Reactive Systems: Modelling, Specification and Verification - Cs.ioc.ee

More documents

Recommendations

Info

$Algorithmic melody composition based on fractal ... - cs.ioc.ee$

80 CHAPTER 3.5. GAME CHARACTERIZATION OF BISIMILARITY We remind the reader of the fact that, in the weak bisimulation game from the current configuration (s, t), if the attacker chooses a move under the silent action τ (let us say s τ → s ′ ) then the defender can (as one possibility) simply answer by doing ‘nothing’, i.e., by idling in the state t (as we always have t τ ⇒ t). In that case, the current configuration becomes (s ′ , t). Again, the notions of play and universal winning strategy in the weak bisimulation game are best explained by means of an example. Example 3.8 Consider the following transition system. s a τ s1 t1 b a a a s2 s3 t2 τ t3 We will show that s ≈ t by defining a universal winning strategy for the attacker in the weak bisimulation game from (s, t). In the first round, the attacker selects the left-hand side and action a, and plays the move s a → s1. The defender has three possible moves to answer: (i) t a ⇒ t2 via t1, (ii) t a ⇒ t2 via t1 and t3, and (iii) t a ⇒ t3 via t1. In case (i) and (ii) the current configuration becomes (s1, t2) and in case (iii) it becomes (s1, t3). From the configuration (s1, t2) the attacker wins by playing s1 b → s3, and the defender loses because t2 b . From the configuration (s1, t3) the attacker plays the τ-move from the right- τ τ hand side: t3 → t2. Defender’s only answer from s1 is s1 ⇒ s1 because no τ actions are enabled from s1. The current configuration becomes (s1, t2) and, as argued above, the attacker has a winning strategy from this pair. This concludes the proof and shows that s ≈ t because we found a universal winning strategy for the attacker. Exercise 3.41 In the weak bisimulation game the attacker is allowed to use a → moves for the attacks, and the defender can use a ⇒ moves in response. Argue that if we modify the rules of the game so that the attacker can also use moves of the form a ⇒ then this does not provide any additional power for the attacker. Conclude that both versions of the game provide the same answer about bisimilarity/nonbisimilarity of two processes. a t4 t b t5
3.6. FURTHER RESULTS ON EQUIVALENCE CHECKING 81 3.6 Further results on equivalence checking In the following few paragraphs we shall provide an overview of a number of interesting results achieved within concurrency theory in the area of equivalence checking. We shall also provide pointers to selected references in the literature that the interested readers may wish to consult for further independent study. The first class of systems we consider is the one generated by CCS processes which have finitely many reachable states and finitely many transitions only. Such systems, usually called regular, can simply be viewed as labelled transition systems with a finite set of states and finitely many transitions. For a labelled transition system with n states and m transitions, strong bisimilarity between any two given states is decidable in deterministic polynomial time—more precisely in O(nm) time (Kanellakis and Smolka, 1990). This result by Kanellakis and Smolka was subsequently improved upon by Paige and Tarjan who devised an algorithm that runs in O(m log n) time (Paige and Tarjan, 1987). This is in strong contrast with the complexity of deciding language equivalence, where the problem is known to be PSPACE-complete (Hunt, Rosenkrantz and Szymanski, 1976). By way of further comparison, we recall that deciding strong bisimilarity between finite labelled transition systems is P-complete (Balcázar, Gabarró and Santha, 1992)—this means that it is one of the ‘hardest problems’ in the class P of problems solvable in polynomial time. (P-complete problems are of interest because they appear to lack highly parallel solutions. See, for instance, the book (Greenlaw, Hoover and Ruzzo, 1995).) We remind the reader that the aforementioned complexity results for finite labelled transition systems are valid if the size of the input problem is measured as the number of states plus the number of transitions in the input labelled transition system. If we assume that the size of the input is the length of the CCS equations that describe a finite transition system, then we face the so called state explosion problem because relatively short CCS definitions can generate exponentially large labelled transition systems. (For example, you should be able to convince yourselves that the labelled transition system associated with the CCS expression a1.0 | a2.0 | · · · | an.0 has 2 n states.) In this case the strong bisimilarity checking problem becomes EXPTIME-complete (Laroussinie and Schnoebelen, 2000)—this means that it is one of the ‘hardest problems’ in the class EXPTIME of problems solvable in exponential time using deterministic algorithms. The problem of checking observational equivalence (weak bisimilarity) over finite labelled transition systems can be reduced to that of checking strong bisimilarity using a technique called saturation. Intuitively, saturation amounts to
