Hoare vs. Milner: Comparing Synchronizations in a Graphical Framework With Mobility

1GT-VC 2005, San Francisco, August 22, 2005

Ugo MontanariUniversità di Pisa

Ivan LaneseUniversità di Pisa

Hoare vs. Milner: Comparing Synchronizationsin a Graphical Framework With Mobility

in collaboration with

Outline

Graphical Calculi for Distributed Systems

Synchronized Edge Replacement Systems

Mobility

Hoare and Milner Synchronization, with Fusion

Direct Comparison

Comparison with Translations

Conclusions and Future Work

Outline

Mobility

Direct Comparison

Graphical Approach to Distributed Systems

Motivations:

Intuitive representation of distribution

Natural concurrent semantics

No need of structural axioms

Existing modeling languages, e.g. UML

Applications to software architectures and ADL’s

Well-developed foundations

Graph vs. Term Transformations

TermsTerms

– LTS defined via SOS rules

– Reduction rules

– Abstract semantics

– Non-interleaving semantics

GraphsGraphs

– Double-pushout derivations

– Concurrent semantics based on shift equivalence

– Synchronized (hyper)edge replacement

(Hyper)Graphs

Edge: Atomic item with a label from alphabet LE= {LEn}n=0,1,… with as many

(ordered) tentacles as the rank of its label.

Graph: A set of nodes and a set of edges such that each edgeis connected, by its tentacles, to its attachment nodes. A set of external nodes, identified by distinct names, defines the connecting points with the environment.

A Notation For Graphs

Edge: Atomic item with a label from alphabet LE= {LEn}n=0,1,… with as many

(ordered) tentacles as the rank of its label.

Graph: A set of nodes and a set of edges such that each edgeis connected, by its tentacles, to its attachment nodes. A set of external nodes, identified by distinct names, defines the connecting points with the environment.

G ::= L(x) | G|G | x. G | nil

Representation of graphs as syntactic judgements

N set of names

G set of edges

binds as usual

Well formed judgements for graphs

Structural Axioms

(AG5) x.G = G if x fn(G)

(AG1) (G1|G2)|G3 = G1|(G2|G3) (AG2) G1|G2 = G2|G1

(AG3) G1| nil = G1 (AG4) x.y.G = y.x.G

(AG6) x.G = y.G {y/x} if y fn(G)

(AG7) x.(G1|G2 ) = (x. G1) | G2 if x fn(G2)

Well formed judgements for graphs

x1,…,xn nil(RG2)

x1,…,xn L(y1,…,ym)

L LEm yi {xj}

(RG3) G1 G2

Syntactic Rules

(RG4), x G

x,y z, w. C(x,w) | C(w,y) | C (y,z) | C(z,x)

Ring Example

Outline

Mobility

Direct Comparison

Edge Replacement Systems

Productions: A context free production rewrites a single edge labeled by L into an arbitrary graph R. (Notation: L R)

2 3 4H

Edge Replacement Systems

Productions: A context free production rewrites a single edge labeled by L into an arbitrary graph R. (Notation: L R)

Rewritings of different edges can be executed concurrently

Synchronized Edge Replacement

Synchronized rewriting: Actions are associated to nodes in

productions. Each rewrite of an edge must match actions with (a

number of) its adjacent edges and they have to move simultaneously

How many edges synchronize depends

on the synchronization policy

Synchronized rewriting propagates synchronization

all over the graph

Synchronized Edge Replacement

Hoare Synchronization: All adjacent edges must match the actions on the shared node

Milner Synchronization: Only two of the adjacent edges synchronize by matching their complementary actions

