---
_id: '1338'
abstract:
- lang: eng
  text: We present a computer-aided programming approach to concurrency. The approach
    allows programmers to program assuming a friendly, non-preemptive scheduler, and
    our synthesis procedure inserts synchronization to ensure that the final program
    works even with a preemptive scheduler. The correctness specification is implicit,
    inferred from the non-preemptive behavior. Let us consider sequences of calls
    that the program makes to an external interface. The specification requires that
    any such sequence produced under a preemptive scheduler should be included in
    the set of sequences produced under a non-preemptive scheduler. We guarantee that
    our synthesis does not introduce deadlocks and that the synchronization inserted
    is optimal w.r.t. a given objective function. The solution is based on a finitary
    abstraction, an algorithm for bounded language inclusion modulo an independence
    relation, and generation of a set of global constraints over synchronization placements.
    Each model of the global constraints set corresponds to a correctness-ensuring
    synchronization placement. The placement that is optimal w.r.t. the given objective
    function is chosen as the synchronization solution. We apply the approach to device-driver
    programming, where the driver threads call the software interface of the device
    and the API provided by the operating system. Our experiments demonstrate that
    our synthesis method is precise and efficient. The implicit specification helped
    us find one concurrency bug previously missed when model-checking using an explicit,
    user-provided specification. We implemented objective functions for coarse-grained
    and fine-grained locking and observed that different synchronization placements
    are produced for our experiments, favoring a minimal number of synchronization
    operations or maximum concurrency, respectively.
article_processing_charge: No
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Edmund
  full_name: Clarke, Edmund
  last_name: Clarke
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Leonid
  full_name: Ryzhyk, Leonid
  last_name: Ryzhyk
- first_name: Roopsha
  full_name: Samanta, Roopsha
  id: 3D2AAC08-F248-11E8-B48F-1D18A9856A87
  last_name: Samanta
- first_name: Thorsten
  full_name: Tarrach, Thorsten
  id: 3D6E8F2C-F248-11E8-B48F-1D18A9856A87
  last_name: Tarrach
  orcid: 0000-0003-4409-8487
citation:
  ama: Cerny P, Clarke E, Henzinger TA, et al. From non-preemptive to preemptive scheduling
    using synchronization synthesis. <i>Formal Methods in System Design</i>. 2017;50(2-3):97-139.
    doi:<a href="https://doi.org/10.1007/s10703-016-0256-5">10.1007/s10703-016-0256-5</a>
  apa: Cerny, P., Clarke, E., Henzinger, T. A., Radhakrishna, A., Ryzhyk, L., Samanta,
    R., &#38; Tarrach, T. (2017). From non-preemptive to preemptive scheduling using
    synchronization synthesis. <i>Formal Methods in System Design</i>. Springer. <a
    href="https://doi.org/10.1007/s10703-016-0256-5">https://doi.org/10.1007/s10703-016-0256-5</a>
  chicago: Cerny, Pavol, Edmund Clarke, Thomas A Henzinger, Arjun Radhakrishna, Leonid
    Ryzhyk, Roopsha Samanta, and Thorsten Tarrach. “From Non-Preemptive to Preemptive
    Scheduling Using Synchronization Synthesis.” <i>Formal Methods in System Design</i>.
    Springer, 2017. <a href="https://doi.org/10.1007/s10703-016-0256-5">https://doi.org/10.1007/s10703-016-0256-5</a>.
  ieee: P. Cerny <i>et al.</i>, “From non-preemptive to preemptive scheduling using
    synchronization synthesis,” <i>Formal Methods in System Design</i>, vol. 50, no.
    2–3. Springer, pp. 97–139, 2017.
  ista: Cerny P, Clarke E, Henzinger TA, Radhakrishna A, Ryzhyk L, Samanta R, Tarrach
    T. 2017. From non-preemptive to preemptive scheduling using synchronization synthesis.
    Formal Methods in System Design. 50(2–3), 97–139.
  mla: Cerny, Pavol, et al. “From Non-Preemptive to Preemptive Scheduling Using Synchronization
    Synthesis.” <i>Formal Methods in System Design</i>, vol. 50, no. 2–3, Springer,
    2017, pp. 97–139, doi:<a href="https://doi.org/10.1007/s10703-016-0256-5">10.1007/s10703-016-0256-5</a>.
  short: P. Cerny, E. Clarke, T.A. Henzinger, A. Radhakrishna, L. Ryzhyk, R. Samanta,
    T. Tarrach, Formal Methods in System Design 50 (2017) 97–139.
date_created: 2018-12-11T11:51:27Z
date_published: 2017-06-01T00:00:00Z
date_updated: 2023-09-20T11:13:51Z
day: '01'
ddc:
- '000'
department:
- _id: ToHe
doi: 10.1007/s10703-016-0256-5
ec_funded: 1
external_id:
  isi:
  - '000399888900001'
file:
- access_level: open_access
  checksum: 1163dfd997e8212c789525d4178b1653
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:13:05Z
  date_updated: 2020-07-14T12:44:44Z
  file_id: '4985'
  file_name: IST-2016-656-v1+1_s10703-016-0256-5.pdf
  file_size: 1416170
  relation: main_file
file_date_updated: 2020-07-14T12:44:44Z
has_accepted_license: '1'
intvolume: '        50'
isi: 1
issue: 2-3
language:
- iso: eng
month: '06'
oa: 1
oa_version: Published Version
page: 97 - 139
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
- _id: 25F42A32-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: Z211
  name: The Wittgenstein Prize
- _id: B67AFEDC-15C9-11EA-A837-991A96BB2854
  name: IST Austria Open Access Fund
publication: Formal Methods in System Design
publication_status: published
publisher: Springer
publist_id: '5929'
pubrep_id: '656'
quality_controlled: '1'
related_material:
  record:
  - id: '1729'
    relation: earlier_version
    status: public
scopus_import: '1'
status: public
title: From non-preemptive to preemptive scheduling using synchronization synthesis
tmp:
  image: /images/cc_by.png
  legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
  name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
  short: CC BY (4.0)
type: journal_article
user_id: c635000d-4b10-11ee-a964-aac5a93f6ac1
volume: 50
year: '2017'
...
---
_id: '1729'
abstract:
- lang: eng
  text: We present a computer-aided programming approach to concurrency. The approach
    allows programmers to program assuming a friendly, non-preemptive scheduler, and
    our synthesis procedure inserts synchronization to ensure that the final program
    works even with a preemptive scheduler. The correctness specification is implicit,
    inferred from the non-preemptive behavior. Let us consider sequences of calls
    that the program makes to an external interface. The specification requires that
    any such sequence produced under a preemptive scheduler should be included in
    the set of such sequences produced under a non-preemptive scheduler. The solution
    is based on a finitary abstraction, an algorithm for bounded language inclusion
    modulo an independence relation, and rules for inserting synchronization. We apply
    the approach to device-driver programming, where the driver threads call the software
    interface of the device and the API provided by the operating system. Our experiments
    demonstrate that our synthesis method is precise and efficient, and, since it
    does not require explicit specifications, is more practical than the conventional
    approach based on user-provided assertions.
alternative_title:
- LNCS
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Edmund
  full_name: Clarke, Edmund
  last_name: Clarke
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Leonid
  full_name: Ryzhyk, Leonid
  last_name: Ryzhyk
- first_name: Roopsha
  full_name: Samanta, Roopsha
  id: 3D2AAC08-F248-11E8-B48F-1D18A9856A87
  last_name: Samanta
- first_name: Thorsten
  full_name: Tarrach, Thorsten
  id: 3D6E8F2C-F248-11E8-B48F-1D18A9856A87
  last_name: Tarrach
  orcid: 0000-0003-4409-8487
citation:
  ama: Cerny P, Clarke E, Henzinger TA, et al. From non-preemptive to preemptive scheduling
    using synchronization synthesis. 2015;9207:180-197. doi:<a href="https://doi.org/10.1007/978-3-319-21668-3_11">10.1007/978-3-319-21668-3_11</a>
  apa: 'Cerny, P., Clarke, E., Henzinger, T. A., Radhakrishna, A., Ryzhyk, L., Samanta,
    R., &#38; Tarrach, T. (2015). From non-preemptive to preemptive scheduling using
    synchronization synthesis. Presented at the CAV: Computer Aided Verification,
    San Francisco, CA, United States: Springer. <a href="https://doi.org/10.1007/978-3-319-21668-3_11">https://doi.org/10.1007/978-3-319-21668-3_11</a>'
  chicago: Cerny, Pavol, Edmund Clarke, Thomas A Henzinger, Arjun Radhakrishna, Leonid
    Ryzhyk, Roopsha Samanta, and Thorsten Tarrach. “From Non-Preemptive to Preemptive
    Scheduling Using Synchronization Synthesis.” Lecture Notes in Computer Science.
    Springer, 2015. <a href="https://doi.org/10.1007/978-3-319-21668-3_11">https://doi.org/10.1007/978-3-319-21668-3_11</a>.
  ieee: P. Cerny <i>et al.</i>, “From non-preemptive to preemptive scheduling using
    synchronization synthesis,” vol. 9207. Springer, pp. 180–197, 2015.
  ista: Cerny P, Clarke E, Henzinger TA, Radhakrishna A, Ryzhyk L, Samanta R, Tarrach
    T. 2015. From non-preemptive to preemptive scheduling using synchronization synthesis.
    9207, 180–197.
  mla: Cerny, Pavol, et al. <i>From Non-Preemptive to Preemptive Scheduling Using
    Synchronization Synthesis</i>. Vol. 9207, Springer, 2015, pp. 180–97, doi:<a href="https://doi.org/10.1007/978-3-319-21668-3_11">10.1007/978-3-319-21668-3_11</a>.
  short: P. Cerny, E. Clarke, T.A. Henzinger, A. Radhakrishna, L. Ryzhyk, R. Samanta,
    T. Tarrach, 9207 (2015) 180–197.
conference:
  end_date: 2015-07-24
  location: San Francisco, CA, United States
  name: 'CAV: Computer Aided Verification'
  start_date: 2015-07-18
date_created: 2018-12-11T11:53:42Z
date_published: 2015-07-01T00:00:00Z
date_updated: 2023-09-20T11:13:50Z
day: '01'
ddc:
- '000'
department:
- _id: ToHe
doi: 10.1007/978-3-319-21668-3_11
ec_funded: 1
file:
- access_level: local
  checksum: 6ff58ac220e2f20cb001ba35d4924495
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:08:53Z
  date_updated: 2020-07-14T12:45:13Z
  file_id: '4715'
  file_name: IST-2015-336-v1+1_long_version.pdf
  file_size: 481922
  relation: main_file
file_date_updated: 2020-07-14T12:45:13Z
has_accepted_license: '1'
intvolume: '      9207'
language:
- iso: eng
month: '07'
oa_version: Submitted Version
page: 180 - 197
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25F42A32-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: Z211
  name: The Wittgenstein Prize
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
publication_status: published
publisher: Springer
publist_id: '5398'
pubrep_id: '336'
quality_controlled: '1'
related_material:
  record:
  - id: '1130'
    relation: dissertation_contains
    status: public
  - id: '1338'
    relation: later_version
    status: public
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: From non-preemptive to preemptive scheduling using synchronization synthesis
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9207
year: '2015'
...
---
_id: '1836'
abstract:
- lang: eng
  text: In the standard framework for worst-case execution time (WCET) analysis of
    programs, the main data structure is a single instance of integer linear programming
    (ILP) that represents the whole program. The instance of this NP-hard problem
    must be solved to find an estimate forWCET, and it must be refined if the estimate
    is not tight.We propose a new framework for WCET analysis, based on abstract segment
    trees (ASTs) as the main data structure. The ASTs have two advantages. First,
    they allow computing WCET by solving a number of independent small ILP instances.
