emp o - polytechniquefvalenci/papers/cambridge-slides.pdf · a calculus fo r t emp o ral ccp camb...

TemporalCCP

andTimedSystems.

MogensNielsenCatusciaPalamidessi �FrankD.Valencia

BRICS,UniversityofAarhus

�PennStateUniversity

March,2000

Speaker:FrankD.Valencia

ACalculusforTemporalCCP

Cambridge.March,2002

Motivation

ACCPcalculusformodellingtimedsystems.

.TimedSystemsinvolve:

.constraintsspecifyingbehavior

.partialinformation

.speci�cdomainsapplications

.and

CCPusedfor

.specifyingconcurrencyviaconstraints

.manipulatingpartialinformation

.de�ningdomainspeci�cprogramminglanguages.

1



A

TypicalCCP

Scenario

(temperature>20)!

(temperature=30)?:P

&

%

M

E

D

IU

M

%

(Store)

&

(temperature<40)!

(temperature<50)?:Q

�PartialInformation(e.g.temperatureissomeunknownvalue>20).

�ConcurrentExecutionofProcesses.

�SynchronizationviaBlocking-Ask.

2



RepresentingPartialInformation

De�nition.

Aconstraintsystem

consistsofasignature�and�rst-order

theory�over�.

�Constraintsa;b;c;::::formulaeover�.

�Relation`�:decidableentailmentrelationbetweenconstraints.

�C:setofconstraintsunderconsideration.

3



SubjectofthisTalk:ntcc

.tcc(Gupta,Jagadeesan,Saraswat94):Adeterministicmodelfor

programmingreactivesystemsbasedontheSynchronousLanguages.

.ntcc:Atccextensionformodellingpotentiallynon-deterministicandasyn-

chronoustimedsystems.

Agenda:

.Systemsunderconsideration.

.Syntaxandintuitivebehavior.

.OperationalSemantics.

.LogicandProofSystem.

.Applications.

.Behavioralequivalencesandtheirdecidability.

4



SystemsthatConcernus

a1

a01

a2

a02

a3

a03

P1

P2

P3

�Stimulusai:inputinformationforPi.

�Responsea0i :outputinformationofPi.

�Stimulus-Responseduration:timeinterval(ortimeunit).

Examples:ProgrammableLogicControllers(PLC's)andLEGORCXbricks.

5



Syntax:BasictccProcesses

Processes

Description

Actionwithinthetimeinterval

�tell(c)

tellinginformation

addctothestore

�w

hen

cdoP

askinginformation

whencinthestoreexecuteP

�localxin

P

hiding

executePwithlocalx

�nextP

unit-delay

delayPonetimeunit.

�unlesscnextP

time-out

unlesscnowinthestoredoPnext

�PkQ

synch.parallelism

executePandQ

6



NtccAdditionalBasicProcesses

�NonDeterministicBehavior:P

i2Iw

hencidoPi

GuardedChoice.

�AsynchronousBehavior:?P

Unboundedbut�nitedelayofP

�In�niteBehavior:!P

UnboundelymanycopiesofP,oneatatime:PknextPknext2Pk:::7



SomeDerivedConstructs

�Inactivity:

skip

def

=P

i2;Pi

P

kskip

=P.

�Abortion:abortdef

=!(tell(false))

P

kabort=abort.

�FairAsynch.Parallel:PjQ

def

=

(?PkQ)+(Pk?Q)

PjQ=QjPandPj(QjR)=(PjQ)jR:

IsPjabort=abort??

�Bounded!and?:!I Pdef

=Q

i2InextiP

and

?I P

def

=P

i2InextiP

8



PowerSaverExample

.Apowersaver:

!(unless(lights=o�)next

?tell(lights=o�))

.Are�nedpowersaver:

!(unless(lights=o�)next

?[0;60]tell(lights=o�))

.Amorere�nedone;deterministicpowersaver:

!(unless(lights=o�)nexttell(lights=o�))

9



MachineExamples

.Motordoomedtomalfunction:

P=

?!tell(malfunction(motor))

.SafetyCheck:

Q=!(w

henmalfunction(motor)dotell(motorspeed=0))

.EventualMotorInactivity:

P

kQ

10



Road-Map1

Wehaveseen:

�Constructsareparameterizedbyaconstraintsystem.

