Specification Formalisms for LTSs Xinxin Liu Institute of Software - PowerPoint PPT Presentation

1 Specification Formalisms for LTSs Xinxin Liu Institute of Software Chinese Academy of Sciences BASICS2009

2 Outline: 1. Background 2. Issues in specification formalisms 3. Some specification formalisms 4. HML with single alternation of simultaneous recursive definitions 5. Conclusion

3 Stepwise refinement: S 1 ⊲ S 2 . . . ⊲ S n , and P impliments S n Programs: states in a LTS �P , Act, − →� Specifications: describe properties that some programs should satisfy

4 A specification formalism (for �P , Act, − →� ) consists of �| = , S� where S : a set (of specifications) | = : a binary relation on P × S (the satisfaction relation)

5 Read P | = S as ” P satisfies (is an implementation of) S ” S describes a set of states in the LTS, i.e. { P ∈ P | P | = S }

6 Logical specification formalisms: Hennessy-Milner Logic, µ -Calculus,. . . �| = , L� Transitional specification formalisms: �∼ , P� , �≈ , P� , �≈ b , P� , . . .

7 Outline: 1. Background 2. Issues in specification formalisms 3. Some specification formalisms 4. HML with single alternation of simultaneous recursive definitions 5. Conclusion

8 1. Given P and S , does it hold that P | = S ? ( model checking ) 2. Given a property (set of states), can it be expressed as a specification?( expressiveness ) 3. Are the properties expressible in one formalism always expressible in another? ( relative expressiveness )

9 4. Whether a given spec is implementable at all? ( consistency check ) If it is, how to construct an implementation? ( model synthesis ) 5. Given S 1 , S 2 , does S 1 ⊳ S 2 hold in the sense that the implementations of S 1 are also implementations of S 2 ? ( refinement analysis )

10 6. Given a process context C and a spec S let sop ( C, S ) = { C [ P ] | P | = S } wip ( C, S ) = { P | C [ P ] | = S } are there specs for sop ( C, S ) ( compositionality ) and wip ( C, S ) ( decompositionality ) A refinement step: sop ( C, wip ( C, S )) ⊳ S

11 Outline: 1. Background 2. Issues in specification formalisms 3. Some specification formalisms 4. HML with single alternation of simultaneous recursive definitions 5. Conclusion

12 µ -Calculus ::= F ∧ F F ∨ F [ a ] F � a � F F X µX.F νX.F tt ff ⋄ very expressive: be able to express regular properties for finite state process Q , there exists F ≡ Q such that = F ≡ P ≡ Q if and only if P | Q ⋄ good decompositionality: { P ∈ P | C [ P ] | = F } can be expressed for any F and for C from a big class of contexts

13 ⋄ consistency check and model synthesis: EXPTIME-complete [Street&Emerson 89, Walukiewicz 95] ⋄ refinement analysis: ⇔ F 1 ∨ F 2 is satisfied by all P ∈ P F 1 ⊳ F 2 ⇔ F 1 ∧ F 2 is not satisfiable (inconsistent) reduces refinement analysis to consistency check.

14 Generalizing transitional specification formalisms —- Modal Transition Systems (MTS) [Larsen&Thomsen 88]: M = �S , Act, − → A , − → R � , where − → R ⊆− → A ⊆ S × Act × S . Define | = to be the largest relation on P × S such that whenever P | = S then the following holds: → P ′ ⇒ S → A S ′ for some S ′ with P ′ | a a − − = S ′ ; 1. P → R S ′ ⇒ P → P ′ for some P ′ with P ′ | a a − − = S ′ . 2. S

15 Example: Let S, U be two specifications where a 1 a 1 a 2 − → R S, S − → A S, S − → A S , and S a for all a ∈ Act , U − → A U , U �− → R . Let A def = a 1 .A B def = a 1 .B + a 2 .B then A | = S and B | = S . P | = U for all P ∈ P .

16 ⋄ more expressive than �≡ , P� : able to express properties beyond equivalence classes ⋄ always satisfiable ⋄ not closed under decomposition, i.e. wip ( C, S ) is not expressible in general ⋄ refinement analysis is EXPTIME-complete [Benes, Kretinsky,Larsen,Srba 08]

17 Disjunctive Modal Transition Systems (DMTS) [Larsen&Liu 90] ⋄ can express { Q | C 1 [ Q ] ∼ P 1 , . . . , C n [ Q ] ∼ P n } ⋄ closed under decomposition: can express wip ( C, S ) ⋄ consistency check and model synthesis are EXPTIME ⋄ refinement analysis is EXPTIME-complete ⋄ cannot express { Q | C 1 [ Q ] ≈ P 1 , . . . , C n [ Q ] ≈ P n }

18 Extending Disjunctive Modal Transition Systems ⋄ can express { Q | C 1 [ Q ] ≡ P 1 , . . . , C 2 [ Q ] ≡ P n } where ≡ can be ∼ , ≈ , ≈ b , . . . , or even mixture of those ⋄ closed under decomposition: can express wip ( C, S ) ⋄ consistency check and model synthesis are EXPTIME ⋄ refinement analysis — conjecture: EXPTIME

19 In summary, with the increasing of the expressiveness, the hardness of analysis also increases. Are we able to find a good balance between expressiveness and the ease of analysis?

20 Outline: 1. Background 2. Issues in specification formalisms 3. Some specification formalisms 4. HML with single alternation of simultaneous recursive definitions 5. Conclusion

21 Consider the following set of equations X 1 = F 1 . . . X n = F n Y 1 = E 1 . . . Y m = E m where F i , E j are HML formulae, and the system is closed in that all the variables on the left hand side are defined.

22 Then taking the weakest meaning for all X i and the strongest meaning for all Y j we can use these X i , Y j to express properties expressible in all the modal transition specifications and extensions mentioned above.

23 ⋄ closed under decomposition: can express wip ( C, S ) ⋄ consistency check and model synthesis are EXPTIME ⋄ refinement analysis — conjecture: EXPTIME