Shared%20Variables%20in%20Stochastic%20Petri%20Nets%20and%20Process%20Algebras%20-

1
Shared Variables in Stochastic Petri Nets and
Process Algebras - Background Material

• Exponential vs. Non-Exponential (General)
  Distributions
• An exponentional(ly-distributed) duration has the
  property that for any non-zero time T
• there is non-zero probability that the duration
  is less than T
• there is non-zero probability that the duration
  is greater than T
• Not a completely realistic model
• Wont do for considering hard real-time
  requirements
• and its preferable to have one model that does
  performance evaluation and real-time analysis
• Also has memory-less property (and is the only
  (continuous) one that does)
• The distribution of how long you have to wait for
  it to complete
• is independent of how long you have already
  waited
• This has great advantages for analysis method and
  formal simplicity
• Particularly, interleaving is valid
• Interleaving vs. True-concurrency (in a Process
  Algebra (PA) )
• P (d1 Q) (d2 R) . Q . (
  is prefix)
• Interleaved LTS semantics -
• On reaching (Q) (d2 R), some time has
  elapsed due to d1
• So d2 should be different
• For exponential durations can ignore this, so
  interleaving is valid
• For general case, cannot so (in principle) need
  a true-concurrency model

(Q) (d2 R)
d2
P
(Q) ( R)
d1
(d1 Q) ( R)
1
2
Background Material

• Approachs to General Distributions in PAs
• A. Explicit timers
• Instead of P (d1 Q) (d2 R)
• You write P (start(t1,d1) wait(t1) Q)
  (start(t2,d2) wait(t2) R)
• giving interleaved LTS -
• B. Implicit timers
• You do write P (d1 Q) (d2 R)
• but the semantics gives the same LTS as above
• C. True Concurrency
• You do write P (d1 Q) (d2 R)
• the semantic model is more complex than an
  interleaved LTS
• Timed Synchronisations
• One atomic element including both synchronising
  action and duration
• ( a?d1 ?) ( a!d2 ?) has the effect of
  (t(d1 d2) ?)
• stochastic PAs with only exponential durations
  always have timed synchronisations
• A and B preclude that C allows it
• Should allow timed synchronisation in a PA with
  general distributions, because
• should be a straight generalisation of
  exponential-only PA
• if thats useful in exponential case, also useful
  in non-exponential case

end(t1)
start(t1,d1)
start(t2,d2)
start(t2,d2)
start(t1,d1)
end(t2)
2
3
Background Material

• Preemption of a generally distributed duration
• P ( d1 P ) ( d2 P )
• After doing d1
• preemption is re-start d2
• non-preemption would be to continue with old d2
• High Level vs Low Level PA - value-passing
• P(x,y) (xgty)a?(z) P(z,z)
• parameterised agent definitions and input
  actions, guard
• equivalent to (defined by) its unfolding - a
  family of agent definitions
• P0,0 ?
• P1,0 a?0 P0,0 a?1 P1,1
• Generally the HL expression is much smaller than
  the equivalent LL one

d1
P
d2
3
4
Shared Variables in Stochastic Petri Nets and
Process Algebras

• Need to do performance evaluation on languages
  used by Software Engineers, e.g. UML,
• rather than requiring use of specialised
  models, only usable by specialists
• Need to consider such languages in full
  generality
• including variables updated by parallel
  components
• E.g. in UML nested state diagrams -

(TP)gtM
d
a?
TTD
Q
R
S
c?
PP-E
(TP)ltM
b?

