Reactive Systems: Modelling, Specification and Verification - Cs.ioc.ee

More documents

Recommendations

Info

$Algorithmic melody composition based on fractal ... - cs.ioc.ee$

128 CHAPTER 6. HML WITH RECURSION Inv ⊆ FIX I: To prove this inclusion it is sufficient to show that Inv ⊆ I(Inv) (Why?). To this end, let p ∈ Inv. Then, for all σ ∈ Act ∗ and p ′ ∈ Proc, p σ → p ′ implies that p ′ ∈ [F ] . (6.7) We must establish that p ∈ I(Inv), or equivalently that p ∈ [F ] and that p ∈ [·Act·]Inv. We obtain the first one of these two statements by taking σ = ε in (6.7) because p ε → p always holds. To prove that p ∈ [·Act·]Inv, we have to show that, for each process p ′ and action a, p a → p ′ implies p ′ ∈ Inv. This is equivalent to proving that, for each sequence of actions σ ′ and process p ′′ , p a → p ′ and p ′ σ′ → p ′′ imply p ′′ ∈ [F ]. However, this follows immediately by letting σ = aσ ′ in (6.7). FIX I ⊆ Inv: First we note that, since FIX I is a fixed point of I, it holds that FIX I = [F ] ∩ [·Act·]FIX I . (6.8) To prove that FIX I ⊆ Inv, assume that p ∈ FIX I and that p σ → p ′ . We shall show that p ′ ∈ [F ] by induction on |σ|, the length of σ. Base case σ = ε: Then p = p ′ and therefore, by (6.8) and our assumption that p ∈ FIX I, it holds that p ′ ∈ [F ], which was to be shown. Inductive step σ = aσ ′ : Then p a → p ′′ σ′ → p ′ for some p ′′ . By (6.8) and our assumption that p ∈ FIX I, it follows that p ′′ ∈ FIX I. As |σ ′ | < |σ| and p ′′ ∈ FIX I, by the induction hypothesis we may conclude that p ′ ∈ [F ], which was to be shown. This completes the proof of the second inclusion. The proof of the theorem is now complete. ✷ 6.4 A game characterization for HML with recursion Let us recall the definition of Hennessy-Milner logic with one recursively defined variable X. The formulae are defined using the following abstract syntax F ::= X | tt | ff | F1 ∧ F2 | F1 ∨ F2 | 〈a〉F | [a]F ,
6.4. GAME CHARACTERIZATION FOR HML WITH RECURSION 129 where a ∈ Act and there is exactly one defining equation for the variable X, which is of the form or X min = FX X max = FX , where FX is a formula of the logic which may contain occurrences of the variable X. Let (Proc, Act, { a →| a ∈ Act}) be a labelled transition system and F a formula of Hennessy-Milner logic with one (recursively defined) variable X. Let s ∈ Proc. We shall describe a game between an ‘attacker’ and a ‘defender’ which has the following goal: • the attacker is aiming to prove that s |= F , while • the defender is aiming to prove that s |= F . The configurations of the game are pairs of the form (s, F ) where s ∈ Proc and F is a formula of Hennessy-Milner logic with one variable X. For every configuration we define the following successor configurations according to the structure of the formula F (here s is ranging over Proc): • (s, tt) and (s, ff) have no successor configurations, • (s, F1 ∧F2) and (s, F1 ∨F2) both have two successor configurations, namely (s, F1) and (s, F2), • (s, 〈a〉F ) and (s, [a]F ) both have the successor configurations (s ′ , F ) for every s ′ such that s a → s ′ , and • (s, X) has only one successor configuration (s, FX), where X is defined via the equation X max = FX or X min = FX. A play of the game starting from (s, F ) is a maximal sequence of configurations formed by the players according to the following rules. • The attacker picks a successor configuration for every current configuration of the form (s, F1 ∧ F2) and (s, [a]F ). • The defender picks a successor configuration for every current configuration of the form (s, F1 ∨ F2) and (s, 〈a〉F ).
Page 1:
Reactive Systems: Modelling, Specif
Page 4 and 5:
iv CONTENTS 5 Hennessy-Milner logic
Page 7 and 8:
List of Figures 2.1 The interface f
Page 9:
List of Tables 2.1 An alternative f
Page 12 and 13:
xii PREFACE It has been very satisf
Page 14 and 15:
xiv PREFACE a textbook, and offers
