Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Topics in Software Engineering Marjan Sirjani Tehran University Faculty of Engineering ECE Department Tehran, 1383-1384.

Published byAmie Ward Modified over 9 years ago

Similar presentations

Presentation on theme: "Advanced Topics in Software Engineering Marjan Sirjani Tehran University Faculty of Engineering ECE Department Tehran, 1383-1384."— Presentation transcript:

1 Advanced Topics in Software Engineering Marjan Sirjani Tehran University Faculty of Engineering ECE Department Tehran, 1383-1384

2 2 Subjects to be covered Modeling concurrency Formal verification methods Transition systems Petri Nets Process Algebra Actor Model Rebeca: an actor-based model Reo: a coordination language Constraint automata

3 3 Models of concurrency The Temporal Logic of Reactive and Concurrent Systems (Specification), Z. Manna, A. Pnueli, Springer-Verlag, 1992 Part one: Models of Concurrency Process algebra Communicating Sequential Processes C.A.R. Hoare, 2004

4 4 Actors Actors: a Unifying Model for Parallel and Distributed Computing, Agha G., Kim W., Open Systems Laboratory, 1998. Rebeca Modeling and Verification of Reactive Systems using Rebeca, Sirjani M., Movaghar A, Shali A., and de Boer F., Fundamenta Informaticae, Dec. 2004

5 5 Coordination languages Reo: A Channel-based Coordination Model for Component Composition, F. Arbab, Mathematical Structures in Computer Science, 2004 Modeling Component Connectors in Reo by Constraint Automata, F. Arbab, C. Baier, J.J.M.M. Rutten and M. Sirjani, in Proceedings of FOCLASA'03, Marseille, France, September 2003, ENTCS, Elsevier Science.

6 6 Overview Concurrent and Reactive Systems Formal methods Modeling language Process algebra, Petri nets, Actor languages Specification language Temporal logic, Automata Analysis Theorem proving, Model checking

7 7 Models of Concurrency Manna, chapter 1,2

8 8 Chapter 1 1.1 The Generic Model 1.2 Model 1: Transition Diagrams 1.3 Model 2: Shared-Variables Text 1.4 Semantics of Shared-Variables Text 1.5 Structural Relations Between Statements 1.6 Behavioral Equivalence 1.7 Grouped Statements 1.8 Semaphore Statements 1.9 Region Statements 1.10 Model 3: Message-Passing Text 1.11 Model 4: Petri-Nets

9 9 Chapter 1- Basic Models Programs and systems they control Transformational Reactive

10 10 Transformational program More conventional Produce final result at the end of a terminating computation A function from an initial state to a final state Appropriately specified by properly characterizing the relation between initial and final states: predicate logic

11 11 Reactive program Not to produce a final result but to maintain some ongoing interaction with its environment

12 12 Reactivity and Concurrency Program and its environment act concurrently in transformational case, they act sequentially When we have parallel processes, even if the whole program has a transformational role, it should be analyzed as a reactive system.

13 13 Reactive systems Communication Coordination

14 14 Communication Shared variables Message passing Remote procedure calls

15 15 Coordination Semaphores Critical regions Monitors Handshaking Rendezvous Asynchronous transmission

16 16 The Generic Model V – Vocabulary E – Expressions A – Assertions I - Interpretations

17 17 V – Vocabulary A countable set of typed variables. Data variables Range over data domains used in programs, such as booleans, integers, or lists. Control variables Indicate progress in the execution of a program, range over locations in the program.

18 18 E – Expressions Expressions are constructed from the variables of V and constants (such as 0,  (empty list),  (empty set) ) to which functions (such as +,,  ) and predicates (such as >, null, and  ) over the appropriate domains (such as integers, lists, and sets) are applied. x+3y hd(u) tl(v) A  B

19 19 A – Assertions Assertions are constructed out of boolean expressions using boolean connectives and quantification( ,  ) over some variables that appear in the expressions.

20 20 I – Interpretation An interpretation I  I of a set of typed variables V  V is a mapping that assigns to each variable y  V a value I[y] in the domain of y. If I[  ]=T, we say I satisfies  : I |= 

21 21 Basic Transition System A basic transition system ( , , ,  ), intended to represent a reactive program.  ={u 1,…,u 2 }  V – a finite set of flexible state variables.  - a set of states.  - a finite set of transitions.  - an initial condition.