• Q and S update variables T(emperature) and
  P(ressure)
• R monitors safety condition and sounds alarm,
  b!, if violated for duration d
• Parallelism is not for physical parallelism,
  but for
• Factoring design -
• Otherwise, replicate R everywhere T or P changes

4
5
Criteria on a General Approach to PA / PN
Semantics

• Generality
• Accommodate non-exponential distributions -
• realism
• hard real-time contraints
• Atomicity - a?(y)ygtxd - a conditional
  timed synchronisation
• most general distribution PAs cant do timed
  synchronisation
• Size is an issue when variables included
• Need a High-level model
• coloured net / value-passing PA
• otherwise model gets very big
• Need a Low-level model also,
• there will be some tools not extended for HL
  model
• LL model must be consistent with HL model, and
  not too big
• Compositionality
• Sem(A B) Sem(A) Sem(B)
• General principle

5
6
Process Algebra Approaches

• It is a difficulty
• Usual PAs have difficulty with shared variable
  semantics
• This meets with disbelief - hence this paper, to
  explore the issue
• Evidence
• The (T)CSP semantics of OCCAM
• valid only if shared variables are read-only
• Milner book on CCS
• Does give a semantics for a language with
  updateable share variables
• not applicable if language allows waiting for a
  condition to hold
• Time makes it worse
• Including durations
• increases the difficulty for PAs
• General Distributions
• makes that worse
• presents some issues for a PN solution

(TP)gtM
d
(TP)ltM
b?
R
6
7
Process Algebra Approaches
(TP)gtM
d
R1
a?
TT1
c?
PP-1
R0
R2
Q1
Q2
Q3
(TP)ltM
b?
S1
S2
S3
Q
R
S

• Three classes of solution approaches
• Fully-Parallel (distributed single copies of
  variables)
• Parallel agents for Q, R and S, and for T and P
• Q, R and S communicating with T and P to read and
  write variables.
• Milners approach
• Semi-Parallel (distributed replicated copies of
  variables)
• Parallel Agents Q(T,P), R(T,P) and S(T,P)
• Each has own copy of variables
• Each broadcasts new value when it does an update
• Non-Parallel (centralised single copy of
  variables)
• One global Agent X(Q,R,S,T,P) - Q1 if Q in
  state Q1 etc
• Semantics is one massive choice -
• X(Q,R,S,T,P) (Q2)t X(3,R,S,T1,P)
  
• Discard immediately -
• Non-compositional
• LL semantics is big (isomorphic to LTS)

7
8
Process Algebra Approaches - Fully-Parallel
t
get.t
get.p
(TP)gtM
d
R1
R0
R1
R0
R2
Z
(TP)ltM
b?
Q
R
S
If tpgt m fails, must take this branch to
allow for updates that make it succeed

• The Semantic Definitions
• Sem(R) R0 where
• R0 get.t(t) get.p(p) ( (tpgtm)t R1
• 
  (tpltm)Z R0 )
• if Z is immediate, t,
• the immediate loop R0 back to R0 stops the clock
• no timed action can ever happen
• if Z is timed, d, then
• this distorts the behaviour
• can construct an example where the reachable
  states is incorrect
• Claim - this approach cannot give an adequate
  solution - but let me know if you find one.

8
9
Process Algebra Approaches - Fully-Parallel -
Counter example for delayed re-test
XY1
X?Y
e means exponential delay
e
XY1
XY
XY
XY
R
Q1
Q2
Q3
Q4
R1
R2
Q

• Cannot reach Q4 -
• Q is trying to get XY to hold for some non-zero
  duration
• R is thwarting that
• The delayed re-test scheme gives for R
• R1 get.x(x) get.y(y) (yx)t R2
• (y?x)d R1
• Can choose e as less than d, no matter what ds
  distribution is, so can get sequence
• Rget.x(x) get.y(y) (y?x)?start(d) QQ1 ?
  Q2 ?start(e) end(e) Q3 ? Q4 R end(d)

Race between d and e, won by e
9
10
Process Algebra Approaches - Semi-Parallel - The
main Example
Q1
S1
d1
C ?M a?
R4
d3
C ?M c?
R2
R1
d6
Q2
C? M d5
S2
Q3
Q4
S3
S4
d2
d4
e
C C, M M
C C, M M
b!
Q
R
R3
S

