Presentation is loading. Please wait.

Presentation is loading. Please wait.

2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 1 CCS: Processes and Equivalences Mads Dam Reading: Peled 8.1, 8.2, 8.5.

Published byMaximillian Scott Modified over 9 years ago

Similar presentations

Presentation on theme: "2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 1 CCS: Processes and Equivalences Mads Dam Reading: Peled 8.1, 8.2, 8.5."— Presentation transcript:

1 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 1 CCS: Processes and Equivalences Mads Dam Reading: Peled 8.1, 8.2, 8.5

2 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 2 Finite State Automata Coffee machine A 1 : Coffee machine A 2 : Are the two machines ”the same”? 1kr tea coffee 1kr tea coffee 1kr

3 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 3 CCS Calculus of concurrent processes Main issues: How to specify concurrent processes in an abstract way? Which are the basic relations between concurrency and non- determinism? Which basic methods of construction (= operators) are needed? When do two processes behave differently? When do they behave the same? Rules of calculation: –Replacing equals for equals –Substitutivity Specification and modelling issues

4 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 4 Process Equivalences Sameness of behaviour = equivalence of states Many process equivalences have been proposed (cf. Peled 8.5) For instance: q 1 » q 2 iff –q 1 and q 2 have the same paths, or –q 1 and q 2 may always refuse the same interactions, or –q 1 and q 2 pass the same tests, or –q 1 and q 2 satisfy the same temporal formulas, or –q 1 and q 2 have identical branching structure CCS: Focus on bisimulation equivalence

5 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 5 Bisimulation Equivalence Intuition: q 1 » q 2 iff q 1 and q 2 have same branching structure Idea: Find relation which will relate two states with the same transition structure, and make sure the relation is preserved Example: aaa b b bc c c q1q1 q2q2

6 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 6 Strong Bisimulation Equivalence Given: Labelled transition system T = (Q, ,R) Looking for a relation S  Q  Q on states S is a strong bisimulation relation if whenever q 1 S q 2 then: –q 1   q 1 ’ implies q 2   q 2 ’ for some q 2 ’ such that q 1 ’ S q 2 ’ –q 2   q 2 ’ implies q 1   q 1 ’ for some q 1 ’ such that q 1 ’ S q 2 ’ q 1 and q 2 are strongly bisimilar iff q 1 S q 2 for some strong bisimulation relation S q 1  q 2 : q 1 and q 2 are strongly bisimilar Peled uses ´ bis for »

7 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 7 Example q1q1 q0q0 q2q2 p0p0 p1p1 p2p2 a a a a a a a b b b Does q 0 » p 0 hold?

8 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 8 Example q1q1 q0q0 q2q2 p0p0 p1p1 p2p2 c aa a c b b Does q 0 » p 0 hold? q3q3 q4q4 p3p3

9 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 9 Weak Transitions What to do about internal activity?  : Transition label for activity which is not externally visible q )  q’ iff q = q 0   q 1  ...   q n = q’, n  0 q )  q’ iff q )  q’ q )  q’ iff q )  q 1   q 2 )  q’ (    ) Beware that )  = )  (non-standard notation) Observational equivalence, v.1.0: Bisimulation equivalence with  in place of  Let q 1 ¼’ q 2 iff q 1 » q 2 with )  in place of !  Cumbersome definition: Too many transitions q )  q’ to check

10 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 10 Observational Equivalence Let S µ Q  Q. The relation S is a weak bisimulation relation if whenever q 1 S q 2 then: –q 1   q 1 ’ implies q 2   q 2 ’ for some q 2 ’ such that q 1 ’ S q 2 ’ –q 2   q 2 ’ implies q 1   q 1 ’ for some q 1 ’ such that q 1 ’ S q 2 ’ q 1 and q 2 are observationally equivalent, or weakly bisimulation equivalent, if q 1 S q 2 for some weak bisimulation relation S q 1  q 2 : q 1 and q 2 are observationally equivalent/weakly bisimilar Exercise: Show that ¼’ = ¼

11 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 11 Examples a a a a a a a a b b c c c      ¼ ¼ ¼

12 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 12 Examples b a  b a  a  b All three are inequivalent