22 22  ={u 1,…,u 2 }  V – a finite set of flexible state variables. Data variables Explicitly declared and manipulated Control variables Represent progress in the execution of the program (label of a statement)

23 23  - a set of states. Each state s in  is an interpretation of , assigning to each variable u in  a value over its domain, denoted by s[u]. A state s that satisfies an assertion , i.e., s |= , is sometimes referred to as  –state.

24 24  - a finite set of transitions. Each transition  in T represents a state-transforming action of the system and is defined as a function  :   2  that maps a state s in  into the (possibly empty) set of states  (s) that can be obtained by applying action  to state s.

25 25  - an initial condition. This assertion characterizes the states at which execution of the program can begin. A state s that satisfies , i.e., s |= , is called an initial state.

26 26 The Transition Relation   Each transition  is characterized by an assertion, called the transition relation   ( ,  ’)   ( ,  ’): C  (  )  (y’ 1 =e 1 )  …  (y’ k =e k ) Enabling condition: C  (  ) Conjunction of modification statements

27 27 Enabled and disabled transitions Idling and diligent transitions Computation: infinite sequence of steps Computation prefix Reachable states

28 28 Concrete models Model 1: Transition Diagram Model 2: Shared-Variables text Model 3: Message-Passing text Model 4: Petri Nets

29 29 Model 1 : Transition diagrams Program P, and processes P i P::[declaration][P 1 || P 2 … ||P m ] m>=1 Data variables Y={y 1, …, y n } n>=1 Shared for all the processes

30 30 Declarations At the head of the program Modes, Types, Initial conditions mode var, …,var: type where  i Mode: in, local, out Types: basic (int,char), structured (array, list, set) Assertion  i, imposes constraint on the values of some of the variables in this statement

31 31 in k,n :integer where 0  k  n local y 1,y 2 : integer where y 1 =n  y 2 =1 out b : integer where b=1 Data precondition of the program   i  : 0  k  n  y 1 =n  y 2 =1  b=1

32 32 Processes Each process P i is represented by a transition diagram (directed graph) Nodes: locations For P i : L i ={l i 0, l i 1, …, l i ti } Entry and exit locations Edges: (atomic) instructions Guarded assignment c  [(y 1, …):=(e 1, …)] State of a program: Control variables (  i current location of control in P i )+ data variables

33 33 Diagrams as Basic Transition Systems State variables States Transition Initial condition

34 34 State variables All the data and control variables  = {  1, …,  m, y 1, …, y n } States All the possible interpretations that assign to the state variables values over their respective domains. Domain of control variable  I is the set of locations L i

35 35 Transition Idling transition  I is defined by transition relation  I : T Diligent transitions: labeled edges that appear within the processes.

36 36 l l’ C  [y i := e i ]   is the edge.   : (  i =l)  c  (  ’ i =l’)  (y i =e i )

37 37 Initial condition Program P: [dcl where  ][P 1 || … || P m ] Initial condition  :   /\ i=1 m (  i = l o i ) A process is enabled, or disabled on a state.

38 38 Example: Binomial coefficient ( n k ) = (n(n-1)…(n-k+1)) / (1.2….k)

39 39 Representing Concurrency by Interleaving X=0,Y=0 X:=1 Y:=1 X:=1 Y:=1 Program A Program B Process P1Process P2

40 40 Scheduling The choice of the enabled transition to be executed next. A sequence of choices that leads to a complete computation is called a schedule.

41 41 A short review

42 42 Chapter 1 1.1 The Generic Model 1.2 Model 1: Transition Diagrams 1.3 Model 2: Shared-Variables Text 1.4 Semantics of Shared-Variables Text 1.5 Structural Relations Between Statements 1.6 Behavioral Equivalence 1.7 Grouped Statements 1.8 Semaphore Statements 1.9 Region Statements 1.10 Model 3: Message-Passing Text 1.11 Model 4: Petri-Nets

43 43 Model 2: shared-variable text In transition diagram representation of shared-variables programs We only have guarded assignment We need structured constructs to allow hierarchical programs  readability, modifiability, analysis

44 44 Shared-variable text language Basic (simple) statements Grouped statements (atomic execution) Synchronization statements Semaphore Region statement

45 45 Simple statements Basic steps, atomic Skip: a trivial do-nothing statement skip Assignment: for ŷ a list of variables and ē a list of expressions of the same length and corresponding types. ŷ:=ē Await: for c a boolean expression await c

46 46 await c c is the guard Wait until c becomes true, and then terminates. What happens if in a sequential program we have an await ?

