Software Tools for the Specification Language LOTOS

ion facilities and modularity. In order to be able to suppress irrelevant detail, to decompose a specification into meaningful components, and to make a specification analysable and readable it is essential that an FDT offers these facilities. A good structure also provides the framework for analysis of specifications. 1.2.2. Examples of Specification Languages Automata theories. Finite state machines (FSM) can be used to describe an input/output function: each input generates a state transition and each state transition can generate an output. For the description of protocol systems finite state machines are usually extended with variables and queues. This technique is the basis for one of the FDTs employed by ISO (Estelle) for the work on OSI [ISO1986]. Another example is Argos [Holzmann1987]. In this approach there is a two level structure imposed on specifications, the first one being the interconnection of modules by queues and the second one being the FSMs themselves. Because of the potentially infinite queue contents, the composition of two modules is no longer a FSM, which implies that the model changes under parallel composition. Petri-nets. Petri-nets [Petri1962] are one of the oldest models for communicating systems. A Petri-net is a directed graph with two types of nodes: places and transitions. The state of a Petri-net is represented by a set of tokens that is distributed over the places. There are input arcs, leading from places (the input places) to transitions, and output arcs, leading from transitions to places. Transitions represent the possible actions of a process. These actions can only occur if each of the input places contains at least one token. When such a transition occurs (is fired), a token is removed from each input place and a token is added to each output place. Because the state is distributed over the net, Petri-nets are a faithful model of true parallelism (as opposed to arbitrary interleaving). The drawbacks of this technique are the lack of abstraction mechanisms (a component of a Petri-net cannot be a Petri-net), the notation (graphs), and the lack of a representation of data structures. Chapter