Abstract
Reactive programs are ubiquitous in modern applications, and so verification is highly desirable. We present a verification strategy for reactive programs with a large or infinite state space utilising algebraic laws for reactive relations. We define novel operators to characterise interactions and state updates, and an associated equational theory. With this we can calculate a reactive program’s denotational semantics, and thereby facilitate automated proof. Of note is our reasoning support for iterative programs with reactive invariants, which is supported by Kleene algebra. We illustrate our strategy by verifying a reactive buffer. Our laws and strategy are mechanised in Isabelle/UTP, which provides soundness guarantees, and practical verification support.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
All proofs can be found in the cited series of Isabelle/HOL reports. For historical reasons, we use the syntax
in our mechanisation for a contract 
, which builds on Hoare and He’s original syntax for the theory of designs [6]. - 2.
Isabelle/UTP: https://github.com/isabelle-utp/utp-main.
in our mechanisation for a contract 
, which builds on Hoare and He’s original syntax for the theory of designs [References
Harel, D., Pnueli, A.: On the development of reactive systems. In: Apt, K.R. (ed.) Logics and Models of Concurrent Systems. NATO ASI Series (Series F: Computer and Systems Sciences), vol. 13, pp. 477–498. Springer, Heidelberg (1985). https://doi.org/10.1007/978-3-642-82453-1_17
Bainomugisha, E., Carreton, A.L., Cutsem, T.V., Mostinckx, S., De Meuter, W.: A survey on reactive programming. ACM Comput. Surv. 45(4), 34 pages (2013). Article No. 52
Foster, S., Cavalcanti, A., Canham, S., Woodcock, J., Zeyda, F.: Unifying theories of reactive design contracts. Submitted to Theoretical Computer Science, December 2017. Preprint: https://arxiv.org/abs/1712.10233
Meyer, B.: Applying “design by contract”. IEEE Comput. 25(10), 40–51 (1992)
Hehner, E.C.R.: A Practical Theory of Programming. Monographs in Computer Science. Springer, New York (1993). https://doi.org/10.1007/978-1-4419-8596-5
Hoare, C.A.R., He, J.: Unifying Theories of Programming. Prentice-Hall, Upper Saddle River (1998)
Oliveira, M., Cavalcanti, A., Woodcock, J.: A UTP semantics for Circus. Form. Asp. Comput. 21, 3–32 (2009)
Kozen, D.: On Kleene algebras and closed semirings. In: Rovan, B. (ed.) MFCS 1990. LNCS, vol. 452, pp. 26–47. Springer, Heidelberg (1990). https://doi.org/10.1007/BFb0029594
Cavalcanti, A., Woodcock, J.: A tutorial introduction to CSP in Unifying Theories of Programming. In: Cavalcanti, A., Sampaio, A., Woodcock, J. (eds.) PSSE 2004. LNCS, vol. 3167, pp. 220–268. Springer, Heidelberg (2006). https://doi.org/10.1007/11889229_6
Foster, S., Zeyda, F., Woodcock, J.: Unifying heterogeneous state-spaces with lenses. In: Sampaio, A., Wang, F. (eds.) ICTAC 2016. LNCS, vol. 9965, pp. 295–314. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46750-4_17
Foster, S.: Kleene algebra in Unifying Theories of Programming. Technical report, University of York (2018). http://eprints.whiterose.ac.uk/129359/
Foster, S., et al.: Reactive designs in Isabelle/UTP. Technical report, University of York (2018). http://eprints.whiterose.ac.uk/129386/
Foster, S., et al.: Stateful-failure reactive designs in Isabelle/UTP. Technical report, University of York (2018). http://eprints.whiterose.ac.uk/129768/
Guttman, W., Möller, B.: Normal design algebra. J. Log. Algebr. Program. 79(2), 144–173 (2010)
Möller, B., Höfner, P., Struth, G.: Quantales and temporal logics. In: Johnson, M., Vene, V. (eds.) AMAST 2006. LNCS, vol. 4019, pp. 263–277. Springer, Heidelberg (2006). https://doi.org/10.1007/11784180_21
Santos, T., Cavalcanti, A., Sampaio, A.: Object-orientation in the UTP. In: Dunne, S., Stoddart, B. (eds.) UTP 2006. LNCS, vol. 4010, pp. 18–37. Springer, Heidelberg (2006). https://doi.org/10.1007/11768173_2
Sherif, A., Cavalcanti, A., He, J., Sampaio, A.: A process algebraic framework for specification and validation of real-time systems. Form. Asp. Comput. 22(2), 153–191 (2010)
Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Upper Saddle River (1985)
Foster, S., Cavalcanti, A., Woodcock, J., Zeyda, F.: Unifying theories of time with generalised reactive processes. Inf. Process. Lett. 135, 47–52 (2018)
Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM 18(8), 453–457 (1975)
Armstrong, A., Gomes, V., Struth, G.: Building program construction and verification tools from algebraic principles. Form. Asp. Comput. 28(2), 265–293 (2015)
Gomes, V.B.F., Struth, G.: Modal Kleene algebra applied to program correctness. In: Fitzgerald, J., Heitmeyer, C., Gnesi, S., Philippou, A. (eds.) FM 2016. LNCS, vol. 9995, pp. 310–325. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-48989-6_19
Zhan, N., Kang, E.Y., Liu, Z.: Component publications and compositions. In: Butterfield, A. (ed.) UTP 2008. LNCS, vol. 5713, pp. 238–257. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14521-6_14
Back, R.-J., Wright, J.: Refinement Calculus: A Systematic Introduction. Texts in Computer Science, 1st edn. Springer, New York (1998). https://doi.org/10.1007/978-1-4612-1674-2
Isobe, Y., Roggenbach, M.: CSP-Prover: a proof tool for the verification of scalable concurrent systems. J. Comput. Softw. Jpn. Soc. Softw. Sci. Technol. 25(4), 85–92 (2008)
Preoteasa, V., Dragomir, I., Tripakis, S.: Refinement calculus of reactive systems. In: International Conference on Embedded Systems (EMSOFT). IEEE, October 2014
Miyazawa, A., Ribieiro, P., Li, W., Cavalcanti, A., Timmis, J.: Automatic property checking of robotic applications. In: International Conference on Intelligent Robots and Systems (IROS), pp. 3869–3876. IEEE (2017)
Acknowledgments
This research is funded by the RoboCalc project (https://www.cs.york.ac.uk/circus/RoboCalc/), EPSRC grant EP/M025756/1.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A UTP Theory Definitions
A UTP Theory Definitions
In this appendix, we summarise our theory of reactive design contracts. The definitions are all mechanised in accompanying Isabelle/HOL reports [12, 13].
