Complex Systems Design & Distributed Calculus and Coordination
|
|
- Dwain Webster
- 5 years ago
- Views:
Transcription
1 Complex Systems Design & Distributed Calculus and Coordination Concurrency and Process Algebras: Theory and Practice Francesco Tiezzi University of Camerino A.A. 2014/2015 F. Tiezzi (Unicam) CoSyDesign & DCC 1 / 50
2 Who I am Prof. Francesco Tiezzi Associate Professor at University of Camerino web: tel.: francesco.tiezzi@unicam.it address: University of Camerino School of Science and Technology Computer Science Division Palazzo Battibocca Via del Bastione, , Camerino (MC), Italy F. Tiezzi (Unicam) CoSyDesign & DCC 2 / 50
3 Process algebraic approach A Process Algebraic Approach to Complex Systems Design Process algebra: theory that underpins the semantics of concurrent programming and the understanding of concurrent, distributed, and mobile systems It provides a natural approach to the design of those systems structuring them into a set of autonomous components that can evolve independently of each other and from time to time can communicate or simply synchronize compositionality: ability to build complex systems by combining simpler systems abstraction: ability to neglect certain parts of a model Tools assist modeling and analysis of the various functional and non-functional aspects of those systems F. Tiezzi (Unicam) CoSyDesign & DCC 3 / 50
4 Process algebraic approach A Process Algebraic Approach to Complex Systems Design Focus of this part of the course: Tools assist modeling and analysis of the various functional and non-functional aspects of those systems F. Tiezzi (Unicam) CoSyDesign & DCC 3 / 50
5 Outline 1/2 Concurrent Programming and Reactive Systems Process algebraic approach Semantics of regular expressions CCS pseuco TAPAs F. Tiezzi (Unicam) CoSyDesign & DCC 4 / 50
6 Outline 2/2 Behavioural equivalences Modal Logics Other tools: LTSA, mcrl2, UPPAAL Klaim Klava... F. Tiezzi (Unicam) CoSyDesign & DCC 5 / 50
7 What is Concurrent Programming Multiple processes (or threads) working together to achieve a common goal A sequential program has a single thread of control A concurrent program has multiple threads of control allowing it to perform multiple computations in parallel and to control multiple external activities occurring at the same time Communication The concurrent threads exchange information via indirect communication: the execution of concurrent processes proceeds on one or more processors all of which access a shared memory; care is required to deal with shared variables direct communication: concurrent processes are executed by running them on separate processors, threads communicate by exchanging messages F. Tiezzi (Unicam) CoSyDesign & DCC 6 / 50
8 Why Concurrent Programming 1 Performance: To gain from multiprocessing hardware (parallelism) 2 Distribution: Some problems require a distributed solution, e.g. client-server systems on one machine and the database on a central server machine 3 Ease of programming: Some problems are more naturally solved by concurrent programs 4 Increased application throughput: an I/O call need only to block one thread 5 Increased application responsiveness: High priority threads for user requests 6 More appropriate structure: For programs which interact with the environment, control multiple activities and handle multiple events F. Tiezzi (Unicam) CoSyDesign & DCC 7 / 50
9 Examples of multi-threaded programs 1 windowing systems on PCs 2 embedded real-time systems, electronics, cars, telecom 3 web servers, database servers... 4 operating system kernel F. Tiezzi (Unicam) CoSyDesign & DCC 8 / 50
10 Do I need to know about concurrent programming? Concurrency is error prone Soviet nuclear false alarm incident (1983) [fault in sw for missile detections] Therac-25 radiation overdose ( ) [sw interlock fault due to a race condition] MIM-104 Patriot Missile Clock Drift (1991) [a sw fault in the system s clock] Explosion of the Ariane 5 (1996) [self-destruction was triggered by an overflow error] North America blackout (2003) [race condition caused an alarm system failure] Mars Rover problems (2004) [interaction among concurrent tasks caused periodic sw resets]... for sure you have experienced deadlock on your machine and pressed restart (even if you have a Mac) F. Tiezzi (Unicam) CoSyDesign & DCC 9 / 50
11 Do I need to know about concurrent programming? Concurrency is error prone Soviet nuclear false alarm incident (1983) [fault in sw for missile detections] Therac-25 radiation overdose ( ) [sw interlock fault due to a race condition] MIM-104 Patriot Missile Clock Drift (1991) [a sw fault in the system s clock] Explosion of the Ariane 5 (1996) [self-destruction was triggered by an overflow error] North America blackout (2003) [race condition caused an alarm system failure] Mars Rover problems (2004) [interaction among concurrent tasks caused periodic sw resets]... for sure you have experienced deadlock on your machine and pressed restart (even if you have a Mac) F. Tiezzi (Unicam) CoSyDesign & DCC 9 / 50
12 Sequential Programming vs Concurrent Programming Sequential Programming Denotational semantics: the meaning of a program is a partial function from states to states Nontermination is bad! In case of termination, the result is unique Concurrent - Interactive - Reactive Programming Denotational semantics is very complicate due to nondeterminism Nontermination might be good! In case of termination, the result might not be unique F. Tiezzi (Unicam) CoSyDesign & DCC 10 / 50
13 Sequential Programming vs Concurrent Programming Sequential Programming Denotational semantics: the meaning of a program is a partial function from states to states Nontermination is bad! In case of termination, the result is unique Concurrent - Interactive - Reactive Programming Denotational semantics is very complicate due to nondeterminism Nontermination might be good! In case of termination, the result might not be unique F. Tiezzi (Unicam) CoSyDesign & DCC 10 / 50
14 Sequential Programming vs Concurrent Programming Sequential Programming Denotational semantics: the meaning of a program is a partial function from states to states Nontermination is bad! In case of termination, the result is unique Concurrent - Interactive - Reactive Programming Denotational semantics is very complicate due to nondeterminism Nontermination might be good! In case of termination, the result might not be unique F. Tiezzi (Unicam) CoSyDesign & DCC 10 / 50
15 Sequential Programming vs Concurrent Programming Sequential Programming Denotational semantics: the meaning of a program is a partial function from states to states Nontermination is bad! In case of termination, the result is unique Concurrent - Interactive - Reactive Programming Denotational semantics is very complicate due to nondeterminism Nontermination might be good! In case of termination, the result might not be unique F. Tiezzi (Unicam) CoSyDesign & DCC 10 / 50
16 Sequential Programming vs Concurrent Programming Sequential Programming Denotational semantics: the meaning of a program is a partial function from states to states Nontermination is bad! In case of termination, the result is unique Concurrent - Interactive - Reactive Programming Denotational semantics is very complicate due to nondeterminism Nontermination might be good! In case of termination, the result might not be unique F. Tiezzi (Unicam) CoSyDesign & DCC 10 / 50
17 Sequential Programming vs Concurrent Programming Sequential Programming Denotational semantics: the meaning of a program is a partial function from states to states Nontermination is bad! In case of termination, the result is unique Concurrent - Interactive - Reactive Programming Denotational semantics is very complicate due to nondeterminism Nontermination might be good! In case of termination, the result might not be unique F. Tiezzi (Unicam) CoSyDesign & DCC 10 / 50
18 Programming Reactive Systems The classical denotational approach is not adequate for modelling systems such as: Operating systems Communication protocols Mobile phones Vending machines The above systems compute by reacting to stimuli from their environment and are known as Reactive Systems; their distinguishing features are: Interaction (many parallel communicating processes) Nondeterminism (results are not necessarily unique) There may be no visible result (exchange of messages is used to coordinate progress) Nontermination is good (systems are expected to run continuously) F. Tiezzi (Unicam) CoSyDesign & DCC 11 / 50
