Roberto Gorrieri Process Algebras for Petri Nets The Alphabetization of Distributed Systems Roberto Gorrieri Dipartimento di Informatica - Scienza e Ingegneria Università di Bologna Bologna, Italy ISSN 1431-2654 ISSN 2193-2069 (electronic ) Monographs in Theoretical Computer Science. An EATCS Series ISBN 978-3-319-55558-4 ISBN 978-3-319-55559-1 (eBook) DOI 10.1007/978-3-319-55559-1 Library of Congress Control Number: 2017936136 © Springer International Publishing AG 2017 This Springer imprint is published by Springer Nature The registered company is Springer International Publishing AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland Foreword Distributed,open-endedsystemsareubiquitousintoday’sinformationandcommu- nicationtechnology:inmostcasestheyexhibitanindependent,concurrentbehavior. Theprocessofspecification,designanddevelopmentrequiresformalmodelsable toexpressinterestingpropertiesandtoallowforefficientvalidationandverification procedures.InadditiontotheirroleasdesigntoolsinICTengineering,distributed, concurrentmodelsareverysuccessfulinformalizingkeyconceptsofbiology,eco- nomics,complexsystemsandsoon. In many cases it is convenient to develop specialized models for the classes of systemsweareinterestedin,equippedwithconvenientfeatures.Forinstance,while in all cases a formal semantics is required, there is a conflict between model ex- pressivenessandcomplexityofverificationalgorithms.Anotherimportantchoiceis betweenagraphicalmodelandatext-basedmodel,bothequippedwithobservation criteria and consequent semantics: the former is often more perspicuous, but less convenientforspecifyinglarge,modularsystemsinacompositionalway. The main achievement of this book is to present a hierarchy of six models of increasing expressiveness, each of them described both in graphical form and in textual,term-likeform.Plentyofresultsguaranteethatthereisaone-to-onecorre- spondencebetweenthetworepresentations,andthatcorrespondingformshavethe sameinterleavingandstepsemantics. In reality, graphical and textual forms are not equivalent: the former is more expressive since its semantics can be enriched with observational criteria to make certainrelevantpropertiesevident,whicharepresent,buthidden,inthelatter.For instance, the presentation in graphical form of the solution of the dining philoso- phersproblemcanbeshowntobecorrect,whilethetextualversion,oncethechoice ismadeofobservingthebehaviorsequentially,hastoorestrictedobservationcapa- bilities. In other words, as soon as the textual form is translated into the graphical form, new observation and analysis methods become applicable. Thus the transla- tion has the flavor of associating with the language a more expressive concurrent semantics. In the book, a clear choice is made about which models to handle: process de- scriptionlanguageCCSandPlace/Transition(P/T)Petrinets,withvarioussyntactic restrictions to yield the expressiveness hierarchy. Only the top level, Nonpermis- sive nets, is an extension of P/T nets: the extension is needed to achieve Turing- completeness. Ifullyagree.Thereareseveralreasonsforthechoice.CCSisequippedwitharich theory,astestifiedbyseveraltextbooksandmonographs,someofthemveryrecent. Also,CCSisthestartingpointofthemostpopularlanguageformobilesystems,i.e. π-calculus,andofitsextensionsforsecurityandservice-orientedarchitectures.P/T Petrinetswerethefirstconcurrencymodel(CarlPetri’sthesisisdated1962),and theyaremaybethemodelwiththerichesttheory,thelargestapplicationexperience andthemostextensivecollectionoftools.Furthermore,(unsafe)finiteP/Tnetshave aneasy-to-understandcyclicbehaviorwithapossiblyinfinitesetofstates,butsome importantproperties,e.g.reachability,arestilldecidable. Thetechnicalcontentofthebookisofextremelyhighquality.Actually,theau- thor personally contributed with a number of seminal, well-known papers to the historicaldevelopmentofthemainconceptsandresultsinthebook.Also,thepre- sentationofcomplexresults,whichappearedoveralargespanofyears(thebibli- ography contains about 150 citations), required a remarkable effort to make them consistent and uniform. In addition, some important results, needed to complete the full picture, are published in the book for the first time, as appropriate in a re- searchmonograph.Finally,thepresentationandjustificationoftheconceptualde- velopments and of the formal achievements is well articulated and explained, and supportedbyplentyofexamplesasrequiredinanadvancedtextbook. Thebookwillbepreciousforthoseinterestedinthetrulyconcurrentsemantics ofdistributedcommunicatingsystems.Asystemdesigner,givenaspecificationin CCS,mightwanttobetterunderstanditsbehaviorbylookingatthecorresponding net,bycheckingtherethegivenconcurrencyrequirements,andpossiblybytaking advantage of existing tools. More relevantly from a methodological point of view, acomputerscientist,aimingatstudyingaparticularclassofconcurrentdistributed systems,mightdefineaspecificationlanguagebasedonvariantsofCCSandPetri netsbyapplyingtheapproachinthebook. UgoMontanari Pisa,June2016 Contents 1 Introduction................................................... 