Скачать презентацию 1 SEMANTICS Q 1 07 Week 5
7e50cd8567b58e7a0e884178a9e8e983.ppt
- Количество слайдов: 57
1 SEMANTICS (Q 1, ’ 07) Week 5 Jacob Andersen Ph. D student andersen@daimi. au. dk Semantics Q 1 2007
2 News… • Exam Date & Time (Preliminary): – Wednesday October 31 st 9. 00 – 13. 00 • Page on CCS tools. Semantics Q 1 2007
3 Outline • Type Checking (from last week) • Concurrency vs. Sequentiality • CCS: "Calculus of Communicating Systems" • By-example (one construction at a time) • Syntax of CCS • 7 linguistic constructions(!) • Semantics of CCS • 1 page(!) • Describing processes with CCS • CCS tools Semantics Q 1 2007
4 TYPE CHECKING DEFINITIONS Semantics Q 1 2007
5 Adding Boolean Variables: Let. B++ • Consider language Let. B++: – Mixed Expressions (e Exp): • e : : = n | t | x | ~ e | e e’ | e ? e’ : e” | let d in e …where: – Definitions (d Def): • d : : = nil | x = e { +, -, * , =, or } | d ; d’ | d and d’ | d in d’ type definition (annotation) …where: { bool, int } – Note: The type of a var is now context dependent • I. e. a context-free (grammar) approach will not suffice – Examples: x or tt Semantics Q 1 2007 ? x * x ? …
6 Static Semantics: Let. B++ • FVE, DVD and FVD as before • …adding: FVE(e ? e’: e”) = FVE(e) FVE(e’) FVE(e”) • We now need type environments: • TEnv. V = Var Type = { bool, int } • Define static semantics (type checking rel’s): • |- e : • |- d : Semantics Q 1 2007 “e has type (given type environment )” “d yields type env. (given type env. )”
![7 Static Semantics (expressions) • Expressions: |- n : int [NUM]E |- x :](https://present5.com/presentation/7e50cd8567b58e7a0e884178a9e8e983/image-7.jpg "7 Static Semantics (expressions) • Expressions: |- n : int [NUM]E |- x :")
7 Static Semantics (expressions) • Expressions: |- n : int [NUM]E |- x : (x) [VAR]E [BOP]E |- e : bool [VAR]E [IFE]E [TVL]E |- ~ e : bool |- e 0 : bool Semantics Q 1 2007 [LET]E |- e 1 : 1 |- t : bool |- e 1 : 1 |- e 0 : 0 |- e 0 e 1 : type ( 0, 1) |- d : [ ] |- e : |- let d in e : |- e 2 : 2 |- e 0 ? e 1 : e 2 : = 1 = 2
![8 Static Semantics (definitions) Note: type check • Definitions: [NIL]D [SEQ]D [AND]D [IN]D |-](https://present5.com/presentation/7e50cd8567b58e7a0e884178a9e8e983/image-8.jpg "8 Static Semantics (definitions) Note: type check • Definitions: [NIL]D [SEQ]D [AND]D [IN]D |-")
8 Static Semantics (definitions) Note: type check • Definitions: [NIL]D [SEQ]D [AND]D [IN]D |- nil : [] |- d 0 : 0 [DEF]D [ 0] |- d 1 : 1 |- d 0 ; d 1 : 0[ 1] |- d 0 : 0 |- d 1 : 1 |- d 0 and d 1 : 0 1 |- d 0 : 0 Semantics Q 1 2007 [ 0] |- d 1 : 1 |- d 0 in d 1 : 1 |- e : ’ |- x = e : [x ] = ’ Note: combined environment DV(d 0) DV(d 1) = Ø Note: disjoint environment Note: only last environment
9 Dynamic Semantics: Let. B++ • Type Environment (Compile-time): • TEnv = Var Type = { bool, int } • Environment (Runtime): • Env = Var Val = B Z, B = { tt, ff } – Define type correspondence relation ‘~’: ~ x V: (x) = bool (x) B (x) = int (x) Z – Note: ( 0 ~ 0 1 ~ 1 ) 0[ 1] ~ 0[ 1] Semantics Q 1 2007
10 Exp. Transition System for Let. B++ • Let++ Expression Configurations: • = {
11 Def. Transition System for Let. B++ • Let++ Definition Configurations: • V = {
12 Exp. Dynamic Semantics: Let. B++ • SOS of Expressions for Let. B++: Env – E. g. [LET]: |- d • [LET ] 1 |- • [LET ] 2 • [LET ] 3 Semantics Q 1 2007 let d in e [ 0] |- e d’ let d’ in e [ 0] e’ |- let 0 in r r 0 ~ 0
13 Def. Dynamic Semantics: Let. B++ • SOS of Definitions for Let. B++: – E. g [SEQ]: • |- d 0 [SEQ 1] |- • [SEQ 2] • [SEQ ] 3 Semantics Q 1 2007 d 0’ d 0 ; d 1 d 0’ ; d 1 [ 0] |- d 1 [ 0] d 1’ |- 0 ; 1 0[ 1] 0 ~ 0 Env
14 CONCURRENCY VS. SEQUENTIALITY Semantics Q 1 2007
