Embed Size (px)
Citation preview
SDSFoil no 1
Process Algebra
Process Algebra –calculating with behaviours
SDSFoil no 2
What
Languages for behaviour expressions:CCS, LOTOS, CSP, ACP, …with focus on concurrency and interactions
Semantics in terms of transition systems
Calculus with theorems and equivalences
Languages for behaviour expressions:CCS, LOTOS, CSP, ACP, …with focus on concurrency and interactions
Semantics in terms of transition systems
Calculus with theorems and equivalences
Language:
0,1, 2, 3, …
I, II, III, IV, ...
Language:
0,1, 2, 3, …
I, II, III, IV, ...
Semantics:
{}, {●} , {●●} , {●●●} , ...
0, succ(0), succ(succ(0)), ...
Semantics:
{}, {●} , {●●} , {●●●} , ...
0, succ(0), succ(succ(0)), ...
Calculus:
0+x = x
x+y = y+x
Calculus:
0+x = x
x+y = y+x
SDSFoil no 3
Why?
Reasoning about behaviours: understanding transforming and composing comparing deriving properties verifying and validatingUsing mathematics
Reasoning about behaviours: understanding transforming and composing comparing deriving properties verifying and validatingUsing mathematics
SDSFoil no 4
Reasoning about specification and design
•••
Specification
•••
Design
Verification
objects properties
Validation
Common representation
SDSFoil no 5
Rigid Synchronization Threes - RST
S2 = a; b + c; d S1=a; b; c S3 = a; (b + c ) S4 = a; b + a; c
a
b
c
a
b
c a
d
a
b
a
cb c
Behaviour S1 = action a followed by action b followed by action c
note the non-determinism here
SDSFoil no 6
Is S3 equivalent to S4?
S3 = a; (b + c ) S4 = a; b + a; c
a a
b
a
cb c
S3 ~ S4 ??
SDSFoil no 7
It depends ...
Traces: S3 and S4 represents the same traces
Traces: S3 and S4 represents the same traces
Observation: after a
• S3 will accept b and c
• S4 will accept b or c
Observation: after a
• S3 will accept b and c
• S4 will accept b or c
S3 = a; (b + c ) ~ S4 = a; b + a; c
a a
b
a
cb c
S3 = a; (b + c ) S4 = a; b + a; c
a a
b
a
cb c
Trace equivalence is less restrictive than observation equivalenceTrace equivalence is less restrictive than observation equivalence
1
SDSFoil no 8
Recursion
• Substitute ocurrence by definition
• loops represented by tail recursion
• Substitute ocurrence by definition
• loops represented by tail recursion
a
S1
S0 = a; S1 S1 = b + g; S3 S3 = d; S0
d
S0
S0 = a; (b + g; d; S0)
b
S3
g a
b g
d
S0
SDSFoil no 9
Algebra over RST
L- a set of actions
a, b, c L
Operations:
NIL: rst = NIL +: rst = rst + rst
prefix: rst = a; rst
Laws:
a + (b + c) = (a + b) + c
a + b = b + a
a + NIL = a
L- a set of actions
a, b, c L
Operations:
NIL: rst = NIL +: rst = rst + rst
prefix: rst = a; rst
Laws:
a + (b + c) = (a + b) + c
a + b = b + a
a + NIL = a
S T+ ST=
S
a
SDSFoil no 10
Parallel composition
B = b; DA = a; C
a
E = A | B
= a; (C | B) + b; (A | D)
C
b
D
a
C|B
b
A|D
A a Bb A a Bb
E
Note: a,b is visible outside E, but not connectedNote: a,b is visible outside E, but not connected
SDSFoil no 11
Interaction (or Synchronization)
• Complementing action pairs (a, a’) may interact
• Interaction is represented by - the unobservable action
• Interaction is synchronous or rigid - like pushing a button
• Complementing action pairs (a, a’) may interact
• Interaction is represented by - the unobservable action
• Interaction is synchronous or rigid - like pushing a button
B = a’; DA = a; C
a
E = A | B = a; (C | B) + a’; (A | D) + ;(C | D)
C
a’
D
a
C|B
a’
A|D
A a Ba’ Aa
E
C|D
Ba’
SDSFoil no 12
Restriction (or hiding)
• The restriction operator \ serves to hide gates from the environment
• \a means hiding a and a’ from the environment
• The restriction operator \ serves to hide gates from the environment
• \a means hiding a and a’ from the environment
B = a’; DA = a; C
a
E = (A | B)\a = (C | D)\a
C
a’
D
A a Ba’ Aa
E
C|D\a
Ba’
(A | B)\a = A||B
SDSFoil no 13
Basic CCS
• - set of unmarked actions
• ’ - set of marked actions
• L = U ’ - set of visible actions (labels)
• Act = U - total set of actions (labels)
• E - a process expression
• a – an action in L
• – an action in Act
Operators:
E = NIL
E = E + E choice (sum) composition
