Graph Representation of Sessions and Pipelines ... - Semantic Scholar

UNU-IIST International Institute for Software Technology

Graph Representation of Sessions and Pipelines for Structured Service Programming Roberto Bruni, Zhiming Liu and Liang Zhao June 2010

UNU-IIST Report No. 432

R

UNU-IIST and UNU-IIST Reports UNU-IIST (United Nations University International Institute for Software Technology) is a Research and Training

Centre of the United Nations University (UNU). It is based in Macao, and was founded in 1991. It started operations in July 1992. UNU-IIST is jointly funded by the government of Macao and the governments of the People’s Republic of China and Portugal through a contribution to the UNU Endowment Fund. As well as providing twothirds of the endowment fund, the Macao authorities also supply UNU-IIST with its office premises and furniture and subsidise fellow accommodation. The mission of UNU-IIST is to assist developing countries in the application and development of software technology. UNU-IIST contributes through its programmatic activities:

1. Advanced development projects, in which software techniques supported by tools are applied, 2. Research projects, in which new techniques for software development are investigated, 3. Curriculum development projects, in which courses of software technology for universities in developing countries are developed, 4. University development projects, which complement the curriculum development projects by aiming to strengthen all aspects of computer science teaching in universities in developing countries, 5. Schools and Courses, which typically teach advanced software development techniques, 6. Events, in which conferences and workshops are organised or supported by UNU-IIST, and 7. Dissemination, in which UNU-IIST regularly distributes to developing countries information on international progress of software technology. Fellows, who are young scientists and engineers from developing countries, are invited to actively participate in all these projects. By doing the projects they are trained. At present, the technical focus of UNU-IIST is on formal methods for software development. UNU-IIST is an internationally recognised center in the area of formal methods. However, no software technique is universally applicable. We are prepared to choose complementary techniques for our projects, if necessary. UNU-IIST produces a report series. Reports are either Research R , Technical T , Compendia C or Administra-

tive A . They are records of UNU-IIST activities and research and development achievements. Many of the reports are also published in conference proceedings and journals. Please write to UNU-IIST at P.O. Box 3058, Macao or visit UNU-IIST’s home page: http://www.iist.unu.edu, if you would like to know more about UNU-IIST and its report series.

Peter Haddawy, Director

UNU-IIST International Institute for Software Technology

P.O. Box 3058 Macao

Graph Representation of Sessions and Pipelines for Structured Service Programming Roberto Bruni, Zhiming Liu and Liang Zhao Abstract Graph transformation techniques, and the Double-Pushout approach in particular, have been particularly successful in the modeling of concurrent systems. In this area, a research thread has addressed the definition of concurrent semantics for process calculi. In this paper, we show how graph transformation can cope with advanced features of service-oriented process calculi, such as several logical notions of scoping (sessions, pipelines), pattern matching together with the interplay between linking and containment. This is illustrated by encoding CaSPiS, a recently proposed process calculus with such sophisticated features. We show how to handle congruence rules and reduction rules using a suitable notion of hierarchical graphs. The main result proves soundness and completeness of the encoding with respect to congruence. Keywords: process calculus, hierarchical graph, graph transformation

Roberto Bruni is an Assistant Professor at University of Pisa. His research interests include software architectures, theory of graph and graph transformation, and formal methods for service-oriented computing. Email: [email protected] Zhiming Liu is a Senior Research Fellow at UNU-IIST. His research interests include theory of computing systems, emphasizing sound methods and tools for specification, verification and refinement of fault-tolerant, realtime and concurrent systems, and formal techniques for object-oriented development. Email: [email protected] Liang Zhao is a PhD Student of the joint PhD program of UNU-IIST and University of Pisa. His research interests include semantics and type systems of programming languages, graph transformation, and formal methods for object-oriented development. Email: [email protected] The authors acknowledge support from the project HTTS funded by Macau Science and Technology Development Fund, NSFC 60970031, 973 program 2009CB320702, and STCSM 08510700300

c 2010 by UNU-IIST Copyright

Contents

5

Contents 1

Introduction

7

2

The calculus CaSPiS 2.1 Operational semantics in terms of reduction . . . . . . . . . . . . . . . . . . . . . . . .

8 9

3

Algebra of hierarchical graphs 3.1 Graph grammar . . . . . . . . . . . . . . . . 3.1.1 Hierarchical graph terms . . . . . . . 3.2 Interpretation of graph terms by hypergraphs . 3.3 Graph transformation rules . . . . . . . . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

11 11 12 13 15

Graph representation of CaSPiS 4.1 Processes as designs . . . . 4.2 Tagged graphs of processes . 4.3 Rules for congruence . . . . 4.4 Rules for reduction . . . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

17 18 19 21 26

4

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

5

An example

27

6

Conclusion

28

Report No. 432, June 2010

UNU-IIST, P.O. Box 3058, Macao

Introduction

1

7

Introduction

Process calculi have become quite mature in studying traditional concurrent and communication systems [8, 11], and even advanced to specification and verification of mobile systems [12]. However, these traditional process calculi are not power enough for characterization of service-oriented computing with advanced features of scoping (sessions, pipelines), pattern matching together with the interplay between linking and containment. Though there exist attempts of using π-calculus [12] as a model of service systems [10, 5], the encoding of channels, sessions and pipelines are of too low level of abstraction and different first-class aspects in SOC are mixed up and obfuscated. The low level communication primitives of π-calculus make the analysis too complex and infeasible. To improve the situation, Boreale, et al defined a process calculus called SCC (Service Centered Calculus) [1]. SCC introduces service definition, service invocation and session handling as first class modeling elements. However, SCC only has a rudimentary mechanism for handling session closure, and it has no mechanism for orchestrating values arising from different activities. Some of the authors of SCC improved these problems in CaSPiS, Calculus of Session and Pipelines [2]. CaSPiS still supports the important features of SCC with respect to service autonomy, client-service interaction and orchestration. However, the notions of session and pipelining play a more central role. In CaSPiS, a session has two sides (or participating processes) and it is equipped with protocols followed by each side during an interaction between the two sides. A pipeline in CaSPiS permits orchestrating the flow of data produced by different sessions. The concept of pipeline is inspired by Orc [13], a basic and elegant programming model for structured orchestration of services. A structured operational semantics of CaSPiS is given in [2]. It does yet have a simpler and compact reduction semantics, that handles silent actions of processes in the labeled transition system. This is the first concern of this paper. Sessions and pipelines introduce a strong hierarchical nature to a service oriented system in both of its static structure and dynamic behavior. The hierarchical structure also changes during the evolution of the system, due to dynamic creation of sessions by invocations of services, and dynamic creation of processes in pipelines. The inherently flat nature of process expressions of a process calculi and its operational semantics does not support the characterization of the hierarchical aspects of service oriented systems. In this paper, we propose a graph characterization of the service oriented systems and use graph transformation rules to study the equivalences between processes, both structural and behavioral. We take on CaSPiS and define an interpretation of the calculus by hypergraphs and develop a graph transformation system with a set of Double-Pushout (DPO) rules [4] to define a reduction semantics for CaSPiS. Our approach is motivated by the large body of literature on applications of graphs and graph transformations in distributed, concurrent and mobile systems [7, 9, 6]. This shows that graphs offer a powerful and yet flexible and convenient ground for the specification and analysis of complex software systems with various features. In [3], states of CaSPiS processes are modeled with a term of a graph algebra that supports names, name restrictions and design hierarchy. Our approach is developed based on this algebra and provides a model of this algebra with a mathematical structure, called hypergraphs. We define two sets graph



The calculus CaSPiS

8

transformation rules by Double-Pushout for congruence relation and a reduction semantics, respectively. We present the soundness and completeness results for congruence relation. We introduce CaSPiS in the next section, and the graph algebra and its hypergraph model in Section 3. In Section 4, we give the graph representation of CaSPiS processes and define the graph transformation system. Section 5 is a small example to illustrate the application of the graph transformation rules, and Section 6 draws the conclusions.

