Table Of ContentReactive Systems
A reactive system comprises networks of computing components, achieving
theirgoalsthroughinteractionamongthemselvesandtheirenvironment.Thus
even relatively small systems may exhibit unexpectedly complex behaviours.
As, moreover, reactive systems are often used in safety critical systems, the
needformathematicallybasedformalmethodologyisincreasinglyimportant.
There are many books that look at particular methodologies for such sys-
tems.Thisbookoffersamorebalancedintroductionforgraduatestudentsand
describes the various approaches, their strengths and weaknesses and when
theyarebestused.Milner’sCCSanditsoperationalsemanticsareintroduced,
together with the notions of behavioural equivalences based on bisimulation
techniquesandwithrecursiveextensionsofHennessy-Milnerlogic.Inthesec-
ondpartofthebookthepresentedtheoriesareextendedtotaketimingissues
intoaccount.ThebookhasarisenfromvariouscoursestaughtinDenmarkand
Icelandandisdesignedtogivestudentsabroadintroductiontothearea,with
exercisesthroughout.
LUCA ACETO is Professor of Computer Science at Reykjav´ık University,
Iceland,andAalborgUniversity,Denmark.
ANNA INGO´LFSDO´TTIR is Professor of Computer Science at Reykjav´ık
University,Iceland,andAalborgUniversity,Denmark.
KIM G. LARSEN is Professor of Computer Science at Aalborg University,
Denmark,andTwenteUniversity,TheNetherlands.
JIRˇ´I SRBAisAssociateProfessorinComputerScienceatAalborgUniversity,
Denmark.
‘Many modern-day computing systems are reactive in nature; they persist indefinitely,
respondingtotheinteractionsofusers,andupdatingtheirinternalstructuresaccordingly.
Overthelasttwodecades,aneleganttheoryofthesereactivesystemshasemerged,andis
beingincreasinglyappliedinindustrialsettings.
And at last we have an accessible textbook for this area, written by a team who have
played a central role in the development of the underlying theory, and the software tools
whichareessentialtoitssuccessfulapplication.Ittreatsbothtimedanduntimedsystems
and,althoughtheunderlyingtheoryiscarefullyandmethodicallyexplained,themaintrust
of the book is to engage students with the material via a wealth of thought-provoking
examples.
Theclarityoftheexpositionisexceptional;itpresentstheessentialideasclearly,avoid-
ing unnecessary detail, but at the same time has well-chosen pointers to more advanced
concepts.Thebookisdestinedtobecomethestandardtextbookforreactivesystems.’
MatthewHennessy,SussexUniversity
‘Amustforanybodyinterestedinformalanalysistechniquesforcomputingsystems.’
WanFokkink,VrijeUniversiteitAmsterdam
‘Thisbookisagentleintroductiontothebasicsoftheoriesofinteractivesystemsthatstarts
withanintroductiontoCCSanditssemantictheoryandthenmovestointroducingmodal
logics and timed models of concurrency. By means of a number of small but intriguing
examples and by using software tools based on sound theoretical principles, it leads the
reader to appreciating and mastering a number of process algebra-based techniques that
arealsohavingagreatimpactoutsideacademiccircles.
Theauthors have managed toconcentrate theirexpertise,enthusiasmand pedagogical
abilityinlessthan300pages.Thepresentationisveryclearandconveyssufficientintuition
tomakethebookappropriatealsoforstudentswithlimitedmathematicalbackground.An
excellentadvancedundergraduatetext.’
RoccoDeNicola,Universita´ diFirenze
‘Thisbookoffersanintroductiontomodel-basedverificationofreactivesystems,atech-
nologythatisessentialtoallIT-developersofthefuture,giventheglobaltrendininforma-
tiontechnologytowardsubiquitouscomputing.
