---
_id: '1338'
abstract:
- lang: eng
  text: We present a computer-aided programming approach to concurrency. The approach
    allows programmers to program assuming a friendly, non-preemptive scheduler, and
    our synthesis procedure inserts synchronization to ensure that the final program
    works even with a preemptive scheduler. The correctness specification is implicit,
    inferred from the non-preemptive behavior. Let us consider sequences of calls
    that the program makes to an external interface. The specification requires that
    any such sequence produced under a preemptive scheduler should be included in
    the set of sequences produced under a non-preemptive scheduler. We guarantee that
    our synthesis does not introduce deadlocks and that the synchronization inserted
    is optimal w.r.t. a given objective function. The solution is based on a finitary
    abstraction, an algorithm for bounded language inclusion modulo an independence
    relation, and generation of a set of global constraints over synchronization placements.
    Each model of the global constraints set corresponds to a correctness-ensuring
    synchronization placement. The placement that is optimal w.r.t. the given objective
    function is chosen as the synchronization solution. We apply the approach to device-driver
    programming, where the driver threads call the software interface of the device
    and the API provided by the operating system. Our experiments demonstrate that
    our synthesis method is precise and efficient. The implicit specification helped
    us find one concurrency bug previously missed when model-checking using an explicit,
    user-provided specification. We implemented objective functions for coarse-grained
    and fine-grained locking and observed that different synchronization placements
    are produced for our experiments, favoring a minimal number of synchronization
    operations or maximum concurrency, respectively.
article_processing_charge: No
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Edmund
  full_name: Clarke, Edmund
  last_name: Clarke
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Leonid
  full_name: Ryzhyk, Leonid
  last_name: Ryzhyk
- first_name: Roopsha
  full_name: Samanta, Roopsha
  id: 3D2AAC08-F248-11E8-B48F-1D18A9856A87
  last_name: Samanta
- first_name: Thorsten
  full_name: Tarrach, Thorsten
  id: 3D6E8F2C-F248-11E8-B48F-1D18A9856A87
  last_name: Tarrach
  orcid: 0000-0003-4409-8487
citation:
  ama: Cerny P, Clarke E, Henzinger TA, et al. From non-preemptive to preemptive scheduling
    using synchronization synthesis. <i>Formal Methods in System Design</i>. 2017;50(2-3):97-139.
    doi:<a href="https://doi.org/10.1007/s10703-016-0256-5">10.1007/s10703-016-0256-5</a>
  apa: Cerny, P., Clarke, E., Henzinger, T. A., Radhakrishna, A., Ryzhyk, L., Samanta,
    R., &#38; Tarrach, T. (2017). From non-preemptive to preemptive scheduling using
    synchronization synthesis. <i>Formal Methods in System Design</i>. Springer. <a
    href="https://doi.org/10.1007/s10703-016-0256-5">https://doi.org/10.1007/s10703-016-0256-5</a>
  chicago: Cerny, Pavol, Edmund Clarke, Thomas A Henzinger, Arjun Radhakrishna, Leonid
    Ryzhyk, Roopsha Samanta, and Thorsten Tarrach. “From Non-Preemptive to Preemptive
    Scheduling Using Synchronization Synthesis.” <i>Formal Methods in System Design</i>.
    Springer, 2017. <a href="https://doi.org/10.1007/s10703-016-0256-5">https://doi.org/10.1007/s10703-016-0256-5</a>.
  ieee: P. Cerny <i>et al.</i>, “From non-preemptive to preemptive scheduling using
    synchronization synthesis,” <i>Formal Methods in System Design</i>, vol. 50, no.
    2–3. Springer, pp. 97–139, 2017.
  ista: Cerny P, Clarke E, Henzinger TA, Radhakrishna A, Ryzhyk L, Samanta R, Tarrach
    T. 2017. From non-preemptive to preemptive scheduling using synchronization synthesis.
    Formal Methods in System Design. 50(2–3), 97–139.
  mla: Cerny, Pavol, et al. “From Non-Preemptive to Preemptive Scheduling Using Synchronization
    Synthesis.” <i>Formal Methods in System Design</i>, vol. 50, no. 2–3, Springer,
    2017, pp. 97–139, doi:<a href="https://doi.org/10.1007/s10703-016-0256-5">10.1007/s10703-016-0256-5</a>.
  short: P. Cerny, E. Clarke, T.A. Henzinger, A. Radhakrishna, L. Ryzhyk, R. Samanta,
    T. Tarrach, Formal Methods in System Design 50 (2017) 97–139.
date_created: 2018-12-11T11:51:27Z
date_published: 2017-06-01T00:00:00Z
date_updated: 2023-09-20T11:13:51Z
day: '01'
ddc:
- '000'
department:
- _id: ToHe
doi: 10.1007/s10703-016-0256-5
ec_funded: 1
external_id:
  isi:
  - '000399888900001'
file:
- access_level: open_access
  checksum: 1163dfd997e8212c789525d4178b1653
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:13:05Z
  date_updated: 2020-07-14T12:44:44Z
  file_id: '4985'
  file_name: IST-2016-656-v1+1_s10703-016-0256-5.pdf
  file_size: 1416170
  relation: main_file
file_date_updated: 2020-07-14T12:44:44Z
has_accepted_license: '1'
intvolume: '        50'
isi: 1
issue: 2-3
language:
- iso: eng
month: '06'
oa: 1
oa_version: Published Version
page: 97 - 139
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
- _id: 25F42A32-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: Z211
  name: The Wittgenstein Prize
- _id: B67AFEDC-15C9-11EA-A837-991A96BB2854
  name: IST Austria Open Access Fund
publication: Formal Methods in System Design
publication_status: published
publisher: Springer
publist_id: '5929'
pubrep_id: '656'
quality_controlled: '1'
related_material:
  record:
  - id: '1729'
    relation: earlier_version
    status: public
scopus_import: '1'
status: public
title: From non-preemptive to preemptive scheduling using synchronization synthesis
tmp:
  image: /images/cc_by.png
  legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
  name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
  short: CC BY (4.0)
type: journal_article
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 50
year: '2017'
...
---
_id: '1729'
abstract:
- lang: eng
  text: We present a computer-aided programming approach to concurrency. The approach
    allows programmers to program assuming a friendly, non-preemptive scheduler, and
    our synthesis procedure inserts synchronization to ensure that the final program
    works even with a preemptive scheduler. The correctness specification is implicit,
    inferred from the non-preemptive behavior. Let us consider sequences of calls
    that the program makes to an external interface. The specification requires that
    any such sequence produced under a preemptive scheduler should be included in
    the set of such sequences produced under a non-preemptive scheduler. The solution
    is based on a finitary abstraction, an algorithm for bounded language inclusion
    modulo an independence relation, and rules for inserting synchronization. We apply
    the approach to device-driver programming, where the driver threads call the software
    interface of the device and the API provided by the operating system. Our experiments
    demonstrate that our synthesis method is precise and efficient, and, since it
    does not require explicit specifications, is more practical than the conventional
    approach based on user-provided assertions.
alternative_title:
- LNCS
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Edmund
  full_name: Clarke, Edmund
  last_name: Clarke
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Leonid
  full_name: Ryzhyk, Leonid
  last_name: Ryzhyk
- first_name: Roopsha
  full_name: Samanta, Roopsha
  id: 3D2AAC08-F248-11E8-B48F-1D18A9856A87
  last_name: Samanta
- first_name: Thorsten
  full_name: Tarrach, Thorsten
  id: 3D6E8F2C-F248-11E8-B48F-1D18A9856A87
  last_name: Tarrach
  orcid: 0000-0003-4409-8487
citation:
  ama: Cerny P, Clarke E, Henzinger TA, et al. From non-preemptive to preemptive scheduling
    using synchronization synthesis. 2015;9207:180-197. doi:<a href="https://doi.org/10.1007/978-3-319-21668-3_11">10.1007/978-3-319-21668-3_11</a>
  apa: 'Cerny, P., Clarke, E., Henzinger, T. A., Radhakrishna, A., Ryzhyk, L., Samanta,
    R., &#38; Tarrach, T. (2015). From non-preemptive to preemptive scheduling using
    synchronization synthesis. Presented at the CAV: Computer Aided Verification,
    San Francisco, CA, United States: Springer. <a href="https://doi.org/10.1007/978-3-319-21668-3_11">https://doi.org/10.1007/978-3-319-21668-3_11</a>'
  chicago: Cerny, Pavol, Edmund Clarke, Thomas A Henzinger, Arjun Radhakrishna, Leonid
    Ryzhyk, Roopsha Samanta, and Thorsten Tarrach. “From Non-Preemptive to Preemptive
    Scheduling Using Synchronization Synthesis.” Lecture Notes in Computer Science.
    Springer, 2015. <a href="https://doi.org/10.1007/978-3-319-21668-3_11">https://doi.org/10.1007/978-3-319-21668-3_11</a>.
  ieee: P. Cerny <i>et al.</i>, “From non-preemptive to preemptive scheduling using
    synchronization synthesis,” vol. 9207. Springer, pp. 180–197, 2015.
  ista: Cerny P, Clarke E, Henzinger TA, Radhakrishna A, Ryzhyk L, Samanta R, Tarrach
    T. 2015. From non-preemptive to preemptive scheduling using synchronization synthesis.
    9207, 180–197.
  mla: Cerny, Pavol, et al. <i>From Non-Preemptive to Preemptive Scheduling Using
    Synchronization Synthesis</i>. Vol. 9207, Springer, 2015, pp. 180–97, doi:<a href="https://doi.org/10.1007/978-3-319-21668-3_11">10.1007/978-3-319-21668-3_11</a>.
  short: P. Cerny, E. Clarke, T.A. Henzinger, A. Radhakrishna, L. Ryzhyk, R. Samanta,
    T. Tarrach, 9207 (2015) 180–197.
conference:
  end_date: 2015-07-24
  location: San Francisco, CA, United States
  name: 'CAV: Computer Aided Verification'
  start_date: 2015-07-18
date_created: 2018-12-11T11:53:42Z
date_published: 2015-07-01T00:00:00Z
date_updated: 2023-09-20T11:13:50Z
day: '01'
ddc:
- '000'
department:
- _id: ToHe
doi: 10.1007/978-3-319-21668-3_11
ec_funded: 1
file:
- access_level: local
  checksum: 6ff58ac220e2f20cb001ba35d4924495
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:08:53Z
  date_updated: 2020-07-14T12:45:13Z
  file_id: '4715'
  file_name: IST-2015-336-v1+1_long_version.pdf
  file_size: 481922
  relation: main_file
file_date_updated: 2020-07-14T12:45:13Z
has_accepted_license: '1'
intvolume: '      9207'
language:
- iso: eng
month: '07'
oa_version: Submitted Version
page: 180 - 197
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25F42A32-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: Z211
  name: The Wittgenstein Prize
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
publication_status: published
publisher: Springer
publist_id: '5398'
pubrep_id: '336'
quality_controlled: '1'
related_material:
  record:
  - id: '1130'
    relation: dissertation_contains
    status: public
  - id: '1338'
    relation: later_version
    status: public
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: From non-preemptive to preemptive scheduling using synchronization synthesis
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9207
year: '2015'
...
---
_id: '1836'
abstract:
- lang: eng
  text: In the standard framework for worst-case execution time (WCET) analysis of
    programs, the main data structure is a single instance of integer linear programming
    (ILP) that represents the whole program. The instance of this NP-hard problem
    must be solved to find an estimate forWCET, and it must be refined if the estimate
    is not tight.We propose a new framework for WCET analysis, based on abstract segment
    trees (ASTs) as the main data structure. The ASTs have two advantages. First,
    they allow computing WCET by solving a number of independent small ILP instances.
