Formal Techniques for Software Engineering: CCS: A Calculus for Communicating Systems
|
|
- Trevor Garey Lester
- 5 years ago
- Views:
Transcription
1 Formal Techniques for Software Engineering: CCS: A Calculus for Communicating Systems Rocco De Nicola IMT Institute for Advanced Studies, Lucca rocco.denicola@imtlucca.it June 2013 Lesson 10 R. De Nicola (IMT-Lucca) FoTSE@LMU 1 / 40
2 What have we done 1 Importance of formal methods for proving correctness of concurrent systems 2 Labelled Transition Systems (LTS) as formal models 3 Operators of Process Description Languages (PDL) for modeling systems composition and interaction. 4 Structural Operational Semantics (SOS) for modelling operators and building transition systems corresponding to composite systems. 5 Behavioural Equivalences to abstract from unwanted details of the modelled systems 6 A number of PDL obtained by careful selection of Operators and equivalences 7 Alternative approaches (Equational and Denotational) to defining the Semantics of PDL R. De Nicola (IMT-Lucca) FoTSE@LMU 2 / 40
3 What s next Now we concentrate on one language (CCS), study its theory more in depth and consider a number of small examples (case studies). R. De Nicola (IMT-Lucca) FoTSE@LMU 3 / 40
4 CCS Basics Sequential Fragment Nil (or 0) process (the only atomic process) action prefixing (a.p) names and recursive definitions () nondeterministic choice (+) Any finite LTS can be described (up to isomorphism) by using the operations above. Parallelism and Renaming parallel composition ( ) (synchronous communication between two components = handshake synchronization) restriction (P L) relabelling (P[f ]) R. De Nicola (IMT-Lucca) FoTSE@LMU 4 / 40
5 CCS Basics Sequential Fragment Nil (or 0) process (the only atomic process) action prefixing (a.p) names and recursive definitions () nondeterministic choice (+) Any finite LTS can be described (up to isomorphism) by using the operations above. Parallelism and Renaming parallel composition ( ) (synchronous communication between two components = handshake synchronization) restriction (P L) relabelling (P[f ]) R. De Nicola (IMT-Lucca) FoTSE@LMU 4 / 40
6 CCS Basics Sequential Fragment Nil (or 0) process (the only atomic process) action prefixing (a.p) names and recursive definitions () nondeterministic choice (+) Any finite LTS can be described (up to isomorphism) by using the operations above. Parallelism and Renaming parallel composition ( ) (synchronous communication between two components = handshake synchronization) restriction (P L) relabelling (P[f ]) R. De Nicola (IMT-Lucca) FoTSE@LMU 4 / 40
7 Definition of CCS (channels, actions, process names) Let A be a set of channel names (e.g. tea, coffee are channel names) L = A A be a set of labels where A = {a a A} (elements of A are called names and those of A are called co-names) by convention a = a Act = L {τ} is the set of actions where τ is the internal or silent action (e.g. τ, tea, coffee are actions) K is a set of process names (constants) (e.g. CM). R. De Nicola (IMT-Lucca) FoTSE@LMU 5 / 40
8 Definition of CCS (expressions) P := K process constants (K K) α.p prefixing (α Act) i I P i summation (I is an arbitrary index set) P 1 P 2 parallel composition P L restriction (L A) P[f ] relabelling (f : Act Act) such that f (τ) = τ f (a) = f (a) The set of all terms generated by the abstract syntax is the set of CCS process expressions (and is denoted by P). Notation P 1 + P 2 = i {1,2} P i Nil = 0 = i P i R. De Nicola (IMT-Lucca) FoTSE@LMU 6 / 40
9 Precedence Precedence 1 restriction and relabelling (tightest binding) 2 action prefixing 3 parallel composition 4 summation Example: R + a.p b.q L means R + ( (a.p) (b.(q L)) ). R. De Nicola (IMT-Lucca) FoTSE@LMU 7 / 40
10 Definition of CCS (defining equations) CCS program A collection of defining equations of the form K P where K K is a process constant and P P is a CCS process expression. Only one defining equation per process constant. Recursion is allowed: e.g. A a.a A. R. De Nicola (IMT-Lucca) FoTSE@LMU 8 / 40
11 Structural Operational Semantics for CCS Structural Operational Semantics (SOS) G. Plotkin 1981 Small-step operational semantics where the behaviour of a system is inferred using syntax driven rules. Given a collection of CCS defining equations, we define the following LTS (Proc, Act, { a a Act}): Proc = P (the set of all CCS process expressions) Act = L {τ} (the set of all CCS actions including τ) transition relation is given by SOS rules of the form: RULE premises conclusion conditions R. De Nicola (IMT-Lucca) FoTSE@LMU 9 / 40
12 SOS rules for CCS (α Act, a L) ACT α.p α P α P j P j SUM j i I P α i P j j I COM1 P α P P Q α P Q COM2 COM3 P a P Q a Q P Q τ P Q α Q Q P Q α P Q RES P α P P L α P L α, α L REL P α P P[f ] f (α) P [f ] CON P α P K α P K P R. De Nicola (IMT-Lucca) FoTSE@LMU 10 / 40
13 Deriving Transitions in CCS Let A a.a. Then ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a]. Why? R. De Nicola (IMT-Lucca) FoTSE@LMU 11 / 40
14 Deriving Transitions in CCS Let A a.a. Then ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a]. Why? REL ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a] R. De Nicola (IMT-Lucca) FoTSE@LMU 11 / 40
15 Deriving Transitions in CCS Let A a.a. Then ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a]. Why? COM1 a (A a.nil) b.nil (A a.nil) b.nil REL ( ) c (A a.nil) b.nil [c/a] ( (A a.nil) b.nil ) [c/a] R. De Nicola (IMT-Lucca) FoTSE@LMU 11 / 40
16 Deriving Transitions in CCS Let A a.a. Then ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a]. Why? REL COM1 a A a.nil A a.nil COM1 a (A a.nil) b.nil (A a.nil) b.nil ( ) c (A a.nil) b.nil [c/a] ( (A a.nil) b.nil ) [c/a] R. De Nicola (IMT-Lucca) FoTSE@LMU 11 / 40
17 Deriving Transitions in CCS Let A a.a. Then ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a]. Why? REL CON a A a.a A A COM1 a A a.nil A a.nil COM1 a (A a.nil) b.nil (A a.nil) b.nil ( ) c (A a.nil) b.nil [c/a] ( (A a.nil) b.nil ) [c/a] R. De Nicola (IMT-Lucca) FoTSE@LMU 11 / 40
18 Deriving Transitions in CCS Let A a.a. Then ( (A a.nil) b.nil ) [c/a] c ( (A a.nil) b.nil ) [c/a]. Why? REL COM1 ACT a a.a A CON A a A COM1 a A a.a A a.nil A a.nil a (A a.nil) b.nil (A a.nil) b.nil ( ) c (A a.nil) b.nil [c/a] ( (A a.nil) b.nil ) [c/a] R. De Nicola (IMT-Lucca) FoTSE@LMU 11 / 40
19 LTS of the Process a.nil a.nil a.nil a.nil a a Nil a.nil τ a.nil Nil a a Nil Nil R. De Nicola (IMT-Lucca) FoTSE@LMU 12 / 40
