[{"language":[{"iso":"eng"}],"doi":"10.1007/s10703-016-0256-5","project":[{"name":"Quantitative Reactive Modeling","call_identifier":"FP7","grant_number":"267989","_id":"25EE3708-B435-11E9-9278-68D0E5697425"},{"grant_number":"S 11407_N23","_id":"25832EC2-B435-11E9-9278-68D0E5697425","call_identifier":"FWF","name":"Rigorous Systems Engineering"},{"_id":"25F42A32-B435-11E9-9278-68D0E5697425","grant_number":"Z211","name":"The Wittgenstein Prize","call_identifier":"FWF"},{"name":"IST Austria Open Access Fund","_id":"B67AFEDC-15C9-11EA-A837-991A96BB2854"}],"quality_controlled":"1","isi":1,"tmp":{"name":"Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)","legal_code_url":"https://creativecommons.org/licenses/by/4.0/legalcode","short":"CC BY (4.0)","image":"/images/cc_by.png"},"oa":1,"external_id":{"isi":["000399888900001"]},"month":"06","volume":50,"date_created":"2018-12-11T11:51:27Z","date_updated":"2023-09-20T11:13:51Z","related_material":{"record":[{"relation":"earlier_version","status":"public","id":"1729"}]},"author":[{"id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","first_name":"Pavol","last_name":"Cerny","full_name":"Cerny, Pavol"},{"last_name":"Clarke","first_name":"Edmund","full_name":"Clarke, Edmund"},{"full_name":"Henzinger, Thomas A","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","orcid":"0000−0002−2985−7724","first_name":"Thomas A","last_name":"Henzinger"},{"id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87","first_name":"Arjun","last_name":"Radhakrishna","full_name":"Radhakrishna, Arjun"},{"full_name":"Ryzhyk, Leonid","first_name":"Leonid","last_name":"Ryzhyk"},{"full_name":"Samanta, Roopsha","id":"3D2AAC08-F248-11E8-B48F-1D18A9856A87","last_name":"Samanta","first_name":"Roopsha"},{"first_name":"Thorsten","last_name":"Tarrach","id":"3D6E8F2C-F248-11E8-B48F-1D18A9856A87","orcid":"0000-0003-4409-8487","full_name":"Tarrach, Thorsten"}],"department":[{"_id":"ToHe"}],"publisher":"Springer","publication_status":"published","year":"2017","license":"https://creativecommons.org/licenses/by/4.0/","ec_funded":1,"publist_id":"5929","file_date_updated":"2020-07-14T12:44:44Z","date_published":"2017-06-01T00:00:00Z","page":"97 - 139","citation":{"short":"P. Cerny, E. Clarke, T.A. Henzinger, A. Radhakrishna, L. Ryzhyk, R. Samanta, T. Tarrach, Formal Methods in System Design 50 (2017) 97–139.","mla":"Cerny, Pavol, et al. “From Non-Preemptive to Preemptive Scheduling Using Synchronization Synthesis.” Formal Methods in System Design, vol. 50, no. 2–3, Springer, 2017, pp. 97–139, doi:10.1007/s10703-016-0256-5.","chicago":"Cerny, Pavol, Edmund Clarke, Thomas A Henzinger, Arjun Radhakrishna, Leonid Ryzhyk, Roopsha Samanta, and Thorsten Tarrach. “From Non-Preemptive to Preemptive Scheduling Using Synchronization Synthesis.” Formal Methods in System Design. Springer, 2017. https://doi.org/10.1007/s10703-016-0256-5.","ama":"Cerny P, Clarke E, Henzinger TA, et al. From non-preemptive to preemptive scheduling using synchronization synthesis. Formal Methods in System Design. 2017;50(2-3):97-139. doi:10.1007/s10703-016-0256-5","ieee":"P. Cerny et al., “From non-preemptive to preemptive scheduling using synchronization synthesis,” Formal Methods in System Design, vol. 50, no. 2–3. Springer, pp. 97–139, 2017.","apa":"Cerny, P., Clarke, E., Henzinger, T. A., Radhakrishna, A., Ryzhyk, L., Samanta, R., & Tarrach, T. (2017). From non-preemptive to preemptive scheduling using synchronization synthesis. Formal Methods in System Design. Springer. https://doi.org/10.1007/s10703-016-0256-5","ista":"Cerny P, Clarke E, Henzinger TA, Radhakrishna A, Ryzhyk L, Samanta R, Tarrach T. 2017. From non-preemptive to preemptive scheduling using synchronization synthesis. Formal Methods in System Design. 50(2–3), 97–139."},"publication":"Formal Methods in System Design","article_processing_charge":"No","has_accepted_license":"1","day":"01","scopus_import":"1","file":[{"file_size":1416170,"content_type":"application/pdf","creator":"system","access_level":"open_access","file_name":"IST-2016-656-v1+1_s10703-016-0256-5.pdf","checksum":"1163dfd997e8212c789525d4178b1653","date_created":"2018-12-12T10:13:05Z","date_updated":"2020-07-14T12:44:44Z","relation":"main_file","file_id":"4985"}],"oa_version":"Published Version","pubrep_id":"656","intvolume":" 50","status":"public","title":"From non-preemptive to preemptive scheduling using synchronization synthesis","ddc":["000"],"_id":"1338","user_id":"c635000d-4b10-11ee-a964-aac5a93f6ac1","issue":"2-3","abstract":[{"lang":"eng","text":"We present a computer-aided programming approach to concurrency. The approach allows programmers to program assuming a friendly, non-preemptive scheduler, and our synthesis procedure inserts synchronization to ensure that the final program works even with a preemptive scheduler. The correctness specification is implicit, inferred from the non-preemptive behavior. Let us consider sequences of calls that the program makes to an external interface. The specification requires that any such sequence produced under a preemptive scheduler should be included in the set of sequences produced under a non-preemptive scheduler. We guarantee that our synthesis does not introduce deadlocks and that the synchronization inserted is optimal w.r.t. a given objective function. The solution is based on a finitary abstraction, an algorithm for bounded language inclusion modulo an independence relation, and generation of a set of global constraints over synchronization placements. Each model of the global constraints set corresponds to a correctness-ensuring synchronization placement. The placement that is optimal w.r.t. the given objective function is chosen as the synchronization solution. We apply the approach to device-driver programming, where the driver threads call the software interface of the device and the API provided by the operating system. Our experiments demonstrate that our synthesis method is precise and efficient. The implicit specification helped us find one concurrency bug previously missed when model-checking using an explicit, user-provided specification. We implemented objective functions for coarse-grained and fine-grained locking and observed that different synchronization placements are produced for our experiments, favoring a minimal number of synchronization operations or maximum concurrency, respectively."}],"type":"journal_article"},{"oa_version":"None","_id":"1836","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","intvolume":" 9032","title":"Segment abstraction for worst-case execution time analysis","status":"public","abstract":[{"lang":"eng","text":"In the standard framework for worst-case execution time (WCET) analysis of programs, the main data structure is a single instance of integer linear programming (ILP) that represents the whole program. The instance of this NP-hard problem must be solved to find an estimate forWCET, and it must be refined if the estimate is not tight.We propose a new framework for WCET analysis, based on abstract segment trees (ASTs) as the main data structure. The ASTs have two advantages. First, they allow computing WCET by solving a number of independent small ILP instances. Second, ASTs store more expressive constraints, thus enabling a more efficient and precise refinement procedure. In order to realize our framework algorithmically, we develop an algorithm for WCET estimation on ASTs, and we develop an interpolation-based counterexample-guided refinement scheme for ASTs. Furthermore, we extend our framework to obtain parametric estimates of WCET. We experimentally evaluate our approach on a set of examples from WCET benchmark suites and linear-algebra packages. We show that our analysis, with comparable effort, provides WCET estimates that in many cases significantly improve those computed by existing tools."}],"type":"conference","alternative_title":["LNCS"],"date_published":"2015-04-01T00:00:00Z","citation":{"chicago":"Cerny, Pavol, Thomas A Henzinger, Laura Kovács, Arjun Radhakrishna, and Jakob Zwirchmayr. “Segment Abstraction for Worst-Case Execution Time Analysis.” Lecture Notes in Computer Science. Springer, 2015. https://doi.org/10.1007/978-3-662-46669-8_5.","mla":"Cerny, Pavol, et al. Segment Abstraction for Worst-Case Execution Time Analysis. Vol. 9032, Springer, 2015, pp. 105–31, doi:10.1007/978-3-662-46669-8_5.","short":"P. Cerny, T.A. Henzinger, L. Kovács, A. Radhakrishna, J. Zwirchmayr, 9032 (2015) 105–131.","ista":"Cerny P, Henzinger TA, Kovács L, Radhakrishna A, Zwirchmayr J. 2015. Segment abstraction for worst-case execution time analysis. 9032, 105–131.","ieee":"P. Cerny, T. A. Henzinger, L. Kovács, A. Radhakrishna, and J. Zwirchmayr, “Segment abstraction for worst-case execution time analysis,” vol. 9032. Springer, pp. 105–131, 2015.","apa":"Cerny, P., Henzinger, T. A., Kovács, L., Radhakrishna, A., & Zwirchmayr, J. (2015). Segment abstraction for worst-case execution time analysis. Presented at the ESOP: European Symposium on Programming, London, United Kingdom: Springer. https://doi.org/10.1007/978-3-662-46669-8_5","ama":"Cerny P, Henzinger TA, Kovács L, Radhakrishna A, Zwirchmayr J. Segment abstraction for worst-case execution time analysis. 2015;9032:105-131. doi:10.1007/978-3-662-46669-8_5"},"page":"105 - 131","day":"01","scopus_import":1,"series_title":"Lecture Notes in Computer Science","author":[{"id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","last_name":"Cerny","first_name":"Pavol","full_name":"Cerny, Pavol"},{"id":"40876CD8-F248-11E8-B48F-1D18A9856A87","orcid":"0000−0002−2985−7724","first_name":"Thomas A","last_name":"Henzinger","full_name":"Henzinger, Thomas A"},{"last_name":"Kovács","first_name":"Laura","full_name":"Kovács, Laura"},{"full_name":"Radhakrishna, Arjun","id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87","last_name":"Radhakrishna","first_name":"Arjun"},{"first_name":"Jakob","last_name":"Zwirchmayr","full_name":"Zwirchmayr, Jakob"}],"volume":9032,"date_updated":"2020-08-11T10:09:32Z","date_created":"2018-12-11T11:54:16Z","year":"2015","publisher":"Springer","department":[{"_id":"ToHe"}],"publication_status":"published","ec_funded":1,"publist_id":"5266","doi":"10.1007/978-3-662-46669-8_5","conference":{"location":"London, United Kingdom","start_date":"2015-04-11","end_date":"2015-04-18","name":"ESOP: European Symposium on Programming"},"language":[{"iso":"eng"}],"project":[{"name":"Quantitative Reactive Modeling","call_identifier":"FP7","grant_number":"267989","_id":"25EE3708-B435-11E9-9278-68D0E5697425"},{"grant_number":"S 11407_N23","_id":"25832EC2-B435-11E9-9278-68D0E5697425","name":"Rigorous Systems Engineering","call_identifier":"FWF"}],"quality_controlled":"1","month":"04"},{"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","_id":"1729","status":"public","title":"From non-preemptive to preemptive scheduling using synchronization synthesis","ddc":["000"],"intvolume":" 9207","pubrep_id":"336","oa_version":"Submitted Version","file":[{"relation":"main_file","file_id":"4715","checksum":"6ff58ac220e2f20cb001ba35d4924495","date_created":"2018-12-12T10:08:53Z","date_updated":"2020-07-14T12:45:13Z","access_level":"local","file_name":"IST-2015-336-v1+1_long_version.pdf","file_size":481922,"content_type":"application/pdf","creator":"system"}],"type":"conference","alternative_title":["LNCS"],"abstract":[{"lang":"eng","text":"We present a computer-aided programming approach to concurrency. The approach allows programmers to program assuming a friendly, non-preemptive scheduler, and our synthesis procedure inserts synchronization to ensure that the final program works even with a preemptive scheduler. The correctness specification is implicit, inferred from the non-preemptive behavior. Let us consider sequences of calls that the program makes to an external interface. The specification requires that any such sequence produced under a preemptive scheduler should be included in the set of such sequences produced under a non-preemptive scheduler. The solution is based on a finitary abstraction, an algorithm for bounded language inclusion modulo an independence relation, and rules for inserting synchronization. We apply the approach to device-driver programming, where the driver threads call the software interface of the device and the API provided by the operating system. Our experiments demonstrate that our synthesis method is precise and efficient, and, since it does not require explicit specifications, is more practical than the conventional approach based on user-provided assertions."