Download - Advanced Topics in SE Spring 2006 1 Process Algebra Hossein Hojjat Formal Methods Lab University of Tehran.

Transcript

Advanced Topics in SESpring 2006

1

Process Algebra

Hossein Hojjat

Formal Methods Lab

University of Tehran

Advanced Topics in SESpring 2006

2

Introduction

• The lambda calculus models the functional computation completely

• Lambda calculus is unique: There is only one way to observe a functional computation – watch which output values yields when presented with

different input values

• But the concurrent computation is not neat as functional

• There are many aspects to concurrent programming

Advanced Topics in SESpring 2006

3

Introduction (cont.)

• Concurrent systems can be described in terms of many different constructs

• For creating processes – fork/wait– cobegin/coend, etc.

• Exchanging information between processes– shared memory– rendezvous– message-passing– data flow, etc.

Advanced Topics in SESpring 2006

4

Introduction (cont.)

• For managing the shared resources– semaphores– monitors– transactions

• This variability has rise to a large class of formal systems: Petri nets, event structures, actor model,…

• In the process algebra approach every thing is considered to be a process

Advanced Topics in SESpring 2006

5

Introduction (cont.)

• We need not distinguish between– active components like senders and receivers– passive components such as communication media

• All of the processes interact via synchronous message passing

• This is the only basic mode of interaction

Advanced Topics in SESpring 2006

6

Process Algebra

• Process– A behavior of a system– A system is anything showing behavior– Software system, actions of a machine, etc.

• Algebra– We take an algebraic/axiomatic approach in talking

about processes– By using axioms, we can perform calculations with

processes

Advanced Topics in SESpring 2006

7

Process Algebra: Automata Theory Extension

• An automata has a number of states and a number of transitions

• There are some initial and final states• A behavior is a run: a path from initial state to

final state• Two automata are equivalent when their

languages are equal

Advanced Topics in SESpring 2006

8

Process Algebra: Automata Theory Extension (cont.)

• The automata model lacks the notion of interaction

• During the execution from initial to final state, a system may interact with other systems

• This is needed in modeling the reactive systems

Advanced Topics in SESpring 2006

9

Well Known Process Algebras

• In the early eighties, Milner introduced CCS, Hoare introduced CSP and Bergstra introduced ACP

• π calculus: In 1989, Milner extended CCS to take full advantage of named channels

• PEPA (Performance Evaluation Process Algebra): a stochastic process algebra

• Ambient calculus: a process calculus used to describe and theorize about concurrent systems that include mobility

Advanced Topics in SESpring 2006

10

CCS

• The Calculus of Communicating Systems (or CCS) is a process calculus developed by Robin Milner

• This lecture mainly focus on the CCS process algebra

Advanced Topics in SESpring 2006

11

The language CCS

• Processes are called agents, built from a set of actions

• Actions can be:– Observable, represented by letters a, b, etc.– Unobservable (silent), marked by τ

• Observable actions– a, b, … input actions– a, b,… output actions

• Input action a and output action a are complementary

Advanced Topics in SESpring 2006

12

The language CCS (cont.)

• If a means the reception of message a from the “in” port, the action a denotes the writing of the message to the “out” port

• The following identity describes how the complementation of messages works– a = a

• The most basic operator is 0 (read nill)– Performs no action whatsoever

Advanced Topics in SESpring 2006

13

Operations

• Agents may be constructed by employing process algebraic operations on other agents

• There are primarily five different methods of constructing agents– Action prefixing– Choice operator– Parallel composition– Restriction– Relabeling

Advanced Topics in SESpring 2006

14

Action Prefixing

• The most basic process constructor in CCS is action prefixing

• If a is an action and P is a process, then a.P is a process

• The "." here is called "action prefixing" and denotes sequentialization– P becomes active only after the action a has been

performed

• a.P→a P

Advanced Topics in SESpring 2006

15

Example

Match = strike.0def

CM = coin.coffee.CMdef

Clock = tick.Clockdef

Advanced Topics in SESpring 2006

16

Choice Operator

• If P and Q are processes, then so is P + Q• The process P + Q has the initial capabilities of

both P and Q• Choosing to perform initially an action from P will

preempt the further executions of actions from Q, and vice versa

Advanced Topics in SESpring 2006

17

Example

CTM = coin.(coffee.CTM + tea.CTM)

tea

coffee

• After having input a coin, the process CTM is willing to deliver either tea or coffee

• It depends upon the customer’s choice

Advanced Topics in SESpring 2006

18

Parallel Composition

• Let Q and R be processes, (Q | R) is a process• The semantics of parallel composition:

1. If M M’, and N cannot perform α, then

M | N M’ | N

2. If N N’ and M cannot perform α, then

M | N M | N’

