Formalisms for Concurrent Systems Philippe Giabbanelli CMPT 894 – Spring 2008

Formalisms for Concurrent Systems

Philippe Giabbanelli CMPT 894 – Spring 2008

1

What is a process algebra?

How did it evolve through the years and where does it go?

Algebraic Process Verification has been presented briefly in the 5th session through the example of µCRL.

We will present it more generally, so that we have a better idea of it.

Can we have some more general?

Once we are familiar with the main concepts, we will move on to something bigger…

I’ve heard about Petri nets for modelling… what’s that?

Process Algebra Complements Process Rewrite Systems

2

What is a process algebra ?• When we speak of a process, we speak of the behaviour of a system.

• A system is anything that does things : a program or a machine perform some actions, as well as a human (walk, stop, grab food, eat, …).

• A behaviour is the set of actions that a system can perform, with the order in which actions can be done, as sometimes other aspects (probabilities, timing…).

• So, we are interested in describing the set of actions done by a system. We cannot describe everything: we have to be limited to some aspects. Thus, we are considering an abstraction of the real behaviour.

• We observe a behaviour, and an action is a unit of observation.

• In a simple approach, actions are considered discrete: they appear at some time, and different actions appear at different times.

• A process is sometimes called discrete event system.


3

What is a process algebra ?

• The simplest way to think of a behaviour is as an input/output function. It led to the theory of finite states automaton : a process is made of states, and transitions denote actions.

• Equivalence is an important notion: when are two processes equivalent?

• On finite state automaton, the equivalence is rather easy: equivalence of language by regular expressions.

• A behaviour is a run from the initial state to a final state. The possible behaviours are all the runs from the initial state to a final state.

• Thus, we have nice models for processes such as finite state automata, Turing machines, lambda calcul, Post systems, Markov systems, Random Access machines, etc. But there is something missing…


4

What is a process algebra ?

• One approach for the theory of concurrency is the algebraic one.

• Domain of process + operators satisfying axioms = Process Algebra.

• First of all, some systems are not designed to ‘stop and produce a result’. They sit there and react to some stimulis (reactive systems).

• Furthermore, processes can have interactions between them and, even if they would eventually stop and produce a result, this result might not be determined only the process but rather by the whole interactions.

• If we want to handle all possible systems, we must be able to deal with parallel or distributed systems, i.e. with the theory of concurrency.

• In summary, process algebra consists of studying behaviour of parallel systems from an algebraic approach. We have processes, and we define operators over them, satisfying a set of axioms or rules.


5

Process algebra = processes + operators with axioms

• Which operators do we need to have enough expresiveness?

∙ parallel composition ∙ alternative composition (choice)

∙ sequential composition

• It doesn’t mean that we need to define three operators as the ‘basis’: one of them might be built from two others under some laws. It means that if we have those three ones, we can express a reasonable number of things.

|| + ;

• The symbols we are using are common but are not the only ones. There is pretty much no standard so far: the symbols depend on which process algebra we choose, as we shall see in the next slides.


6

Process algebra = processes + operators with axioms

∙ parallel composition ∙ alternative composition (choice)

∙ sequential composition

|| + ;• What does an axiom or rule looks like?

∙ x + y = y + x (commutativity of alternative composition)∙ x + (y + z) = (x + y) + z (associativity of alt. compo.)

∙ x + x = x (idempotency of alternative composition)

∙ (x + y) ; z = x ;z + y ;z (right distributivity of + over ;)

∙ (x ; y) ; z = x ; (y ; z) (associativity of seq. compo.)∙ x || y = y || x (commutativity of parallel composition)∙ (x || y) || z = x || (y || z) (associativity of para. compo.)

• Those laws are called static: they do not explicitely mention any action, but rather express the general proprieties of the basic operators.


7

Process algebra = processes + operators with axioms• Did you notice that there is no rule connecting the parallel composition operator to the others?

