Submodule Construction as Equation Solving in CCS

A method for solving CCS equations of type (AIX)\L ~ B, where X is unknown, is presented. The method is useful in a top-down design methodology: if a system (B) and some of its submodules (.4) axe specified, solving such an equation amounts to constructing the missing submodules. The method works by successively transforming equations into simpler equations, in parallel with generation of a solution. It has been implemented as a semi-automatic program, which has been applied to the generation of receivers of two Mternating-bit protocols. 1 I n t r o d u c t i o n One of the most important and difficult fields in computer science is to develop methods for construction of complex systems. Most design methodologies rely on rnocIularization: systems are partitioned into sets of submodules, and each submodule is given a specification. These specifications contain sufficient information for combining the modules. Thus, implementation details can be disregarded in most stages of the design. In this paper, we will consider the particular problem of designing systems composed of several nondeterministic modules executing in parallel. As an example, consider a communication protocol, where the submodules are a sender, a receiver, and a medium. In IMB83], Merlin and Bochmann observe that when all but one of the submodules have been specified, a specification of the remaining module can be derived automatically. For example, when the sender and medium have been specified, the specification of the receiver can be deduced. One limitation in [MB83] is that specifications are expressed in terms of execution sequences. This means that they do not contain enough information to determine some aspects, e.g. deadlock potentials, of the behaviour of the system. Thus, a receiver satisfying the automatically generated specification may cause deadlocks. Our contribution in this paper is to apply the ideas in [MB83] to a more refined specification method, namely Milner's Calculus of Communicating Systems (CCS, see e.g. [Mil80]). Specifications are in CCS called agents, and there is a notion of observation equivalence, written ~-., between agents. Essentially, two agents are observation equivalent if they can not be distinguished by an external observer. This equivalence is more discriminating than comparing execution sequences; in particular it is sensitive to deadlock potentials. There is also a formal syntax for combining agents: a system composed of agents A1, A2, . . . , An executing in parallel and communicating over channels L is written (A1]A~I"" IA,)\L In a top-down design methodology, the designer starts with an agent, call it B, representing the behaviour of the whole system to be constructed. He divides the system into n modules, *On leave from the Swedish Institute of Computer Science, Stockholm, Sweden