400 likes | 632 Vues
Advanced Topics in Software Engineering. Marjan Sirjani Tehran University Faculty of Engineering ECE Department Tehran, 1383-1384. Subjects to be covered. Modeling concurrency Formal verification methods Transition systems Petri Nets Process Algebra Actor Model
E N D
Advanced Topics in Software Engineering Marjan Sirjani Tehran University Faculty of Engineering ECE Department Tehran, 1383-1384
Subjects to be covered • Modeling concurrency • Formal verification methods • Transition systems • Petri Nets • Process Algebra • Actor Model • Rebeca: an actor-based model • Reo: a coordination language • Constraint automata
Models of concurrency The Temporal Logic of Reactive and Concurrent Systems (Specification), Z. Manna, A. Pnueli, Springer-Verlag, 1992 Part one: Models of Concurrency • Process algebra Communicating Sequential Processes C.A.R. Hoare, 2004
Actors Actors: a Unifying Model for Parallel and Distributed Computing, Agha G., Kim W., Open Systems Laboratory, 1998. • Rebeca Modeling and Verification of Reactive Systems using Rebeca, Sirjani M., Movaghar A, Shali A., and de Boer F., Fundamenta Informaticae, Dec. 2004
Coordination languages • Reo: A Channel-based Coordination Model for Component Composition, F. Arbab, Mathematical Structures in Computer Science, 2004 • Modeling Component Connectors in Reo by Constraint Automata, F. Arbab, C. Baier, J.J.M.M. Rutten and M. Sirjani, in Proceedings of FOCLASA'03, Marseille, France, September 2003, ENTCS, Elsevier Science.
Overview • Concurrent and Reactive Systems • Formal methods • Modeling language • Process algebra, Petri nets, Actor languages • Specification language • Temporal logic, Automata • Analysis • Theorem proving, Model checking
Models of Concurrency Manna, chapter 1,2
Chapter 1- Basic Models • Programs and systems they control • Transformational • Reactive
Transformational program • More conventional • Produce final result at the end of a terminating computation • A function from an initial state to a final state • Appropriately specified by properly characterizing the relation between initial and final states: predicate logic
Reactive program • Not to produce a final result but to maintain some ongoing interaction with its environment
Reactivity and Concurrency • Program and its environment act concurrently • in transformational case, they act sequentially • When we have parallel processes, even if the whole program has a transformational role, it should be analyzed as a reactive system.
Reactive systems • Communication • Coordination
Communication • Shared variables • Message passing • Remote procedure calls
Coordination • Semaphores • Critical regions • Monitors • Handshaking • Rendezvous • Asynchronous transmission
The Generic Model • V – Vocabulary • E – Expressions • A – Assertions • I - Interpretations
V – Vocabulary • A countable set of typed variables. • Data variables • Range over data domains used in programs, such as booleans, integers, or lists. • Control variables • Indicate progress in the execution of a program, range over locations in the program.
E – Expressions • Expressions are constructed from the variables of V and constants (such as +,•,) and predicates (such as >, null, and ) over the appropriate domains (such as integers, lists, and sets) are applied. • x+3y hd(u) •tl(v) A B
A – Assertions • Assertions are constructed out of boolean expressions using boolean connectives and quantification(,) over some variables that appear in the expressions.
I – Interpretation • An interpretation I I of a set of typed variables VV is a mapping that assigns to each variable y V a value I[y] in the domain of y. • If I[]=T, we say I satisfies : I |=
Basic Transition System A basic transition system (,,,), intended to represent a reactive program. • ={u1,…,u2} V – a finite set of flexible state variables. • - a set of states. • - a finite set of transitions. • - an initial condition.
={u1,…,u2} V – a finite set of flexible state variables. • Data variables • Explicitly declared and manipulated • Control variables • Represent progress in the execution of the program (label of a statement)
- a set of states. • Each state s in is an interpretation of , assigning to each variable u in a value over its domain, denoted by s[u]. • A state s that satisfies an assertion , i.e., s |= , is sometimes referred to as –state.
- a finite set of transitions. • Each transition in T represents a state-transforming action of the system and is defined as a function : 2 that maps a state s in into the (possibly empty) set of states (s) that can be obtained by applying action to state s.
- an initial condition. • This assertion characterizes the states at which execution of the program can begin. • A state s that satisfies , i.e., s |= , is called an initial state.
The Transition Relation • Each transition is characterized by an assertion, called the transition relation (,’) (,’): C () (y’1=e1) … (y’k=ek) Enabling condition: C () Conjunction of modification statements
Enabled and disabled transitions • Idling and diligent transitions • Computation: infinite sequence of steps • Computation prefix • Reachable states
Concrete models • Model 1: Transition Diagram • Model 2: Shared-Variables text • Model 3: Message-Passing text • Model 4: Petri Nets
Model 1 : Transition diagrams • Program P, and processes Pi • P::[declaration][P1 || P2 … ||Pm] m>=1 • Data variables Y={y1, …, yn} n>=1 • Shared for all the processes
Declarations • At the head of the program • Modes, Types, Initial conditions mode var, …,var: type where i • Mode: in, local, out • Types: basic (int,char), structured (array, list, set) • Assertion i , imposes constraint on the values of some of the variables in this statement
in k,n :integer where 0kn local y1,y2 : integer where y1=n y2=1 out b : integer where b=1 Data precondition of the program i : 0kn y1=n y2=1 b=1
Processes • Each process Pi is represented by a transition diagram (directed graph) • Nodes: locations • For Pi : Li ={li0, li1 , … , liti} • Entry and exit locations • Edges: (atomic) instructions • Guarded assignment • c [(y1, …):=(e1, …)] • State of a program: Control variables (i current location of control in Pi)+ data variables
Diagrams as Basic Transition Systems • State variables • States • Transition • Initial condition
State variables • All the data and control variables • = {1, …, m, y1, … , yn} • States • All the possible interpretations that assign to the state variables values over their respective domains. • Domain of control variable I is the set of locations Li
Transition • Idling transition I is defined by transition relation I : T • Diligent transitions: labeled edges that appear within the processes.
C [yi := ei] l’ l • is the edge. : (i =l) c (’i=l~) (yi =ei)
Initial condition • Program P: [dcl where ][P1 || … || Pm] • Initial condition : /\i=1m (I = loi) • A process is enabled, or disabled on a state.
Example: Binomial coefficient ( nk ) = (n(n-1)…(n-k+1)) / (1.2….k)
Representing Concurrency by Interleaving X=0,Y=0 X=0,Y=0 Y:=1 X:=1 X:=1 Y:=1 X:=1 Y:=1 Process P1 Process P2 Program B Program A
Scheduling • The choice of the enabled transition to be executed next. • A sequence of choices that leads to a complete computation is called a schedule.