19 Programming Reactive Systems The classical denotational approach is not adequate for modelling systems such as: Operating systems Communication protocols Mobile phones Vending machines The above systems compute by reacting to stimuli from their environment and are known as Reactive Systems; their distinguishing features are: Interaction (many parallel communicating processes) Nondeterminism (results are not necessarily unique) There may be no visible result (exchange of messages is used to coordinate progress) Nontermination is good (systems are expected to run continuously) F. Tiezzi (Unicam) CoSyDesign & DCC 11 / 50
20 Analysis of Reactive Systems Even short parallel programs may be hard to analyse, thus we need to face few questions: 1 How can we develop (design) a system that works? 2 How do we analyse (verify) such a system? We need appropriate theories and formal methods and tools, otherwise we will experience again: Intels Pentium-II bug in floating-point division unit Ariane-5 crash due to a conversion of 64-bit real to 16-bit integer... F. Tiezzi (Unicam) CoSyDesign & DCC 12 / 50
21 Analysis of Reactive Systems Even short parallel programs may be hard to analyse, thus we need to face few questions: 1 How can we develop (design) a system that works? 2 How do we analyse (verify) such a system? We need appropriate theories and formal methods and tools, otherwise we will experience again: Intels Pentium-II bug in floating-point division unit Ariane-5 crash due to a conversion of 64-bit real to 16-bit integer... F. Tiezzi (Unicam) CoSyDesign & DCC 12 / 50
22 Analysis of Reactive Systems Even short parallel programs may be hard to analyse, thus we need to face few questions: 1 How can we develop (design) a system that works? 2 How do we analyse (verify) such a system? We need appropriate theories and formal methods and tools, otherwise we will experience again: Intels Pentium-II bug in floating-point division unit Ariane-5 crash due to a conversion of 64-bit real to 16-bit integer... F. Tiezzi (Unicam) CoSyDesign & DCC 12 / 50
23 Analysis of Reactive Systems Even short parallel programs may be hard to analyse, thus we need to face few questions: 1 How can we develop (design) a system that works? 2 How do we analyse (verify) such a system? We need appropriate theories and formal methods and tools, otherwise we will experience again: Intels Pentium-II bug in floating-point division unit Ariane-5 crash due to a conversion of 64-bit real to 16-bit integer... F. Tiezzi (Unicam) CoSyDesign & DCC 12 / 50
24 Why formal methods? Understanding the overall behaviour resulting from system interactions can be tricky and error-prone Simple motivating example Consider the code: x = 1; y = x++ + x++; What is the value of x and y after its execution? It is even more critical when concurrency and interactions enter the game... Solid mathematical foundations lay the basis for formal reasoning on systems behavior The programmer can avoid operator ++, but we cannot afford to stop building complex systems we need to build trustworthy systems F. Tiezzi (Unicam) CoSyDesign & DCC 13 / 50
25 Why formal methods? Understanding the overall behaviour resulting from system interactions can be tricky and error-prone Simple motivating example Consider the code: x = 1; y = x++ + x++; What is the value of x and y after its execution? It is even more critical when concurrency and interactions enter the game... Solid mathematical foundations lay the basis for formal reasoning on systems behavior The programmer can avoid operator ++, but we cannot afford to stop building complex systems we need to build trustworthy systems F. Tiezzi (Unicam) CoSyDesign & DCC 13 / 50
26 Why formal methods? Understanding the overall behaviour resulting from system interactions can be tricky and error-prone Simple motivating example Consider the code: x = 1; y = x++ + x++; What is the value of x and y after its execution? It is even more critical when concurrency and interactions enter the game... Solid mathematical foundations lay the basis for formal reasoning on systems behavior The programmer can avoid operator ++, but we cannot afford to stop building complex systems we need to build trustworthy systems F. Tiezzi (Unicam) CoSyDesign & DCC 13 / 50
27 Why formal methods? Understanding the overall behaviour resulting from system interactions can be tricky and error-prone Simple motivating example Consider the code: x = 1; y = x++ + x++; What is the value of x and y after its execution? It is even more critical when concurrency and interactions enter the game... Solid mathematical foundations lay the basis for formal reasoning on systems behavior The programmer can avoid operator ++, but we cannot afford to stop building complex systems we need to build trustworthy systems F. Tiezzi (Unicam) CoSyDesign & DCC 13 / 50
28 Why formal methods? Understanding the overall behaviour resulting from system interactions can be tricky and error-prone Simple motivating example Consider the code: x = 1; y = x++ + x++; What is the value of x and y after its execution? It is even more critical when concurrency and interactions enter the game... Solid mathematical foundations lay the basis for formal reasoning on systems behavior The programmer can avoid operator ++, but we cannot afford to stop building complex systems we need to build trustworthy systems F. Tiezzi (Unicam) CoSyDesign & DCC 13 / 50
29 Why formal methods? Understanding the overall behaviour resulting from system interactions can be tricky and error-prone Simple motivating example Consider the code: x = 1; y = x++ + x++; What is the value of x and y after its execution? It is even more critical when concurrency and interactions enter the game... Solid mathematical foundations lay the basis for formal reasoning on systems behavior The programmer can avoid operator ++, but we cannot afford to stop building complex systems we need to build trustworthy systems F. Tiezzi (Unicam) CoSyDesign & DCC 13 / 50
30 Formal Methods for Reactive Systems To deal with reactive systems and guarantee their correct behaviour in all possible environments, we need: 1 To study mathematical models for the formal description and analysis of concurrent programs 2 To devise formal languages for the specification of the possible behaviour of parallel and reactive systems 3 To develop verification tools and implementation techniques underlying them F. Tiezzi (Unicam) CoSyDesign & DCC 14 / 50
31 Process Algebras Approach The chosen abstraction for reactive systems is the notion of processes Systems evolution is based on process transformation: a process performs an action and becomes another process Everything is (or can be viewed as) a process: buffers, shared memory, tuple spaces, senders, receivers,... are all processes Labelled Transition Systems (LTSs) describe processes behaviour, and permit modelling directly systems interaction F. Tiezzi (Unicam) CoSyDesign & DCC 15 / 50
32 Process Algebras Approach The chosen abstraction for reactive systems is the notion of processes Systems evolution is based on process transformation: a process performs an action and becomes another process Everything is (or can be viewed as) a process: buffers, shared memory, tuple spaces, senders, receivers,... are all processes Labelled Transition Systems (LTSs) describe processes behaviour, and permit modelling directly systems interaction F. Tiezzi (Unicam) CoSyDesign & DCC 15 / 50
33 Internal and External Actions Labelled Transition Systems Transition Labelled Graph: a transition between states is labelled by the action inducing the transition from one state to another Actions An elementary action represents the atomic (non-interruptible) abstract step of a computation that is performed by a system Actions represent various activities of concurrent systems: Sending a message Receiving a message Updating values Synchronizing with other processes... We have two main types of atomic actions: Visible Actions Internal Actions (τ) F. Tiezzi (Unicam) CoSyDesign & DCC 16 / 50
34 Internal and External Actions Labelled Transition Systems Transition Labelled Graph: a transition between states is labelled by the action inducing the transition from one state to another Actions An elementary action represents the atomic (non-interruptible) abstract step of a computation that is performed by a system Actions represent various activities of concurrent systems: Sending a message Receiving a message Updating values Synchronizing with other processes... We have two main types of atomic actions: Visible Actions Internal Actions (τ) F. Tiezzi (Unicam) CoSyDesign & DCC 16 / 50
35 Internal and External Actions Labelled Transition Systems Transition Labelled Graph: a transition between states is labelled by the action inducing the transition from one state to another Actions An elementary action represents the atomic (non-interruptible) abstract step of a computation that is performed by a system Actions represent various activities of concurrent systems: Sending a message Receiving a message Updating values Synchronizing with other processes... We have two main types of atomic actions: Visible Actions Internal Actions (τ) F. Tiezzi (Unicam) CoSyDesign & DCC 16 / 50
