Process AlgebraBook: Chapter 8

The Main Issue

Q: When are two models equivalent?

A: When they satisfy different properties.

Q: Does this mean that the models have different executions?

What is process algebra? An abstract description for

nondeterministic and concurrent systems.

Focuses on the transitions observed rather than on the states reached.

Main correctness criterion: conformance between two models.

Uses: system refinement, model checking, testing.

Different models may have the same set of executions!

aa a

b b cc

a-insert coin, b-press pepsi, c-press pepsi-light

d-obtain pepsi, e-obtain pepsi-light

dd ee

Actions: Act={a,b,c,d}{}.Agents: E, E’, F, F1, F2, G1, G2, …

E

E’

G2G1

F1 F2

F

aa a

b b cc

Agent E may evolve into agent E’.

Agent F may evolve into F1 or F2.

dd ee

Events.

E

E’

G2G1

F1 F2

F

aa a

b b cc

E—aE’, F—aF1, F—aF2, F1—aG1,

F2—aG2. G1—F, G1—F.

Actions and co-actions

For each action a, except for , there is a co-action a. a and a interact (a input, a output).The coaction of a is a.

G2G1

F1 F2

Fa a

b c

E

E’

a

b c

Notation

a.E – execute a, then continue according to E.E+F – execute according to E or to F.E||F – execute E and F in parallel.

E

G H

F

a

b c

a.(b+c)(actually, a.((b.0)+(c.0))

E—aFF—bGF—cH

0 – deadlock/termination.

Conventions

“.” has higher priority than “+”. “.0” or “.(0||0||…||0)” is omitted.

CCS - calculus of concurrent systems [Milner]. Syntax

a,b,c, … actions, A, B, C - agents. a,b,c, coactions of a,b,c. -silent action. nil - terminate. a.E - execute a, then behave like E. + - nondeterministic choice. || - parallel composition. \L - restriction: cannot use letters of L. [f] - apply mapping function f between

between letters.

Semantics (proof rule and axioms).Structural Operational Semantics SOS

a.p –a p p—ap’ |-- p+q –a p’ q—aq’ |-- p+q –a q’ p—ap’ |-- p|q –a p’|q q—aq’ |-- p|q –a p|q’ p—ap’, q—aq’ |-- p|q – p’|q’ p—ap’ , a R |-- p\L –a p’\R p—ap’ |-- p[m]—m(a)p’[m]

Action Prefixing

a.E—aE (Axiom)

Thus, a.(b.(c||c)+d)—a(b.(c||c)+d).

Choice

E—aE’ F—aF’ (E+F)—aE’ (E+F)—aF’

b.(c||c)—b(c||c).Thus,

(b.(c||c)+e)—b(c||c).

If E—aE’ and F—aF’, then E+F has a nondeterministic choice.

Concurrent Composition

E—aE’ F—aF’ E||F—aE’||F E||F—aE||F’

E—aE’, F—aF’ ———————— E||F—E’||F’

c—c0, c—c0, c||c—0||0, c||c—c0||c, c||c—cc||0.

Restriction

E—aE’, a, a R —————————

E\R –aE’\RIn this case: allows only

internal interaction of c.c||c—0||0 c||c—c0||c c||c—cc||0(c||c) \ {c}—(0||0) \{c}

Relabeling

E—aE’ ———— E[m] –m(a)E’[m]

No axioms/rules for agent 0.

Examples

a.E||b.F

a.E||FE||b.F

E||F

b

b

a

a

Derivations

(0||0)

a.(b.(c||c)+d)

b.(c||c)+d

(c||c) 0

(0||c) (c||0)

a

b d

c

cc

c

Modeling binary variable

C0=is_0? . C0 + set_1 . C1 + set_0 . C0

C1=is_1? . C1 + set_0 . C0 + set_1 . C1

C0 C1set_1

set_0

set_0

is_0?

set_1

is_1?

Equational Definition

E=a.(b..E+c..E) E—aE’, A=EF=a.b..F+a.c..F A—aE’

G2G1

F1 F2

Fa a

b c

E

E’

a

b c

Trace equivalence:Systems have same finite sequences.

Same traces

Fa a

b b

E

a

b c c

E=a.(b+c) F=(a.b)+a.(b+c)

Failures: comparing also what wecannot do after a finite sequence.

Fa a

b b

E

a

b c c

Failure of agent E: (σ, X), where after executing σ from E, none of the events in X is enabled.Agent F has failure (a, {c}), which is not a failure of E.