20 Puzzle Time: 50 Prisoners Problem Solve the problem and write down the solution as a process 50 prisoners kept in separate cells got a chance are told that From time to time one of them would be taken to a special room (in no particular order, possibly multiple many consecutive times, but with a fair schedule to avoid infinite wait) and then back to the cell. The room is completely empty except for an on/off switch a lamp (the light is not visible from outside). At any time, if any of them says that all the prisoners have already entered the room at least once and this is true, all prisoners will be released (but if it is false, the play ends and they are life sentenced). Before the challenge starts, the prisoners have the possibility to discuss together some protocol to follow. Is there a winning strategy for the prisoners? Note that the initial state of the light in the room is not known. R. De Nicola (IMT-Lucca) FoTSE@LMU 13 / 40
21 First Attempt (assume the light is initially ON) The Light (initially ON) Light turnoff.turnon.light (can be read as recx.turnoff.turnon.x ) One Counting-Down Prisoner C i+1 turnoff.c i + τ.c i+1 C 0 freeall 49 Generic Prisoners P turnon.ip + τ.p IP τ.ip (Idle Prisoner) Prison (Light C 50 P... P) \{turnon, turnoff } R. De Nicola (IMT-Lucca) FoTSE@LMU 14 / 40
22 First Attempt (assume the light is initially ON) The Light (initially ON) Light turnoff.turnon.light (can be read as recx.turnoff.turnon.x ) One Counting-Down Prisoner C i+1 turnoff.c i + τ.c i+1 C 0 freeall 49 Generic Prisoners P turnon.ip + τ.p IP τ.ip (Idle Prisoner) Prison (Light C 50 P... P) \{turnon, turnoff } R. De Nicola (IMT-Lucca) FoTSE@LMU 14 / 40
23 First Attempt (assume the light is initially ON) The Light (initially ON) Light turnoff.turnon.light (can be read as recx.turnoff.turnon.x ) One Counting-Down Prisoner C i+1 turnoff.c i + τ.c i+1 C 0 freeall 49 Generic Prisoners P turnon.ip + τ.p IP τ.ip (Idle Prisoner) Prison (Light C 50 P... P) \{turnon, turnoff } R. De Nicola (IMT-Lucca) FoTSE@LMU 14 / 40
24 First Attempt (assume the light is initially ON) The Light (initially ON) Light turnoff.turnon.light (can be read as recx.turnoff.turnon.x ) One Counting-Down Prisoner C i+1 turnoff.c i + τ.c i+1 C 0 freeall 49 Generic Prisoners P turnon.ip + τ.p IP τ.ip (Idle Prisoner) Prison (Light C 50 P... P) \{turnon, turnoff } R. De Nicola (IMT-Lucca) FoTSE@LMU 14 / 40
25 Problems Prisoners can just perform τs and never interact with the light The Light (initially ON) Light turnoff.turnon.light One Counting-Down Prisoner C i+1 turnoff.c i + turnon.turnoff.c i+1 C 0 freeall 49 Generic Prisoners P turnon.ip + turnoff.turnon.p IP τ.ip (Idle Prisoner) Prison (Light C 50 P... P) \{turnon, turnoff } R. De Nicola (IMT-Lucca) FoTSE@LMU 15 / 40
26 Problems Prisoners can just perform τs and never interact with the light The Light (initially ON) Light turnoff.turnon.light One Counting-Down Prisoner C i+1 turnoff.c i + turnon.turnoff.c i+1 C 0 freeall 49 Generic Prisoners P turnon.ip + turnoff.turnon.p IP τ.ip (Idle Prisoner) Prison (Light C 50 P... P) \{turnon, turnoff } R. De Nicola (IMT-Lucca) FoTSE@LMU 15 / 40
27 Problems Prisoners can just perform τs and never interact with the light The Light (initially ON) Light turnoff.turnon.light One Counting-Down Prisoner C i+1 turnoff.c i + turnon.turnoff.c i+1 C 0 freeall 49 Generic Prisoners P turnon.ip + turnoff.turnon.p IP τ.ip (Idle Prisoner) Prison (Light C 50 P... P) \{turnon, turnoff } R. De Nicola (IMT-Lucca) FoTSE@LMU 15 / 40
28 Problems Prisoners can just perform τs and never interact with the light The Light (initially ON) Light turnoff.turnon.light One Counting-Down Prisoner C i+1 turnoff.c i + turnon.turnoff.c i+1 C 0 freeall 49 Generic Prisoners P turnon.ip + turnoff.turnon.p IP τ.ip (Idle Prisoner) Prison (Light C 50 P... P) \{turnon, turnoff } R. De Nicola (IMT-Lucca) FoTSE@LMU 15 / 40
29 Problems The light must be accessed in mutual exclusion The Room and The Light (initially ON) Room roomin.roomout.room One Counting-Down Prisoner Light turnoff.turnon.light C i+1 roomin.(turnoff.roomout.c i + turnon.turnoff.roomout.c i+1 ) C 0 freeall 49 Generic Prisoners P IP Prison roomin.(turnon.roomout.ip + turnoff.turnon.roomout.p) roomin.τ.roomout.ip (Room Light C 50 P... P) \{turnon, turnoff, roomin, roomout} R. De Nicola (IMT-Lucca) FoTSE@LMU 16 / 40
30 Problems The light must be accessed in mutual exclusion The Room and The Light (initially ON) Room roomin.roomout.room One Counting-Down Prisoner Light turnoff.turnon.light C i+1 roomin.(turnoff.roomout.c i + turnon.turnoff.roomout.c i+1 ) C 0 freeall 49 Generic Prisoners P IP Prison roomin.(turnon.roomout.ip + turnoff.turnon.roomout.p) roomin.τ.roomout.ip (Room Light C 50 P... P) \{turnon, turnoff, roomin, roomout} R. De Nicola (IMT-Lucca) FoTSE@LMU 16 / 40
31 Problems The light must be accessed in mutual exclusion The Room and The Light (initially ON) Room roomin.roomout.room One Counting-Down Prisoner Light turnoff.turnon.light C i+1 roomin.(turnoff.roomout.c i + turnon.turnoff.roomout.c i+1 ) C 0 freeall 49 Generic Prisoners P IP Prison roomin.(turnon.roomout.ip + turnoff.turnon.roomout.p) roomin.τ.roomout.ip (Room Light C 50 P... P) \{turnon, turnoff, roomin, roomout} R. De Nicola (IMT-Lucca) FoTSE@LMU 16 / 40
32 Problems The light must be accessed in mutual exclusion The Room and The Light (initially ON) Room roomin.roomout.room One Counting-Down Prisoner Light turnoff.turnon.light C i+1 roomin.(turnoff.roomout.c i + turnon.turnoff.roomout.c i+1 ) C 0 freeall 49 Generic Prisoners P IP Prison roomin.(turnon.roomout.ip + turnoff.turnon.roomout.p) roomin.τ.roomout.ip (Room Light C 50 P... P) \{turnon, turnoff, roomin, roomout} R. De Nicola (IMT-Lucca) FoTSE@LMU 16 / 40
33 Problems Initial state is not known The Light Light τ.lighton + τ.lightoff LightOn turnoff.lightoff LightOff turnon.lighton If the light is initially ON and the counting prisoner enters the room first then it must count 50 switching, otherwise only but he cannot know! Prison (Room Light C 50or49? P... P) \{turnon, turnoff, roomin, roomout} R. De Nicola (IMT-Lucca) FoTSE@LMU 17 / 40
34 Problems Initial state is not known The Light Light τ.lighton + τ.lightoff LightOn turnoff.lightoff LightOff turnon.lighton If the light is initially ON and the counting prisoner enters the room first then it must count 50 switching, otherwise only but he cannot know! Prison (Room Light C 50or49? P... P) \{turnon, turnoff, roomin, roomout} R. De Nicola (IMT-Lucca) FoTSE@LMU 17 / 40
35 Problems Initial state is not known The Light Light τ.lighton + τ.lightoff LightOn turnoff.lightoff LightOff turnon.lighton If the light is initially ON and the counting prisoner enters the room first then it must count 50 switching, otherwise only but he cannot know! Prison (Room Light C 50or49? P... P) \{turnon, turnoff, roomin, roomout} R. De Nicola (IMT-Lucca) FoTSE@LMU 17 / 40
36 Solution What about counting twice? = = 98 If he can count 98 switchings then all other prisoners must have entered the room at least once (well... most of them twice). If not: = = 96 Generic Prisoners & Re-playing Prisoners & Idle Prisoners P roomin.(turnon.roomout.rp + turnoff.turnon.roomout.p) RP roomin.(turnon.roomout.ip + turnoff.turnon.roomout.rp) IP roomin.τ.roomout.ip Prison (Room Light C 98 P... P) \{turnon, turnoff, roomin, roomout} R. De Nicola (IMT-Lucca) FoTSE@LMU 18 / 40
