Reactive Systems A reactive system comprises networks of computing components, achieving theirgoalsthroughinteractionamongthemselvesandtheirenvironment.Thus even relatively small systems may exhibit unexpectedly complex behaviours. As, moreover, reactive systems are often used in safety critical systems, the needformathematicallybasedformalmethodologyisincreasinglyimportant. There are many books that look at particular methodologies for such sys- tems.Thisbookoffersamorebalancedintroductionforgraduatestudentsand describes the various approaches, their strengths and weaknesses and when theyarebestused.Milner’sCCSanditsoperationalsemanticsareintroduced, together with the notions of behavioural equivalences based on bisimulation techniquesandwithrecursiveextensionsofHennessy-Milnerlogic.Inthesec- ondpartofthebookthepresentedtheoriesareextendedtotaketimingissues intoaccount.ThebookhasarisenfromvariouscoursestaughtinDenmarkand Icelandandisdesignedtogivestudentsabroadintroductiontothearea,with exercisesthroughout. LUCA ACETO is Professor of Computer Science at Reykjav´ık University, Iceland,andAalborgUniversity,Denmark. ANNA INGO´LFSDO´TTIR is Professor of Computer Science at Reykjav´ık University,Iceland,andAalborgUniversity,Denmark. KIM G. LARSEN is Professor of Computer Science at Aalborg University, Denmark,andTwenteUniversity,TheNetherlands. JIRˇ´I SRBAisAssociateProfessorinComputerScienceatAalborgUniversity, Denmark. ‘Many modern-day computing systems are reactive in nature; they persist indefinitely, respondingtotheinteractionsofusers,andupdatingtheirinternalstructuresaccordingly. Overthelasttwodecades,aneleganttheoryofthesereactivesystemshasemerged,andis beingincreasinglyappliedinindustrialsettings. And at last we have an accessible textbook for this area, written by a team who have played a central role in the development of the underlying theory, and the software tools whichareessentialtoitssuccessfulapplication.Ittreatsbothtimedanduntimedsystems and,althoughtheunderlyingtheoryiscarefullyandmethodicallyexplained,themaintrust of the book is to engage students with the material via a wealth of thought-provoking examples. Theclarityoftheexpositionisexceptional;itpresentstheessentialideasclearly,avoid- ing unnecessary detail, but at the same time has well-chosen pointers to more advanced concepts.Thebookisdestinedtobecomethestandardtextbookforreactivesystems.’ MatthewHennessy,SussexUniversity ‘Amustforanybodyinterestedinformalanalysistechniquesforcomputingsystems.’ WanFokkink,VrijeUniversiteitAmsterdam ‘Thisbookisagentleintroductiontothebasicsoftheoriesofinteractivesystemsthatstarts withanintroductiontoCCSanditssemantictheoryandthenmovestointroducingmodal logics and timed models of concurrency. By means of a number of small but intriguing examples and by using software tools based on sound theoretical principles, it leads the reader to appreciating and mastering a number of process algebra-based techniques that arealsohavingagreatimpactoutsideacademiccircles. Theauthors have managed toconcentrate theirexpertise,enthusiasmand pedagogical abilityinlessthan300pages.Thepresentationisveryclearandconveyssufficientintuition tomakethebookappropriatealsoforstudentswithlimitedmathematicalbackground.An excellentadvancedundergraduatetext.’ RoccoDeNicola,Universita´ diFirenze ‘Thisbookoffersanintroductiontomodel-basedverificationofreactivesystems,atech- nologythatisessentialtoallIT-developersofthefuture,giventheglobaltrendininforma- tiontechnologytowardsubiquitouscomputing. Thebookisuniqueinitspedagogicalstyle,introducingtherequiredtheory(ofmodels andspecificationformalismsforreactivesystems)motivatedcarefullywithitsapplications (inthedevelopment and useofautomated verification toolsinpractice),and writtenasa textbookthatcanbeusedreadilyatmanydifferentlevelsofIT-relatedcurricula.’ MogensNielsen,AarhusUniversity Reactive Systems Modelling, Specification and Verification Luca Aceto1 2 Anna Ingo´lfsdo´ttir1 2 Kim G. Larsen1 Jiˇr´ı Srba1 1DepartmentofComputerScience,AalborgUniversity,9220AalborgØ,Denmark 2DepartmentofComputerScience,SchoolofScienceandEngineering,Reykjav´ıkUniversity,Iceland CAMBRIDGEUNIVERSITYPRESS Cambridge, New York, Melbourne, Madrid, Cape Town, Singapore, São Paulo Cambridge University Press The Edinburgh Building, Cambridge CB28RU, UK Published in the United States of America by Cambridge University Press, New York www.cambridge.org Information on this title: www.cambridge.org/9780521875462 © L. Aceto, A. Ingolfsdottir, K. G. Larsen and J. Srba 2007 This publication is in copyright. Subject to statutory exception and to the