2 Concurrency Theory WS 2013/2014 Chair for Software Modeling and Verification Rheinisch-Westfälische Technische Hochschule Aachen Prof. Dr. Ir. Joost-Pieter Katoen apl. Prof. Dr. Thomas Noll S. Chakraorty, B. Kaminski, H. Wu Concurrency Theory WS 2013/2014 2nd Exam First Name: Second Name: Degree Programme (please mark): CS Bachelor CS Master CS Lehramt SSE Master Other: General Information: Mark every sheet with your matriculation numer. Check that your copy of the exam consists of 12 sheets (24 pages). Duration of exam: 120 minutes. No helping materials (e.g. ooks, notes, slides) are permitted. Give your solution on the respective sheet. Also use the ackside if necessary. If you need more paper, ask the assistants. Write with lue or lack ink; do not use a pencil or red ink. Make sure all electronic devices are switched off and are nowhere near you. Any attempt at deception leads to failure for this exam, even if it is detected only later. Σ Points Task 1 16 Task 2 27 Task 3 22 Task 4 21 Task 5 23 Task 6 11 Σ 120 Points otained
Task 1 (Modeling with Value Passing CCS) (11+5 Points) In this task, you are requested to model a technique called Triple-Modular Redundancy (TMR) with error detection for fault tolerance in distriuted systems in value-passing CCS. The overview of the system is provided in following diagram. In TMR, to increase the reliaility three copies of system (called components) are used. Three input value copies are sent to each component y using a splitter (S) respectively; the voter then accepts the results from each of the component and outputs the majority value. In our case, one component consists of a module (M i ) and a detector (D i ) (1 i 3). A functional module normally will get and pass the same value to D i (via mo i ) as from what it gets, ut if a fault occurs, differing values will e passed. The detector will first record the value and pass the value to voter (via do i ), then later compare this value with the feedack value from the voter (via vo i ) to determine a fault situation. Here, we assume the set V al of input values is given y V al = {0, 1}, and only one of the three modular can e faulty and the splitter, voter and detectors work always errorless. Additional information: In the diagram, the action name in ( ) means it is an internal synchronization action, otherwise it is a external action. M1 (mi1) fault1 detect1 (do1) (vo1) in M2 D2 V out S (mi3) (mi2) (vo2) fault2 detect2 (do3) (vo3) (mo3) M3 (mo1) (mo2) D1 D3 (do2) fault3 detect3 (a) Model this system using value-passing CCS! You should reuse the component definition (with index) when it is possile. 2
3
() Now we add a new operator called hide with respect to an action set H in CCS language, which is defined y following SOS rule: a (hide P P 1 ) (a H H) hide H P a hide H P a (hide P P 2 ) (a H H) hide H P τ hide H P Informally speaking, this operator can turn all the actions in H into τ. Let Cycler 1 = fault 1.detect 1.Cycler 1 and let T MR e your modelled system. Argue why your system satisfies the verification condition that hide {in, out, fault 2, detect 2, fault 3, detect 3 } T MR Cycler 1 which states that if a fault occurs in M 1, D 1 should always detect this fault. 4
5
Task 2 (Laeled Transition Systems) (14+7+6 Points) (a) Consider the following CCS process definition: A = ( (B C) + D ) \ {com} B = a.com.b +.nil C = D + E D = com.d E =.C Derive all legal outgoing transitions A α A y giving their derivation tree! (act) a.com.b a com.b a (sum1) a.com.b +.nil com.b (call) B a com.b (par1) B C a com.b C (sum1) (B C) + D a com.b C ( ) a (res) (B C) + D \ {com} (com C) \ {com} (call) A a (com.b C) \ {com} (act).nil nil (sum2) a.com.b +.nil com.b (call) B com.b (par1) B C com.b C (sum1) (B C) + D com.b C ( ) (res) (B C) + D \ {com} (com C) \ {com} (call) A (com.b C) \ {com} (act).c C (call) E C (sum2) D + E C (call) C C (par2) B C B C (sum1) (B C) + D B C ( ) (res) (B C) + D \ {com} (B C) \ {com} (call) A (B C) \ {com} 6
7
() Reconsider the CCS process definition from Task 2 (a): A = ( (B C) + D ) \ {com} B = a.com.b +.nil C = D + E D = com.d E =.C Draw LTS(A) and lael the nodes with the corresponding CCS processes! A a a (com.b C) \ {com} (B C) \ {com} (nil C) \ {com} τ (B D) \ {com} (nil D) \ {com} a τ (com.b D) \ {com} 8
(c) Give the trace language Tr ( (B D) \ {com} ) of process (B D) \ {com}! Pref ( (aτ) ) = ( a(τa) + (aτ) ( + ε) ) 9
