A DENOTATIONAL SEMANTICS FOR RTPA

Xinming Tan and Yingxu Wang Theoretical and Empirical Software Engineering Research Centre

Department of Electrical and Computer Engineering University of Calgary

2500 University Drive NW, Calgary, Alberta, Canada T2N 1N4 email: {xintan, yingxu}@ucalgary.ca

Abstract Real-Time Process Algebra (RTPA) is designed to deal

with a rich set of fundamental real-time processes such as timing, interrupt, concurrency, and event/time-driven. Some of the RTPA processes cannot be described adequately in conventional denotational semantics paradigms. This paper develops a new framework for modeling time and processes in order to represent RTPA in denotational semantics.

Within this framework, time is modeled by elapse of process execution. The process environment encompasses states of all variables, represented as mathematical maps, which project variables to their corresponding values. Duration is introduced as a pair of time interval and the environment to represent the process environment change during a time interval. Temporal ordered durations and operations on them are used to denote process executions. With all these means, the semantics of RTPA processes of timing, interrupt, concurrency, event/time-driven, and traditional sequential processes can be formally expressed.

Keywords: Software engineering; formal methods; formal semantics; RTPA; real-time systems.

1. Introduction

The Real-Time Process Algebra (RTPA) is a mathematics-based notation system for the specification and refinement of real-time and safety-critical systems [1]. As an extension of CSP [2], RTPA has a rich set of process notations, including timing, interrupt, concurrency, event/time-driven, which cannot be described adequately in conventional denotational semantics paradigms [2-4, 7-8]. This paper develops a new framework for modeling time and processes. Within this framework, time is modeled by elapse of process execution and process is modeled by temporal ordered duration sequence. With this model, the semantics of RTPA processes of timing, interrupt, concurrency, event/time-driven, and traditional sequential processes can be formally expressed.

In this paper, an abstract syntax of RTPA is presented. The system environments are introduced to describe instantaneous behaviors of processes and durations. Temporal ordered duration sequences are introduced to present the time order of processes behaviors. Then the semantics of RTPA is denoted by temporal ordered duration sequences.

2. The Abstract Syntax of RTPA

In the denotational semantics, the abstract syntax of RTPA is defined with three syntactic categories, namely variable, expression, and process.

2.1. Variables

RTPA uses identifiers with type suffixes as different type variables. In the definition of the abstract syntax of RTPA, the following conventions are adopted:

(1) When the type of a variable is not a concern, x is used to represent the variable;

(2) @e is used for event variable; while ptr for pointer variable, t for time variable, and id for name (string) variable;

(3) Integer subscripts are added when multiply variables are needed.

- The set of all variables; x, @e, ptr, t, id . (1)

2.2. Expressions

All kinds of conventional expressions, such as arithmetical, Boolean, relational, etc., are included but their formations are not specified here to save the space. Only RTPA specific expressions are explicitly defined here. Refer to [6] for a detailed discussion on the concrete syntax of RTPA.

- The set of all expressions; e . (2) e ::= Mem(ptr) | Mem( ) | Port(ptr) | §t | §t+ n | … (3)

Where is type suffix, Mem indicates memory area, Port indicates I/O ports, and §t stands for system time in RTPA.

2.3. Processes

RTPA has seventeen meta-processes and seventeen process relations.

- The set of all RTPA processes; P, Q . (4) P ::= x:=e | e | id Mem(ptr) | id Mem(ptr) | id Mem( ) |

Mem(p) x | x Mem(p) | Port(p) | x | x| Port(p) | @t=§t |

@t=§t+ n | (n) | (n) | !(@e) | | | §(id) | P Q |

(?e=T P|~ Q) | (?e=1 P1|2 P2|…|~ Q) | P Q | P P |

P||Q | P Q | P|||Q | P Q | @t P | @e P | @i P | P Q | P Q |

0-7803-8886-0/05/$20.00 ©2005 IEEECCECE/CCGEI, Saskatoon, May 2005

2057

F

e TR=

(P) | 1

n

iR=

(P(i)) | PF

e TR=

(P) (5)

3. Semantic Domains of RTPA

In order to give a denotational semantics to RTPA, five major domains, namely , , , , and , apart from the three syntactic domains are introduced. We also use some other discrete domains in the discussion.

