Syntax independent descriptions of message and state dependent behaviors

degregat · February 6, 2025, 5:52pm

Behavioral commitments

To maximize optionality in implementation, we should define the behavioral commitments over messages that make up the protocol in ways that minimize syntactic assumptions.
We have defined a set of primitive data types to be used for message definitions. This post contains a proposal on how to specify the behaviors.

Defining a behavior

A behavioral definition for a stateful entity (e.g. an agent, engine or process) should consist of the following two descriptions, conceptually separated:

Necessary preconditions a message needs to fulfill for the behavior to be applied. This needs to be defined only in terms of the message.
What a valid state transition implementing the behavior looks like. This can take the message and entity state as an argument and send new messages.

This distinction is induced by physics: State is local to entities, but message properties can be evaluated at any time, when a message is available.

These behavioral definitions should only concern anything externally observable, i.e. which messages are sent depending on messages received, with any internal details (e.g. optimizations, language specific representation, syntax) being left up to choice of the implementor.

Any structure that is not directly relevant to a behavior can be considered opaque

When to decompose behaviors

Behaviors will be organized in sets corresponding to certain roles in, or layers of, the protocol. To separate behaviors and increase optionality in composition, messages over which behaviors are defined should be independent from messages over which other behaviors are defined.

Generally behaviors can be (de-)composed arbitrarily. Choices about the scope of inclusion into one behavior should be made according to what level of independence of the components seems desirable. Some rules of thumb:

Generalization should be motivated by requirements of the system, or optionality desirable from an application perspective, not an end in itself.
If a complex behavior can be decomposed into simpler components with straightforward composition, then decomposing it might be a good choice. If the composition is harder to analyze than the initial complex object, then it schould not be decomposed.
If the decomposition requires assumptions that can not be justified by the underlying structure, it can mislead by introducing virtual structure that can easily be collapsed by defecting parties.

Composing behaviors

Composition can happen in different ways, for example:

Messages output by one behavior are used as inputs for another.
Messages can contain opaque bytestrings, which handed to another behavior which performs introspection. This can happen via local calls, or the bytestring can be treated as a message to be relayed.

Remarks

Agent interaction with a node can be modelled in the form of messages.
Introspection through all layers of a message, or taking into account local state of all colocated components is possible in practice and can be used for optimization purposes, but it should not be required. The externally observable behavior of the entity (or composed behavior) should not differ from the case where internal separation is preserved.

graphomath · February 7, 2025, 4:14pm

note This post is spelling out some detail, which I would like to be sure to be clear and visible.

Let’s recall a previous related statement, which I find quite helpful^[1]

I assume that we here are mainly concerned with the second category, i.e., the category including access to internal state.^[2] In this second category, a good existing abstraction that we have been using as references are Mealy Machines, which can be succinctly described^[3] as follows:

I am not claiming that every behaviour is just a Mealy machine (and that would probably be “wrong”, but let us not jump ahead), but it is a great example of how we can be independent from syntax and/or implementation. Now, this remark is meant to make clear that Mealy machines are not the definition we are currently working on; with that being said, let us come back to the desiderata of a behavioural definition.

For the example of Mealy Machines as defined above, the set of input symbols A consists of the messages that satisfy the ‘necessary preconditions a message needs to fulfill for the behavior to be applied’, which I would simply call well-formed messages. Now, that covers how the first bullet looks like if applied to the example of Mealy Machines.

Now, for the valid state transition(s) that implement behaviour, in the case of Mealy Machines, behaviour is deterministic, namely, borrowing Moore’s words^[4],

the present state of a machine depends only on its previous input and previous state, and the present output depends only on the present state [and the input].

So, the set B of a Mealy machine can be chosen to be requests for sending messages.^[5] So much for the “obvious” observations that deserve to be written up.

Now for the interesting point: in the above description of desiderata for a definition, we see the indefinite article used: ‘a valid state transition …’. This looks suspiciously like non-determinism, as written elsewhere: instead of a Mealy Machine, we rather want (a specification of)

So, the (pseudo-)non-determinism that we want—beware, that’s a claim—is actually due to some agent or other “decision device” that is affecting the choice of the actual state transitions (as sketched here): in short, we simply ask the local agent or poll an input device to make a choice (and require a default choice in the case of timeouts).^[6]

TL;DR

All this to say, we may want to be as deterministic as possible, which is achievable if in situations where we have several possible state transitions based on current input and state, an “explicit choice” is made by a user or hardware, e.g., TRNGs.

… to avoid ambiguities, given the name clash with the description of behaviour of a state in a Kripke model: “Bisimulation is intended to characterize states in Kripke models with ‘the same behaviour’”. ↩︎
If we were to speak about co-algebras, this means, behaviours with access to internal state are the co-algebras themselves, and we are just trying to find a natural language description. ↩︎
… in slightly generalized form … ↩︎
Note that this quote is about Moore machines … I just don’t have a quote for Mealy machines with such succinct wording. ↩︎
See also [Communicating finite-state machine - Wikipedia]. ↩︎
The point is, we do not want to get into the land of different flavours of non-determinism; we prefer to have determinism as much as possible. ↩︎

graphomath · February 7, 2025, 4:17pm

However, in the case of a local interaction, synchronous poll for inputs seem a good option, in particular if we want to have read access to a slow disk or similar device. That’s in any case what is cooking in the corner of the research lab.

degregat · February 10, 2025, 11:14am

This is not a contradiction: For this message, the router could pick a local call instead of a network transport.

Topic		Replies	Views
Abstract intent machine model Protocol Design	7	307	November 27, 2023
Protocols as composed games Protocol Design	4	66	January 30, 2025
Engine composition: abstract/concrete _and_ synchronous/asynchronous Protocol Design	0	105	November 21, 2023
Behavioural properties in the Anoma specs Protocol Design	0	113	December 20, 2023
Intent Machines: Composition and Components Protocol Design	1	234	August 18, 2023