36 Why operators for describing systems How can we describe very large automata or LTSs? As a table? Rows and columns are labelled by states, entries are either empty or marked with a set of actions As a listing of triples? = {(q 0, a, q 1 ), (q 0, a, q 2 ), (q 1, b, q 3 ), (q 1, c, q 4 ), (q 2, τ, q 3 ), (q 2, τ, q 4 )} As a more compact listing of triples? = {(q 0, a, {q 1, q 2 }), (q 1, b, q 3 ), (q 1, c, q 4 ), (q 2, τ, {q 3, q 4 })} As XML? <lts><ar><st>q0</st><lab>a</lab><st>q1</st></ar>...</lts> F. Tiezzi (Unicam) CoSyDesign & DCC 17 / 50
37 Why operators for describing systems How can we describe very large automata or LTSs? As a table? Rows and columns are labelled by states, entries are either empty or marked with a set of actions As a listing of triples? = {(q 0, a, q 1 ), (q 0, a, q 2 ), (q 1, b, q 3 ), (q 1, c, q 4 ), (q 2, τ, q 3 ), (q 2, τ, q 4 )} As a more compact listing of triples? = {(q 0, a, {q 1, q 2 }), (q 1, b, q 3 ), (q 1, c, q 4 ), (q 2, τ, {q 3, q 4 })} As XML? <lts><ar><st>q0</st><lab>a</lab><st>q1</st></ar>...</lts> F. Tiezzi (Unicam) CoSyDesign & DCC 17 / 50
38 Why operators for describing systems How can we describe very large automata or LTSs? As a table? Rows and columns are labelled by states, entries are either empty or marked with a set of actions As a listing of triples? = {(q 0, a, q 1 ), (q 0, a, q 2 ), (q 1, b, q 3 ), (q 1, c, q 4 ), (q 2, τ, q 3 ), (q 2, τ, q 4 )} As a more compact listing of triples? = {(q 0, a, {q 1, q 2 }), (q 1, b, q 3 ), (q 1, c, q 4 ), (q 2, τ, {q 3, q 4 })} As XML? <lts><ar><st>q0</st><lab>a</lab><st>q1</st></ar>...</lts> F. Tiezzi (Unicam) CoSyDesign & DCC 17 / 50
39 Why operators for describing systems How can we describe very large automata or LTSs? As a table? Rows and columns are labelled by states, entries are either empty or marked with a set of actions As a listing of triples? = {(q 0, a, q 1 ), (q 0, a, q 2 ), (q 1, b, q 3 ), (q 1, c, q 4 ), (q 2, τ, q 3 ), (q 2, τ, q 4 )} As a more compact listing of triples? = {(q 0, a, {q 1, q 2 }), (q 1, b, q 3 ), (q 1, c, q 4 ), (q 2, τ, {q 3, q 4 })} As XML? <lts><ar><st>q0</st><lab>a</lab><st>q1</st></ar>...</lts> F. Tiezzi (Unicam) CoSyDesign & DCC 17 / 50
40 Why operators for describing systems How can we describe very large automata or LTSs? As a table? Rows and columns are labelled by states, entries are either empty or marked with a set of actions As a listing of triples? = {(q 0, a, q 1 ), (q 0, a, q 2 ), (q 1, b, q 3 ), (q 1, c, q 4 ), (q 2, τ, q 3 ), (q 2, τ, q 4 )} As a more compact listing of triples? = {(q 0, a, {q 1, q 2 }), (q 1, b, q 3 ), (q 1, c, q 4 ), (q 2, τ, {q 3, q 4 })} As XML? <lts><ar><st>q0</st><lab>a</lab><st>q1</st></ar>...</lts> F. Tiezzi (Unicam) CoSyDesign & DCC 17 / 50
41 Why operators for describing systems Linguistic aspects are important! The previous solutions are ok for machines... not for humans Are prefix and sum operators sufficient? They are ok to describe small finite systems p = a.b.(c+d) q = a.(b.c+b.d) r = a.b.c+a.c.d But additional operators are needed to design systems in a structured way (e.g. p q) to model systems interaction to abstract from details to represent infinite systems F. Tiezzi (Unicam) CoSyDesign & DCC 18 / 50
42 Why operators for describing systems Linguistic aspects are important! The previous solutions are ok for machines... not for humans Are prefix and sum operators sufficient? They are ok to describe small finite systems p = a.b.(c+d) q = a.(b.c+b.d) r = a.b.c+a.c.d But additional operators are needed to design systems in a structured way (e.g. p q) to model systems interaction to abstract from details to represent infinite systems F. Tiezzi (Unicam) CoSyDesign & DCC 18 / 50
43 Why operators for describing systems Linguistic aspects are important! The previous solutions are ok for machines... not for humans Are prefix and sum operators sufficient? They are ok to describe small finite systems p = a.b.(c+d) q = a.(b.c+b.d) r = a.b.c+a.c.d But additional operators are needed to design systems in a structured way (e.g. p q) to model systems interaction to abstract from details to represent infinite systems F. Tiezzi (Unicam) CoSyDesign & DCC 18 / 50
44 A motivating example: regular expressions Commonly used for searching and manipulating text based on patterns Example Regular expression: [hc]at (h + c); a; t Text: the cat eats the bat s hat rather than the rat Matches: cat, hat F. Tiezzi (Unicam) CoSyDesign & DCC 19 / 50
45 A motivating example: regular expressions Regular expressions Commonly used for: searching and manipulating text based on patterns representing regular languages in a compact form describing sequences of actions that a system can execute Regular expressions as a simple programming language Programming constructs: sequence, choice, iteration, stop We define the semantics of regular expressions by means of the Structural Operational Semantics approach F. Tiezzi (Unicam) CoSyDesign & DCC 20 / 50
46 A motivating example: regular expressions Regular expressions Commonly used for: searching and manipulating text based on patterns representing regular languages in a compact form describing sequences of actions that a system can execute Regular expressions as a simple programming language Programming constructs: sequence, choice, iteration, stop We define the semantics of regular expressions by means of the Structural Operational Semantics approach F. Tiezzi (Unicam) CoSyDesign & DCC 20 / 50
47 Regular expressions: syntax and informal semantics Abstract syntax E ::= 0 1 a E + E E; E E Operators precedence binds more than + and ; ; binds more than + Informal semantics 0 is the empty event 1 is the terminal event a is an event (or atomic action) where a A, with A finite alphabet E + F can be either E or F (choice operator) E; F is the expression E followed by F (sequencing) E is an n-length sequence of E with n 0 (Kleene star) F. Tiezzi (Unicam) CoSyDesign & DCC 21 / 50
48 Regular expressions: syntax and informal semantics Abstract syntax E ::= 0 1 a E + E E; E E Operators precedence binds more than + and ; ; binds more than + Informal semantics 0 is the empty event 1 is the terminal event a is an event (or atomic action) where a A, with A finite alphabet E + F can be either E or F (choice operator) E; F is the expression E followed by F (sequencing) E is an n-length sequence of E with n 0 (Kleene star) F. Tiezzi (Unicam) CoSyDesign & DCC 21 / 50
49 Regular expressions: syntax and informal semantics Abstract syntax E ::= 0 1 a E + E E; E E Operators precedence binds more than + and ; ; binds more than + Informal semantics 0 is the empty event 1 is the terminal event a is an event (or atomic action) where a A, with A finite alphabet E + F can be either E or F (choice operator) E; F is the expression E followed by F (sequencing) E is an n-length sequence of E with n 0 (Kleene star) F. Tiezzi (Unicam) CoSyDesign & DCC 21 / 50
50 Regular expressions: syntax and informal semantics Abstract syntax E ::= 0 1 a E + E E; E E Operators precedence binds more than + and ; ; binds more than + Informal semantics 0 is the empty event 1 is the terminal event a is an event (or atomic action) where a A, with A finite alphabet E + F can be either E or F (choice operator) E; F is the expression E followed by F (sequencing) E is an n-length sequence of E with n 0 (Kleene star) F. Tiezzi (Unicam) CoSyDesign & DCC 21 / 50
51 Regular expressions: syntax and informal semantics Abstract syntax E ::= 0 1 a E + E E; E E Operators precedence binds more than + and ; ; binds more than + Informal semantics 0 is the empty event 1 is the terminal event a is an event (or atomic action) where a A, with A finite alphabet E + F can be either E or F (choice operator) E; F is the expression E followed by F (sequencing) E is an n-length sequence of E with n 0 (Kleene star) F. Tiezzi (Unicam) CoSyDesign & DCC 21 / 50
52 Regular expressions: syntax and informal semantics Abstract syntax E ::= 0 1 a E + E E; E E Operators precedence binds more than + and ; ; binds more than + Informal semantics 0 is the empty event 1 is the terminal event a is an event (or atomic action) where a A, with A finite alphabet E + F can be either E or F (choice operator) E; F is the expression E followed by F (sequencing) E is an n-length sequence of E with n 0 (Kleene star) F. Tiezzi (Unicam) CoSyDesign & DCC 21 / 50
53 Regular expressions: syntax and informal semantics Abstract syntax E ::= 0 1 a E + E E; E E Operators precedence binds more than + and ; ; binds more than + Informal semantics 0 is the empty event 1 is the terminal event a is an event (or atomic action) where a A, with A finite alphabet E + F can be either E or F (choice operator) E; F is the expression E followed by F (sequencing) E is an n-length sequence of E with n 0 (Kleene star) F. Tiezzi (Unicam) CoSyDesign & DCC 21 / 50
