  1. Advanced Topics in Software Engineering Marjan Sirjani Tehran University Faculty of Engineering ECE Department Tehran, 1383-1384

  2. Subjects to be covered • Modeling concurrency • Formal verification methods • Transition systems • Petri Nets • Process Algebra • Actor Model • Rebeca: an actor-based model • Reo: a coordination language • Constraint automata

  3. Models of concurrency The Temporal Logic of Reactive and Concurrent Systems (Specification), Z. Manna, A. Pnueli, Springer-Verlag, 1992 Part one: Models of Concurrency • Process algebra Communicating Sequential Processes C.A.R. Hoare, 2004

  4. Actors Actors: a Unifying Model for Parallel and Distributed Computing, Agha G., Kim W., Open Systems Laboratory, 1998. • Rebeca  Modeling and Verification of Reactive Systems using Rebeca, Sirjani M., Movaghar A, Shali A., and de Boer F., Fundamenta Informaticae, Dec. 2004

  5. Coordination languages • Reo: A Channel-based Coordination Model for Component Composition, F. Arbab, Mathematical Structures in Computer Science, 2004 • Modeling Component Connectors in Reo by Constraint Automata, F. Arbab, C. Baier, J.J.M.M. Rutten and M. Sirjani, in Proceedings of FOCLASA'03, Marseille, France, September 2003, ENTCS, Elsevier Science.

  6. Overview • Concurrent and Reactive Systems • Formal methods • Modeling language • Process algebra, Petri nets, Actor languages • Specification language • Temporal logic, Automata • Analysis • Theorem proving, Model checking

  7. Models of Concurrency Manna, chapter 1,2

  8. Chapter 1- Basic Models • Programs and systems they control • Transformational • Reactive

  9. Transformational program • More conventional • Produce final result at the end of a terminating computation • A function from an initial state to a final state • Appropriately specified by properly characterizing the relation between initial and final states: predicate logic

  10. Reactive program • Not to produce a final result but to maintain some ongoing interaction with its environment

  11. Reactivity and Concurrency • Program and its environment act concurrently • in transformational case, they act sequentially • When we have parallel processes, even if the whole program has a transformational role, it should be analyzed as a reactive system.

  12. Reactive systems • Communication • Coordination

  13. Communication • Shared variables • Message passing • Remote procedure calls

  14. Coordination • Semaphores • Critical regions • Monitors • Handshaking • Rendezvous • Asynchronous transmission

  15. The Generic Model • V – Vocabulary • E – Expressions • A – Assertions • I - Interpretations

  16. V – Vocabulary • A countable set of typed variables. • Data variables • Range over data domains used in programs, such as booleans, integers, or lists. • Control variables • Indicate progress in the execution of a program, range over locations in the program.

  17. E – Expressions • Expressions are constructed from the variables of V and constants (such as +,•,) and predicates (such as >, null, and ) over the appropriate domains (such as integers, lists, and sets) are applied. • x+3y hd(u) •tl(v) A  B

  18. A – Assertions • Assertions are constructed out of boolean expressions using boolean connectives and quantification(,) over some variables that appear in the expressions.

  19. I – Interpretation • An interpretation I I of a set of typed variables VV is a mapping that assigns to each variable y  V a value I[y] in the domain of y. • If I[]=T, we say I satisfies  : I |= 

  20. Basic Transition System A basic transition system (,,,), intended to represent a reactive program. • ={u1,…,u2}  V – a finite set of flexible state variables. •  - a set of states. •  - a finite set of transitions. •  - an initial condition.

  21. ={u1,…,u2}  V – a finite set of flexible state variables. • Data variables • Explicitly declared and manipulated • Control variables • Represent progress in the execution of the program (label of a statement)

  22.  - a set of states. • Each state s in  is an interpretation of , assigning to each variable u in  a value over its domain, denoted by s[u]. • A state s that satisfies an assertion , i.e., s |=  , is sometimes referred to as –state.

  23.  - a finite set of transitions. • Each transition  in T represents a state-transforming action of the system and is defined as a function  :   2  that maps a state s in  into the (possibly empty) set of states (s) that can be obtained by applying action  to state s.

  24.  - an initial condition. • This assertion characterizes the states at which execution of the program can begin. • A state s that satisfies , i.e., s |=  , is called an initial state.

  25. The Transition Relation  • Each transition  is characterized by an assertion, called the transition relation (,’) (,’): C ()  (y’1=e1)  … (y’k=ek) Enabling condition: C () Conjunction of modification statements

  26. Enabled and disabled transitions • Idling and diligent transitions • Computation: infinite sequence of steps • Computation prefix • Reachable states

  27. Concrete models • Model 1: Transition Diagram • Model 2: Shared-Variables text • Model 3: Message-Passing text • Model 4: Petri Nets

  28. Model 1 : Transition diagrams • Program P, and processes Pi • P::[declaration][P1 || P2 … ||Pm] m>=1 • Data variables Y={y1, …, yn} n>=1 • Shared for all the processes

  29. Declarations • At the head of the program • Modes, Types, Initial conditions mode var, …,var: type where i • Mode: in, local, out • Types: basic (int,char), structured (array, list, set) • Assertion i , imposes constraint on the values of some of the variables in this statement

  30. in k,n :integer where 0kn local y1,y2 : integer where y1=n  y2=1 out b : integer where b=1 Data precondition of the program  i  : 0kn  y1=n  y2=1  b=1

  31. Processes • Each process Pi is represented by a transition diagram (directed graph) • Nodes: locations • For Pi : Li ={li0, li1 , … , liti} • Entry and exit locations • Edges: (atomic) instructions • Guarded assignment • c  [(y1, …):=(e1, …)] • State of a program: Control variables (i current location of control in Pi)+ data variables

  32. Diagrams as Basic Transition Systems • State variables • States • Transition • Initial condition

  33. State variables • All the data and control variables •  = {1, …, m, y1, … , yn} • States • All the possible interpretations that assign to the state variables values over their respective domains. • Domain of control variable I is the set of locations Li

  34. Transition • Idling transition I is defined by transition relation I : T • Diligent transitions: labeled edges that appear within the processes.

  35. C  [yi := ei] l’ l  • is the edge.  : (i =l)  c  (’i=l~)  (yi =ei)

  36. Initial condition • Program P: [dcl where ][P1 || … || Pm] • Initial condition  :   /\i=1m (I = loi) • A process is enabled, or disabled on a state.

  37. Example: Binomial coefficient ( nk ) = (n(n-1)…(n-k+1)) / (1.2….k)

  38. Representing Concurrency by Interleaving X=0,Y=0 X=0,Y=0 Y:=1 X:=1 X:=1 Y:=1 X:=1 Y:=1 Process P1 Process P2 Program B Program A

  39. Scheduling • The choice of the enabled transition to be executed next. • A sequence of choices that leads to a complete computation is called a schedule.

  40. Model 2: shared-variable text