13 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 13 Calculus of Communicating Systems - CCS Language for describing communicating transition systems Behaviours as algebraic terms Calculus: Centered on observational equivalence Elegant mathematical treatment Emphasis on process structure and modularity Recent extensions to security and mobile systems CSP - Hoare: Communicating Sequential Processes (85) ACP - Bergstra and Klop: Algebra of Communicating Processes (85) CCS - Milner: Communication and Concurrency (89) Pi-calculus – Milner (99), Sangiorgi and Walker (01) SPI-calculus – Abadi and Gordon (99) Many recent successor for security and mobility (more in 2G1517)

14 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 14 CCS - Combinators The idea: 7 elementary ways of producing or putting together labelled transition systems Pure CCS: Turing complete – can express any Turing computable function Value-passing CCS: Additional operators for value passing Definable Convenient for applications Here only a taster

15 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 15 Actions Names a,b,c,d,... Co-names: a,b,c,d,... –Sorry: Overbar not good in texpoint! –a = a In CCS, names and co-names synchronize Labels l: Names [ co-names  2 Actions =  = Labels [ {  } Define  by: – l = l, and –  = 

16 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 16 CCS Combinators, II Nil0No transitions Prefix .Pin.out.0  in out.0  out 0 DefinitionA == PBuffer == in.out.Buffer Buffer  in out.Buffer  out Buffer inout in out

17 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 17 CCS Combinators, Choice Choice P + QBadBuf == in.( .0 + out.BadBuf) BadBuf  in .0 + out.BadBuf   0or  out BadBuf Obs: No priorities between  ’s, a’s or a’s CCS doesn’t ”know” which labels represent input, and which output May use  notation:  i2{1,2}  i.P i =  1.P 1 +  2.P 2 in out 

18 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 18 Example: Boolean Buffer 2-place Boolean Buffer Buf 2 : Empty 2-place buffer Buf 2 0 : 2-place buffer holding a 0 Buf 2 1 : Do. holding a 1 Buf 2 00 : Do. Holding 00... etc.... Buf 2 == in 0.Buf 2 0 + in 1.Buf 2 1 Buf 2 0 == out 0.Buf 2 + in 0.Buf 2 00 + in 1.Buf 2 01 Buf 2 1 ==... Buf 2 00 == out 0.Buf 2 0 Buf 2 01 == out 0.Buf 2 1 Buf 2 10 ==... Buf 2 11 ==...

19 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 19 Example: Scheduler a i : start task i b i : stop task i Requirements: 1.a 1,...,a n to occur cyclically 2.a i /b i to occur alternately beginning with a i 3.Any a_i/b_i to be schedulable at any time, provided 1 and 2 not violated Let X  {1,...,n} Sched i,X : i to be scheduled X pending completion Scheduler == Sched 1,  Sched i,X ==  j  X b j.Sched i,X-{j}, if i  X ==  j  X b j.Sched i,X-{j} + a i.Sched i+1,X  {i}, if i  X

20 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 20 Example: Counter Basic example of infinite-state system Count == Count 0 Count 0 == zero.Count 0 + inc.Count 1 Count i+1 == inc.Count i+2 + dec.Count i Can do stacks and queues equally easy – try it!

21 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 21 CCS Combinators, Composition Composition P | QBuf 1 == in.comm.Buf 1 Buf 2 == comm.out.Buf 2 Buf 1 | Buf 2  in comm.Buf 1 | Buf 2   Buf 1 | out.Buf 2  out Buf 1 | Buf 2 But also, for instance: Buf 1 | Buf 2  comm Buf 1 | out.Buf 2  out Buf 1 | Buf 2

22 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 22 Composition, Example Buf 1 == in.comm.Buf 1 Buf 2 == comm.out.Buf 2 Buf 1 | Buf 2 : Buf 1 |Buf 2 comm.Buf 1 |Buf 2 comm.Buf 1 |out.Buf 2 Buf 1 |out.Buf 2 in comm out comm out in comm 

23 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 23 CCS Combinators, Restriction Restriction P LBuf 1 == in.comm.Buf 1 Buf 2 == comm.out.Buf 2 (Buf 1 | Buf 2 ) {comm}  in comm.Buf 1 | Buf 2   Buf 1 | out.Buf 2  out Buf 1 | Buf 2 But not: (Buf 1 | Buf 2 ) {comm}  comm Buf 1 | out.Buf 2  out Buf 1 | Buf 2

24 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 24 CCS Combinators, Relabelling Relabelling P[f]Buf == in.out.Buf 1 Buf 1 == Buf[comm/out] = in.comm.Buf 1 Buf 2 == Buf[comm/in] = comm.out.Buf 2 Relabelling function f must preserve complements: f(a) = f(a) And  : f(  ) =  Relabelling function often given by name substitution as above

