432 Index and zeno-timelocks, 361–376 completed loop, 359 half loop, 359 inherently safe loop, 348, 363–367 non-simple loop and zeno-timelocks, 373–374 nonsimple loop, 359 simple loop, 359 LOTOS, 19–54, 238 and behavioural subtyping, 167–177 extension and subtyping, 170 reduction and subtyping, 170 trace preorder and subtyping, 169 undefinedness, 171–177 and CCS, 217–222 internal behaviour, 221 observational congruence, 221 parallel composition, 217 retriction and hiding, 220 and CSP, 222–232 alphabets, 222 choice, 225–227 development relations and congru- ence, 230 divergence, 228 hiding and concealment, 227 internal actions, 224 parallel composition, 227 and object-oriented concepts, 166–167 and viewpoint consistency, 177–180 sequential strong bisimulation, 127 specification, 190 LTL (Linear Temporal Logic), 382 LTS seeLabelled Transition Systems, 78 model-checking CTL mode checking, 246 real-time model-checking, 332–345, 347 trace generation, 340 MONA, 378, 383–384, 392 Multimedia Stream (example), 281, 324, 341, 358, 359, 386 network of Communicating Automata, 237 of Discrete Timed Automata, 385–386 of Infinite State Communicating Automata, 253 of Timed Automata, 322, 330, 333 nondeterminism and maximal progress, 271 and time, 271–272 in LOTOS, 30–34, 43 and internal actions, 27 nonzenoness, see zeno-timelock observer, 22, 23, 27, 32, 141, 165 on-the-fly (verification), 332 over-approximation, 343 parallel composition and timing of nonadjacent actions, 274 in Communicating Automata, 236–239 in Discrete Timed Automata, 387–389 in Infinite State Communicating Automata, 252–254 in LOTOS, 41–47 BES semantics, 118 generalised parallelism, 189 LTS semantics, 81 trace semantics, 69 in Timed Automata, 322, 328–329 in Timed Automata with Deadlines, 356 in tLOTOS TBES semantics, 313 TTS semantics, 293 pbLOTOS, 20 syntax, 50 persistency, 270–271 and strong timing policy, 270 and weak timing policy, 271 in tLOTOS, 299 preorder, 11, 58 trace preorder, 73 Prime Event Structures, 134 process calculi, 19 process instantiation in LOTOS, 34–40 BES semantics, 122 LTS semantics, 83 trace semantics, 71 in tLOTOS Index 433 TBES semantics, 316 TTS semantics, 296 product automaton in Communicating Automata, 237 in Discrete Timed Automata, 387, 391 in Infinite State Communicating Automata, 253 in Timed Automata, 322, 330, 333, 340 in Timed Automata with Deadlines, 357 proving sequence, 111 reachability algorithm, 334, 339–340 analysis, 333 graph, see forward reachability graph property in Communicating Automata, 245 in Timed Automata, 333 recursion in LOTOS, 35 reduction, 156 refinement, see preorder region graph, 332 relabelling, 40 in LOTOS BES semantics, 121 LTS semantics, 82 trace semantics, 71 in tLOTOS TBES semantics, 310 TTS semantics, 293 reset set in Timed Automata, 322, 324 in Timed Automata with Deadlines, 355 RSL (Ready Simulation Logic), 163 run convergent, 328, 349, 368 divergent, 328, 364 in Timed Automata, 326, 328 zeno, 328, 350 safety, 379 in Communicating Automata, 245 in Discrete Timed Automata, 389–394 in Fair Transition Systems, 382 in Timed Automata, 333 selection predicates (LOTOS), 202 semantics, 55 and recursion, 61 BES semantics, 115–134 in Communicating Automata, 240 in Communicating Automata, 240–241 in Discrete Timed Automata, 387–389 in Infinite State Communicating Automata, 254–256 in Timed Automata, 322, 325–332 in Timed Automata with Deadlines, 356 in tLOTOS, 287–320 LTS semantics, 10 in Communicating Automata, 240 in Discrete Timed Automata, 387 in LOTOS, 76–101 operational semantics, see LTS semantics semantic map, 57 semantic notation, 57 TBES semantics for tLOTOS, 308–318 trace semantics, 10, 63–76 in Communicating Automata, 240 trace-refusals semantics, 10, 141–161 and bisimulations, 142 and internal behaviour, 146–151 and testing, 160–161 failures, 143 from Labelled Transition Systems, 145 in Communicating Automata, 240 refusals, 143 traces from Labelled Transition Systems, 84 TTS semantics in Timed Automata, 330 in Timed Automata with Deadlines, 356 TTS semantics for tLOTOS, 289–299 sequential composition, see enabling simulation, 96 ready simulation, 98 ready simulation testing, 163 SNZ, see strong nonzenoness solution set, 334 434 Index Stable Event Structures, 136 state concrete state, 332 in Communicating Automata, 233–234, 241–246 in Discrete Timed Automata, 378 in Fair Transition Systems, 381 in Infinite State Communicating Automata, 250, 254–256 and effects, 252 and preconditions, 251, 254 in LOTOS, 