�Basicconstructsprovide:(1)tellingandasking,(2)non-determinism,(3)

parallelism,(4)hiding,(5)unitdelays,(6)time-outs,(7)asynchronyand(8)

in�nitebehavior.

�SomeDerivedConstructsprovide:(1)inactivity,(2)abortion,(3)asynchronous

parallelism,(4)boundedasynchronyandinvariance.

ComingUp:

�OperationalSemanticsandProcessObservations.

�LogicandProofSystem.

11



OperationalSemantics

.

InternalTransitions:

RThtell(c);ai

�!

hskip;a^ci

RG

a`cj

Pi2IwhencidoPi ;a ��!

hPj ;ai

RB

h!P;ai�!

hP

knext!P;ai

RSh?P;ai�!

hnextnP;ai

(n�0)

.

ObservableTransition

RO

hP;ai�!�

Q;a0 �6�!

P

(a;a0)

====)

F(Q)::=

8>>><>>>:Q0

ifQ

=

nextQ0

Q0

ifQ

=

unless(c)nextQ0

F(Q1)kF(Q2)

ifQ

=

Q1kQ2

localxinF(Q0)

ifQ

=

localxinQ0

skip

otherwise

12



ObservationstoMakeofProcesses

.Stimulus-responseinteraction

P=P1

(c1;c01)

====)

P2

(c2;c02)

====)

P3

(c3;c03)

====)

:::

denotedbyP

(�;�0)

====)!

with�=c1 :c2:::and�0=c01 :c02:::

.Input-OutputBehavior:

io(P)=f(�;�0)jP

(�;�0)

====)!g

.Language:

L(P)=f�0jP

(true!;�0)

====)!g

.StrongestPostcondition:

sp(P)=f�0jP

(;�0)

====)!g

13



A

LogicàlaPnueliforntcc

Syntax.A:=cjA^Aj:Aj9xAjÆ

Aj}Aj�A

Semantics.Say�j=Ai�h�;1ij=Awhere

h�;iij=c

i�

�(i)`c

h�;iij=:A

i�

h�;ii6j=A

h�;iij=A1^A2

i�

h�;iij=A1andh�;iij=A2

h�;iij=Æ

A

i�

h�;i+1ij=A

h�;iij=�A

i�

forallj�ih�;jij=A

h�;iij=}A

i�

thereexistsj�is.t.h�;jij=A

h�;iij=9xA

i�

thereis�0x�variantof�s.t.h�0;iij=A:

Collectionofallmodels:[[A]]=f�j�j=Ag

Satisfaction:Pj=Ai�sp(P)�[[A]](i.e.,alloutputsofPsatisfyA)

14

A Calculus for Temporal CCP Cambridge. March, 2002

Proof System for P j= A

P ` A Q ` BP k Q ` A ^B

(par)

P ` Alocal x inP ` 9xA

(hide)

P ` AnextP ` ÆA

(next)

P ` A!P ` �A

(rep)

P ` A?P ` }A

(star)

tell(c) ` c (tell)

8i 2 I Pi ` AiPi2Iwhen ci do Pi `

Wi2I(ci ^Ai) _

Vi2I :ci

(sum)

P ` A A) BP ` B

(rel)

15



RelativeCompleteness

De�nition.

Pisalocally-independentchoiceprocessi�foreach

Xi2Iw

hen

cido

Qi

inP;theci 'sdonotdependonthelocalvariablesofP.

Theorem.

(Completeness)ForeveryP;A

.P`A

impliesPj=Aand

.Pj=A

impliesP

`A,ifPislocally-independentchoice.