15 Concurrency vs. Sequentiality • Sequential programming: • • Describe computation as a “reduction” of expressions to values Inherently deterministic Termination often desirable Resulting value is of primary interest and focus • Concurrent programming: • • Semantics Q 1 2007 Describe execution as “process evolution” Inherently non-deterministic Non-termination often desirable (Op. Sys. , Control sys, Cell-phone, …) Describe possible executions (aka. execution traces) Describe possible interactions during execution Describe interaction with an environment Resulting “value” is not (necessarily) interesting
16 Concurrency is much Harder • Harder than sequential programming: • Huge number of possible executions • Inherently non-deterministic • Parallelism conceptually harder • Consequences: • • Semantics Q 1 2007 Programs are harder to write! Programs are harder to debug! Errors are not always reproducible New kinds of errors possible: » Deadlock, starvation, priority inversion, interference, …
17 Concurrency Problems • Therac-25 Radiation Therapy – ’ 85 -’ 87 • Massive overdoses (6 deaths / amputations)! • Mars Pathfinder – July ’ 97 • Periodic resets (on mars)! • Windows 95/98 w/ Device Drivers – late ’ 90 es • Dysfunction (“blue screen of death”)! Semantics Q 1 2007
18 Concurrency Problems (cont’d) • Mobile Phones – ’ 00 -… • Freeze and odd behaviors (really annoying)! • Cruise Control System Model – ’ 86 [Grady Booch] • Accellerated after car ignition (car crashes)! Semantics Q 1 2007 • …
19 Problem: System Development? • In the presence of all these errors: • deadlock, starvation, priority inversion, interference, anti-cooperation, un-intended execution traces, un-fairness, … • How to…: • 1. …design a system that “works” ? • 2. …verify that the system is “safe” ? • 3. …verify that the system “meets its specification” ? …and: What does “works”, “safe”, and “to meet a specification” mean ? !? Semantics Q 1 2007
20 Solution: Modelling • “Models come to the rescue”: • Create models (~ architecture, bridge construction, …) Note: “Errors are much cheaper to commit in models than in implementations” Semantics Q 1 2007
21 Dictionary: “model” Webster’s(“model”): Main Entry: 1 mod·el Pronunciation: 'mä-d&l Function: noun Etymology: Middle French modelle, from Old Italian modello, from (assumed) Vulgar Latin modellus, from Latin modulus small measure, from modus 1 obsolete : a set of plans for a building 2 dialect British : COPY, IMAGE 3 : structural design 4 : a usually miniature representation of something; also : a pattern of something to be made 5 : an example for imitation or emulation 6 : a person or thing that serves as a pattern for an artist; especially : one who poses for an artist 7 : ARCHETYPE 8 : an organism whose appearance a mimic imitates 9 : one who is employed to display clothes or other merchandise : MANNEQUIN 10 a : a type or design of clothing / b : a type or design of product (as a car) 11 : a description or analogy used to help visualize something (as an atom) that cannot be directly observed 12 : a system of postulates, data, and inferences presented as a mathematical description of an entity or state of affairs 13 : VERSION • In this course (we use): • 3+4 : as in “Model-based design” (designing a model of a concurrent system) • 12 : as in “Model-checking” (checking implementation against declarative (logic) specification) Semantics Q 1 2007
22 Modelling: Level of Abstraction higher level of abstraction • Consider a client/server system: • Extremely abstract (high level of abstraction): » Universe = event. Universe • Appropriate (level of abstraction) for … : » Server def = Client = def Database = def request. process. reply. Server calc. request. wait. reply. Client. . . • Extremely concrete (low level of abstraction): » NAND_Gate Semantics Q 1 2007 def = Transistor = def Accumulator =. . . def Client = def . . .
