Foundations of timed concurrent constraint programming

ACM Transactions on Computational Logic, 2004

A temporal logic is presented for reasoning about the correctness of timed concurrent constraint programs. The logic is based on modalities which allow one to specify what a process produces as a reaction to what its environment inputs. These modalities provide an assumption/commitment style of specification which allows a sound and complete compositional axiomatization of the reactive behavior of timed concurrent constraint programs.

Formal Aspects of Computing, 2009

Following the trend to combine techniques to cover several facets of the development of modern systems, an integration of Z and CSP, called Circus , has been proposed as a refinement language; its relational model, based on the unifying theories of programming (UTP), justifies refinement in the context of both Z and CSP. In this paper, we introduce Circus Time , a timed extension of Circus , and present a new UTP time theory, which we use to give semantics to Circus Time and to validate some of its laws. In addition, we provide a framework for validation of timed programs based on FDR, the CSP model-checker. In this technique, a syntactic transformation strategy is used to split a timed program into two parallel components: an untimed program that uses timer events, and a collection of timers. We show that, with the timer events, it is possible to reason about time properties in the untimed language, and so, using FDR. Soundness is established using a Galois connection between the u...

2002

The tcc model is a formalism for reactive concurrent constraint programming. We present a model of temporal concurrent constraint programming which adds to tcc the capability of modeling asynchronous and nondeterministic timed behavior. We call this tcc extension the ntcc calculus. We also give a denotational semantics for the strongestpostcondition of ntcc processes and, based on this semantics, we develop a proof system for linear-temporal properties of these processes. The expressiveness of ntcc is illustrated by modeling cells, timed systems such as RCX controllers, multi-agent systems such as the Predator/Prey game, and musical applications such as generation of rhythms patterns and controlled improvisation.

1999

Abstract A specification formalism for reactive systems defines a class of!-languages. We call a specification formalism fully decidable if it is constructively closed under boolean operations and has a decidable satisfiability nonemptiness problem. There are two important, robust classes of!-languages that are definable by fully decidable formalisms. The!-regular languages are definable by finite automata, or equivalently, by the Sequential Calculus.

1995

We extend the model of SJG94b] to express strong timeouts (and pre-emption): if an event A does not happen through time t, cause event B to happen at time t. Such constructs arise naturally in practice (e.g. in modeling transistors) and are supported in languages such as Esterel (through instantaneous watchdogs) and Lustre (through the \current" operator).

Computer Aided Verification, 2018

Asynchronous interactions are ubiquitous in computing systems and complicate design and programming. Automatic construction of asynchronous programs from specifications ("synthesis") could ease the difficulty, but known methods are complex, and intractable in practice. This work develops substantially simpler synthesis methods. A direct, exponentially more compact automaton construction is formulated for the reduction of asynchronous to synchronous synthesis. Experiments with a prototype implementation of the new method demonstrate feasibility. Furthermore, it is shown that for several useful classes of temporal properties, automaton-based methods can be avoided altogether and replaced with simpler Boolean constraint solving.

Lecture Notes in Computer Science, 1996

Concurrent constraint programming is classically based on asynchronous communication via a shared store. Synchrony can be achieved by forcing concurrently running ask and tell primitives to synchronise on \new common information". This paper outlines this framework, called Scc, and develops an algebraic semantics for it. The Scc framework is shown to share similarities with both the traditional concurrent constraint setting and algebraic languages like CCS but also to have major di erences which requires the use of new techniques in formulating the algebraic semantics. Among these are the introduction of an auxiliary communication operator to handle the treatment of synchrony and the extension of the concept of cylindric algebras by allowing the hiding of the empty set of variables in order to permit local computations. More importantly, new axioms have been introduced to describe our variants of the tell and ask primitives. The algebraic semantics is proved to be sound and complete with respect to a compositional operational semantics which is also presented in the paper.

Theoretical Computer Science, 1995

A simple and elegant formulation of compositional proof systems for concurrent programs results from a refinement of temporal logic semantics. The refined temporal language we propose is closed under w-stuttering and, thus, provides a fully abstract semantics with respect to some chosen observation level w. This avoids incorporating irrelevant detail in the temporal semantics of parallel programs. Besides compositional verification, concurrent program design and implementation of a coarser-grained program by a finer-grained one, are easily practicable in the setting of the new temporal logic.

2000

When verifying concurrent systems described by transition systems, state explosion is one of the most serious problems. If quantitative temporal information (expressed by clock ticks) is considered, state explosion is even more serious. We present a notion of abstraction of transition systems, where the abstraction is driven by the formulae of a quantitative temporal logic, called qu-mu-calculus, defined in the paper. The abstraction is based on a notion of bisimulation equivalence, called ρ, n -equivalence, where ρ is a set of actions and n is a natural number. It is proved that two transition systems are ρ, n -equivalent iff they give the same truth value to all qu-mu-calculus formulae such that the actions occurring in the modal operators are contained in ρ, and with time constraints whose values are less than or equal to n. We present a non-standard (abstract) semantics for a timed process algebra able to produce reduced transition systems for checking formulae. The abstract semantics, parametric with respect to a set ρ of actions and a natural number n, produces a reduced transition system ρ, nequivalent to the standard one. A transformational method is also defined, by means of which it is possible to syntactically transform a program into a smaller one, still preserving ρ, n -equivalence.