37 Solution What about counting twice? = = 98 If he can count 98 switchings then all other prisoners must have entered the room at least once (well... most of them twice). If not: = = 96 Generic Prisoners & Re-playing Prisoners & Idle Prisoners P roomin.(turnon.roomout.rp + turnoff.turnon.roomout.p) RP roomin.(turnon.roomout.ip + turnoff.turnon.roomout.rp) IP roomin.τ.roomout.ip Prison (Room Light C 98 P... P) \{turnon, turnoff, roomin, roomout} R. De Nicola (IMT-Lucca) FoTSE@LMU 18 / 40
38 Value Passing CCS Main Idea Handshake synchronization is extended with the possibility to exchange data (e.g., integers). pay(6).nil pay(x).save(x/2).nil R. De Nicola (IMT-Lucca) 19 / 40
39 Value Passing CCS Main Idea Handshake synchronization is extended with the possibility to exchange data (e.g., integers). pay(6).nil pay(x).save(x/2).nil τ Nil save(3).nil R. De Nicola (IMT-Lucca) 19 / 40
40 Value Passing CCS Main Idea Handshake synchronization is extended with the possibility to exchange data (e.g., integers). pay(6).nil pay(x).save(x/2).nil τ Nil save(3).nil Parametrized Process Constants For example: Bank(total) save(x).bank(total + x). R. De Nicola (IMT-Lucca) FoTSE@LMU 19 / 40
41 Value Passing CCS Main Idea Handshake synchronization is extended with the possibility to exchange data (e.g., integers). pay(6).nil pay(x).save(x/2).nil Bank(100) τ Nil save(3).nil Bank(100) Parametrized Process Constants For example: Bank(total) save(x).bank(total + x). R. De Nicola (IMT-Lucca) FoTSE@LMU 19 / 40
42 Value Passing CCS Main Idea Handshake synchronization is extended with the possibility to exchange data (e.g., integers). pay(6).nil pay(x).save(x/2).nil Bank(100) τ Nil save(3).nil Bank(100) τ Nil Nil Bank(103) Parametrized Process Constants For example: Bank(total) save(x).bank(total + x). R. De Nicola (IMT-Lucca) FoTSE@LMU 19 / 40
43 Translation of Value Passing CCS to Standard CCS Value Passing CCS C in(x).c (x) C (x) out(x).c Standard CCS C i N in i.c i C i out i.c out(x) out i in 2 C C i C C 2 C (x) in(x) symbolic LTS in i out 1 C 1 in 1 infinite LTS out 2 R. De Nicola (IMT-Lucca) FoTSE@LMU 20 / 40
44 CCS Has Full Turing Power Fact CCS can simulate a computation of any Turing machine. Remark Hence CCS is as expressive as any other programming language but its use is to rather describe the behaviour of reactive systems than to perform specific calculations. R. De Nicola (IMT-Lucca) FoTSE@LMU 21 / 40
45 Strong Bisimilarity Let (Proc, Act, { a a Act}) be an LTS. Strong Bisimulation A binary relation R Proc Proc is a strong bisimulation iff whenever (s, t) R then for each a Act: a a if s s then t t for some t such that (s, t ) R a if t t a then s s for some s such that (s, t ) R. Strong Bisimilarity Two processes p 1, p 2 Proc are strongly bisimilar (p 1 p 2 ) if and only if there exists a strong bisimulation R such that (p 1, p 2 ) R. = {R R is a strong bisimulation} R. De Nicola (IMT-Lucca) FoTSE@LMU 22 / 40
46 Example Buffer Buffer of Capacity 1 B 1 0 in.b1 1 B 1 1 out.b1 0 Buffer of Capacity n B n 0 in.bn 1 Bn i in.b n i+1 + out.bn i 1 for 0 < i < n B n n out.b n n 1 Example: B 2 0 B1 0 B1 0 B0 2 in B1 2 in B2 2 out out B 1 1 B1 0 in out out in B 1 0 B1 0 B 1 1 B1 1 in in out out B 1 0 B1 1 R. De Nicola (IMT-Lucca) FoTSE@LMU 23 / 40
47 Example Buffer Buffer of Capacity 1 B 1 0 in.b1 1 B 1 1 out.b1 0 Buffer of Capacity n B n 0 in.bn 1 Bn i in.b n i+1 + out.bn i 1 for 0 < i < n B n n out.b n n 1 Example: B 2 0 B1 0 B1 0 B0 2 in B1 2 in B2 2 out out B 1 1 B1 0 in out out in B 1 0 B1 0 B 1 1 B1 1 in in out out B 1 0 B1 1 R. De Nicola (IMT-Lucca) FoTSE@LMU 23 / 40
48 Example Buffer Buffer of Capacity 1 B 1 0 in.b1 1 B 1 1 out.b1 0 Buffer of Capacity n B n 0 in.bn 1 Bn i in.b n i+1 + out.bn i 1 for 0 < i < n B n n out.b n n 1 Example: B 2 0 B1 0 B1 0 B0 2 in B1 2 in B2 2 out out B 1 1 B1 0 in out out in B 1 0 B1 0 B 1 1 B1 1 in in out out B 1 0 B1 1 R. De Nicola (IMT-Lucca) FoTSE@LMU 23 / 40
49 Example Buffer Theorem For all natural numbers n: B n 0 B1 0 B 1 0 B 1 0 }{{} n times Proof. Construct the following binary relation where i 1, i 2,..., i n {0, 1}. R = { ( B n i, B 1 i 1 B 1 i 2 B 1 i n ) n i j = i} j=1 ( B n 0, B0 1 B1 0 ) B1 0 R R is strong bisimulation R. De Nicola (IMT-Lucca) FoTSE@LMU 24 / 40
50 Example Buffer Theorem For all natural numbers n: B n 0 B1 0 B 1 0 B 1 0 }{{} n times Proof. Construct the following binary relation where i 1, i 2,..., i n {0, 1}. R = { ( B n i, B 1 i 1 B 1 i 2 B 1 i n ) n i j = i} j=1 ( B n 0, B0 1 B1 0 ) B1 0 R R is strong bisimulation R. De Nicola (IMT-Lucca) FoTSE@LMU 24 / 40
51 Question Time Prove the following (or give counterexamples) is reflexive is symmetric is transitive is an equivalence relation If R is a strong bisimulation then R For all natural numbers n, k: B n+k 0 B n 0 Bk 0 R. De Nicola (IMT-Lucca) FoTSE@LMU 25 / 40
52 Playful digression Some advanced proof methods 1 Proof by obviousness: So evident it need not to be mentioned 2 Proof by general agreement: All in favor? 3 Proof by majority: When general agreement fails 4 Proof by plausibility: It sounds good 5 Proof by intuition: I have this feeling... 6 Proof by lost reference: I saw it somewhere 7 Proof by obscure reference: It appeared in the Annals of Polish Math. Soc. (1854, in polish) 8 Proof by logic: It is on the textbook, hence it must be true 9 Proof by intimidation: Who is saying that it is false!? 10 Proof by authority: Don Knuth said it was true 11 Proof by deception: Everybody please turn their backs Proof by divine word: Lord said let it be true R. De Nicola (IMT-Lucca) FoTSE@LMU 26 / 40
53 Playful digression Some advanced proof methods 1 Proof by obviousness: So evident it need not to be mentioned 2 Proof by general agreement: All in favor? 3 Proof by majority: When general agreement fails 4 Proof by plausibility: It sounds good 5 Proof by intuition: I have this feeling... 6 Proof by lost reference: I saw it somewhere 7 Proof by obscure reference: It appeared in the Annals of Polish Math. Soc. (1854, in polish) 8 Proof by logic: It is on the textbook, hence it must be true 9 Proof by intimidation: Who is saying that it is false!? 10 Proof by authority: Don Knuth said it was true 11 Proof by deception: Everybody please turn their backs Proof by divine word: Lord said let it be true R. De Nicola (IMT-Lucca) FoTSE@LMU 26 / 40
54 Playful digression Some advanced proof methods 1 Proof by obviousness: So evident it need not to be mentioned 2 Proof by general agreement: All in favor? 3 Proof by majority: When general agreement fails 4 Proof by plausibility: It sounds good 5 Proof by intuition: I have this feeling... 6 Proof by lost reference: I saw it somewhere 7 Proof by obscure reference: It appeared in the Annals of Polish Math. Soc. (1854, in polish) 8 Proof by logic: It is on the textbook, hence it must be true 9 Proof by intimidation: Who is saying that it is false!? 10 Proof by authority: Don Knuth said it was true 11 Proof by deception: Everybody please turn their backs Proof by divine word: Lord said let it be true R. De Nicola (IMT-Lucca) FoTSE@LMU 26 / 40
