Derivation of concurrent programs by stepwise scheduling of Event-B models (original) (raw)

Generating Distributed Programs from Event-B Models

Electronic Proceedings in Theoretical Computer Science, 2020

Distributed algorithms offer challenges in checking that they meet their specifications. Verification techniques can be extended to deal with the verification of safety properties of distributed algorithms. In this paper, we present an approach for combining correct-by-construction approaches and transformations of formal models (EVENT-B) into programs (DISTALGO) to address the design of verified distributed programs. We define a subset LB (Local EVENT-B) of the EVENT-B modelling language restricted to events modelling the classical actions of distributed programs as internal or local computations, sending messages and receiving messages. We define then transformations of the various elements of the LB language into DISTALGO programs. The general methodology consists in starting from a statement of the problem to program and then progressively producing an LB model obtained after several refinement steps of the initial LB model. The derivation of the LB model is not described in the current paper and has already been addressed in other works. The transformation of LB models into DISTALGO programs is illustrated through a simple example. The refinement process and the soundness of the transformation allow one to produce correct-by-construction distributed programs.

Event-B Decomposition for Parallel Programs

Lecture Notes in Computer Science, 2010

We present here a case study developing a parallel program. The approach that we use combines refinement and decomposition techniques. This involves in the first step to abstractly specify the aim of the program, then subsequently introduce shared information between sub-processes via refinement. Afterwards, decomposition is applied to split the resulting model into sub-models for different processes. These sub-models are later independently developed using refinement. Our approach aids the understanding of parallel programs and reduces the complexity in their proofs of correctness.

Event refinement in state-based concurrent systems

Formal Aspects of Computing, 1995

Operations on action systems may be defined corresponding to CSP hiding and renaming. These are of particular use in describing the refinement between action systems in which the granularity of actions is altered. We derive a simplified expression for hiding sets of actions and present sufficient conditions for forwards simulation in which the concrete system uses hiding and renaming. Both of these reduce the complexity of proofs of refinement. We present a case study in specification and refinement using action systems which makes use of the operations and refinement rules previously defined.

Event-B Decomposition for Parallel Programs — Extended Abstract — ?

2009

We present here an approach for developing a parallel program combining refinement and decomposition techniques. This involves in the first step to abstractly specify the aim of the program, then subsequently introduce shared information between sub-processes via refinement. Afterwards, decomposition is applied to separate the resulting model into sub-models for different processes. These sub-models are later independently developed using refinement. Our approach aids the understanding of parallel programs and reduces the complexity in their proofs of correctness.

Foundations of timed concurrent constraint programming

Proceedings Ninth Annual IEEE Symposium on Logic in Computer Science, 1994

We develop a model for timed, reactive computation by extending the asynchronous, untimed concurrent constraint programming model in a simple and uniform way. In the spirit of process algebras, we develop some combinators expressible in this model, and reconcile their operational, logical and denotational character. We show how programs may be compiled into finite-state machines with loop-free computations at each state, thus guaranteeing bounded response time.

Specifying Concurrent Problems: Beyond Linearizability

2015

Tasks and objects are two predominant ways of specifying distributed problems. A task is specified by an input/output relation, defining for each set of processes that may run concurrently, and each assignment of inputs to the processes in the set, the valid outputs of the processes. An object is specified by an automaton describing the outputs the object may produce when it is accessed sequentially. Thus, tasks explicitly state what may happen only when sets of processes run concurrently, while objects only specify what happens when processes access the object sequentially. Each one requires its own implementation notion, to tell when an execution satisfies the specification. For objects linearizability is commonly used, a very elegant and useful consistency condition. For tasks implementation notions are less explored. These two orthogonal approaches are central, the former in distributed computability, and the later in concurrent programming, yet they have not been unified. Sequential specifications are very convenient, especially important is the locality property of linearizability, which states that one can build systems in a modular way, considering object implementations in isolation. However, many important distributed computing problems, including some well-known tasks, have no sequential specification. Also, tasks are one-shot problems with a semantics that is not fully understood (as we argue here), and with no clear locality property, while objects can be invoked in general several times by the same process. The paper introduces the notion of interval-sequential object. The corresponding implementation notion of interval-linearizability generalizes linearizability, and allows to associate states along the interval of execution of an operation. Interval-linearizability allows to specify any task, however, there are sequential one-shot objects that cannot be expressed as tasks, under the simplest interpretation of a task. It also shows that a natural extension of the notion of a task is expressive enough to specify any interval-sequential object. Thus, on the one hand, interval-sequential linearizability explains in more detail the semantics of a task, gives a more precise implementation notion, and brings a locality property to tasks. On the other hand, tasks provide a static specification for automata-based formalisms.