}],"citation":{"apa":"Cerny, P., Clarke, E., Henzinger, T. A., Radhakrishna, A., Ryzhyk, L., Samanta, R., & Tarrach, T. (2015). From non-preemptive to preemptive scheduling using synchronization synthesis. Presented at the CAV: Computer Aided Verification, San Francisco, CA, United States: Springer. https://doi.org/10.1007/978-3-319-21668-3_11","ieee":"P. Cerny et al., “From non-preemptive to preemptive scheduling using synchronization synthesis,” vol. 9207. Springer, pp. 180–197, 2015.","ista":"Cerny P, Clarke E, Henzinger TA, Radhakrishna A, Ryzhyk L, Samanta R, Tarrach T. 2015. From non-preemptive to preemptive scheduling using synchronization synthesis. 9207, 180–197.","ama":"Cerny P, Clarke E, Henzinger TA, et al. From non-preemptive to preemptive scheduling using synchronization synthesis. 2015;9207:180-197. doi:10.1007/978-3-319-21668-3_11","chicago":"Cerny, Pavol, Edmund Clarke, Thomas A Henzinger, Arjun Radhakrishna, Leonid Ryzhyk, Roopsha Samanta, and Thorsten Tarrach. “From Non-Preemptive to Preemptive Scheduling Using Synchronization Synthesis.” Lecture Notes in Computer Science. Springer, 2015. https://doi.org/10.1007/978-3-319-21668-3_11.","short":"P. Cerny, E. Clarke, T.A. Henzinger, A. Radhakrishna, L. Ryzhyk, R. Samanta, T. Tarrach, 9207 (2015) 180–197.","mla":"Cerny, Pavol, et al. From Non-Preemptive to Preemptive Scheduling Using Synchronization Synthesis. Vol. 9207, Springer, 2015, pp. 180–97, doi:10.1007/978-3-319-21668-3_11."},"page":"180 - 197","date_published":"2015-07-01T00:00:00Z","scopus_import":1,"series_title":"Lecture Notes in Computer Science","day":"01","has_accepted_license":"1","year":"2015","publication_status":"published","department":[{"_id":"ToHe"}],"publisher":"Springer","author":[{"full_name":"Cerny, Pavol","id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","last_name":"Cerny","first_name":"Pavol"},{"full_name":"Clarke, Edmund","last_name":"Clarke","first_name":"Edmund"},{"full_name":"Henzinger, Thomas A","last_name":"Henzinger","first_name":"Thomas A","orcid":"0000−0002−2985−7724","id":"40876CD8-F248-11E8-B48F-1D18A9856A87"},{"first_name":"Arjun","last_name":"Radhakrishna","id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87","full_name":"Radhakrishna, Arjun"},{"last_name":"Ryzhyk","first_name":"Leonid","full_name":"Ryzhyk, Leonid"},{"id":"3D2AAC08-F248-11E8-B48F-1D18A9856A87","first_name":"Roopsha","last_name":"Samanta","full_name":"Samanta, Roopsha"},{"last_name":"Tarrach","first_name":"Thorsten","orcid":"0000-0003-4409-8487","id":"3D6E8F2C-F248-11E8-B48F-1D18A9856A87","full_name":"Tarrach, Thorsten"}],"related_material":{"record":[{"id":"1130","relation":"dissertation_contains","status":"public"},{"status":"public","relation":"later_version","id":"1338"}]},"date_updated":"2023-09-20T11:13:50Z","date_created":"2018-12-11T11:53:42Z","volume":9207,"file_date_updated":"2020-07-14T12:45:13Z","ec_funded":1,"publist_id":"5398","quality_controlled":"1","project":[{"_id":"25EE3708-B435-11E9-9278-68D0E5697425","grant_number":"267989","name":"Quantitative Reactive Modeling","call_identifier":"FP7"},{"name":"The Wittgenstein Prize","call_identifier":"FWF","grant_number":"Z211","_id":"25F42A32-B435-11E9-9278-68D0E5697425"},{"_id":"25832EC2-B435-11E9-9278-68D0E5697425","grant_number":"S 11407_N23","call_identifier":"FWF","name":"Rigorous Systems Engineering"}],"conference":{"name":"CAV: Computer Aided Verification","start_date":"2015-07-18","location":"San Francisco, CA, United States","end_date":"2015-07-24"},"doi":"10.1007/978-3-319-21668-3_11","language":[{"iso":"eng"}],"month":"07"},{"abstract":[{"lang":"eng","text":"We propose a general framework for abstraction with respect to quantitative properties, such as worst-case execution time, or power consumption. Our framework provides a systematic way for counter-example guided abstraction refinement for quantitative properties. The salient aspect of the framework is that it allows anytime verification, that is, verification algorithms that can be stopped at any time (for example, due to exhaustion of memory), and report approximations that improve monotonically when the algorithms are given more time. We instantiate the framework with a number of quantitative abstractions and refinement schemes, which differ in terms of how much quantitative information they keep from the original system. We introduce both state-based and trace-based quantitative abstractions, and we describe conditions that define classes of quantitative properties for which the abstractions provide over-approximations. We give algorithms for evaluating the quantitative properties on the abstract systems. We present algorithms for counter-example based refinements for quantitative properties for both state-based and segment-based abstractions. We perform a case study on worst-case execution time of executables to evaluate the anytime verification aspect and the quantitative abstractions we proposed."}],"publist_id":"4800","ec_funded":1,"type":"conference","author":[{"full_name":"Cerny, Pavol","first_name":"Pavol","last_name":"Cerny","id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87"},{"full_name":"Henzinger, Thomas A","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","orcid":"0000−0002−2985−7724","first_name":"Thomas A","last_name":"Henzinger"},{"full_name":"Radhakrishna, Arjun","first_name":"Arjun","last_name":"Radhakrishna","id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87"}],"date_updated":"2021-01-12T06:55:50Z","date_created":"2018-12-11T11:56:11Z","oa_version":"None","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","_id":"2182","year":"2013","status":"public","publication_status":"published","title":"Quantitative abstraction refinement","publisher":"ACM","department":[{"_id":"ToHe"}],"month":"01","day":"01","scopus_import":1,"conference":{"name":"POPL: Principles of Programming Languages","end_date":"2013-01-25","location":"Rome, Italy","start_date":"2013-07-23"},"doi":"10.1145/2429069.2429085","date_published":"2013-01-01T00:00:00Z","language":[{"iso":"eng"}],"publication":"Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming language","citation":{"ista":"Cerny P, Henzinger TA, Radhakrishna A. 2013. Quantitative abstraction refinement. Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming language. POPL: Principles of Programming Languages, 115–128.","ieee":"P. Cerny, T. A. Henzinger, and A. Radhakrishna, “Quantitative abstraction refinement,” in Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming language, Rome, Italy, 2013, pp. 115–128.","apa":"Cerny, P., Henzinger, T. A., & Radhakrishna, A. (2013). Quantitative abstraction refinement. In Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming language (pp. 115–128). Rome, Italy: ACM. https://doi.org/10.1145/2429069.2429085","ama":"Cerny P, Henzinger TA, Radhakrishna A. Quantitative abstraction refinement. In: Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Language. ACM; 2013:115-128. doi:10.1145/2429069.2429085","chicago":"Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. “Quantitative Abstraction Refinement.” In Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Language, 115–28. ACM, 2013. https://doi.org/10.1145/2429069.2429085.","mla":"Cerny, Pavol, et al. “Quantitative Abstraction Refinement.” Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Language, ACM, 2013, pp. 115–28, doi:10.1145/2429069.2429085.","short":"P. Cerny, T.A. Henzinger, A. Radhakrishna, in:, Proceedings of the 40th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Language, ACM, 2013, pp. 115–128."},"quality_controlled":"1","page":"115 - 128","project":[{"_id":"25EE3708-B435-11E9-9278-68D0E5697425","grant_number":"267989","name":"Quantitative Reactive Modeling","call_identifier":"FP7"},{"grant_number":"S11402-N23","_id":"25F5A88A-B435-11E9-9278-68D0E5697425","name":"Moderne Concurrency Paradigms","call_identifier":"FWF"}]},{"file_date_updated":"2020-07-14T12:45:40Z","ec_funded":1,"publist_id":"4458","year":"2013","publication_status":"published","department":[{"_id":"ToHe"}],"publisher":"Springer","author":[{"full_name":"Cerny, Pavol","id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","first_name":"Pavol","last_name":"Cerny"},{"full_name":"Henzinger, Thomas A","last_name":"Henzinger","first_name":"Thomas A","orcid":"0000−0002−2985−7724","id":"40876CD8-F248-11E8-B48F-1D18A9856A87"},{"last_name":"Radhakrishna","first_name":"Arjun","id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87","full_name":"Radhakrishna, Arjun"},{"full_name":"Ryzhyk, Leonid","first_name":"Leonid","last_name":"Ryzhyk"},{"full_name":"Tarrach, Thorsten","first_name":"Thorsten","last_name":"Tarrach","id":"3D6E8F2C-F248-11E8-B48F-1D18A9856A87","orcid":"0000-0003-4409-8487"}],"related_material":{"record":[{"id":"1130","relation":"dissertation_contains","status":"public"}]},"date_created":"2018-12-11T11:57:42Z","date_updated":"2023-09-07T11:57:01Z","volume":8044,"month":"07","oa":1,"quality_controlled":"1","project":[{"call_identifier":"FP7","name":"Quantitative Reactive Modeling","_id":"25EE3708-B435-11E9-9278-68D0E5697425","grant_number":"267989"},{"_id":"25832EC2-B435-11E9-9278-68D0E5697425","grant_number":"S 11407_N23","name":"Rigorous Systems Engineering","call_identifier":"FWF"}],"conference":{"start_date":"2013-07-13","location":"St. Petersburg, Russia","end_date":"2013-07-19","name":"CAV: Computer Aided Verification"},"doi":"10.1007/978-3-642-39799-8_68","language":[{"iso":"eng"}],"type":"conference","alternative_title":["LNCS"],"abstract":[{"lang":"eng","text":"We develop program synthesis techniques that can help programmers fix concurrency-related bugs. We make two new contributions to synthesis for concurrency, the first improving the efficiency of the synthesized code, and the second improving the efficiency of the synthesis procedure itself. The first contribution is to have the synthesis procedure explore a variety of (sequential) semantics-preserving program transformations. Classically, only one such transformation has been considered, namely, the insertion of synchronization primitives (such as locks). Based on common manual bug-fixing techniques used by Linux device-driver developers, we explore additional, more efficient transformations, such as the reordering of independent instructions. The second contribution is to speed up the counterexample-guided removal of concurrency bugs within the synthesis procedure by considering partial-order traces (instead of linear traces) as counterexamples. A partial-order error trace represents a set of linear (interleaved) traces of a concurrent program all of which lead to the same error. By eliminating a partial-order error trace, we eliminate in a single iteration of the synthesis procedure all linearizations of the partial-order trace. We evaluated our techniques on several simplified examples of real concurrency bugs that occurred in Linux device drivers."