# Value Passing

## Contents

# Value Passing¶

This document specifies the JANI feature *x-momba-value-passing* which extends the *JANI model interchange format* (JANI-model) with *value passing* via synchronization inspired by LOTOS.
In principle, JANI-model already allows for efficient value passing via transient global variables [BDHHJT17]_.
While perfectly adequate for model checking purposes, this approach to value passing has two shortcomings:
(1) it restricts compositionality by not allowing two instances of the same automaton to participate in a synchronization while passing values over the same global variables and
(2) it does not allow one to reason about an automaton solely on the basis of its observable behavior in terms of actions.
Thus, we extend JANI-model with a feature for explicit value passing.

This document is structured as follows: after presenting the general idea informally, we proceed by specifying the necessary syntactic extensions to the JSON-schema of JANI-model. Subsequently, we describe the static and dynamic semantics of the extension.

## General Idea¶

The intuitive idea is to extend actions with *parameters* giving rise to *action schemas*.
An *action schema* :math:`\alpha(\tau_1, \ldots, \tau_n)`

consists of a name :math:`\alpha`

and a list of parameter types :math:`\tau_i`

.
A concrete action :math:`\alpha(\nu_1, \ldots, \nu_n)`

, then, consists of a name :math:`\alpha`

uniquely identifying an action schema :math:`\alpha(\tau_1, \ldots, \tau_n)`

and *arguments* :math:`\nu_i`

such that each :math:`\nu_i`

has a type which is assignable to :math:`\tau_i`

.

An *action pattern* :math:`\alpha(x_1, \ldots, x_n)`

consists of a name :math:`\alpha`

uniquely identifying an action schema :math:`\alpha(\tau_1, \ldots, \tau_n)`

and identifiers :math:`x_i`

.
The `action`

fields of an edge now becomes an action pattern and the corresponding identifiers are available in the guard and for assignments.

Each edge with an action pattern introduces a new *edge scope* in which the guard and all expressions occurring in a destination specification are evaluated.

A synchronization vector has the form :math:`\langle p_1, \ldots, p_m\rangle \to p`

where all :math:`p`

s are action patterns.

Generally, we allow identifiers to occur multiple times if they have the same time. We replace all except one of the occurances with different identifiers and add an assertion that they are all equal.

## Syntactical Extension¶

We extend the each action declaration of the `actions`

field in `Model`

with an optional field `parameters`

:

.. code-block:: javascript

```
{
"name": Identifier,
"?parameters": Array.of({
"type": Type,
"?comment": String
}),
"?comment": String
}
```

We extend the `action`

fields of an `edge`

with:

.. code-block:: javascript

```
var ActionPattern = schema([
Identifier,
{
"name": Identifier,
"?identifiers": Array.of([
Identifier
])
}
])
```

We extend a synchronization vector as follows:

.. code-block:: javascript

```
{
"synchronise": Array.of([ActionPattern, null])
"?result": ActionPattern,
"?condition": Expression,
"?comment": String
}
```

## Static Semantics¶

If there are no parameters in place, then we do not care.

If there are parameters, the number of arguments for an action pattern and the number of parameters of the respective action type has to be identical.

Within an edge, the following has to hold: For each argument, if the respective parameter has “READ” direction, the argument is an identifier, otherwise, it is an arbitrary expression. Each identifier must occur at most once as “READ” direction argument.

For each synchronization vector, for each pattern in the vector: For each argument, if the respective parameter has “WRITE” direction, the argument is an identifier, otherwise, it is an arbitrary expression.
Within each synchronization vector, each identifier must occur at most once as “WRITE” direction argument.
For the `result`

fields this is reversed.

Scoping: An action pattern introduces a new scope.

Within an edge: Identifiers occurring as “READ” direction arguments can be used and contain a value of the respective parameter type for expressions in destinations and the `guard`

field.

Within a synchronization vector: Identifiers occurring as “WRITE” direction arguments can be used and contain a value of the respective type for expressions occurring in “READ” direction argument respectively “WRITE” direction arguments in the resulting action.

Expressions occurring in `WRITE`

-parameters must not contain any sampling expressions. They may, however, contain the `nondet`

operator as specified in JANI feature *nondet-selection*.

## Dynamic Semantics¶

As the guard may refer identifiers bound in the action pattern, we consider possible synchronization actions before evaluating the guard.

The semantics are as follows:

For all automata the expressions occurring in

`WRITE`

direction arguments are evaluated.Those values are bound to the respective identifiers in the synchronization vector.

The condition of the synchronization is evaluated. If it evaluates to false, the respective actions are not possible, if it evaluates to true, we proceed.

The expressions in the

`READ`

direction arguments in the synchronization vector are evaluated.The results of those evaluations are bound to the respective identifiers in the pattern for each automata.

The

`guard`

of each of those actions is evaluated with those values.If all guards evaluate to

`true`

then the automata atomically take the respective edges together. The values bound to the identifiers in the automata are available for the assignments and probabilities for each destination. The assignments are resolved as usually using their indices.

.. [BDHHJT17] Carlos E. Budde, Christian Dehnert, Ernst Moritz Hahn, Arnd Hartmanns, Sebastian Junges, and Andrea Turrini: JANI: Quantitative Model and Tool Interaction. TACAS (2) 2017: 151-168