Presentation is loading. Please wait.

Presentation is loading. Please wait.

Department of mathematics and computer science 1 of 21 Rob van Glabbeek (Sydney) Marc Voorhoeve (TUE) Liveness, Fairness and Impossible Futures.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Department of mathematics and computer science 1 of 21 Rob van Glabbeek (Sydney) Marc Voorhoeve (TUE) Liveness, Fairness and Impossible Futures."— Presentation transcript:

1 department of mathematics and computer science 1 of 21 Rob van Glabbeek (Sydney) Marc Voorhoeve (TUE) Liveness, Fairness and Impossible Futures

2 department of mathematics and computer science 2 of 21 1.Motivation 2.IF equivalence 3.Results Contents

3 department of mathematics and computer science 3 of 21 Context Why yet another equivalence relation? trace fair testing IF contrasim weak bisim strong bisim failureready simulation weak+div

4 department of mathematics and computer science 4 of 21 Motivation System development: model-based vs. requirement-based. Combination often preferable. Non-bisim equivalence: compositional when congruence increases implementer’s freedom. Equivalence implementation – model: branching/weak bisimilarity? Advantages: compositional, preservation of any requirement. Disadvantage: restrictive.

5 department of mathematics and computer science 5 of 21 Compositional verification abstraction reduction (contrasim)

6 department of mathematics and computer science 6 of 21 Too much freedom! vw Processes v,w : failures/ready simulation equivalent! Corrupted state u : action c impossible. u reachable from w not v. u Legend: t: try c: connect f: fail s: stop corrupted states hidden visible 

7 department of mathematics and computer science 7 of 21 Motivation (conclusion) Non-bisim equivalences: more freedom for implementer. Needed: knowledge about preservation of properties. IF (impossible future) equivalence preserves AGEF properties.

8 department of mathematics and computer science 8 of 21 1.Motivation 2.IF Equivalence 3.Results Contents Preliminary notions Definition Properties preserved Connection with liveness and fairness

9 department of mathematics and computer science 9 of 21 Transition systems gsmspecgsmimpl Legend: t: try c: connect f: fail s: stop Process: state in labeled transition system (LTS) vw

10 department of mathematics and computer science 10 of 21 LTS: pair, S a set (of states) : ternary transition relation v = gsmspec Set A of visible actions: Special hidden action Transition relations trace relation

11 department of mathematics and computer science 11 of 21 Impossible futures equivalence IF: decorated trace IF equivalence: same IFs Congruence with root condition:

12 department of mathematics and computer science 12 of 21 Properties preserved by IF Having observed  it is possible to continue with a trace  from B.  calculus : CTL: (AGEF property) Not IF preserved (not AGEF):

13 department of mathematics and computer science 13 of 21 Some AGEF properties No deadlock/livelock: Soundness: √ Delivery ( d) possible after order ( o) : Order that is not confirmed ( c) can be aborted ( a): An order that can be confirmed, can be aborted (at the same time): Not AGEF:

14 department of mathematics and computer science 14 of 21 Legend: t: try c: connect f: fail s: stop GSM example vw Corrupted state u : no connection possible. Corrupted state reachable from w not v. (AGEF properties) f  calculus predicates Paths terminating with f, can continue with tc Paths terminating with f, can eventually do c u testable non-testable

15 department of mathematics and computer science 15 of 21 Liveness Infinite tf- sequence impossible: vw CTL: Verify AGEF instead of liveness! Implies liveness combined with AGEF property (fairness assumption)

16 department of mathematics and computer science 16 of 21 1.Motivation 2.IF Equivalence 3.Results Contents Preservation Fair testing Proof method

17 department of mathematics and computer science 17 of 21 Preservation results 1.IF congruence preserves all AGEF properties. 2.Any congruence preserving any non-testable AGEF property is at least as fine as IF. 3.Any congruence at least as coarse as weak bisim, satisfying RSP and preserving any nontrivial AGEF property is at least as fine as IF.

18 department of mathematics and computer science 18 of 21 Fair testing (FT) FT preserves all testable AGEF properties and (assuming fairness) all AGAF properties but different IF’s FT does not satisfy RSP: two processes satisfy

19 department of mathematics and computer science 19 of 21 Proof method Suppose ~ is a congruence w.r.t. CCS composition and there exist ,B,p,q with p ~ q such that Let and setwith

20 department of mathematics and computer science 20 of 21 Context C    i

21 department of mathematics and computer science 21 of 21 Conclusions 1.Many system safety and liveness properties are of AGEF kind. AGAF liveness: AGEF + fairness. 2.IF and FT: compositional verification of AGEF properties. 3.FT: only testable AGEF properties, RSP cannot be used. Thank you for your attention

22 department of mathematics and computer science 22 of 21 C1 Composition Systems built from components

23 department of mathematics and computer science 23 of 21 Verification a b c Possible: prove e.g. Disadvantage: cumbersome, restrictive. Alternative: Non-bisim equivalence that is congruence w.r.t. composition and preserves requirements! Advantage: compositionality. Verify property, e.g.: b may eventually occur after a Simplify components

Download ppt "Department of mathematics and computer science 1 of 21 Rob van Glabbeek (Sydney) Marc Voorhoeve (TUE) Liveness, Fairness and Impossible Futures."

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.

Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.
Vasileios Germanos 1, Stefan Haar 2, Victor Khomenko 1, and Stefan Schwoon 2 1 School of Computing Science, Newcastle University, UK 2 INRIA & LSV (ENS.

Vasileios Germanos 1, Stefan Haar 2, Victor Khomenko 1, and Stefan Schwoon 2 1 School of Computing Science, Newcastle University, UK 2 INRIA & LSV (ENS.
Partial Order Reduction: Main Idea

Partial Order Reduction: Main Idea
Process Algebra (2IF45) Abstraction in Process Algebra Suzana Andova.

Process Algebra (2IF45) Abstraction in Process Algebra Suzana Andova.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
1 Regression-Verification Benny Godlin Ofer Strichman Technion.

1 Regression-Verification Benny Godlin Ofer Strichman Technion.
Game-theoretic simulation checking tool Peter Bulychev, Vladimir Zakharov, Igor Konnov Moscow State University.

Game-theoretic simulation checking tool Peter Bulychev, Vladimir Zakharov, Igor Konnov Moscow State University.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.

Game-theoretic approach to the simulation checking problem Peter Bulychev Vladimir Zakharov Lomonosov Moscow State University.
Distributed Computing 5. Snapshot Shmuel Zaks ©

Distributed Computing 5. Snapshot Shmuel Zaks ©
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Behavioral Equivalence Hossein Hojjat Formal Lab University of Tehran.

Behavioral Equivalence Hossein Hojjat Formal Lab University of Tehran.
Possibilistic and probabilistic abstraction-based model checking Michael Huth Computing Imperial College London, United Kingdom.

Possibilistic and probabilistic abstraction-based model checking Michael Huth Computing Imperial College London, United Kingdom.
Equivalence of open Petri nets Modeling and analysis with Petri net components. Marc Voorhoeve (AIS)

Equivalence of open Petri nets Modeling and analysis with Petri net components. Marc Voorhoeve (AIS)
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.

Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
Introduction to Computability Theory

Introduction to Computability Theory
© Katz, 2007CS236368 Formal SpecificationsLecture - Temporal logic 1 Temporal Logic Formal Specifications CS236368 Shmuel Katz The Technion.

© Katz, 2007CS Formal SpecificationsLecture - Temporal logic 1 Temporal Logic Formal Specifications CS Shmuel Katz The Technion.

Similar presentations

Ads by Google