55 Playful digression Some advanced proof methods 1 Proof by obviousness: So evident it need not to be mentioned 2 Proof by general agreement: All in favor? 3 Proof by majority: When general agreement fails 4 Proof by plausibility: It sounds good 5 Proof by intuition: I have this feeling... 6 Proof by lost reference: I saw it somewhere 7 Proof by obscure reference: It appeared in the Annals of Polish Math. Soc. (1854, in polish) 8 Proof by logic: It is on the textbook, hence it must be true 9 Proof by intimidation: Who is saying that it is false!? 10 Proof by authority: Don Knuth said it was true 11 Proof by deception: Everybody please turn their backs Proof by divine word: Lord said let it be true R. De Nicola (IMT-Lucca) FoTSE@LMU 26 / 40
56 Strong Bisimilarity is a Congruence for CCS Operations Theorem Let P and Q be CCS processes such that P Q. Then α.p α.q for each action α Act P + R Q + R for each CCS process R R + P R + Q for each CCS process R P R Q R for each CCS process R R P R Q for each CCS process R P[f ] Q[f ] for each relabelling function f P \ L Q \ L for each set of labels L. (proof sketch for + R) Let R = { (P + R, Q + R) R Proc } Id. It suffices to show that R is a bisimulation. Suppose P + R µ S. If it is because P µ S, then Q µ T with (S, T ) because P Q and hence Q + R µ T with (S, T ) R. Otherwise, it is because R µ S, but then Q + R µ S with (S, S) Id R. The case where Q + R moves is symmetric. R. De Nicola (IMT-Lucca) FoTSE@LMU 27 / 40
57 Other Properties of Strong Bisimilarity The Following Properties Hold for all CCS Processes P, Q, R P + Nil P (Neutral element for +) P Nil P (Neutral element for ) P + Q Q + P (Commutativity of +) P Q Q P (Commutativity of ) (P + Q) + R P + (Q + R) (associativity of +) (P Q) R P (Q R) (associativity of ) P + P P (Idempotency of +) (proof sketch for commutativity of +) Let R = { (P + Q, Q + P) P, Q Proc } Id. It suffices to show that R is a bisimulation. Suppose P + Q µ S using SUM1 (resp. SUM2), then Q + P µ S using SUM2 (resp. SUM1) and (S, S) Id R. The case where Q + P moves is analogous. R. De Nicola (IMT-Lucca) FoTSE@LMU 28 / 40
58 Strong Bisimilarity Summary Properties of an equivalence relation the largest strong bisimulation a congruence enough to prove some natural rules like P Q Q P P Nil P (P Q) R Q (P R) Question Should we look any further??? R. De Nicola (IMT-Lucca) FoTSE@LMU 29 / 40
59 Strong Bisimilarity Summary Properties of an equivalence relation the largest strong bisimulation a congruence enough to prove some natural rules like P Q Q P P Nil P (P Q) R Q (P R) Question Should we look any further??? R. De Nicola (IMT-Lucca) FoTSE@LMU 29 / 40
60 Behavioural Equivalence: Cells Cell1 = One-position cell Cell2 = Two-positions cell ParCell = Cell1 Cell1 SeqCell = Cell1 Cell1 Are Cell2, ParCell and SeqCell equivalent? (p restricted) R. De Nicola (IMT-Lucca) FoTSE@LMU 30 / 40
61 Behavioural Equivalence: FIFO buffers FIFO1 = One-pos. FIFO buffer FIFO2 = Two-pos. FIFO buffer ParFIFO = FIFO1 FIFO1 SeqFIFO = FIFO1 FIFO1 (p0, p1 restricted) Are FIFO2, ParFIFO and SeqFIFO equivalent? R. De Nicola (IMT-Lucca) FoTSE@LMU 31 / 40
62 Weak Transition Relation Let (Proc, Act, { a a Act}) be an LTS such that τ Act. Definition of the Weak Transition Relations Let a be an action or ε: { a ( ) τ = = a ( ) τ ( ) τ if a ε if a = ε Definition If a is an observable action, then â = a. On the other hand, ˆτ = ε. R. De Nicola (IMT-Lucca) FoTSE@LMU 32 / 40
63 Weak Bisimilarity Let (Proc, Act, { a a Act}) be an LTS such that τ Act. Weak Bisimulation A binary relation R Proc Proc is a weak bisimulation iff whenever (s, t) R then for each a Act (including τ): if s if t a s â then t = t for some t such that (s, t ) R a t â then s = s for some s such that (s, t ) R. Weak Bisimilarity Two processes p 1, p 2 Proc are weakly bisimilar (p 1 p 2 ) if and only if there exists a weak bisimulation R such that (p 1, p 2 ) R. = {R R is a weak bisimulation} R. De Nicola (IMT-Lucca) FoTSE@LMU 33 / 40
64 Weak Bisimilarity Properties Properties of an equivalence relation the largest weak bisimulation strong bisimilarity is included in weak bisimilarity ( ) validates lots of natural laws, e.g. a.τ.p a.p P + τ.p τ.p a.(p + τ.q) a.(p + τ.q) + a.q P + Q Q + P P Q Q P P + Nil P... abstracts from τ loops τ a a R. De Nicola (IMT-Lucca) FoTSE@LMU 34 / 40
65 Is Weak Bisimilarity a Congruence for CCS? Theorem Let P and Q be CCS processes such that P Q. Then α.p α.q for each action α Act P R Q R for each CCS process R R P R Q for each CCS process R P[f ] Q[f ] for each relabelling function f P \ L Q \ L for each set of labels L. Conclusion Weak bisimilarity is not a congruence for CCS. R. De Nicola (IMT-Lucca) FoTSE@LMU 35 / 40
66 Is Weak Bisimilarity a Congruence for CCS? Theorem Let P and Q be CCS processes such that P Q. Then α.p α.q for each action α Act P R Q R for each CCS process R R P R Q for each CCS process R P[f ] Q[f ] for each relabelling function f P \ L Q \ L for each set of labels L. What about choice? Conclusion Weak bisimilarity is not a congruence for CCS. R. De Nicola (IMT-Lucca) FoTSE@LMU 35 / 40
67 Is Weak Bisimilarity a Congruence for CCS? Theorem Let P and Q be CCS processes such that P Q. Then α.p α.q for each action α Act P R Q R for each CCS process R R P R Q for each CCS process R P[f ] Q[f ] for each relabelling function f P \ L Q \ L for each set of labels L. (proof attempt for + R) Let R = { (P + R, Q + R) R Proc } Id. It suffices to show that R is a weak bisimulation. Suppose P + R µ S. If it is because R µ S, then Q + R µ S with (S, S) Id R. Otherwise, it is because P µ S, then Q = ˆµ T with (S, T ) because P Q (is this true???) and hence Q + R = ˆµ T with (S, T ) R. Conclusion Weak bisimilarity is not a congruence for CCS. R. De Nicola (IMT-Lucca) FoTSE@LMU 35 / 40
68 Is Weak Bisimilarity a Congruence for CCS? Theorem Let P and Q be CCS processes such that P Q. Then α.p α.q for each action α Act P R Q R for each CCS process R R P R Q for each CCS process R P[f ] Q[f ] for each relabelling function f P \ L Q \ L for each set of labels L. (proof attempt for + R) Let R = { (P + R, Q + R) R Proc } Id. It suffices to show that R is a weak bisimulation. Suppose P + R µ S. If it is because R µ S, then Q + R µ S with (S, S) Id R. Otherwise, it is because P µ S, then Q = ˆµ T with (S, T ) because P Q (is this true???) and hence Q + R = ˆµ T with (S, T ) R. (counterexample) τ.a.nil a.nil but τ.a.nil + b.nil a.nil + b.nil Conclusion R. De Nicola (IMT-Lucca) FoTSE@LMU 35 / 40
