1 / 71

Communicating Sequential Processes CSP

Duminda Wijesekera. ISA 763 Fall 2007. 2. Duminda Wijesekera. ISA 763 Fall 2008. 2. Many References. Communicating Sequential processes by C.A.R Hoare ? Prentice HallCommunication and concurrency, by Robin Milner ? Prentice HallCommunicating and mobile systems: the p calculus by Robin Milner -Ca

annora
Download Presentation

Communicating Sequential Processes CSP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Communicating Sequential Processes (CSP)

    2. Duminda Wijesekera ISA 763 Fall 2007 2 Many References Communicating Sequential processes by C.A.R Hoare – Prentice Hall Communication and concurrency, by Robin Milner – Prentice Hall Communicating and mobile systems: the p calculus by Robin Milner -Cambridge Modeling and analysis of security protocols, by Peter Ryan and Steve Schneider – Addison Wesley

    3. Duminda Wijesekera ISA 763 Fall 2007 3 CSP Objectives Model Interactions between processes Support synchronizations, concurrency and many constructs used in interleaved series parallel computations Provides a notation for a system of sequential and parallel agents to communicate by passing messages between them

    4. Duminda Wijesekera ISA 763 Fall 2007 4 CSP Components Processes: process constants and variables Operators: defined as we go along Events: ?, set of event constants, and variables One distinguished (invisible=internal) event: ? The basic model: A process executes an event (action) and becomes another process. Example: a ? P, means the process (a ? P) executes a and becomes the process P Communication: through message passing Notation: aP is the event set used in process P

    5. Duminda Wijesekera ISA 763 Fall 2007 5 The Message Passing Paradigm used in CSP Non buffered input/output: sending and receiving data are non-buffered Synchronous: both processes must be ready to communicate Instantaneous communication: no communication delays directly modeled Explicitly naming: of senders and receivers. No wildcard addressing or group communication

    6. Duminda Wijesekera ISA 763 Fall 2007 6 Messages

    7. Duminda Wijesekera ISA 763 Fall 2007 7 Communication Process A executes an output command specifying channel C as its destination AND Process B executes and input command specifying channel C as its source AND The target channel name (variable or constant) in the input statement matches the channel name in the output statement

    8. Duminda Wijesekera ISA 763 Fall 2007 8 Program Equivalence Two programs P1 and P2 are equivalent if they produce patterns of visible actions that cannot be distinguished by an observer – to be made precise later Only the communication skeleton of a program matters!

    9. Duminda Wijesekera ISA 763 Fall 2007 9 Communication Prefix: given a process P and a communication a ? ?, a ? P is a process that Performs a then Behaves as P Given in, out ? ? what is in ? out ? P Process stop: no observable action Given a ? ? what is a ? stop

    10. Duminda Wijesekera ISA 763 Fall 2007 10 Building Basic Processes The basic construct Given a,b,c ? ? Proc = a ? b ? c ? stop Proc: finite succession of choices before stopping The environment might choose not to accepted any of a,b,c, so it might get stuck before stop

    11. Duminda Wijesekera ISA 763 Fall 2007 11 Building Recursive Processes Recursion: processes go on forever Looping back to a state they have been before Alt = to ? from ? Alt Dalt = to ? from ? to ? from ? Dalt Malt1 = to ? Malt2 Malt2 = from ? Malt1 Nalt = to ? from ? Dalt 1, 2, 5, and (3,4) are equivalent programs Will be discussed formally later

    12. Duminda Wijesekera ISA 763 Fall 2007 12 Parametric Processes Parametric Input: any set of visible actions If A ? ? , ?x : A ? P(x) represents a parametrized process where; x is a parameter of P(x) When a ? A is chosen, P(x) behaves like P(a) Example: always prepared to offer any event from A ? ? RUNA = ?x : A ? RUNA

    13. Duminda Wijesekera ISA 763 Fall 2007 13 Compound events Coding Machine example CM1(s) = ?x : L ? {off} ? CM1’ (s,x) CM1’(s,off) = Stop CM1’(s,x) = crypt(s,x) ? CM1(newstate(s,x)) (x ? L) Action: channel name followed by zero or more data components Coding Machine example without off CM2(s) = in?x ? out!crypt(s,x) ? CM2(newstate(s,x)) Deterministic finite state machine over finite ? e.g., Pi = ? X : Ai ? Pi’(x)

