emp o - polytechniquefvalenci/papers/cambridge-slides.pdf · A Calculus fo r T emp o ral CCP Camb...
-
Upload
hoangtuyen -
Category
Documents
-
view
212 -
download
0
Transcript of emp o - polytechniquefvalenci/papers/cambridge-slides.pdf · A Calculus fo r T emp o ral CCP Camb...
TemporalCCP
andTimedSystems.
MogensNielsenCatusciaPalamidessi �FrankD.Valencia
BRICS,UniversityofAarhus
�PennStateUniversity
March,2000
Speaker:FrankD.Valencia
ACalculusforTemporalCCP
Cambridge.March,2002
Motivation
ACCPcalculusformodellingtimedsystems.
.TimedSystemsinvolve:
.constraintsspecifyingbehavior
.partialinformation
.speci�cdomainsapplications
.and
CCPusedfor
.specifyingconcurrencyviaconstraints
.manipulatingpartialinformation
.de�ningdomainspeci�cprogramminglanguages.
1
ACalculusforTemporalCCP
Cambridge.March,2002
A
TypicalCCP
Scenario
(temperature>20)!
(temperature=30)?:P
&
%
M
E
D
IU
M
%
(Store)
&
(temperature<40)!
(temperature<50)?:Q
�PartialInformation(e.g.temperatureissomeunknownvalue>20).
�ConcurrentExecutionofProcesses.
�SynchronizationviaBlocking-Ask.
2
ACalculusforTemporalCCP
Cambridge.March,2002
RepresentingPartialInformation
De�nition.
Aconstraintsystem
consistsofasignature�and�rst-order
theory�over�.
�Constraintsa;b;c;::::formulaeover�.
�Relation`�:decidableentailmentrelationbetweenconstraints.
�C:setofconstraintsunderconsideration.
3
ACalculusforTemporalCCP
Cambridge.March,2002
SubjectofthisTalk:ntcc
.tcc(Gupta,Jagadeesan,Saraswat94):Adeterministicmodelfor
programmingreactivesystemsbasedontheSynchronousLanguages.
.ntcc:Atccextensionformodellingpotentiallynon-deterministicandasyn-
chronoustimedsystems.
Agenda:
.Systemsunderconsideration.
.Syntaxandintuitivebehavior.
.OperationalSemantics.
.LogicandProofSystem.
.Applications.
.Behavioralequivalencesandtheirdecidability.
4
ACalculusforTemporalCCP
Cambridge.March,2002
SystemsthatConcernus
a1
a01
a2
a02
a3
a03
P1
P2
P3
�Stimulusai:inputinformationforPi.
�Responsea0i :outputinformationofPi.
�Stimulus-Responseduration:timeinterval(ortimeunit).
Examples:ProgrammableLogicControllers(PLC's)andLEGORCXbricks.
5
ACalculusforTemporalCCP
Cambridge.March,2002
Syntax:BasictccProcesses
Processes
Description
Actionwithinthetimeinterval
�tell(c)
tellinginformation
addctothestore
�w
hen
cdoP
askinginformation
whencinthestoreexecuteP
�localxin
P
hiding
executePwithlocalx
�nextP
unit-delay
delayPonetimeunit.
�unlesscnextP
time-out
unlesscnowinthestoredoPnext
�PkQ
synch.parallelism
executePandQ
6
ACalculusforTemporalCCP
Cambridge.March,2002
NtccAdditionalBasicProcesses
�NonDeterministicBehavior:P
i2Iw
hencidoPi
GuardedChoice.
�AsynchronousBehavior:?P
Unboundedbut�nitedelayofP
�In�niteBehavior:!P
UnboundelymanycopiesofP,oneatatime:PknextPknext2Pk:::7
ACalculusforTemporalCCP
Cambridge.March,2002
SomeDerivedConstructs
�Inactivity:
skip
def
=P
i2;Pi
P
kskip
=P.
�Abortion:abortdef
=!(tell(false))
P
kabort=abort.
�FairAsynch.Parallel:PjQ
def
=
(?PkQ)+(Pk?Q)
PjQ=QjPandPj(QjR)=(PjQ)jR:
IsPjabort=abort??
