processos e concorr^encia 2016/17 bloco de slides 1alfa.di.uminho.pt/~madeira/uc/bloco1.pdf ·...
TRANSCRIPT
Processos e Concorrencia 2016/17Bloco de Slides 1
Alexandre MadeiraHASLab INESC TEC, DI UMINHO
Febrary 10, 2016
Reactive systems
Reactive system
system that computes by reacting to stimuli from its environment alongits overall computation
• in contrast to sequential systems whose meaning is defined by theresults of finite computations, the behaviour of reactive systems ismainly determined by interaction of non-terminating processesevolving concurrently.
• observation ≡ interaction
• behaviour ≡ a structured record of interactions
Reactive systems
Reactive system
system that computes by reacting to stimuli from its environment alongits overall computation
• in contrast to sequential systems whose meaning is defined by theresults of finite computations, the behaviour of reactive systems ismainly determined by interaction of non-terminating processesevolving concurrently.
• observation ≡ interaction
• behaviour ≡ a structured record of interactions
Labelled Transition System
DefinitionA LTS over a set N of names is a tuple 〈S ,N, ↓,→〉 where
• S = {s0, s1, s2, ...} is a set of states
• ↓ ⊆ S is the set of terminating or final states
↓ s ≡ s ∈ ↓
• → ⊆ S × N × S is the transition relation, often given as anN-indexed family of binary relations
sa−→ s ′ ≡ 〈s, a, s ′〉 ∈ →
Labelled Transition System
MorphismA morphism relating two LTS over N, 〈S ,N, ↓,−→〉 and 〈S ′,N, ↓′,−→′〉,is a function h : S → S ′ st
sa−→ s ′ ⇒ h(s)
a−→′h(s ′)
s ↓ ⇒ h(s) ↓′
morphisms preserve transitions and termination
Labelled Transition System
SystemGiven a LTS 〈S ,N, ↓,−→〉, each state s ∈ S determines a system over allstates reachable from s and the corresponding restrictions of −→ and ↓.
Reachability
DefinitionThe reachability relation, →∗⊆ S × N∗ × S , is defined inductively
• sε−→∗s for each s ∈ S , where ε ∈ N∗ denotes the empty word;
• if sa−→ s ′′ and s ′′
σ−→∗s ′ then s
aσ−→∗s ′, for a ∈ N, σ ∈ N∗
Reachable statet ∈ S is reachable from s ∈ S iff there is a word σ ∈ N∗ st s
σ−→∗t
Reachability
DefinitionThe reachability relation, →∗⊆ S × N∗ × S , is defined inductively
• sε−→∗s for each s ∈ S , where ε ∈ N∗ denotes the empty word;
• if sa−→ s ′′ and s ′′
σ−→∗s ′ then s
aσ−→∗s ′, for a ∈ N, σ ∈ N∗
Reachable statet ∈ S is reachable from s ∈ S iff there is a word σ ∈ N∗ st s
σ−→∗t
LTS classification
An LTS 〈S ,N , ↓,−→〉 is said
deterministic if for each s ∈ S , a ∈ N, there is at most an s ′ ∈ Ssuch that s
a−→ s ′, i.e., if sa−→ s ′ and s
a−→ s ′′, thens ′ = s ′′.
non deterministic if it is not deterministic
finite if {s a−→ s ′|s ∈ S , a ∈ N} is finite
finitely branching if each node has only finitely many outgoingtransitions, i.e., for any s ∈ S , {s ′ a−→ s|a ∈ A, s ′ ∈ S}is finite
image finite if, for each a ∈ N, each node has only finitely manyoutgoing a-transitions, i.e., for each s ∈ S , a ∈ N,{s ′|s a−→ s ′} is finite
LTS classification
An LTS 〈S ,N , ↓,−→〉 is said
deterministic if for each s ∈ S , a ∈ N, there is at most an s ′ ∈ Ssuch that s
a−→ s ′, i.e., if sa−→ s ′ and s
a−→ s ′′, thens ′ = s ′′.
non deterministic if it is not deterministic
finite if {s a−→ s ′|s ∈ S , a ∈ N} is finite
finitely branching if each node has only finitely many outgoingtransitions, i.e., for any s ∈ S , {s ′ a−→ s|a ∈ A, s ′ ∈ S}is finite
image finite if, for each a ∈ N, each node has only finitely manyoutgoing a-transitions, i.e., for each s ∈ S , a ∈ N,{s ′|s a−→ s ′} is finite
LTS classification
An LTS 〈S ,N , ↓,−→〉 is said
deterministic if for each s ∈ S , a ∈ N, there is at most an s ′ ∈ Ssuch that s
a−→ s ′, i.e., if sa−→ s ′ and s
a−→ s ′′, thens ′ = s ′′.
non deterministic if it is not deterministic
finite if {s a−→ s ′|s ∈ S , a ∈ N} is finite
finitely branching if each node has only finitely many outgoingtransitions, i.e., for any s ∈ S , {s ′ a−→ s|a ∈ A, s ′ ∈ S}is finite
image finite if, for each a ∈ N, each node has only finitely manyoutgoing a-transitions, i.e., for each s ∈ S , a ∈ N,{s ′|s a−→ s ′} is finite
LTS classification
An LTS 〈S ,N , ↓,−→〉 is said
deterministic if for each s ∈ S , a ∈ N, there is at most an s ′ ∈ Ssuch that s
a−→ s ′, i.e., if sa−→ s ′ and s
a−→ s ′′, thens ′ = s ′′.