47 47 In which states is await c enabled? What about skip and assignment statements?

48 48 Compound statements A controlling frame applied to one or more simpler statements (body). May require several computation steps. Conditional (if then else) Concatenation (sequential composition) Selection (non-deterministic choice) Cooperation (parallel composition) While (while do) Block (a block with local dcls, like in Algol)

49 49 Conditional If c then S1 else S2 Step1: evaluate c Step 2: execute one of statements What is the difference between conditional statement and await (await c)?

50 50 Concatenation S1;S2 Step 1: first step of S1 Subsequent steps: rest of S1 and then S2 Multiple concatenation statement S S1;S2; …;Sn Si children of S

51 51 We define Concatenation await c;S as when c do S as an abbreviation.

52 52 Selection S1 or S2 Step 1: first step of one of S1 or S2 which is enabled. Subsequent steps: the rest of the selected statement. What if S1 and S2 are both enabled? Non-deterministic choice What if none is enabled? The statement is disabled

53 53 Multiple selection statement S1 or S2 or … or Sn Abbreviated to OR i n =1 S i S i children of the selection statement.

54 54 Dijkstra’s guarded command: if c 1  S 1  c 2  S 2  …   c n  S n fi How to write it in our language (using or)? [when c 1 do S 1 ] or … [when c n do S n ]

55 55 First step: arbitrary choosing an i such that c i is currently true, and passing the guard c i. Subsequent steps: execute the selected S i The order of the list does not imply priority.

56 56 Non-exclusive c i s are not exclusive, not necessarily c i  (  c j ) for every i  j Non-exhaustive c i s are not exhaustive, not always \/ i n =1 c i is true. QUESTIONS: Non-exclusiveness allows ?? nondeterminism Non-exhaustiveness allows ?? Possibility of deadlock

57 57 Cooperation S 1 || S 2 Parallel execution of S 1 and S 2 Step 1: entry step, setting the stage for the parallel execution of S 1 and S 2 Subsequent steps: steps from S 1 and S 2 Last step: an additional exit step that close the parallel execution.

58 58 Multiple cooperation statement S 1 || S 2 … || S n S i children of the cooperation statement QUESTION: In [S 1 || S 2 ]; S 3, when does S 3 start? After both S 1 and S 2 are terminated.

59 59 While while c do S First step: evaluation of guard c Subsequent steps: C true: at least one more repetition of the body S C false: terminating the execution of while

60 60 Question What are the differences between: while c do S when c do S ?

61 61 Block [local dcl; S] S is the body of the block. Local dcl: Local variable, …,variable: type where   : y i = e i y i declared in this statement, e i depends on program’s input variables  is the initialization of variables Once, at the beginning of the program (static) and not every time we enter the block.

62 62 Statement S may refer to variables which are declared at the head of the program or at the head of a block containing S.

63 63 Programs P:: [dcl; [P 1 ::S 1 || … || P m ::S M ]] S 1, …,S m : top-level processes of the program [P 1 ::S 1 || … || P m ::S M ] : body of the program Names of the program and top-level processes are optional QUESTION: body of a program is like which statement?? a cooperation statement (allow m=1)  Uniformity

64 64 declarations: mode variable, …, variable: type where  mode: in, local, out Assertion  : restrict the initial values of the variables on entry to the program

65 65 Labels: Statements in the body may be labeled. We use them in our discussions and specifications. No statement refer to the labels.

66 66 Examples Binomial coefficient Greatest common divisor P. 27, 28

67 67 Labels in Text Program Pre-label, post-label of statements Two important roles: Unique identification and reference to the statements Serve as a possible sites of control in a way similar to nodes in a transition diagram

68 68 The label equivalence relation P. 30 Locations in the text language P. 32

69 69 Semantics of Shared-Variables Text Giving the semantics of Shared- Variables Text: Establishing the correspondence between text programs and the generic model of basic transition systems ( , , ,  ) Identifying the components of a basic transition system in text programs

70 70 State variables,  : ( , , ,  )  = {Y,  } Y is the set of data variables, explicitly declared (input, output, local)  is single control variable: ranges over sets of locations All the locations of the program that are currently active (statements candidate for execution)

