Presentation is loading. Please wait.

Presentation is loading. Please wait.

Synthesis of Communication Systems, August 2002 1 Gregor v. Bochmann, University of Ottawa Synthesis of communication systems Gregor v. Bochmann School.

Published byPenelope Shanon Bridges Modified over 9 years ago

Similar presentations

Presentation on theme: "Synthesis of Communication Systems, August 2002 1 Gregor v. Bochmann, University of Ottawa Synthesis of communication systems Gregor v. Bochmann School."— Presentation transcript:

1 Synthesis of Communication Systems, August 2002 1 Gregor v. Bochmann, University of Ottawa Synthesis of communication systems Gregor v. Bochmann School of Information Technology and Engineering (SITE) University of Ottawa www.site.uottawa.ca/~bochmann/ Presentation at the Concordia Summer School on Communication Software Engineering Montreal, August 2002

2 Synthesis of Communication Systems, August 2002 2 Gregor v. Bochmann, University of Ottawa Overview Overview of problems and approaches Preliminaries: Basic concepts and models Labelled transition systems (LTS) Input-Output Automata (IOA) Communication Finite State Machines (CFSM) Avoiding unspecified receptions Deriving submodule specifications Deriving protocol specifications from service specifications

3 Synthesis of Communication Systems, August 2002 3 Gregor v. Bochmann, University of Ottawa Designing distributed and communication systems: Problems Problems common to system design in general: How to specify the requirements Take architectural constraints and existing components into account during design Interface documentation, especially dynamic aspects Validation and verification Specific to distributed systems: FLexibility for the physical distribution of functions To define a protocol that provides a specified service Complexity due to the parallel operation of the physically distributed components (“state space explosion”) Need for compatibility at interfaces and at the levels of protocols

4 Synthesis of Communication Systems, August 2002 4 Gregor v. Bochmann, University of Ottawa General orientation of this tutorial Validation and verification require precise specification of requirements and designs Emphasis on the automation of certain software development steps (Note: This requires formally defined meaning of specification languages) Emphasis on requirements and design phases Presentation of very simple specification languages, in order to explain the concepts that are important for the design of distributed systems (Note: For practical purposes, one requires more powerful languages, especially concerning interaction parameters and data types)

5 Synthesis of Communication Systems, August 2002 5 Gregor v. Bochmann, University of Ottawa Topics covered in this tutorial Review of the basic concepts of LTS, IOA and CFSM with emphasis on behavior comparison in view of conformance A simple protocol design method for avoiding unspecified receptions How to derive the specification of a system component in such a way that its composition with a given component has certain given properties (Note: This is relevant for design of communication gateways and system controllers, and for the design with existing components) How to derive the specification of a protocol that provides the service described by a given expression of distributed sequencing rules (e.g. distributed LTS, Petri net, or similar)

6 Synthesis of Communication Systems, August 2002 6 Gregor v. Bochmann, University of Ottawa Overview Overview of problems and approaches Preliminaries: Basic concepts and models Labelled transition systems (LTS) Input-Output Automata (IOA) Communication Finite State Machines (CFSM) Avoiding unspecified receptions Deriving submodule specifications Deriving protocol specifications from service specifications

7 Synthesis of Communication Systems, August 2002 7 Gregor v. Bochmann, University of Ottawa Labelled Transition Systems Examples a 1 2 b c A a 1 2 b d B e 3 f g a 1,1 b d A ∞ B e f g d c 2,2 1,3 1,2 Composition: rendezvous for equally named actions busy Send data Open connection Close connection

8 Synthesis of Communication Systems, August 2002 8 Gregor v. Bochmann, University of Ottawa Interesting concepts Final state Home state Deadlock Partial deadlock Loops: useful – not useful (livelock) Operations on machines: Composition Abstraction (action hiding, projection) Comparison of behaviors a 1,1 b d A ∞ B e f g d c 2,2 1,3 1,2

9 Synthesis of Communication Systems, August 2002 9 Gregor v. Bochmann, University of Ottawa Composition and interfaces Interface An interface is a port where a subset of the interactions of the machine take place “compatible” ports of different machines can be used for interconnection (composition) AB a, b cd e, f A a, b c B d e, f A b c a A b  a c  c 1 a A b c  c 2 c1c1 c2c2 Coupling of - equally named actions, or - explicitly mapped actions

10 Synthesis of Communication Systems, August 2002 10 Gregor v. Bochmann, University of Ottawa Abstraction AB a, b cd e, f AB a, b cd e, f Example: hide {a, b} in A ∞ B Architecture Behavior a 1,1 b d e f c 2,2 1,3  1,1  d e f c 2,2 1,3 1,1 2,2 d e f c 1,3 equivalent to … ?

11 Synthesis of Communication Systems, August 2002 11 Gregor v. Bochmann, University of Ottawa Behavior comparisons Different criteria for comparison Possible sequences of interactions (execution traces) trace equivalence, trace inclusion As above, plus possible blocking behaviors testing equivalence, observational equivalence, reduction, extension Comparison based on states and transitions ( bi- ) simulation Consider also timing/performance behavior

12 Synthesis of Communication Systems, August 2002 12 Gregor v. Bochmann, University of Ottawa Behavior based on trace semantics Basic paradigm: Behavior of a machine = set of its possible execution traces Note: A set of traces T can be characterized by a constraint C T that is satisfied by each trace in the set (e.g. satisfy a specific regular expression) Note: Given T1 and T2, T2 ≤ (is subset of) T1 iff C T2 => (implies) C T1