Page 16 and 17:
xvi PREFACE studies in Edinburgh, a
Page 19:
Part I A classic theory of reactive
Page 22 and 23:
4 CHAPTER 1. INTRODUCTION After hav
Page 24 and 25:
6 CHAPTER 1. INTRODUCTION • softw
Page 26 and 27:
8 CHAPTER 1. INTRODUCTION prototype
Page 28 and 29:
10 CHAPTER 2. THE LANGUAGE CCS ✬
Page 30 and 31:
12 CHAPTER 2. THE LANGUAGE CCS Exer
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
18 CHAPTER 2. THE LANGUAGE CCS CS d
Page 38 and 39:
20 CHAPTER 2. THE LANGUAGE CCS Sinc
Page 40 and 41:
22 CHAPTER 2. THE LANGUAGE CCS a p
Page 42 and 43:
24 CHAPTER 2. THE LANGUAGE CCS •
Page 44 and 45:
26 CHAPTER 2. THE LANGUAGE CCS Defi
Page 46 and 47:
28 CHAPTER 2. THE LANGUAGE CCS we h
Page 48 and 49:
30 CHAPTER 2. THE LANGUAGE CCS This
Page 50 and 51:
32 CHAPTER 2. THE LANGUAGE CCS 2. D
Page 52 and 53:
34 CHAPTER 2. THE LANGUAGE CCS To b
Page 55 and 56:
Chapter 3 Behavioural equivalences
Page 57 and 58:
3.1. CRITERIA FOR A GOOD BEHAVIOURA
Page 59 and 60:
3.2. TRACE EQUIVALENCE: A FIRST ATT
Page 61 and 62:
3.3. STRONG BISIMILARITY 43 trace e
Page 63 and 64:
3.3. STRONG BISIMILARITY 45 Obvious
Page 65 and 66:
3.3. STRONG BISIMILARITY 47 So, by
Page 67 and 68:
3.3. STRONG BISIMILARITY 49 Theorem
Page 69 and 70:
3.3. STRONG BISIMILARITY 51 The imp
Page 71 and 72:
3.3. STRONG BISIMILARITY 53 Conclud
Page 73 and 74:
3.3. STRONG BISIMILARITY 55 3. the
Page 75 and 76:
3.3. STRONG BISIMILARITY 57 Recall
Page 77 and 78:
3.3. STRONG BISIMILARITY 59 B 2 0
Page 79 and 80:
3.4. WEAK BISIMILARITY 61 Is there
Page 81 and 82:
3.4. WEAK BISIMILARITY 63 Start pu
Page 83 and 84:
3.4. WEAK BISIMILARITY 65 Our order
Page 85 and 86:
3.4. WEAK BISIMILARITY 67 Send def
Page 87 and 88:
3.4. WEAK BISIMILARITY 69 Show that
Page 89 and 90:
3.4. WEAK BISIMILARITY 71 In light
Page 91 and 92:
3.5. GAME CHARACTERIZATION OF BISIM
Page 93 and 94:
CHAPTER 3.5. GAME CHARACTERIZATION
Page 95 and 96: CHAPTER 3.5. GAME CHARACTERIZATION
Page 97 and 98: CHAPTER 3.5. GAME CHARACTERIZATION
Page 99 and 100: 3.6. FURTHER RESULTS ON EQUIVALENCE
Page 101: 3.6. FURTHER RESULTS ON EQUIVALENCE
Page 104 and 105: 86 CHAPTER 4. THEORY OF FIXED POINT
Page 119 and 120: Chapter 5 Hennessy-Milner logic In
Page 121 and 122: 103 We are interested in using the
Page 123 and 124: 105 of the one step transitions a
Page 125 and 126: 1. Decide whether the following sta
Page 127 and 128: 109 Note that logical negation is n
Page 129 and 130: 111 Another example of a process th
Page 131 and 132: a s s1 b s2 b a a t b t1 b t
Page 133 and 134: Chapter 6 Hennessy-Milner logic wit
Page 135 and 136: CHAPTER 6. HML WITH RECURSION 117 e
Page 137 and 138: CHAPTER 6. HML WITH RECURSION 119
Page 139 and 140: 6.1. EXAMPLES OF RECURSIVE PROPERTI
Page 141 and 142: 6.2. SYNTAX AND SEMANTICS OF HML WI
Page 143 and 144: 6.2. SYNTAX AND SEMANTICS OF HML WI
Page 145: 6.3. LARGEST FIXED POINTS AND INVAR
Page 149 and 150: 6.4. GAME CHARACTERIZATION FOR HML
Page 151 and 152: 6.4. GAME CHARACTERIZATION FOR HML
Page 153 and 154: 6.5. MUTUALLY RECURSIVE EQUATIONAL
Page 155 and 156: 6.5. MUTUALLY RECURSIVE EQUATIONAL
Page 157 and 158: 6.6. CHARACTERISTIC PROPERTIES 139
Page 167 and 168: 6.7. MIXING LARGEST AND LEAST FIXED
Page 173 and 174: 6.8. FURTHER RESULTS ON MODEL CHECK
Page 175 and 176: Chapter 7 Modelling and analysis of
Page 177 and 178: CHAPTER 7. MODELLING MUTUAL EXCLUSI
Page 179 and 180: CHAPTER 7. MODELLING MUTUAL EXCLUSI
Page 181 and 182: 7.1. SPECIFYING MUTUAL EXCLUSION IN
Page 183 and 184: 7.2. SPECIFYING MUTUAL EXCLUSION US
Page 185 and 186: 7.2. SPECIFYING MUTUAL EXCLUSION US
Page 187 and 188: 7.3. TESTING MUTUAL EXCLUSION 169 i
Page 189 and 190: 7.3. TESTING MUTUAL EXCLUSION 171 D
Page 191 and 192: 7.3. TESTING MUTUAL EXCLUSION 173 1
show all

Reactive Systems: Modelling, Specification and Verification - Cs.ioc.ee

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?