71 71 Example out x: integer where x=0 L 0: [l 1 : x:= x+1; l 2 : x:=2; l 3 : x:=x+2]:l’ 0 QUESTION:  = ?? Note: adequately labeled (equivalence classes) Instead of {[l 1 ], …} we represent it by {l 1, …}

72 72 States,  : ( , , ,  ) All possible interpretations that assign to the state variables values over their respective domains. Question: States of the previous example? Reachable states of it? (p.34)

73 73 Transitions ( , , ,  ) The transition relation for idling transition  I =  The transition relations for diligent transitions  l, shall be defined for each statement. p. 34 – p. 37

74 l : skip : l’, l : ŷ:=ē : l’, (Assignment) l : await c : l’, l : if c then [ l 1 : S1 ] else [ l 2 : S2 ], l : when c do [l’ : S ] l : [while c do [l 1 : S ]]: l’, l : [[l 1 : S 1 : l’ 1 ] || … || [l m : S m : l’ m ]] : l’, (Cooperation) ---------------------------------- Concatenation: S= [S1;S2] Selection: S= [S1 or S2 or … or Sn] Block: S= [local dcl; S’]

75 75 The Initial Condition [dcl; [P 1 :: [l m : S 1 ] || … || P m ::[l m : S m ]]]  is the data precondition of the program.  : (  ={l 1, …, l m } 

76 76 Computation

77 77 Subscripted Variables

78 78 Structural Relations Between Statements

Download ppt "Advanced Topics in Software Engineering Marjan Sirjani Tehran University Faculty of Engineering ECE Department Tehran, 1383-1384."

Similar presentations

Modeling Software Systems Lecture 2 Book: Chapter 4.

Modeling Software Systems Lecture 2 Book: Chapter 4.
Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.

Modeling issues Book: chapters 4.12, 5.4, 8.4, 10.1.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
ICE1341 Programming Languages Spring 2005 Lecture #13 Lecture #13 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.

ICE1341 Programming Languages Spring 2005 Lecture #13 Lecture #13 In-Young Ko iko.AT. icu.ac.kr iko.AT. icu.ac.kr Information and Communications University.
Models of Concurrency Manna, Pnueli.

Models of Concurrency Manna, Pnueli.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Statement-Level Control Structures

Statement-Level Control Structures
Program correctness The State-transition model A global state S  s 0 x s 1 x … x s m {s k = local state of process k} S0  S1  S2  … Each state transition.

Program correctness The State-transition model A global state S  s 0 x s 1 x … x s m {s k = local state of process k} S0  S1  S2  … Each state transition.
1.6 Behavioral Equivalence. 2 Two very important concepts in the study and analysis of programs –Equivalence between programs –Congruence between statements.

1.6 Behavioral Equivalence. 2 Two very important concepts in the study and analysis of programs –Equivalence between programs –Congruence between statements.
Expressions and Statements. 2 Contents Side effects: expressions and statements Expression notations Expression evaluation orders Conditional statements.

Expressions and Statements. 2 Contents Side effects: expressions and statements Expression notations Expression evaluation orders Conditional statements.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.

CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.
Timed Automata.

Timed Automata.
Compiling Communicating Processes into Delay-Insensitive VLSI Circuits Alain J. Martin Department of Computer Science California Institute of Technology.

Compiling Communicating Processes into Delay-Insensitive VLSI Circuits Alain J. Martin Department of Computer Science California Institute of Technology.
The Spin Model Checker Promela Introduction 50374 Nguyen Tuan Duc 50378 Shogo Sawai.

The Spin Model Checker Promela Introduction Nguyen Tuan Duc Shogo Sawai.
CIS 540 Principles of Embedded Computation Spring 2015 Instructor: Rajeev Alur

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.

Spin Tutorial (some verification options). Assertion is always executable and has no other effect on the state of the system than to change the local.
1 Operational Semantics Mooly Sagiv Tel Aviv University 640-6706 Textbook: Semantics with Applications.

1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.
Modeling Software Systems Lecture 2 Book: Chapter 4.

Modeling Software Systems Lecture 2 Book: Chapter 4.
FunState – An Internal Design Representation for Codesign A model that enables representations of different types of system components. Mixture of functional.

FunState – An Internal Design Representation for Codesign A model that enables representations of different types of system components. Mixture of functional.

Similar presentations

Ads by Google