    Second, ASTs store more expressive constraints, thus enabling a more efficient
    and precise refinement procedure. In order to realize our framework algorithmically,
    we develop an algorithm for WCET estimation on ASTs, and we develop an interpolation-based
    counterexample-guided refinement scheme for ASTs. Furthermore, we extend our framework
    to obtain parametric estimates of WCET. We experimentally evaluate our approach
    on a set of examples from WCET benchmark suites and linear-algebra packages. We
    show that our analysis, with comparable effort, provides WCET estimates that in
    many cases significantly improve those computed by existing tools.
alternative_title:
- LNCS
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Laura
  full_name: Kovács, Laura
  last_name: Kovács
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Jakob
  full_name: Zwirchmayr, Jakob
  last_name: Zwirchmayr
citation:
  ama: Cerny P, Henzinger TA, Kovács L, Radhakrishna A, Zwirchmayr J. Segment abstraction
    for worst-case execution time analysis. 2015;9032:105-131. doi:<a href="https://doi.org/10.1007/978-3-662-46669-8_5">10.1007/978-3-662-46669-8_5</a>
  apa: 'Cerny, P., Henzinger, T. A., Kovács, L., Radhakrishna, A., &#38; Zwirchmayr,
    J. (2015). Segment abstraction for worst-case execution time analysis. Presented
    at the ESOP: European Symposium on Programming, London, United Kingdom: Springer.
    <a href="https://doi.org/10.1007/978-3-662-46669-8_5">https://doi.org/10.1007/978-3-662-46669-8_5</a>'
  chicago: Cerny, Pavol, Thomas A Henzinger, Laura Kovács, Arjun Radhakrishna, and
    Jakob Zwirchmayr. “Segment Abstraction for Worst-Case Execution Time Analysis.”
    Lecture Notes in Computer Science. Springer, 2015. <a href="https://doi.org/10.1007/978-3-662-46669-8_5">https://doi.org/10.1007/978-3-662-46669-8_5</a>.
  ieee: P. Cerny, T. A. Henzinger, L. Kovács, A. Radhakrishna, and J. Zwirchmayr,
    “Segment abstraction for worst-case execution time analysis,” vol. 9032. Springer,
    pp. 105–131, 2015.
  ista: Cerny P, Henzinger TA, Kovács L, Radhakrishna A, Zwirchmayr J. 2015. Segment
    abstraction for worst-case execution time analysis. 9032, 105–131.
  mla: Cerny, Pavol, et al. <i>Segment Abstraction for Worst-Case Execution Time Analysis</i>.
    Vol. 9032, Springer, 2015, pp. 105–31, doi:<a href="https://doi.org/10.1007/978-3-662-46669-8_5">10.1007/978-3-662-46669-8_5</a>.
  short: P. Cerny, T.A. Henzinger, L. Kovács, A. Radhakrishna, J. Zwirchmayr, 9032
    (2015) 105–131.
conference:
  end_date: 2015-04-18
  location: London, United Kingdom
  name: 'ESOP: European Symposium on Programming'
  start_date: 2015-04-11
date_created: 2018-12-11T11:54:16Z
date_published: 2015-04-01T00:00:00Z
date_updated: 2020-08-11T10:09:32Z
day: '01'
department:
- _id: ToHe
doi: 10.1007/978-3-662-46669-8_5
ec_funded: 1
intvolume: '      9032'
language:
- iso: eng
month: '04'
oa_version: None
page: 105 - 131
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
publication_status: published
publisher: Springer
publist_id: '5266'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: Segment abstraction for worst-case execution time analysis
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9032
year: '2015'
...
---
_id: '1992'
abstract:
- lang: eng
  text: "We present a method and a tool for generating succinct representations of
    sets of concurrent traces. We focus on trace sets that contain all correct or
    all incorrect permutations of events from a given trace. We represent trace sets
    as HB-Formulas that are Boolean combinations of happens-before constraints between
    events. To generate a representation of incorrect interleavings, our method iteratively
    explores interleavings that violate the specification and gathers generalizations
    of the discovered interleavings into an HB-Formula; its complement yields a representation
    of correct interleavings.\r\n\r\nWe claim that our trace set representations can
    drive diverse verification, fault localization, repair, and synthesis techniques
    for concurrent programs. We demonstrate this by using our tool in three case studies
    involving synchronization synthesis, bug summarization, and abstraction refinement
    based verification. In each case study, our initial experimental results have
    been promising.\r\n\r\nIn the first case study, we present an algorithm for inferring
    missing synchronization from an HB-Formula representing correct interleavings
    of a given trace. The algorithm applies rules to rewrite specific patterns in
    the HB-Formula into locks, barriers, and wait-notify constructs. In the second
    case study, we use an HB-Formula representing incorrect interleavings for bug
    summarization. While the HB-Formula itself is a concise counterexample summary,
    we present additional inference rules to help identify specific concurrency bugs
    such as data races, define-use order violations, and two-stage access bugs. In
    the final case study, we present a novel predicate learning procedure that uses
    HB-Formulas representing abstract counterexamples to accelerate counterexample-guided
    abstraction refinement (CEGAR). In each iteration of the CEGAR loop, the procedure
    refines the abstraction to eliminate multiple spurious abstract counterexamples
    drawn from the HB-Formula."
author:
- first_name: Ashutosh
  full_name: Gupta, Ashutosh
  id: 335E5684-F248-11E8-B48F-1D18A9856A87
  last_name: Gupta
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Roopsha
  full_name: Samanta, Roopsha
  id: 3D2AAC08-F248-11E8-B48F-1D18A9856A87
  last_name: Samanta
- first_name: Thorsten
  full_name: Tarrach, Thorsten
  id: 3D6E8F2C-F248-11E8-B48F-1D18A9856A87
  last_name: Tarrach
  orcid: 0000-0003-4409-8487
citation:
  ama: 'Gupta A, Henzinger TA, Radhakrishna A, Samanta R, Tarrach T. Succinct representation
    of concurrent trace sets. In: ACM; 2015:433-444. doi:<a href="https://doi.org/10.1145/2676726.2677008">10.1145/2676726.2677008</a>'
  apa: 'Gupta, A., Henzinger, T. A., Radhakrishna, A., Samanta, R., &#38; Tarrach,
    T. (2015). Succinct representation of concurrent trace sets (pp. 433–444). Presented
    at the POPL: Principles of Programming Languages, Mumbai, India: ACM. <a href="https://doi.org/10.1145/2676726.2677008">https://doi.org/10.1145/2676726.2677008</a>'
  chicago: Gupta, Ashutosh, Thomas A Henzinger, Arjun Radhakrishna, Roopsha Samanta,
    and Thorsten Tarrach. “Succinct Representation of Concurrent Trace Sets,” 433–44.
    ACM, 2015. <a href="https://doi.org/10.1145/2676726.2677008">https://doi.org/10.1145/2676726.2677008</a>.
  ieee: 'A. Gupta, T. A. Henzinger, A. Radhakrishna, R. Samanta, and T. Tarrach, “Succinct
    representation of concurrent trace sets,” presented at the POPL: Principles of
    Programming Languages, Mumbai, India, 2015, pp. 433–444.'
  ista: 'Gupta A, Henzinger TA, Radhakrishna A, Samanta R, Tarrach T. 2015. Succinct
    representation of concurrent trace sets. POPL: Principles of Programming Languages,
    433–444.'
  mla: Gupta, Ashutosh, et al. <i>Succinct Representation of Concurrent Trace Sets</i>.
    ACM, 2015, pp. 433–44, doi:<a href="https://doi.org/10.1145/2676726.2677008">10.1145/2676726.2677008</a>.
  short: A. Gupta, T.A. Henzinger, A. Radhakrishna, R. Samanta, T. Tarrach, in:, ACM,
    2015, pp. 433–444.
conference:
  end_date: 2015-01-17
  location: Mumbai, India
  name: 'POPL: Principles of Programming Languages'
  start_date: 2015-01-15
date_created: 2018-12-11T11:55:05Z
date_published: 2015-01-15T00:00:00Z
date_updated: 2021-01-12T06:54:33Z
day: '15'
ddc:
- '005'
department:
- _id: ToHe
doi: 10.1145/2676726.2677008
file:
- access_level: open_access
  checksum: f0d4395b600f410a191256ac0b73af32
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:17:56Z
  date_updated: 2020-07-14T12:45:22Z
  file_id: '5314'
  file_name: IST-2015-317-v1+1_author_version.pdf
  file_size: 399462
  relation: main_file
file_date_updated: 2020-07-14T12:45:22Z
has_accepted_license: '1'
language:
- iso: eng
month: '01'
oa: 1
oa_version: Submitted Version
page: 433 - 444
publication_identifier:
  isbn:
  - 978-1-4503-3300-9
publication_status: published
publisher: ACM
publist_id: '5091'
pubrep_id: '317'
quality_controlled: '1'
scopus_import: 1
status: public
title: Succinct representation of concurrent trace sets
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2015'
...
---
_id: '1733'
abstract:
- lang: eng
  text: The classical (boolean) notion of refinement for behavioral interfaces of
    system components is the alternating refinement preorder. In this paper, we define
    a distance for interfaces, called interface simulation distance. It makes the
    alternating refinement preorder quantitative by, intuitively, tolerating errors
    (while counting them) in the alternating simulation game. We show that the interface
    simulation distance satisfies the triangle inequality, that the distance between
    two interfaces does not increase under parallel composition with a third interface,
    that the distance between two interfaces can be bounded from above and below by
    distances between abstractions of the two interfaces, and how to synthesize an
    interface from incompatible requirements. We illustrate the framework, and the
    properties of the distances under composition of interfaces, with two case studies.
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  last_name: Cerny
- first_name: Martin
  full_name: Chmelik, Martin
  id: 3624234E-F248-11E8-B48F-1D18A9856A87
  last_name: Chmelik
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: Cerny P, Chmelik M, Henzinger TA, Radhakrishna A. Interface simulation distances.
    <i>Theoretical Computer Science</i>. 2014;560(3):348-363. doi:<a href="https://doi.org/10.1016/j.tcs.2014.08.019">10.1016/j.tcs.2014.08.019</a>
  apa: Cerny, P., Chmelik, M., Henzinger, T. A., &#38; Radhakrishna, A. (2014). Interface
    simulation distances. <i>Theoretical Computer Science</i>. Elsevier. <a href="https://doi.org/10.1016/j.tcs.2014.08.019">https://doi.org/10.1016/j.tcs.2014.08.019</a>
  chicago: Cerny, Pavol, Martin Chmelik, Thomas A Henzinger, and Arjun Radhakrishna.
    “Interface Simulation Distances.” <i>Theoretical Computer Science</i>. Elsevier,
    2014. <a href="https://doi.org/10.1016/j.tcs.2014.08.019">https://doi.org/10.1016/j.tcs.2014.08.019</a>.
  ieee: P. Cerny, M. Chmelik, T. A. Henzinger, and A. Radhakrishna, “Interface simulation
    distances,” <i>Theoretical Computer Science</i>, vol. 560, no. 3. Elsevier, pp.
