Decoupling PNSCs in Synchronisation

In an event-triggered communication model, such as the PNSC model, the process trigger semantics controls the forward progress of the computation. Since a read operation on a port is blocking, the process will be triggered by the arrival of a message token, i.e. the arrival of a message token initiates the progress in the flow direction of the data. Due to the blocking write of a PNSC process the progression of computation is controlled against the flow direction of the data. I call this back-pressure.

The blocking communication semantics in a PNSC is crucial to ensure event safety in the communication: It is not possible to unintentionally duplicate or lose message tokens as processes are blocked as long as the communication partner is not available to exchange information. The cost, however, is that blocking creates mutual interference between components. In case of a mixed-criticality system, it must be possible to punctually remove the blocking semantics of read and/or write operations of a process (decoupling in synchronisation) to prevent interference.

Note that decoupling communication in time does not automatically achieve decoupling in synchronisation. This is because blocking is possible if no space is available in the buffer for a producer to write to or the buffer is empty and can offer nothing to a consumer.

The blocking semantics of an action a ∈ AI e

N∪A

O

e

N in a Synchronous Interface Automaton

(SIA)N can be removed by adding a self-loop transition, triggered by action a, to eache state of the SIA where action a is not enabled. This means that the implementation of process N needs to be able to serve the action a in each state of its corresponding SIA N . This delegates the problem of decoupling to the implementation of the processe which is undesirable because it violates the concept of exogenous coordination.

s0 s1 s2 s3 s4 a1? τ1; τ2; b1! b2! b3! b1! b1! b1! b1! N₁0 b1 b2 b3 a1 a2

Figure 4.1: An example of a process N10 where SIA eN10 describes the interaction protocol of N₁0 with port b1 decoupled in synchronisation.

As an example let’s consider the process N1 and its corresponding SIA Ne₁ as depicted in Figure 3.2 where no port is decoupled in synchronisation. Figure 4.1 depicts the same situation expect that here, port b1 is decoupled in synchronisation. Due to this

decoupling, the SIANe₁0 has a self-loop transition, triggered by action b₁ ∈ AO e

N0 1

, on each state except state s2 where action b1 is enabled.

This modification of a process and its SIA is not very convenient because it requires the necessity of different process implementations depending on the context a process is used in. To avoid this, I introduce a decoupling process ND with SIA Ne_D as depicted in Figure 4.2. The SIA Ne_D of the decoupling process has only one state s₅ where it

s5

ain? aout!

ND aout ain

Figure 4.2: An example of a decoupling process ND and its SIA eND with input ain and output aout.

accepts an action ain ∈ AI

e

ND

and an action aout ∈ A

e

ND. The decoupling process can

never block because each transition in its SIA is immediately returning to the initial state which allows the process to always consume an input when one is provided and always produce an output when one is required. In order for a decoupling process to provide an output before it received an input, an initial value must be defined.

s05 s15 s25 s35 s45 a1? τ1; τ2; b1; b2! b3! b0₁! b0₁! b0₁! b0₁! b0 1! ND1 b0₁ b2 b3 a1 a2

Figure 4.3: The resulting abstract process ND1 of the composition N1⊗ ND where SIA gND1 = eN1⊗ gND. SIA gND1 is syntactically equivalent to SIA eN10, depicted in

Figure 4.1.

Note that a decoupling process is symmetric. This means that if a decoupling process

ND(b1) is used to decouple the output port b1 of process N1, not only does it make the

write access of process N₁ to port b₁ non-blocking but also any read access from the environment to the decoupling process ND(b1) becomes non-blocking. This is illustrated

by Figure 4.3 where a decoupling process on channel b₁ is composed with process N₁ (in order to avoid naming conflicts, the output port of the decoupling process is renamed to b0₁). The resulting process is named ND₁ and its corresponding SIA is defined as

e

N1 ⊗Ne_D(b₁). We observe, that the transition hs₂₅, b₁, s₀₅i is now triggered by the internal action b₁. Further, we observe that on each state a transition, triggered by the output action b0₁, is available which means that the process ND1 is able to serve action

b0₁ in any state to the environment i.e. any write access to the environment and any read access from the environment is decoupled. Note that Figure 4.1 and Figure 4.3 are syntactically equivalent.

I conclude that by using a decoupling process on a synchronous channel, the blocking semantics of the channel is removed for the read and the write operation. Consequently, on a synchronous channel it is only possible to decouple read and write operations simultaneously. If read and write access must be decoupled individually, the decoupling in synchronisation must be combined with decoupling in time. I discuss this in detail in Subsection 4.1.3 of this section. I use the notation to describe a channel where the write access is non-blocking, to describe a channel where the read access is non-blocking, and to describe a channel where the write and the read access is non-blocking. As discussed above, a decoupling process, as depicted in Figure 4.2, enforces decoupling in synchronisation for read and write access and is, hence, represented as . Note that is only a theoretical construct and in practice decoupling a synchronous channel in synchronisation is equivalent to removing the channel. This is because the producer and the consumer would need to access the channel at the exact same time and use the physical wire as a buffer to transmit a message token. In combination with decoupling in time, however, the decoupling process becomes a powerful tool to punctually prevent interference between interacting processes.