    Second, ASTs store more expressive constraints, thus enabling a more efficient
    and precise refinement procedure. In order to realize our framework algorithmically,
    we develop an algorithm for WCET estimation on ASTs, and we develop an interpolation-based
    counterexample-guided refinement scheme for ASTs. Furthermore, we extend our framework
    to obtain parametric estimates of WCET. We experimentally evaluate our approach
    on a set of examples from WCET benchmark suites and linear-algebra packages. We
    show that our analysis, with comparable effort, provides WCET estimates that in
    many cases significantly improve those computed by existing tools.
alternative_title:
- LNCS
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Laura
  full_name: Kovács, Laura
  last_name: Kovács
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Jakob
  full_name: Zwirchmayr, Jakob
  last_name: Zwirchmayr
citation:
  ama: Cerny P, Henzinger TA, Kovács L, Radhakrishna A, Zwirchmayr J. Segment abstraction
    for worst-case execution time analysis. 2015;9032:105-131. doi:<a href="https://doi.org/10.1007/978-3-662-46669-8_5">10.1007/978-3-662-46669-8_5</a>
  apa: 'Cerny, P., Henzinger, T. A., Kovács, L., Radhakrishna, A., &#38; Zwirchmayr,
    J. (2015). Segment abstraction for worst-case execution time analysis. Presented
    at the ESOP: European Symposium on Programming, London, United Kingdom: Springer.
    <a href="https://doi.org/10.1007/978-3-662-46669-8_5">https://doi.org/10.1007/978-3-662-46669-8_5</a>'
  chicago: Cerny, Pavol, Thomas A Henzinger, Laura Kovács, Arjun Radhakrishna, and
    Jakob Zwirchmayr. “Segment Abstraction for Worst-Case Execution Time Analysis.”
    Lecture Notes in Computer Science. Springer, 2015. <a href="https://doi.org/10.1007/978-3-662-46669-8_5">https://doi.org/10.1007/978-3-662-46669-8_5</a>.
  ieee: P. Cerny, T. A. Henzinger, L. Kovács, A. Radhakrishna, and J. Zwirchmayr,
    “Segment abstraction for worst-case execution time analysis,” vol. 9032. Springer,
    pp. 105–131, 2015.
  ista: Cerny P, Henzinger TA, Kovács L, Radhakrishna A, Zwirchmayr J. 2015. Segment
    abstraction for worst-case execution time analysis. 9032, 105–131.
  mla: Cerny, Pavol, et al. <i>Segment Abstraction for Worst-Case Execution Time Analysis</i>.
    Vol. 9032, Springer, 2015, pp. 105–31, doi:<a href="https://doi.org/10.1007/978-3-662-46669-8_5">10.1007/978-3-662-46669-8_5</a>.
  short: P. Cerny, T.A. Henzinger, L. Kovács, A. Radhakrishna, J. Zwirchmayr, 9032
    (2015) 105–131.
conference:
  end_date: 2015-04-18
  location: London, United Kingdom
  name: 'ESOP: European Symposium on Programming'
  start_date: 2015-04-11
date_created: 2018-12-11T11:54:16Z
date_published: 2015-04-01T00:00:00Z
date_updated: 2020-08-11T10:09:32Z
day: '01'
department:
- _id: ToHe
doi: 10.1007/978-3-662-46669-8_5
ec_funded: 1
intvolume: '      9032'
language:
- iso: eng
month: '04'
oa_version: None
page: 105 - 131
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
publication_status: published
publisher: Springer
publist_id: '5266'
quality_controlled: '1'
scopus_import: 1
series_title: Lecture Notes in Computer Science
status: public
title: Segment abstraction for worst-case execution time analysis
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 9032
year: '2015'
...
---
_id: '2445'
abstract:
- lang: eng
  text: We develop program synthesis techniques that can help programmers fix concurrency-related
    bugs. We make two new contributions to synthesis for concurrency, the first improving
    the efficiency of the synthesized code, and the second improving the efficiency
    of the synthesis procedure itself. The first contribution is to have the synthesis
    procedure explore a variety of (sequential) semantics-preserving program transformations.
    Classically, only one such transformation has been considered, namely, the insertion
    of synchronization primitives (such as locks). Based on common manual bug-fixing
    techniques used by Linux device-driver developers, we explore additional, more
    efficient transformations, such as the reordering of independent instructions.
    The second contribution is to speed up the counterexample-guided removal of concurrency
    bugs within the synthesis procedure by considering partial-order traces (instead
    of linear traces) as counterexamples. A partial-order error trace represents a
    set of linear (interleaved) traces of a concurrent program all of which lead to
    the same error. By eliminating a partial-order error trace, we eliminate in a
    single iteration of the synthesis procedure all linearizations of the partial-order
    trace. We evaluated our techniques on several simplified examples of real concurrency
    bugs that occurred in Linux device drivers.
alternative_title:
- LNCS
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Leonid
  full_name: Ryzhyk, Leonid
  last_name: Ryzhyk
- first_name: Thorsten
  full_name: Tarrach, Thorsten
  id: 3D6E8F2C-F248-11E8-B48F-1D18A9856A87
  last_name: Tarrach
  orcid: 0000-0003-4409-8487
citation:
  ama: 'Cerny P, Henzinger TA, Radhakrishna A, Ryzhyk L, Tarrach T. Efficient synthesis
    for concurrency by semantics-preserving transformations. In: Vol 8044. Springer;
    2013:951-967. doi:<a href="https://doi.org/10.1007/978-3-642-39799-8_68">10.1007/978-3-642-39799-8_68</a>'
  apa: 'Cerny, P., Henzinger, T. A., Radhakrishna, A., Ryzhyk, L., &#38; Tarrach,
    T. (2013). Efficient synthesis for concurrency by semantics-preserving transformations
    (Vol. 8044, pp. 951–967). Presented at the CAV: Computer Aided Verification, St.
    Petersburg, Russia: Springer. <a href="https://doi.org/10.1007/978-3-642-39799-8_68">https://doi.org/10.1007/978-3-642-39799-8_68</a>'
  chicago: Cerny, Pavol, Thomas A Henzinger, Arjun Radhakrishna, Leonid Ryzhyk, and
    Thorsten Tarrach. “Efficient Synthesis for Concurrency by Semantics-Preserving
    Transformations,” 8044:951–67. Springer, 2013. <a href="https://doi.org/10.1007/978-3-642-39799-8_68">https://doi.org/10.1007/978-3-642-39799-8_68</a>.
  ieee: 'P. Cerny, T. A. Henzinger, A. Radhakrishna, L. Ryzhyk, and T. Tarrach, “Efficient
    synthesis for concurrency by semantics-preserving transformations,” presented
    at the CAV: Computer Aided Verification, St. Petersburg, Russia, 2013, vol. 8044,
    pp. 951–967.'
  ista: 'Cerny P, Henzinger TA, Radhakrishna A, Ryzhyk L, Tarrach T. 2013. Efficient
    synthesis for concurrency by semantics-preserving transformations. CAV: Computer
    Aided Verification, LNCS, vol. 8044, 951–967.'
  mla: Cerny, Pavol, et al. <i>Efficient Synthesis for Concurrency by Semantics-Preserving
    Transformations</i>. Vol. 8044, Springer, 2013, pp. 951–67, doi:<a href="https://doi.org/10.1007/978-3-642-39799-8_68">10.1007/978-3-642-39799-8_68</a>.
  short: P. Cerny, T.A. Henzinger, A. Radhakrishna, L. Ryzhyk, T. Tarrach, in:, Springer,
    2013, pp. 951–967.
conference:
  end_date: 2013-07-19
  location: St. Petersburg, Russia
  name: 'CAV: Computer Aided Verification'
  start_date: 2013-07-13
date_created: 2018-12-11T11:57:42Z
date_published: 2013-07-01T00:00:00Z
date_updated: 2023-09-07T11:57:01Z
day: '01'
ddc:
- '000'
- '004'
department:
- _id: ToHe
doi: 10.1007/978-3-642-39799-8_68
ec_funded: 1
file:
- access_level: open_access
  checksum: 70c70ca5487faba82262c63e1b678a27
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:15:37Z
  date_updated: 2020-07-14T12:45:40Z
  file_id: '5158'
  file_name: IST-2014-199-v1+1_cav2013-final.pdf
  file_size: 365548
  relation: main_file
file_date_updated: 2020-07-14T12:45:40Z
has_accepted_license: '1'
intvolume: '      8044'
language:
- iso: eng
month: '07'
oa: 1
oa_version: Submitted Version
page: 951 - 967
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
publication_status: published
publisher: Springer
publist_id: '4458'
pubrep_id: '199'
quality_controlled: '1'
related_material:
  record:
  - id: '1130'
    relation: dissertation_contains
    status: public
scopus_import: 1
status: public
title: Efficient synthesis for concurrency by semantics-preserving transformations
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 8044
year: '2013'
...
---
_id: '2182'
abstract:
- lang: eng
  text: We propose a general framework for abstraction with respect to quantitative
    properties, such as worst-case execution time, or power consumption. Our framework
    provides a systematic way for counter-example guided abstraction refinement for
    quantitative properties. The salient aspect of the framework is that it allows
    anytime verification, that is, verification algorithms that can be stopped at
    any time (for example, due to exhaustion of memory), and report approximations
    that improve monotonically when the algorithms are given more time. We instantiate
    the framework with a number of quantitative abstractions and refinement schemes,
    which differ in terms of how much quantitative information they keep from the
    original system. We introduce both state-based and trace-based quantitative abstractions,
    and we describe conditions that define classes of quantitative properties for
    which the abstractions provide over-approximations. We give algorithms for evaluating
    the quantitative properties on the abstract systems. We present algorithms for
    counter-example based refinements for quantitative properties for both state-based
    and segment-based abstractions. We perform a case study on worst-case execution
    time of executables to evaluate the anytime verification aspect and the quantitative
    abstractions we proposed.
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: 'Cerny P, Henzinger TA, Radhakrishna A. Quantitative abstraction refinement.
    In: <i>Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles
    of Programming Language</i>. ACM; 2013:115-128. doi:<a href="https://doi.org/10.1145/2429069.2429085">10.1145/2429069.2429085</a>'
  apa: 'Cerny, P., Henzinger, T. A., &#38; Radhakrishna, A. (2013). Quantitative abstraction
    refinement. In <i>Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium
    on Principles of programming language</i> (pp. 115–128). Rome, Italy: ACM. <a
    href="https://doi.org/10.1145/2429069.2429085">https://doi.org/10.1145/2429069.2429085</a>'
  chicago: Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. “Quantitative
    Abstraction Refinement.” In <i>Proceedings of the 40th Annual ACM SIGPLAN-SIGACT
    Symposium on Principles of Programming Language</i>, 115–28. ACM, 2013. <a href="https://doi.org/10.1145/2429069.2429085">https://doi.org/10.1145/2429069.2429085</a>.
  ieee: P. Cerny, T. A. Henzinger, and A. Radhakrishna, “Quantitative abstraction
    refinement,” in <i>Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium
    on Principles of programming language</i>, Rome, Italy, 2013, pp. 115–128.
  ista: 'Cerny P, Henzinger TA, Radhakrishna A. 2013. Quantitative abstraction refinement.
    Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming
    language. POPL: Principles of Programming Languages, 115–128.'
  mla: Cerny, Pavol, et al. “Quantitative Abstraction Refinement.” <i>Proceedings
    of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Language</i>,
    ACM, 2013, pp. 115–28, doi:<a href="https://doi.org/10.1145/2429069.2429085">10.1145/2429069.2429085</a>.
  short: P. Cerny, T.A. Henzinger, A. Radhakrishna, in:, Proceedings of the 40th Annual
    ACM SIGPLAN-SIGACT Symposium on Principles of Programming Language, ACM, 2013,
    pp. 115–128.
conference:
  end_date: 2013-01-25
  location: Rome, Italy
  name: 'POPL: Principles of Programming Languages'
  start_date: 2013-07-23
date_created: 2018-12-11T11:56:11Z
date_published: 2013-01-01T00:00:00Z
date_updated: 2021-01-12T06:55:50Z
day: '01'
department:
- _id: ToHe
doi: 10.1145/2429069.2429085
ec_funded: 1
language:
- iso: eng
month: '01'
oa_version: None
page: 115 - 128
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25F5A88A-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S11402-N23
  name: Moderne Concurrency Paradigms
publication: Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles
  of programming language
publication_status: published
publisher: ACM
publist_id: '4800'
quality_controlled: '1'
scopus_import: 1
status: public
title: Quantitative abstraction refinement
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2013'
...
---
_id: '2890'
abstract:
- lang: eng
  text: 'Systems are often specified using multiple requirements on their behavior.
    In practice, these requirements can be contradictory. The classical approach to
    specification, verification, and synthesis demands more detailed specifications
    that resolve any contradictions in the requirements. These detailed specifications
    are usually large, cumbersome, and hard to maintain or modify. In contrast, quantitative
    frameworks allow the formalization of the intuitive idea that what is desired
    is an implementation that comes &quot;closest&quot; to satisfying the mutually
    incompatible requirements, according to a measure of fit that can be defined by
    the requirements engineer. One flexible framework for quantifying how &quot;well&quot;
    an implementation satisfies a specification is offered by simulation distances
    that are parameterized by an error model. We introduce this framework, study its
    properties, and provide an algorithmic solution for the following quantitative
    synthesis question: given two (or more) behavioral requirements specified by possibly
    incompatible finite-state machines, and an error model, find the finite-state
    implementation that minimizes the maximal simulation distance to the given requirements.
    Furthermore, we generalize the framework to handle infinite alphabets (for example,
    realvalued domains). We also demonstrate how quantitative specifications based
    on simulation distances might lead to smaller and easier to modify specifications.
    Finally, we illustrate our approach using case studies on error correcting codes
    and scheduler synthesis.'
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Sivakanth
  full_name: Gopi, Sivakanth
  last_name: Gopi
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Nishant
  full_name: Totla, Nishant
  last_name: Totla
citation:
  ama: 'Cerny P, Gopi S, Henzinger TA, Radhakrishna A, Totla N. Synthesis from incompatible
    specifications. In: <i>Proceedings of the Tenth ACM International Conference on
    Embedded Software</i>. ACM; 2012:53-62. doi:<a href="https://doi.org/10.1145/2380356.2380371">10.1145/2380356.2380371</a>'
  apa: 'Cerny, P., Gopi, S., Henzinger, T. A., Radhakrishna, A., &#38; Totla, N. (2012).
    Synthesis from incompatible specifications. In <i>Proceedings of the tenth ACM
    international conference on Embedded software</i> (pp. 53–62). Tampere, Finland:
    ACM. <a href="https://doi.org/10.1145/2380356.2380371">https://doi.org/10.1145/2380356.2380371</a>'
  chicago: Cerny, Pavol, Sivakanth Gopi, Thomas A Henzinger, Arjun Radhakrishna, and
    Nishant Totla. “Synthesis from Incompatible Specifications.” In <i>Proceedings
    of the Tenth ACM International Conference on Embedded Software</i>, 53–62. ACM,
    2012. <a href="https://doi.org/10.1145/2380356.2380371">https://doi.org/10.1145/2380356.2380371</a>.
  ieee: P. Cerny, S. Gopi, T. A. Henzinger, A. Radhakrishna, and N. Totla, “Synthesis
    from incompatible specifications,” in <i>Proceedings of the tenth ACM international
    conference on Embedded software</i>, Tampere, Finland, 2012, pp. 53–62.
  ista: 'Cerny P, Gopi S, Henzinger TA, Radhakrishna A, Totla N. 2012. Synthesis from
    incompatible specifications. Proceedings of the tenth ACM international conference
    on Embedded software. EMSOFT: Embedded Software , 53–62.'
  mla: Cerny, Pavol, et al. “Synthesis from Incompatible Specifications.” <i>Proceedings
    of the Tenth ACM International Conference on Embedded Software</i>, ACM, 2012,
    pp. 53–62, doi:<a href="https://doi.org/10.1145/2380356.2380371">10.1145/2380356.2380371</a>.
  short: P. Cerny, S. Gopi, T.A. Henzinger, A. Radhakrishna, N. Totla, in:, Proceedings
    of the Tenth ACM International Conference on Embedded Software, ACM, 2012, pp.
    53–62.
conference:
  end_date: 2012-10-12
  location: Tampere, Finland
  name: 'EMSOFT: Embedded Software '
  start_date: 2012-10-07
date_created: 2018-12-11T12:00:10Z
date_published: 2012-10-01T00:00:00Z
date_updated: 2021-01-12T07:00:30Z
day: '01'
department:
- _id: ToHe
doi: 10.1145/2380356.2380371
ec_funded: 1
language:
- iso: eng
month: '10'
oa_version: None
page: 53 - 62
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
publication: Proceedings of the tenth ACM international conference on Embedded software
publication_status: published
publisher: ACM
publist_id: '3868'
quality_controlled: '1'
scopus_import: 1
status: public
title: Synthesis from incompatible specifications
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
year: '2012'
...
---
_id: '2916'
abstract:
- lang: eng
  text: The classical (boolean) notion of refinement for behavioral interfaces of
    system components is the alternating refinement preorder. In this paper, we define
    a quantitative measure for interfaces, called interface simulation distance. It
    makes the alternating refinement preorder quantitative by, intu- itively, tolerating
    errors (while counting them) in the alternating simulation game. We show that
    the interface simulation distance satisfies the triangle inequality, that the
    distance between two interfaces does not increase under parallel composition with
    a third interface, and that the distance between two interfaces can be bounded
    from above and below by distances between abstractions of the two interfaces.
    We illustrate the framework, and the properties of the distances under composition
    of interfaces, with two case studies.
arxiv: 1
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Martin
  full_name: Chmelik, Martin
  id: 3624234E-F248-11E8-B48F-1D18A9856A87
  last_name: Chmelik
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: 'Cerny P, Chmelik M, Henzinger TA, Radhakrishna A. Interface Simulation Distances.
    In: <i>Electronic Proceedings in Theoretical Computer Science</i>. Vol 96. EPTCS;
    2012:29-42. doi:<a href="https://doi.org/10.4204/EPTCS.96.3">10.4204/EPTCS.96.3</a>'
  apa: 'Cerny, P., Chmelik, M., Henzinger, T. A., &#38; Radhakrishna, A. (2012). Interface
    Simulation Distances. In <i>Electronic Proceedings in Theoretical Computer Science</i>
    (Vol. 96, pp. 29–42). Napoli, Italy: EPTCS. <a href="https://doi.org/10.4204/EPTCS.96.3">https://doi.org/10.4204/EPTCS.96.3</a>'
  chicago: Cerny, Pavol, Martin Chmelik, Thomas A Henzinger, and Arjun Radhakrishna.
    “Interface Simulation Distances.” In <i>Electronic Proceedings in Theoretical
    Computer Science</i>, 96:29–42. EPTCS, 2012. <a href="https://doi.org/10.4204/EPTCS.96.3">https://doi.org/10.4204/EPTCS.96.3</a>.
  ieee: P. Cerny, M. Chmelik, T. A. Henzinger, and A. Radhakrishna, “Interface Simulation
    Distances,” in <i>Electronic Proceedings in Theoretical Computer Science</i>,
    Napoli, Italy, 2012, vol. 96, pp. 29–42.
  ista: 'Cerny P, Chmelik M, Henzinger TA, Radhakrishna A. 2012. Interface Simulation
    Distances. Electronic Proceedings in Theoretical Computer Science. GandALF: Games,
    Automata, Logic, and Formal Verification vol. 96, 29–42.'
  mla: Cerny, Pavol, et al. “Interface Simulation Distances.” <i>Electronic Proceedings
    in Theoretical Computer Science</i>, vol. 96, EPTCS, 2012, pp. 29–42, doi:<a href="https://doi.org/10.4204/EPTCS.96.3">10.4204/EPTCS.96.3</a>.
  short: P. Cerny, M. Chmelik, T.A. Henzinger, A. Radhakrishna, in:, Electronic Proceedings
    in Theoretical Computer Science, EPTCS, 2012, pp. 29–42.
conference:
  end_date: 2012-09-08
  location: Napoli, Italy
  name: 'GandALF: Games, Automata, Logic, and Formal Verification'
  start_date: 2012-09-06
date_created: 2018-12-11T12:00:19Z
date_published: 2012-10-07T00:00:00Z
date_updated: 2023-02-23T10:12:05Z
day: '07'
department:
- _id: ToHe
- _id: KrCh
doi: 10.4204/EPTCS.96.3
ec_funded: 1
external_id:
  arxiv:
  - '1210.2450'
intvolume: '        96'
language:
- iso: eng
main_file_link:
- open_access: '1'
  url: http://arxiv.org/abs/1210.2450
month: '10'
oa: 1
oa_version: Submitted Version
page: 29 - 42
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
- _id: 2584A770-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: P 23499-N23
  name: Modern Graph Algorithmic Techniques in Formal Verification
- _id: 2581B60A-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '279307'
  name: 'Quantitative Graph Games: Theory and Applications'
- _id: 2587B514-B435-11E9-9278-68D0E5697425
  name: Microsoft Research Faculty Fellowship
publication: Electronic Proceedings in Theoretical Computer Science
publication_status: published
publisher: EPTCS
publist_id: '3827'
quality_controlled: '1'
related_material:
  record:
  - id: '1733'
    relation: later_version
    status: public
scopus_import: 1
status: public
title: Interface Simulation Distances
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 96
year: '2012'
...
---
_id: '2967'
abstract:
- lang: eng
  text: For programs whose data variables range over Boolean or finite domains, program
    verification is decidable, and this forms the basis of recent tools for software
    model checking. In this article, we consider algorithmic verification of programs
    that use Boolean variables, and in addition, access a single read-only array whose
    length is potentially unbounded, and whose elements range over an unbounded data
    domain. We show that the reachability problem, while undecidable in general, is
    (1) PSPACE-complete for programs in which the array-accessing for-loops are not
    nested, (2) decidable for a restricted class of programs with doubly nested loops.
    The second result establishes connections to automata and logics defining languages
    over data words.
acknowledgement: This research was supported in part by the NSF Cybertrust award CNS
  0524059, by the European Research Council (ERC) Advanced Investigator Grant QUAREM,
  and by the Austrian Science Fund (FWF) project S11402-N23.
article_number: '27'
author:
- first_name: Rajeev
  full_name: Alur, Rajeev
  last_name: Alur
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Scott
  full_name: Weinstein, Scott
  last_name: Weinstein
citation:
  ama: Alur R, Cerny P, Weinstein S. Algorithmic analysis of array-accessing programs.
    <i>ACM Transactions on Computational Logic (TOCL)</i>. 2012;13(3). doi:<a href="https://doi.org/10.1145/2287718.2287727">10.1145/2287718.2287727</a>
  apa: Alur, R., Cerny, P., &#38; Weinstein, S. (2012). Algorithmic analysis of array-accessing
    programs. <i>ACM Transactions on Computational Logic (TOCL)</i>. ACM. <a href="https://doi.org/10.1145/2287718.2287727">https://doi.org/10.1145/2287718.2287727</a>
  chicago: Alur, Rajeev, Pavol Cerny, and Scott Weinstein. “Algorithmic Analysis of
    Array-Accessing Programs.” <i>ACM Transactions on Computational Logic (TOCL)</i>.