• C and M are boolean - for two exclusive access
  resources - true if resource in use
  (Jobber needs Chisel and Mallet)
• C is negate C and return that result C is
  return the negation of C
• Q acquires both resources to service request a?
  holds them for d1 (service time) releases them
  waits for d2 repeats.
• S is analogous - Q and S compete for the
  resources
• R monitors resource usage - if either resource is
  in use for period d5, it sends a message
• The d6 and e are to add challenge - race between
  exponential and non-exponential
• Semantic Definition - Sem(QRS) Sem(Q) Sem(R)
  Sem(S)
• Sem(Q) Q0(f,f), where Q1(c,m)
  (c?m)a? C!(c ) M!(m) Q2(c , m)
• lt
  (C?(c) Q1(c,m) M?(m) Q1(c,m) )
• Sem(S) S0(f,f), where S1(c,m) (c?m)c?
  C!(c ) M!(m) Q2(c , m)
• lt
  (C?(c) Q1(c,m) M?(m) Q1(c,m) )
• Receiving an update, C?(c), must be prioritised,
  lt, otherwise we can get -
• Q(c?m)?a? S (c?m)?c? - both believe
  they have acquired exclusive use of the resources
• 
  and have
  committed to that by a? and c?

10
11
Process Algebra Approaches - Semi-Parallel - The
Problems
Q1
S1
d1
C ?M a?
R4
d3
C ?M c?
R2
R1
d6
Q2
C? M d5
S2
Q3
Q4
S3
S4
d2
d4
e
CC, M M
CC, M M
b!
Q
R
R3
S

• Needing Prioritsed Choice
• Needing to have prioritisation between immediate
  actions is an embarrassment from a theoretical
  perspective, because
• Introduces inconsistency between interleaving and
  true-concurrency semantics
• There is concurrent enabling of the resource
  acquisition in Q and the resoource acquisition in
  S
• So in a true-concurrency semantics both can
  happen, where as in the interleaved semantics
  only one can
• And non-exponential timed synchronisation needs a
  true concurrency semantics
• There can be spurious preemption of delays -
• Sem(R) R0(f,f), where R1(c,m) (c? m
  )d5 R2(c, m)
• 
  (C?(c) R1(c,m) M?(m) R1(c,m) )
• There must be the option of receiving the update
  - otherwise
• updater is blocked until d5 is finished
• a change invalidating the (c? m ) condition is
  lost
• If the change does not invalidate the (c? m )
  condition, the d5 delay is preempted spuriously
• The LL semantics is inordinately large - CDV -
  exponential in number of variables

11
12
Preemption Policies

• What happens when we preempt
• Assume prd of standard classification- when an
  active duration is preempted, next time round we
  start it again, with re-selection from its
  distribution.
• When do we preempt - new classification which of
  the following rules is included
• A enabled timed transition, t, is preempted by
  (reading/doing X below)
• TS - The system reaching a Tangible State in
  which t is not enabled
• VS - The system reaching any (tangible or
  Vanishing) State in which t is not enabled
• TT - (TS or) The occurrence of a Timed Transition
  which is in conflict with t
• VT - The occurrence of any (timed or
  immediate/Vanishing) Transition which is in
  conflict with t.
• Implies structure means possible policies are -
  TS, VS, TT, VS,TT, VT

TS
TT
VS
VT
implies
t
t
t
X
X
X
u
u
TT
v
v
TS
VS
TS (fix(Y(dt ?)(a? du Y)) (dv a!
?))\a
VS (fix(Y(dt ?)(a? t Y)) (dv a!
?))\a
TT fix(Y(dt ?)(dX Y)
VT (fix(Y(dt ?)(a? Y)) (dv a!
?))\a

• For net or PA expression, should have VT
  equivalent VS
• should make no difference by introducing
  transition u - not in conflict, immediate, silent
• so really VS implies VT policies are TS, TT, VT