23 Solution: Modelling • “Models come to the rescue”: • Create models (~ architecture, bridge construction, …) Note: “Errors are much cheaper to commit in models than in implementations” • Formal modelling (e. g. , CCS) permits: • • (Offline) Reasoning (Runtime) Testing (C-time) Property Verification (C-time) Specification Verification understanding confidence safety automate correctness “Never send a human to do a machine’s job” -- A. Smith (’ 99) Semantics Q 1 2007
24 Methodology: Model-based Design • Design abstract model • Decompose model • Reason/Test/Verify model » individual parts and whole • Recompose insights » make model safe • Impl. concrete program Semantics Q 1 2007 abstract REAL PROBLEM MODEL reason test verify ? ? ? ? e concretiz SAFE MODEL SAFE PROGRAM
25 CCS: Why a Calculus (pl. Calculi) • Compositional: • P | Q P || » Break Q big things into (several) smaller things • Algebraic: • P + Q Q + P , P | Q Q | P , … » Intuitive ideal (also eases automated verification) • Syntactic: • [PAR ] 1 P P | Q P’ P’ | Q and [PAR 2] Q P | Q Q’ P | Q’ » Provide basis for programming languages Semantics Q 1 2007 …
26 Parallel- vs. Concurrent Programming */ interpret appropriately on The Football Match Analogy: either side of the Atlantic “An analogy that one can make is with football*; - the coach of the team is a parallel programmer while - the referee is a concurrent programmer” -- [P. Panangaden, ’ 96] The Trainer (~ the parallel programmer): -- Make sure my agents are performing “optimally” • Strategy: – Optimal strategy for a particular goal – Use available resources efficiently Semantics Q 1 2007 The Referee (~ the concurrent programmer): -- Make sure what is happening is a soccer match • Safety: – Conceptually independent players – Control interaction and “rules”
27 CALCULUS OF COMMUNICATING SYSTEMS CCS: Calculus of Communicating Systems [ Robin Milner, ’ 89 ] Semantics Q 1 2007
28 Concurrency and Communication • Concurrency: • Parallel processes (construction ‘P|Q’) » Abstract away (physical) processors » Abstract away diff. in real- vs pseudo-parallelism • Communication: • Process synchronization (aka. hand-shaking) » Abstract away communication protocol » Abstract away actual values passed Semantics Q 1 2007
29 Process Interface • Example: a process modelling a CS student: Interface: coke exercise coin • Process name: CS • Input action(s): { coke } • Output action(s): { coin, exercise } Behavior of the process described by a CCS program Semantics Q 1 2007
30 The Inactive Process: “ 0” • The inactive process: 0 • (aka. “the zero process” or “the nil process”) » Performs no action whatsoever! • Note that it offers: » the prototypical behavior of a deadlocked process (that cannot proceed any further in its execution) • Example: Semantics Q 1 2007 0
31 Action Prefixing: “. P” • Action Prefixing: . P • Can perform action, , after which it behaves like process, P • Example(s): • Match: strike. 0 • Complex match take. strike. 0 Semantics Q 1 2007
32 Named Process: “K” • Named Process: K • Behaves just like the (statically named) process, K • Example(s): Match def strike. 0 = • def • Single. Coke. Disp = coin. coke. 0 Semantics Q 1 2007
33 Recursive Processes • Recursive Processes (though naming) • Example: def • Clock = tick. Clock • Expanding the definition we get: » Clock = tick. Clock … = tick. …. tick. Clock … Semantics Q 1 2007
34 Non-deterministic Choice: “P+Q” • Non-deterministic choice: P+Q • Non-deterministic choice between processes P and Q » Initially has the capabilities of both P and Q; but performing an action from P, say, will pre-empt further execution of Q. • Example: def • Disp = coin. (coke. Disp + sprite. Disp) coke or sprite Semantics Q 1 2007
