David de Frutos-Escrig

Formal Techniques for Networked and Distributed Systems - FORTE 2004

Invited Talks.- A Logical Account of NGSCB.- Composing Event Constraints in State-Based Specification.- Formal Description Techniques and Software Engineering: Some Reflections after 2 Decades of Research.- Regular Papers.- Parameterized Models for Distributed Java Objects.- Towards the Harmonisation of UML and SDL.- Localizing Program Errors for Cimple Debugging.- Formal Verification of a Practical Lock-Free Queue Algorithm.- Formal Verification of Web Applications Modeled by Communicating Automata.- Towards Design Recovery from Observations.- Network Protocol System Passive Testing for Fault Management: A Backward Checking Approach.- Connectivity Testing Through Model-Checking.- Fault Propagation by Equation Solving.- Automatic Generation of Run-Time Test Oracles for Distributed Real-Time Systems.- Formal Composition of Distributed Scenarios.- Conditions for Resolving Observability Problems in Distributed Testing.- Integrating Formal Verification with Mur? of Distributed Cache Coherence Protocols in FAME Multiprocessor System Design.- Witness and Counterexample Automata for ACTL.- A Symbolic Symbolic State Space Representation.- Introducing the Iteration in sPBC.- Petri Net Semantics of the Finite ?-Calculus.- Symbolic Diagnosis of Partially Observable Concurrent Systems.- Automatized Verification of Ad Hoc Routing Protocols.- A Temporal Logic Based Framework for Intrusion Detection.

Testing Semantics for Probabilistic LOTOS

In this paper we present a probabilistic extension of LOTOS which is upward compatible with LOTOS. We present testing semantics for the reactive and generative models described in [vGSST90]. While there is a certain lose of the meaning of probabilities in the reactive model, testing with probabilistic tests proves to be too strong because it does not relate behavior expressions which we expect to be equivalent. This is why we introduce the limited generative model, where tests are not allowed to have explicit probabilities. We give a fully abstract characterization for the reactive model, while we give alternative characterizations (based on a set of essential tests) for the generative and limited generative models. We also present some algebraic laws for each of the models, including some laws which establish the difference between the three models.

Decidability and complexity of Petri nets with unordered data

Abstract We prove several decidability and undecidability results for ν -PN, an extension of P/T nets with pure name creation and name management. We give a simple proof of undecidability of reachability, by reducing reachability in nets with inhibitor arcs to it. Thus, the expressive power of ν -PN strictly surpasses that of P/T nets. We encode ν -PN into Petri Data Nets, so that coverability, termination and boundedness are decidable. Moreover, we obtain Ackermann-hardness results for all our decidable decision problems. Then we consider two properties, width-boundedness and depth-boundedness, that factorize boundedness. Width-boundedness has already been proven to be decidable. Here we prove that its complexity is also non-primitive recursive. Then we prove undecidability of depth-boundedness. Finally, we prove that the corresponding “place version” of all the boundedness problems is undecidable for ν -PN. These results carry over to Petri Data Nets.

On the Expressiveness of Mobile Synchronizing Petri Nets

In recent papers we have introduced Mobile Synchronizing Petri Nets, a new model for mobility based on coloured Petri Nets. It allows the description of systems composed of a collection of (possibly mobile) hardware devices and mobile agents, both modelled in a homogenous way and abstracting from middleware details. Our basic model introduced a colour to describe localities, but still lacked appropriate primitives to deal with security, and in fact it was equivalent to P/T nets. Then, we introduced the primitives to cope with security: a new colour for identifiers, basically corresponding to the natural numbers, that are created by means of a special transition. This mechanism allows us to deal with authentication issues. In this paper we discuss the expressiveness of the extended model with the authentication primitives. More specifically, we study several instances of the classical reachability and coverability problems. Finally, we also study a more abstract version of the mechanism to create identifiers, using abstract names, close to those in the @p-calculus or the Ambient Calculus. We have proved that both models are strictly in between P/T nets and Turing machines.

