PORT-BASED VIEWS OF COMPONENT BEHAVIOUR - Behavioural Neutrality in Synchronous Assemblies

Behavioural Neutrality in Synchronous Assemblies

2. PORT-BASED VIEWS OF COMPONENT BEHAVIOUR

rc : RC CC

FIGURE3.2. Composite component with acyclic assembly

“star topology” in [BCD02], where each leaf is attached to one centre component. Our reduction strategy can also be effectively applied to assembly topologies containing cycles as long as there are neutral leaves around that can be removed. When a cycle is reached we would propose to encapsulate the cycle into a new, nested composite component and to proceed as before by searching again for neutral leaves.

Finally, we would like to stress again that the behaviour of a reduced assembly is not greybox equivalent to the behaviour of the original assembly and that the results of our approach rely fundamentally on the additional abstraction step that is applied when the blackbox behaviour of a composite component is considered. Not being greybox equivalent means for the case of assemblies that the systems may not show the same synchro- nisations. Indeed, syntactical reduction of assemblies removes neutral components and in the resulting assembly the synchronisation is merely mimicked by internalisation of the particular transitions to which the removed components where neutral. Now it is important to note that our reduction uses the IOTS product operator to decide on neutrality and one of the characteristic properties of IOTS composition is that only successful communication is preserved. In case of shared transitions that are not synchronised the particular transition is not considered any more. In particular this means, that the removal of neutral components may also remove behaviour which might still be of interest within a global analysis of the given assembly. Therefore, to ensure the correctness of an analysis of a reduced assembly one needs to check that the property under investigation does not rely on unsuccessful communications.

2. Port-Based Views of Component Behaviour

A closer look reveals that in order to decide on neutrality along Def. 3.1, one needs to compute the composition of a leaf component behaviour with the behaviour of the attached component, which can still be quite expensive. To further optimise our method we are interested in criteria to avoid composition of full behaviours of components and to compose smaller transition systems instead. An immediate candidate for smaller transition systems are port-based views of the component behaviour. In Sect. 2.2 we show that port- based views can be used to provide such criteria, if they are weakly deterministic. For this purpose we first proceed with some definitions and analysis on the level of I/O-transition systems. Afterwards, the results are related back to the component level.

2.1. Weakly Deterministic IOTSs and Neutrality. Port-based views of component behaviour hide transitions which do not involve messages of the particular port. Aiming at a decision on neutrality between component behaviours using port-based views then means to check that such a hiding does not hide too much. Intuitively we need to make sure that

40 3. BEHAVIOURAL NEUTRALITY IN SYNCHRONOUS ASSEMBLIES

the behaviour at hidden ports does not involve decisions which compromises the correctness of a neutrality analysis at a different port. Since hiding means a relabelling toτ and neutrality for IOTSs is based on greybox equivalence such a critical decision is an “internal choice” which can not be removed without invalidating greybox equivalence. Hence, on the one hand we want to allow forτ-transitions but on the other hand we do not allow for

non-removable internal choice transitions. It turns out that Milner’s (weak) determinacy [Mil89, Def. 11.3, Ex. 11.1] yields an appropriate notion, which is transfered to IOTSs by a definition of “weak determinism”. Weak determinacy is preserved by observational equivalence [Mil89, Prop. 11.4] which helps to provide a quite intuitive understanding of weak determinism for IOTSs. In [HJK08] we prove that an IOTSAis weakly determinis-

tic, if there is a greybox equivalent, minimal IOTSBwithoutτ-transitions; such aB is a

weakly deterministic IOTS withoutτ-transitions and hence also strongly deterministic. By

the transition minimisation procedure of Eloranta [Elo91], a finiteτ-free minimal IOTS is

unique up to graph-isomorphism. Thus, for ensuring that a finite IOTS is weakly deterministic, it suffices to minimise the IOTS w.r.t. the number of states and transitions and to check that the resulting IOTS has noτ-transitions and that from each state there is at most one transition for each label.