Thebookisuniqueinitspedagogicalstyle,introducingtherequiredtheory(ofmodels
andspecificationformalismsforreactivesystems)motivatedcarefullywithitsapplications
(inthedevelopment and useofautomated verification toolsinpractice),and writtenasa
textbookthatcanbeusedreadilyatmanydifferentlevelsofIT-relatedcurricula.’
MogensNielsen,AarhusUniversity
Reactive Systems
Modelling, Specification and Verification
Luca Aceto1 2 Anna Ingo´lfsdo´ttir1 2
Kim G. Larsen1 Jiˇr´ı Srba1
1DepartmentofComputerScience,AalborgUniversity,9220AalborgØ,Denmark
2DepartmentofComputerScience,SchoolofScienceandEngineering,Reykjav´ıkUniversity,Iceland
CAMBRIDGEUNIVERSITYPRESS
Cambridge, New York, Melbourne, Madrid, Cape Town, Singapore, São Paulo
Cambridge University Press
The Edinburgh Building, Cambridge CB28RU, UK
Published in the United States of America by Cambridge University Press, New York
www.cambridge.org
Information on this title: www.cambridge.org/9780521875462
© L. Aceto, A. Ingolfsdottir, K. G. Larsen and J. Srba 2007
This publication is in copyright. Subject to statutory exception and to the provision of
relevant collective licensing agreements, no reproduction of any part may take place
without the written permission of Cambridge University Press.
First published in print format 2007
ISBN-13 978-0-511-33535-8 eBook (NetLibrary)
ISBN-10 0-511-33535-0 eBook (NetLibrary)
ISBN-13 978-0-521-87546-2 hardback
ISBN-10 0-521-87546-3 hardback
Cambridge University Press has no responsibility for the persistence or accuracy of urls
for external or third-party internet websites referred to in this publication, and does not
guarantee that any content on such websites is, or will remain, accurate or appropriate.
Contents
Figuresandtables pageviii
Preface x
I A Classic Theory of Reactive Systems 1
1 Introduction 1
Aimsofthisbook 1
1.1 Whatarereactivesystems? 2
1.2 Processalgebras 5
2 ThelanguageCCS 7
2.1 SomeCCSprocessconstructions 7
2.2 CCS,formally 16
3 Behaviouralequivalences 31
3.1 Criteriaforgoodbehaviouralequivalence 31
3.2 Traceequivalence:afirstattempt 34
3.3 Strongbisimilarity 36
3.4 Weakbisimilarity 53
3.5 Gamecharacterizationofbisimilarity 65
3.6 Furtherresultsonequivalencechecking 72
4 Theoryoffixedpointsandbisimulationequivalence 75
4.1 Posetsandcompletelattices 75
4.2 Tarski’sfixedpointtheorem 78
4.3 Bisimulationasafixedpoint 85
5 Hennessy–Milnerlogic 89
5.1 IntroductiontoHennessy–Milnerlogic 89
5.2 Hennessy–Milnertheorem 98
v
vi Contents
6 HMLwithrecursion 102
Introduction 102
6.1 Examplesofrecursiveproperties 107
6.2 SyntaxandsemanticsofHMLwithrecursion 109
6.3 Largestfixedpointsandinvariantproperties 113
6.4 AgamecharacterizationforHMLwithrecursion 115
6.5 Mutuallyrecursiveequationalsystems 120
6.6 Characteristicproperties 125
6.7 Mixinglargestandleastfixedpoints 134
6.8 Furtherresultsonmodelchecking 139
7 Modellingmutualexclusionalgorithms 142
Introduction 142
7.1 SpecifyingmutualexclusioninHML 147
7.2 SpecifyingmutualexclusionusingCCSitself 149
7.3 Testingmutualexclusion 152
