university of regina full lotos department of computer science university of regina, regina sk,...
TRANSCRIPT
University of ReginaUniversity of Regina
Full LOTOSFull LOTOSDepartment of Computer ScienceDepartment of Computer Science
University of Regina, ReginaUniversity of Regina, ReginaSK, CanadaSK, Canada
Yashu BitherYashu Bither
Amrudee SukpanAmrudee Sukpan
Tetyana ManuylenkoTetyana Manuylenko
Chakka SreenivasuluChakka Sreenivasulu
November 18, 2002November 18, 2002
University of ReginaUniversity of ReginaFull LOTOS
OutlineOutline
Introduction.
Full LOTOS.
Difference from Basic LOTOS.
Spec(s) in Full LOTOS.
Facts of Full LOTOS.
Value Expression - Value and variable declaration.
Scope and binding of Variables.
Inter Process Communication.
Example.
University of ReginaUniversity of ReginaFull LOTOS
IntroductionIntroduction
Basic LOTOS only describes process synchronization.
Data exchange is an important feature in telecommunication and distributed systems.
University of ReginaUniversity of ReginaFull LOTOS
• Full LOTOS enhances the expressive power of Basic LOTOS by providing the finer structure to observable actions and enrich process synchronization with value passing thus providing inter process value communication. • Full LOTOS includes data description (ACT ONE) and control components (enriched basic LOTOS).
• Full LOTOS introduces value communication and data types to the process algebraic concepts of Basic LOTOS.
Full LOTOSFull LOTOS
University of ReginaUniversity of ReginaFull LOTOS
Difference from Basic LOTOSDifference from Basic LOTOS
• An observable gate
Basic LOTOS
= a gate name+ a list of values ( or value expression).
For example: g<true> g<29, false>
event attributesStructured event
Contd...
University of ReginaUniversity of ReginaFull LOTOS
• The representations of data values and value expressions in full LOTOS are derived from the specification language for abstract data types - ACT ONE.
• As a major advantage, in full LOTOS we will be able to enrich synchronization with value passing, thus providing interprocess communication.
• In basic LOTOS an observable action coincides with a gate name, in full LOTOS it is formed by a gate name followed by a list of zero or more values offered at that gate:
g <v 1 ... v n >. For example: g <TRUE, "tree", 3>
Difference from Basic LOTOS .. 2Difference from Basic LOTOS .. 2
University of ReginaUniversity of ReginaFull LOTOS
Spec(s) in Full LOTOSSpec(s) in Full LOTOS
Specification typical_spec [gate list] (parameter list) : functionalitytype definitions
behaviorbehavior expression
wheretype definitionsprocess definitions
end spec
process typical_proc [gate list] (parameter list) : functionality :=behavior expression
wheretype definitionsprocess definitions
end proc
University of ReginaUniversity of ReginaFull LOTOS
Facts of Full LOTOSFacts of Full LOTOS
• Values can be offered at gates and exchanged between processes (enrichment of the action prefix operator).
• New Construct of guarding and selection predicates.
• Values can be used to generalize choice operator.
• Values can be used to instantiate parametric process definitions; let construct.
• InterProcess Communication (Sequential composition…).
University of ReginaUniversity of ReginaFull LOTOS
Value declarationsValue declarations
• The general format for the value declaration is:!E
where E is a LOTOS expression or (value expression) or ( an expression describing a data value).
For example: !(3+5) !(x+1) !max(x,y)
• In Basic LOTOS: g; B g B` B is a process that offers g and then behaves like B`.
• In Full LOTOS: g!E; B g<value(E)> B` B is a process that offers g<value(E)> and then behaves like B`.
University of ReginaUniversity of ReginaFull LOTOS
Value declarations … contdValue declarations … contd
For example:
if x =3 and y =5 then
g!max(x,y) = g!max(3,5) describes g<5>.
University of ReginaUniversity of ReginaFull LOTOS
Variable declarationsVariable declarations
• The general format for the variable declaration is:g?x: t;B
where x is a variable name andt is a sort identifier.It indicates the domain of values over which x ranges.
For example: ?x:integer ?text:string ?x:nat
So g?x: t;B(x) is a process that offers all events g<v> where v is any value in the domain of sort t and then behaves like B(v).
University of ReginaUniversity of ReginaFull LOTOS
Scope and binding of VariablesScope and binding of Variables
For example:
a?x:nat; b?y:nat; c!max(x,y); stop
Scope of?x:nat
Scope of?y:nat
Bindingoccurrence
of y
Bindingoccurrence
of x
Usual rules for nested scopes apply.