Hoare synchronization

Outline

Mobility

Direct Comparison

Adding Mobility

Synchronized rewriting with name mobility

– Add to an action in a node a tuple of names that it wants to

communicate

– The synchronization step has to match actions and tuples

– The declared names that were matched are used to

merge the corresponding nodes

a< x > a < y >

( x ) ( y )

a<x> = a<y>

a<x> a<y>

Transitions as Judgements

Formalization of synchronized rewriting as judgementsTransitions

G1 , G2

: (A x N* ) (x, a , y) if (x) = (a , y)

is the set of new names that are used in synchronization

= {z | x. (x) = (a , y), z , z set(y)}

Transitions as Judgements

Formalization of synchronized rewriting as judgements

Derivations

0 G0 1 G1 … n Gn

x1,…,xn L(x1,…,xn) x1,…,xn , G

Productions

Free names can: i) be added to productions; and ii) renaming is possible

Transitions are generated from the productions by applying the transition rules of the chosen synchronization mechanism

Synchronization via Unification

Hoare synchronization

On each node all edges must have the same action

Synchronization is possible if there is a most general unifier of the new nodes

For any R x A x N* (not necessarily a partial function)

(R): n(R) is the mgu of equations (a= b) (Y = Z)

with (x,a,Y) and (x,b,Z) in R where (as usual)

= {z | (x,a,Y) R, z set(Y), z }

Example

x CBrother

CC CBrother Brother

(4)(3)(2)(1)

Initial Graph

Brother:

Star Rec.S

Star Reconfiguration:

Synchronization via Unification

Milner synchronization

On each node at most two edges must have actions, and in this case they must be complementary

Synchronization is possible if there is a most general unifier of the new nodes

Adding Fusion

Synchronized rewriting with mobility and fusion

G1 , G2

: (A x N* ) (x,a,yy) if (x) = (a, yy)

: idempotent n() = { z | x. (x)=(a,yy), z Set(yy) } = n() \ = +

Outline

Mobility

Direct Comparison

Rewriting Rules, Hoare Synchronization I

Rewriting Rules, Hoare Synchronization II

Rewriting Rules, Milner Synchronization I

Rewriting Rules, Milner Synchronization II

Related Work

Grammars for distributed systems

[Castellani and Montanari, LNCS 1953, 1982], [Degano and Montanari, JACM 1987]

Graph amalgamation

[Boehm, Fonio and Habel, JCSS, 1987] CHARM (R for restriction)

[Corradini, Montanari and Rossi, TCS 1994] Mobile version (w. applications to software architectures, only -I-like

mobility, Hoare synchronization)

[Hirsch and Montanari, Coordination 2000] Modeling -calculus (Milner synchronization)

[Hirsch and Montanari, Concur 2001] Modeling Ambient calculus [Ferrari, Montanari and Tuosto, ICTCS 2001] Modeling Fusion calculus [Lanese and Montanari, to appear in TCS]

Outline

Mobility

Direct Comparison

Expressiveness Measure

(S1,C1) ≥ (S2,C2)

(i.e. style S1 is more expressive than style S2)

iff there exists a uniform simulation function f such that for all P and G

C2-behavS2(P)(G) = C1-behavS1(f(P))(G)

C-behavS(P)(G) = reachable graphs

1 : one-step computationsmax: maximal computationsall: all computations synchronization style: H, M

set of productions

initial graph

Hoare and Milner, Direct Comparison, I

(Milner,C1) ≥ (Hoare,C2) for all C1 and C2

i.e. Hoare cannot be uniformely simulated by Milner

The reason is that Milner synchronization style is

monotone, i.e. in a Milner computation we can always

add to a graph an additional part which stays idle,

while Hoare style is not monotone

Hoare and Milner, Direct Comparison, II

(Hoare,C1) ≥ (Milner,C2) for all C1 and C2

i.e. Milner cannot be uniformely simulated by Hoare

The reason is that in Hoare synchronization style

restriction just hides part of the observation, while in

Milner style restriction may forbid computations

Outline

Mobility

Direct Comparison

Translation via Amoeboids

Amoeboids are graphs with suitable edge labels and

corresponding productions which simulate the

behavior of nodes in a different synchronization style

Function [[-]] replaces nodes with amoeboids while

function [[-]]-1 replaces amoeboids with nodes.

