Network algebra for synchronous dataflow

We develop an algebraic theory of synchronous dataflow networks. First, a basic algebraic theory of networks, called BNA (Basic Network Algebra), is introduced. This theory captures the basic algebraic properties of networks. For synchronous dataflow networks, it is subsequently extended with additional constants for the branching connections that occur between the cells of synchronous dataflow networks and axioms for these additional constants. We also give two models of the resulting theory, the one based on stream transformers and the other based on processes as considered in process algebra.Comment: 24 page

Coordination Model and Noninterference

Abstract Noninterference properties for the analysis of secure information flow are proposed in the setting of a process algebra modeling some Linda coordination primitives (asynchronous communication and read operation). To this end, relaxed definitions of equivalence are introduced that take into consideration the observational power of the external observer. The resulting taxonomy is compared with corresponding security definitions for synchronous communication models. As a result, we emphasize how the proposed coordination model affects the expressive power of some noninterference properties, by giving a new intuition to the relative merits

A synchronous program algebra: a basis for reasoning about shared-memory and event-based concurrency

This research started with an algebra for reasoning about rely/guarantee concurrency for a shared memory model. The approach taken led to a more abstract algebra of atomic steps, in which atomic steps synchronise (rather than interleave) when composed in parallel. The algebra of rely/guarantee concurrency then becomes an instantiation of the more abstract algebra. Many of the core properties needed for rely/guarantee reasoning can be shown to hold in the abstract algebra where their proofs are simpler and hence allow a higher degree of automation. The algebra has been encoded in Isabelle/HOL to provide a basis for tool support for program verification. In rely/guarantee concurrency, programs are specified to guarantee certain behaviours until assumptions about the behaviour of their environment are violated. When assumptions are violated, program behaviour is unconstrained (aborting), and guarantees need no longer hold. To support these guarantees a second synchronous operator, weak conjunction, was introduced: both processes in a weak conjunction must agree to take each atomic step, unless one aborts in which case the whole aborts. In developing the laws for parallel and weak conjunction we found many properties were shared by the operators and that the proofs of many laws were essentially the same. This insight led to the idea of generalising synchronisation to an abstract operator with only the axioms that are shared by the parallel and weak conjunction operator, so that those two operators can be viewed as instantiations of the abstract synchronisation operator. The main differences between parallel and weak conjunction are how they combine individual atomic steps; that is left open in the axioms for the abstract operator.Comment: Extended version of a Formal Methods 2016 paper, "An algebra of synchronous atomic steps

A synchronous program algebra: a basis for reasoning about shared-memory and event-based concurrency

This research started with an algebra for reasoning about rely/guarantee concurrency for a shared memory model. The approach taken led to a more abstract algebra of atomic steps, in which atomic steps synchronise (rather than interleave) when composed in parallel. The algebra of rely/guarantee concurrency then becomes an instantiation of the more abstract algebra. Many of the core properties needed for rely/guarantee reasoning can be shown to hold in the abstract algebra where their proofs are simpler and hence allow a higher degree of automation. The algebra has been encoded in Isabelle/HOL to provide a basis for tool support for program verification. In rely/guarantee concurrency, programs are specified to guarantee certain behaviours until assumptions about the behaviour of their environment are violated. When assumptions are violated, program behaviour is unconstrained (aborting), and guarantees need no longer hold. To support these guarantees a second synchronous operator, weak conjunction, was introduced: both processes in a weak conjunction must agree to take each atomic step, unless one aborts in which case the whole aborts. In developing the laws for parallel and weak conjunction we found many properties were shared by the operators and that the proofs of many laws were essentially the same. This insight led to the idea of generalising synchronisation to an abstract operator with only the axioms that are shared by the parallel and weak conjunction operator, so that those two operators can be viewed as instantiations of the abstract synchronisation operator. The main differences between parallel and weak conjunction are how they combine individual atomic steps; that is left open in the axioms for the abstract operator.Comment: Extended version of a Formal Methods 2016 paper, "An algebra of synchronous atomic steps

Design of asynchronous supervisors

One of the main drawbacks while implementing the interaction between a plant and a supervisor, synthesised by the supervisory control theory of \citeauthor{RW:1987}, is the inexact synchronisation. \citeauthor{balemiphdt} was the first to consider this problem, and the solutions given in his PhD thesis were in the domain of automata theory. Our goal is to address the issue of inexact synchronisation in a process algebra setting, because we get concepts like modularity and abstraction for free, which are useful to further analyze the synthesised system. In this paper, we propose four methods to check a closed loop system in an asynchronous setting such that it is branching bisimilar to the modified (asynchronous) closed loop system. We modify a given closed loop system by introducing buffers either in the plant models, the supervisor models, or the output channels of both supervisor and plant models, or in the input channels of both supervisor and plant models. A notion of desynchronisable closed loop system is introduced, which is a class of synchronous closed loop systems such that they are branching bisimilar to their corresponding asynchronous versions. Finally we study different case studies in an asynchronous setting and then try to summarise the observations (or conditions) which will be helpful in order to formulate a theory of desynchronisable closed loop systems

Mastering Heterogeneous Behavioural Models

Heterogeneity is one important feature of complex systems, leading to the complexity of their construction and analysis. Moving the heterogeneity at model level helps in mastering the difficulty of composing heterogeneous models which constitute a large system. We propose a method made of an algebra and structure morphisms to deal with the interaction of behavioural models, provided that they are compatible. We prove that heterogeneous models can interact in a safe way, and therefore complex heterogeneous systems can be built and analysed incrementally. The Uppaal tool is targeted for experimentations.Comment: 16 pages, a short version to appear in MEDI'201

Process Algebras

Process Algebras are mathematically rigorous languages with well defined semantics that permit describing and verifying properties of concurrent communicating systems. They can be seen as models of processes, regarded as agents that act and interact continuously with other similar agents and with their common environment. The agents may be real-world objects (even people), or they may be artifacts, embodied perhaps in computer hardware or software systems. Many different approaches (operational, denotational, algebraic) are taken for describing the meaning of processes. However, the operational approach is the reference one. By relying on the so called Structural Operational Semantics (SOS), labelled transition systems are built and composed by using the different operators of the many different process algebras. Behavioral equivalences are used to abstract from unwanted details and identify those systems that react similarly to external experiments

A process algebra for synchronous concurrent constraint programming

Concurrent constraint programming is classically based on asynchronous communication via a shared store. This paper presents new version of the ask and tell primitives which features synchronicity. Our approach is based on the idea of telling new information just in the case that a concurrently running process is asking for it. An operational and an algebraic semantics are defined. The algebraic semantics is proved to be sound and complete with respect to a compositional operational semantics which is also presented in the paper

Analysis and Verification of Service Interaction Protocols - A Brief Survey

Modeling and analysis of interactions among services is a crucial issue in Service-Oriented Computing. Composing Web services is a complicated task which requires techniques and tools to verify that the new system will behave correctly. In this paper, we first overview some formal models proposed in the literature to describe services. Second, we give a brief survey of verification techniques that can be used to analyse services and their interaction. Last, we focus on the realizability and conformance of choreographies.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330