No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
Communicating Sequential Processes
Abstract
This paper suggests that input and output are basic primitives of programming and that parallel composition of communicating sequential processes is a fundamental program structuring method. When combined with a development of Dijkstra’s guarded command, these concepts are surprisingly versatile. Their use is illustrated by sample solutions of a variety of familiar programming exercises.
... Milner's CCS [36] has been used for modeling MVC [46], pi-calculus [36] extensions being suitable for communicating systems that we are interested in. Hoare's CSP [24] serves a similar purpose. However, for the kind of interactive systems, we are interested in, process calculi are better used when paired with a specification language like Z [40,41], which can specify non-behavioral aspects. ...
... We use the notion of Traces and Specifications from Hoare's CSP formalism [24] to capture the expected behavior. We capture the specified behavior using Traces and use Specifications for capturing requirements and constraints. ...
... tr represents a particular trace, # tr ↓ c denotes the number of occurrences in tr of c [24]. ...
When novice engineers (fresh or recent graduates with little industry experience) join a SaaS (Software-as-a-Service) product company, they are tasked with comprehending the product, especially
its behavior and dynamics. We believe that they can comprehend
more effectively if they know and understand the architecture pat-
terns used in the product.
Are the current architecture pattern descriptions of high quality? Do they fit the needs of novice engineers?
We evaluated the pattern descriptions of Model-View-Controller
(MVC) (a popular and important architecture pattern for cloud
systems) from a quality and fitment perspective and found gaps.
To address these gaps, we have built a System of Systems (SoS)
model of MVC that uses a transition systems vocabulary and a
set-theoretic notation. In the paper, we show that this SoS model
provides a rich set of information about the behavior and dynamics
of the MVC components and their interactions. The model bridges
the gaps in the MVC pattern description.
One of the contributions of the paper is to provide criteria to
evaluate the pattern descriptions for quality and fitment for novice
engineers. The paper proposes that we augment the benchmark
pattern description of MVC with an SoS model. The paper also
demonstrates a general approach to building SoS models for archi-
tecture patterns and recommends creating a catalog of SoS models
for SaaS architecture patterns. We believe such a catalog will signif-
icantly help novice engineers in comprehension and other software
engineering activities.
... We start by studying the translation in linear logic [10,9] of a minimally expressive variant of CSP [11]. Processes in this calculus can synchronize on actions, but without exchanging any data. ...
... We start by studying the translation in first order logic of a minimally expressive variant of CSP [11]. Processes in this calculus can synchronize on actions, but without exchanging any data. ...
... We start by studying the translation in Martin-Lof type theory [15] of a minimally expressive variant of CSP [11]. Processes in this calculus can synchronize on actions, but without exchanging any data. ...
... We start by studying the translation in linear logic [10,9] of a minimally expressive variant of CSP [11]. Processes in this calculus can synchronize on actions, but without exchanging any data. ...
... We start by studying the translation in first order logic of a minimally expressive variant of CSP [11]. Processes in this calculus can synchronize on actions, but without exchanging any data. ...
... We start by studying the translation in Martin-Lof type theory [15] of a minimally expressive variant of CSP [11]. Processes in this calculus can synchronize on actions, but without exchanging any data. ...
... Many communication models addressing distributed systems have been introduced so far. Some of the well-known approaches include: channel-based models [17,12,19], group-based models [1,4,13], and publish/subscribe models [3,10]. ...
... Rules (Hide1) and (Hide2) are unique to AbC and introduce a new concept that we call predicate restriction "• x" as reported in Table 6. In process calculi where broadcasting is the basic primitive for communication like CSP [12] and bπ-calculus [19], broadcasting on a private channel is equal to performing an internal action and no other process can observe the broadcast except the one that performed it. ...
In open systems, i.e. systems operating in an environment that they cannot control and with components that may join or leave, behaviors can arise as side effects of intensive components interaction. Finding ways to understand and design these systems and, most of all, to model the interactions of their components, is a difficult but important endeavor. To tackle these issues, we present AbC, a calculus for attribute-based communication. An AbC system consists of a set of parallel agents each of which is equipped with a set of attributes. Communication takes place in an implicit multicast fashion, and interactions among agents are dynamically established by taking into account "connections" as determined by predicates over the attributes of agents. First, the syntax and the semantics of the calculus are presented, then expressiveness and effectiveness of AbC are demonstrated both in terms of modeling scenarios featuring collaboration, reconfiguration, and adaptation and of the possibility of encoding channel-based interactions and other interaction patterns. Behavioral equivalences for AbC are introduced for establishing formal relationships between different descriptions of the same system.
... These advantages provide efficient support for the inspection and analysis of systems before their deployment. Communicating Sequential Processes (CSP) [27] has been used for formal modeling, testing, and verifying the RDSP architecture. Communicating Sequential Processes (CSP) is a formal model and descriptive language for analyzing and modeling the behavior of concurrent and distributed systems. ...
... A specific behavior is defined by processes, which are sequences of events [28]. Timed CSP is an extended version of this language used to test timebased systems such as the RDSP architecture [27]. Table 2, presents the critical concepts of Timed CSP used in this paper [29,30]. ...
Real-time data processing systems are required to manage large volumes of data and deliver instant feedback. These systems are typically constructed on distributed processing architectures, where addressing the challenges of preventing deadlocks, avoiding divergence, ensuring liveness, and achieving goal reachability is highly complex before the architecture is implemented. This paper presents a framework for verifying formal models of a distributed and real-time stream processing architecture. It can be used to analyze the concurrent behavior of processes in stream data processing architectures. For the case study, a social network stream processing system was modeled. In the proposed method, Communicating Sequential Processes (CSP) and the Process Analysis Toolkit (PAT) were used to properties verification such as deadlock-free, divergence-free, liveness, and goal reachability before architecture implementation. The results indicate that our approach for real-time and distributed processing architecture, enables early detection of design errors in the initial stages, reduces costs, ensures real-time system constraints, identifies performance bottlenecks, and examines the behavior of concurrent system processes under various conditions.