�Bounded!and?:!I Pdef
=Q
i2InextiP
and
?I P
def
=P
i2InextiP
8
ACalculusforTemporalCCP
Cambridge.March,2002
PowerSaverExample
.Apowersaver:
!(unless(lights=o�)next
?tell(lights=o�))
.Are�nedpowersaver:
!(unless(lights=o�)next
?[0;60]tell(lights=o�))
.Amorere�nedone;deterministicpowersaver:
!(unless(lights=o�)nexttell(lights=o�))
9
ACalculusforTemporalCCP
Cambridge.March,2002
MachineExamples
.Motordoomedtomalfunction:
P=
?!tell(malfunction(motor))
.SafetyCheck:
Q=!(w
henmalfunction(motor)dotell(motorspeed=0))
.EventualMotorInactivity:
P
kQ
10
ACalculusforTemporalCCP
Cambridge.March,2002
Road-Map1
Wehaveseen:
�Constructsareparameterizedbyaconstraintsystem.
�Basicconstructsprovide:(1)tellingandasking,(2)non-determinism,(3)
parallelism,(4)hiding,(5)unitdelays,(6)time-outs,(7)asynchronyand(8)
in�nitebehavior.
�SomeDerivedConstructsprovide:(1)inactivity,(2)abortion,(3)asynchronous
parallelism,(4)boundedasynchronyandinvariance.
ComingUp:
�OperationalSemanticsandProcessObservations.
�LogicandProofSystem.
11
ACalculusforTemporalCCP
Cambridge.March,2002
OperationalSemantics
.
InternalTransitions:
RThtell(c);ai
�!
hskip;a^ci
RG
a`cj
Pi2IwhencidoPi ;a ��!
hPj ;ai
RB
h!P;ai�!
hP
knext!P;ai
RSh?P;ai�!
hnextnP;ai
(n�0)
.
ObservableTransition
RO
hP;ai�!�
Q;a0 �6�!
P
(a;a0)
====)
F(Q)::=
8>>><>>>:Q0
ifQ
=
nextQ0
Q0
ifQ
=
unless(c)nextQ0
F(Q1)kF(Q2)
ifQ
=
Q1kQ2
localxinF(Q0)
ifQ
=
localxinQ0
skip
otherwise
12
ACalculusforTemporalCCP
Cambridge.March,2002
ObservationstoMakeofProcesses
.Stimulus-responseinteraction
P=P1
(c1;c01)
====)
P2
(c2;c02)
====)
P3
(c3;c03)
====)
:::
denotedbyP
(�;�0)
====)!
with�=c1 :c2:::and�0=c01 :c02:::
.Input-OutputBehavior:
io(P)=f(�;�0)jP
(�;�0)
====)!g
.Language:
L(P)=f�0jP
(true!;�0)
====)!g
.StrongestPostcondition:
sp(P)=f�0jP
(;�0)
====)!g
13
ACalculusforTemporalCCP
Cambridge.March,2002
A
LogicàlaPnueliforntcc
Syntax.A:=cjA^Aj:Aj9xAjÆ
Aj}Aj�A
Semantics.Say�j=Ai�h�;1ij=Awhere
h�;iij=c
i�
�(i)`c
h�;iij=:A
i�
h�;ii6j=A
h�;iij=A1^A2
i�
h�;iij=A1andh�;iij=A2
h�;iij=Æ
A
i�
h�;i+1ij=A
h�;iij=�A
i�
forallj�ih�;jij=A
h�;iij=}A
i�
thereexistsj�is.t.h�;jij=A
h�;iij=9xA
i�
thereis�0x�variantof�s.t.h�0;iij=A:
Collectionofallmodels:[[A]]=f�j�j=Ag
Satisfaction:Pj=Ai�sp(P)�[[A]](i.e.,alloutputsofPsatisfyA)
14
A Calculus for Temporal CCP Cambridge. March, 2002
Proof System for P j= A
P ` A Q ` BP k Q ` A ^B
(par)
P ` Alocal x inP ` 9xA
(hide)
P ` AnextP ` ÆA
(next)
P ` A!P ` �A
(rep)
P ` A?P ` }A
(star)
tell(c) ` c (tell)
8i 2 I Pi ` AiPi2Iwhen ci do Pi `
Wi2I(ci ^Ai) _
Vi2I :ci
(sum)
P ` A A) BP ` B
(rel)
15
ACalculusforTemporalCCP
Cambridge.March,2002
RelativeCompleteness
De�nition.
Pisalocally-independentchoiceprocessi�foreach
Xi2Iw
hen
cido
Qi
inP;theci 'sdonotdependonthelocalvariablesofP.