13 Synthesis of Communication Systems, August 2002 13 Gregor v. Bochmann, University of Ottawa Comparison of specifications: Conformance Question: Given a system design containing a module A which is specified to have properties P A, is it possible to replace this module by a module A’ with properties P A’ ? Answer: Yes, iff P A’ => (implies) P A Then we say that A’ conforms to A In the case of trace semantics: P is of the form: “each trace satisfies C “ A’ conforms to A iff C A’ => C A iff the set of traces of A’ is included in the set of traces of A

14 Synthesis of Communication Systems, August 2002 14 Gregor v. Bochmann, University of Ottawa Overview Overview of problems and approaches Preliminaries: Basic concepts and models Labelled transition systems (LTS) Input-Output Automata (IOA) Communication Finite State Machines (CFSM) Avoiding unspecified receptions Deriving submodule specifications Deriving protocol specifications from service specifications

15 Synthesis of Communication Systems, August 2002 15 Gregor v. Bochmann, University of Ottawa Specification with assumptions and guarantees (A/G) Form of a specification of a component C: If the environment satisfies the assumption A C then the component C will guarantee the property G C Note: For the case that the assumption is not satisfied, the specification does not say anything about the desired behavior This means: the property that must be satisfied by C has the form “A C => G C “

16 Synthesis of Communication Systems, August 2002 16 Gregor v. Bochmann, University of Ottawa Example (an electrical component) Example: Electricity counter (component C) I1: electricity input (assumption: less than 100 Amps, less than 300 Volts) I2: electricity output (guarantee: same current and voltage as at I1) I3: read-out interface (guarantee: the value provided is equal to the energy (i.e. product of current*voltage*time) that passed through the interface I2) specified component component of environment interface E1 E2C I1 I3 I2 component of environment

17 Synthesis of Communication Systems, August 2002 17 Gregor v. Bochmann, University of Ottawa Software example: specification of a procedure Pre- and Post-conditions They define assumptions about input parameters, and guarantees on output parameters, respectively They apply when a software procedure is called

18 Synthesis of Communication Systems, August 2002 18 Gregor v. Bochmann, University of Ottawa Conformance for A/G specifications When does specification A’ conform to specification A ? Iff P A’ => (implies) P A Iff ( A A’ => G A’ ) => ( A A => G A ) Iff ( A A => A A’ ) and ( G A’ => G A )

19 Synthesis of Communication Systems, August 2002 19 Gregor v. Bochmann, University of Ottawa Distinction of input and output Examples In Lotos: A single interaction of a process may have input and output parameters E.g. “open connection” primitive with user password input and session-Id output OO software design: Input and output parameters of a procedures (method) Lotos interactions and a method call may be abstractly modelled as a single transition of an LTS In contrast, the distinction of input and output in IOA is mainly concerned with the question which component controls when an interactions takes place

20 Synthesis of Communication Systems, August 2002 20 Gregor v. Bochmann, University of Ottawa Input/Output Automata Nature of input/output (simultaneous input/output, but not rendezvous) Output: time and parameters of an interaction are determined by the system component producing the output Input: The component receiving the interaction cannot influence the time nor parameter values Specification of component behavior Output: The specification gives guarantees about timing and parameter values Input: The specification may make assumptions about timing of inputs and the received parameter values

21 Synthesis of Communication Systems, August 2002 21 Gregor v. Bochmann, University of Ottawa Example The meaning of A depends on whether a, b, and c are input or output An output may be performed in a state only if such a transition starts in that state If an input arrives in some state and no transition is specified for this input in that state, then the assumption is not satisfied (this situation is called unspecified reception, probably a design error) -- there is no blocking as in the case of LTS a 1 2 b c A Note: Some authors only consider completely specified machines. A non-trivial assumption implies a partially specified state machine

22 Synthesis of Communication Systems, August 2002 22 Gregor v. Bochmann, University of Ottawa Comparing the behavior of IOAs In general for A/G specifications: A specification A’ conforms to a specification A iff ( A A => A A’ ) and ( G A’ => G A ) For IOA, we consider any trace and consider the interactions in the order in which they occur. Assume that an initial trace T of interaction has already been checked, we then consider the next interaction. The following condition must be satisfied: Case of input: If it is allowed for A after the trace T (no unspec. Reception) then idem for A’ Case of output: If it is allowed for A after the trace T then idem for A’ Note: For partially specified deterministic FSMs, this is called quasi-equivalence

23 Synthesis of Communication Systems, August 2002 23 Gregor v. Bochmann, University of Ottawa Overview Overview of problems and approaches Preliminaries: Basic concepts and models Labelled transition systems (LTS) Input-Output Automata (IOA) Communication Finite State Machines (CFSM) Avoiding unspecified receptions Deriving submodule specifications Deriving protocol specifications from service specifications

24 Synthesis of Communication Systems, August 2002 24 Gregor v. Bochmann, University of Ottawa Communicating finite state machines (CFSM) They are like IOAs, except that the generation of output by one machine and the reception by the destination machine are separate events (interactions are queued in unbounded input queues) -a-a 1 2 +b +c A +a+a 1 2 -b -c B Q2 Q1 For this case, intuition tells us: Q1 contains a or is empty Q2 contains c* or c*b

25 Synthesis of Communication Systems, August 2002 25 Gregor v. Bochmann, University of Ottawa Composition for CFSM The state space of the composed system is in general unbounded. It includes the content of the queues. As a result: Many interesting analysis questions are in general undecidable Presence of deadlock Boundedness of communication queues

