HIDING

3

Abstraction and control flow

of the process, since no other processes are required to engage in them. These events become internal to the process P. The operational rules reflect this:

P ^?!a P⁰

[

^a2A

]

PⁿA ^?! P^{0 n}A

P ^?! P⁰

[

^62A

]

PⁿA ^?! P⁰ⁿA

The process P ⁿ A may make the same transitions as P, but all the events in A are renamed to the internal event. Termination cannot be hidden, so the event^Xmust not appear in the set A.

This operator is used in design and in implementation. It explains a process in terms of internal activity, so it is used in a description of how a particular end is accomplished. It is not appropriate at the level of specification, since at that level internal events should not even be mentioned: specifications of processes should be concerned purely with the behaviour on their external events.

Example 3.1

A spy listens out for particular pieces of information, and then relays them to a master spy who logs them. In order for the spy to be effective, it is important that the relaying of information is kept hidden from its environment.

SPY

=

^listen

?

^x

:

^{T !relay}

!

^x!SPY

MASTER

=

^relay

?

^y

:

^T!log

!

^y!MASTER

The combination of the master and the spy is described by

(

^SPYkMASTER

)

^nrelay:T

The only visible activity the spy is involved in is listening. ²

Example 3.2

A stop-and-wait protocol implements a one-place buffer. It consists of two halves, S and R: a message is input to S, passed to R, and finally output from R.

S

=

ⁱⁿ

?

^x

:

^T!mid

!

^x!ack!S

R

=

^mid

?

^y

:

^{T !out}

!

^y!ack!R

in out

S mid R

ack SAWP

Fig. 3.1 A stop-and-wait protocol

Having accepted a message, the sender S passes the message to R along channel mid, and then waits for an acknowledgement before accepting the next message. The receiver R accepts messages along mid, and sends an acknowledgement once a message has been output.

The two halves of the protocol are designed to combine in parallel. The channel mid and the acknowledgement event ack are private connections and should have no participants other than S and R. The protocol is then described as

SAWP

= (

^SkR

)

ⁿ

(

^mid:T[fackg

)

This is pictured in Figure 3.1 ²

Example 3.3

Each cell Nl in the network of cells connected as vertices of a hypercube, described in Example 2.13 as MAILER, has interface

Al

=

^{finl;outlg[fck;ljk2adj}

(

^l

)

^{g[fcl;kjk2adj}

(

^l

)

^g

The inland outlchannels are intended for communication with the users of the network, and the c channels are used for the cells to pass messages between each other. The intention is that no external parties are involved in the communications on the c channels. The only processes involved in communications on any particular channel ck^;lare the cells Nkand Nl. In order to encapsulate the c channels within the process MAILER the hiding operator is used:

MAIL SERVICE

=

^{MAILERnfci;jji;j2COORD^j2adj}

(

ⁱ

)

^g

The only external events that MAIL SERVICE can perform are communications along the channels inland outlfor each l; only through these events can it interact with its environment.

2

A process exercises complete control over its internal events. With this control over when internal events are performed comes the responsibility to perform them: internal events should not be delayed indefinitely once they are enabled, since otherwise progress could not be expected. In the Stop-and-Wait Example 3.2 the environment can expect a message to be

c c c c c

c N100

N000 N001

N101

N⁰¹⁰ N⁰¹¹

N110 N111

in⁰⁰⁰ out000

in⁰¹⁰ out⁰¹⁰

out110

in¹¹⁰

in⁰⁰¹ out001

in⁰¹¹ out⁰¹¹

out¹¹¹ in111

out¹⁰⁰ in100

in¹⁰¹ out101

c c c c c c

c

c c100;110

c000;001

c c c c

c^110;010 c^010;110

c^111;110 c^110;111

Fig. 3.2 The process MAIL SERVICE

offered as output after it has been input. The message must be passed internally along mid after it has been received on the in channel, and SAWP cannot refuse to perform a mid event, or indeed an ack event, once it is enabled.

When the events offered by an external choice are hidden, the environment no longer has any control over how the choice is resolved: it is resolved internally.

Example 3.4

A fax is to be sent to someone who has two fax machines. A secretary is given the fax to send (modelled by the event in^:x). It can be sent to the first, modelled by the channel send^:

1

, or it can be sent to the second, modelled by channel send^:

2

. The secretary is prepared to send it to either number, and offers the choice to her boss, modelled as an external choice.

Sometime later a receipt is obtained indicating successful transmission to the corresponding

machine. This situation is described by SEC.

SEC

=

ⁱⁿ

?

^x!

(

^send:

1!

^x!received:

1

^!STOP

2send^:

2!

^x!received:

2

^!STOP

)

If the boss does not wish to be involved in the choice between different fax numbers, she delegates the choice by hiding the channels send^:

1

^{and send:}

2

, giving complete control over them to the secretary.

SECⁿ

(

^send:

1

^:T[send:

2

^:T

)

The hiding of these events removes them from those communications on which the boss and the secretary have to agree. They are encapsulated within the process SEC, indicating that all participants (in this case just one) have been identified. Although the secretary has complete control over which one to perform, she is still obliged to perform one of them: the boss can expect a receipt. From the point of view of the boss, this choice will now be resolved internally.

After giving a fax to the secretary she has no control over which of the two machines will receive the fax, and will only find out which it was once the receipt is obtained. Observe that if the receipts were indistinguishable (both modelled by the single event receipt) then the boss would have no way of determining which way the choice was made. ²

Example 3.5

In Example 2.13, when a cell Clis waiting to send a message to an adjacent cell, it offers an external choice of all the possibilities. It is willing to send its message to any cell that is ready to receive it, and its environment—the rest of the network and the rest of the world—will determine how the choice is made. Since all cells are always ready to receive messages, the choice is available externally. When the rest of the world is excluded by hiding the communication channels between cells to obtain MAIL SERVICE (pictured in Figure 3.2), the choice must be made internally within the process MAIL SERVICE itself. The environment is not concerned with the routes that messages travel, only with the assurance

that they will arrive. ²

When only one event of an binary external choice is made internal, the process is required to make a choice between performing the internal one autonomously, or waiting for a synchronization on the external one. If its environment is not prepared to engage in the external event, then its responsibility to perform the internal event means that it cannot wait indefinitely for the external one, since this would involve indefinitely delaying the internal event. On the other hand, if the environment is prepared to engage in the external event, then one of two things could happen: either the choice has not yet been made, and the external event can occur and resolve the choice in its favour; or the internal event has already occurred, since the environment cannot prevent it from occurring, and the external event is no longer available.

Example 3.6

A printer queue which can hold one message at a time is described as follows:

PRINTQ

=

ⁱⁿ

?

^x

:

^JOB!

(

^print

!

^x!out

!

^x!PRINTQ

2dequeue^!PRINTQ

)

When a job is queued, it will either be sent to the printer and received as output, or else it could be removed from the queue. The user is not normally involved in the communications between the queue and the printer, so the communications along the print channel will be internal. The process which the user interacts with is

PRINTQⁿprint^:JOB

The user has no control over when the job will be sent to the printer. After inputting a job, it may be possible to dequeue it if it has not yet reached the printer, but the other possibility, entirely outside the control of the user, is that it may already have been sent to the printer and

the option of dequeuing has been withdrawn. ²

Example 3.7

A course of action might be made available for a particular interval, but is then timed out if it has not yet been chosen. Although timed CSP will enable a more precise description of this kind of behaviour, it is possible to analyze it in terms of a timeout event.

In this case a choice is offered between the initial event, and the timeout event. For example, a special offer is available only for a limited period, after which the offer lapses and purchase must then be at the standard rate:

OFFER

= ((

^cheap!STOP

)

²

(

^{lapse!standard!STOP}

))

^nflapseg

The user has no control or influence over when the cheap offer will end, so the timeout event lapse is made internal. It is possible to buy at the cheap price if the offer has not yet lapsed, but it is also possible that the cheap price has been retracted at the point the purchaser is ready

to buy, and that only the standard price is available. ²

Example 3.8

A stop-and-wait protocol which permits its input to be overwritten once if it has not already passed along the mid channel, might be described as follows:

S

2 =

ⁱⁿ

?

^x!

(

^S

2

²

(

^mid

!

^x!ack!S

2))

R

2 =

^mid

?

^y!out

!

^y!ack!R

2

After an input, the sender S

2

is prepared either to pass the input along mid, or to accept another input which displaces the previous one. The receiver R

2

is exactly the same as the original receiver R of Example 3.2. The two halves of the protocol are combined as S

2

^kR

2

^{, and the}

internal channels are hidden:

No documento The CSP Approach (páginas 70-75)