Synthesizing Concurrency Control Components from Process Algebraic Specifications (original) (raw)

Algebraic Specification of Concurrent Systems

Algebraic Foundations of Systems Specification, 1999

This article presents an extension of the formalism of algebraic specifications to the specification of concurrent systems. The key concept is that of process specifications, which have two hierarchical layers: processes and data. Processes apply to data via an application operator, eventually yielding a set of data as a result. Syntax and semantics of process specifications are presented, with emphasis on methodological issues (how to write hierarchically consistent and complete specifications). A suitable notion of observational congruence is introduced and characterized. A notion of implementation is denned, and a general method for proving correction is considered, based on the notion of serializability proof. A primitive for putting specifications together, in parellel, is analyzed. Finally, richer primitives for building basic specifications are discussed. Our proposal is illustrated via several examples inciuding the one of the systematic, stepwise development of a complex specification. * Partially supported by the Esprit 432 METEOR project.

Towards Action-Refinement in Process Algebras

Information and Computation, 1993

ory of concurrency; the symbol ; represents We present a simple process algebra which supports a form of refinement of an action by a process and address the question of a n appropriate equivalence relation for it. The main result of the paper is that an adequate equivalence can be defined in a very intuitive manner and moreover can be axiomatized in much the same way as the standard behavioural equivalences.

Reasoning about Nondeterministic and Concurrent Actions: A Process Algebra Approach

In this paper, we study reasoning about actions fol- lowing a model checlcing approach in contrast to the usual validity checlcing one. Specifically, we model a dynamic system as a transition graph which represents all the possible system evolutions in terms of state changes caused by actions. Such a transition graph is defined by means of a suitable process algebra asso- ciated with an explicit global store. To reason about system properties we introduce an extension of modal p-calculus. This setting, although directly applica- ble only when complete information on the system is available, has several interesting features for reasoning about actions. On one hand, it inherits from the vast literature on process algebras tools for dealing with complex systems, treating suitably important aspects like parallelism, communications, interruptions, coor- dinations among agents. On the other hand, reasoning by model checking is typically much easier than more general logical services such ...