2

The calculus CaSPiS

This section introduces the key notions of the service-oriented calculus CaSPiS [2]. Let S , R , V and C be four disjoint infinite sets, respectively of service names, session names, variables and constants. The simplest process is the nil process 0 that does not do anything. A process P can be prefixed by an abstraction (?x) that is ready to receive a value and assign it to each variable x occurring in P; a concretion hV i that generates an output V , which is either a variable or a constant (both called values in CaSPiS) ; or a return hV i↑ that returns a value V to the outside environment. The standard parallel composition P|Q is allowed. However, the choice operator “+” is limited to the nil process, as well as those processes prefixed with abstractions, concretions and returns, called the prefixed processes. A service is declared by a service definition s.P and used by the environment through a service invocation s.Q. A participant process of a session is represented by r P, where r is a session name, and P is the protocol this participant follows. In CaSPiS, a session r can have only two participants, and they are also called the two sides of the session. A process P can be pipelined with another process Q, denoted by P > Q, so that P can keep producing values for Q to consume. Service names, session names and variables can be restricted, in a way like the π-calculus [12] by (νn)P. This restricts all the occurrences of the name n within P, and P is called the scope of the restriction. Definition 1 (CaSPiS process) A process is a term generated by the syntax: Process Sum Prefix Value

P, Q M π V

::= ::= ::= ::=

M | P|Q | s.P | s.P | r P | P > Q | (νn)P 0 | πP | M + M (?x) | hV i | hV i↑ x | c

where s ∈ S , r ∈ R , x ∈ V , c ∈ C and n ∈ S ∪ R ∪ V . We omit 0 in a prefixed term and write, for example, (?x)hxi for (?x)hxi0. A name n is free if it does not occur in a process bound by either an abstraction (?n) or a restriction (νn), and fn(P) denotes the set



The calculus CaSPiS

9

P|Q M + M0 (νn)(νn0 )P

≡c ≡c ≡c

Q|P M0 + M (νn0 )(νn)P

(P|Q)|R (M + M 0 ) + M 00

≡c ≡c

P|(Q|R) M + (M 0 + M 00 )

Figure 1: Basic congruence rules P|(νn)Q (νn)P|Q (νn)P > Q r (νn)P

≡c ≡c ≡c ≡c

(νn)(P|Q) (νn)(P|Q) (νn)(P > Q) (νn)(r P)

if if if if

n∈ / fn(P) n∈ / fn(Q) n∈ / fn(Q) n 6= r

Figure 2: Special congruence rules of free names of P. We have a set of structural congruence rules among processes. They are classified as basic rules of commutativity and associativity (in Fig. 1), and special rules for moving restrictions forward (in Fig. 2).

2.1

Operational semantics in terms of reduction

The basic behavior of a process P is the communication and synchronization (called interactions) between its sub-processes. After an interaction, P evolves to another process Q. A step of such a change is called a reduction, denoted as P − → Q. The behaviors of the prefixed processes, the sum “+”, parallel composition, and restriction are similar to those in a traditional process calculus. A service definition process s.P and service invocation process s.Q synchronize on the service s and its corresponding invocation s. After offering the service s, s.P evolves to a session process r P with a fresh session name r. Symmetrically, after the service invocation s, s.Q becomes a session process r Q of the same session name r. For example, s.P|s.Q − → r P|r Q. When a session r starts, the protocols P and Q of the session sides r P and r Q become active and produce and receive values from each other. For example, r (?x)P|r hV iQ − → r P[V /x]|r Q. A pipelined process P > Q behaves as P but keeps the new state of P pipelined with Q, until P produces a value. When P produces a value, a new instance of Q is created, that consumes the value produced by P and then runs in parallel with the original P and instances of Q created earlier. This is shown by the example hV iP > (?x)Q − → (P > (?x)Q)|Q[V /x]. The formal definition of a reduction needs the notion of contexts of processes. A context is a process expression with some “holes”. For a formal definition, we assume process variables. A context with k holes is a process term C(X1 , . . . , Xk ) defined in Definition 1, but with processes variables X1 , . . . , Xk in it.



The calculus CaSPiS

10

(Sync)

P ≡c Q ≡c

(S-Sync)

P ≡c Q ≡c

r fresh for C[ ·, · ], P1 , P2 0 C[r (P |(hV iP1 + M1 )), r C1 [(?x)P2 + M2 ]] C[r (P0 |P1 ), r C1 [P2 σ]]

(S-Sync-Ret)

P ≡c Q ≡c

C[r (P0 |r0 C2 [hV i↑ P1 + M1 ]), r C1 [(?x)P2 + M2 ]] C[r (P0 |r0 C2 [P1 ]), r C1 [P2 σ]]

(P-Sync)

P ≡c Q ≡c

C0 [(P0 |(hV iP1 + M1 )) > ((?x)P2 + M2 )] C0 [P2 σ|((P0 |P1 ) > ((F)P2 + M2 ))]

(P-Sync-Ret)

P ≡c Q ≡c

C0 [(P0 |r C2 [hV i↑ P1 + M1 ]) > ((?x)P2 + M2 )] C0 [P2 σ|((P0 |r C2 [P1 ]) > ((?x)P2 + M2 ))]

C[s.P1 , s.P2 ] (νr)C[r P1 , r P2 ]

Figure 3: Reduction rules We only need contexts with one or two holes, and we omit the process variables and denote a context as C[ · ] or C[ ·, · ]. A context is called static if none of its holes occurs in the scope of a dynamic operator, which is a service definition s.[ · ], a service invocation s.[ · ], a sum [ · ] + M, a prefix π[ · ] or the right-hand side of a pipeline P > [ · ]. A context is session-immune if its hole(s) does not occurs in the scope of a session, and restrictionimmune if its hole(s) does not occur in the scope of a restriction. Furthermore, a 2-hole context is called restriction-balanced if the holes occur in the same restriction environment. For example, (νn)[ · ]|r [ · ] is not restriction-balanced, since the first hole is bound by the restriction (νn) while the second is not. However, (νn)[ · ]|r [ · ] is a static context. Following the discussion about the informal behavior of processes, we summarize the reduction rules in Fig. 3 for service definition, service invocation, session and pipelined processes, where each rule shows a pair of processes P and Q such that P − → Q. In this figure, σ denotes the substitution [V /x]; C0 [ · ] is static; C[ ·, · ] is static and restriction-balanced; C1 [ · ] is static and session-immune; and C2 [ · ] is static, session-immune and restriction-immune. There is no rule that allows a reduction of a sub-process in a non-static context. To represent a meaningful service system, a process term must satisfy two well-formedness conditions. The first is that a session can only occur in static contexts and each session name occurs at most twice, i.e. a session has at most two sides. The other is that no cycle is allowed in nested sessions. For example, processes like r r P or r r1 P|r1 r Q are not valid. These conditions reflect the consideration that a session can only be generated at run-time, through the rule (Sync) in Fig. 3. It should not be explicitly written by programmers. From now on, we always assume a process is well-formed unless it is stated otherwise.



Algebra of hierarchical graphs

11

O

O

.y

.x •

/ Con /

•

P=

/

Ret

/

•

/

Nil

hxihyi↑

•

/

Res

m6 .O mmm mmm/ • / Con /

•

/

Nil

Q = (νz)hzi

Figure 4: Graph representations of two processes

3


A CaSPiS process can be represented as a graph. For example in Fig. 4(a), the graph of P = hxihyi↑ shows P generates a value x, then returns a value y and then becomes the nil process. The unnamed • nodes represent the states of the control flow, and the nodes .x and .y show that x and y are values generated and returned by the concretion and return edges. The graph Fig. 4(b) shows process Q generates a value z but this value is restricted, thus invisible from outside. A restricted value node is therefore not named in the graph. These graphs are called hypergraphs, since an edge can be associated with one or more nodes. A hypergraph shows the control flow and data flow, as well as the structure of a process, through different types of nodes, such as . and •, and different types of edges, such as Ret, Res and Con.

3.1

Graph grammar

We use a graph algebra [3] to specify and study the algebraic properties of hypergraphs, in order to study CaSPiS processes. Let N be a set of node names and L be a set of edge labels. We also use x to denote a sequence, x[i] and |x| to denote the i-th member and the length of the sequence, respectively.

Definition 2 (Graph term) A graph term is generated by the grammar G ::= 0 | x | l(x) | G|G | (νx)G where x ∈ N and l ∈ L . Term 0 represents the empty graph, x is the graph of only one node, l(x) is the graph of an l-labeled edge attached to nodes x through its tentacles, G1 |G2 represents the composition of two graphs and (νx)G is a restriction that binds the name x in G so that it is invisible outside G. A process P of CaSPiS can be represented by a graph term, denoted by JPK. The graph terms of processes P and Q in Fig. 4 are respectively JPK = (νp)(νp1 )(νp2 )(Con(p, x, p1 )|Ret(p1 , y, p2 )|Nil(p2 )) JQK = (νp)(νp1 )(νp2 )(νz)(Res(p, z, p1 )|Con(p1 , z, p2 )|Nil(p2 ))

For a graph term G, we denote its hypergraph as H (G) and called it the hypergraph of G, and H (JPK) the underlying graph of process P.




12

We say a node name in a graph term is free if it is not in the scope of a restriction. As shown in Fig. 4, free node names of G are shown in its hypergraph with its type symbol, but the node of a restricted name is labeled only by its type without the name. When an edge has more than one tentacles, we usually order them clockwise, with the first one being drawn as an incoming arrow and others as outgoing arrows. If necessary, we explicitly give their order by 1, 2, . . . , k. For an edge with only one tentacle, it is not significant whether it is shown as an incoming or outgoing edge.

