Reino Kurki-Suonio

Decentralization of process nets with centralized control

The behavior of a net of interconnected, communicating processes is described in terms of the joint actions in which the processes can participate. A distinction is made between centralized and decentralized action systems. In the former, a central agent with complete information about the state of the system controls the execution of the actions; in the latter no such agent is needed. Properties of joint action systems are expressed in temporal logic. Centralized action systems allow for simple description of system behavior. Decentralized (two-process) action systems again can be mechanically compiled into a collection of CSP processes. A method for transforming centralized action systems into decentralized ones is described. The correctness of this method is proved, and its use is illustrated by deriving a process net that distributedly sorts successive lists of integers.

Object-oriented specification of reactive systems

A novel approach to the operational specification of concurrent systems that leads to an object-oriented specification language is presented. In contrast to object-oriented programming languages, objects are structured as hierarchical state-transition systems, methods of individual objects are replaced by roles in cooperative multiobject actions whereby explicit mechanisms for process communication are avoided, and a simple nondeterministic execution model that requires no explicit invocation of actions is introduced. The approach has a formal basis, and it emphasizes structured derivation of specifications. Top-down and bottom-up methodologies are reflected in two variants of inheritance. The former captures the methodology of designing distributed systems by superimposition; the latter is suited to the specification of reusable modules.<<ETX>>

DisCo specification language: marriage of actions and objects

The potential of the action-oriented paradigm has been explored in the development of a specification language, DisCo, which can be characterized as both action-oriented and object-oriented. Its possibilities are introduced by contrasting them to the more familiar process-oriented approaches. Its execution model is state-based and leads to direct application of temporal logic in formal reasoning. Action-orientation allows a natural support for such forms of modularity that cut across process boundaries. At the same time, process-oriented abstractions are retained by object-orientation and the use of hierarchical state chart structures. The novel aspects of modularity are illustrated by a protocol example. The language is semi-executable.<<ETX>>

Serializability in Distributed Systems with Handshaking

Computations in distributed systems can be described in terms of actions in which one or more processes synchronize by common handshakes. A general formulation for such action systems is given, together with two interleaved execution models: a serial model that allows simple temporal reasoning, and a concurrent model that reflects a distributed execution environment more faithfully. The equivalence of the two models is shown, up to fairness properties. The relationships between the natural fairness and justice notions in the two models are analyzed. This leads to sufficient conditions under which reasoning in terms of the serial model is valid even when the execution environment guarantees the weaker properties of the concurrent model only. Proving that these conditions hold for a particular system can be carried out totally within the simpler serial model. Finally, the results are discussed from the point of view of partial order computations.

Fundamentals of Object-Oriented Specification and Modeling of Collective Behaviors

Starting from an analysis of the components that an applicable theory of programs needs, the fundamentals of object-oriented specification of collective behaviors are considered. It is shown that incremental derivation of operational models can be supported by a design methodology with a firm theoretical foundation, and that formal reasoning on behavioral properties is possible already in early stages of specification.

Towards programming with knowledge expressions

Explicit use of knowledge expressions in the design of distributed algorithms is explored. A non-trivial case study is carried through, illustrating the facilities that a design language could have for setting and deleting the knowledge that the processes possess about the global state and about the knowledge of other processes. No implicit capabilities for logical reasoning are assumed. A language basis is used that allows common knowledge not only by an eager protocol but also in the true sense. The observation is made that the distinction between these two kinds of common knowledge can be associated with the level of abstraction: true common knowledge of higher levels of abstraction: true common knowledge of higher levels can be implemented as eager common knowledge on lower levels. A knowledge-motivated abstraction tool is therefore suggested to be useful in supporting stepwise refinement of distributed algorithms.

Action system approach to the specification and design of distributed systems

in temporal logic [24, 25] or in the logic developed for Unity [10]. External interactions are also modeled as joint actions, without committing to specific communication events between the system and its environment. This means that a joint action system is a closed system containing also a model of its environment. This has an effect on modularity, as will be seen below. For the design process joint action systems provide a framework for stepwise derivation. The initial action system with which this process starts should be simple. Fortunately, the natural ways of structuring action systems support a layered introduction of properties. Bias towards machine architecture or communication primitives does not belong to the initial system, even if the eventual answers to such questions were known from the beginning. No harm is caused at this level by wasteful computations allowed by nondeterminism. Furthermore, the granularity of atomic actions can be coarser than would be feasible in a distributed implementation. Together with independence of communication mechanisms this helps in the avoidance of subtle timing errors. The initial action system is the first baseline for the design process. Being amenable to both formal analysis and experimentation (by simulation and animation), it can be subjected to extensive verification and validation. From this stage the design proceeds by transformations that • refine the atomicity of actions,

Hybrid Models with Fairness and Distributed Clocks

Explicit clocks provide a well-known possibility to introduce time into non-real-time theories of reactive systems. This technique is applied here to an approach where distributed systems are modeled with temporal logic of actions as the formal basis, and fairness as the basic force that makes events take place. The focus of the paper is on the formalization and practical proof of hybrid properties of the form “at every moment of time t, Φ(t) holds for X,” where X is a set of objects with distributed clocks, and Φ is a predicate that depends both on the discrete states of x e X and on time t. The approach is illustrated by a treatment of two well-known examples from the hybrid system literature.

Real time: further misconceptions (or half-truths) [real-time systems]

J.A. Stankovic (see ibid., vol. 21, no. 10, p. 10-19, 1988) analyzed some common misconceptions about real-time computing. His analysis addressed the very notion of real-time computing and touched upon the applicability of concepts that have proven useful in nonreal-time modeling of reactive systems, such as interleaving models, nondeterminism, and fairness. From his viewpoint, such concepts are no longer appropriate when real time is a concern, and a new set of abstractions must be devised. The author addresses these issues from the viewpoint of theories and formal modeling. By analyzing some common sources of misunderstanding, he shows that some common statements about real-time modeling are unjustified, or express only half-truths. A potential source for misunderstanding Is the restricted practical interpretation of theoretical notions. With limited experience in using theories of computation, we can easily mistake a theoretical construct for the reality of a program. As pointed out by Stankovic, the special role of time in real-time systems easily leads to incompatibilities between nonreal-time and real-time models. There are approaches where the transition from nontimed to timed models is smooth, however, and where the above theoretical notions are also meaningful in the presence of metric time. Since specification and design of real-time systems may involve both nontimed and timed levels of abstraction, the compatibility of these levels seems important. >

Operational specification with joint actions: serializable databases

SummaryJoint actions are introduced as a language basis for operational specification of reactive systems. Joint action systems are closed systems with no communication primitives. Their nondeterministic execution model is based on multi-party actions without an explicit control flow, and they are amenable for stepwise derivation by superposition. The approach is demonstrated by deriving a specification for serializable databases in simple derivation steps. Two different implementation strategies are imposed on this as further derivations. One of the strategies is two-phase locking, for which a separate implementation is given and proved correct. The other is multiversion timestamp ordering, for which the derivation itself is an implementation.