Presentation is loading. Please wait.

Presentation is loading. Please wait.

A logic for true concurrency Paolo Baldan and Silvia Crafa Universita’ di Padova.

Published byDenis Phelps Modified over 9 years ago

Similar presentations

Presentation on theme: "A logic for true concurrency Paolo Baldan and Silvia Crafa Universita’ di Padova."— Presentation transcript:

1 A logic for true concurrency Paolo Baldan and Silvia Crafa Universita’ di Padova

2 Models of Concurrency a | b = a.b + b.a a a b b Different causal properties Different distribution properties ?

3 The Interleaving world a | b ~ a.b+b.a Bisimulation equivalence 2-nested simulation ready simulation ready trace equiv. simulation equiv. completed trace eq. Trace equivalence

4 Pomset bisimulationweak hp bisim The True-Concurrent world a | b ≠ a.b+b.a Hereditary history-preserving bisim History-preserving bisim Step bisimulation ( Bisimulation equivalence )

5 Interleaving world: Logical characterization Hennessy-Milner Logic Bisimulation equiv. simulation equiv. HML without negation HML Trace equiv. HML without negation and conjunction

6 True-concurrent world vs Logic ? ?? Hereditary hp- bisim Bisimulation equiv. Hennessy-Milner Logic

7 Logics for true-concurrency [DeNicola-Ferrari 90] Unique framework for several temporal and modal logics. Captures pomset bisim and weak hp-bisim. [Hennessy-Stirling 85, Nielsen-Clausen 95] Charaterise hhp-bis with past-tense/back step modalities In absence of autoconcurrency [Bradfield-Froschle 02, Gutierrez 09] Modal logics expressing action independence/causality Only hp-bisimulation is captured Different logics for different equivalences!!

8 A single logic for true-concurrency L Hereditary hp- bisim Bisimulation equiv.Hennessy-Milner Logic hp bisim L hp Pomset bisim L pL p Step bisim L sL s

9 True Concurrent Model: Event Structures Computation in terms of events = action occurrence A notion of causal dependence between events A notion of incompatibility between events A labeling to record the action corresponding to the event E = ( E, ≤, #, λ ) ≤ is a partial order and is finite # is irreflexive, symmetric and hereditary: if e # e’ ≤ e’’ then e#e’’

10 True Concurrent Model: Event Structures e 4 is caused by {e 1, e 2, e 3 } (e 1, e 2 ) and (e 1, e 6 ) are concurrent (e 3, e 6 ) and (e 5, e 6 ) are in conflict (e 2, e 4 ) and (e 1, e 6 ) are consistent e1e1 e2e2 e3e3 e4e4 e5e5 e6e6 ab cc de a autoconcurrency

11 True Concurrent Model: Event Structures e1e1 e2e2 e3e3 e4e4 e5e5 e6e6 Computation in terms of Configurations causally-closed set of consistent events step pomset a run

12 The True Concurrent Spectrum Pomset bisimulation weak hp bisim Hereditary history-preserving bisim History-preserving bisimulation Step bisimulation ( Bisimulation equivalence ) Coherent hhp-bisim

13 Bisimulation Equivalence

14 It captures the branching of a system but it cannot observe the concurrency of a system aa bc a.b +a.c a bc a.(b+c) ≠ ab ab ba a.b +b.a a | b =

15 Bisimulation Equivalence it cannot observe the concurrency of a system ab ab ba a.b +b.a a | b =

16 Step Bisimulation

17 ab ab ba a.b +b.a a | b ≠ s ab a a b b ab b = sor There is an occurrence of b causally dependent from a It captures the concurrency of a system but it cannot observe the concurrency / causality mix:

18 Step Bisimulation ab ab b = s There is an occurrence of b causally dependent from a It captures the concurrency of a system but it cannot observe the concurrency / causality mix:

19 Pomset Bisimulation

20 ab ≠ ab b p a a b b = p ab b The same pomsets but only in the lhs “after a we can choose between a dependent and an independent b” It captures the causality of a system but it cannot observe the causality / branching mix:

21 Pomset Bisimulation like bisimulation: it is an interleaving of pomsets (rather than actions) it doesn’t observe the causal relations between a pomset and the next one keep the history of already matched transitions Let the two matching runs (entire history of moves) in the game to be pomset-isomorphic let the history grow pomset-isomorphically

22 History-preserving Bisimulation

23 “causal equivalence” a a b b hp ab b ≠ ? ?  It does not capture the interplay between causality – concurrency - branching It captures the causality / branching interplay p =

24 History-preserving Bisimulation a b cd ab ab cd ab # # = hp  c and d depend on conflicting vs. concurrent a and b !! And similarly the other way round  Hp-bisim hides such a difference:  the execution of an event rules out any conflicting event  there is the same causality

25 History-preserving Bisimulation a2’a2’b2’b2’ cd a1’a1’b1’b1’ a2a2 b2b2 cd a1a1 b1b1 # # = hp a 1, b 1 can be matched in principle either by a 1 ’, b 1 ’ or a 2 ’, b 2 ’  the choice depends on the order in which they are linearized (a 1, b 1 are concurrent)  a 1, b 1 are independent, but the execution of one affects the “behavioral environment”/ the future of the other How can we formalize this difference?