69 Is Weak Bisimilarity a Congruence for CCS? Theorem Let P and Q be CCS processes such that P Q. Then α.p α.q for each action α Act P R Q R for each CCS process R R P R Q for each CCS process R P[f ] Q[f ] for each relabelling function f P \ L Q \ L for each set of labels L. (proof attempt for + R) Let R = { (P + R, Q + R) R Proc } Id. It suffices to show that R is a weak bisimulation. Suppose P + R µ S. If it is because R µ S, then Q + R µ S with (S, S) Id R. Otherwise, it is because P µ S, then Q = ˆµ T with (S, T ) because P Q (is this true???) and hence Q + R = ˆµ T with (S, T ) R. (counterexample) τ.a.nil a.nil but τ.a.nil + b.nil a.nil + b.nil What is wrong and which one is it the right alternative? R. De Nicola (IMT-Lucca) FoTSE@LMU 35 / 40
70 Is Weak Bisimilarity a Congruence for CCS? Theorem Let P and Q be CCS processes such that P Q. Then α.p α.q for each action α Act P R Q R for each CCS process R R P R Q for each CCS process R P[f ] Q[f ] for each relabelling function f P \ L Q \ L for each set of labels L. Conclusion Weak bisimilarity is not a congruence for CCS. R. De Nicola (IMT-Lucca) FoTSE@LMU 35 / 40
71 Case Study: Communication Protocol A message delivery system, accept a message transfer request, deliver the message and then it becomes ready again to serve a new request. The implementation must take into account that errors can arise during the message transfer, in which case the message must be resent. R. De Nicola (IMT-Lucca) FoTSE@LMU 36 / 40
72 Case Study: Communication Protocol Spec acc.del.spec Impl (Send Med Rec) {send, trans, ack, error} acc ack Send Rec del error send Med trans Impl? Spec R. De Nicola (IMT-Lucca) 37 / 40
73 Case Study: Communication Protocol Spec acc.del.spec Impl (Send Med Rec) {send, trans, ack, error} acc ack Send Rec del error send Med trans Impl? Spec R. De Nicola (IMT-Lucca) 37 / 40
74 Case Study: Communication Protocol Spec acc.del.spec Impl (Send Med Rec) {send, trans, ack, error} acc ack Send Rec del error send Med trans Impl? Spec R. De Nicola (IMT-Lucca) 37 / 40
75 Case Study: Communication Protocol acc ack Send Rec del error send Med trans Send acc.sending Rec trans.del Sending send.wait Del del.ack Wait ack.send + error.sending Ack ack.rec Med send.med Med τ.err + trans.med Err error.med R. De Nicola (IMT-Lucca) FoTSE@LMU 38 / 40
76 A visual execution R. De Nicola (IMT-Lucca) 39 / 40
77 A visual execution R. De Nicola (IMT-Lucca) 39 / 40
78 A visual execution R. De Nicola (IMT-Lucca) 39 / 40
79 A visual execution R. De Nicola (IMT-Lucca) 39 / 40
80 A visual execution R. De Nicola (IMT-Lucca) 39 / 40
81 A visual execution R. De Nicola (IMT-Lucca) 39 / 40
82 A visual execution R. De Nicola (IMT-Lucca) 39 / 40
83 A visual execution R. De Nicola (IMT-Lucca) 39 / 40
84 A visual execution R. De Nicola (IMT-Lucca) 39 / 40
85 Question Time Spec acc.del.spec Impl (Send Med Rec) {send, trans, ack, error} Question Impl? Spec 1 Draw the LTS of Spec (by hand) 2 Draw the LTS of Impl (by hand) 3 Prove (by hand) their equivalence 4 Use TAPAS! R. De Nicola (IMT-Lucca) FoTSE@LMU 40 / 40
Semantics and Verification
Semantics and Verification Lecture 2 informal introduction to CCS syntax of CCS semantics of CCS 1 / 12 Sequential Fragment Parallelism and Renaming CCS Basics (Sequential Fragment) Nil (or 0) process
More informationProcess Algebras and Concurrent Systems
Process Algebras and Concurrent Systems Rocco De Nicola Dipartimento di Sistemi ed Informatica Università di Firenze Process Algebras and Concurrent Systems August 2006 R. De Nicola (DSI-UNIFI) Process
More informationComplex Systems Design & Distributed Calculus and Coordination
Complex Systems Design & Distributed Calculus and Coordination Concurrency and Process Algebras: Theory and Practice Francesco Tiezzi University of Camerino francesco.tiezzi@unicam.it A.A. 2014/2015 F.
More informationConcurrent Processes and Reaction
Concurrent Processes and Reaction Overview External and internal actions Observations Concurrent process expressions Structural congruence Reaction References Robin Milner, Communication and Concurrency
More informationTopics in Concurrency
Topics in Concurrency Lecture 3 Jonathan Hayman 18 October 2016 Towards a more basic language Aim: removal of variables to reveal symmetry of input and output Transitions for value-passing carry labels
More informationTopics in Concurrency
Topics in Concurrency Lecture 3 Jonathan Hayman 18 February 2015 Recap: Syntax of CCS Expressions: Arithmetic a and Boolean b Processes: p ::= nil nil process (τ p) silent/internal action (α!a p) output
More informationModels of Concurrency
Models of Concurrency GERARDO SCHNEIDER UPPSALA UNIVERSITY DEPARTMENT OF INFORMATION TECHNOLOGY UPPSALA, SWEDEN Thanks to Frank Valencia Models of Concurrency p.1/57 Concurrency is Everywhere Concurrent
More informationAn introduction to process calculi: Calculus of Communicating Systems (CCS)
An introduction to process calculi: Calculus of Communicating Systems (CCS) Lecture 2 of Modelli Matematici dei Processi Concorrenti Paweł Sobociński University of Southampton, UK Intro to process calculi:
More informationThe Calculus of Communicating Systems
The Calculus of Communicating Systems Wolfgang Schreiner Research Institute for Symbolic Computation (RISC-Linz) Johannes Kepler University, A-4040 Linz, Austria Wolfgang.Schreiner@risc.uni-linz.ac.at
More informationCommunication and Concurrency: CCS
Communication and Concurrency: CCS R. Milner, A Calculus of Communicating Systems, 1980 cours SSDE Master 1 Why calculi? Prove properties on programs and languages Principle: tiny syntax, small semantics,
More informationReview of The π-calculus: A Theory of Mobile Processes
Review of The π-calculus: A Theory of Mobile Processes Riccardo Pucella Department of Computer Science Cornell University July 8, 2001 Introduction With the rise of computer networks in the past decades,
More informationCommunication and Concurrency: CCS. R. Milner, A Calculus of Communicating Systems, 1980
Communication and Concurrency: CCS R. Milner, A Calculus of Communicating Systems, 1980 Why calculi? Prove properties on programs and languages Principle: tiny syntax, small semantics, to be handled on
More informationA Note on Scope and Infinite Behaviour in CCS-like Calculi p.1/32
A Note on Scope and Infinite Behaviour in CCS-like Calculi GERARDO SCHNEIDER UPPSALA UNIVERSITY DEPARTMENT OF INFORMATION TECHNOLOGY UPPSALA, SWEDEN Joint work with Pablo Giambiagi and Frank Valencia A
More informationCorrespondence between Kripke Structures and Labeled Transition Systems for Model Minimization
Correspondence between Kripke Structures and Labeled Transition Systems for Model Minimization Rob Schoren Abstract This document is mainly an extension of the work of Michel Reniers and Tim Willemse,
More informationCommunicating and Mobile Systems
Communicating and Mobile Systems Overview:! Programming Model! Interactive Behavior! Labeled Transition System! Bisimulation! The π-calculus! Data Structures and λ-calculus encoding in the π-calculus References:!
