Modelling Concurrent Systems
Definition 2.1. Transition System (TS)
A transition system TSis a tuple (S,Act,→, I,AP, L) where
• S is a set of states,
• Act is a set of actions,
• −→ ⊆ S×Act×S is a transition relation,
• I ⊆S is a set of initial states,
• AP is a set of atomic propositions, and
• L:S →2AP is a labeling function.
TS is calledfinite ifS,Act, and AP are finite.
For convenience, we write s−−→α s instead of (s, α, s)∈ −→. The intuitive behavior of a transition system can be described as follows. The transition system starts in some initial state s0 ∈ I and evolves according to the transition relation −→. That is, if s is the current state, then a transitions−−→α s originating fromsis selectednondeterministically and taken, i.e., the action α is performed and the transition system evolves from state s into the state s. This selection procedure is repeated in state s and finishes once a state is encountered that has no outgoing transitions. (Note that I may be empty; in that case, the transition system has no behavior at all as no initial state can be selected.) It is important to realize that in case a state has more than one outgoing transition, the
“next” transition is chosen in a purely nondeterministic fashion. That is, the outcome of this selection process is not known a priori, and, hence, no statement can be made about
Transition Systems 21 the likelihood with which a certain transition is selected. Similarly, when the set of initial states consists of more than one state, the start state is selected nondeterministically.
The labeling function L relates a set L(s) ∈ 2AP of atomic propositions to any state s.1 L(s) intuitively stands for exactly those atomic propositions a∈ AP which are satisfied by state s. Given that Φ is a propositional logic formula, thenssatisfies the formula Φ if the evaluation induced by L(s) makes the formula Φ true; that is:
s |= Φ iff L(s)|= Φ.
(Basic principles of propositional logic are explained in Appendix A.3, see page 915 ff.) Example 2.2. Beverage Vending Machine
We consider an (somewhat foolish) example, which has been established as standard in the field of process calculi. The transition system in Figure 2.1 models a preliminary design of a beverage vending machine. The machine can either deliver beer or soda. States are represented by ovals and transitions by labeled edges. State names are depicted inside the ovals. Initial states are indicated by having an incoming arrow without source.
pay
select
soda beer
insert coin
τ
τ
get soda get beer
Figure 2.1: A transition system of a simple beverage vending machine.
The state space is S = {pay,select,soda,beer}. The set of initial states consists of only one state, i.e., I = {pay}. The (user) action insert coin denotes the insertion of a coin, while the (machine) actions get soda and get beer denote the delivery of soda and beer, respectively. Transitions of which the action label is not of further interest here, e.g., as it denotes some internal activity of the beverage machine, are all denoted by the distinguished action symbol τ. We have:
Act={insert coin,get soda,get beer, τ}. Some example transitions are:
pay−−−−−−−−→insert coin select and beer−−−−−−→get beer pay.
1Recall that 2APdenotes the power set ofAP.
It is worthwhile to note that after the insertion of a coin, the vending machine nondeter- ministically can choose to provide either beer or soda.
The atomic propositions in the transition system depend on the properties under con- sideration. A simple choice is to let the state names act as atomic propositions, i.e., L(s) ={s} for any states. If, however, the only relevant properties do not refer to the selected beverage, as in the property
“The vending machine only delivers a drink after providing a coin”,
it suffices to use the two-element set of propositions AP = {paid,drink} with labeling function:
L(pay) = ∅, L(soda) = L(beer) = {paid,drink}, L(select) = {paid}. Here, the propositionpaid characterizes exactly those states in which the user has already paid but not yet obtained a beverage.
The previous example illustrates a certain arbitrariness concerning the choice of atomic propositions and action names. Even if the formal definition of a transition system requires determining the set of actions Act and the set of propositions AP, the components Act and AP are casually dealt with in the following. Actions are only necessary for modeling communication mechanisms as we will see later on. In cases where action names are irrelevant, e.g., because the transition stands for an internal process activity, we use a special symbol τ or, in cases where action names are not relevant, even omit the action label. The set of propositions AP is always chosen depending on the characteristics of interest. In depicting transition systems, the set of propositionsAP often is not explicitly indicated and it is assumed that AP⊆S with labeling functionL(s) = {s} ∩AP.
Crucial for modeling hard- or software systems by transition systems is the nondetermin- ism, which in this context is by far more than a theoretical concept. Later in this chapter (Section 2.2), we will explain in detail how transition systems can serve as a formal model for parallel systems. We mention here only that nondeterministic choices serve to model the parallel execution of independent activities by interleaving and to model theconflict situations that arise, e.g., if two processes aim to access a shared resource. Essentially, interleaving means the nondeterministic choice of the order in which order the actions of the processes that run in parallel are executed. Besides parallelism, the nondeterminism is also important forabstraction purposes, for underspecification, and to model the inter- face with an unknown or unpredictableenvironment (e.g., a human user). An example of the last is provided by the beverage vending machine where the user resolves the nonde- terministic choice between the two τ-transitions in state ”select” by choosing one of the two available drinks. The notion “underspecification” refers to early design phases where
Transition Systems 23 a coarse model for a system is provided that represents several options for the possible behaviors by nondeterminism. The rough idea is that in further refinement steps the de- signer realizes one of the nondeterministic alternatives, but skips the others. In this sense, nondeterminism in a transition system can represent implementation freedom.