16



DenotationalSemantics

[[tell(a)]]=

fc��2C!

:

cà;g

[[P

kQ]]=

[[P]]\[[Q]]

[[!P]]=

f�

:

forall�2C�;�02C!

:

�=

�:�0implies�02[[P]]g

[[?P]]=

f�:�

:

�2C�;�2[[P]]g

[[ Pi2Iwhen(ai)doPi]]=

Si2I fc��

:

càiandc��2[[Pi]])[

( Ti2I fc��

:

c6ài;�2C!g)

.Theorem.sp(P)�[[P]]and,ifPisalocally-independent,sp(P)=[[P]]

Theorem.io(P)=f(�;�0)j�0=m

in([[P]]\"�)gifPisdeterministic.

17



Applications:Cells

.Cellx:(v)=�cellxwithcontentsv�.

.Exchangeexchf(x;y)=�y

x;x

f(x)�.

:(z)

def

=

tell(x=z)kunlesschange(x)nextx:(z)

xchf(x;y)

def

=

Pvw

hen

(x=v)do

(

tell(change(x))

ktell(change(y))

k

next(x:f(v)

k

y:(v)))

Proposition.

exchf(x;y)`(x=v))

Æ

(x=f(v)^y=v).

Example.x:(3)ky:(5)kexch7 (x;y)

:

====)

x:(7)ky:(3).

18


Applications: LEGO Zigzagging

Speci�cation. Go forward (f), right (r) or left (l) but

DO NOT go:

. f if preceding action was f,

. r if second-to-last action was r, and

. l if second-to-last action was l.

GoForwarddef= fexch(act1 ; act2 ) k tell(forward)

GoRightdef= rexch(act1 ; act2 ) k tell(right)

GoLeftdef= lexch(act1 ; act2 ) k tell(left)

Zigzagdef= ( when (act1 6= f)do GoForward

+ when (act2 6= r)do GoRight

+ when (act2 6= l)do GoLeft )k nextZigzag

StartZigzagdef= act1: (0) k act2: (0) k Zigzag

Proposition. StartZigzag ` �(}right ^ }left)

19



Road-Map2

Wehaveseen:

�OperationalSemantics.

�LogicandProofSystem.

�Examples.

ComingUp:

�BehavioralEquivalences.

�Undecidability/DecidabilityResults.

20



BehavioralEquivalences

De�nition.

P�ioQi�io(P)=io(Q)andP�L

Qi�L(P)=L(Q).

Butneither�ionor�L

arecongruences.Let�ioand�L

bethecorresponding

congruences.

Theorem.

�io=�L��io��L.

Theorem.

Onecane�ectivelyconstructcontextsUS[:],S�fin

C,s.t.,

-(UniversalContext)P

�L

Q

i�

UC[P]�L

UC[Q]for�niteC.

-(SpecializedContext)P�L

Q

i�

UC(P;Q)[P]�L

UC(P;Q)[Q].

21



BehavioralEquivalence:Decidability.

De�nition.

P

islocally-deterministici�all(non-unary,non-empty)

summationsinPoccuroutsideofthelocalconstructsinP.

Theorem.

Givenalocally-deterministicP

onecane�ectivelyconstructa

BüchiautomatonBP

thatrecognizesthelanguageofP.

Corollary.

Languageequivalence�L,languagecongruence�L

andinput-

outputcongruence�ioaredecidableforlocally-deterministicprocesses.

22



VariantsandtheirExpressivePower

Locally-independent

ntcc

with

the

following

alternatives

for

in�nitebehaviour(guardedrecursion):

�ntcc[Rec]

Rec.de�nitionsA(x1 ;:::;xn)def

=Pwithfv(P)�fx1 ;:::;xng.

�ntcc[Rec,IdenticalParameters]

AsabovebuteverycallofAinPisoftheformA(x1 ;:::;xn).