    348–363, 2014.
  ista: Cerny P, Chmelik M, Henzinger TA, Radhakrishna A. 2014. Interface simulation
    distances. Theoretical Computer Science. 560(3), 348–363.
  mla: Cerny, Pavol, et al. “Interface Simulation Distances.” <i>Theoretical Computer
    Science</i>, vol. 560, no. 3, Elsevier, 2014, pp. 348–63, doi:<a href="https://doi.org/10.1016/j.tcs.2014.08.019">10.1016/j.tcs.2014.08.019</a>.
  short: P. Cerny, M. Chmelik, T.A. Henzinger, A. Radhakrishna, Theoretical Computer
    Science 560 (2014) 348–363.
date_created: 2018-12-11T11:53:43Z
date_published: 2014-12-04T00:00:00Z
date_updated: 2023-02-23T11:04:00Z
day: '04'
department:
- _id: ToHe
- _id: KrCh
doi: 10.1016/j.tcs.2014.08.019
ec_funded: 1
intvolume: '       560'
issue: '3'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: http://arxiv.org/abs/1210.2450
month: '12'
oa: 1
oa_version: Submitted Version
page: 348 - 363
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25F5A88A-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S11402-N23
  name: Moderne Concurrency Paradigms
- _id: 25863FF4-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S11407
  name: Game Theory
- _id: 2584A770-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: P 23499-N23
  name: Modern Graph Algorithmic Techniques in Formal Verification
- _id: 2581B60A-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '279307'
  name: 'Quantitative Graph Games: Theory and Applications'
- _id: 2587B514-B435-11E9-9278-68D0E5697425
  name: Microsoft Research Faculty Fellowship
publication: Theoretical Computer Science
publication_status: published
publisher: Elsevier
publist_id: '5392'
quality_controlled: '1'
related_material:
  record:
  - id: '2916'
    relation: earlier_version
    status: public
scopus_import: 1
status: public
title: Interface simulation distances
type: journal_article
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 560
year: '2014'
...
---
_id: '2218'
abstract:
- lang: eng
  text: While fixing concurrency bugs, program repair algorithms may introduce new
    concurrency bugs. We present an algorithm that avoids such regressions. The solution
    space is given by a set of program transformations we consider in the repair process.
    These include reordering of instructions within a thread and inserting atomic
    sections. The new algorithm learns a constraint on the space of candidate solutions,
    from both positive examples (error-free traces) and counterexamples (error traces).
    From each counterexample, the algorithm learns a constraint necessary to remove
    the errors. From each positive examples, it learns a constraint that is necessary
    in order to prevent the repair from turning the trace into an error trace. We
    implemented the algorithm and evaluated it on simplified Linux device drivers
    with known bugs.
alternative_title:
- LNCS
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Leonid
  full_name: Ryzhyk, Leonid
  last_name: Ryzhyk
- first_name: Thorsten
  full_name: Tarrach, Thorsten
  id: 3D6E8F2C-F248-11E8-B48F-1D18A9856A87
  last_name: Tarrach
  orcid: 0000-0003-4409-8487
citation:
  ama: 'Cerny P, Henzinger TA, Radhakrishna A, Ryzhyk L, Tarrach T. Regression-free
    synthesis for concurrency. In: Vol 8559. Springer; 2014:568-584. doi:<a href="https://doi.org/10.1007/978-3-319-08867-9_38">10.1007/978-3-319-08867-9_38</a>'
  apa: 'Cerny, P., Henzinger, T. A., Radhakrishna, A., Ryzhyk, L., &#38; Tarrach,
    T. (2014). Regression-free synthesis for concurrency (Vol. 8559, pp. 568–584).
    Presented at the CAV: Computer Aided Verification, Vienna, Austria: Springer.
    <a href="https://doi.org/10.1007/978-3-319-08867-9_38">https://doi.org/10.1007/978-3-319-08867-9_38</a>'
  chicago: Cerny, Pavol, Thomas A Henzinger, Arjun Radhakrishna, Leonid Ryzhyk, and
    Thorsten Tarrach. “Regression-Free Synthesis for Concurrency,” 8559:568–84. Springer,
    2014. <a href="https://doi.org/10.1007/978-3-319-08867-9_38">https://doi.org/10.1007/978-3-319-08867-9_38</a>.
  ieee: 'P. Cerny, T. A. Henzinger, A. Radhakrishna, L. Ryzhyk, and T. Tarrach, “Regression-free
    synthesis for concurrency,” presented at the CAV: Computer Aided Verification,
    Vienna, Austria, 2014, vol. 8559, pp. 568–584.'
  ista: 'Cerny P, Henzinger TA, Radhakrishna A, Ryzhyk L, Tarrach T. 2014. Regression-free
    synthesis for concurrency. CAV: Computer Aided Verification, LNCS, vol. 8559,
    568–584.'
  mla: Cerny, Pavol, et al. <i>Regression-Free Synthesis for Concurrency</i>. Vol.
    8559, Springer, 2014, pp. 568–84, doi:<a href="https://doi.org/10.1007/978-3-319-08867-9_38">10.1007/978-3-319-08867-9_38</a>.
  short: P. Cerny, T.A. Henzinger, A. Radhakrishna, L. Ryzhyk, T. Tarrach, in:, Springer,
    2014, pp. 568–584.
conference:
  end_date: 2014-07-22
  location: Vienna, Austria
  name: 'CAV: Computer Aided Verification'
  start_date: 2014-07-18
date_created: 2018-12-11T11:56:23Z
date_published: 2014-07-22T00:00:00Z
date_updated: 2023-09-07T11:57:01Z
day: '22'
ddc:
- '000'
department:
- _id: ToHe
doi: 10.1007/978-3-319-08867-9_38
ec_funded: 1
file:
- access_level: open_access
  checksum: a631d3105509f239724644e77a1212e2
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:13:14Z
  date_updated: 2020-07-14T12:45:33Z
  file_id: '4995'
  file_name: IST-2014-297-v1+1_cav14-final.pdf
  file_size: 416732
  relation: main_file
- access_level: open_access
  checksum: f8b0f748cc9fa697ca992cc56c87bc4e
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:13:15Z
  date_updated: 2020-07-14T12:45:33Z
  file_id: '4996'
  file_name: IST-2014-297-v2+1_cav14-final2.pdf
  file_size: 616293
  relation: main_file
file_date_updated: 2020-07-14T12:45:33Z
has_accepted_license: '1'
intvolume: '      8559'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: https://link.springer.com/chapter/10.1007%2F978-3-319-08867-9_38
month: '07'
oa: 1
oa_version: Submitted Version
page: 568 - 584
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25F5A88A-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S11402-N23
  name: Moderne Concurrency Paradigms
publication_identifier:
  isbn:
  - 978-331908866-2
publication_status: published
publisher: Springer
publist_id: '4749'
pubrep_id: '297'
quality_controlled: '1'
related_material:
  record:
  - id: '1130'
    relation: dissertation_contains
    status: public
status: public
title: Regression-free synthesis for concurrency
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 8559
year: '2014'
...
---
_id: '2239'
abstract:
- lang: eng
  text: The analysis of the energy consumption of software is an important goal for
    quantitative formal methods. Current methods, using weighted transition systems
    or energy games, model the energy source as an ideal resource whose status is
    characterized by one number, namely the amount of remaining energy. Real batteries,
    however, exhibit behaviors that can deviate substantially from an ideal energy
    resource. Based on a discretization of a standard continuous battery model, we
    introduce battery transition systems. In this model, a battery is viewed as consisting
    of two parts-the available-charge tank and the bound-charge tank. Any charge or
    discharge is applied to the available-charge tank. Over time, the energy from
    each tank diffuses to the other tank. Battery transition systems are infinite
    state systems that, being not well-structured, fall into no decidable class that
    is known to us. Nonetheless, we are able to prove that the !-regular modelchecking
    problem is decidable for battery transition systems. We also present a case study
    on the verification of control programs for energy-constrained semi-autonomous
    robots.
author:
- first_name: Udi
  full_name: Boker, Udi
  id: 31E297B6-F248-11E8-B48F-1D18A9856A87
  last_name: Boker
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: 'Boker U, Henzinger TA, Radhakrishna A. Battery transition systems. In: Vol
    49. ACM; 2014:595-606. doi:<a href="https://doi.org/10.1145/2535838.2535875">10.1145/2535838.2535875</a>'
  apa: 'Boker, U., Henzinger, T. A., &#38; Radhakrishna, A. (2014). Battery transition
    systems (Vol. 49, pp. 595–606). Presented at the POPL: Principles of Programming
    Languages, San Diego, USA: ACM. <a href="https://doi.org/10.1145/2535838.2535875">https://doi.org/10.1145/2535838.2535875</a>'
  chicago: Boker, Udi, Thomas A Henzinger, and Arjun Radhakrishna. “Battery Transition
    Systems,” 49:595–606. ACM, 2014. <a href="https://doi.org/10.1145/2535838.2535875">https://doi.org/10.1145/2535838.2535875</a>.
  ieee: 'U. Boker, T. A. Henzinger, and A. Radhakrishna, “Battery transition systems,”
    presented at the POPL: Principles of Programming Languages, San Diego, USA, 2014,
    vol. 49, no. 1, pp. 595–606.'
  ista: 'Boker U, Henzinger TA, Radhakrishna A. 2014. Battery transition systems.
    POPL: Principles of Programming Languages vol. 49, 595–606.'
  mla: Boker, Udi, et al. <i>Battery Transition Systems</i>. Vol. 49, no. 1, ACM,
    2014, pp. 595–606, doi:<a href="https://doi.org/10.1145/2535838.2535875">10.1145/2535838.2535875</a>.
  short: U. Boker, T.A. Henzinger, A. Radhakrishna, in:, ACM, 2014, pp. 595–606.
conference:
  end_date: 2014-01-24
  location: San Diego, USA
  name: 'POPL: Principles of Programming Languages'
  start_date: 2014-01-22
date_created: 2018-12-11T11:56:30Z
date_published: 2014-01-13T00:00:00Z
date_updated: 2021-01-12T06:56:13Z
day: '13'
department:
- _id: ToHe
doi: 10.1145/2535838.2535875
ec_funded: 1
intvolume: '        49'
issue: '1'
language:
- iso: eng
month: '01'
oa_version: None
page: 595 - 606
project:
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
publication_identifier:
  isbn:
  - 978-145032544-8
publication_status: published
publisher: ACM
publist_id: '4722'
quality_controlled: '1'
scopus_import: 1
status: public
title: Battery transition systems
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 49
year: '2014'
...
---
_id: '2445'
abstract:
- lang: eng
  text: We develop program synthesis techniques that can help programmers fix concurrency-related
    bugs. We make two new contributions to synthesis for concurrency, the first improving
    the efficiency of the synthesized code, and the second improving the efficiency
    of the synthesis procedure itself. The first contribution is to have the synthesis
    procedure explore a variety of (sequential) semantics-preserving program transformations.
    Classically, only one such transformation has been considered, namely, the insertion
    of synchronization primitives (such as locks). Based on common manual bug-fixing
    techniques used by Linux device-driver developers, we explore additional, more
    efficient transformations, such as the reordering of independent instructions.
    The second contribution is to speed up the counterexample-guided removal of concurrency
    bugs within the synthesis procedure by considering partial-order traces (instead
    of linear traces) as counterexamples. A partial-order error trace represents a
    set of linear (interleaved) traces of a concurrent program all of which lead to
    the same error. By eliminating a partial-order error trace, we eliminate in a
    single iteration of the synthesis procedure all linearizations of the partial-order
    trace. We evaluated our techniques on several simplified examples of real concurrency
    bugs that occurred in Linux device drivers.
alternative_title:
- LNCS
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Leonid
  full_name: Ryzhyk, Leonid
  last_name: Ryzhyk
- first_name: Thorsten
  full_name: Tarrach, Thorsten
  id: 3D6E8F2C-F248-11E8-B48F-1D18A9856A87
  last_name: Tarrach
  orcid: 0000-0003-4409-8487
citation:
  ama: 'Cerny P, Henzinger TA, Radhakrishna A, Ryzhyk L, Tarrach T. Efficient synthesis
    for concurrency by semantics-preserving transformations. In: Vol 8044. Springer;
    2013:951-967. doi:<a href="https://doi.org/10.1007/978-3-642-39799-8_68">10.1007/978-3-642-39799-8_68</a>'
  apa: 'Cerny, P., Henzinger, T. A., Radhakrishna, A., Ryzhyk, L., &#38; Tarrach,
    T. (2013). Efficient synthesis for concurrency by semantics-preserving transformations
    (Vol. 8044, pp. 951–967). Presented at the CAV: Computer Aided Verification, St.