3.1. Variables and Values

Since RTPA use different type variables, a specific value domain should be used for each type of variables. These value domains are called small value domains in this paper to be distinguished from the domain . It is worth to note that all theses small value domains are discrete domains. Here is some small value domains needed in the discussion in this paper:

- Boolean values; = {true, false, }. - Natural numbers; n .+ - Non-negative real numbers; r +. - Values for event variables; = {signal, unsignal, }.

- Values for pointer variables. Therefore, the domain is a domain sum of different

particular small value domains [3]. - Domain of all possible values; v . (6) = + + + + … (7)

Fortunately, in this paper, it can be easily understand from the context which small value domain are in use so we do not need to explicitly present the values in in domain sum format as a pair of an index in the sum and a value of the corresponding small value domain.

3.2. Environments

An environment, which records the current states of the variables of a process, is a map from variables to values. A map is a table-like structure, very similar to a function, which maps values of one type into values of another type [5].

= m

⎯⎯→ ; . (8)

For : m

⎯⎯→ ,m

⎯⎯→ is a map type while is a map.

The empty map is denoted as [], which is the bottem of .(x) is called the application of to x, if x v belongs to then (x) = v. Suppose = [x1 1, x2 3, x3 5], the domain of ,

written as dom , is {x1, x2, x3}; the range of , written as rng ,is {1, 3, 5}. The following three operations are needed for the discussion in the latter part of the paper.

1) Override operation, which is standard map operation [5], puts those mappings unique to the first argument and the whole mappings of the second argument together as the result.

† : ×1 † 2 = [x v | x dom 1 x dom 2 1(x)=v

x dom 2 2(x)=v] (9)

2) Advance operation increases all the time variables in an environment by a given number.

+ : × +

+ r = † [t (t) + r | t dom ] (10) 3) Retreat operation decreases all the time variables in an

environment by a given number. If the given number is greater than the least value holding by any time variable in the environment, the result of the operation is the same as decrease by that least value.

- : × +

- r = † [t (t) - r | t dom (t) – r 0] (11)

3.3. Durations

Duration is a pair of an interval and an environment, which records the activities happening in the interval.

- Intervals; i , [a,b) , a,b +. (12) The least observable interval used in defining the semantics

is a unit interval [a, b) such that b - a = 1 (time unit). This corresponds to the time model assumption for RTPA processes that the least time elapse for a RTPA meta-process execution is one time unit.

= × , d . (13) For a duration d = (i, ) = ([a,b), ), define following

operations: inv(d) = i = [a,b); begin(d) = a; end(d) = b; env(d) = ;advance(d, r) = d + r = (i+r, +r) = ([a+r, b+r), +r); retreat(d, r) = d - r = (i-r, -r) = ([a-r, b-r), -r), a r. (14)

3.4. Temporal Ordered Duration Sequences * is used to denote duration sequences. <> is the empty

sequence. A n durations sequence consisting of durations d1,d2,…, dn is denoted as <d1>^< d2>^…^< dn> or < d1, d2,…, dn>.

A duration sequence <d1>^< d2>^…^< dn> is in temporal order iff end(dk) = begin(dk+1) for all k = 1, …, n-1.

- Temporal ordered duration sequences; *, c . (15) For c = < d1, d2,…, dn >, define

head(c) = d1;tail(c) = < d2,…, dn >; front(c) = < d1, d2,…, dn-1 >;back(c) = dn;first(c) = begin(d1); last(c) = end(dn). (16)

For c = <>, all of these operations are undefined (with the value ).

We also introduce following operations on :1) Advance operation moves a temporal ordered duration

sequence forward with a given number of time units. + : × +

<> + r = <> <d> ^ c + r = <d + r> ^ (c + r) (17)

2058

2) Retreat operation moves a temporal ordered duration sequence backward with a given number of time units.