University of ReginaUniversity of ReginaFull LOTOS
Inter Process Communication (IPC)Inter Process Communication (IPC)• IPC may occur when two processes composed in parallel are offering the same structure action i.e. same gate and same values. g1!sap1 ?x:cep_sort !”test”; g2!x; stop ||
g1!sap1 !cep_3 ?y:string; g3!y; stop
The processes if synchronize, are able to offer action
g1<sap1, cep-3, “test”>
Once the interaction has taken place, the exp. obtained is:g2 !cep_3; stop| | g3 !”test”; stop
where the proper substitutions have been carried out.
University of ReginaUniversity of ReginaFull LOTOS
Forms of IPCForms of IPC
• VALUE MATCHING: The synchronization actions are combined with value declarations. If the provided values are equal, the synchronization is possible.
• VALUE PASSING: Combination of value declaration and variable declaration results in value passing. The effect is that a value is transmitted from one process to the other.
• VALUE GENERATION: The only remaining case is the one where actions are combined with the variable declarations of the same type attached to them. Superposing another process in parallel that offers a value of the required type yields a form of multicast communication.
University of ReginaUniversity of ReginaFull LOTOS
Forms of IPC … contdForms of IPC … contd
Process A Process B Synchron type effect condition of
interaction
g!E1
g!E g!x:t
Value(E1)= value(E2)
Value(E)is of sort t
g!E2 Value matching
Value passing
Synchronization
After Synchron.X = value(E)
g!x:t g!y:u t = u Valuegeneration
After sync. x=y=v where v is in domain of t.
University of ReginaUniversity of ReginaFull LOTOS
Specification Max3 [in1, in2, in3, out]:noexittype natural is
sorts natopns zero: nat
succ: nat natlargest: nat, nat nat
eqns ofsort natforall x:nat
largest(zero, x) = xlargest(x, y) = largest(y, x)largest(succ(x), succ(y)) = succ(largest(x, y))
endtype (* natural *)behaviour
hide mid in(Max2[in1, in2, mid] |[mid]| Max2[mid, in3, out])
whereprocess Max2[a, b, c] : noexit :=
a ?x:nat; b ?y:nat; c !largest(x,y); stop[]b ?y:nat; a ?x:nat; c !largest(x,y); stop
endproc (*Max2*)endspec (*Max3*)
Example in Full LOTOS
University of ReginaUniversity of ReginaFull LOTOS
Conditional Constructs in Full LOTOS
Selection Predicate
Guarded Expression
University of ReginaUniversity of ReginaFull LOTOS
Selection Predicates
Format:
action denotation [equation];
Examples:
[X=4]
[X<0]
University of ReginaUniversity of ReginaFull LOTOS
Selection Predicate
A selection predicate can be associated with an action denotation
It imposes restrictions on the values that may be bound to these variables.
Selection predicate may contain variables that occur in the variable declarations (?x:t)
University of ReginaUniversity of ReginaFull LOTOS
Example:G1?x:nat [x<3]
G1!0
G1!1
G1!2 G1G1
G1G1
G1?x:natG1!0
G1!1
G1!2
G1!3
G1!4
G1!5
...
G1!0 [] G1!1[]G1!2G1!0 [] G1!1[]G1!2
University of ReginaUniversity of ReginaFull LOTOS
Scope of variable declarations
has the following three possible transitions– g1<0> -> g2!0;stop– g1<1> -> g2!1;stop– g1<2> -> g2!2;stop
g2!0 g2!1 g2!2
g1<0>g1<1>
g1<2>
g1?x:nat[x<3];g2!x;stop
• be considered as part of the scope of the variable declarations in that action denotation.
University of ReginaUniversity of ReginaFull LOTOS
Selection Predicate
Synchronization
2 processes negotiate the value of a parameter in an interaction which each one imposing its own condition
PP PP
University of ReginaUniversity of ReginaFull LOTOS
Selection Predication
Hide sap insap?x:nat[x<max];B1(x)
|[sap]|
sap?y:nat[y>min];B2(y)
B1B1 B2B2sap sap
Ex:max=10 and min=5x=0,…,9y=6,…,npossible values = 6,7,8,9
Ex:max=10 and min=5x=0,…,9y=6,…,npossible values = 6,7,8,9
University of ReginaUniversity of ReginaFull LOTOS
Selection Predicate
Hide sap in
B1(n) |[sap]|B2(n)
* min<n<max
Synchronization can occur with the environment on one of two actions.