More informationCCS: Syntax & Semantics (Final Version)
CCS: & Semantics (Final Version) Prof. Susan Older 14 September 2017 (CIS 400/632) CCS & Semantics 14 September 2017 1 / 10 Relevant Syntactic Sets: A Recap from Last Time We have the following countably
More informationIntroduction to process algebra
Introduction to process algebra Luís S. Barbosa DI-CCTC Universidade do Minho Braga, Portugal March, 2010 Actions & processes Action is a latency for interaction for a L, L denoting a set of names Act
More informationTrace Refinement of π-calculus Processes
Trace Refinement of pi-calculus Processes Trace Refinement of π-calculus Processes Manuel Gieseking manuel.gieseking@informatik.uni-oldenburg.de) Correct System Design, Carl von Ossietzky University of
More informationDecidable Subsets of CCS
Decidable Subsets of CCS based on the paper with the same title by Christensen, Hirshfeld and Moller from 1994 Sven Dziadek Abstract Process algebra is a very interesting framework for describing and analyzing
More informationConcurrency theory. proof-techniques for syncronous and asynchronous pi-calculus. Francesco Zappa Nardelli. INRIA Rocquencourt, MOSCOVA research team
Concurrency theory proof-techniques for syncronous and asynchronous pi-calculus Francesco Zappa Nardelli INRIA Rocquencourt, MOSCOVA research team francesco.zappa nardelli@inria.fr together with Frank
More informationPartial model checking via abstract interpretation
Partial model checking via abstract interpretation N. De Francesco, G. Lettieri, L. Martini, G. Vaglini Università di Pisa, Dipartimento di Ingegneria dell Informazione, sez. Informatica, Via Diotisalvi
More informationLet s now begin to formalize our analysis of sequential machines Powerful methods for designing machines for System control Pattern recognition Etc.
Finite State Machines Introduction Let s now begin to formalize our analysis of sequential machines Powerful methods for designing machines for System control Pattern recognition Etc. Such devices form
More informationT Reactive Systems: Temporal Logic LTL
Tik-79.186 Reactive Systems 1 T-79.186 Reactive Systems: Temporal Logic LTL Spring 2005, Lecture 4 January 31, 2005 Tik-79.186 Reactive Systems 2 Temporal Logics Temporal logics are currently the most
More informationChapter 5: Linear Temporal Logic
Chapter 5: Linear Temporal Logic Prof. Ali Movaghar Verification of Reactive Systems Spring 94 Outline We introduce linear temporal logic (LTL), a logical formalism that is suited for specifying LT properties.
More informationThe Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security
The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security Carlos Olarte and Frank D. Valencia INRIA /CNRS and LIX, Ecole Polytechnique Motivation Concurrent
More informationIntroduction to Process Algebra. Based on: Wan Fokkink, Introduction to Process Algebra, Springer-Verlag, 1999.
Introduction to Process Algebra Based on: Wan Fokkink, Introduction to Process Algebra, Springer-Verlag, 1999. Reading list: J. Baeten and P. Weijland, Process Algebra, Cambridge Tracts in Theoretical
More informationMAKING THE UNOBSERVABLE, UNOBSERVABLE.
MAKING THE UNOBSERVABLE, UNOBSERVABLE. 3 PAPERS FROM THE LAST 365 DAYS AVAILABLE TO READ NOW ON YOUR COMPUTER PAWEL SOBOCINSKI AND JULIAN RATHKE GO TO www.ecs.soton.ac.uk/~ps/publications.php Plan of the
More informationMPRI C-2-3: Concurrency (Part 1 of 4)
From Computability to Concurrency Theory Calculus of Comunicating Systems CCS Verification and Specification. Expressiveness Solutions to Exercises. MPRI C-2-3: Concurrency (Part 1 of 4) Frank D. Valencia
More informationTimo Latvala. February 4, 2004
Reactive Systems: Temporal Logic LT L Timo Latvala February 4, 2004 Reactive Systems: Temporal Logic LT L 8-1 Temporal Logics Temporal logics are currently the most widely used specification formalism
More informationDesign and Analysis of Distributed Interacting Systems
Design and Analysis of Distributed Interacting Systems Organization Prof. Dr. Joel Greenyer April 11, 2013 Organization Lecture: Thursdays, 10:15 11:45, F 128 Tutorial: Thursdays, 13:00 13:45, G 323 first
More informationA Behavioral Congruence for Concurrent Constraint Programming with Nondeterministic Choice
A Behavioral Congruence for Concurrent Constraint Programming with Nondeterministic Choice Luis Pino*, Filippo Bonchi** and Frank Valencia* (Presented by: Jorge A. Pe rez) *E quipe Come te, LIX, Laboratoire
More informationTrace semantics: towards a unification of parallel paradigms Stephen Brookes. Department of Computer Science Carnegie Mellon University
Trace semantics: towards a unification of parallel paradigms Stephen Brookes Department of Computer Science Carnegie Mellon University MFCSIT 2002 1 PARALLEL PARADIGMS State-based Shared-memory global
More informationIntroduction to mcrl2
Introduction to mcrl2 Luís S. Barbosa DI-CCTC Universidade do Minho Braga, Portugal May, 2011 mcrl2: A toolset for process algebra mcrl2 provides: a generic process algebra, based on Acp (Bergstra & Klop,
More informationFormal Methods in Software Engineering
Formal Methods in Software Engineering Modeling Prof. Dr. Joel Greenyer October 21, 2014 Organizational Issues Tutorial dates: I will offer two tutorial dates Tuesdays 15:00-16:00 in A310 (before the lecture,
More informationChapter 3: Linear temporal logic
INFOF412 Formal verification of computer systems Chapter 3: Linear temporal logic Mickael Randour Formal Methods and Verification group Computer Science Department, ULB March 2017 1 LTL: a specification
More informationDesign of Distributed Systems Melinda Tóth, Zoltán Horváth
Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052
More informationTimo Latvala. March 7, 2004
Reactive Systems: Safety, Liveness, and Fairness Timo Latvala March 7, 2004 Reactive Systems: Safety, Liveness, and Fairness 14-1 Safety Safety properties are a very useful subclass of specifications.
