8 May 2008 IPA Lentedagen Dynamic Consistency in Process Algebra: From Paradigm to ACP Suzana Andova (FM TU/e) Luuk Groenewegen (LIACS Leiden Univ.) Erik de Vink (FM TU/e)
Jan 20, 2016
8 May 2008 IPA Lentedagen
Dynamic Consistency in Process Algebra: From Paradigm to ACP
Suzana Andova (FM TU/e)Luuk Groenewegen (LIACS Leiden Univ.)Erik de Vink (FM TU/e)
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 2 of 35
Outline Paradigm via two examples ACP and translation into ACP mCRL2 specification of the examples and results Conclusions
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 3 of 35
Introduction
Paradigm: a coordination specification language
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 4 of 35
Paradigm
Component
Component
Component
collaboration?
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 5 of 35
Paradigm
Employee
Employee
Employee
Manager
subprocesses
= “phases”
global behaviour
trap
partition
= “particular view on the component”
= subprocesses + traps
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 6 of 35
Running example
Client – Server (Critical section)1 Server and n clients trying to get service
Chosen way of modeling:Server = managerClients = employees
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 7 of 35
Clients – detailed dynamics
With:Without: Interrupt:
AtDoor
Out Waiting
leave
enter
AtDoor
Out Waiting
leave
Waiting
BusyAtDoor
explain
thank
subprocesses
= “phases”
enter
thank
explainleave
Out Waiting
BusyAtDoor
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 8 of 35
With:
Clients – from detailed to global dynamics
Without: Interrupt:
AtDoor
Out Waiting
notYet
Waiting
BusyAtDoor
explain
thankAtDoor
Out Waiting
triv
request
done
trap constraintsand
partition CS
enter
thank
explainleave
Out Waiting
BusyAtDoor
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 9 of 35
With:
Clients – global dynamics in Paradigm
Without: Interrupt:
AtDoor
Out Waiting
notYet
Waiting
BusyAtDoor
enter
thank
explainleave
Out Waiting
BusyAtDoor
AtDoor
Out Waiting
triv
request
done
Without
With
Interrupt
notYet
triv
request
done
triv triv
Without
With
Interrupt
notYet
triv
request
done
notYet
triv
request
done
[request] Inte
rrup
t
[triv]
[notYet]Without
[triv]
[done]
[triv]
With done
notYet
request
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 10 of 35
With:
Clients – consistency of detailed and global dynamics
Without: Interrupt:
AtDoor
Out Waiting
notYet
Waiting
BusyAtDoorAtDoor
Out Waiting
triv
request
donetriv triv
notYet
triv
request
done
[request] Inte
rrup
t
[triv]
[notYet]Without
[triv]
[done]
[triv]
With done
notYet
request
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 11 of 35
Synchronizing composition – manager and employees
Client1 Client2 Client3
Client1(CS) Client2(CS) Client3(CS)
P r o t o c o l
Server
Collaboration CS
Employ1 Employn
Role1 Rolen
P r o t o c o l
ManagermManager1
. . .
. . .
. . .
Role21 Role2
m
P r o t o c o l
Manager2kManager2
1 . . . . . .
consistency rules
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 12 of 35
Server as a manager – nondeterministic
Idle
Checking1
Helping1
check1 refuse
permit continue
Checkingn
Helpingn
checkn refuse
permit continue
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 13 of 35
Consistency rules = consistent dynamics (ND server)
Idle
Checking1
Helping1
check1 refuse
permit continue
Checkingn
Helpingn
checkn refuse
permit continue
Without
With
Interrupt
notYet
triv
request
done
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 14 of 35
Server as a manager – Round-robin
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 15 of 35
Consistency rules = consistent dynamics (RR server)
Without
With
Interrupt
notYet
triv
request
done
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 16 of 35
From Paradigm
. . . via ACP
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 17 of 35
PA notions essential for Paradigm parallel composition Paradigm components run in parallel with communication (synchronization) function for consistency rules abstraction for different levels of abstraction in Paradigm equivalence relations for reasoning about Paradigm models
via PA to automated verification of Paradigm models using mCRL2 direct translation of ACP specification to mCRL2 language properties checking using model checking relating models using equivalence relations (e.g. branching bisimulation)
Why Process Algebra?
