven (CWI)tag:event.cwi.nl,2020-03-10:/acg/presentations/safety-precisely-quasi-multidimensional-dyck-languages-and-a-kleene-theorem<p>The multiparty session types methodology is used to ensure safe communication between processes (i.e., every send should match a receive, in that order), but is conservative (and thus not complete) in the set of languages it considers as safe. To increase its expressiveness, we generalise the well-known Dyck languages …</p><p>The multiparty session types methodology is used to ensure safe communication between processes (i.e., every send should match a receive, in that order), but is conservative (and thus not complete) in the set of languages it considers as safe. To increase its expressiveness, we generalise the well-known Dyck languages (balanced parentheses, representing sends and receives) such that different types of parentheses can be arbitrarily interleaved instead of the usual hierarchical nesting, resulting in a class of context-sensitive languages, which we call quasi-multidimensional Dyck languages. Focusing on regular subsets of these languages, we give precise syntactic constraints on regular expressions and finite automata which are met iff they represent such a subset. Finally, we extend regular expressions with the multi-ary shuffle on trajectories operator (Mateescu et al.) to obtain what we call safe regular expressions, which we show to precisely represent the aforementioned regular subsets of quasi-multidimensional Dyck languages, allowing for type safety enforced directly through the grammar and thus for safety by construction.
</p>Discourje: Runtime Verification of Communication Protocols in Clojure2020-01-12T13:30:00+01:002020-01-12T13:30:00+01:00Sung-Shik Jongmans (CWI)tag:event.cwi.nl,2020-01-12:/acg/presentations/discourje-runtime-verification-of-communication-protocols-in-clojure<p>This talk presents Discourje: a runtime verification framework for communication protocols in Clojure. Discourje guarantees safety of protocol implementations relative to specifications, based on an expressive new version of multiparty session types. The framework has a formal foundation and is itself implemented in Clojure to offer a seamless specification-implementation experience …</p><p>This talk presents Discourje: a runtime verification framework for communication protocols in Clojure. Discourje guarantees safety of protocol implementations relative to specifications, based on an expressive new version of multiparty session types. The framework has a formal foundation and is itself implemented in Clojure to offer a seamless specification-implementation experience. Benchmarks show Discourje's overhead can be less than 5% for real/existing concurrent programs. This is joint work with Ruben Hamers, published in TACAS 2020. </p>Two Dimensional Turing Machines2019-12-17T14:30:00+01:002019-12-17T14:30:00+01:00Nachum Dershowitz (CWI)tag:event.cwi.nl,2019-12-17:/acg/presentations/two-dimensional-turing-machines<p>Turing in his immortal 1936 paper observed that “computing is normally done by writing… symbols on [two-dimensional] paper”, but that “the two-dimensional character of paper is no essential of computation.” I believe that the two-dimensional model is in fact much more intuitive than the standard one-dimensional version that we teach …</p><p>Turing in his immortal 1936 paper observed that “computing is normally done by writing… symbols on [two-dimensional] paper”, but that “the two-dimensional character of paper is no essential of computation.” I believe that the two-dimensional model is in fact much more intuitive than the standard one-dimensional version that we teach, and that it is readily programmable. In particular, programs for a two-dimensional Turing machine can themselves be recorded naturally in a two-dimensional format in such a transparent fashion that schoolchildren have no difficulty comprehending and emulating their behavior. Such a two-dimensional rendering allows, furthermore, for a most perspicacious rendering of Turing’s universal machine. </p>Well-Founded Unions2019-11-19T13:30:00+01:002019-11-19T13:30:00+01:00Nachum Dershowitz (CWI)tag:event.cwi.nl,2019-11-19:/acg/presentations/well-founded-unions<p>Given two or more well-founded binary relations, when can one be certain that their union is likewise well-founded? We provide conditions for an arbitrary number of relations, generalizing known conditions for two relations, along with counterexamples to several potential weakenings. Such conditions may be useful for proving termination of rewrite …</p><p>Given two or more well-founded binary relations, when can one be certain that their union is likewise well-founded? We provide conditions for an arbitrary number of relations, generalizing known conditions for two relations, along with counterexamples to several potential weakenings. Such conditions may be useful for proving termination of rewrite systems. (All proofs have been machine checked.)</p>
<p>Joint with Jeremy Dawson and Rajeev Goré</p>From Reo circuit to fast and safe Rust source2019-04-16T13:30:00+02:002019-04-16T13:30:00+02:00Christopher Esterhuyse (CWI)tag:event.cwi.nl,2019-04-16:/acg/presentations/from-reo-circuit-to-fast-and-safe-rust-source<p>The Reo compiler is able to translate a textual protocol specification into source code in several target languages. Currently, low-level systems languages such as Rust are not supported. In addition to easy inter-operation with C and C++, Rust's strict type system allow for highly expressive APIs that give stronger safety …</p><p>The Reo compiler is able to translate a textual protocol specification into source code in several target languages. Currently, low-level systems languages such as Rust are not supported. In addition to easy inter-operation with C and C++, Rust's strict type system allow for highly expressive APIs that give stronger safety assurances while achieving good performance at runtime. We discuss the (1) development of a type system for the Reo compiler such that affine and relevant types can be represented, (2) differences between the new and existing backends, and (3) changes to the runtime API for added safety and performance.</p>Reproducible Simulations, Trace Visualization and Model Exploration with Dynamic Partial Order Reduction in Real-Time ABS2019-03-12T13:30:00+01:002019-03-12T13:30:00+01:00Lars Tveito (Oslo)tag:event.cwi.nl,2019-03-12:/acg/presentations/reproducible-simulations-trace-visualization-and-model-exploration-with-dynamic-partial-order-reduction-in-real-time-abs<p>Local traces are our means for recording and (deterministically) replaying Real-Time ABS models. The traces capture communication between actors in a model, and a tool has been developed for visualizing them. From a given trace, we can generate new traces, that can be executed by the Real-Time ABS simulator; doing …</p><p>Local traces are our means for recording and (deterministically) replaying Real-Time ABS models. The traces capture communication between actors in a model, and a tool has been developed for visualizing them. From a given trace, we can generate new traces, that can be executed by the Real-Time ABS simulator; doing this exhaustively results in a stateless model checker. To avoid redundant model exploration, we apply a technique called dynamic partial order reduction, which establishes equivalence classes of traces. The exploration algorithm is implemented in a highly parallelizable manner, using a database to persistently store the state of the search. As future work, we plan to persist the object states along with the traces, where global properties can be asserted by the means of writing database queries.
</p>Formalizing the Semantics of Concurrent Revisions2019-02-19T13:30:00+01:002019-02-19T13:30:00+01:00Roy Overbeek (CWI)tag:event.cwi.nl,2019-02-19:/acg/presentations/formalizing-the-semantics-of-concurrent-revisions<p>Concurrent revisions is a concurrency control model developed by Microsoft Research. It has many interesting properties that distinguish it from other well-known models such as transactional memory. One of these properties is <i>determinacy</i>: programs written within the model always produce the same outcome, independent of scheduling. The concurrent revisions model …</p><p>Concurrent revisions is a concurrency control model developed by Microsoft Research. It has many interesting properties that distinguish it from other well-known models such as transactional memory. One of these properties is <i>determinacy</i>: programs written within the model always produce the same outcome, independent of scheduling. The concurrent revisions model has an operational semantics, with an informal proof of determinacy. I formalized the semantics and the proof of determinacy in the proof assistant Isabelle/HOL. A number of subtle ambiguities in the specification of the semantics were identified, whose resolution required the semantics to be modified. I also found a simplification of the determinacy proof. While the uncovered issues do not appear to correspond to bugs in existing implementations, the formalization highlights some of the challenges that are involved in the general design and verification of concurrency control models.</p>Yet Another Reo Semantics: Reasoning about Speculative Execution2018-09-25T13:30:00+02:002018-09-25T13:30:00+02:00Hans-Dieter Hiep (CWI & VU)tag:event.cwi.nl,2018-09-25:/acg/presentations/yet-another-reo-semantics-reasoning-about-speculative-execution<p>Speculative execution is a well-known technique that allows for the
optimization of concurrent systems. In this talk, we explore an
extension to Reo that allows reasoning about speculations, and introduce
a semantics based on a logical framework with data types and data
streams. Our semantics has the capability to detect …</p><p>Speculative execution is a well-known technique that allows for the
optimization of concurrent systems. In this talk, we explore an
extension to Reo that allows reasoning about speculations, and introduce
a semantics based on a logical framework with data types and data
streams. Our semantics has the capability to detect and handle
inconsistencies, which is important for speculative execution: if a
branch prediction was mistaken, an inconsistency is forced that could be
resolved by backtracking and reversing computation based on a false
speculation. We base our work on a novel typed language for compositions
and components. Along the way, we introduce new primitives, alongside
traditional Reo primitives: consensus, prophecy, and forcing. We explore
the properties of independence, progress, linearity, and causality,
arguing why they are fundamental to understand speculative executions.</p>Nerve Nets, Omega-regular Languages, and Reo2018-06-28T13:30:00+02:002018-06-28T13:30:00+02:00Benjamin Lion (CWI)tag:event.cwi.nl,2018-06-28:/acg/presentations/nerve-nets-omega-regular-languages-and-reo<p>In this talk we relate Reo to some fundamental results in computer science.</p>
<p>In 1951, S.C. Kleene detailed the construction of nerve nets, and characterized their behavior in terms of events occurring within a finite frame of time. He then proved that regular events are exactly the events generated …</p><p>In this talk we relate Reo to some fundamental results in computer science.</p>
<p>In 1951, S.C. Kleene detailed the construction of nerve nets, and characterized their behavior in terms of events occurring within a finite frame of time. He then proved that regular events are exactly the events generated by finite automata (where a finite automaton is defined as a generalization of nerve nets).[1]</p>
<p>Later, J.R. Büchi formalized the notion of events as a formula in a weak-second-order logic. He extended the notion of regularity to events occurring within an infinite frame of time. Büchi then presented similar analysis and synthesis arguments as in the Kleene's case of finite frame of time.[2]</p>
<p>We relate Reo to the results of Kleene and Büchi, and present some ideas for future work</p>
<p>[1] "Representation of events in nerve nets and finite automata", S.C.Kleene http://www.dlsi.ua.es/~mlf/nnafmc/papers/kleene56representation.pdf
[2] "Weak-second order arithmetic and finite automata", J.R. Büchi https://deepblue.lib.umich.edu/bitstream/handle/2027.42/3930/bab9796.0001.001.pdf</p>Verification of Distributed Epistemic Gossip Protocols2018-06-12T13:30:00+02:002018-06-12T13:30:00+02:00Krzysztof R. Apt (CWI)tag:event.cwi.nl,2018-06-12:/acg/presentations/verification-of-distributed-epistemic-gossip-protocols<p>Gossip protocols are concerned with the spread of knowledge in a
social network. They aim at arriving, by means of point-to-point or
group communications, at a situation in which all agents know each
other secrets.</p>
<p>We consider distributed gossip protocols that are expressed
in a simple programming language that employs …</p><p>Gossip protocols are concerned with the spread of knowledge in a
social network. They aim at arriving, by means of point-to-point or
group communications, at a situation in which all agents know each
other secrets.</p>
<p>We consider distributed gossip protocols that are expressed
in a simple programming language that employs epistemic logic (for
instance in statements such as `if I do not know whether agent i knows
my secret I communicate it to him').</p>
<p>To discuss these protocols we introduce an appropriate epistemic
logic. Its semantics and its truth relation turn out to be decidable.
This implies that the epistemic distributed gossip protocols are
implementable and that their partial correctness, termination
and two forms of fair termination are decidable.</p>
<p>The talk is based on joint works with Davide Grossi, Wiebe van der Hoek,
and Dominik Wojtczak. The relevant references can be found at
https://arxiv.org/abs/1606.07516 and
https://jair.org/index.php/jair/article/view/11204</p>A Scala Library for Actor-Based Cooperative Scheduling2018-05-23T13:30:00+02:002018-05-23T13:30:00+02:00Vlad Serbanescu (CWI)tag:event.cwi.nl,2018-05-23:/acg/presentations/a-scala-library-for-actor-based-cooperative-scheduling<p>Actor-based models of computation in general assume a run-to-completion mode of execution of the messages. The Abstract Behavioral Specification (ABS) Language extends the Actor-based model with a high-level synchronization mechanism which allows actors to suspend the execution of the current message and schedule in a cooperative manner another queued message …</p><p>Actor-based models of computation in general assume a run-to-completion mode of execution of the messages. The Abstract Behavioral Specification (ABS) Language extends the Actor-based model with a high-level synchronization mechanism which allows actors to suspend the execution of the current message and schedule in a cooperative manner another queued message. We introduce and evaluate a new library in Scala inspired by ABS that provides static typing of message passing, integrates futures with actors and supports cooperative scheduling. The main challenge is the development of an efficient and scalable implementation of cooperative scheduling.</p>Compilation of Reo protocols2018-05-02T13:30:00+02:002018-05-02T13:30:00+02:00Kasper Dokter (CWI)tag:event.cwi.nl,2018-05-02:/acg/presentations/compilation-of-reo-protocols<p>Reo is an interaction-centric model of concurrency for compositional specification of communication and coordination protocols. Recently, Jongmans developed techniques to compile Reo protocols into executable code. Benchmarks show that compilation of Reo protocols can produce code whose performance is comparable or even beats that of hand-crafted programs. Unfortunately, Jongmans' techniques …</p><p>Reo is an interaction-centric model of concurrency for compositional specification of communication and coordination protocols. Recently, Jongmans developed techniques to compile Reo protocols into executable code. Benchmarks show that compilation of Reo protocols can produce code whose performance is comparable or even beats that of hand-crafted programs. Unfortunately, Jongmans' techniques do not scale well for some families of Reo protocols. In this talk, we report the latest advances made on compilation of Reo protocols. We present a compiler that can generate code for previously infeasible Reo protocols. Along the way, we introduce the Treo language, which aims to standardize the textual representation of Reo.</p>Gossip In NetKAT2018-04-04T13:30:00+02:002018-04-04T13:30:00+02:00Jana Wagemaker (CWI)tag:event.cwi.nl,2018-04-04:/acg/presentations/gossip-in-netkat<p>In this talk we will combine the study of NetKAT with the study of dynamic gossip. The talk is largely based on my master thesis, but as I am currently working on this will also contain some work in progress and loose ends. NetKAT is a sound and complete network …</p><p>In this talk we will combine the study of NetKAT with the study of dynamic gossip. The talk is largely based on my master thesis, but as I am currently working on this will also contain some work in progress and loose ends. NetKAT is a sound and complete network programming language based on Kleene algebra with tests, originally used to describe packets traveling through networks. It has a coalgebraic decision procedure deciding NetKAT equivalences. Dynamic gossip is a field in which it is studied how information spreads through a gossip graph, where the links in the gossip graph are changeable (dynamic). So far no sound and complete logic is available that describes dynamic gossip in a satisfactory way. In my thesis I explored the application of NetKAT to dynamic gossip. We will see that a change of perspective on NetKAT in which we keep track of the state of the switches in a network allows us to use NetKAT to model the Learn New Secrets Protocol, which is one of many gossip protocols. The addition to NetKAT to keep track of the state of switches is formalised and shown to remain sound and complete with respect to the packet-processing model. We will see how to formalise various notions from dynamic gossip in NetKAT, strengthening the claim that NetKAT can be used to model gossip. We will end the talk looking at the current state of affairs: can NetKAT be used to tell us anything new about dynamic gossip, could we give alternative proofs for known results of gossip and can we achieve some benchmark results using our own implementation in Haskell combined with the existing NetKAT implementation in OCaml.</p>Partially Commutative Monoids and Computational Content of Classical Logic2018-03-21T13:30:00+01:002018-03-21T13:30:00+01:00Hans-Dieter Hiep (CWI & VU)tag:event.cwi.nl,2018-03-21:/acg/presentations/partially-commutative-monoids-and-computational-content-of-classical-logic<p>Today's formal methods are proof and type systems. <br />
As appetite, we give a very broad outline of interactive theorem proving and a perspective on software correctness of distributed systems.<br />
As starter, we consider freely generated algebraic structures, such as (several varieties of) monoids: CM, PCM, ICM.<br />
The main course of …</p><p>Today's formal methods are proof and type systems. <br />
As appetite, we give a very broad outline of interactive theorem proving and a perspective on software correctness of distributed systems.<br />
As starter, we consider freely generated algebraic structures, such as (several varieties of) monoids: CM, PCM, ICM.<br />
The main course of the talk is discussing the computational content of classical logic:<br />
(A) We shortly consider simply-typed lambda calculus and its type system, relating it to minimal natural deduction.<br />
(B) We extend lambda calculus with a control operator, relating it to classical natural deduction.<br />
(C) We argue that sequent calculus formalizes certain implicit notions in natural deduction, and can be considered a meta-proof system.<br />
(D) We relate the syntactical structure of sequents to the monoids we have seen as starter.<br />
(E) We introduce focus, polarity, and generalized type connectives. We will see data and codata.<br />
(F) We explain the mu-mu-calculus, relating it to classical sequent calculus.<br />
(G) We argue that codata is related to object-orientated programming languages.<br />
Dessert: plan, future work and curiosities such as kinds, dependent types, hypersequents.<br /></p>Deadlock Detection for Actor-based Coroutines2018-02-07T14:00:00+01:002018-02-07T14:00:00+01:00Keyvan Azadbakht (CWI)tag:event.cwi.nl,2018-02-07:/acg/presentations/deadlock-detection-for-actor-based-coroutines<p>The actor-based language studied in this research features asynchronous method calls and supports coroutines which allow for the cooperative scheduling of the method invocations belonging to an actor. We model the local behavior of an actor as a well-structured transition system by means of predicate abstraction and derive the decidability …</p><p>The actor-based language studied in this research features asynchronous method calls and supports coroutines which allow for the cooperative scheduling of the method invocations belonging to an actor. We model the local behavior of an actor as a well-structured transition system by means of predicate abstraction and derive the decidability of the occurrence of deadlocks caused by the coroutine mode of method execution.</p>Scheduling of Parallel Applications2016-05-31T14:00:00+02:002016-05-31T14:00:00+02:00Kasper Dokter (CWI)tag:event.cwi.nl,2016-05-31:/acg/presentations/scheduling-of-parallel-applications<p>Most parallel applications leave the scheduling problem of their constituent processes to a general purpose scheduler, such as an operating system scheduler. Generally, constituent processes of a parallel application interact. For example, one process interacts with another by using its produced data. These interactions of processes introduce dependencies amongst them …</p><p>Most parallel applications leave the scheduling problem of their constituent processes to a general purpose scheduler, such as an operating system scheduler. Generally, constituent processes of a parallel application interact. For example, one process interacts with another by using its produced data. These interactions of processes introduce dependencies amongst them. However, general purpose schedulers are unaware of these dependencies, which can have negative impact the performance of the application. The work presented in this talk aims to overcome this deficiency by synthesizing interaction-aware schedulers for parallel applications.</p>2APL: Expressiveness in Concurrency: The Case of Session-Typed Processes2016-01-19T14:00:00+01:002016-01-19T14:00:00+01:00Jorge A. Pérez (RUG)tag:event.cwi.nl,2016-01-19:/acg/presentations/2apl-expressiveness-in-concurrency-the-case-of-session-typed-processes<p>The expressiveness of models of concurrency has intrigued researchers
for a number of years now. In particular, studies on the
expressiveness of process calculi (such as CCS and the pi-calculus)
have had considerable impact. The interest is in questions such as,
e.g., under what conditions two process languages C …</p><p>The expressiveness of models of concurrency has intrigued researchers
for a number of years now. In particular, studies on the
expressiveness of process calculi (such as CCS and the pi-calculus)
have had considerable impact. The interest is in questions such as,
e.g., under what conditions two process languages C and C' can express
the same behaviors? It is fair to say that formal answers to such
questions are (still) quite relevant in concurrency theory at large.</p>
<p>Now, process models are increasingly being developed with (behavioral)
typed systems that discipline the behavior of processes. This raises,
once again, the issue of their expressiveness, now with an additional
dimension (i.e., types) playing an explicit role. We would like to
know, e.g., when is that two typed process languages L and L' can
express the same behaviors, but also how their associated type systems
influence expressiveness relations.</p>
<p>In this talk, I will discuss the general problem of "typed
expressiveness" in concurrency. In particular, I will describe recent
works in which we formally compare the expressiveness of the
pi-calculus coupled with session type systems for structured
communications. If time permits, I will discuss some open challenges.</p>Investigating Cooperative Scheduling in Parallel and Distributed Systems2015-12-08T14:00:00+01:002015-12-08T14:00:00+01:00Vlad Serbanescu (CWI)tag:event.cwi.nl,2015-12-08:/acg/presentations/investigating-cooperative-scheduling-in-parallel-and-distributed-systems<p>Our ongoing work focuses on an efficient solution to implement cooperative scheduling models through a user-friendly library written using Java 8. This library translates code written in a modelling language named the Abstract Behavioural Specification Language, into executable Java code. We investigate the issues raised by nested parallelism and the …</p><p>Our ongoing work focuses on an efficient solution to implement cooperative scheduling models through a user-friendly library written using Java 8. This library translates code written in a modelling language named the Abstract Behavioural Specification Language, into executable Java code. We investigate the issues raised by nested parallelism and the need to save call stacks, and look at how thread explosion affects performance of concurrent programs translated in Java. Currently we have a model for method invocation such that they can be translated into lambda expressions introduced in Java 8 and avoid the creation of a large number of threads significantly improving memory usage and execution time. </p>Equations and coequations for deterministic automata2015-11-03T14:00:00+01:002015-11-03T14:00:00+01:00Julian Salamanca (CWI)tag:event.cwi.nl,2015-11-03:/acg/presentations/equations-and-coequations-for-deterministic-automata<p>In this talk we will define the notion of equations and coequations for deterministic automata and, with the aid of some examples, we define what it means for a deterministic automaton to satisfy a set of equations or coequations. We will show a correspondence between sets of equations and coequations …</p><p>In this talk we will define the notion of equations and coequations for deterministic automata and, with the aid of some examples, we define what it means for a deterministic automaton to satisfy a set of equations or coequations. We will show a correspondence between sets of equations and coequations and show how this corresponce characterize the same classes of deterministic automata.
</p>Composing Constraint Automata, State-by-State2015-10-06T14:00:00+02:002015-10-06T14:00:00+02:00Tobias Kappé (CWI)tag:event.cwi.nl,2015-10-06:/acg/presentations/composing-constraint-automata-state-by-state<p>When composing Constraint Automata by means of the product, one can run into cases where the amount of resources necessary grows exponentially in the number of automata. If the Constraint Automaton being calculated requires an exponential number of states by its very nature, this is not surprising. However, there are …</p><p>When composing Constraint Automata by means of the product, one can run into cases where the amount of resources necessary grows exponentially in the number of automata. If the Constraint Automaton being calculated requires an exponential number of states by its very nature, this is not surprising. However, there are cases where such growth is observed in intermediate products even though the final product requires a number of states that grows linearly in the number of automata. We employ a state-by-state approach to calculate the product and analyze the cases in which exponential growth of intermediary products is prevented, as opposed to the cases where it remains.</p>eScience, Theory and Experience2014-10-28T13:30:00+01:002014-10-28T13:30:00+01:00Mohammad Mahdi Jaghoori (CWI)tag:event.cwi.nl,2014-10-28:/acg/presentations/escience-theory-and-experience<p>eScience, or enabling science, involves the theory and practice of how
to enable scientists from different domains to take advantage of the
latest advancements in computer science and technology. This is mainly
achieved via science gateways, also known as virtual research
environments, which hide the technical details of accessing and …</p><p>eScience, or enabling science, involves the theory and practice of how
to enable scientists from different domains to take advantage of the
latest advancements in computer science and technology. This is mainly
achieved via science gateways, also known as virtual research
environments, which hide the technical details of accessing and
exploiting available infrastructures by exposing only domain-specific
concepts understandable by the scientists (end-users). Currently at
the AMC, the eScience team (http://www.ebioscience.amc.nl) supports
biologists at the radiology and biochemistry departments, among
others, by developing customized science gateways. In this talk, I
will reflect upon the experiences and advancements of the eScience
team in the past years. </p>Virtual Prototyping for Cyber Physical Systems2014-08-26T13:30:00+02:002014-08-26T13:30:00+02:00Vania Joloboff (LIAMA / Shanghai ECNU)tag:event.cwi.nl,2014-08-26:/acg/presentations/virtual-prototyping-for-cyber-physical-systems<p>Virtual Prototyping is the technology that makes it possible to
develop a virtual prototype of a system under design and explore the
system design space, including hardware and software. The real
application software can be run over the virtual prototype platform
and outputs the same results as the real system …</p><p>Virtual Prototyping is the technology that makes it possible to
develop a virtual prototype of a system under design and explore the
system design space, including hardware and software. The real
application software can be run over the virtual prototype platform
and outputs the same results as the real system.</p>
<p>The core of a virtual prototyping platform is a simulation engine
that emulates the hardware behaviour by running simulation models.
As the goal is to ultimately prove that the system meets the requirements,
a virtual prototyping platform has better be associated with formal methods
tools to establish such proofs.</p>
<p>In this talk, I will introduce the techniques used in general in virtual
prototyping, and in particular in the SimSoC framework that we develop.
I will describe the research results we have achieved in the past few years,
our connections with formal methods, and the research directions
for which we are seeking collaborative research.
</p>A new method for verification of transition systems is presented - part 22014-07-30T13:30:00+02:002014-07-30T13:30:00+02:00Kokichi Futatsugi (Japan Advanced Institute of Science and Technology)tag:event.cwi.nl,2014-07-30:/acg/presentations/a-new-method-for-verification-of-transition-systems-is-presented-part-2<p>The state space of a transition system is defined as a quotient set
(i.e. a set of equivalence classes) of terms of a top most sort State,
and the transitions are defined with conditional rewrite rules over
the quotient set. A property to be verified is either (1) an …</p><p>The state space of a transition system is defined as a quotient set
(i.e. a set of equivalence classes) of terms of a top most sort State,
and the transitions are defined with conditional rewrite rules over
the quotient set. A property to be verified is either (1) an
invariant (i.e. a state predicate that is valid for all reachable
states) or (2) a (p leads-to q) property for two state predicates p
and q. Where (p leads-to q) means that from any reachable state s
with (p(s) = true) the system will get into a state t with (q(t) =
true) no matter what transition sequence is taken.</p>
<p>Verification is achieved by developing proof scores in CafeOBJ.
Sufficient verification conditions are formalized for verifying
invariants and (p leads-to q) properties. For each verification
condition, a proof score is constructed to (1) generate a finite set
of state patterns that covers all possible infinite states and (2)
check validity of the verification condition for all the covering
state patterns by reductions.</p>
<p>The method achieves significant automation of proof score
developments.
</p>A new method for verification of transition systems is presented - part 12014-07-02T13:30:00+02:002014-07-02T13:30:00+02:00Kokichi Futatsugi (Japan Advanced Institute of Science and Technology)tag:event.cwi.nl,2014-07-02:/acg/presentations/a-new-method-for-verification-of-transition-systems-is-presented-part-1<p>The state space of a transition system is defined as a quotient set
(i.e. a set of equivalence classes) of terms of a top most sort State,
and the transitions are defined with conditional rewrite rules over
the quotient set. A property to be verified is either (1) an …</p><p>The state space of a transition system is defined as a quotient set
(i.e. a set of equivalence classes) of terms of a top most sort State,
and the transitions are defined with conditional rewrite rules over
the quotient set. A property to be verified is either (1) an
invariant (i.e. a state predicate that is valid for all reachable
states) or (2) a (p leads-to q) property for two state predicates p
and q. Where (p leads-to q) means that from any reachable state s
with (p(s) = true) the system will get into a state t with (q(t) =
true) no matter what transition sequence is taken.</p>
<p>Verification is achieved by developing proof scores in CafeOBJ.
Sufficient verification conditions are formalized for verifying
invariants and (p leads-to q) properties. For each verification
condition, a proof score is constructed to (1) generate a finite set
of state patterns that covers all possible infinite states and (2)
check validity of the verification condition for all the covering
state patterns by reductions.</p>
<p>The method achieves significant automation of proof score
developments.
</p>Quantitative formalisms of regularity, a partial survey2014-05-20T13:30:00+02:002014-05-20T13:30:00+02:00Jean-Eric Pin (CNRS-LIAFA)tag:event.cwi.nl,2014-05-20:/acg/presentations/quantitative-formalisms-of-regularity-a-partial-survey<p>Abstract. The question of extending the concept of regularity to a
more quantitative setting has been considered since the origins of
formal language theory and a large number of solutions to this
question have been proposed. In in this lecture, I will review only a
part of them. First, I …</p><p>Abstract. The question of extending the concept of regularity to a
more quantitative setting has been considered since the origins of
formal language theory and a large number of solutions to this
question have been proposed. In in this lecture, I will review only a
part of them. First, I will explain the equivalence between weighted
automata, rational formal power series and matrix representations in a
general setting. In the second part of the lecture, I will focus on
quantitative formalisms using a (min, +) or (max, +) setting, like
distance automata and the more recent notion of cost function. </p>SE4MCP with Reo Part 22014-04-29T13:30:00+02:002014-04-29T13:30:00+02:00Sung-Shik Jongmans (CWI)tag:event.cwi.nl,2014-04-29:/acg/presentations/se4mcp-with-reo-part-2<p>A promising new application domain for coordination languages is
programming protocols among threads in multi-core programs:
coordination languages typically provide high-level constructs and
abstractions that more easily compose into correct---with respect to a
programmer's intentions---protocol specifications than do low-level
synchronization constructs provided by conventional languages (e.g.,
locks, semaphores, etc …</p><p>A promising new application domain for coordination languages is
programming protocols among threads in multi-core programs:
coordination languages typically provide high-level constructs and
abstractions that more easily compose into correct---with respect to a
programmer's intentions---protocol specifications than do low-level
synchronization constructs provided by conventional languages (e.g.,
locks, semaphores, etc.). In fact, not only do coordination languages
simplify programming protocols, but their high-level constructs and
abstractions also leave more room for compilers to perform novel
optimizations in mapping protocol specifications to lower-level
instructions. A crucial step toward adoption of coordination languages
for multi-core protocol programming is the development of such
compiler technology: programmers must have tools to generate efficient
code for high-level protocol specifications. In this talk, I present
ongoing work on compilation techniques for the graphical coordination
language Reo. This is joint work with Farhad Arbab, Sean Halle, and
Francesco Santini. </p>A decomposition theorem for finite monoid actions2014-04-15T13:30:00+02:002014-04-15T13:30:00+02:00Enric Cosme Llopez (University of Valencia)tag:event.cwi.nl,2014-04-15:/acg/presentations/a-decomposition-theorem-for-finite-monoid-actions<p>Groups actions over sets became a powerful tool for the study of the
inner structure of groups. The study of basic concepts such as orbit
or stabilizer leads to the canonical bijection between the orbits of
an action and the corresponding set of cosets of the group. This
fundamental result …</p><p>Groups actions over sets became a powerful tool for the study of the
inner structure of groups. The study of basic concepts such as orbit
or stabilizer leads to the canonical bijection between the orbits of
an action and the corresponding set of cosets of the group. This
fundamental result becomes very useful on a big amount of problems not
only in combinatorics but also in the structural study of groups.</p>
<p>On the other hand, the development of computer science has grown the
interest of the mathematical community in monoids, which can be
considered somehow the first step in the study of groups. Although the
generalization of actions to monoids does not changes the original
definition, they do not much resemble group actions. The goal of this
talk is to present a decomposition theorem in the finite case.
</p>Social Network Simulation Part I: Model Selection for Realistic Social Network Generation2014-03-25T14:00:00+01:002014-03-25T14:00:00+01:00Sadegh Aliakbary (Sharif University of Technology)tag:event.cwi.nl,2014-03-25:/acg/presentations/social-network-simulation-part-i-model-selection-for-realistic-social-network-generation<p>Nowadays, social networks appear in different forms in various
domains. Online social networks, mobile communication networks,
co-authoring networks and human interactions in real life are some
examples of social networks. Today, analysis of dynamics and evolution
of social networks is an important field of research. In this area,
computer simulation …</p><p>Nowadays, social networks appear in different forms in various
domains. Online social networks, mobile communication networks,
co-authoring networks and human interactions in real life are some
examples of social networks. Today, analysis of dynamics and evolution
of social networks is an important field of research. In this area,
computer simulation is become a powerful method and Agent Based Social
Simulation (ABSS) is the dominant method. In many social network
simulation applications, the actual network is not available. For
example, when we want to simulate the influences of the friend opinion
in a friendship network, the graph of the real friendship network in
the society is probably missing. In this situation, one of the
prerequisites for simulating social networks is the generation of
artificial networks that are similar to real social networks. Real
networks exhibit nontrivial topological features (such as heavy-tailed
degree distribution, high clustering, and small-world property) that
distinguish them from random graphs. Researchers have developed
several generative models for synthesizing artificial networks that
are structurally similar to real networks. In this context, an
important research problem is to identify the generative model that
best fits to a target network. We investigate this problem and our
goal is to select the model that is able to generate graphs similar to
a given network instance. By the means of generating synthetic
networks with existing generative models, we have utilized machine
learning methods to develop rules for model selection. Our proposed
methods outperform existing methods with respect to accuracy and
scalability. </p>Compositional metric reasoning with Probabilistic Process Calculi2014-02-25T14:00:00+01:002014-02-25T14:00:00+01:00Daniel Gebler (CWI)tag:event.cwi.nl,2014-02-25:/acg/presentations/compositional-metric-reasoning-with-probabilistic-process-calculi<p>Probabilistic process calculi are algebraic theories to specify and
verify probabilistic concurrent systems. Bisimulation metric is a
fundamental semantic notion that defines the behavioral distance of
probabilistic processes. We study which operators of probabilistic
process calculi allow for compositional reasoning with respect to
bisimulation metric semantics. Moreover, we characterize the …</p><p>Probabilistic process calculi are algebraic theories to specify and
verify probabilistic concurrent systems. Bisimulation metric is a
fundamental semantic notion that defines the behavioral distance of
probabilistic processes. We study which operators of probabilistic
process calculi allow for compositional reasoning with respect to
bisimulation metric semantics. Moreover, we characterize the distance
between probabilistic processes composed by standard process algebra
operators. </p>Towards Practical Verification of Dynamically Typed Programs2014-02-11T14:30:00+01:002014-02-11T14:30:00+01:00Bjoern Engelmann (Universität Oldenburg)tag:event.cwi.nl,2014-02-11:/acg/presentations/towards-practical-verification-of-dynamically-typed-programs<p>Dynamically typed languages enable programmers to write elegant,
reusable and extendable programs. Recently, some progress has been
made regarding their verification. However, the user is currently
required to manually show the absence of type errors, a tedious task
usually involving large amounts of repetitive work.</p>
<p>As most dynamically typed programs …</p><p>Dynamically typed languages enable programmers to write elegant,
reusable and extendable programs. Recently, some progress has been
made regarding their verification. However, the user is currently
required to manually show the absence of type errors, a tedious task
usually involving large amounts of repetitive work.</p>
<p>As most dynamically typed programs only occasionally divert from what
would also be possible in statically typed languages, properly designed
type inference algorithms should be able to supply the missing type
information in most cases. We propose integrating a certified type
inference algorithm into an interactive verification environment in order to
a) provide a layer of abstraction, allowing the users to verify their
programs like in a statically typed language whenever possible and
b) use verification results to improve type inference and thus allow
type checking of difficult cases.</p>
<p>Additionally, the common idiom of interacting with polymorphic data in
such languages poses another challenge for verification. Some ideas for
verifying such polymorphic methods in a type-independent way will also
be discussed.</p>
<p>As this is work in progress, we will present our approach rather
informally on the basis of small examples.
</p>A formalization of bisimulation-up-to techniques and their meta-theory2014-01-14T14:00:00+01:002014-01-14T14:00:00+01:00Matteo Cimini (École polytechnique)tag:event.cwi.nl,2014-01-14:/acg/presentations/a-formalization-of-bisimulation-up-to-techniques-and-their-meta-theory<p>Bisimilarity of two processes is formally established by producing a
bisimulation relation, i.e. a set of pairs of process expressions that
contains those two processes and obeys certain closure properties. In
many situations, particularly when the underlying labeled transition
system is unbounded, these bisimulation relations can be large and …</p><p>Bisimilarity of two processes is formally established by producing a
bisimulation relation, i.e. a set of pairs of process expressions that
contains those two processes and obeys certain closure properties. In
many situations, particularly when the underlying labeled transition
system is unbounded, these bisimulation relations can be large and
even infinite. The bisimulation-up-to technique has been developed to
reduce the size of the relations to exhibit while retaining soundness,
that is, the guarantee of the existence of a bisimulation. Such
techniques make defining candidate relations easier and they
significantly reduce the amount of work in proofs. Furthermore, they
are increasingly becoming a crucial ingredient in the automated
checking of bisimilarity. In this talk, we present our experience in
using the Abella theorem prover for the formalization of the meta
theory of several major bisimulation-up-to techniques for the process
calculi CCS and the pi-calculus. Our formalization is based on recent
work on the proof theory of least and greatest fixpoints for
accommodating the heavy use of coinductively defined relations and
coinductive proofs about such relations. An important feature of our
formalization is that our definitions and proofs are, in most cases,
straightforward translations of published informal definitions, and
our proofs clarify several technical details of the informal
descriptions. The presence of binders, as in the pi-calculus, is
notoriously a delicate aspect to treat in formal proofs but we show
that the underlying proof theoretic foundations of Abella makes it
possible to smoothly lift the results from CCS to the
pi-calculus. This is thanks to the use of lambda-tree syntax and
generic reasoning through the nabla quantifier. </p>Automata learning: a categorical perspective2014-01-07T14:00:00+01:002014-01-07T14:00:00+01:00Alexandra Silva (Radboud University Nijmegen & CWI)tag:event.cwi.nl,2014-01-07:/acg/presentations/automata-learning-a-categorical-perspective<p>Automata learning is a known technique to infer a finite state machine
from a set of observations. In this paper, we revisit Angluin's
original algorithm from a categorical perspective. This abstract view
on the main ingredients of the algorithm lays a uniform framework to
derive algorithms for other types of …</p><p>Automata learning is a known technique to infer a finite state machine
from a set of observations. In this paper, we revisit Angluin's
original algorithm from a categorical perspective. This abstract view
on the main ingredients of the algorithm lays a uniform framework to
derive algorithms for other types of automata. We show a
straightforward generalization to Moore and Mealy machines, which
yields an algorithm already know in the literature, and we discuss
generalizations to other types of automata, including weighted
automata.</p>
<p>This is joint work with Bart Jacobs.
</p>Arden's rule and the Kleene-Schützenberger theorem2013-12-03T14:00:00+01:002013-12-03T14:00:00+01:00Joost Winter (CWI)tag:event.cwi.nl,2013-12-03:/acg/presentations/ardens-rule-and-the-kleene-schutzenberger-theorem<p>We will take a look at a classical result by Schützenberger,
generalizing Kleene's theorem to formal power series, and give a proof
of this result that closely resembles Rutten's coinductive proof of
Kleene's theorem (1998). It turns out that the key ingredient of a
proof consists of a combination of …</p><p>We will take a look at a classical result by Schützenberger,
generalizing Kleene's theorem to formal power series, and give a proof
of this result that closely resembles Rutten's coinductive proof of
Kleene's theorem (1998). It turns out that the key ingredient of a
proof consists of a combination of induction with application of
Arden's rule, guaranteeing the existence of unique solutions to
certain types of systems of equations. </p>Leaving Traces: A Sound and Complete Trace Logic for Concurrent Constraint Programs2013-11-19T14:00:00+01:002013-11-19T14:00:00+01:00Frank de Boer (CWI & LIACS)tag:event.cwi.nl,2013-11-19:/acg/presentations/leaving-traces-a-sound-and-complete-trace-logic-for-concurrent-constraint-programs<p>Concurrent constraint programs operate on data which is represented by
a constraint of a given cylindric constraint system. Such a system
provides an algebraic representation of first-order logic. It
features a (binary) entailment relation, a binary union operation for
adding information (formally defined as the least upper bound of two …</p><p>Concurrent constraint programs operate on data which is represented by
a constraint of a given cylindric constraint system. Such a system
provides an algebraic representation of first-order logic. It
features a (binary) entailment relation, a binary union operation for
adding information (formally defined as the least upper bound of two
constraints with respect to the entailment relation) and, and finally,
existential quantification of variables.</p>
<p>In this lecture we discuss a sound and complete proof theory based on traces
of input/output constraints for reasoning
about the correctness of concurrent constraint programs.</p>Combining Bialgebraic Semantics and Equations2013-11-12T15:15:00+01:002013-11-12T15:15:00+01:00Jurriaan Rottag:event.cwi.nl,2013-11-12:/acg/presentations/combining-bialgebraic-semantics-and-equations<p>Combining Bialgebraic Semantics and Equations</p>
<p>It was observed by Turi and Plotkin that structural operational semantics can be studied at the level of universal coalgebra, providing specification formats for well-behaved operations at a general level. We extend this framework with non-structural assignment rules which can express, for example, the syntactic …</p><p>Combining Bialgebraic Semantics and Equations</p>
<p>It was observed by Turi and Plotkin that structural operational semantics can be studied at the level of universal coalgebra, providing specification formats for well-behaved operations at a general level. We extend this framework with non-structural assignment rules which can express, for example, the syntactic format for structural congruences proposed by Mousavi and Reniers. Our main result is that the operational model of such an extended specification is well-behaved, in the sense that bisimilarity is a congruence and that bisimulation-up-to techniques are sound.
</p>Moessner's Theorem: an Exercise in Coinductive Reasoning in Coq2013-11-12T14:15:00+01:002013-11-12T14:15:00+01:00Robbert Krebbers (Radboud Universiteit Nijmegen)tag:event.cwi.nl,2013-11-12:/acg/presentations/moessners-theorem-an-exercise-in-coinductive-reasoning-in-coq<p>Moessner's Theorem describes a construction of the sequence of powers
(1^n, 2^n, 3^n, ...), by repeatedly dropping and summing elements from
the sequence of positive natural numbers. The theorem was presented by
Moessner in 1951 without a proof and later proved and generalized in
several directions. More recently …</p><p>Moessner's Theorem describes a construction of the sequence of powers
(1^n, 2^n, 3^n, ...), by repeatedly dropping and summing elements from
the sequence of positive natural numbers. The theorem was presented by
Moessner in 1951 without a proof and later proved and generalized in
several directions. More recently, a coinductive proof of the original
theorem was given by Niqui and Rutten. We present a formalization of
their proof in the Coq proof assistant. This formalization serves as a
non-trivial illustration of the use of coinduction in Coq. In the
process of formalizing the original proof we discovered that Long and
Salié's generalization of Moessner's Theorem could also be proved
using (almost) the same bisimulation. </p>Syntactic Monoids and Their Dual2013-11-12T13:30:00+01:002013-11-12T13:30:00+01:00Jan Rutten (CWI & VU)tag:event.cwi.nl,2013-11-12:/acg/presentations/syntactic-monoids-and-their-dual<p>Because of the isomorphism (X x A) -> X = X -> (A -> X), the
transition structure of a deterministic automaton with state set X and
with inputs from an alphabet A can be viewed both as an algebra and as
a coalgebra. This algebra-coalgebra duality goes back to Arbib and
Manes, who …</p><p>Because of the isomorphism (X x A) -> X = X -> (A -> X), the
transition structure of a deterministic automaton with state set X and
with inputs from an alphabet A can be viewed both as an algebra and as
a coalgebra. This algebra-coalgebra duality goes back to Arbib and
Manes, who formulated it as a duality between reachability and
observability, and is ultimately based on Kalman's duality in systems
theory between controllability and observability. Recently, it was
used to give a new proof of Brzozowski's minimization algorithm for
deterministic automata. In this talk, we will discuss deterministic
automata as an elementary and typical example for the combined use of
algebraic and coalgebraic methods in computer science. The
algebra-coalgebra duality of automata will, more specifically, serve
as a common perspective for the study of both varieties and
covarieties, which are classes of automata and languages defined by
equations and coequations, respectively. Along the way, we will
establish a first connection with Eilenberg's definition of varieties
of languages, which is based on the classical, algebraic notion of
varieties of (transition) monoids. This is joint work with Adolfo
Ballester-Bolinches and Enric Cosme-Llopez (University of Valencia). </p>Improving Performance of Simulation Software Using Haskells Concurrency and Parallelism2013-09-10T15:00:00+02:002013-09-10T15:00:00+02:00Nikolaos Bezirgiannistag:event.cwi.nl,2013-09-10:/acg/presentations/improving-performance-of-simulation-software-using-haskells-concurrency-and-parallelism<p>Computer simulation has been widely applied in many areas, ranging
from physics to biology and from economics even to
transportation. This tremendous applicability has the effect that, in
most of the cases, simulations are constructed by scientists with
non-computer expertise. These scientists are striving for ease of
development and fast …</p><p>Computer simulation has been widely applied in many areas, ranging
from physics to biology and from economics even to
transportation. This tremendous applicability has the effect that, in
most of the cases, simulations are constructed by scientists with
non-computer expertise. These scientists are striving for ease of
development and fast execution speed. We construct two frameworks, an
agent-modelling framework and a pure parallel discrete-event
simulation framework, both written in Haskell, with the end-goal to
satisfy the simulation user criteria of usability and speed. </p>A Cost-aware Scheduler for High-Throughput Computing in the Cloud2013-09-10T14:00:00+02:002013-09-10T14:00:00+02:00Vlad Serbanescutag:event.cwi.nl,2013-09-10:/acg/presentations/a-cost-aware-scheduler-for-high-throughput-computing-in-the-cloud<p>Cloud computing has become one of the most important trends in the
field of Computer Science. It is a flexible, efficient and reliable
method of allocating computing power to large-scale applications or
services. A very common use of cloud computing is to schedule bags of
tasks on machines and have …</p><p>Cloud computing has become one of the most important trends in the
field of Computer Science. It is a flexible, efficient and reliable
method of allocating computing power to large-scale applications or
services. A very common use of cloud computing is to schedule bags of
tasks on machines and have them processed at a high rate of
throughput. In scientific computing, scientists have the need to start
from an initial bag of tasks, and to analyse the results at runtime,
steering the execution of a particular simulation code in certain
interesting directions by generating more tasks at runtime. The
complexity of submitting tasks to the cloud combined with the
multitude of scheduling algorithms that exist make up a very important
research question for this execution model. The objective of this
thesis is to modify the existing service, named Task Farming Service
for the ConPaaS cloud platform such that it accepts new tasks at
runtime. The aim is to use this platform to overcome the difficulties
of interacting with the cloud and to develop a throughput-oriented
model that allows the user to trade computation cost with a task
processing rate rather than a static completion time.</p>An Implicit Characterization of PSPACE2013-06-11T13:30:00+02:002013-06-11T13:30:00+02:00Simona Ronchi (Università di Torino)tag:event.cwi.nl,2013-06-11:/acg/presentations/an-implicit-characterization-of-pspace<p>One of the aims of Implicit Computational Complexity is to
characterize complexity classes independently from a specific
computational model.</p>
<p>In this setting we present a type system for an extension of lambda
calculus with a conditional construction, named STAB, that
characterizes the PSPACE class. This system is obtained by extending …</p><p>One of the aims of Implicit Computational Complexity is to
characterize complexity classes independently from a specific
computational model.</p>
<p>In this setting we present a type system for an extension of lambda
calculus with a conditional construction, named STAB, that
characterizes the PSPACE class. This system is obtained by extending
STA, a type assignment for lambda-calculus inspired by Lafonts Soft
Linear Logic and characterizing the PTIME class. We extend STA by
means of a ground type and terms for booleans and conditional. The key
issue in the design of the type system is to manage the contexts in
the rule for conditional in an additive way. Thanks to this rule, we
are able to program polynomial time Alternating Turing Machines. From
the well-known result APTIME = PSPACE, it follows that STAB is
complete for PSPACE.</p>
<p>Conversely, inspired by the simulation of Alternating Turing machines
by means of Deterministic Turing machine, we introduce a call-by-name
evaluation machine with two memory devices in order to evaluate
programs in polynomial space.</p>
<p>As far as we know, this is the first characterization of PSPACE that
is based on lambda calculus and light logics.</p>
<p>Reference: Marco Gaboardi, Jean-Yves Marion, Simona Ronchi Della
Rocca: An Implicit Characterization of PSPACE. ACM Transactions on
Computational Logic 13(2): 18 (2012).