Using Answer Set Programming Solvers to Synthesize Concurrent Programs

Research Report Series of Iasi Cnr Rome Italy, 2012

We address the problem of the automatic synthesis of concurrent programs within a framework based on Answer Set Programming (ASP). Every concurrent program to be synthesized is specified by providing both the behavioural and the structural properties it should satisfy. Behavioural properties, such as safety and liveness properties, are specified by using formulas of the Computation Tree Logic, which are encoded as a logic program. Structural properties, such as the symmetry of processes, are also encoded as a logic program. Then, the program which is the union of these two encoding programs, is given as input to an ASP system which returns as output a set of answer sets. Finally, each answer set is decoded into a synthesized program that, by construction, satisfies the desired behavioural and structural properties. 4. proofs of the results presented in the paper, and the ASP source code of our synthesis procedure. 2. Preliminaries Let us recall some basic notions and terminology we will use. We will present: (i) the syntax of (a variant of) the guarded commands [10], which we use for defining concurrent programs, (ii) some basic notions of group theory, which are required for defining symmetric concurrent programs, and (iii) some fundamental concepts of Computation Tree Logic and of Answer Set Programming, which we use for our synthesis method. 2.1. Guarded commands The guarded commands we consider are defined from the following two basic sets: (i) variables, v in Var , each ranging over a finite domain D v , and (ii) guards, g in Guard , of the form: g ::= true | false | v = d | ¬ g | g 1 ∧ ∧ g 2 , with v ∈ Var and d ∈ D v. We also have the following derived sets whose definitions are mutually recursive: (iii) commands, c in Command , of the form: c ::= skip | v := d | c 1 ; c 2 | if gc fi | do gc od , where ';' denotes the sequential composition of commands which is associative, and (iv) guarded commands, gc in GCommand , of the form: gc ::= g → c | gc 1 gc 2 , where ' ' denotes the parallel composition of guarded commands which is associative and commutative. The operational semantics of commands can be described in an informal way as follows. skip does nothing. v := d stores the value d in the location of the variable v. In order to execute c 1 ; c 2 the command c 1 is executed first, and then the command c 2 is executed. In order to execute if gc 1. .. gc n fi, with n ≥ 1, one of the guarded commands g → c in {gc 1 ,. .. , gc n } whose guard g evaluates to true, is chosen, and then c is executed; otherwise, if no guard of a guarded command in {gc 1 ,. .. , gc n } evaluates to true, then the whole command if. .. fi terminates with failure. In order to execute do gc 1. .. gc n od, with n ≥ 1, one of the guarded commands g → c in {gc 1 ,. .. , gc n } whose guard g evaluates to true, is chosen, then c is executed and the whole command do. .. od is executed again; otherwise, if no guard of a guarded command in {gc 1 ,. .. , gc n } evaluates to true, then the execution proceeds with the next command. The formal semantics of commands will be given in the next section. 2.2. Groups A group G is a pair S , • , where S is a set and • is a binary operation on S satisfying the following axioms: (i) ∀x, y ∈ S. x•y ∈ S, (ii) ∀x , y, z ∈ S. (x •y)•z = x •(y •z), (iii) ∃e ∈ S. ∀x ∈ S. e•x = x•e = x, and (iv) ∀x ∈ S. ∃y ∈ S. x•y = y•x = e. The element e is the identity of the group G and the cardinality of S is the order of the group G. For any x ∈ S, for any n ≥ 0, we write x n to denote the term x•.. .•x with n occurrences of x. We stipulate that x 0 is e. A group G = S , • is said to be cyclic iff there exists an element x ∈ S, called a generator, such that S = {x n | n ≥ 0}. We denote by Perm(S) the set of all permutations on the set S, that is, the set of all bijections from S to S. Perm(S) is a group whose operation • is function composition and the identity e is the identity permutation, denoted id. Given a finite set S, the order of a permutation p in Perm(S) is the smallest natural number n such that p n = id. 5. 2.3. Computation Tree Logic Computation Tree Logic (CTL) is a propositional branching time temporal logic [8]. The underling time structure is a tree of states. Every state denotes an instant in time and may have many successor states. There are quantifiers over paths of the tree: A (for all paths) and E (for some path), which are used for specifying properties that hold for all paths or for some path, respectively. Together with these quantifiers, there are temporal operators such as: X (next state), F (eventually), G (globally), and U (until), which are used for specifying properties that hold in the states along paths of the tree. Their formal semantics will be given below. Given a finite nonempty set Elem of elementary propositions ranged over by p, the syntax of CTL formulas ϕ is as follows: ϕ ::= p | ϕ 1 ∧ ∧ ϕ 2 | ¬ϕ | EX ϕ | EG ϕ | E[ϕ 1 U ϕ 2 ] We introduce the following abbreviations: (i) true for ϕ ∨ ∨ ¬ϕ, where ϕ is any CTL formula, (ii) false for ¬true, (iii) ϕ 1 ∨ ∨ ϕ 2 for ¬(¬ϕ 1 ∧ ∧ ¬ϕ 2), (iv) EFϕ for E[true U ϕ] (v) AG ϕ for ¬EF ¬ϕ, (vi) AF ϕ for ¬EG ¬ϕ, (vii) A[ ϕ 1 Uϕ 2 ] for ¬E[¬ϕ 2 U (¬ϕ 1 ∧ ∧ ¬ϕ 2)] ∧ ∧ AF ϕ 2 , and (viii) AX ϕ for ¬EX ¬ ϕ. The semantics of CTL is provided by a Kripke structure K = S, S 0 , R, λ , where: (i) S is a finite set of states, (ii) S 0 ⊆ S is a set of initial states, (iii) R ⊆ S × S is a total transition relation (thus, ∀u ∈ S. ∃v ∈ S. u, v ∈ R), and (iv) λ : S → P(Elem) is a total labelling function that assigns to every state s ∈ S a subset λ(s) of the set Elem. A path π in K from a state s 0 is an infinite sequence s 0 , s 1 ,. .. of states such that, for all i ≥ 0, s i , s i+1 ∈ R. The fact that a CTL formula ϕ holds in a state s of a Kripke structure K will be denoted by K, s ϕ. For any CTL formula ϕ and state s, we define the relation K, s ϕ as follows: K,s p iff p ∈ λ(s) K,s ¬ ϕ iff K,s ϕ does not hold K,s ϕ 1 ∧ ∧ ϕ 2 iff K,s ϕ 1 and K,s ϕ 2 K,s EX ϕ iff there exists s, t ∈ R such that K,t ϕ K,s E[ϕ 1 U ϕ 2 ] iff there exists a path s 0 ,s 1 ,s 2 ,.. . in K with s 0 = s such that for some i ≥ 0, K,s i ϕ 2 and for all 0 ≤ j < i, K,s j ϕ 1 K,s EG ϕ iff there exists a path s 0 ,s 1 ,s 2 ,.. . in K with s 0 = s such that for all i ≥ 0, K,s i ϕ.