For the precise definition of weakly deterministic IOTSs we need to consider the weak traces of an IOTS. Given an IOTSA = (L, S, s0,∆), if we remove in each finite trace of A all τ occurrences then we obtain the weak traces of A. We define the traces of

an IOTS based on its initial execution fragments. Let A be an IOTS. The trace of an

execution fragmentρ_∈frag∗0(A)is the sequence of labels occurring inρ, i.e. the trace of

ρ = (s0l1s1. . . lnsn)is the sequenceλ = l1. . . ln ∈ L(A)∗. A weak trace is obtained

fromλby projection to the alphabetS_L

A, i.e. by removing allτs froml1. . . ln.1 Note

that the empty sequenceis also a weak trace. With the weak traces for all initial execution fragmentsρ_∈frag∗0(A)we obtain the set of weak traces ofA, denoted byT∗(A). Lemma 3.6 IfAandBare IOTSs withA_≈gb_B_{, then}_T∗₍_A_{) =}_T∗₍_B₎_.

PROOF. Greybox equivalent IOTSs have, up to occurrences ofτtransitions, the same

finite traces. Hence they have the same weak traces.

An IOTS Ais weakly deterministic if all finite traces ofA which coincide up toτ

transitions lead to greybox equivalent elements of A. We extend the notation(s, l, s0)_∈ ∆X

Ato label sequences, such that(s, λ, s0)∈∆XAifs0is reachable via labels inλ(in the

given order), possibly interspersed with labels in X. Then(s, , s0₎ ∈ ∆X

A is equivalent

with(s, s0₎ ∈∆X

Definition 3.7(Weakly deterministic) An IOTSA= (L, S, s0,∆)isweakly deterministic if for all weak tracesλ_∈T∗₍_A₎_{the following holds: If}₍_s

0, λ, s1)∈∆τand(s0, λ, s2)∈

∆τ_then_s

1≈gbs2.

Remember that an IOTSBis calledneutralfor an IOTSA, ifAandBare composable

and AθS ≈gb A ⊗B where S = L(A) on L(B) are the shared labels of A andB

andθS internalisesS inA. We extend a sufficient criterion, called “interface theorem”,

from Cheung and Kramer [CK96] for determining neutrality to our setting. We generalise their assumptions to include not necessarily finite IOTS and use greybox equivalence and weakly deterministic IOTSs.

Proposition 3.8 Let A and B be two composable IOTSs withS

LB ⊆ SLA, and let

H =S

LA\SLB. LetBbe weakly-deterministic. ThenBis neutral forAif, and only if, T∗(_A/H)_⊆_T∗(_B)_.

PROOF. We abbreviateθS(A,B)byθS. “⇐” We show thatR = {(sA,(sA, sB))∈

SA×(SA×SB)| ∃λ∈SLA∗.(s0,A, λ, sA)∈∆τA∧(s0,B, λ/H, sB)∈ ∆τB}, where

1_{Remember that}_L₍_A_{) =}_I

2. PORT-BASED VIEWS OF COMPONENT BEHAVIOUR 41

λ/H is obtained fromλby removal of all labels given byH, is a witness for greybox equivalence betweenAθSandA⊗B.

Let T∗₍_A/H₎ ⊆ T∗₍_B₎ _{hold. Let}_A _{= (}_L A, SA, s0,A,∆A), B = (LB, SB, s0,B,∆B),AθS = (LAθS, SA, s0,A,∆AθS),A⊗B= (LA⊗LB, SA×SB,(s0,A, s0,B), ∆A⊗B). LetR ={(sA,(sA, sB)) ∈ SA×(SA×SB) | ∃λ ∈ SLA∗.(s0,A, λ, sA)∈ ∆τ

A∧(s0,B, λ/H, sB)∈∆τB}whereλ/His the sequence of labels which results fromλ

when removing all labels inH. Then(s0,A,(s0,A, s0,B))∈R. In order to show thatRis

a witness for greybox equivalence betweenAθS andA⊗B, let(sA,(sA, sB))∈R.