Page 1:
Reactive Systems: Modelling, Specif
Page 4 and 5:
iv CONTENTS 5 Hennessy-Milner logic
Page 7 and 8:
List of Figures 2.1 The interface f
Page 9:
List of Tables 2.1 An alternative f
Page 12 and 13:
xii PREFACE It has been very satisf
Page 14 and 15:
xiv PREFACE a textbook, and offers
Page 16 and 17:
xvi PREFACE studies in Edinburgh, a
Page 19:
Part I A classic theory of reactive
Page 22 and 23:
4 CHAPTER 1. INTRODUCTION After hav
Page 24 and 25:
6 CHAPTER 1. INTRODUCTION • softw
Page 26 and 27:
8 CHAPTER 1. INTRODUCTION prototype
Page 28 and 29:
10 CHAPTER 2. THE LANGUAGE CCS ✬
Page 30 and 31:
12 CHAPTER 2. THE LANGUAGE CCS Exer
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
18 CHAPTER 2. THE LANGUAGE CCS CS d
Page 38 and 39:
20 CHAPTER 2. THE LANGUAGE CCS Sinc
Page 40 and 41:
22 CHAPTER 2. THE LANGUAGE CCS a p
Page 42 and 43:
24 CHAPTER 2. THE LANGUAGE CCS •
Page 44 and 45:
26 CHAPTER 2. THE LANGUAGE CCS Defi
Page 46 and 47:
28 CHAPTER 2. THE LANGUAGE CCS we h
Page 48 and 49: 30 CHAPTER 2. THE LANGUAGE CCS This
Page 50 and 51: 32 CHAPTER 2. THE LANGUAGE CCS 2. D
Page 52 and 53: 34 CHAPTER 2. THE LANGUAGE CCS To b
Page 55 and 56: Chapter 3 Behavioural equivalences
Page 57 and 58: 3.1. CRITERIA FOR A GOOD BEHAVIOURA
Page 59 and 60: 3.2. TRACE EQUIVALENCE: A FIRST ATT
Page 61 and 62: 3.3. STRONG BISIMILARITY 43 trace e
Page 63 and 64: 3.3. STRONG BISIMILARITY 45 Obvious
Page 65 and 66: 3.3. STRONG BISIMILARITY 47 So, by
Page 67 and 68: 3.3. STRONG BISIMILARITY 49 Theorem
Page 69 and 70: 3.3. STRONG BISIMILARITY 51 The imp
Page 71 and 72: 3.3. STRONG BISIMILARITY 53 Conclud
Page 73 and 74: 3.3. STRONG BISIMILARITY 55 3. the
Page 75 and 76: 3.3. STRONG BISIMILARITY 57 Recall
Page 77 and 78: 3.3. STRONG BISIMILARITY 59 B 2 0
Page 79 and 80: 3.4. WEAK BISIMILARITY 61 Is there
Page 81 and 82: 3.4. WEAK BISIMILARITY 63 Start pu
Page 83 and 84: 3.4. WEAK BISIMILARITY 65 Our order
Page 85 and 86: 3.4. WEAK BISIMILARITY 67 Send def
Page 87 and 88: 3.4. WEAK BISIMILARITY 69 Show that
Page 89 and 90: 3.4. WEAK BISIMILARITY 71 In light
Page 91 and 92: 3.5. GAME CHARACTERIZATION OF BISIM
Page 93 and 94: CHAPTER 3.5. GAME CHARACTERIZATION
Page 95 and 96: CHAPTER 3.5. GAME CHARACTERIZATION
Page 97: CHAPTER 3.5. GAME CHARACTERIZATION
Page 101: 3.6. FURTHER RESULTS ON EQUIVALENCE
Page 104 and 105: 86 CHAPTER 4. THEORY OF FIXED POINT
Page 119 and 120: Chapter 5 Hennessy-Milner logic In
Page 121 and 122: 103 We are interested in using the
Page 123 and 124: 105 of the one step transitions a
Page 125 and 126: 1. Decide whether the following sta
Page 127 and 128: 109 Note that logical negation is n
Page 129 and 130: 111 Another example of a process th
Page 131 and 132: a s s1 b s2 b a a t b t1 b t
Page 133 and 134: Chapter 6 Hennessy-Milner logic wit
Page 135 and 136: CHAPTER 6. HML WITH RECURSION 117 e
Page 137 and 138: CHAPTER 6. HML WITH RECURSION 119
Page 139 and 140: 6.1. EXAMPLES OF RECURSIVE PROPERTI
Page 141 and 142: 6.2. SYNTAX AND SEMANTICS OF HML WI
Page 143 and 144: 6.2. SYNTAX AND SEMANTICS OF HML WI
Page 145 and 146: 6.3. LARGEST FIXED POINTS AND INVAR
Page 147 and 148: 6.4. GAME CHARACTERIZATION FOR HML
Page 149 and 150:
6.4. GAME CHARACTERIZATION FOR HML
Page 151 and 152:
6.4. GAME CHARACTERIZATION FOR HML
Page 153 and 154:
6.5. MUTUALLY RECURSIVE EQUATIONAL
Page 155 and 156:
6.5. MUTUALLY RECURSIVE EQUATIONAL
Page 157 and 158:
6.6. CHARACTERISTIC PROPERTIES 139
Page 159 and 160:
Page 161 and 162:
Page 163 and 164:
Page 165 and 166:
Page 167 and 168:
6.7. MIXING LARGEST AND LEAST FIXED
Page 169 and 170:
Page 171 and 172:
Page 173 and 174:
6.8. FURTHER RESULTS ON MODEL CHECK
Page 175 and 176:
Chapter 7 Modelling and analysis of
Page 177 and 178:
CHAPTER 7. MODELLING MUTUAL EXCLUSI
Page 179 and 180:
CHAPTER 7. MODELLING MUTUAL EXCLUSI
Page 181 and 182:
7.1. SPECIFYING MUTUAL EXCLUSION IN
Page 183 and 184:
7.2. SPECIFYING MUTUAL EXCLUSION US
Page 185 and 186:
7.2. SPECIFYING MUTUAL EXCLUSION US
Page 187 and 188:
7.3. TESTING MUTUAL EXCLUSION 169 i
Page 189 and 190:
7.3. TESTING MUTUAL EXCLUSION 171 D
Page 191 and 192:
7.3. TESTING MUTUAL EXCLUSION 173 1
show all

Reactive Systems: Modelling, Specification and Verification - Cs.ioc.ee

Create successful ePaper yourself

Delete template?

Save as template?