</p>Coinductive Stream Calculus in Action with Haskell2013-06-04T13:30:00+02:002013-06-04T13:30:00+02:00Joost Winter (CWI)tag:event.cwi.nl,2013-06-04:/acg/presentations/coinductive-stream-calculus-in-action-with-haskell<p>Haskell's lazy evaluation makes it easily possible to coinductively
specify, and compute, infinitary structures such as streams. In
particular, the coinductive stream calculus can easily be implemented
using simple Haskell code, and there is a close relationship between
systems of behavioural differential equations for streams on one side,
and coinductive …</p><p>Haskell's lazy evaluation makes it easily possible to coinductively
specify, and compute, infinitary structures such as streams. In
particular, the coinductive stream calculus can easily be implemented
using simple Haskell code, and there is a close relationship between
systems of behavioural differential equations for streams on one side,
and coinductive Haskell specifications of these streams on the other
side. We introduce QStream, (another) implementation of the stream
calculus in Haskell, which also offers an interface to the Online
Encyclopedia of Integer Sequences, enabling us to check streams
against the database. Furthermore, we shed some light on the
connection between the present Haskell implementation, and the
underlying theory. </p>Code Generation for Reo: Dealing with data constraints (work-in-progress)2013-05-28T13:30:00+02:002013-05-28T13:30:00+02:00Sung-Shik Jongmans (CWI)tag:event.cwi.nl,2013-05-28:/acg/presentations/code-generation-for-reo-dealing-with-data-constraints-work-in-progress<p>In ongoing work, we develop a code generator for Reo connectors. Our
current tool works by computing the formal semantics of a connector as
a constraint automaton (CA) and then translating that CA to Java
code. This approach requires us to deal with data constraints (i.e.,
transition labels of …</p><p>In ongoing work, we develop a code generator for Reo connectors. Our
current tool works by computing the formal semantics of a connector as
a constraint automaton (CA) and then translating that CA to Java
code. This approach requires us to deal with data constraints (i.e.,
transition labels of CA), which raises several interesting issues,
from expressiveness to performance. The main aim of this talk is to
give the audience some insight into what these issues are, how we
(plan to) solve them, and what problems are still open. We also give a
concise introduction to Reo/CA and sketch the general context in which
our work takes place; the talk should be understandable also to people
less familiar with Reo. </p>Leveraging Cloud Computing in Real-World Situations2013-05-14T13:30:00+02:002013-05-14T13:30:00+02:00Behrooz Nobakhttag:event.cwi.nl,2013-05-14:/acg/presentations/leveraging-cloud-computing-in-real-world-situations<p>We aim to provide a practical and brief overview of how cloud
computing is leveraged in real-world situations. A commonly used set
of fundamental concepts are discussed in short and in a pragmatic way
including an introduction of different cloud services and cloud
service providers. SDL Fredhopper manages a large …</p><p>We aim to provide a practical and brief overview of how cloud
computing is leveraged in real-world situations. A commonly used set
of fundamental concepts are discussed in short and in a pragmatic way
including an introduction of different cloud services and cloud
service providers. SDL Fredhopper manages a large number of its
customers on the cloud. In the second part of the talk, an overview of
Fredhopper cloud and services is presented related to the first part
of the talk. </p>The Proto-Runtime Approach to Runtime Systems for Parallel Languages2013-05-07T13:30:00+02:002013-05-07T13:30:00+02:00Sean Halle (CWI)tag:event.cwi.nl,2013-05-07:/acg/presentations/the-proto-runtime-approach-to-runtime-systems-for-parallel-languages<p>This talk will be on the area of runtime systems, focusing on the
proto-runtime approach to modularizing runtime systems for parallel
languages. I will show how any parallel runtime can be modularized
into three modules. The first is a machine-specific module that
exports an abstraction of the hardware. The other …</p><p>This talk will be on the area of runtime systems, focusing on the
proto-runtime approach to modularizing runtime systems for parallel
languages. I will show how any parallel runtime can be modularized
into three modules. The first is a machine-specific module that
exports an abstraction of the hardware. The other two modules are
language specific. They "plug in" to the first, and use the interface
to interact. In effect they customize the hardware-specific module to
add synchronization construct behaviors, and control over which core
specific work executes on. The interface provided by the hardware
abstraction simplifies the task of defining synchronization construct
behavior, allowing sequential thinking to be used when writing the
code. The machine-specific module is reused by each language, which
further reduces effort to implement a language. The work of tuning
the machine-specific portion to take advantage of low-level details of
the hardware is inherited into all of the languages, freeing them from
this work. The arrangement results in very low overheads for language
constructs. I will give experimental results that show a large
improvement over native OS threads. I will also cover the "tie-point"
theory that explains how such a modularization is possible. </p>Modal mu-calculi for Probabilistic Labeled Transition Systems2013-04-02T14:30:00+02:002013-04-02T14:30:00+02:00Matteo Mio (CWI)tag:event.cwi.nl,2013-04-02:/acg/presentations/modal-mu-calculi-for-probabilistic-labeled-transition-systems<p>I will use this talk as an opportunity to introduce my scientific work
to the members of the Formal Methods group. I will present the
research I have done during my PhD on the semantic foundations of
"probabilistic" modal mu-calculi. This is mostly based on Game Theory,
but I will …</p><p>I will use this talk as an opportunity to introduce my scientific work
to the members of the Formal Methods group. I will present the
research I have done during my PhD on the semantic foundations of
"probabilistic" modal mu-calculi. This is mostly based on Game Theory,
but I will not assume any particular knowledge of the subject in my
talk. If time permits I will also outline some of the work I have done
during my previous Postdoc and in particular about the result I have
presented last week at FoSSaCS 2013, Rome. During the talk I will try
to emphasize the points I would like to investigate further during
this year of postdoc here at CWI. </p>A Matter of Priority2013-03-26T13:30:00+01:002013-03-26T13:30:00+01:00Farhad Arbab (CWI & LIACS)tag:event.cwi.nl,2013-03-26:/acg/presentations/a-matter-of-priority<p>(joint work with Christel Baier, Sascha Klüppelholz, and Joachim
Klein)</p>
<p>Priority designates an alternative among a set of possible actions of an actor as its preferred choice. In a concurrent system that involves many independent actors, the individual actors may not have compatible priorities. Such incompatible priorities make it non-trivial …</p><p>(joint work with Christel Baier, Sascha Klüppelholz, and Joachim
Klein)</p>
<p>Priority designates an alternative among a set of possible actions of an actor as its preferred choice. In a concurrent system that involves many independent actors, the individual actors may not have compatible priorities. Such incompatible priorities make it non-trivial to determine what actions the system as a whole must take to remain consistent and to make coherent progress. This explains why in models of concurrency, priority is treated as a global, non-compositional property. Because of its compositional, distributed nature, such a global notion of priority does not bode well in Reo: accommodating priority in Reo requires a compositional model of priority.</p>
<p>In this talk, we present a compositional model of priority formalized as Constraint Automata with Priority (CAP). Although inspired by Reo, CAP constitutes an independent general model for specification and analysis of concurrent systems with priorities. CAP preserves, lifts, and propagates locally specified priorities through composition to yield globally consistent and coherent priorities for a composed system. For Reo, CAP serves as a new formal semantics that supports 4 new channel types: two priority-imposing and two priority-blocking channels. These primitives suffice to express preferences in selections via priority mergers, localize the effects of such preferences, etc. More interestingly, these primitives suffice to construct context-sensitive behavior (i.e., derive a context sensitive LossySync as a circuit constructed from these primitives and the non-deterministic LossySync channel).</p>Weak Arithmetic Completeness of Object-Oriented First-Order Assertion Networks - part 22013-02-19T13:30:00+01:002013-02-19T13:30:00+01:00Stijn de Gouwtag:event.cwi.nl,2013-02-19:/acg/presentations/weak-arithmetic-completeness-of-object-oriented-first-order-assertion-networks-part-2<p>We present a completeness proof of the inductive assertion method for
object-oriented programs extended with auxiliary variables. The class
of programs considered are assumed to compute over structures which
include the standard interpretation of Presburger arithmetic. Further,
the assertion language is first-order, i.e., quantification only
ranges over basic types …</p><p>We present a completeness proof of the inductive assertion method for
object-oriented programs extended with auxiliary variables. The class
of programs considered are assumed to compute over structures which
include the standard interpretation of Presburger arithmetic. Further,
the assertion language is first-order, i.e., quantification only
ranges over basic types like that of the natural numbers, Boolean and
Object. </p>Type Inference for Linear Algebra with Units of Measurement2013-01-22T13:30:00+01:002013-01-22T13:30:00+01:00Paul Griffioen (CWI)tag:event.cwi.nl,2013-01-22:/acg/presentations/type-inference-for-linear-algebra-with-units-of-measurement<p>Refining types of numerical data with units of measurement has the
potential to increase safety of programming languages but is
restricted to homogeneous units when checked statically with
parametric polymorphism. We lift units to vectors and show how type
inference of linear algebra expressions can statically determine
safety for data …</p><p>Refining types of numerical data with units of measurement has the
potential to increase safety of programming languages but is
restricted to homogeneous units when checked statically with
parametric polymorphism. We lift units to vectors and show how type
inference of linear algebra expressions can statically determine
safety for data with heterogeneous units. The typing is based on the
dyadic product of units that is found in linear transformations and
the corresponding vector spaces. Since it is a refinement of
Kennedys types for units we automatically obtain a unification
algorithm, which gives principal types for linear algebra. The
extension of unit-unification to numerical data with heterogeneous
units makes the safety of statically checked numerical expressions
available to a significantly larger set of use-cases. The techniques
presented here can be used to create unit-aware applications for,
amongst others, matrix operations, Online Analytical Processing
(OLAP), datawarehousing, and software services. </p>Weak Arithmetic Completeness of Object-Oriented First-Order Assertion Networks - part 12013-01-15T13:30:00+01:002013-01-15T13:30:00+01:00Stijn de Gouwtag:event.cwi.nl,2013-01-15:/acg/presentations/weak-arithmetic-completeness-of-object-oriented-first-order-assertion-networks-part-1<p>We present a completeness proof of the inductive assertion method for
object-oriented programs extended with auxiliary variables. The class
of programs considered are assumed to compute over structures which
include the standard interpretation of Presburger arithmetic. Further,
the assertion language is first-order, i.e., quantification only
ranges over basic types …</p><p>We present a completeness proof of the inductive assertion method for
object-oriented programs extended with auxiliary variables. The class
of programs considered are assumed to compute over structures which
include the standard interpretation of Presburger arithmetic. Further,
the assertion language is first-order, i.e., quantification only
ranges over basic types like that of the natural numbers, Boolean and
Object. </p>A process-theoretic approach to supervisory coordination2012-11-20T14:00:00+01:002012-11-20T14:00:00+01:00Jasen Markovski (TU/E)tag:event.cwi.nl,2012-11-20:/acg/presentations/a-process-theoretic-approach-to-supervisory-coordination<p>A supervisory controller controls and coordinates the behavior of
different components of a complex machine by observing their discrete
behaviour. Supervisory control theory studies automated synthesis of
controller models, known as supervisors, based on formal models of the
machine components and a formalization of the
requirements. Subsequently, code generation can …</p><p>A supervisory controller controls and coordinates the behavior of
different components of a complex machine by observing their discrete
behaviour. Supervisory control theory studies automated synthesis of
controller models, known as supervisors, based on formal models of the
machine components and a formalization of the
requirements. Subsequently, code generation can be used to implement
this supervisor in software, on a PLC, or embedded microprocessor. In
this presentation, we take a closer look at the control loop that
couples the supervisory controller and the machine. We model both
event-based and data-based observations using process algebra and
bisimulation-based semantics. The main application area of supervisory
control that we consider is coordination, referred to as supervisory
coordination, and we give an academic and an industrial example,
discussing the process-theoretic concepts employed. </p>On the specification of operations on the rational behaviour of systems2012-10-30T13:30:00+01:002012-10-30T13:30:00+01:00Jurriaan Rottag:event.cwi.nl,2012-10-30:/acg/presentations/on-the-specification-of-operations-on-the-rational-behaviour-of-systems<p>Abstract: Structural operational semantics can be studied at the
general level of distributive laws of syntax over behaviour. This
yields speciﬁcation formats for well-behaved algebraic operations on
final coalgebras, which are a domain for the behaviour of all systems
of a given type functor. We introduce a format for speciﬁcation …</p><p>Abstract: Structural operational semantics can be studied at the
general level of distributive laws of syntax over behaviour. This
yields speciﬁcation formats for well-behaved algebraic operations on
final coalgebras, which are a domain for the behaviour of all systems
of a given type functor. We introduce a format for speciﬁcation of
algebraic operations that restrict to the rational ﬁxpoint of a
functor, which captures the behaviour of finite systems. In other
words, we show that rational behaviour is closed under operations
speciﬁed in our format. As applications we consider operations on
regular languages, regular processes and finite weighted transition
systems. </p>Towards Dynamic Adaptation of the Differential Majority-Rule Solution of the Double Bridge Problem2012-10-16T14:00:00+02:002012-10-16T14:00:00+02:00Erik de Vink (TUE & CWI)tag:event.cwi.nl,2012-10-16:/acg/presentations/towards-dynamic-adaptation-of-the-differential-majority-rule-solution-of-the-double-bridge-problem<p>In the double-bridge problem, a population of ants seeks to discover
the shortest path from to nest to two alternative places with
food. For swarmonoids, a collective of small robots which coorperate
to achieve a common goal, a solution using the so-called majority rule
for the double-bridge problem was recently …</p><p>In the double-bridge problem, a population of ants seeks to discover
the shortest path from to nest to two alternative places with
food. For swarmonoids, a collective of small robots which coorperate
to achieve a common goal, a solution using the so-called majority rule
for the double-bridge problem was recently proposed by Marco Dorigo
and co-workers. We explain the setting of the problem and discuss
initial steps to generalize the majority-rule solution to a
configuration with dynamically changing path lengths. We present a
number of schemes and their discrete-time simulation. </p>A Constraint-based Method to Compute Semantics of Channel-based Coordination Models2012-10-02T13:30:00+02:002012-10-02T13:30:00+02:00Behnaz Changizi (CWI)tag:event.cwi.nl,2012-10-02:/acg/presentations/a-constraint-based-method-to-compute-semantics-of-channel-based-coordination-models<p>Reo is an exogenous channel-based coordination language that acts as
"glue code" to tie together software components and services. The
building blocks of Reo models are connectors that impose constraints
on the data-flow in component or service-based architectures in terms
of data synchronization, buffering, mutual exclusion, etc. Several
semantic models …</p><p>Reo is an exogenous channel-based coordination language that acts as
"glue code" to tie together software components and services. The
building blocks of Reo models are connectors that impose constraints
on the data-flow in component or service-based architectures in terms
of data synchronization, buffering, mutual exclusion, etc. Several
semantic models have been introduced to formalize the behavior of
Reo. These models differ in terms of expressiveness, computation
complexity and purposes that they serve. Automated verification of
data-aware and context dependent Reo compositions requires an
efficient comprehensive semantic model. In this paper, we present a
method and a tool for building formal automata-based semantics of Reo
that unifies various aspects of existing semantics. We express the
behavior of a Reo network as a mixed system of Boolean and numerical
constraints constructed compositionally by conjuncting the assertions
for its constituent parts. The solutions of this system are found
with the help of off-the-shelf constraint solvers and are used to
construct the constraint automaton with state memory that gives the
sound and complete semantics of Reo with respect to existing
models. Our approach is more efficient and scalable compared to the
existing methods for generating formal semantics of Reo connectors. </p>Residuated Park theories2012-09-11T13:30:00+02:002012-09-11T13:30:00+02:00Zoltán Ésik (University of Szeged)tag:event.cwi.nl,2012-09-11:/acg/presentations/residuated-park-theories<p>We give equational axioms for the least fixed point operation and
point out applications to automata, languages, and concurrency. </p>Dynamic Delta Modeling2012-08-28T13:30:00+02:002012-08-28T13:30:00+02:00Michiel Helvensteijn (CWI)tag:event.cwi.nl,2012-08-28:/acg/presentations/dynamic-delta-modeling<p>Software Product Lines (SPL) are sets of software products, which
differ only by which features they support. Abstract Delta Modeling
(ADM) shows how to organize a code-base in a natural way by structured
reuse. Then, given a feature configuration (a set of desired
features), we can mechanically generate any product …</p><p>Software Product Lines (SPL) are sets of software products, which
differ only by which features they support. Abstract Delta Modeling
(ADM) shows how to organize a code-base in a natural way by structured
reuse. Then, given a feature configuration (a set of desired
features), we can mechanically generate any product in the product
line without having to duplicate any code.</p>
<p>Abstract Delta Modeling, as the name suggests, is an abstract algebra and doesn't actually say anything about code. It can be used equally well for modeling families of API documentation, textbooks or office chair designs. So I usually employ the generic term 'Product Line'.</p>
<p>Traditionally, a single feature configuration is chosen and the corresponding product is generated at build time. This product doesn't change during its lifetime. Dynamic Product Lines (DPL) are different. Their feature configuration can change 'at runtime' in order to meet changing requirements or environmental factors, and the corresponding product should change accordingly.</p>
<p>Dynamic Delta Modeling (DDM) is an extension of ADM. It describes the behavior of dynamic versions of ADM-based product lines using Mealy Machines, while staying in the abstract setting of ADM.</p>
<p>In this ACG talk I describe DDM, first in abstract (but informal) terms, then using the example from my paper of an automated profile manager for Android, which is currently in development. Users define rules such as "when the battery is at 20% or lower, lower screen brightness" in terms of deltas, and the app dynamically enacts these rules using DDM.</p>
<p>I assume that monitoring a condition for change has a cost, and that some conditions are more costly than others. I will explain how the average cost of running a DPL can be minimized by disregarding costly conditions until they become relevant, without affecting the behavior of the Mealy Machine.</p>
<p>I presented ADM in an ACG talk in 2010, but I will make sure my talk is understandable for people who don't know about ADM.
</p>How far can Enterprise Modeling for Banking be supported by Graph Transformation?2012-05-15T13:30:00+02:002012-05-15T13:30:00+02:00Christoph Brandt (Technische Universität Berlin)tag:event.cwi.nl,2012-05-15:/acg/presentations/how-far-can-enterprise-modeling-for-banking-be-supported-by-graph-transformation<p>This talk presents results coming out of an ongoing research project
between Credit Suisse Luxembourg and the TU Berlin. It presents an
approach that shows good potential to address security, risk and
compliance issues the bank has in its daily business by the use of
integrated organizational models build up …</p><p>This talk presents results coming out of an ongoing research project
between Credit Suisse Luxembourg and the TU Berlin. It presents an
approach that shows good potential to address security, risk and
compliance issues the bank has in its daily business by the use of
integrated organizational models build up by en- terprise modeling
activities. Such organizational models are intended to serve to
describe, evaluate, automate, monitor and control as well as to
develop an organization respecting given organizational security, risk
and compliance side-constraints. Based on the empirical scenario at
Credit Suisse, real-world requirements towards a modeling framework as
well as the modeling process are developed. Graph Transformation
techniques are proposed as formal framework for this purpose and they
are evaluated in the sense of how far they can support the identiﬁed
enterprise modeling activities in the context of the new enterprise
modeling frame- work. </p>Abstract Object Creation in First Order Dynamic Logic: State of the Art in Key2012-05-08T13:30:00+02:002012-05-08T13:30:00+02:00Stijn de Gouwtag:event.cwi.nl,2012-05-08:/acg/presentations/abstract-object-creation-in-first-order-dynamic-logic-state-of-the-art-in-key<p>We present the state of the art in the KeY Java theorem prover, which
is based on a first-order object-oriented dynamic logic.This assertion
language allows both specifying and verifying properties of objects at
the abstraction level of the programming language, abstracting from
aspecific implementation of object creation. Objects which …</p><p>We present the state of the art in the KeY Java theorem prover, which
is based on a first-order object-oriented dynamic logic.This assertion
language allows both specifying and verifying properties of objects at
the abstraction level of the programming language, abstracting from
aspecific implementation of object creation. Objects which are not
(yet) created never play any role. Corresponding proof theory is
discussed and justified formally by soundness theorems. The usage of
the assertion language and the proof rules is illustrated by means of
an example of a reachability property of a linked list. All proof
rules presented are fully implemented in a special version of KeY. </p>Hierarchical and modular reasoning in complex theories and applications to verification2012-04-10T15:00:00+02:002012-04-10T15:00:00+02:00Viorica Sofronie-Stokkermans (Max-Planck-Institut für Informatik)tag:event.cwi.nl,2012-04-10:/acg/presentations/hierarchical-and-modular-reasoning-in-complex-theories-and-applications-to-verification<p>A long term goal of the research in computer science is the analysis
and verification of complex systems (these can for instance be
programs, reactive or hybrid systems, large databases). In many
cases, correctness proofs for such systems can be reduced to reasoning
in complex logical theories (for instance, combinations …</p><p>A long term goal of the research in computer science is the analysis
and verification of complex systems (these can for instance be
programs, reactive or hybrid systems, large databases). In many
cases, correctness proofs for such systems can be reduced to reasoning
in complex logical theories (for instance, combinations of numerical
theories and theories of data types, or certain theories of continuous
and/or derivable functions). As the resulting proof tasks are usually
large, it is extremely important to have efficient decision procedures
for such complex theories.</p>
<p>In this talk we discuss situations in which efficient reasoning in
complex theories is possible. We consider a special type of extensions
of a base theory, which we call local extensions, where hierarchic
reasoning is possible (i.e., we can reduce the task of proving
satisfiability of (ground) formulae in the extension to proving
satisfiability of formulae in the base theory). We give several examples
of theories important for computer science which have this property.
We also briefly mention possibilities of modular reasoning in
combinations of local theory extensions, and some applications in
the verification of parametric systems.
</p>Similarity-based Web Service Discovery through Soft Constraint Satisfaction Problems2012-04-03T13:30:00+02:002012-04-03T13:30:00+02:00Francesco Santinitag:event.cwi.nl,2012-04-03:/acg/presentations/similarity-based-web-service-discovery-through-soft-constraint-satisfaction-problems<p>In this talk, we focus on the discovery process of Web Services (WSs)
by basing the search on the similarities among the service
requirements, in order to cope with over-constrained queries or to
find satisfactory alternatives for user requirements. This discovery
process needs to involve the so-called Soft Constraint Satisfaction …</p><p>In this talk, we focus on the discovery process of Web Services (WSs)
by basing the search on the similarities among the service
requirements, in order to cope with over-constrained queries or to
find satisfactory alternatives for user requirements. This discovery
process needs to involve the so-called Soft Constraint Satisfaction
Problems (SCSPs). First we represent both WSs and the search query of
the user as Rooted Trees, i.e., a particular form of Conceptual
Graphs. Then, we find a homomorphism between these two trees as a
solution of an SCSP. The main contribution is the enhanced
expressiveness offered by this softness: in over-constrained
scenarios, when a user query cannot be satisfied, classical crisp
constraints (i.e., CSP) are not expressive enough to find close
solutions to meet the users needs. </p>Modularizing and Specifying Protocols among Threads2012-03-20T13:30:00+01:002012-03-20T13:30:00+01:00Sung-Shik Jongmans (CWI)tag:event.cwi.nl,2012-03-20:/acg/presentations/modularizing-and-specifying-protocols-among-threads<p>We identify two problems with general-purpose programming languages:
(i) they do not enforce separation of computations and protocols and
(ii) they do not provide an appropriate level of abstraction to
implement protocols. To mend these deficiencies, we argue for the use
of domain-specific languages (DSL). A concrete instance then
demonstrates …</p><p>We identify two problems with general-purpose programming languages:
(i) they do not enforce separation of computations and protocols and
(ii) they do not provide an appropriate level of abstraction to
implement protocols. To mend these deficiencies, we argue for the use
of domain-specific languages (DSL). A concrete instance then
demonstrates the feasibility of this approach: we use Reo,which offers
a natural separation of protocols and computations, as a high-level
protocol DSL. </p>Programming and Deployment of Active Objects with Application-Level Scheduling2012-03-06T13:30:00+01:002012-03-06T13:30:00+01:00Behrooz Nobakhttag:event.cwi.nl,2012-03-06:/acg/presentations/programming-and-deployment-of-active-objects-with-application-level-scheduling<p>We extend and implement a modeling language based on concurrent active
objects with application-level scheduling policies. The language
allows a programmer to assign priorities at the application level, for
example, to method definitions and method invocations, and assign
corresponding policies to the individual active objects for scheduling
the messages. Thus …</p><p>We extend and implement a modeling language based on concurrent active
objects with application-level scheduling policies. The language
allows a programmer to assign priorities at the application level, for
example, to method definitions and method invocations, and assign
corresponding policies to the individual active objects for scheduling
the messages. Thus, we leverage scheduling and performance related
issues, which are becoming increasingly important in multi-core and
cloud applications, from the underlying operating system to the
application level. We describe a tool-set to transform models of
active objects extended with application-level scheduling policies
into Java. This tool-set allows a direct use of Java class libraries;
thus, we obtain a full-fledged programming language based on active
objects which allows for high-level control of deployment related
issues. </p>Abstract Compilation for Precise Type Analysis of Object-Oriented Languages2012-02-21T13:30:00+01:002012-02-21T13:30:00+01:00Davide Ancona (Dipartimento di Informatica e Scienze dell'Informazione)tag:event.cwi.nl,2012-02-21:/acg/presentations/abstract-compilation-for-precise-type-analysis-of-object-oriented-languages<p>Abstract compilation is a novel approach to static type analysis
aiming to reconcile types, symbolic execution and compiler technology:
analyzing an expression consists in solving the goal generated from
its compilation w.r.t. the coinductive model of the constraint logic
program generated from the compilation of the source program …</p><p>Abstract compilation is a novel approach to static type analysis
aiming to reconcile types, symbolic execution and compiler technology:
analyzing an expression consists in solving the goal generated from
its compilation w.r.t. the coinductive model of the constraint logic
program generated from the compilation of the source program where the
expression is executed. In such a model terms are types representing
possibly infinite sets of values, and goal resolution corresponds to
symbolic execution. Abstract compilation is particularly suited for
defining and implementing type inference and global type analysis of
object-oriented languages modularly: indeed, it is possible to provide
several compilation schemes for the same language, each corresponding
to a different kind of analysis, without changing the inference
engine, which implements coinductive constraint logic programming
(where constraints are expressed through a suitable subtyping
relation).</p>
<p>In this talk I will present some examples of use of abstract compilation, and discuss some challenging issues concerning proofs of soundness and completeness of subtyping between coinductive types, and, more in general, proofs of soundness of abstract compilation schemes.
</p>Reactive Turing Machines2012-01-31T13:30:00+01:002012-01-31T13:30:00+01:00Jos Baeten (CWI and Eindhoven University of Technology)tag:event.cwi.nl,2012-01-31:/acg/presentations/reactive-turing-machines<p>We propose reactive Turing machines (RTMs), extending classical Turing
machines with a process-theoretical notion of interaction, and use it
to define a notion of executable transition system. We show that every
computable transition system with a bounded branching degree is
simulated modulo divergence-preserving branching bisimilarity by an
RTM, and that …</p><p>We propose reactive Turing machines (RTMs), extending classical Turing
machines with a process-theoretical notion of interaction, and use it
to define a notion of executable transition system. We show that every
computable transition system with a bounded branching degree is
simulated modulo divergence-preserving branching bisimilarity by an
RTM, and that every effective transition system is simulated modulo
the variant of branching bisimilarity that does not require divergence
preservation. We conclude from these results that the parallel
composition of (communicating) RTMs can be simulated by a single
RTM. We prove that there exist universal RTMs modulo branching
bisimilarity, but these essentially employ divergence to be able to
simulate an RTM of arbitrary branching degree. We also prove that
modulo divergence-preserving branching bisimilarity there are RTMs
that are universal up to their own branching degree. Finally, we
establish a correspondence between executability and finite
definability in a simple process calculus. </p>Delta Modeling Workflow2012-01-17T13:30:00+01:002012-01-17T13:30:00+01:00Michiel Helvensteijn (CWI)tag:event.cwi.nl,2012-01-17:/acg/presentations/delta-modeling-workflow<p>In this session we present recent work in Delta Modeling. Delta
Modeling is an approach towards modeling variability in software
product lines. We will present the Delta Modeling Workflow (DMW), a
formal step-by-step guide towards building a software product line
from scratch. An approach that enjoys several beneficial
properties. For …</p><p>In this session we present recent work in Delta Modeling. Delta
Modeling is an approach towards modeling variability in software
product lines. We will present the Delta Modeling Workflow (DMW), a
formal step-by-step guide towards building a software product line
from scratch. An approach that enjoys several beneficial
properties. For instance, it supports concurrent and isolated
development, reduces code duplication and results in product lines
that are unambiguous and complete.</p>
<p>Michiel Helvensteijn will present a theoretical foundation of DMW. After that, Peter Wong will present the Fredhopper Access Server (FAS), an industrial case study used to evaluate DMW in a concrete practical setting.
</p>Coalgebraic Modal Logic, an Introduction2011-12-13T13:30:00+01:002011-12-13T13:30:00+01:00Helle Hvid Hansen (Radboud University Nijmegen and CWI)tag:event.cwi.nl,2011-12-13:/acg/presentations/coalgebraic-modal-logic-an-introduction<p>Modal logics are applied in diverse areas to reason about properties
of systems. In computer science, some of the best known examples
include Hennessy-Milner logic, temporal logic, and the modal
mu-calculus.</p>
<p>Coalgebraic modal logic is a general framework for studying modal logics
for systems viewed as coalgebras. In particular, basic …</p><p>Modal logics are applied in diverse areas to reason about properties
of systems. In computer science, some of the best known examples
include Hennessy-Milner logic, temporal logic, and the modal
mu-calculus.</p>
<p>Coalgebraic modal logic is a general framework for studying modal logics
for systems viewed as coalgebras. In particular, basic modal logic (with
box and diamond) is an instance of this framework when viewing Kripke frames
as coalgebras for the powerset functor. In fact, the relationship
between coalgebra and modal logic is so fundamental that it is often
captured by the slogan: Modal logics are coalgebraic.</p>
<p>In this talk I will give a basic introduction to coalgebraic modal logic
where modalities are obtained as predicate liftings for a functor. I will
show basic results such as invariance for bisimulation and how to find
modalities for a given type of coalgebra. Time permitting, I will state some
of the general theorems concerning expressivity, duality and completeness that
show how well-known properties of basic modal logic turn out to hold at
the more general level of coalgebra.
</p>Examples of the Interplay between Algebra and Coalgebra2011-11-29T13:30:00+01:002011-11-29T13:30:00+01:00Marcello Bonsangue (LIACS)tag:event.cwi.nl,2011-11-29:/acg/presentations/examples-of-the-interplay-between-algebra-and-coalgebra<p>In this talk I will present in an elementary manner what is the
algebra of terms for a given signature (a so called syntax), and show
the interplay between such an algebra and a coalgebra, reflecting the
relationship between syntax and semantics. </p>Determinization constructions: from automata to coalgebras2011-11-24T13:30:00+01:002011-11-24T13:30:00+01:00Alexandra Silva (Radboud University Nijmegen & CWI)tag:event.cwi.nl,2011-11-24:/acg/presentations/determinization-constructions-from-automata-to-coalgebras<p>The powerset construction is a standard method for converting a
nondeterministic automaton into an equivalent deterministic one as far
as language is concerned. In this talk, we lift the powerset
construction on automata to the more general framework of coalgebras
with structured state spaces. Examples of applications include partial
Mealy …</p><p>The powerset construction is a standard method for converting a
nondeterministic automaton into an equivalent deterministic one as far
as language is concerned. In this talk, we lift the powerset
construction on automata to the more general framework of coalgebras
with structured state spaces. Examples of applications include partial
Mealy machines, (structured) Moore automata, and Rabin probabilistic
automata. A somewhat surprising outcome of our framework, which I
will show if time allows, is the first coalgebraic characterisation of
pushdown automata, a long standing open question in the coalgebraic
community. The talk will be example-driven! This is happy joint work
with BBR: Bonchi, Bonsangue and Rutten. </p>Circular Behavioral Reasoning2011-11-07T14:30:00+01:002011-11-07T14:30:00+01:00Dorel Lucanu (Alexandru Ioan Cuza University)tag:event.cwi.nl,2011-11-07:/acg/presentations/circular-behavioral-reasoning<p>Circular coinduction was introduced by G. Rosu and J. Goguen (IJCAR
2001, WADT 2002) as an algorithm for proving behavioral properties
expressed as indistinguishability under experiments, where the
experiments are described as particular contexts. Later, G. Rosu and
D. Lucanu formalized the circular coinduction as a proof system (CALCO
2009 …</p><p>Circular coinduction was introduced by G. Rosu and J. Goguen (IJCAR
2001, WADT 2002) as an algorithm for proving behavioral properties
expressed as indistinguishability under experiments, where the
experiments are described as particular contexts. Later, G. Rosu and
D. Lucanu formalized the circular coinduction as a proof system (CALCO
2009) and extended it with special contexts (ICFEM 2009) and
equational interpolants (ICFEM 2010). The current proof system is
implemented in CIRC tool: http://fsl.cs.uiuc.edu/index.php/Circ
https://fmse.info.uaic.ro/projects/5/?t=info The tool can be used for
proving properties of streams, infinite binary trees, processes,
regular expressions defined by polynomial functors, etc. During the
development of the CIRC tool, we noticed that the same circularity
principle can be applied for proving inductive properties in an
automated way.</p>
<p>In this talk we present an abstract formalism of the circular behavioral
reasoning such that the circular coinduction and circular induction are
instances of this formalism. This result is somehow surprising, since the
induction and the coinduction are dual notions. We also discuss some aspects
regarding the combination of the two proving techniques in this formalism.
</p>Optimal Coin Flipping2011-11-07T13:30:00+01:002011-11-07T13:30:00+01:00Dexter Kozen (Cornell University)tag:event.cwi.nl,2011-11-07:/acg/presentations/optimal-coin-flipping<p>In this talk I will show how to simulate a coin of arbitrary real bias
q with a coin of arbitrary real bias p with negligible loss of
entropy. I will develop a coalgebraic model and use it to derive an
information-theoretic lower bound that is strictly larger than the …</p><p>In this talk I will show how to simulate a coin of arbitrary real bias
q with a coin of arbitrary real bias p with negligible loss of
entropy. I will develop a coalgebraic model and use it to derive an
information-theoretic lower bound that is strictly larger than the
Shannon entropy. There are efficient protocols that approximate the
lower bound to within any desired accuracy and achieve it exactly for
p=1/2. It is an open question whether there are optimal computable
protocols for any given rational p and q. </p>Measuring Progress of Probabilistic Model-Checkers2011-10-24T13:30:00+02:002011-10-24T13:30:00+02:00Franck van Breugel (York University Toronto)tag:event.cwi.nl,2011-10-24:/acg/presentations/measuring-progress-of-probabilistic-model-checkers<p>Franck van Breugel is a professor at the Department of Computer
Science and Engineering of York University, which is located in
Toronto, Canada. He founded and leads the DisCoVeri group whose
members carry out research in the areas of distributed computing,
Verification of the source code of a probabilistic system …</p><p>Franck van Breugel is a professor at the Department of Computer
Science and Engineering of York University, which is located in
Toronto, Canada. He founded and leads the DisCoVeri group whose
members carry out research in the areas of distributed computing,
Verification of the source code of a probabilistic system by means of
an explicit-state model-checker is challenging. In most cases, the
probabilistic model-checker will run out of memory due to the infamous
state space explosion problem. In this talk, we introduce the notion
of a progress measure for such a model-checker. The progress measure
returns a number in the interval [0, 1]. This number provides us a
quantitative measure of the amount of progress the model-checker has
made with verifying a particular linear-time property. The larger the
number, the more progress the model-checker has made. In particular,
the progress measure provides a lower-bound of the measure of the set
of execution paths that satisfy the property.</p>
<p>Java PathFinder (JPF) in an explicit-state model-checker for Java
bytecode. We have extended JPF to a probabilistic model-checker.
JPF can traverse the state space in different ways, including
depth-first and breadth-first. With the additional probabilistic
information available to JPF, new traversal strategies can be added
to JPF. We present a few simple traversal strategies that take the
probabilities into account.</p>
<p>We have extended JPF so that it keeps track of the amount of progress
it has made with checking invariants. We show the difference in
progress of the different traversal strategies for a few examples.</p>
<p>This is joint work with Elise Cormie-Bowins and Xin Zhang.
</p>The Coinductive Stream Calculus2011-10-11T13:30:00+02:002011-10-11T13:30:00+02:00Joost Winter (CWI)tag:event.cwi.nl,2011-10-11:/acg/presentations/the-coinductive-stream-calculus<p>We will consider coalgebras of the type $F(X) = mathbb{R} imes X$,
representing streams over real numbers. For such streams, we
coinductively define a number of operators (including, but not
limited to, addition and multiplication), and we furthermore
consider coinductive proofs through bisimulation. We will
discuss polynomial and rational …</p><p>We will consider coalgebras of the type $F(X) = mathbb{R} imes X$,
representing streams over real numbers. For such streams, we
coinductively define a number of operators (including, but not
limited to, addition and multiplication), and we furthermore
consider coinductive proofs through bisimulation. We will
discuss polynomial and rational streams, and give a
characterization of the latter through so-called 'behavioural
differential equations' of a specific type. If time allows, we
will briefly discuss the relation between the stream calculus
and formal languages. </p>Automatic Verification of Real-Time Systems with Rich Data2011-09-27T13:30:00+02:002011-09-27T13:30:00+02:00Ernst Ruediger Olderog (Universität Oldenburg)tag:event.cwi.nl,2011-09-27:/acg/presentations/automatic-verification-of-real-time-systems-with-rich-data<p>We discuss how properties of reactive systems with continuous
real-time constraints and complex, possibly infinite data can be
automatically verified, exploiting recent advances in semantics,
constraint-based model checking, and decision procedures for complex
data.</p>
<p>The systems are specified in CSP-OZ-DC, a language that integrates concepts from Communicating Sequential Processes (CSP …</p><p>We discuss how properties of reactive systems with continuous
real-time constraints and complex, possibly infinite data can be
automatically verified, exploiting recent advances in semantics,
constraint-based model checking, and decision procedures for complex
data.</p>
<p>The systems are specified in CSP-OZ-DC, a language that integrates concepts from Communicating Sequential Processes (CSP), Object-Z (OZ), and Duration Calculus (DC). Our approach to automatic verification rests on a compositional semantics of this language in terms of Phase-Event-Automata. These are further translated into the input formats of the model checkers ARMC (Abstraction Refinement Model Checker) and SLAB (Slicing Abstraction model checker) as well as the tool H-PILoT (Hierarchical Proving by Instantiation in Local Theory extensions). We demonstrate this with a case study concerning emergency messages in the European Train Control System (ETCS).</p>
<p>The talk is based on the project "Beyond Timed Automata" carried out in the Collaborative Research Center AVACS (Automatic Verification and Analysis of Complex Systems) of the Universities of Oldenburg, Freiburg, and Saarbrücken, funded by the German Research Council (DFG): see also www.avacs.org.
</p>The Coalgebraic Approach2011-09-20T13:30:00+02:002011-09-20T13:30:00+02:00Jan Rutten (CWI & VU)tag:event.cwi.nl,2011-09-20:/acg/presentations/the-coalgebraic-approach<p>We shall discuss the main constituents of the coalgebraic approach to
the modelling of dynamical systems and infinite data structures.</p>
<p>(i) A system is modelled by a map s: S -> F(S), where S is the set of the states of the system; F(-) is the system's type (formally a …</p><p>We shall discuss the main constituents of the coalgebraic approach to
the modelling of dynamical systems and infinite data structures.</p>
<p>(i) A system is modelled by a map s: S -> F(S), where S is the set of the states of the system; F(-) is the system's type (formally a functor); and where the mapping s describes the (one step) behaviour of the system, typically consisting of dynamics and observations. A pair (S, s:S -> F(S) ) is called an F-coalgebra.</p>
<p>(ii) Homomorphisms are functions between coalgebras preserving (and reflecting) the coalgebra structure, similarly to homomorphisms of algebras, which are mappings that preserve the operations of the algebra.</p>
<p>(i) and (ii) together give rise to a rich theory of dynamical systems, in which: (a) the (functor) type F of a system determines a canonical notion of system equivalence (F-bisimulation); (b) the global (infinite) behaviour as well as the minimization of systems is given by a so-called final F-coalgebra; and (c) in which coinduction is a general definition and proof principle.</p>
<p>In this lecture, we shall discuss the above general framework and illustrate it with various concrete examples.