Let(sA, l, s0A)∈∆AθS. Ifl∈Horl =τ, then((sA, sB), l,(s

A, sB))∈∆A⊗Band (s0

A,(s0A, sB))∈R. Ifl ∈ S(A, B), letλ∈SLA∗be a weak trace with(s0,A, λ, sA)∈ ∆τ

A and (s0,B, λ/H, sB) ∈ ∆τB. Then λl ∈ T∗(A) and thus (λ/H)l = (λl)/H ∈

T∗₍_A/H₎

⊆T∗₍_B₎_{. Hence there is a}_s(1)

B ∈SBsuch that(s0,B, λ/H, s(1)B )∈∆τBand

(s(1)_B , l, s(2)_B )∈∆B. AsBis weakly deterministic,s(1)_B ≈gbsB, and thus there is as0B∈

SBwith(sB, l, s0B)∈ ∆τB. Thus((sA, sB), l,(sA0 , s0B))∈ ∆τA⊗B and(s0A,(s0A, s0B))∈

Let((sA, sB), l,(s0A, s0B))∈ ∆A⊗B. Then eitherl = τ orl ∈ S(A, B)orl ∈ H,

since S

LB ⊆ SLA. If(sA, τ, s0A) ∈ ∆A thens0B = sB, (sA, τ, s0A) ∈ ∆AθS and

(s0A,(s0A, sB))∈R; if(sB, τ, s0B)∈∆Bthens0A =sA,(sA, sA)∈∆τAθS, and(sA,(sA,

B))∈R. Ifl ∈ S(A, B), then(sA, l, s0A)∈ ∆AθS and(s

A,(s0A, sB0 ))∈ R. Ifl ∈H,

then(sA, l, s0A)∈∆AθS,s

B =sB, and(s0A,(s0A, sB))∈R.

“⇒” The claim follows from Lem. 3.6 using the fact thatHdoes not contain shared la-

bels ofAandBand the congruence of greybox equivalence w.r.t. hiding. LetAθS ≈gbA⊗

B. ThenA/H⊗B≈gb(_A

⊗B)/Hby Lem. 2.17 (3), asS(A, B)∩H =∅. Furthermore

(AθS)/H≈gb(A/H)θS, again sinceS(A, B)∩H=∅. Thus(A/H)θS ≈gbA/H⊗B

by Lem. 2.16 (1). SinceS

LA/H =SLB, all labels betweenA/HandBare shared, and

thusT∗(_A/H_⊗_B)_⊆_T∗(_B)_{. By Lem. 3.6, we have}_T∗(_A/H) =_T∗((_A/H)_θ S) =

T∗₍_A/H

⊗B)⊆T∗₍_B₎_.

The following corollary is the crucial result needed for the port-based computation of neutral leaf components discussed hereafter. Essentially it says that neutrality of a weakly deterministic IOTSBfor some IOTSAcan be propagated to the neutrality ofBfor some

more complex IOTSC, ifAis greybox equivalent to some viewC/H on the larger be-

haviourC.

Corollary 3.9 LetA,B, andC be IOTSs such thatS

LB = SLA ⊆ SLC. LetB be

composable withAandC. LetH = S_L

C\SLAandC/H ≈gb A. LetB be weakly

deterministic. ThenBis neutral forAif, and only if,Bis neutral forC.

PROOF. First, sinceC/H _≈gb_A_{we have, by Lem. 3.6,}_T∗₍_C/H_{) =}_T∗₍_A₎_._B_is

neutral forAiff (by Prop. 3.8, sinceS_L

B =SLA)T∗(A)⊆T∗(B)iffT∗(C/H)⊆ T∗₍_B₎_{iff (by Prop. 3.8, taking}_C_for_A₎_B_{is neutral for}_C_.

2.2. Port-Based Computation of Neutral Leaves. In this section, we focus on the behavioural neutrality checks which are performed component-wise in our reduction al- gorithm of Sect. 1. Components communicate exclusively via ports; therefore it should be sufficient to compare instead of the complete behaviour of two components only the behaviour visible at their connected ports which are usually much smaller IOTSs. We show that the neutrality checks indeed may be optimised by considering port-based views which hide component actions that are not visible at the given port. Here we would like to stress that port-based checks are an optimisation to compare behaviours; the views are not intended to replace component behaviours in the computation of assembly behaviours. Of course, such an approach can only be sound if the particular view preserves enough information of the complete component behaviour such that neutrality between port-based views of component behaviours indeed implies neutrality for the synchronisation of the

42 3. BEHAVIOURAL NEUTRALITY IN SYNCHRONOUS ASSEMBLIES

underlying complete behaviours. It will turn out that weakly determinism is a fundamental prerequisite.

Definition 3.10(Port behaviour) LetC_∈Cmpwithp:P _∈ports(c:C). Thebehaviour ofCat portp: P is given bybeh(C)p:P =beh(C)/(S(LC)\ {p.m |m ∈msg(P)}).