- : × +

<> - r = <> <d> ^ c - r = <d - r> ^ (c – r) (18)

3) Cut off right operation cuts off the right part of a temporal ordered duration sequence before a given time point.

: × +

<> r = <> c r = <> begin(c) < r c1 ^ c2 r = c1 end(c1) = r (19)

4) Cut off left operation cuts off the right part of a temporal ordered duration sequence before a given time point.

: × +

<> r = <> c r = <> end(c) < r c1 ^ c2 r = c2 begin(c2) = r (20)

5) Follow operation puts two temporal ordered duration sequences in temporal order.

: × <> c = <> <d> ^ c <> = <d> ^ c c1 ^ <d1> <d2> ^ c2 = c1 ^ <d1> ^

(<d2> ^ c2 + end(d1) – begin(d2)) (21)

3.5. Process Executions

A temporal ordered duration sequence can be considered as a denotation of one possible execution path of a process, or one computation. All the possible computations performed by a process describe the process’ behaviors so they are used as the semantics of the process.

A set ( ) is called a prefix closure if satisfies 1) <> , and 2) c1 ^ c2 c1 . (22)

- All prefix closures with set inclusion relation which has bottom {<>} and close at operation .

4. Semantic Functions of RTPA

In this section, we present the semantics for both expressions and process by three semantic functions, which specify respectively what values in the domain serve as the denotations for expressions and which objects in the domain

serve as the denotations for processes. Since this paper concentrates on relations, and some process

can be expressed with other processes, we only discuss the following processes in this paper:

P ::= | | x:=e | Mem(p) x | @t=§t+ n | !(@e) | P Q | (?e=T P|~ Q) | P P | P||Q | @t P | @e P |

P Q | F

e TR=

(P) (23)

4.1. Expression Evaluation Functions

The Boolean expression evaluation function evaluates logical expressions to Boolean values.

: Since the formation of RTPA logical expression is not given

in this paper, we cannot elaborate the function definition in details.

The general expression evaluation function evaluates all kinds of expressions to values in . As the same reason as above, we can only explain the meaning of here informally.

: x ( ) = (x); e ( ) follows the traditional convention if e is regular expression,

such as arithmetic, Boolean, relational or expression; Mem(ptr) ( ) gives an object of type located at the position

pointed by ptr; §t+ n ( ) = (n). Since the system time is determined by

durations, which is discussed in the following section.

4.2. Process Functions

The process function describes when a process runs under a given environment, what are its behaviors.

: The process function is defined inductively on process

syntactic formation. 1) ( ) {<>} (24) It tells us that no activities can be observed from the stop

process. 2) ( ) {<>} {<([0, 1), )>} (25) The skip process takes one time unit and does not change the

environment. 3) x:=e ( ) {<>} {<([0, 1), †[x e ( )])>} (26) The assignment process changes the value of the left

variable of the assignment. 4) Mem(p) x ( ) {<>}

{<([0, 1), †[x Mem(p) ( )])>} (27) The read process reads a object prescribed by Mem(p)

( ) into variable x. 5) @t=§t+ n ( ) {<>}

{<([0, 1), †[t §t+ n ( )])>} (28) The system time is specified by the intervals in the temporal

ordered duration sequences. The value of t is the beginning of the interval plus the increment.

6) !(@e) ( ) {<>} 1n

∞

={<([0, n), †[@e unsignal]),

([n, n+1), †[@e signal]), ([n+1, n+2), †[@e unsignal])>} (29)

The event rising in the exception detection process tries to synchronize with the event waiting in an event-driven process on the same event variable. So event variables are used as mutual exclusion and synchronization mechanism in defining the semantics of parallel process.

7) P Q ( ) {c1 c2 | c1 P ( )

2059

c2 Q (env(back(c1)))} (30) The system time accumulates as temporal ordered duration

sequences extend. By introduce the follow operator, we can define the sequence relation in a different look but equivalent way which can help us deal with the iteration and recursive processes.