    14. Duminda Wijesekera ISA 763 Fall 2007 14 The Binary Choice Operator Choice operator = ? Gives two alternatives to choose from Then the process behaves like the chosen alternative if A = B ? C then ?x : A?P(x)=(?x : B ? P(x)) ?(?x : C ? P(x) )

    15. Duminda Wijesekera ISA 763 Fall 2007 15 Stop and process equivalence Stop and process equivalence if A = A ? Ř then ?x : A ? P(x) = (?x : A ? P(x)) ? stop that is P ? P ? stop If B= Ř then ?x : B ? P(x) ? Stop

    16. Duminda Wijesekera ISA 763 Fall 2007 16 The Choice Operator - details Revisit: if A = B ? C then ?x : A ? P(x) = (?x : B ? P(x)) ?(?x : C ? P(x) ) If B and C are disjoint: together they give all the choices in A What happens if B and C overlap? Given processes P and Q, what does P ?Q mean? Choosing an action x ? B ? C what is the result of (?x : B ? P(x)) ? (?x : C ? Q(x) ) CSP allows the implementer to make a choice between the two sides After action x, the process may behave as P(x) or Q(x), the environment has no control over it.

    17. Duminda Wijesekera ISA 763 Fall 2007 17 Non-determinism Program acts non-deterministically if it is unpredictable The program is allowed to make internal decision that affect how it behaves as viewed from the outside Implementation is allowed to choose Example: (a ? a ? stop) ?(a ? b ? stop)

    18. Duminda Wijesekera ISA 763 Fall 2007 18 Non-Deterministic Choice P ? Q behaves like P or like Q User has no control over which component is chosen Can be implemented using two internal actions Implementer is not required to implement this way (can choose either P or Q) Useful for model degree of unpredictability, like communication medium that transmits data correctly or loose it.

    19. Duminda Wijesekera ISA 763 Fall 2007 19 Non-Deterministic Choice P ? Q and P ?Q have identical traces: sequences of visible communications So observation alone cannot determine which construct was used. What is the difference between (a ? P) ?Stop and (a ? P) ? stop ? The second may deadlock!

    20. Duminda Wijesekera ISA 763 Fall 2007 20 Lockstep Parallel Operator || Used to construct sequential processes that execute in parallel Synchronize all visible actions P || Q can perform a ? ? only when P and Q can (?x : A ? P(x)) || (?x : B ? Q(x)) = ?x : A? B ? (P(x) || Q(x)) Like the co-begin co-end pair in parallel languages

    21. Duminda Wijesekera ISA 763 Fall 2007 21 Interface parallel operator ||X Synchronize all events in X, but can perform events outside of X freely Example: P = ?x : A ? P’(x) Q = ?x : B ? Q’(x) P ||X Q = ?x : X ? A ? B ? (P’(x) || Q’(x)) ? ??x : A \ X ? (P’(x) ||X Q) ? ??x : B \ X ? (P||X Q’(x))

    22. Duminda Wijesekera ISA 763 Fall 2007 22 An Example BA= left? x ? mid! X ? BA BB = mid? X ? right! X ? BB B2= BA || {mid} BB What is the example about?

    23. Duminda Wijesekera ISA 763 Fall 2007 23 Synchronizing Parallel Construct P X ||Y Q Each process is given control of a particular set of events No process is ever permitted to communicate outside of its own alphabet Interface between two processes: intersection of their alphabets

    24. Duminda Wijesekera ISA 763 Fall 2007 24 Additional operators Sequential composition P ; Q Does whatever P does until terminates and then does what Q does Process skip : no-op, successfully terminates Special event: ? -- always the final event e.g., a ? b ? skip, terminates successfully after events a and b e.g., (a ? skip);P same external behavior as a ? P

    25. Duminda Wijesekera ISA 763 Fall 2007 25 Hiding Internal details are not visible to outsiders If X ? ? and P is a process than P \ X behaves like P but all events in X are hidden (turned into invisible actions)

    26. Duminda Wijesekera ISA 763 Fall 2007 26 Hiding Example BA= left? x ? mid! X ? BA BB = mid? X ? right! X ? BB B2= BA || {mid} BB External interfaces = {|left, right|} Internal interface={|mid|} B2\{ |mid| } hides the internal details Will show later how to construct this process to be B=(left? x ? right! ? B)