The behaviourbeh(C)p:P is also calledport behaviourofp:P in the context ofC.

Similar to the hiding of ports, we may construct new components using the behaviour of a component at a particular port. LetC _∈Cmpandp:P _∈ports(C). Therestriction of C to port p : P, written C_↓p:P, yields a component (type) C0 ∈ Cmp, given by ports(C0_{) =}

{p:P_}andbeh(C0_{) =}_beh₍_C₎ p:P.

Definition 3.11 (Port neutrality) Let a = _hc : C[p : P], d : D[d : D];k : K_ibe a synchronous assembly withports(K) =_{c.p:P, d.q:Q_}. The port behaviourbeh(D)q:Q

isk-neutralforbeh(C)p:P if the synchronisation viak:Kina[c:C7→(C↓p:P), d:D7→ (D↓q:Q)]is behaviourally neutral forc:C↓p:P.

Unfolding the definition of port neutrality results in a characterisation in terms of IOTSs:

beh(C)p:Pσ⊗beh(D)q:Qσ≈gbbeh(C)p:PθS whereσis an appropriate synchronous re-

labelling using the connectork: K andS = _S(beh(C)p:Pσ,beh(D)q:Qσ). Hence, port

behaviours can only be behaviourally neutral if their labellings are inverse, i.e., if input and output labels mutually coincide. Port neutrality has the important consequence that the behaviour of a component is unaffected if a port of the component is connected to a neutral port of another component, provided that the behaviour of this port is weakly deterministic. Weak determinism is the crucial property required to preserve neutrality within our abstraction from component behaviours to port behaviours as given by Def. 3.10.

The following theorem is an application of the results discussed on the level of I/O- transition systems in Sect. 2.1. It is at the core of a more efficient check for neutrality in assemblies. Note that componentCmay have more than one port.

Theorem 3.12(Port-based check) Leta=_hc:C, d:D;k:K_ibe a synchronous assembly, p:P _∈ ports(C), ports(D) = _{q : Q_} and ports(K) = _{c.p:P , d.q:Q_}. If

beh(D)q:Q is weakly deterministic and beh(D)q:Q is k-neutral forbeh(C)p:P, then the

synchronisation viak:Kinais behaviourally neutral forc:C.

PROOF. By expanding definitions we show that the theorem is an instance of Cor. 3.9. By definition of port neutrality Def. 3.11 we need to show that the behavioural neutrality of the synchronisation viak:Kina[c:C7→(C↓p:P), d:D7→(D↓q:Q)]implies the be-

havioural neutrality of the synchronisation via k:K inaforc:C. By definition of neutrality

Def. 3.1 this amounts to show that

beh(hc:C↓p:P, d:D↓q:Q;k: (c.p:P, d.q:Q)i)≈gbbeh(hc:C↓p:P;k: (c.p:P)i)

implies beh(hc:C, d:D;k: (c.p:P , d.q:Q)_i)_≈gb_beh₍

hc:C;k: (c.p:P)_i).

By definition of assembly behaviours:

beh(c:C↓p:P)σ2⊗beh(d:D↓q:Q)σ2≈gbbeh(c:C↓p:P)σ1 implies beh(c:C)σ2⊗beh(d:D)σ2≈gbbeh(c:C)σ1

withσ2 = σ(c.p,d.q,k) andσ1 = σ(c.p,k). By definition of restriction and behaviours of component declarations we obtain

(c.beh(C)p:P)σ2⊗(d.beh(D)q:Q)σ2≈gb(c.beh(C)p:P)σ1 implies (c.beh(C))σ2⊗(d.beh(D))σ2≈gb(c.beh(C))σ1 which is, byports(D) =_{q:Q_}, equivalent to

(c.beh(C)p:P)σ2⊗(d.beh(D))σ2≈gb(c.beh(C)p:P)σ1 implies (c.beh(C))σ2⊗(d.beh(D))σ2≈gb(c.beh(C))σ1

In document Janisch, Stephan (2010): Behaviour and Refinement of Port-Based Components with Synchronous and Asynchronous Communication. Dissertation, LMU München: Fakultät für Mathematik, Informatik und Statistik (Page 47-51)