Upload
lev-pugh
View
36
Download
2
Embed Size (px)
DESCRIPTION
Unifying Theories of Concurrency: CCSandCSP. He Jifeng and Tony Hoare BCTCSApril 6, 2006. Why?. just for the sake of it as a scientific achievement to explain differences between theories and what they are good for to integrate more general toolsets for coherence and consistency - PowerPoint PPT Presentation
Citation preview
Unifying Theories of Concurrency:
CCS and CSP
He Jifeng and Tony Hoare
BCTCS April 6, 2006
Why?
• just for the sake of it– as a scientific achievement
• to explain differences between theories– and what they are good for
• to integrate more general toolsets– for coherence and consistency– in system design, implementation, ...
A Transition System
• a set P of processes: nil, p, q, Lp,…
• a set A of observations: a, b, …– communications: x, y,...– hidden events: , ,...– meaningful barbs: ref(X), δ …
• a relation T P × A × P a {(p,q) | (p,a,q) T}
ab
a c
ref(X)x
b
Traces
• p q p = q
• p <a>s r q. p a q & q s r
• p s _ q. p s q
• traces(p) { s | p s _ }
(Strong) Simulation
• ≤ is the weakest x P×P such that
a:A, x ; a a ; x– describes efficient model checking algorithm
• ≡ ≤ ∩ ≥
Theorem: ≤ and ≡ are pre-orders– Id and ≤ ; ≤ satisfy the defining equation
Refinement
⊑ is the weakest x P×P such that
s:A*, x ; s s ; U
Theorem: ≤ ⊑– one defining equation implies the other
Theorem: p ⊑ q iff traces(q) traces(p)
L : P → P
• is a link if it maps all processes of its source theory to all processes of its target theory.
• ≤ L L ; ≤ ; L
– i.e., p ≤ L q iff Lp ≤ Lq
• ⊑ L L ; ⊑ ; L
• Theorem: ≤ L , ⊑ L are preorders – L ; L = Id
L is monotonic ≤ ≤ L
or equivalently:– p ≤ q Lp ≤ Lq , all p, q– ≤ ; L L ; ≤
consequently:– all order-theorems of source theory are valid
in the target theory
L is idempotent L ; L ; ≤ = L ; ≤
or equivalently: – L(Lp) ≡ Lp , all p
consequently:– ≤ L = ≤ (restricted to target theory)
– Lp ≡ p iff p is in target theory
L is decreasing L ≤
or equivalently:– Lp ≤ p , for all p – ≤ L ; ≤
consequently:– the target theory is more abstract– Lp is the closest abstraction of p within the
target theory.
L is efficient L ; ≤ = ≤ L
or equivalently:– Lp ≤ q iff Lp ≤ Lq , all p, q
consequently:– to test : spec ≤ L imp,
model-check : L(spec) ≤ imp,– (as is done in FDR)
L is a retraction iff
• it is decreasing ≤ L ; ≤• it is idempotentL ; L ; ≤ L ; ≤• it is monotonic ≤ ; L L ; ≤
Theorem: L is a retraction
iff L is efficient
iff L ; ≤ is a preorder
quarter of the proof
• L is a retraction (L ; ≤) is a preorder
– Id (≤) (L ; ≤) {L dec}
– (L ; ≤ ; L ; ≤) (L ; L ; ≤ ; ≤) {L mon}
L ; ≤ {L idem}
Weak Simulation
p =a=> q ----------------------- Wp <a> Wq
where ==> *
and =a=> * <a> * for a and * <> < > …
Theorem: W is a retraction
The original graph
a
b
W only adds transitionsso it is decreasing
a
bW
W
W
W
a
a
a
W
W W adds no moreso it is idempotent
a
bW W
W W
W W
WW
a
a
a
W W
(W; ≤ ) is weak simulation
Theorem: it is the weakest solution of the defining equations– x ; <a> * <a> * ; x, for a – x ; * ; x
• CCS/weak simulation is a retract (by W)
of CCS/strong simulation
After
• p / s is the most general behaviour of pafter performing all of trace s
p s <a> _
-----------------------
p/s a p/(s<a>)
The original graph
b c
a a
p
The effect of _ /a
b
b c
c
a a
p/a
p/ac
p
p/ab
Trace refinement
p a _ _ & p/a = q& p/a = q
-----------------------------
Tp a Tq
Theorem: T is a retraction
and (T ; ≤ ) = ⊑
The original graph
b
b c
c
a a
p/a
p/ac
p
p/ab
The effect of T
b
b c
c
a a
T(p/a)
T(p/ac)
Tp
T(p/ab)
a
CSP is a retract of CCS
Theorem: (W;T) is a retraction
and (W; T; ≤) is CSP trace refinement
Conclusion: CSP/trace refinement is a retract of CCS/weak simulation.
ref(X) is a refusal
where X is a set of communications
x X {}
p x _ p x q
-------------------- ---------------
Rp ref(X) Rp Rp x Rq
Theorem: (R ; ≤ ; R) is ⅔ simulation
Divergences
p p' p'' … forever------------------------------------------
Dp δ Dr & Dp a Dr
p a q--------------- Dp a Dq
Theorem: D is a retraction
CSP/FDR = L(CCS /≤)• where L = D ; R ; W ; T is a retraction
– with respect to ≤D;R
• L is defined by SOS transition rules.
• CSP healthiness conditions are expressed
p ≡ L(p)
• CSP refinement coincides with simulation
• variations of CSP and CCS defined by
selection from: T, D, R, W,…
CCS
• is more general– applies to all edge-labelled graphs
• has less laws– the minimum reasonable set
• is less expressive– uses equivalence rather than ordering
CSP• describes distributed computing
– graphs restricted by healthiness conditions
• has more laws– for optimisation and reasoning– the maximum reasonable set
respecting deadlock and divergence
• is more expressive– ordering represents correctness– and refinement of system from specification