non deterministic if it is not deterministic
finite if {s a−→ s ′|s ∈ S , a ∈ N} is finite
finitely branching if each node has only finitely many outgoingtransitions, i.e., for any s ∈ S , {s ′ a−→ s|a ∈ A, s ′ ∈ S}is finite
image finite if, for each a ∈ N, each node has only finitely manyoutgoing a-transitions, i.e., for each s ∈ S , a ∈ N,{s ′|s a−→ s ′} is finite
LTS classification
An LTS 〈S ,N , ↓,−→〉 is said
deterministic if for each s ∈ S , a ∈ N, there is at most an s ′ ∈ Ssuch that s
a−→ s ′, i.e., if sa−→ s ′ and s
a−→ s ′′, thens ′ = s ′′.
non deterministic if it is not deterministic
finite if {s a−→ s ′|s ∈ S , a ∈ N} is finite
finitely branching if each node has only finitely many outgoingtransitions, i.e., for any s ∈ S , {s ′ a−→ s|a ∈ A, s ′ ∈ S}is finite
image finite if, for each a ∈ N, each node has only finitely manyoutgoing a-transitions, i.e., for each s ∈ S , a ∈ N,{s ′|s a−→ s ′} is finite
LTS classification
An LTS 〈S ,N , ↓,−→〉 is said
deterministic if for each s ∈ S , a ∈ N, there is at most an s ′ ∈ Ssuch that s
a−→ s ′, i.e., if sa−→ s ′ and s
a−→ s ′′, thens ′ = s ′′.
non deterministic if it is not deterministic
finite if {s a−→ s ′|s ∈ S , a ∈ N} is finite
finitely branching if each node has only finitely many outgoingtransitions, i.e., for any s ∈ S , {s ′ a−→ s|a ∈ A, s ′ ∈ S}is finite
image finite if, for each a ∈ N, each node has only finitely manyoutgoing a-transitions, i.e., for each s ∈ S , a ∈ N,{s ′|s a−→ s ′} is finite
Automata
Back to old friends?
automaton behaviour ≡ accepted language
Recall that finite automata recognize regular languages, i.e. generatedby
• L1 + L2 := L1 ∪ L2 (union)
• L1 · L2 := {st|s ∈ L1, t ∈ L2} (concatenation)
• L∗ := {ε} ∪ L ∪ (L · L) ∪ (L · L · L) ∪ ... (iteration)
Automata
There is a syntax to specify such languages:
E ::= ε | a | E + E | E E | E∗
where a ∈ Σ.
and an algebra of regular expressions:
(E1 + E2) + E3 = E1 + (E2 + E3)
(E1 + E2)E3 = E1 E3 + E2 E3
E1 (E2 E1)∗ = (E1 E2)∗ E1
Automata
There is a syntax to specify such languages:
E ::= ε | a | E + E | E E | E∗
where a ∈ Σ.and an algebra of regular expressions:
(E1 + E2) + E3 = E1 + (E2 + E3)
(E1 + E2)E3 = E1 E3 + E2 E3
E1 (E2 E1)∗ = (E1 E2)∗ E1
After thoughts
... need more general models and theories:
• Several interaction points ( 6= functions)
• Need to distinguish normal from anomolous termination (egdeadlock)
• Non determinisim should be taken seriously: the notion ofequivalence based on accepted language is blind wrt nondeterminism
• Moreover: the reactive characters of systems entails that not onlythe generated language is important, but also the states traversedduring an execution of the automata.
The course
Aims
• To become familiar with reactive systems, emphasizing theirconcurrent composition and continuous interaction with theirenvironement
• To introduce techniques for (formal) specification, analysis andverification of reactive systems
The course
1 Basic models for reactive systems(state, behaviour, interaction, concurrency)
1 Labelled transition systems2 Processes and behaviour3 Similarity and bisimilarity
2 Process algebras
1 CCS2 (Overview in Abstract Data Types specification)3 mCRL2
3 Logics for reactive systems
1 Hennessy-Milner logic and its extensions2 Modal, hybrid and temporal logics3 Specification and verification of logic constraints4 Introduction to model-checking techniques
The course
Assignment
• final test 70%
• project in mCRL2 30%
The course
bibliography
Main reference:
you can get a free preprint of the first athttp://www.win.tue.nl/∼jfg/educ/2IW26/lente2014/mcrl2-book.pdf
Course web site:http://alfa.di.uminho.pt/∼madeira/IntConc.html
Exercise
• Describe each behaviour and distinguish between the twoalarm clocks.
• Describe these graphical specifications in the form of alabelled transition system conforming to the formal definition.
• Modify the previous specification to express a situation inwhich it is unclear how often the alarm can be repeated.
Exercise
• Draw the behaviour of an alarm clock where it is always possible todo a set or a reset action.
• Draw the behaviour of an alarm clock with unreliable buttons.When pressing the set button the alarm clock can be set, but thisdoes not need to be the case. Similarly for the reset button.Pressing it can reset the alarm clock, but the clock can also stay ina state where an alarm is still possible.
• Draw the behaviour of an alarm clock where the alarm sounds atmost three times when no other action interferes.