</p>Bounded Model-Checking of Unbounded Object Creation2011-06-14T13:30:00+02:002011-06-14T13:30:00+02:00Frank de Boer (CWI & LIACS)tag:event.cwi.nl,2011-06-14:/acg/presentations/bounded-model-checking-of-unbounded-object-creation<p>In this talk I discuss a mechanism for object creation which allows
for an optimal use of bounds on the visible heap in model-checking of
object-oriented programs. </p>Simulation, testing and implementation of Reo2011-05-31T13:30:00+02:002011-05-31T13:30:00+02:00Natallia Kokash (CWI)tag:event.cwi.nl,2011-05-31:/acg/presentations/simulation-testing-and-implementation-of-reo<p>Service-based systems are software systems composed of autonomous
components or services provided by different vendors, deployed on
remote machines and accessible through the web. One of the challenges
of software engineering is to ensure that such a system behaves as
intended by its designer. The Reo coordination language is an …</p><p>Service-based systems are software systems composed of autonomous
components or services provided by different vendors, deployed on
remote machines and accessible through the web. One of the challenges
of software engineering is to ensure that such a system behaves as
intended by its designer. The Reo coordination language is an
extensible notation for formal modeling and execution of service
compositions. Services that have no prior knowledge about each other
communicate through advanced channel connectors which guarantee that
each participant, service or client, receives right data in a right
time. Each channel is a binary function that imposes synchronization
and data constraints on input and output messages. Furthermore,
channels are composed together to realize arbitrarily complex
behavioral protocols. During this process, a designer may introduce
errors to the connector model or the code for their execution, and
thus affect service composition behavior. I present an approach for
simulation and model-based testing of coordination protocols designed
in Reo. This approach relies on the mapping of automata-based semantic
models for Reo to equivalent process algebra specifications and on the
input-output conformance (ioco) testing theory. Furthermore, I will
discuss some issues related to a proper distributed implementation of
Reo. </p>Reo: Applications in Formalizing Standard Models2011-05-17T13:30:00+02:002011-05-17T13:30:00+02:00Behnaz Changizi (CWI)tag:event.cwi.nl,2011-05-17:/acg/presentations/reo-applications-in-formalizing-standard-models<p>This presentation highlights applications of Reo in formalizing
business models. We show how to apply Reo in formalizing modeling
standards: BPMN, BPEL, UML Sequence Diagram and Activity Diagrams to
provide means to model check such early products of software
development. These transformations mainly are realized in Atlas
Transformation Language, a …</p><p>This presentation highlights applications of Reo in formalizing
business models. We show how to apply Reo in formalizing modeling
standards: BPMN, BPEL, UML Sequence Diagram and Activity Diagrams to
provide means to model check such early products of software
development. These transformations mainly are realized in Atlas
Transformation Language, a model to model transformation language
which enables rule based mapping of Ecore models. Transactions play a
key role in business modeling. We show how transactions can be modeled
in Reo. However, to capture the semantics of transactions and some
complex business structures such as exceptions, we need a means to
specify priorities on Reo networks. Since none the existing formalism
for Reo support Priority, we translate Reo networks to a process
algebra notation that supports priority, called Finite State Process
(FSP). We show how FSP specifications can be generated from Reo
models. Through a case study, we show how the given formalism using
FSP enables us to increase the expressiveness of Reo models. Reo
networks can be used for Quality of Service analysis by means of
Quantitative Intentional Automata (QIA) that can be converted to
Markov-Chains and be analyzed by proper tools such as Prism. Last by
not least, we show how Reo can be used as a formalism for automatic
code generation for Web Service Composition.</p>
<p>References:
Changizi, B., Kokash, N., Arbab, F.: "A Unified Toolset for Business Process Model Formalization", International Workshop on Formal Engineering approaches to Software Components and Architectures (FESCA), tool demonstration paper, March 2010, Paphos, Cyprus.
Kokash, N., Arbab, F.: "Formal Design and Verification of Long-Running Transactions with Eclipse Coordination Tools", IEEE Transactions on Service Computing, 2010, accepted for publication.
F. Arbab, M. Sun, Y.-J. Moon, M. Kwiatkowska, H. Qu. Reo2MC: a tool chain for performance analysis of coordination models. Proceedings of Joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on Foundations of Software Engineering 2009 (7), 287288, 2009.
F. Arbab, C. Krause, Z. Maraikar, Y.-J. Moon, J.M.P. Proença. Modeling, Testing and Executing Reo Connectors with the Eclipse Coordination Tools. Proceedings of FACS 2008, 2008.
</p>Reo: Extended Semantics and Tools2011-04-26T13:30:00+02:002011-04-26T13:30:00+02:00Natallia Kokash (CWI)tag:event.cwi.nl,2011-04-26:/acg/presentations/reo-extended-semantics-and-tools<p>In this second talk about Reo, I will briefly introduce several other
semantic models that capture context-dependency in Reo connectors,
namely, Intentional Automata and Reo Automata. Then I will introduce
Action Constraint Automata which generalize Constraint Automata by
allowing more observations on Reo ports. This model is used for
describing …</p><p>In this second talk about Reo, I will briefly introduce several other
semantic models that capture context-dependency in Reo connectors,
namely, Intentional Automata and Reo Automata. Then I will introduce
Action Constraint Automata which generalize Constraint Automata by
allowing more observations on Reo ports. This model is used for
describing behavior of Reo connectors with communication delays in
channels. It also can capture context dependency.</p>
<p>The talk proceeds with the discussion of tools for validation and verification of Reo connectors. I will present the mapping of the aforementioned semantic models for Reo to process algebra mCRL2. This mapping allows us to apply tools from mCRL2 and CADP toolsets to simulate and model check Reo connectors extended with data expressions.</p>
<p>After that I will consider an extension of Reo with time-dependent channels, introduce Timed Constraint Automata and show how timed Reo connectors can be
compositionally translated to the networks of timed automata, a specification format for the Uppaal model checker.</p>
<p>Finally, I will illustrate the application of Reo extended with data and time to service-based process modeling using two realistic examples.
</p>Reo: Basics and Semantics2011-04-19T13:30:00+02:002011-04-19T13:30:00+02:00Sung-Shik Jongmans (CWI)tag:event.cwi.nl,2011-04-19:/acg/presentations/reo-basics-and-semantics<p>Over the past decades, coordination languages have emerged for the
specification and implementation of interaction protocols for
communicating software entities. This class of languages includes Reo,
a platform for compositional construction of connectors. This talk
comprises an introduction to Reo. It starts with an example that
motivates the use of …</p><p>Over the past decades, coordination languages have emerged for the
specification and implementation of interaction protocols for
communicating software entities. This class of languages includes Reo,
a platform for compositional construction of connectors. This talk
comprises an introduction to Reo. It starts with an example that
motivates the use of coordination languages in general and Reo in
particular. We then proceeds with a more detailed explanation of Reo
connectors and how we can compositionally construct them. The rest of
the talk consists of a treatise of three formalisms for describing the
behavior of connectors: co-algebraic models, operational models, and
coloring models. In the process, we encounter and discuss the problem
of context-sensitivity. The presentation ends with concluding remarks
including recent and future work. </p>On the axiomatization of (weighted) language equivalence2011-04-05T13:30:00+02:002011-04-05T13:30:00+02:00Marcello Bonsangue (LIACS)tag:event.cwi.nl,2011-04-05:/acg/presentations/on-the-axiomatization-of-weighted-language-equivalence<p>In this talk I will present how we derived a sound and complete
axiomatization of language equivalence for non-deterministic and
weighted automata from a calculus of regular expressions for
(weighted) bisimulation. </p>An Introduction to K Framework by Examples2011-03-15T13:30:00+01:002011-03-15T13:30:00+01:00Dorel Lucanu (Alexandru Ioan Cuza University)tag:event.cwi.nl,2011-03-15:/acg/presentations/an-introduction-to-k-framework-by-examples<p>K project was started in 2003 by Grigore Rosu, University of Illinois
at Urbana Champaign (UIUC), for teaching puposes. Starting with 2010,
K became a joint work between Formal Systems Laboratory (FSL) from
UIUC and Formal Methods in Software Engineering (FMSE) groupfrom
Al. I. University of Iasi (UAIC).</p>
<p>In the …</p><p>K project was started in 2003 by Grigore Rosu, University of Illinois
at Urbana Champaign (UIUC), for teaching puposes. Starting with 2010,
K became a joint work between Formal Systems Laboratory (FSL) from
UIUC and Formal Methods in Software Engineering (FMSE) groupfrom
Al. I. University of Iasi (UAIC).</p>
<p>In the new perspective, K is envisioned as an executable semantic framework
in which programming languages together with their type systems or formal
analysis tools can be defined.
The goal is that K Framework to be equally used by academia and industry.
The main components of a K definition consist of configurations, computations
and rules.
Configurations abstractly describe the machine which on the programs/systems
are exectued; the system/program state is organized into hierarchical structure
of units, called cells.
Computations are structures carrying computational meaning by sequentializing
the computational tasks, such as fragments of program.
K (rewrite) rules generalize conventional rewrite rules by making explicit
which parts of the term they read, write, or do not care about.</p>
<p>In this talk we give a light introduction to K using two toy examples.
The first one is a kernel of C, called Cink, for which we give an executable
formal definition, incrementally developed, and a static analyser derived from
the definition and whic is able to find infinite loops and infeasible paths in
the control flow graph. The second example is a simple language modeling the
object creation, inspired from the paper "Symbolic Execution of Unbounded
Object Creation" by Jurriaan Rot, Frank de Boer, and Marcello Bonsangue.
We show that how the abstratct semantics and the symbolic one are derived from
the definition of the model. The executabilty of all examples will be
demonstrated with the K Maude prototype.</p>
<p>A fully description of K can be found in:
Traian Florin Serbanuta. A Rewriting Approach to Concurrent Programming
Language Design and Semantics.
PhD Thesis, University of Illinois, December 2010
(http://fsl.cs.uiuc.edu/pubs/serbanuta-2010-thesis.pdf)
and
Grigore Rosu and Traian Florin Serbanuta. An Overview of the K Semantic
Framework.
J.LAP, Volume 79(6), pp 397-434. 2010
(http://fsl.cs.uiuc.edu/pubs/rosu-serbanuta-2010-jlap.pdf)</p>
<p>The K Maude prototype project is hosted on Google Code:
http://code.google.com/p/k-framework/
and described in
Traian Florin Serbanuta and Grigore Rosu.
K-Maude: A Rewriting Based Tool for Semantics of Programming Languages
WRLA'10, LNCS 6381, pp 104-122. 2010
(http://fsl.cs.uiuc.edu/pubs/serbanuta-rosu-2010-wrla.pdf)
</p>An Introduction to Coalgebra and Coinduction, using Regular and Context-free Languages2011-03-01T13:30:00+01:002011-03-01T13:30:00+01:00Joost Winter (CWI)tag:event.cwi.nl,2011-03-01:/acg/presentations/an-introduction-to-coalgebra-and-coinduction-using-regular-and-context-free-languages<p>We give a summary of some of the existing work on coalgebra and
coinduction: a general introduction to the coalgebraic framework is
given, focussing especially on the instance of coalgebraic
representations of regular and context-free languages, and
deterministic automata. We show how Brzozowski derivatives of regular
expressions fit into the …</p><p>We give a summary of some of the existing work on coalgebra and
coinduction: a general introduction to the coalgebraic framework is
given, focussing especially on the instance of coalgebraic
representations of regular and context-free languages, and
deterministic automata. We show how Brzozowski derivatives of regular
expressions fit into the coalgebraic framework, and present Rutten's
coalgebraic version of Kleene's theorem. Finally, we present some
recent results on our attempts to extend this coalgebraic approach
towards context-free languages and grammars. </p>Specifying Interfaces in Java in terms of Communication Histories using Attribute Grammars - part 22011-02-22T13:30:00+01:002011-02-22T13:30:00+01:00Stijn de Gouwtag:event.cwi.nl,2011-02-22:/acg/presentations/specifying-interfaces-in-java-in-terms-of-communication-histories-using-attribute-grammars-part-2<p>We propose a new formal modeling language for the specification of
interfaces in Java in terms of communication histories, i.e.,
sequences of messages. We show how attribute grammars provide a
powerful separation of concerns between high-level protocol-oriented
properties, which focus on the kind of messages sent and received, and …</p><p>We propose a new formal modeling language for the specification of
interfaces in Java in terms of communication histories, i.e.,
sequences of messages. We show how attribute grammars provide a
powerful separation of concerns between high-level protocol-oriented
properties, which focus on the kind of messages sent and received, and
data-oriented properties, which focus on the actual data communicated.
We develop a modeling framework in Java for the integration of
attribute grammars in the Java Modeling Language and discuss the
corresponding tool-support for run-time assertion checking. </p>Multicore Programming in Object-Oriented Languages2011-02-15T13:30:00+01:002011-02-15T13:30:00+01:00Behrooz Nobakhttag:event.cwi.nl,2011-02-15:/acg/presentations/multicore-programming-in-object-oriented-languages<p>We studied different languages and libraries that brought multicore
programming methods into object-oriented languages. The methods
included Actor model, software transactional memory, and data flow
programming. The languages included Java, C++, Python, and C#. </p>A Calculational Proof of Moessners Theorem2011-01-31T13:30:00+01:002011-01-31T13:30:00+01:00Ralf Hinze (University of Oxford)tag:event.cwi.nl,2011-01-31:/acg/presentations/a-calculational-proof-of-moessners-theorem<p>The talk introduces two corecursion schemes for streamgenerating
functions, scans and convolutions, and discusses their properties. As
an application of the framework, a calculational proof of
Moessners intriguing theorem is presented.</p>Model checking GOAL agents2010-12-07T13:30:00+01:002010-12-07T13:30:00+01:00Sung-Shik Jongmans (CWI)tag:event.cwi.nl,2010-12-07:/acg/presentations/model-checking-goal-agents<p>As the theoretical foundations of agent-oriented programming became
better understood by the end of the 1990s, researchers became
interested in model checking agent programs. Model checking,
introduced by the late 1970s, is a technique for establishing
automatically whether a system satisfies a given
specification. Although progress has been made over …</p><p>As the theoretical foundations of agent-oriented programming became
better understood by the end of the 1990s, researchers became
interested in model checking agent programs. Model checking,
introduced by the late 1970s, is a technique for establishing
automatically whether a system satisfies a given
specification. Although progress has been made over the last ten
years, the model checking problem for agent programs is still far from
solved: performance, maybe even more than in traditional model
checking, is a major issue. In this talk, I will give a brief overview
of the history of agent program model checking, and discuss an
approach to making model checkers for agent programs faster. The
approach's core idea is to reuse existing agent technology when
implementing model checkers for agent programs, instead of reusing
existing model checking tools as done in past efforts. The approach is
illustrated with the GOAL agent language, and a performance
comparison, involving three model checkers for GOAL agents, will be
presented. The work I report on has been carried out during my MSc
graduation project (Nov. 2009 - Aug. 2010). </p>JOLIE: a service oriented language2010-11-23T13:30:00+01:002010-11-23T13:30:00+01:00Jacopo Maurotag:event.cwi.nl,2010-11-23:/acg/presentations/jolie-a-service-oriented-language<p>Service oriented computing is an emerging paradigm for programming
distributed applications based on services. Services are simple
software elements that supply their functionalities by exhibiting
their interfaces and that can be invoked by exploiting simple
communication primitives. The emerging mechanism exploited in service
oriented computing for composing services âin …</p><p>Service oriented computing is an emerging paradigm for programming
distributed applications based on services. Services are simple
software elements that supply their functionalities by exhibiting
their interfaces and that can be invoked by exploiting simple
communication primitives. The emerging mechanism exploited in service
oriented computing for composing services âin order to provide
more complex functionalitiesâ is by means of orchestrators. An
orchestrator is able to invoke and coordinate other services by
exploiting typical workflow patterns such as parallel composition,
sequencing and choices. I'll present JOLIE, an interpreter and engine
for orchestration programs. The main novelties of JOLIE are that it
provides an easy to use development environment (because it supports a
more programmer friendly C/Java-like syntax instead of an XML-based
syntax) and it is based on a solid mathematical underlying model. </p>Decidability properties for fragments of CHR2010-10-26T13:30:00+02:002010-10-26T13:30:00+02:00Jacopo Maurotag:event.cwi.nl,2010-10-26:/acg/presentations/decidability-properties-for-fragments-of-chr<p>We study the decidability of termination for two CHR dialects which,
similarly to the Datalog like languages, are defined by using a
signature which does not allow function symbols (of arity gt;0$). Both
languages allow the use of the $=$ built-in in the body of rules, thus
are built on …</p><p>We study the decidability of termination for two CHR dialects which,
similarly to the Datalog like languages, are defined by using a
signature which does not allow function symbols (of arity gt;0$). Both
languages allow the use of the $=$ built-in in the body of rules, thus
are built on a host language that supports unification. However each
imposes one further restriction. The first CHR dialect allows only {em
range-restricted} rules, that is, it does not allow the use of
variables in the body or in the guard of a rule if they do not appear
in the head. We show that the existence of an infinite computation is
decidable for this dialect. The second dialect instead limits the
number of atoms in the head of rules to one. We prove that in this
case, the existence of a terminating computation is decidable. These
results show that both dialects are strictly less expressive than
Turing Machines. It is worth noting that the language (without
function symbols) without these restrictions is as expressive as
Turing Machines </p>Coalgebraic Representation Theory of Fractals2010-10-19T10:00:00+02:002010-10-19T10:00:00+02:00Ichiro Hasuo (RIMS & Kyoto University)tag:event.cwi.nl,2010-10-19:/acg/presentations/coalgebraic-representation-theory-of-fractals<p>We develop a representation theory in which a point of a fractal
specified by metric means (by a variant of an iterated function
system, IFS) is represented by a suitable equivalence class of
infinite streams of symbols. The framework is categorical: symbolic
representatives carry a final coalgebra; an IFS-like metric …</p><p>We develop a representation theory in which a point of a fractal
specified by metric means (by a variant of an iterated function
system, IFS) is represented by a suitable equivalence class of
infinite streams of symbols. The framework is categorical: symbolic
representatives carry a final coalgebra; an IFS-like metric
specification of a fractal is an algebra for the same
functor. Relating the two there canonically arises a representation
map, much like in America and Rutten's use of metric enrichment in
denotational semantics. A distinctive feature of our framework is that
the canonical representation map is bijective. In the technical
development, gluing of shapes in a fractal specification is a major
challenge. On the metric side we introduce the notion of injective IFS
to be used in place of conventional IFSs. On the symbolic side we
employ Leinster's presheaf framework that uniformly addresses
necessary identification of streams--such as .0111...= .1000... in the
binary expansion of real numbers. Our leading example is the unit
interval I = [0,1]. </p>Formalising Domain-Specific Modelling Languages2010-10-05T13:30:00+02:002010-10-05T13:30:00+02:00Vlad Rusu (Inria Lille Nord-Europe)tag:event.cwi.nl,2010-10-05:/acg/presentations/formalising-domain-specific-modelling-languages<p>We propose an approach for formalising Domain-Specific Modelling
Languages (DSML). Our approach is based on representing models and
metamodels as specifications in the Maude algebraic specification
language. This provides us with abstract definitions of essential
concepts of DSML (model-to-metamodel conformance, operational
semantics, and model transformations) that naturally capture their
intutive …</p><p>We propose an approach for formalising Domain-Specific Modelling
Languages (DSML). Our approach is based on representing models and
metamodels as specifications in the Maude algebraic specification
language. This provides us with abstract definitions of essential
concepts of DSML (model-to-metamodel conformance, operational
semantics, and model transformations) that naturally capture their
intutive meanings. We also propose equivalent executable definitions
for these notions, which can be directly used in Maude for
verification. Finally, we show how DSML can be organised as
institutions, and model transformation as institution morphisms. We
focus on a class of institution morphisms that corresponds to Galois
connections between the transition systems generated by two DSMLs
operational semantics. Such connections formally capture various
forms of semantical preservation that model transformations may
satisfy. </p>Algebraic and Coalgebraic Reasoning in Agent-Based Models -- A Case Study From Ecology2010-09-15T10:30:00+02:002010-09-15T10:30:00+02:00Michael Hauhs (University of Bayreuth)tag:event.cwi.nl,2010-09-15:/acg/presentations/algebraic-and-coalgebraic-reasoning-in-agent-based-models-a-case-study-from-ecology<p>Agent-based models (ABMs) are a new and increasingly popular class of
simulation software in natural and social sciences. They combine
state-based and behaviour-based modelling paradigms for empirical
phenomena in an unorthodox way that currently has no sound theoretical
foundation. As we have demonstrated in previous work, the
state/behaviour dichotomy …</p><p>Agent-based models (ABMs) are a new and increasingly popular class of
simulation software in natural and social sciences. They combine
state-based and behaviour-based modelling paradigms for empirical
phenomena in an unorthodox way that currently has no sound theoretical
foundation. As we have demonstrated in previous work, the
state/behaviour dichotomy can be formalized as algebraic/coalgebraic
reasoning, respectively. In the present work we reformulate
agent-based models in terms of an established theory that combines
algebraic and coalgebraic perspectives, namely the theory of
bialgebras induced by a categorical distributive law. This has a
number of interesting consequences: 1.) From the viewpoint of software
engineering, it allows the rigorous derivation of a clear and modular
design for agent-based models in a functional programming
language. 2.) From the viewpoint of (co)algebra theory, it opens a
wide field of hitherto unknown real-world applications. 3.) From the
viewpoint of software semantics, it allows to postulate a theoretical
criterion for well-behaved ABMs. 4.) Last but not least, from the
viewpoint of critical science, it allows to elucidate the way the
modelling paradigms are mixed, and possibly confused, in ABM
literature. We present the results of our work in progress in terms of
a theoretically guided re-implementation of a published ecological ABM
(Jovani and Grimm: "Breeding synchrony in colonial birds: from local
stress to global harmony." Proc.R.Soc.B 2008) in the programming
language Haskell. </p>Message sequence monitoring without code instrumentation2010-07-06T13:30:00+02:002010-07-06T13:30:00+02:00Behrooz Nobakhttag:event.cwi.nl,2010-07-06:/acg/presentations/message-sequence-monitoring-without-code-instrumentation<p>One of the problems in software testing is to specify and verify the
execution of a sequence of method calls in object-oriented software.
In this paper, we introduce JMSeq to propose a formal method based on
context-free grammars to specify a sequence of method calls; it
provides a simple way …</p><p>One of the problems in software testing is to specify and verify the
execution of a sequence of method calls in object-oriented software.
In this paper, we introduce JMSeq to propose a formal method based on
context-free grammars to specify a sequence of method calls; it
provides a simple way to verify and monitor the program under
test. JMSeq uses no code instrumentation as in AspectJ and verication
is done at runtime. JMSeq shows that runtime verication through code
annotations with no instrumentation can be a new approach in software
testing that is simple and expressive enough. </p>(Abstraction and Refinement of) Timed Constraint Automata in the ECT2010-06-15T13:30:00+02:002010-06-15T13:30:00+02:00Stephanie Kemper (CWI)tag:event.cwi.nl,2010-06-15:/acg/presentations/abstraction-and-refinement-of-timed-constraint-automata-in-the-ect<p>In this talk, I will give a tool demonstration of how Timed Constraint
Automata (TCA) have been integrated into the ECT. In particular, I
will present the TCA editor, the translation into propositional
formulas plus linear arithmetic, and the abstraction-refinement
backend used for model checking. </p>Model checking a language with unbounded object creation2010-05-25T13:30:00+02:002010-05-25T13:30:00+02:00Jurriaan Rottag:event.cwi.nl,2010-05-25:/acg/presentations/model-checking-a-language-with-unbounded-object-creation<p>We introduce a block-structured programming language which supports
object creation, global variables, static scope and recursive
procedures with local variables. Because of the combination of
recursion, local variables and object creation, the behavior of the
program is determined by infinitely many different states. However, we
show that a program can …</p><p>We introduce a block-structured programming language which supports
object creation, global variables, static scope and recursive
procedures with local variables. Because of the combination of
recursion, local variables and object creation, the behavior of the
program is determined by infinitely many different states. However, we
show that a program can be viewed as a type of pushdown automata, for
which the halting problem as well as LTL and CTL model checking are
decidable. </p>Model Transformation & Analysis in Rascal2010-05-18T13:30:00+02:002010-05-18T13:30:00+02:00Tijs van der Storm (CWI)tag:event.cwi.nl,2010-05-18:/acg/presentations/model-transformation-analysis-in-rascal<p>Rascal (http://www.rascal-mpl.org) is a domain specific language (DSL)
for meta programming. While originally focused on transformation and
analysis of source code, initial experiments are currently performed
to process other kinds of models. I will give some example of how
(traditionally object-oriented) meta models are represented in Rascal …</p><p>Rascal (http://www.rascal-mpl.org) is a domain specific language (DSL)
for meta programming. While originally focused on transformation and
analysis of source code, initial experiments are currently performed
to process other kinds of models. I will give some example of how
(traditionally object-oriented) meta models are represented in Rascal
and how these representations enable model analysis and transformation
in Rascal. </p>Strategic Executions of Choreographed Timed Normative Multi-Agent Systems2010-05-11T13:30:00+02:002010-05-11T13:30:00+02:00Lacramioara Astefanoaei (CWI)tag:event.cwi.nl,2010-05-11:/acg/presentations/strategic-executions-of-choreographed-timed-normative-multi-agent-systems<p>In this talk we describe a combined mechanism (and its implementation
by means of rewrite strategies) for coordinating agents in timed
multi-agent systems. What we combine is the timed extensions of two
orthogonal coordination mechanisms wrt the dichotomy action/state. On
the one hand, we have action-based artifacts, i.e …</p><p>In this talk we describe a combined mechanism (and its implementation
by means of rewrite strategies) for coordinating agents in timed
multi-agent systems. What we combine is the timed extensions of two
orthogonal coordination mechanisms wrt the dichotomy action/state. On
the one hand, we have action-based artifacts, i.e., choreographies, to
force action execution, on the other hand, we have normative
artifacts, i.e., norms, to enforce states. In both cases, we use
timing constraints to, for example, force action synchrony and/or norm
application before certain time invariants are violated. </p>Specifying Interfaces in Java in terms of Communication Histories using Attribute Grammars - part 12010-04-13T13:30:00+02:002010-04-13T13:30:00+02:00Stijn de Gouwtag:event.cwi.nl,2010-04-13:/acg/presentations/specifying-interfaces-in-java-in-terms-of-communication-histories-using-attribute-grammars-part-1<p>We propose a new formal modeling language for the specification of
interfaces in Java in terms of communication histories, i.e.,
sequences of messages. We show how attribute grammars provide a
powerful separation of concerns between high-level protocol-oriented
properties, which focus on the kind of messages sent and received, and …</p><p>We propose a new formal modeling language for the specification of
interfaces in Java in terms of communication histories, i.e.,
sequences of messages. We show how attribute grammars provide a
powerful separation of concerns between high-level protocol-oriented
properties, which focus on the kind of messages sent and received, and
data-oriented properties, which focus on the actual data
communicated. We develop a modeling framework in Java for the
integration of attribute grammars in the Java Modeling Language and
discuss the corresponding tool-support for run-time assertion
checking. Further, we investigate the static analysis of histories
specified by attribute grammars by means of theorem proving
techniques. </p>Creol goes Linda2010-03-16T13:30:00+01:002010-03-16T13:30:00+01:00Immo Grabe (CWI)tag:event.cwi.nl,2010-03-16:/acg/presentations/creol-goes-linda<p>We introduce Creol, a modeling language for concurrent distributed
systems based on asynchronous communication. To illustrate Creol's
concurrency and communication model we compare it to Java. We give a
notion of deadlock for Creol programms and show how to model Creol
programs in Linda (to provide deadlock detection in the …</p><p>We introduce Creol, a modeling language for concurrent distributed
systems based on asynchronous communication. To illustrate Creol's
concurrency and communication model we compare it to Java. We give a
notion of deadlock for Creol programms and show how to model Creol
programs in Linda (to provide deadlock detection in the future). </p>Delta Modeling2010-03-02T13:30:00+01:002010-03-02T13:30:00+01:00Michiel Helvensteijn (CWI)tag:event.cwi.nl,2010-03-02:/acg/presentations/delta-modeling<p>A software product line (SPL) is a family of software systems with
well defined commonalities and variabilities. These systems (products)
are uniquely identified by a set of features. But a feature is merely
a label. To attach semantics to features, the code base for an SPL
should be organized in …</p><p>A software product line (SPL) is a family of software systems with
well defined commonalities and variabilities. These systems (products)
are uniquely identified by a set of features. But a feature is merely
a label. To attach semantics to features, the code base for an SPL
should be organized in some way to reflect which features correspond
to which code.</p>
<p>Delta modeling is one approach towards bridging this gap. In a delta modeling
code base, one can distinguish between a core implementation, containing the
code common to each product, and deltas, containing code specific to some
feature configuration(s). Deltas can make changes to the core in order to
integrate one or multiple features. In this talk I present a new formalism
generalizing the delta modeling approach, show some concrete examples and
compare delta modeling to other approaches.
</p>Stochastic Activity Networks2010-02-16T13:30:00+01:002010-02-16T13:30:00+01:00Ali Movaghar (Sharif University of Technology)tag:event.cwi.nl,2010-02-16:/acg/presentations/stochastic-activity-networks<p>Stochastic activity networks (SANs) are a stochastic generalization of
Petri nets that have been defined for the modeling and analysis of
distributed real-time systems. SANs were introduced in 1984 for the
performance and dependability (performability) modeling of such
systems. SAN models are more powerful and flexible than most other
stochastic …</p><p>Stochastic activity networks (SANs) are a stochastic generalization of
Petri nets that have been defined for the modeling and analysis of
distributed real-time systems. SANs were introduced in 1984 for the
performance and dependability (performability) modeling of such
systems. SAN models are more powerful and flexible than most other
stochastic extensions of Petri nets including SPNs and GSPNs. The
definition of SANs is based on a unified view of the system in three
settings, namely, nondeterministic, probabilistic, and stochastic. The
purpose of such a systematic definition is twofold. First, it allows
for a better and more formal definition per se. Second, it allows for
the use of the model for the analysis of both functional and
performance aspects of the system. </p>Compositional and Computable Semantics for Modelling Hybrid Systems2010-02-02T13:30:00+01:002010-02-02T13:30:00+01:00Pieter Collins (CWI)tag:event.cwi.nl,2010-02-02:/acg/presentations/compositional-and-computable-semantics-for-modelling-hybrid-systems<p>Hybrid systems are dynamic systems combining discrete and continuous
behaviour. It is important to have powerful modelling frameworks which
support modular design via composition of subsystems, and automated
software tools for simulation and verification. Unfortunately, it is a
nontrivial task to provide a behavioural semantics for a modelling
framework which …</p><p>Hybrid systems are dynamic systems combining discrete and continuous
behaviour. It is important to have powerful modelling frameworks which
support modular design via composition of subsystems, and automated
software tools for simulation and verification. Unfortunately, it is a
nontrivial task to provide a behavioural semantics for a modelling
framework which is computable in the sense that true properties are
provable by numerical algorithms and which respects also the parallel
composition operator. In this talk I will give compositional and
computable semantics for a restricted subset of models specified using
the Compositional Interchange Format (CIF) for modelling hybrid
systems. The CIF already has a well-defined standard operational
semantics, we introduce an upper-semicomputable semantics for proving
safety properties and a lower-semicomputable semantics for proving
liveness properties. Finally, I will give example of an automatic
translation of a simple CIF model to the API of the reachability
analysis tool Ariadne.</p>
<p>Joint work with Ramon Schiffelers and Bert van Beek (TU/e), Davide Bresolin and Tiziano Villa (Verona) and Ivan Zapreev (CWI)</p>Verification of Software Product Lines2010-01-19T13:30:00+01:002010-01-19T13:30:00+01:00Ina Schaefer (Chalmers Universitytag:event.cwi.nl,2010-01-19:/acg/presentations/verification-of-software-product-lines<p>A software product line is a set of systems with well-defined
commonalities and variabilities that are developed by managed reuse.
Because of the huge number of possible configurations, it is crucial
to guarantee critical system requirements. However, it is infeasible
to formally verify each system in isolation. Instead, verification
artifacts …</p><p>A software product line is a set of systems with well-defined
commonalities and variabilities that are developed by managed reuse.
Because of the huge number of possible configurations, it is crucial
to guarantee critical system requirements. However, it is infeasible
to formally verify each system in isolation. Instead, verification
artifacts, i.e., properties and their proofs, should be reused in same
way as other development artifacts.</p>
<p>In this talk, I present to concept of proof reuse for the
efficient verification of software product lines. The presented approach
is based on delta-modeling, a general approach to capture
feature-based variability of software product lines. A set of systems is
represented by a core system and a set of system deltas modifying the
core to capture other system features. The delta modeling structure can
be exploited to determine the reuse potential for proofs of system
properties. This will be illustrated at experiments with the KeY
verification system.
</p>Specifying Behavior of Reo in mCRL22009-12-15T13:30:00+01:002009-12-15T13:30:00+01:00Natallia Kokash (CWI)tag:event.cwi.nl,2009-12-15:/acg/presentations/specifying-behavior-of-reo-in-mcrl2<p>In this ACG meeting, we present our approach to medeling and
verification of Reo circuits using process specification language
mCRL2 and the corresponding model checking toolset. We start from the
encoding of Reo in mCRL2 according to its constraint automata
semantics, and then discuss several lines of ongoing work on …</p><p>In this ACG meeting, we present our approach to medeling and
verification of Reo circuits using process specification language
mCRL2 and the corresponding model checking toolset. We start from the
encoding of Reo in mCRL2 according to its constraint automata
semantics, and then discuss several lines of ongoing work on more
expressive encodings, icluding the encoding of intentional automata
and colouring semantics to support context dependency. Finally, we
present our ideas about semantics for Reo that distinguishes
handshaking mechanism from data flow and allows us to specify behavior
of Reo circuits in presence of data transmission delays. </p>Logic of Information Flow on Communication Channels2009-12-01T13:30:00+01:002009-12-01T13:30:00+01:00Floor Sietsma (CWI)tag:event.cwi.nl,2009-12-01:/acg/presentations/logic-of-information-flow-on-communication-channels<p>We present a logic to describe communcation channels and secret
messages. Additionally, our logic can reason about communication
protocols. We combine a Dynamic Epistemic Logic (DEL) perspective with
ideas from Interpreted Systems (IS). Our framework models the
communication channels underlying the information flow as well as the
information flow itself …</p><p>We present a logic to describe communcation channels and secret
messages. Additionally, our logic can reason about communication
protocols. We combine a Dynamic Epistemic Logic (DEL) perspective with
ideas from Interpreted Systems (IS). Our framework models the
communication channels underlying the information flow as well as the
information flow itself. Our DEL-style actions allow us to model
various communication actions such as message passing and group
announcements. In particular we define an external informing action,
which essentially announces the protocol the agents are supposed to
follow, thus making it common knowledge that the future behaviour of
the agents is constrained. Our framework is very flexible in modeling
a variety of scenarios with different assumptions about the
observational power of the agents. We propose a generic method of
epistemic modeling where the initial model is simply the real world,
and other worlds are generated on-the-fly. We show how our framework
applies to some nice examples. </p>Abstract Object Creation in Dynamic Logic To Be or Not To Be Created2009-11-17T13:30:00+01:002009-11-17T13:30:00+01:00Immo Grabe (CWI)tag:event.cwi.nl,2009-11-17:/acg/presentations/abstract-object-creation-in-dynamic-logic-to-be-or-not-to-be-created<p>(joint work with Wolfgang Ahrendt and Frank de Boer)</p>
<p>We give a representation
of a weakest precondition calculus for abstract object creation
in dynamic logic, the logic underlying the KeY
theorem prover.
This representation allows to both specify and verify properties of objects
at the abstraction level of the (object-oriented …</p><p>(joint work with Wolfgang Ahrendt and Frank de Boer)</p>
<p>We give a representation
of a weakest precondition calculus for abstract object creation
in dynamic logic, the logic underlying the KeY
theorem prover.
This representation allows to both specify and verify properties of objects
at the abstraction level of the (object-oriented) programming language.
Objects which are not (yet) created never play any role,
neither in the specification nor in the verification of properties.
Further, we show how to symbolically execute abstract object creation.
</p>Mist: The Programming Language2009-05-12T13:30:00+02:002009-05-12T13:30:00+02:00Michiel Helvensteijn (CWI)tag:event.cwi.nl,2009-05-12:/acg/presentations/mist-the-programming-language<p>In this meeting we would like to discuss the development of the Mist
programming language. Our goal is to create a new programming language
with many promising features, prominently among them an integrated
proof framework. The hope is to automatically generate formal proof of
correctness, rather than relying solely on …</p><p>In this meeting we would like to discuss the development of the Mist
programming language. Our goal is to create a new programming language
with many promising features, prominently among them an integrated
proof framework. The hope is to automatically generate formal proof of
correctness, rather than relying solely on run-time checks. This
framework may also offer new opportunities for code optimization.
Rather than optimizing common cases of existing programs, we propose
to make more elegant code less costly to run, and we design Mist
accordingly. </p>Fault-based Test Case Generation for Component Connectors2009-03-24T13:30:00+01:002009-03-24T13:30:00+01:00Sun Meng (CWI)tag:event.cwi.nl,2009-03-24:/acg/presentations/fault-based-test-case-generation-for-component-connectors<p>The complex interactions appearing in service-oriented computing make
coordination a key concern in service-oriented systems. In this paper,
we present a fault-based method to generate test cases for component
connectors from specifications. For connectors, faults are caused by
possible errors during the development process, such as wrongly used
channels, missing …</p><p>The complex interactions appearing in service-oriented computing make
coordination a key concern in service-oriented systems. In this paper,
we present a fault-based method to generate test cases for component
connectors from specifications. For connectors, faults are caused by
possible errors during the development process, such as wrongly used
channels, missing or redundant subcircuits, or circuits with wrongly
constructed topology. We give test cases and connectors a unifying
formal semantics by using the notion of design, and generate test
cases by solving constraints obtained from the specification and
faulty connectors. </p>Tool demonstration2009-02-10T13:30:00+01:002009-02-10T13:30:00+01:00Farhad Arbab (CWI & LIACS)tag:event.cwi.nl,2009-02-10:/acg/presentations/tool-demonstration<p>Software Tools Demonstration</p>
<p>A number of our colleague in SEN3 have been developing software tools in the context of their various projects. Many, but not all, of these tools are related to Reo and are integrated into the Eclipse Coordination Tools (ECT). The ECT also incorporates some tools developed by …</p><p>Software Tools Demonstration</p>
<p>A number of our colleague in SEN3 have been developing software tools in the context of their various projects. Many, but not all, of these tools are related to Reo and are integrated into the Eclipse Coordination Tools (ECT). The ECT also incorporates some tools developed by our colleagues at other institutes. This tool set has recently evolved a bit faster than the rest of us could catch up with. We will use the time-slot of this ACG colloquium meeting to bring everyone up to date on the status of our tool development work by giving a number of short overview presentations and live demos of some of the capabilities of the ECT tool set.</p>
<p>The following abstract and a short presentation on Reo will make this tool demonstration self-contained and comprehensible for the guest attendees of this colloquium meeting who may not be familiar with Reo.</p>
<hr>
<p>Reo</p>
<p>Reo is an exogenous coordination language for compositional construction
of connectors that combine distributed software components and services. Reo connectors are built out of primitive mobile channels, analogous to
the way that electronic circuits are built out of their circuit elements. Reo embodies a non-conventional model of concurrency where interaction (as opposed to action) is the only first-class concept. Composition of interactions (as opposed to processes/actions) in Reo makes it an expressive model where (coordination and concurrency) protocols are defined in a high-level constraint (as opposed to imperative) programming style.</p>
<p>Reo offers anonymous communication, loose coupling of interacting parties, composition and coordination by third parties, open-ended user-defined primitives, distribution and mobility, dynamic reconfigurability, and arbitrary mixing of asynchrony, synchrony, and exclusion. These properties make Reo more expressive than Petri nets, workflow, and dataflow models.</p>Models of computation: automata and processes2009-01-20T13:30:00+01:002009-01-20T13:30:00+01:00Jos Baeten (CWI and Eindhoven University of Technology)tag:event.cwi.nl,2009-01-20:/acg/presentations/models-of-computation-automata-and-processes<p>The two fields of automata theory and formal languages on the one
hand, and concurrency theory on the other hand, have developed
independently, but have a lot in common. The one is a basic model of
computation that gives us notions like algorithm and computability,
the other is a basic …</p><p>The two fields of automata theory and formal languages on the one
hand, and concurrency theory on the other hand, have developed
independently, but have a lot in common. The one is a basic model of
computation that gives us notions like algorithm and computability,
the other is a basic model of computation that in addition takes
interaction into account. In the talk, I give you my definition of
"Informatica" and discuss the integration of the two fields. I give
you elements of a textbook I am writing for an undergraduate course on
the foundations of computer science. </p>A Kleene theorem for polynomial coalgebras2008-09-23T13:30:00+02:002008-09-23T13:30:00+02:00Alexandra Silva (Radboud University Nijmegen & CWI)tag:event.cwi.nl,2008-09-23:/acg/presentations/a-kleene-theorem-for-polynomial-coalgebras<p>For polynomial functors G, we show how to generalize the classical
notion of regular expression to G-coalgebras. We introduce a language
of expressions for describing elements of the final G-coalgebra and,
analogously to Kleeneâs theorem, we show the correspondence
between expressions and finite G-coalgebras. </p>A Coalgebraic Semantic Framework for Reasoning about UML Sequence Diagrams2008-07-29T13:30:00+02:002008-07-29T13:30:00+02:00Sun Meng (CWI)tag:event.cwi.nl,2008-07-29:/acg/presentations/a-coalgebraic-semantic-framework-for-reasoning-about-uml-sequence-diagrams<p>If, as a well-known aphorism states, modelling is for reasoning, this
paper is an attempt to define and apply a formal semantics to UML
sequence diagrams in order to enable rigourous reasoning about them.
Actually, model transformation plays a fundamental role in the process
of software development, in general, and …</p><p>If, as a well-known aphorism states, modelling is for reasoning, this
paper is an attempt to define and apply a formal semantics to UML
sequence diagrams in order to enable rigourous reasoning about them.
Actually, model transformation plays a fundamental role in the process
of software development, in general, and in model driven engineering
in particular. Being a de facto standard in this area, UML is no
exception, even if the number and diversity of diagrams expressing UML
models makes it difficult to base its semantics on a single
framework. This paper builds on previous attempts to base UML
semantics in a coalgebraic setting and illustrates the application of
the proposed framework to reason about composition and refactoring of
sequence diagrams. </p>QoS-aware Routing in Infrastructure-less B3G Networks2008-07-15T13:30:00+02:002008-07-15T13:30:00+02:00Natallia Kokash (CWI)tag:event.cwi.nl,2008-07-15:/acg/presentations/qos-aware-routing-in-infrastructure-less-b3g-networks<p>In this talk I present some my recent work on service-oriented
middleware for multi-network environments which is part of EU ICT
PLASTIC project.</p>
<p>Modern mobile devices are featured by multiple network interfaces that
allow them to communicate using not only cellular network infrastructures
but also other independently administered networks. We …</p><p>In this talk I present some my recent work on service-oriented
middleware for multi-network environments which is part of EU ICT
PLASTIC project.</p>
<p>Modern mobile devices are featured by multiple network interfaces that
allow them to communicate using not only cellular network infrastructures
but also other independently administered networks. We view
infrastructure-less B3G environments as the composition of infrastructured
and ad hoc networks via devices that forward messages through different
interfaces. One of the key challenges for realizing this view is
inter-domain routing. Given the diversity of network technologies and
infrastructures in those environments, a flexible protocol that takes into
account their quality properties and dynamics is an important requirement
to provide an adequate user-experience.
We present a flexible QoS-aware routing protocol for infrastructure-less
B3G environments that enables discovery of routes optimizing three
different QoS properties according to client-defined criteria. The
protocol is based on the Optimized Link-State Routing protocol (OLSR) and
is designed to enable computation of quality-aware routes while still
keeping its optimizations. We present the protocol, discuss its deployment
on an infrastructure-less B3G network and provide some experimental
evaluation.
</p>Deconstructing Reo2008-07-08T13:30:00+02:002008-07-08T13:30:00+02:00José Proença (CWI)tag:event.cwi.nl,2008-07-08:/acg/presentations/deconstructing-reo<p>Understanding and implementing Reo has been challenging due to
interaction of the 'channel metaphor', which is an inherently local
notion, and the non-local nature of constraint propagation imposed by
composition. In this work, the channel metaphor takes a back seat, and
we focus on the behavioural constraints imposed by the …</p><p>Understanding and implementing Reo has been challenging due to
interaction of the 'channel metaphor', which is an inherently local
notion, and the non-local nature of constraint propagation imposed by
composition. In this work, the channel metaphor takes a back seat, and
we focus on the behavioural constraints imposed by the composition of
primitives, and phrase the semantics of Reo as a constraint
satisfaction problem. Not only does this provide a clear intensional
description of the behaviour of Reo connectors in terms of
synchronisation and data flow constraints, it also paves the way for
new implementation techniques based on constraint propagation and
satisfaction. In fact, decomposing Reo into constraints provides a new
computational model for connectors, which we extend to model
interaction with an unknown external world beyond what is currently
possible in Reo. </p>Using Reo for Compliance-driven Design of Service-Oriented Applications2008-06-17T13:30:00+02:002008-06-17T13:30:00+02:00Natallia Kokash (CWI)tag:event.cwi.nl,2008-06-17:/acg/presentations/using-reo-for-compliance-driven-design-of-service-oriented-applications<p>Currently, there are no well-established techniques to ensure dynamic
and ongoing compliance of services-oriented applications to business
regulations that come out from legislative and regulatory documents
such as Basel II1, IFRS2, MiFID3, LSF4, HIPAA, Tabaksblat5, and the
Sarbanes-Oxley6 Act, as well as from internal movements of business
stakeholders towards Quality …</p><p>Currently, there are no well-established techniques to ensure dynamic
and ongoing compliance of services-oriented applications to business
regulations that come out from legislative and regulatory documents
such as Basel II1, IFRS2, MiFID3, LSF4, HIPAA, Tabaksblat5, and the
Sarbanes-Oxley6 Act, as well as from internal movements of business
stakeholders towards Quality of Service (QoS). Recently started EU
FP7-ICT COMPAS (Compliance driven Models, Languages, and Architectures
for Services) project aims at bridging this gap, in particular, by
developing formally grounded models for expressing service behaviour
and advanced process constraints. Business Process Modeling Notation
(BPMN) is the most widely-used language for capturing business
processes at the level of domain analysis. However, it is rather
declarative and may lead to the development of executable models which
are incomplete or semantically erroneous. Therefore, an approach for
expressing and analyzing BPMN diagrams in a formal way is required.</p>
<p>The objective of my talk is three-fold. First, I briefly introduce primary
goals and tasks of the COMPAS project. Second, I consider the main
business process modeling primitives as defined in BPMN and show how Reo
tools can be used to model and refine their semantics. Third, I sketch
some initial ideas on how compliance concerns can be incorporated into Reo
process models and their mathematical abstractions.