54 Regular expressions: informal semantics With an informal semantics the meaning of composite expressions may be not clear Example (a + b) (a + b ) They are syntactically different What about their meaning? F. Tiezzi (Unicam) CoSyDesign & DCC 22 / 50
55 Regular expressions: informal semantics With an informal semantics the meaning of composite expressions may be not clear Example (a + b) (a + b ) They are syntactically different What about their meaning? F. Tiezzi (Unicam) CoSyDesign & DCC 22 / 50
56 Regular expressions: informal semantics With an informal semantics the meaning of composite expressions may be not clear Example (a + b) (a + b ) They are syntactically different What about their meaning? F. Tiezzi (Unicam) CoSyDesign & DCC 22 / 50
57 Regular expressions: operational semantics We define an abstract machine for executing regular expressions Transition relation Is a ternary relation E µ F, where µ A {ε} (ε empty action) Is defined by an inference system Describes, by induction on the structure of the expressions, the behaviour of a machine that takes as input a regular expression and executes it For a generic operator op we shall have one or more rules like: α E 1 i1 E α i1 E m im E im op(e 1,, E n ) α op(e 1,, E n) where {i 1,, i m } {1,, n} F. Tiezzi (Unicam) CoSyDesign & DCC 23 / 50
58 Regular expressions: operational semantics We define an abstract machine for executing regular expressions Transition relation Is a ternary relation E µ F, where µ A {ε} (ε empty action) Is defined by an inference system Describes, by induction on the structure of the expressions, the behaviour of a machine that takes as input a regular expression and executes it For a generic operator op we shall have one or more rules like: α E 1 i1 E α i1 E m im E im op(e 1,, E n ) α op(e 1,, E n) where {i 1,, i m } {1,, n} F. Tiezzi (Unicam) CoSyDesign & DCC 23 / 50
59 Regular expressions: operational semantics We define an abstract machine for executing regular expressions Transition relation Is a ternary relation E µ F, where µ A {ε} (ε empty action) Is defined by an inference system Describes, by induction on the structure of the expressions, the behaviour of a machine that takes as input a regular expression and executes it For a generic operator op we shall have one or more rules like: α E 1 i1 E α i1 E m im E im op(e 1,, E n ) α op(e 1,, E n) where {i 1,, i m } {1,, n} F. Tiezzi (Unicam) CoSyDesign & DCC 23 / 50
60 Regular expressions: operational semantics Transition relation rules (Tic) (Sum 1 ) (Seq 1 ) (Star 1 ) 1 ε 1 E µ E (Atom) E + F µ E (Sum 2 ) E a E E; F a E ; F E ε 1 (Seq 2 ) (Star 2 ) a a 1 a A F µ F E + F µ F E ε 1 E; F ε F E µ E E µ E ; E Structural Operational Semantics (SOS [Plotkin]) Transition relation is the least relation satisfying the above rules F. Tiezzi (Unicam) CoSyDesign & DCC 24 / 50
61 Regular expressions: operational semantics Transition relation rules (Tic) (Sum 1 ) (Seq 1 ) (Star 1 ) 1 ε 1 E µ E (Atom) E + F µ E (Sum 2 ) E a E E; F a E ; F E ε 1 (Seq 2 ) (Star 2 ) a a 1 a A F µ F E + F µ F E ε 1 E; F ε F E µ E E µ E ; E 1 indicates the terminal state: the machine has completed the execution and loops by executing the empty action F. Tiezzi (Unicam) CoSyDesign & DCC 24 / 50
62 Regular expressions: operational semantics Transition relation rules (Tic) (Sum 1 ) (Seq 1 ) (Star 1 ) 1 ε 1 E µ E (Atom) E + F µ E (Sum 2 ) E a E E; F a E ; F E ε 1 (Seq 2 ) (Star 2 ) a a 1 a A F µ F E + F µ F E ε 1 E; F ε F E µ E E µ E ; E Expression a executes action a and stops F. Tiezzi (Unicam) CoSyDesign & DCC 24 / 50
63 Regular expressions: operational semantics Transition relation rules (Tic) (Sum 1 ) (Seq 1 ) (Star 1 ) 1 ε 1 E µ E (Atom) E + F µ E (Sum 2 ) E a E E; F a E ; F E ε 1 (Seq 2 ) (Star 2 ) a a 1 a A F µ F E + F µ F E ε 1 E; F ε F E µ E E µ E ; E E + F can behave either as E or as F : if E evolves to E by performing action µ then E + F can evolve to E by performing µ; similarly for F F. Tiezzi (Unicam) CoSyDesign & DCC 24 / 50
64 Regular expressions: operational semantics Transition relation rules (Tic) (Sum 1 ) (Seq 1 ) (Star 1 ) 1 ε 1 E µ E (Atom) E + F µ E (Sum 2 ) E a E E; F a E ; F E ε 1 (Seq 2 ) (Star 2 ) a a 1 a A F µ F E + F µ F E ε 1 E; F ε F E µ E E µ E ; E E; F executes the actions of E and, afterwards, the actions of F F. Tiezzi (Unicam) CoSyDesign & DCC 24 / 50
65 Regular expressions: operational semantics Transition relation rules (Tic) (Sum 1 ) (Seq 1 ) (Star 1 ) 1 ε 1 E µ E (Atom) E + F µ E (Sum 2 ) E a E E; F a E ; F E ε 1 (Seq 2 ) (Star 2 ) a a 1 a A F µ F E + F µ F E ε 1 E; F ε F E µ E E µ E ; E E; F executes the actions of E and, afterwards, the actions of F F. Tiezzi (Unicam) CoSyDesign & DCC 24 / 50
66 Regular expressions: operational semantics Transition relation rules (Tic) (Sum 1 ) (Seq 1 ) (Star 1 ) 1 ε 1 E µ E (Atom) E + F µ E (Sum 2 ) E a E E; F a E ; F E ε 1 (Seq 2 ) (Star 2 ) a a 1 a A F µ F E + F µ F E ε 1 E; F ε F E µ E E µ E ; E E; F executes the actions of E and, afterwards, the actions of F F. Tiezzi (Unicam) CoSyDesign & DCC 24 / 50
67 Regular expressions: operational semantics Transition relation rules (Tic) (Sum 1 ) (Seq 1 ) (Star 1 ) 1 ε 1 E µ E (Atom) E + F µ E (Sum 2 ) E a E E; F a E ; F E ε 1 (Seq 2 ) (Star 2 ) a a 1 a A F µ F E + F µ F E ε 1 E; F ε F E µ E E µ E ; E E can either directly evolve to 1 or evolve to E ; E if E evolves to E F. Tiezzi (Unicam) CoSyDesign & DCC 24 / 50
68 Regular expressions: operational semantics Transition relation rules (Tic) (Sum 1 ) (Seq 1 ) (Star 1 ) 1 ε 1 E µ E (Atom) E + F µ E (Sum 2 ) E a E E; F a E ; F E ε 1 (Seq 2 ) (Star 2 ) a a 1 a A F µ F E + F µ F E ε 1 E; F ε F E µ E E µ E ; E E can either directly evolve to 1 or evolve to E ; E if E evolves to E F. Tiezzi (Unicam) CoSyDesign & DCC 24 / 50
69 Regular expressions: operational semantics Transition relation rules (Tic) (Sum 1 ) (Seq 1 ) (Star 1 ) 1 ε 1 E µ E (Atom) E + F µ E (Sum 2 ) E a E E; F a E ; F E ε 1 (Seq 2 ) (Star 2 ) a a 1 a A F µ F E + F µ F E ε 1 E; F ε F E µ E E µ E ; E E can either directly evolve to 1 or evolve to E ; E if E evolves to E F. Tiezzi (Unicam) CoSyDesign & DCC 24 / 50
70 Regular expressions: operational semantics Transition relation rules (Tic) (Sum 1 ) (Seq 1 ) (Star 1 ) 1 ε 1 E µ E (Atom) E + F µ E (Sum 2 ) E a E E; F a E ; F E ε 1 (Seq 2 ) (Star 2 ) a a 1 a A F µ F E + F µ F E ε 1 E; F ε F E µ E E µ E ; E No rule for 0: expression 0 does nothing 0 indicates the deadlock state: the machine is stuck F. Tiezzi (Unicam) CoSyDesign & DCC 24 / 50
71 A few examples for Regular Expressions (a + b) a 1; (a + b) a a + b a 1 a 1 (Atom) (Sum 1 ) (a + b) a 1; (a + b) (Star 2 ) 1; (a + b) ε (a + b) 1 ε 1 (Tic) 1; (a + b) ε (a + b) (Seq 2 ) F. Tiezzi (Unicam) CoSyDesign & DCC 25 / 50
72 A few examples for Regular Expressions (a + b) a 1; (a + b) a a + b a 1 a 1 (Atom) (Sum 1 ) (a + b) a 1; (a + b) (Star 2 ) 1; (a + b) ε (a + b) 1 ε 1 (Tic) 1; (a + b) ε (a + b) (Seq 2 ) F. Tiezzi (Unicam) CoSyDesign & DCC 25 / 50
73 Regular expressions: operational semantics Example (a + b) (a + b ) They are syntactically different Are they semantically equivalent? F. Tiezzi (Unicam) CoSyDesign & DCC 26 / 50
74 Regular expressions: operational semantics Example (a + b) (a + b ) They are syntactically different Are they semantically equivalent? F. Tiezzi (Unicam) CoSyDesign & DCC 26 / 50
75 The automaton associated to a regular expression The SOS inference rules implicitly defines a particular automaton for each regular expression E the initial state is E (we shall often omit to mark it) the set of labels is A the set of states consists of all regular expressions that can be reached starting from E via a sequence of transitions the transition relation is the one induced from the SOS rules the only final state is 1 (we shall often omit to mark it) Semantic correspondence Given any regular expression E, the automaton generated by the SOS rules has the property of recognizing exactly the regular language expressed by E Each trace of the automaton is a term of the language F. Tiezzi (Unicam) CoSyDesign & DCC 27 / 50
76 Regular expressions: operational semantics Automata associated to (a + b) and (a + b ) F. Tiezzi (Unicam) CoSyDesign & DCC 28 / 50
77 Regular expressions: operational semantics Example (a + b) (a + b ) They are syntactically different Are they semantically equivalent? We have to show that: s is a trace of (a + b) if and only if s is a trace of (a + b ) Proof: by induction on the length of s F. Tiezzi (Unicam) CoSyDesign & DCC 29 / 50