Concurrent programming made easy

Proceedings Sixth IEEE International Conference on Engineering of Complex Computer Systems. ICECCS 2000, 2000

The task of programming concurrent systems is substantially more dificult than the task of programming sequential systems with respect to both correctness and eflciency. In this paper we describe a constraint-based methodology for writing concurrent applications. A system is modeled as: (a) a set of processes containing a sequence of "markers" denoting the processes points of interest; and (b) a constraint store. Process synchronization is specijied by incrementally adding constraints on the markers' execution order into the constraint store. The constraint store contains a declarative specijication based on a temporal constraint logic program. The store, thus, acts as a coordination entity which on the one hand encapsulates the system synchronization requirements, and on the other hand, provides a declarative specijication of the system concurrency issues, This provide great advantages in writing concurrent programs and manipulating them while preserving correctness.

Pi+-calculus: A calculus for concurrent processes with constraints

1998

The-calculus is a formal model of concurrent computation based on the notion of naming. It has an important role to play in the search for more abstract theories of concurrent and communicating systems. In this paper we augment the-calculus with a constraint store and add the notion of constraint agent to the standard-calculus concept of agent. We call this extension the +-calculus. We also extend the notion of barbed bisimulation to de ne behavioral equivalence for the +-calculus and use it to characterize some equivalent behaviors derived from constraint agents. The paper discusses examples of the extended calculus showing the transparent i n teraction of constraints and communicating processes.

Composing Specifications of Event Based Applications

Lecture Notes in Computer Science, 2003

The event based architectural style has been recognized as fostering the development of large-scale and complex systems by loosely coupling their components. It is therefore increasingly deployed in various environments such as middleware for mobile computing, message oriented middleware, integration frameworks, communication standards, and commercial toolkits. The development of applications based on this paradigm is, however, performed in such an ad-hoc manner that it is often difficult to reason about their correctness. This is partly due to the lack of suitable specification and verification techniques. In this paper, we review the existing theory of specifying and verifying such applications, argue that it cannot be applied for the development of large-scale and complex systems, and finally propose a novel approach (LECAP) for the construction of correct event based applications. Our approach is superior to the existing approaches in many respects: 1) we assume a while-parallel language with a synchronization construct, 2) neither a pending event infrastructure nor a consume statement are required, 3) a dynamic (instead of static) binding is assumed, 4) no restriction is made on the number of simultaneous executions of the same program 5) our approach is oriented towards top-down development of systems. The paper also presents two examples for illustrating the approach.

A Timed Concurrent Constraint Language

Information and Computation, 2000

We study a timed concurrent constraint language, called tccp, which is obtained by a natural timed interpretation of the usual ccp constructs: action-prefixing is interpreted as the next-time operator and the parallel execution of agents follows the scheduling policy of maximal parallelism. Additionally, tccp includes a simple primitive which allows one to specify timing constraints. We define the operational semantics of tccp by means of a transition system and we define a denotational model which is fully abstract with respect to the usual notion of observables (that is, the results of terminating computations). Moreover, we study the semantics and expressive power of the notion of maximal parallelism underlying the computational model of tccp: We define a fully abstract semantics for a sublanguage of tccp, called ccpm, which essentially is concurrent constraint programming, provided that we interpret the parallel operator in terms of maximal parallelism rather than of interleaving. We show that tccp is strictly more expressive than ccpm which, in its turn, is strictly more expressive than ccp.