    ACM, 2012. <a href="https://doi.org/10.1145/2287718.2287727">https://doi.org/10.1145/2287718.2287727</a>.
  ieee: R. Alur, P. Cerny, and S. Weinstein, “Algorithmic analysis of array-accessing
    programs,” <i>ACM Transactions on Computational Logic (TOCL)</i>, vol. 13, no.
    3. ACM, 2012.
  ista: Alur R, Cerny P, Weinstein S. 2012. Algorithmic analysis of array-accessing
    programs. ACM Transactions on Computational Logic (TOCL). 13(3), 27.
  mla: Alur, Rajeev, et al. “Algorithmic Analysis of Array-Accessing Programs.” <i>ACM
    Transactions on Computational Logic (TOCL)</i>, vol. 13, no. 3, 27, ACM, 2012,
    doi:<a href="https://doi.org/10.1145/2287718.2287727">10.1145/2287718.2287727</a>.
  short: R. Alur, P. Cerny, S. Weinstein, ACM Transactions on Computational Logic
    (TOCL) 13 (2012).
date_created: 2018-12-11T12:00:36Z
date_published: 2012-08-01T00:00:00Z
date_updated: 2023-02-23T12:09:43Z
day: '01'
department:
- _id: ToHe
doi: 10.1145/2287718.2287727
ec_funded: 1
intvolume: '        13'
issue: '3'
language:
- iso: eng
month: '08'
oa_version: None
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
publication: ACM Transactions on Computational Logic (TOCL)
publication_status: published
publisher: ACM
publist_id: '3748'
quality_controlled: '1'
related_material:
  record:
  - id: '4403'
    relation: earlier_version
    status: public
scopus_import: 1
status: public
title: Algorithmic analysis of array-accessing programs
type: journal_article
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 13
year: '2012'
...
---
_id: '3249'
abstract:
- lang: eng
  text: Boolean notions of correctness are formalized by preorders on systems. Quantitative
    measures of correctness can be formalized by real-valued distance functions between
    systems, where the distance between implementation and specification provides
    a measure of &quot;fit&quot; or &quot;desirability&quot;. We extend the simulation
    preorder to the quantitative setting by making each player of a simulation game
    pay a certain price for her choices. We use the resulting games with quantitative
    objectives to define three different simulation distances. The correctness distance
    measures how much the specification must be changed in order to be satisfied by
    the implementation. The coverage distance measures how much the implementation
    restricts the degrees of freedom offered by the specification. The robustness
    distance measures how much a system can deviate from the implementation description
    without violating the specification. We consider these distances for safety as
    well as liveness specifications. The distances can be computed in polynomial time
    for safety specifications, and for liveness specifications given by weak fairness
    constraints. We show that the distance functions satisfy the triangle inequality,
    that the distance between two systems does not increase under parallel composition
    with a third system, and that the distance between two systems can be bounded
    from above and below by distances between abstractions of the two systems. These
    properties suggest that our simulation distances provide an appropriate basis
    for a quantitative theory of discrete systems. We also demonstrate how the robustness
    distance can be used to measure how many transmission errors are tolerated by
    error correcting codes.
acknowledgement: This work was partially supported by the ERC Advanced Grant QUAREM,
  the FWF NFN Grant S11402-N23 (RiSE), the European Union project COMBEST and the
  European Network of Excellence Artist Design.
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: Cerny P, Henzinger TA, Radhakrishna A. Simulation distances. <i>Theoretical
    Computer Science</i>. 2012;413(1):21-35. doi:<a href="https://doi.org/10.1016/j.tcs.2011.08.002">10.1016/j.tcs.2011.08.002</a>
  apa: Cerny, P., Henzinger, T. A., &#38; Radhakrishna, A. (2012). Simulation distances.
    <i>Theoretical Computer Science</i>. Elsevier. <a href="https://doi.org/10.1016/j.tcs.2011.08.002">https://doi.org/10.1016/j.tcs.2011.08.002</a>
  chicago: Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. “Simulation Distances.”
    <i>Theoretical Computer Science</i>. Elsevier, 2012. <a href="https://doi.org/10.1016/j.tcs.2011.08.002">https://doi.org/10.1016/j.tcs.2011.08.002</a>.
  ieee: P. Cerny, T. A. Henzinger, and A. Radhakrishna, “Simulation distances,” <i>Theoretical
    Computer Science</i>, vol. 413, no. 1. Elsevier, pp. 21–35, 2012.
  ista: Cerny P, Henzinger TA, Radhakrishna A. 2012. Simulation distances. Theoretical
    Computer Science. 413(1), 21–35.
  mla: Cerny, Pavol, et al. “Simulation Distances.” <i>Theoretical Computer Science</i>,
    vol. 413, no. 1, Elsevier, 2012, pp. 21–35, doi:<a href="https://doi.org/10.1016/j.tcs.2011.08.002">10.1016/j.tcs.2011.08.002</a>.
  short: P. Cerny, T.A. Henzinger, A. Radhakrishna, Theoretical Computer Science 413
    (2012) 21–35.
date_created: 2018-12-11T12:02:15Z
date_published: 2012-01-06T00:00:00Z
date_updated: 2023-02-23T12:24:04Z
day: '06'
department:
- _id: ToHe
doi: 10.1016/j.tcs.2011.08.002
ec_funded: 1
intvolume: '       413'
issue: '1'
language:
- iso: eng
month: '01'
oa_version: None
page: 21 - 35
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
- _id: 25EFB36C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '215543'
  name: COMponent-Based Embedded Systems design Techniques
- _id: 25F1337C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '214373'
  name: Design for Embedded Systems
publication: Theoretical Computer Science
publication_status: published
publisher: Elsevier
publist_id: '3408'
pubrep_id: '42'
quality_controlled: '1'
related_material:
  record:
  - id: '4393'
    relation: earlier_version
    status: public
  - id: '5389'
    relation: earlier_version
    status: public
scopus_import: 1
status: public
title: Simulation distances
type: journal_article
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 413
year: '2012'
...
---
_id: '3325'
abstract:
- lang: eng
  text: We introduce streaming data string transducers that map input data strings
    to output data strings in a single left-to-right pass in linear time. Data strings
    are (unbounded) sequences of data values, tagged with symbols from a finite set,
    over a potentially infinite data do- main that supports only the operations of
    equality and ordering. The transducer uses a finite set of states, a finite set
    of variables ranging over the data domain, and a finite set of variables ranging
    over data strings. At every step, it can make decisions based on the next in-
    put symbol, updating its state, remembering the input data value in its data variables,
    and updating data-string variables by concatenat- ing data-string variables and
    new symbols formed from data vari- ables, while avoiding duplication. We establish
    that the problems of checking functional equivalence of two streaming transducers,
    and of checking whether a streaming transducer satisfies pre/post verification
    conditions specified by streaming acceptors over in- put/output data-strings,
    are in PSPACE. We identify a class of imperative and a class of functional pro-
    grams, manipulating lists of data items, which can be effectively translated to
    streaming data-string transducers. The imperative pro- grams dynamically modify
    a singly-linked heap by changing next- pointers of heap-nodes and by adding new
    nodes. The main re- striction specifies how the next-pointers can be used for
    traversal. We also identify an expressively equivalent fragment of functional
    programs that traverse a list using syntactically restricted recursive calls.
    Our results lead to algorithms for assertion checking and for checking functional
    equivalence of two programs, written possibly in different programming styles,
    for commonly used routines such as insert, delete, and reverse.
article_processing_charge: No
author:
- first_name: Rajeev
  full_name: Alur, Rajeev
  last_name: Alur
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
citation:
  ama: 'Alur R, Cerny P. Streaming transducers for algorithmic verification of single
    pass list processing programs. In: Vol 46. ACM; 2011:599-610. doi:<a href="https://doi.org/10.1145/1926385.1926454">10.1145/1926385.1926454</a>'
  apa: 'Alur, R., &#38; Cerny, P. (2011). Streaming transducers for algorithmic verification
    of single pass list processing programs (Vol. 46, pp. 599–610). Presented at the
    POPL: Principles of Programming Languages, Texas, USA: ACM. <a href="https://doi.org/10.1145/1926385.1926454">https://doi.org/10.1145/1926385.1926454</a>'
  chicago: Alur, Rajeev, and Pavol Cerny. “Streaming Transducers for Algorithmic Verification
    of Single Pass List Processing Programs,” 46:599–610. ACM, 2011. <a href="https://doi.org/10.1145/1926385.1926454">https://doi.org/10.1145/1926385.1926454</a>.
  ieee: 'R. Alur and P. Cerny, “Streaming transducers for algorithmic verification
    of single pass list processing programs,” presented at the POPL: Principles of
    Programming Languages, Texas, USA, 2011, vol. 46, no. 1, pp. 599–610.'
  ista: 'Alur R, Cerny P. 2011. Streaming transducers for algorithmic verification
    of single pass list processing programs. POPL: Principles of Programming Languages
    vol. 46, 599–610.'
  mla: Alur, Rajeev, and Pavol Cerny. <i>Streaming Transducers for Algorithmic Verification
    of Single Pass List Processing Programs</i>. Vol. 46, no. 1, ACM, 2011, pp. 599–610,
    doi:<a href="https://doi.org/10.1145/1926385.1926454">10.1145/1926385.1926454</a>.
  short: R. Alur, P. Cerny, in:, ACM, 2011, pp. 599–610.
conference:
  end_date: 2011-01-28
  location: Texas, USA
  name: 'POPL: Principles of Programming Languages'
  start_date: 2011-01-26
date_created: 2018-12-11T12:02:41Z
date_published: 2011-01-26T00:00:00Z
date_updated: 2022-03-21T08:12:51Z
day: '26'
department:
- _id: ToHe
doi: 10.1145/1926385.1926454
intvolume: '        46'
issue: '1'
language:
- iso: eng
month: '01'
oa_version: None
page: 599 - 610
publication_status: published
publisher: ACM
publist_id: '3310'
quality_controlled: '1'
scopus_import: '1'
status: public
title: Streaming transducers for algorithmic verification of single pass list processing
  programs
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 46
year: '2011'
...
---
_id: '3359'
abstract:
- lang: eng
  text: "Motivated by improvements in constraint-solving technology and by the increase
    of routinely available computational power, partial-program synthesis is emerging
    as an effective approach for increasing programmer productivity. The goal of the
    approach is to allow the programmer to specify a part of her intent imperatively
    (that is, give a partial program) and a part of her intent declaratively, by specifying
    which conditions need to be achieved or maintained. The task of the synthesizer
    is to construct a program that satisfies the specification. As an example, consider
    a partial program where threads access shared data without using any synchronization
    mechanism, and a declarative specification that excludes data races and deadlocks.
    The task of the synthesizer is then to place locks into the program code in order
    for the program to meet the specification.\r\n\r\nIn this paper, we argue that
    quantitative objectives are needed in partial-program synthesis in order to produce
    higher-quality programs, while enabling simpler specifications. Returning to the
    example, the synthesizer could construct a naive solution that uses one global
    lock for shared data. This can be prevented either by constraining the solution
    space further (which is error-prone and partly defeats the point of synthesis),
    or by optimizing a quantitative objective that models performance. Other quantitative
    notions useful in synthesis include fault tolerance, robustness, resource (memory,
    power) consumption, and information flow."
acknowledgement: This work was partially supported by the ERC Advanced Grant QUAREM,
  the FWF NFN Grant S11402-N23 (RiSE), and the EU NOE Grant ArtistDesign.