78 Regular expressions: operational semantics Example (a + b) (a + b ) They are syntactically different Traces( (a + b) )? = Traces( (a + b ) ) We have to show that: s is a trace of (a + b) if and only if s is a trace of (a + b ) Proof: by induction on the length of s F. Tiezzi (Unicam) CoSyDesign & DCC 29 / 50
79 Regular expressions: operational semantics Example (a + b) (a + b ) They are syntactically different Traces( (a + b) )? = Traces( (a + b ) ) We have to show that: s is a trace of (a + b) if and only if s is a trace of (a + b ) Proof: by induction on the length of s F. Tiezzi (Unicam) CoSyDesign & DCC 29 / 50
80 CCS Basics Sequential Fragment Nil process (the only atomic process) action prefixing (a.p) names and recursive definitions ( ) nondeterministic choice (+) Any finite LTS can be described (up to isomorphism) by using the operations above Parallelism and Renaming parallel composition ( ) (synchronous communication between two components = handshake synchronization) restriction (P L) relabelling (P[f ]) F. Tiezzi (Unicam) CoSyDesign & DCC 30 / 50
81 CCS Basics Sequential Fragment Nil process (the only atomic process) action prefixing (a.p) names and recursive definitions ( ) nondeterministic choice (+) Any finite LTS can be described (up to isomorphism) by using the operations above Parallelism and Renaming parallel composition ( ) (synchronous communication between two components = handshake synchronization) restriction (P L) relabelling (P[f ]) F. Tiezzi (Unicam) CoSyDesign & DCC 30 / 50
82 CCS Basics Sequential Fragment Nil process (the only atomic process) action prefixing (a.p) names and recursive definitions ( ) nondeterministic choice (+) Any finite LTS can be described (up to isomorphism) by using the operations above Parallelism and Renaming parallel composition ( ) (synchronous communication between two components = handshake synchronization) restriction (P L) relabelling (P[f ]) F. Tiezzi (Unicam) CoSyDesign & DCC 30 / 50
83 Definition of CCS: channels, actions, process names Let A be a set of channel names (e.g. tea, coffee are channel names) L = A A be a set of labels where A = {a a A} (elements of A are called names and those of A are called co-names) by convention a = a Act = L {τ} is the set of actions where τ is the internal or silent action (e.g. τ, tea, coffee are actions) K is a set of process names (constants) (e.g. CM). F. Tiezzi (Unicam) CoSyDesign & DCC 31 / 50
84 Definition of CCS (expressions) P := K process constants (K K) α.p prefixing (α Act) i I P i summation (I is an arbitrary index set) P 1 P 2 parallel composition P L restriction (L A) P[f ] relabelling (f : Act Act) such that f (τ) = τ f (a) = f (a) The set of all terms generated by the abstract syntax is the set of CCS process expressions (and is denoted by P) Notation P 1 + P 2 = i {1,2} P i Nil = i P i F. Tiezzi (Unicam) CoSyDesign & DCC 32 / 50
85 Precedence Precedence 1 restriction and relabelling (tightest binding) 2 action prefixing 3 parallel composition 4 summation Example: R + a.p b.q L means R + ( (a.p) (b.(q L)) ) F. Tiezzi (Unicam) CoSyDesign & DCC 33 / 50
86 Definition of CCS (defining equations) CCS program A collection of defining equations of the form K P where K K is a process constant and P P is a CCS process expression. Only one defining equation per process constant. Recursion is allowed: e.g. A a.a A. F. Tiezzi (Unicam) CoSyDesign & DCC 34 / 50
87 Structural Operational Semantics for CCS Structural Operational Semantics (SOS) G. Plotkin 1981 Small-step operational semantics where the behaviour of a system is inferred using syntax driven rules Given a collection of CCS defining equations, we define the following LTS (Proc, Act, { a a Act}): Proc = P (the set of all CCS process expressions) Act = L {τ} (the set of all CCS actions including τ) transition relation is given by SOS rules of the form: RULE premises conclusion conditions F. Tiezzi (Unicam) CoSyDesign & DCC 35 / 50
88 SOS rules for CCS (α Act, a L) ACT α.p α P α P j P j SUM j i I P α i P j j I COM1 P α P P Q α P Q COM2 COM3 P a P Q a Q P Q τ P Q α Q Q P Q α P Q RES P α P P L α P L α, α L REL P α P P[f ] f (α) P [f ] CON P α P K α P K P F. Tiezzi (Unicam) CoSyDesign & DCC 36 / 50
89 Deriving Transitions in CCS Let A a.a. Then ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a]. Why? F. Tiezzi (Unicam) CoSyDesign & DCC 37 / 50
90 Deriving Transitions in CCS Let A a.a. Then ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a]. Why? REL ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a] F. Tiezzi (Unicam) CoSyDesign & DCC 37 / 50
91 Deriving Transitions in CCS Let A a.a. Then ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a]. Why? COM1 a (A a.nil) b.nil (A a.nil) b.nil REL ( ) c (A a.nil) b.nil [c/a] ( (A a.nil) b.nil ) [c/a] F. Tiezzi (Unicam) CoSyDesign & DCC 37 / 50
92 Deriving Transitions in CCS Let A a.a. Then ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a]. Why? REL COM1 a A a.nil A a.nil COM1 a (A a.nil) b.nil (A a.nil) b.nil ( ) c (A a.nil) b.nil [c/a] ( (A a.nil) b.nil ) [c/a] F. Tiezzi (Unicam) CoSyDesign & DCC 37 / 50
93 Deriving Transitions in CCS Let A a.a. Then ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a]. Why? REL CON a A a.a A A COM1 a A a.nil A a.nil COM1 a (A a.nil) b.nil (A a.nil) b.nil ( ) c (A a.nil) b.nil [c/a] ( (A a.nil) b.nil ) [c/a] F. Tiezzi (Unicam) CoSyDesign & DCC 37 / 50
94 Deriving Transitions in CCS Let A a.a. Then ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a]. Why? REL COM1 ACT a a.a A CON A a A COM1 a A a.a A a.nil A a.nil a (A a.nil) b.nil (A a.nil) b.nil ( ) c (A a.nil) b.nil [c/a] ( (A a.nil) b.nil ) [c/a] F. Tiezzi (Unicam) CoSyDesign & DCC 37 / 50
95 LTS of the Process a.nil a.nil a.nil a.nil a a Nil a.nil τ a.nil Nil a a Nil Nil F. Tiezzi (Unicam) CoSyDesign & DCC 38 / 50
96 CCS in pseuco pseuco Web application allowing to create CCS specifications and interactively explore the resulting transition systems F. Tiezzi (Unicam) CoSyDesign & DCC 39 / 50
97 CCS in pseuco: regular expressions (a + b) X := ((a.1 + b.1);x) + 1 // this is the initial process X (a + b ) Y := ((Ya + Yb);Y) + 1 Ya := a. Ya + 1 Yb := b. Yb + 1 // this is the initial process Y Demo! F. Tiezzi (Unicam) CoSyDesign & DCC 40 / 50
98 CCS in pseuco: regular expressions (a + b) X := ((a.1 + b.1);x) + 1 // this is the initial process X (a + b ) Y := ((Ya + Yb);Y) + 1 Ya := a. Ya + 1 Yb := b. Yb + 1 // this is the initial process Y Demo! F. Tiezzi (Unicam) CoSyDesign & DCC 40 / 50
99 Producer-Consumer Example F. Tiezzi (Unicam) CoSyDesign & DCC 41 / 50
100 Producer-Consumer Example The system is composed of a producer a finite-capacity buffer a consumer The producer deposits items into the buffer as long as the buffer capacity is not exceeded Stored items can be withdrawn by the consumer according to some predefined discipline, like FIFO or LIFO Assumptions: The buffer has only two positions Items are all identical, so that the specific discipline that has been adopted for withdrawals is not important from the point of view of an external observer Demo! F. Tiezzi (Unicam) CoSyDesign & DCC 42 / 50
101 Producer-Consumer Example The system is composed of a producer a finite-capacity buffer a consumer The producer deposits items into the buffer as long as the buffer capacity is not exceeded Stored items can be withdrawn by the consumer according to some predefined discipline, like FIFO or LIFO Assumptions: The buffer has only two positions Items are all identical, so that the specific discipline that has been adopted for withdrawals is not important from the point of view of an external observer Demo! F. Tiezzi (Unicam) CoSyDesign & DCC 42 / 50
102 TAPAs Software tool supporting teaching of process algebras TAPAs permits: understanding the meaning of the different process algebras operators appreciating the close correspondence between textual terms and graphical representations of processes evaluating different behavioural equivalences model checking via a user-friendly tool that, in case of failures, provides appropriate counterexamples F. Tiezzi (Unicam) CoSyDesign & DCC 43 / 50
103 TAPAs F. Tiezzi (Unicam) CoSyDesign & DCC 44 / 50
104 TAPAs: CCSP (CCS+CSP) syntax F. Tiezzi (Unicam) CoSyDesign & DCC 45 / 50
105 TAPAs: CCSP (CCS+CSP) semantics 1/3 F. Tiezzi (Unicam) CoSyDesign & DCC 46 / 50
106 TAPAs: CCSP (CCS+CSP) semantics 1/3 F. Tiezzi (Unicam) CoSyDesign & DCC 46 / 50
107 TAPAs: CCSP (CCS+CSP) semantics 2/3 F. Tiezzi (Unicam) CoSyDesign & DCC 47 / 50
108 TAPAs: CCSP (CCS+CSP) semantics 2/3 F. Tiezzi (Unicam) CoSyDesign & DCC 47 / 50
109 TAPAs: CCSP (CCS+CSP) semantics 3/3 F. Tiezzi (Unicam) CoSyDesign & DCC 48 / 50