}],"_id":"2445","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","title":"Efficient synthesis for concurrency by semantics-preserving transformations","ddc":["000","004"],"status":"public","intvolume":" 8044","pubrep_id":"199","oa_version":"Submitted Version","file":[{"file_name":"IST-2014-199-v1+1_cav2013-final.pdf","access_level":"open_access","creator":"system","file_size":365548,"content_type":"application/pdf","file_id":"5158","relation":"main_file","date_updated":"2020-07-14T12:45:40Z","date_created":"2018-12-12T10:15:37Z","checksum":"70c70ca5487faba82262c63e1b678a27"}],"scopus_import":1,"day":"01","has_accepted_license":"1","citation":{"apa":"Cerny, P., Henzinger, T. A., Radhakrishna, A., Ryzhyk, L., & Tarrach, T. (2013). Efficient synthesis for concurrency by semantics-preserving transformations (Vol. 8044, pp. 951–967). Presented at the CAV: Computer Aided Verification, St. Petersburg, Russia: Springer. https://doi.org/10.1007/978-3-642-39799-8_68","ieee":"P. Cerny, T. A. Henzinger, A. Radhakrishna, L. Ryzhyk, and T. Tarrach, “Efficient synthesis for concurrency by semantics-preserving transformations,” presented at the CAV: Computer Aided Verification, St. Petersburg, Russia, 2013, vol. 8044, pp. 951–967.","ista":"Cerny P, Henzinger TA, Radhakrishna A, Ryzhyk L, Tarrach T. 2013. Efficient synthesis for concurrency by semantics-preserving transformations. CAV: Computer Aided Verification, LNCS, vol. 8044, 951–967.","ama":"Cerny P, Henzinger TA, Radhakrishna A, Ryzhyk L, Tarrach T. Efficient synthesis for concurrency by semantics-preserving transformations. In: Vol 8044. Springer; 2013:951-967. doi:10.1007/978-3-642-39799-8_68","chicago":"Cerny, Pavol, Thomas A Henzinger, Arjun Radhakrishna, Leonid Ryzhyk, and Thorsten Tarrach. “Efficient Synthesis for Concurrency by Semantics-Preserving Transformations,” 8044:951–67. Springer, 2013. https://doi.org/10.1007/978-3-642-39799-8_68.","short":"P. Cerny, T.A. Henzinger, A. Radhakrishna, L. Ryzhyk, T. Tarrach, in:, Springer, 2013, pp. 951–967.","mla":"Cerny, Pavol, et al. Efficient Synthesis for Concurrency by Semantics-Preserving Transformations. Vol. 8044, Springer, 2013, pp. 951–67, doi:10.1007/978-3-642-39799-8_68."},"page":"951 - 967","date_published":"2013-07-01T00:00:00Z"},{"scopus_import":1,"month":"10","day":"01","project":[{"call_identifier":"FP7","name":"Quantitative Reactive Modeling","grant_number":"267989","_id":"25EE3708-B435-11E9-9278-68D0E5697425"},{"grant_number":"S 11407_N23","_id":"25832EC2-B435-11E9-9278-68D0E5697425","call_identifier":"FWF","name":"Rigorous Systems Engineering"}],"page":"53 - 62","quality_controlled":"1","citation":{"chicago":"Cerny, Pavol, Sivakanth Gopi, Thomas A Henzinger, Arjun Radhakrishna, and Nishant Totla. “Synthesis from Incompatible Specifications.” In Proceedings of the Tenth ACM International Conference on Embedded Software, 53–62. ACM, 2012. https://doi.org/10.1145/2380356.2380371.","mla":"Cerny, Pavol, et al. “Synthesis from Incompatible Specifications.” Proceedings of the Tenth ACM International Conference on Embedded Software, ACM, 2012, pp. 53–62, doi:10.1145/2380356.2380371.","short":"P. Cerny, S. Gopi, T.A. Henzinger, A. Radhakrishna, N. Totla, in:, Proceedings of the Tenth ACM International Conference on Embedded Software, ACM, 2012, pp. 53–62.","ista":"Cerny P, Gopi S, Henzinger TA, Radhakrishna A, Totla N. 2012. Synthesis from incompatible specifications. Proceedings of the tenth ACM international conference on Embedded software. EMSOFT: Embedded Software , 53–62.","ieee":"P. Cerny, S. Gopi, T. A. Henzinger, A. Radhakrishna, and N. Totla, “Synthesis from incompatible specifications,” in Proceedings of the tenth ACM international conference on Embedded software, Tampere, Finland, 2012, pp. 53–62.","apa":"Cerny, P., Gopi, S., Henzinger, T. A., Radhakrishna, A., & Totla, N. (2012). Synthesis from incompatible specifications. In Proceedings of the tenth ACM international conference on Embedded software (pp. 53–62). Tampere, Finland: ACM. https://doi.org/10.1145/2380356.2380371","ama":"Cerny P, Gopi S, Henzinger TA, Radhakrishna A, Totla N. Synthesis from incompatible specifications. In: Proceedings of the Tenth ACM International Conference on Embedded Software. ACM; 2012:53-62. doi:10.1145/2380356.2380371"},"publication":"Proceedings of the tenth ACM international conference on Embedded software","language":[{"iso":"eng"}],"date_published":"2012-10-01T00:00:00Z","doi":"10.1145/2380356.2380371","conference":{"name":"EMSOFT: Embedded Software ","start_date":"2012-10-07","location":"Tampere, Finland","end_date":"2012-10-12"},"type":"conference","ec_funded":1,"publist_id":"3868","abstract":[{"lang":"eng","text":"Systems are often specified using multiple requirements on their behavior. In practice, these requirements can be contradictory. The classical approach to specification, verification, and synthesis demands more detailed specifications that resolve any contradictions in the requirements. These detailed specifications are usually large, cumbersome, and hard to maintain or modify. In contrast, quantitative frameworks allow the formalization of the intuitive idea that what is desired is an implementation that comes "closest" to satisfying the mutually incompatible requirements, according to a measure of fit that can be defined by the requirements engineer. One flexible framework for quantifying how "well" an implementation satisfies a specification is offered by simulation distances that are parameterized by an error model. We introduce this framework, study its properties, and provide an algorithmic solution for the following quantitative synthesis question: given two (or more) behavioral requirements specified by possibly incompatible finite-state machines, and an error model, find the finite-state implementation that minimizes the maximal simulation distance to the given requirements. Furthermore, we generalize the framework to handle infinite alphabets (for example, realvalued domains). We also demonstrate how quantitative specifications based on simulation distances might lead to smaller and easier to modify specifications. Finally, we illustrate our approach using case studies on error correcting codes and scheduler synthesis."}],"department":[{"_id":"ToHe"}],"publisher":"ACM","status":"public","publication_status":"published","title":"Synthesis from incompatible specifications","_id":"2890","user_id":"3E5EF7F0-F248-11E8-B48F-1D18A9856A87","year":"2012","oa_version":"None","date_updated":"2021-01-12T07:00:30Z","date_created":"2018-12-11T12:00:10Z","author":[{"first_name":"Pavol","last_name":"Cerny","id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","full_name":"Cerny, Pavol"},{"full_name":"Gopi, Sivakanth","last_name":"Gopi","first_name":"Sivakanth"},{"full_name":"Henzinger, Thomas A","last_name":"Henzinger","first_name":"Thomas A","orcid":"0000−0002−2985−7724","id":"40876CD8-F248-11E8-B48F-1D18A9856A87"},{"full_name":"Radhakrishna, Arjun","last_name":"Radhakrishna","first_name":"Arjun","id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87"},{"full_name":"Totla, Nishant","first_name":"Nishant","last_name":"Totla"}]},{"date_published":"2012-10-07T00:00:00Z","citation":{"ama":"Cerny P, Chmelik M, Henzinger TA, Radhakrishna A. Interface Simulation Distances. In: Electronic Proceedings in Theoretical Computer Science. Vol 96. EPTCS; 2012:29-42. doi:10.4204/EPTCS.96.3","apa":"Cerny, P., Chmelik, M., Henzinger, T. A., & Radhakrishna, A. (2012). Interface Simulation Distances. In Electronic Proceedings in Theoretical Computer Science (Vol. 96, pp. 29–42). Napoli, Italy: EPTCS. https://doi.org/10.4204/EPTCS.96.3","ieee":"P. Cerny, M. Chmelik, T. A. Henzinger, and A. Radhakrishna, “Interface Simulation Distances,” in Electronic Proceedings in Theoretical Computer Science, Napoli, Italy, 2012, vol. 96, pp. 29–42.","ista":"Cerny P, Chmelik M, Henzinger TA, Radhakrishna A. 2012. Interface Simulation Distances. Electronic Proceedings in Theoretical Computer Science. GandALF: Games, Automata, Logic, and Formal Verification vol. 96, 29–42.","short":"P. Cerny, M. Chmelik, T.A. Henzinger, A. Radhakrishna, in:, Electronic Proceedings in Theoretical Computer Science, EPTCS, 2012, pp. 29–42.","mla":"Cerny, Pavol, et al. “Interface Simulation Distances.” Electronic Proceedings in Theoretical Computer Science, vol. 96, EPTCS, 2012, pp. 29–42, doi:10.4204/EPTCS.96.3.","chicago":"Cerny, Pavol, Martin Chmelik, Thomas A Henzinger, and Arjun Radhakrishna. “Interface Simulation Distances.” In Electronic Proceedings in Theoretical Computer Science, 96:29–42. EPTCS, 2012. https://doi.org/10.4204/EPTCS.96.3."},"publication":"Electronic Proceedings in Theoretical Computer Science","page":"29 - 42","day":"07","scopus_import":1,"oa_version":"Submitted Version","_id":"2916","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","intvolume":" 96","title":"Interface Simulation Distances","status":"public","abstract":[{"lang":"eng","text":"The classical (boolean) notion of refinement for behavioral interfaces of system components is the alternating refinement preorder. In this paper, we define a quantitative measure for interfaces, called interface simulation distance. It makes the alternating refinement preorder quantitative by, intu- itively, tolerating errors (while counting them) in the alternating simulation game. We show that the interface simulation distance satisfies the triangle inequality, that the distance between two interfaces does not increase under parallel composition with a third interface, and that the distance between two interfaces can be bounded from above and below by distances between abstractions of the two interfaces. We illustrate the framework, and the properties of the distances under composition of interfaces, with two case studies."}],"type":"conference","doi":"10.4204/EPTCS.96.3","conference":{"name":"GandALF: Games, Automata, Logic, and Formal Verification","end_date":"2012-09-08","start_date":"2012-09-06","location":"Napoli, Italy"},"language":[{"iso":"eng"}],"external_id":{"arxiv":["1210.2450"]},"main_file_link":[{"url":"http://arxiv.org/abs/1210.2450","open_access":"1"}],"oa":1,"project":[{"name":"Quantitative Reactive Modeling","call_identifier":"FP7","grant_number":"267989","_id":"25EE3708-B435-11E9-9278-68D0E5697425"},{"call_identifier":"FWF","name":"Rigorous Systems Engineering","grant_number":"S 11407_N23","_id":"25832EC2-B435-11E9-9278-68D0E5697425"},{"call_identifier":"FWF","name":"Modern Graph Algorithmic Techniques in Formal Verification","grant_number":"P 23499-N23","_id":"2584A770-B435-11E9-9278-68D0E5697425"},{"name":"Quantitative Graph Games: Theory and Applications","call_identifier":"FP7","_id":"2581B60A-B435-11E9-9278-68D0E5697425","grant_number":"279307"},{"name":"Microsoft Research Faculty Fellowship","_id":"2587B514-B435-11E9-9278-68D0E5697425"}],"quality_controlled":"1","month":"10","related_material":{"record":[{"status":"public","relation":"later_version","id":"1733"}]},"author":[{"id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","last_name":"Cerny","first_name":"Pavol","full_name":"Cerny, Pavol"},{"id":"3624234E-F248-11E8-B48F-1D18A9856A87","last_name":"Chmelik","first_name":"Martin","full_name":"Chmelik, Martin"},{"full_name":"Henzinger, Thomas A","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","orcid":"0000−0002−2985−7724","first_name":"Thomas A","last_name":"Henzinger"},{"full_name":"Radhakrishna, Arjun","id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87","first_name":"Arjun","last_name":"Radhakrishna"}],"volume":96,"date_created":"2018-12-11T12:00:19Z","date_updated":"2023-02-23T10:12:05Z","year":"2012","department":[{"_id":"ToHe"},{"_id":"KrCh"}],"publisher":"EPTCS","publication_status":"published","publist_id":"3827","ec_funded":1},{"volume":13,"date_updated":"2023-02-23T12:09:43Z","date_created":"2018-12-11T12:00:36Z","related_material":{"record":[{"relation":"earlier_version","status":"public","id":"4403"}]},"author":[{"full_name":"Alur, Rajeev","last_name":"Alur","first_name":"Rajeev"},{"id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","last_name":"Cerny","first_name":"Pavol","full_name":"Cerny, Pavol"},{"first_name":"Scott","last_name":"Weinstein","full_name":"Weinstein, Scott"}],"publisher":"ACM","department":[{"_id":"ToHe"}],"publication_status":"published","year":"2012","acknowledgement":"This research was supported in part by the NSF Cybertrust award CNS 0524059, by the European Research Council (ERC) Advanced Investigator Grant QUAREM, and by the Austrian Science Fund (FWF) project S11402-N23.","publist_id":"3748","ec_funded":1,"article_number":"27","language":[{"iso":"eng"}],"doi":"10.1145/2287718.2287727","project":[{"grant_number":"267989","_id":"25EE3708-B435-11E9-9278-68D0E5697425","name":"Quantitative Reactive Modeling","call_identifier":"FP7"},{"call_identifier":"FWF","name":"Rigorous Systems Engineering","grant_number":"S 11407_N23","_id":"25832EC2-B435-11E9-9278-68D0E5697425"}],"quality_controlled":"1","month":"08","oa_version":"None","intvolume":" 13","status":"public","title":"Algorithmic analysis of array-accessing programs","user_id":"3E5EF7F0-F248-11E8-B48F-1D18A9856A87","_id":"2967","issue":"3","abstract":[{"lang":"eng","text":"For programs whose data variables range over Boolean or finite domains, program verification is decidable, and this forms the basis of recent tools for software model checking. In this article, we consider algorithmic verification of programs that use Boolean variables, and in addition, access a single read-only array whose length is potentially unbounded, and whose elements range over an unbounded data domain. We show that the reachability problem, while undecidable in general, is (1) PSPACE-complete for programs in which the array-accessing for-loops are not nested, (2) decidable for a restricted class of programs with doubly nested loops. The second result establishes connections to automata and logics defining languages over data words."}],"type":"journal_article","date_published":"2012-08-01T00:00:00Z","citation":{"short":"R. Alur, P. Cerny, S. Weinstein, ACM Transactions on Computational Logic (TOCL) 13 (2012).","mla":"Alur, Rajeev, et al. “Algorithmic Analysis of Array-Accessing Programs.” ACM Transactions on Computational Logic (TOCL), vol. 13, no. 3, 27, ACM, 2012, doi:10.1145/2287718.2287727.","chicago":"Alur, Rajeev, Pavol Cerny, and Scott Weinstein. “Algorithmic Analysis of Array-Accessing Programs.” ACM Transactions on Computational Logic (TOCL). ACM, 2012. https://doi.org/10.1145/2287718.2287727.","ama":"Alur R, Cerny P, Weinstein S. Algorithmic analysis of array-accessing programs. ACM Transactions on Computational Logic (TOCL). 2012;13(3). doi:10.1145/2287718.2287727","ieee":"R. Alur, P. Cerny, and S. Weinstein, “Algorithmic analysis of array-accessing programs,” ACM Transactions on Computational Logic (TOCL), vol. 13, no. 3. ACM, 2012.","apa":"Alur, R., Cerny, P., & Weinstein, S. (2012). Algorithmic analysis of array-accessing programs. ACM Transactions on Computational Logic (TOCL). ACM. https://doi.org/10.1145/2287718.2287727","ista":"Alur R, Cerny P, Weinstein S. 2012. Algorithmic analysis of array-accessing programs. ACM Transactions on Computational Logic (TOCL). 13(3), 27."},"publication":"ACM Transactions on Computational Logic (TOCL)","day":"01","scopus_import":1},{"project":[{"grant_number":"267989","_id":"25EE3708-B435-11E9-9278-68D0E5697425","name":"Quantitative Reactive Modeling","call_identifier":"FP7"},{"name":"Rigorous Systems Engineering","call_identifier":"FWF","_id":"25832EC2-B435-11E9-9278-68D0E5697425","grant_number":"S 11407_N23"},{"call_identifier":"FP7","name":"COMponent-Based Embedded Systems design Techniques","_id":"25EFB36C-B435-11E9-9278-68D0E5697425","grant_number":"215543"},{"call_identifier":"FP7","name":"Design for Embedded Systems","_id":"25F1337C-B435-11E9-9278-68D0E5697425","grant_number":"214373"}],"quality_controlled":"1","language":[{"iso":"eng"}],"doi":"10.1016/j.tcs.2011.08.002","month":"01","department":[{"_id":"ToHe"}],"publisher":"Elsevier","publication_status":"published","year":"2012","acknowledgement":"This work was partially supported by the ERC Advanced Grant QUAREM, the FWF NFN Grant S11402-N23 (RiSE), the European Union project COMBEST and the European Network of Excellence Artist Design.","volume":413,"date_created":"2018-12-11T12:02:15Z","date_updated":"2023-02-23T12:24:04Z","related_material":{"record":[{"id":"4393","relation":"earlier_version","status":"public"},{"id":"5389","status":"public","relation":"earlier_version"}]},"author":[{"full_name":"Cerny, Pavol","id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","last_name":"Cerny","first_name":"Pavol"},{"full_name":"Henzinger, Thomas A","orcid":"0000−0002−2985−7724","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","last_name":"Henzinger","first_name":"Thomas A"},{"last_name":"Radhakrishna","first_name":"Arjun","id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87","full_name":"Radhakrishna, Arjun"}],"ec_funded":1,"publist_id":"3408","page":"21 - 35","citation":{"short":"P. Cerny, T.A. Henzinger, A. Radhakrishna, Theoretical Computer Science 413 (2012) 21–35.","mla":"Cerny, Pavol, et al. “Simulation Distances.” Theoretical Computer Science, vol. 413, no. 1, Elsevier, 2012, pp. 21–35, doi:10.1016/j.tcs.2011.08.002.","chicago":"Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. “Simulation Distances.” Theoretical Computer Science. Elsevier, 2012. https://doi.org/10.1016/j.tcs.2011.08.002.","ama":"Cerny P, Henzinger TA, Radhakrishna A. Simulation distances. Theoretical Computer Science. 2012;413(1):21-35. doi:10.1016/j.tcs.2011.08.002","apa":"Cerny, P., Henzinger, T. A., & Radhakrishna, A. (2012). Simulation distances. Theoretical Computer Science. Elsevier. https://doi.org/10.1016/j.tcs.2011.08.002","ieee":"P. Cerny, T. A. Henzinger, and A. Radhakrishna, “Simulation distances,” Theoretical Computer Science, vol. 413, no. 1. Elsevier, pp. 21–35, 2012.","ista":"Cerny P, Henzinger TA, Radhakrishna A. 2012. Simulation distances. Theoretical Computer Science. 413(1), 21–35."},"publication":"Theoretical Computer Science","date_published":"2012-01-06T00:00:00Z","scopus_import":1,"day":"06","intvolume":" 413","title":"Simulation distances","status":"public","_id":"3249","user_id":"3E5EF7F0-F248-11E8-B48F-1D18A9856A87","oa_version":"None","pubrep_id":"42","type":"journal_article","issue":"1","abstract":[{"lang":"eng","text":"Boolean notions of correctness are formalized by preorders on systems. Quantitative measures of correctness can be formalized by real-valued distance functions between systems, where the distance between implementation and specification provides a measure of "fit" or "desirability". We extend the simulation preorder to the quantitative setting by making each player of a simulation game pay a certain price for her choices. We use the resulting games with quantitative objectives to define three different simulation distances. The correctness distance measures how much the specification must be changed in order to be satisfied by the implementation. The coverage distance measures how much the implementation restricts the degrees of freedom offered by the specification. The robustness distance measures how much a system can deviate from the implementation description without violating the specification. We consider these distances for safety as well as liveness specifications. The distances can be computed in polynomial time for safety specifications, and for liveness specifications given by weak fairness constraints. We show that the distance functions satisfy the triangle inequality, that the distance between two systems does not increase under parallel composition with a third system, and that the distance between two systems can be bounded from above and below by distances between abstractions of the two systems. These properties suggest that our simulation distances provide an appropriate basis for a quantitative theory of discrete systems. We also demonstrate how the robustness distance can be used to measure how many transmission errors are tolerated by error correcting codes."}]},{"author":[{"full_name":"Alur, Rajeev","first_name":"Rajeev","last_name":"Alur"},{"full_name":"Cerny, Pavol","first_name":"Pavol","last_name":"Cerny","id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87"}],"date_updated":"2022-03-21T08:12:51Z","date_created":"2018-12-11T12:02:41Z","volume":46,"oa_version":"None","_id":"3325","year":"2011","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","publication_status":"published","status":"public","title":"Streaming transducers for algorithmic verification of single pass list processing programs","department":[{"_id":"ToHe"}],"intvolume":" 46","publisher":"ACM","abstract":[{"text":"We introduce streaming data string transducers that map input data strings to output data strings in a single left-to-right pass in linear time. Data strings are (unbounded) sequences of data values, tagged with symbols from a finite set, over a potentially infinite data do- main that supports only the operations of equality and ordering. The transducer uses a finite set of states, a finite set of variables ranging over the data domain, and a finite set of variables ranging over data strings. At every step, it can make decisions based on the next in- put symbol, updating its state, remembering the input data value in its data variables, and updating data-string variables by concatenat- ing data-string variables and new symbols formed from data vari- ables, while avoiding duplication. We establish that the problems of checking functional equivalence of two streaming transducers, and of checking whether a streaming transducer satisfies pre/post verification conditions specified by streaming acceptors over in- put/output data-strings, are in PSPACE. We identify a class of imperative and a class of functional pro- grams, manipulating lists of data items, which can be effectively translated to streaming data-string transducers. The imperative pro- grams dynamically modify a singly-linked heap by changing next- pointers of heap-nodes and by adding new nodes. The main re- striction specifies how the next-pointers can be used for traversal. We also identify an expressively equivalent fragment of functional programs that traverse a list using syntactically restricted recursive calls. Our results lead to algorithms for assertion checking and for checking functional equivalence of two programs, written possibly in different programming styles, for commonly used routines such as insert, delete, and reverse.","lang":"eng"}],"publist_id":"3310","issue":"1","type":"conference","conference":{"end_date":"2011-01-28","location":"Texas, USA","start_date":"2011-01-26","name":"POPL: Principles of Programming Languages"},"date_published":"2011-01-26T00:00:00Z","doi":"10.1145/1926385.1926454","language":[{"iso":"eng"}],"citation":{"ista":"Alur R, Cerny P. 2011. Streaming transducers for algorithmic verification of single pass list processing programs. POPL: Principles of Programming Languages vol. 46, 599–610.","ieee":"R. Alur and P. Cerny, “Streaming transducers for algorithmic verification of single pass list processing programs,” presented at the POPL: Principles of Programming Languages, Texas, USA, 2011, vol. 46, no. 1, pp. 599–610.","apa":"Alur, R., & Cerny, P. (2011). Streaming transducers for algorithmic verification of single pass list processing programs (Vol. 46, pp. 599–610). Presented at the POPL: Principles of Programming Languages, Texas, USA: ACM. https://doi.org/10.1145/1926385.1926454","ama":"Alur R, Cerny P. Streaming transducers for algorithmic verification of single pass list processing programs. In: Vol 46. ACM; 2011:599-610. doi:10.1145/1926385.1926454","chicago":"Alur, Rajeev, and Pavol Cerny. “Streaming Transducers for Algorithmic Verification of Single Pass List Processing Programs,” 46:599–610. ACM, 2011. https://doi.org/10.1145/1926385.1926454.","mla":"Alur, Rajeev, and Pavol Cerny. Streaming Transducers for Algorithmic Verification of Single Pass List Processing Programs. Vol. 46, no. 1, ACM, 2011, pp. 599–610, doi:10.1145/1926385.1926454.","short":"R. Alur, P. Cerny, in:, ACM, 2011, pp. 599–610."