More informationSMV the Symbolic Model Verifier. Example: the alternating bit protocol. LTL Linear Time temporal Logic
Model Checking (I) SMV the Symbolic Model Verifier Example: the alternating bit protocol LTL Linear Time temporal Logic CTL Fixed Points Correctness Slide 1 SMV - Symbolic Model Verifier SMV - Symbolic
More informationModal and Temporal Logics
Modal and Temporal Logics Colin Stirling School of Informatics University of Edinburgh July 23, 2003 Why modal and temporal logics? 1 Computational System Modal and temporal logics Operational semantics
More informationModels for Concurrency
Models for Concurrency (A revised version of DAIMI PB-429) Glynn Winskel Mogens Nielsen Computer Science Department, Aarhus University, Denmark November 1993 Abstract This is, we believe, the final version
More informationLecture 4 Event Systems
Lecture 4 Event Systems This lecture is based on work done with Mark Bickford. Marktoberdorf Summer School, 2003 Formal Methods One of the major research challenges faced by computer science is providing
More informationThe State Explosion Problem
The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis
More informationIntroduction to Model Checking. Debdeep Mukhopadhyay IIT Madras
Introduction to Model Checking Debdeep Mukhopadhyay IIT Madras How good can you fight bugs? Comprising of three parts Formal Verification techniques consist of three parts: 1. A framework for modeling
More informationEmbedded systems specification and design
Embedded systems specification and design David Kendall David Kendall Embedded systems specification and design 1 / 21 Introduction Finite state machines (FSM) FSMs and Labelled Transition Systems FSMs
More informationModelling Membranes with Brane Calculi
Modelling Membranes with Brane Calculi (and translation of Brane Calculi into CLS) 1/42 Introduction A biological cellular membrane is an closed surface that can perform various molecular functions. Membranes
More informationSemantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr
Semantic Equivalences and the Verification of Infinite-State Systems Richard Mayr Department of Computer Science Albert-Ludwigs-University Freiburg Germany Verification of Infinite-State Systems 1 c 2004
More informationLecture 18: Zero-Knowledge Proofs
COM S 6810 Theory of Computing March 26, 2009 Lecture 18: Zero-Knowledge Proofs Instructor: Rafael Pass Scribe: Igor Gorodezky 1 The formal definition We intuitively defined an interactive proof to be
More information3 Propositional Logic
3 Propositional Logic 3.1 Syntax 3.2 Semantics 3.3 Equivalence and Normal Forms 3.4 Proof Procedures 3.5 Properties Propositional Logic (25th October 2007) 1 3.1 Syntax Definition 3.0 An alphabet Σ consists
More informationSome techniques and results in deciding bisimilarity
Some techniques and results in deciding bisimilarity Petr Jančar Dept of Computer Science Technical University Ostrava (FEI VŠB-TU) Czech Republic www.cs.vsb.cz/jancar Talk at the Verification Seminar,
More informationPropositional Logic: Syntax
Logic Logic is a tool for formalizing reasoning. There are lots of different logics: probabilistic logic: for reasoning about probability temporal logic: for reasoning about time (and programs) epistemic
More informationOn Expressiveness and Behavioural Theory of Attribute-based Communication
On Expressiveness and Behavioural Theory of Attribute-based Communication Rocco De Nicola Joint work with Y. A. Alrahman and M. Loreti Final Meeting CINA Civitanova Marche January 2016 Contents 1 Introduction
More informationMulticore Semantics and Programming
Multicore Semantics and Programming Peter Sewell Tim Harris University of Cambridge Oracle October November, 2015 p. 1 These Lectures Part 1: Multicore Semantics: the concurrency of multiprocessors and
More informationA Modern Mathematical Theory of Co-operating State Machines
201 A Modern Mathematical Theory of Co-operating State Machines Antti Valmari Abstract Valmari, Antti (2005). A Modern Mathematical Theory of Co-operating State Machines In Proceedings of the Algorithmic
More informationEquations, contractions, and unique solutions
Equations, contractions, and unique solutions Davide Sangiorgi To cite this version: Davide Sangiorgi. Equations, contractions, and unique solutions. POPL 2015 - Proceedings of the 42nd Annual ACM SIGPLAN-SIGACT
More informationAgreement. Today. l Coordination and agreement in group communication. l Consensus
Agreement Today l Coordination and agreement in group communication l Consensus Events and process states " A distributed system a collection P of N singlethreaded processes w/o shared memory Each process
More informationThe π-calculus Semantics. Equivalence and Value-Passing. Infinite Sums 4/12/2004
The π-calculus Semantics Overview ate and early semantics Bisimulation and congruence Variations of the calculus eferences obin Milner, Communicating and Mobil Systems Davide Sangiorgi and David Walker,
More informationTrace and Testing Equivalence on Asynchronous Processes 1
Information and Computation 172, 139 164 (2002) doi:10.1006/inco.2001.3080, available online at http://www.idealibrary.com on Trace and Testing Equivalence on Asynchronous Processes 1 Michele Boreale,
More informationLecture Notes on Inductive Definitions
Lecture Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 September 2, 2004 These supplementary notes review the notion of an inductive definition and
More informationLogical Time. 1. Introduction 2. Clock and Events 3. Logical (Lamport) Clocks 4. Vector Clocks 5. Efficient Implementation
Logical Time Nicola Dragoni Embedded Systems Engineering DTU Compute 1. Introduction 2. Clock and Events 3. Logical (Lamport) Clocks 4. Vector Clocks 5. Efficient Implementation 2013 ACM Turing Award:
More informationProbabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford
Probabilistic Model Checking Michaelmas Term 2011 Dr. Dave Parker Department of Computer Science University of Oxford Overview Temporal logic Non-probabilistic temporal logic CTL Probabilistic temporal
More informationAlgebraic Trace Theory
Algebraic Trace Theory EE249 Roberto Passerone Material from: Jerry R. Burch, Trace Theory for Automatic Verification of Real-Time Concurrent Systems, PhD thesis, CMU, August 1992 October 21, 2002 ee249
More informationA Weak Bisimulation for Weighted Automata
Weak Bisimulation for Weighted utomata Peter Kemper College of William and Mary Weighted utomata and Semirings here focus on commutative & idempotent semirings Weak Bisimulation Composition operators Congruence
More informationAutomatic Synthesis of Distributed Protocols
Automatic Synthesis of Distributed Protocols Rajeev Alur Stavros Tripakis 1 Introduction Protocols for coordination among concurrent processes are an essential component of modern multiprocessor and distributed
More informationExpressiveness of Timed Events and Timed Languages
Expressiveness of Timed Events and Timed Languages Diletta R. Cacciagrano and Flavio Corradini Università di Camerino, Dipartimento di Matematica e Informatica, Camerino, 62032, Italy, {diletta.cacciagrano,
More informationStructure Preserving Bisimilarity,
Structure Preserving Bisimilarity, Supporting an Operational Petri Net Semantics of CCSP Rob van Glabbeek NICTA, Sydney, Australia University of New South Wales, Sydney, Australia September 2015 Milner:
More informationDistributed Systems Principles and Paradigms. Chapter 06: Synchronization
Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer Science Room R4.20, steen@cs.vu.nl Chapter 06: Synchronization Version: November 16, 2009 2 / 39 Contents Chapter
More informationSection 1.1 Propositions
Set Theory & Logic Section 1.1 Propositions Fall, 2009 Section 1.1 Propositions In Chapter 1, our main goals are to prove sentences about numbers, equations or functions and to write the proofs. Definition.