35 Parallel Composition: “P|Q” • Parallel Composition: P|Q • Any independent interleavings of processes P and Q » Also: may communicate (hand-shake): process P using input action, a; process Q corresponding output action, a (or vice versa) • Example: def • Student: def Coke. M = coin. coke. Coke. M • Coke Machine: Stud = read. coin. coke. Stud Coke. M | Stud Semantics Q 1 2007
36 Parallel Composition (cont’d) Stud | Coke. M read Stud coin Coke. M coin coke (Stud | Coke. M) | Stud [ << ? >> ] (Stud | Coke. M) | Coke. M [ << ? >> ] Semantics Q 1 2007 coke
37 Restriction: “Pa” • Restriction (private name): Pa • Behaves just like P, except cannot make a or a actions (except within P) » Reminiscent of local variables (in private scope) • Example: • (Stud | Coke. M) coin coke • ((Stud | Coke. M) coin coke) | Stud Semantics Q 1 2007
![38 Action Relabelling: “P[f]” • Action Relabelling: P[f] • Behaves like P, except that](https://present5.com/presentation/7e50cd8567b58e7a0e884178a9e8e983/image-38.jpg "38 Action Relabelling: “P[f]” • Action Relabelling: P[f] • Behaves like P, except that")
38 Action Relabelling: “P[f]” • Action Relabelling: P[f] • Behaves like P, except that actions are renamed according to action renaming function, f » Permits parameterized reuse of processes Note: relabel inputs to inputs (and corresponding outputs to outputs) • Examples: def • • Coke. Machine = Vending. Machine[coke/item] • Semantics Q 1 2007 Vending. Machine = coin. item. Vending. Machine Mars. Machine = Vending. Machine[mars/item] def
39 SYNTAX FOR CCS Semantics Q 1 2007
40 Input, output (and internal) action • Actions: • a A Set of Channel Names (input) • a A Set of Channel Co-Names (output) • Special silent (invisible/internal) action tau • Note: inputs and outputs are complementary: a = a » Communication: hand-shake on a and a only (no values) • Metavariables: • a L=A A • Act = L { } Semantics Q 1 2007
41 CCS Syntax • CCS Syntax: P : : = • • Semantics Q 1 2007 0 | . P | P+P | P|P | … where PL | def P[f] | K def K 1 = P 1, K 2 = P 2, … “ 0” “. P” “P+P” “P|P” // inaction // action prefix, Act // non-deterministic choice // parallel composition “PL” “P[f]” “K” // restriction (private name), L ⊆ L Note: restrictions on f // action relabelling f: Act // process variable, a: f(a) = f(a) K K f( ) =
42 Alternative Syntax • Alternative Syntax (that we will also use): – Parameterized sum: • i I Pi for P 0 + P 1 + … + Pn – Inactive process (as empty sum): • i Ø Pi for 0 – Restriction (by element): • P a Semantics Q 1 2007 for P {a}
43 Algebraic Operator Precedence 1. Restriction and relabelling 2. Action prefixing 3. Parallel composition 4. Summation “PL” “P[f]” “. P” “P|Q” “P+Q” – Q: How is “R+a. P|b. QL” then to be read ? • A: “R+((a. P)|(b. (QL)))” ! Semantics Q 1 2007 tightest • •
44 SOS FOR CCS Semantics Q 1 2007
![45 SOS for CCS • Structural Operational Semantics: [ACT] [CON] [SUMj] [COM 2] [COM](https://present5.com/presentation/7e50cd8567b58e7a0e884178a9e8e983/image-45.jpg "45 SOS for CCS • Structural Operational Semantics: [ACT] [CON] [SUMj] [COM 2] [COM")
45 SOS for CCS • Structural Operational Semantics: [ACT] [CON] [SUMj] [COM 2] [COM 1] [REL] [COM 3] [RES] Q: why (tau) in communication “P|Q” (instead of propagating a or a) ? ~ “the unobservable hand-shake” Semantics Q 1 2007
46 DESCRIBING PROCESSES WITH CCS Semantics Q 1 2007
47 Transition Diagram • Transition Diagram: • A visualization of a Labelled Transition System: » Configurations annotated with processes (e. g. a. 0 » Transitions annotated with actions (e. g. a ) a. 0 | a. 0 a a 0 | 0 Semantics Q 1 2007 a. 0 | 0 )