},"quality_controlled":"1","page":"599 - 610","day":"26","month":"01","article_processing_charge":"No","scopus_import":"1"},{"ec_funded":1,"publist_id":"3254","file_date_updated":"2020-07-14T12:46:10Z","author":[{"last_name":"Cerny","first_name":"Pavol","id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","full_name":"Cerny, Pavol"},{"full_name":"Chatterjee, Krishnendu","first_name":"Krishnendu","last_name":"Chatterjee","id":"2E5DCA20-F248-11E8-B48F-1D18A9856A87","orcid":"0000-0002-4561-241X"},{"first_name":"Thomas A","last_name":"Henzinger","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","orcid":"0000−0002−2985−7724","full_name":"Henzinger, Thomas A"}],"date_updated":"2021-01-12T07:42:56Z","date_created":"2018-12-11T12:02:54Z","year":"2011","department":[{"_id":"ToHe"},{"_id":"KrCh"}],"publisher":"IEEE","publication_status":"published","month":"06","doi":"10.1109/CSF.2011.21","conference":{"name":"CSF: Computer Security Foundations","start_date":"2011-06-27","location":"Cernay-la-Ville, France","end_date":"2011-06-29"},"language":[{"iso":"eng"}],"oa":1,"project":[{"grant_number":"267989","_id":"25EE3708-B435-11E9-9278-68D0E5697425","name":"Quantitative Reactive Modeling","call_identifier":"FP7"},{"name":"Moderne Concurrency Paradigms","call_identifier":"FWF","_id":"25F5A88A-B435-11E9-9278-68D0E5697425","grant_number":"S11402-N23"},{"call_identifier":"FWF","name":"Rigorous Systems Engineering","_id":"25832EC2-B435-11E9-9278-68D0E5697425","grant_number":"S 11407_N23"},{"name":"Microsoft Research Faculty Fellowship","_id":"2587B514-B435-11E9-9278-68D0E5697425"}],"quality_controlled":"1","abstract":[{"text":"In this paper, we investigate the computational complexity of quantitative information flow (QIF) problems. Information-theoretic quantitative relaxations of noninterference (based on Shannon entropy)have been introduced to enable more fine-grained reasoning about programs in situations where limited information flow is acceptable. The QIF bounding problem asks whether the information flow in a given program is bounded by a constant $d$. Our first result is that the QIF bounding problem is PSPACE-complete. The QIF memoryless synthesis problem asks whether it is possible to resolve nondeterministic choices in a given partial program in such a way that in the resulting deterministic program, the quantitative information flow is bounded by a given constant $d$. Our second result is that the QIF memoryless synthesis problem is also EXPTIME-complete. The QIF memoryless synthesis problem generalizes to QIF general synthesis problem which does not impose the memoryless requirement (that is, by allowing the synthesized program to have more variables then the original partial program). Our third result is that the QIF general synthesis problem is EXPTIME-hard.","lang":"eng"}],"type":"conference","pubrep_id":"81","file":[{"file_name":"IST-2012-81-v1+1_The_complexity_of_quantitative_information_flow_problems.pdf","access_level":"open_access","content_type":"application/pdf","file_size":299069,"creator":"system","relation":"main_file","file_id":"4792","date_created":"2018-12-12T10:10:07Z","date_updated":"2020-07-14T12:46:10Z","checksum":"1a25be0c62459fc7640db88af08ff63a"}],"oa_version":"Submitted Version","_id":"3361","user_id":"4435EBFC-F248-11E8-B48F-1D18A9856A87","ddc":["000","005"],"status":"public","title":"The complexity of quantitative information flow problems","has_accepted_license":"1","day":"27","scopus_import":1,"date_published":"2011-06-27T00:00:00Z","citation":{"mla":"Cerny, Pavol, et al. The Complexity of Quantitative Information Flow Problems. IEEE, 2011, pp. 205–17, doi:10.1109/CSF.2011.21.","short":"P. Cerny, K. Chatterjee, T.A. Henzinger, in:, IEEE, 2011, pp. 205–217.","chicago":"Cerny, Pavol, Krishnendu Chatterjee, and Thomas A Henzinger. “The Complexity of Quantitative Information Flow Problems,” 205–17. IEEE, 2011. https://doi.org/10.1109/CSF.2011.21.","ama":"Cerny P, Chatterjee K, Henzinger TA. The complexity of quantitative information flow problems. In: IEEE; 2011:205-217. doi:10.1109/CSF.2011.21","ista":"Cerny P, Chatterjee K, Henzinger TA. 2011. The complexity of quantitative information flow problems. CSF: Computer Security Foundations, 205–217.","apa":"Cerny, P., Chatterjee, K., & Henzinger, T. A. (2011). The complexity of quantitative information flow problems (pp. 205–217). Presented at the CSF: Computer Security Foundations, Cernay-la-Ville, France: IEEE. https://doi.org/10.1109/CSF.2011.21","ieee":"P. Cerny, K. Chatterjee, and T. A. Henzinger, “The complexity of quantitative information flow problems,” presented at the CSF: Computer Security Foundations, Cernay-la-Ville, France, 2011, pp. 205–217."},"page":"205 - 217"},{"language":[{"iso":"eng"}],"conference":{"end_date":"2011-10-14","start_date":"2011-10-09","location":"Taipei; Taiwan","name":"EMSOFT: Embedded Software "},"doi":"10.1145/2038642.2038666","date_published":"2011-10-09T00:00:00Z","quality_controlled":"1","project":[{"_id":"25EE3708-B435-11E9-9278-68D0E5697425","grant_number":"267989","name":"Quantitative Reactive Modeling","call_identifier":"FP7"},{"name":"Moderne Concurrency Paradigms","call_identifier":"FWF","grant_number":"S11402-N23","_id":"25F5A88A-B435-11E9-9278-68D0E5697425"},{"call_identifier":"FP7","name":"Design for Embedded Systems","grant_number":"214373","_id":"25F1337C-B435-11E9-9278-68D0E5697425"}],"page":"149 - 154","citation":{"apa":"Cerny, P., & Henzinger, T. A. (2011). From boolean to quantitative synthesis (pp. 149–154). Presented at the EMSOFT: Embedded Software , Taipei; Taiwan: ACM. https://doi.org/10.1145/2038642.2038666","ieee":"P. Cerny and T. A. Henzinger, “From boolean to quantitative synthesis,” presented at the EMSOFT: Embedded Software , Taipei; Taiwan, 2011, pp. 149–154.","ista":"Cerny P, Henzinger TA. 2011. From boolean to quantitative synthesis. EMSOFT: Embedded Software , 149–154.","ama":"Cerny P, Henzinger TA. From boolean to quantitative synthesis. In: ACM; 2011:149-154. doi:10.1145/2038642.2038666","chicago":"Cerny, Pavol, and Thomas A Henzinger. “From Boolean to Quantitative Synthesis,” 149–54. ACM, 2011. https://doi.org/10.1145/2038642.2038666.","short":"P. Cerny, T.A. Henzinger, in:, ACM, 2011, pp. 149–154.","mla":"Cerny, Pavol, and Thomas A. Henzinger. From Boolean to Quantitative Synthesis. ACM, 2011, pp. 149–54, doi:10.1145/2038642.2038666."},"day":"09","month":"10","date_created":"2018-12-11T12:02:53Z","date_updated":"2021-01-12T07:42:55Z","oa_version":"None","author":[{"id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","first_name":"Pavol","last_name":"Cerny","full_name":"Cerny, Pavol"},{"full_name":"Henzinger, Thomas A","orcid":"0000−0002−2985−7724","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","last_name":"Henzinger","first_name":"Thomas A"}],"title":"From boolean to quantitative synthesis","status":"public","publication_status":"published","publisher":"ACM","department":[{"_id":"ToHe"}],"acknowledgement":"This work was partially supported by the ERC Advanced Grant QUAREM, the FWF NFN Grant S11402-N23 (RiSE), and the EU NOE Grant ArtistDesign.","_id":"3359","user_id":"4435EBFC-F248-11E8-B48F-1D18A9856A87","year":"2011","abstract":[{"lang":"eng","text":"Motivated by improvements in constraint-solving technology and by the increase of routinely available computational power, partial-program synthesis is emerging as an effective approach for increasing programmer productivity. The goal of the approach is to allow the programmer to specify a part of her intent imperatively (that is, give a partial program) and a part of her intent declaratively, by specifying which conditions need to be achieved or maintained. The task of the synthesizer is to construct a program that satisfies the specification. As an example, consider a partial program where threads access shared data without using any synchronization mechanism, and a declarative specification that excludes data races and deadlocks. The task of the synthesizer is then to place locks into the program code in order for the program to meet the specification.\r\n\r\nIn this paper, we argue that quantitative objectives are needed in partial-program synthesis in order to produce higher-quality programs, while enabling simpler specifications. Returning to the example, the synthesizer could construct a naive solution that uses one global lock for shared data. This can be prevented either by constraining the solution space further (which is error-prone and partly defeats the point of synthesis), or by optimizing a quantitative objective that models performance. Other quantitative notions useful in synthesis include fault tolerance, robustness, resource (memory, power) consumption, and information flow."}],"publist_id":"3256","ec_funded":1,"type":"conference"},{"oa_version":"Submitted Version","file":[{"date_created":"2018-12-12T10:15:51Z","date_updated":"2020-07-14T12:46:10Z","checksum":"c033689355f45742dc7c99b5af13ce7a","relation":"main_file","file_id":"5174","content_type":"application/pdf","file_size":508946,"creator":"system","file_name":"IST-2012-76-v1+1_Quantitative_synthesis_for_concurrent_programs.pdf","access_level":"open_access"}],"pubrep_id":"76","intvolume":" 6806","status":"public","title":"Quantitative synthesis for concurrent programs","ddc":["000","004"],"_id":"3366","user_id":"3E5EF7F0-F248-11E8-B48F-1D18A9856A87","abstract":[{"text":"We present an algorithmic method for the quantitative, performance-aware synthesis of concurrent programs. The input consists of a nondeterministic partial program and of a parametric performance model. The nondeterminism allows the programmer to omit which (if any) synchronization construct is used at a particular program location. The performance model, specified as a weighted automaton, can capture system architectures by assigning different costs to actions such as locking, context switching, and memory and cache accesses. The quantitative synthesis problem is to automatically resolve the nondeterminism of the partial program so that both correctness is guaranteed and performance is optimal. As is standard for shared memory concurrency, correctness is formalized "specification free", in particular as race freedom or deadlock freedom. For worst-case (average-case) performance, we show that the problem can be reduced to 2-player graph games (with probabilistic transitions) with quantitative objectives. While we show, using game-theoretic methods, that the synthesis problem is Nexp-complete, we present an algorithmic method and an implementation that works efficiently for concurrent programs and performance models of practical interest. We have implemented a prototype tool and used it to synthesize finite-state concurrent programs that exhibit different programming patterns, for several performance models representing different architectures. ","lang":"eng"}],"alternative_title":["LNCS"],"type":"conference","date_published":"2011-04-21T00:00:00Z","page":"243 - 259","citation":{"ama":"Cerny P, Chatterjee K, Henzinger TA, Radhakrishna A, Singh R. Quantitative synthesis for concurrent programs. In: Gopalakrishnan G, Qadeer S, eds. Vol 6806. Springer; 2011:243-259. doi:10.1007/978-3-642-22110-1_20","ista":"Cerny P, Chatterjee K, Henzinger TA, Radhakrishna A, Singh R. 2011. Quantitative synthesis for concurrent programs. CAV: Computer Aided Verification, LNCS, vol. 6806, 243–259.","ieee":"P. Cerny, K. Chatterjee, T. A. Henzinger, A. Radhakrishna, and R. Singh, “Quantitative synthesis for concurrent programs,” presented at the CAV: Computer Aided Verification, Snowbird, USA, 2011, vol. 6806, pp. 243–259.","apa":"Cerny, P., Chatterjee, K., Henzinger, T. A., Radhakrishna, A., & Singh, R. (2011). Quantitative synthesis for concurrent programs. In G. Gopalakrishnan & S. Qadeer (Eds.) (Vol. 6806, pp. 243–259). Presented at the CAV: Computer Aided Verification, Snowbird, USA: Springer. https://doi.org/10.1007/978-3-642-22110-1_20","mla":"Cerny, Pavol, et al. Quantitative Synthesis for Concurrent Programs. Edited by Ganesh Gopalakrishnan and Shaz Qadeer, vol. 6806, Springer, 2011, pp. 243–59, doi:10.1007/978-3-642-22110-1_20.","short":"P. Cerny, K. Chatterjee, T.A. Henzinger, A. Radhakrishna, R. Singh, in:, G. Gopalakrishnan, S. Qadeer (Eds.), Springer, 2011, pp. 243–259.","chicago":"Cerny, Pavol, Krishnendu Chatterjee, Thomas A Henzinger, Arjun Radhakrishna, and Rohit Singh. “Quantitative Synthesis for Concurrent Programs.” edited by Ganesh Gopalakrishnan and Shaz Qadeer, 6806:243–59. Springer, 2011. https://doi.org/10.1007/978-3-642-22110-1_20."