    27. Duminda Wijesekera ISA 763 Fall 2007 27 Renaming Alphabet replacement (relation i.e. substitution) P[[R]] behaves like P but all visible events a from P are renamed by whatever R associates a with Use to make copies e.g., P[[a,a/b,c]] – both b and c are mapped to a e.g., P[[b,c/a,a]] – both a is mapped to b and c offers the choice of b and c to the environment but the state after either of these choices is the same Can show that (a ? P)[b.c/a,a] has the same behavior as (b ? P[b.c/a,a]) ?(c ? P[b.c/a,a])

    28. Duminda Wijesekera ISA 763 Fall 2007 28 Renaming Example Let B1(in,out)= in?x?out!x?B1(in,out) Then, B1[left,mid/in,out]= left?x?mid!X?B1[left,mid]= BA And B1[mid,right/in,out]= mid?X?right!X?B1[mid,right/in,out] = BB

    29. Duminda Wijesekera ISA 763 Fall 2007 29 Process Behavior - informal Concurrent processes may lead to: Deadlock: each process is willing to do something but the entire system cannot agree on any action Livelock: infinite sequence of internal (hidden) communication occur between the components. External appearance similar to deadlock Non-determinism: both processes P1 and p2 are willing to talk to a third one Q which has to make a choice.

    30. Duminda Wijesekera ISA 763 Fall 2007 30 Some CSP Operators Stop process does nothing a ? P event prefix ?x:A ? P event prefix choice P ? Q nondeterministic choice P ? Q P || Q lockstep parallel P ||X Q interface parallel P X ||Y Q synchronizing parallel P \ X event hiding P[[R]] process relation renaming Skip successful termination P ; Q sequential composition

    31. Duminda Wijesekera ISA 763 Fall 2007 31 Trace Semantics for CSP The semantics of a CSP process is its traces. Examples: (L is string concatenation) traces(Stop) = { < > }, the empty set (trace) traces(P) where P is defined as P=(a? P?b ? skip) = { <a > n, <a > n L<b >, <a > n L<b,? >} where n ? N We formally define traces models for CSP processes. That is, traces(P) for any process P Properties of trace models Nonempty-ness Prefix closed (that is, if sLt is in trace, so is s)

    32. Duminda Wijesekera ISA 763 Fall 2007 32 CSP Trace Semantics - 1 traces(stop) = {<>} traces(a?P) = {<>} ?{ <a>L s | s?traces(P)} traces(?x:A?P) = {<>}?{ <a>L s | a ? A and s?traces(P[a/x])} the initial event is now chosen from a set. traces(c?x:A?P) = {<>}?{ <c,a>L s | a ? A and s?traces(P[a/x])} similar except the channel name traces(P?Q)=traces(P) ?traces(Q) traces(P?Q )=traces(P) ?traces(Q)

    33. Duminda Wijesekera ISA 763 Fall 2007 33 CSP Trace Semantics - 2 traces(P||Q) = traces(P)ntraces(Q) traces(Px||yQ) = {s?(x ?y)*v| s?xv ?traces(P) and s?yv ?traces(Q) } where xv is x ?{v} and s?x is s restricted to x. P must perform all events in X and Q must perform all events in Y and Px||yQ terminates when both P and Q do. traces(P||{x}Q) = {s ||{x}t | s?traces(P) and s?traces(Q) }. This set is Ř unless s?xv = t?xv the initial event is now chosen from a set.

    34. Duminda Wijesekera ISA 763 Fall 2007 34 CSP Trace Semantics - 3 traces(P\X) = {s\X | s?traces(P) } s\X = s?(Sv \X) traces(P[[R]])= {t | s R* t for some trace s?traces(P) } where R* is the relation where two traces are equal in length and every element of s is related to an element of t by R ?{(v, v)} traces(Skip)= {{<>, <v>} traces(P;Q)= (traces(P) n S*) ? {sLt | sL<v> ?traces(P) and t?traces(Q) }

    35. Duminda Wijesekera ISA 763 Fall 2007 35 Recursion in CSP Back to a recursive definition: B1(in,out)= in?x?out!x?B1(in,out) What does this mean? Solving an equation to find the B1(in,out) that satisfy the stated equation. What is meant is the least solution for the equation, formally specified as µ B1(in,out). in?x?out!x?B1(in,out) The general form: µP F(P) where F is an equation

    36. Duminda Wijesekera ISA 763 Fall 2007 36 Well-formed recursive definitions Every process in CSP can be written in the form (x:B ? F(x)) Recursive process can be written as µX (x:B ? F(x,X)) - can be written as (x:B ? F(x, µX µX (x:B ? F(x,X)) )) Hence every process can be written as a function with domain B.

