1 research outputs found
Specification and verification issues in a process language
PhD ThesisWhile specification formalisms for reactive concurrent systems are now reasonably
well-understood theoretically, they have not yet entered common, widespread
design practice. This motivates the attempt made in this work to enhance the
applicability of an important and popular formal framework: the CSP language,
endowed with a failure-based denotational semantics and a logic for describing
failures of processes.
The identification of behaviour with a set of failures is supported by a convincing
intuitive reason: processes with different failures can be distinguished by easily
realizable experiments. But, most importantly, many interesting systems can be
described and studied in terms of their failures. The main technique employed
for this purpose is a logic in which process expressions are required to satisfy an
assertion with each failure of the behaviour they describe. The theory of complete
partial orders, with its elegant treatment of recursion and fixpoint-based verification,
can be applied to this framework. However, in spite of the advantages
illustrated, the practical applicability of standard failure semantics is impaired by
two weaknesses.
The first is its inability to describe many important systems, constructed by
connecting modules that can exchange values of an infinite set across ports invisible
to the environment. This must often be assumed for design and verification
purposes (e.g. for the many protocols relying upon sequence numbers to cope with
out-of-sequence received messages). Such a deficiency is due to the definition of the
hiding operator in standard failure semantics. This thesis puts forward a solution
based on an interesting technical result about infinite sets of sequences.
Another difficulty with standard failure semantics is its treatment of divergence,
the phenomenon in which some components of a system interact by performing
an infinite, uninterrupted sequence of externally invisible actions. Within failure
semantics, divergence cannot be abstracted from on the basis of the implicit fairness
assumption that, if there is a choice leading out of divergence, it will eventually
be made. This 'fair abstraction' is essential for the verification of many important
systems, including communication protocols. The solution proposed in this thesis is
an extended failure semantics which records refused traces, rather than just actions.
Not only is this approach compatible with fair abstraction, but it also permits, like
ordinary failure semantics, verification in a compositional calculus with fixpoint
induction. Rather interestingly, these results can be obtained outside traditional
fixpoint theory, which cannot be applied in this case. The theory developed is
based on the novel notion of 'trace-based' process functions. These can be shown to
possess a particular fixpoint that, unlike the least fixpoint of traditional treatments,
is compatible with fair abstraction. Moreover, they form a large class, sufficient to
give a compositional denotational semantics to a useful eSP-like process language.
Finally, a logic is proposed in which the properties of a process' extended failures
can be expressed and analyzed; the methods developed are applied to the
verification of two example communication protocols: a toy one and a large case
study inspired by a real transport protocol