</p>Synchronized Reconfiguration of Hierarchical Reo Connectors2008-06-10T13:30:00+02:002008-06-10T13:30:00+02:00Christian Krause (CWI)tag:event.cwi.nl,2008-06-10:/acg/presentations/synchronized-reconfiguration-of-hierarchical-reo-connectors<p>In this talk I will use notions from the theory of algebraic graph
transformation (distribution and amalgamation) to model synchronized
reconfiguration of connectors. The idea is that connectors consist of
a number of wired black boxes and that a reconfiguration of the system
is modeled by a set of of …</p><p>In this talk I will use notions from the theory of algebraic graph
transformation (distribution and amalgamation) to model synchronized
reconfiguration of connectors. The idea is that connectors consist of
a number of wired black boxes and that a reconfiguration of the system
is modeled by a set of of synchronized reconfiguration rules for each
of the black boxes and the connector itself. Besides showing how these
abstract notions can be used to model these distributed
reconfigurations, we propose a strategy for executing these
reconfigurations also in hierarchical settings, i.e. where black boxes
consist again of a connector and more black boxes.</p>
<p>This is kind of a practice for a workshop talk to be held in June.
</p>Building mashups with Reo2008-06-03T13:30:00+02:002008-06-03T13:30:00+02:00Ziyan Maraikar (CWI)tag:event.cwi.nl,2008-06-03:/acg/presentations/building-mashups-with-reo<p>The explosive popularity of mashups has given rise to a plethora of
``mashup platforms''. Using these web-based tools, mashups can be
rapidly constructed with minimal programming effort. Reo for Mashups
(ReforM) provides tools to combine, filter and transform web services
and data sources like RSS and ATOM feeds. Whereas other …</p><p>The explosive popularity of mashups has given rise to a plethora of
``mashup platforms''. Using these web-based tools, mashups can be
rapidly constructed with minimal programming effort. Reo for Mashups
(ReforM) provides tools to combine, filter and transform web services
and data sources like RSS and ATOM feeds. Whereas other mashup
platforms intermingle data transformation logic and I/O concerns, we
aim to clearly separate them by formalising the coordination within a
mashup, thereby constructing a mashup's core from a library of
prebuilt connectors. </p>Two Modal Logics for Coalgebras2008-05-20T13:30:00+02:002008-05-20T13:30:00+02:00Raul Andres Leal (UvA)tag:event.cwi.nl,2008-05-20:/acg/presentations/two-modal-logics-for-coalgebras<p>Nowadays, information has become one of the most valuable sources for
hu- mankind. The development of computers has seriously increased the
amount of information that we can handle. Other developments, like
internet, have made the interexchange of information much easier. Even
more, transferring large quantities of information is now a …</p><p>Nowadays, information has become one of the most valuable sources for
hu- mankind. The development of computers has seriously increased the
amount of information that we can handle. Other developments, like
internet, have made the interexchange of information much easier. Even
more, transferring large quantities of information is now a daily
activity. However, there are some tech- nical issues. For example: (1)
not all computers use the same operative systems, and (2) not all
users use the same methods (programs) to handle information. These
issues leads to possible failures in the transmission of data with
infor- mation. Developing new programs and trying to impose them to
all users is just a temporal solution. Those programs will eventually
become obsolete and information will have to be moved (transmitted)
again. Furthermore, such kind of solution will have a high cost each
time that data are moved. Another possible solution would be to store
data in such a way that it will be compatible with all possible forms
of visualization, i.e. to store information independently of its
representations. In order to do this, a new kind kind of programing
language should be developed, a generic language. Generic languages
should have the property that the meaning does not depend on the
representation and all representations of a concept have the same
meaning. Such kind of languages have been already developed for data
concerning black box systems", i.e. systems where information is
modified by an user with some external interaction (buttons), but the
user does not know how the systems works. For example, the management
of a bank account using an ATM. Those systems are called coalgebraic
systems. Languages for those systems are called (generic) coalgebraic
languages. In this paper we aim to present two kinds of generic
coalgebraic languages. Those two languages are, so far, the main
languages developed to describe coal- gebras: they can describe the
evolution of a state in a coalgebraic system, and most other
coalgebraic languages are modications or extensions of those. The
structure of the talk will be as follows: We will first introduce the
basic theory of coalgebras and define coalgebraic languages. Using
these, we will illustrate how coalgebraic languages describe the
behavior of a coalgebraic system. Formally we will prove that
existence of an expressive coalgebraic language is equivalent to the
existence of a final coalgebra. We then proceed to present the first
class of languages; we call those Moss' languages. After we present
the second class of languages; we call those Languages of predicate
liftings. We finish this section showing how Moss' languages and
languages of predicate liftings describe the behavior of a system. </p>Decomposition of Port Automata2008-05-06T13:30:00+02:002008-05-06T13:30:00+02:00Christian Krause (CWI)tag:event.cwi.nl,2008-05-06:/acg/presentations/decomposition-of-port-automata<p>This talk will be about ongoing work on decomposition of port
automata, which are a simplified version of constraint automata. The
goal is to decompose an arbitrary port automaton into instances of a
finite number of primitives. The constructions for the decomposition
are algebraic in the sense that I am …</p><p>This talk will be about ongoing work on decomposition of port
automata, which are a simplified version of constraint automata. The
goal is to decompose an arbitrary port automaton into instances of a
finite number of primitives. The constructions for the decomposition
are algebraic in the sense that I am looking only at the properties of
the join and hide operation. In particular, I am not considering the
language generated by the automaton. </p>Automated deadlock detection in synchronized multithreaded call-graphs2008-04-22T13:30:00+02:002008-04-22T13:30:00+02:00Frank de Boer (CWI & LIACS)tag:event.cwi.nl,2008-04-22:/acg/presentations/automated-deadlock-detection-in-synchronized-multithreaded-call-graphs<p>In this talk I will discuss automata models for the specification and
(automated) analysis of the basic mechanism for synchronizing threads
in Java. </p>Schedulability analysis of real time actors2008-04-08T13:30:00+02:002008-04-08T13:30:00+02:00Mohammad Mahdi Jaghoori (CWI)tag:event.cwi.nl,2008-04-08:/acg/presentations/schedulability-analysis-of-real-time-actors<p>We present a modular method for schedulability analysis of real time
distributed systems. We extend the actor model, as the asynchronous
model for concurrent objects, with real time using timed automata, and
show how actors can be analyzed individually to make sure that no task
misses its deadline. We introduce …</p><p>We present a modular method for schedulability analysis of real time
distributed systems. We extend the actor model, as the asynchronous
model for concurrent objects, with real time using timed automata, and
show how actors can be analyzed individually to make sure that no task
misses its deadline. We introduce drivers to specify how the
environment may interact with an actor. Using these drivers we can
test schedulability, for a given scheduler, by doing a reachability
check with the UPPAAL model checker. Our method makes it possible to
put a finite bound on the process queue and still obtain
schedulability results that are correct for any queue length. </p>Synthesis of Reo Circuits from Scenario-based Specifications2008-03-18T13:30:00+01:002008-03-18T13:30:00+01:00Sun Meng (CWI)tag:event.cwi.nl,2008-03-18:/acg/presentations/synthesis-of-reo-circuits-from-scenario-based-specifications<p>It is difficult to construct correct models for distributed
large-scale service-oriented applications. Typically, the behavior of
such applications emerge from interaction and collaboration of
multiple components/services. On the other hand, each component, in
general, takes part in multiple scenarios. Consequently, not only
components, but also their interaction protocols are …</p><p>It is difficult to construct correct models for distributed
large-scale service-oriented applications. Typically, the behavior of
such applications emerge from interaction and collaboration of
multiple components/services. On the other hand, each component, in
general, takes part in multiple scenarios. Consequently, not only
components, but also their interaction protocols are important in the
development process for distributed systems. Coordination models and
languages, like Reo, offer powerful ``glue-code'' that encode the
interaction protocols. In this work we propose a novel synthesis
technique, which can be used to generate Reo circuits directly from
scenario specifications. Inspired by the way UML2.0 sequence diagrams
can be algebraically composed, we define an algebraic framework for
merging connectors generated from partial specifications by exploiting
the algebraic structure of UML sequence diagrams. </p>Coupled transformation of data models, instances, queries, and constraints (part II)2008-03-04T13:30:00+01:002008-03-04T13:30:00+01:00Joost Visser (SIG and CWI)tag:event.cwi.nl,2008-03-04:/acg/presentations/coupled-transformation-of-data-models-instances-queries-and-constraints-part-ii<p>Coupled transformation occurs when multiple software artifacts must be
transformed in such a way that they remain consistent with each other.
For instance, when a database schema is adapted in the context of
system maintenance, the persistent data residing in the system's
database needs to be migrated to conform to …</p><p>Coupled transformation occurs when multiple software artifacts must be
transformed in such a way that they remain consistent with each other.
For instance, when a database schema is adapted in the context of
system maintenance, the persistent data residing in the system's
database needs to be migrated to conform to the adapted schema. Also,
the queries embedded in the application code must be adapted to take
the schema changes into account. This scenario is an example of
"format evolution", a form of coupled transformation where a data
structure is transformed in small, infrequent steps and the
corresponding data instances and queries must be adapted accordingly.
Data mappings are another example of coupled transformations. In an
XML-to-relational mapping, for example, a hierarchical XML Schema is
mapped to a relational SQL schema and the XML documents are converted
into relational data and vice versa. Data mappings are not
evolutionary, but rather involve fully automatic translation of entire
data structures, carried out during system operation. The 2LT project
is aimed at providing a formal basis for coupled transformation. This
formal basis is found in data refinement theory, point-free program
calculation, and strategic term rewriting. We formalize the coupled
transformation of a data type by an algebra of information-preserving
data refinement steps, each witnessed by appropriate data conversion
functions. Refinement steps are modeled by so-called two-level rewrite
rules on type expressions that synthesize conversion functions between
redex and reduct while rewriting. Strategy combinators are used to
composed two-level rewrite rules into complete rewrite
systems. Point-free program calculation is applied to optimized
synthesize conversion function, to migrate queries, and to normalize
data type constraints. In this talk, an overview will be given over
the 2LT project, including the tool support that was developed to
support coupled transformation of XML and SQL. </p>Coupled transformation of data models, instances, queries, and constraints2008-02-19T13:30:00+01:002008-02-19T13:30:00+01:00Joost Visser (SIG and CWI)tag:event.cwi.nl,2008-02-19:/acg/presentations/coupled-transformation-of-data-models-instances-queries-and-constraints<p>Coupled transformation occurs when multiple software artifacts must be
transformed in such a way that they remain consistent with each other.</p>
<p>For instance, when a database schema is adapted in the context of system maintenance, the persistent data residing in the systemâs database needs to be migrated to conform …</p><p>Coupled transformation occurs when multiple software artifacts must be
transformed in such a way that they remain consistent with each other.</p>
<p>For instance, when a database schema is adapted in the context of system maintenance, the persistent data residing in the systemâs database needs to be migrated to conform to the adapted schema. Also, the queries embedded in the application code must be adapted to take the schema changes into account. This scenario is an example of "format evolution", a form of coupled transformation where a data structure is transformed in small, infrequent steps and the corresponding data instances and queries must be adapted accordingly.</p>
<p>Data mappings are another example of coupled transformations. In an XML-to-relational mapping, for example, a hierarchical XML Schema is mapped to a relational SQL schema and the XML documents are converted into relational data and vice versa. Data mappings are not evolutionary, but rather involve fully automatic translation of entire data structures, carried out during system operation.</p>
<p>The 2LT project is aimed at providing a formal basis for coupled transformation. This formal basis is found in data refinement theory, point-free program calculation, and strategic term rewriting. We formalize the coupled transformation of a data type by an algebra of information-preserving data refinement steps, each witnessed by appropriate data conversion functions. Refinement steps are modeled by so-called two-level rewrite rules on type expressions that synthesize conversion functions between redex and reduct while rewriting. Strategy combinators are used to composed two-level rewrite rules into complete rewrite systems. Point-free program calculation is applied to optimized synthesize conversion function, to migrate queries, and to normalize data type constraints.</p>
<p>In this talk, an overview will be given over the 2LT project, including the tool support that was developed to support coupled transformation of XML and SQL.
</p>Testing dynamic systems from modal specifications2008-01-29T13:30:00+01:002008-01-29T13:30:00+01:00Delphine Longuet (CWI)tag:event.cwi.nl,2008-01-29:/acg/presentations/testing-dynamic-systems-from-modal-specifications<p>Among other validation and verification techniques, testing is a
widely used method for ensuring a certain quality to software
systems. When the implementation of the system is not known, it can be
tested with respect to a (formal) specification. Classically, the
specifications used to test functional programs are logical while …</p><p>Among other validation and verification techniques, testing is a
widely used method for ensuring a certain quality to software
systems. When the implementation of the system is not known, it can be
tested with respect to a (formal) specification. Classically, the
specifications used to test functional programs are logical while
those used for dynamic systems are transition systems. I will show
here how the logical approach, when dealing with modal logics, can be
used for testing dynamic systems, viewed as coalgebras.</p>Model-Checking Agent Refinement2008-01-15T13:30:00+01:002008-01-15T13:30:00+01:00Lacramioara Astefanoaei (CWI)tag:event.cwi.nl,2008-01-15:/acg/presentations/model-checking-agent-refinement<p>We present a proof-technique for reducing the nondeterminism of
abstract agent specifications by means of refinement. We implement the
operational semantics of agent specifications in rewrite systems, such
that we can automatically check if refinement between (fair)
executions of agents holds. </p>Reo Meets Real World: Coordination at your Service.2007-12-11T13:30:00+01:002007-12-11T13:30:00+01:00Ziyan Maraikar (CWI)tag:event.cwi.nl,2007-12-11:/acg/presentations/reo-meets-real-world-coordination-at-your-service<p>This talk addresses the issues of service coordination in complex
business process scenarios. While existing approaches for service
coordination, e.g., BPEL are powerful standards for composition of
services, they lack support for a number of features highly desirable
for service coordination, e.g., they hard-wire services too much, or …</p><p>This talk addresses the issues of service coordination in complex
business process scenarios. While existing approaches for service
coordination, e.g., BPEL are powerful standards for composition of
services, they lack support for a number of features highly desirable
for service coordination, e.g., they hard-wire services too much, or
force protocol decisions that are not required. In contrast, the
declarative coordination language Reo concentrates only on important
protocol decisions and defines only those restrictions that form the
domain knowledge, leaving more freedom for process specification and
choice of individual services compared to traditional approaches. Reo
considers coordination as a first-class concept, isolating the
coordination aspects away from individual services, maintaining a
loosely coupled environment with services knowing little or nothing
about each other. In this talk we rise a number of issues that must be
solved before Reo is seriously considered as an industry-level
coordination and composition language. As a part of the talk, we show
how Reo can be used to support Enterprise mash-ups in the style of
Yahoo Pipes.</p>
<p>We describe the implementation of the filter channels and how to extend them to handle arbitrary data transformations. We also discuss issues related to server-side deployment of Reo engines and an HTTP-based lightweight protocol for remote components.</p>Flat modal fixpoint logics2007-12-04T13:30:00+01:002007-12-04T13:30:00+01:00Yde Venema (ILLC at UvA)tag:event.cwi.nl,2007-12-04:/acg/presentations/flat-modal-fixpoint-logics<p>Modal fixpoint logics constitute a research field of considerable
interest, not only because of its many applications in computer
science, but also because of its rich mathematical theory, which
features connections with fields as diverse as lattice theory,
automata theory, and universal coalgebra.</p>
<p>In this talk I discuss so-called flat …</p><p>Modal fixpoint logics constitute a research field of considerable
interest, not only because of its many applications in computer
science, but also because of its rich mathematical theory, which
features connections with fields as diverse as lattice theory,
automata theory, and universal coalgebra.</p>
<p>In this talk I discuss so-called flat fixpoint logics.
These arise by adding fixpoint connectives to a basic (poly-)modal languages. The semantics of these fixpoint connectives is defined using a least (or greatest) fixpoint of some modal formula. Examples of such logics, that are all included in the alternation-free fragment of the modal mu-calculus, are LTL and CTL.</p>
<p>After providing the basic definitions I will first discuss the question when such fixpoint connectives are constructive, that is, the fixpoint is approximated in finitely many rounds. I will then turn to the main topic of the talk: the axiomatics of flat modal fixpoint logics. I will present a general completeness theorem, and give a sketch of the proof.</p>Coalgebras and their types2007-11-27T13:30:00+01:002007-11-27T13:30:00+01:00Peter Gumm (FMI at Philipps-Universität Marburg)tag:event.cwi.nl,2007-11-27:/acg/presentations/coalgebras-and-their-types<p>The theory of Universal Coalgebra, pioneered by Jan Rutten (CWI),
offers a unified framework for studying diverse types of state based
systems, useful in stream programming, object oriented programming,
automata theory, Kripke Structures, probabilistic transition systems,
and even topological spaces. The type of a coalgebra is determined by
the choice …</p><p>The theory of Universal Coalgebra, pioneered by Jan Rutten (CWI),
offers a unified framework for studying diverse types of state based
systems, useful in stream programming, object oriented programming,
automata theory, Kripke Structures, probabilistic transition systems,
and even topological spaces. The type of a coalgebra is determined by
the choice of a Set functor F and the functorial properties of F, such
as accessibility, separability, or preservation of certain types of
limits, determine the structural and logical properties of the
associated class of coalgebras.</p>
<p>In this talk we give a survey of the interplay of functorial conditions
and associated structural properties.
</p>Towards Distributed Reo2007-11-13T13:30:00+01:002007-11-13T13:30:00+01:00José Proença (CWI)tag:event.cwi.nl,2007-11-13:/acg/presentations/towards-distributed-reo<p>Various semantic models exist to formalize Reo, each serving a
different purpose. In this work we mainly focus on formal models
suitable for deriving a distributed implementation.</p>
<p>For our implementation platform, we assume a distributed environment where each (distributed) element knows about its own neighbors only. We propose an executable …</p><p>Various semantic models exist to formalize Reo, each serving a
different purpose. In this work we mainly focus on formal models
suitable for deriving a distributed implementation.</p>
<p>For our implementation platform, we assume a distributed environment where each (distributed) element knows about its own neighbors only. We propose an executable model to explicitly deal with distribution issues that is very close to this implementation layer. We present how the design and the implementation can be seen in a common architecture. Finally, we describe how synchronous constrains, imposed by Reo semantics, can be dealt with using asynchronous messages.
</p>Synthesis of Connectors from Scenario-based Interaction Specifications2007-10-16T13:30:00+02:002007-10-16T13:30:00+02:00Sun Meng (CWI)tag:event.cwi.nl,2007-10-16:/acg/presentations/synthesis-of-connectors-from-scenario-based-interaction-specifications<p>The idea of synthesizing state-based models from scenario-based
interaction specifications has received much attention in recent
years. The synthesis approach not only helps to significantly reduce
the effort of system construction, but it also provides a bridge over
the gap between requirements and implementation of systems. However,
the existing synthesis …</p><p>The idea of synthesizing state-based models from scenario-based
interaction specifications has received much attention in recent
years. The synthesis approach not only helps to significantly reduce
the effort of system construction, but it also provides a bridge over
the gap between requirements and implementation of systems. However,
the existing synthesis techniques only focus on generating (global or
local) state machines from scenario-based specifications, while the
coordination among the behavior alternatives of services/components in
the systems is not considered. In this paper we propose a novel
synthesis technique, which can be used to generate constraint automata
specification for connectors from scenario specifications. Inspired by
the way UML2.0 sequence diagrams can be algebraically composed, we
define an algebraic framework for building constraint automata by
exploiting the algebraic structure of UML sequence diagrams. </p>An information-theoretic framework for anonymity and the problem of non-determinism.2007-06-26T13:30:00+02:002007-06-26T13:30:00+02:00Kostas Chatzikokolakistag:event.cwi.nl,2007-06-26:/acg/presentations/an-information-theoretic-framework-for-anonymity-and-the-problem-of-non-determinism<p>This talk is composed by two fairly independent but related parts. In
the first part I will make a brief introduction to the problem of
anonymity. Then I will introduce an information-theoretic framework in
which these protocols are interpreted as noisy channels, and I will
discuss various quantitative definitions of …</p><p>This talk is composed by two fairly independent but related parts. In
the first part I will make a brief introduction to the problem of
anonymity. Then I will introduce an information-theoretic framework in
which these protocols are interpreted as noisy channels, and I will
discuss various quantitative definitions of their degree of anonymity,
showing the relation with probabilistic definitions from the
literature. Further, I will show how an adversary can use Bayesian
Inference to deduce the secret information from the observables, and I
will discuss how the probability of error (Bayesian risk) depends on
the matrix. As a case study, I will apply this framework to the
problem of the Dining Cryptographers with unfair coins. I will show
how to model the protocol, compute its matrix using model-checking
tools, and use it to compute the loss of anonymity of the protocol.</p>
<p>In the second part I will discuss a problem that appears when dealing with process calculi and automata which express both nondeterministic and probabilistic behavior. In such formalisms it is customary to introduce the notion of scheduler to solve the nondeterminism. It has been observed that for certain applications, notably those in security, the scheduler needs to be restricted so not to reveal the outcome of the protocol's random choices, or otherwise the model of adversary would be too strong even for "obviously correct" protocols. I will present a process-algebraic framework in which the control on the scheduler can be specified in syntactic terms and I show how to apply it to solve the problem mentioned above. I also consider the definition of
(probabilistic) may and must preorders and show that all the operators of the language, except replication, distribute over probabilistic summation, which is a useful property for verification.</p>
<p>Finally the problem of the Dining Cryptographers will be considered again, this time with non-determinism taken into account. Using the above framework, I show that the protocol can be proved anonymous even if we permit the announcements to be made in any order (chosen non-deterministically).
</p>Discrete dualities for contexts and concepts from formal concept analysis2007-06-19T13:30:00+02:002007-06-19T13:30:00+02:00Ingrid M. Rewitzky (University of Stellenbosch)tag:event.cwi.nl,2007-06-19:/acg/presentations/discrete-dualities-for-contexts-and-concepts-from-formal-concept-analysis<p>This is joint work with Prof Ewa Orlowska, National Insitute of
Telecommunications, Warsaw. In this talk we show that the fundamental
notions of formal concept analysis, namely contexts and concepts, can
be studied within the framework of discrete dualities. For contexts we
define a class of context algebras and establish …</p><p>This is joint work with Prof Ewa Orlowska, National Insitute of
Telecommunications, Warsaw. In this talk we show that the fundamental
notions of formal concept analysis, namely contexts and concepts, can
be studied within the framework of discrete dualities. For contexts we
define a class of context algebras and establish a discrete duality
which includes a representation of a context algebra in terms of
relational structures (or frames) that provide a semantics of the
context logic associated with the context algebras. For the family of
concepts of a context, together with operations of meet, join and
negations, we define a class of concept lattices with negations and
establish a discrete duality in terms of a non-topological relational
structure. In conclusion we discuss the specification and verification
within our framework of properties of formal concepts, of attribute
dependencies and of implications. </p>Subsequential Transducers and Coalgebra2007-06-05T14:00:00+02:002007-06-05T14:00:00+02:00Helle Hvid Hansen (Radboud University Nijmegen and CWI)tag:event.cwi.nl,2007-06-05:/acg/presentations/subsequential-transducers-and-coalgebra<p>Subsequential transducers are deterministic finite state machines
which compute partial word functions f: A^<em> --> B^</em>. They have
applications in coding theory and language processing, and they
generalise both deterministic finite automata (DFAs) and Mealy
machines. It is known that DFAs and Mealy machines can be viewed as
coalgebras such that …</p><p>Subsequential transducers are deterministic finite state machines
which compute partial word functions f: A^<em> --> B^</em>. They have
applications in coding theory and language processing, and they
generalise both deterministic finite automata (DFAs) and Mealy
machines. It is known that DFAs and Mealy machines can be viewed as
coalgebras such that the coalgebraic semantics coincides with the
traditional automaton semantics.</p>
<p>In this talk we will see that subsequential transducers, in general, cannot be considered as coalgebras. Only if we restrict to certain subclasses do we obtain an adequate coalgebraic modelling. However, we will also see that the existing constructions of normalisation and differentials can be seen as a form of coalgebraisation, meaning that these transformations produce a representation which is essentially coalgebraic.
This observation suggests that the (computationally) right way of looking at subsequential transducers is indeed the coalgebraic way.
</p>Bisimulations for neighbourhood structures (Part 2)2007-05-08T14:00:00+02:002007-05-08T14:00:00+02:00Helle Hvid Hansen (Radboud University Nijmegen and CWI)tag:event.cwi.nl,2007-05-08:/acg/presentations/bisimulations-for-neighbourhood-structures-part-2<p>Neighbourhood semantics forms a generalisation of Kripke semantics,
and it has become the standard tool for reasoning about non-normal
modal logics in which (Kripke valid) principles such as []p /\ []q
<a href="p /\ q"></a> (Meet) and []p -> <a href="p \/ q"></a> (Mon) are considered not to
hold. In computer science and social choice theory, non-normal modal
logics are …</p><p>Neighbourhood semantics forms a generalisation of Kripke semantics,
and it has become the standard tool for reasoning about non-normal
modal logics in which (Kripke valid) principles such as []p /\ []q
<a href="p /\ q"></a> (Meet) and []p -> <a href="p \/ q"></a> (Mon) are considered not to
hold. In computer science and social choice theory, non-normal modal
logics are used to formalise system (or agent) properties in terms of
ability in strategic games. These logics have in common that they are
monotonic, meaning they contain the above formula (Mon).
Non-monotonic modal logics occur in deontic logic where monotonicity
can lead to paradoxical obligations, and in the modelling of knowledge
and related epistemic notions.</p>
<p>Bisimulation for monotonic neighbourhood structures
has already been studied in detail (by M. Pauly, and in our previous work).
But based on simple intuitions, it is not immediately clear how
this notion can be generalised to non-monotonic structures.
This is where coalgebra proves useful.
A neighbourhood frame is a
coalgebra for the contravariant powerset functor composed with itself,
and this coalgebraic modelling provides us with
a number of generic notions of observational equivalence.</p>
<p>In our talk we first discuss and compare three (coalgebraic)
equivalence notions on neighbourhood structures:
bisimilarity (for the functor),
neighbourhood bisimilarity and behavioural equivalence.
We provide relational characterisations for bisimilarity and
neighbourhood bisimilarity, and we show that with respect to these two notions
the class of finite models is not a Hennessy-Milner class.
Behavioural equivalence, on the other hand, does give
rise to a Hennessy-Milner theorem, but it seems harder to characterise
relationally. Finally we show an analogue of Van Benthem's characterisation
theorem: Over the class of neighbourhood models, all three notions
characterise the modal fragment of first-order logic.
</p>Bisimulations for neighbourhood structures2007-04-24T13:30:00+02:002007-04-24T13:30:00+02:00Clemens Kupke (CWI)tag:event.cwi.nl,2007-04-24:/acg/presentations/bisimulations-for-neighbourhood-structures<p>Neighbourhood semantics forms a generalisation of Kripke semantics,
and it has become the standard tool for reasoning about non-normal
modal logics in which (Kripke valid) principles such as []p /\ []q
<a href="p /\ q"></a> (Meet) and []p -> <a href="p \/ q"></a> (Mon) are considered not to
hold. In computer science and social choice theory, non-normal modal
logics are …</p><p>Neighbourhood semantics forms a generalisation of Kripke semantics,
and it has become the standard tool for reasoning about non-normal
modal logics in which (Kripke valid) principles such as []p /\ []q
<a href="p /\ q"></a> (Meet) and []p -> <a href="p \/ q"></a> (Mon) are considered not to
hold. In computer science and social choice theory, non-normal modal
logics are used to formalise system (or agent) properties in terms of
ability in strategic games. These logics have in common that they are
monotonic, meaning they contain the above formula (Mon).
Non-monotonic modal logics occur in deontic logic where monotonicity
can lead to paradoxical obligations, and in the modelling of knowledge
and related epistemic notions.</p>
<p>Bisimulation for monotonic neighbourhood structures
has already been studied in detail (by M. Pauly, and in our previous work).
But based on simple intuitions, it is not immediately clear how
this notion can be generalised to non-monotonic structures.
This is where coalgebra proves useful.
A neighbourhood frame is a
coalgebra for the contravariant powerset functor composed with itself,
and this coalgebraic modelling provides us with
a number of generic notions of observational equivalence.</p>
<p>In our talk we first discuss and compare three (coalgebraic)
equivalence notions on neighbourhood structures:
bisimilarity (for the functor),
neighbourhood bisimilarity and behavioural equivalence.
We provide relational characterisations for bisimilarity and
neighbourhood bisimilarity, and we show that with respect to these two notions
the class of finite models is not a Hennessy-Milner class.
Behavioural equivalence, on the other hand, does give
rise to a Hennessy-Milner theorem, but it seems harder to characterise
relationally. Finally we show an analogue of Van Benthem's characterisation
theorem: Over the class of neighbourhood models, all three notions
characterise the modal fragment of first-order logic.
</p>Booking Holidays with Linear Logic2007-04-10T10:15:00+02:002007-04-10T10:15:00+02:00Dave Clarke (CWI)tag:event.cwi.nl,2007-04-10:/acg/presentations/booking-holidays-with-linear-logic<p>I will present ideas for a new coordination language based on
Intuitionistic Temporal Linear Logic (ITLL), extending my earlier
presentation on the encoding of Reo synchronous steps into Linear
Logic. This time I will show that ITLL is expressive enough to encode
the (comprehensible) part of Reo. To demonstrate this …</p><p>I will present ideas for a new coordination language based on
Intuitionistic Temporal Linear Logic (ITLL), extending my earlier
presentation on the encoding of Reo synchronous steps into Linear
Logic. This time I will show that ITLL is expressive enough to encode
the (comprehensible) part of Reo. To demonstrate this, I will first
give a `complete' semantics of Reo, show the encoding into ITLL, and
argue its adequacy.</p>
<p>The advantage of the new coordination language is that it can express
behaviours which cannot be (reasonably) described in existing models
of Reo. I will give some examples, drawing from the Holiday Booking
case study.</p>
<p>Even though ITLL offers a more expressive framework than what we have
now, there still remains phenomona that cannot be modelled adequately.
I will give some examples and suggest extensions to the that will deal
with these.
</p>Formal languages and computable semantics for continuous mathematics2007-03-20T13:30:00+01:002007-03-20T13:30:00+01:00Pieter Collins (CWI)tag:event.cwi.nl,2007-03-20:/acg/presentations/formal-languages-and-computable-semantics-for-continuous-mathematics<p>In this talk I will first outline Weihrauch's computable analysis,
which gives a framework for discussing computability in topology,
geometry and analysis based on type-two recursive function theory. I
will then discuss some possibilities for a formal language for
computable continuous mathematics. Ideally, such a language should be
expressive enough …</p><p>In this talk I will first outline Weihrauch's computable analysis,
which gives a framework for discussing computability in topology,
geometry and analysis based on type-two recursive function theory. I
will then discuss some possibilities for a formal language for
computable continuous mathematics. Ideally, such a language should be
expressive enough to allow formulae to be written in a natural
mathematical syntax , but restrictive enough that only 'computable
functions' can be constructed. </p>Web Services Choreography and Orchestration in Reo and Constraint Automata2007-02-27T13:30:00+01:002007-02-27T13:30:00+01:00Sun Meng (CWI)tag:event.cwi.nl,2007-02-27:/acg/presentations/web-services-choreography-and-orchestration-in-reo-and-constraint-automata<p>Currently web services constitute one of the most important topics in
the realm of the World Wide Web. Composition of web services lets
developers create applications on top of service-oriented computing
platforms. Current web services choreography and orchestration
proposals, such as BPEL4WS, WSCDL, and WSCI, provide notations for
describing the …</p><p>Currently web services constitute one of the most important topics in
the realm of the World Wide Web. Composition of web services lets
developers create applications on top of service-oriented computing
platforms. Current web services choreography and orchestration
proposals, such as BPEL4WS, WSCDL, and WSCI, provide notations for
describing the message flows in web service interactions. However,
such proposals remain at the description level, without providing any
kind of formal reasoning mechanisms or tool support for checking the
compatibility of web services based on the proposed notations. In this
talk, I will present our work on compositional construction of web
services using the Reo coordination language and constraint
automata. Reo is an exogenous coordinational language based on
channels. We investigate the possibility of representing the behaviour
of web services using constraint automata as black-box components
within Reo circuits. We describe the orchestration of web services by
the product of corresponding constraint automata, and use Reo circuits
for choreography of web services. We investigate the issues of
description, orchestration, and choreography of web services at a
unifying abstract level, based on constraint automata, which have been
used as the semantics of the coordination language Reo, allowing us to
derive a natural correspondence relationship between orchestration and
choreography. </p>2APL: A Practical Agent Programming Language2007-02-20T13:30:00+01:002007-02-20T13:30:00+01:00Mehdi Dastani (UU)tag:event.cwi.nl,2007-02-20:/acg/presentations/2apl-a-practical-agent-programming-language<p>In this talk, I will give a brief overview of agent-oriented software
development followed by the presentation of (the syntax and semantics
of) an agent-oriented programming language, called 2APL (A Practical
Agent Programming Language). This programming language facilitates the
implementation of multi-agent systems consisting of individual
cognitive agents that are …</p><p>In this talk, I will give a brief overview of agent-oriented software
development followed by the presentation of (the syntax and semantics
of) an agent-oriented programming language, called 2APL (A Practical
Agent Programming Language). This programming language facilitates the
implementation of multi-agent systems consisting of individual
cognitive agents that are specified in terms of beliefs, goals, plans
and reasoning rules. 2APL distinguishes itself from other
agent-oriented programming languages by realising an effective
integration of declarative and imperative style programming. The
declarative style programming supports the implementation of the
mental state of agents allowing them to reason about their mental
states and update them accordingly. The imperative style programming
supports the implementation of processes by providing programming
constructs for implementing the flow of control as well as mechanisms
such as procedure call, recursion, plan revision, event and exception
handling mechanisms, and interface to existing imperative programming
languages. The interpreter and the development environment of 2APL
will be presented. </p>Verification of Rebeca models using symmetry and partial order reduction techniques2007-02-06T13:30:00+01:002007-02-06T13:30:00+01:00Mohammad Mahdi Jaghoori (CWI)tag:event.cwi.nl,2007-02-06:/acg/presentations/verification-of-rebeca-models-using-symmetry-and-partial-order-reduction-techniques<p>Rebeca is an actor-based language with formal semantics that can be
used at a high level of abstraction in modeling concurrent and
distributed reactive systems. The asynchronous message-passing
paradigm in Rebeca allows for efficient modeling of loosely-coupled
distributed systems. The simple Java-like syntax of Rebeca, unlike
the traditional notations of …</p><p>Rebeca is an actor-based language with formal semantics that can be
used at a high level of abstraction in modeling concurrent and
distributed reactive systems. The asynchronous message-passing
paradigm in Rebeca allows for efficient modeling of loosely-coupled
distributed systems. The simple Java-like syntax of Rebeca, unlike
the traditional notations of formal languages, is an easy-to-learn
notation for software practitioners.</p>
<p>In this talk we study the application of partial order and symmetry
reduction techniques to model checking dynamic Rebeca models.
Finding symmetry-based equivalence classes of states is in general a
difficult problem known to be as hard as graph isomorphism. We show
how actor-based nature of Rebeca leads to a polynomial-time solution
to this problem. On the other hand, the coarse-grained interleaving
approach in Rebeca causes considerable reductions when partial
order reduction is applied.
</p>Keeping Secrets in Resource Aware Components2007-01-23T13:30:00+01:002007-01-23T13:30:00+01:00Tom Chothia (CWI)tag:event.cwi.nl,2007-01-23:/acg/presentations/keeping-secrets-in-resource-aware-components<p>This talk will describe one of the analysis tools that we have been
developing for the Trust4all project. It is an extension of the work
on Q-automata that has previously been at an AGC talk. Members of SEN2
have helped implement some of this work in mCRL.</p>
<p>We present a …</p><p>This talk will describe one of the analysis tools that we have been
developing for the Trust4all project. It is an extension of the work
on Q-automata that has previously been at an AGC talk. Members of SEN2
have helped implement some of this work in mCRL.</p>
<p>We present a powerful and flexible method for automatically checking
the secrecy of values inside components. In our framework an attacker
may monitor the external communication of a component, interact with
it and monitor the components resource usage. We use an automata model
of components in which each transition is tagged with resource usage
information. We extend these automata to pass values and say that a
value is kept secret if the observable behaviour of the automata is
the same for all possible instantiations of that value. If a component
leaks some, but not all of the information about its secret we use a
notion of secrecy degree to quantify the worst-case leakage. We show
how this secrecy degree can be automatically calculated, for values
from a finite domain, using the mCRL process algebraic verification
toolset.
</p>Behaviour-aware aggregation and adaptation of Web services2007-01-11T11:00:00+01:002007-01-11T11:00:00+01:00Antonio Brogi (University of Pisa)tag:event.cwi.nl,2007-01-11:/acg/presentations/behaviour-aware-aggregation-and-adaptation-of-web-services<p>Service-oriented computing is emerging as a new promising computing
paradigm, that centers on the notion of service as the basic element
for developing future distributed heterogeneous software applications.</p>
<p>The ability to aggregate separate services can allow a business entity to interact with a variety of service providers to re-brand, host …</p><p>Service-oriented computing is emerging as a new promising computing
paradigm, that centers on the notion of service as the basic element
for developing future distributed heterogeneous software applications.</p>
<p>The ability to aggregate separate services can allow a business entity to interact with a variety of service providers to re-brand, host, or offer a composition of services to its customers, as well as to reduce application development times and costs. The heterogeneous and evolving nature of Web services also calls for adaptation techniques to overcome various types of mismatches that may occur among services developed by different parties. Service adaptation provides a convenient way to integrate legacy systems, to ease the customisation of services to different types of clients, and to feature backward compatibility for service versions.</p>
<p>In this talk, we will describe a methodology for a disciplined aggregation and adaptation of Web services. A key ingredient of our approach is the notion of service contract, by means of which services self-describe their signature and behaviour. While the methodology relies on the YAWL workflow language to express service behaviour, it features the aggregation and adaptation of BPEL services by exploiting a suitable BPEL2YAWL translator.
</p>Component connectors with QoS Guarantees2006-11-21T13:30:00+01:002006-11-21T13:30:00+01:00Sun Meng (CWI)tag:event.cwi.nl,2006-11-21:/acg/presentations/component-connectors-with-qos-guarantees<p>Recently, it is realized that in distributed applications, software
engineers must also consider Quality of Service (QoS), which is a
measure of the non-functional properties of services along multiple
dimensions, such as reliability, security, scalability, performance
(response time, for instance), etc. when designing component
connections. In this talk we will …</p><p>Recently, it is realized that in distributed applications, software
engineers must also consider Quality of Service (QoS), which is a
measure of the non-functional properties of services along multiple
dimensions, such as reliability, security, scalability, performance
(response time, for instance), etc. when designing component
connections. In this talk we will introduce an operational model for
reasoning about QoS properties of the exogenous channel-based
coordination language Reo. We will investigate the quality aspects of
Reo when the specification of channels and component interfaces can
involve non-functional requirements. We introduce Quantified
Constraint Automata (QCA) as an extension to ordinary constraint
automata with QoS values added as additional labels to the individual
transitions indicating their use of resources, costs, reliabilities,
etc. when executed. </p>Behavioural differential equations and coinduction for binary trees2006-10-24T13:30:00+02:002006-10-24T13:30:00+02:00Alexandra Silva (Radboud University Nijmegen & CWI)tag:event.cwi.nl,2006-10-24:/acg/presentations/behavioural-differential-equations-and-coinduction-for-binary-trees<p>A binary tree T can be encoded as a function from the set of words
over the alphabet {0,1} to a set K (corresponding to the information
stored in the nodes). If this set K has a semiring structure then T
is a formal power series. Following previous work …</p><p>A binary tree T can be encoded as a function from the set of words
over the alphabet {0,1} to a set K (corresponding to the information
stored in the nodes). If this set K has a semiring structure then T
is a formal power series. Following previous work by Rutten, we show
how functions with the set of binary trees as codomain can be defined
by behavioural differential equations and how we can define a closed
formula (only involving constants) to represent (specific) trees.
Finally, we discuss how this framework on trees could be used to
represent bi-infinite streams. </p>Reo Connector Animation2006-10-17T13:30:00+02:002006-10-17T13:30:00+02:00José Proença (CWI)tag:event.cwi.nl,2006-10-17:/acg/presentations/reo-connector-animation<p>In this talk we present Connector Animation---a framework which
combines Connector Colouring semantics and the visual syntax of Reo
connectors to define Animation Description. The Animation Description
is a formal abstract representation for both the structure and the
behaviour of Reo connectors suitable to be animated using standard
animation tools …</p><p>In this talk we present Connector Animation---a framework which
combines Connector Colouring semantics and the visual syntax of Reo
connectors to define Animation Description. The Animation Description
is a formal abstract representation for both the structure and the
behaviour of Reo connectors suitable to be animated using standard
animation tools. The Connector Animation framework allows to
compositionally map the conceptual and structural aspects---synchrony,
exclusion, buffers, data-flow, replication of data, data
discrimination---inherent to Reo connector into animation
descriptions. The compositional construction of animations in
Connector Animation allows to exploit the modular structure of Reo
connectors and allows to elegantly integrate the animations into
support tools for simulation, verification and generation of code for
Reo connectors. The resulting animations prove to be an important
asset for Reo connector developers making their task more reliable,
simpler and less error prone. We have implemented a prototype of
Connector Animation in Haskell and used Flash to animate the generated
animation descriptions for several Reo connectors. The resulting
animations are gathered on-line here. </p>Connector Colouring Revisited: Preliminary Results2006-10-03T13:30:00+02:002006-10-03T13:30:00+02:00Dave Clarke (CWI)tag:event.cwi.nl,2006-10-03:/acg/presentations/connector-colouring-revisited-preliminary-results<p>Connector colouring was devised as a way of determinining which
"macro-step" of a connector to perform next, abstracting away from
details such as "which state to go into". Connector colouring has
served as a suitable basis for implementing connectors, but it still
remains somewhat mysterious and problematic. This talk recasts …</p><p>Connector colouring was devised as a way of determinining which
"macro-step" of a connector to perform next, abstracting away from
details such as "which state to go into". Connector colouring has
served as a suitable basis for implementing connectors, but it still
remains somewhat mysterious and problematic. This talk recasts
connector colouring into a well-known formal framework, which enables
finer distinctions to be made, and resolves a number of open
issues. Furthermore, we hope that this formal work will enable a more
thorough comparison between our notion of connector and somewhat
<em>similar</em> systems such as Esterel and StateCharts. </p>Modelling and Refinement of Component-based Software Systems: A Coalgebraic Perspective2006-09-26T13:30:00+02:002006-09-26T13:30:00+02:00Sun Meng (CWI)tag:event.cwi.nl,2006-09-26:/acg/presentations/modelling-and-refinement-of-component-based-software-systems-a-coalgebraic-perspective<p>Although increasingly popular, software component techniques still
lack suitable formal foundations on top of which rigorous
methodologies for the description and analysis of component-based
systems could be built. This talk is about my thesis work and aims to
contribute in this direction: building on the previous work
"components as coalgebras …</p><p>Although increasingly popular, software component techniques still
lack suitable formal foundations on top of which rigorous
methodologies for the description and analysis of component-based
systems could be built. This talk is about my thesis work and aims to
contribute in this direction: building on the previous work
"components as coalgebras" of L. Barbosa on coalgebraic model of
components, we will discuss a heterogeneous calculi for components as
coalgebras, which can be used in combining components with different
behavior patterns explicitly specified. Furthermore, we introduce
component refinement at three different but interrelated levels:
behavioural, syntactic, i.e., relative to component interfaces, and
architectural. Software architectures are defined through component
aggregation. On the other hand, such aggregations, no matter how large
and complex they are, can also be dealt with as components themselves,
which paves the way to a discipline of hierarchical design. In this
context, the major contribution of our work is a semantic
characterization of refinement for state-based components, parametric
on a strong monad intended to capture components' behavioural
patterns, and the introduction of a set of rules for
refinement. Moreover, we present some applications of the coalgebraic
model of components, including the specification and refinement of
components in RSL and the coalgebraic semantics for UML view models. </p>Analysing the MUTE Anonymous File-Sharing System Using the Pi-calculus2006-09-05T13:30:00+02:002006-09-05T13:30:00+02:00Tom Chothia (CWI)tag:event.cwi.nl,2006-09-05:/acg/presentations/analysing-the-mute-anonymous-file-sharing-system-using-the-pi-calculus<p>We give details of a formal analysis of the MUTE system for anonymous
file-sharing. We build pi-calculus models of a node that is innocent
of sharing files, a node that is guilty of file-sharing and of the
network environment. We then test to see if an attacker can
distinguish between …</p><p>We give details of a formal analysis of the MUTE system for anonymous
file-sharing. We build pi-calculus models of a node that is innocent
of sharing files, a node that is guilty of file-sharing and of the
network environment. We then test to see if an attacker can
distinguish between a connection to a guilty node and a connection to
an innocent node. A {it weak bi-simulation} between every guilty
network and an innocent network would be required to show possible
innocence. We find that such a bi-simulation cannot exist. The point
at which the bi-simulation fails leads directly to a previously
undiscovered attack on MUTE. We describe a fix for the MUTE system
that involves using authentication keys as the nodes' pseudo
identities and give details of its addition to the MUTE system. </p>Distributed Coordination via a Russion Dolls Model of Distributed Object Reflection2006-08-24T14:30:00+02:002006-08-24T14:30:00+02:00Carolyn Talcott (SRI International)tag:event.cwi.nl,2006-08-24:/acg/presentations/distributed-coordination-via-a-russion-dolls-model-of-distributed-object-reflection<p>A family of models of coordination of distributed object systems
representing different views, with refinement relations between the
different views will be described. We start with distributed objects
interacting via asynchronous message passing. The semantics of such a
system is a set of event partial orders (event diagrams) giving the …</p><p>A family of models of coordination of distributed object systems
representing different views, with refinement relations between the
different views will be described. We start with distributed objects
interacting via asynchronous message passing. The semantics of such a
system is a set of event partial orders (event diagrams) giving the
interactions during possible system executions. A global coordination
requirement is a constraint on the allowed event diagrams. A system
coordination specification consists of a meta-level coordinator that
controls message delivery in the system according to a given global
policy. The system-wide coordination can be refined/distributed using
coordinators for disjoint subsystems that communicate with their peers
to enforce the global policy. By a further transformation the
meta-level can be replaced by systematically transformed base-level
objects communicating via a controller object. The coordination models
are formalized in rewriting logic using the Reflective Russian Dolls
model of distributed object reflection. The general ideas will be
illustrated with several examples. </p>Q Automata: Modelling the Resource Usage of Concurrent Components2006-08-24T13:30:00+02:002006-08-24T13:30:00+02:00Tom Chothia (CWI)tag:event.cwi.nl,2006-08-24:/acg/presentations/q-automata-modelling-the-resource-usage-of-concurrent-components<p>This is mainly a practice talk for a presentation I will give at the
FOCLASA workshop the week after next, with the follow abstract:</p>
<p>We introduce Q-automata to model quality aspects of component-based software. We propose Q-algebras as a general framework that allows us to combine and choose between quality …</p><p>This is mainly a practice talk for a presentation I will give at the
FOCLASA workshop the week after next, with the follow abstract:</p>
<p>We introduce Q-automata to model quality aspects of component-based software. We propose Q-algebras as a general framework that allows us to combine and choose between quality values. Such values are added to the transitions of automata, which represent components or channels. These automata can be composed by a product construction yielding a more complex Q automaton labelled with the combined costs of its components. Thus we establish compositionality of quality of service based on an algebra of quality attributes associated with processes represented by automata.</p>
<p>After the practice talk I will go on to outline some speculative, further work, including how these automata can be model checked and how we intend to use them as part of the trust4all project.