    37. Duminda Wijesekera ISA 763 Fall 2007 37 Well-formed recursive definitions A set of simultaneous equations in more than one unknown defines CSP processes provided that Right hand side is guarded Each unknown process must appear exactly once on the left hand of one equation The defining equation should not contain the hiding operator Example: DD=(orange?G)?(lemon ?W) G=(coin ?orange?G)? (lemon?W) W=(coin ?lemon?W)? (orange?G)

    38. Duminda Wijesekera ISA 763 Fall 2007 38 Traces semantics for recursion Meaning of µP: P= F(P) ? Looking for some kind of a fixed point Example: µP: P(in,out)= in?x?out!x?B1(in,out) Defines a perpetual process that read X from the input channel and writes it to the output channel (and runs) for ever. So the trace should include the first, the second rune, …the nth run, (n+1)th run … So adding one more round of a trace will not alter it (whatever we come up with!)

    39. Duminda Wijesekera ISA 763 Fall 2007 39 The definition trace(P) = U {traces(Fn(Stop) | n?N} Can show that this is a fixed point. The idea: This definition satisfy If trace(Q1) ? trace(Q2), then trace(F(Q1)) ? trace(F(Q2)) that is, F is monotonic on the space of traces T The space of traces forms a complete Lattice. By Knaster-Tarski theorem it has a least fixed point. Provides a denotational semantics for CSP

    40. Duminda Wijesekera ISA 763 Fall 2007 40 Trace Properties Traces are sequences of events experienced by processes They can be used to specify properties of the process or inter-process communication

    41. Duminda Wijesekera ISA 763 Fall 2007 41 Example Trace Properties -1 Property: The output sequence appearing on the right channel are always a prefix of the input sequence and the process performs no actions through other channels Specification: ( tr? right < tr? left) /\ (tr = tr ? {left,right}) here tr? a are the values communicated along channel a in trace tr.

    42. Duminda Wijesekera ISA 763 Fall 2007 42 Example Trace Properties -2 Property: Each occurrence of a commit event is preceded by a start event followed by a running event - both occurring after the last commit event Specification: (tr=tr’L<commit>) ? ?tr1,tr2 (tr’= tr1L tr2) /\ <start,running> < tr2 ? {start,running} /\ tr2 ? {commit} = <>

    43. Duminda Wijesekera ISA 763 Fall 2007 43 Trace Operations Traces are constructed from Trace variables: lower case letters – eg., s, t, u Trace constants: upper case letters- eg., S, T, U Functions: (function constants) f, g, h Operations on traces: Concatenation: sL t Taking Head and Tail: head = first element, tail =rest of the trace Star: tr*, taking finitely many concatenations Trace relations: sub-traces < Filtering traces: s ?

    44. Duminda Wijesekera ISA 763 Fall 2007 44 Trace Operations - 2 More trace operations Changing symbols: Suppose f: A ? B is a function that maps symbols from A to symbols in B. Then extend f to f* on traces as: f*(<>)= <> f*(<x>)=<f(x)> f*(sL t)= f*(s)L f*(t) Interleaving: interleaving elements from traces <> interleaves(t,u) iff (t=<>)/\(u=<>) s interleaves(t,u) iff s interleaves (u,t) (<x> L s) interleaves(t,u) iff (t?<>)/\(t0=xLs interleaves(t’,u) \/ (u?<>)/\(u0=xLs interleaves(t,u’)

    45. Duminda Wijesekera ISA 763 Fall 2007 45 Specifying Trace Properties A trace expression: An expression constructed from trace variables, constants, element variables and constants, specified operations and Logical connectives of predicate logic is said to be a trace expression P sat S(tr): Suppose P is a process and S(tr) is a trace expression. If all traces tr of P satisfy S(tr), then we say that P sat S(tr)