12
13
Preemption Policies in PA
t
X
TT
TS (fix(Y(dt ?)(a? du Y)) (dv a!
?))\a
VS (fix(Y(dt ?)(a? t Y)) (dv a!
?))\a
TT fix(Y(dt ?)(dX Y)
VT (fix(Y(dt ?)(a? Y)) (dv a!
?))\a
VT (fix(Y(dt ?)(a? Y)) (dv a!
?))\a
Equivalent can replace agent variable by its
definition - fundamental to PA approach
VT (fix(Y(dt ?)(a? fix(Y(dt ?)(a?
Y)) )) (dv a! ?))\a
Second one cant be a continuation of the first -
must start a new duration in VT, so also must in
VT

• In a PA preemption policy must be VT
• Because there is no fixed structure - discards
  everything of the non-chosen branch
• In nets can have more choice about preemption
  policy

13
14
Semantics using HL Composable Nets
Q1
S1
d1
C ?M a?
R4
d3
C ?M c?
R2
R1
d6
Q2
C? M d5
S2
Q3
Q4
S3
S4
d2
d4
e
CC, M M
CC, M M
b!
Q
R
R3
S
Sem(R)
Sem(Q)

• A very direct and intuitively appealing
  semantics-
• one place for every state/variable
• one transition for every transition
• with arcs for-
• its pre-/post-state
• the variables it uses

Q1
C
vd6
R4
we
R3
C
R1
c?ma?
c
c
m
m
c ? m
Q2
td5
M
m
m
b!
Q3
td1
M
R2

• Coloured Place has tokens which carry values - C
  and M have boolean-valued tokens
• Arc from coloured place has (set of) variables -
  bound to the values of token(s) used in a
  transition firing
• Transition has guard using the arc variables -
  fires only for tokens that make guard true
• Arc to coloured place has (multi-set) of
  expressions - defining value(s) of tokens
  produced in transition firing
• Interface place, C or M, fuses with matching
  places in composed nets
• Interface (synchronising) transition, a?, fuses
  with matching transitions in composed nets

14
15
Preemption Policies in (Composable) Nets to
Obtain Intuitively Correct Semantics
Q1
S1
d1
C ?M a?
R4
d3
C ?M c?
R2
R1
d6
Q2
C? M d5
S2
Q3
Q4
S3
S4
d2
d4
e
CC, M M
CC, M M
b!
Q
R
R3
S
Sem(R)
Sem(Q)
Q1
C
vd6
R4
we
R3
C
R1
c?ma?
c
c
m
m
c ? m
Q2
td5
M
m
m
b!
Q3
td1
M
R2

• Presume the required semantics for R is - b!
  happens if there is a d5 period during which ( C
  is true or M is true)
• Cant have TT - if we had another copy of R,
  ones d5 would preempt the others. So cant
  have VT
• So, policy is TS - an instantaneous switch for Q
  having resources to S having resources is not
  seen by R
• Model is
• race with instantaneous state change when
  winner fires
• vanishing states are unreal

15
16
Unfolding the Coloured Net Semantics
Sem(R)
LL(Sem(R))
vd6
R4
we
R3
vd6
R4
we
R3
Cf
C
R1
td5
R1
c
c
Mt
td5
c ? m
td5
b!
Ct
td5
m
m
b!
R2
Mf
M
R2

• For coloured place, C, get set Cf, Ct
  comprising one plain place for each possible
  value
• For each transition, td5(c ? m), get one for
  each combination of arc parameter values giving
  guard true
• with arcs to corresponding places
• N and LL(N) should always give the same behaviour
  - behaviour of LL(N) can be taken as defining
  behaviour of N
• In HL net, if Ct , Mt at first and after
  some time this instantaneously changes to Ct ,
  Mf
• td5(c ? m) has continuous enabling through this
  change, so its duration - d5 does not re-start
• (if we dont have VT preemption policy)
• In LL net, this change disables middle td5, and
  starts an enabling of bottom td5 - d5 does
  re-start
• To fix this HL/LL inconsistency require tags, the
  t - transitions with the same tag are really
  the same transition
• There is a more complex semantics (see paper)
  which deals with lack of tags and different
  preemption policy
• But still requires not VT policy