</p>Using Reo and Constraint Automata in Hardware-Software Co-design2006-08-15T13:30:00+02:002006-08-15T13:30:00+02:00Marjan Sirjani (Tehran University)tag:event.cwi.nl,2006-08-15:/acg/presentations/using-reo-and-constraint-automata-in-hardware-software-co-design<p>Hardware engineering shows that building systems from components has
significant benefits. Using components permits hardware engineers to
develop systems in a modular way, making it possible for them to build
and reason about systems that would otherwise be too large and complex
to understand. It also enables them to make …</p><p>Hardware engineering shows that building systems from components has
significant benefits. Using components permits hardware engineers to
develop systems in a modular way, making it possible for them to build
and reason about systems that would otherwise be too large and complex
to understand. It also enables them to make effective reuse of
existing designs. So the application of component-based modeling in
design and verification of hardware systems seems to be both practical
and useful.</p>
<p>Component-based approach has also received increasing attention in software development. Here we show our component-based approach in using Reo and Constraint Automata for system-level design, considering hardware and software, and different levels of abstraction (before and after partitioning).
</p>A logic for strong late bisimilarity (Part II)2006-07-04T13:30:00+02:002006-07-04T13:30:00+02:00Marcello Bonsangue (LIACS)tag:event.cwi.nl,2006-07-04:/acg/presentations/a-logic-for-strong-late-bisimilarity-part-ii<p>We define logical counterparts forconstructions including dynamic name
allocation and name exponentiation and show that they are dual to
standard constructs in functor categories. In particular, we show that
the final coalgebra of a functor defined by Stark and Fiore, Moggi and
Sangiorgi in terms of these constructs give rise …</p><p>We define logical counterparts forconstructions including dynamic name
allocation and name exponentiation and show that they are dual to
standard constructs in functor categories. In particular, we show that
the final coalgebra of a functor defined by Stark and Fiore, Moggi and
Sangiorgi in terms of these constructs give rise to a logic for the
pi-calculus that is sound, complete, expressive and respects strong
late bisimilarity. The resulting logic is a modal calculus with
primitives for input, free output and bound output. </p>MoCha: it ain't Java!2006-06-06T13:30:00+02:002006-06-06T13:30:00+02:00Frank Atanassow (CWI)tag:event.cwi.nl,2006-06-06:/acg/presentations/mocha-it-aint-java<p>MoCha is a model of distributed computing developed at CWI wherein
components interact via mobile channels. I will introduce MoCha, give
some examples, and discuss our new C++ implementation, along with some
things we've learned in implementing and applying it. </p>A logic for strong late bisimilarity2006-05-30T13:30:00+02:002006-05-30T13:30:00+02:00Marcello Bonsangue (LIACS)tag:event.cwi.nl,2006-05-30:/acg/presentations/a-logic-for-strong-late-bisimilarity<p>We define logical counterparts for constructions including dynamic
name allocation and name exponentiation and show that they are dual to
standard constructs in functor categories. In particular, we show that
the final coalgebra of a functor defined by Stark and Fiore, Moggi and
Sangiorgi in terms of these constructs give …</p><p>We define logical counterparts for constructions including dynamic
name allocation and name exponentiation and show that they are dual to
standard constructs in functor categories. In particular, we show that
the final coalgebra of a functor defined by Stark and Fiore, Moggi and
Sangiorgi in terms of these constructs give rise to a logic for the
pi-calculus that is sound, complete, expressive and respects strong
late bisimilarity. The resulting logic is a modal calculus with
primitives for input, free output and bound output. </p>Creol: A Formal Executable Model of Upgradeable Distributed Objects2006-05-09T13:30:00+02:002006-05-09T13:30:00+02:00Einar Broch Johnsen (University of Oslo)tag:event.cwi.nl,2006-05-09:/acg/presentations/creol-a-formal-executable-model-of-upgradeable-distributed-objects<p>The Creol project targets reasoning support for evolving distributed
systems based on a formal object-oriented model. This talk will
discuss the main ideas behind the approach, give an intuition about
the formal model, and sketch some ongoing work on system analysis. In
Creol, there is no assumption about network behavior …</p><p>The Creol project targets reasoning support for evolving distributed
systems based on a formal object-oriented model. This talk will
discuss the main ideas behind the approach, give an intuition about
the formal model, and sketch some ongoing work on system analysis. In
Creol, there is no assumption about network behavior. This work
intersects with network coordination in the forthcoming Credo
project. If we have time, I would therefore like to end with an open
discussion of how channels may be represented in the Creol setting.</p>
<p>The Creol model proposes programming constructs for distributed concurrent objects typed by interfaces. The approach is based on communication by asynchronous method calls and a notion of processor release points.</p>
<p>Processor release points allow objects to dynamically change between active and reactive behavior (client and server). The model integrates asynchronous communication and multiple inheritance, allowing method overloading and redefinition. Further, the model addresses evolution by allowing class hierarchies to be modified at run-time; new attributes, methods, and superclasses may be added to a class. The upgrade propagates asynchronously to existing objects of the class and its subclasses. The model has an operational semantics defined in rewriting logic, which is executable on the Maude platform and provides an interpreter for Creol. Techniques for reasoning about distributed concurrent objects and their evolution are under development.
</p>Type-based access control: for distributed systems, for components and under attack2006-04-18T13:30:00+02:002006-04-18T13:30:00+02:00Tom Chothia (CWI)tag:event.cwi.nl,2006-04-18:/acg/presentations/type-based-access-control-for-distributed-systems-for-components-and-under-attack<p>This talk will cover some of my previous work that may now be
applicable to the Trust4all project. I will start with an overview of
some type-based information flow work, including the "decentralised
label model" of Myers and Liskov and the JIF programming language. I
will then show how local …</p><p>This talk will cover some of my previous work that may now be
applicable to the Trust4all project. I will start with an overview of
some type-based information flow work, including the "decentralised
label model" of Myers and Liskov and the JIF programming language. I
will then show how local type checking can be extended to distributed
systems by associating access control lists with cryptographic
keys. When a piece of data is sent outside of a type checked area it
is encrypted with a key that represents the list of principles that
can access that data. When encrypted data is received, the access
restrictions from the decryption key are used as the access control
type.</p>
<p>I will probably take a brake at this point before discussing some more detailed issues, such as how data can be safely declassified in such a system and how we can constraint the effects of inside attackers who ignore the type system.
Finally I will outline some ideas about how information flow can be applied to the Trust4all component model.
</p>SAT-based Verification for Abstraction Refinement2006-03-14T13:30:00+01:002006-03-14T13:30:00+01:00Stephanie Kemper (CWI)tag:event.cwi.nl,2006-03-14:/acg/presentations/sat-based-verification-for-abstraction-refinement<p>In this talk, I will present the fundamental results of my master's
thesis. The aim of the thesis has been to verify reachability
properties of timed automata using SAT-based verification methods,
while mainly eliminating the state explosion problem using abstraction
refinement techniques. Especially for complex and safety critical
systems, reachability …</p><p>In this talk, I will present the fundamental results of my master's
thesis. The aim of the thesis has been to verify reachability
properties of timed automata using SAT-based verification methods,
while mainly eliminating the state explosion problem using abstraction
refinement techniques. Especially for complex and safety critical
systems, reachability analysis plays a major role, thus, verification
shall be restricted to the system parts essential to the property.</p>
<p>I will show an iterative approach to automatic verification of reachability properties. While the essential, non-abstractable system parts have to be guessed during the first cycle, from the beginning of the second cycle it is possible to acces former results and identify wrongly omitted system parts to include them again: The timed automaton and the property are firstly translated into formulae, such that abstraction reduces to modification of formulae and these may be verified using a SAT-based model checker. Identification of wrongly omitted system parts and subsequent refinement are realised using craig interpolants resulting from false negatives.
</p>Tool-Supported Construction of Graphical Scientific Tools: Reo Web Services Composition Editor and Simulator2006-02-14T13:30:00+01:002006-02-14T13:30:00+01:00Nikolay Diakov (CWI)tag:event.cwi.nl,2006-02-14:/acg/presentations/tool-supported-construction-of-graphical-scientific-tools-reo-web-services-composition-editor-and-simulator<p>I will start this talk by briefly overviewing an emerging technology
called Graphical Modeling Framework (GMF). GMF belongs to the family
of Eclipse technologies, and researchers can use it to rapidly build
complex graphical applciations, either embeded in the Eclipse
environment or standalone as rich clients. I will then demonstrate …</p><p>I will start this talk by briefly overviewing an emerging technology
called Graphical Modeling Framework (GMF). GMF belongs to the family
of Eclipse technologies, and researchers can use it to rapidly build
complex graphical applciations, either embeded in the Eclipse
environment or standalone as rich clients. I will then demonstrate how
one can build a simple graphical editor using the GMF. After that, I
will introduce and demonstrate (in its current to date state) the Web
Services Composition Editor and Simulator, which utilizes Reo as a
composition/coordination language for Web Services. With this talk I
aim to spawn interest in the SEN3 group towards using Eclipse core and
generator technologies (GMF as one of these) for the development of
the group's scientific tools. </p>Trace Semantics for Coalgebras: a Generic Theory (Part 2)2006-02-07T13:30:00+01:002006-02-07T13:30:00+01:00Ichiro Hasuo (RIMS & Kyoto University)tag:event.cwi.nl,2006-02-07:/acg/presentations/trace-semantics-for-coalgebras-a-generic-theory-part-2<p>In the last talk (part 1), due to lack of time, some materials were
not explained in the full detail but in a rather talk-at-conference
manner. The coming talk (part 2) will be its supplement: we start
with a review of limit-colimit coincidence result by Smyth and
Plotkin, and then …</p><p>In the last talk (part 1), due to lack of time, some materials were
not explained in the full detail but in a rather talk-at-conference
manner. The coming talk (part 2) will be its supplement: we start
with a review of limit-colimit coincidence result by Smyth and
Plotkin, and then continue with a detailed account of our technical
result. It will be a short talk (for ACG), about an hour. </p>A tutorial on sequential functions: I - Minimization of sequential transducers; II - Composition, the wreath product principle and its applications2006-01-31T13:30:00+01:002006-01-31T13:30:00+01:00Jean-Eric Pin (CNRS-LIAFA)tag:event.cwi.nl,2006-01-31:/acg/presentations/a-tutorial-on-sequential-functions-i-minimization-of-sequential-transducers-ii-composition-the-wreath-product-principle-and-its-applications<p>The first part of this tutorial will just require a basic knowledge on
finite deterministic automata. The second part will be more advanced,
but all necessary background will be recalled.</p>
<p>Sequential functions are, in the sense, the simplest computable functions. There are especially interesting for hardware designers, since they are …</p><p>The first part of this tutorial will just require a basic knowledge on
finite deterministic automata. The second part will be more advanced,
but all necessary background will be recalled.</p>
<p>Sequential functions are, in the sense, the simplest computable functions. There are especially interesting for hardware designers, since they are easily implemented on circuits. In the first part, I will recall the definition of sequential automata, present several examples (addition, cut and replace, division by a fixed integer, coding, etc.) and explain the little known minimisation algorithm. I will also state, without proof, a nice characterization of these functions. The second part will be devoted to the composition of sequential functions. I will show in particular that certain operations on languages (notably the concatenation product) and the operators of linear temporal logic, can be expressed in terms of sequential functions. I will explain how to use this interpretation to characterize various classes of languages or obtain decidability results.
</p>Trace Semantics for Coalgebras: a Generic Theory2006-01-24T13:30:00+01:002006-01-24T13:30:00+01:00Ichiro Hasuo (RIMS & Kyoto University)tag:event.cwi.nl,2006-01-24:/acg/presentations/trace-semantics-for-coalgebras-a-generic-theory<p>In this talk we claim that various forms of "trace semantics" defined
for concurrent systems with: different input/output types, or with
different types of "concurrency" such as non-determinism or
probability, are instances of a single categorical construction,
namely coinduction in a Kleisli category. Hence we demonstrate the
abstraction power …</p><p>In this talk we claim that various forms of "trace semantics" defined
for concurrent systems with: different input/output types, or with
different types of "concurrency" such as non-determinism or
probability, are instances of a single categorical construction,
namely coinduction in a Kleisli category. Hence we demonstrate the
abstraction power of categorical--in particular coalgebraic--methods
in computer science, which uncover basic mathematical structures
underlying various concrete examples.</p>
<p>Our claim is based on our main technical result that an initial algebra in
the category of sets and functions yields a final coalgebra in the Kleisli
category, for monads with a suitable order structure. The proof relies on
coincidence of limits and colimits, like in [Smyth & Plotkin, SIAM J. Comp.,1982].</p>
<p>The talk is meant to be self-contained, spending much time also for
explaining basic preliminaries such as:
traditional "trace semantics"
coalgebraic modelling of concurrent systems
monads, distributive laws, Kleili categories
initial algebra via initial sequence, final coalgebra via final sequence
limit-colimit coincidence by Smyth and Plotkin
</p>Inferring type isomorphisms generically2005-12-13T13:30:00+01:002005-12-13T13:30:00+01:00Frank Atanassow (CWI)tag:event.cwi.nl,2005-12-13:/acg/presentations/inferring-type-isomorphisms-generically<p>Datatypes which differ inessentially in their names and structure are
said to be isomorphic; for example, a ternary product is isomorphic to
a nested pair of binary products. In some, canonical cases, the
conversion function is uniquely determined solely by the two types
involved. In this article we describe and …</p><p>Datatypes which differ inessentially in their names and structure are
said to be isomorphic; for example, a ternary product is isomorphic to
a nested pair of binary products. In some, canonical cases, the
conversion function is uniquely determined solely by the two types
involved. In this article we describe and implement a program in
Generic Haskell which automatically infers this function by
normalizing types w.r.t. an algebraic theory of canonical
isomorphisms. A simple generalization of this technique also allows to
infer some non-invertible coercions such as projections, injections
and ad hoc coercions between base types. We explain how this technique
has been used to drastically improve the usability of a
HaskellâXML Schema data binding, and suggest how it might be
applied to improve other type-safe language embeddings. </p>Revisiting the Coinductive Calculus of Reo Connectors2005-12-06T13:30:00+01:002005-12-06T13:30:00+01:00David Costa (CWI)tag:event.cwi.nl,2005-12-06:/acg/presentations/revisiting-the-coinductive-calculus-of-reo-connectors<p>On the one hand and in contrast to previous semantics for Reo, the
Connector Colouring (CC) semantics [1] allows to define and to
calculate accurately the dataflow of Reo connectors that exhibit
context dependent behaviour. On the other hand the coinductive
semantics ant its calculus allows the use of coinduction …</p><p>On the one hand and in contrast to previous semantics for Reo, the
Connector Colouring (CC) semantics [1] allows to define and to
calculate accurately the dataflow of Reo connectors that exhibit
context dependent behaviour. On the other hand the coinductive
semantics ant its calculus allows the use of coinduction to reason
about expressiveness and connector equivalence. Therefore it seems
reasonable to ask whether the coinductive model can be enhance in
order to accommodate the extra class of connectors that one is able to
describe accurately using CC semantics. In this talk I shall present
some preliminaries ideas and results on that. I'll be revisiting the
coinductive calculus proposed in [2] by F. Arbab and J. Rutten to
reason about Reo Connectors.</p>
<p>[1] Connector Colouring I: Synchronization and Context Dependency, D. Clarke and D. Costa and F. Arbab</p>
<p>[2] A Coinductive Calculus of Component Connectors, F. Arbab and J. Rutten
</p>From input-output logic to normative multiagent systems2005-11-15T13:30:00+01:002005-11-15T13:30:00+01:00Leon van der Torre (CWI)tag:event.cwi.nl,2005-11-15:/acg/presentations/from-input-output-logic-to-normative-multiagent-systems<p>This ACG consists of two parts. I use the first hour of the colloquim
as a tryout for a presentation which I will give in two weeks in
Luxembourg, and I use the second hour to discuss the relation between
Reo and non-monotonic reasoning.</p>
<p>Part 1: From input/output logic …</p><p>This ACG consists of two parts. I use the first hour of the colloquim
as a tryout for a presentation which I will give in two weeks in
Luxembourg, and I use the second hour to discuss the relation between
Reo and non-monotonic reasoning.</p>
<p>Part 1: From input/output logic to normative multiagent systems</p>
<p>Normative multi-agent systems consist of sets of agents (human or artificial)
whose interactions can fruitfully be regarded as norm-governed; the norms
prescribe how the agents ideally should and should not behave. Examples are
electronic commerce systems, legal systems, security systems, and so on. In this
presentation I discuss requirements for (extensions of) input/output logics to
be used in such systems.</p>
<p>Part 2: Reo and non-monotonicity</p>
<p>Exceptions have mostly been ignored in channel theory. In the logic of
information flow (Barwise, Gabbay and Hartomas 1997) exceptions are not
considered at all, and in the corresponding book (Barwise and Seligman, 1997)
exceptions are modelled by replacing channels by other more refined channels.
In Reo, exceptions in lossy channels and prioritized mergers play an important
role in many examples. To discuss the relation between Reo and non-monotonic
logic I consider a simple fragment of Reo that does not consider
reconfiguration, that considers only synchronous channels, and that contains
only one value. Flow or no flow, that's the question in this language.
</p>Constructing Mealy Machines Using Derivatives2005-11-08T13:30:00+01:002005-11-08T13:30:00+01:00Helle Hvid Hansen (Radboud University Nijmegen and CWI)tag:event.cwi.nl,2005-11-08:/acg/presentations/constructing-mealy-machines-using-derivatives<p>In this talk I will present a method for constructing Mealy machines
from arithmetic bitstream specifications. This method was described by
Jan Rutten in his FACS'05 paper. David Costa and myself have
implemented this synthesis procedure in Haskell, and experimental
results have led to a conjecture on the minimal size …</p><p>In this talk I will present a method for constructing Mealy machines
from arithmetic bitstream specifications. This method was described by
Jan Rutten in his FACS'05 paper. David Costa and myself have
implemented this synthesis procedure in Haskell, and experimental
results have led to a conjecture on the minimal size of Mealy machines
which implement so-called rational 2-adic functions.</p>
<p>For given sets (alphabets) A and B, a Mealy machine with input in A and output in B is a (deterministic) finite state transducer whose input-output behaviour is the stream function f:A^omega -> B^omega it computes. The dynamics of a Mealy machine is easily seen to be coalgebraic, and the coalgebraic notion of behaviour coincides with the input-output behaviour. In fact, the set of all Mealy machine behaviours forms a final coalgebra by defining transitions in terms of derivatives of stream functions, a notion similar to the derivative of a regular language. As a consequence, given a stream function f, the subcoalgebra generated by f in the final coalgebra implements f. The synthesis method consists in a symbolic computation of the generated subcoalgebra in the syntax of the chosen specification language. The Haskell program realises this for specifications in two bitstream algebras, one based on
modulo-2 arithmetic, and the other on 2-adic arithmetic. In order to guarantee termination of this least fixpoint computation, it is crucial that the syntax allows an effective decision procedure for semantic equivalence. For the two bitstream algebras this is achieved by reduction to normal forms. For rational 2-adic functions, the number of states in the minimal implementation can be determined directly from the specification, and this number is (essentially) exponential in the length of the specification, but linear in the numeric intepretation of 2-adic expressions.
</p>Ontological Perspectives in Modelling the Electrical Power Grid2005-10-11T13:30:00+02:002005-10-11T13:30:00+02:00John C. Sloan (CWI)tag:event.cwi.nl,2005-10-11:/acg/presentations/ontological-perspectives-in-modelling-the-electrical-power-grid<p>This talk surveys existing problems of assuring the stability and
reliability of electrical power distribution systems. It describes
what steps have been taken to model problems in these areas, and
assesses the effectiveness of these models. In the process, gaps or
deficiencies may be identified that Reo can address. </p>Controlling Object Allocation Using Creation Guards2005-06-21T13:30:00+02:002005-06-21T13:30:00+02:00Cees Pierik (University of Utrecht)tag:event.cwi.nl,2005-06-21:/acg/presentations/controlling-object-allocation-using-creation-guards<p>Sharing of objects between different modules is often necessary to
meet speed and resource demands. The invariants that describe
properties of shared objects are difficult to maintain because they
can be falsifiable by object allocation. In this talk, I introduce
creation guards to obtain a sound and modular methodology that …</p><p>Sharing of objects between different modules is often necessary to
meet speed and resource demands. The invariants that describe
properties of shared objects are difficult to maintain because they
can be falsifiable by object allocation. In this talk, I introduce
creation guards to obtain a sound and modular methodology that
supports such invariants. </p>Reactive Objects as Components in Reo Circuits2005-06-14T13:30:00+02:002005-06-14T13:30:00+02:00Marjan Sirjani (Tehran University)tag:event.cwi.nl,2005-06-14:/acg/presentations/reactive-objects-as-components-in-reo-circuits<p>Rebeca is an actor-based language for modeling concurrent and
distributed systems using reactive objects. The possibility of mapping
Rebeca models into the coordination language, Reo, is investigated and
a natural mapping is presented. Reactive objects in Rebeca are
considered as components in Reo, and their behavior is specified by
constraint …</p><p>Rebeca is an actor-based language for modeling concurrent and
distributed systems using reactive objects. The possibility of mapping
Rebeca models into the coordination language, Reo, is investigated and
a natural mapping is presented. Reactive objects in Rebeca are
considered as components in Reo, and their behavior is specified by
constraint automata as black-box components within the Reo circuit. </p>Interaction: Conjectures, Results, Myths2005-06-07T13:30:00+02:002005-06-07T13:30:00+02:00Dina Goldin (Univ. of Connecticuttag:event.cwi.nl,2005-06-07:/acg/presentations/interaction-conjectures-results-myths<p>It is commonly recognized that today's computing applications, such as
web services, intelligent agents, operating systems, and graphical
user interfaces, cannot be modeled by Turing machines and algorithms,
which view computation as a closed box transformation of inputs to
outputs.</p>
<p>According to the interactive view of computation, communication
(input/output …</p><p>It is commonly recognized that today's computing applications, such as
web services, intelligent agents, operating systems, and graphical
user interfaces, cannot be modeled by Turing machines and algorithms,
which view computation as a closed box transformation of inputs to
outputs.</p>
<p>According to the interactive view of computation, communication
(input/output) happens during the computation, not before or after it.
This approach, distinct from either the theory of computation or
concurrency theory, represents a paradigm shift that changes our
understanding of what computation is and how it is modeled, promising to
bridge these two fields. It had been conjectured (Wegner 1997) that
"interaction is more powerful than algorithms".</p>
<p>We present one model of interactive computation, Persistent Turing
Machines (PTMs). PTMs extend Turing machines with dynamic streams and
persistence to capture sequential interaction, which is a limited form
of concurrency. They allow us to prove Wegner's conjecture and to
formulate the Sequential Interaction Thesis, going beyond the
expressiveness of the Church-Turing thesis.</p>
<p>The result that interaction machines are more expressive than Turing
machines seems to fly in the face of accepted dogma. In particular, the
Church-Turing thesis is commonly interpreted to imply that Turing
machines model all computation. We conclude by discussing the historical
reasons for this common, but incorrect, interpretation.</p>
<p>Speaker Bio</p>
<p>Dina Q. Goldin is a faculty member in Computer Science & Engineering at
the University of Connecticut and an adjunct faculty member in Computer
Science at Brown University. Dr. Goldin obtained her B.S. in Mathematics
and Computer Science at Yale University, and her M.S. and Ph.D. in
Computer Science at Brown University. Her current topics of research are
models of interaction and data models and query languages.</p>Connector Colouring Semantic Model for Reo Connectors2005-05-24T13:30:00+02:002005-05-24T13:30:00+02:00David Costa (CWI)tag:event.cwi.nl,2005-05-24:/acg/presentations/connector-colouring-semantic-model-for-reo-connectors<p>The Connector Colouring Semantic Model aims at facilitate the
data-flow computation (and implementation) of Reo connectors in a
distributed computing environment. On our previous talk we presented
the motivation and informally introduced and explained the connector
colouring model working out the data-flow behaviour of some Reo
connectors. Now, on this …</p><p>The Connector Colouring Semantic Model aims at facilitate the
data-flow computation (and implementation) of Reo connectors in a
distributed computing environment. On our previous talk we presented
the motivation and informally introduced and explained the connector
colouring model working out the data-flow behaviour of some Reo
connectors. Now, on this talk, we proceed describing the formalization
of the model and we present some examples of Reo connectors now
formally describe and how their data-flow behaviour are calculated.</p>
<p>If time allows us we shall also introduce Intentional Constraint
Automata (IntCA). IntCA extends Constraint automata (CA) to capture
all the different possible ways a component can interact with a Reo
connector. A connector performs (I) I/O-operation requests on the
connector's ports.
Depending on the specification and actual configuration of the
connector I/O-operations requests can: (II) be accepted and the I/O
operation succeeds; (III) wait until either the connector evolves to a
configuration in which this waiting operation can succeed or; (IV)
time-out. CA models of Reo connectors capture only the behaviour (II)
of succeeding I/O-operations. Arrival of requests (I); and
I/O-operations that later succeed (III) or timeout (IV) are omitted
from the CA model. These omitted steps however affect the behaviour
of a connector in various ways as described in the informal
operational semantics of Reo and are therefore too important to be
left out of the model. IntCA extends CA to include aspects (I), (II) and
(IV) into the model.
The utility of IntCA and CA will be briefly discussed and compared.
</p>Behavioral Logics and Abstraction2005-05-10T13:30:00+02:002005-05-10T13:30:00+02:00Daniel Gebler (CWI)tag:event.cwi.nl,2005-05-10:/acg/presentations/behavioral-logics-and-abstraction<p>In this talk I will introduce behavioral logics, esp. hidden logic and
hidden algebra. Circular coinduction and the proof tool BOBJ that
implements circular rewriting of order sorted hidden logic will be
presented. Weak behavioral semantics is introduced and motivated as
appropriate for software development using algebraic techniques. A
specification …</p><p>In this talk I will introduce behavioral logics, esp. hidden logic and
hidden algebra. Circular coinduction and the proof tool BOBJ that
implements circular rewriting of order sorted hidden logic will be
presented. Weak behavioral semantics is introduced and motivated as
appropriate for software development using algebraic techniques. A
specification of constraint automata in hidden logic closes the
talk. </p>ASCII-Umwandlungsprache2005-04-19T13:30:00+02:002005-04-19T13:30:00+02:00Joost Jacob (CWI)tag:event.cwi.nl,2005-04-19:/acg/presentations/ascii-umwandlungsprache<p>We created a transformation language called ATL that can be used to
define facts and rules in a convenient way also suitable for
non-programmers. We show how this can be combined with a semantic
tableau method to generate proofs, where the facts define axioms and
the rules define theories. The …</p><p>We created a transformation language called ATL that can be used to
define facts and rules in a convenient way also suitable for
non-programmers. We show how this can be combined with a semantic
tableau method to generate proofs, where the facts define axioms and
the rules define theories. The semantic tableau method we use is
extended with equivalence classes in order to provide automatic
unification. The resulting proof system is powerful but still
transparant and easy to use since the axioms and theories are defined
in the user's own notation. </p>Coordination and Composition in Multi-Agent Systems2005-04-12T13:30:00+02:002005-04-12T13:30:00+02:00Mehdi Dastani (UU)tag:event.cwi.nl,2005-04-12:/acg/presentations/coordination-and-composition-in-multi-agent-systems<p>In this talk I will discuss the application of Reo to multi-agent
systems. Reo supports a specific notion of compositionality for
multi-agent systems which enables the composition and coordination of
both individual agents as well as multi-agent systems. Accordingly, a
multi-agent system consists of a set of individual and/or …</p><p>In this talk I will discuss the application of Reo to multi-agent
systems. Reo supports a specific notion of compositionality for
multi-agent systems which enables the composition and coordination of
both individual agents as well as multi-agent systems. Accordingly, a
multi-agent system consists of a set of individual and/or multi-agent
systems whose collective behavior is coordinated by a Reo
expression. This coordination language should be modified to specify
and implement the organization of multi-agent systems and their
dynamic reconfiguration during system run. </p>Power tools can make a difference2005-04-05T13:30:00+02:002005-04-05T13:30:00+02:00Nikolay Diakov (CWI)tag:event.cwi.nl,2005-04-05:/acg/presentations/power-tools-can-make-a-difference<p>I will present a case study on applying Reo to solving some problems
in designing and implementing negotiation protocols for
e-Commerce. This presentation will generally follow the form of the
talk I gave at the EEE'05 conference in Hong Kong. We will expand the
more interesting to the ACG audience …</p><p>I will present a case study on applying Reo to solving some problems
in designing and implementing negotiation protocols for
e-Commerce. This presentation will generally follow the form of the
talk I gave at the EEE'05 conference in Hong Kong. We will expand the
more interesting to the ACG audience issues into more detailed
discussions. </p>Specification and Refinement of Reo Connectors I: Framework2005-03-22T13:30:00+01:002005-03-22T13:30:00+01:00Dave Clarke (CWI)tag:event.cwi.nl,2005-03-22:/acg/presentations/specification-and-refinement-of-reo-connectors-i-framework<p>At a high-level Reo can be seen as a graphical language for specifying
a number of properties of component connectors: synchronisation and
exclusion constraints between components; protocols or schedules by
which components abide; and data flow between the
components. Unfortunately, Reo itself is not flexible enough to use as
the …</p><p>At a high-level Reo can be seen as a graphical language for specifying
a number of properties of component connectors: synchronisation and
exclusion constraints between components; protocols or schedules by
which components abide; and data flow between the
components. Unfortunately, Reo itself is not flexible enough to use as
the basis of a specification formalism. Instead, we the linguistic
devices of schedule expressions and an abstract notion of channel to
express synchronisation, exclusion, protocol, schedule, and data flow,
and use them as the basis for specifying Reo connectors. We then
describe a number of alternative notions of refinement for this
setting.</p>
<p>This talk describes work in progress.
</p>Innovation in the Practice of Computer Science Education to follow Bologna2005-03-15T14:30:00+01:002005-03-15T14:30:00+01:00Alexandra Silva (Radboud University Nijmegen & CWI)tag:event.cwi.nl,2005-03-15:/acg/presentations/innovation-in-the-practice-of-computer-science-education-to-follow-bologna<p>The "adoption of a system of easily readable and comparable degrees"
stated in the Bologna declaration, requires, from higher education
institutions, a move towards innovative student-centred approaches
which align course units planning, teaching and assessment. This
presentation, by a member of the staff team -- the students tutor,
reports and reviews …</p><p>The "adoption of a system of easily readable and comparable degrees"
stated in the Bologna declaration, requires, from higher education
institutions, a move towards innovative student-centred approaches
which align course units planning, teaching and assessment. This
presentation, by a member of the staff team -- the students tutor,
reports and reviews some of the practice changes that have been
introduced in an introductory course in a computer science degree,
within the Portuguese societal context. It stresses two main issues:
how to overcome competence limitations of a university fresher, and
how to provide meaningful assessment results. </p>Pointwise-Pointfree Transformations2005-03-15T13:30:00+01:002005-03-15T13:30:00+01:00José Proença (CWI)tag:event.cwi.nl,2005-03-15:/acg/presentations/pointwise-pointfree-transformations<p>There are several programming styles in functional programming, and
none is considered to be the best. Two opposite styles are, for
example, pointwise and pointfree, that can be differentiated mainly by
the use of variables in the first case, and their inexistence in the
second one. In this project a …</p><p>There are several programming styles in functional programming, and
none is considered to be the best. Two opposite styles are, for
example, pointwise and pointfree, that can be differentiated mainly by
the use of variables in the first case, and their inexistence in the
second one. In this project a possible definition of pointfree and
pointwise expressions was introduced, using a simple set of terms. It
was then defined a conversion process between these two kind of
expressions. Other pointwise languages were also studied. The main
goal was to make possible the translation from pointwise code to
pointfree, by using theoretical bases, that guarantee that no errors
are introduced in the conversion process. </p>MoCha-pi, an Exogenous Coordination Calculus (SAC try-out)2005-03-08T13:30:00+01:002005-03-08T13:30:00+01:00Juan Guillen-Scholten (CWI)tag:event.cwi.nl,2005-03-08:/acg/presentations/mocha-pi-an-exogenous-coordination-calculus-sac-try-out<p>This talk is a try-out for the coordination-track session of the
SAC2005 conference in Santa Fe,NM,USA. Therefore, we give a 20 minutes
talk (which for sure will be extended by the many questions from the
audience), plus that we hand out a copy of the paper.</p>
<p>A short …</p><p>This talk is a try-out for the coordination-track session of the
SAC2005 conference in Santa Fe,NM,USA. Therefore, we give a 20 minutes
talk (which for sure will be extended by the many questions from the
audience), plus that we hand out a copy of the paper.</p>
<p>A short summary:
In this talk we present MoCha-pi, an exogenous coordination calculus that is based on mobile channels. A mobile channel is a coordination primitive that allows anonymous point-to-point communication between processes. Our calculus is an extension of the well-known pi-calculus. The novelty of MoCha-pi is that its channels are a special kind of process that allow other processes to communicate with each other and impose exogenous coordination through user defined channel types. Also new, is the fact that in our calculus channels are viewed as resources. Processes must compete with each other in order to gain access to a particular channel. This makes the calculus more in line with existing systems. An immediate application of this calculus is the modeling of the MoCha middleware, a distributed system that coordinates components using mobile channels.</p>Closure Properties of Coalgebra Automata2005-02-15T13:30:00+01:002005-02-15T13:30:00+01:00Clemens Kupke (CWI)tag:event.cwi.nl,2005-02-15:/acg/presentations/closure-properties-of-coalgebra-automata<p>Coalgebra automata are finite automata that operate on (possibly)
infinite objects which are represented as pointed coalgebras.
Examples from the literature such as automata on infinite words, trees
and graphs can be seen as coalgebra automata.</p>
<p>In my talk I will first recall the
definition of a coalgebra automaton. Then …</p><p>Coalgebra automata are finite automata that operate on (possibly)
infinite objects which are represented as pointed coalgebras.
Examples from the literature such as automata on infinite words, trees
and graphs can be seen as coalgebra automata.</p>
<p>In my talk I will first recall the
definition of a coalgebra automaton. Then
I will show how we can prove certain closure
properties such as closure under union, intersection and projection
in a uniform way for all coalgebra automata.
Moreover I will sketch the proof of the fact that
coalgebra automata are closed under alternation,
i.e. that to any alternating coalgebra automaton
there exists an equivalent non-deterministic one.
</p>Reo Engine - Implementable Semantics for Reo2005-02-01T13:30:00+01:002005-02-01T13:30:00+01:00David Costa (CWI)tag:event.cwi.nl,2005-02-01:/acg/presentations/reo-engine-implementable-semantics-for-reo<p>We have been developing a semantic model for Reo that allows us to
calculate the behaviour of general Reo circuits. The resulting
semantic model can also be used to capture the behaviour of circuits
which express priority or other context sensitive behaviour.</p>
<p>The semantic model will be presented using an …</p><p>We have been developing a semantic model for Reo that allows us to
calculate the behaviour of general Reo circuits. The resulting
semantic model can also be used to capture the behaviour of circuits
which express priority or other context sensitive behaviour.</p>
<p>The semantic model will be presented using an intuitive graphical
representation in which calculating with the semantic rules resembles
solving a jigsaw puzzle. During the talk the main decisions and solutions that were adopted will be outlined. We will unveil which problems our model can address and those which require further work.</p>
<p>A secondary benifit of our work is that the model can be used as a
basis for an efficient distributed implementation of Reo. If time
permits, we shall discuss the issues involved.
</p>OMEGA case study: Mission-critical air-borne system, UML modelling, and formal verification experiments2005-01-18T13:30:00+01:002005-01-18T13:30:00+01:00Yuri Yushtein (CWI)tag:event.cwi.nl,2005-01-18:/acg/presentations/omega-case-study-mission-critical-air-borne-system-uml-modelling-and-formal-verification-experiments<p>Within the scope of the OMEGA project several industrial case studies
are being performed in order to apply the OMEGA techniques and tools
to UML modelling and specification of the real-time embedded systems
to enable formal verification of the UML models. In this talk the case
study of the mission-critical …</p><p>Within the scope of the OMEGA project several industrial case studies
are being performed in order to apply the OMEGA techniques and tools
to UML modelling and specification of the real-time embedded systems
to enable formal verification of the UML models. In this talk the case
study of the mission-critical on-board system for the F-16 fighter
aircraft will be presented, providing insights into the issues and
challenges of the aerospace systems development, influence of the
modern software system development trends, and introduction of the
formal techniques into the traditional software system development
lifecycle. </p>Web Service - Current technological and market situation2004-12-07T13:30:00+01:002004-12-07T13:30:00+01:00Nikolay Diakov (CWI)tag:event.cwi.nl,2004-12-07:/acg/presentations/web-service-current-technological-and-market-situation<p>Major players in the software industry push Web Services as the next
de-facto standard for doing e-business. In this talk I will make an
overview of the market and technological maturity of Web Services at
the moment. I will also discuss some projections about the direction
developments in Web Service …</p><p>Major players in the software industry push Web Services as the next
de-facto standard for doing e-business. In this talk I will make an
overview of the market and technological maturity of Web Services at
the moment. I will also discuss some projections about the direction
developments in Web Service have taken, and the state of the Web
Services standardization process. </p>Applications of XML transformations2004-11-23T13:30:00+01:002004-11-23T13:30:00+01:00Joost Jacob (CWI)tag:event.cwi.nl,2004-11-23:/acg/presentations/applications-of-xml-transformations<p>In this ACG presentation we will show how we applied XML
transformation techniques to models. There will be example models
from Enterprise Architectures and from UML.</p>
<p>First we will show a transformation technique developed at CWI: the
Rule Markup Language (RML) and its tools.</p>
<p>After that there will be 2 …</p><p>In this ACG presentation we will show how we applied XML
transformation techniques to models. There will be example models
from Enterprise Architectures and from UML.</p>
<p>First we will show a transformation technique developed at CWI: the
Rule Markup Language (RML) and its tools.</p>
<p>After that there will be 2 slideshows with RML applications, these
were presented at the ISOLA conference in Cyprus in oktober 2004.</p>
<p>1) The application of RML to Enterprise Architecture models is used
to generate desired <em>views</em>, <em>visualizations</em> and to perform <em>impact
analysis</em>.</p>
<p>2) The RML application to UML is used to specify the abstract
semantics of a UML model: the UML model contains state-machines and
the XML transformation are used to define the transitions in the
state-machines. This approach results in a nice separation of
high-level inter-object communications from lower-level intra-object
primitive operations. Our approach also completely separates the
execution of a model from the scheduling of the execution, a
necessary requirement for studying real-time semantics.
</p>Reasoning about Reo's Reconfiguration Mechanisms2004-11-09T13:30:00+01:002004-11-09T13:30:00+01:00Dave Clarke (CWI)tag:event.cwi.nl,2004-11-09:/acg/presentations/reasoning-about-reos-reconfiguration-mechanisms<p>From a semantic perspective, the reconfiguration features of Reo have
not yet been explored. This talk presents their semantics in terms of
sequences of constraint automata. In addition, a logic for reasoning
about Reo connectors in the presence of reconfiguration is
described. Interestingly, the logic is decideable, although its
underlying …</p><p>From a semantic perspective, the reconfiguration features of Reo have
not yet been explored. This talk presents their semantics in terms of
sequences of constraint automata. In addition, a logic for reasoning
about Reo connectors in the presence of reconfiguration is
described. Interestingly, the logic is decideable, although its
underlying model is infinite. The talk also discusses applications and
pitfalls of dynamic reconfiguration. </p>MoCha-pi, an Exogenous Coordination Calculus based on Mobile Channels2004-10-05T13:30:00+02:002004-10-05T13:30:00+02:00Juan Guillen-Scholten (CWI)tag:event.cwi.nl,2004-10-05:/acg/presentations/mocha-pi-an-exogenous-coordination-calculus-based-on-mobile-channels<p>In this talk we present MoCha-pi, an exogenous coordination calculus
that is based on mobile channels. A mobile channel is a coordination
primitive that allows anonymous point-to-point communication between
processes. Our calculus is an extension of the well-known
pi-calculus. The novelty of MoCha-pi is that its channels are a
special …</p><p>In this talk we present MoCha-pi, an exogenous coordination calculus
that is based on mobile channels. A mobile channel is a coordination
primitive that allows anonymous point-to-point communication between
processes. Our calculus is an extension of the well-known
pi-calculus. The novelty of MoCha-pi is that its channels are a
special kind of process that allow other processes to communicate with
each other and impose exogenous coordination through user defined
channel types. Also new, is the fact that in our calculus channels
are viewed as resources. Processes must compete with each other in
order to gain access to a particular channel. This makes the calculus
more in line with existing systems. An immediate application of this
calculus is the modeling of the MoCha middleware, a distributed system
that coordinates components using mobile channels.</p>Functional modelling of biochemical networks2004-09-21T13:30:00+02:002004-09-21T13:30:00+02:00Maria Schilstra (Biocomputation Research Group)tag:event.cwi.nl,2004-09-21:/acg/presentations/functional-modelling-of-biochemical-networks<p>NetBuilder and BioTapistry are interactive tools for building,
visualizing, and simulating the behaviour of biochemical networks,
specifically genetic regulatory networks (GRNs). GRNs perform the
lowest level coarse regulation in processes such as cell
differentiation and response to external signals. Both tools depict
the networks using the functional model notation (data …</p><p>NetBuilder and BioTapistry are interactive tools for building,
visualizing, and simulating the behaviour of biochemical networks,
specifically genetic regulatory networks (GRNs). GRNs perform the
lowest level coarse regulation in processes such as cell
differentiation and response to external signals. Both tools depict
the networks using the functional model notation (data flow diagrams),
and the resulting graphs are reminiscent of electronic circuit
diagrams: data (molecules) are channelled via arcs between nodes that
carry out certain transformations (chemical and physical
processes). The notation used by NetBuilder and BioTapstry is
different from the dynamic model notation (state transition diagrams)
that is commonly used to represent chemical reaction networks, and is,
it is hoped, more amenable to composite modelling and simulation. I
will describe the structure, use, and potential of these tools, and I
will also discuss two related international efforts to develop a
standard XML-based language for describing biochemical networks
(Systems Biology Markup Language, SBML, and the Cell Markup Language,
CellML).</p>
<p>Links:
http://strc.herts.ac.uk/bio/maria/NetBuilder/index.html
http://labs.systemsbiology.net/bolouri/software/BioTapestry/
http://sbml.org/index.psp
http://www.cellml.org/public/about/what_is_cellml.html
</p>Composed Software2004-07-06T13:30:00+02:002004-07-06T13:30:00+02:00James Noble (VUW & NZ)tag:event.cwi.nl,2004-07-06:/acg/presentations/composed-software<p>For decades, software engineering has "dreamed an impossible dream":
to build software from components as easily as children can build
houses out of Lego bricks. In this talk, I will explore an imaginary
world where that dream has been realised --- where software parts can
be found in worldwide repositories, where …</p><p>For decades, software engineering has "dreamed an impossible dream":
to build software from components as easily as children can build
houses out of Lego bricks. In this talk, I will explore an imaginary
world where that dream has been realised --- where software parts can
be found in worldwide repositories, where most software is built by
reusing existing software, and where software engineering has finally
been freed from the mundane necessity of programming. I will explore
the philosophical and empirical underpinnings of this dream, and
consider how software engineers and computer sciences could reposition
themselves to respond to this imaginary world (should it ever come to
pass). </p>Generic Ownership2004-06-29T13:30:00+02:002004-06-29T13:30:00+02:00Alex Potanin (VUW & NZ)tag:event.cwi.nl,2004-06-29:/acg/presentations/generic-ownership<p>"Modern programming languages provide little support for object
encapsulation and ownership. Escaped aliases to private objects can
compromise both security and reliability of code in reference-abundant
languages such as Java. Object ownership is a widely accepted approach
to controlling aliasing in programming languages. Proposals for adding
ownership to programming languages …</p><p>"Modern programming languages provide little support for object
encapsulation and ownership. Escaped aliases to private objects can
compromise both security and reliability of code in reference-abundant
languages such as Java. Object ownership is a widely accepted approach
to controlling aliasing in programming languages. Proposals for adding
ownership to programming languages do not directly support type
genericity. We present Generic Ownership - a unified approach to
providing generics and ownership. By including support for default
ownership, Generic Ownership imposes no more syntactic or runtime
overheads than traditional generic types. We have implemented Generic
Ownership in the context of the Ownership Generic Java (OGJ)
programming language, an extension to Generic Java, and we ground the
formal side of this work within the Featherweight Generic Java
framework. We hope that our work will help bring full support for
object encapsulation to the mainstream programming world."</p>BioReo: Coordination for Biological Modelling2004-06-22T13:30:00+02:002004-06-22T13:30:00+02:00Dave Clarke (CWI)tag:event.cwi.nl,2004-06-22:/acg/presentations/bioreo-coordination-for-biological-modelling<p>We present BioReo, an application of the Reo coordination paradigm to
provide a compositional formal model for describing and reasoning
about the behaviour of biological systems, such as regulatory gene
networks. Reo governs the interaction and flow of data between
components by constructing connector circuits which have a precise
formal …</p><p>We present BioReo, an application of the Reo coordination paradigm to
provide a compositional formal model for describing and reasoning
about the behaviour of biological systems, such as regulatory gene
networks. Reo governs the interaction and flow of data between
components by constructing connector circuits which have a precise
formal semantics. When applied to systems biology, we get a
comprehensible graphical model, which is both mathematically precise
and flexible.</p>
<p>Joint work with David Costa and Farhad Arbab.