3. If M M’, and N N’, then M | N M’ | N’

→α

→α

→α

→α

→α

→α

→τ

Advanced Topics in SESpring 2006

19

Example

CM = coin.coffee.CMdef

CS = pub.coin.coffee.CSdef

CS | CM

Advanced Topics in SESpring 2006

20

Communication

• The computer scientist and coffee machine may communicate via the ports

• Given two CCS expression P and Q, the process P | Q describes a system which– P and Q may proceed independently– May communicate via complementary ports

Advanced Topics in SESpring 2006

21

ExampleCM CS

coin

coffee

coffee

coin

pub

CM | CS

CM|CS|CS’

CM CS

coin

coffee

coffee

coin

pub

CS’

coin

coffee pub

Advanced Topics in SESpring 2006

22

Restriction

• Let Q be a process and Σ be a set of visible actions, τ Σ. Then (Q) \ Σ is a process

• If Q Q’ and α Σ, α Σ, then

((Q) \ Σ) ((Q’) \ Σ)• Process (Q) \ Σ is like Q, but it cannot execute

actions in the set Σ or their complement actions• The scope of port names in Σ is restricted to Q

→α

→α

Advanced Topics in SESpring 2006

23

Example

((CM|CS)\coin\coffee)|CS’ CM CS pub

CS’

coin

coffee pub

Advanced Topics in SESpring 2006

24

Relabeling

• Let Q be an agent and Σ the set of its visible actions, τ Σ

• Let Σ’ be a set of actions and let

m: Σ U {τ }→ Σ U {τ’ } such that m(τ) = τ and

α ≠ τ : m(α)=m(α). Then P ::= Q[m] is a process

• If Q Q’ then Q[m] Q’[m]• Process P is like Q, but it actions have obtained

by mapping the actions Q through m

→α

→m(α)

Advanced Topics in SESpring 2006

25

Example

VendingMachine = coin.item.VendingMachine

CokeMachine = VendingMachine[coke/item]def

CoffeeMachine = VendingMachine[coffee/item]def

Advanced Topics in SESpring 2006

26

Algebraic Operator Precedence

• 1. Restriction and relabeling “P\L” “P[f]”• 2. Action prefixing “α.P”• 3. Parallel composition “P|Q”• 4. Summation “P+Q”

– Q: How is “R+a.P|b.Q\L” then to be read ?– A: “R+((a.P)|(b.(Q\L)))” !

tightest

Advanced Topics in SESpring 2006

27

Semantics

1. Operational Semantics– Specifies the behavior of a programming language by

defining a simple abstract machine for it

2. Denotational Semantics– Map programs to denotations– Denotations are abstract representations details

3. Axiomatic Semantics– Instead of first defining the behaviors of programs and

then deriving laws from this definition, take the laws themselves as the definition of the language

Advanced Topics in SESpring 2006

28

SOS

• Structural Operational Semantics• Developed by Gordon Plotkin in 1981• Represents computation by means of

deductive systems• These systems turn the abstract machine into a

system of logical interferences• With SOS semantics definitions are given by

inference rules

Advanced Topics in SESpring 2006

29

Inference

• Inference rule consists of a conclusion that follows from a set of premises, possibly under control of some conditions

premise1 premise2 … premisen

conclusion

condition

Advanced Topics in SESpring 2006

30

SOS of CCS

• The prefix is the only axiom in the system

• The parallel composition requires two symmetric rules:

• So as choice operator:

α.P Pα

P P’α

P | Q P’ | QαQ Q’α

P | Q P | Q’α

P P’

P + Q P’α

α Q Q’

P + Q Q’α

α

Advanced Topics in SESpring 2006

31

SOS of CCS (cont.)

• Communication may happen when compatible prefixes are allowed

• Restriction and relabeling rule

P P’α

P | Q P’ | Q’τQ Q’α

P P’α

P \ L P’ \ Lα α, α’ L

P P’

P [ f ] P’ [ f ]f(α)

α

Advanced Topics in SESpring 2006

32

Labeled transition system

• SOS formally defines for each process term the labeled transition system that it stands for

• A labeled transition system (LTS) is a triple(S, Act, →)

consisting of• a set S of states• a set Act of (action) labels• a transition relation → S × Act × S• if (s,α,s’) → we write s s’α

Advanced Topics in SESpring 2006

33

Example

• C0=is_0? . C0 + set_1 . C1 + set_0 . C0

• C1=is_1? . C1 + set_0 . C0 + set_1 . C1

C0 C1set_1

set_0

set_0

is_0?

set_1

is_1?

Advanced Topics in SESpring 2006

34

• Next session– simulation– bisimulation– branching bisimulation