    Petersburg, Russia: Springer. <a href="https://doi.org/10.1007/978-3-642-39799-8_68">https://doi.org/10.1007/978-3-642-39799-8_68</a>'
  chicago: Cerny, Pavol, Thomas A Henzinger, Arjun Radhakrishna, Leonid Ryzhyk, and
    Thorsten Tarrach. “Efficient Synthesis for Concurrency by Semantics-Preserving
    Transformations,” 8044:951–67. Springer, 2013. <a href="https://doi.org/10.1007/978-3-642-39799-8_68">https://doi.org/10.1007/978-3-642-39799-8_68</a>.
  ieee: 'P. Cerny, T. A. Henzinger, A. Radhakrishna, L. Ryzhyk, and T. Tarrach, “Efficient
    synthesis for concurrency by semantics-preserving transformations,” presented
    at the CAV: Computer Aided Verification, St. Petersburg, Russia, 2013, vol. 8044,
    pp. 951–967.'
  ista: 'Cerny P, Henzinger TA, Radhakrishna A, Ryzhyk L, Tarrach T. 2013. Efficient
    synthesis for concurrency by semantics-preserving transformations. CAV: Computer
    Aided Verification, LNCS, vol. 8044, 951–967.'
  mla: Cerny, Pavol, et al. <i>Efficient Synthesis for Concurrency by Semantics-Preserving
    Transformations</i>. Vol. 8044, Springer, 2013, pp. 951–67, doi:<a href="https://doi.org/10.1007/978-3-642-39799-8_68">10.1007/978-3-642-39799-8_68</a>.
  short: P. Cerny, T.A. Henzinger, A. Radhakrishna, L. Ryzhyk, T. Tarrach, in:, Springer,
    2013, pp. 951–967.
conference:
  end_date: 2013-07-19
  location: St. Petersburg, Russia
  name: 'CAV: Computer Aided Verification'
  start_date: 2013-07-13
date_created: 2018-12-11T11:57:42Z
date_published: 2013-07-01T00:00:00Z
date_updated: 2023-09-07T11:57:01Z
day: '01'
ddc:
- '000'
- '004'
department:
- _id: ToHe
doi: 10.1007/978-3-642-39799-8_68
ec_funded: 1
file:
- access_level: open_access
  checksum: 70c70ca5487faba82262c63e1b678a27
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:15:37Z
  date_updated: 2020-07-14T12:45:40Z
  file_id: '5158'
  file_name: IST-2014-199-v1+1_cav2013-final.pdf
  file_size: 365548
  relation: main_file
file_date_updated: 2020-07-14T12:45:40Z
has_accepted_license: '1'
intvolume: '      8044'
language:
- iso: eng
month: '07'
oa: 1
oa_version: Submitted Version
page: 951 - 967
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
publication_status: published
publisher: Springer
publist_id: '4458'
pubrep_id: '199'
quality_controlled: '1'
related_material:
  record:
  - id: '1130'
    relation: dissertation_contains
    status: public
scopus_import: 1
status: public
title: Efficient synthesis for concurrency by semantics-preserving transformations
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 8044
year: '2013'
...
---
_id: '2182'
abstract:
- lang: eng
  text: We propose a general framework for abstraction with respect to quantitative
    properties, such as worst-case execution time, or power consumption. Our framework
    provides a systematic way for counter-example guided abstraction refinement for
    quantitative properties. The salient aspect of the framework is that it allows
    anytime verification, that is, verification algorithms that can be stopped at
    any time (for example, due to exhaustion of memory), and report approximations
    that improve monotonically when the algorithms are given more time. We instantiate
    the framework with a number of quantitative abstractions and refinement schemes,
    which differ in terms of how much quantitative information they keep from the
    original system. We introduce both state-based and trace-based quantitative abstractions,
    and we describe conditions that define classes of quantitative properties for
    which the abstractions provide over-approximations. We give algorithms for evaluating
    the quantitative properties on the abstract systems. We present algorithms for
    counter-example based refinements for quantitative properties for both state-based
    and segment-based abstractions. We perform a case study on worst-case execution
    time of executables to evaluate the anytime verification aspect and the quantitative
    abstractions we proposed.
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: 'Cerny P, Henzinger TA, Radhakrishna A. Quantitative abstraction refinement.
    In: <i>Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles
    of Programming Language</i>. ACM; 2013:115-128. doi:<a href="https://doi.org/10.1145/2429069.2429085">10.1145/2429069.2429085</a>'
  apa: 'Cerny, P., Henzinger, T. A., &#38; Radhakrishna, A. (2013). Quantitative abstraction
    refinement. In <i>Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium
    on Principles of programming language</i> (pp. 115–128). Rome, Italy: ACM. <a
    href="https://doi.org/10.1145/2429069.2429085">https://doi.org/10.1145/2429069.2429085</a>'
  chicago: Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. “Quantitative
    Abstraction Refinement.” In <i>Proceedings of the 40th Annual ACM SIGPLAN-SIGACT
    Symposium on Principles of Programming Language</i>, 115–28. ACM, 2013. <a href="https://doi.org/10.1145/2429069.2429085">https://doi.org/10.1145/2429069.2429085</a>.
  ieee: P. Cerny, T. A. Henzinger, and A. Radhakrishna, “Quantitative abstraction
    refinement,” in <i>Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium
    on Principles of programming language</i>, Rome, Italy, 2013, pp. 115–128.
  ista: 'Cerny P, Henzinger TA, Radhakrishna A. 2013. Quantitative abstraction refinement.
    Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming
    language. POPL: Principles of Programming Languages, 115–128.'
  mla: Cerny, Pavol, et al. “Quantitative Abstraction Refinement.” <i>Proceedings
    of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Language</i>,
    ACM, 2013, pp. 115–28, doi:<a href="https://doi.org/10.1145/2429069.2429085">10.1145/2429069.2429085</a>.
  short: P. Cerny, T.A. Henzinger, A. Radhakrishna, in:, Proceedings of the 40th Annual
    ACM SIGPLAN-SIGACT Symposium on Principles of Programming Language, ACM, 2013,
    pp. 115–128.
conference:
  end_date: 2013-01-25
  location: Rome, Italy
  name: 'POPL: Principles of Programming Languages'
  start_date: 2013-07-23
date_created: 2018-12-11T11:56:11Z
date_published: 2013-01-01T00:00:00Z
date_updated: 2021-01-12T06:55:50Z
day: '01'
department:
- _id: ToHe
doi: 10.1145/2429069.2429085
ec_funded: 1
language:
- iso: eng
month: '01'
oa_version: None
page: 115 - 128
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25F5A88A-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S11402-N23
  name: Moderne Concurrency Paradigms
publication: Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles
  of programming language
publication_status: published
publisher: ACM
publist_id: '4800'
quality_controlled: '1'
scopus_import: 1
status: public
title: Quantitative abstraction refinement
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2013'
...
---
_id: '2890'
abstract:
- lang: eng
  text: 'Systems are often specified using multiple requirements on their behavior.
    In practice, these requirements can be contradictory. The classical approach to
    specification, verification, and synthesis demands more detailed specifications
    that resolve any contradictions in the requirements. These detailed specifications
    are usually large, cumbersome, and hard to maintain or modify. In contrast, quantitative
    frameworks allow the formalization of the intuitive idea that what is desired
    is an implementation that comes &quot;closest&quot; to satisfying the mutually
    incompatible requirements, according to a measure of fit that can be defined by
    the requirements engineer. One flexible framework for quantifying how &quot;well&quot;
    an implementation satisfies a specification is offered by simulation distances
    that are parameterized by an error model. We introduce this framework, study its
    properties, and provide an algorithmic solution for the following quantitative
    synthesis question: given two (or more) behavioral requirements specified by possibly
    incompatible finite-state machines, and an error model, find the finite-state
    implementation that minimizes the maximal simulation distance to the given requirements.
    Furthermore, we generalize the framework to handle infinite alphabets (for example,
    realvalued domains). We also demonstrate how quantitative specifications based
    on simulation distances might lead to smaller and easier to modify specifications.
    Finally, we illustrate our approach using case studies on error correcting codes
    and scheduler synthesis.'
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Sivakanth
  full_name: Gopi, Sivakanth
  last_name: Gopi
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Nishant
  full_name: Totla, Nishant
  last_name: Totla
citation:
  ama: 'Cerny P, Gopi S, Henzinger TA, Radhakrishna A, Totla N. Synthesis from incompatible
    specifications. In: <i>Proceedings of the Tenth ACM International Conference on
    Embedded Software</i>. ACM; 2012:53-62. doi:<a href="https://doi.org/10.1145/2380356.2380371">10.1145/2380356.2380371</a>'
  apa: 'Cerny, P., Gopi, S., Henzinger, T. A., Radhakrishna, A., &#38; Totla, N. (2012).
    Synthesis from incompatible specifications. In <i>Proceedings of the tenth ACM
    international conference on Embedded software</i> (pp. 53–62). Tampere, Finland:
    ACM. <a href="https://doi.org/10.1145/2380356.2380371">https://doi.org/10.1145/2380356.2380371</a>'
  chicago: Cerny, Pavol, Sivakanth Gopi, Thomas A Henzinger, Arjun Radhakrishna, and
    Nishant Totla. “Synthesis from Incompatible Specifications.” In <i>Proceedings
    of the Tenth ACM International Conference on Embedded Software</i>, 53–62. ACM,
    2012. <a href="https://doi.org/10.1145/2380356.2380371">https://doi.org/10.1145/2380356.2380371</a>.
  ieee: P. Cerny, S. Gopi, T. A. Henzinger, A. Radhakrishna, and N. Totla, “Synthesis
    from incompatible specifications,” in <i>Proceedings of the tenth ACM international
    conference on Embedded software</i>, Tampere, Finland, 2012, pp. 53–62.
  ista: 'Cerny P, Gopi S, Henzinger TA, Radhakrishna A, Totla N. 2012. Synthesis from
    incompatible specifications. Proceedings of the tenth ACM international conference
    on Embedded software. EMSOFT: Embedded Software , 53–62.'
  mla: Cerny, Pavol, et al. “Synthesis from Incompatible Specifications.” <i>Proceedings
    of the Tenth ACM International Conference on Embedded Software</i>, ACM, 2012,
    pp. 53–62, doi:<a href="https://doi.org/10.1145/2380356.2380371">10.1145/2380356.2380371</a>.
  short: P. Cerny, S. Gopi, T.A. Henzinger, A. Radhakrishna, N. Totla, in:, Proceedings
    of the Tenth ACM International Conference on Embedded Software, ACM, 2012, pp.
    53–62.
conference:
  end_date: 2012-10-12
  location: Tampere, Finland
  name: 'EMSOFT: Embedded Software '
  start_date: 2012-10-07
date_created: 2018-12-11T12:00:10Z
date_published: 2012-10-01T00:00:00Z
date_updated: 2021-01-12T07:00:30Z
day: '01'
department:
- _id: ToHe
doi: 10.1145/2380356.2380371
ec_funded: 1
language:
- iso: eng
month: '10'
oa_version: None
page: 53 - 62
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
publication: Proceedings of the tenth ACM international conference on Embedded software
publication_status: published
publisher: ACM
publist_id: '3868'
quality_controlled: '1'
scopus_import: 1
status: public
title: Synthesis from incompatible specifications
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
year: '2012'
...
