DOCSLIB.ORG

DEPARTMENT of COMPUTER SCIENCE Carneg,E-,Mellon Un

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
DEPARTMENT of COMPUTER SCIENCE Carneg,E-,Mellon Un A MODEL FOR COMMUNICATING SEQUENTIAL PF_OCESSES Stephen D. Brookes DEPARTMENT of COMPUTER SCIENCE Carneg,e-,Mellon Un,vers,ty (7__[J--_ q - _ 2-- _ 4 :_ A MOI)EL FOR COMMUNICATING SEQUENTIAL PROCESSES Stephen D. Brookes Thesis submitted for the degree of Doctor of Philosophy. University College Oxford University January 1983 ABSTRACT This thesis describes tile construction and mathematical properties of a model for communicating sequential processes. We define a semantic model for processes based on failures, which encapsulate certain finite aspects of process behaviour and allow an elegant treatment of nondeterminism. We define a set of process operations, including nondeter- ministic choice, conditional composition, and various forms of' parallel composition. These process operations enjoy many interesting mathematical properties, which allow us to prove many process identities. The failures model is well suited to reasoning about deadlock properties of processes, and some examples are given to illustrate this. The failures model does not treat in a reasonable way the phenomenon of divergence, which occurs when a process performs a potentially infinite sequence of internal actions and never interacts with its environment. We offer an extension of" the model in Chapter 5, which treats divergence more satisfactorily. We also give a complete proof system for proving semantic equivalence of terms. Tile thesis also contains some results on the relationship of these models to other models of processes in the literature, specifically relating to the work of Milner, Kennaway, Hennessy and de Nicola. Chapter 3 gives an alternative formula t;ion of the failures model, a]iowing comparison with Kennaway's work. Chapter 4 uses Milner's synchronis_tion trees as the basis for representing processes. In Chapter 6 we show how links can be established between Kennaway's model, the work of Hennessy and de Nicola, and our failures model; this chapter focusses on modal assertions of various kinds about process behaviour. We show that by varying the class of assertions we can characterise different semantic models. Acknowledgement,_ The author would like to thank Professor C.A.R.1toare, who has been a continuing source of inspiration and encouragement during the development of this work. Many thanks also to Bill Roscoe, with whom 1 have had many fraitful discussions and collaborative results. The other main stimulus to thi,_ work has been the research of Robin Milner and his colleagues at Edinburgh Universit, y. I have benefitted from discussions with Matthew tIennessy, Robin Milner, David ['ark, Bill Rounds, Joe Stoy, and Zhou Chaochen. This research was supported by a grant from the Science and Engineering Research Council of Great Britain. The author is also grateful to the Computer Science Department_ of Carnegie-Mellon University, whose facilities were used in the preparation of this thesis. Thanks to William L. Scherlis for help with the type-setting of the manuscript. Contents Introduction ............ Page 1 Acknowledgements ........... 5 Chapter 1: A Domain of Processes ..... 6 Chapter 2: Process operations ....... 18 Chapter 3: Implementations ..... 75 Chapter 4: Relationship with Milner's CCS . 9{} Chapter 5: A proof system for CSP ..... 108 Chapter 6: Testing processes ........ 12(,t Chapter 7: Some examples ............ 153 Chapter 8: Operational semantics ......... 165 Conclusions ....................... 173 Appendix A: A technical lemma ................ 176 References ........................ 178 Introcluct_on The decreasing cost and diminishing size of powerful computers, and tile opportunities offered in speed and et_ciency by distributed computer systems are encouraging the use of programming languages in which the programmer can make use of concurrency. By allowing a program's task to be distributed when it is not logically necessary for a single processor to perform it, significant gains can be made in efficiency. A job shared by several concurrent processors can be a job halved in execution time. Accordingly, many new programming languages have been proposed over the last few years, each involving a form of parallel construct. One of the most widely known of these languages is C.A.