110 Producer-Consumer Example in TAPAs The system is composed of a producer a finite-capacity buffer a consumer The producer deposits items into the buffer as long as the buffer capacity is not exceeded Stored items can be withdrawn by the consumer according to some predefined discipline, like FIFO or LIFO Assumptions: The buffer has only two positions Items are all identical, so that the specific discipline that has been adopted for withdrawals is not important from the point of view of an external observer Demo! F. Tiezzi (Unicam) CoSyDesign & DCC 49 / 50
111 Producer-Consumer Example in TAPAs The system is composed of a producer a finite-capacity buffer a consumer The producer deposits items into the buffer as long as the buffer capacity is not exceeded Stored items can be withdrawn by the consumer according to some predefined discipline, like FIFO or LIFO Assumptions: The buffer has only two positions Items are all identical, so that the specific discipline that has been adopted for withdrawals is not important from the point of view of an external observer Demo! F. Tiezzi (Unicam) CoSyDesign & DCC 49 / 50
112 Producer-Consumer Example in TAPAs F. Tiezzi (Unicam) CoSyDesign & DCC 50 / 50
Semantics and Verification
Semantics and Verification Lecture 2 informal introduction to CCS syntax of CCS semantics of CCS 1 / 12 Sequential Fragment Parallelism and Renaming CCS Basics (Sequential Fragment) Nil (or 0) process
More informationProcess Algebras and Concurrent Systems
Process Algebras and Concurrent Systems Rocco De Nicola Dipartimento di Sistemi ed Informatica Università di Firenze Process Algebras and Concurrent Systems August 2006 R. De Nicola (DSI-UNIFI) Process
More informationFormal Techniques for Software Engineering: CCS: A Calculus for Communicating Systems
Formal Techniques for Software Engineering: CCS: A Calculus for Communicating Systems Rocco De Nicola IMT Institute for Advanced Studies, Lucca rocco.denicola@imtlucca.it June 2013 Lesson 10 R. De Nicola
More informationModels of Concurrency
Models of Concurrency GERARDO SCHNEIDER UPPSALA UNIVERSITY DEPARTMENT OF INFORMATION TECHNOLOGY UPPSALA, SWEDEN Thanks to Frank Valencia Models of Concurrency p.1/57 Concurrency is Everywhere Concurrent
More informationOperational Semantics
Operational Semantics Semantics and applications to verification Xavier Rival École Normale Supérieure Xavier Rival Operational Semantics 1 / 50 Program of this first lecture Operational semantics Mathematical
More informationThe State Explosion Problem
The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis
More informationDES. 4. Petri Nets. Introduction. Different Classes of Petri Net. Petri net properties. Analysis of Petri net models
4. Petri Nets Introduction Different Classes of Petri Net Petri net properties Analysis of Petri net models 1 Petri Nets C.A Petri, TU Darmstadt, 1962 A mathematical and graphical modeling method. Describe
More informationCCS: Syntax & Semantics (Final Version)
CCS: & Semantics (Final Version) Prof. Susan Older 14 September 2017 (CIS 400/632) CCS & Semantics 14 September 2017 1 / 10 Relevant Syntactic Sets: A Recap from Last Time We have the following countably
More informationConcurrent Processes and Reaction
Concurrent Processes and Reaction Overview External and internal actions Observations Concurrent process expressions Structural congruence Reaction References Robin Milner, Communication and Concurrency
More informationMulticore Semantics and Programming
Multicore Semantics and Programming Peter Sewell Tim Harris University of Cambridge Oracle October November, 2015 p. 1 These Lectures Part 1: Multicore Semantics: the concurrency of multiprocessors and
More informationFormal Methods in Software Engineering
Formal Methods in Software Engineering Modeling Prof. Dr. Joel Greenyer October 21, 2014 Organizational Issues Tutorial dates: I will offer two tutorial dates Tuesdays 15:00-16:00 in A310 (before the lecture,
More informationA Brief Introduction to Model Checking
A Brief Introduction to Model Checking Jan. 18, LIX Page 1 Model Checking A technique for verifying finite state concurrent systems; a benefit on this restriction: largely automatic; a problem to fight:
More informationCommunicating and Mobile Systems
Communicating and Mobile Systems Overview:! Programming Model! Interactive Behavior! Labeled Transition System! Bisimulation! The π-calculus! Data Structures and λ-calculus encoding in the π-calculus References:!
More informationAutomata-Theoretic Model Checking of Reactive Systems
Automata-Theoretic Model Checking of Reactive Systems Radu Iosif Verimag/CNRS (Grenoble, France) Thanks to Tom Henzinger (IST, Austria), Barbara Jobstmann (CNRS, Grenoble) and Doron Peled (Bar-Ilan University,
More informationAbstractions and Decision Procedures for Effective Software Model Checking
Abstractions and Decision Procedures for Effective Software Model Checking Prof. Natasha Sharygina The University of Lugano, Carnegie Mellon University Microsoft Summer School, Moscow, July 2011 Lecture
More informationTimed Automata VINO 2011
Timed Automata VINO 2011 VeriDis Group - LORIA July 18, 2011 Content 1 Introduction 2 Timed Automata 3 Networks of timed automata Motivation Formalism for modeling and verification of real-time systems.
More informationDesign and Analysis of Distributed Interacting Systems
Design and Analysis of Distributed Interacting Systems Organization Prof. Dr. Joel Greenyer April 11, 2013 Organization Lecture: Thursdays, 10:15 11:45, F 128 Tutorial: Thursdays, 13:00 13:45, G 323 first
More informationPartial model checking via abstract interpretation
Partial model checking via abstract interpretation N. De Francesco, G. Lettieri, L. Martini, G. Vaglini Università di Pisa, Dipartimento di Ingegneria dell Informazione, sez. Informatica, Via Diotisalvi
More informationModal and Temporal Logics
Modal and Temporal Logics Colin Stirling School of Informatics University of Edinburgh July 23, 2003 Why modal and temporal logics? 1 Computational System Modal and temporal logics Operational semantics
More informationLet us first give some intuitive idea about a state of a system and state transitions before describing finite automata.
Finite Automata Automata (singular: automation) are a particularly simple, but useful, model of computation. They were initially proposed as a simple model for the behavior of neurons. The concept of a
More informationOur Problem. Model. Clock Synchronization. Global Predicate Detection and Event Ordering
Our Problem Global Predicate Detection and Event Ordering To compute predicates over the state of a distributed application Model Clock Synchronization Message passing No failures Two possible timing assumptions:
More informationTopics in Concurrency
Topics in Concurrency Lecture 3 Jonathan Hayman 18 February 2015 Recap: Syntax of CCS Expressions: Arithmetic a and Boolean b Processes: p ::= nil nil process (τ p) silent/internal action (α!a p) output
More informationTimo Latvala. March 7, 2004
Reactive Systems: Safety, Liveness, and Fairness Timo Latvala March 7, 2004 Reactive Systems: Safety, Liveness, and Fairness 14-1 Safety Safety properties are a very useful subclass of specifications.
More informationTrace Refinement of π-calculus Processes
Trace Refinement of pi-calculus Processes Trace Refinement of π-calculus Processes Manuel Gieseking manuel.gieseking@informatik.uni-oldenburg.de) Correct System Design, Carl von Ossietzky University of
More informationIndustrial Automation (Automação de Processos Industriais)
Industrial Automation (Automação de Processos Industriais) Discrete Event Systems http://users.isr.ist.utl.pt/~jag/courses/api1516/api1516.html Slides 2010/2011 Prof. Paulo Jorge Oliveira Rev. 2011-2015
More informationClocks in Asynchronous Systems
Clocks in Asynchronous Systems The Internet Network Time Protocol (NTP) 8 Goals provide the ability to externally synchronize clients across internet to UTC provide reliable service tolerating lengthy
More informationTopics in Concurrency
Topics in Concurrency Lecture 3 Jonathan Hayman 18 October 2016 Towards a more basic language Aim: removal of variables to reveal symmetry of input and output Transitions for value-passing carry labels
More informationCISC 4090: Theory of Computation Chapter 1 Regular Languages. Section 1.1: Finite Automata. What is a computer? Finite automata
CISC 4090: Theory of Computation Chapter Regular Languages Xiaolan Zhang, adapted from slides by Prof. Werschulz Section.: Finite Automata Fordham University Department of Computer and Information Sciences
More information7. Queueing Systems. 8. Petri nets vs. State Automata
Petri Nets 1. Finite State Automata 2. Petri net notation and definition (no dynamics) 3. Introducing State: Petri net marking 4. Petri net dynamics 5. Capacity Constrained Petri nets 6. Petri net models
More informationLet s now begin to formalize our analysis of sequential machines Powerful methods for designing machines for System control Pattern recognition Etc.