... Based on the previous work [14], we have performed formal verification of Dubbo 2.7 with CSP, and proved that Dubbo 2.7 satisfies these four properties, including Deadlock Freedom, Connectivity, Robustness and Parallelism. In this paper, we propose a formal model of Dubbo 3.0 using CSP [13], which aims to reflect the interactions of Dubbo's call process in the cloud-native environment. In order to better ensure the reliability of calling services, token authorization mechanism is also formalized in this model. ...
... Among the most mature formal methods, process algebra CSP [13] studies the communications between concurrent systems using mathematical theories. It has been successfully applied to model and verify diverse concurrent systems and protocols [24,32]. ...
Dubbo is a high-performance, lightweight Java Remote Procedure Call (RPC) framework developed by Alibaba, which provides interface-oriented remote method call, intelligent fault tolerance and automatic service registration. Since Dubbo is extensively applied as an excellent representative RPC framework, it is of great significance to formally analyze Dubbo. In this paper, we use Communicating Sequential Processes (CSP) to model and formalize Dubbo. In order to enhance the reliability of the call, we use token authentication mechanism in the modeling process. Moreover, we put the CSP description of the established model into the model checker Process Analysis Toolkit (PAT) for simulation and verification. We verify whether the five properties are valid, including Deadlock Freedom, Connectivity, Robustness, Parallelism and Consistency. Our final verification results show that the model can satisfy these properties, thus we can conclude the framework can guarantee the highly available remote call.
... In this paper, AUPS is formally modeled using the process algebra CSP [8]. The model checking tool PAT [9] is adopted * Corresponding author: hbzhu@sei.ecnu.edu.cn ...
... Communicating Sequential Processes (CSP) is a process algebra proposed by C. A. R. Hoare [8]. Here we briefly introduce the syntax of CSP used in this paper. ...
... The syntax of π-calculus represents processes, parallel composition of processes, communication between processes through channels, creation of fresh channels, replication of processes and nondeterminism. What distinguishes π-calculus from earlier process calculi (or process algebras) -in particular Robin Milner's own work on Calculus of Communicating Systems (CCS) [22,23] and Tony Hoare's similar work on Communicating Sequential Processes (CSP) [17]-is the ability to pass channels as data along other channels. Channels are abstracted through names. ...
... Transition systems are a commonly used and understood model of computation. They provide the basic operational semantics for Milner Calculus of Communicating Systems (CCS) [22,23] and oten underlie other approaches, such as that of Hoare'e Communicating Sequential Processes (CSP) [17,2]. Additionally, transition systems are canonical coalgebras [29,3,36], which in turn are instances of dialgebras [5,27,34]. ...
... Of inspiration to the denition of the HpC is He's works on Hybrid CSP (HCSP) [22,60] which provide a uniform characterisation of discrete processes and continuous behaviours in Hoare's CSP [24]. However, it does not support mobility, i.e., the dynamic introduction and transmission of channel names as rst-class objects. ...
Networked cybernetic and physical systems of the Internet of Things (IoT) immerse civilian and industrial infrastructures into an interconnected and dynamic web of hybrid and mobile devices. The key feature of such systems is the hybrid and tight coupling of mobile and pervasive discrete communications in a continuously evolving environment (discrete computations with predominant continuous dynamics). In the aim of ensuring the correctness and reliability of such heterogeneous infrastructures, we introduce the hybrid {\pi}-calculus (HpC), to formally capture both mobility, pervasiveness and hybridisation in infrastructures where the network topology and its communicating entities evolve continuously in the physical world. The {\pi}-calculus proposed by Robin Milner et al. is a process calculus that can model mobile communications and computations in a very elegant manner. The HpC we propose is a conservative extension of the classical {\pi}-calculus, i.e., the extension is ``minimal'', and yet describes mobility, time and physics of systems, while allowing to lift all theoretical results (e.g. bisimulation) to the context of that extension. We showcase the HpC by considering a realistic handover protocol among mobile devices.
... The π-calculus is not the first process calculus, but instead a generalization and development on others, most directly Milner's Calculus of Communicating Systems [6]. Other significant process calculi include Hoare's Communicating Sequential Processes [4] and Bergstra and Klop's Algebra of Communicating Processes [1]. ...
The ubiquity of networking infrastructure in modern life necessitates scrutiny into networking fundamentals to ensure the safety and security of that infrastructure. The formalization of concurrent algorithms, a cornerstone of networking, is a longstanding area of research in which models and frameworks describing distributed systems are established. Despite its long history of study, the challenge of concisely representing and verifying concurrent algorithms remains unresolved. Existing formalisms, while powerful, often fail to capture the dynamic nature of real-world concurrency in a manner that is both comprehensive and scalable. This paper explores the evolution of formal models of concurrency over time, investigating their generality and utility for reasoning about real-world networking programs. Four foundational papers on formal concurrency are considered: Hoare's Parallel programming: An axiomatic approach, Milner's A Calculus of Mobile Processes, O'Hearn's Resources, Concurrency and Local Reasoning, and the recent development of Coq's Iris framework.
... В этом разделе мы описываем реализацию модели реального времени для системы реального времени в Promela -входном языке проверки моделей SPIN. Язык Promela используется для описания параллельных взаимодействующих процессов на основе формализма CSP [20]. Программа Promela состоит из параллельных процессов, общающихся через каналы или общие переменные. ...
This paper uses the model checking method for an exact schedulability test of real-time systems running on multiprocessor platforms. To use this method, we formally describe real-time systems with an abstract scheduler as Kripke models. This formalization provides terms sufficient to specialize the abstract scheduler. We illustrate our approach by explicitly defining schedulers that take into account preemption/non-preemption of tasks and global fixed or earliest-deadline-first priority in various combinations. The safety (schedulability) property of real-time systems is formulated using linear temporal logic LTL. Formalizing real-time systems as Kripke models and specifying the safety (schedulability) property as an LTL formula allows us to reduce the exact schedulability test of such systems to a model checking problem. We validate this approach to an exact schedulability test by implementing our formalization of real-time systems with non-preemptive global fixed-priority (NP-GFP), preemptive global fixed-priority (P-GFP), non-preemptive earliest-deadline-first priority (NP-EDF), and preemptive earliest-deadline-first priority (P-EDF) schedulers in Promela, the input language of the model checking tool SPIN. We conduct experiments in SPIN to prove/disprove the safety (schedulability) property to evaluate the effectiveness of our approach. We propose a heuristic assessment of the schedulability of a real-time system based on the provability of unsafety and unprovability of safety of a real-time system executed on multiprocessor platforms with the number of processors differing by one.
... Circus [8] combines elements from CSP [19], Z [34], and a refinement calculus [25] to allow modelling of both state and patterns of interaction. Figure 11 sketches the BNF description of the syntax of Circus. ...
Safety Critical Java (SCJ) is a profile of the Real-Time Specification for Java that brings to the safety-critical industry the possibility of using Java. SCJ defines three compliance levels: Level 0, Level 1 and Level 2. The SCJ specification is clear on what constitutes a Level 2 application in terms of its use of the defined API, but not the occasions on which it should be used. This paper broadly classifies the features that are only available at Level 2 into three groups:~nested mission sequencers, managed threads, and global scheduling across multiple processors. We explore the first two groups to elicit programming requirements that they support. We identify several areas where the SCJ specification needs modifications to support these requirements fully; these include:~support for terminating managed threads, the ability to set a deadline on the transition between missions, and augmentation of the mission sequencer concept to support composibility of timing constraints. We also propose simplifications to the termination protocol of missions and their mission sequencers. To illustrate the benefit of our changes, we present excerpts from a formal model of SCJ Level~2 written in Circus, a state-rich process algebra for refinement.
... This notation was used by Hoare in his 1985 book on CSP[18] and by Hoare et al. in the well-known 1987 paper Laws of Programming[16] for expressions P ⊳ b ⊲ Q with P and Q programs and b a Boolean expression without mention of[17] that appeared in 1985. ...
Sequential propositional logic deviates from ordinary propositional logic by taking into account that during the sequential evaluation of a propositional statement,atomic propositions may yield different Boolean values at repeated occurrences. We introduce `free valuations' to capture this dynamics of a propositional statement's environment. The resulting logic is phrased as an equationally specified algebra rather than in the form of proof rules, and is named `proposition algebra'. It is strictly more general than Boolean algebra to the extent that the classical connectives fail to be expressively complete in the sequential case. The four axioms for free valuation congruence are then combined with other axioms in order define a few more valuation congruences that gradually identify more propositional statements, up to static valuation congruence (which is the setting of conventional propositional logic). Proposition algebra is developed in a fashion similar to the process algebra ACP and the program algebra PGA, via an algebraic specification which has a meaningful initial algebra for which a range of coarser congruences are considered important as well. In addition infinite objects (that is propositional statements, processes and programs respectively) are dealt with by means of an inverse limit construction which allows the transfer of knowledge concerning finite objects to facts about infinite ones while reducing all facts about infinite objects to an infinity of facts about finite ones in return.
... The use of this technique has been inspired by the work of Bougé ([Bou88]), who has shown a similar separation result concerning the CSP ( [Hoa78]) and the fragment of CSP with no output guards, CSP in . The main difference is that the asynchronous π-calculus is a much richer language than CSP in , hence our result is not a consequence of the result of Bougé. ...
The Asynchronous pi-calculus, as recently proposed by Boudol and, independently, by Honda and Tokoro, is a subset of the pi-calculus which contains no explicit operators for choice and output-prefixing. The communication mechanism of this calculus, however, is powerful enough to simulate output-prefixing, as shown by Boudol, and input-guarded choice, as shown recently by Nestmann and Pierce. A natural question arises, then, whether or not it is possible to embed in it the full pi-calculus. We show that this is not possible, i.e. there does not exist any uniform, parallel-preserving, translation from the pi-calculus into the asynchronous pi-calculus, up to any ``reasonable'' notion of equivalence. This result is based on the incapablity of the asynchronous pi-calculus of breaking certain symmetries possibly present in the initial communication graph. By similar arguments, we prove a separation result between the pi-calculus and CCS.
... Asynchronous execution, a cornerstone of our proposed framework for AI agents in tool environments, has its roots in the seminal work of Dijkstra (1965) on cooperating sequential processes [Dij02]. Hoare [Hoa78] offered a formal framework for describing and analyzing asynchronous systems, which informs our approach to designing AI agent interactions in asynchronous environments. ...
While frontier large language models (LLMs) are capable tool-using agents, current AI systems still operate in a strict turn-based fashion, oblivious to passage of time. This synchronous design forces user queries and tool-use to occur sequentially, preventing the systems from multitasking and reducing interactivity. To address this limitation, we introduce asynchronous AI agents capable of parallel processing and real-time tool-use. Our key contribution is an event-driven finite-state machine architecture for agent execution and prompting, integrated with automatic speech recognition and text-to-speech. Drawing inspiration from the concepts originally developed for real-time operating systems, this work presents both a conceptual framework and practical tools for creating AI agents capable of fluid, multitasking interactions.
... Os channels na linguagem Go são primitivas de sincronização inspiradas no CSP de Hoare (1978), são empregados não apenas para sincronizar acessoà memória, mas principalmente para facilitar a comunicação entre goroutines, conforme destacado por Cox-Buday (2018). Funcionando como condutores de fluxo de informações, os canais permitem a transmissão de valores entre partes distintas do programa, proporcionando uma forma eficiente de compor funcionalidades em programas de qualquer tamanho. ...
Com a predominância de hardware multi-core, a demanda por softwares concorrentes tem aumentado. Porém escrever programas concorrentes corretos é uma tarefa pouco trivial, e lidar com esse desafio requer ainda hoje avanços em várias direções, incluindo a análise de programas concorrentes, a detecção de bugs de concorrência, padrões de correções de bugs, natureza da manifestação de bugs e outros. Este trabalho apresenta um estudo sobre as características de bugs de concorrência em aplicações escritas na linguagem Go. Foram analisados os padrões de bugs de concorrência, as causas raízes, as características referentes a manifestação, como a quantidade de goroutines e primitivas envolvidas, além das estratégias de correção de 90 bugs de concorrência selecionadas aleatoriamente de três aplicações: Docker, Terraform e CockroachDB. Os resultados indicam que 72% dos bugs registrados utilizam comunicação por memória compartilhada; e somente 15% dos bugs não-bloqueantes foram relacionados a passagem de mensagem. Esse estudo visa fornecer uma melhor compreensão dos modelos de concorrência da linguagem Go auxiliando no desenvolvimento mais confiável e seguro, e de ferramentas de diagnóstico para Go e linguagens para programação concorrente.
... Various frameworks semantically describe interactions of distributed agents. Process calculi [31], [19] express computation as message-passing communication. Communicating automata [6] depict message-passing communication as interacting state machines. ...
Modern industrial systems require frequent updates to their cyber and physical infrastructures, which often demand considerable reconfiguration effort. This paper introduces a framework to automate this process, implemented as the industrial Cyber-Physical Systems Description Language, iCPSDL. This framework maps an industrial process as a knowledge graph, which includes information about physical and cyber-physical components, a state estimation model, and software component interaction. A novel aspect is the use of communication semantics to ensure correct interaction among distributed entities. Reasoning on the knowledge graph facilitates the configuration of cyber-physical elements in an industrial system. A case study in the Water Distribution Networks domain demonstrates the framework's application.
... In principle, formal concurrency models may be considered as possible NMs to be used to reason on concurrent executions abstracting away from the syntax of a particular programming language. Process calculi such as CSP (Hoare (1978)) and CCS (Milner (1989)) and graphical concurrency models such as Petri nets (Petri and Reisig (2008)), are well-known abstract models used to represent concurrent computations as mathematical objects and to reason about their properties (Lamport (2009)). ...
Concurrency is a complex to learn topic that is becoming more and more relevant, such that many undergraduate Computer Science curricula are introducing it in introductory programming courses. This paper investigates the combined use of Sonic Pi and Team-Based Learning to mitigate the difficulties in early exposure to concurrency. Sonic Pi, a domain-specific music language, provides great support for “playing” with concurrency and “hearing” common problems such as data races and lack of synchronization among different concurrent threads. More specifically, the paper focuses on students’ misconceptions regarding concurrency in Sonic Pi, and compares them to those arising in traditional concurrent programming languages. In addition, it preliminarily explores knowledge transfer from Sonic Pi to C/C++. The approach has been applied in two teaching experiments with undergraduate students in our University involving 184 participants. Our investigations bring out the need to address misconceptions through targeted interventions for a clear understanding of concurrent programming concepts. Sonic Pi’s simplified abstraction and domain-specific flavor has demonstrated to be effective, especially for first-year students.
... To illustrate, process algebras are widely employed for reasoning about concurrent systems and communication protocols. Notable examples include Communication Sequential Processes (CSP) Hoare [1978], Calculus of Communicating Systems (CCS) Milner [1980], Language Of Temporal Ordering Specification (LOTOS) Bolognesi and Brinksma [1987], and π-calculus Milner et al. [1992]. Concurrently, program logics such as Hoare logic Hoare [1969], lambda calculus Barendregt [1984], and Z notation Spivey and Abrial [1992] are instrumental in the reasoning about program behavior and structure. ...
Correctness is a necessary condition for systems to be effective in meeting human demands, thus playing a critical role in system development. However, correctness often manifests as a nebulous concept in practice, leading to challenges in accurately creating specifications, effectively proving correctness satisfiability, and efficiently implementing correct systems. Motivated by tackling these challenges, this paper introduces Transition-Oriented Programming (TOP), a programming paradigm to facilitate the development of provably correct systems by intertwining correctness specification, verification, and implementation within a unified theoretical framework.
... Communicating Sequential Processes (CSP) [41] is a calculus that can be used to produce models of security protocols, which can be analysed using FDR [38]. ...
... • Definição de processos: esta componente descreve o comportamento dos processos e as interacções entre eles. Baseia-se no CSP [10) e no CCS (14). ...
O método ROOA (Rigorous Object-Oriented Analysis) introduz rigor no processo de análise orientado pelos objectos, oferecendo um conjunto de regras que permite produzir sistematicamente um modelo formal de análise orientado pelos objectos a partir dos requisitos originais. Este modelo, escrito na linguagem LOTOS, proporciona uma especificação precisa e não ambígua dos requisitos iniciais do sistema. Como à especificação é executável, podemos usar a prototipagem rápida para validar e refinar o modelo formal.
... In order to solve these challenges, this paper applies a formal method called CSP to verify properties of the database architecture. CSP [13] is an algebra theory proposed by C. A. R. Hoare. It is an abstract language designed to describe process communication in concurrent systems. ...
... The most significant examples (see e.g. [14,13,17]) arise in the context of the unification between refinement in Z [18] and in CSP [27], two leading formalisms in the development of concurrent and distributed systems. ...
... Hoare proposed Communicating Sequential Processes (CSP) in 1978. 24 As one of the most mature formal methods, CSP uses mathematical theories to study communications of the concurrent systems. Due to its powerful expressive abilities, CSP method has been widely applied in many F I G U R E 6 Structure of blocks and transactions fields. ...
As a crucial component of intelligent transportation system, Internet of Vehicles (IoV) plays an important role in the smart and intelligent cities. However, current Internet architectures cannot guarantee efficient data delivery and adequate data security for IoV. Therefore, Named Data Networking (NDN), a leading architecture of Information‐Centric Networking (ICN), is introduced into IoV. Although problems about data distribution can be resolved effectively, the combination of NDN and IoV causes some new security issues. In this paper, we apply Communicating Sequential Processes (CSP) to formalize NDN‐based IoV. We mainly focus on its data access mechanism and model this mechanism in detail. By feeding the formalized model into the model checker Process Analysis Toolkit (PAT), we verify four vital properties, namely, deadlock freedom, data reliability, PIT deletion faking, and CS caching pollution. According to verification results, the model cannot ensure the security of data with the appearance of intruders. To solve these problems, we construct a blockchain‐based mechanism by creating a blockchain‐based distribution trusted platform on top of NDN‐based IoV. Through the analysis of the improved model, the blockchain‐based mechanism can truly guarantee the security of NDN‐based IoV.
... The most significant examples (see e.g. [23,22]) arise in the context of the relationship between refinement in Z [102] and in CSP [48]. Reference [38] compares refinements for failure (typical of CSP) and bissimulation (typical of CCS [67]) semantics. ...
This is a previous version of my PhD dissertation.
... The more important examples (see e.g. [BDW99,BD02]) arise in the context of the relationship between refinement in Z [Spi92] and in CSP [Hoa85]. ...
... The most significant examples (see e.g. [11,9]) arise in the context of the relationship between refinement in Z [26] and in CSP [17]. ...
... The most significant examples (see e.g. [23,22]) arise in the context of the relationship between refinement in Z [102] and in CSP [48]. Reference [38] compares refinements for failure (typical of CSP) and bissimulation (typical of CCS [67]) semantics. ...
This paper proposes a language for describing reactive synthesis problems that integrates imperative and declarative elements. The semantics is defined in terms of two-player turn-based infinite games with full information. Currently, synthesis tools accept linear temporal logic (LTL) as input, but this description is less structured and does not facilitate the expression of sequential constraints. This motivates the use of a structured programming language to specify synthesis problems. Transition systems and guarded commands serve as imperative constructs, expressed in a syntax based on that of the modeling language Promela. The syntax allows defining which player controls data and control flow, and separating a program into assumptions and guarantees. These notions are necessary for input to game solvers. The integration of imperative and declarative paradigms allows using the paradigm that is most appropriate for expressing each requirement. The declarative part is expressed in the LTL fragment of generalized reactivity(1), which admits efficient synthesis algorithms, extended with past LTL. The implementation translates Promela to input for the Slugs synthesizer and is written in Python. The AMBA AHB bus case study is revisited and synthesized efficiently, identifying the need to reorder binary decision diagrams during strategy construction, in order to prevent the exponential blowup observed in previous work.
This paper proposes a finite-state machine based approach to recognise crypto ransomware based on their behaviour. Malicious and benign Android applications are executed to capture the system calls they generate, which are then filtered and tokenised and converted to finite-state machines. The finite-state machines are simplified using supervisor reduction, which generalises the behavioural patterns and produces compact classification models. The classification models can be implemented in a lightweight monitoring system to detect malicious behaviour of running applications quickly. An extensive set of cross validation experiments is carried out to demonstrate the viability of the approach, which show that ransomware can be classified accurately with an F1 score of up to 93.8%.
Model execution allows us to prototype and analyse software engineering models by stepping through their possible behaviours, using techniques like animation and simulation. On the other hand, deductive verification allows us to construct formal proofs demonstrating satisfaction of certain critical properties in support of high-assurance software engineering. To ensure coherent results between execution and proof, we need unifying semantics and automation. In this paper, we mechanise Interaction Trees (ITrees) in Isabelle/HOL to produce an execution and verification framework. ITrees are coinductive structures that allow us to encode infinite labelled transition systems, yet they are inherently executable. We use ITrees to create verification tools for stateful imperative programs, concurrent programs with message passing in the form of the CSP and Circus languages, and abstract system models in the style of the Z and B methods. We demonstrate how ITrees can account for diverse semantic presentations, such as structural operational semantics, a relational program model, and CSP's failures-divergences trace model. Finally, we demonstrate how ITrees can be executed using the Isabelle code generator to support the animation of models.
Concurrently interacting components of a modular software architecture are heterogeneously struc-tured behavioural models. We consider them as coalgebras based on different endofunctors. We formalize the composition of these coalgebras as specially tailored segments of distributive laws of the bialgebraic approach of Turi and Plotkin. The resulting categorical rules for structural operational semantics involve many-sorted algebraic specifications, which leads to a description of the components together with the composed system as a single holistic behavioural system. We evaluate our approach by showing that observational equivalence is a congruence with respect to the algebraic composition operation.
In the modelling of distributed systems, most Models of Computation (MoCs) rely on blocking communication to preserve determinism. A prominent example is Kahn Process Networks (KPNs), which supports non-blocking writes and blocking reads, and its implementable variant Finite FIFO Platforms (FFPs) which enforces boundedness using blocking writes. An issue with these models is that they mix process synchronisation with process execution, necessitating frequent blocking during synchronisation. This paper explores a recent alternative called
bittide
, which decouples the execution of a process from the synchronisation behaviour. Determinism and boundedness is preserved while enabling pipelined execution for better throughput. To understand the behaviour of these systems we define a formal model – a deterministic MoC called Logical Synchrony Networks (LSNs). LSNs describes a network of processes modelled as a graph, with edges representing
invariant logical delays
between a producer process and the corresponding consumer process. We show that this abstraction is satisfied by the KPN model, and subsequently by both the concrete FFPs and bittide architectures. Thus, we show that FFPs and bittide offer two ways of implementing deterministic distributed systems, with the latter being more performant.
Η αναλυτική εξέταση του υγειονομικού περιβάλλοντος αναδεικνύει τη διάδραση και αλληλεπίδραση μεγάλου αριθμού διεργασιών, οι οποίες μπορεί να ομαδοποιηθούν σε επιμέρους διαδικασίες με αντικειμενικό σκοπό τη μείωση και την καλύτερη διαχείριση της πολυπλοκότητας. Η υιοθέτηση της μοντελοποίησης μέσω διαδικασιών διευκολύνει τον σχεδιαστή υπηρεσιών υγείας στην περιγραφή των εργασιών που εκτελούνται στο υγειονομικό περιβάλλον, αλλά ενέχει συχνά απειλές και κινδύνους που σχετίζονται με αλληλεπιδράσεις και συγκρούσεις μεταξύ των παραμέτρων λειτουργίας των εμπλεκόμενων διαδικασιών, με αποτέλεσμα την αδυναμία εκτέλεσης καθ' όλα αποδεκτά σχεδιασμένων λειτουργιών. Κατά συνέπεια, χρειάζεται ένα κατάλληλα διαμορφωμένο και τυπικά διατυπωμένο μαθηματικό πλαίσιο, το οποίο θα διασφαλίζει την απομάκρυνση κάθε ενδεχόμενης σύγκρουσης μεταξύ των εκτελούμενων διαδικασιών διατηρώντας αναλλοίωτους τους επιχειρησιακούς στόχους. Στην ενότητα αυτή, εξετάζουμε το μαθηματικό πλαίσιο με το οποίο γίνεται η επεξεργασία των διαδικασιών που δεν είναι άλλο από τα δηλωτικά μαθηματικά (Denotational Mathematics). Βασικές έννοιες και εργαλεία Δηλωτικά μαθηματικά (Denotational Mathematics), διεργασίες, διαδικασίες, υγειονομικό περιβάλλον, μεταβλητότητα, κλειστά/ανοικτά συστήματα, άλγεβρα διεργασιών (process algebra), συνέλιξη, αλγεβρική διαχείριση, γνωστική διαχείριση. Κύριοι στόχοι Μετά τη μελέτη του κεφαλαίου, θα μπορεί να γίνει: 1. Η ανάλυση του υγειονομικού περιβάλλοντος σε διεργασίες και διαδικασίες. 2. Η κατανόηση της ανάγκης ενός μαθηματικού πλαισίου για την περιγραφή των διεργασιών και των διαδικασιών ενός υγειονομικού συστήματος. 3. Η εισαγωγή στη θεωρία των δηλωτικών μαθηματικών και του τρόπου που μπορούν αυτά να αξιοποιηθούν στην περιγραφή, διαχείριση και βελτίωση των υπηρεσιών υγείας. 4. Η δυνατότητα αλγεβρικής προσέγγισης στη Διαχείριση Συστημάτων Διεργασιών. 5. Η δυνατότητα που παρέχεται από την αλγεβρική διαχείριση στην εξέταση των διεργασιών, παρακολουθώντας την εξέλιξη της κατάστασής τους. 6. Η διάκριση μεταξύ αλγεβρικής και γνωστικής διαχείρισης των διεργασιών. 7. Η δυνατότητα μοντελοποίησης των συστημάτων υγείας που παρέχονται από τα μαθηματικά πλαίσια χρησιμοποιώντας τα ποσοτικοποιημένα χαρακτηριστικά της ποιότητας των υπηρεσιών υγείας. 8. Ο προσδιορισμός των εκάστοτε λειτουργικών συναρτήσεων (Α) συσχέτισης και (Β) σύνθεσης των διεργασιών, με τη μαθηματική διαχείριση του ενεχόμενου μοντέλου. 12.1 Εισαγωγή στον τυπικό σχεδιασμό Παρατηρώντας την εκτέλεση των επιχειρησιακών και επιχειρηματικών διαδικασιών που εξελίσσονται στον χώρο της υγείας μπορούμε να συγκεντρώσουμε πλήθος δεδομένων και στοιχείων. Τα στοιχεία διακρίνονται σε εκείνα τα οποία καταγράφονται σε κατάλληλα δομημένες φόρμες και έντυπα καθώς και σε εκείνα που χρησιμεύουν για τον συγχρονισμό των διαδικασιών, δηλαδή εκείνα τα οποία αδυνατούμε να τυποποιήσουμε κατάλληλα και εντέλει να καταγράψουμε για περαιτέρω αξιολόγηση και επεξεργασία. Η συγκέντρωση και επεξεργασία των δεδομένων από την παρατήρηση της εκτέλεσης των διαδικασιών αναδεικνύει τη μεταβλητότητα ως κύριο αίτιο για την έλλειψη ποιότητας (βλ. Κεφ. 6). Υιοθετώντας στατιστικές μεθόδους και μαθηματικά εργαλεία μπορούμε να προσδιορίσουμε ποσοτικά την ενεχόμενη μεταβλητότητα, συνήθως εκφρασμένη ως επί τοις εκατό (%) αναλογία στο παρατηρούμενο φαινόμενο, διεργασία ή διαδικασία. Η εύρεση και ο προσδιορισμός της μεταβλητότητας μιας διαδικασίας Σαριβουγιούκας, Ι., & Βαγγελάτος, Α. (Επιμς.). (2023). Διαχείριση ποιότητας στην ψηφιακή υγεία [Προπτυχιακό εγχειρίδιο]. Copyright © 2023, Κάλλιπος, Ανοικτές Ακαδημαϊκές Εκδόσεις. Creative Commons Αναφορά Δημιουργού-Μη Εμπορική Χρήση-Παρόμοια Διανομή 4.0 Διεθνές (CC BY-NC-SA 4.0) http://dx.
In this paper, we propose TAPA, an end-to-end framework that compiles a C++ task-parallel dataflow program into a high-frequency FPGA accelerator. Compared to existing solutions, TAPA has two major advantages. First, TAPA provides a set of convenient APIs that allow users to easily express flexible and complex inter-task communication structures. Second, TAPA adopts a coarse-grained floorplanning step during HLS compilation for accurate pipelining of potential critical paths. In addition, TAPA implements several optimization techniques specifically tailored for modern HBM-based FPGAs. In our experiments with a total of 43 designs, we improve the average frequency from 147 MHz to 297 MHz (a 102% improvement) with no loss of throughput and a negligible change in resource utilization. Notably, in 16 experiments we make the originally unroutable designs achieve 274 MHz on average. The framework is available at https://github.com/UCLA-VAST/tapa and the core floorplan module is available at https://github.com/UCLA-VAST/AutoBridge .
Game-semantic models usually start from the core model of the prototypical language PCF, which is characterised by a range of combinatorial constraints on the shape of plays. Relaxing each such constraint usually corresponds to the introduction of a new language operation, a feature of game semantics commonly known as the Abramsky Cube. In this presentation we relax all such combinatorial constraints, resulting in the most general game model, in which all the other game models live. This is perhaps the simplest set up in which to understand game semantics, so it should serve as a portal to the other, more complex, game models in the literature. It might also be interesting in its own right, as an extremal instance of the game-semantic paradigm.
This paper describes the design and implementation of parallel neural networks (PNNs) with the novel programming language Golang. We follow in our approach the classical Single-Program Multiple-Data (SPMD) model where a PNN is composed of several sequential neural networks, which are trained with a proportional share of the training dataset. We used for this purpose the MNIST dataset, which contains binary images of handwritten digits. Our analysis focusses on different activation functions and optimizations in the form of stochastic gradients and initialization of weights and biases. We conduct a thorough performance analysis, where network configurations and different performance factors are analyzed and interpreted. Golang and its inherent parallelization support proved very well for parallel neural network simulation by considerable decreased processing times compared to sequential variants.KeywordsBackpropagation Neuronal Network SimulationParallel and Sequential ImplementationMNISTGolang Programming Language
Certificates are integral to the security of today’s Internet. Protocols like BlockVoke allow secure, timely and efficient revocation of certificates that need to be invalidated. ACME, a scheme used by the non-profit Let’s Encrypt Certificate Authority to handle most parts of the certificate lifecycle, allows automatic and seamless certificate issuance. In this work, we bring together both protocols by describing and formalizing an extension of the ACME protocol to support BlockVoke, combining the benefits of ACME’s certificate lifecycle management and BlockVoke’s timely and secure revocations. We then formally verify this extension through formal methods such as Colored Petri Nets (CPNs) and conduct a risk and threat analysis of the ACME/BlockVoke extension using the ISSRM domain model. Identified risks and threats are mitigated to secure our novel extension. Furthermore, a proof-of-concept implementation of the ACME/BlockVoke extension is provided, bridging the gap towards deployment in the real world.
Software architectural designs are usually changed over time to support emerging technologies and to adhere to new principles. Architectural migration is an important activity that helps to transform the architectural styles applied during a system’s design with the result of modernising the system. If not performed correctly, this process could lead to potential system failures. This article presents an automated approach to refactoring architectural design and to planning the evolution process. With our solution, the architectural design can be refactored, ensuring that system functionality is preserved. Furthermore, the architectural migration process allows the system to be safely and incrementally transformed. We have evaluated our approach with five real-world software applications. The results prove the effectiveness of our approach and identify factors that impact the performance of architectural verification and migration planning. An interesting finding is that planning algorithms generate migration plans that differ in term of their relative efficiency.
Protocol flaws such as the well-known Heartbleed bug, security and privacy issues or incomplete specifications, in general, pose risks to the direct users of a protocol and further stakeholders. Formal methods, such as Colored Petri Nets (CPNs), facilitate the design, development, analysis and verification of new protocols; the detection of flaws; and the mitigation of identified security risks. BlockVoke is a blockchain-based scheme that decentralizes certificate revocations, allows certificate owners and certificate authorities to revoke certificates and rapidly distributes revocation information. CPNs in particular are well-suited to formalize blockchain-based protocols—thus, in this work, we formalize the BlockVoke protocol using CPNs, resulting in a verifiable CPN model and a formal specification of the protocol. We utilize an agent-oriented modeling (AOM) methodology to create goal models and corresponding behavior interface models of BlockVoke. Subsequently, protocols semantics are defined, and the CPN models are derived and implemented using CPN Tools. Moreover, a full state-space analysis of the resulting CPN model is performed to derive relevant model properties of the protocol. The result is a complete and correct formal BlockVoke specification used to guide future implementations and security assessments.
Today, increasing Internet of Things devices are deployed, and the field of applications for decentralized, self-organizing networks keeps growing. The growth also makes these systems more attractive to attackers. Sybil attacks are a common issue, especially in decentralized networks and networks that are deployed in scenarios with irregular or unreliable Internet connectivity. The lack of a central authority that can be contacted at any time allows attackers to introduce arbitrary amounts of nodes into the network and manipulate its behavior according to the attacker’s goals, by posing as a majority participant. Depending on the structure of the network, employing Sybil node detection schemes may be difficult, and low powered Internet of Things devices are usually unable to perform impactful amounts of work for proof-of-work based schemes. In this paper, we present Rechained, a scheme that monetarily disincentivizes the creation of Sybil identities for networks that can operate with intermittent or no Internet connectivity. We introduce a new revocation mechanism for identities, tie them into the concepts of self-sovereign identities, and decentralized identifiers. Case-studies are used to discuss upper- and lower-bounds for the costs of Sybil identities and, therefore, the provided security level. Furthermore, we formalize the protocol using Colored Petri Nets to analyze its correctness and suitability. Proof-of-concept implementations are used to evaluate the performance of our scheme on low powered hardware as it might be found in Internet of Things applications.
A new method of expressing synchronization is presented and the motivations and considerations which led to this method are explained. Synchronization rules, given by path expressions, are incorporated into the type definitions which are used to introduce data objects shared by several asynchronous processes. It is shown that the method's ability to express synchronization rules is equivalent to that of P and V operations, and a means of automatically translating path expressions to existing primitive synchronization operations is given.
Describes a new programming language for structured programming of computer operating systems. It extends the sequential programming language Pascal with concurrent programming tools called processes and monitors. Section I explains these concepts informally by means of pictures illustrating a hierarchical design of a simple spooling system. Section II uses the same example to introduce the language notation. The main contribution of Concurrent Pascal is to extend the monitor concept with an explicit hierarchy of access rights to shared data structures that can be stated in the program text and checked by a compiler.
The report gives a complete defining description of the international algorithmic language ALGOL 60. This is a language suitable for expressing a large class of numerical processes in a form sufficiently concise for direct automatic translation into the language of programmed automatic computers.The introduction contains an account of the preparatory work leading up to the final conference, where the language was defined. In addition the notions reference language, publication language, and hardware representations are explained.In the first chapter a survey of the basic constituents and features of the language is given, and the formal notation, by which the syntactic structure is defined, is explained.The second chapter lists all the basic symbols, and the syntactic units known as identifiers, numbers, and strings are defined. Further, some important notions such as quantity and value are defined.The third chapter explains the rules for forming expressions, and the meaning of these expressions. Three different types of expressions exist: arithmetic, Boolean (logical), and designational.The fourth chapter describes the operational units of the language, known as statements. The basic statements are: assignment statements (evaluation of a formula), go to statements (explicit break of the sequence of execution of statements), dummy statements, and procedure statements (call for execution of a closed process, defined by a procedure declaration). The formation of more complex structures, having statement character, is explained. These include: conditional statements, for statements, compound statements, and blocks.In the fifth chapter the units known as declarations, serving for defining permanent properties of the units entering into a process described in the language, are defined.The report ends with two detailed examples of the use of the language, and an alphabetic index of definitions.
The Alphard form provides the programmer with a great deal of control over the implementation of abstract data types. In this paper we extend the abstraction techniques from simple data representation and function definition to the iteration statement , the most important point of interaction between data and the control structure of the language itself. We introduce a means of specializing Alphard's loops to operate on abstract entities without explicit dependence on the representation of those entities. We develop specification and verification techniques that allow the properties of the generators for such iterations to be expressed in the form of proof rules. We obtain results for common special cases of these loops that are essentially identical to the corresponding constructs in other languages. We also provide a means of showing that a generator will terminate.
Alphard is a programming language whose goals include supporting both the development of well-structured programs and the formal verification of these programs. This paper attempts to capture the symbiotic influence of these two goals on the design of the language. To that end the language description is interleaved with the presentation of a proof technique and discussion of programming methodology. Examples to illustrate both the language and the verification technique are included. (Author)
A programming language called Pascal is described which was developed on the basis ofAlgol 60. Compared toAlgol 60, its range of applicability is considerably increased due to a variety of data structuring facilities. In view of its intended usage both as a convenient basis to teach programming and as an efficient tool to write large programs, emphasis was placed on keeping the number of fundamental concepts reasonably small, on a simple and systematic language structure, and on efficient implementability. A one-pass compiler has been constructed for the CDC 6000 computer family; it is expressed entirely in terms of Pascal itself.
In this paper, we describe a simple language for parallel programming. Its semantics is studied thoroughly. The de- sirable properties of this language and its deciencies are exhibited by this theoretical study. Basic results on parallel program schemata are given. We hope in this way to make a case for more formal (i.e. mathematical) approach to the design of languages for systems programming and the design of operating systems. There is a wide disagreement among systems designers as to what are the best primitives for writing systems programs. In this paper, we describe a simple language for parallel programming and study its mathematical properties.
A COBOL compiler design is presented which is compact enough to permit rapid, one-pass compilation of a large sub- set of COBOL on a moderately large computer. Versions of the same compiler for smaller machines require only two work- ing tapes plus a compiler tape. The methods given are largely applicable to the construction of ALGOL compilers.
A powerful method of simplifying the proofs of program correctness is suggested; and some new light is shed on the problem of functions with side-effects.
The objectives in the construction of a theory of parallel programming as a basis for a high-level programming language feature are:
1.
Security from error. In many of the applications of parallel programming the cost of programming error is very high, often inhibiting the use of computers in environments for which they would otherwise be highly suitable. Parallel programs are particularly prone to time-dependent errors, which either cannot be detected by program testing nor by run-time checks. It is therefore very important that a high-level language designed for this purpose should provide complete security against time-dependent errors by means of a compile-time check.
2.
Efficiency. The spread of real-time computer applications is severely limited by computing costs; and in particular by the cost of main store. If a feature to assist in parallel programming is to be added to a language used for this purpose, it must not entail any noticeable extra run-time overhead in space or speed, neither on programs which use the feature heavily, nor on programs which do not; efficient implementation should be possible on a variety of hardware designs, both simple and complex; and there should be no need for bulky or slow compilers.
3.
Conceptual simplicity.
So-called “guarded commands” are introduced as a building block for alternative and repetitive constructs that allow nondeterministic program components for which at least the activity evoked, but possibly even the final state, is not necessarily uniquely determined by the initial state. For the formal derivation of programs expressed in terms of these constructs, a calculus will be be shown.
This chapter is intended for all those who expect that in their future activities they will become seriously involved in the problems that arise in either the design or the more advanced applications of digital information processing equipment; they are further intended for all those who are just interested in information processing.
M(i:1 .. 3,0): :WEST IIM(O,j: 1. .3): : NORTH IIM(i:1. .3,4): :EAST IIM(4,j: 1. .3): :SOUTH IIM(i: 1. .3,j : 1. .3) : :CENTRE References
- R Atkinson
- C Hewitt
Solution: There are twenty-one nodes, in five groups, comprising the central
square and the four borders:
[M(i:1.. 3,0): :WEST
IIM(O,j: 1..3): : NORTH
IIM(i:1..3,4): :EAST
IIM(4,j: 1..3): :SOUTH
IIM(i: 1..3,j : 1..3) : :CENTRE
References
Atkinson, R., and Hewitt, C. 1976. Synchronisation in actor systems. Working Paper 83,
M.I.T., Cambridge, Mass., Nov.
COMMUNICATING SEQUENTIAL PROCESSES
443
Abstraction and verification in AL- PHARD. Dept. of Comptr
- W A Wulf
- R L London
- M Shaw
Wulf, W.A., London, R.L., and Shaw, M. 1976. Abstraction and verification in AL-
PHARD. Dept. of Comptr. ScL, Carnegie-Mellon U., Pittsburgh, Pa., June.
- J C Reynolds
Reynolds, J.C. 1965. COGENT. ANL-7022, Argonne Nat. Lab., Argonne, Ill.
- M D Mcilroy
McIlroy, M.D. 1968. Coroutines. Bell Laboratories, Murray Hill, N.J.
Verbal communication
- E W Dijkstra
Argonne, Ill. Thompson, K. 1976. The UNIX command language
- J C Reynolds
Reynolds, J.C. 1965. COGENT. ANL-7022, Argonne Nat. Lab., Argonne, Ill.
Thompson, K. 1976. The UNIX command language. In Structured Programming, Infotech,
Nicholson House, Maidenhead, England, 375-384.
Abstraction and verification in AL-PHARD
- W A Wulf
- R L London
- M Shaw
Wulf, W.A., London, R.L., and Shaw, M. 1976. Abstraction and verification in AL-PHARD. Dept. of Comptr. ScL, Carnegie-Mellon U., Pittsburgh, Pa., June.
SIMULA 67, common base language
- O.-J Dahl
- O-J Dahl