26 Synthesis of Communication Systems, August 2002 26 Gregor v. Bochmann, University of Ottawa Approaches to analysis Ad hoc proving of properties (e.g. Intuition for example above) Analysis up to some selected maximum queue length Limiting the model: Consider only Mealy machines (i.e. with alternate input and output) Single input will lead to single output or internal looping Never more than one non-processed interaction in the system Externally, apply one input at a time

27 Synthesis of Communication Systems, August 2002 27 Gregor v. Bochmann, University of Ottawa Overview Overview of problems and approaches Preliminaries: Basic concepts and models Labelled transition systems (LTS) Input-Output Automata (IOA) Communication Finite State Machines (CFSM) Avoiding unspecified receptions Deriving submodule specifications Deriving protocol specifications from service specifications

28 Synthesis of Communication Systems, August 2002 28 Gregor v. Bochmann, University of Ottawa Designing communicating systems: An example The same example as above, only the direction of the b interaction is changed -a-a 1 2 -b +c A +a+a 1 2 +b -c B Q2 Q1 Note: When A sends b, many c may still be in A’s input queue. They lead to unspecified receptions in state 1 or will be received in state 2.

29 Synthesis of Communication Systems, August 2002 29 Gregor v. Bochmann, University of Ottawa Another example A and B do jointly either sequence a c (initiated by A) or sequence b e* d (initiated by B) 4 3 1 2 + b - a + c - d - e 4 3 1 2 - b + a - c + d + e AB

30 Synthesis of Communication Systems, August 2002 30 Gregor v. Bochmann, University of Ottawa Reachability analysis (of example) ** : unspecified receptions Note: If one introduces transitions to consume the input and stay in the same state (as the implicit transitions in SDL), then one obtains a deadlock (both machines wait for an input and the queues are empty) 1 -- -- 1 2 a -- 1 1 -- b 3 2 a b 3 -a -b 2 -- -- 2 3 -- -- 3 +a +b etc. ** Interactions in transit from A to B state of A Reachability analysis means building a model of the composition (which may be infinite, because of unlimited queues)

31 Synthesis of Communication Systems, August 2002 31 Gregor v. Bochmann, University of Ottawa A tool for protocol design Zafilropoulos et al. built a tool for interactive protocol design (around 1980) Starting with the initial states of the two machines, the designer adds (one by one) sending transitions to these machines. After each added sending transition, the tool automatically adds corresponding receiving transitions into the peer protocol entity for all states in which the message may be received; thus avoiding all unspecified receptions.

32 Synthesis of Communication Systems, August 2002 32 Gregor v. Bochmann, University of Ottawa A method for protocol design The following method applies when one has the specification of the temporal behavior of one side (in terms of an FSM model) and wants to obtain a communication protocol which synchronizes the other side, as much as possible, with the first one (i.e. when no message is in transit, the two sides should be in corresponding states). For more details see [Goud 84]M. G. Gouda and Y.-T. Yu, Synthesis of communicating Finite State Machines with guaranteed progress, IEEE Trans on Communications, vol. Com-32, No. 7, July 1984, pp. 779-788.

33 Synthesis of Communication Systems, August 2002 33 Gregor v. Bochmann, University of Ottawa Gouda’s design method Given: An FSM A representing the initial behavior of Side A. Construct an FSM B from A by interchanging "sending" with "receiving". If each state of the FSM is either a sending state (the outgoing transitions are all sending) or a receiving state (only receiving transitions), then B is the solution to the problem. All messages sent in a state X will be received by the other side in the same state X. If there is a "mixed" state (with outgoing sending and receiving transitions) then the corresponding state at the other side is also mixed, and when these two states are reached by the two respective protocol entities, it may happen that both take a sending transition (which in general will lead to different corresponding states). This corresponds to a cross-over of messages within the medium, and the message will not be received in the state where they would normally be expected. For each mixed state, one has to make a design choice among the following alternatives:

34 Synthesis of Communication Systems, August 2002 34 Gregor v. Bochmann, University of Ottawa Suite (1) … design choice: the initiative of Side A has priority the initiative of Side B has priority both sides pull back to the respective mixed state and try again (there is the possibility of live-lock, which can be avoided by choosing random time delays before retries) Example: 4 3 1 2 + b - a + c - d - e 4 3 1 2 - b + a - c + d + e Side A (initial version) Side B (initial version)

35 Synthesis of Communication Systems, August 2002 35 Gregor v. Bochmann, University of Ottawa Suite (2) State 1 is a mixed state If we give priority to Side A for this state, we should add the missing receptions which are required for the case of message cross-over in such a manner that Side A remains in the state in which it is and the other side goes into the same corresponding state (which is state 2 in this case). We obtain the following solution: Side A (final version) Side B (final version) 4 3 1 2 + b - a + c - d - e + b 4 3 1 2 - b + a - c + d + e + a

36 Synthesis of Communication Systems, August 2002 36 Gregor v. Bochmann, University of Ottawa Overview Overview of problems and approaches Preliminaries: Basic concepts and models Labelled transition systems (LTS) Input-Output Automata (IOA) Communication Finite State Machines (CFSM) Avoiding unspecified receptions Deriving submodule specifications Deriving protocol specifications from service specifications

37 Synthesis of Communication Systems, August 2002 37 Gregor v. Bochmann, University of Ottawa Equation solving: Integer division Multiplication: R 1 * R 2 = ? Equation solving: R 1 * X = R 3 What is the value of X ? Solution: definition of the division operation Written “ X = R 3 / R 1 ” What does it mean ? X = biggest Y such that R 1 * X ≤ R 3 Note: in many cases, there is no exact solution, that is, there is no X such that R 1 * X = R 3 For instance: 7 / 3 = 2, and 3 * 2 = 6 ≤ 7