3.1.1

Hierarchical graph terms

The graph grammar defined above only describes single CaSPiS processes that represent closed systems. However, we have to treat open systems and their compositions. For example, the graph term JP|QK of a parallel composition can not be directly calculated from the graph terms of P and Q. For this we need to define a mechanism of encapsulation, called design, to introduce a hierarchical structure into the graphs. Like simple edges, designs need to be labeled. To this end, we assume a set D of design labels, and extend the graph grammar of Definition 2 into the following definition.

Definition 3 (Hierarchical graph term) A hierarchical graph term is either a graph or a design generated by the grammar Graph Design

G ::= 0 | x | l(x) | G|G | (νx)G | Dhxi D ::= Lx [G]

where x ∈ N , l ∈ L and L ∈ D . A design D = Ly [G] exposes a sequence of free nodes y of its body graph G as its interface nodes, interface for short. For a design D, the hypergraph of Dhxi is obtained from the hypergraph of D by attaching its interface nodes to the nodes x. This hypergraph is a simple design edge, and it has the same label as D. The hierarchical nature of hypergraphes is given by that the body graph G in a design Ly [G] may also contain design edges. Recall that the hypergraphs of P and Q in Fig. 4 and their corresponding graph terms represent P and Q as closed systems. They cannot be composed. We can represent each of them, say P, as an open process by a design graph term. Instead of restricting, we expose the first control node p as the interface of the design and label it by the design label P. Then we have the design graph terms of P and Q. JPK = P p [(νp1 )(νp2 )(Con(p, x, p1 )|Ret(p1 , y, p2 )|Nil(p2 ))] JQK = P p [(νp1 )(νp2 )(νz)(Res(p, z, p1 )|Con(p1 , z, p2 )|Nil(p2 ))]

The hypergraphs of these two terms are re-depicted on the top and bottom of Fig. 5(a). These two hypergraphs can then be composed by linking their interface nodes with an edge Par that also have a third node p to interface with the outside. We then make this composed hypergraph as a design graph labeled by P and exposing p as its interface. This is the graph in Fig. 5(a), representing the parallel composition P|Q, and JP|QK = P p [(νp1 )(νp2 )(Par(p, p1 , p2 )|JPKhp1 i|JQKhp2 i)] Report No. 432, June 2010



13

O

O o

• •

o

P11

•

/

•

Par

P31 • o

(a)

•

/ Con

O

O

.y

.x P21

/

•

/ Ret

6. mmm O mmm m / Res / • / Con

hxihyi↑ |(νz)hzi

O

.y

.x

/

/

•

•

/

•

O

•

Nil

/

o

P1 1

•

/

Par

•

Nil

/ Con

Ret

/

•

/

Nil

6. mmm O mmm m / Res / • / Con /

•

/

Nil

(b) flat version of

/

•

/

hxihyi↑ |(νz)hzi

Figure 5: Graph representation with designs

A design plays two roles in the graph representation of a process. First, it represents a service or a session as a hierarchical part of a whole process. In this case the edges P11 , P21 and P31 represent the designs, called abstract edges. The other role of a design is to represent the interface of a process through which the process communicates with its environment. When we are not interested in the hierarchical structure, a hypergraph can always be flattened by combining the nodes linked by internal abstract edges. For example, the hypergraph in Fig. 5(b) is the flatten version of the hypergraph in Fig. 5(a). The use of labels such as P11 will become clarified by the formal interpretation rules of graph terms.

3.2

Interpretation of graph terms by hypergraphs

A hypergraph has different types of nodes for different modeling entities. In Fig. 4, for example, . nodes represent data while • nodes represent states of the control flow. We assume a set T of node types and use T(x) ∈ T to denote the type of node x. Each edge label or design edge label l has an arity AR(l) and a type T(l) that is the sequence of types of the nodes that the edge connects. Thus it is required that |T(l)| = AR(l). In our discussion, we consider only three types of nodes and let T = {•, ., }, representing the control flow, data and channels, respectively. A design D = Lx [G] is well-typed if the sequence of its interface nodes x is of type T(L), while a design edge Dhyi is well-typed if D is well-typed and y is of type T(L). To syntactically indicate in a graph term if a design edge is to be interpreted in a flatten graph, we assume a designated set of design edge labels F ⊆ D . Definition 4 (Interpretation of graph terms) For a graph term G, we define its interpretation by a hypergraph H (G) = hN(G), E(G), AE(G), fn(G), ex(G)i that is defined in Fig. 6, where N(G) is the set of nodes names, E(G) the set of edges, AE(G) the set of abstract edges, fn(G) the set of free node names, and ex(G) the sequence of interface nodes. As discussed in the previous subsection, the interpretation of a node, edge, restriction composition of




14

/ 0, / 0, / 0, / 0i / H (0) = h0, / 0, / {x}, 0i / H (x) = h{x}, 0, / {x}, 0i / H (l(x)) = h{x}, {l(x)}, 0, / H ((νx)G1 ) = hN(G1), E(G1), AE(G1), fn(G1)\{x}, 0i / H (G1 |G2 ) = hN(G1) ∪ N(G2), E(G1) ∪ E(G2), AE(G1) ∪ AE(G2), fn(G1) ∪ fn(G2), 0i (N(G1) ∩ N(G2) = fn(G1) ∩ fn(G2))

H (Ly [G1 ]) = hN(G1) ∪{y0 }, E(G1), AE(G1) ∪{Liα (y[i], y0 [i])|1 ≤ i ≤ |y|}, fn(G1)\{y}, y0 i

(y0 fresh, T(y0 ) = T(y), α fresh for L) / (L ∈ F ) H (Ly [G1 ]hxi) = hN(G1)[x/y], E(G1)[x/y], AE(G1)[x/y], (fn(G1)\{y}) ∪ {x}, 0i / H (Ly [G1 ]hxi) = hN(D)[x/ex(D)], E(D)[x/ex(D)], AE(D)[x/ex(D)], fn(D) ∪{x}, 0i (L 6∈ F , D = Ly [G1 ])

Figure 6: Interpretation of terms

L11 •x1

`

•

~

L12

/

•

l

O

>

•x •

l

L21

o

G1

•

•x2

L22

L11 •x1

~

•

/

l

/

•x

o

l

o

•

a

L12

L21

= •

•

•x2

L22

G2 Figure 7: Hypergraphs of terms

a graph term is straightforward and easy to understand. A design is generally represented by a set of binary edges, called abstract edges, linking each of the interface node of the design to a fresh node for interaction with the environment. For example, Fig. 5(a) has three abstract edges, and its flatten version Fig. 5(b) has only one, that is P11 . Notice that terms (νx)(νy)G and (νy)(νx)G are interpreted as the same hypergraph. We thus extend the restriction operator to a set of nodes and write, for example, (ν{x, y})G for (νx)(νy)G or (νy)(νx)G. We show two more examples of the interpretation in Fig. 7, where the hypergraphs of the following terms are depicted, with L 6∈ F . G1 = L(y1 ,y2 ) [l(y1 , x)|y2 ]hx1 , x2 i|L(y1 ,y2 ) [y1 |l(y2 , x)]hx1 , x2 i G2 = L(y1 ,y2 ) [l(y1 , x)|l(y2 , x)]hx1 , x2 i|L(y1 ,y2 ) [y1 |y2 ]hx1 , x2 i

Recall that a free node is labeled with its name, while a bound one is not since its naming is not significant. An edge is depicted as a box with tentacles, the number of which is exactly its arity. An abstract j edge is represented as a dotted arrow with its label. The subscripts i of an abstract label Li indicates that j the abstract edge links to the i-th interface node, see Fig. 7. The superscripts j of an abstract label Li are used to discriminate different occurrences of L-labeled designs. For example, the abstract edges in the upper and lower parts of G1 are labeled by different superscripts as (L11 , L21 ) and (L12 , L22 ), respectively. Without these superscripts, the hypergraphs of G1 and G2 would be the same. However, graph terms G1 and G2 are not expected to be equivalent.




L

>

•

•

l

O

•x1 L

/

l

L

>

•x •

15

o

•x2

•

•

/

l

/ •x o

l

o

•

•x1 L

G1

>

> •

•x2

•

/

D:L

/

•y

•

G2

G3

Figure 8: Simplified hypergraphs A hypergraph full of abstract edge labels looks complicated. So, we simplify its graphic representation by putting the body of each L-labeled design into a dotted box labeled by L and removing all the abstract edge labels. We can take the dotted box as a special “edge” and the original abstract edges become its “tentacles”. We use the same convention for edges to order these tentacles. For example, G1 and G2 in Fig. 7 are re-depicted in Fig. 8. Notice that a free node is shared by different design instances, such as x in G1 . A design edge can be depicted as a double box with tentacles if the detail of its body is not concerned, see G3 = (νx)Dhx, yi in Fig. 8. Morphisms play a key role in defining relations among graphs and graph transformations. A morphism m : G1 − →G2 is a mapping from one hypergraph G1 to another hypergraph G2 such that 1. m(e) has the same type as e, where e is either a node, an edge or an abstract edge, 2. If m maps an edge or abstract edge l(x) to l(y), m maps x to y, and 3. m map the sequence of interface nodes of G1 to those of G2 . A morphism m : G1 − →G2 is fn-preserving if it maps each free node of G1 to a free node of G2 with the same node name. Two hypergraphs G1 and G2 are isomorphic, denoted as G1 ≡d G2 , if there is a morphism between them that is bijective and fn-preserving. As a result, isomorphic hypergraphs have the same set of free node names. When there is no confusion, we allow the interchange between a graph term and its hypergraph. Therefore, it is possible to say there is a morphism from some term to another, or two terms are isomorphic if they satisfy some conditions.

