1 / 39

Dynamic Consistency in Process Algebra: From Paradigm to ACP

Dynamic Consistency in Process Algebra: From Paradigm to ACP. Suzana Andova (FM TU/e) Luuk Groenewegen (LIACS Leiden Univ.) Erik de Vink (FM TU/e). Outline. Paradigm via two examples ACP and translation into ACP mCRL2 specification of the examples and results Conclusions. Introduction.

naiya
Download Presentation

Dynamic Consistency in Process Algebra: From Paradigm to ACP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dynamic Consistency in Process Algebra: From Paradigm to ACP Suzana Andova (FM TU/e) Luuk Groenewegen (LIACS Leiden Univ.) Erik de Vink (FM TU/e) IPA Lentedagen

  2. Outline • Paradigm via two examples • ACP and translation into ACP • mCRL2 specification of the examples and results • Conclusions Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 2 of 35

  3. Introduction • Paradigm: a coordination specification language Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 3 of 35

  4. Paradigm Component Component collaboration? Component Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 4 of 35

  5. Paradigm Manager Employee Employee global behaviour Employee partition = “particular view on the component” = subprocesses + traps subprocesses = “phases” trap Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 5 of 35

  6. Running example • Client – Server (Critical section) • 1 Server and n clients trying to get service • Chosen way of modeling: • Server = manager • Clients = employees Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 6 of 35

  7. enter Out Waiting leave explain subprocesses = “phases” thank AtDoor Busy Without: Interrupt: With: enter Out Waiting Waiting Out Waiting explain leave leave thank AtDoor Busy AtDoor AtDoor Clients – detailed dynamics Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 7 of 35

  8. enter Out Waiting leave explain trap constraints and partition CS thank AtDoor Busy Clients – from detailed to global dynamics Without: Interrupt: With: Out Waiting Waiting Out Waiting request explain thank AtDoor Busy AtDoor AtDoor triv done notYet Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 8 of 35

  9. Without Without Without notYet notYet Interrupt Interrupt notYet enter [notYet] Out Waiting [triv] triv triv notYet triv leave explain done done done Interrupt [triv] request With With thank [done] AtDoor Busy request request With done [request] [triv] request Clients – global dynamics in Paradigm Without: Interrupt: With: Out Waiting Waiting Out Waiting request AtDoor Busy AtDoor AtDoor triv notYet done triv triv Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 9 of 35

  10. Without notYet [notYet] [triv] notYet triv done Interrupt [triv] request [done] With done [request] [triv] request Clients – consistency of detailed and global dynamics Without: Interrupt: With: Out Waiting Waiting Out Waiting request AtDoor Busy AtDoor AtDoor triv notYet done triv triv Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 10 of 35

  11. . . . Collaboration CS Manager2k Manager21 . . . Server P r o t o c o l Role21 Role2m P r o t o c o l Client1(CS) Client2(CS) Client3(CS) Managerm Manager1 . . . P r o t o c o l . . . Client1 Client2 Client3 Role1 Rolen Employ1 Employn . . . Synchronizing composition – manager and employees consistency rules Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 11 of 35

  12. Idle check1 checkn refuse refuse Checking1 Checkingn permit continue permit continue Helping1 Helpingn Server as a manager – nondeterministic Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 12 of 35

  13. Without notYet Interrupt Idle triv done With check1 checkn refuse refuse request Checking1 Checkingn permit continue permit continue Helping1 Helpingn Consistency rules = consistent dynamics (ND server) Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 13 of 35

  14. Server as a manager – Round-robin Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 14 of 35

  15. Without notYet Interrupt triv done With request Consistency rules = consistent dynamics (RR server) Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 15 of 35

  16. From Paradigm . . . via ACP Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 16 of 35

  17. Why Process Algebra? • PA notions essential for Paradigm • parallel composition  Paradigm components run in parallel • with communication (synchronization) function for consistency rules • abstraction  for different levels of abstraction in Paradigm • equivalence relations  for reasoning about Paradigm models • via PA to automated verification of Paradigm models using mCRL2 • direct translation of ACP specification to mCRL2 language • properties checking using model checking • relating models using equivalence relations (e.g. branching bisimulation) Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 17 of 35

  18. ACP in one slide • Parametrized by Act and cf : Act x Act  Act • Operators: +,  , ||, |, I,… • Axioms: ax || by = a(x || by) + b(ax || y) + cf(a,b)(x || y) • Recursive specifications: Outi = enteri Waitingi Waitingi = explaini Busyi Busyi = thanki AtDoori AtDoori = leavei Outi Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 18 of 35