We always have that [[([[G]])]]-1 = G

Implementing Hoare with Milner

H-amoeboids implement broadcasting. C-amoeboids

saturate nodes with less than 3 tentacles. We have

rules for every action a (here with arity 2).

We have C-behavH(P)(G) = [[C-behavM(f(P))([[G]])]]-1

Implementing Milner with Hoare

M-amoeboids implement routing. We have rules for every action a

and two analogous productions for synchronizing x with z and y

with z.

We have only

C-behavM(P)(G) [[C-behavH(f(P))([[G]])]]-1

since the amoeboids can also synchronize several pairs in parallel.

Outline

Mobility

Direct Comparison

Graph models with synchronized hyperedge replacement allow for more general

synchronization mechanisms than ordinary process algebras, e.g. processes can

synchronize at more than one channel and with more than one other process.

These extensions are needed for implementing one synchronization style into another.

Reachability in Hoare/Milner synchronization styles cannot be simulated uniformely

No countexample uses mobility, and thus the expressivenesses are incomparable

even without mobility, and mobility does not bridge the gap

Distributed simulation via amoeboids of Milner style routers allows only concurrent

pairwise synchronization

Generic synchronization styles and more general notions of implementation and

refinement involving atomicity and bisimilarity can be considered: see the forthcoming

PhD thesis of Ivan Lanese

Hoare vs. Milner: Comparing Synchronizations in a Graphical Framework With Mobility

Documents

Milner 1996 Cross

Java Swing © Walter Milner 2005: Slide 1 Java Swing Walter Milner

Yuri Milner

Able Seaman MARWOOD HOARE

Abstract Hoare Logics - devel.isa-afp.org · Abstract Hoare Logics Tobias Nipkow January 20, 2021 Abstract These therories describe Hoare logics for a number of imperative language

The Milner Strategy Handbook - Milner Strategic · PDF fileThe Milner Strategy Handbook ... BCG Matrix Evaluate the product portfolio ... product. For example, tablets are replacing

Milner, CV January, 2018 1 - University of Pittsburghapp.education.pitt.edu/_upload/cv/HRichardMilner.pdfCurriculum Vitae H. Richard Milner IV ... Milner, CV January, 2018 3 ... Reviewed

Descendants of Willelmus Hoare - Pennyghael

Anders Møller Hoare Logic - Computer Science AUamoeller/talks/hoare.pdf · Program Verification with Hoare Logic 3 Hoare Logic Hoare, 1969: use Floyd’s ideas to define axiomatic

Session 2.2 Simon Milner

Hoare Logic - USTCstaff.ustc.edu.cn/~xyfeng/teaching/FOPL/lectureNotes/07_Hoare.pdf · Floyd-Hoare Logic This class is concerned with Floyd-Hoare Logic I also known just as Hoare

#5 formal methods – hoare logic

Correctly Treating Synchronizations in Compiling Fine ...zz124/pact11g2c.pdf · Correctly Treating Synchronizations in Compiling Fine-Grained SPMD-Threaded ... source code level (e.g

Hoare Examples & Proof Theory

Analysis and Modeling of False Synchronizations in 3G ...cgi.di.uoa.gr/.../45-SEC2012/SEC2012-ModelingFalseSynch3G.pdf · Analysis and Modeling of False Synchronizations in 3G-WLAN

William George Hoare - Amersham Museum · 2017. 12. 1. · 190 William George Hoare 2nd Lieutenant, 1st Battalion, Honourable Artillery Company William George Hoare was born on 21

Hoare Logic - Uppsala Universityuser.it.uu.se/~jarst116/slides/week1.pdf · Hoare Logic JariStenman February10,2012 Jari Stenman Hoare Logic February 10, 2012 1 / 25

Hoare Logic 1

Milner (2013) International Trade

Congo Mercenary Mike Hoare