3.3

Graph transformation rules

A graph-based theory of programming often requires the formalization of rules of graph transformations for defining the behavior of a program or the derivation of one program from another. Graph transformation rules are often defined in terms of the algebraic notions of pushout [4]. Intuitively, a pushout combines a pair of graphs by injecting them into a larger graph with certain common parts.




16

@ ~~ @@@ m2 ~ @@ ~ @@ ~~ ~~~m013 m023 / G03 o G1 G2 @@ O ~ @@ ~ @ m3 ~~~m m13 @@ ~~ 23 G

m1

G3

Figure 9: Pushout Definition 5 (Pushout) Let G0 , G1 and G2 be three graphs with two morphisms m1 : G0 − →G1 and m2 : G0 − →G2 . A pushout of the pair hm1 , m2 i is a graph G3 together with two morphisms m13 : G1 − →G3 and m23 : G2 − →G3 , such that: 1. m13 ◦ m1 = m23 ◦ m2 , and 2. if there exist a graph G03 and two morphisms m013 and ,m023 such that m013 ◦ m1 = m023 ◦ m2 , there is a unique morphism m3 : G3 − →G03 such that m013 = m3 ◦ m13 and m023 = m3 ◦ m23 . We call hm2 , m23 i a pushout complement of hm1 , m13 i, and vice versa.

This definition shows the pushout graph G3 is the union of G1 and G2 with the images of G by m1 and m2 being equalized, see Fig. 9. A graph transformation rule is always formulated using a pair of pushouts, and such a rule is called a Double-Pushout rule (DPO). m

m

Definition 6 (Double-Pushout rule) A Double-Pushout rule R : GL ←l GI →r GR is a pair of morphisms ml : GI− →GL and mr : GI− →GR, where ml is injective. Graphs GL, GI and GR are called the left-hand side, the interface and the right-hand side of the rule, respectively.

In many DPO rules, ml and mr are identity mappings or they only change a small part of the source graph. We thus simply represent a DPO rule by listing the three graphs as GL|GI|GR when both of its morphisms are identify, otherwise we add necessary annotations to indicate the mapping between nonidentical elements. Here, "|" is just used to separate the graphs, it does not represent a graph composition. We shown two examples of DPO rules R1 and R2 in Fig. 10. In Rule R1 , both morphisms are the identity mapping and thus no annotation is needed. For Rule R2 , however, we use x/x0 → x to annotate that mr maps different nodes x and x0 in the interface to the same one x in the right-hand side. Now we show how a DPO rule can be applied to derive one graph from another.



Graph representation of CaSPiS

O

•

/

l

/

•

•

/

l

/

•

17

•

O

l •

•

•

/l l @

/• @

•

•x

•

•x 0

•x

x/x0 → x R2

R1 Figure 10: Two DPO rules o

GL

ml

GI

mr

G

m0l

o

GR

m3

m2

m1

/

G00

m0r

/ G0

Figure 11: A direct derivation m

m

Definition 7 (Direct derivation) Let R : GL ←l GI →r GR be a DPO rule. Given a graph G and a morphism m1 : GL− →G, G0 is a direct derivation of G by R (based on m1 ), denoted as G ⇒R G0 , if exists the morphisms in Fig. 11 such that m0l , m0r are fn-preserving and both squares are pushouts. In the definition, m1 is called the match in the derivation as it actually matches graph GL with the subgraph m1 (GL) of G. With this match, Rule R allows a graph G00 constructed with hm2 , m0l i as a pushout complement of hml , m1 i. G00 is achieved from G by removing the elements in m1 (GL\ml (GI)) and preserving the elements in m1 (ml (GI)). Since ml is injective, there is a unique triple hm2 , G00 , m0l i such that m0l is fn-preserving. Then, a graph G0 is obtained from G00 by adding the elements corresponding to GR \ mr (GI). A graph transformation system is defined by a set δ of DPO rules, and a graph derivation is sequential applications of some DPO rules of the system. Formally, G0 is a derivation of G in system δ, denoted as G⇒∗δ G0 , if there is a sequence of graphs G0 , . . . , Gk (k ≥ 0) such that G ≡d G0 ⇒R1 G1 ⇒R2 . . .⇒Rk Gk ≡d G0 for R1 , . . . , Rk ∈ δ. As the case k = 0, G ⇒∗δ G0 holds for any set of rules δ provided G ≡d G0 .

4


This section applies the graph algebra for representation of CaSPiS processes and use graph transformations to study reductions of these processes. For this, we first define a direct representation of a CaSPiS process P by graph terms JPK. This representation is easy to understand, but it is hard to define its reductions for a representation of the reductions of the process. To overcome this problem, we define a tagged version JPK† of JPK, and show JPK† can be obtained by applying transformations rules to the Report No. 432, June 2010



18

def

J0K = P(p,i,o,t) [i|o|t|Nil(p)]

def J(?x)PK = P(p,i,o,t) [(ν{p1 , x}) Abs(p, x, p1 , i)|JPKhp1 , i, o,ti ] def JhV iPK = P(p,i,o,t) [(νp1 ) Con(p,V, p1 , o)|JPKhp1 , i, o,ti ] def JhV i↑ PK = P(p,i,o,t) [(νp1 ) Ret(p,V, p1 ,t)|JPKhp1 , i, o,ti ]

def JM + M 0 K = P(p,i,o,t) [(ν{p1 , p2 }) Sum(p, p1 , p2 )|JMKhp1 , i, o,ti|JM 0 Khp2 , i, o,ti ] def JP|QK = P(p,i,o,t) [(ν{p1 , p2 }) Par(p, p1 , p2 )|JPKhp1 , i, o,ti|JQKhp2 , i, o,ti ]

def Js.PK = P(p,i,o,t) [i|t|D(p,t) [(ν{p1 , i1 , o1 }) De f (p, s, p1 , i1 , o1 )|JPKhp1 , i1 , o1 ,ti ]hp, oi] def Js.PK = P(p,i,o,t) [i|t|I(p,t) [(ν{p1 , i1 , o1 }) Inv(p, s, p1 , i1 , o1 )|JPKhp1 , i1 , o1 ,ti ]hp, oi] def Jr PK = P(p,i,o,t) [i|t|S(p,t) [(ν{p1 , i1 , o1 }) Ses(p, r, p1 , i1 , o1 )|JPKhp1 , i1 , o1 ,ti ]hp, oi]

def JP > QK = P(p,i,o,t) [(ν{p1 , p2 , o1 }) Pip(p, p1 , p2 , o1 , i, o,t)|JPKhp1 , i, o1 ,ti|R p [(ν{i, o,t})JQKhp, i, o,ti]hp2 i ] def J(νn)PK = P(p,i,o,t) [(ν{p1 , n}) Res(p, n, p1 )|JPKhp1 , i, o,ti ]

Figure 12: Graph representation of processes untagged version JPK. Then we define reductions on tagged graphs by graph transformation rules that are consistent with the process reductions. In order to represent a process as a hierarchical graph, we consider the following sets as our vocabularies. (Node types) T (Edge labels) L (Design labels) D

= {•, ., } = {Nil, Abs,Con, Ret, Sum, Par, De f , Inv, Ses, Pip, Res, A, rv} = {P, D, I, S, R} with F = {P}

We define three node types •, . and , representing the control flow, data and channels of a process, respectively. We introduce a set of edge labels. Some of them represents the operators on processes, such as (Abs) for abstraction, (Par) for parallel composition and (Ses) for session. The others are for tagging (A) and restricted values (rv), which will become clear later on. The design labels represent processes (P), service definitions (D), invocations (I), sessions (S) and right-hand sides of pipelines (R), respectively. Only design edges labeled with P are flat, so the hierarchy of a graph are introduced only by services, sessions and pipelines.

4.1

Processes as designs

A process is represented as a P-labeled design. The exposed nodes of such a design consist of a • node p, together with an input nodes i, an output node o and a return node t.

Definition 8 (Graph representation) The graph representation of a CaSPiS process P, denoted by JPK, is given in Fig. 12 by induction on the structure of P.

The nil process 0 is represented as an edge Nil (Fig. 13(a)). An abstraction (?x)P is represented as a graph that attaches an edge Abs to the graph JPK and to the input channel of the whole process (Fig. 13(b)). Report No. 432, June 2010



/•

•

/

P

/

Nil

19

/

/

O

.