25 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 25 Example: 2-way Buffers 1-place 2-way buffer: Buf ab == a +.b -.Buf ab + b +.a -.Buf ab Flow graph: LTS: Buf bc == Buf ab [c + /b +,c - /b -,b - /a +,b + /a - ] (Obs: Simultaneous substitution!) Sys = (Buf ab | Buf bc )\{b +,b - } Intention: What went wrong? a+a+ a-a- b-b- b+b+ Buf ab b -.Buf ab a -.Buf ab a+a+ b+b+ b-b- a-a- a+a+ a-a- b-b- b+b+ b-b- b+b+ c+c+ c-c-

26 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 26 Transition Semantics To apply observational equivalence need a formalised semantics Each CCS expression -> state in LTS derived from that expression Compositionality: Construction of LTS follows expression syntax Inference rules: P 1   P 2 P 1 | Q   P 2 | Q Meaning: For all P 1, P 2, Q, , if there is an  transition from P 1 to P 2 then there is an  transition from P 1 | Q to P 2 | Q

27 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 27 P   P’ PÂL   P’ÂL CCS Transition Rules (no rule for 0!) - .P   P Prefix Def P   Q A   Q (A == P) Choice L P   P’ P+Q   P’ Choice L Q   Q’ P+Q   Q’ Com L P   P’ P|Q   P’|Q Com R Q   Q’ P|Q   P|Q’ Com P  l P’ Q  l Q’ P|Q   P’|Q’ Restr ( ,   L) Rel P   P’ P[f]  f(  P’[f]

28 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 28 CCS Transition Rules, II Closure assumption: !  is least relation closed under the set of rules Example derivation: Buf 1 == in.comm.Buf 1 Buf 2 == comm.out.Buf 2 (Buf 1 | Buf 2 )Â{comm}  in comm.Buf 1 | Buf 2   Buf 1 | out.Buf 2  out Buf 1 | Buf 2

29 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 29 Example: Semaphores Semaphore: Unary semaphore: S 1 == p.S 1 1 S 1 1 == v.S 1 Binary semaphore: S 2 == p.S 2 1 S 2 1 == p.S 2 2 + v.S 2 S 2 2 == v.S 2 1 Result: S 1 | S 1  S 2 Proof: Show that {(S 1 | S 1, S 2 ), (S 1 1 | S 1, S 2 1 ), (S 1 | S 1 1, S 2 1 ), (S 1 1 | S 1 1, S 2 2 )} is a strong bisimulation relation pv

30 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 30 Example: Simple Protocol Spec == in.out.Spec Sender == in.Transmit Transmit == transmit.WaitAck WaitAck == ack +.Sender + ack -.Transmit Receiver == transmit.Analyze Analyze == .out.ack +.Receiver + .ack -.Receiver Protocol == (Sender | Receiver)Â{transmit,ack +,ack - } Exercise: Prove Spec  Protocol

31 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 31 Example: Jobshop i E : input of easy job i N : input of neutral job i D : input of difficult job O: output of finished product A == i E.A’ + i N.A’ + i D.A’ A’ == o.A Spec = A | A Hammer: H == gh.ph.H Mallet: M == gm.pm.M Jobber: J ==  x  {E,N,D} i x.J x J E == o.J J N == gh.ph.J E + gm.pm.J E J D == gh.ph.J E Jobshop == (J | J | H | M)Â{gh,ph,gm,pm} Theorem: Spec  Jobshop Exercise: Prove this.

32 2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 32 Proving Equivalences The bisimulation proof method: To establish P  Q: 1.Identify a relation S such that P S Q 2.Prove that S is a weak bisimulation relation This is the canonical method There are other methods for process verification: Equational reasoning Temporal logic specification/proof/model checking

Download ppt "2G1516/2G1521 Formal Methods2004 Mads Dam IMIT, KTH 1 CCS: Processes and Equivalences Mads Dam Reading: Peled 8.1, 8.2, 8.5."

Similar presentations

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.

Model Checking Lecture 2. Three important decisions when choosing system properties: 1automata vs. logic 2branching vs. linear time 3safety vs. liveness.
Brief Introduction to Logic. Outline Historical View Propositional Logic : Syntax Propositional Logic : Semantics Satisfiability Natural Deduction : Proofs.