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
citation:
  ama: 'Cerny P, Henzinger TA. From boolean to quantitative synthesis. In: ACM; 2011:149-154.
    doi:<a href="https://doi.org/10.1145/2038642.2038666">10.1145/2038642.2038666</a>'
  apa: 'Cerny, P., &#38; Henzinger, T. A. (2011). From boolean to quantitative synthesis
    (pp. 149–154). Presented at the EMSOFT: Embedded Software , Taipei; Taiwan: ACM.
    <a href="https://doi.org/10.1145/2038642.2038666">https://doi.org/10.1145/2038642.2038666</a>'
  chicago: Cerny, Pavol, and Thomas A Henzinger. “From Boolean to Quantitative Synthesis,”
    149–54. ACM, 2011. <a href="https://doi.org/10.1145/2038642.2038666">https://doi.org/10.1145/2038642.2038666</a>.
  ieee: 'P. Cerny and T. A. Henzinger, “From boolean to quantitative synthesis,” presented
    at the EMSOFT: Embedded Software , Taipei; Taiwan, 2011, pp. 149–154.'
  ista: 'Cerny P, Henzinger TA. 2011. From boolean to quantitative synthesis. EMSOFT:
    Embedded Software , 149–154.'
  mla: Cerny, Pavol, and Thomas A. Henzinger. <i>From Boolean to Quantitative Synthesis</i>.
    ACM, 2011, pp. 149–54, doi:<a href="https://doi.org/10.1145/2038642.2038666">10.1145/2038642.2038666</a>.
  short: P. Cerny, T.A. Henzinger, in:, ACM, 2011, pp. 149–154.
conference:
  end_date: 2011-10-14
  location: Taipei; Taiwan
  name: 'EMSOFT: Embedded Software '
  start_date: 2011-10-09
date_created: 2018-12-11T12:02:53Z
date_published: 2011-10-09T00:00:00Z
date_updated: 2021-01-12T07:42:55Z
day: '09'
department:
- _id: ToHe
doi: 10.1145/2038642.2038666
ec_funded: 1
language:
- iso: eng
month: '10'
oa_version: None
page: 149 - 154
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25F5A88A-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S11402-N23
  name: Moderne Concurrency Paradigms
- _id: 25F1337C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '214373'
  name: Design for Embedded Systems
publication_status: published
publisher: ACM
publist_id: '3256'
quality_controlled: '1'
status: public
title: From boolean to quantitative synthesis
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
year: '2011'
...
---
_id: '3361'
abstract:
- lang: eng
  text: In this paper, we investigate the computational complexity of quantitative
    information flow (QIF) problems. Information-theoretic quantitative relaxations
    of noninterference (based on Shannon entropy)have been introduced to enable more
    fine-grained reasoning about programs in situations where limited information
    flow is acceptable. The QIF bounding problem asks whether the information flow
    in a given program is bounded by a constant $d$. Our first result is that the
    QIF bounding problem is PSPACE-complete. The QIF memoryless synthesis problem
    asks whether it is possible to resolve nondeterministic choices in a given partial
    program in such a way that in the resulting deterministic program, the quantitative
    information flow is bounded by a given constant $d$. Our second result is that
    the QIF memoryless synthesis problem is also EXPTIME-complete. The QIF memoryless
    synthesis problem generalizes to QIF general synthesis problem which does not
    impose the memoryless requirement (that is, by allowing the synthesized program
    to have more variables then the original partial program). Our third result is
    that the QIF general synthesis problem is EXPTIME-hard.
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Krishnendu
  full_name: Chatterjee, Krishnendu
  id: 2E5DCA20-F248-11E8-B48F-1D18A9856A87
  last_name: Chatterjee
  orcid: 0000-0002-4561-241X
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
citation:
  ama: 'Cerny P, Chatterjee K, Henzinger TA. The complexity of quantitative information
    flow problems. In: IEEE; 2011:205-217. doi:<a href="https://doi.org/10.1109/CSF.2011.21">10.1109/CSF.2011.21</a>'
  apa: 'Cerny, P., Chatterjee, K., &#38; Henzinger, T. A. (2011). The complexity of
    quantitative information flow problems (pp. 205–217). Presented at the CSF: Computer
    Security Foundations, Cernay-la-Ville, France: IEEE. <a href="https://doi.org/10.1109/CSF.2011.21">https://doi.org/10.1109/CSF.2011.21</a>'
  chicago: Cerny, Pavol, Krishnendu Chatterjee, and Thomas A Henzinger. “The Complexity
    of Quantitative Information Flow Problems,” 205–17. IEEE, 2011. <a href="https://doi.org/10.1109/CSF.2011.21">https://doi.org/10.1109/CSF.2011.21</a>.
  ieee: 'P. Cerny, K. Chatterjee, and T. A. Henzinger, “The complexity of quantitative
    information flow problems,” presented at the CSF: Computer Security Foundations,
    Cernay-la-Ville, France, 2011, pp. 205–217.'
  ista: 'Cerny P, Chatterjee K, Henzinger TA. 2011. The complexity of quantitative
    information flow problems. CSF: Computer Security Foundations, 205–217.'
  mla: Cerny, Pavol, et al. <i>The Complexity of Quantitative Information Flow Problems</i>.
    IEEE, 2011, pp. 205–17, doi:<a href="https://doi.org/10.1109/CSF.2011.21">10.1109/CSF.2011.21</a>.
  short: P. Cerny, K. Chatterjee, T.A. Henzinger, in:, IEEE, 2011, pp. 205–217.
conference:
  end_date: 2011-06-29
  location: Cernay-la-Ville, France
  name: 'CSF: Computer Security Foundations'
  start_date: 2011-06-27
date_created: 2018-12-11T12:02:54Z
date_published: 2011-06-27T00:00:00Z
date_updated: 2021-01-12T07:42:56Z
day: '27'
ddc:
- '000'
- '005'
department:
- _id: ToHe
- _id: KrCh
doi: 10.1109/CSF.2011.21
ec_funded: 1
file:
- access_level: open_access
  checksum: 1a25be0c62459fc7640db88af08ff63a
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:10:07Z
  date_updated: 2020-07-14T12:46:10Z
  file_id: '4792'
  file_name: IST-2012-81-v1+1_The_complexity_of_quantitative_information_flow_problems.pdf
  file_size: 299069
  relation: main_file
file_date_updated: 2020-07-14T12:46:10Z
has_accepted_license: '1'
language:
- iso: eng
month: '06'
oa: 1
oa_version: Submitted Version
page: 205 - 217
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25F5A88A-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S11402-N23
  name: Moderne Concurrency Paradigms
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
- _id: 2587B514-B435-11E9-9278-68D0E5697425
  name: Microsoft Research Faculty Fellowship
publication_status: published
publisher: IEEE
publist_id: '3254'
pubrep_id: '81'
quality_controlled: '1'
scopus_import: 1
status: public
title: The complexity of quantitative information flow problems
type: conference
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
year: '2011'
...
---
_id: '3366'
abstract:
- lang: eng
  text: 'We present an algorithmic method for the quantitative, performance-aware
    synthesis of concurrent programs. The input consists of a nondeterministic partial
    program and of a parametric performance model. The nondeterminism allows the programmer
    to omit which (if any) synchronization construct is used at a particular program
    location. The performance model, specified as a weighted automaton, can capture
    system architectures by assigning different costs to actions such as locking,
    context switching, and memory and cache accesses. The quantitative synthesis problem
    is to automatically resolve the nondeterminism of the partial program so that
    both correctness is guaranteed and performance is optimal. As is standard for
    shared memory concurrency, correctness is formalized &quot;specification free&quot;,
    in particular as race freedom or deadlock freedom. For worst-case (average-case)
    performance, we show that the problem can be reduced to 2-player graph games (with
    probabilistic transitions) with quantitative objectives. While we show, using
    game-theoretic methods, that the synthesis problem is Nexp-complete, we present
    an algorithmic method and an implementation that works efficiently for concurrent
    programs and performance models of practical interest. We have implemented a prototype
    tool and used it to synthesize finite-state concurrent programs that exhibit different
    programming patterns, for several performance models representing different architectures. '
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Krishnendu
  full_name: Chatterjee, Krishnendu
  id: 2E5DCA20-F248-11E8-B48F-1D18A9856A87
  last_name: Chatterjee
  orcid: 0000-0002-4561-241X
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Rohit
  full_name: Singh, Rohit
  last_name: Singh
citation:
  ama: 'Cerny P, Chatterjee K, Henzinger TA, Radhakrishna A, Singh R. Quantitative
    synthesis for concurrent programs. In: Gopalakrishnan G, Qadeer S, eds. Vol 6806.
    Springer; 2011:243-259. doi:<a href="https://doi.org/10.1007/978-3-642-22110-1_20">10.1007/978-3-642-22110-1_20</a>'
  apa: 'Cerny, P., Chatterjee, K., Henzinger, T. A., Radhakrishna, A., &#38; Singh,
    R. (2011). Quantitative synthesis for concurrent programs. In G. Gopalakrishnan
    &#38; S. Qadeer (Eds.) (Vol. 6806, pp. 243–259). Presented at the CAV: Computer
    Aided Verification, Snowbird, USA: Springer. <a href="https://doi.org/10.1007/978-3-642-22110-1_20">https://doi.org/10.1007/978-3-642-22110-1_20</a>'
  chicago: Cerny, Pavol, Krishnendu Chatterjee, Thomas A Henzinger, Arjun Radhakrishna,
    and Rohit Singh. “Quantitative Synthesis for Concurrent Programs.” edited by Ganesh
    Gopalakrishnan and Shaz Qadeer, 6806:243–59. Springer, 2011. <a href="https://doi.org/10.1007/978-3-642-22110-1_20">https://doi.org/10.1007/978-3-642-22110-1_20</a>.
  ieee: 'P. Cerny, K. Chatterjee, T. A. Henzinger, A. Radhakrishna, and R. Singh,
    “Quantitative synthesis for concurrent programs,” presented at the CAV: Computer
    Aided Verification, Snowbird, USA, 2011, vol. 6806, pp. 243–259.'
  ista: 'Cerny P, Chatterjee K, Henzinger TA, Radhakrishna A, Singh R. 2011. Quantitative
    synthesis for concurrent programs. CAV: Computer Aided Verification, LNCS, vol.
    6806, 243–259.'
  mla: Cerny, Pavol, et al. <i>Quantitative Synthesis for Concurrent Programs</i>.
    Edited by Ganesh Gopalakrishnan and Shaz Qadeer, vol. 6806, Springer, 2011, pp.