Translating concurrent action oriented specifications to synchronous guarded actions

2010

Abstract Concurrent Action-Oriented Specifications (CAOS) model the be-havior of a synchronous hardware circuit as asynchronous guarded actions at an abstraction level higher than the Register Transfer Level (RTL). Previous approaches always considered the compilation of CAOS, which includes a transformation of the under-lying model of computation and the scheduling of guarded actions per clock cycle, as a tightly integrated step.

Pi+-calculus: A calculus for concurrent processes with constraints

1998

The-calculus is a formal model of concurrent computation based on the notion of naming. It has an important role to play in the search for more abstract theories of concurrent and communicating systems. In this paper we augment the-calculus with a constraint store and add the notion of constraint agent to the standard-calculus concept of agent. We call this extension the +-calculus. We also extend the notion of barbed bisimulation to de ne behavioral equivalence for the +-calculus and use it to characterize some equivalent behaviors derived from constraint agents. The paper discusses examples of the extended calculus showing the transparent i n teraction of constraints and communicating processes.

An exercise in formalizing the description of a concurrent system

Software: Practice and Experience, 1992

LOTOS is one of the most recent formal description languages to appear and one of very few with a standard definition. It has both a process algebra and an abstract data-type component, and these facilities are used in combination to describe the behaviour of concurrent systems. The purpose of this paper is to examine, in a tutorial style, what is involved in constructing and taking benefit from such descriptions. The presentation is illustrated through the development of two formal descriptions for the children's game of pass-the-parcel. These descriptions and a concise summary of the main features of LOTOS are given as appendices. Many of the points made in the paper apply equally well to other process-oriented languages such as CCS and CSP.

Programming in concurrent logic languages

IEEE Software, 1995

The principle behind concurrent logic programming is a set of processes which cooperate in monotonically constraining a global set of variables to particular values. Each process will have access to only some of the variables, and a process may bind a variable to a tuple containing further variables which may be bound later by other processes. This is a suitable model for a coordination language. In this paper we describe a type system which ensures the cooperation principle is never breached, and which makes clear through syntax the pattern of data flow in a concurrent logic program. This overcomes problems previously associated with the practical use of concurrent logic languages.

A tactic language for refinement of state-rich concurrent specifications

Science of Computer Programming, 2011

Circus is a refinement language in which specifications define both data and behavioural aspects of concurrent systems using a combination of Z and CSP. Its refinement theory and calculus are distinctive, but since refinements may be long and repetitive, the practical application of this technique can be hard. Useful strategies have been identified, described, and used, and by documenting them as tactics, they can be expressed and repeatedly applied as single transformation rules. Here, we present ArcAngelC , a language for defining such tactics; we present the language, its semantics, and its application in the formalisation of an existing strategy for verification of Ada implementations of control systems specified by Simulink diagrams. We also discuss its mechanisation in a theorem prover, ProofPower-Z.

A process algebra for synchronous concurrent constraint programming

Lecture Notes in Computer Science, 1996

Concurrent constraint programming is classically based on asynchronous communication via a shared store. Synchrony can be achieved by forcing concurrently running ask and tell primitives to synchronise on \new common information". This paper outlines this framework, called Scc, and develops an algebraic semantics for it. The Scc framework is shown to share similarities with both the traditional concurrent constraint setting and algebraic languages like CCS but also to have major di erences which requires the use of new techniques in formulating the algebraic semantics. Among these are the introduction of an auxiliary communication operator to handle the treatment of synchrony and the extension of the concept of cylindric algebras by allowing the hiding of the empty set of variables in order to permit local computations. More importantly, new axioms have been introduced to describe our variants of the tell and ask primitives. The algebraic semantics is proved to be sound and complete with respect to a compositional operational semantics which is also presented in the paper.