38 Synthesis of Communication Systems, August 2002 38 Gregor v. Bochmann, University of Ottawa Context of this talk Multiplication  Machine composition Division  Submodule construction (“equation solving”) Example: R1R1 X R3R3 a1a1 a2a2 a3a3 R1R1 ? a1a1 a2a2 a3a3 R2R2

39 Synthesis of Communication Systems, August 2002 39 Gregor v. Bochmann, University of Ottawa Overview of this section Machine composition and equation solving Applications Solution formulas A generalization: Relational databases The cases of synchronous finite state machines and labelled transition systems The case of specifications based on assumptions and guarantees: e.g. IO-Automata and asynchronous finite state machines Conclusions

40 Synthesis of Communication Systems, August 2002 40 Gregor v. Bochmann, University of Ottawa Machine composition: concepts Port (where interactions take place) Machine structure (has a number of ports) Machine behavior (determines the order of interactions) Interface (where ports of different machines are interconnected) Skip

41 Synthesis of Communication Systems, August 2002 41 Gregor v. Bochmann, University of Ottawa Basic operations on machines Composition of several machines (interconnection structure) All unconnected ports and internal interfaces are visible ports of the composition The constraints on execution order defined by the dynamic behavior of all interconnected machines will be satisfied by the composition Hiding (abstraction): hiding the interactions taking place at one or several ports [some recent work on generalizing and formalizing these concepts] Skip

42 Synthesis of Communication Systems, August 2002 42 Gregor v. Bochmann, University of Ottawa Equation solving for machines Given machine R 1 and specification R 3 for the behavior of the composition of R 1 with X, find a behavior of machine X such that hide a3 in (R 1 ∞ X) ≤ R 3 Meaning of ≤ : set inclusion of possible execution sequences (“traces”, i.e. sequences of interactions ), also called trace inclusion R1R1 X R3R3 a1a1 a2a2 a3a3

43 Synthesis of Communication Systems, August 2002 43 Gregor v. Bochmann, University of Ottawa Applications of machine equation solving Communication protocols Protocol design (Merlin-Bochmann, 1980) Design of communication gateways Controller design for discrete event systems Component reuse, e.g. in software engineering

44 Synthesis of Communication Systems, August 2002 44 Gregor v. Bochmann, University of Ottawa Communication protocol design Protocol entities PE 1 and PE 2 use the underlying service S and provide the service R 3 to the users of the protocol PE 1 and S are given PE 2 is to be found R 1 corresponds to (PE 1 ∞ S) PE 1 R3R3 a1a1 a2a2 S PE 2 R1R1 X R3R3 a1a1 a2a2 a3a3

45 Synthesis of Communication Systems, August 2002 45 Gregor v. Bochmann, University of Ottawa Communication gateways Given desired end-to-end communication service E2E Protocols in the two networks (different) To be found: gateway behavior (shown by red box) PE 1 R3R3 a1a1 a2a2 S PE 2 PE’ 1 R’3R’3 a1a1 a2a2 S’ PE’ 2 adapter E2E

46 Synthesis of Communication Systems, August 2002 46 Gregor v. Bochmann, University of Ottawa Controller design Applications in process control, robotics, etc. Also called “Discrete event systems” (a separate research community, e.g. [Ramage-Wonham, 1989] and many subsequent papers) Distinction between non-controllable and controllable interactions (like input/output) System to be controlled Controller Desired properties a1a1 a2a2 a3a3

47 Synthesis of Communication Systems, August 2002 47 Gregor v. Bochmann, University of Ottawa Component reuse A given submodule does not completely correspond to the specification of the system to be built An additional submodule to be built (and designed throught equation solving) makes up the “difference” Submodule to be re-used New subm. to be built Module to be built a1a1 a2a2 a3a3

48 Synthesis of Communication Systems, August 2002 48 Gregor v. Bochmann, University of Ottawa Equation solving for labelled transition systems Rendezvous interactions a 3 : between R 1 and X a 2 : between R 1 and environment a 1 : between X and environment Behavior definition set of allowed execution sequences e.g. for X: execution sequences over interactions at a 3 or a 1 Chaos [term introduced by Hoare in CSP] all execution sequences over an alphabet e.g. over alphabet of X: written Ch[{a 1, a 3 }] R1R1 X R3R3 a1a1 a2a2 a3a3

49 Synthesis of Communication Systems, August 2002 49 Gregor v. Bochmann, University of Ottawa The problem and its solution Problem: Find most general X (largest set of execution sequences) such that hide a 3 in (R 1 ∞ X) ≤ R 3 Solution: X = Ch[{a 1, a 3 }] \ (minus) any sequence that could lead to an observable execution sequence not in R 3, i.e. hide a 2 in (R 1 ∞ (Ch[{a 1, a 2 }] \ R 3 ) ) R1R1 X R3R3 a1a1 a2a2 a3a3 R1R1 X R3R3 a1a1 a2a2 a3a3

50 Synthesis of Communication Systems, August 2002 50 Gregor v. Bochmann, University of Ottawa A comment Since all execution sequences of X must go in interaction with R 1 and R 3, we may replace the chaos for X with all sequences that are obtained by the composition of R 1 and R 3, that is [Merlin and Bochmann, 1980] Solution: X = hide a 2 in (R 1 ∞ R 3 ) \ (minus) hide a 2 in (R 1 ∞ (Ch[{a 1, a 2 }] \ R 3 ) ) R1R1 X R3R3 a1a1 a2a2 a3a3 R1R1 X R3R3 a1a1 a2a2 a3a3