26 Backward moves!! a2’a2’b2’b2’ cd a1’a1’b1’b1’ a2a2 b2b2 cd a1a1 b1b1 # # hhp ≠ ? a1 → b1 → a1 ← a2’ → b2’ → d → a2’ ← d → Hereditary History-preserving Bisimulation

27 a|(b+c) + a|b + b|(a+c) a|(b+c) + b|(a+c) no causality In lhs only: a couple of independent (a,b) so that none can appear in parallel with c Hp-bisim hides such a difference a and b are independent but their linearization affects the behavioral environment The backtracking distinguishes them abcab a cb ## abc a cb #

28 Hereditary History-preserving Bisimulation The backtracking can distinguish them a → b → a ← a2 → b2 → c → a2 ← c → a|(b+c) + a|b + b|(a+c) a|(b+c) + b|(a+c) abcab a cb ## a1a1 b1b1 c1c1 c2c2 b2b2 # ? a2a2

29 Hereditary History-preserving Bisimulation What kind of forward observation does backtracking correspond to? alternative, possibly conflicting futures

30 A logic for true concurrency Var : denumerable set of variables ranged over by x, y, z, … Interpreted over event structures: a formula is evaluated in a configuration C, with an environment η : Var → E the current state of the computation describes a set of possible futures for C records the events bound to variables

31 A logic for true concurrency declares the existence of an event e in the future of C s.t. the event η(z) can be executed form C, leading to C’ s.t. it binds z to e so that it can be later referred to in φ Event-based logic

32 A logic for true concurrency ac bd there is a future evolution that enables b there are two (incompatible) futures executing a disallows the future containing d a bd abd

33 Examples and notation stands for  Immediate execution that chooses an event and immediately executes it stands for  Step which declares the existence of two concurrent events

34 Well-formedness The full logic is too powerful: it also observe conflicts! aa bb a b Well-formedness syntactically ensures that free variables in any subformula will always refer to events consistent with the current config. the variables used as causes/non causes in quantifications will be bound to consistent events

35 Logical Equivalence  An e.s. satisfies a closed formula φ:when  Two e.s. are logically equivalent in the logic L: when Theorem: The logical equivalence induced by the full logic is hhp-bisimilarity

36 A single logic for true-concurrency L Hereditary hp- bisim Bisimulation equiv.Hennessy-Milner Logic hp bisim L hp Pomset bisim L pL p Step bisim L sL s no back moves

37 Logical Spectrum: HM Logic Hennessy-Milner logic corresponds to the fragment L HM : No references to causally dependent/concurrent events Whenever we state the existence of an event, we must execute it Theorem: The logical equivalence induced by L HM is bisimilarity

38 Logical Spectrum: Step Logic The fragment L s : Predicates on the possibility of performing a parallel step No references to causally dependent/concurrent events between steps Generalizes L HM Theorem: The logical equivalence induced by L s is step bisimulation

39 Logical Spectrum: Pomset Logic The fragment L p : Predicates on the possibility of executing a pomset transition Closed formula ↔ execution of a pomset Causal links only within a pomset but not between different pomsets Theorem: The logical equivalence induced by L p is pomset bisimulation where ¬, ˄ are used only on closed formulae

40 Logical Spectrum: History Preserving Logic The fragment L hp : Besides pomset execution, it also predicates about its dependencies with previously executed events quantify + execute → no quantification over conflicting events Theorem: The logical equivalence induced by L hp is hp-bisimulation

41 Logical Spectrum: Separation Examples ab ab ba ab a b b

42 a a b b ab b The same pomsets but only in the lhs “after a we can choose between a dependent and an independent b” Logical Spectrum: Separation Examples

43 a b cd ab ab cd ab # # The same causality but c and d depend on conflicting vs. concurrent a and b conflicting futures observe without executing: !!

44 Logical Spectrum: Separation Examples The same causality but in lhs only a couple of independent (a,b) so that none can appear in parallel with c observe without executing: a|(b+c) + a|b + b|(a+c) a|(b+c) + b|(a+c)

45 Future work Different equivalences in a simple, unitary logical framework Study the operational spectrum: observe without executing, but only predicate on consistent futures lies in between hp and hhp-bis. hp is decidable and hhp is undecidable even for finite state systems. Characterise decidable equiv. Study the logical spectrum: encode other logics in L add recursion to express properties like any a-action can be always followed by a causally related b-action an a-action can be always executed in parallel with a b-action Verification: model checking, auotmata, games,…

Download ppt "A logic for true concurrency Paolo Baldan and Silvia Crafa Universita’ di Padova."

Similar presentations

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Process Algebra Book: Chapter 8. The Main Issue Q: When are two models equivalent? A: When they satisfy different properties. Q: Does this mean that the.

Process Algebra Book: Chapter 8. The Main Issue Q: When are two models equivalent? A: When they satisfy different properties. Q: Does this mean that the.
Substitution & Evaluation Order cos 441 David Walker.

Substitution & Evaluation Order cos 441 David Walker.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.

UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.

1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.
Behavioral Comparison of Process Models Based on Canonically Reduced Event Structures Abel Armas-Cervantes Paolo Baldan Marlon Dumas Luciano García-Bañuelos.

Behavioral Comparison of Process Models Based on Canonically Reduced Event Structures Abel Armas-Cervantes Paolo Baldan Marlon Dumas Luciano García-Bañuelos.
1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.

1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.
1 Conditional XPath, the first order complete XPath dialect Maarten Marx Presented by: Einav Bar-Ner.

1 Conditional XPath, the first order complete XPath dialect Maarten Marx Presented by: Einav Bar-Ner.
A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.

A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.
1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.

1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.
Modeling Software Systems Lecture 2 Book: Chapter 4.

Modeling Software Systems Lecture 2 Book: Chapter 4.
Review of Matrix Algebra

Review of Matrix Algebra
1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.

1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.

Similar presentations

Ads by Google