---
_id: '2916'
abstract:
- lang: eng
  text: The classical (boolean) notion of refinement for behavioral interfaces of
    system components is the alternating refinement preorder. In this paper, we define
    a quantitative measure for interfaces, called interface simulation distance. It
    makes the alternating refinement preorder quantitative by, intu- itively, tolerating
    errors (while counting them) in the alternating simulation game. We show that
    the interface simulation distance satisfies the triangle inequality, that the
    distance between two interfaces does not increase under parallel composition with
    a third interface, and that the distance between two interfaces can be bounded
    from above and below by distances between abstractions of the two interfaces.
    We illustrate the framework, and the properties of the distances under composition
    of interfaces, with two case studies.
arxiv: 1
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Martin
  full_name: Chmelik, Martin
  id: 3624234E-F248-11E8-B48F-1D18A9856A87
  last_name: Chmelik
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: 'Cerny P, Chmelik M, Henzinger TA, Radhakrishna A. Interface Simulation Distances.
    In: <i>Electronic Proceedings in Theoretical Computer Science</i>. Vol 96. EPTCS;
    2012:29-42. doi:<a href="https://doi.org/10.4204/EPTCS.96.3">10.4204/EPTCS.96.3</a>'
  apa: 'Cerny, P., Chmelik, M., Henzinger, T. A., &#38; Radhakrishna, A. (2012). Interface
    Simulation Distances. In <i>Electronic Proceedings in Theoretical Computer Science</i>
    (Vol. 96, pp. 29–42). Napoli, Italy: EPTCS. <a href="https://doi.org/10.4204/EPTCS.96.3">https://doi.org/10.4204/EPTCS.96.3</a>'
  chicago: Cerny, Pavol, Martin Chmelik, Thomas A Henzinger, and Arjun Radhakrishna.
    “Interface Simulation Distances.” In <i>Electronic Proceedings in Theoretical
    Computer Science</i>, 96:29–42. EPTCS, 2012. <a href="https://doi.org/10.4204/EPTCS.96.3">https://doi.org/10.4204/EPTCS.96.3</a>.
  ieee: P. Cerny, M. Chmelik, T. A. Henzinger, and A. Radhakrishna, “Interface Simulation
    Distances,” in <i>Electronic Proceedings in Theoretical Computer Science</i>,
    Napoli, Italy, 2012, vol. 96, pp. 29–42.
  ista: 'Cerny P, Chmelik M, Henzinger TA, Radhakrishna A. 2012. Interface Simulation
    Distances. Electronic Proceedings in Theoretical Computer Science. GandALF: Games,
    Automata, Logic, and Formal Verification vol. 96, 29–42.'
  mla: Cerny, Pavol, et al. “Interface Simulation Distances.” <i>Electronic Proceedings
    in Theoretical Computer Science</i>, vol. 96, EPTCS, 2012, pp. 29–42, doi:<a href="https://doi.org/10.4204/EPTCS.96.3">10.4204/EPTCS.96.3</a>.
  short: P. Cerny, M. Chmelik, T.A. Henzinger, A. Radhakrishna, in:, Electronic Proceedings
    in Theoretical Computer Science, EPTCS, 2012, pp. 29–42.
conference:
  end_date: 2012-09-08
  location: Napoli, Italy
  name: 'GandALF: Games, Automata, Logic, and Formal Verification'
  start_date: 2012-09-06
date_created: 2018-12-11T12:00:19Z
date_published: 2012-10-07T00:00:00Z
date_updated: 2023-02-23T10:12:05Z
day: '07'
department:
- _id: ToHe
- _id: KrCh
doi: 10.4204/EPTCS.96.3
ec_funded: 1
external_id:
  arxiv:
  - '1210.2450'
intvolume: '        96'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: http://arxiv.org/abs/1210.2450
month: '10'
oa: 1
oa_version: Submitted Version
page: 29 - 42
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
- _id: 2584A770-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: P 23499-N23
  name: Modern Graph Algorithmic Techniques in Formal Verification
- _id: 2581B60A-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '279307'
  name: 'Quantitative Graph Games: Theory and Applications'
- _id: 2587B514-B435-11E9-9278-68D0E5697425
  name: Microsoft Research Faculty Fellowship
publication: Electronic Proceedings in Theoretical Computer Science
publication_status: published
publisher: EPTCS
publist_id: '3827'
quality_controlled: '1'
related_material:
  record:
  - id: '1733'
    relation: later_version
    status: public
scopus_import: 1
status: public
title: Interface Simulation Distances
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 96
year: '2012'
...
---
_id: '3249'
abstract:
- lang: eng
  text: Boolean notions of correctness are formalized by preorders on systems. Quantitative
    measures of correctness can be formalized by real-valued distance functions between
    systems, where the distance between implementation and specification provides
    a measure of &quot;fit&quot; or &quot;desirability&quot;. We extend the simulation
    preorder to the quantitative setting by making each player of a simulation game
    pay a certain price for her choices. We use the resulting games with quantitative
    objectives to define three different simulation distances. The correctness distance
    measures how much the specification must be changed in order to be satisfied by
    the implementation. The coverage distance measures how much the implementation
    restricts the degrees of freedom offered by the specification. The robustness
    distance measures how much a system can deviate from the implementation description
    without violating the specification. We consider these distances for safety as
    well as liveness specifications. The distances can be computed in polynomial time
    for safety specifications, and for liveness specifications given by weak fairness
    constraints. We show that the distance functions satisfy the triangle inequality,
    that the distance between two systems does not increase under parallel composition
    with a third system, and that the distance between two systems can be bounded
    from above and below by distances between abstractions of the two systems. These
    properties suggest that our simulation distances provide an appropriate basis
    for a quantitative theory of discrete systems. We also demonstrate how the robustness
    distance can be used to measure how many transmission errors are tolerated by
    error correcting codes.
acknowledgement: This work was partially supported by the ERC Advanced Grant QUAREM,
  the FWF NFN Grant S11402-N23 (RiSE), the European Union project COMBEST and the
  European Network of Excellence Artist Design.
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: Cerny P, Henzinger TA, Radhakrishna A. Simulation distances. <i>Theoretical
    Computer Science</i>. 2012;413(1):21-35. doi:<a href="https://doi.org/10.1016/j.tcs.2011.08.002">10.1016/j.tcs.2011.08.002</a>
  apa: Cerny, P., Henzinger, T. A., &#38; Radhakrishna, A. (2012). Simulation distances.
    <i>Theoretical Computer Science</i>. Elsevier. <a href="https://doi.org/10.1016/j.tcs.2011.08.002">https://doi.org/10.1016/j.tcs.2011.08.002</a>
  chicago: Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. “Simulation Distances.”
    <i>Theoretical Computer Science</i>. Elsevier, 2012. <a href="https://doi.org/10.1016/j.tcs.2011.08.002">https://doi.org/10.1016/j.tcs.2011.08.002</a>.
  ieee: P. Cerny, T. A. Henzinger, and A. Radhakrishna, “Simulation distances,” <i>Theoretical
    Computer Science</i>, vol. 413, no. 1. Elsevier, pp. 21–35, 2012.
  ista: Cerny P, Henzinger TA, Radhakrishna A. 2012. Simulation distances. Theoretical
    Computer Science. 413(1), 21–35.
  mla: Cerny, Pavol, et al. “Simulation Distances.” <i>Theoretical Computer Science</i>,
    vol. 413, no. 1, Elsevier, 2012, pp. 21–35, doi:<a href="https://doi.org/10.1016/j.tcs.2011.08.002">10.1016/j.tcs.2011.08.002</a>.
  short: P. Cerny, T.A. Henzinger, A. Radhakrishna, Theoretical Computer Science 413
    (2012) 21–35.
date_created: 2018-12-11T12:02:15Z
date_published: 2012-01-06T00:00:00Z
date_updated: 2023-02-23T12:24:04Z
day: '06'
department:
- _id: ToHe
doi: 10.1016/j.tcs.2011.08.002
ec_funded: 1
intvolume: '       413'
issue: '1'
language:
- iso: eng
month: '01'
oa_version: None
page: 21 - 35
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
- _id: 25EFB36C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '215543'
  name: COMponent-Based Embedded Systems design Techniques
- _id: 25F1337C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '214373'
  name: Design for Embedded Systems
publication: Theoretical Computer Science
publication_status: published
publisher: Elsevier
publist_id: '3408'
pubrep_id: '42'
quality_controlled: '1'
related_material:
  record:
  - id: '4393'
    relation: earlier_version
    status: public
  - id: '5389'
    relation: earlier_version
    status: public
scopus_import: 1
status: public
title: Simulation distances
type: journal_article
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 413
year: '2012'
...
---
_id: '3366'
abstract:
- lang: eng
  text: 'We present an algorithmic method for the quantitative, performance-aware
    synthesis of concurrent programs. The input consists of a nondeterministic partial
    program and of a parametric performance model. The nondeterminism allows the programmer
    to omit which (if any) synchronization construct is used at a particular program
    location. The performance model, specified as a weighted automaton, can capture
    system architectures by assigning different costs to actions such as locking,
    context switching, and memory and cache accesses. The quantitative synthesis problem
    is to automatically resolve the nondeterminism of the partial program so that
    both correctness is guaranteed and performance is optimal. As is standard for
    shared memory concurrency, correctness is formalized &quot;specification free&quot;,
    in particular as race freedom or deadlock freedom. For worst-case (average-case)
    performance, we show that the problem can be reduced to 2-player graph games (with
    probabilistic transitions) with quantitative objectives. While we show, using
    game-theoretic methods, that the synthesis problem is Nexp-complete, we present
    an algorithmic method and an implementation that works efficiently for concurrent
    programs and performance models of practical interest. We have implemented a prototype
    tool and used it to synthesize finite-state concurrent programs that exhibit different
    programming patterns, for several performance models representing different architectures. '
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Krishnendu
  full_name: Chatterjee, Krishnendu
  id: 2E5DCA20-F248-11E8-B48F-1D18A9856A87
  last_name: Chatterjee
  orcid: 0000-0002-4561-241X
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Rohit
  full_name: Singh, Rohit
  last_name: Singh
citation:
  ama: 'Cerny P, Chatterjee K, Henzinger TA, Radhakrishna A, Singh R. Quantitative
    synthesis for concurrent programs. In: Gopalakrishnan G, Qadeer S, eds. Vol 6806.
    Springer; 2011:243-259. doi:<a href="https://doi.org/10.1007/978-3-642-22110-1_20">10.1007/978-3-642-22110-1_20</a>'
  apa: 'Cerny, P., Chatterjee, K., Henzinger, T. A., Radhakrishna, A., &#38; Singh,
    R. (2011). Quantitative synthesis for concurrent programs. In G. Gopalakrishnan
    &#38; S. Qadeer (Eds.) (Vol. 6806, pp. 243–259). Presented at the CAV: Computer
    Aided Verification, Snowbird, USA: Springer. <a href="https://doi.org/10.1007/978-3-642-22110-1_20">https://doi.org/10.1007/978-3-642-22110-1_20</a>'
  chicago: Cerny, Pavol, Krishnendu Chatterjee, Thomas A Henzinger, Arjun Radhakrishna,
    and Rohit Singh. “Quantitative Synthesis for Concurrent Programs.” edited by Ganesh
    Gopalakrishnan and Shaz Qadeer, 6806:243–59. Springer, 2011. <a href="https://doi.org/10.1007/978-3-642-22110-1_20">https://doi.org/10.1007/978-3-642-22110-1_20</a>.
  ieee: 'P. Cerny, K. Chatterjee, T. A. Henzinger, A. Radhakrishna, and R. Singh,
    “Quantitative synthesis for concurrent programs,” presented at the CAV: Computer
    Aided Verification, Snowbird, USA, 2011, vol. 6806, pp. 243–259.'
  ista: 'Cerny P, Chatterjee K, Henzinger TA, Radhakrishna A, Singh R. 2011. Quantitative
    synthesis for concurrent programs. CAV: Computer Aided Verification, LNCS, vol.