�ntcc[Rec,NoParameters,Dyn.Scoping]

Rec.de�nitionsAdef

=PwithDynamicScoping

�ntcc[Rec,NoParameters,StaticScoping]

Rec.de�nitionsAdef

=PwithStaticScoping.

23


Variants and their Expressive Power

(PCP)

(Buchi Autom.)ntcc[Rec, Ident. Par.]

UNDECIDABLE

DECIDABLEntcc[Rec,No Par, Static Scope]

ntcc[Replication]

ntcc[Rec, No Par., Dyn. Scope]ntcc[Rec]

24



RemarksandFutureWork

Wehavepresented

.ntcc;acalculusfordiscretetimedsystems.

.Alinear-timelogicandproofsystemforntcc.

.Examplesillustratingtheapplicabilityofthecalculus.

.Equivalencesanddecidability/undecidabilityresultsforvariantsofntcc.

CurrentandFutureWork

.Decidability/undecidabilityresultsforthefullcalculus.

.Strongpre-emption.

.Branchingtemporallogicforthecalculus.

.Probabilisticextensionofntcc.

.ProgramminglanguageforRCXcontrollersbasedonntcc.

25



StructuralCongruence

�(Proc=�;kskip)isasymmetricmonoid

�P�Qby��conversion

�nextskip

�skip,next(PkQ)�nextPknextQ

�localxin

skip

�skip,localx;yin

P�localy;xin

P

�localxin

nextP�nextlocalxin

P

�localxin

(PkQ)�Pklocalxin

Qifx62fv(P)

26



Applications:Value-PassingCommunication

.Writex"(v)��writev2D

om

inchannelx�.

.Readx#(y):P��readvalueinxifany,nameity,anduseitinP�

.E.g.!(?[0;1] (x#(y):P):�checkveryoftenformessagesinx�..

SendAsynx (y)

def

=

?x"[y]

WaitingQ;x

def

=

localstopin

(x#[y]:(Qktell(stop=1))

kunlessstop=1nextWaitingQ;x ):

Proposition.

SupposeQ`B.Foreveryv2D

om

,

SendAsynx (v)kWaitingQ;x`}B[v=y]

27



StrongestFormulaSatis�edforaProcess.

Letsf:Proc!

Abede�nedas

sf(tell(c))

=

c

sf( Pi2Iw

hen(ci )doPi )

=

�Wi2Ici^sf(Pi ) �_

Vi2I:ci

sf(PkQ)

=

sf(P)^sf(Q)

sf(localxP)

=

9xsf(P)

sf(nextP)

=

Æ

sf(P)

sf(!P)

=

�

sf(P)

sf(?P)

=

}sf(P)

.Theorem.

P`Ai�sf(P))

A

28



BehavioralEquivalence

De�nition.

P�ioQi�io(P)=io(Q)andP�L

Qi�L(P)=L(Q).

Unfortunately,neither�io

or�L

arecongruences.Let�io

and�L

bethe

correspondingcongruences.

P

=

w

hen

truedotell(a)+

w

hen

(b)dotell(c)

Q

=

w

hen

truedotell(a)+

w

hen

(b)dotell(c)

+w

hen

truedo(tell(a)kw

hen

(b)dotell(c))

andR=w

hen

adotell(b).

Theorem.

�io =�L��io ��L.

29



BehavioralEquivalence:DistinguishingContexts.

De�nition.

ThedistinguishingcontextwrtS��nC,US[:],isde�nedas

!(X�

2ic(S)tell(tr�)kT�)

whereTc:�

=tell(c)kW�

andWc:�

=w

hen

cdo

T�.

Theorem.

P

�L

Q

ifandonlyif

UC[P]�L

UC[Q]for�niteC.

Theorem.

P�L

Q

ifandonlyif

UC(P;Q)[P]�L

UC(P;Q)[Q].

30

emp o - polytechniquefvalenci/papers/cambridge-slides.pdf · a calculus fo r t emp o ral ccp camb...

Documents