},"has_accepted_license":"1","article_processing_charge":"No","day":"21","volume":6806,"date_updated":"2023-02-23T12:24:01Z","date_created":"2018-12-11T12:02:55Z","related_material":{"record":[{"id":"5388","relation":"earlier_version","status":"public"}]},"author":[{"full_name":"Cerny, Pavol","id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","first_name":"Pavol","last_name":"Cerny"},{"last_name":"Chatterjee","first_name":"Krishnendu","orcid":"0000-0002-4561-241X","id":"2E5DCA20-F248-11E8-B48F-1D18A9856A87","full_name":"Chatterjee, Krishnendu"},{"id":"40876CD8-F248-11E8-B48F-1D18A9856A87","orcid":"0000−0002−2985−7724","first_name":"Thomas A","last_name":"Henzinger","full_name":"Henzinger, Thomas A"},{"full_name":"Radhakrishna, Arjun","last_name":"Radhakrishna","first_name":"Arjun","id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87"},{"last_name":"Singh","first_name":"Rohit","full_name":"Singh, Rohit"}],"department":[{"_id":"ToHe"},{"_id":"KrCh"}],"publisher":"Springer","editor":[{"full_name":"Gopalakrishnan, Ganesh","first_name":"Ganesh","last_name":"Gopalakrishnan"},{"full_name":"Qadeer, Shaz","first_name":"Shaz","last_name":"Qadeer"}],"publication_status":"published","year":"2011","ec_funded":1,"publist_id":"3247","file_date_updated":"2020-07-14T12:46:10Z","language":[{"iso":"eng"}],"doi":"10.1007/978-3-642-22110-1_20","conference":{"name":"CAV: Computer Aided Verification","location":"Snowbird, USA","start_date":"2011-07-14","end_date":"2011-07-20"},"project":[{"name":"Quantitative Reactive Modeling","call_identifier":"FP7","_id":"25EE3708-B435-11E9-9278-68D0E5697425","grant_number":"267989"},{"_id":"25F5A88A-B435-11E9-9278-68D0E5697425","grant_number":"S11402-N23","name":"Moderne Concurrency Paradigms","call_identifier":"FWF"},{"name":"Rigorous Systems Engineering","call_identifier":"FWF","grant_number":"S 11407_N23","_id":"25832EC2-B435-11E9-9278-68D0E5697425"},{"_id":"2587B514-B435-11E9-9278-68D0E5697425","name":"Microsoft Research Faculty Fellowship"},{"_id":"25F1337C-B435-11E9-9278-68D0E5697425","grant_number":"214373","name":"Design for Embedded Systems","call_identifier":"FP7"}],"quality_controlled":"1","oa":1,"month":"04"},{"publist_id":"1064","ec_funded":1,"volume":6200,"date_updated":"2021-01-12T07:56:38Z","date_created":"2018-12-11T12:08:37Z","author":[{"full_name":"Cerny, Pavol","first_name":"Pavol","last_name":"Cerny","id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87"},{"last_name":"Henzinger","first_name":"Thomas A","orcid":"0000−0002−2985−7724","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","full_name":"Henzinger, Thomas A"},{"full_name":"Radhakrishna, Arjun","id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87","first_name":"Arjun","last_name":"Radhakrishna"}],"department":[{"_id":"ToHe"}],"publisher":"Springer","editor":[{"last_name":"Manna","first_name":"Zohar","full_name":"Manna, Zohar"},{"first_name":"Doron","last_name":"Peled","full_name":"Peled, Doron"}],"publication_status":"published","year":"2010","month":"07","language":[{"iso":"eng"}],"doi":"10.1007/978-3-642-13754-9_3","project":[{"name":"COMponent-Based Embedded Systems design Techniques","call_identifier":"FP7","grant_number":"215543","_id":"25EFB36C-B435-11E9-9278-68D0E5697425"},{"grant_number":"214373","_id":"25F1337C-B435-11E9-9278-68D0E5697425","call_identifier":"FP7","name":"Design for Embedded Systems"}],"quality_controlled":"1","abstract":[{"lang":"eng","text":"While a boolean notion of correctness is given by a preorder on systems and properties, a quantitative notion of correctness is defined by a distance function on systems and properties, where the distance between a system and a property provides a measure of “fit” or “desirability.” In this article, we explore several ways how the simulation preorder can be generalized to a distance function. This is done by equipping the classical simulation game between a system and a property with quantitative objectives. In particular, for systems that satisfy a property, a quantitative simulation game can measure the “robustness” of the satisfaction, that is, how much the system can deviate from its nominal behavior while still satisfying the property. For systems that violate a property, a quantitative simulation game can measure the “seriousness” of the violation, that is, how much the property has to be modified so that it is satisfied by the system. These distances can be computed in polynomial time, since the computation reduces to the value problem in limit average games with constant weights. Finally, we demonstrate how the robustness distance can be used to measure how many transmission errors are tolerated by error correcting codes. "}],"alternative_title":["LNCS"],"type":"book_chapter","oa_version":"None","intvolume":" 6200","title":"Quantitative Simulation Games","status":"public","user_id":"4435EBFC-F248-11E8-B48F-1D18A9856A87","_id":"4392","day":"29","series_title":"Essays in Memory of Amir Pnueli","scopus_import":1,"date_published":"2010-07-29T00:00:00Z","page":"42 - 60","citation":{"ista":"Cerny P, Henzinger TA, Radhakrishna A. 2010.Quantitative Simulation Games. In: Time For Verification: Essays in Memory of Amir Pnueli. LNCS, vol. 6200, 42–60.","apa":"Cerny, P., Henzinger, T. A., & Radhakrishna, A. (2010). Quantitative Simulation Games. In Z. Manna & D. Peled (Eds.), Time For Verification: Essays in Memory of Amir Pnueli (Vol. 6200, pp. 42–60). Springer. https://doi.org/10.1007/978-3-642-13754-9_3","ieee":"P. Cerny, T. A. Henzinger, and A. Radhakrishna, “Quantitative Simulation Games,” in Time For Verification: Essays in Memory of Amir Pnueli, vol. 6200, Z. Manna and D. Peled, Eds. Springer, 2010, pp. 42–60.","ama":"Cerny P, Henzinger TA, Radhakrishna A. Quantitative Simulation Games. In: Manna Z, Peled D, eds. Time For Verification: Essays in Memory of Amir Pnueli. Vol 6200. Essays in Memory of Amir Pnueli. Springer; 2010:42-60. doi:10.1007/978-3-642-13754-9_3","chicago":"Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. “Quantitative Simulation Games.” In Time For Verification: Essays in Memory of Amir Pnueli, edited by Zohar Manna and Doron Peled, 6200:42–60. Essays in Memory of Amir Pnueli. Springer, 2010. https://doi.org/10.1007/978-3-642-13754-9_3.","mla":"Cerny, Pavol, et al. “Quantitative Simulation Games.” Time For Verification: Essays in Memory of Amir Pnueli, edited by Zohar Manna and Doron Peled, vol. 6200, Springer, 2010, pp. 42–60, doi:10.1007/978-3-642-13754-9_3.","short":"P. Cerny, T.A. Henzinger, A. Radhakrishna, in:, Z. Manna, D. Peled (Eds.), Time For Verification: Essays in Memory of Amir Pnueli, Springer, 2010, pp. 42–60."},"publication":"Time For Verification: Essays in Memory of Amir Pnueli"},{"doi":"10.4230/LIPIcs.FSTTCS.2010.1","conference":{"name":"FSTTCS: Foundations of Software Technology and Theoretical Computer Science","end_date":"2010-12-18","location":"Chennai, India","start_date":"2010-12-15"},"language":[{"iso":"eng"}],"tmp":{"name":"Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)","legal_code_url":"https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode","short":"CC BY-NC-ND (4.0)","image":"/images/cc_by_nc_nd.png"},"oa":1,"quality_controlled":"1","month":"01","author":[{"last_name":"Alur","first_name":"Rajeev","full_name":"Alur, Rajeev"},{"id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","last_name":"Cerny","first_name":"Pavol","full_name":"Cerny, Pavol"}],"volume":8,"date_created":"2018-12-11T11:46:45Z","date_updated":"2021-01-12T08:01:00Z","year":"2010","department":[{"_id":"ToHe"}],"publisher":"Schloss Dagstuhl - Leibniz-Zentrum für Informatik","publication_status":"published","publist_id":"7331","file_date_updated":"2020-07-14T12:46:35Z","license":"https://creativecommons.org/licenses/by-nc-nd/4.0/","date_published":"2010-01-01T00:00:00Z","citation":{"mla":"Alur, Rajeev, and Pavol Cerny. Expressiveness of Streaming String Transducers. Vol. 8, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2010, pp. 1–12, doi:10.4230/LIPIcs.FSTTCS.2010.1.","short":"R. Alur, P. Cerny, in:, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2010, pp. 1–12.","chicago":"Alur, Rajeev, and Pavol Cerny. “Expressiveness of Streaming String Transducers,” 8:1–12. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2010. https://doi.org/10.4230/LIPIcs.FSTTCS.2010.1.","ama":"Alur R, Cerny P. Expressiveness of streaming string transducers. In: Vol 8. Schloss Dagstuhl - Leibniz-Zentrum für Informatik; 2010:1-12. doi:10.4230/LIPIcs.FSTTCS.2010.1","ista":"Alur R, Cerny P. 2010. Expressiveness of streaming string transducers. FSTTCS: Foundations of Software Technology and Theoretical Computer Science, LIPIcs, vol. 8, 1–12.","apa":"Alur, R., & Cerny, P. (2010). Expressiveness of streaming string transducers (Vol. 8, pp. 1–12). Presented at the FSTTCS: Foundations of Software Technology and Theoretical Computer Science, Chennai, India: Schloss Dagstuhl - Leibniz-Zentrum für Informatik. https://doi.org/10.4230/LIPIcs.FSTTCS.2010.1","ieee":"R. Alur and P. Cerny, “Expressiveness of streaming string transducers,” presented at the FSTTCS: Foundations of Software Technology and Theoretical Computer Science, Chennai, India, 2010, vol. 8, pp. 1–12."},"page":"1 - 12","has_accepted_license":"1","day":"01","scopus_import":1,"pubrep_id":"948","file":[{"content_type":"application/pdf","file_size":492344,"creator":"system","file_name":"IST-2018-948-v1+1_2011_Cerny_Expressiveness_of.pdf","access_level":"open_access","date_updated":"2020-07-14T12:46:35Z","date_created":"2018-12-12T10:08:29Z","checksum":"5845be5aa19791830f7407d8853f2df0","relation":"main_file","file_id":"4690"}],"oa_version":"Published Version","user_id":"3E5EF7F0-F248-11E8-B48F-1D18A9856A87","_id":"488","intvolume":" 8","status":"public","title":"Expressiveness of streaming string transducers","ddc":["005"],"abstract":[{"lang":"eng","text":"Streaming string transducers [1] define (partial) functions from input strings to output strings. A streaming string transducer makes a single pass through the input string and uses a finite set of variables that range over strings from the output alphabet. At every step, the transducer processes an input symbol, and updates all the variables in parallel using assignments whose right-hand-sides are concatenations of output symbols and variables with the restriction that a variable can be used at most once in a right-hand-side expression. It has been shown that streaming string transducers operating on strings over infinite data domains are of interest in algorithmic verification of list-processing programs, as they lead to PSPACE decision procedures for checking pre/post conditions and for checking semantic equivalence, for a well-defined class of heap-manipulating programs. In order to understand the theoretical expressiveness of streaming transducers, we focus on streaming transducers processing strings over finite alphabets, given the existence of a robust and well-studied class of "regular" transductions for this case. Such regular transductions can be defined either by two-way deterministic finite-state transducers, or using a logical MSO-based