Finite State Machines Introduction Let s now begin to formalize our analysis of sequential machines Powerful methods for designing machines for System control Pattern recognition Etc. Such devices form
More informationLecture 2 Automata Theory
Lecture 2 Automata Theory Ufuk Topcu Nok Wongpiromsarn Richard M. Murray Outline: Transition systems Linear-time properties Regular propereties EECI, 14 May 2012 This short-course is on this picture applied
More informationAutomata-based Verification - III
COMP30172: Advanced Algorithms Automata-based Verification - III Howard Barringer Room KB2.20: email: howard.barringer@manchester.ac.uk March 2009 Third Topic Infinite Word Automata Motivation Büchi Automata
More informationIntroduction: Computer Science is a cluster of related scientific and engineering disciplines concerned with the study and application of computations. These disciplines range from the pure and basic scientific
More informationCourse Runtime Verification
Course Martin Leucker (ISP) Volker Stolz (Høgskolen i Bergen, NO) INF5140 / V17 Chapters of the Course Chapter 1 Recall in More Depth Chapter 2 Specification Languages on Words Chapter 3 LTL on Finite
More informationEmbedded systems specification and design
Embedded systems specification and design David Kendall David Kendall Embedded systems specification and design 1 / 21 Introduction Finite state machines (FSM) FSMs and Labelled Transition Systems FSMs
More informationModeling and Analysis of Communicating Systems
Modeling and Analysis of Communicating Systems Lecture 5: Sequential Processes Jeroen Keiren and Mohammad Mousavi j.j.a.keiren@vu.nl and m.r.mousavi@hh.se Halmstad University March 2015 Outline Motivation
More informationLecture 2 Automata Theory
Lecture 2 Automata Theory Ufuk Topcu Nok Wongpiromsarn Richard M. Murray EECI, 18 March 2013 Outline Modeling (discrete) concurrent systems: transition systems, concurrency and interleaving Linear-time
More informationIntroduction to mcrl2
Introduction to mcrl2 Luís S. Barbosa DI-CCTC Universidade do Minho Braga, Portugal May, 2011 mcrl2: A toolset for process algebra mcrl2 provides: a generic process algebra, based on Acp (Bergstra & Klop,
More informationCommunication and Concurrency: CCS
Communication and Concurrency: CCS R. Milner, A Calculus of Communicating Systems, 1980 cours SSDE Master 1 Why calculi? Prove properties on programs and languages Principle: tiny syntax, small semantics,
More informationA Weak Bisimulation for Weighted Automata
Weak Bisimulation for Weighted utomata Peter Kemper College of William and Mary Weighted utomata and Semirings here focus on commutative & idempotent semirings Weak Bisimulation Composition operators Congruence
More informationDiagnosis of Repeated/Intermittent Failures in Discrete Event Systems
Diagnosis of Repeated/Intermittent Failures in Discrete Event Systems Shengbing Jiang, Ratnesh Kumar, and Humberto E. Garcia Abstract We introduce the notion of repeated failure diagnosability for diagnosing
More informationTESTING is one of the most important parts of the
IEEE TRANSACTIONS 1 Generating Complete Controllable Test Suites for Distributed Testing Robert M. Hierons, Senior Member, IEEE Abstract A test suite is m-complete for finite state machine (FSM) M if it
More informationClasses and conversions
Classes and conversions Regular expressions Syntax: r = ε a r r r + r r Semantics: The language L r of a regular expression r is inductively defined as follows: L =, L ε = {ε}, L a = a L r r = L r L r
More informationAn introduction to process calculi: Calculus of Communicating Systems (CCS)
An introduction to process calculi: Calculus of Communicating Systems (CCS) Lecture 2 of Modelli Matematici dei Processi Concorrenti Paweł Sobociński University of Southampton, UK Intro to process calculi:
More informationCOM364 Automata Theory Lecture Note 2 - Nondeterminism
COM364 Automata Theory Lecture Note 2 - Nondeterminism Kurtuluş Küllü March 2018 The FA we saw until now were deterministic FA (DFA) in the sense that for each state and input symbol there was exactly
More informationUNIT-III REGULAR LANGUAGES
Syllabus R9 Regulation REGULAR EXPRESSIONS UNIT-III REGULAR LANGUAGES Regular expressions are useful for representing certain sets of strings in an algebraic fashion. In arithmetic we can use the operations
More informationTimed Automata. Chapter Clocks and clock constraints Clock variables and clock constraints
Chapter 10 Timed Automata In the previous chapter, we have discussed a temporal logic where time was a discrete entities. A time unit was one application of the transition relation of an LTS. We could
More informationUnifying Theories of Programming
1&2 Unifying Theories of Programming Unifying Theories of Programming 3&4 Theories Unifying Theories of Programming designs predicates relations reactive CSP processes Jim Woodcock University of York May
More informationSoftware Verification
Software Verification Grégoire Sutre LaBRI, University of Bordeaux, CNRS, France Summer School on Verification Technology, Systems & Applications September 2008 Grégoire Sutre Software Verification VTSA
More informationCommunicating Multi-Stack Visibly Pushdown Processes
Communicating Multi-Stack Visibly Pushdown Processes by Davidson Madudu A thesis submitted to the Department of Computer Science in conformity with the requirements for the degree of Master of Science
More informationFailure Diagnosis of Discrete Event Systems With Linear-Time Temporal Logic Specifications
Failure Diagnosis of Discrete Event Systems With Linear-Time Temporal Logic Specifications Shengbing Jiang and Ratnesh Kumar Abstract The paper studies failure diagnosis of discrete event systems with
More informationAsynchronous Communication 2
Asynchronous Communication 2 INF4140 22.11.12 Lecture 11 INF4140 (22.11.12) Asynchronous Communication 2 Lecture 11 1 / 37 Overview: Last time semantics: histories and trace sets specification: invariants
More informationTrace semantics: towards a unification of parallel paradigms Stephen Brookes. Department of Computer Science Carnegie Mellon University
Trace semantics: towards a unification of parallel paradigms Stephen Brookes Department of Computer Science Carnegie Mellon University MFCSIT 2002 1 PARALLEL PARADIGMS State-based Shared-memory global
More informationReal Time Operating Systems
Real Time Operating ystems Luca Abeni luca.abeni@unitn.it Interacting Tasks Until now, only independent tasks... A job never blocks or suspends A task only blocks on job termination In real world, jobs
More informationCommunication and Concurrency: CCS. R. Milner, A Calculus of Communicating Systems, 1980
Communication and Concurrency: CCS R. Milner, A Calculus of Communicating Systems, 1980 Why calculi? Prove properties on programs and languages Principle: tiny syntax, small semantics, to be handled on
More informationAutomatic Verification of Parameterized Data Structures
Automatic Verification of Parameterized Data Structures Jyotirmoy V. Deshmukh, E. Allen Emerson and Prateek Gupta The University of Texas at Austin The University of Texas at Austin 1 Outline Motivation
More informationPart I. Principles and Techniques
Introduction to Formal Methods Part I. Principles and Techniques Lecturer: JUNBEOM YOO jbyoo@konkuk.ac.kr Introduction Text System and Software Verification : Model-Checking Techniques and Tools In this
More informationAutomata Theory (2A) Young Won Lim 5/31/18
Automata Theory (2A) Copyright (c) 2018 Young W. Lim. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later
More informationDesign of Distributed Systems Melinda Tóth, Zoltán Horváth
Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052
More informationOverview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?