</p>Back To The Future: A Family of Algorithms for Termination Detection in Distributed Systems (Part II)2004-06-15T13:30:00+02:002004-06-15T13:30:00+02:00Farhad Arbab (CWI & LIACS)tag:event.cwi.nl,2004-06-15:/acg/presentations/back-to-the-future-a-family-of-algorithms-for-termination-detection-in-distributed-systems-part-ii<p>A classical problem in distributed systems is detecting the
termination of a distributed computation. Distributed Termination
Detection (DTD) has been extensively studied in the past twenty years
and it is known to be a difficult problem to solve efficiently,
because it involves properties of the global state of a distributed …</p><p>A classical problem in distributed systems is detecting the
termination of a distributed computation. Distributed Termination
Detection (DTD) has been extensively studied in the past twenty years
and it is known to be a difficult problem to solve efficiently,
because it involves properties of the global state of a distributed
system. Many DTD algorithms exists and a recent survey of 35 of them
[1] introduces a taxonomy and identifies 8 different characteristics
for their classification and evaluation. This survey concludes by
remarking that '[an] algorithm [with favorable ranking in all 8
dimensions,] if one exists, would be a huge development in this
field.' As difficult as DTD is in its classical setting,
considerations for dynamicity and mobility in a distributed system
further complicate the DTD problem and render most existing DTD
algorithms non-applicable. We introduce the notion of Apparent
Causality as a relation among the messages in a system, from which we
derive the concepts of message histories and futures. Apparent
causality and message histories are inherently local properties which
can be evaluated at the level of each process, whereas message futures
are inherently global system-level properties. Histories and futures
of messages are examples of histories and futures of more general
observables in a distributed system. We propose Back To The Future
(BTTF) as a generic method for computing futures from histories, and
use this technique to construct three different algorithms: 1. BTTF
Transitory Quiescence (BTTF-TQ) is a generic, efficient algorithm that
leads a distributed system to a state where there are no pending
messages; 2. Yet Another Wave Algorithm (YAWA) uses the BTTF technique
to implement a generic DTD wave algorithm with certain interesting
properties of its own; and 3. BTTF Wave is our main algorithm, which
combines BTTF-TQ and YAWA to obtain a general symmetric DTD algorithm
that is equally suitable for classical settings as for dynamic systems
of distributed mobile processes. The BTTF Wave algorithm ranks quite
favorably in the characterization scheme of [1]. Furthermore, it is
generic and is suitable for dynamic and mobile systems at no extra
cost. Our preliminary results indicate that while the theoretical
worst-case message complexity of the BTTF Wave algorithm is no worse
than other generic wave algorithms, such worst-case scenarios are
possible only in unrealistic systems. The worst-case message
complexity of this algorithm for realistic systems is significantly
better, and its average message complexity in realistic systems is
only a fraction of their total number of normal messages. [1] 'A
Taxonomy of Distributed Termination Detection Algorithms,' J. Matocha
and T. Camp, The Journal of Systems and Software, vol. 43,
pp. 207-221, 1998. </p>A Translation from Reo to Petri Nets and Vice-Versa2004-06-08T13:30:00+02:002004-06-08T13:30:00+02:00Juan Guillen-Scholten (CWI)tag:event.cwi.nl,2004-06-08:/acg/presentations/a-translation-from-reo-to-petri-nets-and-vice-versa<p>In this talk we discuss first steps towards a complete translation of
Reo into Petri Nets. Reo is a channel-based exogenous coordination
model wherein complex coordinators, called connectors, are
compositionally built out of simpler ones. We present a translation
that covers all Reo connectors build using a particular set of …</p><p>In this talk we discuss first steps towards a complete translation of
Reo into Petri Nets. Reo is a channel-based exogenous coordination
model wherein complex coordinators, called connectors, are
compositionally built out of simpler ones. We present a translation
that covers all Reo connectors build using a particular set of basic
channels. In this talk we also present a translation from Petri Nets
to Reo. This translation is complete for the Elementary Net System
Petri Nets. </p>Visualization and operational semantics of Reo circuits2004-05-25T13:30:00+02:002004-05-25T13:30:00+02:00Nikolay Diakov (CWI)tag:event.cwi.nl,2004-05-25:/acg/presentations/visualization-and-operational-semantics-of-reo-circuits<p>The design of a distributed middleware that can directly speak Reo
constitutes one of the important long term goals of SEN3. In this
talk, we discuss several issues related to the roadmap we follow
towards such a middleware. The talk consist of two parts. In the first
part we discuss …</p><p>The design of a distributed middleware that can directly speak Reo
constitutes one of the important long term goals of SEN3. In this
talk, we discuss several issues related to the roadmap we follow
towards such a middleware. The talk consist of two parts. In the first
part we discuss the need for a "proper" operational semantic for Reo
that can facilitate a distributed implementation. Then we briefly
introduce a tool for design and simulation of Reo circuits: tool
architecture and functionality. This tool serves us as a playground
for clarifying all kinds of details regarding the execution of Reo
circuits. In the second part we use a series of examples starting from
very simple ones, to incrementally introduce you to and demonstrate
the complexities of the execution of Reo circuits. At the end, if time
permits, we shall sketch out the Reo operational semantics that we
have implemented in this tool. The introduction of the complete
operational semantics requires a rather lengthy presentation and we
will to this in a separate ACG talk. </p>Landscape Maps for Enterprise Architectures2004-05-18T14:45:00+02:002004-05-18T14:45:00+02:00Leon van der Torre (CWI)tag:event.cwi.nl,2004-05-18:/acg/presentations/landscape-maps-for-enterprise-architectures<p>Landscape maps are a technique for visualizing enterprise
architectures. They present architectural elements in the form of an
easy to understand 2D 'map'. A landscape map view on architectures
provides non-technical stakeholders, such as managers, with a
high-level overview, without burdening them with technicalities of
architectural drawings. In this paper …</p><p>Landscape maps are a technique for visualizing enterprise
architectures. They present architectural elements in the form of an
easy to understand 2D 'map'. A landscape map view on architectures
provides non-technical stakeholders, such as managers, with a
high-level overview, without burdening them with technicalities of
architectural drawings. In this paper we discuss the use of and
techniques for landscape maps. A formal model for landscape maps is
introduced as the basis of visualization and interaction
techniques. Moreover, we show how a landscape map can be generated
from its underlying model. Finally we show several interaction
techniques, for example to build a landscape map from scratch,
independently of an underlying model, or to change a landscape map
together with its underlying model. Joint work with Marc Lankhorst,
Hugo ter Doest, Jan Campschroer and Farhad Arbab </p>A Logical Viewpoint on Architectures2004-05-18T13:30:00+02:002004-05-18T13:30:00+02:00Marcello Bonsangue (LIACS)tag:event.cwi.nl,2004-05-18:/acg/presentations/a-logical-viewpoint-on-architectures<p>In this talk we introduce a logical viewpoint on architectures. The
logical viewpoint is based on the distinction between symbolic and
semantic models of architectures. The core of a symbolic model
consists of its signature that specifies symbolically its structural
elements and their relationships. A semantic model is defined as …</p><p>In this talk we introduce a logical viewpoint on architectures. The
logical viewpoint is based on the distinction between symbolic and
semantic models of architectures. The core of a symbolic model
consists of its signature that specifies symbolically its structural
elements and their relationships. A semantic model is defined as a
formal interpretation of the symbolic model. This leads to more
precise characterization of the concepts introduced in IEEE standard
1471-2000, and provides a formal approach to the design of enterprise
of architectural description languages and a general mathematical
foundation for the use of formal methods in enterprise
architectures. Joint work with F.S. de Boer, J. Jacob, A. Stam and
L. van der Torre. </p>Weak bisimulation for action-type coalgebras2004-05-11T13:30:00+02:002004-05-11T13:30:00+02:00Ana Sokolova (TU Eindhoven)tag:event.cwi.nl,2004-05-11:/acg/presentations/weak-bisimulation-for-action-type-coalgebras<p>We propose a coalgebraic definition of weak bisimulation for a class
of coalgebras obtained from bifunctors in~$SetCat$. Weak bisimilarity
for a system is obtained as strong bisimilarity of a transformed
system. The transformation consists of two steps: First, the behaviour
on actions is expanded to behaviour on finite words …</p><p>We propose a coalgebraic definition of weak bisimulation for a class
of coalgebras obtained from bifunctors in~$SetCat$. Weak bisimilarity
for a system is obtained as strong bisimilarity of a transformed
system. The transformation consists of two steps: First, the behaviour
on actions is expanded to behaviour on finite words. Second, the
behaviour on finite words is taken modulo the hiding of invisible
actions, yielding behaviour on equivalence classes of words closed
under silent steps. The coalgebraic definition is justified by two
correspondence results, one for the classical notion of weak
bisimulation of Milner and another for the notion of weak bisimulation
for generative probabilistic transition systems proposed by Baier and
Hermanns. </p>Automata, Bitstream functions, and Circuits2004-05-04T13:30:00+02:002004-05-04T13:30:00+02:00Jan Rutten (CWI & VU)tag:event.cwi.nl,2004-05-04:/acg/presentations/automata-bitstream-functions-and-circuits<p>We present a general and constructive method that for a well-behaved
function on bitstreams: f: (2^omega)^n --> (2^omega)^m constructs a
digital circuit (with n inputs and m outputs) that implements f. More
precisely, the method will produce for such f a Mealy automaton that
implements f. From …</p><p>We present a general and constructive method that for a well-behaved
function on bitstreams: f: (2^omega)^n --> (2^omega)^m constructs a
digital circuit (with n inputs and m outputs) that implements f. More
precisely, the method will produce for such f a Mealy automaton that
implements f. From this automaton, a circuit can be obtained using
various existing methods. </p>Compositionality in Logics for Coalgebras2004-04-27T13:30:00+02:002004-04-27T13:30:00+02:00Corina Cirstea (University of Southampton)tag:event.cwi.nl,2004-04-27:/acg/presentations/compositionality-in-logics-for-coalgebras<p>The coalgebraic approach to modelling state-based systems allows
system combinations to be modelled at the level of coalgebraic
signatures using operations such as functor composition, product or
coproduct. We show that this compositionality at the level of
signatures can be lifted to a logical level, thereby allowing the
derivation of …</p><p>The coalgebraic approach to modelling state-based systems allows
system combinations to be modelled at the level of coalgebraic
signatures using operations such as functor composition, product or
coproduct. We show that this compositionality at the level of
signatures can be lifted to a logical level, thereby allowing the
derivation of logics for coalgebras of functor combinations from
logics for coalgebras of the functors being combined. The key idea is
to capture one inductive step in the definition of a language for
coalgebras, using a notion of language constructor. Then, successive
applications of language constructors yield languages for coalgebras,
whose expressiveness w.r.t. bisimulation or some given notion of
simulation follows from an expressiveness condition on the underlying
language constructor. Moreover, operations on signature functors lift
to (expressiveness-preserving) operations on language constructors,
ultimately yielding expressive logics for combined coalgebraic
types. A similar approach can be used to derive sound and complete
proof systems for coalgebraic logics in a modular fashion. </p>What semantics fits with my aspects?2004-04-13T13:30:00+02:002004-04-13T13:30:00+02:00Ralf Laemmel (CWI & VU)tag:event.cwi.nl,2004-04-13:/acg/presentations/what-semantics-fits-with-my-aspects<p>In this talk, we review the available semantics for aspect-oriented
programming (AOP), and we connect this theme of recent research to
pre-AOP age. Most AOP semantics are operational or compiler-oriented
in style, and they focus on idioms of AspectJ, which is the
trend-setting, Java-based AOP language. A typical AOP semantics …</p><p>In this talk, we review the available semantics for aspect-oriented
programming (AOP), and we connect this theme of recent research to
pre-AOP age. Most AOP semantics are operational or compiler-oriented
in style, and they focus on idioms of AspectJ, which is the
trend-setting, Java-based AOP language. A typical AOP semantics is
based on a down-scaled Java, or perhaps on a simple functional
language. The AOP-specific parts of the semantics are normally related
to some form of aspect registry to keep track of intercepted join
points and associated advice. Still these semantics differ with regard
to the cunning peculiarities of describing pointcuts and managing the
aspect registry. Furthermore, the semantics might or might not
address static typing issues and other static guarantees. In addition
to semantics, there are also foundational issues that are being
studied, e.g., interpretations of AOP using process algebra (CSP) or
the pi-calculus, and the static analysis of aspects for
interference. In fact, AOP foundations have been studied before the
existence of AOP: think of structural and behavioural reflection as
the most obvious example. Such imports from pre-AOP age also include
continuation-passing style, wrapping, parallel programming,
algorithmic debugging, and dynamic scoping. Ongoing work on the
semantics of AOP aims at ``fluid'' AOP, simpler semantical concepts,
coverage of practical languages, modular reasoning, aspect
composition, and semantics-preserving transformations of
aspect-oriented programs. </p>Back To The Future: A Family of Algorithms for Termination Detection in Distributed Systems (Part 1)2004-04-06T13:30:00+02:002004-04-06T13:30:00+02:00Farhad Arbab (CWI & LIACS)tag:event.cwi.nl,2004-04-06:/acg/presentations/back-to-the-future-a-family-of-algorithms-for-termination-detection-in-distributed-systems-part-1<p>A classical problem in distributed systems is detecting the
termination of a distributed computation. Distributed Termination
Detection (DTD) has been extensively studied in the past twenty years
and it is known to be a difficult problem to solve efficiently,
because it involves properties of the global state of a distributed …</p><p>A classical problem in distributed systems is detecting the
termination of a distributed computation. Distributed Termination
Detection (DTD) has been extensively studied in the past twenty years
and it is known to be a difficult problem to solve efficiently,
because it involves properties of the global state of a distributed
system. Many DTD algorithms exists and a recent survey of 35 of them
[1] introduces a taxonomy and identifies 8 different characteristics
for their classification and evaluation. This survey concludes by
remarking that ``[an] algorithm [with favorable ranking in all 8
dimensions,] if one exists, would be a huge development in this
field.'' As difficult as DTD is in its classical setting,
considerations for dynamicity and mobility in a distributed system
further complicate the DTD problem and render most existing DTD
algorithms non-applicable.</p>
<p>We introduce the notion of Apparent Causality as a relation among the messages in a system, from which we derive the concepts of message histories and futures. Apparent causality and message histories are inherently local properties which can be evaluated at the level of each process, whereas message futures are inherently global system-level properties. Histories and futures of messages are examples of histories and futures of more general observables in a distributed system. We propose Back To The Future (BTTF) as a generic method for computing futures from histories, and use this technique to construct three different algorithms:</p>
<ol>
<li>BTTF Transitory Quiescence (BTTF-TQ) is a generic, efficient algorithm that leads a distributed system to a state where there are no pending messages;</li>
<li>Yet Another Wave Algorithm (YAWA) uses the BTTF technique to implement a generic DTD wave algorithm with certain interesting properties of its own; and</li>
<li>BTTF Wave is our main algorithm, which combines BTTF-TQ and YAWA to obtain a general symmetric DTD algorithm that is equally suitable for classical settings as for dynamic systems of distributed mobile processes.</li>
</ol>
<p>The BTTF Wave algorithm ranks quite favorably in the characterization scheme of [1]. Furthermore, it is generic and is suitable for dynamic and mobile systems at no extra cost. Our preliminary results indicate that while the theoretical worst-case message complexity of the BTTF Wave algorithm is no worse than other generic wave algorithms, such worst-case scenarios are possible only in unrealistic systems. The worst-case message complexity of this algorithm for realistic systems is significantly better, and its average message complexity in realistic systems is only a fraction of their total number of normal messages.</p>
<p>[1]
``A Taxonomy of Distributed Termination Detection Algorithms,''
J. Matocha and T. Camp,
The Journal of Systems and Software, vol. 43, pp. 207-221, 1998.
</p>XML+RML2004-03-23T13:30:00+01:002004-03-23T13:30:00+01:00Joost Jacob (CWI)tag:event.cwi.nl,2004-03-23:/acg/presentations/xmlrml<p>XML is a "syntax franca" in the computer industry, like English and
mathematics are a "lingua franca" in publications in the field of
computing science. Theories, formulas and logic rules can be stated in
a suitable XML vocabulary. But such an XML encoding is only for the
syntax, it is …</p><p>XML is a "syntax franca" in the computer industry, like English and
mathematics are a "lingua franca" in publications in the field of
computing science. Theories, formulas and logic rules can be stated in
a suitable XML vocabulary. But such an XML encoding is only for the
syntax, it is not capturing dynamics, necessary for the semantics of a
formalism. At CWI I developed an XML extension called RML that makes
it possible to define such semantics. More specifically, with RML it
is possible to define rule based XML transformations. With XML+RML we
can freely define XML languages and rules for formal semantics. These
semantics are executable with the help of the RML tools that have been
developed, thus providing the possibility of experimental analysis of
a formal semantics serving as the mathematical basis for software
technoloy. After an introduction to XML and RML I will show how we
applied XML+RML to various topics like propositional logic, UML and
business processes modelling. The last part of the talk will be a
short workshop. </p>Automata and Fixed Point Logics for Coalgebras (part 2)2004-03-16T13:30:00+01:002004-03-16T13:30:00+01:00Yde Venema (ILLC at UvA)tag:event.cwi.nl,2004-03-16:/acg/presentations/automata-and-fixed-point-logics-for-coalgebras-part-2<p>There is a long tradition in theoretical computer science connecting
logic and automata theory. As a paradigmatic example we mention the
link between the modal mu-calculus and parity automata on graphs. Much
of this work has a strong coalgebraic flavour, but to our knowledge
this perspective has never been made …</p><p>There is a long tradition in theoretical computer science connecting
logic and automata theory. As a paradigmatic example we mention the
link between the modal mu-calculus and parity automata on graphs. Much
of this work has a strong coalgebraic flavour, but to our knowledge
this perspective has never been made explicit or exploited. In the
talk we will generalize existing connections between automata and
logic to a more general, coalgebraic level. For any arbitrary
set-based functor F meeting some mild constraints, we define the
notion of an F-automaton. Such a device will operate on pointed
F-coalgebras, i.e., F-coalgebras with a selected actual state, and
either accept or reject such a structure. The criterion for rejection
and acceptance are given in terms of an infinite two-player parity
game. We also introduce a rather natural language of coalgebraic fixed
point logic for F-coalgebras, and we provide a game semantics for this
language. Finally, we provide a procedure transforming a coalgebraic
fixpoint formula p into a an automaton A_p that is equivalent to p in
the sense that A_p accepts precisely those pointed F-coalgebras in
which p holds. This then establishes the link between logic and
automata on a coalgebraic level. </p>In the Name of the Role (sequel)2004-03-09T13:30:00+01:002004-03-09T13:30:00+01:00Frank de Boer (CWI & LIACS)tag:event.cwi.nl,2004-03-09:/acg/presentations/in-the-name-of-the-role-sequel<p>This presentation introduces a formalism for the specification of
generic behavioral interfaces, so called roles. The main
characteristic feature of this formalism is the dynamic creation of
processes that act in the name of their roles. I will present a
compositional trace semantics of roles which is fully abstract with …</p><p>This presentation introduces a formalism for the specification of
generic behavioral interfaces, so called roles. The main
characteristic feature of this formalism is the dynamic creation of
processes that act in the name of their roles. I will present a
compositional trace semantics of roles which is fully abstract with
respect to may testing. This is the first such result for a language
with dynamic process creation by means of templates. Joint work with
M. Bonsangue, M. Steffen, and E. Abraham </p>Automata and Fixed Point Logics for Coalgebras2004-02-24T13:30:00+01:002004-02-24T13:30:00+01:00Yde Venema (ILLC at UvA)tag:event.cwi.nl,2004-02-24:/acg/presentations/automata-and-fixed-point-logics-for-coalgebras<p>There is a long tradition in theoretical computer science connecting
logic and automata theory. As a paradigmatic example we mention the
link between the modal mu-calculus and parity automata on graphs. Much
of this work has a strong coalgebraic flavour, but to our knowledge
this perspective has never been made …</p><p>There is a long tradition in theoretical computer science connecting
logic and automata theory. As a paradigmatic example we mention the
link between the modal mu-calculus and parity automata on graphs. Much
of this work has a strong coalgebraic flavour, but to our knowledge
this perspective has never been made explicit or exploited. In the
talk we will generalize existing connections between automata and
logic to a more general, coalgebraic level. For any arbitrary
set-based functor F meeting some mild constraints, we define the
notion of an F-automaton. Such a device will operate on pointed
F-coalgebras, i.e., F-coalgebras with a selected actual state, and
either accept or reject such a structure. The criterion for rejection
and acceptance are given in terms of an infinite two-player parity
game. We also introduce a rather natural language of coalgebraic fixed
point logic for F-coalgebras, and we provide a game semantics for this
language. Finally, we provide a procedure transforming a coalgebraic
fixpoint formula p into a an automaton A_p that is equivalent to p in
the sense that A_p accepts precisely those pointed F-coalgebras in
which p holds. This then establishes the link between logic and
automata on a coalgebraic level. </p>In the Name of the Role2004-02-10T13:30:00+01:002004-02-10T13:30:00+01:00Frank de Boer (CWI & LIACS)tag:event.cwi.nl,2004-02-10:/acg/presentations/in-the-name-of-the-role<p>This presentation introduces a formalism for the specification of
generic behavioral interfaces, so called roles. The main
characteristic feature of this formalism is the dynamic creation of
processes that act in the name of their roles. I will present a
compositional trace semantics of roles which is fully abstract with …</p><p>This presentation introduces a formalism for the specification of
generic behavioral interfaces, so called roles. The main
characteristic feature of this formalism is the dynamic creation of
processes that act in the name of their roles. I will present a
compositional trace semantics of roles which is fully abstract with
respect to may testing. This is the first such result for a language
with dynamic process creation by means of templates. Joint work with
M. Bonsangue, M. Steffen, and E. Abraham </p>A coalgebraic perspective on monotone modal logic2004-01-27T13:30:00+01:002004-01-27T13:30:00+01:00Helle Hvid Hansen (Radboud University Nijmegen and CWI)tag:event.cwi.nl,2004-01-27:/acg/presentations/a-coalgebraic-perspective-on-monotone-modal-logic<p>There is an obvious connection between coalgebra and modal logic:
Coalgebras for an endofunctor T can be seen as abstract dynamic
systems or transition systems, and modal logic seems to be the natural
specification language to talk about these systems. Monotone modal
logics generalise normal modal logics by weakening the …</p><p>There is an obvious connection between coalgebra and modal logic:
Coalgebras for an endofunctor T can be seen as abstract dynamic
systems or transition systems, and modal logic seems to be the natural
specification language to talk about these systems. Monotone modal
logics generalise normal modal logics by weakening the requirement of
additivity for the modal operator Box to monotonicity: From p ---> q
infer Box p ---> Box q. This entails that Kripke frames no longer
constitute an adequate semantics, instead (non-normal) monotone modal
logics are interpreted over monotone neighbourhood frames of the form
(W, N: W --> PPW) where N(w) is upwards closed. We will make the
connection between monotone modal logic and coalgebras precise by
defining functors UpP: Set ---> Set and UpV: Stone ---> Stone such
that UpP- and UpV-coalgebras correspond to monotone neighbourhood
frames and descriptive general monotone frames,
respectively. Furthermore, we will investigate the relationships
between the coalgebraic notions of bisimulation and behavioural
equivalence on the one hand, and bisimulation of monotone frames on
the other. In particular, we will show that the UpP-functor does not
preserve weak pullbacks, and we prove interpolation for a number of
monotone modal logics using results on UpP-bisimulation. </p>The Differential Calculus of Bitstreams2004-01-20T13:30:00+01:002004-01-20T13:30:00+01:00Jan Rutten (CWI & VU)tag:event.cwi.nl,2004-01-20:/acg/presentations/the-differential-calculus-of-bitstreams<p>Using (stream) differential equations for definitions and coinduction
for proofs, we define, analyse, and relate in a uniform way four
different algebraic structures on the set of bitstreams (infinite
sequences of 0's and 1's), characterising them in terms of the digital
circuits they can describe.</p>Reo: Operational Semantics, Animation and Model Checking2004-01-13T13:30:00+01:002004-01-13T13:30:00+01:00Seyyed Mohammad Reza Mousavi (Eindhoven University of Technology)tag:event.cwi.nl,2004-01-13:/acg/presentations/reo-operational-semantics-animation-and-model-checking<p>In this talk, we first present an operational semantics for Reo in the
style of Plotkin's SOS (Structured Operational Semantics). Next, we
present a faithful translation of this semantics into Maude (a
conditional term rewriting language). This, in turn, allows us to
benefit from the tooling around Maude in order …</p><p>In this talk, we first present an operational semantics for Reo in the
style of Plotkin's SOS (Structured Operational Semantics). Next, we
present a faithful translation of this semantics into Maude (a
conditional term rewriting language). This, in turn, allows us to
benefit from the tooling around Maude in order to animate and model
check Reo circuits. </p>MOnitoring Distributed Object and Component Communication2003-12-02T13:30:00+01:002003-12-02T13:30:00+01:00Nikolay Diakov (CWI)tag:event.cwi.nl,2003-12-02:/acg/presentations/monitoring-distributed-object-and-component-communication<p>"Monitoring of the behavior of computer programs enjoys applications
in activities such as debugging, testing, and software management. For
example, in debugging, developers use information collected during
application runtime to pinpoint the source(s) of application behavior
they consider erroneous. On this talk I present my work on monitoring
communication …</p><p>"Monitoring of the behavior of computer programs enjoys applications
in activities such as debugging, testing, and software management. For
example, in debugging, developers use information collected during
application runtime to pinpoint the source(s) of application behavior
they consider erroneous. On this talk I present my work on monitoring
communication behavior for middleware-based systems. I will start with
describing the context, the problems, motivation, goals, scope and
approach. After the first break I will continue with introduction to
monitoring concepts, object and component middleware concepts, and the
concept of reflection in middleware. I will then discuss a design
approach that I propose to designers who want to build generic
monitoring systems. I will illustrate the approach with an
architecture of a Generic Monitoring System. After the second break I
will dive into the details of the solution framework I propose for
monitoring of object and component communication. This solution
framework follows the design methodology which I presented earlier. I
also discuss several applications, which I use to validate this
approach. In the last 10 minutes of the talk I would like to
demonstrate the MODOCC monitoring system that I have build as a
proof-of-concept implementation." </p>Reo: Semantics and Tools for Design and Analysis. State-of-the-Art and Future Work2003-11-25T13:30:00+01:002003-11-25T13:30:00+01:00Christel Baier (University of Bonn)tag:event.cwi.nl,2003-11-25:/acg/presentations/reo-semantics-and-tools-for-design-and-analysis-state-of-the-art-and-future-work<p>Reo is a channel-based exogenous coordination model wherein complex
coordinators are compositionally built out of basic channel types
(like synchronous or FIFO channels) and connectors. In this talk,
first we will briefly explain the semantics of Reo based on languages
of Timed Data Streams and an operational semantics based on …</p><p>Reo is a channel-based exogenous coordination model wherein complex
coordinators are compositionally built out of basic channel types
(like synchronous or FIFO channels) and connectors. In this talk,
first we will briefly explain the semantics of Reo based on languages
of Timed Data Streams and an operational semantics based on so called
Constraint Automata. Then, we continue with different issues in
modeling Reo circuits by constraint automata and discuss some
examples. We finally report on the-state-of-the-art and future work
for developing an integrated tool for visualizing, simulating and
model checking Reo circuits and constraint automata. </p>Stone Coalgebras and Completeness for Coalgebraic Modal Logic2003-11-18T13:30:00+01:002003-11-18T13:30:00+01:00Clemens Kupke (CWI)tag:event.cwi.nl,2003-11-18:/acg/presentations/stone-coalgebras-and-completeness-for-coalgebraic-modal-logic<p>Coalgebras have been studied as a general approach to dynamic systems.
Modal logic seems to be a natural choice for a specification language
for coalgebras. Given an endofuntor T the problem is how to define a
suitable modal logic for T-coalgebras. Following an approach by
Pattinson we first define for …</p><p>Coalgebras have been studied as a general approach to dynamic systems.
Modal logic seems to be a natural choice for a specification language
for coalgebras. Given an endofuntor T the problem is how to define a
suitable modal logic for T-coalgebras. Following an approach by
Pattinson we first define for an arbitrary endofunctor T:Set ---> Set
a modal logic and briefly discuss (sufficient) conditions for that
logic to be sound, complete and expressive. We then translate this
approach to the case in which we are given a functor T:Stone --->
Stone where Stone denotes the category of Stone spaces. We now obtain
a better understanding of the above mentioned results of Pattinson:
First we show that any coalgebraic modal logic gives rise to a functor
L:BA --> BA, such that the category of L-algebras provides us an
algebraic semantics for the logic. It then turns out that Pattinson's
above mentioned conditions for soundness, completeness and
expressiveness of the logic are in fact equivalent to L being the
Stone dual of the functor T. </p>Normative Multiagent Systems2003-11-11T13:30:00+01:002003-11-11T13:30:00+01:00Leon van der Torre (CWI)tag:event.cwi.nl,2003-11-11:/acg/presentations/normative-multiagent-systems<p>In a previous ACG presentation earlier this year I have discussed the
basics of input/output logics (iol), which I developed together with
David Makinson from King's College London. In this talk I discuss how
a rule based logic like iol can be used in agent architectures, as
well as …</p><p>In a previous ACG presentation earlier this year I have discussed the
basics of input/output logics (iol), which I developed together with
David Makinson from King's College London. In this talk I discuss how
a rule based logic like iol can be used in agent architectures, as
well as in multiagent systems.</p>
<p>In particular, for agent architectures I discuss BOID agent
architectures, which I developed together with several agent researchers
now at University of Utrecht (see http://boid.info), and for multiagent
systems I discuss normative multiagent systems which I developed
together with Guido Boella from University of Torino.</p>
<p>A motivation for this talk is the potential use of concepts from
normative multiagent systems for ArchiMate, for example to capture the
notion (concern) of responsibility. This, however, will not be discussed
explicitly during the talk, but at the end of the presentation there
will be some time left for discussion.</p>
<p>Consequently, the layout of this talk will be as follows:
1. input/output logic reminder
2. BOID agent architectures
3. normative multiagent systems
4. optional discussion on norms and ArchiMate</p>A Comparative Study of Arithmetic Constraints on Integer Intervals2003-10-28T13:30:00+01:002003-10-28T13:30:00+01:00Peter Zoeteweij (CWI)tag:event.cwi.nl,2003-10-28:/acg/presentations/a-comparative-study-of-arithmetic-constraints-on-integer-intervals<p>The subject of arithmetic constraints on reals has attracted a great
deal of attention in the literature. For some reason arithmetic
constraints on integers have not been studied, even though they are
supported in a number of constraint programming systems. In this
presentation we will discuss various alternative approaches, based …</p><p>The subject of arithmetic constraints on reals has attracted a great
deal of attention in the literature. For some reason arithmetic
constraints on integers have not been studied, even though they are
supported in a number of constraint programming systems. In this
presentation we will discuss various alternative approaches, based on
interval arithmetic, to implementing these constraints. Also we
present the outcome of experiments that were performed to assess these
approaches on a number of benchmark problems.</p>Integrating Formal Methods with XML2003-10-07T13:30:00+02:002003-10-07T13:30:00+02:00Joost Jacob (CWI)tag:event.cwi.nl,2003-10-07:/acg/presentations/integrating-formal-methods-with-xml<p>Stating formalisms in XML adds the interoperability benefit of XML to
them. Existing tools for formal methods are based on a particular
implementation of the semantics of the computational model in a
tool-specific format. This complicates interoperability. Instead we
propose to use XML also for representing the semantics and even …</p><p>Stating formalisms in XML adds the interoperability benefit of XML to
them. Existing tools for formal methods are based on a particular
implementation of the semantics of the computational model in a
tool-specific format. This complicates interoperability. Instead we
propose to use XML also for representing the semantics and even
provide a tool for its execution.</p>
<p>We describe how a formalism can be "XMLized"; and not only
expressions in the formalism but also the semantics. The recipe
for doing this consists of (1) choosing or defining a suitable XML
vocabulary for expressions and (2) defining transformation rules
capturing the semantics.</p>
<p>The transformation rules themselves are specified in a mix of XML
from the problem domain and the Rule Markup Language (RML) we
designed. We introduce the idea of using "Regular XML
Expressions" for matching and binding variables in the input of a
rule, and to use those variables in the output of a rule. The
input and output of a transformation are in pure problem domain
XML. With this rulebased approach we can define and perform
transformations that are very hard to do with other techniques,
for instance XSLT, the W3C Recommendation for XML transformations.
A sequence of transformations can be used for simulations and
proofs, as demonstrated by an example that shows the derivation of
a proof in propositional logic, taking MathML as the problem
domain XML. This process is easy to automate and leads to a
general purpose theorem prover for XML based formalisms. The RML
transformation tool that can reproduce the MathML example in the
paper is available from the authors.
</p>Verification of Security Protocols with Rebeca2003-09-23T13:30:00+02:002003-09-23T13:30:00+02:00Hamed Iravanchi Zadeh (Tehran University)tag:event.cwi.nl,2003-09-23:/acg/presentations/verification-of-security-protocols-with-rebeca<p>The correctness of security protocols has become more and more
important lately, as the aspects of real life being in control of
computer systems increased. As operations like money transfers or
military communications are being ported to computer networks, any
flaw in security of the systems can lead to extremely …</p><p>The correctness of security protocols has become more and more
important lately, as the aspects of real life being in control of
computer systems increased. As operations like money transfers or
military communications are being ported to computer networks, any
flaw in security of the systems can lead to extremely large amount of
loss. The discovery of flaws in protocols that were considered safe
shows that the formal verification of such protocols is essential. My
talk first addresses different aspects of security and gives a brief
introduction to cryptography techniques. Then, I shall present a
well-known security protocol (CCITT X.509), describe a logic designed
to analyse authentication, and show how we can verify the protocol by
means of Model Checking. The model of the protocol will be presented
in the "Rebeca" modeling language. I will also describe how we can
model an intruder for the protocol and a flaw in the protocol, which
can be found by the Model Checking. </p>MoCha, a coordination middleware based on mobile channels2003-09-16T13:30:00+02:002003-09-16T13:30:00+02:00Juan Guillen-Scholten (CWI)tag:event.cwi.nl,2003-09-16:/acg/presentations/mocha-a-coordination-middleware-based-on-mobile-channels<p>MoCha is a framework for distributed communication and collaboration
using mobile channels as its medium. Channels allow directed,
anonymous, and peer-to-peer communication among entities, while
mobility ensures that the structure of their connections can change
over time in arbitrary ways. MoCha provides communication mechanisms
without requiring central servers or fixed …</p><p>MoCha is a framework for distributed communication and collaboration
using mobile channels as its medium. Channels allow directed,
anonymous, and peer-to-peer communication among entities, while
mobility ensures that the structure of their connections can change
over time in arbitrary ways. MoCha provides communication mechanisms
without requiring central servers or fixed network infrastructures,
and it allows exogenous coordination among processes.</p>
<p>In this talk we present, for the first time, the implementation of the
framework: the MoCha middleware prototype. The MoCha middleware
(hereforth, just MoCha) offers real distributed mobile channels to its
users. Furthermore, because MoCha is implemented in the Java language
using the Remote Method Invocation package (library) it is also
heterogeneous; meaning, that it does not matter on which platform the
different nodes of the system run.</p>
<p>Regarding the fields of application, MoCha can be used in any system
where there is a need for peer-to-peer, anonymous, and/or mobile
communication. On the Internet there are many applications with such
requirements, for example, mobile Internet agents. Smaller networks can
also benefit from MoCha, for example In-home networks, where different
devices communicate with each other in a rather small environment.
MoCha is especially suitable for Component Based Software. The anonymous
aspect of the channels makes it possible to dynamically plug in and
remove component instances from the system. Also, in component based
systems there is a need for a clear separation of concerns between the
computational and the coordination part of a system. MoCha offers this
clear separation by providing exogenous coordination. Therefore, the
component instances can be coordinated from outside. This makes it
possible to obtain different system behavior using the same components
but with other channel coordination schemes/topology.</p>
<p>Currently MoCha, as well as some other packages built on top of it are
working. We are now finishing the user manual, and soon we shall release
a version meant for the coordination community.
</p>Composing Style-Based Software Architectures from Architectural Primitives2003-09-09T13:30:00+02:002003-09-09T13:30:00+02:00Nikunj R. Mehta (University of Southern California)tag:event.cwi.nl,2003-09-09:/acg/presentations/composing-style-based-software-architectures-from-architectural-primitives<p>Nikunj Mehta is a Ph.D. Candidate at University of Southern California,
Los Angeles. He works on the intersection of software engineering and
distributed systems, with an aim to develop systematic techniques that
can join the mainstream of software development. His dissertation
research focuses on constructively composing elements of style-based …</p><p>Nikunj Mehta is a Ph.D. Candidate at University of Southern California,
Los Angeles. He works on the intersection of software engineering and
distributed systems, with an aim to develop systematic techniques that
can join the mainstream of software development. His dissertation
research focuses on constructively composing elements of style-based
architectures, in turn, enabling their systematic analysis as well as
implementation. He has been a practicing software architect for several
years, and has published at leading conferences in software engineering
including ICSE and FSE.</p>
<p>Software architectures provide high-level abstractions in the form of
coarse-grained processing, connecting, and data elements, their
interfaces, and their configurations. The system composition patterns
and constraints on architectural elements comprise architectural
styles, which are targeted at families of systems with shared
characteristics. Styles are therefore reusable software architectural
idioms and have the potential to economize software
development. Existing research on architectural styles provides little
guidance for the systematic design and construction of architectural
style elements. This talk proposes a framework, Alfa, for
systematically and constructively composing "architectural primitives"
to obtain elements of architectural styles, and, in turn, software
architectures. To explicate their expressiveness, Alfa's primitives
are also mapped to Reo's primitive channels. Moreover, a semantic
model of Alfa compositions is presented using finite state processes
(FSP) and Alloy, a first-order predicate logic. The use of these
formal notations imparts sound meanings to Alfa compositions as well
as enables their tool-driven analysis. Network-based styles are used
to demonstrate our approach. </p>Unifying the field of modal logics2003-07-01T13:30:00+02:002003-07-01T13:30:00+02:00Yde Venema (ILLC at UvA)tag:event.cwi.nl,2003-07-01:/acg/presentations/unifying-the-field-of-modal-logics<p>Nowadays there is an enormous and at times bewildering variety of
modal and other non-classical logics. Nevertheless, it still makes
sense to speak of `modal logic' as such since there is a
well-developed mathematical theory which emphasizes the unity of the
field. This theory is supported by a number of …</p><p>Nowadays there is an enormous and at times bewildering variety of
modal and other non-classical logics. Nevertheless, it still makes
sense to speak of `modal logic' as such since there is a
well-developed mathematical theory which emphasizes the unity of the
field. This theory is supported by a number of general results that
apply to all modal logics alike.</p>
<p>But next to such a process of abstraction and generalization
there is also a unifying research direction which seeks to
<em>compare</em> various logics. An important way to do so is to use
interpretation functions for the formulas, and simulation
functions linking logics of the one type to that of the other.
The relation between intermediate logics and certain modal
logics provides a well-known case.</p>
<p>Results obtained over the last ten years have provided
simulations linking most well-known families of modal logics:
normal, monadic, uni-modal logics (i.e., the standard ones)
can simulate normal, polymodal logics (i.e., in a language
with several unary modalities). And the latter logics can
simulate classical and monotone modal logics, as well as
normal modal logics with modalities of higher arity.</p>
<p>In the talk I will briefly introduce and survey the area,
and then focus on some of my own contributions. My last topic
will concern ongoing research concerning modal logics with a
propositional basis that is weaker than the usual Boolean one.
</p>A simulator for Reo2003-06-24T13:30:00+02:002003-06-24T13:30:00+02:00Beatriu Romero Matia (University of Barcelona/CWI)tag:event.cwi.nl,2003-06-24:/acg/presentations/a-simulator-for-reo<p>In this talk I demonstrate a simulator with a graphical user interface
(GUI) for the Coordination Language Reo. Compared to a version
presented in an earlier ACG talk, we changed the GUI in a number of
respects to facilitate integration with the simulator. The hard part
of the project turned …</p><p>In this talk I demonstrate a simulator with a graphical user interface
(GUI) for the Coordination Language Reo. Compared to a version
presented in an earlier ACG talk, we changed the GUI in a number of
respects to facilitate integration with the simulator. The hard part
of the project turned out to be the proper implementation of the
complex control of communication inside the nodes of a Reo network
(`connector'). I will focus on some of the problems we had to cope
with. </p>The OMEGA Component Model - part 12003-06-03T13:30:00+02:002003-06-03T13:30:00+02:00Joost Jacob (CWI)tag:event.cwi.nl,2003-06-03:/acg/presentations/the-omega-component-model-part-1<p>We introduce a formal model of components as developed in the IST
project OMEGA sponsored by the European Commission. The aim of this
project is the definition of a development methodology in UML for
embedded and real-time systems based on formal techniques.</p>
<p>The rationale of our component model is to …</p><p>We introduce a formal model of components as developed in the IST
project OMEGA sponsored by the European Commission. The aim of this
project is the definition of a development methodology in UML for
embedded and real-time systems based on formal techniques.</p>
<p>The rationale of our component model is to provide additional
structuring and abstraction mechanisms which allow a modeling
discipline and the application of formal techniques based on
``interfaces''.</p>
<p>In the context of the OMEGA component model we also discuss the formal
relationships between various levels of abstraction corresponding to
UML concepts such as component diagrams, class diagrams, architecture
diagrams, object diagrams, statecharts, and OCL. Finally, we discuss
the possible usage of the OMEGA component model for compositional
verification based on trace semantics.
</p>Modelling component connectors in Reo by constraint automata2003-05-27T13:30:00+02:002003-05-27T13:30:00+02:00Christel Baier (University of Bonn)tag:event.cwi.nl,2003-05-27:/acg/presentations/modelling-component-connectors-in-reo-by-constraint-automata<p>In an earlier report:</p>
<p>F. Arbab, J.J.M.M. Rutten
A coinductive calculus of component connectors
Technical Report SEN-R0216, CWI, Amsterdam, 2002, pp. 1--17.
To appear in the proceedings of WADT 2002.
(Available at http://www.cwi.nl/~janr)</p>
<p>a coinductive model for the component connector calculus
Reo was …</p><p>In an earlier report:</p>
<p>F. Arbab, J.J.M.M. Rutten
A coinductive calculus of component connectors
Technical Report SEN-R0216, CWI, Amsterdam, 2002, pp. 1--17.
To appear in the proceedings of WADT 2002.
(Available at http://www.cwi.nl/~janr)</p>
<p>a coinductive model for the component connector calculus
Reo was presented in terms of relations (defined as greatest
fixed points) on timed data streams.
