Ccs property specification
Download
1 / 16

CCS: Property Specification - PowerPoint PPT Presentation


  • 107 Views
  • Uploaded on

CCS: Property Specification. Reading: Slides. Mads Dam. Goal: Logic to express interesting correctness properties for CCS CCS: Standard labelled transition system so LTL and CTL applies Here: Introduce very powerful temporal logic – mu-calculus Strong ties to bisimulation equivalence.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'CCS: Property Specification' - wynn


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Ccs property specification

CCS: Property Specification

Reading: Slides

Mads Dam


Temporal logics for ccs

Goal: Logic to express interesting correctness properties for CCS

CCS:

Standard labelled transition system so LTL and CTL applies

Here:

Introduce very powerful temporal logic – mu-calculus

Strong ties to bisimulation equivalence

Temporal Logics for CCS


Modal logic
Modal Logic for CCS

Logic for possibility/contingency and necessity

<>:  is possible

[]:  is necessary

Kripke structure: Possible worlds and accessibility relation

w : <> :  holds in some w’ accessible from w

w : [] :  holds in all w’ accessible from w

Here: Use a labelled accessibility relation !

Note:

LTL and CTL are themselves modal logics, with modalities such as O, AX, EX, F, G, U (binary), AF, etc.


Hennessy milner logic hml
Hennessy-Milner Logic - HML for CCS

Modal logic with labelled accessibility/transition relation

P ² <>  holds in some P’ such that P  P’

P ² []  holds in all P’ such that P  P’

Directly representable as unary FOL predicate:

(<>)(P) iff 9 P’.P ! P’ Æ(P’)

([])(P) iff 8 P’.P ! P’ implies (P’)

HML syntax:

  • ::= true | false |    |    | <>  | [] 

    Positive form, no negation needed

    De Morgan:  <>  = []  ,  []  = <>  


Hml examples
HML - Examples for CCS

  • P ² <in>true an ”in” action is possible in state P

  • P ² [out]false no ”out” action is possible in state P

  • P ² <in><out>true ...

  • P ² <in>[in]false ...

    Distinguishing formula:

    <a>[b]false distinguishes a.b.0 + a.c.0 from a.(b.0 + c.0)

    HML characterises strong bisimulation equivalence for CCS:

    Theorem (Modal Characterisation): Provided all process definitions are guarded, the following statements are equivalent for P, Q guarded:

    • P » Q

    • For all HML formulas , if P ² then Q ²


Proof of modal characterisation
Proof of Modal Characterisation for CCS

(This material is intermediate level)

1 ! 2: Use induction on structure of 

2 ! 1: Let:

P »0 Q (always)

P »i+1 Q iff

  • whenever P ! P’ then exists Q’ such that Q ! Q’ and P’ »i Q’

  • whenever Q ! Q’ then exists P’ such that P ! P’ and P’ »i Q’

    Exercise: Show that for all i2N, »i¶»i+1 (monotonicity)

    Let P »’ Q iff P »i Q for all i2N

    Exercise: Show that P »’ Q if P » Q

    Exercise: Show that if P is guarded then {P’ | P ! P’} is finite (terminology: P is image finite)


Modal characterisation ii
Modal Characterisation, II for CCS

We show P »’ Q implies P » Q.

If P ! P’ then there exists some Q’ such that for infinitely many i2N, Q ! Q’ and P’ »i Q’

This follows from image finiteness

But then P’ »i Q’ for all i2N

This follows from monotonicity

Symmetrically, if Q ! Q’ some P’ can be found

But then »’ is a strong bisimulation relation, so P » Q

So if P ¿ Q then there is some i2N such that P ¿i Q

Use this to construct HML formula P,i such that P ² and Q ²:


Modal characterisation iii
Modal Characterisation, III for CCS

Suppose P ¿i Q

Construct P,i by induction on i

Base case, i = 0: Immediate contradiction since P »0 Q

Induction step, i = i’+1:

Let P,i = Æ{<>P’,i’ | P ! P’} Æ (Æ[](Ç{P’,i’ | P ! P’}))

Use induction to show P ²P,i

Since P ¿i Q either

  • P ! P’, some P’, and whenever Q ! Q’ then P’ ¿i’ Q’, or

  • Q ! Q’, some Q’, and whenever P ! P’ then P’ ¿i’ Q

    In either case the argument is closed by the induction hypothesis

    Exercise: Fill in the details


A proof system for hml
A Proof System for HML for CCS

-

P : true

True

P : 

P :   

P : 

P :   

OrL

OrR

P :  P : 

P :   

P’ : 

P : <> 

(P ! P’)

And

Dia

P1 :  ... Pn : 

P : [] 

Box

({P1,...,Pn} = {P’ | P ! P’})


Extensions
Extensions for CCS

Action sets

  • Sets L  Act label the modalities <L>, [L]

  • L = {  |   L }

  • Complementation:

    -L abbreviates Act-L

    - abbreviates Act-

  • Examples: [-]false, [in][-out]false

    Weak modalities <<L>>, [[L]]:

  • Refer to the weak transition relations

  • Example: [[in]][[-(out,eps)]]false


Adding recursion to hml
Adding Recursion to HML for CCS

Adding a temporal dimension to HML

Observation: CTL operators are recursive, e.g. AG = Æ AXAG

Unfortuntely, equations do not have unique solutions

Which sets satisfy the equation X = <>X ?

  • Sol’n 1: X = false

  • Sol’n 2: X =  = {P0 | for all i > 0 there is Pi such that Pi -1  Pi}

    Sol’n 1: least solution, X. <> X

    Sol’n 2: greatest solution, X. <> X


Calculus ii
for CCS - Calculus, II

Unfolding fixed point formulas ( is either  or ):

 X.  = [ X.  / X]

Example: X.<>X = <>X.<>X = <> <>X.<>X ...

Fixed point approximants:

0X. = false 0X. = true

k+1X. = [kX./X] k+1X. = [kX./X]

Knaster-Tarski Theorem (for CCS and strong transitions):

X. = k.kX. X. = k.kX.

Note that:

0X.  1X.  2X.  ...  X.

0X.  1X.  2X.  ...  X.


Example properties
Example Properties for CCS

-calculus: Tiny programming language for program properties

AG  X.   [-]X

terminates X.[-]X

AF  X.   (<->tt  [-]X)

A( U ) X.Ç (Æ [-]X)

Eventually  has to be taken X.<->tt  [-]X

On all paths infinitely often  X.Y.(  [-] X)  [-]Y

<<>>  X.  <>X

<<>>  <<>><><<>>

Point to note: Once some abbreviation has been introduced it’s free to being used, of course.


Example buffer properties
Example: Buffer Properties for CCS

Ongoing capability X.<<in>><<out>>X

Alternation of in and out AG [[in]][[-out]]false

AG [[out]][[in]]false

Deadlock freedom AG <->tt

Progress AG X.[]X

Word of warning: It’s easy to say ”alternation of in and out”. What do you actually mean?

More precisely: Which property of infinite labelled trees are you after?


Proof rules for fixed point formulas
Proof Rules for Fixed Point Formulas for CCS

Let A be a set of CCS terms:

P ²AX. means P ² [A{P}X./X] or P  A

P ²AX. means P ² [A{P}X./X] and P  A

Idea: Has P been already visited?

Proof rules:

And a ”negative” rule:

P : [A,PX./X]

P : AX.

-

P : AX.

Fix1

Fix2

(P  A)

(P  A)

P : AX.

- give up -

Fix3

(P  A)


Example
Example for CCS

Buf = in.out.Buf

Sys = (Buf[comm/out] | Buf[comm/in])Â{comm}

Spec = ”On all paths infinitely often out is possible”

= X.Y.(<out>true  [-]X)  [-]Y

Prove Sys : Spec

Proof given in class