provision of relevant collective licensing agreements, no reproduction of any part may take place without the written permission of Cambridge University Press. First published in print format 2007 ISBN-13 978-0-511-33535-8 eBook (NetLibrary) ISBN-10 0-511-33535-0 eBook (NetLibrary) ISBN-13 978-0-521-87546-2 hardback ISBN-10 0-521-87546-3 hardback Cambridge University Press has no responsibility for the persistence or accuracy of urls for external or third-party internet websites referred to in this publication, and does not guarantee that any content on such websites is, or will remain, accurate or appropriate. Contents Figuresandtables pageviii Preface x I A Classic Theory of Reactive Systems 1 1 Introduction 1 Aimsofthisbook 1 1.1 Whatarereactivesystems? 2 1.2 Processalgebras 5 2 ThelanguageCCS 7 2.1 SomeCCSprocessconstructions 7 2.2 CCS,formally 16 3 Behaviouralequivalences 31 3.1 Criteriaforgoodbehaviouralequivalence 31 3.2 Traceequivalence:afirstattempt 34 3.3 Strongbisimilarity 36 3.4 Weakbisimilarity 53 3.5 Gamecharacterizationofbisimilarity 65 3.6 Furtherresultsonequivalencechecking 72 4 Theoryoffixedpointsandbisimulationequivalence 75 4.1 Posetsandcompletelattices 75 4.2 Tarski’sfixedpointtheorem 78 4.3 Bisimulationasafixedpoint 85 5 Hennessy–Milnerlogic 89 5.1 IntroductiontoHennessy–Milnerlogic 89 5.2 Hennessy–Milnertheorem 98 v vi Contents 6 HMLwithrecursion 102 Introduction 102 6.1 Examplesofrecursiveproperties 107 6.2 SyntaxandsemanticsofHMLwithrecursion 109 6.3 Largestfixedpointsandinvariantproperties 113 6.4 AgamecharacterizationforHMLwithrecursion 115 6.5 Mutuallyrecursiveequationalsystems 120 6.6 Characteristicproperties 125 6.7 Mixinglargestandleastfixedpoints 134 6.8 Furtherresultsonmodelchecking 139 7 Modellingmutualexclusionalgorithms 142 Introduction 142 7.1 SpecifyingmutualexclusioninHML 147 7.2 SpecifyingmutualexclusionusingCCSitself 149 7.3 Testingmutualexclusion 152 II A Theory of Real-time Systems 159 8 Introduction 159 8.1 Real-timereactivesystems 159 9 CCSwithtimedelays 161 9.1 Intuition 161 9.2 Timedlabelledtransitionsystems 163 9.3 SyntaxandSOSrulesoftimedCCS 165 9.4 Parallelcomposition 169 9.5 Othertimedprocessalgebrasanddiscussion 173 10 Timedautomata 175 10.1 Motivation 175 10.2 Syntaxoftimedautomata 176 10.3 Semanticsoftimedautomata 180 10.4 Networksoftimedautomata 185 10.5 Moreontimed-automataformalisms 190 11 Timedbehaviouralequivalences 193 11.1 Timedanduntimedtraceequivalence 193 11.2 Timedanduntimedbisimilarity 195 11.3 Weaktimedbisimilarity 200 11.4 Regiongraphs 203 11.5 Zonesandreachabilitygraphs 214 11.6 Furtherresultsontimedequivalences 218 Contents vii 12 Hennessy–Milnerlogicwithtime 220 Introduction 220 12.1 Basiclogic 221 12.2 Hennessy–Milnerlogicwithtimeandregions 229 12.3 TimedbisimilarityversusHMLwithtime 232 12.4 RecursioninHMLwithtime 237 12.5 Moreontimedlogics 246 13 ModellingandanalysisofFischer’salgorithm 248 Introduction 248 13.1 Mutualexclusionusingtiming 250 13.2 ModellingFischer’salgorithm 251 13.3 Furtherexercisesontiming-basedmutualexclusionalgorithms 258 AppendixA Suggestionsforstudentprojects 261 A.1 Alternating-bitprotocol 261 A.2 Gossipinggirls 262 A.3 Implementationofregions 263 References 267 Index 281 Figures and tables Figures 2.1 TheinterfacefortheprocessCS. page8 2.2 TheinterfacefortheprocessCM|CS. 10 2.3 TheinterfacefortheprocessCM|CS|CS(cid:1). 11 2.4 TheinterfacefortheprocessCM|CS|CM(cid:1). 12 2.5 TheinterfacefortheprocessSmUni|CS(cid:1). 13 2.6 Labelledtransitionsystemwithinitialstatep. 19 3.1 P RQimpliesthatC[P]RC[Q]. 33 3.2 AbisimulationshowingthatB2 ∼ B1 | B1. 51 0 0 0 3.3 Thepossiblebehavioursof(CM |CS)\{coin,coffee}. 55 b 6.1 Twoprocesses,pandq. 103 6.2 Aprocess. 109 6.3 Theprocessespandp . 127 i 6.4 Thecoffeemachinegkm. 128 6.5 Simpleinfiniteprocessp. 130 10.1 Lightswitch. 176 10.2 Clockconstraint. 182 10.3 AsmallJobshop. 183 10.4 Thelazyworkerandhisdemandingemployer. 189 11.1 Asimpletimedautomaton. 204 11.2 PartitioningofthevaluationsfortheautomatoninFigure11.1. 205 11.3 SymbolicexplorationofthetimedautomatoninFigure11.1. 217 12.1 Asimpletimedautomaton. 225 12.2 Regionsforc = 2andc = 3. 231 x y 13.1 ThetimedautomatonA forprocessi. 251 i viii Listoffiguresandtables ix 13.2 ErroneoustimedautomatonAw forprocessi. 256 i A.1 Someofthe18regionswhenC = {x,y}andc = c = 1. 264 x y A.2 ListrepresentationofsomeoftheregionsinFigureA.1. 265 A.3 Asimpletimedautomaton. 266 Tables 2.1 AnalternativeformulationfortheprocessCS page14 2.2 SOSrulesforCCS(α ∈ Act,a ∈ L) 24 3.1 Thesender,receiverandmediumin(3.8) 59 9.1 SOSrulesforTCCS(d,d(cid:1) ∈ R≥0) 167
Description: