Attribute based communication

A Theoretical Framework for modelling interactions in
Collective-Adaptive Systems
Yehia Abd Alrahman
yehia.abdalrahman@le.ac.uk
November 13, 2018
University of Leicester

Contents
1 Collective Adaptive Systems
2 The AbC Calculus
AbC Syntax & Semantics
Behavioral Theory for AbC
A Programming Framework
3 CAS Veriﬁcation
Y. Abd Alrahman 1/24

Collective Adaptive Systems
From a computer science perspective, collective systems are reactive systems that
consist of a large number of interacting entities.
Each entity may have its own properties, objectives and actions.
At the system level the entities combine to create the collective behaviour.
Anonymous interaction, collectives are established at run-time.
Entities may enter or leave the collective at anytime.
Collective Adaptive Systems Y. Abd Alrahman 2/24

The behaviour of the system is thus dependent on the behaviour of the individual
entities.
And the behaviour of the individuals will be inﬂuenced by the state of the overall
system.

CAS are often embedded in our environment and need to operate without
centralised control or direction.
Moreover when conditions within the system change it may not be feasible to
have human intervention to adjust behaviour appropriately. Thus systems
must be able to autonomously adapt.

Modelling and analysis of CAS
The Key Challenge of software development for CAS
Is the management of a transition from systems comprising relatively isolated,
small-scale elements to large-scale, massively interconnected systems that are
physically distributed.
Our goal is to come up with a set of linguistic primitives, methods and tools to
build and analyse CAS systems.

Modelling and analysis of CAS
We focus on the following:
1. attribute based communication for modelling interactions in CAS;
2. AbC: a calculus focusing on a minimal set of primitives that rely on
attribute-based communication for systems interaction;
3. How to verify CAS systems?!

Design Principles
There is no coordinator, fully distributed components.
Components are aware of their status and can make decisions
accordingly.
Messages are the deriving force for interaction and collaboration.

Design Principles
accordingly.
Components adapt their behaviour in response to message exchange or
by inspecting their local state (input-enabled?).
Interaction is anonymous and communication links are established at
run-time: values of attributes?!

Design Principles
accordingly.
Components adapt their behaviour in response to message exchange or
by inspecting their local state (input-enabled?).
Interaction is anonymous and communication links are established at
run-time: values of attributes?!
Components have the same code with possibly diﬀerent behaviour?!
We want to ensure local interdependence and external independence?!
Local behaviour of components should be parametric to the local state.

Plan
2 The AbC Calculus
3 CAS Veriﬁcation
The AbC Calculus Y. Abd Alrahman 8/24

AbC: Basic Ingredients.
(Components) C ::= Γ:I P | C1 C2 | νnC
Single component Γ:I P – Γ denotes attribute environment, I interface, and P
process
Parallel composition – of components
Name restriction νn (to delimit the scope of name n) – in C1 (νn)C2, name
n is invisible from within C1

AbC Processes
(Processes) P ::= 0 | Act.U | Π P | P1 + P2 | P1|P2 | K
(Updates) U ::= [a := E]U | P
(Actions) Act ::= Π(˜x) | ( ˜E)@Π
Π P – blocks P until the evaluation of Π under the local environment
becomes true.
Act – communication and attribute update actions

AbC: Semantics Excerpts
˜E Γ = ˜v {Π1}Γ = Π
Γ:I ( ˜E)@Π1.U
Γ↓I Π(˜v)
−−−−−→ ⦃Γ:I U⦄
Brd
Γ |= {Π1[˜v/˜x]}Γ1
Γ1 ↓ I |= Π
Γ1 :I Π1(˜x).U
Γ Π(˜v)
−−−−−→ ⦃Γ1 :I U[˜v/˜x]⦄
Rcv
Γ:I P
λ
−→ Γ :I P
Γ:I P
λ
−→ Γ :I P
Comp
Γ:I P
Γ Π (˜v)
−−−−−→ Γ:I P
Γ:I P
Γ Π (˜v)
−−−−−→ Γ:I P
Fail
C1
Γ Π(˜v)
−−−−→ C1 C2
Γ Π(˜v)
−−−−→ C2
C1 C2
Γ Π(˜v)
−−−−→ C1 C2
Sync
C1
Γ Π(˜v)
−−−−→ C1 C2
Γ Π(˜v)
−−−−→ C2
C1 C2
Γ Π(˜v)
−−−−→ C1 C2
ComL

Behavioural Theory for AbC
Objectives
To compare systems, speciﬁed at diﬀerent levels of abstractions.
To be used as a tool to minimise the state space of systems (by relying on
equational laws).
To prove properties about systems.

Behavioural Theory for AbC
Objectives
To compare systems, speciﬁed at diﬀerent levels of abstractions.
To be used as a tool to minimise the state space of systems (by relying on
equational laws).
To prove properties about systems.
Weak Labelled Bisimulation
A symmetric binary relation R over the set of AbC-components is a weak
bisimulation if and only if for any (C1, C2) ∈ R and for any λ1 such that
bn(λ1) ∩ fn(C1, C2) = ∅:
C1
λ1
−→ C1 implies ∃λ2 : λ1 λ2 such that C2
ˆλ2
=⇒ C2 and (C1, C2) ∈ R
Two components C1 and C2 are weak bisimilar, written C1 ≈ C2 if there exists a
weak bisimulation R relating them.

Congruence & Applications
System Level
C1 ≈ C2 implies C1 C ≈ C2 C for all components C
C1 ≈ C2 implies νnC1 ≈ νnC2 for all names n
A number of alternative communication paradigms such as:
Explicit Message Passing
Group based Communications
Publish-Subscribe
can be easily modelled by relying on AbC primitives

Run-time Environments for AbC
We developed Aba
CuSa
is a Java API and GoAtb
a Go API that allow
programmers to use the linguistic primitives of AbC in Java and Go programs:
fully relies on the formal semantics of AbC;
there is a one-to-one correspondence between the AbC constructs and the
APIs.
a
“https://github.com/lazkany/AbC”
b
“https://github.com/giulio-garbi/goat”
Case Studies
Stable Allocation in Content Delivery Networks;
Distributed graph colouring scenario;
Swarm robotics scenario;
Smart conference system scenario.

Plan
2 The AbC Calculus
3 CAS Veriﬁcation
CAS Veriﬁcation Y. Abd Alrahman 15/24

How to verify CAS?!

How to verify CAS?!
Synthesis?!
Developing systems is hard, expensive, and error prone.

How to verify CAS?!
Synthesis?!
The common solution is extensive testing and veriﬁcation.

How to verify CAS?!
Synthesis?!
If we can verify, why not go directly from speciﬁcation to
correct-by-construction systems by synthesis?!

How to verify CAS?!
Synthesis?!
Church’s Synthesis Problem: Given a Circuit Interface specification and a
Behavioural Specification, determine if there is a Controller that realises the
specification. if the specification is realisable, construct a controller.

How to verify CAS?!
Synthesis?!
Circuit interface: partition to inputs and outputs.
Behavioural speciﬁcation: description in First Order Logic.

How to verify CAS?!
Synthesis?!
Circuit interface: partition to inputs and outputs.
Behavioural speciﬁcation: description in First Order Logic.
I will consider formulas of type General Reactivity of Rank 1 Gr(1), i.e.,
formulas of the following form:

AbC and Synthesis?!

AbC and Synthesis?!
Let us just assume that ∃A ∈ You where A is a person in my current
audience such that A is wondering:

AbC and Synthesis?!
A: Weird, thought they were orthogonal!

AbC and Synthesis?!
Me: Yes they are, but I believe I can convince you that they are not.

AbC and Synthesis?!
A: Are you playing a Game with me?

AbC and Synthesis?!
Me: Yes, I am

AbC and Synthesis?!
Me: Yes, I am
A: Seriously, How is that possible?!

AbC and Synthesis?!
Me: Yes, I am
Me: Provide an equivalent succinct symbolic representations of AbC
programs, thus AbC is considered as a target generation language. For
instance, consider a Fair Discrete Structure (FDS), Right?

AbC and Synthesis?!
Me: Yes, I am
Me: We specify the system and the environment symbolically and reduce the
realisability of a Logical Formula into a solution of a Two-Player Game, right?

AbC and Synthesis?!
Me: Yes, I am
Me: We specify the system and the environment symbolically and reduce the
realisability of a Logical Formula into a solution of a Two-Player Game, right?
A: Hmmm...

Fair Discrete Structure (FDS)
FDS
Formally, an FDS D = V, θ, ρ, J , C consists of the following:
V = {v1, . . . , vn}: Finite set of Boolean variables where a state s is to be an
interpretation of V. And θ is the initial condition.
ρ: A transition relation. This a an assertion ρ(V ∪ V ), relating a state s to
its D-successor s , i.e., (s, s ) |= ρ.
Weak fairness requirements : J = {J1, . . . , Jn} and Strong fairness
requirements C = {(P1, Q1), . . . , (Pn, Qn)}:

Fair Discrete Structure (FDS)
FDS
Formally, an FDS D = V, θ, ρ, J , C consists of the following:
V = {v1, . . . , vn}: Finite set of Boolean variables where a state s is to be an
interpretation of V. And θ is the initial condition.
ρ: A transition relation. This a an assertion ρ(V ∪ V ), relating a state s to
its D-successor s , i.e., (s, s ) |= ρ.
Weak fairness requirements : J = {J1, . . . , Jn} and Strong fairness
requirements C = {(P1, Q1), . . . , (Pn, Qn)}:
A Temporal Semantics for FDS
For every FDS D, there exists an LTL formula ϕD, called the temporal semantics
of D, which characterises the computations of D. It is given by:

A Game Structure (CG)
Formally, a game structure G = V, X, Y, θe, θs, ρe, ρs, ϕ consists of the following:
V as defined before such that V = X ∪ Y where X is the set of uncontrollable
variables and Y is the set of controllable variables. Σ is used to denote all the
set of states.
θe and θs is the initial conditions for the environment (resp. system) such
that s is initial if s |= θe ∧ θs.
ρe(V, X ) and ρs(V, X , Y ) are transition relations for the environment (resp.
system) such that s is a successor of s if (s, s ) |= ρe ∧ ρs.
A Play σ is a maximal sequence of states σ = s0, s1, . . . and is considered
winning for the system if (i) is finite and for an assignment sX : (sn, sX ) |= ρe
or (ii) is infinite and (sn, sX , sY ) |= ϕ
A Strategy for the system is a partial function f : Σ+
× X → Y . A strategy
f is winning for the system from s if all s-plays are wining for the system.
Ws is the set of states from which there exists a wining strategy for the
system.

Realisability and Synthesis
Given an LTL formula ϕ over sets of uncontrollable and controllable variables
X and Y, we say that a controller D = V, θ, ρ realises ϕ if D |= ϕ. If exists,
we say that ϕ is realisable.
If ϕ is realisable, then the construction of such a controller constitutes a
solution for the synthesis problem.
Realisability can be reduced to the decision of a winner in a two-player game.
From the winning strategy, we can extract a controller that realises ϕ.
Given a game structure G = V, X, Y, θe, θs, ρe, ρs, ϕ . The system wins in G
iﬀ the following formula is realisable:

Realisability and Synthesis
Given an LTL formula ϕ over sets of uncontrollable and controllable variables
X and Y, we say that a controller D = V, θ, ρ realises ϕ if D |= ϕ. If exists,
we say that ϕ is realisable.
If ϕ is realisable, then the construction of such a controller constitutes a
solution for the synthesis problem.
Realisability can be reduced to the decision of a winner in a two-player game.
From the winning strategy, we can extract a controller that realises ϕ.
Given a game structure G = V, X, Y, θe, θs, ρe, ρs, ϕ . The system wins in G
iﬀ the following formula is realisable:
Theorem
The system wins in a game G iﬀ ϕG is realisable.

µ-Calculus & Solving GR(1)
Games
Let G be a game where the winning condition is of the following form:

Games
The following µ-calculus formula can be used to solve the game where
Zj+1 = Z((j mod n)+1)

Games
The following µ-calculus formula can be used to solve the game where
Zj+1 = Z((j mod n)+1)
Theorem
Ws = [[ϕ]].

Solving GR(1) Games Cont.
Theorem
A game structure G with a GR(1) winning condition can be solved by a symbolic
algorithm that performs O(nm|Σ|2
) next step computations, where Σ is the set of
all possible assignments to the variables in ϕ.

Theorem
How expressive the GR(1) formulas?
Dwyer et al. have identifed 55 LTL specification patterns, which are common
in industrial specifications and make writing specifications easier.
Maoz and Ringert have provided a formal proof that almost all of the 55
patterns can be translated as assumptions and guarantees in the GR(1).

Theorem
How expressive the GR(1) formulas?
Dwyer et al. have identifed 55 LTL specification patterns, which are common
in industrial specifications and make writing specifications easier.
Maoz and Ringert have provided a formal proof that almost all of the 55
patterns can be translated as assumptions and guarantees in the GR(1).
Take Home Message: These two statements are equivalent:
Do not program, Specify.
SPECIFY, DO NOT PROGRAM.

The Distributed Synthesis Problem
Problem: Distributed Synthesis which targets multi-agents.

Ingredients:
Multiplayer games: ∀ ( a ♦ read ∧ a write)

Ingredients:
Knowledge representation: K1K2p ∧ ¬K2K1K2p, EGϕ, CGϕ, and
DGϕ

Ingredients:
DGϕ
Strategic reasoning: (∃x ∈ Σ)(∀y ∈ Γ)ϕ(x, y).

Ingredients:
DGϕ
Strategic reasoning: (∃x ∈ Σ)(∀y ∈ Γ)ϕ(x, y).
Objective: is to come up with a recipe to construct a reasonable
objective language from these ingredients.

Chuangtse and Hueitse had strolled onto the bridge over the Hao,
when the former observed, ”See how the small fish are darting about!
That is the happiness of the fish.” ”You are not a fish yourself,” said
Hueitse. ”How can you know the happiness of the fish?” ”And you not
being I,” retorted Chuangtse, ”How can you know that I do not
know?”
— Chuangtse, c.300 B.C.
Many thanks for your time.
Questions?

Attribute based communication

Recommended

Recommended

More Related Content

Similar to Attribute based communication

Similar to Attribute based communication (20)

Recently uploaded

Recently uploaded (20)

Attribute based communication