characterization. Our main result is that the expressiveness of streaming string transducers coincides exactly with this class of regular transductions. "}],"type":"conference","alternative_title":["LIPIcs"]},{"month":"11","doi":"10.1007/978-3-642-15375-4_18","conference":{"name":"CONCUR: Concurrency Theory","start_date":"2010-08-31","location":"Paris, France","end_date":"2010-09-03"},"language":[{"iso":"eng"}],"oa":1,"project":[{"_id":"25EFB36C-B435-11E9-9278-68D0E5697425","grant_number":"215543","call_identifier":"FP7","name":"COMponent-Based Embedded Systems design Techniques"},{"name":"Design for Embedded Systems","call_identifier":"FP7","grant_number":"214373","_id":"25F1337C-B435-11E9-9278-68D0E5697425"}],"quality_controlled":"1","ec_funded":1,"publist_id":"1065","file_date_updated":"2020-07-14T12:46:28Z","related_material":{"record":[{"id":"3249","status":"public","relation":"later_version"},{"id":"5389","status":"public","relation":"earlier_version"}]},"author":[{"full_name":"Cerny, Pavol","id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","last_name":"Cerny","first_name":"Pavol"},{"orcid":"0000−0002−2985−7724","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","last_name":"Henzinger","first_name":"Thomas A","full_name":"Henzinger, Thomas A"},{"id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87","last_name":"Radhakrishna","first_name":"Arjun","full_name":"Radhakrishna, Arjun"}],"volume":6269,"date_updated":"2023-02-23T12:24:04Z","date_created":"2018-12-11T12:08:37Z","year":"2010","acknowledgement":"This work was partially supported by the European Union project COMBEST and the European Network of Excellence ArtistDesign.","publisher":"Schloss Dagstuhl - Leibniz-Zentrum für Informatik","department":[{"_id":"ToHe"}],"publication_status":"published","has_accepted_license":"1","day":"01","scopus_import":1,"date_published":"2010-11-01T00:00:00Z","citation":{"short":"P. Cerny, T.A. Henzinger, A. Radhakrishna, in:, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2010, pp. 235–268.","mla":"Cerny, Pavol, et al. Simulation Distances. Vol. 6269, Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2010, pp. 235–68, doi:10.1007/978-3-642-15375-4_18.","chicago":"Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. “Simulation Distances,” 6269:235–68. Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 2010. https://doi.org/10.1007/978-3-642-15375-4_18.","ama":"Cerny P, Henzinger TA, Radhakrishna A. Simulation distances. In: Vol 6269. Schloss Dagstuhl - Leibniz-Zentrum für Informatik; 2010:235-268. doi:10.1007/978-3-642-15375-4_18","apa":"Cerny, P., Henzinger, T. A., & Radhakrishna, A. (2010). Simulation distances (Vol. 6269, pp. 235–268). Presented at the CONCUR: Concurrency Theory, Paris, France: Schloss Dagstuhl - Leibniz-Zentrum für Informatik. https://doi.org/10.1007/978-3-642-15375-4_18","ieee":"P. Cerny, T. A. Henzinger, and A. Radhakrishna, “Simulation distances,” presented at the CONCUR: Concurrency Theory, Paris, France, 2010, vol. 6269, pp. 235–268.","ista":"Cerny P, Henzinger TA, Radhakrishna A. 2010. Simulation distances. CONCUR: Concurrency Theory, LNCS, vol. 6269, 235–268."},"page":"235 - 268","abstract":[{"text":"Boolean notions of correctness are formalized by preorders on systems. Quantitative measures of correctness can be formalized by real-valued distance functions between systems, where the distance between implementation and specification provides a measure of “fit” or “desirability.” We extend the simulation preorder to the quantitative setting, by making each player of a simulation game pay a certain price for her choices. We use the resulting games with quantitative objectives to define three different simulation distances. The correctness distance measures how much the specification must be changed in order to be satisfied by the implementation. The coverage distance measures how much the implementation restricts the degrees of freedom offered by the specification. The robustness distance measures how much a system can deviate from the implementation description without violating the specification. We consider these distances for safety as well as liveness specifications. The distances can be computed in polynomial time for safety specifications, and for liveness specifications given by weak fairness constraints. We show that the distance functions satisfy the triangle inequality, that the distance between two systems does not increase under parallel composition with a third system, and that the distance between two systems can be bounded from above and below by distances between abstractions of the two systems. These properties suggest that our simulation distances provide an appropriate basis for a quantitative theory of discrete systems. We also demonstrate how the robustness distance can be used to measure how many transmission errors are tolerated by error correcting codes.","lang":"eng"}],"type":"conference","alternative_title":["LNCS"],"pubrep_id":"42","file":[{"file_name":"IST-2012-42-v1+1_Simulation_distances.pdf","access_level":"open_access","creator":"system","content_type":"application/pdf","file_size":198913,"file_id":"5130","relation":"main_file","date_created":"2018-12-12T10:15:12Z","date_updated":"2020-07-14T12:46:28Z","checksum":"ea567903676ba8afe0507ee11313dce5"}],"oa_version":"Submitted Version","user_id":"3E5EF7F0-F248-11E8-B48F-1D18A9856A87","_id":"4393","intvolume":" 6269","title":"Simulation distances","ddc":["005"],"status":"public"},{"oa_version":"Published Version","file":[{"file_name":"IST-2010-0004_IST-2010-0004.pdf","access_level":"open_access","creator":"system","content_type":"application/pdf","file_size":429101,"file_id":"5515","relation":"main_file","date_created":"2018-12-12T11:53:53Z","date_updated":"2020-07-14T12:46:42Z","checksum":"da38782d2388a6fa32109d10bb9bad67"}],"date_created":"2018-12-12T11:39:03Z","date_updated":"2023-02-23T11:24:08Z","related_material":{"record":[{"status":"public","relation":"later_version","id":"3366"}]},"pubrep_id":"24","author":[{"first_name":"Krishnendu","last_name":"Chatterjee","id":"2E5DCA20-F248-11E8-B48F-1D18A9856A87","orcid":"0000-0002-4561-241X","full_name":"Chatterjee, Krishnendu"},{"full_name":"Cerny, Pavol","id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","first_name":"Pavol","last_name":"Cerny"},{"full_name":"Henzinger, Thomas A","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","orcid":"0000−0002−2985−7724","first_name":"Thomas A","last_name":"Henzinger"},{"full_name":"Radhakrishna, Arjun","last_name":"Radhakrishna","first_name":"Arjun","id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87"},{"last_name":"Singh","first_name":"Rohit","full_name":"Singh, Rohit"}],"publisher":"IST Austria","department":[{"_id":"KrCh"},{"_id":"ToHe"}],"publication_status":"published","ddc":["000","005"],"status":"public","title":"Quantitative synthesis for concurrent programs","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","_id":"5388","year":"2010","abstract":[{"text":"We present an algorithmic method for the synthesis of concurrent programs that are optimal with respect to quantitative performance measures. The input consists of a sequential sketch, that is, a program that does not contain synchronization constructs, and of a parametric performance model that assigns costs to actions such as locking, context switching, and idling. The quantitative synthesis problem is to automatically introduce synchronization constructs into the sequential sketch so that both correctness is guaranteed and worst-case (or average-case) performance is optimized. Correctness is formalized as race freedom or linearizability.\r\n\r\nWe show that for worst-case performance, the problem can be modeled\r\nas a 2-player graph game with quantitative (limit-average) objectives, and\r\nfor average-case performance, as a 2 1/2 -player graph game (with probabilistic transitions). In both cases, the optimal correct program is derived from an optimal strategy in the corresponding quantitative game. We prove that the respective game problems are computationally expensive (NP-complete), and present several techniques that overcome the theoretical difficulty in cases of concurrent programs of practical interest.\r\n\r\nWe have implemented a prototype tool and used it for the automatic syn- thesis of programs that access a concurrent list. For certain parameter val- ues, our method automatically synthesizes various classical synchronization schemes for implementing a concurrent list, such as fine-grained locking or a lazy algorithm. For other parameter values, a new, hybrid synchronization style is synthesized, which uses both the lazy approach and coarse-grained locks (instead of standard fine-grained locks). The trade-off occurs because while fine-grained locking tends to decrease the cost that is due to waiting for locks, it increases cache size requirements.","lang":"eng"}],"file_date_updated":"2020-07-14T12:46:42Z","alternative_title":["IST Austria Technical Report"],"type":"technical_report","language":[{"iso":"eng"}],"doi":"10.15479/AT:IST-2010-0004","date_published":"2010-10-07T00:00:00Z","page":"17","oa":1,"citation":{"mla":"Chatterjee, Krishnendu, et al. Quantitative Synthesis for Concurrent Programs. IST Austria, 2010, doi:10.15479/AT:IST-2010-0004.","short":"K. Chatterjee, P. Cerny, T.A. Henzinger, A. Radhakrishna, R. Singh, Quantitative Synthesis for Concurrent Programs, IST Austria, 2010.","chicago":"Chatterjee, Krishnendu, Pavol Cerny, Thomas A Henzinger, Arjun Radhakrishna, and Rohit Singh. Quantitative Synthesis for Concurrent Programs. IST Austria, 2010. https://doi.org/10.15479/AT:IST-2010-0004.","ama":"Chatterjee K, Cerny P, Henzinger TA, Radhakrishna A, Singh R. Quantitative Synthesis for Concurrent Programs. IST Austria; 2010. doi:10.15479/AT:IST-2010-0004","ista":"Chatterjee K, Cerny P, Henzinger TA, Radhakrishna A, Singh R. 2010. Quantitative synthesis for concurrent programs, IST Austria, 17p.","apa":"Chatterjee, K., Cerny, P., Henzinger, T. A., Radhakrishna, A., & Singh, R. (2010). Quantitative synthesis for concurrent programs. IST Austria. https://doi.org/10.15479/AT:IST-2010-0004","ieee":"K. Chatterjee, P. Cerny, T. A. Henzinger, A. Radhakrishna, and R. Singh, Quantitative synthesis for concurrent programs. IST Austria, 2010."