Journal of Symbolic Computation, 1996

Synchronous programming (Berry (1989)) is a powerful approach to programming reactive systems. Following the idea that \processes are relations extended over time" (Abramsky (1993)), we propose a simple but powerful model for timed, determinate computation, extending the closure-operator model for untimed concurrent constraint programming (CCP). In (Saraswat et al. 1994a) we had proposed a model for this called tcc| here we extend the model of tcc to express strong time-outs: if an event A does not happen through time t, cause event B to happen at time t. Such constructs arise naturally in practice (e.g. in modeling transistors) and are supported in synchronous programming languages. The fundamental conceptual di culty posed by these operations is that they are nonmonotonic. We provide a compositional semantics to the non-monotonic version of concurrent constraint programming (Default cc) obtained by changing the underlying logic from intuitionistic logic to Reiter's default logic. This allows us to use the same construction (uniform extension through time) to develop Timed Default cc as we had used to develop tcc from cc. Indeed the smooth embedding of cc processes into Default cc processes lifts to a smooth embedding of tcc processes into Timed Default cc processes. We identify a basic set of combinators (that constitute the Timed Default cc programming framework), and provide a constructive operational semantics (implemented by us as an interpreter) for which the model is fully abstract. We show that the model is expressive by de ning combinators from the synchronous languages. We show that Timed Default cc is compositional and supports the properties of multiform time, orthogonal preemption and executable speci cations. In addition, Timed Default cc programs can be read as logical formulas (in an intuitionistic temporal logic) | we show that this logic is sound and complete for reasoning about (in)equivalence of Timed Default cc programs. Like the synchronouslanguages, Timed Default cc programscan be compiled into nite state automata. In addition, the translation can be speci ed compositionally. This enables separate compilation of Timed Default cc programs and run-time tradeo s between partial compilation and interpretation. A preliminary version of this paper was published as (Saraswat et al. 1995). Here we present a complete treatment of hiding, along with a detailed treatment of the model.

We introduce the Universal Timed Concurrent Constraint Programming (utcc) process calculus; a generalisation of Timed Concurrent Constraint Programming. The utcc calculus allows for the specification of mobile behaviours in the sense of Milner's π-calculus: Generation and communication of private links. We first endow utcc with an operational semantics and then with a symbolic semantics to deal with problematic operational aspects involving infinitely many substitutions and divergent internal computations. The novelty of the symbolic semantics is to use temporal constraints to represent finitely infinitely-many substitutions. We also show that utcc has a strong connection with Pnueli's Temporal Logic. This connection can be used to prove reachability properties of utcc processes. As a compelling example, we use utcc to exhibit the secrecy flaw of the Needham-Schroeder security protocol.

1998

The-calculus is a formal model of concurrent computation based on the notion of naming. It has an important role to play in the search for more abstract theories of concurrent and communicating systems. In this paper we augment the-calculus with a constraint store and add the notion of constraint agent to the standard-calculus concept of agent. We call this extension the +-calculus. We also extend the notion of barbed bisimulation to de ne behavioral equivalence for the +-calculus and use it to characterize some equivalent behaviors derived from constraint agents. The paper discusses examples of the extended calculus showing the transparent i n teraction of constraints and communicating processes.

International Journal on Software Tools for Technology Transfer, 2006

The aim of this work is to provide a formal foundation for the unambiguous description of real-time, reactive, embedded systems in UML. For this application domain, we define the meaning of basic class diagrams where the behavior of objects is described by state machines. These reactive objects may communicate by means of asynchronous signals and synchronous operation calls. The notion of a thread of control is captured by a so-called activity group, i.e., a set of objects which contains exactly one active object and where at most one object may be executing. Explicit timing is realized via local clocks and an urgency predicate on transitions. We define a formal semantics for this kernel language, list a number of questions that arose, and discuss the decisions taken. The resulting semantics has been defined in the typed logic of the interactive theorem prover PVS, thus enabling formal verification based on this semantics.

Theory and Practice of Logic Programming, 2006

The language Timed Concurrent Constraint (tccp) is the extension over time of the Concurrent Constraint Programming (cc) paradigm that allows us to specify concurrent systems where timing is critical, for example reactive systems. Systems which may have an infinite number of states can be specified in tccp. Model checking is a technique which is able to verify finite-state systems with a huge number of states in an automatic way. In the last years several studies have investigated how to extend model checking techniques to systems with an infinite number of states. In this paper we propose an approach which exploits the computation model of tccp. Constraint based computations allow us to define a methodology for applying a model checking algorithm to (a class of) infinite-state systems. We extend the classical algorithm of model checking for LTL to a specific logic defined for the verification of tccp and to the tccp Structure which we define in this work for modeling the program be...

Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages - POPL '95, 1995

We extend the model of [VRV94] to express strong time-outs (and pre-emption): if an event A does not happen through time t, cause event B to happen at time t. Such constructs arise naturally in practice (e.g. in modeling transistors) and are supported in languages such as ESTEREL (through instantaneous watchdogs) and LUSTRE (through the "current" operator). The fundamental conceptual difficulty posed by these operators is that they are non-monotonic. We provide a simple compositional semantics to the non-monotonic version of concurrent constraint programming (CCP) obtained by changing the underlying logic from intuitionistic logic to Reiter's default logic [Rei80]. This allows us to use the same construction (uniform extension through time) to develop Default Timed CCP (Default tcc) as we had used to develop Timed CCP (tcc) from CCP [VRV94]. Indeed the smooth embedding of CCP processes into Default cc processes lifts to a smooth embedding of tcc processes into Default tcc processes. Interesting tcc properties such as determinacy, multi-form time, a uniform pre-emption construct ("clock"), full-abstraction, and compositional compilation into automata are preserved. Default tcc thus provides a simple and natural (denotational) model capable of representing the full range of pre-emption constructs supported in ESTEREL, LUSTRE and other synchronous programming languages.