1.1 A.1 Observational Variables
We declare two sets 
and \(\varSigma \) that denote the sets of traces and state spaces, respectively, and operators 
and 
. We require that 
forms a trace algebra [19], which is a form of cancellative monoid. Example models include 
and 
. We declare the following observational variables that are used in both our UTP theories:
-
– indicate divergence in the prior and present relation; -
– indicate quiescence in the prior and present relation; -
– the initial and final state; -
– the trace of the prior and present relation.
– indicate divergence in the prior and present relation;
– indicate quiescence in the prior and present relation;
– the initial and final state;
– the trace of the prior and present relation.Since the theory is extensible, we also allow further observational variables to be added, which are denoted by the variables r and \(r'\).
1.2 A.2 Healthiness Conditions
We first describe the healthiness conditions of reactive relations.
Definition A.1
(Reactive Relation Healthiness Conditions).
healthy relations do not refer to ok or wait and have a well-formed trace associated with them. The latter is ensured by the reactive process healthiness conditions [6, 9, 19], 
and 
, which justify the existence of the trace pseudo variable 
. 
is closed under relational calculus operators 
, \(\vee \), \(\wedge \), and 
, but not 
, 
, 
, or 
. We therefore define healthy versions below.
Definition A.2
(Reactive Relation Operators).
We define a reactive complement 
, reactive implication 
, and reactive true 
, which with the other connectives give rise to a Boolean algebra [3]. We also define the reactive skip 
, which is the unit of 
, and the reactive weakest precondition operator 
. The latter is similar to the standard UTP definition of weakest precondition [6], but uses the reactive complement.
We next define the healthiness conditions of reactive contracts.
Definition A.3
(Reactive Designs Healthiness Conditions).
states that if the predecessor is waiting then a reactive design behaves like 
, the reactive design identity. 
is analagous to 
from the theory of designs [6, 9], and introduces divergent behaviour: if the predecessor is divergent (\(\lnot ok\)), then a reactive design behaves like 
meaning that the only observation is that the trace is extended. 
is identical to 
from the theory of designs [6, 9]. 
states that 
is a right unit of sequential composition. 
composes the reactive healthiness conditions and 
. We then finally have the healthiness conditions for reactive designs: 
for “stateful reactive designs”, and 
for“normal stateful reactive designs”.
Next we define the reactive contract operator.
Definition A.4
(Reactive Contracts).
A reactive contract is a “reactive design” [7, 9]. We construct a UTP design [6] using the design turnstile operator, 
, and then apply 
to the resulting construction. The postcondition of the underlying design is split into two cases for \(wait'\) and \(\lnot wait'\), which indicate whether the observation is quiescent, and correspond to the peri- or postcondition.
Finally, we define the healthiness conditions that specialise our theory to stateful-failure reactive designs.
Definition A.5
(Stateful-Failure Healthiness Conditions).
is similar to 
, but does not refer to ref in the postcondition. If P is 
healthy then it cannot refer to ref. If P is 
healthy then the postcondition cannot refer to \(ref'\), but the pericondition can: refusals are only observable when P is quiescent [9, 18].
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Foster, S., Ye, K., Cavalcanti, A., Woodcock, J. (2018). Calculational Verification of Reactive Programs with Reactive Relations and Kleene Algebra. In: Desharnais, J., Guttmann, W., Joosten, S. (eds) Relational and Algebraic Methods in Computer Science. RAMiCS 2018. Lecture Notes in Computer Science(), vol 11194. Springer, Cham. https://doi.org/10.1007/978-3-030-02149-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-030-02149-8_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-02148-1
Online ISBN: 978-3-030-02149-8
eBook Packages: Computer ScienceComputer Science (R0)