Computer Engineering and Networks Overview Discrete Event Systems Verification of Finite Automata Lothar Thiele Introduction Binary Decision Diagrams Representation of Boolean Functions Comparing two circuits
More informationDeterministic Finite Automata
Deterministic Finite Automata COMP2600 Formal Methods for Software Engineering Ranald Clouston Australian National University Semester 2, 2013 COMP 2600 Deterministic Finite Automata 1 Pop quiz What is
More informationT Reactive Systems: Temporal Logic LTL
Tik-79.186 Reactive Systems 1 T-79.186 Reactive Systems: Temporal Logic LTL Spring 2005, Lecture 4 January 31, 2005 Tik-79.186 Reactive Systems 2 Temporal Logics Temporal logics are currently the most
More informationEDA045F: Program Analysis LECTURE 10: TYPES 1. Christoph Reichenbach
EDA045F: Program Analysis LECTURE 10: TYPES 1 Christoph Reichenbach In the last lecture... Performance Counters Challenges in Dynamic Performance Analysis Taint Analysis Binary Instrumentation 2 / 44 Types
More informationAutomata-based Verification - III
CS3172: Advanced Algorithms Automata-based Verification - III Howard Barringer Room KB2.20/22: email: howard.barringer@manchester.ac.uk March 2005 Third Topic Infinite Word Automata Motivation Büchi Automata
More informationMethods for Software Verification. Andrea Corradini Gian Luigi Ferrari. Second Semester 6 CFU
Methods for Software Verification Andrea Corradini Gian Luigi Ferrari Second Semester 6 CFU. The importance of Software Correctness Increasing integration of ICT in different applications: Embedded systems
More informationMethods for the specification and verification of business processes MPB (6 cfu, 295AA)
Methods for the specification and verification of business processes MPB (6 cfu, 295AA) Roberto Bruni http://www.di.unipi.it/~bruni 07 - Introduction to nets 1 Object Overview of the basic concepts of
More informationAdvanced Topics in LP and FP
Lecture 1: Prolog and Summary of this lecture 1 Introduction to Prolog 2 3 Truth value evaluation 4 Prolog Logic programming language Introduction to Prolog Introduced in the 1970s Program = collection
More informationTime. To do. q Physical clocks q Logical clocks
Time To do q Physical clocks q Logical clocks Events, process states and clocks A distributed system A collection P of N single-threaded processes (p i, i = 1,, N) without shared memory The processes in
More informationBusiness Processes Modelling MPB (6 cfu, 295AA)
Business Processes Modelling MPB (6 cfu, 295AA) Roberto Bruni http://www.di.unipi.it/~bruni 07 - Introduction to nets!1 Object Overview of the basic concepts of Petri nets Free Choice Nets (book, optional
More informationDecentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication
Decentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication Stavros Tripakis Abstract We introduce problems of decentralized control with communication, where we explicitly
More informationMethods for the specification and verification of business processes MPB (6 cfu, 295AA)
Methods for the specification and verification of business processes MPB (6 cfu, 295AA) Roberto Bruni http://www.di.unipi.it/~bruni 08 - Petri nets basics 1 Object Formalization of the basic concepts of
More informationAlan Bundy. Automated Reasoning LTL Model Checking
Automated Reasoning LTL Model Checking Alan Bundy Lecture 9, page 1 Introduction So far we have looked at theorem proving Powerful, especially where good sets of rewrite rules or decision procedures have
More informationAn Equational Axiomatization for Multi-Exit Iteration
An Equational Axiomatization for Multi-Exit Iteration Luca Aceto BRICS Department of Computer Science Aalborg University, Fr. Bajersvej 7E 9220 Aalborg Ø, Denmark Wan Fokkink Utrecht University, Department
More informationDecentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication 1
Decentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication 1 Stavros Tripakis 2 VERIMAG Technical Report TR-2004-26 November 2004 Abstract We introduce problems of decentralized
More informationAn Algebra of Hybrid Systems
Peter Höfner University of Augsburg August 22, 2008 The University of Queensland, August 2008 1 c Peter Höfner Hybrid Systems Definition hybrid systems are heterogeneous systems characterised by the interaction
More informationWhat You Must Remember When Processing Data Words
What You Must Remember When Processing Data Words Michael Benedikt, Clemens Ley, and Gabriele Puppis Oxford University Computing Laboratory, Park Rd, Oxford OX13QD UK Abstract. We provide a Myhill-Nerode-like
More informationHoare Logic (I): Axiomatic Semantics and Program Correctness
Hoare Logic (I): Axiomatic Semantics and Program Correctness (Based on [Apt and Olderog 1991; Gries 1981; Hoare 1969; Kleymann 1999; Sethi 199]) Yih-Kuen Tsay Dept. of Information Management National Taiwan
More informationChapter 5: Linear Temporal Logic
Chapter 5: Linear Temporal Logic Prof. Ali Movaghar Verification of Reactive Systems Spring 94 Outline We introduce linear temporal logic (LTL), a logical formalism that is suited for specifying LT properties.
More informationTemporal logics and explicit-state model checking. Pierre Wolper Université de Liège
Temporal logics and explicit-state model checking Pierre Wolper Université de Liège 1 Topics to be covered Introducing explicit-state model checking Finite automata on infinite words Temporal Logics and
More informationRealizability of Interactions in Collaboration Diagrams
Realizability of Interactions in Collaboration Diagrams Tevfik Bultan Department of Computer Science University of California Santa Barbara, CA 93106, USA bultan@cs.ucsb.edu Xiang Fu School of Computer
More informationSafety and Liveness. Thread Synchronization: Too Much Milk. Critical Sections. A Really Cool Theorem
Safety and Liveness Properties defined over an execution of a program Thread Synchronization: Too Much Milk Safety: nothing bad happens holds in every finite execution prefix Windows never crashes No patient
More informationOn the Executability of Interactive Computation. June 23, 2016 Where innovation starts
On the Executability of Interactive Computation Bas Luttik Fei Yang June 23, 2016 Where innovation starts Outline 2/37 From Computation to Interactive Computation Executability - an Integration of Computability
More informationBilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft)
Bilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft) Jayadev Misra December 18, 2015 Contents 1 Introduction 3 2 Program and Execution Model 4 2.1 Program Structure..........................
More informationBinary Decision Diagrams and Symbolic Model Checking
Binary Decision Diagrams and Symbolic Model Checking Randy Bryant Ed Clarke Ken McMillan Allen Emerson CMU CMU Cadence U Texas http://www.cs.cmu.edu/~bryant Binary Decision Diagrams Restricted Form of
More informationLogical Time. 1. Introduction 2. Clock and Events 3. Logical (Lamport) Clocks 4. Vector Clocks 5. Efficient Implementation
Logical Time Nicola Dragoni Embedded Systems Engineering DTU Compute 1. Introduction 2. Clock and Events 3. Logical (Lamport) Clocks 4. Vector Clocks 5. Efficient Implementation 2013 ACM Turing Award:
More informationOutline F eria AADL behavior 1/ 78
Outline AADL behavior Annex Jean-Paul Bodeveix 2 Pierre Dissaux 3 Mamoun Filali 2 Pierre Gaufillet 1 François Vernadat 2 1 AIRBUS-FRANCE 2 FéRIA 3 ELLIDIS SAE AS2C Detroit Michigan April 2006 FéRIA AADL
More informationTimo Latvala. February 4, 2004
Reactive Systems: Temporal Logic LT L Timo Latvala February 4, 2004 Reactive Systems: Temporal Logic LT L 8-1 Temporal Logics Temporal logics are currently the most widely used specification formalism
More informationAgreement. Today. l Coordination and agreement in group communication. l Consensus
Agreement Today l Coordination and agreement in group communication l Consensus Events and process states " A distributed system a collection P of N singlethreaded processes w/o shared memory Each process
More informationIN THIS paper we investigate the diagnosability of stochastic
476 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL 50, NO 4, APRIL 2005 Diagnosability of Stochastic Discrete-Event Systems David Thorsley and Demosthenis Teneketzis, Fellow, IEEE Abstract We investigate
More information2nd Exam. First Name: Second Name: Matriculation Number: Degree Programme (please mark): CS Bachelor CS Master CS Lehramt SSE Master Other:
2 Concurrency Theory WS 2013/2014 Chair for Software Modeling and Verification Rheinisch-Westfälische Technische Hochschule Aachen Prof. Dr. Ir. Joost-Pieter Katoen apl. Prof. Dr. Thomas Noll S. Chakraorty,
More informationAutomatic Synthesis of Distributed Protocols
Automatic Synthesis of Distributed Protocols Rajeev Alur Stavros Tripakis 1 Introduction Protocols for coordination among concurrent processes are an essential component of modern multiprocessor and distributed
More informationLecture 11: Timed Automata
Real-Time Systems Lecture 11: Timed Automata 2014-07-01 11 2014-07-01 main Dr. Bernd Westphal Albert-Ludwigs-Universität Freiburg, Germany Contents & Goals Last Lecture: DC (un)decidability This Lecture:
More informationEmbedded Systems Development
Embedded Systems Development Lecture 2 Finite Automata & SyncCharts Daniel Kästner AbsInt Angewandte Informatik GmbH kaestner@absint.com Some things I forgot to mention 2 Remember the HISPOS registration
More informationJohns Hopkins Math Tournament Proof Round: Automata
Johns Hopkins Math Tournament 2018 Proof Round: Automata February 9, 2019 Problem Points Score 1 10 2 5 3 10 4 20 5 20 6 15 7 20 Total 100 Instructions The exam is worth 100 points; each part s point value
More informationModels for Efficient Timed Verification
Models for Efficient Timed Verification François Laroussinie LSV / ENS de Cachan CNRS UMR 8643 Monterey Workshop - Composition of embedded systems Model checking System Properties Formalizing step? ϕ Model
More informationLecture 4 Event Systems
Lecture 4 Event Systems This lecture is based on work done with Mark Bickford. Marktoberdorf Summer School, 2003 Formal Methods One of the major research challenges faced by computer science is providing
More informationThe Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security
The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security Carlos Olarte and Frank D. Valencia INRIA /CNRS and LIX, Ecole Polytechnique Motivation Concurrent
More informationRobust Programs with Filtered Iterators
Robust Programs with Filtered Iterators Jiasi Shen, Martin Rinard MIT EECS & CSAIL 1 Standard Scenario Input file Program Output 2 Structured Input Units Input Input unit Input unit Input unit unit Program
More informationThe Underlying Semantics of Transition Systems
The Underlying Semantics of Transition Systems J. M. Crawford D. M. Goldschlag Technical Report 17 December 1987 Computational Logic Inc. 1717 W. 6th St. Suite 290 Austin, Texas 78703 (512) 322-9951 1
More informationMOST OF the published research on control of discreteevent
IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 43, NO. 1, JANUARY 1998 3 Discrete-Event Control of Nondeterministic Systems Michael Heymann and Feng Lin, Member, IEEE Abstract Nondeterminism in discrete-event
More information