    6806, 243–259.'
  mla: Cerny, Pavol, et al. <i>Quantitative Synthesis for Concurrent Programs</i>.
    Edited by Ganesh Gopalakrishnan and Shaz Qadeer, vol. 6806, Springer, 2011, pp.
    243–59, doi:<a href="https://doi.org/10.1007/978-3-642-22110-1_20">10.1007/978-3-642-22110-1_20</a>.
  short: P. Cerny, K. Chatterjee, T.A. Henzinger, A. Radhakrishna, R. Singh, in:,
    G. Gopalakrishnan, S. Qadeer (Eds.), Springer, 2011, pp. 243–259.
conference:
  end_date: 2011-07-20
  location: Snowbird, USA
  name: 'CAV: Computer Aided Verification'
  start_date: 2011-07-14
date_created: 2018-12-11T12:02:55Z
date_published: 2011-04-21T00:00:00Z
date_updated: 2023-02-23T12:24:01Z
day: '21'
ddc:
- '000'
- '004'
department:
- _id: ToHe
- _id: KrCh
doi: 10.1007/978-3-642-22110-1_20
ec_funded: 1
editor:
- first_name: Ganesh
  full_name: Gopalakrishnan, Ganesh
  last_name: Gopalakrishnan
- first_name: Shaz
  full_name: Qadeer, Shaz
  last_name: Qadeer
file:
- access_level: open_access
  checksum: c033689355f45742dc7c99b5af13ce7a
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:15:51Z
  date_updated: 2020-07-14T12:46:10Z
  file_id: '5174'
  file_name: IST-2012-76-v1+1_Quantitative_synthesis_for_concurrent_programs.pdf
  file_size: 508946
  relation: main_file
file_date_updated: 2020-07-14T12:46:10Z
has_accepted_license: '1'
intvolume: '      6806'
language:
- iso: eng
month: '04'
oa: 1
oa_version: Submitted Version
page: 243 - 259
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25F5A88A-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S11402-N23
  name: Moderne Concurrency Paradigms
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
- _id: 2587B514-B435-11E9-9278-68D0E5697425
  name: Microsoft Research Faculty Fellowship
- _id: 25F1337C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '214373'
  name: Design for Embedded Systems
publication_status: published
publisher: Springer
publist_id: '3247'
pubrep_id: '76'
quality_controlled: '1'
related_material:
  record:
  - id: '5388'
    relation: earlier_version
    status: public
status: public
title: Quantitative synthesis for concurrent programs
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 6806
year: '2011'
...
---
_id: '5388'
abstract:
- lang: eng
  text: "We present an algorithmic method for the synthesis of concurrent programs
    that are optimal with respect to quantitative performance measures. The input
    consists of a sequential sketch, that is, a program that does not contain synchronization
    constructs, and of a parametric performance model that assigns costs to actions
    such as locking, context switching, and idling. The quantitative synthesis problem
    is to automatically introduce synchronization constructs into the sequential sketch
    so that both correctness is guaranteed and worst-case (or average-case) performance
    is optimized. Correctness is formalized as race freedom or linearizability.\r\n\r\nWe
    show that for worst-case performance, the problem can be modeled\r\nas a 2-player
    graph game with quantitative (limit-average) objectives, and\r\nfor average-case
    performance, as a 2 1/2 -player graph game (with probabilistic transitions). In
    both cases, the optimal correct program is derived from an optimal strategy in
    the corresponding quantitative game. We prove that the respective game problems
    are computationally expensive (NP-complete), and present several techniques that
    overcome the theoretical difficulty in cases of concurrent programs of practical
    interest.\r\n\r\nWe have implemented a prototype tool and used it for the automatic
    syn- thesis of programs that access a concurrent list. For certain parameter val-
    ues, our method automatically synthesizes various classical synchronization schemes
    for implementing a concurrent list, such as fine-grained locking or a lazy algorithm.
    For other parameter values, a new, hybrid synchronization style is synthesized,
    which uses both the lazy approach and coarse-grained locks (instead of standard
    fine-grained locks). The trade-off occurs because while fine-grained locking tends
    to decrease the cost that is due to waiting for locks, it increases cache size
    requirements."
alternative_title:
- IST Austria Technical Report
author:
- first_name: Krishnendu
  full_name: Chatterjee, Krishnendu
  id: 2E5DCA20-F248-11E8-B48F-1D18A9856A87
  last_name: Chatterjee
  orcid: 0000-0002-4561-241X
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Rohit
  full_name: Singh, Rohit
  last_name: Singh
citation:
  ama: Chatterjee K, Cerny P, Henzinger TA, Radhakrishna A, Singh R. <i>Quantitative
    Synthesis for Concurrent Programs</i>. IST Austria; 2010. doi:<a href="https://doi.org/10.15479/AT:IST-2010-0004">10.15479/AT:IST-2010-0004</a>
  apa: Chatterjee, K., Cerny, P., Henzinger, T. A., Radhakrishna, A., &#38; Singh,
    R. (2010). <i>Quantitative synthesis for concurrent programs</i>. IST Austria.
    <a href="https://doi.org/10.15479/AT:IST-2010-0004">https://doi.org/10.15479/AT:IST-2010-0004</a>
  chicago: Chatterjee, Krishnendu, Pavol Cerny, Thomas A Henzinger, Arjun Radhakrishna,
    and Rohit Singh. <i>Quantitative Synthesis for Concurrent Programs</i>. IST Austria,
    2010. <a href="https://doi.org/10.15479/AT:IST-2010-0004">https://doi.org/10.15479/AT:IST-2010-0004</a>.
  ieee: K. Chatterjee, P. Cerny, T. A. Henzinger, A. Radhakrishna, and R. Singh, <i>Quantitative
    synthesis for concurrent programs</i>. IST Austria, 2010.
  ista: Chatterjee K, Cerny P, Henzinger TA, Radhakrishna A, Singh R. 2010. Quantitative
    synthesis for concurrent programs, IST Austria, 17p.
  mla: Chatterjee, Krishnendu, et al. <i>Quantitative Synthesis for Concurrent Programs</i>.
    IST Austria, 2010, doi:<a href="https://doi.org/10.15479/AT:IST-2010-0004">10.15479/AT:IST-2010-0004</a>.
  short: K. Chatterjee, P. Cerny, T.A. Henzinger, A. Radhakrishna, R. Singh, Quantitative
    Synthesis for Concurrent Programs, IST Austria, 2010.
date_created: 2018-12-12T11:39:03Z
date_published: 2010-10-07T00:00:00Z
date_updated: 2023-02-23T11:24:08Z
day: '07'
ddc:
- '000'
- '005'
department:
- _id: KrCh
- _id: ToHe
doi: 10.15479/AT:IST-2010-0004
file:
- access_level: open_access
  checksum: da38782d2388a6fa32109d10bb9bad67
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T11:53:53Z
  date_updated: 2020-07-14T12:46:42Z
  file_id: '5515'
  file_name: IST-2010-0004_IST-2010-0004.pdf
  file_size: 429101
  relation: main_file
file_date_updated: 2020-07-14T12:46:42Z
has_accepted_license: '1'
language:
- iso: eng
month: '10'
oa: 1
oa_version: Published Version
page: '17'
publication_identifier:
  issn:
  - 2664-1690
publication_status: published
publisher: IST Austria
pubrep_id: '24'
related_material:
  record:
  - id: '3366'
    relation: later_version
    status: public
status: public
title: Quantitative synthesis for concurrent programs
type: technical_report
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2010'
...
---
_id: '5389'
abstract:
- lang: eng
  text: Boolean notions of correctness are formalized by preorders on systems. Quantitative
    measures of correctness can be formalized by real-valued distance functions between
    systems, where the distance between implementation and specification provides
    a measure of “fit” or “desirability.” We extend the simulation preorder to the
    quantitative setting, by making each player of a simulation game pay a certain
    price for her choices. We use the resulting games with quantitative objectives
    to define three different simulation distances. The correctness distance measures
    how much the specification must be changed in order to be satisfied by the implementation.
    The coverage distance measures how much the im- plementation restricts the degrees
    of freedom offered by the specification. The robustness distance measures how
    much a system can deviate from the implementation description without violating
    the specification. We consider these distances for safety as well as liveness
    specifications. The distances can be computed in polynomial time for safety specifications,
    and for liveness specifications given by weak fairness constraints. We show that
    the distance functions satisfy the triangle inequality, that the distance between
    two systems does not increase under parallel composition with a third system,
    and that the distance between two systems can be bounded from above and below
    by distances between abstractions of the two systems. These properties suggest
    that our simulation distances provide an appropriate basis for a quantitative
    theory of discrete systems. We also demonstrate how the robustness distance can
    be used to measure how many transmission errors are tolerated by error correcting
    codes.
alternative_title:
- IST Austria Technical Report
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: Cerny P, Henzinger TA, Radhakrishna A. <i>Simulation Distances</i>. IST Austria;
    2010. doi:<a href="https://doi.org/10.15479/AT:IST-2010-0003">10.15479/AT:IST-2010-0003</a>
  apa: Cerny, P., Henzinger, T. A., &#38; Radhakrishna, A. (2010). <i>Simulation distances</i>.
    IST Austria. <a href="https://doi.org/10.15479/AT:IST-2010-0003">https://doi.org/10.15479/AT:IST-2010-0003</a>
  chicago: Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. <i>Simulation
    Distances</i>. IST Austria, 2010. <a href="https://doi.org/10.15479/AT:IST-2010-0003">https://doi.org/10.15479/AT:IST-2010-0003</a>.
  ieee: P. Cerny, T. A. Henzinger, and A. Radhakrishna, <i>Simulation distances</i>.
    IST Austria, 2010.
  ista: Cerny P, Henzinger TA, Radhakrishna A. 2010. Simulation distances, IST Austria,
    24p.
  mla: Cerny, Pavol, et al. <i>Simulation Distances</i>. IST Austria, 2010, doi:<a
    href="https://doi.org/10.15479/AT:IST-2010-0003">10.15479/AT:IST-2010-0003</a>.
  short: P. Cerny, T.A. Henzinger, A. Radhakrishna, Simulation Distances, IST Austria,
    2010.
date_created: 2018-12-12T11:39:03Z
date_published: 2010-06-04T00:00:00Z
date_updated: 2023-02-23T12:09:16Z
day: '04'
ddc:
- '005'
department:
- _id: ToHe
doi: 10.15479/AT:IST-2010-0003
file:
- access_level: open_access
  checksum: 284ded99764e32a583a8ea83fcea254b
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T11:54:25Z
  date_updated: 2020-07-14T12:46:42Z
  file_id: '5547'
  file_name: IST-2010-0003_IST-2010-0003.pdf
  file_size: 367246
  relation: main_file
file_date_updated: 2020-07-14T12:46:42Z
has_accepted_license: '1'
language:
- iso: eng
month: '06'
oa: 1
oa_version: Published Version
page: '24'
publication_identifier:
  issn:
  - 2664-1690
publication_status: published
publisher: IST Austria
pubrep_id: '25'
related_material:
  record:
  - id: '3249'
    relation: later_version
    status: public
  - id: '4393'
    relation: later_version
    status: public
status: public
title: Simulation distances
type: technical_report
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2010'
...