• This connexion is at the core of process algebra, and it is more or less the tools that makes the whole thing possible. In most algebras, parallel composition is expressed with other operators, which is called the expansion law.• As this law explicitely uses actions, it is our first example of a dynamic law. Algebras with this law are called interleaving process algebras, and the others are called partial orders or true concurrency.

• In other words, with an interleaving process algebra, the agents of the system are independant and model the behaviour with purely sequential actions. The overall behaviour is specified with the way we merge, or interleave, those behaviours (transition systems, Hoare trace, …).

• Non-interleaving systems (independant): Petri nets, event structures…


8

What are the differences between models for concurrency?

• As we have just seen from the context of process algebras, a model can be interleaving (sequential components with merging) or non-interleaving.

• Another difference is the way a model handles non-deterministic events.

∙ Non-deterministic behaviours are in the set of possible computation paths (i.e. possible deterministic executions). This is linear-time.

∙ A detailed way to know when non-deterministic choices are possible is branching-time.

• And a last one is the way is between models with explicit representation of states, or those interested in the behaviour as a pattern of occurrences of actions throughout the time.

• A more formal comparison of models has been done within category theory and the use of functors, for those of you who are interested!


9

When we do not have simple models anymore, how do we say that two processes are equivalent?

• Remember slide 3 : equivalence is an important notion!

• When we had a finite station automaton, it was an equivalence of languages through regular expressions. Now, that does not hold anymore as our models are two complex to be matched by just languages.

• We introduce the notion of bisimulation : two system behaves the same way if they can simulate each other.

So, what are we studying with process algebra?

We study equational theories (set of rules/axioms) and their models.

If you want to study the structures associated with a model rather than the equations, then you are doing process theory.

9

I am sure that you have been enjoying those introductory

questions on process algebra a lot.

To be a bit more complete, I will quickly tell you which process

algebras you can commonly find, and some of the current ideas on research. Just three more slides!


10

• In the 70’s, we had three formal reasonnings on programs:

∙ Operational semantic. A program is an abstract machine, a state is a valuation of variables and a transition is an elementary instruction (think of it as a Control Flow Automaton).∙ Denotational semantic. Programs are modelled as an input/output function. We are going in a more abstract view.

∙ Axiomatic semantic. Concentrate on methods to prove corectness of programs through assertions (pre-condition, sentence, post-condition and invariants).

• That was good enough for purely sequential programs, but it turned out to be hard to use it when we had parallel programs. Indeed, there are two things in the way we see a program that should change:

∙ Cannot consider a behaviour as a function of input/output.

∙ Instead of global variables, each process should have its own local variables and exchange information by communications.


11

• In 74, Hans Bekic from IBM lab Austria presents an operator for parallel composition and gives its law. As he says of his algebra, « these actions have enough information so that basic operations can be defined, but not enough to fulfill important equivalences such as a ; 0 = a, a || b = b || c, a ; (b ; c) = (a ; b) ; c ».

• Robin Milner developped the Calculus of Communicating Systems CCS from 1973 to 1980. He uses message passing, interleaving and gives an expansion law. Sequential composition is a derived operator.

• Tony Hoare with Communicating Sequential Processes (CSP) get rid of global variables and uses (synchrone) communication. His model is based on traces, i.e. the sequence of actions that a program can do. He based it later on failure pairs for deadlocks.

• In ACP (Algebra of Communication Processes) we have operators satisfying axioms exactly in the sense of the algebra we defined.


12

• Process algebra aims at describing the dynamic behaviour of systems. Actions, and thus processus, are parameterized by data. Hence, an algebra supporting an accurate definition of data was needed : µCRL.

• There might be some mobility aspects: the configuration of communication links changes. For that, we hare other formalisms: π-calculus, ambiant calculus or action calculus.

• The behaviour of a system can depend on the time (see timed µCRL) or even on other variables (we speak of hybrid systems).

