Abstract
Context and Aim
Our interaction with some kind of computational-based device is nowadays unavoidable. Daily, we encounter an average of 50 microprocessors hidden in a diversity of systems, such as wrist watches, CD players, telecommunication and medical equipment, cars, and air traffic control systems. The malfunction of any of these systems has a variety of consequences, ranging from simply annoying to life threatening ones. For many of such systems, it is crucial that they provide a correct and efficient service.
In order to gain confidence that such devices satisfy our standards of service, it has been recognised that formal analysis has to be carried out as part of their development. In this respect, we are particularly interested in the design stage.
Most of the "everyday" systems require real-time interaction. A real-time system is a system whose behaviour is constrained by requirements concerning the occurrence of events in (real) time. These timing conditions may speak about the acceptable performance of the system or about a deadline that should be met. We can differentiate between two classes of real-time constraints: those that require that a system must react in time, and those that it should react in time but occasionally may not. If a system belongs to the first category it is referred to as a hard real-time system, if it belongs to the second one, as a soft real-time system.
The analysis of hard real-time systems requires a full exploration of its behaviour searching for undesirable situations. The violation of a timing requirement is unacceptable. There are only two options: a system is correct or not. The act of formally analysing whether a system satisfies a property or not, is known as verification. In contrast, the analysis of soft real-time systems requires a parameter of adequacy. The soft real-time requirements are typically concerned with the performance characteristics of systems and are usually related to stochastic aspects of various forms of time delay, such as the mean and variance of a message transfer delay. In addition, a stochastic study of the system also allows for reliability analysis, such as, average fraction of time during which the system operates correctly.
Probably, the simplest way to represent the behaviour of systems is by means of automata. An automaton is a graph containing nodes and directed, labelled edges. Nodes represent the possible states of a system and edges (or transitions) represent activity by joining two nodes: one being the source state, that is, the state before "executing" the transition, and the other, the target state, which is the state reached after executing the transition. Automata have been extended in many forms and used for many purposes, including verification of systems. A way to carry out verification is by means of semantic relations between automata. That is, both the requirements and the system are specified by automata, the first one being usually simpler, and they are checked to be related by an equivalence or a preorder relation. Such a relation represents a notion of "implementation" or "conformance". We are particularly interested in so-called bisimulation-like equivalence relations.
In order to specify complex systems we need a structured approach, a systematic methodology that allows us to build large systems from the composition of smaller ones. Process algebras were conceived for such a hierarchical specification of systems. Each element of a process algebra represents the behaviour of a system in the same way as an automaton does. In addition, a process algebra provides operations that allow to compose behaviours in order to obtain more complex systems. As any algebra, a process algebra satisfies axioms or laws. The interest of having an axiomatisation for a process algebra is two-fold. First, the concept of algebra is fundamental in mathematics. Therefore, the given axiom system will help for the understanding of the discussed process algebra and the concepts it involves. Second, the analysis and verification of systems described using the process algebra can be partially or completely carried out by mathematical proofs using the equational theory.
In this thesis we introduce and study process algebras and automata for the design and analysis of hard and soft real-time systems.
Since the characteristics of the information we want to collect from soft real-time system is stochastic, we also refer to these systems as stochastic systems. For simplicity, we refer to hard real-time systems as timed systems.
Algebras and Automata for Timed Systems
Timed automata are a well-established model for the analysis of hard real-time systems that has been used successfully in many case studies. Inherently, timed systems induce infinite behaviours due to the representation of dense time. Timed automata propose a symbolic way to describe this infinite behaviour. Therefore, a full state space exploration can be carried out in a "symbolically finite" state space. This is one of the main reasons for the popularity of this model. Despite this popularity, no algebraic theory of timed automata has been proposed so far.
In the first part of the dissertation we review the existing theory. We give a formal definition of timed transition system and adapt a timed bisimulation to this framework (Chapter 3). Chapter 4 discusses the timed automata model and give semantics in terms of timed transition systems. We also define several notions of bisimulation equivalence both at a concrete and at a symbolic level.
In the subsequent chapters, the main contribution of this first part is developed: a process algebra for timed automata which we call 
(read hearts). Its syntax contains the same "ingredients" as the timed automata model. Its semantics is given both in terms of timed automata and timed transition systems. We also provide an axiomatic theory that allows us to manipulate algebraically timed automata. Traditional results in process algebras such as congruence, soundness, completeness, elimination, and expansion law are studied. Finally, Chapter 7 discusses several applications of including the specification and analysis of timed systems, and algebraic reasoning of timed automata.
Algebras and Automata for Stochastic Systems
Although many models have been successfully used for the analysis of performance and reliability of soft real-time systems, none of them provide a general and suitable model to represent systems compositionally. In the second part of the thesis, this problem is addressed.
Chapter 8 introduces probabilistic transition systems. This model allows for arbitrary probability distributions and hence stochastically distributed dense time can be represented in a straightforward manner. A probabilistic bisimulation is defined on this model. The use of probabilistic transition systems as a specification model is not attractive however since they are highly infinite objects. In Chapter 9, we define a new model based on generalised semi-Markov processes and timed automata which we call stochastic automata. The stochastic automata model is a general symbolic stochastic model that provides an adequate framework for composition. Its semantics is given in terms of probabilistic transition systems. We also define equivalences at the symbolic level, i.e., on the level of stochastic automata.
Several stochastic process algebras have been introduced in the last decade. The most successful ones restrict to the so-called Markovian case. General approaches to stochastic process algebras followed a less successful path, mainly due to the lack of a suitable models to represent the general case in a compositional fashion. Using stochastic automata as the underlying semantic model, we define 
(read spades), a process algebra for stochastic automata. This stochastic process algebra considers arbitrary distributions and non-determinism. A particular characteristic is that parallel composition and synchronisation can be easily defined in the model, and it can be algebraically decomposed in terms of more primitive operations according to a so-called expansion law. We remark that this last property is not present in any of the other existing general stochastic process algebras. Like for , we also study results such as congruence, soundness, completeness, and elimination in the context of . This is done in Chapters 10 and 11.
In order to show the feasibility of the analysis of systems specified in , we report in Chapter 12 on algorithms and prototypical tools we have developed to study correctness as well as performance and reliability. The tools were used to analyse several case studies that are reported as well.
Download the full thesis