---
_id: '5391'
abstract:
- lang: eng
  text: Concurrent data structures with fine-grained synchronization are notoriously
    difficult to implement correctly. The difficulty of reasoning about these implementations
    does not stem from the number of variables or the program size, but rather from
    the large number of possible interleavings. These implementations are therefore
    prime candidates for model checking. We introduce an algorithm for verifying linearizability
    of singly-linked heap-based concurrent data structures. We consider a model consisting
    of an unbounded heap where each node consists an element from an unbounded data
    domain, with a restricted set of operations for testing and updating pointers
    and data elements. Our main result is that linearizability is decidable for programs
    that invoke a fixed number of methods, possibly in parallel. This decidable fragment
    covers many of the common implementation techniques — fine-grained locking, lazy
    synchronization, and lock-free synchronization. We also show how the technique
    can be used to verify optimistic implementations with the help of programmer annotations.
    We developed a verification tool CoLT and evaluated it on a representative sample
    of Java implementations of the concurrent set data structure. The tool verified
    linearizability of a number of implementations, found a known error in a lock-free
    imple- mentation and proved that the corrected version is linearizable.
alternative_title:
- IST Austria Technical Report
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Damien
  full_name: Zufferey, Damien
  id: 4397AC76-F248-11E8-B48F-1D18A9856A87
  last_name: Zufferey
  orcid: 0000-0002-3197-8736
- first_name: Swarat
  full_name: Chaudhuri, Swarat
  last_name: Chaudhuri
- first_name: Rajeev
  full_name: Alur, Rajeev
  last_name: Alur
citation:
  ama: Cerny P, Radhakrishna A, Zufferey D, Chaudhuri S, Alur R. <i>Model Checking
    of Linearizability of Concurrent List Implementations</i>. IST Austria; 2010.
    doi:<a href="https://doi.org/10.15479/AT:IST-2010-0001">10.15479/AT:IST-2010-0001</a>
  apa: Cerny, P., Radhakrishna, A., Zufferey, D., Chaudhuri, S., &#38; Alur, R. (2010).
    <i>Model checking of linearizability of concurrent list implementations</i>. IST
    Austria. <a href="https://doi.org/10.15479/AT:IST-2010-0001">https://doi.org/10.15479/AT:IST-2010-0001</a>
  chicago: Cerny, Pavol, Arjun Radhakrishna, Damien Zufferey, Swarat Chaudhuri, and
    Rajeev Alur. <i>Model Checking of Linearizability of Concurrent List Implementations</i>.
    IST Austria, 2010. <a href="https://doi.org/10.15479/AT:IST-2010-0001">https://doi.org/10.15479/AT:IST-2010-0001</a>.
  ieee: P. Cerny, A. Radhakrishna, D. Zufferey, S. Chaudhuri, and R. Alur, <i>Model
    checking of linearizability of concurrent list implementations</i>. IST Austria,
    2010.
  ista: Cerny P, Radhakrishna A, Zufferey D, Chaudhuri S, Alur R. 2010. Model checking
    of linearizability of concurrent list implementations, IST Austria, 27p.
  mla: Cerny, Pavol, et al. <i>Model Checking of Linearizability of Concurrent List
    Implementations</i>. IST Austria, 2010, doi:<a href="https://doi.org/10.15479/AT:IST-2010-0001">10.15479/AT:IST-2010-0001</a>.
  short: P. Cerny, A. Radhakrishna, D. Zufferey, S. Chaudhuri, R. Alur, Model Checking
    of Linearizability of Concurrent List Implementations, IST Austria, 2010.
date_created: 2018-12-12T11:39:04Z
date_published: 2010-04-19T00:00:00Z
date_updated: 2023-02-23T12:09:09Z
day: '19'
ddc:
- '004'
department:
- _id: ToHe
doi: 10.15479/AT:IST-2010-0001
file:
- access_level: open_access
  checksum: 986645caad7dd85a6a091488f6c646dc
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T11:53:44Z
  date_updated: 2020-07-14T12:46:43Z
  file_id: '5505'
  file_name: IST-2010-0001_IST-2010-0001.pdf
  file_size: 372286
  relation: main_file
file_date_updated: 2020-07-14T12:46:43Z
has_accepted_license: '1'
language:
- iso: eng
month: '04'
oa: 1
oa_version: Published Version
page: '27'
publication_identifier:
  issn:
  - 2664-1690
publication_status: published
publisher: IST Austria
pubrep_id: '27'
related_material:
  record:
  - id: '4390'
    relation: later_version
    status: public
status: public
title: Model checking of linearizability of concurrent list implementations
type: technical_report
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2010'
...
---
_id: '4388'
abstract:
- lang: eng
  text: GIST is a tool that (a) solves the qualitative analysis problem of turn-based
    probabilistic games with ω-regular objectives; and (b) synthesizes reasonable
    environment assumptions for synthesis of unrealizable specifications. Our tool
    provides the first and efficient implementations of several reduction-based techniques
    to solve turn-based probabilistic games, and uses the analysis of turn-based probabilistic
    games for synthesizing environment assumptions for unrealizable specifications.
alternative_title:
- LNCS
article_processing_charge: No
arxiv: 1
author:
- first_name: Krishnendu
  full_name: Chatterjee, Krishnendu
  id: 2E5DCA20-F248-11E8-B48F-1D18A9856A87
  last_name: Chatterjee
  orcid: 0000-0002-4561-241X
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Barbara
  full_name: Jobstmann, Barbara
  last_name: Jobstmann
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: 'Chatterjee K, Henzinger TA, Jobstmann B, Radhakrishna A. GIST: A solver for
    probabilistic games. In: Vol 6174. Springer; 2010:665-669. doi:<a href="https://doi.org/10.1007/978-3-642-14295-6_57">10.1007/978-3-642-14295-6_57</a>'
  apa: 'Chatterjee, K., Henzinger, T. A., Jobstmann, B., &#38; Radhakrishna, A. (2010).
    GIST: A solver for probabilistic games (Vol. 6174, pp. 665–669). Presented at
    the CAV: Computer Aided Verification, Edinburgh, UK: Springer. <a href="https://doi.org/10.1007/978-3-642-14295-6_57">https://doi.org/10.1007/978-3-642-14295-6_57</a>'
  chicago: 'Chatterjee, Krishnendu, Thomas A Henzinger, Barbara Jobstmann, and Arjun
    Radhakrishna. “GIST: A Solver for Probabilistic Games,” 6174:665–69. Springer,
    2010. <a href="https://doi.org/10.1007/978-3-642-14295-6_57">https://doi.org/10.1007/978-3-642-14295-6_57</a>.'
  ieee: 'K. Chatterjee, T. A. Henzinger, B. Jobstmann, and A. Radhakrishna, “GIST:
    A solver for probabilistic games,” presented at the CAV: Computer Aided Verification,
    Edinburgh, UK, 2010, vol. 6174, pp. 665–669.'
  ista: 'Chatterjee K, Henzinger TA, Jobstmann B, Radhakrishna A. 2010. GIST: A solver
    for probabilistic games. CAV: Computer Aided Verification, LNCS, vol. 6174, 665–669.'
  mla: 'Chatterjee, Krishnendu, et al. <i>GIST: A Solver for Probabilistic Games</i>.
    Vol. 6174, Springer, 2010, pp. 665–69, doi:<a href="https://doi.org/10.1007/978-3-642-14295-6_57">10.1007/978-3-642-14295-6_57</a>.'
  short: K. Chatterjee, T.A. Henzinger, B. Jobstmann, A. Radhakrishna, in:, Springer,
    2010, pp. 665–669.
conference:
  end_date: 2010-07-17
  location: Edinburgh, UK
  name: 'CAV: Computer Aided Verification'
  start_date: 2010-07-15
date_created: 2018-12-11T12:08:36Z
date_published: 2010-07-01T00:00:00Z
date_updated: 2023-02-23T12:24:17Z
day: '01'
ddc:
- '004'
department:
- _id: KrCh
- _id: ToHe
doi: 10.1007/978-3-642-14295-6_57
ec_funded: 1
external_id:
  arxiv:
  - '1004.2367'
file:
- access_level: open_access
  checksum: 0b2ef8c4037ffccc6902d93081af24f7
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:16:33Z
  date_updated: 2020-07-14T12:46:28Z
  file_id: '5221'
  file_name: IST-2012-43-v1+1_GIST-_A_solver_for_probabilistic_games.pdf
  file_size: 293605
  relation: main_file
file_date_updated: 2020-07-14T12:46:28Z
has_accepted_license: '1'
intvolume: '      6174'
language:
- iso: eng
month: '07'
oa: 1
oa_version: Submitted Version
page: 665 - 669
project:
- _id: 25EFB36C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '215543'
  name: COMponent-Based Embedded Systems design Techniques
- _id: 25F1337C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '214373'
  name: Design for Embedded Systems
publication_status: published
publisher: Springer
publist_id: '1068'
pubrep_id: '43'
quality_controlled: '1'
related_material:
  record:
  - id: '5393'
    relation: earlier_version
    status: public
scopus_import: 1
status: public
title: 'GIST: A solver for probabilistic games'
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 6174
year: '2010'
...
---
_id: '4390'
abstract:
- lang: eng
  text: Concurrent data structures with fine-grained synchronization are notoriously
    difficult to implement correctly. The difficulty of reasoning about these implementations
    does not stem from the number of variables or the program size, but rather from
    the large number of possible interleavings. These implementations are therefore
    prime candidates for model checking. We introduce an algorithm for verifying linearizability
    of singly-linked heap-based concurrent data structures. We consider a model consisting
    of an unbounded heap where each vertex stores an element from an unbounded data
    domain, with a restricted set of operations for testing and updating pointers
    and data elements. Our main result is that linearizability is decidable for programs
    that invoke a fixed number of methods, possibly in parallel. This decidable fragment
    covers many of the common implementation techniques — fine-grained locking, lazy
    synchronization, and lock-free synchronization. We also show how the technique
    can be used to verify optimistic implementations with the help of programmer annotations.
    We developed a verification tool CoLT and evaluated it on a representative sample
    of Java implementations of the concurrent set data structure. The tool verified
    linearizability of a number of implementations, found a known error in a lock-free
    implementation and proved that the corrected version is linearizable.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Damien
  full_name: Zufferey, Damien
  id: 4397AC76-F248-11E8-B48F-1D18A9856A87
  last_name: Zufferey
  orcid: 0000-0002-3197-8736
- first_name: Swarat
  full_name: Chaudhuri, Swarat
  last_name: Chaudhuri
- first_name: Rajeev
  full_name: Alur, Rajeev
  last_name: Alur
citation:
  ama: 'Cerny P, Radhakrishna A, Zufferey D, Chaudhuri S, Alur R. Model checking of
    linearizability of concurrent list implementations. In: Vol 6174. Springer; 2010:465-479.
    doi:<a href="https://doi.org/10.1007/978-3-642-14295-6_41">10.1007/978-3-642-14295-6_41</a>'
  apa: 'Cerny, P., Radhakrishna, A., Zufferey, D., Chaudhuri, S., &#38; Alur, R. (2010).
