2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 1 CCS: Processes and Equivalences Mads Dam Reading: Peled 8.1, 8.2, 8.5.

Slides:



Advertisements
Similar presentations
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Advertisements

Brief Introduction to Logic. Outline Historical View Propositional Logic : Syntax Propositional Logic : Semantics Satisfiability Natural Deduction : Proofs.
Process Algebra Book: Chapter 8. The Main Issue Q: When are two models equivalent? A: When they satisfy different properties. Q: Does this mean that the.
Process Algebra (2IF45) Abstraction in Process Algebra Suzana Andova.
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.
1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.
Programming Paradigms for Concurrency Lecture 11 Part III – Message Passing Concurrency TexPoint fonts used in EMF. Read the TexPoint manual before you.
4/25/20151 Metodi formali nello sviluppo software a.a.2013/2014 Prof.Anna Labella.
Behavioral Equivalence Hossein Hojjat Formal Lab University of Tehran.
Course on Probabilistic Methods in Concurrency (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1 The pi-calculus and the asynchronous.
A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.
1 Synchronization strategies for global computing models Ivan Lanese Computer Science Department University of Bologna.
Brief Introduction to Logic. Outline Historical View Propositional Logic : Syntax Propositional Logic : Semantics Satisfiability Natural Deduction : Proofs.
1 Ivan Lanese Computer Science Department University of Bologna Roberto Bruni Computer Science Department University of Pisa A mobile calculus with parametric.
On-the-fly Model Checking from Interval Logic Specifications Manuel I. Capel & Miguel J. Hornos Dept. Lenguajes y Sistemas Informáticos Universidad de.
1 Formal Models for Distributed Negotiations Concurrent Languages Translation Roberto Bruni Dipartimento di Informatica Università di Pisa XVII Escuela.
1212 Models of Computation: Automata and Processes Jos Baeten.
Bridging the gap between Interaction- and Process-Oriented Choreographies Talk by Ivan Lanese Joint work with Claudio Guidi, Fabrizio Montesi and Gianluigi.
C LAUS B RABRAND C ONCURRENCY (Q3,’06) M AR 13, 2006 C LAUS B RABRAND © 2005, University of Aarhus [ ] [
07/06/98 知的インタフェース特論 1 Operational Semantics Again, the question? Operational Model = Labeled Transition System If P and Q yields a same LTS. How to define.
Models of Computation for Embedded System Design Alvise Bonivento.
1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.
1212 Models of Computation: Automata and Processes Jos Baeten.
CSCI 4325 / 6339 Theory of Computation Zhixiang Chen Department of Computer Science University of Texas-Pan American.
Intro. to Logic CS402 Fall Propositional Calculus - Semantics (2/3) Propositional Calculus - Semantics (2/3) Moonzoo Kim CS Division of EECS Dept.
Introduction to CS Theory Lecture 3 – Regular Languages Piotr Faliszewski
SDS Foil no 1 Process Algebra Process Algebra – calculating with behaviours.
Advanced Topics in SE Spring Process Algebra Hossein Hojjat Formal Methods Lab University of Tehran.
Communication and Concurrency: CCS
Reactive systems – general
2G1516 Formal Methods2005 Mads Dam IMIT, KTH 1 CCS: Operational Semantics And Process Algebra Mads Dam Reading: Peled 8.3, 8.4, 8.6 – rest of ch. 8.
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
1 Bisimulations as a Technique for State Space Reductions.
Process Algebra Calculus of Communicating Systems Daniel Choi Provable Software Lab. KAIST.
Rewriting Logic Model of Compositional Abstraction of Aspect-Oriented Software FOAL '10Mar. 15, 2010 Yasuyuki Tahara, Akihiko Ohsuga The University of.
1 CD5560 FABER Formal Languages, Automata and Models of Computation Lecture 3 Mälardalen University 2010.
UW CSE 503 ▪ Software Engineering ▪ Spring 2004 ▪ Rob DeLine1 CSE 503 – Software Engineering Lecture 7: Process calculi and refinement Rob DeLine 19 Apr.
11/19/20151 Metodi formali nello sviluppo software a.a.2013/2014 Prof.Anna Labella.
Laws of concurrent design Tony Hoare Microsoft ResearchCambridge FMCAD October.
Formal Methods for Software Engineering Part II: Modelling & Analysis of System Behaviour.
Boolean Algebra and Computer Logic Mathematical Structures for Computer Science Chapter 7.1 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesBoolean Algebra.
MPRI 3 Dec 2007Catuscia Palamidessi 1 Why Probability and Nondeterminism? Concurrency Theory Nondeterminism –Scheduling within parallel composition –Unknown.
CS 5204 Spring 99 1 A Simple Agent A CCS agent is described both by a structural diagram and one or more algebraic equations. The diagram is for readability.
1 / 48 Formal a Language Theory and Describing Semantics Principles of Programming Languages 4.
MPRI – Course on Concurrency Lectures 11 and 12 The pi-calculus expressiveness hierarchy Catuscia Palamidessi INRIA Futurs and LIX
Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.
2G1516 Formal Methods2005 Mads Dam IMIT, KTH 1 CCS: Processes and Equivalences Mads Dam Reading: Peled 8.5.
Supercompilation and Normalisation by Evaluation Gavin Mendel-Gleason & Geoff Hamilton Dublin City University.
CS 203: Introduction to Formal Languages and Automata
Concurrency 5 The theory of CCS Specifications and Verification Expressive Power Catuscia Palamidessi
Secure Composition of Untrusted Code: Wrappers and Causality Types Kyle Taylor.
On the origins of Bisimulation & Coinduction
Transparency No. 4-1 Formal Language and Automata Theory Chapter 4 Patterns, Regular Expressions and Finite Automata (include lecture 7,8,9) Transparency.
Model Checking Lecture 1. Model checking, narrowly interpreted: Decision procedures for checking if a given Kripke structure is a model for a given formula.
Process Algebra (2IF45) Abstraction Parallel composition (short intro) Suzana Andova.
Boolean Algebra and Computer Logic Mathematical Structures for Computer Science Chapter 7 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesBoolean Algebra.
Process Algebra (2IF45) Basic Process Algebra Dr. Suzana Andova.
CSCI 4325 / 6339 Theory of Computation Zhixiang Chen.
Pushdown Automata Chapter 12. Recognizing Context-Free Languages Two notions of recognition: (1) Say yes or no, just like with FSMs (2) Say yes or no,
CSE 461. Binary Logic Binary logic consists of binary variables and logical operations. Variables are designated by letters such as A, B, C, x, y, z etc.
Model Checking Lecture 2. Model-Checking Problem I |= S System modelSystem property.
Alternating tree Automata and Parity games
Formal Methods in software development
Formal Methods in software development
Formal Methods in software development
Advanced Topics in Software Engineering 1
Formal Methods in software development
Presentation transcript:

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 1 CCS: Processes and Equivalences Mads Dam Reading: Peled 8.1, 8.2, 8.5

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 2 Finite State Automata Coffee machine A 1 : Coffee machine A 2 : Are the two machines ”the same”? 1kr tea coffee 1kr tea coffee 1kr

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 3 CCS Calculus of concurrent processes Main issues: How to specify concurrent processes in an abstract way? Which are the basic relations between concurrency and non- determinism? Which basic methods of construction (= operators) are needed? When do two processes behave differently? When do they behave the same? Rules of calculation: –Replacing equals for equals –Substitutivity Specification and modelling issues

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 4 Process Equivalences Sameness of behaviour = equivalence of states Many process equivalences have been proposed (cf. Peled 8.5) For instance: q 1 » q 2 iff –q 1 and q 2 have the same paths, or –q 1 and q 2 may always refuse the same interactions, or –q 1 and q 2 pass the same tests, or –q 1 and q 2 satisfy the same temporal formulas, or –q 1 and q 2 have identical branching structure CCS: Focus on bisimulation equivalence

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 5 Bisimulation Equivalence Intuition: q 1 » q 2 iff q 1 and q 2 have same branching structure Idea: Find relation which will relate two states with the same transition structure, and make sure the relation is preserved Example: aaa b b bc c c q1q1 q2q2

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 6 Strong Bisimulation Equivalence Given: Labelled transition system T = (Q, ,R) Looking for a relation S  Q  Q on states S is a strong bisimulation relation if whenever q 1 S q 2 then: –q 1   q 1 ’ implies q 2   q 2 ’ for some q 2 ’ such that q 1 ’ S q 2 ’ –q 2   q 2 ’ implies q 1   q 1 ’ for some q 1 ’ such that q 1 ’ S q 2 ’ q 1 and q 2 are strongly bisimilar iff q 1 S q 2 for some strong bisimulation relation S q 1  q 2 : q 1 and q 2 are strongly bisimilar Peled uses ´ bis for »

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 7 Example q1q1 q0q0 q2q2 p0p0 p1p1 p2p2 a a a a a a a b b b Does q 0 » p 0 hold?