In this talk, an operational counterpart of this stream model
is presented, based on what we have called constraint automata.
In these automata, transitions are labelled by name sets (indicating
which ends of a channel or connector are simultaneously active),
and have a constraint (on the input and output data of the
active ends) as a value. The issues of product and hiding
of constraint automata, euivalence, and minimisation,
will be briefly discussed.</p>Coordination and Components in Cooperative Constraint Solving2003-05-20T13:30:00+02:002003-05-20T13:30:00+02:00Peter Zoeteweij (CWI)tag:event.cwi.nl,2003-05-20:/acg/presentations/coordination-and-components-in-cooperative-constraint-solving<p>Coordination programming deals with building complex software systems
from largely autonomous component systems. Cooperative constraint
solving, which is widely recognized as a technique for improving the
efficiency of constraint solving, is an area that may benefit from
techniques developed in Coordination Programming: the solvers that we
want to have cooperate …</p><p>Coordination programming deals with building complex software systems
from largely autonomous component systems. Cooperative constraint
solving, which is widely recognized as a technique for improving the
efficiency of constraint solving, is an area that may benefit from
techniques developed in Coordination Programming: the solvers that we
want to have cooperate are generally high-level stand-alone
applications, and orchestration of their interaction is a non-trivial
task. In this talk we present the OpenSolver, an experimental
constraint solver that is being developed with the purpose of
facilitating coordination in mind. The OpenSolver is used to implement
the DICE (DIstributed Constraint Environment) framework for
distributed constraint solving, where it plays the role of both a
component solver as well as a wrapper that allows other solvers to be
coordinated through it. </p>Streams and stream circuits (a coinductive calculus of signal flow graphs)2003-05-06T13:30:00+02:002003-05-06T13:30:00+02:00Jan Rutten (CWI & VU)tag:event.cwi.nl,2003-05-06:/acg/presentations/streams-and-stream-circuits-a-coinductive-calculus-of-signal-flow-graphs<p>This semester at the VUA, I am teaching a minicourse on basic stream
calculus with applications to the theory of (signal) flow graphs. In
my ACG talk, I shall give a summary of the latter. It will include
the following proposition:</p>
<p>a function
f: IR^omega -> IR^omega
is implementable …</p><p>This semester at the VUA, I am teaching a minicourse on basic stream
calculus with applications to the theory of (signal) flow graphs. In
my ACG talk, I shall give a summary of the latter. It will include
the following proposition:</p>
<p>a function
f: IR^omega -> IR^omega
is implementable by
a stream circuit built from the following four primitives:
adder
copier
register (delay)
multiplier (with a constant)</p>
<p>if and only if:</p>
<p>f(sigma) = rho x sigma (for all sigma)</p>
<p>(where x denotes convolution product of streams)
for some rational stream rho.
</p>The Phi-calculus - a new language for distributed control of continuous reconfigurable systems2003-04-22T13:30:00+02:002003-04-22T13:30:00+02:00Bill Rounds (University of Michigan)tag:event.cwi.nl,2003-04-22:/acg/presentations/the-phi-calculus-a-new-language-for-distributed-control-of-continuous-reconfigurable-systems<p>Joint work with Hosung Song.</p>
<p>In this talk we present a new language which allows concurrent
programs to interact with continuous environments. It is an extension
of the powerful pi-calculus of Milner, which already provides for
concurrency and reconfigurability. Our contribution adds the notion of
<em>active environments</em> which can specify …</p><p>Joint work with Hosung Song.</p>
<p>In this talk we present a new language which allows concurrent
programs to interact with continuous environments. It is an extension
of the powerful pi-calculus of Milner, which already provides for
concurrency and reconfigurability. Our contribution adds the notion of
<em>active environments</em> which can specify flows over continuous time
using ordinary differential equations. This allows us to extend
ordinary hybrid automata to specify systems of physical agents which
can reconfigure themselves. We prove a theorem stating that processes
(weakly) bisimilar in the process-algebraic sense remain bisimilar in
a fully hybrid sense when embedded in the same continuous
environment. </p>Using ASF+SDF for the Verification of Annotated Java Programs2003-04-01T13:30:00+02:002003-04-01T13:30:00+02:00Robbert de Haan (CWI)tag:event.cwi.nl,2003-04-01:/acg/presentations/using-asfsdf-for-the-verification-of-annotated-java-programs<p>During this talk I will give an overview of the contents of my Masters
thesis, which is about implementing a translation of annotated Java to
HOL-syntax using ASF+SDF. ASF+SDF is a formalism that is useful for
rapid specification of syntax transformations, while HOL is the
theorem prover used …</p><p>During this talk I will give an overview of the contents of my Masters
thesis, which is about implementing a translation of annotated Java to
HOL-syntax using ASF+SDF. ASF+SDF is a formalism that is useful for
rapid specification of syntax transformations, while HOL is the
theorem prover used to verify the output of the tool written in
ASF+SDF.</p>
<p>The emphasis will be on the theory used, which is based on
flowcharts, but the talk will be concluded with an example
that has been verified using this tool.
</p>Branching Time Relations for Markov Chains2003-03-27T13:30:00+01:002003-03-27T13:30:00+01:00Christel Baier (University of Bonn)tag:event.cwi.nl,2003-03-27:/acg/presentations/branching-time-relations-for-markov-chains<p>Markov Chains are an important class of stochastic processes that are
widely used in practice to determine system performance and
dependability characteristics. This talk will consider discrete-time
and continuous-time Markov chains and explain notions of strong and
weak simulation and bisimulation relations for them. Moreover, the
talk will discuss the …</p><p>Markov Chains are an important class of stochastic processes that are
widely used in practice to determine system performance and
dependability characteristics. This talk will consider discrete-time
and continuous-time Markov chains and explain notions of strong and
weak simulation and bisimulation relations for them. Moreover, the
talk will discuss the connection between the several types of
branching relation, present decision algorithms and logical
characterisations by PCTL (probabilistic computation tree logic) and
CSL (continuous stochastic logic). </p>Rebeca: An Actor-Based Model for Formal Modelling and Verification of Reactive Systems2003-03-18T13:30:00+01:002003-03-18T13:30:00+01:00Marjan Sirjani (Tehran University)tag:event.cwi.nl,2003-03-18:/acg/presentations/rebeca-an-actor-based-model-for-formal-modelling-and-verification-of-reactive-systems<p>Object-oriented modelling is known to be an appropriate approach for
representing concurrent and distributed systems. Besides having an
appropriate and efficient way for modelling these systems, one needs a
formal verification approach for ensuring their
correctness. Therefore, we have developed an actor-based model for
describing such systems.</p>
<p>We use temporal …</p><p>Object-oriented modelling is known to be an appropriate approach for
representing concurrent and distributed systems. Besides having an
appropriate and efficient way for modelling these systems, one needs a
formal verification approach for ensuring their
correctness. Therefore, we have developed an actor-based model for
describing such systems.</p>
<p>We use temporal logic to specify properties of a model, and various
verification methods for verifying that the model meets its specification.
The state explosion problem in model checking can be avoided by using
techniques that replace a large component by a smaller component
which satisfies the same properties. We introduce a notion of
simulation between structures, which guarantees that a positive
check of universal, stuttering-invariant properties on simulations
also hold on the systems they simulate. Simulation can be used in
the compositional verification of the whole system.</p>
<p>Also, we have developed a tool for translating Rebeca codes to SMV.
Therefore, we now can model check Rebeca codes by SMV model checker.
</p>A hierarchy of probabilistic system types2003-03-04T13:30:00+01:002003-03-04T13:30:00+01:00Ana Sokolova (TU Eindhoven)tag:event.cwi.nl,2003-03-04:/acg/presentations/a-hierarchy-of-probabilistic-system-types<p>Joint work with Erik de Vink (TU/e).</p>
<p>Many approaches in standard concurrency theory are commonly based on
labelled transition systems or some minor variant thereof. When
probabilities are introduced however, many different system types
emerge: some authors for instance consider fully probabilistic
systems, while others use systems which incorporate …</p><p>Joint work with Erik de Vink (TU/e).</p>
<p>Many approaches in standard concurrency theory are commonly based on
labelled transition systems or some minor variant thereof. When
probabilities are introduced however, many different system types
emerge: some authors for instance consider fully probabilistic
systems, while others use systems which incorporate both,
nondeterministic and probabilistic choice. In the latter case, various
restrictions are furthermore imposed about when or in which order
nondeterministic and probabilistic steps are allowed and which of them
are associated with input or output labels.</p>
<p>We survey the different probabilistic
models in use and arrange them in an expressiveness
hierarchy. To this end a coalgebraic presentation turns out to be appropriate
not only to describe the various systems with their associated notion of
bisimilarity, but also to define translations of one type into another.
Moreover, we present a simple sufficient criterion for such a translation
to preserve expressiveness.
</p>A graphical user interface for REO2003-02-18T13:30:00+01:002003-02-18T13:30:00+01:00Beatriu Romero Matia (University of Barcelona/CWI)tag:event.cwi.nl,2003-02-18:/acg/presentations/a-graphical-user-interface-for-reo<p>In this talk I present a Graphical User Interface (GUI) for a
simulator of the Coordination Language Reo, implemented in C++ using
the Qt graphical libraries.</p>
<p>After briefly recalling some Reo concepts, I summarize the necessary
features such a GUI should offer and mark those that are already
implemented. I …</p><p>In this talk I present a Graphical User Interface (GUI) for a
simulator of the Coordination Language Reo, implemented in C++ using
the Qt graphical libraries.</p>
<p>After briefly recalling some Reo concepts, I summarize the necessary
features such a GUI should offer and mark those that are already
implemented. I give an impression on how to work with the tool by
showing some screen shots of the application. Moreover, using a UML
diagram, I sketch the internal design of the application. I finish by
outlining further steps to be done in this project in the coming months.
</p>Input-output logic2003-01-21T13:30:00+01:002003-01-21T13:30:00+01:00Leon van der Torre (CWI)tag:event.cwi.nl,2003-01-21:/acg/presentations/input-output-logic<p>Joint work with David Makinson, King's College
London.</p>
<p>Input-output logic (IOL) is a theory of input/output operations
resembling inference, but where input propositions are not in general
included among outputs, and the operation is not in any way
reversible. Examples arise in contexts of conditional obligations,
goals, ideals, preferences …</p><p>Joint work with David Makinson, King's College
London.</p>
<p>Input-output logic (IOL) is a theory of input/output operations
resembling inference, but where input propositions are not in general
included among outputs, and the operation is not in any way
reversible. Examples arise in contexts of conditional obligations,
goals, ideals, preferences, actions, and beliefs. Four are singled
out: simple-minded, basic (making intelligent use of disjunctive
inputs), simple-minded reusable (in which outputs may be recycled as
inputs), and basic reusable. They are defined semantically and
characterised by derivation rules, as well as in terms of relabeling
procedures and modal operators. Their behaviour is studied on both
semantic and syntactic levels.</p>
<p>I this talk I intend to:</p>
<p>briefly give a general background of my research on deontic logic,
qualitative decision theory, input/output logics, and agent theory (to
put the work in context)</p>
<p>motivate IOL by discussing conditionals in modal logic</p>
<p>explain the basic theory</p>
<p>briefly mention extensions with constraints and permissions</p>
<p>briefly mention applications to cognitive agent architectures</p>
<p>Background material:</p>
<p>D. Makinson and L. van der Torre, Input-output logics. Journal of
Philosophical Logic, 29: 383-408, 2000.</p>
<p>D. Makinson and L. van der Torre, Constraints for input-output logics.
Journal of Philosophical Logic, 30(2):155-185, 2001.</p>
<p>D. Makinson and L. van der Torre, Permissions from an input/output
perspective. Journal of Philosophical Logic, to appear.</p>
<p>D. Makinson and L. van der Torre, What is Input/Output Logic?
Foundations of the Formal Sciences II: Applications of Mathematical
Logic in Philosophy and Linguistics. Trends in Logic, Kluwer, 2003.</p>
<p>D. Makinson and L. van der Torre, Input-output logics. Course material
for 10 hour course presented at ESSLLI01.
</p>Full Abstraction in Structural Operational Semantics2002-12-10T13:30:00+01:002002-12-10T13:30:00+01:00Rob van Glabbeek (CWI)tag:event.cwi.nl,2002-12-10:/acg/presentations/full-abstraction-in-structural-operational-semantics<p>This talk explores the connection between semantic equivalences for
concrete sequential processes, represented by means of transition
systems, and formats of transition system specifications using
Plotkin's structural approach. For several equivalences in the linear
time - branching time spectrum a format is given, as general as
possible, such that this equivalence …</p><p>This talk explores the connection between semantic equivalences for
concrete sequential processes, represented by means of transition
systems, and formats of transition system specifications using
Plotkin's structural approach. For several equivalences in the linear
time - branching time spectrum a format is given, as general as
possible, such that this equivalence is a congruence for all operators
specifiable in that format. And for several formats it is determined
what is the coarsest congruence with respect to all operators in this
format that is finer than partial or completed trace equivalence. I
will start with an introduction to structural operational semantics,
focusing on the meaning of negative premises. </p>A coalgebraic semantics for positive modal logic2002-12-03T13:30:00+01:002002-12-03T13:30:00+01:00Alessandra Palmigiano (University of Barcelona)tag:event.cwi.nl,2002-12-03:/acg/presentations/a-coalgebraic-semantics-for-positive-modal-logic<p>Positive Modal Logic (PML) is the logic of Kripke structures in a
language containing conjunction, disjunction and modal operators, but
no negation or implication. The class of algebras canonically
associated with PML forms a category which is dually equivalent to
certain topological spaces (Priestley spaces) endowed with relations,
which are …</p><p>Positive Modal Logic (PML) is the logic of Kripke structures in a
language containing conjunction, disjunction and modal operators, but
no negation or implication. The class of algebras canonically
associated with PML forms a category which is dually equivalent to
certain topological spaces (Priestley spaces) endowed with relations,
which are called K+-spaces. The talk is about the presentation of the
following result: The category of K+-spaces is equivalent to the
category of coalgebras of a certain endofunctor on Priestley spaces. </p>A Hoare Logic for Knowledge Programs2002-11-27T13:30:00+01:002002-11-27T13:30:00+01:00Alexandru Baltag (Oxford University (formerly CWI))tag:event.cwi.nl,2002-11-27:/acg/presentations/a-hoare-logic-for-knowledge-programs<p>I present some new results and developments of my work on modeling
communication and learning in distributed systems.</p>
<p>Epistemic programs are programs for jointly updating
all the agents' states of knowledge (or "belief") about the current
system. They can be intuitively understood as computing the effect
of exchanges of information …</p><p>I present some new results and developments of my work on modeling
communication and learning in distributed systems.</p>
<p>Epistemic programs are programs for jointly updating
all the agents' states of knowledge (or "belief") about the current
system. They can be intuitively understood as computing the effect
of exchanges of information ("communication") between
agents. Such programs are recursively built from basic
epistemic actions (e.g. public broadcasting, or various
more "secret" forms of communication), using standard
program constructors. In some contexts (such as security
issues), it is even natural to consider programs that
induce false "knowledge", i.e. wrong beliefs, in some agents.</p>
<p>I give examples, I present a general syntax and semantics for
any such programs, I define non-standard (epistemic)
program constructors (such as "learning a given program"),
and I give a general algorithm for updating information.
I introduce a (complete and decidable) propositional Hoare logic
for epistemic programs, which can be used to reason about
informational changes, and in particular to prove the partial
correctness of communication strategies with respect to given
epistemic goals (and given epistemic preconditions). I apply
this to some well-known epistemic puzzles, as well as to some
attack strategies in security protocols. Finally, I present
an extension of the Hoare logic to a much more expressive
dynamic logic of epistemic programs, which turns out to
be undecidable, although still useful in some contexts.
</p>FOLD: first order logic of domains2002-11-26T13:30:00+01:002002-11-26T13:30:00+01:00Marcello Bonsangue (LIACS)tag:event.cwi.nl,2002-11-26:/acg/presentations/fold-first-order-logic-of-domains<p>We introduce an interpretation of domains in terms of a logic
including bounded existential and universal quantifiers. The logic is
compositional with respect to domain constructors like function space
and Plotkin powerdomain, and sound with respect to the ordinary
interpreation of domains as some kind of complete partial orders. A …</p><p>We introduce an interpretation of domains in terms of a logic
including bounded existential and universal quantifiers. The logic is
compositional with respect to domain constructors like function space
and Plotkin powerdomain, and sound with respect to the ordinary
interpreation of domains as some kind of complete partial orders. A
major fragment of this logic is also proved complete.</p>
<p>A first order modal logic, Hoare logic for partial and
total correctness, as well as second order polymorphic
lambda calculus with subtypes can be seen as special
instances of FOLD.
</p>Introduction to Presheaves, Open Maps, and Weak Factorisation Systems2002-11-12T13:30:00+01:002002-11-12T13:30:00+01:00Alexander Kurz (CWI)tag:event.cwi.nl,2002-11-12:/acg/presentations/introduction-to-presheaves-open-maps-and-weak-factorisation-systems<p>Presheaves are widely used as models for concurrency. The aim of the
talk is to give an introduction to presheaves and the associated
notion of bisimulation called open maps. Mathematically, presheaves
are attractive because they are simple (presheaves are just set-valued
functors), cover many interesting examples (e.g. unary algebras …</p><p>Presheaves are widely used as models for concurrency. The aim of the
talk is to give an introduction to presheaves and the associated
notion of bisimulation called open maps. Mathematically, presheaves
are attractive because they are simple (presheaves are just set-valued
functors), cover many interesting examples (e.g. unary algebras,
transition systems, simplicial sets), and have a lot of structure (for
example, categories of presheaves are toposes). Open maps can be
described by weak factorisation systems. </p>Abstract Behavior Types: A Foundation Model for Components and Their Composition2002-10-22T13:30:00+02:002002-10-22T13:30:00+02:00Farhad Arbab (CWI & LIACS)tag:event.cwi.nl,2002-10-22:/acg/presentations/abstract-behavior-types-a-foundation-model-for-components-and-their-composition<p>The notion of Abstract Data Type (ADT) has served as a foundation
model for structured and object-oriented programming for some thirty
years. An ADT defines an algebra of operations with well-defined
semantics, without specifying any detail about the implementation of
those operations or the data structures they operate on to …</p><p>The notion of Abstract Data Type (ADT) has served as a foundation
model for structured and object-oriented programming for some thirty
years. An ADT defines an algebra of operations with well-defined
semantics, without specifying any detail about the implementation of
those operations or the data structures they operate on to realize
them. ADT is a powerful abstraction and encapsulation mechanism that
groups data together with their related operations into logically
coherent and loosely-dependent entities, such as objects, yielding
better structured programs.</p>
<p>The current trend in software engineering toward component based
systems requires a foundation model as well. The immense success of
object-oriented techniques has distracted proper attention from the
fact that the most basic inherent property of an ADT, i.e., that it
provides a set of operations, subverts some highly desirable properties
in emerging formal models for components. This is already evident in
the current attempts at extending the object-oriented models into the
realm of components.</p>
<p>We introduce the notion of an Abstract Behavior Type (ABT) as a
higher-level alternative to ADT and propose it as a proper foundation
model for both components and their composition. An ABT defines an
abstract behavior as a relation among a set of timed-data-streams, without
specifying any detail about the operations that may be used to implement
such behavior or the data types it may manipulate for its realization.
In contrast with the algebraic underpinnings of the ADT model, the
(generally) infinite streams that are the elements of behavior in the
ABT model naturally lend themselves to the coalgebraic techniques and
the coinduction reasoning principle that have recently been developed as
a general theory to describe the behavior of dynamic systems. The ABT
model supports much looser coupling than is possible with ADT and is
inherently amenable to exogenous coordination. We propose that both of
these are highly desirable, if not essential, properties for components
and their composition.</p>
<p>In our view, a component based system consists of component instances and
their connectors (i.e., the "glue code"), both of which are uniformly
modeled as ABTs. As a concrete instance of the application of the ABT
model, we present Reo: a channel-based exogenous coordination model
wherein complex coordinators, called "connectors" are compositionally
built out of simpler ones. The simplest connectors in Reo are a set
of channels with well-defined behavior supplied by users. Reo can be
used as a "glue language" for compositional construction of connectors
that orchestrate component instances in a component-based system.
We demonstrate the surprisingly expressive power of connector composition
in Reo through a number of examples. Because all Reo connectors are
ABTs, we show how the semantics of channel composition in Reo can be
defined in terms of a calculus of ABT composition.
</p>Combining the Activator, Manifold, and... A Road to the future?2002-10-15T13:30:00+02:002002-10-15T13:30:00+02:00Wim Delvaux (Adaptive Planet)tag:event.cwi.nl,2002-10-15:/acg/presentations/combining-the-activator-manifold-and-a-road-to-the-future<p>Very recently, Adaptive Planet (AP), a privately owned company, teamed
up with CWI to combine AP's technology, the Activator, with the work
done by Dr. Farhad Arbab and his team, Manifold.</p>
<p>In the first part of this talk the Activator technology will be presented.
The Acticator is a strict and …</p><p>Very recently, Adaptive Planet (AP), a privately owned company, teamed
up with CWI to combine AP's technology, the Activator, with the work
done by Dr. Farhad Arbab and his team, Manifold.</p>
<p>In the first part of this talk the Activator technology will be presented.
The Acticator is a strict and pure conponent based environment. The basic
concepts of this technology grew from the experience gathered from day-to-day
IT-problems in large software departments. We learned that ultimate
flexibility is key to successful software deployment. This is
because most problems in software development and release management result
from the real life circumstances a project team has to operate under.
The techniques used to develop the software are far less significant.
These circumstances not only include commonly known development problems but
also much more unexpected release problems. We therefore concluded that
it is not the language that is key but rather the environment under which
the application executes.</p>
<p>In the second part of this talk, the combination of Manifold and the Activator
will be presented. During our years of project experience with the Activator
we learned that programming conponents, albeit cleaner, still remains just
programming. Moreover, most IT shops really would like to get rid of
development altogether. Fortunately, we found out that a significant part
of the code served just to make components cooperate. After some in-house
experiments with tools that could declare component interaction, we
encountered Manifold. We found out that Manifold is the ideal match for the
Activator, capable of efficiently describing component interactions.</p>
<p>The capabilities of the combined tool, the Designer, have outgrown the sum
of each of its constituents. These perspectives are so huge and promising
that the AP/CWI cooperation will be expanded to include other new and
exciting features. This glance into the future will be addressed in the third
and final part of the talk.
</p>(Co-)Algebraic semantics of Modal Logic2002-10-08T13:30:00+02:002002-10-08T13:30:00+02:00Clemens Kupke (CWI)tag:event.cwi.nl,2002-10-08:/acg/presentations/co-algebraic-semantics-of-modal-logic<p>The main part of the talk will be an overview over some basic notions
of modal logic. This will include Kripke semantics, algebraic
semantics and a comparison of the two. The notion of a (descriptive)
general frame is used to combine these two approaches. We then will
show how one …</p><p>The main part of the talk will be an overview over some basic notions
of modal logic. This will include Kripke semantics, algebraic
semantics and a comparison of the two. The notion of a (descriptive)
general frame is used to combine these two approaches. We then will
show how one can use a particular endofunctor on the category of Stone
Spaces to formulate the notion of a descriptive general frame in
coalgebraic terms. </p>Verification of Sequential Java Programs: A Computer-Aided Approach2002-10-01T13:30:00+02:002002-10-01T13:30:00+02:00Cees Pierik (University of Utrecht)tag:event.cwi.nl,2002-10-01:/acg/presentations/verification-of-sequential-java-programs-a-computer-aided-approach<p>In this talk, I will present joined work with Frank de Boer on the
verification of Java Programs. After an introduction in the theory of
verification for object-oriented programs, I will demonstrate a tool
that supports the verification of Java programs. </p>Coordination-Based Cooperation of Constraint Solvers in DICE2002-09-17T13:30:00+02:002002-09-17T13:30:00+02:00Peter Zoeteweij (CWI)tag:event.cwi.nl,2002-09-17:/acg/presentations/coordination-based-cooperation-of-constraint-solvers-in-dice<p>DICE (DIstributed Constraint Environment) is a software framework,
implemented using the Manifold coordination language, for constructing
distributed constraint solvers from software components in a number of
predefined categories. One of these component categories contains
incomplete constraint solvers, that can act as a domain reduction
operator inside a constraint propagation algorithm …</p><p>DICE (DIstributed Constraint Environment) is a software framework,
implemented using the Manifold coordination language, for constructing
distributed constraint solvers from software components in a number of
predefined categories. One of these component categories contains
incomplete constraint solvers, that can act as a domain reduction
operator inside a constraint propagation algorithm. From this point of
view, the framework can be seen as a platform for solver
cooperation. In this talk we propose a number of extensions to the
existing implementation, that will make the framework suitable for a
larger variety of solver cooperation schemes. We will give a
high-level, informal description of the current framework and the
extensions, and show how the target system can be used to implement a
number of existing solver cooperations. </p>Probabilistic GSOS2002-09-10T13:30:00+02:002002-09-10T13:30:00+02:00Falk Bartels (CWI)tag:event.cwi.nl,2002-09-10:/acg/presentations/probabilistic-gsos<p>In this talk we present the content of a forthcoming CWI technical
report, which introduces and discusses an operator specification
format for labelled probabilistic transition systems. Because of its
similarity to the known GSOS rules for nondeterministic systems, the
format is called probabilistic GSOS. Early this year, we have already …</p><p>In this talk we present the content of a forthcoming CWI technical
report, which introduces and discusses an operator specification
format for labelled probabilistic transition systems. Because of its
similarity to the known GSOS rules for nondeterministic systems, the
format is called probabilistic GSOS. Early this year, we have already
outlined the development at an ACG meeting. Compared to that
presentation, the format now includes transition labels and its
correspondence with a categorical specification format - from which a
number of well-behavedness results can be derived easily - is proved
in detail. We will sketch the argument and give example
specifications. </p>Fully abstract semantics for OO2002-08-27T13:30:00+02:002002-08-27T13:30:00+02:00Frank de Boer (CWI & LIACS)tag:event.cwi.nl,2002-08-27:/acg/presentations/fully-abstract-semantics-for-oo<p>The presentation is a part of the
MobiJ
project meeting.</p>
<p>In this talk we will discuss our ongoing work concerning the problem
of a fully abstract semantics for object-oriented languages and its
relation with components. </p>A Framework for Visualizing and Simulating Reo2002-07-30T13:30:00+02:002002-07-30T13:30:00+02:00Paramveer Singh (CWI)tag:event.cwi.nl,2002-07-30:/acg/presentations/a-framework-for-visualizing-and-simulating-reo<p>In this talk we present a tool designed to simulate Reo, a
channel-based coordination calculus for component composition. We
begin with a short recapitulation of Reo, and discuss the fundamental
issues that define it. Then we explain the structure of the tool;
particularly the separation between the GUI- and the …</p><p>In this talk we present a tool designed to simulate Reo, a
channel-based coordination calculus for component composition. We
begin with a short recapitulation of Reo, and discuss the fundamental
issues that define it. Then we explain the structure of the tool;
particularly the separation between the GUI- and the simulation part
and why this is important. After this, we start with a small
demonstration of how the tool works and how it can be used to compose
and define new channels. In this part we also need to explain
technical details concerning the concept of locking, which is
necessary for correctness of the simulation; channel-ends on nodes are
locked according to a lock-and-ask mechanism/protocol. Finally, we
demonstrate some examples from the Reo report. These examples are
carefully selected in order to show all the simulation possibilities
of the tool. </p>The OMEGA Component Model - part 22002-06-18T13:30:00+02:002002-06-18T13:30:00+02:00Joost Jacob (CWI)tag:event.cwi.nl,2002-06-18:/acg/presentations/the-omega-component-model-part-2<p>CWI defined a formal model of components in terms of the basic
object-oriented concepts of the OMEGA kernel language. More
specifically, the CWI developed a representation in the OMEGA kernel
model of both the internal and the external view of a component. With
the external or blackbox view of a …</p><p>CWI defined a formal model of components in terms of the basic
object-oriented concepts of the OMEGA kernel language. More
specifically, the CWI developed a representation in the OMEGA kernel
model of both the internal and the external view of a component. With
the external or blackbox view of a component its internal structure
can be encapsulated. The external view will be simpler than the
internal view and can make things possible that would be more
complicated using the internal view only. </p>O2C: A Semantic Thread From Objects to Components2002-06-04T13:30:00+02:002002-06-04T13:30:00+02:00Farhad Arbab (CWI & LIACS)tag:event.cwi.nl,2002-06-04:/acg/presentations/o2c-a-semantic-thread-from-objects-to-components<p>In this tutorial we present the basic concepts that underlie object
oriented and component based software engineering and their semantic
justifications. We start with the basic concepts such as abstract data
types and inheritance, as used in the object oriented paradigm to
enhance reuse, modularity, and maintenance of software. We …</p><p>In this tutorial we present the basic concepts that underlie object
oriented and component based software engineering and their semantic
justifications. We start with the basic concepts such as abstract data
types and inheritance, as used in the object oriented paradigm to
enhance reuse, modularity, and maintenance of software. We show how
the concept of component supports and generalizes similar concerns in
the engineering of large, heterogeneous, loosely-coupled, distributed
software systems. The current component technology regards components
as extended objects. We describe an alternative approach that starts
with the concept of components as abstract behavioral types. We show
how this new interpretation makes components amenable to explicit
exogenous coordination, supports compositionality, and provides a
clear separation between computation and communication concerns. This
leads to a new model of component composition that is based on a
calculus of connectors for algebraic construction of component glue
code. </p>A short survey of enterprise architectures and modeling tools2002-05-21T13:30:00+02:002002-05-21T13:30:00+02:00Juan Guillen-Scholten (CWI)tag:event.cwi.nl,2002-05-21:/acg/presentations/a-short-survey-of-enterprise-architectures-and-modeling-tools<p>In this talk we give a short overview of the state-of-the-art study
done within the ArchiMate project. The purpose of this study is to
give an overview of the state-of-the-art in the fields of (1)
architectural research and (2) enterprise modeling tools. In the
first overview, we concentrate on known …</p><p>In this talk we give a short overview of the state-of-the-art study
done within the ArchiMate project. The purpose of this study is to
give an overview of the state-of-the-art in the fields of (1)
architectural research and (2) enterprise modeling tools. In the
first overview, we concentrate on known frameworks, techniques, and
methodologies for architecture use and design. In the second overview,
we discuss modeling tools; their underlying concepts, meta-models, and
semantics. In our study we look at both the industry and the academic
world.</p>
<p>In this talk we concentrate on enterprise modeling techniques and tools.
Our purpose is to give an introduction to enterprise modeling and a
short survey of modeling tools.
</p>Finitary Coalgebraic Modal Logic (Canonical Models and Compactness)2002-05-14T13:30:00+02:002002-05-14T13:30:00+02:00Alexander Kurz (CWI)tag:event.cwi.nl,2002-05-14:/acg/presentations/finitary-coalgebraic-modal-logic-canonical-models-and-compactness<p>Joint work with
Dirk Pattinson,
Ludwig-Maximilians-Universität,
Munich.</p>
<p>In contrast to previous talks about the relationship between
coalgebras and modal logic, the emphasis of this presentation is on
<em>finitary</em> modal logics. That is, syntactically I focus on basic modal
logic and semantically on finite approximations of infinite
behaviours.</p>
<p>I begin with …</p><p>Joint work with
Dirk Pattinson,
Ludwig-Maximilians-Universität,
Munich.</p>
<p>In contrast to previous talks about the relationship between
coalgebras and modal logic, the emphasis of this presentation is on
<em>finitary</em> modal logics. That is, syntactically I focus on basic modal
logic and semantically on finite approximations of infinite
behaviours.</p>
<p>I begin with a brief review of coalgebras and modal logic and then
discuss the main technical tool used to handle the finitary aspects, the
so-called terminal sequence. As applications we exhibit the coalgebraic
analogue of the canonical model construction known from modal logic and
characterise those coalgebraic signatures that give rise to compact
modal logics.</p>
<p>(This is an extended version of my CMCS'02 presentation. The current
version of the paper is available from
http://www.cwi.nl/~kurz)
</p>The type of a component2002-05-07T13:30:00+02:002002-05-07T13:30:00+02:00Marcello Bonsangue (LIACS)tag:event.cwi.nl,2002-05-07:/acg/presentations/the-type-of-a-component<p>In this talk we generalize the functional object model introduced by
Pierce and Turner to a functional component model. This extension will
require a notion of set types built on top of a higher order
polymorphism lambda calculus. </p>Objects, components, and types (how to unify different research lines)2002-04-16T13:30:00+02:002002-04-16T13:30:00+02:00Marcello Bonsangue (LIACS)tag:event.cwi.nl,2002-04-16:/acg/presentations/objects-components-and-types-how-to-unify-different-research-lines<p>What are components? How do they interact? Why do we need them?</p>
<p>In this talk we answer these questions by introducing a novel
component model. Furtehr we will sketch some type-theretical and
semantical issues related to this notion of component.
</p>A Scriptable Planner Using Python as a Problem Definition Language2002-04-09T13:30:00+02:002002-04-09T13:30:00+02:00Joost Jacob (CWI)tag:event.cwi.nl,2002-04-09:/acg/presentations/a-scriptable-planner-using-python-as-a-problem-definition-language<p>This Master's thesis project has been conducted at the ALP group of
LIACS, the Leiden Institute of Advanced Computer Science. The
supervisors have been drs. J. I. van Hemert and dr. W. A. Kosters.
Jano van Hemert has been doing earlier reasearch on Constraint
Satisfaction Problems (CSPs) and Evolutionary Algorithms …</p><p>This Master's thesis project has been conducted at the ALP group of
LIACS, the Leiden Institute of Advanced Computer Science. The
supervisors have been drs. J. I. van Hemert and dr. W. A. Kosters.
Jano van Hemert has been doing earlier reasearch on Constraint
Satisfaction Problems (CSPs) and Evolutionary Algorithms (EAs). Where
applicable the existing expertise about CSPs and EAs has been used in
this project, so this project would fit in well with other research at
the ALP group.</p>
<p>We built a system that tries to solve CSPs with the aid of EAs.
The system is general enough to also take any other problem
instance if you can define the problem with the Python language.
The input for the system is a Python script that states the
problem. The script contains the initial problem values and the
problem goal and operators. The system is a planning system: it
builds a plan using the operators to reach the goal. There is an
option to find all solutions if there is more than one. If a
solution is found the system outputs a Python program solving the
problem and showing the solution.</p>
<p>We have been building a dynamic agent environment where the
agents can use our planning system to perform tasks.</p>
<p>Implementations of this thesis are at the moment included at,
the home page of the Russell and Norvig book on Artificial Intelligence.
</p>A gentle overview of categories and enriched categories2002-04-02T13:30:00+02:002002-04-02T13:30:00+02:00Vincent Schmitt (University of Leicester)tag:event.cwi.nl,2002-04-02:/acg/presentations/a-gentle-overview-of-categories-and-enriched-categories<p>Category theory has been successful in mathematics and computer
science. It is a very useful language to describe external properties
of mathematical objects. It serves to compare mathematical theories
when viewed as categories. Eventually category theory is also nice and
has its own concepts: adjunctions, yoneda Lemma, Kan extensions..</p>
<p>Enriched …</p><p>Category theory has been successful in mathematics and computer
science. It is a very useful language to describe external properties
of mathematical objects. It serves to compare mathematical theories
when viewed as categories. Eventually category theory is also nice and
has its own concepts: adjunctions, yoneda Lemma, Kan extensions..</p>
<p>Enriched category theory (ECT) intends to described richer interactions
of objects. Roughly speaking, interactions between objects a,b of a
(classical) category are captured by the set, Hom(a,b) of arrows
from a to b. In an enriched category the Hom(a,b) may not be a set anymore
but roughly any other good kind of object. A theory of enriched categories
has been developed (Eilenberg, Kelly, Dubuc, Street, Lawvere...).
It is similar to the classical theory of categories.
The applications of ECT are multiple: metric spaces, automata,
domains, sheaves, commutative algebra, and much more.</p>
<p>I will recall quickly the basis of categories, introduce enriched ones,
and discuss applications.
</p>The TRIAL-SOLUTION project: keyphrase recognition in mathematical textbooks2002-03-26T13:30:00+01:002002-03-26T13:30:00+01:00Michiel Hazewinkel (CWI)tag:event.cwi.nl,2002-03-26:/acg/presentations/the-trial-solution-project-keyphrase-recognition-in-mathematical-textbooks<p>TRAIL-SOLUTION stands for: Tools for Reusable Integrated Adaptable
Learning - Systems/standards for Open Learning Using Tested
Interoperable Objects and Networking. This is an IST project, funded
by the European Commission, in which a number of universities,
research institutes, software houses and publishers cooperate.</p>
<p>The central objective of the project is …</p><p>TRAIL-SOLUTION stands for: Tools for Reusable Integrated Adaptable
Learning - Systems/standards for Open Learning Using Tested
Interoperable Objects and Networking. This is an IST project, funded
by the European Commission, in which a number of universities,
research institutes, software houses and publishers cooperate.</p>
<p>The central objective of the project is to provide learners, teachers
and authors with tools to re-use learning objects from existing teaching
materials. This is to be realized by a combination of: decomposition of
documents into re-usable semantic units (slices); addition of meta-data
to characterize these slices; automated knowledge management that uses
meta-data and knowledge about the user's current situation to compose
personalized documents to be delivered over the net.</p>
<p>The part of CWI in this project is to assign meta-data to these
slices by using an automatic keyphrase assigner. Based on a pre-defined
list of keyphrases and associated keywords, keyphrases can be assigned
to a slice, when sufficient keywords are found in that slice.</p>
<p>This talk will start with an overview of the project, its objectives
and methodologies. Then it focuses on the CWI part, viz.
keyphrase recognition: the concepts, the implementation
and some of the problems encountered during this work:
mainly how to define appropriate lists of keyphrases.
Also a design will be presented how to get such lists of keyphrases
from suitable textbooks in (semi-)automated way.
</p>GSOS for probabilistic transition systems2002-02-26T13:30:00+01:002002-02-26T13:30:00+01:00Falk Bartels (CWI)tag:event.cwi.nl,2002-02-26:/acg/presentations/gsos-for-probabilistic-transition-systems<p>The talk will be about a recently finished paper of the same name
(obtainable via my homepage at
http://www.cwi.nl/~bartels).</p>
<p>Transition systems are often specified by operational rules in GSOS
format, the models of which are known to be well behaved in many
respects. Turi and Plotkin …</p><p>The talk will be about a recently finished paper of the same name
(obtainable via my homepage at
http://www.cwi.nl/~bartels).</p>
<p>Transition systems are often specified by operational rules in GSOS
format, the models of which are known to be well behaved in many
respects. Turi and Plotkin have shown a close relation between such
rule sets and their models on the one hand and natural transformations
of a certain shape and a class of bialgebras they identify on the
other hand. Since the latter formulation generalizes the format to
arbitrary types of systems, they called it abstract GSOS. It turns
out that several properties of the models can be shown in the abstract
setting already. In addition to being more elegant, these proofs have
the advantage of covering behaviours different from that of
(nondeterministic) labelled transitions systems.</p>
<p>To substantiate this point, we turn to (reactive) probabilistic transition
systems. A powerful (concrete) rule format for them is introduced
which gives rise to specifications in the corresponding instance of
abstract GSOS. From this one can conclude that their models are well
behaved in the sense that e.g. the greatest bisimulation is a
congruence for their operators and that they make bisimulation
up-to-context a valid proof principle for bisimilarity.
</p>C-six: constructing a coinductive and compositional calculus of component connectors2002-02-13T13:30:00+01:002002-02-13T13:30:00+01:00Jan Rutten (CWI & VU)tag:event.cwi.nl,2002-02-13:/acg/presentations/c-six-constructing-a-coinductive-and-compositional-calculus-of-component-connectors<p>Note that the presentation exceptionally will be given on a Wednesday.</p>
<p>We present an abstract version of (a fragment of) Reo, a framework for
building component connectors out of channels, recently introduced by
Farhad Arbab A relational model will be constructed in terms of
streams, that is, infinite sequences. The …</p><p>Note that the presentation exceptionally will be given on a Wednesday.</p>
<p>We present an abstract version of (a fragment of) Reo, a framework for
building component connectors out of channels, recently introduced by
Farhad Arbab A relational model will be constructed in terms of
streams, that is, infinite sequences. The set of all streams is a
final coalgebra and therewith comes equipped with coinduction
definition and proof principles. One of the crucial features of Reo is
the fact that through subtle timing, various coordination patters can
be established. This will be captured in our model by considering not
only data streams but also so-called time streams. Thus we shall have
a double benefit of our coinductive machinery: it applies both to data
and to time streams. </p>A coordination-based framework for parallel constraint solving2002-01-29T13:30:00+01:002002-01-29T13:30:00+01:00Peter Zoeteweij (CWI)tag:event.cwi.nl,2002-01-29:/acg/presentations/a-coordination-based-framework-for-parallel-constraint-solving<p>In this talk, I will present a framework for the configuration of
parallel constraint solvers. The framework is implemented in the
Manifold coordination language, and provides coordination services to
software components in four categories: domain types for the variables
of a constraint satisfaction problem (CSP), (incomplete) constraint
solvers that reduce …</p><p>In this talk, I will present a framework for the configuration of
parallel constraint solvers. The framework is implemented in the
Manifold coordination language, and provides coordination services to
software components in four categories: domain types for the variables
of a constraint satisfaction problem (CSP), (incomplete) constraint
solvers that reduce the domains of CSP variables, schemes for
splitting the domains of variables, and search strategies.</p>
<p>The coordination services implement
a distributed constraint propagation algorithm,
a distributed termination detection algorithm, and
a mechanism for splitting the domains of CSP variables in order to
facilitate search.</p>
<p>The constraint propagation algorithm applies (incomplete) solvers until
none of the domains of the CSP variables can be reduced any further.
In general, this will not lead to a solution to the CSP, and propagation has
to be interleaved with splitting the domain of a variable in order to
systematicaly search for solutions. Termination detection is needed because
most obvious strategies will not want to consider splitting the domain of a
variable until constraint propagation has finished.</p>
<p>In addition to the three algorithmic ingredients of a complete distributed
solver that are implemented by the coordination services, we will discuss the
component model of the framework, the set of components that are currently
available, and the input language used for the configuration of solvers.
</p>A complete deductive calculus for (implications of) coequations2002-01-15T13:30:00+01:002002-01-15T13:30:00+01:00Jesse Hughes (KUN)tag:event.cwi.nl,2002-01-15:/acg/presentations/a-complete-deductive-calculus-for-implications-of-coequations<p>We begin with a brief introduction to coalgebras for an endofunctor
and discuss the duals of Birkhoff's variety theorem and the
quasi-variety theorem. These theorems suggest a notion of coequations
for categories of coalgebras. Namely, we take coequations to be
predicates over the carrier of cofree coalgebras, where coequation
satisfaction …</p><p>We begin with a brief introduction to coalgebras for an endofunctor
and discuss the duals of Birkhoff's variety theorem and the
quasi-variety theorem. These theorems suggest a notion of coequations
for categories of coalgebras. Namely, we take coequations to be
predicates over the carrier of cofree coalgebras, where coequation
satisfaction is interpreted in terms of projectivity. This
development suggests the question: What is the dual of Birkhoff's
completeness theorem? Previously, we have seen that the formal dual
consists of two modal operators on coequations, that is, closure under
deductive rules dualized to yield two interior operators. Now we
extend this result by offering a simple deductive calculus for
reasoning about coequations and show that it is complete.
Furthermore, we also discuss a deductive calculus for implications
between coequations and sketch the completeness proof for it. </p>Verification of security protocols using Casper and FDR2001-12-18T13:30:00+01:002001-12-18T13:30:00+01:00Erik de Vink (TUE & CWI)tag:event.cwi.nl,2001-12-18:/acg/presentations/verification-of-security-protocols-using-casper-and-fdr<p>Security protocols are relatively small and need to be right. One can
interpret these protocols as messages exchanged between agents that
might be intercepted or altered by an intruder. Therefore, a security
protocol can be represented as a system of parallel CSP processes that
correspond to the agents and intruder …</p><p>Security protocols are relatively small and need to be right. One can
interpret these protocols as messages exchanged between agents that
might be intercepted or altered by an intruder. Therefore, a security
protocol can be represented as a system of parallel CSP processes that
correspond to the agents and intruder.</p>
<p>Secrecy and authentication requirements can be expressed as trace
properties. In order to show that a security protocol meets its security
requirements thus amounts to verification of the trace properties of the
corresponding CSP system.</p>
<p>Casper, a tool developed by Gavin Lowe, helps translating transaction
based protocol descriptions into CSP. FDR, a model checker for CSP
developed by Bill Roscoe et al., can be used to check the required trace
properties. We illustrate the use of these tools for a few simple
protocols.