    Model checking of linearizability of concurrent list implementations (Vol. 6174,
    pp. 465–479). Presented at the CAV: Computer Aided Verification, Edinburgh, UK:
    Springer. <a href="https://doi.org/10.1007/978-3-642-14295-6_41">https://doi.org/10.1007/978-3-642-14295-6_41</a>'
  chicago: Cerny, Pavol, Arjun Radhakrishna, Damien Zufferey, Swarat Chaudhuri, and
    Rajeev Alur. “Model Checking of Linearizability of Concurrent List Implementations,”
    6174:465–79. Springer, 2010. <a href="https://doi.org/10.1007/978-3-642-14295-6_41">https://doi.org/10.1007/978-3-642-14295-6_41</a>.
  ieee: 'P. Cerny, A. Radhakrishna, D. Zufferey, S. Chaudhuri, and R. Alur, “Model
    checking of linearizability of concurrent list implementations,” presented at
    the CAV: Computer Aided Verification, Edinburgh, UK, 2010, vol. 6174, pp. 465–479.'
  ista: 'Cerny P, Radhakrishna A, Zufferey D, Chaudhuri S, Alur R. 2010. Model checking
    of linearizability of concurrent list implementations. CAV: Computer Aided Verification,
    LNCS, vol. 6174, 465–479.'
  mla: Cerny, Pavol, et al. <i>Model Checking of Linearizability of Concurrent List
    Implementations</i>. Vol. 6174, Springer, 2010, pp. 465–79, doi:<a href="https://doi.org/10.1007/978-3-642-14295-6_41">10.1007/978-3-642-14295-6_41</a>.
  short: P. Cerny, A. Radhakrishna, D. Zufferey, S. Chaudhuri, R. Alur, in:, Springer,
    2010, pp. 465–479.
conference:
  end_date: 2010-07-17
  location: Edinburgh, UK
  name: 'CAV: Computer Aided Verification'
  start_date: 2010-07-15
date_created: 2018-12-11T12:08:36Z
date_published: 2010-07-01T00:00:00Z
date_updated: 2023-02-23T12:24:12Z
day: '01'
ddc:
- '000'
department:
- _id: ToHe
doi: 10.1007/978-3-642-14295-6_41
file:
- access_level: open_access
  checksum: 2eb211ce40b3c4988bce3a3592980704
  content_type: application/pdf
  creator: dernst
  date_created: 2020-05-19T16:31:56Z
  date_updated: 2020-07-14T12:46:28Z
  file_id: '7873'
  file_name: 2010_CAV_Cerny.pdf
  file_size: 3633276
  relation: main_file
file_date_updated: 2020-07-14T12:46:28Z
has_accepted_license: '1'
intvolume: '      6174'
language:
- iso: eng
month: '07'
oa: 1
oa_version: Submitted Version
page: 465 - 479
publication_status: published
publisher: Springer
publist_id: '1066'
pubrep_id: '27'
quality_controlled: '1'
related_material:
  record:
  - id: '5391'
    relation: earlier_version
    status: public
status: public
title: Model checking of linearizability of concurrent list implementations
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 6174
year: '2010'
...
---
_id: '4392'
abstract:
- lang: eng
  text: 'While a boolean notion of correctness is given by a preorder on systems and
    properties, a quantitative notion of correctness is defined by a distance function
    on systems and properties, where the distance between a system and a property
    provides a measure of “fit” or “desirability.” In this article, we explore several
    ways how the simulation preorder can be generalized to a distance function. This
    is done by equipping the classical simulation game between a system and a property
    with quantitative objectives. In particular, for systems that satisfy a property,
    a quantitative simulation game can measure the “robustness” of the satisfaction,
    that is, how much the system can deviate from its nominal behavior while still
    satisfying the property. For systems that violate a property, a quantitative simulation
    game can measure the “seriousness” of the violation, that is, how much the property
    has to be modified so that it is satisfied by the system. These distances can
    be computed in polynomial time, since the computation reduces to the value problem
    in limit average games with constant weights. Finally, we demonstrate how the
    robustness distance can be used to measure how many transmission errors are tolerated
    by error correcting codes. '
alternative_title:
- LNCS
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: 'Cerny P, Henzinger TA, Radhakrishna A. Quantitative Simulation Games. In:
    Manna Z, Peled D, eds. <i>Time For Verification: Essays in Memory of Amir Pnueli</i>.
    Vol 6200. Essays in Memory of Amir Pnueli. Springer; 2010:42-60. doi:<a href="https://doi.org/10.1007/978-3-642-13754-9_3">10.1007/978-3-642-13754-9_3</a>'
  apa: 'Cerny, P., Henzinger, T. A., &#38; Radhakrishna, A. (2010). Quantitative Simulation
    Games. In Z. Manna &#38; D. Peled (Eds.), <i>Time For Verification: Essays in
    Memory of Amir Pnueli</i> (Vol. 6200, pp. 42–60). Springer. <a href="https://doi.org/10.1007/978-3-642-13754-9_3">https://doi.org/10.1007/978-3-642-13754-9_3</a>'
  chicago: 'Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. “Quantitative
    Simulation Games.” In <i>Time For Verification: Essays in Memory of Amir Pnueli</i>,
    edited by Zohar Manna and Doron Peled, 6200:42–60. Essays in Memory of Amir Pnueli.
    Springer, 2010. <a href="https://doi.org/10.1007/978-3-642-13754-9_3">https://doi.org/10.1007/978-3-642-13754-9_3</a>.'
  ieee: 'P. Cerny, T. A. Henzinger, and A. Radhakrishna, “Quantitative Simulation
    Games,” in <i>Time For Verification: Essays in Memory of Amir Pnueli</i>, vol.
    6200, Z. Manna and D. Peled, Eds. Springer, 2010, pp. 42–60.'
  ista: 'Cerny P, Henzinger TA, Radhakrishna A. 2010.Quantitative Simulation Games.
    In: Time For Verification: Essays in Memory of Amir Pnueli. LNCS, vol. 6200, 42–60.'
  mla: 'Cerny, Pavol, et al. “Quantitative Simulation Games.” <i>Time For Verification:
    Essays in Memory of Amir Pnueli</i>, edited by Zohar Manna and Doron Peled, vol.
    6200, Springer, 2010, pp. 42–60, doi:<a href="https://doi.org/10.1007/978-3-642-13754-9_3">10.1007/978-3-642-13754-9_3</a>.'
  short: 'P. Cerny, T.A. Henzinger, A. Radhakrishna, in:, Z. Manna, D. Peled (Eds.),
    Time For Verification: Essays in Memory of Amir Pnueli, Springer, 2010, pp. 42–60.'
date_created: 2018-12-11T12:08:37Z
date_published: 2010-07-29T00:00:00Z
date_updated: 2021-01-12T07:56:38Z
day: '29'
department:
- _id: ToHe
doi: 10.1007/978-3-642-13754-9_3
ec_funded: 1
editor:
- first_name: Zohar
  full_name: Manna, Zohar
  last_name: Manna
- first_name: Doron
  full_name: Peled, Doron
  last_name: Peled
intvolume: '      6200'
language:
- iso: eng
month: '07'
oa_version: None
page: 42 - 60
project:
- _id: 25EFB36C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '215543'
  name: COMponent-Based Embedded Systems design Techniques
- _id: 25F1337C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '214373'
  name: Design for Embedded Systems
publication: 'Time For Verification: Essays in Memory of Amir Pnueli'
publication_status: published
publisher: Springer
publist_id: '1064'
quality_controlled: '1'
scopus_import: 1
series_title: Essays in Memory of Amir Pnueli
status: public
title: Quantitative Simulation Games
type: book_chapter
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 6200
year: '2010'
...
---
_id: '4393'
abstract:
- lang: eng
  text: Boolean notions of correctness are formalized by preorders on systems. Quantitative
    measures of correctness can be formalized by real-valued distance functions between
    systems, where the distance between implementation and specification provides
    a measure of “fit” or “desirability.” We extend the simulation preorder to the
    quantitative setting, by making each player of a simulation game pay a certain
    price for her choices. We use the resulting games with quantitative objectives
    to define three different simulation distances. The correctness distance measures
    how much the specification must be changed in order to be satisfied by the implementation.
    The coverage distance measures how much the implementation restricts the degrees
    of freedom offered by the specification. The robustness distance measures how
    much a system can deviate from the implementation description without violating
    the specification. We consider these distances for safety as well as liveness
    specifications. The distances can be computed in polynomial time for safety specifications,
    and for liveness specifications given by weak fairness constraints. We show that
    the distance functions satisfy the triangle inequality, that the distance between
    two systems does not increase under parallel composition with a third system,
    and that the distance between two systems can be bounded from above and below
    by distances between abstractions of the two systems. These properties suggest
    that our simulation distances provide an appropriate basis for a quantitative
    theory of discrete systems. We also demonstrate how the robustness distance can
    be used to measure how many transmission errors are tolerated by error correcting
    codes.
acknowledgement: This work was partially supported by the European Union project COMBEST
  and the European Network of Excellence ArtistDesign.
alternative_title:
- LNCS
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: 'Cerny P, Henzinger TA, Radhakrishna A. Simulation distances. In: Vol 6269.
    Schloss Dagstuhl - Leibniz-Zentrum für Informatik; 2010:235-268. doi:<a href="https://doi.org/10.1007/978-3-642-15375-4_18">10.1007/978-3-642-15375-4_18</a>'
  apa: 'Cerny, P., Henzinger, T. A., &#38; Radhakrishna, A. (2010). Simulation distances
    (Vol. 6269, pp. 235–268). Presented at the CONCUR: Concurrency Theory, Paris,
    France: Schloss Dagstuhl - Leibniz-Zentrum für Informatik. <a href="https://doi.org/10.1007/978-3-642-15375-4_18">https://doi.org/10.1007/978-3-642-15375-4_18</a>'
  chicago: Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. “Simulation Distances,”
    6269:235–68. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2010. <a href="https://doi.org/10.1007/978-3-642-15375-4_18">https://doi.org/10.1007/978-3-642-15375-4_18</a>.
  ieee: 'P. Cerny, T. A. Henzinger, and A. Radhakrishna, “Simulation distances,” presented
    at the CONCUR: Concurrency Theory, Paris, France, 2010, vol. 6269, pp. 235–268.'
  ista: 'Cerny P, Henzinger TA, Radhakrishna A. 2010. Simulation distances. CONCUR:
    Concurrency Theory, LNCS, vol. 6269, 235–268.'
  mla: Cerny, Pavol, et al. <i>Simulation Distances</i>. Vol. 6269, Schloss Dagstuhl
    - Leibniz-Zentrum für Informatik, 2010, pp. 235–68, doi:<a href="https://doi.org/10.1007/978-3-642-15375-4_18">10.1007/978-3-642-15375-4_18</a>.
  short: P. Cerny, T.A. Henzinger, A. Radhakrishna, in:, Schloss Dagstuhl - Leibniz-Zentrum
    für Informatik, 2010, pp. 235–268.
conference:
  end_date: 2010-09-03
  location: Paris, France
  name: 'CONCUR: Concurrency Theory'
  start_date: 2010-08-31
date_created: 2018-12-11T12:08:37Z
date_published: 2010-11-01T00:00:00Z
date_updated: 2023-02-23T12:24:04Z
day: '01'
ddc:
- '005'
department:
- _id: ToHe
doi: 10.1007/978-3-642-15375-4_18
ec_funded: 1
file:
- access_level: open_access
  checksum: ea567903676ba8afe0507ee11313dce5
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:15:12Z
  date_updated: 2020-07-14T12:46:28Z
  file_id: '5130'
  file_name: IST-2012-42-v1+1_Simulation_distances.pdf
  file_size: 198913
  relation: main_file
file_date_updated: 2020-07-14T12:46:28Z
has_accepted_license: '1'
intvolume: '      6269'
language:
- iso: eng
month: '11'
oa: 1
oa_version: Submitted Version
page: 235 - 268
project:
- _id: 25EFB36C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '215543'
  name: COMponent-Based Embedded Systems design Techniques
- _id: 25F1337C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '214373'
  name: Design for Embedded Systems
publication_status: published
publisher: Schloss Dagstuhl - Leibniz-Zentrum für Informatik
publist_id: '1065'
pubrep_id: '42'
quality_controlled: '1'
related_material:
  record:
  - id: '3249'
    relation: later_version
    status: public
  - id: '5389'
    relation: earlier_version
    status: public
scopus_import: 1
status: public
title: Simulation distances
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 6269
year: '2010'
...