Concurrency Theory: Lecture 15, 20 March 2018
---------------------------------------------

Synthesis

Given a behavioural description, construct a machine "implementation"

- E.g. given a regular expression or a word description of a
  regular language, construct a DFA/NFA

----------------------------------------------------------------------

Synthesis of concurrent systems

Motivation:

- Behavioural description is a global specification of behaviour

- "Architectural" constraints force us to construct a
  non-sequential implementation (e.g. separate client-server)

----------------------------------------------------------------------

Recall

- Going from regular languages to unlabelled nets is not easy.

- The word "abbaa" cannot be the language of any unlabelled net.
  Such a word is called "Petri net unsolvable".

- There is a trivial sequential DFA for this language.
  "Unsolvable" amounts to saying that this sequence of states
  cannot be achieved as the marking graph of a net with
  transitions T = {a,b}

----------------------------------------------------------------------

Structural synthesis

- Given a sequential system, does it represent the state space of
  a concurrent system

- Concretely, is a finite state transition system TS =
  (Q,->,q_in) over alphabet A isomorphic to the state space
  of a net PN = (P,T,F,M_in) where T = A (i.e. unlabelled)?

- The labelled case reduces to the unlabelled case: try all
  possible groupings of each action a in A in terms of distinct
  labelled transitions

----------------------------------------------------------------------

Theory of regions

- Consider an elementary net system EN = (P,T,F,M_in)

  - t is enabled at M if every p in pre(t) is marked at M and no
    p in post(t) is marked at M

- Let RG = (RM,->,M_in) be its reachability graph, a transition
  system whose states are the reachable markings

- For each p in P, define r(p) = {M in RM | M(p) = 1}.

- Consider any transtion t in T

  - Recall that elementary net systems cannot have a place
    connected to a transition via a self-loop; firing rule would
    block this transition from ever occurring

  - if p is in pre(t), every occurrence of t in RG starts inside
    r(p) and ends outside r(p), because t removes a token from p

  - if p is in post(t), every occurrence of t in RG starts outside
    r(p) and ends inside r(p), because t adds a token from p

  - if p is not connected to t, every occurrence of t in RG either
    starts and ends inside r(p) or starts and ends outside r(p),
    because t does not affect the marking of p

- Given TS = (Q,->,q_in), define a "region" r to be a subset of Q
  that satisfies the properties above:

  For every action a, one of the following holds:
  - all occurrences of a start inside r and end outside r
  - all occurrences of a start outside r and end inside r
  - all occurrences of a lie entirely within or entirely outside r

  Intuitively, r represents the "extent" of a state --- all reachable
  markings where a place is marked.

  We say that
  - r is in pre(a) if all occurrences of a start inside r and end
    outside r
  - r is in post(a) if all occurrences of a start outside r and end
    inside r

  Note that there are 2^|Q| possible subsets of Q, but not every
  subset is a region.  We can check each of these subsets and
  arrive at a set of regions R(TS) = {r1,r2,...,rk}

- For TS to be isomorphic to the reachability graph of an
  elementary net system, we require regions to satisfy some
  constraints

1. state-state separation:

- In the reachability graph, if M =/= M', then the marking of
  some place p changes between M and M'.  If r(p) is the region
  corresponding to this place, M in r(p) and M' not in r(p), or
  vice versa.

- If we start from TS = (Q,->,q_in), for every distinct pair of
  states q,q' in Q, there must be some region r in R(TS) such
  that q in r and q' not in r, or vice versa.

2. event-state separation:

- Given a transition t and a reachable marking M, if t is not
  enabled at M there must be some input place of t that is not
  marked at M, preventing t from occurring, or some output place
  of t is marked at M, blocking to from occurring

- In TS = (Q,->,q_in), if a is not enabled a q, then there must
  be a region r such that (i) r in pre(a) and q not in r or (ii)
  r in post(a) and q in r

Theorem:  Given TS = (Q,->,q_in), if the regions R(TS) satisfy
  the state-state separation and event-state separation
  constraints, we can construct an elementary net system EN =
  (P,T,F,M_in) whose reachability graph is isomorphic to TS.

Proof of the theorem is not very difficult, but we won't go into
the details.  Assuming the theorem, the construction is clear:

- P = R(TS) : each region is a place
- T = A:
- F = { (r,a) | r in pre(a) } union { (a,r) | r in post(a) }
- M_in = {r | q_in in r}


Examples:

Consider TS as below:

       a ---> q_a --- b ---> q_ab
     /
  q0
     \
       b ---> q_b --- a ---> q_ba

{q0,q_a} is a region which is in pre(b)
{q_ab,q_b,q_ba} is a region which is in post(b)
{q0,q_b} is a region which is in pre(a)
{q_a,q_ab,q_ba} is a region which is in post(a)

No other subset is a region. The resulting net has 4 reachable
markings. There is no region that separates q_ab and q_ba.

Consider TS as below:

       a ---> q_a --- b ---> q_ab
     /
  q0
     \
       b ---> q_b

{q0,q_a} is a region which is in pre(b)
{q_ab,q_b} is a region which is in post(b)
{q_0,q_b} is a region which is in pre(a)
{q_a,q_ab} is a region which is in post(a)

No other subset is a region. There is no region that explains
with an a-transition is not enabled at q_b.

----------------------------------------------------------------------

Behavioural equivalences between language equality and state
space isomorphism:

Consider the transition systems below:
                TS                      TS'
 
                q_in                   q'_in
                 |                      / \
               a |                   a /   \ a
                 |                    /     \
                q1                  q1'      q2'
                / \                  |        |
             b /   \ c             b |        | c
              /      \               |        |
             q2      q3             q3'      q4'

These are language equivalent.  However, suppose we place them in
parallel with an agent that does  "a" followed by "b".

   TS"     q"_in ---a---> q1" ---b---> q2"

(TS" || TS) will always execute "ab" and both components will run
to completion.  On the other hand (TS" || TS') may either do
"ab", reaching (q2",q3') or get stuck after "a" in the global
state (q1",q2').   This is usually referred to as a deadlock.

So, in a sense, TS" can "observe" a difference (through
deadlocks) between TS and TS', though they are language
equivalent.

This leads us to question whether we need a finer distinction
between tranistion systems than that of language equivalence.

Failures
--------

In the example above, the difference between TS and TS' is that
TS' can "refuse" to do b after a, if it takes the right branch.
It can also refuse to do c after a by taking the left branch.
TS, on the other hand, is always willing to do both b and c after
a.

This suggests describing behaviours as pairs (w,X), where w is a
sequence of actions that TS can do, and X is a set of actions
that TS can refused after doing w.

Define Failures(TS) = { (w,X) | q_in ---w-->* q and
                                for all a in X, q--/-a--> }

We say that TS and TS' are failures equivalent if Failures(TS) =
Failures(TS').

In the example above, we have (a,{b}) and (a,{c}) in
Failures(TS') but not in Failures(TS), so these are not
equivalent.

Note: If Y subseteq X and (w,X) in Failures(TS) then (w,Y) also
in Failures(TS), so it suffices to record "maximal" failure
pairs.  

======================================================================