Task 3 (HML and Bisimulation) (15+7 Points) Given are the following three CCS processes: A =.B + a.c + a.d.c D = a.d.e + a.f +.G + a.i J = a.l +.K + a.m B = a.a + a.d.c E =.H + c.d.e K = a.o + a.n C =.A + c.d.c F =.D + c.d.f L = d.m G = a.d.e + a.h H =.G + a.d.f + a.e I = c.d.e +.D M =.J + c.n N = d.m O = a.l + a.m (a) Draw the LTSs for A, D, and J respectively. Prove or disprove A D, A J and D J. For proving or disproving that two processes are strongly isimilar, you can use the game characterization of isimilarity. For disproving you may provide an HML formula which is satisfied y one process ut not y the other. 10
11
() Express the property that actions a and occur in alternation in HML+Recursion! Note that this does not imply that a and are strictly followed y each other (i.e. etween any two occurrences of a a occurs and vice versa, ut etween an a and a the other symols c and d may occur). Check whether process A satisfies the property or not! 12
13
Task 4 (Preservation of Strong Bisimilarity) (6+15 Points) (a) Let synhide L ( ), where L is a set of actions, e a unary CCS operator with the following semantics: (synhide) P α P β L: P β.p synhide L (P ) α synhide L (P ) Prove or disprove: synhide L ( ) preserves strong isimilarity, i.e. for any two strongly isimilar processes S T it holds that synhide L (S) synhide L (T ). synhide L ( ) does not preserve strong isimilarity. For that, consider the two (clearly isimilar) processes nil.nil and.nil. Applying synhide {} ( ) to oth processes yields on one hand the process synhide {} (nil.nil) which can make a transition to synhide {} (nil nil) and on the other hand the process synhide {} (.nil) which cannot mimic this transition. Hence the two processes synhide {} (nil.nil) and synhide {} (.nil) are not isimilar and thus synhide L ( ) does not preserve isimilarity. 14
15
() Let e a inary CCS operator with the following semantics: (dag1) P (dag2) P α Q α Q P Q α Q α P Q α P Q α P (dag3) P α P Q α Q P Q α P Q Prove or disprove: preserves strong isimilarity, i.e. for any two strongly isimilar processes S T and any other process R it holds that S R is strongly isimilar to T R (and you may omit in your proof the analogous case for R S is strongly isimilar to R T ). Let S T e two strongly isimilar processes. We define a new relation B = { (U R, V R) R Prc, S T } and prove that B is a strong isimulation on S R and T R for any process R: = S T [ ] S α S = T : T α T S T [ ] T α T = S : S α S S T (Def.) α Case 1: R : = = [ S R [ T R [ S R [ T R = S R B T R α Case 2: R R : [ = S R = [ S R [ T R [ T R = S R B T R ] α S = T : T R α T S T ] α T = S : S R α S S T ] α S = T : T R α T S B T ] α T = S : S R α S S B T ] α S R = T : T R α T R S T ] α T R = S : S R α S R S T ] α S = T : T R α T S R B T R ] α T = S : S R α S S R B R T (dag2 rule) ( B) (dag3 rule) (Def. B) 16
17
Task 5 (From Modified CCS to Petri Nets) (8+8+7 Points) In the lecture, we have introduce an occurrence net (Petri net) semantics for CCS processes. Now we modify the parallel composition operation to a new operator ( A ) w.r.t to an action set A. Informally speaking, this operator requests a forced synchronization on an action etween two processes if the action elongs to the set A. The formal SOS rules for this operator are as follows: (Syn) P a P Q a Q P A Q a P A Q a A a P P a A (Par 1 ) P A Q a P A Q a Q Q a A (Par 2 ) (a A) P A Q a P A Q (a) Give the occurrence net semantics for the process P! P = x.a.p + y.a.q Q = z.a.q 18
19
() Formally define the occurrence net semantics for the operator A and give the occurrence net semantics for P {a} Q ased on your definition! Note that, since the occurrence net is infinite, you should stop as soon as some part in the occurrence net repeats. 20
21
(c) Compute the McMillan prefix of the resulting occurrence net from (). 22
23
Task 6 (Petri net Acceptale Languages) (11 Points) Let Σ e a finite alphaet and let N = (P, T, F, M 0, λ) e a laelled Petri net in which all transitions in T are laelled y a laeling function λ: T Σ. Then the trace language Tr(N) of N is defined as the following set: { w = λ(a 1 ) λ(a k ) M 0 a 1 M1 a 1 a k Mk is a complete sequential run of N A language L Σ is called Petri net recognizale, if there exists a laelled Petri net N such that Tr(N) = L. Provide an exact description of the language that is recognized y the following Petri net! Your description shall not make any reference ack to the Petri net itself! }. c a a { w1 c w 2 w1, w 2 {a, }, w 1 w 2 a = w 1 w 2, w 1 a w 2, w 1 w 2 a } 24