    243–59, doi:<a href="https://doi.org/10.1007/978-3-642-22110-1_20">10.1007/978-3-642-22110-1_20</a>.
  short: P. Cerny, K. Chatterjee, T.A. Henzinger, A. Radhakrishna, R. Singh, in:,
    G. Gopalakrishnan, S. Qadeer (Eds.), Springer, 2011, pp. 243–259.
conference:
  end_date: 2011-07-20
  location: Snowbird, USA
  name: 'CAV: Computer Aided Verification'
  start_date: 2011-07-14
date_created: 2018-12-11T12:02:55Z
date_published: 2011-04-21T00:00:00Z
date_updated: 2023-02-23T12:24:01Z
day: '21'
ddc:
- '000'
- '004'
department:
- _id: ToHe
- _id: KrCh
doi: 10.1007/978-3-642-22110-1_20
ec_funded: 1
editor:
- first_name: Ganesh
  full_name: Gopalakrishnan, Ganesh
  last_name: Gopalakrishnan
- first_name: Shaz
  full_name: Qadeer, Shaz
  last_name: Qadeer
file:
- access_level: open_access
  checksum: c033689355f45742dc7c99b5af13ce7a
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:15:51Z
  date_updated: 2020-07-14T12:46:10Z
  file_id: '5174'
  file_name: IST-2012-76-v1+1_Quantitative_synthesis_for_concurrent_programs.pdf
  file_size: 508946
  relation: main_file
file_date_updated: 2020-07-14T12:46:10Z
has_accepted_license: '1'
intvolume: '      6806'
language:
- iso: eng
month: '04'
oa: 1
oa_version: Submitted Version
page: 243 - 259
project:
- _id: 25EE3708-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '267989'
  name: Quantitative Reactive Modeling
- _id: 25F5A88A-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S11402-N23
  name: Moderne Concurrency Paradigms
- _id: 25832EC2-B435-11E9-9278-68D0E5697425
  call_identifier: FWF
  grant_number: S 11407_N23
  name: Rigorous Systems Engineering
- _id: 2587B514-B435-11E9-9278-68D0E5697425
  name: Microsoft Research Faculty Fellowship
- _id: 25F1337C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '214373'
  name: Design for Embedded Systems
publication_status: published
publisher: Springer
publist_id: '3247'
pubrep_id: '76'
quality_controlled: '1'
related_material:
  record:
  - id: '5388'
    relation: earlier_version
    status: public
status: public
title: Quantitative synthesis for concurrent programs
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 6806
year: '2011'
...
---
_id: '488'
abstract:
- lang: eng
  text: 'Streaming string transducers [1] define (partial) functions from input strings
    to output strings. A streaming string transducer makes a single pass through the
    input string and uses a finite set of variables that range over strings from the
    output alphabet. At every step, the transducer processes an input symbol, and
    updates all the variables in parallel using assignments whose right-hand-sides
    are concatenations of output symbols and variables with the restriction that a
    variable can be used at most once in a right-hand-side expression. It has been
    shown that streaming string transducers operating on strings over infinite data
    domains are of interest in algorithmic verification of list-processing programs,
    as they lead to PSPACE decision procedures for checking pre/post conditions and
    for checking semantic equivalence, for a well-defined class of heap-manipulating
    programs. In order to understand the theoretical expressiveness of streaming transducers,
    we focus on streaming transducers processing strings over finite alphabets, given
    the existence of a robust and well-studied class of &quot;regular&quot; transductions
    for this case. Such regular transductions can be defined either by two-way deterministic
    finite-state transducers, or using a logical MSO-based characterization. Our main
    result is that the expressiveness of streaming string transducers coincides exactly
    with this class of regular transductions. '
alternative_title:
- LIPIcs
author:
- first_name: Rajeev
  full_name: Alur, Rajeev
  last_name: Alur
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
citation:
  ama: 'Alur R, Cerny P. Expressiveness of streaming string transducers. In: Vol 8.
    Schloss Dagstuhl - Leibniz-Zentrum für Informatik; 2010:1-12. doi:<a href="https://doi.org/10.4230/LIPIcs.FSTTCS.2010.1">10.4230/LIPIcs.FSTTCS.2010.1</a>'
  apa: 'Alur, R., &#38; Cerny, P. (2010). Expressiveness of streaming string transducers
    (Vol. 8, pp. 1–12). Presented at the FSTTCS: Foundations of Software Technology
    and Theoretical Computer Science, Chennai, India: Schloss Dagstuhl - Leibniz-Zentrum
    für Informatik. <a href="https://doi.org/10.4230/LIPIcs.FSTTCS.2010.1">https://doi.org/10.4230/LIPIcs.FSTTCS.2010.1</a>'
  chicago: Alur, Rajeev, and Pavol Cerny. “Expressiveness of Streaming String Transducers,”
    8:1–12. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2010. <a href="https://doi.org/10.4230/LIPIcs.FSTTCS.2010.1">https://doi.org/10.4230/LIPIcs.FSTTCS.2010.1</a>.
  ieee: 'R. Alur and P. Cerny, “Expressiveness of streaming string transducers,” presented
    at the FSTTCS: Foundations of Software Technology and Theoretical Computer Science,
    Chennai, India, 2010, vol. 8, pp. 1–12.'
  ista: 'Alur R, Cerny P. 2010. Expressiveness of streaming string transducers. FSTTCS:
    Foundations of Software Technology and Theoretical Computer Science, LIPIcs, vol.
    8, 1–12.'
  mla: Alur, Rajeev, and Pavol Cerny. <i>Expressiveness of Streaming String Transducers</i>.
    Vol. 8, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2010, pp. 1–12, doi:<a
    href="https://doi.org/10.4230/LIPIcs.FSTTCS.2010.1">10.4230/LIPIcs.FSTTCS.2010.1</a>.
  short: R. Alur, P. Cerny, in:, Schloss Dagstuhl - Leibniz-Zentrum für Informatik,
    2010, pp. 1–12.
conference:
  end_date: 2010-12-18
  location: Chennai, India
  name: 'FSTTCS: Foundations of Software Technology and Theoretical Computer Science'
  start_date: 2010-12-15
date_created: 2018-12-11T11:46:45Z
date_published: 2010-01-01T00:00:00Z
date_updated: 2021-01-12T08:01:00Z
day: '01'
ddc:
- '005'
department:
- _id: ToHe
doi: 10.4230/LIPIcs.FSTTCS.2010.1
file:
- access_level: open_access
  checksum: 5845be5aa19791830f7407d8853f2df0
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:08:29Z
  date_updated: 2020-07-14T12:46:35Z
  file_id: '4690'
  file_name: IST-2018-948-v1+1_2011_Cerny_Expressiveness_of.pdf
  file_size: 492344
  relation: main_file
file_date_updated: 2020-07-14T12:46:35Z
has_accepted_license: '1'
intvolume: '         8'
language:
- iso: eng
month: '01'
oa: 1
oa_version: Published Version
page: 1 - 12
publication_status: published
publisher: Schloss Dagstuhl - Leibniz-Zentrum für Informatik
publist_id: '7331'
pubrep_id: '948'
quality_controlled: '1'
scopus_import: 1
status: public
title: Expressiveness of streaming string transducers
tmp:
  image: /images/cc_by_nc_nd.png
  legal_code_url: https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode
  name: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International
    (CC BY-NC-ND 4.0)
  short: CC BY-NC-ND (4.0)
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 8
year: '2010'
...
---
_id: '5388'
abstract:
- lang: eng
  text: "We present an algorithmic method for the synthesis of concurrent programs
    that are optimal with respect to quantitative performance measures. The input
    consists of a sequential sketch, that is, a program that does not contain synchronization
    constructs, and of a parametric performance model that assigns costs to actions
    such as locking, context switching, and idling. The quantitative synthesis problem
    is to automatically introduce synchronization constructs into the sequential sketch
    so that both correctness is guaranteed and worst-case (or average-case) performance
    is optimized. Correctness is formalized as race freedom or linearizability.\r\n\r\nWe
    show that for worst-case performance, the problem can be modeled\r\nas a 2-player
    graph game with quantitative (limit-average) objectives, and\r\nfor average-case
    performance, as a 2 1/2 -player graph game (with probabilistic transitions). In
    both cases, the optimal correct program is derived from an optimal strategy in
    the corresponding quantitative game. We prove that the respective game problems
    are computationally expensive (NP-complete), and present several techniques that
    overcome the theoretical difficulty in cases of concurrent programs of practical
    interest.\r\n\r\nWe have implemented a prototype tool and used it for the automatic
    syn- thesis of programs that access a concurrent list. For certain parameter val-
    ues, our method automatically synthesizes various classical synchronization schemes
    for implementing a concurrent list, such as fine-grained locking or a lazy algorithm.
    For other parameter values, a new, hybrid synchronization style is synthesized,
    which uses both the lazy approach and coarse-grained locks (instead of standard
    fine-grained locks). The trade-off occurs because while fine-grained locking tends
    to decrease the cost that is due to waiting for locks, it increases cache size
    requirements."
alternative_title:
- IST Austria Technical Report
author:
- first_name: Krishnendu
  full_name: Chatterjee, Krishnendu
  id: 2E5DCA20-F248-11E8-B48F-1D18A9856A87
  last_name: Chatterjee
  orcid: 0000-0002-4561-241X
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Rohit
  full_name: Singh, Rohit
  last_name: Singh
citation:
  ama: Chatterjee K, Cerny P, Henzinger TA, Radhakrishna A, Singh R. <i>Quantitative
    Synthesis for Concurrent Programs</i>. IST Austria; 2010. doi:<a href="https://doi.org/10.15479/AT:IST-2010-0004">10.15479/AT:IST-2010-0004</a>
  apa: Chatterjee, K., Cerny, P., Henzinger, T. A., Radhakrishna, A., &#38; Singh,
    R. (2010). <i>Quantitative synthesis for concurrent programs</i>. IST Austria.
    <a href="https://doi.org/10.15479/AT:IST-2010-0004">https://doi.org/10.15479/AT:IST-2010-0004</a>
  chicago: Chatterjee, Krishnendu, Pavol Cerny, Thomas A Henzinger, Arjun Radhakrishna,
    and Rohit Singh. <i>Quantitative Synthesis for Concurrent Programs</i>. IST Austria,
    2010. <a href="https://doi.org/10.15479/AT:IST-2010-0004">https://doi.org/10.15479/AT:IST-2010-0004</a>.
  ieee: K. Chatterjee, P. Cerny, T. A. Henzinger, A. Radhakrishna, and R. Singh, <i>Quantitative
    synthesis for concurrent programs</i>. IST Austria, 2010.
  ista: Chatterjee K, Cerny P, Henzinger TA, Radhakrishna A, Singh R. 2010. Quantitative
    synthesis for concurrent programs, IST Austria, 17p.
  mla: Chatterjee, Krishnendu, et al. <i>Quantitative Synthesis for Concurrent Programs</i>.
    IST Austria, 2010, doi:<a href="https://doi.org/10.15479/AT:IST-2010-0004">10.15479/AT:IST-2010-0004</a>.
  short: K. Chatterjee, P. Cerny, T.A. Henzinger, A. Radhakrishna, R. Singh, Quantitative
    Synthesis for Concurrent Programs, IST Austria, 2010.
date_created: 2018-12-12T11:39:03Z
date_published: 2010-10-07T00:00:00Z
date_updated: 2023-02-23T11:24:08Z
day: '07'
ddc:
- '000'
- '005'
department:
- _id: KrCh
- _id: ToHe
doi: 10.15479/AT:IST-2010-0004
file:
- access_level: open_access
  checksum: da38782d2388a6fa32109d10bb9bad67
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T11:53:53Z
  date_updated: 2020-07-14T12:46:42Z
  file_id: '5515'
  file_name: IST-2010-0004_IST-2010-0004.pdf
  file_size: 429101
  relation: main_file
file_date_updated: 2020-07-14T12:46:42Z
has_accepted_license: '1'
language:
- iso: eng
month: '10'
oa: 1
oa_version: Published Version
page: '17'
publication_identifier:
  issn:
  - 2664-1690
publication_status: published
publisher: IST Austria
pubrep_id: '24'
related_material:
  record:
  - id: '3366'
    relation: later_version
    status: public
status: public
title: Quantitative synthesis for concurrent programs
type: technical_report
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2010'
...
---
_id: '5389'
abstract:
- lang: eng
  text: Boolean notions of correctness are formalized by preorders on systems. Quantitative
    measures of correctness can be formalized by real-valued distance functions between
    systems, where the distance between implementation and specification provides
    a measure of “fit” or “desirability.” We extend the simulation preorder to the
    quantitative setting, by making each player of a simulation game pay a certain
    price for her choices. We use the resulting games with quantitative objectives
    to define three different simulation distances. The correctness distance measures
    how much the specification must be changed in order to be satisfied by the implementation.