More informationAlan Bundy. Automated Reasoning LTL Model Checking
Automated Reasoning LTL Model Checking Alan Bundy Lecture 9, page 1 Introduction So far we have looked at theorem proving Powerful, especially where good sets of rewrite rules or decision procedures have
More informationAlgebraic Trace Theory
Algebraic Trace Theory EE249 Presented by Roberto Passerone Material from: Jerry R. Burch, Trace Theory for Automatic Verification of Real-Time Concurrent Systems, PhD thesis, CMU, August 1992 October
More informationClojure Concurrency Constructs, Part Two. CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014
Clojure Concurrency Constructs, Part Two CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014 1 Goals Cover the material presented in Chapter 4, of our concurrency textbook In particular,
More informationLinear Temporal Logic (LTL)
Chapter 9 Linear Temporal Logic (LTL) This chapter introduces the Linear Temporal Logic (LTL) to reason about state properties of Labelled Transition Systems defined in the previous chapter. We will first
More informationLecture Notes on Ordered Proofs as Concurrent Programs
Lecture Notes on Ordered Proofs as Concurrent Programs 15-317: Constructive Logic Frank Pfenning Lecture 24 November 30, 2017 1 Introduction In this lecture we begin with a summary of the correspondence
More informationMAD. Models & Algorithms for Distributed systems -- 2/5 -- download slides at
MAD Models & Algorithms for Distributed systems -- /5 -- download slides at http://people.rennes.inria.fr/eric.fabre/ 1 Today Runs/executions of a distributed system are partial orders of events We introduce
More informationLecture Notes on Emptiness Checking, LTL Büchi Automata
15-414: Bug Catching: Automated Program Verification Lecture Notes on Emptiness Checking, LTL Büchi Automata Matt Fredrikson André Platzer Carnegie Mellon University Lecture 18 1 Introduction We ve seen
More informationUnifying Theories of Programming
1&2 Unifying Theories of Programming Unifying Theories of Programming 3&4 Theories Unifying Theories of Programming designs predicates relations reactive CSP processes Jim Woodcock University of York May
More informationProof Techniques (Review of Math 271)
Chapter 2 Proof Techniques (Review of Math 271) 2.1 Overview This chapter reviews proof techniques that were probably introduced in Math 271 and that may also have been used in a different way in Phil
More informationTime and Fairness in a Process Algebra with Non-Blocking Reading. F. Corradini, M.R. Di Berardini, W. Vogler. Report July 2008
à ÊÇÅÍÆ ËÀǼ Universität Augsburg Time and Fairness in a Process Algebra with Non-Blocking Reading F. Corradini, M.R. Di Berardini, W. Vogler Report 2008-3 July 2008 Institut für Informatik D-8635 Augsburg
More informationBringing class diagrams to life
Bringing class diagrams to life Luis S. Barbosa & Sun Meng DI-CCTC, Minho University, Braga & CWI, Amsterdam UML & FM Workshop 2009 Rio de Janeiro 8 December, 2009 Formal Methods proofs problems structures
More informationFORMAL METHODS LECTURE III: LINEAR TEMPORAL LOGIC
Alessandro Artale (FM First Semester 2007/2008) p. 1/39 FORMAL METHODS LECTURE III: LINEAR TEMPORAL LOGIC Alessandro Artale Faculty of Computer Science Free University of Bolzano artale@inf.unibz.it http://www.inf.unibz.it/
More informationTheoretical Foundations of the UML
Theoretical Foundations of the UML Lecture 17+18: A Logic for MSCs Joost-Pieter Katoen Lehrstuhl für Informatik 2 Software Modeling and Verification Group moves.rwth-aachen.de/teaching/ws-1718/fuml/ 5.
More informationTESTING is one of the most important parts of the
IEEE TRANSACTIONS 1 Generating Complete Controllable Test Suites for Distributed Testing Robert M. Hierons, Senior Member, IEEE Abstract A test suite is m-complete for finite state machine (FSM) M if it
More informationSafety and Liveness Properties
Safety and Liveness Properties Lecture #6 of Model Checking Joost-Pieter Katoen Lehrstuhl 2: Software Modeling and Verification E-mail: katoen@cs.rwth-aachen.de November 5, 2008 c JPK Overview Lecture
More informationcis32-ai lecture # 18 mon-3-apr-2006
cis32-ai lecture # 18 mon-3-apr-2006 today s topics: propositional logic cis32-spring2006-sklar-lec18 1 Introduction Weak (search-based) problem-solving does not scale to real problems. To succeed, problem
More informationPetri nets. s 1 s 2. s 3 s 4. directed arcs.
Petri nets Petri nets Petri nets are a basic model of parallel and distributed systems (named after Carl Adam Petri). The basic idea is to describe state changes in a system with transitions. @ @R s 1
More informationConsistent Global States of Distributed Systems: Fundamental Concepts and Mechanisms. CS 249 Project Fall 2005 Wing Wong
Consistent Global States of Distributed Systems: Fundamental Concepts and Mechanisms CS 249 Project Fall 2005 Wing Wong Outline Introduction Asynchronous distributed systems, distributed computations,
More informationESE601: Hybrid Systems. Introduction to verification
ESE601: Hybrid Systems Introduction to verification Spring 2006 Suggested reading material Papers (R14) - (R16) on the website. The book Model checking by Clarke, Grumberg and Peled. What is verification?
More informationAutomata-theoretic analysis of hybrid systems
Automata-theoretic analysis of hybrid systems Madhavan Mukund SPIC Mathematical Institute 92, G N Chetty Road Chennai 600 017, India Email: madhavan@smi.ernet.in URL: http://www.smi.ernet.in/~madhavan
More informationModel Checking of Systems Employing Commutative Functions
Model Checking of Systems Employing Commutative Functions A. Prasad Sistla, Min Zhou, and Xiaodong Wang University of Illinois at Chicago Abstract. The paper presents methods for model checking a class
More informationHerbrand Theorem, Equality, and Compactness
CSC 438F/2404F Notes (S. Cook and T. Pitassi) Fall, 2014 Herbrand Theorem, Equality, and Compactness The Herbrand Theorem We now consider a complete method for proving the unsatisfiability of sets of first-order
More informationReasoning about Time and Reliability
Reasoning about Time and Reliability Probabilistic CTL model checking Daniel Bruns Institut für theoretische Informatik Universität Karlsruhe 13. Juli 2007 Seminar Theorie und Anwendung von Model Checking
More informationFirst-order resolution for CTL
First-order resolution for Lan Zhang, Ullrich Hustadt and Clare Dixon Department of Computer Science, University of Liverpool Liverpool, L69 3BX, UK {Lan.Zhang, U.Hustadt, CLDixon}@liverpool.ac.uk Abstract
More informationBounded Stacks, Bags and Queues
Bounded Stacks, Bags and Queues J.C.M. Baeten 1 and J.A. Bergstra 2,3 1 Department of Mathematics and Computing Science, Eindhoven University of Technology, P.O. Box 513, NL-5600 MB Eindhoven, The Netherlands,
More informationStrong bisimilarity can be opened
Strong bisimilarity can be opened Henning E. Andersen Hans Hüttel Karina N. Jensen June 7, 2002 Abstract We present an extension of the semantics of the π-calculus without match where strong bisimilarity
More informationMATH1050 Greatest/least element, upper/lower bound
MATH1050 Greatest/ element, upper/lower bound 1 Definition Let S be a subset of R x λ (a) Let λ S λ is said to be a element of S if, for any x S, x λ (b) S is said to have a element if there exists some
More informationCS411 Notes 3 Induction and Recursion
CS411 Notes 3 Induction and Recursion A. Demers 5 Feb 2001 These notes present inductive techniques for defining sets and subsets, for defining functions over sets, and for proving that a property holds
More informationSelf-Adaptation and Information Flow in Multiparty Communications
Self-Adaptation and Information Flow in Multiparty Communications Joint work with Ilaria Castellani (INRIA, FR) Jorge A. Pérez (University of Groningen, NL) ABCD meeting London, 20th April, 2015 1 / 36
More informationChapter 1: The Logic of Compound Statements. January 7, 2008
Chapter 1: The Logic of Compound Statements January 7, 2008 Outline 1 1.1 Logical Form and Logical Equivalence 2 1.2 Conditional Statements 3 1.3 Valid and Invalid Arguments Central notion of deductive
More informationFormal Methods for Java
Formal Methods for Java Lecture 20: Sequent Calculus Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg January 15, 2013 Jochen Hoenicke (Software Engineering) Formal Methods for Java
More informationDistributed Systems Principles and Paradigms
Distributed Systems Principles and Paradigms Chapter 6 (version April 7, 28) Maarten van Steen Vrije Universiteit Amsterdam, Faculty of Science Dept. Mathematics and Computer Science Room R4.2. Tel: (2)
More informationIntroduction to Turing Machines. Reading: Chapters 8 & 9
Introduction to Turing Machines Reading: Chapters 8 & 9 1 Turing Machines (TM) Generalize the class of CFLs: Recursively Enumerable Languages Recursive Languages Context-Free Languages Regular Languages
More information