Modelling Reactive Systems 4 Professor Muffy Calder Dept. of Computing Science University of Glasgow muffy@dcs.gla.ac.uk

1
Modelling Reactive Systems 4Professor Muffy
CalderDept. of Computing ScienceUniversity of
Glasgowmuffy_at_dcs.gla.ac.uk
2
Aims

• To introduce and explore 2 different formalisms
  and analysis techniques used in the design of
  reactive systems.
• To explore the practical issues raised by using
  these formalisms and associated software tools,
  particularly within the context of communications
  systems and protocols.
• Includes
• state-based modelling using Promela language
• reasoning using model-checker SPIN
• linear temporal logic
• event-based modelling using LOTOS
• communication mechanisms
• lots of concurrency - in practice and some theory
• Exercise
• model telephone system
• reason about system using SPIN

3
References

• My notes (on web)
• Technical papers
• Web pages (for both LOTOS and Promela)
• Two (out of print!) books

4
Modelling Reactive Systems

• Reactive system
• event driven, internal or external stimuli
• real-time, concurrent, or distributed
• Examples
• telephony
• communications networks
• operating systems
• avionics
• VLSI
• HCI
• railway signalling
• others (from biochemistry to cat flaps!)

5
Modelling Reactive Systems

• Features
• nondeterminism
• concurrency
• communication
• Concerns
• fairness
• race-conditions
• timing
• safety properties
• (something bad does not
  happen)
• liveness properties (something good happens)
• (Liveness is harder to prove than safety)

6
State or Event-Based Modelling?

• What is a process?
• How do processes interact?
• is communication synchronous
• is communication asynchronous
• How do we model a process?
• event based
• state-based

7

• Event based
• a
• 
  
• 
  b c
• 
  stop stop
• State-based
• 
  ev a
• e
  b

Events label edges
a ((b stop) (c stop))
LOTOS
Variables label states
ev a ev b if ev c ev d fi
ev d
ev c
Promela
8
Finite State Automata (informal)

• FSA is conceptual machine
• a given number of states (finite or infinite)
• m/c is in exactly one state, at any time
• state transitions are caused by (input) events
• state transition may cause (output) events
• typically, states represent visible modes of
  behaviour.
• STS structured transition system
• graphical representation of an FSA
• nodes represent states
• edges represent events
• Examples a chocolate machine

9
Kripke Structures (informal)

• A Kripke structure consists of
• a given number of states
• an initial state
• a set of final/accepting states
• a transition relation between states
• a function labelling states with valuations of
  
• the variables in states
• A computation path is a sequence of states
  s0,s1, such that there is a transition between
  si and si1.
• A computation path may be infinite.
• We are concerned with systems which have a finite
  number of states, but computation paths may be
  finite or infinite.

10
Example

• A chocolate dispensing machine.

11
Process Diagrams

• A channel is a directed communication link
  between 2 processes.
• A message or signal may by sent and received
  to/from a channel.
• A process diagram
• A static description of system/network
  topology.
• Do not confuse these with automata!

Environment
message
Process a
message
Process b
message