Brief Introduction to Logic. Outline Historical View Propositional Logic : Syntax Propositional Logic : Semantics Satisfiability Natural Deduction : Proofs.
Process Algebra Book: Chapter 8. The Main Issue Q: When are two models equivalent? A: When they satisfy different properties. Q: Does this mean that the.

Process Algebra Book: Chapter 8. The Main Issue Q: When are two models equivalent? A: When they satisfy different properties. Q: Does this mean that the.
Process Algebra (2IF45) Abstraction in Process Algebra Suzana Andova.

Process Algebra (2IF45) Abstraction in Process Algebra Suzana Andova.
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.

1 1 CDT314 FABER Formal Languages, Automata and Models of Computation Lecture 3 School of Innovation, Design and Engineering Mälardalen University 2012.
1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.

1 Partial Order Reduction. 2 Basic idea P1P1 P2P2 P3P3 a1a1 a2a2 a3a3 a1a1 a1a1 a2a2 a2a2 a2a2 a2a2 a3a3 a3a3 a3a3 a3a3 a1a1 a1a1 3 independent processes.
Programming Paradigms for Concurrency Lecture 11 Part III – Message Passing Concurrency TexPoint fonts used in EMF. Read the TexPoint manual before you.

Programming Paradigms for Concurrency Lecture 11 Part III – Message Passing Concurrency TexPoint fonts used in EMF. Read the TexPoint manual before you.
4/25/20151 Metodi formali nello sviluppo software a.a.2013/2014 Prof.Anna Labella.

4/25/20151 Metodi formali nello sviluppo software a.a.2013/2014 Prof.Anna Labella.
Behavioral Equivalence Hossein Hojjat Formal Lab University of Tehran.

Behavioral Equivalence Hossein Hojjat Formal Lab University of Tehran.
Course on Probabilistic Methods in Concurrency (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1 The pi-calculus and the asynchronous.

Course on Probabilistic Methods in Concurrency (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1 The pi-calculus and the asynchronous.
A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.

A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.
1 Synchronization strategies for global computing models Ivan Lanese Computer Science Department University of Bologna.

1 Synchronization strategies for global computing models Ivan Lanese Computer Science Department University of Bologna.
Brief Introduction to Logic. Outline Historical View Propositional Logic : Syntax Propositional Logic : Semantics Satisfiability Natural Deduction : Proofs.

Brief Introduction to Logic. Outline Historical View Propositional Logic : Syntax Propositional Logic : Semantics Satisfiability Natural Deduction : Proofs.
1 Ivan Lanese Computer Science Department University of Bologna Roberto Bruni Computer Science Department University of Pisa A mobile calculus with parametric.

1 Ivan Lanese Computer Science Department University of Bologna Roberto Bruni Computer Science Department University of Pisa A mobile calculus with parametric.
On-the-fly Model Checking from Interval Logic Specifications Manuel I. Capel & Miguel J. Hornos Dept. Lenguajes y Sistemas Informáticos Universidad de.

On-the-fly Model Checking from Interval Logic Specifications Manuel I. Capel & Miguel J. Hornos Dept. Lenguajes y Sistemas Informáticos Universidad de.
1 Formal Models for Distributed Negotiations Concurrent Languages Translation Roberto Bruni Dipartimento di Informatica Università di Pisa XVII Escuela.

1 Formal Models for Distributed Negotiations Concurrent Languages Translation Roberto Bruni Dipartimento di Informatica Università di Pisa XVII Escuela.
1212 Models of Computation: Automata and Processes Jos Baeten.

1212 Models of Computation: Automata and Processes Jos Baeten.
Bridging the gap between Interaction- and Process-Oriented Choreographies Talk by Ivan Lanese Joint work with Claudio Guidi, Fabrizio Montesi and Gianluigi.

Bridging the gap between Interaction- and Process-Oriented Choreographies Talk by Ivan Lanese Joint work with Claudio Guidi, Fabrizio Montesi and Gianluigi.
C LAUS B RABRAND C ONCURRENCY (Q3,’06) M AR 13, 2006 C LAUS B RABRAND © 2005, University of Aarhus [ ] [

C LAUS B RABRAND C ONCURRENCY (Q3,’06) M AR 13, 2006 C LAUS B RABRAND © 2005, University of Aarhus [ ] [

Similar presentations

Ads by Google