Theorem.
(Completeness)ForeveryP;A
.P`A
impliesPj=Aand
.Pj=A
impliesP
`A,ifPislocally-independentchoice.
16
ACalculusforTemporalCCP
Cambridge.March,2002
DenotationalSemantics
[[tell(a)]]=
fc��2C!
:
c`a;g
[[P
kQ]]=
[[P]]\[[Q]]
[[!P]]=
f�
:
forall�2C�;�02C!
:
�=
�:�0implies�02[[P]]g
[[?P]]=
f�:�
:
�2C�;�2[[P]]g
[[ Pi2Iwhen(ai)doPi]]=
Si2I fc��
:
c`aiandc��2[[Pi]])[
( Ti2I fc��
:
c6`ai;�2C!g)
.Theorem.sp(P)�[[P]]and,ifPisalocally-independent,sp(P)=[[P]]
Theorem.io(P)=f(�;�0)j�0=m
in([[P]]\"�)gifPisdeterministic.
17
ACalculusforTemporalCCP
Cambridge.March,2002
Applications:Cells
.Cellx:(v)=�cellxwithcontentsv�.
.Exchangeexchf(x;y)=�y
x;x
f(x)�.
:(z)
def
=
tell(x=z)kunlesschange(x)nextx:(z)
xchf(x;y)
def
=
Pvw
hen
(x=v)do
(
tell(change(x))
ktell(change(y))
k
next(x:f(v)
k
y:(v)))
Proposition.
exchf(x;y)`(x=v))
Æ
(x=f(v)^y=v).
Example.x:(3)ky:(5)kexch7 (x;y)
:
====)
x:(7)ky:(3).
18
A Calculus for Temporal CCP Cambridge. March, 2002
Applications: LEGO Zigzagging
Speci�cation. Go forward (f), right (r) or left (l) but
DO NOT go:
. f if preceding action was f,
. r if second-to-last action was r, and
. l if second-to-last action was l.
GoForwarddef= fexch(act1 ; act2 ) k tell(forward)
GoRightdef= rexch(act1 ; act2 ) k tell(right)
GoLeftdef= lexch(act1 ; act2 ) k tell(left)
Zigzagdef= ( when (act1 6= f)do GoForward
+ when (act2 6= r)do GoRight
+ when (act2 6= l)do GoLeft )k nextZigzag
StartZigzagdef= act1: (0) k act2: (0) k Zigzag
Proposition. StartZigzag ` �(}right ^ }left)
19
ACalculusforTemporalCCP
Cambridge.March,2002
Road-Map2
Wehaveseen:
�OperationalSemantics.
�LogicandProofSystem.
�Examples.
ComingUp:
�BehavioralEquivalences.
�Undecidability/DecidabilityResults.
20
ACalculusforTemporalCCP
Cambridge.March,2002
BehavioralEquivalences
De�nition.
P�ioQi�io(P)=io(Q)andP�L
Qi�L(P)=L(Q).
Butneither�ionor�L
arecongruences.Let�ioand�L
bethecorresponding
congruences.
Theorem.
�io=�L��io��L.
Theorem.
Onecane�ectivelyconstructcontextsUS[:],S�fin
C,s.t.,
-(UniversalContext)P
�L
Q
i�
UC[P]�L
UC[Q]for�niteC.
-(SpecializedContext)P�L
Q
i�
UC(P;Q)[P]�L
UC(P;Q)[Q].
21
ACalculusforTemporalCCP
Cambridge.March,2002
BehavioralEquivalence:Decidability.
De�nition.
P
islocally-deterministici�all(non-unary,non-empty)
summationsinPoccuroutsideofthelocalconstructsinP.
Theorem.
Givenalocally-deterministicP
onecane�ectivelyconstructa
BüchiautomatonBP
thatrecognizesthelanguageofP.
Corollary.
Languageequivalence�L,languagecongruence�L
andinput-
outputcongruence�ioaredecidableforlocally-deterministicprocesses.
22
ACalculusforTemporalCCP
Cambridge.March,2002
VariantsandtheirExpressivePower
Locally-independent
ntcc
with
the
following
alternatives
for
in�nitebehaviour(guardedrecursion):
�ntcc[Rec]
Rec.de�nitionsA(x1 ;:::;xn)def
=Pwithfv(P)�fx1 ;:::;xng.
