Specification Formalisms for LTSs Xinxin Liu Institute of Software - - PowerPoint PPT Presentation

1

Specification Formalisms for LTSs Xinxin Liu

Institute of Software Chinese Academy of Sciences BASICS2009

2

Outline:

• 1. Background
• 2. Issues in specification formalisms
• 3. Some specification formalisms
• 4. HML with single alternation of simultaneous recursive definitions
• 5. Conclusion

3

Stepwise refinement:

S1 ⊲ S2 . . . ⊲ Sn, and P impliments Sn

Programs: states in a LTS

P, Act, − →

Specifications: describe properties that some programs should satisfy

4

A specification formalism (for P, Act, −

→) consists of | =, S

where

S: a set (of specifications) | =: a binary relation on P × S (the satisfaction

relation)

5

Read P |

= S as

”P satisfies (is an implementation of) S”

S describes a set of states in the LTS, i.e. {P ∈ P | P | = S}

6

Logical specification formalisms: Hennessy-Milner Logic,

µ-Calculus,. . . | =, L

Transitional specification formalisms:

∼, P, ≈, P, ≈b, P, . . .

7

Outline:

• 1. Background
• 2. Issues in specification formalisms
• 3. Some specification formalisms
• 4. HML with single alternation of simultaneous recursive definitions
• 5. Conclusion

8

• 1. Given P and S, does it hold that P |

= S?

(model checking)

• 2. Given a property (set of states), can it be expressed as

a specification?(expressiveness)

• 3. Are the properties expressible in one formalism always

expressible in another? (relative expressiveness)

9

• 4. Whether a given spec is implementable at all?

(consistency check) If it is, how to construct an implementation? (model synthesis)

• 5. Given S1, S2, does S1 ⊳ S2 hold in the sense that the

implementations of S1 are also implementations of S2? (refinement analysis)

10

• 6. Given a process context C and a spec S let

sop(C, S) = {C[P] | P | = S} wip(C, S) = {P | C[P] | = S}

are there specs for sop(C, S) (compositionality) and wip(C, S) (decompositionality) A refinement step:

sop(C, wip(C, S)) ⊳ S

11

Outline:

• 1. Background
• 2. Issues in specification formalisms
• 3. Some specification formalisms
• 4. HML with single alternation of simultaneous recursive definitions
• 5. Conclusion

12

µ-Calculus

F ::= tt ff X F ∧ F F ∨ F [a]F aF µX.F νX.F

⋄ very expressive:

be able to express regular properties for finite state process Q, there exists F ≡

Q such that

P ≡ Q if and only if P | = F ≡

Q

⋄ good decompositionality:

{P ∈ P | C[P] | = F} can be expressed for any F and for C

from a big class of contexts

13

⋄ consistency check and model synthesis:

EXPTIME-complete [Street&Emerson 89, Walukiewicz 95]

⋄ refinement analysis:

F1 ⊳ F2 ⇔ F1 ∨ F2 is satisfied by all P ∈ P ⇔ F1 ∧ F2 is not satisfiable (inconsistent) reduces refinement analysis to consistency check.

14

Generalizing transitional specification formalisms —- Modal Transition Systems (MTS) [Larsen&Thomsen 88]:

M = S, Act, − →A, − →R,

where −

→R⊆− →A⊆ S × Act × S.

Define |

= to be the largest relation on P × S such that

whenever P |

= S then the following holds:

• 1. P

a

− → P ′ ⇒ S

a

− →A S′ for some S′ with P ′ | = S′;

• 2. S

a

− →R S′ ⇒ P

a

− → P ′ for some P ′ with P ′ | = S′.

15

Example: Let S, U be two specifications where

S

a1

− →R S, S

a1

− →A S, S

a2

− →A S, and

for all a ∈ Act, U

a

− →A U, U − →R .

Let

A def = a1.A B def = a1.B + a2.B

then A |

= S and B | = S. P | = U for all P ∈ P.

16

⋄ more expressive than ≡, P:

able to express properties beyond equivalence classes

⋄ always satisfiable ⋄ not closed under decomposition, i.e. wip(C, S) is not expressible in general ⋄ refinement analysis is EXPTIME-complete

[Benes, Kretinsky,Larsen,Srba 08]

17

Disjunctive Modal Transition Systems (DMTS) [Larsen&Liu 90]

⋄ can express {Q | C1[Q] ∼ P1, . . . , Cn[Q] ∼ Pn} ⋄ closed under decomposition: can express wip(C, S) ⋄ consistency check and model synthesis are EXPTIME ⋄ refinement analysis is EXPTIME-complete ⋄ cannot express {Q | C1[Q] ≈ P1, . . . , Cn[Q] ≈ Pn}

18

Extending Disjunctive Modal Transition Systems

⋄ can express {Q | C1[Q] ≡ P1, . . . , C2[Q] ≡ Pn}

where ≡ can be ∼, ≈, ≈b, . . . , or even mixture of those

⋄ closed under decomposition: can express wip(C, S) ⋄ consistency check and model synthesis are EXPTIME ⋄ refinement analysis — conjecture: EXPTIME

19

In summary, with the increasing of the expressiveness, the hardness of analysis also increases. Are we able to find a good balance between expressiveness and the ease of analysis?

20

Outline:

• 1. Background
• 2. Issues in specification formalisms
• 3. Some specification formalisms
• 4. HML with single alternation of simultaneous recursive definitions
• 5. Conclusion

21

Consider the following set of equations

X1 = F1 . . . Xn = Fn Y1 = E1 . . . Ym = Em

where Fi, Ej are HML formulae, and the system is closed in that all the variables on the left hand side are defined.

22

Then taking the weakest meaning for all Xi and the strongest meaning for all Yj we can use these Xi, Yj to express properties expressible in all the modal transition specifications and extensions mentioned above.

23

⋄ closed under decomposition: can express wip(C, S) ⋄ consistency check and model synthesis are EXPTIME ⋄ refinement analysis — conjecture: EXPTIME