},"publication_identifier":{"issn":["2664-1690"]},"has_accepted_license":"1","month":"10","day":"07"},{"department":[{"_id":"ToHe"}],"publisher":"IST Austria","publication_status":"published","ddc":["005"],"title":"Simulation distances","status":"public","_id":"5389","year":"2010","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","file":[{"relation":"main_file","file_id":"5547","checksum":"284ded99764e32a583a8ea83fcea254b","date_created":"2018-12-12T11:54:25Z","date_updated":"2020-07-14T12:46:42Z","access_level":"open_access","file_name":"IST-2010-0003_IST-2010-0003.pdf","content_type":"application/pdf","file_size":367246,"creator":"system"}],"oa_version":"Published Version","date_created":"2018-12-12T11:39:03Z","date_updated":"2023-02-23T12:09:16Z","related_material":{"record":[{"relation":"later_version","status":"public","id":"3249"},{"status":"public","relation":"later_version","id":"4393"}]},"pubrep_id":"25","author":[{"id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","first_name":"Pavol","last_name":"Cerny","full_name":"Cerny, Pavol"},{"full_name":"Henzinger, Thomas A","first_name":"Thomas A","last_name":"Henzinger","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","orcid":"0000−0002−2985−7724"},{"last_name":"Radhakrishna","first_name":"Arjun","id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87","full_name":"Radhakrishna, Arjun"}],"alternative_title":["IST Austria Technical Report"],"type":"technical_report","abstract":[{"text":"Boolean notions of correctness are formalized by preorders on systems. Quantitative measures of correctness can be formalized by real-valued distance functions between systems, where the distance between implementation and specification provides a measure of “fit” or “desirability.” We extend the simulation preorder to the quantitative setting, by making each player of a simulation game pay a certain price for her choices. We use the resulting games with quantitative objectives to define three different simulation distances. The correctness distance measures how much the specification must be changed in order to be satisfied by the implementation. The coverage distance measures how much the im- plementation restricts the degrees of freedom offered by the specification. The robustness distance measures how much a system can deviate from the implementation description without violating the specification. We consider these distances for safety as well as liveness specifications. The distances can be computed in polynomial time for safety specifications, and for liveness specifications given by weak fairness constraints. We show that the distance functions satisfy the triangle inequality, that the distance between two systems does not increase under parallel composition with a third system, and that the distance between two systems can be bounded from above and below by distances between abstractions of the two systems. These properties suggest that our simulation distances provide an appropriate basis for a quantitative theory of discrete systems. We also demonstrate how the robustness distance can be used to measure how many transmission errors are tolerated by error correcting codes.","lang":"eng"}],"file_date_updated":"2020-07-14T12:46:42Z","page":"24","citation":{"ista":"Cerny P, Henzinger TA, Radhakrishna A. 2010. Simulation distances, IST Austria, 24p.","ieee":"P. Cerny, T. A. Henzinger, and A. Radhakrishna, Simulation distances. IST Austria, 2010.","apa":"Cerny, P., Henzinger, T. A., & Radhakrishna, A. (2010). Simulation distances. IST Austria. https://doi.org/10.15479/AT:IST-2010-0003","ama":"Cerny P, Henzinger TA, Radhakrishna A. Simulation Distances. IST Austria; 2010. doi:10.15479/AT:IST-2010-0003","chicago":"Cerny, Pavol, Thomas A Henzinger, and Arjun Radhakrishna. Simulation Distances. IST Austria, 2010. https://doi.org/10.15479/AT:IST-2010-0003.","mla":"Cerny, Pavol, et al. Simulation Distances. IST Austria, 2010, doi:10.15479/AT:IST-2010-0003.","short":"P. Cerny, T.A. Henzinger, A. Radhakrishna, Simulation Distances, IST Austria, 2010."},"oa":1,"language":[{"iso":"eng"}],"doi":"10.15479/AT:IST-2010-0003","date_published":"2010-06-04T00:00:00Z","publication_identifier":{"issn":["2664-1690"]},"has_accepted_license":"1","month":"06","day":"04"},{"publist_id":"1066","file_date_updated":"2020-07-14T12:46:28Z","department":[{"_id":"ToHe"}],"publisher":"Springer","publication_status":"published","year":"2010","volume":6174,"date_updated":"2023-02-23T12:24:12Z","date_created":"2018-12-11T12:08:36Z","related_material":{"record":[{"status":"public","relation":"earlier_version","id":"5391"}]},"author":[{"full_name":"Cerny, Pavol","id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87","last_name":"Cerny","first_name":"Pavol"},{"full_name":"Radhakrishna, Arjun","first_name":"Arjun","last_name":"Radhakrishna","id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87"},{"full_name":"Zufferey, Damien","first_name":"Damien","last_name":"Zufferey","id":"4397AC76-F248-11E8-B48F-1D18A9856A87","orcid":"0000-0002-3197-8736"},{"full_name":"Chaudhuri, Swarat","first_name":"Swarat","last_name":"Chaudhuri"},{"last_name":"Alur","first_name":"Rajeev","full_name":"Alur, Rajeev"}],"month":"07","quality_controlled":"1","oa":1,"language":[{"iso":"eng"}],"doi":"10.1007/978-3-642-14295-6_41","conference":{"name":"CAV: Computer Aided Verification","end_date":"2010-07-17","start_date":"2010-07-15","location":"Edinburgh, UK"},"alternative_title":["LNCS"],"type":"conference","abstract":[{"lang":"eng","text":"Concurrent data structures with fine-grained synchronization are notoriously difficult to implement correctly. The difficulty of reasoning about these implementations does not stem from the number of variables or the program size, but rather from the large number of possible interleavings. These implementations are therefore prime candidates for model checking. We introduce an algorithm for verifying linearizability of singly-linked heap-based concurrent data structures. We consider a model consisting of an unbounded heap where each vertex stores an element from an unbounded data domain, with a restricted set of operations for testing and updating pointers and data elements. Our main result is that linearizability is decidable for programs that invoke a fixed number of methods, possibly in parallel. This decidable fragment covers many of the common implementation techniques — fine-grained locking, lazy synchronization, and lock-free synchronization. We also show how the technique can be used to verify optimistic implementations with the help of programmer annotations. We developed a verification tool CoLT and evaluated it on a representative sample of Java implementations of the concurrent set data structure. The tool verified linearizability of a number of implementations, found a known error in a lock-free implementation and proved that the corrected version is linearizable."}],"intvolume":" 6174","title":"Model checking of linearizability of concurrent list implementations","status":"public","ddc":["000"],"_id":"4390","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","oa_version":"Submitted Version","file":[{"creator":"dernst","content_type":"application/pdf","file_size":3633276,"access_level":"open_access","file_name":"2010_CAV_Cerny.pdf","checksum":"2eb211ce40b3c4988bce3a3592980704","date_created":"2020-05-19T16:31:56Z","date_updated":"2020-07-14T12:46:28Z","file_id":"7873","relation":"main_file"}],"pubrep_id":"27","has_accepted_license":"1","article_processing_charge":"No","day":"01","page":"465 - 479","citation":{"ama":"Cerny P, Radhakrishna A, Zufferey D, Chaudhuri S, Alur R. Model checking of linearizability of concurrent list implementations. In: Vol 6174. Springer; 2010:465-479. doi:10.1007/978-3-642-14295-6_41","apa":"Cerny, P., Radhakrishna, A., Zufferey, D., Chaudhuri, S., & Alur, R. (2010). Model checking of linearizability of concurrent list implementations (Vol. 6174, pp. 465–479). Presented at the CAV: Computer Aided Verification, Edinburgh, UK: Springer. https://doi.org/10.1007/978-3-642-14295-6_41","ieee":"P. Cerny, A. Radhakrishna, D. Zufferey, S. Chaudhuri, and R. Alur, “Model checking of linearizability of concurrent list implementations,” presented at the CAV: Computer Aided Verification, Edinburgh, UK, 2010, vol. 6174, pp. 465–479.","ista":"Cerny P, Radhakrishna A, Zufferey D, Chaudhuri S, Alur R. 2010. Model checking of linearizability of concurrent list implementations. CAV: Computer Aided Verification, LNCS, vol. 6174, 465–479.","short":"P. Cerny, A. Radhakrishna, D. Zufferey, S. Chaudhuri, R. Alur, in:, Springer, 2010, pp. 465–479.","mla":"Cerny, Pavol, et al. Model Checking of Linearizability of Concurrent List Implementations. Vol. 6174, Springer, 2010, pp. 465–79, doi:10.1007/978-3-642-14295-6_41.","chicago":"Cerny, Pavol, Arjun Radhakrishna, Damien Zufferey, Swarat Chaudhuri, and Rajeev Alur. “Model Checking of Linearizability of Concurrent List Implementations,” 6174:465–79. Springer, 2010. https://doi.org/10.1007/978-3-642-14295-6_41."},"date_published":"2010-07-01T00:00:00Z"},{"author":[{"full_name":"Cerny, Pavol","first_name":"Pavol","last_name":"Cerny","id":"4DCBEFFE-F248-11E8-B48F-1D18A9856A87"},{"full_name":"Radhakrishna, Arjun","id":"3B51CAC4-F248-11E8-B48F-1D18A9856A87","last_name":"Radhakrishna","first_name":"Arjun"},{"id":"4397AC76-F248-11E8-B48F-1D18A9856A87","orcid":"0000-0002-3197-8736","first_name":"Damien","last_name":"Zufferey","full_name":"Zufferey, Damien"},{"full_name":"Chaudhuri, Swarat","last_name":"Chaudhuri","first_name":"Swarat"},{"first_name":"Rajeev","last_name":"Alur","full_name":"Alur, Rajeev"}],"related_material":{"record":[{"id":"4390","status":"public","relation":"later_version"}]},"pubrep_id":"27","date_updated":"2023-02-23T12:09:09Z","date_created":"2018-12-12T11:39:04Z","file":[{"relation":"main_file","file_id":"5505","checksum":"986645caad7dd85a6a091488f6c646dc","date_updated":"2020-07-14T12:46:43Z","date_created":"2018-12-12T11:53:44Z","access_level":"open_access","file_name":"IST-2010-0001_IST-2010-0001.pdf","file_size":372286,"content_type":"application/pdf","creator":"system"}],"oa_version":"Published Version","_id":"5391","year":"2010","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","ddc":["004"],"title":"Model checking of linearizability of concurrent list implementations","status":"public","publication_status":"published","publisher":"IST Austria","department":[{"_id":"ToHe"}],"abstract":[{"text":"Concurrent data structures with fine-grained synchronization are notoriously difficult to implement correctly. The difficulty of reasoning about these implementations does not stem from the number of variables or the program size, but rather from the large number of possible interleavings. These implementations are therefore prime candidates for model checking. We introduce an algorithm for verifying linearizability of singly-linked heap-based concurrent data structures. We consider a model consisting of an unbounded heap where each node consists an element from an unbounded data domain, with a restricted set of operations for testing and updating pointers and data elements. Our main result is that linearizability is decidable for programs that invoke a fixed number of methods, possibly in parallel. This decidable fragment covers many of the common implementation techniques — fine-grained locking, lazy synchronization, and lock-free synchronization. We also show how the technique can be used to verify optimistic implementations with the help of programmer annotations. We developed a verification tool CoLT and evaluated it on a representative sample of Java implementations of the concurrent set data structure. The tool verified linearizability of a number of implementations, found a known error in a lock-free imple- mentation and proved that the corrected version is linearizable.","lang":"eng"}],"file_date_updated":"2020-07-14T12:46:43Z","type":"technical_report","alternative_title":["IST Austria Technical Report"],"doi":"10.15479/AT:IST-2010-0001","date_published":"2010-04-19T00:00:00Z","language":[{"iso":"eng"}],"oa":1,"citation":{"chicago":"Cerny, Pavol, Arjun Radhakrishna, Damien Zufferey, Swarat Chaudhuri, and Rajeev Alur. Model Checking of Linearizability of Concurrent List Implementations. IST Austria, 2010. https://doi.org/10.15479/AT:IST-2010-0001.","mla":"Cerny, Pavol, et al. Model Checking of Linearizability of Concurrent List Implementations. IST Austria, 2010, doi:10.15479/AT:IST-2010-0001.","short":"P. Cerny, A. Radhakrishna, D. Zufferey, S. Chaudhuri, R. Alur, Model Checking of Linearizability of Concurrent List Implementations, IST Austria, 2010.","ista":"Cerny P, Radhakrishna A, Zufferey D, Chaudhuri S, Alur R. 2010. Model checking of linearizability of concurrent list implementations, IST Austria, 27p.","ieee":"P. Cerny, A. Radhakrishna, D. Zufferey, S. Chaudhuri, and R. Alur, Model checking of linearizability of concurrent list implementations. IST Austria, 2010.","apa":"Cerny, P., Radhakrishna, A., Zufferey, D., Chaudhuri, S., & Alur, R. (2010). Model checking of linearizability of concurrent list implementations. IST Austria. https://doi.org/10.15479/AT:IST-2010-0001","ama":"Cerny P, Radhakrishna A, Zufferey D, Chaudhuri S, Alur R. Model Checking of Linearizability of Concurrent List Implementations. IST Austria; 2010. doi:10.15479/AT:IST-2010-0001"},"page":"27","month":"04","day":"19","publication_identifier":{"issn":["2664-1690"]},"has_accepted_license":"1"}]