    The coverage distance measures how much the im- plementation restricts the degrees
    of freedom offered by the specification. The robustness distance measures how
    much a system can deviate from the implementation description without violating
    the specification. We consider these distances for safety as well as liveness
    specifications. The distances can be computed in polynomial time for safety specifications,
    and for liveness specifications given by weak fairness constraints. We show that
    the distance functions satisfy the triangle inequality, that the distance between
    two systems does not increase under parallel composition with a third system,
    and that the distance between two systems can be bounded from above and below
    by distances between abstractions of the two systems. These properties suggest
    that our simulation distances provide an appropriate basis for a quantitative
    theory of discrete systems. We also demonstrate how the robustness distance can
    be used to measure how many transmission errors are tolerated by error correcting
    codes.
alternative_title:
- IST Austria Technical Report
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: Cerny P, Henzinger TA, Radhakrishna A. <i>Simulation Distances</i>. IST Austria;
    2010. doi:<a href="https://doi.org/10.15479/AT:IST-2010-0003">10.15479/AT:IST-2010-0003</a>
  apa: Cerny, P., Henzinger, T. A., &#38; Radhakrishna, A. (2010). <i>Simulation distances</i>.
    IST Austria. <a href="https://doi.org/10.15479/AT:IST-2010-0003">https://doi.org/10.15479/AT:IST-2010-0003</a>
  chicago: Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. <i>Simulation
    Distances</i>. IST Austria, 2010. <a href="https://doi.org/10.15479/AT:IST-2010-0003">https://doi.org/10.15479/AT:IST-2010-0003</a>.
  ieee: P. Cerny, T. A. Henzinger, and A. Radhakrishna, <i>Simulation distances</i>.
    IST Austria, 2010.
  ista: Cerny P, Henzinger TA, Radhakrishna A. 2010. Simulation distances, IST Austria,
    24p.
  mla: Cerny, Pavol, et al. <i>Simulation Distances</i>. IST Austria, 2010, doi:<a
    href="https://doi.org/10.15479/AT:IST-2010-0003">10.15479/AT:IST-2010-0003</a>.
  short: P. Cerny, T.A. Henzinger, A. Radhakrishna, Simulation Distances, IST Austria,
    2010.
date_created: 2018-12-12T11:39:03Z
date_published: 2010-06-04T00:00:00Z
date_updated: 2023-02-23T12:09:16Z
day: '04'
ddc:
- '005'
department:
- _id: ToHe
doi: 10.15479/AT:IST-2010-0003
file:
- access_level: open_access
  checksum: 284ded99764e32a583a8ea83fcea254b
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T11:54:25Z
  date_updated: 2020-07-14T12:46:42Z
  file_id: '5547'
  file_name: IST-2010-0003_IST-2010-0003.pdf
  file_size: 367246
  relation: main_file
file_date_updated: 2020-07-14T12:46:42Z
has_accepted_license: '1'
language:
- iso: eng
month: '06'
oa: 1
oa_version: Published Version
page: '24'
publication_identifier:
  issn:
  - 2664-1690
publication_status: published
publisher: IST Austria
pubrep_id: '25'
related_material:
  record:
  - id: '3249'
    relation: later_version
    status: public
  - id: '4393'
    relation: later_version
    status: public
status: public
title: Simulation distances
type: technical_report
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2010'
...
---
_id: '5391'
abstract:
- lang: eng
  text: Concurrent data structures with fine-grained synchronization are notoriously
    difficult to implement correctly. The difficulty of reasoning about these implementations
    does not stem from the number of variables or the program size, but rather from
    the large number of possible interleavings. These implementations are therefore
    prime candidates for model checking. We introduce an algorithm for verifying linearizability
    of singly-linked heap-based concurrent data structures. We consider a model consisting
    of an unbounded heap where each node consists an element from an unbounded data
    domain, with a restricted set of operations for testing and updating pointers
    and data elements. Our main result is that linearizability is decidable for programs
    that invoke a fixed number of methods, possibly in parallel. This decidable fragment
    covers many of the common implementation techniques — fine-grained locking, lazy
    synchronization, and lock-free synchronization. We also show how the technique
    can be used to verify optimistic implementations with the help of programmer annotations.
    We developed a verification tool CoLT and evaluated it on a representative sample
    of Java implementations of the concurrent set data structure. The tool verified
    linearizability of a number of implementations, found a known error in a lock-free
    imple- mentation and proved that the corrected version is linearizable.
alternative_title:
- IST Austria Technical Report
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Damien
  full_name: Zufferey, Damien
  id: 4397AC76-F248-11E8-B48F-1D18A9856A87
  last_name: Zufferey
  orcid: 0000-0002-3197-8736
- first_name: Swarat
  full_name: Chaudhuri, Swarat
  last_name: Chaudhuri
- first_name: Rajeev
  full_name: Alur, Rajeev
  last_name: Alur
citation:
  ama: Cerny P, Radhakrishna A, Zufferey D, Chaudhuri S, Alur R. <i>Model Checking
    of Linearizability of Concurrent List Implementations</i>. IST Austria; 2010.
    doi:<a href="https://doi.org/10.15479/AT:IST-2010-0001">10.15479/AT:IST-2010-0001</a>
  apa: Cerny, P., Radhakrishna, A., Zufferey, D., Chaudhuri, S., &#38; Alur, R. (2010).
    <i>Model checking of linearizability of concurrent list implementations</i>. IST
    Austria. <a href="https://doi.org/10.15479/AT:IST-2010-0001">https://doi.org/10.15479/AT:IST-2010-0001</a>
  chicago: Cerny, Pavol, Arjun Radhakrishna, Damien Zufferey, Swarat Chaudhuri, and
    Rajeev Alur. <i>Model Checking of Linearizability of Concurrent List Implementations</i>.
    IST Austria, 2010. <a href="https://doi.org/10.15479/AT:IST-2010-0001">https://doi.org/10.15479/AT:IST-2010-0001</a>.
  ieee: P. Cerny, A. Radhakrishna, D. Zufferey, S. Chaudhuri, and R. Alur, <i>Model
    checking of linearizability of concurrent list implementations</i>. IST Austria,
    2010.
  ista: Cerny P, Radhakrishna A, Zufferey D, Chaudhuri S, Alur R. 2010. Model checking
    of linearizability of concurrent list implementations, IST Austria, 27p.
  mla: Cerny, Pavol, et al. <i>Model Checking of Linearizability of Concurrent List
    Implementations</i>. IST Austria, 2010, doi:<a href="https://doi.org/10.15479/AT:IST-2010-0001">10.15479/AT:IST-2010-0001</a>.
  short: P. Cerny, A. Radhakrishna, D. Zufferey, S. Chaudhuri, R. Alur, Model Checking
    of Linearizability of Concurrent List Implementations, IST Austria, 2010.
date_created: 2018-12-12T11:39:04Z
date_published: 2010-04-19T00:00:00Z
date_updated: 2023-02-23T12:09:09Z
day: '19'
ddc:
- '004'
department:
- _id: ToHe
doi: 10.15479/AT:IST-2010-0001
file:
- access_level: open_access
  checksum: 986645caad7dd85a6a091488f6c646dc
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T11:53:44Z
  date_updated: 2020-07-14T12:46:43Z
  file_id: '5505'
  file_name: IST-2010-0001_IST-2010-0001.pdf
  file_size: 372286
  relation: main_file
file_date_updated: 2020-07-14T12:46:43Z
has_accepted_license: '1'
language:
- iso: eng
month: '04'
oa: 1
oa_version: Published Version
page: '27'
publication_identifier:
  issn:
  - 2664-1690
publication_status: published
publisher: IST Austria
pubrep_id: '27'
related_material:
  record:
  - id: '4390'
    relation: later_version
    status: public
status: public
title: Model checking of linearizability of concurrent list implementations
type: technical_report
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
year: '2010'
...
---
_id: '4390'
abstract:
- lang: eng
  text: Concurrent data structures with fine-grained synchronization are notoriously
    difficult to implement correctly. The difficulty of reasoning about these implementations
    does not stem from the number of variables or the program size, but rather from
    the large number of possible interleavings. These implementations are therefore
    prime candidates for model checking. We introduce an algorithm for verifying linearizability
    of singly-linked heap-based concurrent data structures. We consider a model consisting
    of an unbounded heap where each vertex stores an element from an unbounded data
    domain, with a restricted set of operations for testing and updating pointers
    and data elements. Our main result is that linearizability is decidable for programs
    that invoke a fixed number of methods, possibly in parallel. This decidable fragment
    covers many of the common implementation techniques — fine-grained locking, lazy
    synchronization, and lock-free synchronization. We also show how the technique
    can be used to verify optimistic implementations with the help of programmer annotations.
    We developed a verification tool CoLT and evaluated it on a representative sample
    of Java implementations of the concurrent set data structure. The tool verified
    linearizability of a number of implementations, found a known error in a lock-free
    implementation and proved that the corrected version is linearizable.
alternative_title:
- LNCS
article_processing_charge: No
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
- first_name: Damien
  full_name: Zufferey, Damien
  id: 4397AC76-F248-11E8-B48F-1D18A9856A87
  last_name: Zufferey
  orcid: 0000-0002-3197-8736
- first_name: Swarat
  full_name: Chaudhuri, Swarat
  last_name: Chaudhuri
- first_name: Rajeev
  full_name: Alur, Rajeev
  last_name: Alur
citation:
  ama: 'Cerny P, Radhakrishna A, Zufferey D, Chaudhuri S, Alur R. Model checking of
    linearizability of concurrent list implementations. In: Vol 6174. Springer; 2010:465-479.
    doi:<a href="https://doi.org/10.1007/978-3-642-14295-6_41">10.1007/978-3-642-14295-6_41</a>'
  apa: 'Cerny, P., Radhakrishna, A., Zufferey, D., Chaudhuri, S., &#38; Alur, R. (2010).
    Model checking of linearizability of concurrent list implementations (Vol. 6174,
    pp. 465–479). Presented at the CAV: Computer Aided Verification, Edinburgh, UK:
    Springer. <a href="https://doi.org/10.1007/978-3-642-14295-6_41">https://doi.org/10.1007/978-3-642-14295-6_41</a>'
  chicago: Cerny, Pavol, Arjun Radhakrishna, Damien Zufferey, Swarat Chaudhuri, and
    Rajeev Alur. “Model Checking of Linearizability of Concurrent List Implementations,”
    6174:465–79. Springer, 2010. <a href="https://doi.org/10.1007/978-3-642-14295-6_41">https://doi.org/10.1007/978-3-642-14295-6_41</a>.
  ieee: 'P. Cerny, A. Radhakrishna, D. Zufferey, S. Chaudhuri, and R. Alur, “Model
    checking of linearizability of concurrent list implementations,” presented at
    the CAV: Computer Aided Verification, Edinburgh, UK, 2010, vol. 6174, pp. 465–479.'
  ista: 'Cerny P, Radhakrishna A, Zufferey D, Chaudhuri S, Alur R. 2010. Model checking
    of linearizability of concurrent list implementations. CAV: Computer Aided Verification,
    LNCS, vol. 6174, 465–479.'
  mla: Cerny, Pavol, et al. <i>Model Checking of Linearizability of Concurrent List
    Implementations</i>. Vol. 6174, Springer, 2010, pp. 465–79, doi:<a href="https://doi.org/10.1007/978-3-642-14295-6_41">10.1007/978-3-642-14295-6_41</a>.
  short: P. Cerny, A. Radhakrishna, D. Zufferey, S. Chaudhuri, R. Alur, in:, Springer,
    2010, pp. 465–479.
conference:
  end_date: 2010-07-17
  location: Edinburgh, UK
  name: 'CAV: Computer Aided Verification'
  start_date: 2010-07-15
date_created: 2018-12-11T12:08:36Z
date_published: 2010-07-01T00:00:00Z
date_updated: 2023-02-23T12:24:12Z
day: '01'
ddc:
- '000'
department:
- _id: ToHe
doi: 10.1007/978-3-642-14295-6_41
file:
- access_level: open_access
  checksum: 2eb211ce40b3c4988bce3a3592980704
  content_type: application/pdf
  creator: dernst
  date_created: 2020-05-19T16:31:56Z
  date_updated: 2020-07-14T12:46:28Z
  file_id: '7873'
  file_name: 2010_CAV_Cerny.pdf
  file_size: 3633276
  relation: main_file
file_date_updated: 2020-07-14T12:46:28Z
has_accepted_license: '1'
intvolume: '      6174'
language:
- iso: eng
month: '07'
oa: 1
oa_version: Submitted Version
page: 465 - 479
publication_status: published
publisher: Springer
publist_id: '1066'
pubrep_id: '27'
quality_controlled: '1'
related_material:
  record:
  - id: '5391'
    relation: earlier_version
    status: public
status: public
title: Model checking of linearizability of concurrent list implementations
type: conference
user_id: 2DF688A6-F248-11E8-B48F-1D18A9856A87
volume: 6174
year: '2010'
...