    46. Duminda Wijesekera ISA 763 Fall 2007 46 Properties of P sat S(tr) P sat true(Tr) If P sat T(Tr) and P sat S(tr), then P sat (T(Tr) /\ S(Tr)) P sat S(Tr) and S ? T then P sat T(Tr) Why bother?: Show the processes satisfy some properties, such as those in Gavin Lowe’s paper! Two ways to verify that a process satisfy properties: Directly check all traces Use a compositional proof system

    47. Duminda Wijesekera ISA 763 Fall 2007 47 Nature of Compositional Proofs Natural Deduction style proof trees, possibly with side conditions Graft them to construct a proof. A proof rule looks like: premise-1, premise-2, …….., premise-n conclusion Typically use sat statements in premises and conclusions

    48. Duminda Wijesekera ISA 763 Fall 2007 48 Proof Rules for P sat T(Tr) Rule 1: sat.stop stop sat tr=<> Rule 2: sat.prefix P sat S(Tr) (a?P) sat [tr=<> \/ (tr=<a>Ltr’/\ S(tr’))] Rule 3: A consequence P sat S(Tr) (c?d?P) sat [tr < <c,d> \/ (tr > <c,d>/\ S(tr’’))]

    49. Duminda Wijesekera ISA 763 Fall 2007 49 Proof Rules for P sat T(Tr) -2 Rule 4: sat.true: P sat True Rule 5: sat.and: P sat S(tr), P sat T(tr) P sat [S(tr)/\T(tr)] Rule 6: sat.forall: ?n P sat S(tr) P sat ?n S(tr) where P does not depend on n Rule 7: sat.implies: P sat S(tr), S(tr)?T(tr) P sat T(tr)

    50. Duminda Wijesekera ISA 763 Fall 2007 50 Proof Rules for P sat T(Tr) -3 Rule 8: sat.ext-choice: P sat S(tr), Q sat S(tr) P ? Q sat S(tr) Rule 9: sat.parallel: P sat S(tr), Q sat T(tr) P||Q sat S(tr)/\T(tr) Rule 10: sat.interleave: P sat S(tr), Q sat S(tr) PX||YQ sat S(Tr?X)/\ S(Tr?Y)/\ tr?(XUY)* Rule 11: sat.interleave: P sat S(tr), Q sat S(tr) P|||Q sat S(Tr?a(P))/\T(tr?a(Q)) Where a(P)na(Q) = Ř

    51. Duminda Wijesekera ISA 763 Fall 2007 51 Proof Rules for P sat T(Tr) -4 Recursion 12: F(X) is guarded, Stop sat S, (X sat S)?(F(X) sat S) µX.F(X) sat S

    52. Duminda Wijesekera ISA 763 Fall 2007 52 An Example Proof Vending machine definition: vms=µX:{coin,coke}. (coin?(coke ?X)) Properties of the vending machine: NoLoss: (#(tr?{coke} < #tr?{coin}) The # of dispensed cokes are always less than or equal to the # of inserted coins Fair1: ( #(tr?coin) < #(tr?coke) + 1) does not absorb any coins unless the coke is dispensed Let VmSpec= NoLoss /\ Fair1 Want to prove: VMS sat VmSpec

    53. Duminda Wijesekera ISA 763 Fall 2007 53 An Example Proof -1 Claim: Stop sat (0<( #(tr?coin)-#(tr?coke))<1) Stop sat tr=<>, (<>?coin) = #(<>?coke)=0 stop sat (0<( #(<>?coin)- #(<>?coke))<1) Induction step: X sat (0<( #(tr?coin)-#(tr?coke))<1) [Rule 3] (coin?(coke ?X)) sat (tr < <coin.coke>) \/ (tr > <coin,coke>)/\0<(#(tr”?coin)- #(tr”?coke))<1) ? 0<(#(tr”?coin)- #(tr”?coke))<1) [Rule 7] vms=µX:F(X) sat 0<(#(tr”?coin)- #(tr”?coke))<1) [Rule 12]

    54. Duminda Wijesekera ISA 763 Fall 2007 54 Limitations of Trace Semantics Can determine what a process will not communicate, but cannot prove that a process will definitely accept some event. Good for safety, but not liveliness Example: P ? stop can halt by choosing stop P ||S ChaosvS synchronizing with the last process can stop further communication The basic problem is the inability to reason in the presence of non-determinism. Trace semantics does not distinguish between internal choice ? and external choice ?