University of ReginaUniversity of ReginaFull LOTOS
Conditional Constructs
Selection predicates
Guarded expressions
University of ReginaUniversity of ReginaFull LOTOS
Guarded expression
Any behaviour expression may be preceded by a predicate and an arrow
if (expression) then Behaviour
Format:
[expression]->Behaviour
University of ReginaUniversity of ReginaFull LOTOS
Guarded Expression
if the predicate holds, then the behaviour described by the behaviour expression is possible, otherwise the whole expression is equivalent with stop
University of ReginaUniversity of ReginaFull LOTOS
Example
[X>0]->sap!X;P[...](x,…)
[]
[X<=0]->sap!-X;P[...](x,…)
[X>0]->sap!X;P[...](x,…)
[]
[X<=0]->sap!-X;P[...](x,…)
* if x=1 then sap!1;P[...](1,…)* if x=-3 then sap!3;P[…](-3,…)
University of ReginaUniversity of ReginaFull LOTOS
Guarded expression
[cond1]->process1
[]
[cond2]->process2
[]
...
[condn]->processn
University of ReginaUniversity of ReginaFull LOTOS
Guarded expression
The conditions in the guards need not be exclusive
[x>0] -> process1 [] [x=5] -> process2[] [x<9] -> process 3
[x>0] -> process1 [] [x=5] -> process2[] [x<9] -> process 3
*if X=10 then process1 *if X=5 then process1[]process2[]process3*if X= 2 then process1[]process3
University of ReginaUniversity of ReginaFull LOTOS
g?x:Nat[x<=5];( [X=2 or X=3]-> g!X!0;stop
[] [X<3] -> g!X!1;stop)
g!0;g!0!1;stop
[]
g!1;g!1!1;stop
[]
g!2;(g!2!0;stop[]g!2!1;stop)
[]
g!3;g!3!0;stop
[]
g!4;stop
[]
g!5;stop
Example
University of ReginaUniversity of ReginaFull LOTOS
Generalized Choice in Full LOTOS
Choice operator “[]” can only express a finite number of alternatives.
Generalized Choice specify the choice among all possible value expressions of a sort.
University of ReginaUniversity of ReginaFull LOTOS
Generalized Choice
Choice X:S[]B(X)
if t1,…,tn are all possible value expressions of sort S.
The resulting behavior by substitution ti for X in B.
University of ReginaUniversity of ReginaFull LOTOS
Generalized Choice
Let B(x) be a behaviour expression, depends on a variable X of sort nat.
Specify the choice among the processes B(v) for all nat-values v
choice x:nat [] B(X)
B(0) [] B(1) [] B(2) [] B(3) []…[] B(n)
University of ReginaUniversity of ReginaFull LOTOS
Generalized Choice
The generalized choice construct allows an alternative representation for the action prefix construct, when this include a variable declaration
a?x:t;B(x) = choice x:t[]a!x;B(x)a?x:t;B(x) = choice x:t[]a!x;B(x)
University of ReginaUniversity of ReginaFull LOTOS
Example
g!0;stop
[]
g!2;stop
[]
g!4;stop
[]
…
...
Choice x:Nat[] [x mod 2=0]->g!x;stopChoice x:Nat[] [x mod 2=0]->g!x;stop
University of ReginaUniversity of ReginaFull LOTOS
Generalized Choice
choice x:t [] i;B(X)
choice x:t[] a;B(x)
more than one variables– choice x1:t1,…,xn:tn[] B(x1,…,xn)
sets of gate identifiers may be used for indexing– choice g in [a1,…,an] [] Process_X[g](…)
University of ReginaUniversity of ReginaFull LOTOS
Generalized Choice
sets of gate identifiers may be used for indexing– choice g in [a1,…,an] [] Process_X[g](…)
expressed among n instances of Process_X
formal gate g is actualized with a different element of the gatelist [a1,…,an]
University of ReginaUniversity of ReginaFull LOTOS
Full LOTOS
Interprocess communication
Conditional constructs– Selection Predicates– Guarded Expressions
Generalized Choice
Parametric processes
University of ReginaUniversity of ReginaFull LOTOS
Full LOTOS offers the possibility to parameterize process definition in terms of a parameter list.
process typical_proc[gate list](x1:t1, ..., xn:tn):functionality := … endproc
Parametric Processes
Parameter list is a list of variable declarations.