P •

/

•

/

QQQ/ • nn/ JPK nQnQ | vnnn }||QQ(

/

O

•

/•

/

Par

/

•

/ 11BB F B 11 1 > |||11 /

/

/

/

JPK

JQK

/

/

•

•

/

•

O

.s

/

/ / CQCQQ•Qmmm| JPK Q m C | Q m vmm ! }| Q(

/

•

/ / APAPP•Pnnn| JPK P A n | P n vnn }| P(

Ses

!

P

"

(f) Js.PK

/ P:P 000 / Pip R / 00 ( • FFRRR 0 FF" RRR0( O

•

De f

(e) Jr PK

(d) JP|QK /

O

•

.r

S

D

/ • / JPK n nnn | n vnn }||

(c) J(νn)PK

P

Res

P •

/

•

(b) J(?x)PK

P •

/

•

Abs

(a) J0K

O

.

P

•

/

•

/

R •

/ Q:P z CC }zz C!

(g) JP > QK

Figure 13: Examples of graph representation Similar to an abstraction, a concretion and return process is represented, but with a Con and Ret edge associated with the output channel and return channel, respectively. The graph of (νn)P is composed of an edge Res and the graph JPK (Fig. 13(c)). In the graph of a parallel composition P|Q (or a sum P+Q), the graphs of P and Q are connected by a Par (or Sum) edge, and the channels of P and Q are combined (Fig. 13(d)). The graph of a session process r P is defined by attaching the graph of P with a session edge Ses. The Ses edge is also connected with the input and output channels of P. This subgraph is then encapsulated by an S-labeled design (Fig. 13(e)). The graph of a service definition or invocation is defined in a similar way (Fig. 13(f)). A pipeline P > Q is represented as an edge Pip connected with the graphs of P and Q, where the graph of the right-hand-side of the pipeline Q is encapsulated by a R-labeled design (Fig. 13(g)).

4.2

Tagged graphs of processes

In the graph term JPK of a process P, a control flow node, i.e. a • node, p represents the “beginning” of the graph of a sub-process Q. In this sense, p corresponds to a context C[ · ] with C[Q] = P. Recall that




J0K†

J(?x)PK† JhV iPK†

JhV i↑ PK†

def

= P(p,i,o,t) [i|o|t|A(p)|Nil(p)] = P(p,i,o,t) [(ν{p1 , x}) A(p)|Abs(p, x, p1 , i)|JPKhp1 , i, o,ti ] def = P(p,i,o,t) [(νp1 ) A(p)|Con(p,V, p1 , o)|JPKhp1 , i, o,ti ] def = P(p,i,o,t) [(νp1 ) A(p)|Ret(p,V, p1 ,t)|JPKhp1 , i, o,ti ] def

JM + M 0 K†

def

Js.PK†

def

JP|QK† Js.PK†

Jr PK†

JP > QK†

J(νn)PK†

20

= P(p,i,o,t) [(ν{p1 , p2 }) A(p)|Sum(p, p1 , p2 )|JMKhp1 , i, o,ti|JM 0 Khp2 , i, o,ti ] def = P(p,i,o,t) [(ν{p1 , p2 }) Par(p, p1 , p2 )|JPK† hp1 , i, o,ti|JQK† hp2 , i, o,ti ]

= P(p,i,o,t) [i|t|A(p)|D(p,t) [(ν{p1 , i1 , o1 }) De f (p, s, p1 , i1 , o1 )|JPKhp1 , i1 , o1 ,ti ]hp, oi] def = P(p,i,o,t) [i|t|A(p)|I(p,t) [(ν{p1 , i1 , o1 }) Inv(p, s, p1 , i1 , o1 )|JPKhp1 , i1 , o1 ,ti ]hp, oi] def = P(p,i,o,t) [i|t|S(p,t) [(ν{p1 , i1 , o1 }) Ses(p, r, p1 , i1 , o1 )|JPK† hp1 , i1 , o1 ,ti ]hp, oi] def

= P(p,i,o,t) [(ν{p1 , p2 , o1 }) Pip(p, p1 , p2 , o1 , i, o,t)|JPK† hp1 , i, o1 ,ti|R p [(ν{i, o,t})JQKhp, i, o,ti]hp2 i ] def = P(p,i,o,t) [(νn) rv(n)|JPK† hp, i, o,ti ]

Figure 14: Tagged graphs of processes

P •

O

.

A

/ • /

QQQ/ • nn/ JPK nQnQ | vnnn }||QQ(

Abs

J(?x)PK†

•

/ rv

.

P

/

/ JPK† { CCC { }{ !

•

J(νn)PK†

Figure 15: Examples of tagged graphs in a process reduction only sub-processes occurring in static contexts are allowed to interact with each other. Therefore to define reductions on graphs, we need to distinguish the • nodes, i.e. control flow nodes, that correspond to static contexts from those • nodes that correspond to non-static contexts. For this, we introduce unary edges labeled by A, called tag edges. These edges are used to tag the control flow nodes.

Definition 9 (Tagged graph) The tagged graph representation of P, denoted as JPK† is defined in Fig. 14 by induction on the structure of P.

In a tagged graph JPK† , each occurrence of abstraction, concretion, return, service definition or invocation in a static context is tagged by a tag edge. For an abstraction and a restriction, their tagged graphs are depicted in Fig. 15. Note in the case of a restriction, J(νn)PK† is quite different from its untagged version. In J(νn)PK† , a new value is generated and it is denoted by an rv-labeled edge, and original Res-labeled edge in the untagged version is not needed in the tagged version any more. To obtained a tagged graph JPK† from its untagged version JPK, we add a tag edge to the start of the control flow of JPK, and then apply a sequence of graph transformations, called tagging rules. They are Report No. 432, June 2010



A

•

O

.

S

/

•

21

O

.

S

/ Ses { }{{ /

•

/

•

/

•

O

.

S

/ Ses { }{{ /

•

/

•

/

/ •

/ Ses { }{{

•

A

/

(Ses-Tag) O

•

O o

O

•

A

•

/ Pip P /• { BBPBPPP { ! P' }{

•

•

/ Pip P /• | BBPP }|| B! PPP'

•

A

/• / Pip P | CCPCPPP | }| ! P'

(Pip-Tag) A

•

A

/

Par

PP/P• PPP '•

/ Par P / • PPP PP' •

•

•

/

Par

PP/P• A PPP (•

(Par-Tag) O

.

A

•

/

Res

A

/

•

•p

.

A • p0

.

/

rn

•p

p/p0 → p (Res-Tag) Figure 16: Tagging rules shown in Fig. 16. The tagging starts with a tag A at the beginning of the control. It then moves along the flow of control through a session to its body, a pipeline to its left-hand side or a parallel composition to both of its branches, before it stops at a nil process or a dynamic operator. When the tag arrives at a restriction, the restriction edge is removed, its original control flow nodes are combined, and an rv-labeled edge is added.

4.3

Rules for congruence

We have defined the set of graph transformation rules ∆c to simulate the structural congruence relation between CaSPiS processes (Section 2). These rules include the basic rules of commutativity and associativity, and those for moving restrictions forward, see Fig. 17. ∆c is proven to be sound and complete with respect to the structural congruence of CaSPiS. Theorem 1 (Soundness w.r.t. congruence) Let P be a process, R ∈ ∆c and G be a graph. If JPK† ⇒R G, there exist a process Q such that JQK† = G and P ≡c Q. Proof. Straightforward for each rule R ∈ ∆c .




22

O

•

/

•

O

•

•

•

2 Sum 1 •

•

Sum

/

•

•

O

• •

/

/ O DD • D"

•

Sum •

O

•

•

0 Sum

/

•

•

•

1 •

•

/

•

. w; ww

Res

•

•

O CC / • C! • • O 0 Par / •

• z= zz /• Sum •

•

O

• .

Res

•

•

/

Res

/

•

/

•

• {= {{ / • Par •

•

•

• w; ww

.

/

•

Par

•

•

•

O

•

=. || | / Res / •

•

.

Res

•

/ Par

•

/ /

. •

(Par-Res-Comm)

aBBB / / / / Pip Q BUBQUQU•UU Res • }||| B! QQQU( UUUU* • .

•

•

.

(Res-Comm)

•

. Par

•

(Par-Assoc)

.

=. || | / Res / •

•

Par

(Sum-Assoc) •

2 Par

(Par-Comm)

. Sum

•

•

/

•

(Sum-Comm)

•

•

Par

O

•

. •

•

•

•

=. || | / Res / • i/ Pip / • im iiiimm | BBB tiiii vmmm }|| !

•

(Pip-Res-Comm) •

bEEE •O E .O Res O / • / Ses / • { { }{ S

•

.

.

O / • Ses | ~||

• p0

.