That’s what we have. Now, where do we go?

• If you want of results and open problems, look at Workshop on Process Algebra: Open Problems and Future Directions (Bologna, Italy 2003) or

Some of My Favourite Results in Classic Process Algebra from Luca Aceto (2003).

We are done with process algebra


13

• We have many formalisms for concurrent systems. We presented process algebra, but there are also things such as Petri nets.

• The three main ones are:∙ PA-processes. It is a process algebra allowing non-determinism, sequential and parallel compositions, and recursion.

∙ Pushdown processes. It is a pushdown automata where we are not interested by the language it recognizes but rather by the graph of configurations.

∙ Petri nets. It can be seen as a sort of automaton with places, transitions, arcs, and ‘things about tokens’.

• None of those models can be seen as a case of the other: they are mutually incomparable. However, they can all be seen as a case of something bigger: process rewrite systems (PRS).

• PRS are an extension of Petri nets with subroutines that can return a value. It is more general than Petri nets, but not Turing powerful.


14

A very, very fast introduction to Petri nets just to ensure you get it…

P1

P2

P1 and P2 are two conditions.

T

T is a transition.

This means that P1 and P2 are pre-conditions of the transition T. In other words, they are the conditions necessary to enable an event.

Q1Q2

T

Q1 and Q2 are post-conditions of the transition T. When an event happens, some pre-conditions stop being true and some other conditions

become true: they are the post-conditions.


15


False True

We see that a condition is satisfied with a token.

P1 P2

T

P1P2

T

Cannot do the transition… Can do the transition.


16


The conditions are satisfied so we can do the transition, and ‘spread’ the tokens.

The tokens model ressources in the system : one place can have several tokens. Those tokens and consumed and produced by the system.


17


Task 1 Task 2

This example shows mutual exclusion with Petri nets.

A C

B DThis shows a rendez-vous scheme: A before B, C before D, A

before D, C before B.

service

Demand

accept

OK

Acknoweldgement

Wait acknoweldgem

ent

Using the service

Waiting end use of the service

A whole client/server system.


18

• We can think of many concurrent systems as a set of states and rules defining the dynamics of the system, i.e. how we go between the states.

• The states of the system can be defined by t ::= ε | X | t1 . t2 | t1 || t2 where X is an atomic process, . is sequential composition (left

associative) and || the parallel composition (associative & commutative).

• The size of a process is the number of constant terms and operators: size(ε) = 0 size(X) = 1 size(t1 . t2) = size(t1) + size(t2) + 1

• Const(t) is the set of constants that occurs in t: Const(ε) = 0 Const(X) = 1 Const(t1 . t2) = Const(t1) U Const(t2)

• The dynamic of the system is described by a set Δ of rules t1 →a t2 where the t’s are defined as afore-mentionned, and a is an action.

• There can be several rules with the same right hand side, thus there is no need for the choice operator + (or ?).


19

• This scheme is general enough so that many models fit in it. Now, we are going characterize subclasses of rewrite systems based on the kind of terms allowed on the right hand side and on the left hand side (think of it as the categories of grammars…).

• A term t can be of four classes:

∙ single process like X

∙ sequential composition like X . Y . Z

∙ parallel composition like X || Y || Z

∙ sequence of arbitrary parallel and sequential compositions like (X . (Y || Z) || W

1

S

P

G

• ε is in S, P and G but not in 1. We have 1 c S, 1 c P, S c G and P c G but P and S are incomparable and P ∩ S = 1 U {ε}.

• Now, we can express the class of the right hand and left hand sides.


20

• This scheme is general enough so that many models fit in it. Now, we are going characterize subclasses of rewrite systems based on the kind of terms allowed on the right hand side and on the left hand side (think of it as the categories of grammars…).

• Let α, β be classes among {1, S, P, G}. An (α, β) – PRS is a finite set of rules such that for all rewrite rule l →a r, l ≠ ε is in α and r in β.