University of ReginaUniversity of ReginaFull LOTOS
Specifications can be parametric as well as process definitions.
process typical_proc[gate list](x1:t1, ..., xn:tn):functionality := … endproc
Instantiation
typical_proc[actual gate list] (E1, …, En)
value expressions
University of ReginaUniversity of ReginaFull LOTOS
Example:
process compare[inp, out] (min, max: int) : noexit :=inp ?x:int;( [min<x<max] -> out !x; compare[inp, out] (min, max)[] [x<=min] -> out !min; compare[inp, out] (x, max)[] [x>=max] -> out !max; compare[inp, out] (min, x))
endproc
behaviour expression
University of ReginaUniversity of ReginaFull LOTOS
Instantiation:
compare[one, two] (x, 2*x)
one ?y:int;( [x<y<2*x] ->two !y; compare [one, two] (x, 2*x)[] [y <=x] -> two !x; compare [one, two] (y, 2*x)[] [y>=2*x] -> two !2*x; compare [one, two] (x, y))
actual parameters
University of ReginaUniversity of ReginaFull LOTOS
A more direct way to associate value expressions E1, …, En to the free variables x1, …, xn of a behaviour expressions B(x1, …xn) is offered by the ‘let’ construct:
let x1:t1 = E1, …, xn:tn = En in B(x1, …, xn)
compare[one, two] (x, 2*x)
one ?y:int;let z:int = x*2 in
( [x<y<z] ->two !y; compare [one, two] (x, z)[] [y <=x] -> two !x; compare [one, two] (y, z)[] [y>=z] -> two !z; compare [one, two] (x, y))
University of ReginaUniversity of ReginaFull LOTOS
Sequential Composition with Value Passing
Connection-Phase[...] >> Data-Phase[...]Data-Phase depends on parameters that are established in Connection-Phase.Data-Phase is called Parametric Process.Need a mechanism for passing these parameters.
– Generalize the notion of Successful Termination.– Add some static constraints to the Full Lotos Language.
University of ReginaUniversity of ReginaFull LOTOS
Successful termination with value offers
In Full LOTOS, the exit process has a finite list of value expressions. The values expressed are those that are passed on to the subsequent process. For example,
– a ?x:nat; b ?y:nat; exit(largest(x, y))– tsap !cei ?quality-of-service : quality-parameter-s
ort ?expedited-data-option : bool; exit(quality-of-service, expedited-data-option)
University of ReginaUniversity of ReginaFull LOTOS
Rules determining Functionality of Behaviour Expressions
The list of the sorts of the values offered at successful termination is called the functionality of that termination.Functionality and Actual Termination are two different things. The functionality is a sort of static typing mechanism, which is only meant to guarantee the predictability of the list of sorts offered at successful termination, in case, such termination occur.
University of ReginaUniversity of ReginaFull LOTOS
Rules determining Functionality of Behaviour Expressions (Cont…)
The actual occurrence of a successful termination, in general, cannot be decided statically, nor dynamically. “Halting Problem” for Turing Machines.The functionality typing scheme helps in avoiding constructions however, of which the absence of successful terminations can be decided statically.'func(B)' to denote the functionality of expression B
University of ReginaUniversity of ReginaFull LOTOS
Stop
The functionality of processes that do not terminate successfully at all, like stop, is indicated with noexit.
University of ReginaUniversity of ReginaFull LOTOS
Exit
The Simple successful termination without value passing has a functionality that is indicated by the same name:
func(exit) = exit.
University of ReginaUniversity of ReginaFull LOTOS
Choice
If B1 and B2 are processes,Case I
– Both can terminate successfully– B1 and B2 have the same functionality
func(B1)= func(B2)= func(B1 [ ] B2) Case II
– if func(B1)=noexit, func(B1 [] B2) = func(B2) – if func(B2)=noexit, func(B1 [] B2) = func(B1)
For generalized choice the rule is simple: func(choice ... [ ] B') = func(B')
University of ReginaUniversity of ReginaFull LOTOS
Disabling
func(B1)=func(B2)=func(B1[>B2)
func(B1) = noexit, – func(B1[>B2) = func(B2)
func(B2) = noexit, – func(B1[>B2) = func(B1)
University of ReginaUniversity of ReginaFull LOTOS
Parallel Composition
func(B1)=func(B2)=func(B1op B2)
func(B1) = noexit, – func(B1op B2) = noexit
func(B2) = noexit, – func(B1op B2) = noexit
‘Op’ is any Parallel Operator
University of ReginaUniversity of ReginaFull LOTOS
Parallel Composition (Cont…)
The parallel composition of two processes only terminates successfully if both terminate with same list of values.