E = a; E prefix (sequence) composition
E = E | E parallel composition
E = E \ a restriction - hiding a and a’ in st
E = E || E combined composition and restriction = S | T \A
where A is the set of labels that have complements in S and T
• - set of unmarked actions
• ’ - set of marked actions
• L = U ’ - set of visible actions (labels)
• Act = U - total set of actions (labels)
• E - a process expression
• a – an action in L
• – an action in Act
Operators:
E = NIL
E = E + E choice (sum) composition
E = a; E prefix (sequence) composition
E = E | E parallel composition
E = E \ a restriction - hiding a and a’ in st
E = E || E combined composition and restriction = S | T \A
where A is the set of labels that have complements in S and T
SDSFoil no 14
What is the structure defined by
• E = R | S | T
• E = R | S | T \ b
• E = R | S | T \ b\d\g
• E = R || S || T
Where:
???
• E = R | S | T
• E = R | S | T \ b
• E = R | S | T \ b\d\g
• E = R || S || T
Where:
???
bS
a
g
Tb’
g’
dR
b’
d’
SDSFoil no 15
The results
• E = R | S | T
• E = R | S | T \ b
• E = R | S | T \ b\d\g
• E = R || S || T
• E = R | S | T
• E = R | S | T \ b
• E = R | S | T \ b\d\g
• E = R || S || T
bS
a
g
Tb’
g’
dR
b’d’
E
bS
a
g
Tb’
g’
dR
b’d’
E
bS
a
g
Tb’
g’
dR
b’d’
E
a
SDSFoil no 16
Try to expand yourself
Given:
A = a; A1 + b; A2
B= a’; B1 + b’; B2
expand:
A|B =
and:
A|B\a,b =
Given:
A = b; A + ; a’; A
B = ; b’; B + a; B
expand:
A||B = (Models two-way synchronised method calls)
any problems? any lessons to be learned?
Given:
A = a; A1 + b; A2
B= a’; B1 + b’; B2
expand:
A|B =
and:
A|B\a,b =
Given:
A = b; A + ; a’; A
B = ; b’; B + a; B
expand:
A||B = (Models two-way synchronised method calls)
any problems? any lessons to be learned?
SDSFoil no 17
Semantics - Labeled Transition Systems
A labelled transition system (LTS) is a 4-tuple <S, L, T, s0 > where:
• S is a (countable) non-empty set of states;
• L is a (countable) set of observable actions;
• T S x (L U { }) x S is the transition relation;
• s0 S is the initial state
There are several notations:
• Synchronization Trees are (graphical) notation for LTS
• CCS contains textual notation for LTS
• LOTOS is a textual notation for LTS
A labelled transition system (LTS) is a 4-tuple <S, L, T, s0 > where:
• S is a (countable) non-empty set of states;
• L is a (countable) set of observable actions;
• T S x (L U { }) x S is the transition relation;
• s0 S is the initial state
There are several notations:
• Synchronization Trees are (graphical) notation for LTS
• CCS contains textual notation for LTS
• LOTOS is a textual notation for LTS
SDSFoil no 18
and this LTS:and this LTS:
Transitions and LTS
These expressions:S0 = a; S1
S1 = b + g; S3
S3 = d; S0
define these transitions:
These expressions:S0 = a; S1
S1 = b + g; S3
S3 = d; S0
define these transitions:
10 SS a
S0 = a; S1
S1 = b + g; S3
NIL S3 = d; S0
S0
a
gb
d
31 SS gNILS b1
03 SS d
SDSFoil no 19
Transition Rules
• Transition rules define the precise semantics of each combinator: prefix, +, |, \ , /,
• Transition rules may be seen as rewrite rules
• You apply the rules systematically to find out what may happen
• Transition rules define the precise semantics of each combinator: prefix, +, |, \ , /,
• Transition rules may be seen as rewrite rules
• You apply the rules systematically to find out what may happen
α; E Eα
→
Act
E E’α
→
Com1 α
→
E|F E’|F
F F’α
→
Com2 α
→
E|F E|F’
E E’α
→
Com3
→
E|F E’|F’
F F’α’
→
Ej E’jα
→
Sumj
α
→
∑i in I Ej E’j (j in I)
E E’α
→
Resα
→
E\L E’\L
(α, α’ not in L)
SDSFoil no 20
Towards the expansion theorem
• only one transition at the time (interleaving semantics)
• include all possible transitions
• only one transition at the time (interleaving semantics)
• include all possible transitions
u = a’; u1
t | u = a; (t1 | u) + b; (t2 | u) + a’; (t | u1 ) + (t1 | u1)
a’ a
t1|u
a’
t2|u t1|u1
a b
t = a; t1 + b; t2
t1 t2 u1
b
t|u1
SDSFoil no 21
Expansion theorem
• t = i i ti
• u = k k uk
expansion without restrictions
• t | u = i i (ti | u) + k k (t | uk)
+ ik’ (ti | uk)
expansion with restrictions A = a1 \ a2 \ ...