---
_id: '4392'
abstract:
- lang: eng
  text: 'While a boolean notion of correctness is given by a preorder on systems and
    properties, a quantitative notion of correctness is defined by a distance function
    on systems and properties, where the distance between a system and a property
    provides a measure of “fit” or “desirability.” In this article, we explore several
    ways how the simulation preorder can be generalized to a distance function. This
    is done by equipping the classical simulation game between a system and a property
    with quantitative objectives. In particular, for systems that satisfy a property,
    a quantitative simulation game can measure the “robustness” of the satisfaction,
    that is, how much the system can deviate from its nominal behavior while still
    satisfying the property. For systems that violate a property, a quantitative simulation
    game can measure the “seriousness” of the violation, that is, how much the property
    has to be modified so that it is satisfied by the system. These distances can
    be computed in polynomial time, since the computation reduces to the value problem
    in limit average games with constant weights. Finally, we demonstrate how the
    robustness distance can be used to measure how many transmission errors are tolerated
    by error correcting codes. '
alternative_title:
- LNCS
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: 'Cerny P, Henzinger TA, Radhakrishna A. Quantitative Simulation Games. In:
    Manna Z, Peled D, eds. <i>Time For Verification: Essays in Memory of Amir Pnueli</i>.
    Vol 6200. Essays in Memory of Amir Pnueli. Springer; 2010:42-60. doi:<a href="https://doi.org/10.1007/978-3-642-13754-9_3">10.1007/978-3-642-13754-9_3</a>'
  apa: 'Cerny, P., Henzinger, T. A., &#38; Radhakrishna, A. (2010). Quantitative Simulation
    Games. In Z. Manna &#38; D. Peled (Eds.), <i>Time For Verification: Essays in
    Memory of Amir Pnueli</i> (Vol. 6200, pp. 42–60). Springer. <a href="https://doi.org/10.1007/978-3-642-13754-9_3">https://doi.org/10.1007/978-3-642-13754-9_3</a>'
  chicago: 'Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. “Quantitative
    Simulation Games.” In <i>Time For Verification: Essays in Memory of Amir Pnueli</i>,
    edited by Zohar Manna and Doron Peled, 6200:42–60. Essays in Memory of Amir Pnueli.
    Springer, 2010. <a href="https://doi.org/10.1007/978-3-642-13754-9_3">https://doi.org/10.1007/978-3-642-13754-9_3</a>.'
  ieee: 'P. Cerny, T. A. Henzinger, and A. Radhakrishna, “Quantitative Simulation
    Games,” in <i>Time For Verification: Essays in Memory of Amir Pnueli</i>, vol.
    6200, Z. Manna and D. Peled, Eds. Springer, 2010, pp. 42–60.'
  ista: 'Cerny P, Henzinger TA, Radhakrishna A. 2010.Quantitative Simulation Games.
    In: Time For Verification: Essays in Memory of Amir Pnueli. LNCS, vol. 6200, 42–60.'
  mla: 'Cerny, Pavol, et al. “Quantitative Simulation Games.” <i>Time For Verification:
    Essays in Memory of Amir Pnueli</i>, edited by Zohar Manna and Doron Peled, vol.
    6200, Springer, 2010, pp. 42–60, doi:<a href="https://doi.org/10.1007/978-3-642-13754-9_3">10.1007/978-3-642-13754-9_3</a>.'
  short: 'P. Cerny, T.A. Henzinger, A. Radhakrishna, in:, Z. Manna, D. Peled (Eds.),
    Time For Verification: Essays in Memory of Amir Pnueli, Springer, 2010, pp. 42–60.'
date_created: 2018-12-11T12:08:37Z
date_published: 2010-07-29T00:00:00Z
date_updated: 2021-01-12T07:56:38Z
day: '29'
department:
- _id: ToHe
doi: 10.1007/978-3-642-13754-9_3
ec_funded: 1
editor:
- first_name: Zohar
  full_name: Manna, Zohar
  last_name: Manna
- first_name: Doron
  full_name: Peled, Doron
  last_name: Peled
intvolume: '      6200'
language:
- iso: eng
month: '07'
oa_version: None
page: 42 - 60
project:
- _id: 25EFB36C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '215543'
  name: COMponent-Based Embedded Systems design Techniques
- _id: 25F1337C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '214373'
  name: Design for Embedded Systems
publication: 'Time For Verification: Essays in Memory of Amir Pnueli'
publication_status: published
publisher: Springer
publist_id: '1064'
quality_controlled: '1'
scopus_import: 1
series_title: Essays in Memory of Amir Pnueli
status: public
title: Quantitative Simulation Games
type: book_chapter
user_id: 4435EBFC-F248-11E8-B48F-1D18A9856A87
volume: 6200
year: '2010'
...
---
_id: '4393'
abstract:
- lang: eng
  text: Boolean notions of correctness are formalized by preorders on systems. Quantitative
    measures of correctness can be formalized by real-valued distance functions between
    systems, where the distance between implementation and specification provides
    a measure of “fit” or “desirability.” We extend the simulation preorder to the
    quantitative setting, by making each player of a simulation game pay a certain
    price for her choices. We use the resulting games with quantitative objectives
    to define three different simulation distances. The correctness distance measures
    how much the specification must be changed in order to be satisfied by the implementation.
    The coverage distance measures how much the implementation restricts the degrees
    of freedom offered by the specification. The robustness distance measures how
    much a system can deviate from the implementation description without violating
    the specification. We consider these distances for safety as well as liveness
    specifications. The distances can be computed in polynomial time for safety specifications,
    and for liveness specifications given by weak fairness constraints. We show that
    the distance functions satisfy the triangle inequality, that the distance between
    two systems does not increase under parallel composition with a third system,
    and that the distance between two systems can be bounded from above and below
    by distances between abstractions of the two systems. These properties suggest
    that our simulation distances provide an appropriate basis for a quantitative
    theory of discrete systems. We also demonstrate how the robustness distance can
    be used to measure how many transmission errors are tolerated by error correcting
    codes.
acknowledgement: This work was partially supported by the European Union project COMBEST
  and the European Network of Excellence ArtistDesign.
alternative_title:
- LNCS
author:
- first_name: Pavol
  full_name: Cerny, Pavol
  id: 4DCBEFFE-F248-11E8-B48F-1D18A9856A87
  last_name: Cerny
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000−0002−2985−7724
- first_name: Arjun
  full_name: Radhakrishna, Arjun
  id: 3B51CAC4-F248-11E8-B48F-1D18A9856A87
  last_name: Radhakrishna
citation:
  ama: 'Cerny P, Henzinger TA, Radhakrishna A. Simulation distances. In: Vol 6269.
    Schloss Dagstuhl - Leibniz-Zentrum für Informatik; 2010:235-268. doi:<a href="https://doi.org/10.1007/978-3-642-15375-4_18">10.1007/978-3-642-15375-4_18</a>'
  apa: 'Cerny, P., Henzinger, T. A., &#38; Radhakrishna, A. (2010). Simulation distances
    (Vol. 6269, pp. 235–268). Presented at the CONCUR: Concurrency Theory, Paris,
    France: Schloss Dagstuhl - Leibniz-Zentrum für Informatik. <a href="https://doi.org/10.1007/978-3-642-15375-4_18">https://doi.org/10.1007/978-3-642-15375-4_18</a>'
  chicago: Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. “Simulation Distances,”
    6269:235–68. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2010. <a href="https://doi.org/10.1007/978-3-642-15375-4_18">https://doi.org/10.1007/978-3-642-15375-4_18</a>.
  ieee: 'P. Cerny, T. A. Henzinger, and A. Radhakrishna, “Simulation distances,” presented
    at the CONCUR: Concurrency Theory, Paris, France, 2010, vol. 6269, pp. 235–268.'
  ista: 'Cerny P, Henzinger TA, Radhakrishna A. 2010. Simulation distances. CONCUR:
    Concurrency Theory, LNCS, vol. 6269, 235–268.'
  mla: Cerny, Pavol, et al. <i>Simulation Distances</i>. Vol. 6269, Schloss Dagstuhl
    - Leibniz-Zentrum für Informatik, 2010, pp. 235–68, doi:<a href="https://doi.org/10.1007/978-3-642-15375-4_18">10.1007/978-3-642-15375-4_18</a>.
  short: P. Cerny, T.A. Henzinger, A. Radhakrishna, in:, Schloss Dagstuhl - Leibniz-Zentrum
    für Informatik, 2010, pp. 235–268.
conference:
  end_date: 2010-09-03
  location: Paris, France
  name: 'CONCUR: Concurrency Theory'
  start_date: 2010-08-31
date_created: 2018-12-11T12:08:37Z
date_published: 2010-11-01T00:00:00Z
date_updated: 2023-02-23T12:24:04Z
day: '01'
ddc:
- '005'
department:
- _id: ToHe
doi: 10.1007/978-3-642-15375-4_18
ec_funded: 1
file:
- access_level: open_access
  checksum: ea567903676ba8afe0507ee11313dce5
  content_type: application/pdf
  creator: system
  date_created: 2018-12-12T10:15:12Z
  date_updated: 2020-07-14T12:46:28Z
  file_id: '5130'
  file_name: IST-2012-42-v1+1_Simulation_distances.pdf
  file_size: 198913
  relation: main_file
file_date_updated: 2020-07-14T12:46:28Z
has_accepted_license: '1'
intvolume: '      6269'
language:
- iso: eng
month: '11'
oa: 1
oa_version: Submitted Version
page: 235 - 268
project:
- _id: 25EFB36C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '215543'
  name: COMponent-Based Embedded Systems design Techniques
- _id: 25F1337C-B435-11E9-9278-68D0E5697425
  call_identifier: FP7
  grant_number: '214373'
  name: Design for Embedded Systems
publication_status: published
publisher: Schloss Dagstuhl - Leibniz-Zentrum für Informatik
publist_id: '1065'
pubrep_id: '42'
quality_controlled: '1'
related_material:
  record:
  - id: '3249'
    relation: later_version
    status: public
  - id: '5389'
    relation: earlier_version
    status: public
scopus_import: 1
status: public
title: Simulation distances
type: conference
user_id: 3E5EF7F0-F248-11E8-B48F-1D18A9856A87
volume: 6269
year: '2010'
...