51 Synthesis of Communication Systems, August 2002 51 Gregor v. Bochmann, University of Ottawa An example alpha 2 = {a, b}, alpha 1 = , alpha 3 = {c, d} R 3 = {ab}**, R 1 = {acb, adb, ada}** Notation: W** = set of all prefixes of the strings in the set W, e.g. {ab, ac}** = { , a, ab, ac} Solution: X = hide a 2 in (R 1 ∞ R 3 ) \ (minus) hide a 2 in (R 1 ∞ (Ch[{a 1, a 2 }] \ R 3 ) ) R 1 ∞ R 3 = {acb, adb}** hide a 2 in (R 1 ∞ R 3 ) = { , c, d} (Ch[{a 1, a 2 }] \ R 3 ) = {b, bx, aa, aax, abx} where x represents any non- empty sequence over the alphabet {a, b} R 1 ∞ (Ch[{a 1, a 2 }] \ R 3 ) = {ada} hide a 2 in (R 1 ∞ (Ch[{a 1, a 2 }] \ R 3 ) ) = {d} X = { , c} R1R1 X R3R3 a1a1 a2a2 a3a3

52 Synthesis of Communication Systems, August 2002 52 Gregor v. Bochmann, University of Ottawa Equation solving for synchronous automata Synchronous communication Simultaneous interactions at all interfaces; at each clock pulse, there is a vector of interactions Behavior definition set of allowed sequences of interaction vectors e.g. for X: the interaction vectors include interactions at a 3 and a 1 R1R1 X R3R3 a1a1 a2a2 a3a3

53 Synthesis of Communication Systems, August 2002 53 Gregor v. Bochmann, University of Ottawa Solution of equation solving Identical form of formulas Meaning of operators have changed ∞ : synchronous composition hide operator ignores a component of the vector [Yevtushenko et al., 1999]

54 Synthesis of Communication Systems, August 2002 54 Gregor v. Bochmann, University of Ottawa Relational database (intro) A DB is a set of relations A relation is a table Each column is an attribute Each row is an “object” An element at position (a i, o k ) in the table represents the value that object o k takes for attribute a i With each attribute a i is associated a set of possible values D i

55 Synthesis of Communication Systems, August 2002 55 Gregor v. Bochmann, University of Ottawa Relational database concepts Formal definitions: Attributes: A = {a 1, a 2, … a n } Attribute values: D = U D i Relation over A r (A r  A), written R[A r ]: (possibly infinite) set of mappings T: A r  D with T( a i ) ε D i Note: each mapping corresponds to a row

56 Synthesis of Communication Systems, August 2002 56 Gregor v. Bochmann, University of Ottawa Example NameAgeSalary Fred5350000 Paul5060000 Alice2140000 Suzanne3550000 Bob2030000 NameProject FredBigOne AliceBigOne FredSmallOne SuzanneSmallOne R1 R2

57 Synthesis of Communication Systems, August 2002 57 Gregor v. Bochmann, University of Ottawa Relational operators Projection Given R[A r ] and A x  A r, the projection of R[A r ] onto A x, written proj Ax (R), is a relation over A x with T ε proj Ax (R) iff exists T’ ε R s.t.  a i ε A x : T(a i ) = T’(a i ) Join Given R 1 [A 1 ] and R 2 [A 2 ], the join of R 1 and R 2, written R 1 ∞ R 2, is a relation over A 1 U A 2 with T ε (R 1 ∞ R 2 ) iff proj A1 (T) ε R 1 and proj A2 (T) ε R 2 Chaos Given A x  A, the chaos over A x, written Ch[A x ], is the relation which includes all mappings T: A x  D with T( a i ) ε D i

58 Synthesis of Communication Systems, August 2002 58 Gregor v. Bochmann, University of Ottawa Example Proj {Project} (R2) = R1 ∞ R2 = NameAgeSalary Fred5350000 Paul5060000 Alice2140000 Suzanne3550000 Bob2030000 NameProject FredBigOne AliceBigOne FredSmallOne SuzanneSmallOne R1 R2 Project BigOne SmallOne NameAgeSalaryProject Fred5350000BigOne Fred5350000SmallOne Alice2140000BigOne Suzanne3550000SmallOne

59 Synthesis of Communication Systems, August 2002 59 Gregor v. Bochmann, University of Ottawa Equation solving for relational databases We consider Three attributes a 1, a 2, a 3 Two relations R 1 [{a 3, a 2 }], R 3 [{a 1, a 2 }] Problem: What is the biggest relation X [{a 1, a 3 }] satisfying proj {a1, a2 } (R 1 ∞ X)  R 3 Solution: X = Ch[{a 1, a 3 }] \ proj {a1, a3 } (R 1 ∞ (Ch[{a 1, a 2 }] \ R 3 ) ) Proof: not difficult Greneralization to more complex attribute structures is also easy R1R1 X R3R3 a1a1 a2a2 a3a3

60 Synthesis of Communication Systems, August 2002 60 Gregor v. Bochmann, University of Ottawa D 1 = {  } D 2 = {aa, ab, ba, bb} D 3 = {c, d} X = Ch[{a 1, a 3 }] \ proj {a1, a3 } (R 1 ∞ (Ch[{a 1, a 2 }] \ R 3 ) ) An example R1R1 X R3R3 a1a1 a2a2 a3a3 a1a1 a2a2  ab R3R3 R1R1 a2a2 a3a3 c d aad a1a1 a3a3  c  d Ch[{a 1, a 3 }] a1a1 a2a2  aa  ba  bb Ch[{a 1, a 2 }] \ R 3 ) R 1 ∞ (Ch[{a 1, a 2 }] \ R 3 ) a1a1 a2a2 a3a3  aad a1a1 a3a3  c X