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 18 of 35
Parametrized by Act and cf : Act x Act Act Operators: +, , ||, |, I,… Axioms: ax || by = a(x || by) + b(ax || y) + cf(a,b)(x || y) Recursive specifications:
Outi = enteri Waitingi
Waitingi = explaini Busyi
Busyi = thanki AtDoori
AtDoori = leavei Outi
ACP in one slide
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 19 of 35
TranslationnotYet
triv
request
done
Inte
rrup
t
Without
With
Client1 Client2 Client3
Client1(CS) Client2(CS) Client3(CS)P r o t o c o l
Server
?
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 20 of 35
Translation (cont.) notYet
triv
request
done
Inte
rrup
t
Without
With
- Can I do “enter” and start waiting?- Yes, it is ok!(enter) / No
- Are you waiting at “Waiting” so I can do “request”?- Yes, at!(Waiting) / No
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 21 of 35
Translation (cont.) Clienti:
NDServer:
Clienti(CS):
notYet
triv
request
done
Inte
rrup
t
Without
With
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 22 of 35
Translation (cont.) Communication:
Collaboration process:
CSNDet = ( Client1 || Client1(CS) || …|| Clientn || Clientn(CS) || NDServer)
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 23 of 35
Translation (cont. RRServer) Clienti:
Clienti(CS):
RRServer:
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 24 of 35
Translation (cont.) Communication:
Collaboration process:
CSRR = ( Client1 || Client1(CS) || …|| Clientn || Clientn(CS) || RRServer)
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 25 of 35
From Paradigm
. . . via ACP
. . . to mCRL2
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 26 of 35
mCRL2 specification CSNDet
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 27 of 35
Clienti(CS):
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 28 of 35
Collaboration process:
CSNDet = ( Client1 || Client1(CS) || …|| Client3 || Client3(CS) || NDServer)
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 29 of 35
CSNDet – properties checking%% never two clients in critical section (valid) [ true* . ok(A,explain) . (!ok(A,thank))* . ok(B,explain) ] false
%% the same from server point of view (valid) [ true* . sync(permit,A,request) . (!sync(continue,A,done))* .
sync(permit,B,request) ] false
%% two clients may approach the critical section (valid) < true* . ok(A,enter) . (!ok(A,thank))* . ok(B,enter) > true
%% fair reachability of critical section (valid) [ true* . ok(A,enter) . (!ok(A,thank))* ] < true* . ok(A,thank) > true
%% general reachability of critical section (not valid) [ true* . ok(A,enter) ] mu X . [ !ok(A,thank) ] X
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 30 of 35
CSNDet – equivalent behaviour
%% file ndserver-spec.mcrl2%% non-deterministic server for 3 clientssort CName = struct A | B | C ;act incs, outcs : CName ;proc Idle = sum i:CName . tau . CritSection(i) ; CritSection(i:CName) = incs(i) . outcs(i) . Idle ;init Idle ;
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 31 of 35
CSRR – properties checking%% never two clients in critical section (valid) [ true* . ok(A,explain) . (!ok(A,thank))* . ok(B,explain) ] false
%% the same from server point of view (valid) [ true* . sync(permit,A,request) . (!sync(continue,A,done))* .
sync(permit,B,request) ] false
%% two clients may approach the critical section (valid) < true* . ok(A,enter) . (!ok(A,thank))* . ok(B,enter) > true
%% fair reachability of critical section (valid) [ true* . ok(A,enter) . (!ok(A,thank))* ] < true* . ok(A,thank) > true
%% general reachability of critical section (valid) [ true* . ok(A,enter) ] mu X . [ !ok(A,thank) ] X
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 32 of 35
CSRR – equivalent behaviour
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 33 of 35
CSRR for n=2
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 34 of 35
After abstraction
from internal activity
B requested entrance to CS
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 35 of 35
CSRR for n=3
#st=270#tr = 684
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 36 of 35
After abstraction
from internal activity#st = 28#tr = 60
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 37 of 35
CSRR for n=4
#st = 1080#tr = 3456
for n=5 #states = 4050, #transitions=15660for n=6 #states = 14580, #transitions=66096
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 38 of 35
After abstraction
from internal activity#st = 77#tr = 200
for n clients #states = (5x2n-2 -1)xn + 1
Suzana Andova, Luuk Groenewegen, Erik de Vink
Sheet 39 of 35
Conclusions:
Paradigm models translated to ACP via ACP they can be analyzed formally mCRL2 used for our experiments
(small components may still produce a big state space to be analyzed)
Paradigm migration approach to self-adaptation Verification of self-adaptation straightforward