/

/ •p

6. S nnn nnnn .O Res / • / Ses • | }|| •

/ •p

/

p/p0 → p (Ses-Res-Comm) Figure 17: Rules for congruence 1. R is (Par-Comm) (and similarly (Sum-Comm)). In order that R can be applied to JPK† , JPK† must contain an edge Par, i.e. P is of the form C[P1 |P2 ] for some context C[ · ] and sub-processes P1 , P2 . Consider Q = C[P2 |P1 ]. We have JPK† ⇒R JQK† . 2. R is (Par-Assoc) (and similarly (Sum-Assoc)). In order that R can be applied to JPK† , P must be of the form C[(P1 |P2 )|P3 ] for some context C[ · ] and sub-processes P1 , P2 , P3 . Consider Q = C[P1 |(P2 |P3 )]. We have JPK† ⇒R JQK† . 3. R is (Res-Comm). In order that R can be applied to JPK† , P must be of the form C[(νn)(νn0 )P1 ] for some context C[ · ] and sub-process P1 . Consider Q = C[(νn0 )(νn)P1 ]. We have JPK† ⇒R JQK† . 4. R is (Par-Res-Comm).




23

In order that R can be applied to JPK† , P must be of the form C[P1 |(νn)P2 ] for some context C[ · ] and sub-processes P1 , P2 . Consider Q = C[(νn)(P1 |P2 )]. We have JPK† ⇒R JQK† . 5. R is (Pip-Res-Comm). In order that R can be applied to JPK† , P must be of the form C[(νn)P1 > P2 ] for some context C[ · ] and sub-processes P1 , P2 . Consider Q = C[(νn)(P1 > P2 )]. We have JPK† ⇒R JQK† . We don’t need to consider the rule (Ses-Res-Comm), since it is only applicable to untagged version of graphs. In fact, we can also prove that each rule in ∆c , including (Ses-Res-Comm), transforms the untagged graph JPK of a process P to the untagged graph JQK of a congruent process Q ≡c P. As for the completeness of ∆c , a general description can be: P ≡c Q implies JPK† ⇒∗∆c JQK† . However, such a proof obligation seems too strong and we are not sure whether it is valid. For example, by applications of rules ∆c , we are able to transform the tagged graph Js.(P|(νn)Q)K† to Js.(νn)(P|Q)K† , i.e. moving a restriction to the front of a (sub-)process. However, it is hard to transform Js.(νn)(P|Q)K† back to Js.(P|(νn)Q)K† , as the restriction (νn) may bind some name n that occurs in P. A proper description of completeness is as follows. Theorem 2 (Completeness w.r.t. congruence) For two processes P and Q such that P ≡c Q, there is a process R such that JPK† ⇒∗∆c JRK† and JQK† ⇒∗∆c JRK† . In order to prove this theorem, we first introduce a couple of lemmas. Lemma 1 For each basic congruence rule LS ≡c RS, JLSK⇒∗∆c JRSK⇒∗∆c JLSK and JLSK† ⇒∗∆c JRSK† ⇒∗∆c JLSK† . Proof. Straightforward for each rule LS ≡c RS. 1. LS = P|Q, RS = Q|P. JLSK ≡d P(p,i,o,t) [(ν{p1 , p2 })(Par(p, p1 , p2 )|JPKhp1 , i, o,ti|JQKhp2 , i, o,ti)] ⇒(Par−Comm) P(p,i,o,t) [ (ν{p1 , p2 })(Par(p, p2 , p1 )|JQKhp2 , i, o,ti|JPKhp1 , i, o,ti)] ≡d JRSK. In the same way, JLSK† ⇒∗∆c JRSK† . Since this rule is symmetric, we also have JRSK ⇒∗∆c JLSK and JRSK† ⇒∗∆c JLSK† . 2. LS = (P|Q)|R, RS = P|(Q|R). JLSK ≡d P(p,i,o,t)[(ν{p1 , p2 , p3 , p12 }) Par(p, p12 , p3 )|Par(p12 , p1 , p2 )|JPKhp1 , i, o,ti|JQKhp2 , i, o, ti|JRKhp3 , i, o,ti ] ⇒(Par−Assoc) P(p,i,o,t)[(ν{p1 , p2 , p3 , p23 }) Par(p, p1 , p23 )|Par(p23 , p2 , p3 )|JPKh p1 , i, o,ti|JQKhp2 , i, o,ti|JRKhp3 , i, o,ti ] ≡d JRSK. On the other hand, JRSK ⇒(Par−Comm) J(Q|R)|PK ⇒(Par−Comm) J(R|Q)|PK ⇒(Par−Assoc) JR|(Q|P)K ⇒(Par−Comm) JR|(P|Q)K ⇒(Par−Comm) JLSK. In the same way, JLSK† ⇒∗∆c JRSK† and JRSK† ⇒∗∆c JLSK† . 3. LS = M + M 0 , RS = M 0 + M. JLSK ≡d P(p,i,o,t) [(ν{p1 , p2 })(Sum(p, p1 , p2 )|JMKhp1 , i, o,ti|JM 0 Khp2 , i, o,ti)] ⇒(Sum−Comm)




24

P(p,i,o,t) [(ν{p1 , p2 })(Sum(p, p2 , p1 )|JM 0 Khp2 , i, o,ti|JMKhp1 , i, o,ti)] ≡d JRSK. In the same way, we have JLSK† ⇒∗∆c JRSK† . Since this rule is symmetric, we also have JRSK ⇒∗∆c JLSK and JRSK† ⇒∗∆c JLSK† .

4. LS = (M + M 0 ) + M 00 , RS = M + (M 0 + M 00 ). 0 JLSK ≡d P(p,i,o,t) [(ν{p 1 , p2 , p3 , p12 }) Sum(p, p12 , p3 )|Sum(p12 , p1 , p2 )|JMKhp1 , i, o,ti|JM Khp2 , i, o,ti|JM 00 Khp3 , i, o,ti ] ⇒(Sum−Assoc) P(p,i,o,t) [(ν{p 1 , p2 , p3 , p23 }) Sum(p, p1 , p23 )|Sum(p23 , p2 , p3 )| JMKhp1 , i, o,ti|JM 0 Khp2 , i, o,ti|JM 00 Khp3 , i, o,ti ] ≡d JRSK. On the other hand, JRSK ⇒(Sum−Comm) J(M 0 +M 00 )+MK⇒(Sum−Comm) J(M 00 +M 0 )+MK⇒(Sum−Assoc) JM 00 +(M 0 +M)K⇒(Sum−Comm) JM 00 + (M + M 0 )K ⇒(Sum−Comm) JLSK. In the same way, we have JLSK† ⇒∗∆c JRSK† and JRSK† ⇒∗∆c JLSK† . 5. LS = (νn)(νn0 )P, RS = (νn0 )(νn)P. JLSK ≡d P(p,i,o,t) [(ν{p0 , p1 , n, n0 }) Res(p, n, p1 )|Res(p1 , n0 , p0 )|JPKhp0 , i, o,ti ] ⇒(Res−Comm) P(p,i,o,t) [(ν{p0 , p2 , n, n0 }) Res(p, n0 , p2 )|Res(p2 , n, p0 )|JPKhp0 , i, o,ti ] ≡d JRSK. JLSK† ≡d P(p,i,o,t) [(ν{n, n0 }) rn(n)|rn(n0 )|JPK† hp, i, o,ti ] ≡d JRSK† . Since this rule is symmetric, we also have JRSK ⇒∗∆c JLSK and JRSK† ⇒∗∆c JLSK† .

Lemma 2 For each special congruence rule LS ≡c RS, JLSK ⇒∗∆c JRSK and JLSK† ⇒∗∆c JRSK† . Proof. Straightforward for each rule LS ≡c RS. 1. LS = P|(νn)Q, RS = (νn)(P|Q). JLSK ≡d P(p,i,o,t) [(ν{p1 , p2 , p3 , n}) Par(p, p1 , p3 )|Res(p3 , n, p2 )|JPKhp1 , i, o,ti|JQKhp2 , i, o,ti ] ⇒(Par−Res−Comm) P(p,i,o,t) [(ν{p1 , p2 , p4 , n}) Res(p, n, p4 )|Par(p4 , p1 , p2 )|JPKhp1 , i, o,ti|JQKhp2 , i, o,ti ] ≡d JRSK. And JLSK† ≡d P(p,i,o,t) [(ν{p1 , p2 , n}) rn(n)|Par(p, p1 , p2 )|JPKhp1 , i, o,ti|JQKhp2 , i, o,ti ] ≡d JRSK† . 2. LS = (νn)P|Q, RS = (νn)(P|Q). The proof of this rule is similar to the previous one. 3. LS = (νn)Q > P, RS = (νn)(Q > P). JLSK ≡d P(p,i,o,t) [(ν{p1 , p2 , p3 , n, o1 }) Pip(p, p3 , p2 , o1 , i, o,t)|Res(p3 , n, p1 )|JQKhp1 , i, o,ti|G ] ⇒(Pip−Res−Comm) P(p,i,o,t) [(ν{p1 , p2 , p4 , n, o1 }) Res(p, n, p4 )|Pip(p4 , p1 , p2 , o1 , i, o,t)|JQKhp1 , i, o, ti|G ] ≡d JRSK, where G is R p [(ν{i, o,t})JPKhp, i, o,ti]hp2 i. And JLSK† ≡d P(p,i,o,t) [(ν{p1 , p2 , n, o1 }) rn(n)|Pip(p, p1 , p2 , o1 , i, o,t)|JQK† hp1 , i, o,ti|G ] ≡d JRSK† . 4. LS = r (νn)P, RS = (νn)(r P). JLSK ≡d P(p,i,o,t) [(ν{p2 , n}) i|t|S(p,t) [(ν{p1 , i1 , o1 })(Ses(p, r, p1 , i1 , o1 )|Res(p1 , n, p2 )|JPKhp2 , i1 , o1 ,ti)]hp, oi ] ⇒(Ses−Res−Comm) P(p,i,o,t) [(ν{p3 , n}) i|t|Res(p, n, p3 )|S(p,t) [(ν{p1 , i1 , o1 })(Ses(p, r, p1 , i1 , o1 )|JPKhp1 , i1 , o1 ,ti)]hp3 , oi ] ≡d JRSK. And JLSK† ≡d P(p,i,o,t) [(νn) rn(n)|i|t|S(p,t) [(ν{p1 , i1 , o1 })(Ses(p, r, p1 , i1 , o1 )|JPK† hp1 , i1 , o1 ,ti)]hp, oi ] ≡d JRSK† .

