Linear and Branching Time Safety, Liveness, and Fairness Lam Quoc Dang FAdCo T-79.5306 Reactive Systems

Contents Linear and Branching Time Safety, Liveness, and Fairness General Overview Linear Time Branching Time Safety, Liveness, and Fairness Safety Property Liveness Property Fairness Assumption

General Overview An abstraction mechanism consisting of π and Ɛπ, Σ and ƐΣ, or both is used. Properties of individual states, transitions, and their relations over time are specified.

Linear Time Looking at each complete execution separately ”K ||− φ” is defined as Ɛπ(K) ||− φ, or ƐΣ(K) ||− φ, or Ɛπ+Σ(K) ||− φ. Property φ belongs to a system iff K ||− φ for every K ∈ CEx. Such property is a linear-time property. Eg: Reachability of a deadlock, 4-boundedness of a Petri net place p are linear-time property.

Linear Time Checking: including a proposition is_deadlock in π, checking whether is_deadlock holds in any abstracted states in sequences of Ɛπ(CEx). A structural transition t ∈ T is Petri-net-live iff ”t is enabled”. Petri-net-liveness of t is not a linear-time property.

Branching Time Petri-net-liveness is determined with t_enab ∈ π and all execution trees shown. An execution tree represents all executions starting with s1 ∈ S1, and records all positions where two executions separate. Execution tree of state space (S, T, Δ, S1) with s1 ∈ S1 is formally defined as rooted edge-labelled graph (V, E, S1).

Branching Time Each node in execution tree contains only information provided by Ɛπ. Edges of execution tree are defined in two different ways if structural transitions are abstracted with Σ or away totally. Property whose validity is defined on Ɛ- abstracted execution trees is branching-time property. Branching-time property is proper if it is not linear-time property, eg: Petri-net-liveness.

Safety Property Safety in concurrent systems corresponds to partial correctness in sequential programs. Linear-time safety is property of Ɛ-abstracted executions having finite counterexamples. A safety property belongs to a system iff all its executions have such property. No property is simultaneously a safety and liveness property.

Safety Property Eg: ”the program will not terminate” is safety property, so as ”prefix” property of fifo queue and 4-boundedness of Petri net place. Safety property can be defined in branching- time by replacing ”execution trees” for ”executions”. Verification for safety is easier than for liveness properties (existing algorithms and not depending on fairness).

Liveness Property Liveness (progress) in concurrent systems corresponds to termination in sequential programs. Liveness is system-specific and more difficult to formulate than termination. Linear-time liveness is property whose counterexamples are Ɛ-abstractions of ony complete executions.

Liveness Property Eg: ”the program will eventually terminate” is liveness property, so as the ”length” property of fifo queues. Counterexamples of linear-time liveness are infinite executions (finite ”prefix” + repeating finite cycle). Counterexamples for proper branching-time properties are more complicated.

Fairness Assumption Fairness is assumption often needed for ensuring liveness. Two well-known notions: weak fairness (justice) and strong fairness (compassion). If a structural transition t is enbled in every state from some point on (but never occurs), weak-fairness will eventually occur.

Fairness Assumption Fairness is used to modelling process schedule to ensure each process gets processor time. Fairness is used to ensure a serve serves its clients equally. In strong fairness, if t is enabled infinitely many times, it should occur infinitely many times.

THANKS FOR YOUR ATTENTION!