; : ( )2

(f;g)( ) = { c1 c2 | c1 f( ) c2 g(env(back(c1)))} (31) Using the follow operator, we get

P Q ( ) ( P ; Q )( ) (32) 8) In order to define the semantics of the branch process, we

define the condition operator first. cond : ( ) × ( )2

cond(b, f, g)( ) = f( ) b( ) = true; cond(b, f, g)( ) = g( ) b( ) = false; cond(b, f, g)( ) = {<>} b( ) = . (33)

Therefore, ?e=T P|?~ Q ( ) cond( e , P , Q )( ) (34)

9) With the condition and follow operator, the while process can be described in this way

F

e TR=

(P) ( ) cond( e , P ;F

e TR=

(P) , )( ) (35)

Since it is a recursive definition, the least fixed point operator fix is used to define the semantics.

W : ( )W( ) = cond( e , P ; , ) (36)

F

e TR=

(P) ( ) fix(W)( ) (37)

The use of the least fixed point operator can be justified by the fact that all functions over defined here are continuous functions.

10) Similarly, the recursion process is defined as follows: P P ( ) fix(W)( ) (38)

W : ( )W( ) = P ; (39)

11) The time-driven process will wait until the timeout to perform process P.

@t P ( ) { c1 c2 | c1 {<>} ( )

1

t

n

ρ

={<([0, n), )>}

c2 P (env(back(c1)))} (40) 12) The event-driven process will wait until the rising of

event @e to perform process P. @e P ( ) ( !(@e) ; P )( ) (41)

Waiting on multiple events becomes

@e1 P1|@e2 P2|…|@en Pn ( )1

n

k =@ek Pk ( ) (42)

13) The parallel process P||Q ( ) {c | r + •

c r P ( ) c Q ( )c P ( ) c r Q ( )} (43)

This definition eliminates any simultaneously assignments to those common variables in both process P and Q, which is a requirement in almost all concurrent programs.

14) The interrupt process P Q ( ) P ( ) { c | r1, r2

+ •(c r1) (c r2) P ( )((c r2) r1 ) - r1 Q (env(back(c r1)))} (44)

This requires process Q does not change the common variables of both process P and Q. Again this is quite common for interrupt service routines in most real-time systems.

5. Conclusions

A denotational semantics of RTPA based on temporal ordered duration sequences has been defined. Using the temporal order duration sequence, instantaneous behaviors of processes at each time point have been captured by the environment. This work has provided a unified model for denoting both concurrent and sequential processes required by RTPA. With this approach, RTPA processes of timing, interrupt, concurrency, and event/time-driven can be formally expressed.

Acknowledgements

The authors would like to acknowledge the Natural Science and Engineering Council of Canada (NSERC) for its support to this work. We would like to thank the anonymous reviewers for their valuable comments and suggestions.

References

[1] Y. Wang, “The Real-Time Process Algebra (RTPA),” The International Journal of Annals of Software Engineering,vol. 14, pp. 235-274, October, 2002.

[2] Hoare, C.A.R., COMMUNICATING SEQUENTIAL PROCESSES. Prentice Hall International, 1985.

[3] Schneider, S., CONCURRENT AND REAL-TIME SYSTEMS: THE CSP APPROACH. Wiley, 2000.

[4] Winskel, G., THE FORMAL SEMANTICS OF PROGRAMMING LANGUAGES. MIT Press, 1993.

[5] The RAISE Language Group, THE RAISE SPECIFICATION LANGUAGE. Prentice Hall International, 1992.

[6] X. Tan, Y. Wang, and C.F. Ngolah, “Specification of the RTPA Grammar and Its Recognition,” Proc. of the 2004 IEEE International Conference on Cognitive Informatics (ICCI'04), IEEE CS Press, Canada, pp. 54-63, August, 2004.

[7] Y. Wang, “On the Informatics Laws and Deductive Semantics of Software,” IEEE Transactions on Systems, Man, and Cybernetics, to appear.

[8] Y. Wang, “On Mathematical Laws of Software,” Proc. of the 18th IEEE Canadian Conference on Electrical and Computer Engineering (CCECE'05), Saskatoon, Canada, May, 2005, to appear.

2060