Reactive Systems: Modelling, Specification and Verification - Cs.ioc.ee

More documents

Recommendations

Info

$Algorithmic melody composition based on fractal ... - cs.ioc.ee$

130 CHAPTER 6. HML WITH RECURSION Note that the successor configuration of (s, X) is always uniquely determined and we will denote this move by (s, X) → (s, FX). (It is suggestive to think of these moves that unwind fixed points as moves made by a referee for the game.) Simi- larly successor configurations selected by the attacker will be denoted by A → moves and those chosen by the defender by D → moves. We also notice that every play either • terminates in (s, tt) or (s, ff), or • it can be the case that the attacker (or the defender) gets stuck in the current configuration (s, [a]F ) (or (s, 〈a〉F )) whenever s a , or • the play is infinite. The following rules decide who is the winner of a play. • The attacker is a winner in every play ending in a configuration of the form (s, ff) or in a play in which the defender gets stuck. • The defender is a winner in every play ending in a configuration of the form (s, tt) or in a play in which the attacker gets stuck. • The attacker is a winner in every infinite play provided that X is defined via X min = FX; the defender is a winner in every infinite play provided that X is defined via X max = FX. Remark 6.1 The intuition for the least and largest fixed point is as follows. If X is defined as a least fixed point then the defender has to prove in finitely many rounds that the property is satisfied. If a play of the game is infinite, then the defender has failed to do so, and the attacker wins. If instead X is defined as a largest fixed point, then it is the attacker who has to disprove in finitely many rounds that the formula is satisfied. If a play of the game is infinite, then the attacker has failed to do so, and the defender wins. Theorem 6.3 [Game characterization] Let (Proc, Act, { a →| a ∈ Act}) be a labelled transition system and F a formula of Hennessy-Milner logic with one (recursively defined) variable X. Let s ∈ Proc. Then the following statements hold. • State s satisfies F if and only if the defender has a universal winning strategy starting from (s, F ). • State s does not satisfy F if and only if the attacker has a universal winning strategy starting from (s, F ).
6.4. GAME CHARACTERIZATION FOR HML WITH RECURSION 131 The proof of this result is beyond the scope of this introductory textbook. We refer the reader to (Stirling, 2001) for a proof of the above result and more information on model checking games. 6.4.1 Examples of use In this section let us consider the following labelled transition system. s b b s1 b s2 a s3 Example 6.3 We start with an example which is not using any recursively defined variable. We shall demonstrate that s |= [b](〈b〉[b]ff ∧ 〈b〉[a]ff) by defining a universal winning strategy for the defender. As remarked before, we will use A → to denote that the successor configuration was selected by the attacker and D → to denote that it was selected by the defender. The game starts from (s, [b](〈b〉[b]ff ∧ 〈b〉[a]ff)) . Because [b] is the topmost operation, the attacker selects the successor configuration and he has only one possibility, namely (s, [b](〈b〉[b]ff ∧ 〈b〉[a]ff)) A → (s1, 〈b〉[b]ff ∧ 〈b〉[a]ff) . Now the topmost operation is ∧ so the attacker has two possibilities: or (s1, 〈b〉[b]ff ∧ 〈b〉[a]ff) A → (s1, 〈b〉[b]ff) (s1, 〈b〉[b]ff ∧ 〈b〉[a]ff) A → (s1, 〈b〉[a]ff) . We have to show that the defender wins from any of these two configurations (we have to find a universal winning strategy). • From (s1, 〈b〉[b]ff) it is the defender who makes the next move; let him so play (s1, 〈b〉[b]ff) D → (s2, [b]ff). Now the attacker should continue but s2 b so he is stuck and the defender wins this play. • From (s1, 〈b〉[a]ff) it is also the defender who makes the next move; let him play (s1, 〈b〉[a]ff) D → (s, [a]ff). Now the attacker should continue but s a so he is stuck again and the defender wins this play. a
Page 1:
Reactive Systems: Modelling, Specif
Page 4 and 5:
iv CONTENTS 5 Hennessy-Milner logic
Page 7 and 8:
List of Figures 2.1 The interface f
Page 9:
List of Tables 2.1 An alternative f
Page 12 and 13:
xii PREFACE It has been very satisf
Page 14 and 15:
xiv PREFACE a textbook, and offers
Page 16 and 17:
xvi PREFACE studies in Edinburgh, a
Page 19:
Part I A classic theory of reactive
Page 22 and 23:
4 CHAPTER 1. INTRODUCTION After hav
Page 24 and 25:
6 CHAPTER 1. INTRODUCTION • softw
Page 26 and 27:
8 CHAPTER 1. INTRODUCTION prototype
Page 28 and 29:
10 CHAPTER 2. THE LANGUAGE CCS ✬
Page 30 and 31:
12 CHAPTER 2. THE LANGUAGE CCS Exer
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
18 CHAPTER 2. THE LANGUAGE CCS CS d
Page 38 and 39:
20 CHAPTER 2. THE LANGUAGE CCS Sinc
Page 40 and 41:
22 CHAPTER 2. THE LANGUAGE CCS a p
Page 42 and 43:
24 CHAPTER 2. THE LANGUAGE CCS •
Page 44 and 45:
26 CHAPTER 2. THE LANGUAGE CCS Defi
Page 46 and 47:
28 CHAPTER 2. THE LANGUAGE CCS we h
Page 48 and 49:
30 CHAPTER 2. THE LANGUAGE CCS This
Page 50 and 51:
32 CHAPTER 2. THE LANGUAGE CCS 2. D
Page 52 and 53:
34 CHAPTER 2. THE LANGUAGE CCS To b
Page 55 and 56:
Chapter 3 Behavioural equivalences
Page 57 and 58:
3.1. CRITERIA FOR A GOOD BEHAVIOURA
Page 59 and 60:
3.2. TRACE EQUIVALENCE: A FIRST ATT
Page 61 and 62:
3.3. STRONG BISIMILARITY 43 trace e
Page 63 and 64:
3.3. STRONG BISIMILARITY 45 Obvious
Page 65 and 66:
3.3. STRONG BISIMILARITY 47 So, by
Page 67 and 68:
3.3. STRONG BISIMILARITY 49 Theorem
Page 69 and 70:
3.3. STRONG BISIMILARITY 51 The imp
Page 71 and 72:
3.3. STRONG BISIMILARITY 53 Conclud
Page 73 and 74:
3.3. STRONG BISIMILARITY 55 3. the
Page 75 and 76:
3.3. STRONG BISIMILARITY 57 Recall
Page 77 and 78:
3.3. STRONG BISIMILARITY 59 B 2 0
Page 79 and 80:
3.4. WEAK BISIMILARITY 61 Is there
Page 81 and 82:
3.4. WEAK BISIMILARITY 63 Start pu
Page 83 and 84:
3.4. WEAK BISIMILARITY 65 Our order
Page 85 and 86:
3.4. WEAK BISIMILARITY 67 Send def
Page 87 and 88:
3.4. WEAK BISIMILARITY 69 Show that
Page 89 and 90:
3.4. WEAK BISIMILARITY 71 In light
Page 91 and 92:
3.5. GAME CHARACTERIZATION OF BISIM
Page 93 and 94:
CHAPTER 3.5. GAME CHARACTERIZATION
Page 95 and 96:
CHAPTER 3.5. GAME CHARACTERIZATION
Page 97 and 98: CHAPTER 3.5. GAME CHARACTERIZATION
Page 99 and 100: 3.6. FURTHER RESULTS ON EQUIVALENCE
Page 101: 3.6. FURTHER RESULTS ON EQUIVALENCE
Page 104 and 105: 86 CHAPTER 4. THEORY OF FIXED POINT
Page 119 and 120: Chapter 5 Hennessy-Milner logic In
Page 121 and 122: 103 We are interested in using the
Page 123 and 124: 105 of the one step transitions a
Page 125 and 126: 1. Decide whether the following sta
Page 127 and 128: 109 Note that logical negation is n
Page 129 and 130: 111 Another example of a process th
Page 131 and 132: a s s1 b s2 b a a t b t1 b t
Page 133 and 134: Chapter 6 Hennessy-Milner logic wit
Page 135 and 136: CHAPTER 6. HML WITH RECURSION 117 e
Page 137 and 138: CHAPTER 6. HML WITH RECURSION 119
Page 139 and 140: 6.1. EXAMPLES OF RECURSIVE PROPERTI
Page 141 and 142: 6.2. SYNTAX AND SEMANTICS OF HML WI
Page 143 and 144: 6.2. SYNTAX AND SEMANTICS OF HML WI
Page 145 and 146: 6.3. LARGEST FIXED POINTS AND INVAR
Page 147: 6.4. GAME CHARACTERIZATION FOR HML
Page 151 and 152: 6.4. GAME CHARACTERIZATION FOR HML
Page 153 and 154: 6.5. MUTUALLY RECURSIVE EQUATIONAL
Page 155 and 156: 6.5. MUTUALLY RECURSIVE EQUATIONAL
Page 157 and 158: 6.6. CHARACTERISTIC PROPERTIES 139
Page 167 and 168: 6.7. MIXING LARGEST AND LEAST FIXED
Page 173 and 174: 6.8. FURTHER RESULTS ON MODEL CHECK
Page 175 and 176: Chapter 7 Modelling and analysis of
Page 177 and 178: CHAPTER 7. MODELLING MUTUAL EXCLUSI
Page 179 and 180: CHAPTER 7. MODELLING MUTUAL EXCLUSI
Page 181 and 182: 7.1. SPECIFYING MUTUAL EXCLUSION IN
Page 183 and 184: 7.2. SPECIFYING MUTUAL EXCLUSION US
Page 185 and 186: 7.2. SPECIFYING MUTUAL EXCLUSION US
Page 187 and 188: 7.3. TESTING MUTUAL EXCLUSION 169 i
Page 189 and 190: 7.3. TESTING MUTUAL EXCLUSION 171 D
Page 191 and 192: 7.3. TESTING MUTUAL EXCLUSION 173 1
show all

Reactive Systems: Modelling, Specification and Verification - Cs.ioc.ee

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?