• t | u \ A= i (i) i (ti | u) \ A
+k (k) k (t | uk) \A
+(ik’ ) (ti | uk) \A
general expansion
• t = (t 1 | t 2 | … | t m) \ A = … try it yourself
• t = i i ti
• u = k k uk
expansion without restrictions
• t | u = i i (ti | u) + k k (t | uk)
+ ik’ (ti | uk)
expansion with restrictions A = a1 \ a2 \ ...
• t | u \ A= i (i) i (ti | u) \ A
+k (k) k (t | uk) \A
+(ik’ ) (ti | uk) \A
general expansion
• t = (t 1 | t 2 | … | t m) \ A = … try it yourself
SDSFoil no 22
Why bother with expansion?
• Finding errors: deadlocks, livelocks, etc. (validating internal interfaces)
• Checking properties: liveness, recurrence, etc
• Finding the external behaviour of a composite system D
• Checking the behaviour of a composite system D against specifications S
• Comparing systems: is S and D equivalent? can S and D replace each other seen from E?
• Finding systems satisfying a specified behaviour
• Finding errors: deadlocks, livelocks, etc. (validating internal interfaces)
• Checking properties: liveness, recurrence, etc
• Finding the external behaviour of a composite system D
• Checking the behaviour of a composite system D against specifications S
• Comparing systems: is S and D equivalent? can S and D replace each other seen from E?
• Finding systems satisfying a specified behaviour
cD1
a
g
D2c’
g’
b’
Sa b’
DE
e a’
SDSFoil no 23
An example: specification and design of ATM
Specification:
ATM1 = gm; (m’; ATM1 + r’; ATM1)
Design:
ATMSYSTEM = ATM2 || BANK
where:
ATM2 = gm; ca’; (ok; m’; ATM2 + nok; r’; ATM2)
BANK = ca; (ok’; BANK + nok’; BANK)
Specification:
ATM1 = gm; (m’; ATM1 + r’; ATM1)
Design:
ATMSYSTEM = ATM2 || BANK
where:
ATM2 = gm; ca’; (ok; m’; ATM2 + nok; r’; ATM2)
BANK = ca; (ok’; BANK + nok’; BANK)
ATM1gm
m’
r’
ATM2
gm
m’
r’BANK
ca
ok’nok’
ca’
oknok
ATMSYSTEM
gm
m’
r’
Is ATMSYSTEM equivalent to ATM1?
Is ATMSYSTEM compliant with ATM1?
can ATMSYSTEM replace ATM1?
SDSFoil no 24
Expanding the ATMSYSTEM
ATMSYSTEM = ATM2 || BANK
where:
ATM2 = gm; ca’; (ok; m’; ATM2 + nok; r’; ATM2)
BANK = ca; (ok’; BANK + nok’; BANK)
ATMSYSTEM = gm; (ca’; (ok; m’; ATM2 + nok; r’; ATM2))|| BANK = gm; ok; m’; ATM2 + nok; r’; ATM2)|| (ok’; BANK + nok’; BANK)
=gm; m’; ATM2 )||BANK) + r’; ATM2)||BANK)) =gm; (m’; (ATM2 ||BANK) + r’; (ATM2||BANK)))
Is ATMSYSTEM equivalent to ATM1 = gm; (m’; ATM1 + r’; ATM1)?