</p>Coalgebraic Modalities and Logics for Process Transformations2001-12-11T13:30:00+01:002001-12-11T13:30:00+01:00Alexandru Baltag (Oxford University (formerly CWI))tag:event.cwi.nl,2001-12-11:/acg/presentations/coalgebraic-modalities-and-logics-for-process-transformations<p>Starting originally from my previous work on formalizing "epistemic
actions" (joint work with L. Moss and S. Solecki), I have been
recently working on logics for process transformations. A process
transformation is a partial map from processes to processes, with the
property that it's bisimulation-preserving: bisimilar processes are
mapped to …</p><p>Starting originally from my previous work on formalizing "epistemic
actions" (joint work with L. Moss and S. Solecki), I have been
recently working on logics for process transformations. A process
transformation is a partial map from processes to processes, with the
property that it's bisimulation-preserving: bisimilar processes are
mapped to bisimilar processes. Some transformations can be considered
themselves as processes, by endowing them with a transition structure
in a natural way: I call these process updates.</p>
<p>A modal logic for processes is a logic describing unary properties
(predicates) of processes which are bisimulation-invariant:
this means such properties are preserved under bisimulation.
Standard modal logic, PDL, mu-calculus, various extensions of PDL
are examples of such logics. All such logics must be based on
modalities which are "safe for bisimulation": when applied to
bisimulation-invariant predicates, they should yield bisimulation-invariant
properties. I show that <em>any</em> process transformation can be used
to produce such a modality. I give examples of non-standard modal
logics which arise in this way: e.g. "update logics" correspond to
update transformations. I show that some update modalities
are not definable in mu-calculus, or in any logic with a "classical"-style
semantics, due to their lack of what I call "strong compositionality":
their semantics is essentially based on "doing things to processes"
and not just on "what processes do to things".</p>
<p>I put all this into a coalgebraic perspective, defining all the above notions,
first for a particular simple notion of process, and then in general for
the abstract notion of processes as F-coalgebras, for an arbitrary
functor F. Process transformations are functors on the category
of pointed coalgebras, while process logics are logics for which the
truth-map is a functor. I put these notions in the general perspective
on "coalgebraic modalities as natural transformations" based on "predicate-lifting",
provided by the work of A. Kurz and D. Pattinson. I compare
my notions with theirs, first generalizing it to a notion of
"natural predicate transformers", which is closed under all natural
operations with modalities. I show that my notion of modal predicates is
essentially the same as theirs, while our notions of modality differ.
I further generalize this notion to "natural predicate updates",
which captures update modalities coagebraically.
</p>Towards a Formal Specification of Reo2001-12-04T13:30:00+01:002001-12-04T13:30:00+01:00Farhad Arbab (CWI & LIACS)tag:event.cwi.nl,2001-12-04:/acg/presentations/towards-a-formal-specification-of-reo<p>In this talk, we discuss our on-going work on the formal specification
of Reo. Reo is a paradigm for composition of software components
based on the notion of mobile channels. The main focus of attention
in Reo is the channels and operations on them, not the processes that
operate on …</p><p>In this talk, we discuss our on-going work on the formal specification
of Reo. Reo is a paradigm for composition of software components
based on the notion of mobile channels. The main focus of attention
in Reo is the channels and operations on them, not the processes that
operate on them or the components that they are connected to. The
composition operations in Reo combine various channel types to produce
complex dynamic topologies of ``connectors'' to which processes or
components can be attached.</p>
<p>Channel composition in Reo is a very powerful
mechanism for construction of connectors.
For instance, we have demonstrated that
exogenous coordination patterns that can be expressed as (meta-level)
regular expressions over I/O operations can be composed in Reo out
of a small set of only five primitive channel types.
</p>Automatic generation of proof-outline for Java2001-11-27T15:00:00+01:002001-11-27T15:00:00+01:00Marcel Kyas (University of Kiel)tag:event.cwi.nl,2001-11-27:/acg/presentations/automatic-generation-of-proof-outline-for-java<p>Marcel Kyas will present his work on the project MobiJ and Omega.</p>
<p>In this talk I will present a tool generating proof-outline as PVS
theories from a Java class. </p>Modal Properties as Natural Transformations2001-11-20T13:30:00+01:002001-11-20T13:30:00+01:00Alexander Kurz (CWI)tag:event.cwi.nl,2001-11-20:/acg/presentations/modal-properties-as-natural-transformations<p>Since there will be enough time, I will use the opportunity to start the
talk with a general introduction to natural transformations and examples
of applications in computer science.</p>
<p>The semantics of a modal formula is an operation assigning to any
model (Kripke frame) A, to any valuation of atomic …</p><p>Since there will be enough time, I will use the opportunity to start the
talk with a general introduction to natural transformations and examples
of applications in computer science.</p>
<p>The semantics of a modal formula is an operation assigning to any
model (Kripke frame) A, to any valuation of atomic propositions v, and
any element a in A a truth value, ie the semantics of a modal formula
is an operation</p>
<p>Models x Valuations x Elements --> Truthvalues</p>
<p>We show that invariance of modal formulas under bisimulation corresponds
precisely to the requirement that this operation be natural.</p>
<p>As an application of this observation, one obtains a new way of making
precise the intuition that modal formulas are a concept dual to
equations (equations as known in algebra or from the specification of
data types).
</p>A proof theory for the multi-threaded flow of control in Java2001-11-06T13:30:00+01:002001-11-06T13:30:00+01:00Frank de Boer (CWI & LIACS)tag:event.cwi.nl,2001-11-06:/acg/presentations/a-proof-theory-for-the-multi-threaded-flow-of-control-in-java<p>In this talk I'll give on overview of an assertion proof method for
reasoning about threads in Java. The proof method integrates in a
modelar manner an intereference freedom test for the shared variable
concurrency within an object and the cooperation test for reasoning
about method calls. </p>Coinductive counting with weighted automata and continued fractions - part 22001-10-25T16:45:00+02:002001-10-25T16:45:00+02:00Jan Rutten (CWI & VU)tag:event.cwi.nl,2001-10-25:/acg/presentations/coinductive-counting-with-weighted-automata-and-continued-fractions-part-2<p>We shall elaborate on Sections 13-17 of the recently appeared CWI
report</p>
<p>Elements of stream calculus
(an extensive exercise in coinduction)
SEN-R0120</p>
<p>by treating a number of additional examples of what could
be called `coinductive counting'.
The main idea is to enumerate the structures to be
counted (such as binary …</p><p>We shall elaborate on Sections 13-17 of the recently appeared CWI
report</p>
<p>Elements of stream calculus
(an extensive exercise in coinduction)
SEN-R0120</p>
<p>by treating a number of additional examples of what could
be called `coinductive counting'.
The main idea is to enumerate the structures to be
counted (such as binary trees, subset partitions, and the like)
in the form of a tree-shaped weighted automaton;
then to simplify that automaton (up to stream bisimulation);
in order to finally obtain a closed expression for the
stream of counts (for instance, the stream of natural numbers
of possible partitions of sets consisting of 0,1,2, ... elements).</p>
<p>In contrast to this operational-semantics type of counting,
we shall also look briefly at an alternative
approach, which is in some respect analogous to the
denotational or domain-theoretic style of semantics.
</p>On Coequations2001-10-25T16:00:00+02:002001-10-25T16:00:00+02:00Alexander Kurz (CWI)tag:event.cwi.nl,2001-10-25:/acg/presentations/on-coequations<p>Joint work with Jiri Rosicky, Brno.</p>
<p>Lawvere introduced the idea to consider as equations expressions t=t'
where t,t' are natural transformations U^n-->U, U being the forgetful
functor U:Alg-->Set. This idea is dualised to coalgebras, and
differences and analogies to the algebraic case are dicussed …</p><p>Joint work with Jiri Rosicky, Brno.</p>
<p>Lawvere introduced the idea to consider as equations expressions t=t'
where t,t' are natural transformations U^n-->U, U being the forgetful
functor U:Alg-->Set. This idea is dualised to coalgebras, and
differences and analogies to the algebraic case are dicussed. In
particular, we show the analog of Reiterman's theorem which
characterises equationally definable classes in the absence of free
algebras (equationally in the sense mentioned above). </p>Horn coequations2001-10-25T14:45:00+02:002001-10-25T14:45:00+02:00Jesse Hughes (KUN)tag:event.cwi.nl,2001-10-25:/acg/presentations/horn-coequations<p>We give a brief summary of the Horn variety, quasivariety and Birkhoff
variety theorems (using the H, S, P and P+ closure operators) for
categories of algebras for an endofunctor and dualize these results to
yield formally dual theorems for categories of coalgebras. While the
notions of coequations and conditional …</p><p>We give a brief summary of the Horn variety, quasivariety and Birkhoff
variety theorems (using the H, S, P and P+ closure operators) for
categories of algebras for an endofunctor and dualize these results to
yield formally dual theorems for categories of coalgebras. While the
notions of coequations and conditional coequations have been covered
in some detail previously, this is the first dualization of sets of
so-called Horn equations (which include negations of equations). We
provide a few natural examples of "Horn covarieties" and close with a
brief discussion of "cofree-for-V" coalgebras. </p>GSOS for probabilistic systems2001-10-25T14:00:00+02:002001-10-25T14:00:00+02:00Falk Bartels (CWI)tag:event.cwi.nl,2001-10-25:/acg/presentations/gsos-for-probabilistic-systems<p>In the setting of (nondeterministic) labeled transition systems, Turi
and Plotkin [1] found that GSOS rules essentially correspond to
natural transformations of a certain type, which they call abstract
GSOS. Those in turn correspond to distributive laws of a monad over a
copointed functor as Lenisa, Power, and Watanabe [2 …</p><p>In the setting of (nondeterministic) labeled transition systems, Turi
and Plotkin [1] found that GSOS rules essentially correspond to
natural transformations of a certain type, which they call abstract
GSOS. Those in turn correspond to distributive laws of a monad over a
copointed functor as Lenisa, Power, and Watanabe [2] explain.</p>
<p>In previous work we have shown that the operators defined by this type
of specification are well behaved in the sense that</p>
<p>guarded recursive equations involving them have unique solutions
and that</p>
<p>they yield a valid bisimulation up-to-context technique.</p>
<p>In this talk we consider transition systems involving both,
nondeterminism and probability, and introduce an SOS-style
specification format for them. To prove that the format is well
behaved, it is shown that it is related to the corresponding instance of
abstract GSOS.
[1]</p>
<p>D. Turi and G Plotkin,
Towards a mathematical operational semantics,
LICS'97
[2]</p>
<p>M. Lenisa, J. Power, and H. Watanabe,
Distributivity for endofunctors, pointed and copointed endofunctors,
monads and comonads,
CMCS 2000
</p>From Coalgebras to (labeled) transition systems.2001-10-25T12:15:00+02:002001-10-25T12:15:00+02:00Bart Jacobs (KUN)tag:event.cwi.nl,2001-10-25:/acg/presentations/from-coalgebras-to-labeled-transition-systems<p>For a specific coalgebra one often uses an (ad hoc) transition
notation `x -> y', possibly with labels. This talk will discuss a
uniform way to associate such a transition relation with a coalgebra,
of a polynomial functor F over Sets. More precisely, it will introduce
a canonical functor</p>
<div class="highlight"><pre><span></span> <span class="n">CoAlg</span><span class="p">(</span><span class="n">F …</span></pre></div><p>For a specific coalgebra one often uses an (ad hoc) transition
notation `x -> y', possibly with labels. This talk will discuss a
uniform way to associate such a transition relation with a coalgebra,
of a polynomial functor F over Sets. More precisely, it will introduce
a canonical functor</p>
<div class="highlight"><pre><span></span> <span class="n">CoAlg</span><span class="p">(</span><span class="n">F</span><span class="p">)</span> <span class="c1">--> CoAlg(P)</span>
</pre></div>
<p>from the category of F-coalgebras to the category of powerset
coalgebras (or unlabeled transition systems). This functor will
be defined via the temporal logic for coalgebras.</p>
<p>In the end, it will also be shown how a <em>labeled</em> transition
system can be obtained, from such an F-coalgebra.
</p>Modeling infinite probabilistic choices using an ultrametric version of kernels2001-10-09T13:30:00+02:002001-10-09T13:30:00+02:00Jerry den Hartog (TUE (formerly CWI))tag:event.cwi.nl,2001-10-09:/acg/presentations/modeling-infinite-probabilistic-choices-using-an-ultrametric-version-of-kernels<p>Joint work with Erik de Vink (University of Eindhoven)</p>
<p>In this presentation the applicability of an ultrametric version of
stochastic kernels, which extend the notion of compact support
measures, is studied in the context of a language with random
assignment. In the random assignment the value assigned to a variable …</p><p>Joint work with Erik de Vink (University of Eindhoven)</p>
<p>In this presentation the applicability of an ultrametric version of
stochastic kernels, which extend the notion of compact support
measures, is studied in the context of a language with random
assignment. In the random assignment the value assigned to a variable
is selected according to a measure over the ultrametric space of
values. To find the operational meaning for a program in this
language it is necessary to compose the measures of different random
assignments in the program. To be able to do this, the operational
semantics is modeled as a kernel.</p>
<p>It is shown that the version of kernels used fits well within
the metric framework. The use of ultrametric kernels, however,
restrict the possible applications. An important example of
infinite probabilistic choices are those made according to a
continuous distributions over the real numbers. As the space
of real numbers with the usual Euclidean metric is not an
ultrametric space, it cannot be used as a space of values.
The limitations created by the use of ultrametric spaces as
well as a way of modeling spaces like the natural numbers and
the real number using ultrametric spaces are illustrated by
giving some simple examples.
</p>Beyond Mu-Calculus: strong logics for strong bisimulation2001-09-25T13:30:00+02:002001-09-25T13:30:00+02:00Alexandru Baltag (Oxford University (formerly CWI))tag:event.cwi.nl,2001-09-25:/acg/presentations/beyond-mu-calculus-strong-logics-for-strong-bisimulation<p>In dealing with transition systems, it is natural to look for logics
having the following desirable properties: (1) invariance under
(strong) bisimulation (i.e. truth of formulas is preserved by strong
bisimulation); (2) decidability.</p>
<p>Standard modal logic and some of its
important extensions (logic with star-diamonds for the transitive
closure …</p><p>In dealing with transition systems, it is natural to look for logics
having the following desirable properties: (1) invariance under
(strong) bisimulation (i.e. truth of formulas is preserved by strong
bisimulation); (2) decidability.</p>
<p>Standard modal logic and some of its
important extensions (logic with star-diamonds for the transitive
closure of the transition relation, dynamic modal logic, standard
temporal logic with only forward modalities, mu-calculus) have these
two properties. Until recently, mu-calculus was the strongest
"naturally-defined" logic that I knew having these properties. In
fact, mu-calculus can even be seen to be "maximal" in some sense with
respect to property (1): it is known that mu-calculus is (equivalent
to) the largest fragment of monadic second-order logic which is
invariant under bisimulation.</p>
<p>In this talk, I will define a class of logics, called "update logics".
The name comes from the fact that some versions of these logics were
first introduced in my previous work on "epistemic actions", i.e. as
logics to model the updating of information in multi-agent systems
(joint work with L. Moss and S. Sloecki). Here I stick with a
different interpretation of these formalisms, as logics for "updating"
or "controlling" a transition system. As such, the "action modalities"
can be understood to model a class of "program transformations", which
preserve bisimilarity.</p>
<p>I give examples of update formulas and their interpretations and models,
I show all these logics are invariant under bisimulation, but some of
them cannot be embedded in mu-calculus (and hence, by the above
result, cannot be embedded in monadic second-order logic either). I
present a proof system and I sketch an attempt to show completeness
and decidability for some fragments of this logic. The general
completeness and decidability problem is open.
</p>Coinductive counting with weighted automata and continued fractions - part 12001-09-11T13:30:00+02:002001-09-11T13:30:00+02:00Jan Rutten (CWI & VU)tag:event.cwi.nl,2001-09-11:/acg/presentations/coinductive-counting-with-weighted-automata-and-continued-fractions-part-1<p>We shall elaborate on Sections 13-17 of the recently appeared CWI
report</p>
<p>Elements of stream calculus
(an extensive exercise in coinduction)
SEN-R0120</p>
<p>by treating a number of additional examples of what could
be called `coinductive counting'.</p>
<p>The main ideas are to enumerate the structures to be
counted (such as binary …</p><p>We shall elaborate on Sections 13-17 of the recently appeared CWI
report</p>
<p>Elements of stream calculus
(an extensive exercise in coinduction)
SEN-R0120</p>
<p>by treating a number of additional examples of what could
be called `coinductive counting'.</p>
<p>The main ideas are to enumerate the structures to be
counted (such as binary trees, subset partitions, and the like)
in the form of a tree-shaped weighted automaton;
then to simplify that automaton (up to stream bisimulation);
in order to finally obtain a closed expression for the
stream of counts (for instance, the stream of natural numbers
of possible partitions of sets consisting of 0,1,2, ... elements).</p>
<p>In contrast to this operational-semantics type of counting,
we shall also look briefly at an alternative
approach, which is in some respect analogous to the
denotational or domain-theoretic style of semantics.
</p>Coordination of Mobile Components2001-09-04T13:30:00+02:002001-09-04T13:30:00+02:00Farhad Arbab (CWI & LIACS)tag:event.cwi.nl,2001-09-04:/acg/presentations/coordination-of-mobile-components<p>In this talk, we present Reo, a paradigm for composition of software
components based on the notion of mobile channels. Both components
and channels are mobile in Reo, in the sense that (1) components can
move at any time from one location to another, retaining their
existing channel links, and …</p><p>In this talk, we present Reo, a paradigm for composition of software
components based on the notion of mobile channels. Both components
and channels are mobile in Reo, in the sense that (1) components can
move at any time from one location to another, retaining their
existing channel links, and (2) the same channels can be disconnected
and reconnected to other components, thus dynamically changing the
topology of inter-component communication. The component composition
paradigm of Reo is in the style of the IWIM coordination model, and is
an extension of our earlier work on a formal-logic-based component
interface description language to convey the observable semantics of
components. The main focus of attention in Reo is the channels and
operations on them, not the processes that operate on them or the
components they are connected to. The composition operations in Reo
combine various channel types to produce complex dynamic topologies of
``connectors'' to which processes or components can be attached. </p>Recent trends in object oriented verification2001-07-10T13:30:00+02:002001-07-10T13:30:00+02:00Frank de Boer (CWI & LIACS)tag:event.cwi.nl,2001-07-10:/acg/presentations/recent-trends-in-object-oriented-verification<p>I'll discuss an assertional proof method for reasoning about the
multi-threaded flow of control in Java. This method combines in a
modular manner two well-known proof-methods: the Owicki-Gries method
for shared-variable concurrency and the Apt-Francez- de Roever method
for CSP. </p>Axiomatizing GSOS with termination2001-06-12T13:30:00+02:002001-06-12T13:30:00+02:00Erik de Vink (TUE & CWI)tag:event.cwi.nl,2001-06-12:/acg/presentations/axiomatizing-gsos-with-termination<p>Aceto, Bloom and Vaandrager showed for the GSOS-format how to generate
sound and complete axiomatizations. We add to the GSOS-format a notion
of termination and adapt the axiomatization technique for this
setting. The result is twofold: successful termination and deadlock
are treated separately; the resulting axiom systems are in several …</p><p>Aceto, Bloom and Vaandrager showed for the GSOS-format how to generate
sound and complete axiomatizations. We add to the GSOS-format a notion
of termination and adapt the axiomatization technique for this
setting. The result is twofold: successful termination and deadlock
are treated separately; the resulting axiom systems are in several
cases more appealing. </p>Rho: A Channel-based Coordination Paradigm for Mobile Components2001-05-08T13:30:00+02:002001-05-08T13:30:00+02:00Farhad Arbab (CWI & LIACS)tag:event.cwi.nl,2001-05-08:/acg/presentations/rho-a-channel-based-coordination-paradigm-for-mobile-components<p>In this talk we present Rho, a paradigm for composition of software
components based on the notion of mobile channels. The coordination
in Rho is in the same style as in the IWIM model. However, the main
focus of attention in Rho is the channels and operations on them, not …</p><p>In this talk we present Rho, a paradigm for composition of software
components based on the notion of mobile channels. The coordination
in Rho is in the same style as in the IWIM model. However, the main
focus of attention in Rho is the channels and operations on them, not
the processes or components. The composition operations in Rho
combine various channel types to produce complex topologies of "plugs"
where processes or components can be attached. </p>Shared Data Space Systems: Verification and Expressiveness Results2001-04-24T13:30:00+02:002001-04-24T13:30:00+02:00Jaco van de Pol (CWI)tag:event.cwi.nl,2001-04-24:/acg/presentations/shared-data-space-systems-verification-and-expressiveness-results<p>In shared data space architectures, several applications coordinate by
reading and writing to a common data store. In this talk we view the
data space as a separate process. We show how a number of variants of
shared data space architectures can be easily modeled in muCRL, at
various levels …</p><p>In shared data space architectures, several applications coordinate by
reading and writing to a common data store. In this talk we view the
data space as a separate process. We show how a number of variants of
shared data space architectures can be easily modeled in muCRL, at
various levels of abstraction. The main examples of such shared data
spaces are Splice (developed at Thales company) and JavaSpaces
(developed at Sun Microsystems and derived from Linda).</p>
<p>The main goal of modelling shared data spaces in $mu$CRL is to use
the muCRL toolset for the verification of systems based on these
architectures. We demonstrate the verification of some small
examples. In particular we emphasize the enormous state space
reductions that are obtained by applying the techniques that we have
been developing in recent years.</p>
<p>Besides verification technology, we have also used the muCRL
description to prove some expressiveness results for a very basic
version of Splice. In this version, the only operations are "write"
and "blocking non-destructive read" on a global set. It appears that
every global requirements specification (described in muCRL) has a
distributed implementation on this weak architecture.
</p>Coordination and component based software architecture2001-04-10T13:30:00+02:002001-04-10T13:30:00+02:00Michel Chaudron (TUE)tag:event.cwi.nl,2001-04-10:/acg/presentations/coordination-and-component-based-software-architecture<p>The coordination principle is often cited as: separate computation
from coordination. I will present a method for the design of parallel
programs based on this principle.</p>
<p>This coordination principle can be extrapolated: separate
those aspects of a system that can change independently.
In the second part of this talk I …</p><p>The coordination principle is often cited as: separate computation
from coordination. I will present a method for the design of parallel
programs based on this principle.</p>
<p>This coordination principle can be extrapolated: separate
those aspects of a system that can change independently.
In the second part of this talk I will discuss the relevance
of this principle for component based software architecting.
In particular I will present some requirements for component
based software engineering, some design dimensions for component
models and some work in progress towards a formalization of
component based software architectures.
</p>Reasoning about probability and nondeterminism2001-03-27T13:30:00+02:002001-03-27T13:30:00+02:00Jerry den Hartog (TUE (formerly CWI))tag:event.cwi.nl,2001-03-27:/acg/presentations/reasoning-about-probability-and-nondeterminism<p>In previous presentations a notion of probabilistic predicate and a
Hoare style logic have been introduced. A basic probabilistic
predicate gives the probability of a certain property. The predicates
can be combined with both logical operators and arithmetical
operators.</p>
<p>In this presentation a language with both nondeterminism
and probability is …</p><p>In previous presentations a notion of probabilistic predicate and a
Hoare style logic have been introduced. A basic probabilistic
predicate gives the probability of a certain property. The predicates
can be combined with both logical operators and arithmetical
operators.</p>
<p>In this presentation a language with both nondeterminism
and probability is considered. The result of executing
a program in this language will be a state with both
nondeterminism and probability. The probabilistic
predicates can also be used to specify properties of
these nondeterministic probabilistic states.</p>
<p>The Hoare style logic for reasoning about probabilistic
programs is extended by adding a rule to deal with
nondeterministic programs. The added rule is the same
as the rule for nondeterminism known from Hoare logic.</p>
<p>An example illustrates the use of the logic and also
shows how the logic can be used to check the results
of a given probabilistic strategy for one player in
a two player game.
</p>Elements of stream calculus2001-02-27T13:30:00+01:002001-02-27T13:30:00+01:00Jan Rutten (CWI & VU)tag:event.cwi.nl,2001-02-27:/acg/presentations/elements-of-stream-calculus<p>As an extensive exercise in the use of coinductive techniques, the set
of all streams (here: infinite sequences of real numbers) is turned
into a calculus in two ways:</p>
<p>the operation of `tail' of a stream is taken as a formal
notion of derivative: (s0, s1, s2, ...) ' = (s1, s2, s3 …</p><p>As an extensive exercise in the use of coinductive techniques, the set
of all streams (here: infinite sequences of real numbers) is turned
into a calculus in two ways:</p>
<p>the operation of `tail' of a stream is taken as a formal
notion of derivative: (s0, s1, s2, ...) ' = (s1, s2, s3, ...)</p>
<p>a set of operators on streams is fixed, including convolution
product, shuffle product, and their inverse, and a number of
algebraic identities (laws) are proved.</p>
<p>In the stream calculus that is thus obtained, it is possible to
solve so-called behavioural differential equations
(equations for defining streams, formulated in terms of
stream derivatives and the operators) in an algebraic fashion.
The calculus will then be applied to
(giving at the same time a unified perspective on):</p>
<p>the solution of difference equations (recurrence relations)</p>
<p>the solution of (certain families of) analytical
differential equations</p>
<p>coinductive counting</p>
<p>generalized nondeterministic automata
(including probabilistic ones)</p>
<p>The work presented builds on and extends my recent report:</p>
<p>Behavioural differential equations:
a coinductive calculus of streams, automata, and power series.
Technical Report SEN-R0023, CWI, Amsterdam, 2000.
</p>Implementation of Mobile Channels2001-02-13T13:30:00+01:002001-02-13T13:30:00+01:00Juan Guillen-Scholten (CWI)tag:event.cwi.nl,2001-02-13:/acg/presentations/implementation-of-mobile-channels<p>Joint-work with F. Arbab, M.M. Bonsangue, and F.S. de Boer.</p>
<p>A mobile channel is a link that provides an asynchronous and anonymous
means of communication between two components in a distributed system
. A channel is called mobile if either of its (channel-)ends can be
moved from one …</p><p>Joint-work with F. Arbab, M.M. Bonsangue, and F.S. de Boer.</p>
<p>A mobile channel is a link that provides an asynchronous and anonymous
means of communication between two components in a distributed system
. A channel is called mobile if either of its (channel-)ends can be
moved from one component to another without the knowledge of the
component at its other end.</p>
<p>Such mobility allows dynamic reconfiguration of channel connections among
the components in a system, a property that is very useful and even crucial
in systems where the components themselves are mobile. Examples include
software for mobile telephones and wearable computers, as well as for
smart-card-based electronic commerce.</p>
<p>To our knowledge, no efficient implementation for a general mobile channel
has been presented in the literature. In this talk, we present and discuss
such an implementation.
</p>Generalised Coinduction2001-01-30T13:30:00+01:002001-01-30T13:30:00+01:00Falk Bartels (CWI)tag:event.cwi.nl,2001-01-30:/acg/presentations/generalised-coinduction<p>The carrier sets of final coalgebras have been shown (amongst others
by Jan Rutten) to be a suitable domain to model infinite datatypes or
the behaviour of dynamical systems. The basic means to characterise
their elements (also called states here) is the coiteration schema,
which is directly related to the …</p><p>The carrier sets of final coalgebras have been shown (amongst others
by Jan Rutten) to be a suitable domain to model infinite datatypes or
the behaviour of dynamical systems. The basic means to characterise
their elements (also called states here) is the coiteration schema,
which is directly related to the notion of finality. We propose the
lambda-coiteration schema as a generalisation. Besides capturing other
known extended formats we show that it can be used to justify
definitions involving composition operators of a certain type, which
are related to guarded recursive specifications.</p>
<p>Furthermore, the lambda-coiteration schema comes together with a proof
principle that can be used to establish the <code>bisimilarity' of states,
which is the canonical notion of behavioural equivalence considered in
coalgebra (also called</code>strong bisimilarity' in process
algebra). Conventionally such results are obtained using bisimulation
relations. It turns out that one can alternatively work with relations
satisfying a weaker condition that we call lambda-bisimulations. This
is shown to enable considerably simpler proofs.</p>
<p>The resulting proof technique bears some similarity with the
`bisimulation proof method' by Sangiorgi (Math. Structures in
Comp. Science, 1998). The relation of the presented approach to his
will be discussed in the last part of the talk.
</p>Modelling decentralized Control Problems using the Logic of Epistemic Actions2001-01-16T13:30:00+01:002001-01-16T13:30:00+01:00Alexandru Baltag (Oxford University (formerly CWI))tag:event.cwi.nl,2001-01-16:/acg/presentations/modelling-decentralized-control-problems-using-the-logic-of-epistemic-actions<p>I am reintroducing a modal logic of epistemic actions (some versions
of which were already presented at previous ACG meetings) and
exploring its applications to discrete-event control problems with
decentralized supervisors, who can only partially observe events but
who may be able to communicate with each other.</p>
<p>The idea to …</p><p>I am reintroducing a modal logic of epistemic actions (some versions
of which were already presented at previous ACG meetings) and
exploring its applications to discrete-event control problems with
decentralized supervisors, who can only partially observe events but
who may be able to communicate with each other.</p>
<p>The idea to use modal epistemic logic for modeling
these issues comes from a paper by Rickie and Rudie
(presented at a previous ACG). I improve on their
work by using the setting provided by epistemic actions
to reprove their results, and propose various extensions
of their problem:</p>
<p>supervisors who can have partial
observations on events (instead of just all-or-nothing
observations),</p>
<p>supervisors who use a synchronized
clock sending timed messages to each other,</p>
<p>communication in which only some specific types of messages are allowed,</p>
<p>and finally the case in which the illegal events can
only by disabled by joint action of the supervisors
(while any non-joint action is in fact illegal).
</p>Infinite intersection and union types for the lazy lambda calculus2000-12-19T13:30:00+01:002000-12-19T13:30:00+01:00Marcello Bonsangue (LIACS)tag:event.cwi.nl,2000-12-19:/acg/presentations/infinite-intersection-and-union-types-for-the-lazy-lambda-calculus<p>Joint work with J.N. Kok</p>
<p>A type theory with infinitary intersection and union types for the
lazy lambda calculus is introduced. The meaning of types are subsets
of a universe of discourse. Intersection and union type constructors
are interpreted as the set-theoretic intersection and union,
respectively, even when they …</p><p>Joint work with J.N. Kok</p>
<p>A type theory with infinitary intersection and union types for the
lazy lambda calculus is introduced. The meaning of types are subsets
of a universe of discourse. Intersection and union type constructors
are interpreted as the set-theoretic intersection and union,
respectively, even when they are not finite. The assignment of types
to lambda-terms extends naturally the basic type assignment
system. For this system we prove soundness and completeness theorems
by generalizing the connection between Abramsky's finitary domain
logic for applicative transition systems and the Scott domain obtained
as solution of the equation $X cong (X to X)_bot$. </p>Semantical Principles in the Modal Logic of Coalgebras2000-11-14T13:30:00+01:002000-11-14T13:30:00+01:00Dirk Pattinson (LMU Munich)tag:event.cwi.nl,2000-11-14:/acg/presentations/semantical-principles-in-the-modal-logic-of-coalgebras<p>Coalgebras for a functor on the category of sets subsume many
formulations of the notion of transition system, including labelled
transition systems, Kripke models, Kripke frames and many types of
automata. The talk presents a multimodal language which is
bisimulation invariant and (under a natural completeness condition)
expressive enough to …</p><p>Coalgebras for a functor on the category of sets subsume many
formulations of the notion of transition system, including labelled
transition systems, Kripke models, Kripke frames and many types of
automata. The talk presents a multimodal language which is
bisimulation invariant and (under a natural completeness condition)
expressive enough to characterise elements of the underlying state
space up to bisimulation. Like Moss' coalgebraic logic, the theory
can be applied to an arbitrary signature functor on the category of
sets. Also, an upper bound for the size of conjunctions and
disjunctions needed to obtain characteristic formulas is given. </p>Back To The Future: A Family of Algorithms for Termination Detection in Distributed Systems2000-10-31T13:30:00+01:002000-10-31T13:30:00+01:00Farhad Arbab (CWI & LIACS)tag:event.cwi.nl,2000-10-31:/acg/presentations/back-to-the-future-a-family-of-algorithms-for-termination-detection-in-distributed-systems<p>A classical problem in distributed systems is detecting the
termination of a distributed computation. Distributed Termination
Detection (DTD) has been extensively studied in the past twenty years
and it is known to be a difficult problem to solve efficiently,
because it involves properties of the global state of a distributed …</p><p>A classical problem in distributed systems is detecting the
termination of a distributed computation. Distributed Termination
Detection (DTD) has been extensively studied in the past twenty years
and it is known to be a difficult problem to solve efficiently,
because it involves properties of the global state of a distributed
system. Many DTD algorithms exists and a recent survey of 35 of them
[1] introduces a taxonomy and identifies 8 different characteristics
for their classification and evaluation. This survey concludes by
remarking that ``[an] algorithm [with favorable ranking in all 8
dimensions,] if one exists, would be a huge development in this
field.'' As difficult as DTD is in its classical setting,
considerations for dynamicity and mobility in a distributed system
further complicate the DTD problem and render most existing DTD
algorithms non-applicable.</p>
<p>We introduce the notion of Apparent Causality as a relation
among the messages in a system, from which we derive the concepts
of message histories and futures. Apparent causality and message
histories are inherently local properties which can be evaluated at the
level of each process, whereas message futures are inherently global
system-level properties. Histories and futures of messages are examples
of histories and futures of more general observables in a distributed
system. We propose Back To The Future (BTTF) as a generic method for
computing futures from histories, and use this technique to construct
three different algorithms:</p>
<p>BTTF Transitory Quiescence (BTTF-TQ) is a generic, efficient
algorithm that leads a distributed system to a state where there are no
pending messages;</p>
<p>Yet Another Wave Algorithm (YAWA) uses the BTTF technique to
implement a generic DTD wave algorithm with certain interesting properties
of its own; and</p>
<p>BTTF Wave is our main algorithm, which combines BTTF-TQ and YAWA to
obtain a general symmetric DTD algorithm that is equally suitable for
classical settings as for dynamic systems of distributed mobile
processes.</p>
<p>The BTTF Wave algorithm ranks quite favorably in the characterization
scheme of [1]. Furthermore, it is generic and is suitable for dynamic
and mobile systems at no extra cost. Our preliminary results indicate
that while the theoretical worst-case message complexity of the
BTTF Wave algorithm is no worse than other generic wave algorithms,
such worst-case scenarios are possible only in unrealistic systems.
The worst-case message complexity of this algorithm for realistic systems
is significantly better, and its average message complexity in realistic
systems is only a fraction of their total number of normal messages.
[1]
``A Taxonomy of Distributed Termination Detection Algorithms,''
J. Matocha and T. Camp,
The Journal of Systems and Software, vol. 43, pp. 207-221, 1998.
</p>Towards Quantitative Verification of Systems: a Metric Approach2000-10-17T13:30:00+02:002000-10-17T13:30:00+02:00Franck van Breugel (York University Toronto)tag:event.cwi.nl,2000-10-17:/acg/presentations/towards-quantitative-verification-of-systems-a-metric-approach<p>The majority of the verification methods for software systems only
produce qualitative information. Questions like <code>Does the system
satisfy the specification?'' and</code>Are the systems semantically
equivalent?'' are answered. However, this information is often too
restrictive in practice and a (complementary) quantitative approach to
verification is needed. For example, answers …</p><p>The majority of the verification methods for software systems only
produce qualitative information. Questions like <code>Does the system
satisfy the specification?'' and</code>Are the systems semantically
equivalent?'' are answered. However, this information is often too
restrictive in practice and a (complementary) quantitative approach to
verification is needed. For example, answers to questions like <code>What
is the probability that the system satisfies its specification?'' and</code>Do the systems behave almost (up to some small time fluctuations,
say of one millisecond) the same?'' provide us with (often more
useful) quantitative information about the systems.</p>
<p>Metric spaces (and generalizations thereof) seem a good candidate for
measuring the difference in behaviour of systems. The behaviour of many
software systems can be described by means of coalgebras (of an
endofunctor
on the category of sets). For most systems, the endofunctor (on sets)
associated to the coalgebra can be naturally extended to an endofunctor
on metric spaces. This extended endofunctor having a terminal coalgebra
is the key to the success of my approach to quantitative verification.
The approach will be illustrated by considering a restricted class of
probabilistic systems.
</p>Modeling Games using Probabilistic-Epistemic Processes and Modal Logic2000-10-03T13:30:00+02:002000-10-03T13:30:00+02:00Alexandru Baltag (Oxford University (formerly CWI))tag:event.cwi.nl,2000-10-03:/acg/presentations/modeling-games-using-probabilistic-epistemic-processes-and-modal-logic<p>I introduce a notion of (discrete) probabilistic epistemic process and
an associated dynamic-epistemic modal logic. I use them to redefine
and analize some notions of game theory: extensive games with
imperfect information, perfect recall, mixed strategies, beliefs about
strategies, epistemic types, Bayesian belief-revision, rationality and
rationalizability, solution concepts. </p>On the Duality of Modal and Equational Logic2000-09-19T13:30:00+02:002000-09-19T13:30:00+02:00Alexander Kurz (CWI)tag:event.cwi.nl,2000-09-19:/acg/presentations/on-the-duality-of-modal-and-equational-logic<p>Basic notions of coalgebras and modal logic are reviewed.</p>
<p>A categorical description of coalgebraic semantics of modal logics
is developed.</p>
<p>This description turns out to dualise algebraic semantics of
equational logic as given by Banaschewski and Herrlich in the paper
"Subcategories defined by implications" (1976). This gives a precise
meaning …</p><p>Basic notions of coalgebras and modal logic are reviewed.</p>
<p>A categorical description of coalgebraic semantics of modal logics
is developed.</p>
<p>This description turns out to dualise algebraic semantics of
equational logic as given by Banaschewski and Herrlich in the paper
"Subcategories defined by implications" (1976). This gives a precise
meaning to the slogan that "Modal Logic is Dual to Equational Logic".</p>
<p>Theorems characterising the expressive power of infinitary modal
logics on Kripke-frames can now be obtained by dualsing results of
Banaschewski and Herrlich.
</p>On the Duality of Observability and Reachability2000-09-12T13:30:00+02:002000-09-12T13:30:00+02:00Alexander Kurz (CWI)tag:event.cwi.nl,2000-09-12:/acg/presentations/on-the-duality-of-observability-and-reachability<p>Joint work with Rolf Hennicker (University of Munich) and Michel
Bidoit (Ecole Normale Sup351rieure de Cachan).</p>
<p>The properties of a system being "observable" or "fully abstract" (all
internal states can be distinguished by an external observer) and of
being "reachable" (all internal states are relevant, i.e., can be
reached …</p><p>Joint work with Rolf Hennicker (University of Munich) and Michel
Bidoit (Ecole Normale Sup351rieure de Cachan).</p>
<p>The properties of a system being "observable" or "fully abstract" (all
internal states can be distinguished by an external observer) and of
being "reachable" (all internal states are relevant, i.e., can be
reached by some input) are dual to each other.</p>
<p>This duality - discovered by Arbib and Manes in the 70s in the context
of automata theory - now makes a reappearance in the field of algebraic
specifications.</p>
<p>The presentation will consist of 3 parts:</p>
<p>We give a survey of the basic ideas of specifying algebraically a
state-based system from the point of view of an external observer. A
formalisation of this approach using (co)algebras is given.</p>
<p>We review the notion of a reachable algebra. An informal comparison
to the observational specifications in 1) will suggest a generalisation
of the standard concept of a reachable algebra.</p>
<p>We show that dualising the (co)algebraic formalisation in 1)
describes the (generalised) notion of reachability in 2).
</p>A logical interface description language for components2000-06-13T13:30:00+02:002000-06-13T13:30:00+02:00Marcello Bonsangue (LIACS)tag:event.cwi.nl,2000-06-13:/acg/presentations/a-logical-interface-description-language-for-components<p>Joint work with F. Arbab and F. de Boer</p>
<p>We present a formal model for component-based system, a logic based
interface description language that conveys the observable semantics
of a component, and a formal system for deriving properties of the
system out of the interface of each of its constituent …</p><p>Joint work with F. Arbab and F. de Boer</p>
<p>We present a formal model for component-based system, a logic based
interface description language that conveys the observable semantics
of a component, and a formal system for deriving properties of the
system out of the interface of each of its constituent components. We
give necessary and sufficent conditions under which this derivation
system is sound and complete. </p>Back To The Future: A Family of DTD Algorithms2000-05-16T13:30:00+02:002000-05-16T13:30:00+02:00Farhad Arbab (CWI & LIACS)tag:event.cwi.nl,2000-05-16:/acg/presentations/back-to-the-future-a-family-of-dtd-algorithms<p>We discuss our work-in-progress on a number of Distributed Termination
Detection Algorithms. These algorithms use message histories to
construct administrative trees called message futures. These
algorithms allow generalized network topologies and support dynamic
changes to the network. The performance of these algorithms can be
optimized with special information about the …</p><p>We discuss our work-in-progress on a number of Distributed Termination
Detection Algorithms. These algorithms use message histories to
construct administrative trees called message futures. These
algorithms allow generalized network topologies and support dynamic
changes to the network. The performance of these algorithms can be
optimized with special information about the properties of the nodes
and the network topology. </p>Stream calculus2000-05-09T13:30:00+02:002000-05-09T13:30:00+02:00Jan Rutten (CWI & VU)tag:event.cwi.nl,2000-05-09:/acg/presentations/stream-calculus<p>Exploiting the fact that the set of all streams (infinite sequences of
real numbers) carries a final coalgebra structure, a few initial steps
towards a coinductive stream calculus are discussed. This involves
definitions in terms of behavioural differential equations, methods
for solving such equations, and (generalized) nondeterministic
representations of such …</p><p>Exploiting the fact that the set of all streams (infinite sequences of
real numbers) carries a final coalgebra structure, a few initial steps
towards a coinductive stream calculus are discussed. This involves
definitions in terms of behavioural differential equations, methods
for solving such equations, and (generalized) nondeterministic
representations of such solutions. </p>Modeling continuous probabilistic choice using stochastic kernels2000-03-28T13:30:00+02:002000-03-28T13:30:00+02:00Jerry den Hartog (TUE (formerly CWI))tag:event.cwi.nl,2000-03-28:/acg/presentations/modeling-continuous-probabilistic-choice-using-stochastic-kernels<p>Joint work with Erik de Vink (at KPN Research by that time)</p>
<p>To model discrete probabilistic choices summation of measures can be
used. For continues choices, e.g. selection of a number in [0,1],
integration is required. To enable the use of integration, stochastic
kernels are introduced. The use …</p><p>Joint work with Erik de Vink (at KPN Research by that time)</p>
<p>To model discrete probabilistic choices summation of measures can be
used. For continues choices, e.g. selection of a number in [0,1],
integration is required. To enable the use of integration, stochastic
kernels are introduced. The use of these kernels in giving
operational and denotational semantics is illustrated for a <code>finite'
language. To prepare for the modeling of</code>infinite' language,
e.g. with recursion, a metric is defined on the kernels. Some open
issues that remain with the application of this metric are
discussed. </p>A Generalized Schema for Coinductive Definitions2000-03-07T13:30:00+01:002000-03-07T13:30:00+01:00Falk Bartels (CWI)tag:event.cwi.nl,2000-03-07:/acg/presentations/a-generalized-schema-for-coinductive-definitions<p>For a given behavior type (functor), the carrier of a final coalgebra
provides a unique representative for each possible behavior. This
property immediately leads to a definition (and proof) principle -
called `coiteration' here - for functions from an arbitrary set to
this carrier: To define the function's value on a given …</p><p>For a given behavior type (functor), the carrier of a final coalgebra
provides a unique representative for each possible behavior. This
property immediately leads to a definition (and proof) principle -
called `coiteration' here - for functions from an arbitrary set to
this carrier: To define the function's value on a given argument, it
suffices to specify a behavior.</p>
<p>Unfortunately it turns out that a large number of functions into a
final coalgebra cannot be defined elegantly or not at all using this
principle directly. This is due to its limited power for specifying
such a behavior, namely declaring a coalgebra structure of the same
functor on the domains of the desired function. Extensions of the
coiteration schema are wanted.</p>
<p>The <code>corecursion' principle forms such an extension. It is obtained
by dualizing the well known</code>recursion' - an extension of `iteration'
inside the algebraic world. We will try to generalize the ideas
behind its construction to arrive at a framework based on pointed
endofunctors or monads and appropriate distributive laws.</p>
<p>As one application, the presented setting provides an abstract
justification for mutually corecursive definitions. Those have been
given (and presented at the ACG colloquium) by Jan Rutten in the
context of his coalgebraic treatment of Automata, Power Series, or
Control Theory.
</p>Combinators for hyperedge replacement graph rewriting2000-02-08T13:30:00+01:002000-02-08T13:30:00+01:00Matteo Coccia (Scuola Normale Pisa)tag:event.cwi.nl,2000-02-08:/acg/presentations/combinators-for-hyperedge-replacement-graph-rewriting<p>GS theories are generalizations of Lawvere's algebraic theories having
explicit operations of sharing and garbage collection of
'interfaces'. They have been used to give functorial semantics to term
graph rewriting and (for the static aspects) to concurrent and
mobility calculi (like asynchronous pi-calculus). A higher order
extension of them, called …</p><p>GS theories are generalizations of Lawvere's algebraic theories having
explicit operations of sharing and garbage collection of
'interfaces'. They have been used to give functorial semantics to term
graph rewriting and (for the static aspects) to concurrent and
mobility calculi (like asynchronous pi-calculus). A higher order
extension of them, called GS-Lambda theories, will be introduced and
through a toy example it will be showed how they can be used to encode
hyperedge replacement graph rewriting. A discussion about its
significance and its possible applications in coordination (the latter
part being work in progress) might follow. </p>