![48 Traces • Definition: • A “trace”, ω=[α 1, …, αk] Act* (k ≥](https://present5.com/presentation/7e50cd8567b58e7a0e884178a9e8e983/image-48.jpg "48 Traces • Definition: • A “trace”, ω=[α 1, …, αk] Act* (k ≥")
48 Traces • Definition: • A “trace”, ω=[α 1, …, αk] Act* (k ≥ 0), of a process P is a sequence of actions such that the following sequence of configurations can be derived from P: α α α P → P 1 → … → Pk 1 2 k • A trace can be the empty sequence [] • We use the constant ε ≝ [] • traces(P): The set of all traces of P. • The set of traces, traces(P), of a process P is ”closed under prefix”, i. e. if ω traces(P) then this is also the case for any prefix of ω. Semantics Q 1 2007
49 Example: Traces a. 0 | a. 0 a a. 0 | 0 a 0 | 0 • traces( a. 0 ) = {ε, a, a, , aa} | a. 0 • For more complex traces use regular expressions Semantics Q 1 2007
![50 Example Derivation • Assume: [ACT] [CON] [SUMj] def A = a. A [COM](https://present5.com/presentation/7e50cd8567b58e7a0e884178a9e8e983/image-50.jpg "50 Example Derivation • Assume: [ACT] [CON] [SUMj] def A = a. A [COM")
50 Example Derivation • Assume: [ACT] [CON] [SUMj] def A = a. A [COM 1] • Consider: c (b. 0|(A|a. 0))[c/a] ? [COM 2] [REL] [ACT] [RES] a. A a A A A (A | a. 0) a a (A | a. 0) (b. 0 | (A | a. 0)) a (b. 0 | (A | a. 0)) [c/a] c (b. 0 | (A | a. 0)) [c/a] [CON] [COM 1] [COM 2] [REL] [COM 3] Semantics Q 1 2007 def A = a. A
51 Example: Lock ("Mutual Exclusion") Lock • Example: ("mutex") Lock • • • Lock def User acq def = acq. rel. Lock rel = acq. enter. exit. rel. User // critical region def Mutex = (User | Lock) {acq, rel} User’ aka. a "semaphore" def = User[enter’/enter, exit’/exit] def System = (User | Lock | User’) {acq, rel} • Q: How are the critical enters and exits related ? » A: never two enters without exit in between Historically: Sema "Probeer te verlagen" (Dutch: try to decrease) def = p. v. Semantics Q 1 2007 • "Verhoog" (Dutch: increase) E. Dijkstra
52 CCS TOOLS Semantics Q 1 2007
![53 Concurrency Workbench • [ Concurrency Workbench ] P ¡ testing (interactive simulation) ¡](https://present5.com/presentation/7e50cd8567b58e7a0e884178a9e8e983/image-53.jpg "53 Concurrency Workbench • [ Concurrency Workbench ] P ¡ testing (interactive simulation) ¡")
53 Concurrency Workbench • [ Concurrency Workbench ] P ¡ testing (interactive simulation) ¡ verification (via logic formulae) ¡ dump transition graph (NFA) ¡. . . [ http: //homepages. inf. ed. ac. uk/perdita/cwb/summary. html ] [ /users/courses/d. Sem/bin/cwb ] Semantics Q 1 2007
54 The Concurrency Workbench • CWB: Command: input “Pand. Q. ccs”; Command: sim(P); // run the built-in simulator Command: output “P. graph”; Command: graph(P); // name output file // output for CCS visualizer and simulator Command: strongeq(P, Q); CWB’s answer // strong bisimilarity Command: eq(P, Q); CWB’s answer // weak bisimilarity • Recommendation: try it out (before the exam)! Semantics Q 1 2007
![55 CCS Visualizer and Simulator • [ CCS Visualizer and Simulator ] [ /users/courses/d.](https://present5.com/presentation/7e50cd8567b58e7a0e884178a9e8e983/image-55.jpg "55 CCS Visualizer and Simulator • [ CCS Visualizer and Simulator ] [ /users/courses/d.")
55 CCS Visualizer and Simulator • [ CCS Visualizer and Simulator ] [ /users/courses/d. Sem/bin/tbgg ] [ /users/courses/d. Sem/bin/cv ] [ http: //www. brics. dk/bisim/ ] Semantics Q 1 2007
56 "Three minutes paper" • Please spend three minutes writing down the most important things that you have learned today (now). After 1 day After 1 week After 2 weeks Semantics Q 1 2007 Right away After 3 weeks
57 Next week: Equivalences, Bisimulation, and Games Any Questions? Semantics Q 1 2007