Simulation equivalence

Relation over set of agents S. RSS. E R F If E’ R F’ and E’—aE’’, then there

exists F’’, F’—aF’’, and E’’ R F’’.

E

c d

b b

aaF

c d

b b

a

Simulation equivalence

Relation over set of agents S. RSS. E R F If E’ R F’ and E’—aE’’, then there exists F’’,

F’—aF’’, and E’’ R F’’.

E

c d

b b

aaF

c d

b b

a

Here, simulation works only in one direction. No equivalence!

Relation over set of agents S. RSS. E R F If E’ R F’ and E’—aE’’, then there exists F’’,

F’—aF’’, and E’’ R F’’.

E

c d

b b

aaF

c d

b b

a

want to establish

symmetricallynecessarily

problem!!!

Simulation equivalentbut not failure equivalent

Left agent a.b+a has a failure (a,{b}).

E

b

aaF

b

a

Bisimulation: same relation simulates in both directions

Not in this case: different simulation relations.

E

b

aaF

b

a

Hierarchy of equivalences

Bisimulation

Trace

FailureSimulation

Example:

A=a.((b.nil)+(c.d.A))

B=(a.(b.nil))+(a.c.d.B)

a b

c

ds0

s1 s2

s3 a

d

b

ac

t0

t1

t4

t2

t3

Bisimulation between G1 and G2

Let N= N1 U N2

A relation R : N1 x N2 is a bisumulation ifIf (m,n) in R then1. If m—am’ then n’:n—an’ and (m’,n’) in R2. If n—an’ then m’:m—am’ and (m’,n’) in R.

Other simulation relations are possible, I.e., m=a=> m’ when m—…—a—m’.

Algorithm for bisimulation:

Partition N into blocks B1B2…Bn=N. Initially: one block, containing all of N. Repeat until no change:

Choose a block Bi and a letter a. If some of the transitions of Bi move to some block Bj and some not, partition Bi accordingly.

At the end: Structures bisimilar if initial states of two structures are in same blocks.

Correctness of algorithm

Invariant: if (m,n) in R then m and n remain in the same block throughout the algorithm.

Termination: can split only a finite number of times.

Example:

a b

c

ds0

s1 s2

s3a

d

b

ac

t0

t1

t4

t2

t3

{s0,s1,s2,s3,t0,t1,t2,t3,t4}

Example:

a b

c

ds0

s1 s2

s3 a

d

b

ac

t0

t1

t4

t2

t3

{s0,s1,s2,s3,t0,t1,t2,t3,t4} split on a.{s0,t0},{s1,s2,s3,t1,t2,t3,t4}

Example:

a b

c

ds0

s1 s2

s3 a

d

b

ac

t0

t1

t4

t2

t3{s0,t0},{s1,s2,s3,t1,t2,t3,t4} split on b

{s0,t0},{s1,t1},{s0,s2,s3,t2,t3,t4}

Example:

a b

c

ds0

s1 s2

s3 a

d

b

ac

t0

t1

t4

t2

t3

{s0,t0},{s1,t1},{s2,s3,t2,t3,t4} split on c

{s0,t0},{s1},{t1},{s2,s3,t2,t3,t4}

Example:

{s0,t0},{s1},{t1},{s2,s3,t2,t3,t4} split on c

{s0,t0},{s1},{t1},{t4},{s2,s3,t2,t3}

a b

c

ds0

s1 s2

s3 a

d

b

ac

t0

t1

t4

t2

t3

Example:

{s0,t0},{s1},{t1},{t4},{s2,s3,t2,t3} split on d

{s0,t0},{s1},{t1},{t4},{s3, t3},{s2,t2}

a b

c

ds0

s1 s2

s3 a

d

b

ac

t0

t1

t4

t2

t3

Example:

{s0,t0},{s1},{t1},{t4},{s2,t2},{s3,t3} split on a

{s0},{t0},{s1},{t1},{t4},{s3, t3},{s2,t2}

a b

c

ds0

s1 s2

s3 a

d

b

ac

t0

t1

t4

t2

t3

Example:

{s0},{t0},{s1},{t1},{t4},{s2,s3,t2,t3} split on d

{s0},{t0},{s1},{t1},{t4},{s3},{t3},{s2,t2}

a b

c

ds0

s1 s2

s3 a

d

b

ac

t0

t1

t4

t2

t3