  19. Without notYet triv done Interrupt Server With request P r o t o c o l Client1(CS) Client2(CS) Client3(CS) Client1 Client2 Client3 Translation ? Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 19 of 35

  20. Without notYet triv done Interrupt With request Translation (cont.) • - Can I do “enter” and start waiting? • Yes, it is ok!(enter) / No • Are you waiting at “Waiting” so I can do “request”? • Yes, at!(Waiting) / No Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 20 of 35

  21. Without notYet triv done Interrupt Clienti(CS): With request NDServer: Translation (cont.) Clienti: Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 21 of 35

  22. Translation (cont.) Communication: Collaboration process: CSNDet = H( Client1 || Client1(CS) || …|| Clientn || Clientn(CS) || NDServer) Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 22 of 35

  23. Clienti(CS): RRServer: Translation (cont. RRServer) Clienti: Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 23 of 35

  24. Translation (cont.) Communication: Collaboration process: CSRR = H( Client1 || Client1(CS) || …|| Clientn || Clientn(CS) || RRServer) Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 24 of 35

  25. From Paradigm . . . via ACP . . . to mCRL2 Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 25 of 35

  26. mCRL2 specification CSNDet Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 26 of 35

  27. Clienti(CS): Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 27 of 35

  28. Collaboration process: CSNDet = H( Client1 || Client1(CS) || …|| Client3 || Client3(CS) || NDServer) Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 28 of 35

  29. CSNDet – properties checking %% never two clients in critical section (valid) [ true* . ok(A,explain) . (!ok(A,thank))* . ok(B,explain) ] false%% the same from server point of view (valid) [ true* . sync(permit,A,request) . (!sync(continue,A,done))* . sync(permit,B,request) ] false%% two clients may approach the critical section (valid) < true* . ok(A,enter) . (!ok(A,thank))* . ok(B,enter) > true%% fair reachability of critical section (valid) [ true* . ok(A,enter) . (!ok(A,thank))* ] < true* . ok(A,thank) > true%% general reachability of critical section (not valid) [ true* . ok(A,enter) ] mu X . [ !ok(A,thank) ] X Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 29 of 35

  30. CSNDet – equivalent behaviour %% file ndserver-spec.mcrl2 %% non-deterministic server for 3 clients sort CName = struct A | B | C ; act incs, outcs : CName ; proc Idle = sum i:CName . tau . CritSection(i) ; CritSection(i:CName) = incs(i) . outcs(i) . Idle ; init Idle ; Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 30 of 35

  31. CSRR – properties checking %% never two clients in critical section (valid) [ true* . ok(A,explain) . (!ok(A,thank))* . ok(B,explain) ] false%% the same from server point of view (valid) [ true* . sync(permit,A,request) . (!sync(continue,A,done))* . sync(permit,B,request) ] false%% two clients may approach the critical section (valid) < true* . ok(A,enter) . (!ok(A,thank))* . ok(B,enter) > true%% fair reachability of critical section (valid) [ true* . ok(A,enter) . (!ok(A,thank))* ] < true* . ok(A,thank) > true%% general reachability of critical section (valid) [ true* . ok(A,enter) ] mu X . [ !ok(A,thank) ] X Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 31 of 35

  32. CSRR – equivalent behaviour Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 32 of 35

  33. CSRR for n=2 Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 33 of 35

  34. B requested entrance to CS After abstraction from internal activity Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 34 of 35

  35. CSRR for n=3 #st=270 #tr = 684 Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 35 of 35

  36. After abstraction from internal activity #st = 28 #tr = 60 Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 36 of 35

  37. CSRR for n=4 #st = 1080 #tr = 3456 for n=5 #states = 4050, #transitions=15660 for n=6 #states = 14580, #transitions=66096 Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 37 of 35

  38. After abstraction from internal activity #st = 77 #tr = 200 for n clients #states = (5x2n-2 -1)xn + 1 Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 38 of 35

  39. Conclusions: • Paradigm models translated to ACP • via ACP they can be analyzed formally • mCRL2 used for our experiments (small components may still produce a big state space to be analyzed) • Paradigm migration approach to self-adaptation • Verification of self-adaptation straightforward Suzana Andova, Luuk Groenewegen, Erik de Vink Sheet 39 of 35

More Related