61 Synthesis of Communication Systems, August 2002 61 Gregor v. Bochmann, University of Ottawa A special case: Trace specifications Attributes  Interfaces D i = I i * that is, all finite sequences of elements of I i, the possible interactions at the interface a i (the “alphabet” at interface a i ) Machine behavior  Relation Each row (DB object) represents a possible execution history (“trace”) ; the value for each attribute describes the interaction sequence occurring at the corresponding interface during that trace Synchrony constraint: The interaction sequences at the different interfaces for a given trace are of equal length

62 Synthesis of Communication Systems, August 2002 62 Gregor v. Bochmann, University of Ottawa Two sub-cases: - synchronous operation (as above) - interleaving semantics (below) Attributes  Interfaces D i = (I i U {null} ) * (as synchronous case, except that there is a real interaction at only one interface at a time; “interleaving semantics” ) Machine behavior  Relation As in synchronous case, except that the “interleaving constraint” is satisfied for all mappings of a relation, that is, for any j, the j-th element of T(a i ) is non-null for at most one attribute a i

63 Synthesis of Communication Systems, August 2002 63 Gregor v. Bochmann, University of Ottawa Algorithms for equation solving Solution: X = Ch[{a 1, a 3 }] \ proj {a1, a3 } (R 1 ∞ (Ch[{a 1, a 2 }] \ R 3 ) ) Algorithms for operations ∞, \, proj In general not possible (infinite sets of mappings) For finite state models : Polynomial complexity for ∞, proj proj introduces non-determinism \ requires conversion to deterministic models, which has exponential complexity [Independently developed algorithms for LTS and synchronous machines are described in the references]

64 Synthesis of Communication Systems, August 2002 64 Gregor v. Bochmann, University of Ottawa Systems with input and output Nature of input/output (non-rendezvous) Output: time and parameters of an interaction are determined by the system component producing the output Input: The component receiving the interaction cannot influence the time nor parameter values Specification of component behavior Output: The specification gives guarantees about timing and parameter values Input: The specification may make assumptions about timing of inputs and the received parameter values Skip

65 Synthesis of Communication Systems, August 2002 65 Gregor v. Bochmann, University of Ottawa Specification paradigms with hypothesis and guarantees Pre- and Post-conditions (software) They define hypotheses on input parameters, and guarantees on output parameters, respectively apply when a software procedure is called Finite state machines (state-deterministic) Unspecified input: hypothesis about the behavior of the environment: this input will not occur when the machine is in this state Nondeterministic output: don’t care Skip

66 Synthesis of Communication Systems, August 2002 66 Gregor v. Bochmann, University of Ottawa Component specification and interconnection Each attribute of a relation is either input or output Constraint on component interconnection No output conflicts: For each interface, there is only one connected component for which the corresponding attribute is output For trace specifications: Unit delay constraint Output(s) at time t depend only on previous interactions of the same component (not on the input received at time t) [e.g. Broy, Lamport]

67 Synthesis of Communication Systems, August 2002 67 Gregor v. Bochmann, University of Ottawa Conformance to specifications Given a specification R and a trace T 1. Either T  R (we say T conforms to R) or … 2. T has wrong input: all prefixes of T up some time t conform to R, but there is wrong input at time (t+1) 3. T has wrong output: similarly 4. T has wrong input and output at the same time instant A component conforms to a specification R iff no trace T in which the component participates has wrong output in respect to R (cases 3 and 4 are excluded) Note: if a trace has wrong input, nothing can be assumed about wrong output at a later time instance Skip

68 Synthesis of Communication Systems, August 2002 68 Gregor v. Bochmann, University of Ottawa Equation solving for trace specifications with input/output Find most general specification X such that any trace T of the composition of R 1 and X has the following properties: proj {a1, a2} (T) conforms to R 3 If proj {a1, a2} (T) has no wrong input in respect to R 3 then proj {a2, a3} (T) has no wrong input in resp. to R 1 R1R1 X R3R3 a1a1 a2a2 a3a3

69 Synthesis of Communication Systems, August 2002 69 Gregor v. Bochmann, University of Ottawa Solution formula Notation: R WO(t) = set of traces that have wrong output in respect to R at time instant t R WI(t) : similarly for wrong input U t : union over all values of t Solution: X = Ch[{a 1, a 3 }] \ proj {a1, a3 } U t ( R 1 ∞ R 3 WO(t) U R 1 WI(t) ∞ R 3 U R 1 WI(t) ∞ R 3 WO(t) )

70 Synthesis of Communication Systems, August 2002 70 Gregor v. Bochmann, University of Ottawa Solution algorithms for I/O Interleaving semantics Simplification: Never wrong input and output at the same time instant IO-Automata Jawad Drissi (PhD thesis) Communicating FSMs Yevtushenko and Petrenko Synchronous FSMs Can be easily derived from above formula

71 Synthesis of Communication Systems, August 2002 71 Gregor v. Bochmann, University of Ottawa Extensions of the specification formalisms More powerful specification languages Petri nets, CSP, LOTOS, etc. Finer conformance relations Safeness (no wrong interaction) Trace inclusion (as discussed here) Liveness - progress (some good interaction will occur) Liveness [Thistle] Absense of blockings [Tao, PhD thesis] Optional and required progress [Drissi, PhD thesis] Real-time aspects Timed automata [Grenoble; work on DES; Drissi, PhD thesis]

72 Synthesis of Communication Systems, August 2002 72 Gregor v. Bochmann, University of Ottawa Overview Overview of problems and approaches Preliminaries: Basic concepts and models Labelled transition systems (LTS) Input-Output Automata (IOA) Communication Finite State Machines (CFSM) Avoiding unspecified receptions Deriving submodule specifications Deriving protocol specifications from service specifications

73 Synthesis of Communication Systems, August 2002 73 Gregor v. Bochmann, University of Ottawa Deriving a protocol specification from a given service specification: An example a 1 2 b c service A (as above) A b, c a behavior architecture A b, c a architecture with protocol entities: b, c a service access points at two different sites: S1, S2 View of service A as an activity diagram (with two swim lanes): a c b S1 S2 S1 E1 E2 Question: What should be the behavior of E1 and E2 ?