38 in Timed Automata, 325, 330, 332 in Timed Automata with Deadlines, 356 state-based and action-based formalisms, 249–250 successors, 334, 338 symbolic state, 332, 334 strong nonzenoness, 348, 361–363 and completed loops, 362–363 and half loops, 362–363 symmetry reduction, 344 synchronisation, 4–5, 43 and initiation and termination of enabling, 272 and punctual enabling, 272 and simple enabling, 272 and strong nonzenoness, 362–363 and time, 272–273 and time-actionlocks, 352–353 bi-party synchronisation, see binary synchronisation binary synchronisation, 321 in Communicating Automata, 236, 252 in Discrete Timed Automata, 378, 389 in Infinite State Communicating Automata, 252, 254 in LOTOS, 46–47 in Timed Automata, 322 in Timed Automata with Deadlines, 353–354, 357 multi-party synchronisation, see multiway synchronisation multiway synchronisation, 46 TAD, see Timed Automata with Deadlines TBES, see Timed Bundle Event Structures TCTL (Timed Computation Tree Logic), 332 temporal logic, 19 in Communicating Automata, 241–246 in Timed Automata, 332 termination in LOTOS, 47 BES semantics, 116 LTS semantics, 79 trace semantics, 68 in tLOTOS TBES semantics, 309 TTS semantics, 291 test automata, 345 testing theory, 141, 161–166 and bisimulations, 165 sequence-based testing, 162 tree-based testing, 163–166 time global time, 263 and timing of nonadjacent actions, 275 quantitative time, 261, 262, 276 relative time, 263 time continuity in tLOTOS, 297 time determinism in tLOTOS, 298 time measurement, 273 timed interaction policies, 275 timing domains, 273 timing of nonadjacent actions, 274 time measurement and timing of nonadjacent actions, 275 time reactiveness, 348, 385 time-actionlock, 347, 350, 352–358 in Discrete Timed Automata, 387 Timed Automata, 321–345 Timed Automata with Deadlines, 348, 353–358, 385 Timed Bundle Event Structures, 305–307 Timed Communicating Automata, see Timed Automata Timed Process Calculi, 261–278 Index 435 timed proving sequence, 307 Timed Transition Systems, 287 timelock and real-time model-checking, 374–376 and TCTL, 374–376 and test automata, 374–375 in Timed Automata, 322, 347–376 in timed process calculi, 351 in tLOTOS and Timed Bundle Event Struc- tures, 318–320 and Timed Transition Systems, 283–285 tLOTOS, 278–285 syntax, 279 transition action transition, 326 and timelocks, 349–352 compassionate transition, 382 escape transition, 366, 369 idling transition, 381 in Communicating Automata, 234 in Timed Automata, 324 in Timed Automata with Deadlines, 355 just transition, 382 nonidle transition, 381 time transition, 326 transition formula, 381, 391 TTS, see Timed Transition Systems under-approximation, 343 Uppaal, 321, 339, 374 urgency and time-actionlocks, 352–353 ASAP (As Soon As Possible), 269 in Discrete Timed Automata, 379, 387 in Timed Automata, 322 in Timed Automata with Deadlines, 353–354, 357 in timed process calculi, 267–269 in untimed process calculi, 267 Maximal Progress, 269, 276 and interactions, 277 and internal actions, 277 Minimal Delay, 269 on upper bounds, 276 and internal actions, 277 urgency operator, 268 urgent actions, 268 urgent internal actions, 269, 276–278 variable in Discrete Timed Automata, 255, 378, 384–385 in Fair Transition Systems, 381 in Infinite State Communicating Automata, 251 primed variable, 381 time variable, 378 WS1S (Weak Monadic Second Order Theory of 1 Successor), 383–384 WS1S (Weak Monadic Second-order Theory of 1 Successor), 378 zeno-timelock, 347, 350, 359–376 and completed actions, 368 and networks of TAs, 368 and reachability analysis, 348, 369–374 local zeno-timelock, 368–369 sufficient-and-necessary conditions, 348, 368–374 sufficient-only conditions, 348 syntactic conditions, 361–367 and compositionality, 366–367 zone, 334 canonical, 342 conjunction, 334 forward projection, 335 minimal representation, 343 normalisation, 335, 338, 343 reset, 335 . 177–180 sequential strong bisimulation, 127 specification, 190 LTL (Linear Temporal Logic), 382 LTS seeLabelled Transition Systems, 78 model-checking CTL mode checking, 246 real-time model-checking, 332–345, 347 trace. 30–34, 43 and internal actions, 27 nonzenoness, see zeno-timelock observer, 22, 23, 27, 32, 141, 165 on-the-fly (verification), 332 over-approximation, 343 parallel composition and timing of nonadjacent. 381 time variable, 378 WS1S (Weak Monadic Second Order Theory of 1 Successor), 383–384 WS1S (Weak Monadic Second-order Theory of 1 Successor), 378 zeno-timelock, 347, 350, 359–376 and completed actions,