Lemma 3 Let ∆ be a set of DPO rules, P, Q be two processes and C[ · ] be a context. JPK ⇒∗∆ JQK and JPK† ⇒∗∆ JQK† implies JC[P]K† ⇒∗∆ JC[Q]K† . Report No. 432, June 2010



25

Proof. If C[ · ] is a static context, JC[R]K† is constructed based on JRK† for any process R, i.e. JC[R]K† is of the form G(JRK† ). In this case, JC[P]K† = G(JPK† ) ⇒∗∆ G(JQK† ) = JC[Q]K† . If C[ · ] is not static, JC[R]K† is constructed based on the untagged graph JRK for any process R, i.e. JC[R]K† is of the form G(JRK). In this case, JC[P]K† = G(JPK) ⇒∗∆ G(JQK) = JC[Q]K† . To prove Theorem 2, we need to study different cases of congruence between two processes P and Q, For this purpose, we introduce the following notations. 1. P is one-step strictly congruent with Q, denoted as P ≡•s Q, if P can be transformed to Q through an application of a basic congruence rule (see Fig. 1). Specifically, there is a basic congruence rule LS ≡c RS such that P = C[LS] and Q = C[RS], or P = C[RS] and Q = C[LS], for some context C[ · ]. The relation ≡•s is symmetric, i.e. P ≡•s Q implies Q ≡•s P. 2. P is strictly congruent with Q, denoted as P ≡s Q, if P can be transformed to Q through applications of basic congruence rules, i.e. P = P0 ≡•s P1 ≡•s . . . ≡•s Pk = Q for some processes P0 , . . ., Pk (k ≥ 0). 3. Q is a one-step res-forwardness of P, denoted as P B• Q, if P can be transformed to Q through an application of a special congruence rule (see Fig. 2), i.e. P = C[LS] and Q = C[RS] for some context C[ · ] and special congruence rule LS ≡c RS. Notice that a special congruence rule is applied only in one direction: from the left side to the right side. This is different from basic congruence rules that can be applied in both directions. Therefore, P B• Q does not imply Q B• P. 4. Q is a one-step generalization of P, denoted as P V•c Q, if P ≡•s Q or P B• Q. 5. Q is a generalization of P, denoted as P Vc Q, if P = P0 V•c P1 V•c . . . V•c Pk = Q for some processes P0 , . . ., Pk (k ≥ 0). 6. P is one-step congruent with Q, denotes as P ≡•c Q, if P V•c Q or Q B• P. So, P ≡c Q if and only if P = P0 ≡•c P1 ≡•c . . . ≡•c Pk = Q for some processes P0 , . . ., Pk (k ≥ 0). We also need to consider certain normal forms of processes. Given a process P, we can move forward its restrictions as much as possible using special congruence rules. The result process is unique for P up to strict congruence. It is called the restriction-prefixed form of P, denoted as rp(P). For example, rp((νx)hxi|(νs)s.hyi↑ ) = (νx)(νs)(hxi|s.hyi↑ ). It is easy to see that two processes have the same restriction-prefixed form if they are one-step congruent, i.e. P ≡•c Q implies rp(P) ≡s rp(Q). As a result, congruent processes have the same restriction-prefixed form, i.e. P ≡c Q implies rp(P) ≡s rp(Q). With these notations, we can prove the following lemma. Lemma 4 P Vc Q implies JPK† ⇒∗∆c JQK† . Proof. We only need to prove the case P V•c Q, which means either P ≡•s Q or P B• Q. 1. If P ≡•s Q, there exist a basic congruence rule LS ≡c RS such that P = C[LS], Q = C[RS] or P = C[RS], Q = C[LS] for some context C[ · ]. According to Lemma 1, we have JLSK⇒∗∆c JRSK⇒∗∆c JLSK and JLSK† ⇒∗∆c JRSK† ⇒∗∆c JLSK† . Then, according to Lemma 3, JPK† ⇒∗∆c JQK† . Report No. 432, June 2010



26

2. If P B• Q, there exist a special congruence rule LS ≡c RS such that P = C[LS] and Q = C[RS] for some context C[ · ]. According to Lemma 2, we have JLSK ⇒∗∆c JRSK and JLSK† ⇒∗∆c JRSK† . Then, according to Lemma 3, JPK† ⇒∗∆c JQK† . Now, we are able to prove Theorem 2. Proof of Theorem 2. For processes P ≡c Q, rp(P) ≡s rp(Q). Let R be rp(Q). We have P Vc R and Q Vc R. According to Lemma 4, JPK† ⇒∗∆c JRK† and JPK† ⇒∗∆c JRK† .

4.4

Rules for reduction

We have defined a set of graph transformation rules ∆r to simulate the reduction behavior of CaSPiS processes (Section 2). They are shown in Fig. 18. Rule (Ser-Sync) is for the synchronization between a pair of service definition and service invocation. The synchronization causes the creation of a new session. Note that the data node representing the service name can become isolated after the synchronization, but it can be eliminated by the garbage collection rule (D-GC) shown in Fig. 19. Rule (Ses-Sync) is for the interaction between a concretion and an abstraction of a session r. The shared channel node by the edges Con and Ses makes sure that the concretion belongs to one side of r. Similarly, the abstraction belongs to the other session side. Both of the abstraction and concretion are removed after the communication, with the value of the concretion assigned to variables originally bound by the abstraction. Rule (Ses-SyncRet) is for the interaction between a return and an abstraction in different sides of a session r. It has a similar form to Rule (Ses-Sync), while the return edge Ret occurs in body of another session, which is nested inside r. Let ∆ be the set of all the DPO rules provided so far, including rules for tagging, congruence and reduction. The soundness and completeness of DPO rules with respect to CaSPiS reduction is described by the following propositions. Proposition 1 (Soundness w.r.t. reduction) For two processes P and Q such that JPK† ⇒∗∆ JQK† , Q can be obtained from P through a sequence of reductions, i.e. P− → ∗ Q, where− → ∗ is the reflexive and transitive closure of the reduction relation − →.

Proposition 2 (Completeness w.r.t. reduction) For two processes P and Q such that P− →Q, there exists 0 † ∗ 0 † a process Q ≡c Q such that JPK ⇒∆ JQ K . The proof of these propositions is far more difficult than that of theorems 1 and 2. The difficulty lies in the fact that during the reduction of a pipeline, a copy of its right-hand side is produced. Recall that a DPO rule consists of a fixed number of nodes and edges, thus unable to make a copy of a process of any size. So, it is hard to define a set of DPO rules for the reductions of a pipeline that are sound and complete. We leave the definition of such rules and the proof of propositions 1 and 2 as our future work.



An example

27

A

= .J ||| / • / De f / • }{{{ / • / Inv / • |zzz

D

•

A

I

•

A

•

/

•

/

A

•

•

•

•

/

A

•

rn

S

•

A

.

B .O

.

/ Ses |zzz

/•

/ Ses |zzz

/•

/

S

/

•

o

•

/

(Ser-Sync) A .O

. O / Ses P / • • i/ Con / i P iiPiPiPi( i ti

S

/•

•

o

A

A

S

/• /

•

o

Ses

•

/

•

o

/

•

Ses

O

.