�ntcc[Rec,IdenticalParameters]
AsabovebuteverycallofAinPisoftheformA(x1 ;:::;xn).
�ntcc[Rec,NoParameters,Dyn.Scoping]
Rec.de�nitionsAdef
=PwithDynamicScoping
�ntcc[Rec,NoParameters,StaticScoping]
Rec.de�nitionsAdef
=PwithStaticScoping.
23
A Calculus for Temporal CCP Cambridge. March, 2002
Variants and their Expressive Power
(PCP)
(Buchi Autom.)ntcc[Rec, Ident. Par.]
UNDECIDABLE
DECIDABLEntcc[Rec,No Par, Static Scope]
ntcc[Replication]
ntcc[Rec, No Par., Dyn. Scope]ntcc[Rec]
24
ACalculusforTemporalCCP
Cambridge.March,2002
RemarksandFutureWork
Wehavepresented
.ntcc;acalculusfordiscretetimedsystems.
.Alinear-timelogicandproofsystemforntcc.
.Examplesillustratingtheapplicabilityofthecalculus.
.Equivalencesanddecidability/undecidabilityresultsforvariantsofntcc.
CurrentandFutureWork
.Decidability/undecidabilityresultsforthefullcalculus.
.Strongpre-emption.
.Branchingtemporallogicforthecalculus.
.Probabilisticextensionofntcc.
.ProgramminglanguageforRCXcontrollersbasedonntcc.
25
ACalculusforTemporalCCP
Cambridge.March,2002
StructuralCongruence
�(Proc=�;kskip)isasymmetricmonoid
�P�Qby��conversion
�nextskip
�skip,next(PkQ)�nextPknextQ
�localxin
skip
�skip,localx;yin
P�localy;xin
P
�localxin
nextP�nextlocalxin
P
�localxin
(PkQ)�Pklocalxin
Qifx62fv(P)
26
ACalculusforTemporalCCP
Cambridge.March,2002
Applications:Value-PassingCommunication
.Writex"(v)��writev2D
om
inchannelx�.
.Readx#(y):P��readvalueinxifany,nameity,anduseitinP�
.E.g.!(?[0;1] (x#(y):P):�checkveryoftenformessagesinx�..
SendAsynx (y)
def
=
?x"[y]
WaitingQ;x
def
=
localstopin
(x#[y]:(Qktell(stop=1))
kunlessstop=1nextWaitingQ;x ):
Proposition.
SupposeQ`B.Foreveryv2D
om
,
SendAsynx (v)kWaitingQ;x`}B[v=y]
27
ACalculusforTemporalCCP
Cambridge.March,2002
StrongestFormulaSatis�edforaProcess.
Letsf:Proc!
Abede�nedas
sf(tell(c))
=
c
sf( Pi2Iw
hen(ci )doPi )
=
�Wi2Ici^sf(Pi ) �_
Vi2I:ci
sf(PkQ)
=
sf(P)^sf(Q)
sf(localxP)
=
9xsf(P)
sf(nextP)
=
Æ
sf(P)
sf(!P)
=
�
sf(P)
sf(?P)
=
}sf(P)
.Theorem.
P`Ai�sf(P))
A
28
ACalculusforTemporalCCP
Cambridge.March,2002
BehavioralEquivalence
De�nition.
P�ioQi�io(P)=io(Q)andP�L
Qi�L(P)=L(Q).
Unfortunately,neither�io
or�L
arecongruences.Let�io
and�L
bethe
correspondingcongruences.
P
=
w
hen
truedotell(a)+
w
hen
(b)dotell(c)
Q
=
w
hen
truedotell(a)+
w
hen
(b)dotell(c)
+w
hen
truedo(tell(a)kw
hen
(b)dotell(c))
andR=w
hen
adotell(b).
Theorem.
�io =�L��io ��L.
29
ACalculusforTemporalCCP
Cambridge.March,2002
BehavioralEquivalence:DistinguishingContexts.
De�nition.
ThedistinguishingcontextwrtS��nC,US[:],isde�nedas
!(X�
2ic(S)tell(tr�)kT�)
whereTc:�
=tell(c)kW�
andWc:�
=w
hen
cdo
T�.
Theorem.
P
�L
Q
ifandonlyif
UC[P]�L
UC[Q]for�niteC.
Theorem.
P�L
Q
ifandonlyif
UC(P;Q)[P]�L
UC(P;Q)[Q].
30