1 1.1 TheAlphabetizationofDistributedSystems .................... 1 1.2 TheHierarchy ............................................. 6 1.3 StructureoftheBook ....................................... 8 1.4 InterleavingvsTrueConcurrency ............................. 11 1.5 BeyondTuring-Completeness ................................ 12 2 LabeledTransitionSystems ..................................... 15 2.1 LabeledTransitionSystems .................................. 15 2.2 BehavioralEquivalences..................................... 19 2.2.1 StrongEquivalences.................................. 19 2.2.2 WeakEquivalences................................... 26 2.3 StepTransitionSystems ..................................... 31 3 PetriNets ..................................................... 35 3.1 Introduction ............................................... 35 3.2 Place/TransitionPetriNets................................... 36 3.2.1 SomeClassesofPetriNets ............................ 41 3.2.2 DynamicallyReachableandStaticallyReachableSubnets .. 44 3.3 DecidableProperties........................................ 47 3.3.1 CoverabilityTree .................................... 48 3.3.2 Reachability,LivenessandDeadlock.................... 54 3.4 BehavioralEquivalences..................................... 57 3.4.1 NetIsomorphism .................................... 57 3.4.2 InterleavingSemantics................................ 58 3.4.3 StepSemantics ...................................... 64 3.5 NonpermissivePetriNets.................................... 67 3.5.1 BehavioralEquivalences .............................. 70 3.5.2 Turing-Completeness................................. 74 4 TheBasicCalculus:SFM ....................................... 77 4.1 Syntax.................................................... 77 4.2 OperationalLTSSemantics .................................. 80 4.2.1 Expressiveness ...................................... 81 4.2.2 Congruence......................................... 83 4.3 OperationalNetSemantics................................... 84 4.4 RepresentingAllSequentialFinite-StateMachines .............. 87 4.5 DenotationalNetSemantics.................................. 90 5 AddingAsynchronousParallelComposition:CFMandBPP ........ 95 5.1 CFM ..................................................... 95 5.1.1 InterleavingLTSSemantics............................ 96 5.1.2 StepSemantics ...................................... 99 5.1.3 OperationalNetSemantics ............................102 5.1.4 RepresentingAllConcurrentFinite-StateMachines .......106 5.1.5 Soundness ..........................................107 5.1.6 DenotationalNetSemantics ...........................108 5.2 BPP:BasicParallelProcesses ................................110 5.2.1 Expressiveness ......................................111 5.2.2 OperationalNetSemantics ............................113 5.2.3 RepresentingAllBPPNets ............................116 5.2.4 DenotationalNetSemantics ...........................118 6 AddingCommunicationandRestriction:FNC ....................121 6.1 Syntax....................................................121 6.1.1 RestrictedActionsandExtendedProcesses ..............123 6.1.2 SyntacticSubstitution ................................124 6.1.3 SequentialSubterms..................................126 6.2 OperationalLTSSemantics ..................................129 6.2.1 Expressiveness ......................................130 6.3 StepSemantics ............................................132 6.4 OperationalNetSemantics...................................134 6.4.1 PlacesandMarkings .................................134 6.4.2 NetTransitions ......................................138 6.4.3 TheReachableSubnetNet(p)..........................145 6.5 RepresentingAllFiniteCCSNets.............................147 6.6 Soundness ................................................152 6.7 DenotationalNetSemantics..................................154 6.8 RCS .....................................................166 7 AddingMulti-partyCommunication:FNM .......................169 7.1 Preliminaries ..............................................169 