II A Theory of Real-time Systems 159
8 Introduction 159
8.1 Real-timereactivesystems 159
9 CCSwithtimedelays 161
9.1 Intuition 161
9.2 Timedlabelledtransitionsystems 163
9.3 SyntaxandSOSrulesoftimedCCS 165
9.4 Parallelcomposition 169
9.5 Othertimedprocessalgebrasanddiscussion 173
10 Timedautomata 175
10.1 Motivation 175
10.2 Syntaxoftimedautomata 176
10.3 Semanticsoftimedautomata 180
10.4 Networksoftimedautomata 185
10.5 Moreontimed-automataformalisms 190
11 Timedbehaviouralequivalences 193
11.1 Timedanduntimedtraceequivalence 193
11.2 Timedanduntimedbisimilarity 195
11.3 Weaktimedbisimilarity 200
11.4 Regiongraphs 203
11.5 Zonesandreachabilitygraphs 214
11.6 Furtherresultsontimedequivalences 218
Contents vii
12 Hennessy–Milnerlogicwithtime 220
Introduction 220
12.1 Basiclogic 221
12.2 Hennessy–Milnerlogicwithtimeandregions 229
12.3 TimedbisimilarityversusHMLwithtime 232
12.4 RecursioninHMLwithtime 237
12.5 Moreontimedlogics 246
13 ModellingandanalysisofFischer’salgorithm 248
Introduction 248
13.1 Mutualexclusionusingtiming 250
13.2 ModellingFischer’salgorithm 251
13.3 Furtherexercisesontiming-basedmutualexclusionalgorithms 258
AppendixA Suggestionsforstudentprojects 261
A.1 Alternating-bitprotocol 261
A.2 Gossipinggirls 262
A.3 Implementationofregions 263
References 267
Index 281
Figures and tables
Figures
2.1 TheinterfacefortheprocessCS. page8
2.2 TheinterfacefortheprocessCM|CS. 10
2.3 TheinterfacefortheprocessCM|CS|CS(cid:1). 11
2.4 TheinterfacefortheprocessCM|CS|CM(cid:1). 12
2.5 TheinterfacefortheprocessSmUni|CS(cid:1). 13
2.6 Labelledtransitionsystemwithinitialstatep. 19
3.1 P RQimpliesthatC[P]RC[Q]. 33
3.2 AbisimulationshowingthatB2 ∼ B1 | B1. 51
0 0 0
3.3 Thepossiblebehavioursof(CM |CS)\{coin,coffee}. 55
b
6.1 Twoprocesses,pandq. 103
6.2 Aprocess. 109
6.3 Theprocessespandp . 127
i
6.4 Thecoffeemachinegkm. 128
6.5 Simpleinfiniteprocessp. 130
10.1 Lightswitch. 176
10.2 Clockconstraint. 182
10.3 AsmallJobshop. 183
10.4 Thelazyworkerandhisdemandingemployer. 189
11.1 Asimpletimedautomaton. 204
11.2 PartitioningofthevaluationsfortheautomatoninFigure11.1. 205
11.3 SymbolicexplorationofthetimedautomatoninFigure11.1. 217
12.1 Asimpletimedautomaton. 225
12.2 Regionsforc = 2andc = 3. 231
x y
13.1 ThetimedautomatonA forprocessi. 251
i
viii
Listoffiguresandtables ix
13.2 ErroneoustimedautomatonAw forprocessi. 256
i
A.1 Someofthe18regionswhenC = {x,y}andc = c = 1. 264
x y
A.2 ListrepresentationofsomeoftheregionsinFigureA.1. 265
A.3 Asimpletimedautomaton. 266
Tables
2.1 AnalternativeformulationfortheprocessCS page14
2.2 SOSrulesforCCS(α ∈ Act,a ∈ L) 24
3.1 Thesender,receiverandmediumin(3.8) 59
9.1 SOSrulesforTCCS(d,d(cid:1) ∈ R≥0) 167
Description:Formal methods is the term used to describe the specification and verification of software and software systems using mathematical logic. Various methodologies have been developed and incorporated into software tools. An important subclass is distributed systems. There are many books that look at pa
