Advanced Topics in Software Engineering

1
Advanced Topics in Software Engineering

• Marjan Sirjani
• Tehran University
• Faculty of Engineering
• ECE Department
• Tehran, 1383-1384

2
Subjects to be covered

• Modeling concurrency
• Formal verification methods
• Transition systems
• Petri Nets
• Process Algebra
• Actor Model
• Rebeca an actor-based model
• Reo a coordination language
• Constraint automata

3

• Models of concurrency
• The Temporal Logic of Reactive and Concurrent
  Systems (Specification),
• Z. Manna, A. Pnueli, Springer-Verlag, 1992
• Part one Models of Concurrency
• Process algebra
• Communicating Sequential Processes
• C.A.R. Hoare,
• 2004

4

• Actors
• Actors a Unifying Model for Parallel and
  Distributed Computing,
• Agha G., Kim W.,
• Open Systems Laboratory, 1998.
• Rebeca 
• Modeling and Verification of Reactive Systems
  using Rebeca,
• Sirjani M., Movaghar A, Shali A., and de Boer
  F., Fundamenta Informaticae, Dec. 2004

5

• Coordination languages
• Reo A Channel-based Coordination Model for
  Component Composition,
• F. Arbab,
• Mathematical Structures in Computer Science,
  2004
• Modeling Component Connectors in Reo by
  Constraint Automata,
• F. Arbab, C. Baier, J.J.M.M. Rutten and M.
  Sirjani,
• in Proceedings of FOCLASA'03, Marseille,
  France, September 2003, ENTCS, Elsevier Science.

6
Overview

• Concurrent and Reactive Systems
• Formal methods
• Modeling language
• Process algebra, Petri nets, Actor languages
• Specification language
• Temporal logic, Automata
• Analysis
• Theorem proving, Model checking

7

• Models of Concurrency
• Manna, chapter 1,2

8
Chapter 1- Basic Models

• Programs and systems they control
• Transformational
• Reactive

9

• Transformational program
• More conventional
• Produce final result at the end of a terminating
  computation
• A function from an initial state to a final state
• Appropriately specified by properly
  characterizing the relation between initial and
  final states predicate logic

10

• Reactive program
• Not to produce a final result but to maintain
  some ongoing interaction with its environment

11
Reactivity and Concurrency

• Program and its environment act concurrently
• in transformational case, they act sequentially
• When we have parallel processes, even if the
  whole program has a transformational role, it
  should be analyzed as a reactive system.

12
Reactive systems

• Communication
• Coordination

13

• Communication
• Shared variables
• Message passing
• Remote procedure calls

14

• Coordination
• Semaphores
• Critical regions
• Monitors
• Handshaking
• Rendezvous
• Asynchronous transmission

15
The Generic Model

• V Vocabulary
• E Expressions
• A Assertions
• I - Interpretations

16

• V Vocabulary
• A countable set of typed variables.
• Data variables
• Range over data domains used in programs, such as
  booleans, integers, or lists.
• Control variables
• Indicate progress in the execution of a program,
  range over locations in the program.

17

• E Expressions
• Expressions are constructed from the variables of
  V and constants (such as ,,?) and predicates
  (such as gt, null, and ?) over the appropriate
  domains (such as integers, lists, and sets) are
  applied.
• x3y hd(u) tl(v) A ? B

18

• A Assertions
• Assertions are constructed out of boolean
  expressions using boolean connectives and
  quantification(?,?) over some variables that
  appear in the expressions.

19

• I Interpretation
• An interpretation I ?I of a set of typed
  variables V? V is a mapping that assigns to each
  variable y ? V a value Iy in the domain of y.
• If I?T, we say I satisfies ? I ?

20
Basic Transition System

• A basic transition system (?,?,?,?), intended to
  represent a reactive program.
• ?u1,,u2 ? V a finite set of flexible state
  variables.
• ? - a set of states.
• ? - a finite set of transitions.
• ? - an initial condition.

21

• ?u1,,u2 ? V a finite set of flexible state
  variables.
• Data variables
• Explicitly declared and manipulated
• Control variables
• Represent progress in the execution of the
  program (label of a statement)

22

• ? - a set of states.
• Each state s in ? is an interpretation of ?,
  assigning to each variable u in ? a value over
  its domain, denoted by su.
• A state s that satisfies an assertion ?, i.e., s
  ? , is sometimes referred to as ?state.

23

• ? - a finite set of transitions.
• Each transition ? in T represents a
  state-transforming action of the system and is
  defined as a function ? ? ? 2 ? that maps a
  state s in ? into the (possibly empty) set of
  states ?(s) that can be obtained by applying
  action ? to state s.

24

• ? - an initial condition.
• This assertion characterizes the states at which
  execution of the program can begin.
• A state s that satisfies ?, i.e., s ? , is
  called an initial state.

25
The Transition Relation ??

• Each transition ? is characterized by an
  assertion, called the transition relation
• ??(?,?)
• ??(?,?) C? (?) ? (y1e1) ? ?(ykek)
• Enabling condition C? (?)
• Conjunction of modification statements

26

• Enabled and disabled transitions
• Idling and diligent transitions
• Computation infinite sequence of steps
• Computation prefix
• Reachable states

27
Concrete models

• Model 1 Transition Diagram
• Model 2 Shared-Variables text
• Model 3 Message-Passing text
• Model 4 Petri Nets

28
Model 1 Transition diagrams

• Program P, and processes Pi
• PdeclarationP1 P2 Pm mgt1
• Data variables Yy1, , yn ngt1
• Shared for all the processes

29
Declarations

• At the head of the program
• Modes, Types, Initial conditions
• mode var, ,var type where ?i
• Mode in, local, out
• Types basic (int,char), structured (array,
  list, set)
• Assertion ?i , imposes constraint on the values
  of some of the variables in this statement

30

• in k,n integer where 0?k?n
• local y1,y2 integer where y1n ? y21
• out b integer where b1
• Data precondition of the program ?? i
• ? 0?k?n ? y1n ? y21 ? b1

31
Processes

• Each process Pi is represented by a transition
  diagram (directed graph)
• Nodes locations
• For Pi Li li0, li1 , , liti
• Entry and exit locations
• Edges (atomic) instructions
• Guarded assignment
• c ? (y1, )(e1, )
• State of a program Control variables (?i current
  location of control in Pi) data variables

32
Diagrams as Basic Transition Systems

• State variables
• States
• Transition
• Initial condition

33

• State variables
• All the data and control variables
• ? ?1, , ?m, y1, , yn
• States
• All the possible interpretations that assign to
  the state variables values over their respective
  domains.
• Domain of control variable ?I is the set of
  locations Li

34

• Transition
• Idling transition ?I is defined by transition
  relation ?I T
• Diligent transitions labeled edges that appear
  within the processes.

35
C ? yi ei
l
l
?

• is the edge.
• ?? (?i l) ? c ? (?il) ? (yi ei)

36

• Initial condition
• Program P
• dcl where ?P1 Pm
• Initial condition
• ? ? ? /\i1m (?I loi)
• A process is enabled, or disabled on a state.

37
Example Binomial coefficient

• ( nk ) (n(n-1)(n-k1)) / (1.2.k)

38
Representing Concurrency by Interleaving
X0,Y0
X0,Y0
Y1
X1
X1
Y1
X1
Y1
Process P1
Process P2
Program B
Program A
39
Scheduling

• The choice of the enabled transition to be
  executed next.
• A sequence of choices that leads to a complete
  computation is called a schedule.

40
Model 2 shared-variable text