Encoding Synchronous Interactions Using Labelled Petri Nets

International audienceWe present an encoding of (bound) CSP processes with replication into Petri nets with labelled transitions. Through the encoding, the firing semantics of Petri nets models the standard operational semantics of CSP processes, which is both preserved and reflected. This correspondence allows for describing by net semantics the standard CSP observational equivalences. Since the encoding is modular with respect to process syntax, the paper puts on a firm ground the technology transfer between the two formalisms, e.g. recasting into the CSP framework well-established results like decidability of coverability for nets. This work complements previous results concerning the encoding of asynchronous interactions, thus witnessing the expressiveness of (open) labelled nets in modelling process calculi with alternative communication patterns

Correctness of concurrent processes

A new notion of correctness for concurrent processes is introduced and investigated. It is a relationship P sat S between process terms P built up from operators of CCS [Mi 80], CSP [Ho 85] and COSY [LTS 79] and logical formulas S specifying sets of finite communication sequences as in [Zw 89]. The definition of P sat S is based on a Petri net semantics for process terms [Ol 89]. The main point is that P sat S requires a simple liveness property of the net denoted by P. This implies that P is divergence free and externally deterministic. Process correctness P sat S determines a new semantic model for process terms and logical formulas. It is a modification ℜ* of the readiness semantics [OH 86] which is fully abstract with respect to the relation P sat S. The model ℜ* abstracts from the concurrent behaviour of process terms and certain aspects of their internal activity. In ℜ* process correctness P sat S boils down to semantic equality: ℜ*[P]=ℜ*[S]. The modified readiness equivalence is closely related to failure equivalence [BHR 84] and strong testing equivalence [DH 84]

Refinement-based verification of sequential implementations of Stateflow charts

Simulink/Stateflow charts are widely used in industry for the specification of control systems, which are often safety-critical. This suggests a need for a formal treatment of such models. In previous work, we have proposed a technique for automatic generation of formal models of Stateflow blocks to support refinement-based reasoning. In this article, we present a refinement strategy that supports the verification of automatically generated sequential C implementations of Stateflow charts. In particular, we discuss how this strategy can be specialised to take advantage of architectural features in order to allow a higher level of automation.Comment: In Proceedings Refine 2011, arXiv:1106.348

The behavioural semantics of Event-B refinement

Event-B provides a flexible framework for stepwise system development via re finement. The framework supports steps for (a) re fining events (one-by-one), (b) splitting events (one-by-many), and (c) introducing new events. In each of the steps events can be indicated as convergent (to be made internal) or anticipated (treatment deferred to a later refi nement step). All such steps are accompanied with precise proof obligations. However, no behavioural semantics has been provided to validate the proof obligations, and no formal justifi cation has previously been given for the application of these rules in a re finement chain. Behavioural semantics expresses a clear relationship between the first and last machines in a re finement chain. The framework we present provides a coherent justi fication for Abrial's approach to re finement in Event-B, and its generalisation to interface extension: adding events to the interface. In this paper, we give a behavioural semantics for Event-B refi nement, with a treatment for the first time of splitting events and of anticipated events, adding to the well-understood treatment of convergent events. To this end, we de fine a CSP semantics for Event-B and show how the di fferent forms of Event-B refi nement can be captured as CSP re finement. It turns out that the appropriate CSP refi nement relationship is influenced by the particular Event-B development strategy taken. We present two such strategies, one allowing, the other disallowing interface extensions