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 8 Example q1q1 q0q0 q2q2 p0p0 p1p1 p2p2 c aa a c b b Does q 0 » p 0 hold? q3q3 q4q4 p3p3

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 9 Weak Transitions What to do about internal activity?  : Transition label for activity which is not externally visible q )  q’ iff q = q 0   q 1  ...   q n = q’, n  0 q )  q’ iff q )  q’ q )  q’ iff q )  q 1   q 2 )  q’ (    ) Beware that )  = )  (non-standard notation) Observational equivalence, v.1.0: Bisimulation equivalence with  in place of  Let q 1 ¼’ q 2 iff q 1 » q 2 with )  in place of !  Cumbersome definition: Too many transitions q )  q’ to check

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 10 Observational Equivalence Let S µ Q  Q. The relation S is a weak bisimulation relation if whenever q 1 S q 2 then: –q 1   q 1 ’ implies q 2   q 2 ’ for some q 2 ’ such that q 1 ’ S q 2 ’ –q 2   q 2 ’ implies q 1   q 1 ’ for some q 1 ’ such that q 1 ’ S q 2 ’ q 1 and q 2 are observationally equivalent, or weakly bisimulation equivalent, if q 1 S q 2 for some weak bisimulation relation S q 1  q 2 : q 1 and q 2 are observationally equivalent/weakly bisimilar Exercise: Show that ¼’ = ¼

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 11 Examples a a a a a a a a b b c c c      ¼ ¼ ¼

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 12 Examples b a  b a  a  b All three are inequivalent

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 13 Calculus of Communicating Systems - CCS Language for describing communicating transition systems Behaviours as algebraic terms Calculus: Centered on observational equivalence Elegant mathematical treatment Emphasis on process structure and modularity Recent extensions to security and mobile systems CSP - Hoare: Communicating Sequential Processes (85) ACP - Bergstra and Klop: Algebra of Communicating Processes (85) CCS - Milner: Communication and Concurrency (89) Pi-calculus – Milner (99), Sangiorgi and Walker (01) SPI-calculus – Abadi and Gordon (99) Many recent successor for security and mobility (more in 2G1517)

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 14 CCS - Combinators The idea: 7 elementary ways of producing or putting together labelled transition systems Pure CCS: Turing complete – can express any Turing computable function Value-passing CCS: Additional operators for value passing Definable Convenient for applications Here only a taster

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 15 Actions Names a,b,c,d,... Co-names: a,b,c,d,... –Sorry: Overbar not good in texpoint! –a = a In CCS, names and co-names synchronize Labels l: Names [ co-names  2 Actions =  = Labels [ {  } Define  by: – l = l, and –  = 

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 16 CCS Combinators, II Nil0No transitions Prefix .Pin.out.0  in out.0  out 0 DefinitionA == PBuffer == in.out.Buffer Buffer  in out.Buffer  out Buffer inout in out

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 17 CCS Combinators, Choice Choice P + QBadBuf == in.( .0 + out.BadBuf) BadBuf  in .0 + out.BadBuf   0or  out BadBuf Obs: No priorities between  ’s, a’s or a’s CCS doesn’t ”know” which labels represent input, and which output May use  notation:  i2{1,2}  i.P i =  1.P 1 +  2.P 2 in out 

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 18 Example: Boolean Buffer 2-place Boolean Buffer Buf 2 : Empty 2-place buffer Buf 2 0 : 2-place buffer holding a 0 Buf 2 1 : Do. holding a 1 Buf 2 00 : Do. Holding etc.... Buf 2 == in 0.Buf in 1.Buf 2 1 Buf 2 0 == out 0.Buf 2 + in 0.Buf in 1.Buf 2 01 Buf 2 1 ==... Buf 2 00 == out 0.Buf 2 0 Buf 2 01 == out 0.Buf 2 1 Buf 2 10 ==... Buf 2 11 ==...

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 19 Example: Scheduler a i : start task i b i : stop task i Requirements: 1.a 1,...,a n to occur cyclically 2.a i /b i to occur alternately beginning with a i 3.Any a_i/b_i to be schedulable at any time, provided 1 and 2 not violated Let X  {1,...,n} Sched i,X : i to be scheduled X pending completion Scheduler == Sched 1,  Sched i,X ==  j  X b j.Sched i,X-{j}, if i  X ==  j  X b j.Sched i,X-{j} + a i.Sched i+1,X  {i}, if i  X

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 20 Example: Counter Basic example of infinite-state system Count == Count 0 Count 0 == zero.Count 0 + inc.Count 1 Count i+1 == inc.Count i+2 + dec.Count i Can do stacks and queues equally easy – try it!