74 Synthesis of Communication Systems, August 2002 74 Gregor v. Bochmann, University of Ottawa Solution for the example a 1 2 b c A a 1 1’ E1 1 2 c E2 Send(2,x) 2 Receive (2,y) Receive (1,x) 2’ b Send(1,y) b, c a E1 E2 A b, c a S1 S2 Service Protocol

75 Synthesis of Communication Systems, August 2002 75 Gregor v. Bochmann, University of Ottawa Basic ideas Sequential execution: e.g. a (1) ; b (2) becomes in E1: a (1) ; send(2, x) in E2: receive(1,x); b (2) Independen parallelism: no problem Alternatives: no problem if first actions of all alternatives are at the same site Otherwise: Protocol for distributed choice required e.g. logical token ring among all sites involved Example: Additional info: About present state About calling stack A c a, b S1 S2 Who makes the decision between c and b ? (when b and c are input, or when c is output)

76 Synthesis of Communication Systems, August 2002 76 Gregor v. Bochmann, University of Ottawa Further possibilities (a) More powerful languages for specifying services and protocols LOTOS (includes recursive process calls; difficulty with [> operator) Petri nets (restricted classes) With Registers Colored Petri nets (includes token parameters; each transition has constraints on input token parameters and functions evaluating parameters of output tokens)

77 Synthesis of Communication Systems, August 2002 77 Gregor v. Bochmann, University of Ottawa Further possibilities (b) Optimizations and implementation issues Optimizing the number of messages for synchronization and parameter passing Optimizing the localisation of registers Re-design (after revisions of the service specification) Implementation of the send and receive primitives, including data parameters: Message encoding: XML, CORBA or ?? Underlying communication service: TCP, HTTP, CORBA, Java RMI or ?? Identification of parties (sites) involved

78 Synthesis of Communication Systems, August 2002 78 Gregor v. Bochmann, University of Ottawa Overview Overview of problems and approaches Preliminaries: Basic concepts and models Labelled transition systems (LTS) Input-Output Automata (IOA) Communication Finite State Machines (CFSM) Avoiding unspecified receptions Deriving submodule specifications Deriving protocol specifications from service specifications References and additional readings

79 Synthesis of Communication Systems, August 2002 79 Gregor v. Bochmann, University of Ottawa Additional readings Note: This fall, I will give a graduate course at the University of Ottawa which will cover these and other topics in more depth (see www.site.uottawa.ca/~bochmann/) Preliminaries : Basic concepts and models See course notes mentioned above Avoiding unspecified receptions [Zafi 80] P. Zafiropulo, C. H. West, H. Rudin and D. D. Cowan, Towards analyzing and synthesizing protocols, IEEE Tr. Comm. COM-28, 4 (April 1980), pp. 651-660. [Goud 84] M. G. Gouda and Y.-T. Yu, Synthesis of communicating Finite State Machines with guaranteed progress, IEEE Trans on Communications, vol. Com-32, No. 7, July 1984, pp. 779-788. Deriving submodule specifications [Boch 80d] G. v. Bochmann and P. M. Merlin, On the construction of communication protocols, ICCC, 1980, pp.371-378, reprinted in "Communication Protocol Modeling", edited by C. Sunshine, Artech House Publ., 1981; russian translation: Problems of Intern. Center for Science and Techn. Information, Moscow, 1981, no. 2, pp. 146-155. [Merl 83] P. Merlin and G. v. Bochmann, On the Construction of Submodule Specifications and Communication Protocols, ACM Trans. on Programming Languages and Systems, Vol. 5, No. 1 (Jan. 1983), pp. 1-25.

80 Synthesis of Communication Systems, August 2002 80 Gregor v. Bochmann, University of Ottawa Additional readings (ii) [Boch 01b] G. v. Bochmann, Submodule construction and supervisory control: a generalization, in Proc. of Int. Conf. on Implementation and Applications of Automata (invited paper), to be published as Springer Lecture Notes. G. v. Bochmann, paper to be published at FORTE 2002 [Dris 99a] J. Drissi and G. v. Bochmann, Submodule construction tool, in Proc. Int. Conf. on Computational Intelligence for Modelling, Control and Automation, Vienne, Febr. 1999, (M. Mohammadian, Ed.), IOS Press, pp. 319-324. [Dris 99b] J. Drissi and G. v. Bochmann, Submodule construction for systems of I/O automata, submitted for publication. Deriving protocol specifications from service specifications [Boch 86g] G. v. Bochmann and R. Gotzhein, Deriving protocol specifications from service specifications, Proc. ACM SIGCOMM Symposium, 1986, pp. 148-156. [Gotz 90] R. Gotzhein and G. v. Bochmann, Deriving protocol specifications from service specifications including parameters, ACM Transactions on Computer Systems, Vol.8, No.4, 1990, pp.255-283. [Prob 91a] R. Probert and K. Saleh, Synthesis of communication protocols: survey and assessment, IEEE Tr. on Computers, Vol. 40, 4 (April 1991), pp. 468-476. [Kant 96a] C. Kant, T. Higashino and G. v. Bochmann, Deriving protocol specifications from service specifications written in LOTOS, Distributed Computing, Vol. 10, No. 1, 1996, pp.29- 47. [Yama 01a] H. Yamaguchi, K. El-Fakih, G. v. Bochmann and T. Higashino, Protocol re- synthesis with optimal allocation of resources based on extended Petri nets, to be published in Distributed Computing.

