CS477 Formal Software Dev Methods Elsa L Gunter 2112 SC, UIUC egunter@illinois.edu http://courses.engr.illinois.edu/cs477 Slides based in part on previous lectures by Mahesh Vishwanathan, and by Gul Agha March 28, 2018 Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 1 / 29
Simple Concurrent Imperative Programming Language (SCIMP1) I ∈ Identifiers N ∈ Numerals E ::= N | I | E + E | E ∗ E | E − E B ::= true | false | B & B | B or B | not B | E < E | E = E skip | C ; C | { C } | I ::= E | C � C ′ C ::= | if B then C else C fi | while B do C Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 2 / 29
Semantics for � C 1 � C 2 means that the actions of C 1 and done at the same time as, “in parallel” with, those of C 2 True parallelism hard to model; must handle collisions on resources What is the meaning of x := 1 � x := 0 True parallelism exists in real world, so important to model correctly Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 3 / 29
Interleaving Semantics Weaker alternative: interleaving semantics Each process gets a turn to commit some atomic steps; no preset order of turns, no preset number of actions No collision for x := 1 � x := 0 Yields only � x �→ 1 � and � x �→ 0 � ; no collision No simultaneous substitution: x := y � y := x results in x and y having the same value; not in swapping their values. Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 4 / 29
Coarse-Grained Interleaving Semantics for SCIMP1 Commands Skip, Assignment, Sequencing, Blocks, If Then Else, While unchanged Need rules for � → ( C ′ 1 , m ′ ) → m ′ ( C 1 , m ) − ( C 1 , m ) − → ( C ′ 1 � C 2 , m ′ ) → ( C 2 , m ′ ) ( C 1 � C 2 , m ) − ( C 1 � C 2 , m ) − ( C 2 , m ) − → ( C ′ 2 , m ′ ) ( C 2 , m ) − → m ′ → ( C 1 � C ′ 2 , m ′ ) → ( C 1 , m ′ ) ( C 1 � C 2 , m ) − ( C 1 � C 2 , m ) − Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 5 / 29
Labeled Transition System (LTS) A labeled tranistion system (LTS) is a 4-tuple ( Q , Σ , δ, I ) where Q set of states Q finite or countably infinite Σ set of labels (aka actions) Σ finite or countably infinite δ ⊆ Q × Σ × Q transition relation I ⊆ Q initial states α → q ′ for ( q , α, q ′ ) ∈ δ . Note: Write q − Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 6 / 29
Example: Candy Machine Q = { Start , Select , GetMarsBar , GetKitKatBar } I = { Start } Σ = { Pay , ChooseMarsBar , ChooseKitKatBar , TakeCandy } (Start , Pay , Select) (Select , ChooseMarsBar , GetMarsBar) δ = (Select , ChooseKitKatBar , GetKitKatBar) (GetMarsBar , TakeCandy , Start) (GetKitKatBar , TakeCandy , Start) Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 7 / 29
Example: Candy Machine ☛ ✟ ✡ ✠ ✲ ✛ Start Pay ☛ ✟ ❄ ✡ ✠ TakeCandy TakeCandy Select � ❅ � ❅ � ❅ ChooseMarsBar ChooseKitKatBar � ❅ � ❅ ☛ ✟ ☛ ✟ � ✠ ❘ ❅ ✡ ✠ ✡ ✠ GetMarsBar GetKitKatBar Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 8 / 29
Predecessors, Successors and Determinism Let ( Q , Σ , δ, I ) be a labeled transition system. α In ( q , α ) = { q ′ | q ′ − → q } In ( q ) = � α ∈ Σ In ( q , α ) α Out ( q , α ) = { q ′ | q − → q ′ } Out ( q ) = � α ∈ Σ Out ( q , α ) A labeled tranistion system ( Q , Σ , δ, I ) is deterministic if | I | ≤ 1 and | Out ( q , α ) | ≤ 1 Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 9 / 29
Labeled Transition Systems vs Finite State Automata LTS have no accepting states Every FSA an LTS - just forget the accepting states Set of states and actions may be countably infinite May have infinite branching Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 10 / 29
Executions, Traces, and Runs A partial execution in an LTS is a finite or infinite alternating sequence of states and actions ρ = q 0 α 1 q 1 . . . α n q n . . . such that q 0 ∈ I α i q i − 1 − → q i for all i with q i in sequence An execution is a maxial partial execution A finite or infinite sequence of actions α 1 . . . α n . . . is a trace if there exist states q 0 . . . q n . . . such that the sequence q 0 α 1 q 1 . . . α n q n . . . is a partial execution. Let ρ = q 0 α 1 q 1 . . . α n q n . . . be a partial execution. Then trace ( ρ ) = α 1 . . . α n . . . . A finite or inifnite sequence of states q 0 . . . q n . . . is a run if there exist actions α 1 . . . α n . . . such that the sequence q 0 α 1 q 1 . . . α n q n . . . is a partial execution. Let ρ = q 0 α 1 q 1 . . . α n q n . . . be a partial execution. Then run ( ρ ) = q 0 . . . q n . . . . Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 11 / 29