• The general model (G, G) – PRS will simply be called PRS.

• Let say we follow a rewriting rule. We had something of class α, and we get something in class β. If we follow another rewriting rule on this result, then β is now on the left-hand side. Thus, it wouldn’t make sense if α was more general or incomparable to β. Hence α is a subclass of β.

• We can now characterize models with the classes α and β.


21

Context-free processes (or Basic Process Algebra). Transition systems

associated with Greibach Normal Form context-free

grammars.

Basic parallel processes.

Process algebra without communication

Smallest generalization of PA and Petri NetsSmallest generalization

of PA and PD.


22

A bit more about the meaning of a (α, β) – PRS

• What does it concretely mean if parallel composition is allowed on the right hand side of a rule? What kind of a ‘behaviour’ is that?

∙ We have t →a t1 || t2. It means that, by the action a, the process t becomes the process t1 and spawns t2 (or vice-versa).

• …and about sequential composition on the right-hand side?

∙ We have t →a t1 . t2. It means that, by the action a, the process t calls a subroutine t1, waits for termination, and resumes as t2.

• If we have both parallel and sequential compositions on the right-hand side, it means that we can have both parallelism and calling subroutines.


23

A bit more about the meaning of a (α, β) – PRS

• What does it concretely mean if parallel composition is allowed on the left hand side of a rule? What kind of a ‘behaviour’ is that?

∙ We have t1 || t2 →a t. This is a synchronization/communication as the action can only occur if both change in a certain way.

• …and about sequential composition on the left-hand side?

∙ We have t1 . t2 →a t. A subroutine returns a value to the caller when it terminates, and the result affects the behaviour of the caller.

• If we have both parallel and sequential compositions on the right-hand side, it means that we can have both synchronization and values returned by subroutines.


24

Is the hierarchy strict?

• Context-free processes are associated with context-free grammars and pushdown processes are basically pushdown automata, which describes a context-free grammar as well.

• So, context-free processes and pushdown processes are the same thing with respect to Chomsky’s language hierarchy. Thus, considering language equivalence, our hierarchy is not strict.

• However, our hierarchy is strict if we use a bisimulation equivalence: there are no two models in the hierarchy that can bisimulate each other.

• The proof that finite-state systems, BPP, BPA, pushdown systems, PA and Petri nets are different with respect to bisimulation can be found in Bisimulation collapse and the process taxonomy (1996, Springer-Verlag) and PAD/PAN/PRS is shown in the paper that are based on.


25

Decidability• We begin with the initial state t0 and we want to know if we can reach a state t. Formally, is there a sequence of actions σ such that t0 →σ t?

• For Petri nets, this problem is decidable and EXPSPACE-hard. By reducing PRS to Petri nets, it is shown that PRS is decidable as well.

See Lipton, R.: The Reachability Problem is Exponential-Space-Hard. Yale University. Dept. of CS. Report No. 62 (Jan. 1976)

• A related problem is the reachable property problem where we want to know if a reachable state has certain properties. Formally, is there a sequence of actions σ such that t0 →σ t so that t satisfies some state formula (formula expressing « what the state should look like »). This has been proven to be decidable as well.

• « Model checking with many temporal logics (EF, CTL, LTL, linear time µ-calculus, modal µ-calculus) is undecidable for it. »

T H A N K Y O U

Articles used for this presentation

A brief history of Process Algebra (J. C. M. Beaten, Theoretical Computer Science Vol 335 2005)

Slides on Petri Nets (Jean-Pierre Gerval, Institut Supérieur de l’Electronique et du Numérique, Brest France)

Models for Concurrency (Glynn Winskel, Mogens Nielsen, Aarhus University 1993)

Process Rewrite Systems (Richard Mayr, Information and Computation 156, 1999)

Documents

Formalisms for Concurrent Systems Philippe Giabbanelli CMPT 894 – Spring 2008