81 Synthesis of Communication Systems, August 2002 81 Gregor v. Bochmann, University of Ottawa Annex Some figures from [Yama 01a] H. Yamaguchi, K. El-Fakih, G. v. Bochmann and T. Higashino, Protocol re-synthesis with optimal allocation of resources based on extended Petri nets, to be published in Distributed Computing.

82 Synthesis of Communication Systems, August 2002 82 Gregor v. Bochmann, University of Ottawa Extended Petri nets

83 Synthesis of Communication Systems, August 2002 83 Gregor v. Bochmann, University of Ottawa Service and corresponding protocol

84 Synthesis of Communication Systems, August 2002 84 Gregor v. Bochmann, University of Ottawa Message optimization

85 Synthesis of Communication Systems, August 2002 85 Gregor v. Bochmann, University of Ottawa Example of re-synthesis

86 Synthesis of Communication Systems, August 2002 86 Gregor v. Bochmann, University of Ottawa A realistic example: SE process

Download ppt "Synthesis of Communication Systems, August 2002 1 Gregor v. Bochmann, University of Ottawa Synthesis of communication systems Gregor v. Bochmann School."

Similar presentations

Copyright 1999, 2003 G.v. Bochmann CN-FM ch.2 1 Course Notes on Formal Methods for the Development of Distributed Real-Time Applications Gregor v. Bochmann.

Copyright 1999, 2003 G.v. Bochmann CN-FM ch.2 1 Course Notes on Formal Methods for the Development of Distributed Real-Time Applications Gregor v. Bochmann.
Copyright 1999 G.v. Bochmann ELG 7186B ch.2 1 Specifications with assumptions and guarantees (in general) extracts from course notes for ELG7186B in 1999.

Copyright 1999 G.v. Bochmann ELG 7186B ch.2 1 Specifications with assumptions and guarantees (in general) extracts from course notes for ELG7186B in 1999.
Lecture 24 MAS 714 Hartmut Klauck

Lecture 24 MAS 714 Hartmut Klauck
Inference of progress properties for (multi party) sessions Mario Coppo (Universita’ di Torino) joint work with Mariangiola Dezani, Nobuko Yoshida Lisbon,

Inference of progress properties for (multi party) sessions Mario Coppo (Universita’ di Torino) joint work with Mariangiola Dezani, Nobuko Yoshida Lisbon,
C O N T E X T - F R E E LANGUAGES ( use a grammar to describe a language) 1.

C O N T E X T - F R E E LANGUAGES ( use a grammar to describe a language) 1.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Giving a formal meaning to “Specialization” In these note we try to give a formal meaning to specifications, implementations, their comparisons. We define.

Giving a formal meaning to “Specialization” In these note we try to give a formal meaning to specifications, implementations, their comparisons. We define.
Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str. 546 24 Thessaloniki Greece.

Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str Thessaloniki Greece.
Timed Automata.

Timed Automata.
Network Protocols Dr. Eng Amr T. Abdel-Hamid NETW 703 Winter 2006 Finite State Machines (FSMs)

Network Protocols Dr. Eng Amr T. Abdel-Hamid NETW 703 Winter 2006 Finite State Machines (FSMs)
CMPT 354, Simon Fraser University, Fall 2008, Martin Ester 52 Database Systems I Relational Algebra.

CMPT 354, Simon Fraser University, Fall 2008, Martin Ester 52 Database Systems I Relational Algebra.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
Introduction to Computability Theory

Introduction to Computability Theory
Ordering and Consistent Cuts Presented By Biswanath Panda.

Ordering and Consistent Cuts Presented By Biswanath Panda.
Languages. A Language is set of finite length strings on the symbol set i.e. a subset of (a b c a c d f g g g) At this point, we don’t care how the language.

Languages. A Language is set of finite length strings on the symbol set i.e. a subset of (a b c a c d f g g g) At this point, we don’t care how the language.
61 Nondeterminism and Nodeterministic Automata. 62 The computational machine models that we learned in the class are deterministic in the sense that the.

61 Nondeterminism and Nodeterministic Automata. 62 The computational machine models that we learned in the class are deterministic in the sense that the.
Equivalence, DFA, NDFA Sequential Machine Theory Prof. K. J. Hintz Department of Electrical and Computer Engineering Lecture 2 Updated and modified by.

Equivalence, DFA, NDFA Sequential Machine Theory Prof. K. J. Hintz Department of Electrical and Computer Engineering Lecture 2 Updated and modified by.
Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.

Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.
Validating Streaming XML Documents Luc Segoufin & Victor Vianu Presented by Harel Paz.

Validating Streaming XML Documents Luc Segoufin & Victor Vianu Presented by Harel Paz.
Bridging the gap between Interaction- and Process-Oriented Choreographies Talk by Ivan Lanese Joint work with Claudio Guidi, Fabrizio Montesi and Gianluigi.

Bridging the gap between Interaction- and Process-Oriented Choreographies Talk by Ivan Lanese Joint work with Claudio Guidi, Fabrizio Montesi and Gianluigi.

Similar presentations

Ads by Google