ATMSYSTEM = ATM2 || BANK
where:
ATM2 = gm; ca’; (ok; m’; ATM2 + nok; r’; ATM2)
BANK = ca; (ok’; BANK + nok’; BANK)
ATMSYSTEM = gm; (ca’; (ok; m’; ATM2 + nok; r’; ATM2))|| BANK = gm; ok; m’; ATM2 + nok; r’; ATM2)|| (ok’; BANK + nok’; BANK)
=gm; m’; ATM2 )||BANK) + r’; ATM2)||BANK)) =gm; (m’; (ATM2 ||BANK) + r’; (ATM2||BANK)))
Is ATMSYSTEM equivalent to ATM1 = gm; (m’; ATM1 + r’; ATM1)?
SDSFoil no 25
Some behaviours are more equal than others
• Strong bisimulation: equally labelled transitions to states with equivalent behaviour (including transitions):
P ~ Q iff, for all α in Act:
(i) Whenever P P’ then, for some Q’ , Q Q’ and P’ ~ Q’
(ii) Whenever Q Q’ then, for some P’ , P P’ and P’ ~ Q’
• Weak bisimulation, observation equivalence ≈
P ≈ Q iff, for all α in Act:
(i) Whenever P P’ then, for some Q’ , Q Q’ and P’ ≈ Q’
(ii) Whenever Q Q’ then, for some P’ , P P’ and P’ ≈ Q’
(ignoring transitions)
• Trace equivalence: all traces are equal
• Strong bisimulation: equally labelled transitions to states with equivalent behaviour (including transitions):
P ~ Q iff, for all α in Act:
(i) Whenever P P’ then, for some Q’ , Q Q’ and P’ ~ Q’
(ii) Whenever Q Q’ then, for some P’ , P P’ and P’ ~ Q’
• Weak bisimulation, observation equivalence ≈
P ≈ Q iff, for all α in Act:
(i) Whenever P P’ then, for some Q’ , Q Q’ and P’ ≈ Q’
(ii) Whenever Q Q’ then, for some P’ , P P’ and P’ ≈ Q’
(ignoring transitions)
• Trace equivalence: all traces are equal
α
→
α
→
α
→
α
→
α
→
α^ α
→
α^
SDSFoil no 26
- Laws
• a; B ≈ a; B
• B + B ≈ B
• a; (B + C) + a;C ≈ a; (B + C)
• B ≈ B
but
• B ~ B
• a; B ≈ a; B
• B + B ≈ B
• a; (B + C) + a;C ≈ a; (B + C)
• B ≈ B
but
• B ~ B
SDSFoil no 27
Relabelling
B [b / a, c / b ] - replace a by b and b by c in B
• enables meaningful reuse of behaviour:
B [b / a, c / b ] - replace a by b and b by c in B
• enables meaningful reuse of behaviour:
Ba b’
ThreePlaceBuffer = (B | B [b/a, c/b] | B [c/a, d/b]) \b\c
= ?? expand it yourself!
B = a b’ B
a
B
b’
Ba b’
Bb c’
Bc d’
ThreePlaceBuffer
SDSFoil no 28
Data in CCS
• Buffer = in(x); Buffer’(x)
• Buffer’(x) = out(x)’; Buffer
• where x belong to some fixed value set V
• Buffer = in(x); Buffer’(x)
• Buffer’(x) = out(x)’; Buffer
• where x belong to some fixed value set V
SDSFoil no 29
Comparing with SDL
What is different?
• Syntax
• Components
• Communication/synchronisation
• Data
• Time
• Object-orientation
• Semantics
Mapping SDL on CCS - is it possible? How?
What is different?
• Syntax
• Components
• Communication/synchronisation
• Data
• Time
• Object-orientation
• Semantics
Mapping SDL on CCS - is it possible? How?
SDSFoil no 30
MSC and CCS
• From exam 1998: how to model this in CCS?• From exam 1998: how to model this in CCS?
a
b
ZYX
MSC A
– how to model each instance in CCS?
– how to model the medium, i.e. the rule that output must precede input?
– what is the resulting synchronisation tree when using the expansion theorem?
– what if the medium is an SDL fifo queue? Any deadlocks possible?