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 21 CCS Combinators, Composition Composition P | QBuf 1 == in.comm.Buf 1 Buf 2 == comm.out.Buf 2 Buf 1 | Buf 2  in comm.Buf 1 | Buf 2   Buf 1 | out.Buf 2  out Buf 1 | Buf 2 But also, for instance: Buf 1 | Buf 2  comm Buf 1 | out.Buf 2  out Buf 1 | Buf 2

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 22 Composition, Example Buf 1 == in.comm.Buf 1 Buf 2 == comm.out.Buf 2 Buf 1 | Buf 2 : Buf 1 |Buf 2 comm.Buf 1 |Buf 2 comm.Buf 1 |out.Buf 2 Buf 1 |out.Buf 2 in comm out comm out in comm 

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 23 CCS Combinators, Restriction Restriction P LBuf 1 == in.comm.Buf 1 Buf 2 == comm.out.Buf 2 (Buf 1 | Buf 2 ) {comm}  in comm.Buf 1 | Buf 2   Buf 1 | out.Buf 2  out Buf 1 | Buf 2 But not: (Buf 1 | Buf 2 ) {comm}  comm Buf 1 | out.Buf 2  out Buf 1 | Buf 2

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 24 CCS Combinators, Relabelling Relabelling P[f]Buf == in.out.Buf 1 Buf 1 == Buf[comm/out] = in.comm.Buf 1 Buf 2 == Buf[comm/in] = comm.out.Buf 2 Relabelling function f must preserve complements: f(a) = f(a) And  : f(  ) =  Relabelling function often given by name substitution as above

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 25 Example: 2-way Buffers 1-place 2-way buffer: Buf ab == a +.b -.Buf ab + b +.a -.Buf ab Flow graph: LTS: Buf bc == Buf ab [c + /b +,c - /b -,b - /a +,b + /a - ] (Obs: Simultaneous substitution!) Sys = (Buf ab | Buf bc )\{b +,b - } Intention: What went wrong? a+a+ a-a- b-b- b+b+ Buf ab b -.Buf ab a -.Buf ab a+a+ b+b+ b-b- a-a- a+a+ a-a- b-b- b+b+ b-b- b+b+ c+c+ c-c-

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 26 Transition Semantics To apply observational equivalence need a formalised semantics Each CCS expression -> state in LTS derived from that expression Compositionality: Construction of LTS follows expression syntax Inference rules: P 1   P 2 P 1 | Q   P 2 | Q Meaning: For all P 1, P 2, Q, , if there is an  transition from P 1 to P 2 then there is an  transition from P 1 | Q to P 2 | Q

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 27 P   P’ PÂL   P’ÂL CCS Transition Rules (no rule for 0!) - .P   P Prefix Def P   Q A   Q (A == P) Choice L P   P’ P+Q   P’ Choice L Q   Q’ P+Q   Q’ Com L P   P’ P|Q   P’|Q Com R Q   Q’ P|Q   P|Q’ Com P  l P’ Q  l Q’ P|Q   P’|Q’ Restr ( ,   L) Rel P   P’ P[f]  f(  P’[f]

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 28 CCS Transition Rules, II Closure assumption: !  is least relation closed under the set of rules Example derivation: Buf 1 == in.comm.Buf 1 Buf 2 == comm.out.Buf 2 (Buf 1 | Buf 2 )Â{comm}  in comm.Buf 1 | Buf 2   Buf 1 | out.Buf 2  out Buf 1 | Buf 2

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 29 Example: Semaphores Semaphore: Unary semaphore: S 1 == p.S 1 1 S 1 1 == v.S 1 Binary semaphore: S 2 == p.S 2 1 S 2 1 == p.S v.S 2 S 2 2 == v.S 2 1 Result: S 1 | S 1  S 2 Proof: Show that {(S 1 | S 1, S 2 ), (S 1 1 | S 1, S 2 1 ), (S 1 | S 1 1, S 2 1 ), (S 1 1 | S 1 1, S 2 2 )} is a strong bisimulation relation pv

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 30 Example: Simple Protocol Spec == in.out.Spec Sender == in.Transmit Transmit == transmit.WaitAck WaitAck == ack +.Sender + ack -.Transmit Receiver == transmit.Analyze Analyze == .out.ack +.Receiver + .ack -.Receiver Protocol == (Sender | Receiver)Â{transmit,ack +,ack - } Exercise: Prove Spec  Protocol

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 31 Example: Jobshop i E : input of easy job i N : input of neutral job i D : input of difficult job O: output of finished product A == i E.A’ + i N.A’ + i D.A’ A’ == o.A Spec = A | A Hammer: H == gh.ph.H Mallet: M == gm.pm.M Jobber: J ==  x  {E,N,D} i x.J x J E == o.J J N == gh.ph.J E + gm.pm.J E J D == gh.ph.J E Jobshop == (J | J | H | M)Â{gh,ph,gm,pm} Theorem: Spec  Jobshop Exercise: Prove this.

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 32 Proving Equivalences The bisimulation proof method: To establish P  Q: 1.Identify a relation S such that P S Q 2.Prove that S is a weak bisimulation relation This is the canonical method There are other methods for process verification: Equational reasoning Temporal logic specification/proof/model checking

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.