It is convenient to use the any-construct as a parameter of the exit process.
University of ReginaUniversity of ReginaFull LOTOS
Parallel Composition (Cont…)
It has the format ‘any sort-identifier’.
Exit(any nat) is a process that can terminate successfully with the offer of any nat-value at the special gate δ.
University of ReginaUniversity of ReginaFull LOTOS
Parallel Composition (Cont…)
– a ?x:int; exit ||| b !'anystring'; exit has functionality exit
– a ?x:int; exit ||| b !'anystring'; stop has functionality noexit
– exit(3) ||| exit(5) has functionality 'nat', but does not terminate successfully
– exit(3, any bool) ||| exit(any nat, true) has functionality 'nat, bool', and terminates successfully by offering value pair (3, true)
– exit(3) ||| (a !3; exit [] a ?x:nat; exit(x)) is not a well-formed LOTOS expression
University of ReginaUniversity of ReginaFull LOTOS
Process Definition
Specification and Process definitions include parameters indicating the functionality of that specification or process definition, which is defined as the functionality of the behaviour expression of that specification or process definition.
In this functionality parameter a functionality ' t1, ..., tn' is combined with the keyword exit. The three possible formats of this parameter are:– noexit– exit– exit(t1, ..., tn)
University of ReginaUniversity of ReginaFull LOTOS
Process Definition (Cont…)
Examples:
process P[a]: exit(nat, bool) :=
a ?x:nat ?y:nat;(i; exit(x, true) [] i; exit(y, false))
endproc
process Q[a, b]: exit :=
a ?x:nat;(b !x; exit [] i; Q[a, b])
endproc
process R[a, b]: noexit :=
a ?x:nat ?y:nat;(b !x; stop [] b !y; stop)
endproc
University of ReginaUniversity of ReginaFull LOTOS
Process Instantiation
The functionality is not given explicitly.
The functionality is defined as that of the associated process
definition.
University of ReginaUniversity of ReginaFull LOTOS
Accepting Values from the Enabling Process
If B1 is a process with the desired functionality, say exit(t1,...,tn), its sequential composition with another process B2 can be defined as:
B1 >> accept x1:t1, ..., xn:tn in B2x1, ..., xn are the variables used in B2 for the n values passed at the successful termination of B1.
func(B1 >> accept x1:t1, ..., xn:tn in B2)=func(B2)
University of ReginaUniversity of ReginaFull LOTOS
Accepting Values from the Enabling Process (Cont…)
The functionality of B1 be matched by the list of sorts t1,...,tn after the accept keyword. For example,Connection-Phase[...](...) >>
accept quality-of-service : quality-parameter-sortexpedited-data-option : bool
inData-Phase[...]( quality-of-service, expedite
d-data-option)
The value passing in sequential composition can be considered as a special case of the value passing in parallel composition.
University of ReginaUniversity of ReginaFull LOTOS
Structured Programming
Structured programming, in the context of traditional programming languages, allows the programmer to take a "divide-and-conquer" approach and partition his/her task into smaller sub-tasks to be handled separately.
University of ReginaUniversity of ReginaFull LOTOS
Constraint-Oriented Specification
"divide-and-conquer" approach.
A specification is a collection of small processes, each one expressing few constraints on the temporal ordering of the system events.
All these pieces are then composed via the parallel operator (with synchronization), which acts as a logical conjunction (AND) of all the constraints. Any action occurring at some synchronization gate is simultaneously subject to all the constraints expressed by the processes sharing that gate.
University of ReginaUniversity of ReginaFull LOTOS
Conclusion
The language has a strong algebraic nature and the first impact with the apparently complex symbology of specifications may be discouraging.
The LOTOS specifications that have been produced so far indicate that quite complex systems can be specified with an intuitively appealing structure, and be relatively concise.
University of ReginaUniversity of ReginaFull LOTOS
Conclusion (Cont…)
The conciseness and readability could be increased even further if good notational facilities are developed for the specification of data typesAn important problem to be addressed in producing a realistically complex specification relates to the tradeoff between process and type definitions. It is a fact that many elements of a system can be specified both as processes and as data types.
University of ReginaUniversity of Regina
… FULL LOTOS ...
THANK YOU