Example: Candy Machine Partial execution: ρ = Start · Pay · Select · ChooseMarsBar · GetMarsBar · TakeCandy · Start Trace: trace ( ρ ) = Pay · ChooseMarsBar · TakeCandy Run: run ( ρ ) = Start · Select · GetMarsBar · Start Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 12 / 29
Program Transition System A Program Transition System is a triple ( S , T , init ) S = ( G , D , F , φ, R , ρ ) is a first-order structure over signature G = ( V , F , af , R , ar ) cS used to interpret expressions and conditionals T is a finite set of conditional transitions of the form g → ( v 1 , . . . , v n ) := ( e 1 , . . . , e n ) where v i ∈ V distinct, and e i term in G , for i = 1 . . . n init initial condition asserted to be true at start of program Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 13 / 29
Example: Traffic Light V = { Turn , NSC , EWC } , F = { NS , EW , Red , Yellow , Green } (all arity 0), R = { = } Turn = NS ∧ NSC = Red → NSC := Green NSG NSY Turn = NS ∧ NSC = Green → NSC := Yellow Turn = NS ∧ NSC = Yellow → ( Turn , NSC ) := ( EW , Red ) NSR EWG Turn = EW ∧ EWC = Red → EWC := Green EWY Turn = EW ∧ EWC = Green → EWC := Yellow EWR Turn = EW ∧ EWC = Yellow → ( Turn , EWC ) := ( NS , Red ) init = ( NSC = Red ∧ EWC = Red ∧ ( Turn = NS ∨ Turn = EW ) Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 14 / 29
Mutual Exclusion (Attempt) P 1 :: m 1 : while true do P 2 :: n 1 : while true do m 2 : p 11( ∗ not in crit sect ∗ ) n 2 : p 21( ∗ not in crit sect ∗ ) m 3 : c 1 := 0 n 3 : c 2 := 0 m 4 : wait ( c 2 = 1) n 4 : wait ( c 1 = 1) m 5 : r 1( ∗ in crit sect ∗ ) n 5 : r 2( ∗ in crit sect ∗ ) m 6 : c 1 := 1 n 6 : c 2 := 1 m 7 : od n 7 : od Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 15 / 29
Mutual Exclusion PTS V = { pc 1 , pc 2 , c 1 , c 2 } , F = { m 1 , . . . , m 6 , n 1 , . . . , n 6 , 0 , 1 } T = pc 1 = m 1 → pc 1 := m 2 pc 1 = m 2 → pc 1 := m 3 pc 1 = m 3 → ( pc 1 , c 1) := ( m 4 , 0) pc 1 = m 4 ∧ c 2 = 1 pc 1 := m 5 to pc 1 = m 5 → pc 1 := m 6 pc 1 = m 6 → ( pc 1 , c 1) := ( m 1 , 1) pc 2 = n 1 → pc 2 := n 2 pc 2 = n 2 → pc 2 := n 3 pc 2 = n 3 → ( pc 2 , c 2) := ( n 4 , 0) pc 2 = n 4 ∧ c 1 = 1 to pc 2 := n 5 pc 2 = n 5 → pc 2 := n 6 pc 2 = n 6 → ( pc 2 , c 2) := ( n 1 , 1) init = ( pc 1 = m 1 ∧ pc 2 = n 1 ∧ c 1 = 1 ∧ c 2 = 1) Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 16 / 29
Interpreting PTS as LTS Let ( S , T , init ) be a program transition system. Assume V finite, D at most countable. Let Q = V → D , interpretted as all assingments of values to variables Can restrict to mappings q where v and q ( v ) have same type Let Σ = T Let δ = { ( q , g → ( v 1 , . . . , v n ) := ( e 1 , . . . , e n ) , q ′ ) | M q ( g ) ∧ ( ∀ i ≤ n . q ′ ( v i ) = T q ( e i )) ∧ ( ∀ v / ∈ { v 1 , . . . , v n } . q ′ ( v ) = q ( v )) } I = { q |T q ( init ) = T } Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 17 / 29
Example: Traffic Lights ★ ✥ ✤ ✜ ✤ ✜ ✤ ✜ ✤ ✜ ✤ ✜ Turn = NS 1GG 2RG NSC = Red ✣ ✢ ✣ ✢ ✣ ✢ ✧ ✦ EWC = Red ❨ ❍ EWR ✟ ❍ ✟ ✙ 1GY 2RY EWY ✍ EWR ✂ ❇ ✣ ✢ ✣ ✢ ✂ NSG ✤ ✜ ✤ ✜ ✤ ❇ ✜ ✤ ✜ � NSY � ✠ ✂ ❇ ◆ ✲ NSR Turn = EW Turn = NS ✛ EWR 1YY 2GY NSC = Red NSC = Green NSY ✣ ✢ ✣ ✢ ✣ ✢ ✣ ✢ EWC = Yellow EWC = Red ✻ ■ ✤ ✜ ✤ ✜ ✤ ✜ ✤ ✜ ❘ ❄ EWR NSY Turn = EW Turn = NS ✛ EWR 1YG 2YY ✲ NSC = Red NSC = Yellow NSR EWY ✣ ✢ ✣ ✢ ✣ ✢ ✣ ✢ EWC = Green EWC = Red ✤ ✜ ✤ ✜ ✂ � ✒ ❇ ▼ EWG � EWY ★ ❇ ✂ ✥ ✤ ✜ ✤ ✜ ✤ ✜ NSR ✌ ✂ ❇ 1YR 2YG ✣ ✢ ✣ ✢ NSY ✯ ✟ ❍ NSR ✟ ❍ ❥ Turn = EW 1GR 2GG NSC = Red ✣ ✢ ✣ ✢ ✣ ✢ ✧ ✦ EWC = Red Elsa L Gunter CS477 Formal Software Dev Methods March 28, 2018 18 / 29
Recommend
More recommend