7.1.1 SyntaxandInformalSemantics ........................169 7.1.2 ExtendedProcessesandSequentialSubterms.............171 7.1.3 Well-FormedProcesses ...............................173 7.2 OperationalLTSSemantics ..................................175 7.2.1 Expressiveness ......................................181 7.2.2 CongruenceProblem .................................183 7.3 StepSemantics ............................................184 7.3.1 StepBisimilarityImpliesInterleavingBisimilarity ........187 7.3.2 StepBisimilarityIsaCongruence ......................191 7.4 OperationalNetSemantics...................................192 7.4.1 PlacesandMarkings .................................192 7.4.2 NetTransitions ......................................195 7.4.3 PropertiesofNetTransitions...........................196 7.4.4 TheReachableSubnetNet(p)..........................202 7.5 RepresentingAllFiniteP/TNets..............................205 7.5.1 Expressiveness ......................................211 7.6 Soundness ................................................213 7.7 DenotationalNetSemantics..................................215 7.8 RMCS....................................................223 8 AddingAtomicTestsforAbsence:NPL...........................227 8.1 Syntax....................................................227 8.2 OperationalLTSSemantics ..................................230 8.2.1 Expressiveness ......................................233 8.2.2 CongruenceProblem .................................237 8.3 StepSemantics ............................................239 8.4 OperationalNetSemantics...................................246 8.4.1 PlacesandMarkings .................................247 8.4.2 NetTransitions ......................................248 8.4.3 PropertiesofNetTransitions...........................250 8.4.4 TheReachableSubnetNet(p)..........................254 8.5 RepresentingAllFiniteNP/TNets ............................256 8.6 Soundness ................................................260 8.7 DenotationalNetSemantics..................................265 8.8 RNPL ....................................................271 9 GeneralizationsandVariantSemantics ...........................273 9.1 CommunicatingPetriNets ...................................273 9.2 VariantNetSemantics.......................................275 9.3 GeneralRestriction .........................................277 9.4 AsynchronousCommunication ...............................282 9.5 OtherLanguages? ..........................................283 9.6 FutureResearch............................................284 Glossary ..........................................................287 References.........................................................291 Index .............................................................299 Chapter 1 Introduction Abstract This introductory chapter outlines the main problem dealt with in this book:findingsuitablelanguagesforrepresentingclassesofPetrinets,takinginspi- rationfromtheprocessalgebrasdevelopedinthelastfourdecades.Thestructureof thebookisoutlinedandsomehintsonhowtoreaditarepresented.Finally,itisalso arguedthatTuring-completenessisnotasufficientcriteriontocomparetheexpres- sivepowerofdifferentprocessalgebras,becausethesetsofproblemsindistributed computing that two languages can solve may be different, even if both include all theTuring-computablefunctions. 1.1 TheAlphabetizationofDistributedSystems A distributed system is a computer system made of several components, imple- mentedinhardwareorsoftwareorasacombinationofboth,thatmaybelocatedat differentsites,evenatageographicaldistance,andthatcooperatetoaccomplisha taskorcoordinatetoofferaservicebymeansofsuitablecommunicationprotocols basedonmessagepassing.Themostnotableexampleofadistributedsystemisthe Internet,whosemostimportantserviceistheWorldWideWeb. Ataveryabstractlevelofdetail,themainfeatureofadistributedsystemisdis- tribution:theglobalstateofthesystemiscomposedofacollectionoflocalstates, physicallylocatedatdifferentsites,andeachactivitythatthesystemperformsmay actuallyinvolveonlyasubsetoftheselocalstates.Anotherimportantfeatureisthat communication takes place only by message passing, so that any information ex- changehappensbymeansofexplicitcommunicationprimitivesofsendorreceive; in other words, there is no global memory, shared by the components. The com- municationmechanismcanbesynchronousorasynchronous:theformerwhenthe sendactionandthereceiveoneareperformedbytheinteractingpartnersatthesame time;thelatterwhenthesendactionisdecoupledfromthereceiveone. Many