16
17
Structured and Un-structured Behaviour Atoms
Q1

• Basic Problem with using usual PA for semantics
• This transition atomically depends on three
  independent external conditions
• offering of a! C false M false
• In usual LTS behaviour model the behaviour atom
  has no structure
• So can only directly express one external
  dependency
• Behaviour Atom for Composable Nets
• Can define net composition at net level
• define how to make the composed net (fusions)
• give usual global firing rule for behaviour
• Or on behaviour level (as for PAs) -
  compositional behavioural model
• A (Petri) LTS as behaviour of a component net
• Behaviour inference rules, to obtain behaviour of
  composed net
• Behaviour atom is, e.g. Cf, Mf/a?,0/Ct, Mt
• I / a, d / O
• I, O - multi-set of interface places -
  input/output tokens
• a, d - as for usual stochastic PA - action, delay
• Sub-structure gives direct expression of
  multi-dependency
• makes formulation of semantics easy

C ?M a?
. . .
Q2
Q
a?
Q1
Q2
LL(Sem(Q)) N
Cf
Q1
Mt
a?
Ct
Mf
Q2
NQ1
NQ2
Cf
Q1
Mt
a?
Ct
Mf
Q2
17
18
Towards a Petri PA

• The Net Composition Operator
• Composable nets have a single all-swinging
  all-dancing combinator
• Multiplicative transition fusion for
  synchronisation
• Potentially four different synchronisations
  between a? and a!
• for N a!s and M a?s - NM synchronisations
• one fused transition for each possible
  synchronisation
• Multiplicative place fusion for shared state
• E is entry place - start with one token on each
• Parallel composition gives multiple entry places
  - E is a place label
• Choice composition gives one fused E place for
  each required conflict
• Firing one initial transition in left net must
  disable all initial transitions of right net
• Disadvantages
• The inference rule for this combinator is quite
  complex,
• particularly to accommodate non-injective place
  labelling
• Patterns such as Parallel, Sequence, Choice may
  be useful in compostional analysis, but these are
  not directly apparent in the composition
  structure
• General expression of mutually recursive
  definitions is hard in Petri nets -
• P a.1! (Pa.n?a.(n1) Pa.n?a.(n1) )
• finite PA expression for which net is infinite
• if environment offers only a.1? a.4? - actual
  behaviour is finite

18
19
Towards a Petri PA

• The Best of Both Worlds
• Use the Petri LTS as compositional behaviour
  model
• Have combinators as close as possible to usual PA
  combinators
• Now have two forms of conflict
• named place (C)
• choice (E)
• can have
• PA preemption rule (VT) for choice
• PN (TS) rule for named place
• can have marking-dependent distributions
• can add in enabler arcs, I / a, d / O becomes
  E / I / a, d / O
• C(c)/a!/C(c)(c0) C(c)/a?/C(c)(c0
  )
• has problem that synchronisation must sum Input
  and Outputs
• becomes C(c)/ /a!/ (c0) C(c) /a?/
  (c0)
• can similarly add in inhibitor arcs
• can do the PN way of compact LL representation of
  a queue or buffer
• a place with on plain token for each queued item
• LL PA representation is infinite

E
E
E
E
. . .
. . .
C
C
c
a?y yc
a!1
a!2
a?y
. . .
. . .
( ) (
C(c)/a?(y),0/C(c)(yc)

)
19
20
Petri PA Semantics of the example
Sem(Q,R,S) Sem(Q) Sem(R) Sem(S) Sem(R)
R1 in R1Sem(R1), R5Sem(R5), Sem(R1)
C(c),M(m)//t,d5/(c? m) //b!,0/
R1 //t,d6/
//g!,0/ R5 ...
R4
R2
. . .
g!
. . .
R1
d6
C? M d5
R5
e
h!
. . .
b!
R
Q
R3
S
Sequence is prefix Alternatives is
choice Parallel is parallel Unrestricted
flow-graph structure is recursive definitions
20
21
21