PP/ P• • y/ Abs / PP( |y

B .O

S

/

•

o

PP/ •P • p PP'

/

•

S • p0

o

.n

PP/ •P •q P P'

o

A

S

A

/• /

•

•q0

Ses

•

A .O

Ses P / • PPP • p P(

/• /

A

S •

.n0

A

Ses

.n

PP/ •P •q PP(

p/p0 → p, q/q0 → q, n/n0 → n (Ses-Sync) S •

/• / o

•

/• / o

•

. O / / • • Ret lll l l ul

S

A

Ses / • B BBB o BB

S

B .O

.O A / / Ses P • PPP • z Abs P( |z

•

/

•

o

/•

B .O

S

/

•

o

•

S

/ B • • o BBB BB B

/

•

Ses

S

A

•

/

OO/ •O •q OO'

Ses

A

.n0

S • p0

•p

•

o

.n •q0

• o

B .O

•

S

• Ses / • CC o CC CC C!

S

A

/• /

/• /

A

•p

Ses

.n

PP/ •P •q PP(

p/p0 → p, q/q0 → q, n/n0 → n (Ses-Sync-Ret) Figure 18: Rules for reduction

.

(D-GC) Figure 19: Garbage collection of isolate data node

5

An example

Consider a service named by time which is ready to output the current time T . This service can be used by a process that invokes the service, receives values it produces and returns them. The composition of



Conclusion

P

28

A

O

•

•

/•

/ Par O

• A

.time .T O {= G {{{ / • / De f / • j/ Con / • / Nil H jj jHjHj$ j uj B . 5 I kk O kkk / • / Inv / • k/ Abs kk / • / Ret / • / Nil k ~~~ ukkkkk D

A

P

/

rv

S

O

o A .O

/•

•

.time

/ Ses / • j/ Con H j ujjHjHj# jj

4

/

(Ser−Sync)

•

−→

/•

O

.T

/•

4 /

/•

/ Nil

B kk5 .O kkk / • / Ses / • l/ Abs kk / • / Ret l vlllll

S

O

•

/

/ Par

/ Nil

A

JP0 K†

P

S

/•

O

•

(D−GC)(Ses−Tag)

−→

•

/•

rv

o A .O

.T O / Ses / • / Con E ll ullEEl" ll A

P

/•

B ll6 .O lll / • / Ses / • l/ Abs ll/ • / Ret l ~}}} vlllll S

/

4 /

/ Par

•

/ Nil

S

/•

O

•

(Ses−Sync)

−→

•

/•

/ Nil

o A .O

A

/ Ses / • D DD"

•

/ Nil

/

B

4 /

/•

/ Nil

/ Par

A

/•

rv

/ • / Ses ~}}}

JP1 K†

O / Ret .T

A

S

/ •

JP2 K†

Figure 20: Application of Graph Transformation Rules the service and the process is specified in CaSPiS as P0 = time.hT i|time.(?x)hxi↑ . The synchronization between time and time creates a session with a fresh name r, and P0 evolves to P1 = (νr)(r hT i|r (?x)hxi↑ ). Then, the concretion hT i on one session side and the abstraction (?x) on the other side can communicate, assigning x on the latter side with T , and P1 evolves to P2 = (νr)(r 0|r hT i↑ ). The same behavior can be simulated by graph transformations shown in Fig. 20. The first graph is the tagged graph of P0 . It is transformed to the tagged graph of P1 (the left of the two at the bottom of the figure) through a sequential application of DPO rules (Sync), (D-GC) and (Ses-Tag). The tagged graph of P1 can be further transformed to that of P2 (the right of the two at the bottom of the figure) by applying the DPO rule (Ses-Sync).

6

Conclusion

We propose a graph characterization of structured service programming with session and pipelines. This is done by translating a CaSPiS process term to a graph term of a graph algebra, and giving the graph algebra a model of hypergraphs. A reduction semantics of CaSPiS is then defined by a graph transfor-



References

29

mation system for the hypergraphs. The advantage of this approach is gained from the intuitive understanding of graphs, in terms of the concepts and structures of graphs more than the graphic representation itself, as well as the mathematic power of the theory of graphs and graph transformations. A graph representation of a process characterizes both the hierarchical structure and the dynamic behavior of the process. The hypergraph model is new compared with the one given in [3] in that hierarchy is modeled by proper combinations of abstract edges between nodes and edges of different designs. This is a key nature that enables us to define graph transformations in the DPO form. The new notion of tagged graphs play the key role in this. We provide two sets of graph transformation rules, ∆c for congruence relation between graphs (and thus for processes) and ∆r for the reduction semantics. ∆c is proven to be sound and complete with respect the congruence rules of CaSPiS processes. However, the work on soundness and completeness of ∆r with respect to the operational semantics of CaSPiS is still in progress. We believe they are sound and complete after proving most of the transition rules of the operational semantics CaSPiS and the only difficulty is in the case for the pipelines due to the dynamic creation of processes. Future work also includes a characterization of process replication !P, that is always ready to make a copy of itself, i.e. !P ≡c P|!P, and further exploration of the power of the theory of graphs and graph transformations for analysis of service-oriented programs.

References [1] M. Boreale, R. Bruni, L. Caires, R. De Nicola, I. Lanese, M. Loreti, F. Martins, U. Montanari, A. Ravara, D. Sangiorgi, V. Vasconcelos, and G. Zavattaro. SCC: a service centered calculus. In Proc. of WS-FM’06, LNCS 4184, pages 38 – 57. Springer, 2006. [2] M. Borealea, R. Bruni, R. De Nicola, and M. Loreti. Sessions and pipelines for structured service programming. In FMOODS’08, LNCS 5051, pages 19 – 38. Springer, 2008. [3] R. Bruni, F. Gadducci, and A. Lluch Lafuente. A graph syntax for processes and services. In Proc. of the 6th International Workshop on Web Services and Formal Methods (WS-FM’09). Springer Verlag, 2009. [4] A. Corradini, U. Montanari, F. Rossi, H. Ehrig, R. Heckel, and M. Löwe. Algebraic approaches to graph transformation, Part I: Basic concepts and double pushout approach. In G. Rozenberg, editor, Handbook of Graph Grammars and Computing by Graph Transformation. Vol. 1: Foundations, pages 163 – 245. World Scientific, 1997. [5] G. Decker, F. Puhlmann, and M. Weske. Formalizing service interactions. In Business Process Management, LNCS 4102, pages 414 – 419. Springer, 2006. [6] G. Ferrari, D. Hirsch, I. Lanese, U. Montanari, and E. Tuosto. Synchronised hyperedge replacement as a model for service oriented computing. In Proc. of the 4th International Symposium on Formal Methods for Components and Objects (FMCO’05), LNCS 4111, pages 22 – 43. Springer, 2006. [7] F. Gadducci. Term graph rewriting for the pi-calculus. In A. Ohori, editor, Proc. of the 1th Asian Symposium on Programming Languages and Systems, LNCS 2895, pages 37 – 54. Springer, 2003. [8] C. A. R. Hoare. Communicating sequential processes. Commun. ACM, 21(8):666 – 677, 1978. [9] O. H. Jensen and R. Milner. Bigraphs and mobile processes. Technical Report 570, Computer Laboratory, University of Cambridge, 2003.



References

30

[10] R. Lucchi and M. Mazzara. A pi-calculus based semantics for WS-BPEL. Journal of Logic and Algebraic Programming, 70(1):96 – 118, 2007. [11] R. Milner, editor. Communication and Concurrency. Prentice-Hall International, Englewood Cliffs, 1989. [12] R. Milner, J. Parrow, and J. Walker. A calculus of mobile processes, I and II. Information and Computation, 100(1):1 – 40, 41 – 77, 1992. [13] J. Misra and W. R. Cook. Computation orchestration: a basis for wide-area computing. Journal of Software and Systems Modeling, 6(1):83 – 110, 2007.



Graph Representation of Sessions and Pipelines ... - Semantic Scholar

Graph Representation of Sessions and Pipelines ... - Semantic Scholar

Suggest Documents

Sessions and Pipelines for Structured Service ... - Semantic Scholar

Sessions and Pipelines for Structured Service ... - Semantic Scholar

Synchronization of pipelines - Semantic Scholar

Sessions - Semantic Scholar

technical sessions - Semantic Scholar

Poster Sessions - Semantic Scholar

k2-trees for Compact Web Graph Representation - Semantic Scholar

Theory of Modulo-Scheduled Pipelines - Semantic Scholar

Graph Theoretical Representation of Atomic

Graph representation of geological stratum

Harvest Rate of Reconfigurable Pipelines - Semantic Scholar

Sessions FM-O - Semantic Scholar

GRAPH checklist - Semantic Scholar

MATLAB graph - Semantic Scholar

HANDBOOK of GRAPH GRAMMARS and ... - Semantic Scholar

Graph Kernels - Semantic Scholar

Representation Learning - Semantic Scholar

Semantic Web and Knowledge Representation - Semantic Scholar

Representation and Monitoring of Commitments ... - Semantic Scholar

Preparation and Representation of Recombinant ... - Semantic Scholar

Efficient analysis and representation of ... - Semantic Scholar

Differential representation of feedback and ... - Semantic Scholar

segmented and "equivalent" representation of - Semantic Scholar

Biophysical annotation and representation of ... - Semantic Scholar