other features of distributed systems are relevant, such as heterogeneity of the components, possible independent failure of components, the absence of a © Springer International Publishing AG 2017 1 R. Gorrieri, Process Algebras for Petri Nets, Monographs in Theoretical Computer Science. An EATCS Series, DOI 10.1007/978-3-319-55559-1_1 2 1 Introduction global clock, scalability etc., but for the aims of this book, only distribution and communicationareconsidered.Inparticular,communicationisassumedtobesyn- chronous,becausethismechanismcanalsoeasilyimplementtheasynchronousone (it is enough to put a medium, such as a buffer, between the two partners of the communicationtogetanasynchronouscommunication),whilethereverseismore difficulttoachieve. Manysemanticmodelsofcomputationhavebeenproposedtomodeldistributed systems;herewegiveashort,notexhaustive,list: • Petrinets[Petri62,Hack76b,Pet81,Rei85,MM90,JK95,MR95,Bus02,Rei13]; • Transitionsystems[Kel76,Mil80,Plo04b,Gla01,San12,GV15]; • Eventstructures[NPW81,Win87,Win88,BMM06]; • Causaltrees[DD89,DD90,BMS15]; • Concurrenthistories[DM87]; • Statecharts[Har87,HPSS87]; • Messagesequencecharts[RGG,DH99]; • Kahnprocessnetworks[Kah74]. Eachofthesehasitsownprosandcons.However,amongthem,wechosePetri nets,forthefollowingreasons: 1. distributionisafirst-classconcept(whichisnotthecasefor,e.g.,labeledtransi- tionsystems); 2. Petrinetscanmodelrecursivebehaviorwithafinitestructure(whichisnotthe casefor,e.g.,eventstructures); 3. theyareawidelystudiedmodel(see,e.g.,[RR98a,DRR04]andthereferences therein),equippedwithasimple,precise,formalsemantics,bothfortheso-called linear-timeandbranching-timesemantics(whichisnotthecasefor,e.g.,message sequencecharts); 4. theyareequippedwithanalysistechniquesthataredecidableinmanycases,as described in Section 3.3 (which is not the case for, e.g., concurrent histories), andthataresometimessupportedbyautomaticorsemi-automaticsoftwaretools (see,e.g.,[TA15,Tool]forsurveysonPetrinettools);and,finally, 5. there is a large literature of applications of Petri nets to the modeling of real distributedsystems(see,e.g.,[RR98b,Rei98])andthereferencestherein). Fromnowon,atanabstractlevel,wetakethelibertyofidentifyingadistributed system with the Petri net which models it. Therefore, we shall consider specific classesofPetrinetsasspecificclassesofdistributedsystems. Many specification languages have been proposed to describe reactive, dis- tributedsystems,startingfromtheseminalworkbyHoarewithCSP[Hoa78,Hoa85, Ros98], and Milner with CCS [Mil80, Mil89, GV15]. These languages are usu- ally called process algebras, to reflect the algebraic nature of their syntactic and semantic definitions. Many process algebras have been proposed in the literature: besides CSP and CCS, also ACP [BK84, BW90, BBR10] by Bergstra, Klop and 1.1 TheAlphabetizationofDistributedSystems 3 a.0|b.0 a.b.0+b.a.0 a b a b 0|b.0 a.0|0 b.0 a.0 b a b a 0|0 0 Fig.1.1 Interleavinglaw:twoisomorphicLTSs a.0|b.0 a.b.0+b.a.0 {a} {b} {a} {b} 0|b.0 {a,b} a.0|0 b.0 a.0 {b} {a} {b} {a} 0|0 0 Fig.1.2 Twosteptransitionsystems Baeten(whocoinedthetermprocessalgebra),LOTOS[BB87,BLV95]byBolog- nesiandBrinksma(whoincludedabstractdatatypesinaprocessalgebra),CIRCAL [Mil85]byMilne(whointroducedthestepsemanticsforaprocessalgebra),andthe π-calculus [MPW92, Mil99, Par01, SW01] by Milner, Parrow and Walker (which modelsmobility),justtomentionafew(see[Bae05]forahistoricaloverview,and [BPS01]foratechnicalsurveyonthemanyfacetsofprocessalgebras).Theseman- tics of these languages have mainly been given in an interleaving style, either in termsofexecutiontraces(e.g.,CSP)orintermsoflabeledtransitionsystems(e.g., CCS),butinnowayareparallelism(orco-occurrenceofindependentactions)and distributionmodeledinthesesemantics. An example may help clarify the idea. The process composed of two parallel actions a and b is denoted in CCS by the term a.0|b.0, while the sequential pro- cessperformingthesetwoactionsineitherorderisdenotedbya.b.0+b.a.0.Inthe labeledtransitionsystemsemanticsof[Mil89],thesetwoCCSprocessesoriginate theisomorphiclabeledtransitionsystemsinFigure1.1,sothattheyaresemantically equal.Thisistheessenceoftheso-calledinterleavinglaw:a(finite-state)parallel process is semantically equivalent to a (finite-state) possibly nondeterministic, se- quentialprocess.Thisisacleardrawbackoftheinterleavingsemantics,aswewill arguefurtherinSection1.4. Onemayenrichthelabelingofthetransitionsystembyusing,insteadofsingle actions, multisets of concurrently executable actions: this is the so-called step se- mantics(originallyintroducedin[NT84,Mil85]),whichisrefinedenoughtomodel