    55. Duminda Wijesekera ISA 763 Fall 2007 55 Failure Semantics As a solution add failure to a trace. (tr,X) where X ? Sv means that the process can permanently refuse to process any event from X. Example: P ? stop contains the trace (<>, Sv ) Failure annotated traces of process P are denoted by failure(P) There are proof rules for failure semantics

    56. Duminda Wijesekera ISA 763 Fall 2007 56 Making ? and ? different Failure semantics: (<>,{a}), (<>,{b}) in (a?stop)?(b?stop), but not in (a?stop)?(b?stop) Defining Deadlock Freedom: A process is deadlock free if there is no trace (s,Sv)?failure(P) where v is not the last symbol of s.

    57. Duminda Wijesekera ISA 763 Fall 2007 57 The producer-consumer example in failure semantics A=left?x? mid!X?A, B=mid?X?right!X?B Empty buffer must accept any input (s,X)?failure(B)/\ s?right= s?left?Xn{|left|}= Ř Nonempty buffer cannot refuse output (s,X)?failure(B)/\ s?right< s?left? ¬({|left|} ?X)

    58. Duminda Wijesekera ISA 763 Fall 2007 58 Trace Refinement Informally a process P is said to refine a process Q iff P is more deterministic than Q and satisfy the same specification. A process gets refined by having fewer traces. Notation= P [T Q --- “Q refines P” So if P [T Q then traces(Q) ? traces (P) P [T stop for all processes P

    59. Duminda Wijesekera ISA 763 Fall 2007 59 Example Process: P0= (?x: S\{start,commit}?P0)?(start?P1) P1=(?x:S\{running,commit}?P1)?(running?P2) P2= (?x:S\{commit}?P2)?(commit?P0) Changes state only when <start, running, commit> cycle of events occur.

    60. Duminda Wijesekera ISA 763 Fall 2007 60 Traces Refinement

    61. Duminda Wijesekera ISA 763 Fall 2007 61 Operational Semantics Labeled transition system (LTS) Nodes: state of the process Directed edges: visible events of internal actions Describes state transition

    62. Duminda Wijesekera ISA 763 Fall 2007 62 LTS example

    63. Duminda Wijesekera ISA 763 Fall 2007 63 LTS Example Implementation: A ||| B AB = a ? b ? AB AC = a ? c ? AC

    64. Duminda Wijesekera ISA 763 Fall 2007 64 LTS Example

    65. Duminda Wijesekera ISA 763 Fall 2007 65 Traces Refinement Check

    66. Duminda Wijesekera ISA 763 Fall 2007 66 Properties of Refinements Transitivity: P [ Q and Q [ R ? P [ R Monotonicity: If F(X) is a process with process variable X and P [T Q then F(P/X) [T F(Q/X)

    67. Duminda Wijesekera ISA 763 Fall 2007 67 Failure Refinement Refinement applies to failure(P) as well That is Q [F P iff failure(P) ? failure(Q) and traces(P) ? traces (Q) Why the second clause? A process can diverge in between communications due to an infinite loop in its internal actions. Example: Let div= (µp.a?p)\{a} Runs for ever, but not externally visible! P [F div So refinement doesn’t always produce a better process!

    68. Duminda Wijesekera ISA 763 Fall 2007 68 Divergence CSP does not care about processes that diverge! That is, divergence(P) are the diverging traces of the process P. They satisfy s?divergence(P)/\ sLt ?S*v ? sLt? divergence(P) traces-(P)=trace(P) U divergance(P) failure-(P)=failure(P) U {(s,X): s?divergance(P) /\ X ? Sv} Divergence refinement can be defined as before

    69. Duminda Wijesekera ISA 763 Fall 2007 69 Adding time to CSP Two approaches to adding time to CSP Timed CSP: attaches a non-negative real number to every event in the trace. Records exactly when an event occurs Complicates the theory Difficult to build automated tools

    70. Duminda Wijesekera ISA 763 Fall 2007 70 A Simpler Approach Add an extra event tock to the event set ? Assume tock happens at regular intervals Use tock to demarcate events to fall in between advances of time. Example: T1= a?tock ?T1 – a occurs during every time unit T2= (a?tock ?T2) ? (tock?T2) – a may or may not occor in every time unit

    71. Duminda Wijesekera ISA 763 Fall 2007 71 Example: timed buffer process Tcopy=left??tock?right!x?tock?Tcopy ? (tock?Tcopy)

More Related