A Sound and Complete Proof System for Probabilistic Processes

In this paper we present a process algebra model of probabilistic communicating processes based on classical CSP. To define our model we have replaced internal non-determinism by generative probabilistic choices, and external non-determinism by reactive probabilistic choices, with the purpose of maintaining the meaning of the classical CSP operators, once generalized in a probabilistic way. Thus we try to keep valid, as far as possible, the laws of CSP. This combination of both internal and external choice makes strongly difficult the definition of a probabilistic version of CSP. In fact, we can find in the current literature quite a number of papers on probabilistic processes, but only in a few of them internal and external choices are combined, trying to preserve their original meaning.

Mobile Synchronizing Petri Nets: A Choreographic Approach for Coordination in Ubiquitous Systems

The term Ubiquitous Computing was coined by Mark Weiser almost two decades ago. Despite all the time that has passed since Weisers vision, ubiquitous computing still has a long way ahead to become a pervasive reality. One of the reasons for this may be the lack of widely accepted formal models capable of capturing and analyzing the complexity of the new paradigm. We propose a simple Petri Net based model to study some of its main characteristics. We model both devices and software components as a special kind of coloured Petri Nets, located in locations, that can move to other locations and synchronize with other co-located nets, offering and requesting services. We obtain an amenable model for ubiquitous computing, due to its graphical representation. We present our proposal in a progressive way, first presenting a basic model where coordination is formalized by the synchronized firing of pairs of compatible transitions that offer and request a specific service, and ad hoc networks are modeled by constraining mobility by the dynamic acquisition of locality names. Next, we introduce a mechanism for the treatment of robust security properties, namely the generation of fresh private names, to be used for authentication properties.

Extending the Petri Box Calculus with Time

PBC (Petri Box Calculus) is a process algebra where real parallelism of concurrent systems can be naturally expressed. One of its main features is the definition of a denotational semantics based on Petri nets, which emphasizes the structural aspects of the modelled systems. However, this formal model does not include temporal aspects of processes, which are necessary when considering real-time systems. The aim of this paper is to extend the existing calculus with those temporal aspects. We consider that actions are not instantaneous, that is, their execution takes time. We present an operational semantics and a denotational semantics based on timed Petri nets. Finally, we discuss the introduction of other new features such as time-outs and delays. Throughout the paper we assume that the reader is familiar with both Petri nets and PBC.

Timed Processes of Timed Petri Nets

Processes of Petri nets are usually represented by occurrence nets. In this paper we extend this notion to Timed Petri Nets maintaining the structure of timed processes as occurrence nets, but adding time information to the tokens. In order to do that we need first to define formally the model of Timed Petri Nets that we consider, and then we relate timed step sequences with timed processes, obtaining similar results to those for the classical theory of ordinary (non-timed) processes.

Global Timed Bisimulation: An Introduction

Bisimulations are a broadly used formalism to define the semantics of process algebras. In particular, by means of weak bisimulation most of the internal activity of processes may be abstracted. Unfortunately, this is not fully accomplished: for instance, the internal choice operator becomes non-associative since bisimulation can see the branching structure of processes. In this paper we propose global timed bisimulation as a weakening of weak timed bisimulation. Global timed bisimulation is defined exactly as weak timed bisimulation once ordinary transitions are replaced by the adequate notions of generalized transitions. In order to asses the definition of our global timed bisimulation we present a collection of small examples that illustrate each of the clauses of that definition. Finally, a more elaborated example is presented to summarize the main properties of that notion.

SPBC: a Markovian extension of finite Petri box calculus

In this paper we present a stochastic extension of finite PBC, sPBC in which actions have a stochastic delay associated, which is taken from a negative exponential distribution. We define for the language both an operational and a denotational semantics, using a class of labelled stochastic Petri net as supporting values. In this paper we restrict our attention to finite sPBC, i.e. we consider neither the iteration operator nor recursive definition of processes.