[_:.Hoare's CSP [H1], first published in 1978. In this language input and oatput, i.e., com-- munication between concurrently active processes, was taken as a primi-- tive, much in the way that conventional sequential imperative languages take assignment and sequencing as primitives. The most important feature of CSP was that it emphasised programmer-specified communication between processes and used synchronization as the mechanism for communication. The language, based on Dijkstra's guarded commands, allowed input request,_ to be used in guards, so that communications could direct the process's be-- haviour in a very elegant way. Moreover, a process in CS[' can exhibit non-- deterministic behaviour, notably when attempting to perform a guarded com-- mand in which more than one guard is satisfied. Depending on which guard is chosen in such circumstances the future behaviour of the process and its communication capabilities with other concurrent processes may vary. Thi,3 was all evident in Hoare's paper. Nondeterminacy is often a feature in parallel execution of programs, because one usually wishes to abstract away from the relative speeds of concurrently executing processors. It is well known that programs written in parallel programming languages can sometimes exhibit pathological behaviour. One of the most important examples of undesirable behaviour is called deadlock. A system of processes is said to be deadlocked if none of the processes in the system (assumed to be 1 INTRODUCTION Page 2 operating in parallel) is capable of communicating with any other: nothing can ihappen, typically because no process is able to inake a communication until another has done so. This situation can arise in practice when many processes are competing to share some scarce resource. When writing a program it is often vital to guarantee freedom from deadlock. When using any programming language it is important to know what the syntactic constructs are intended to denote. One cannot understand a program properly and be able to reason effectively about its execution unless one has some sound ideas about the sernantic_ of the language. For conven- tional sequential progralnming languages su(:h as PASCAl,, and the ALGOL family, there is a well-established body of work dealing with semantics. In general, programs here can be taken to denote input-output functions or state transformations, and logical proof systems can be built using Itoare-style assertions or Dijkstra's weakest preconditions. Partial and total correctness arguments or proofs can be given for programs in such languages in a reason.- ably straightforward way. In the case of a parallel programming language the situation is :not nearly so satisfactory. There is, for a start, no general agreement on what class of ma,ther._mtieal entities is suitable for modelling the meaning of programs written in a concurrent language. Even for one language, it is conceivable that more than one reasonable model exists. As remarked above, paralM programming can lead to pathological behaviour, of a kind not occurring with sequential proglams. ]t is important to know to what extent any model for parallel processes satisfactorily captures behavioural[ properties, such as deadlock. Different semantic models often seem to focus on particular classes of properties. For example, an early semantics for CSP, the so-called trace semantics of Hoare, was ideally suited to reasoning about potential com- munication sequences but was insensitive to the possibility of deadlock. This thesis is primarily concerned with the construction of a mathe- matical model of communicating processes and a collection of process opera- tions. The model enjoys a number of interesting and elegant mathematical properties, and seems adequate to serve as a semantic model for languages such as CSP. We investigate ill some detail the properties of our model, proving many process identities and other relations between processes; these results enable us to specify and prove a class of semantic properties of in- dividual processes. Roscoe's thesis [R] contains a detailed account of some general proof techniques applicable to this model; Roscoe has made significant contributions during the development of the model. In Chapter 1 we begin with the definition of a semantic domain for processes over an alphabet E. The elements of E, termed events can be thought INTRODUCTION Page 3 of as communications or other atomic actions. Instead of representing a CSP process as a set of traces, as in the trace model, we use a set of failures. A failure is a generalisation of a trace to include an indication of the potential for deadlock at the next step in execution. There is a natural ordering on failure sets corresponding to the fact that the nondeterminacy of a process is mirrored in its failure set: if one proces_ is more nondeterministic than another, then its failure set should be larger. This order turns the set of processes (identified with failure sets) into a complete semi-lattice. In Chapter 2 we give a denotational semantics to an abstract version of CSP, using the semantic domain just described. As usual in denotational semantics, the meaning of a combination or processes is defined from the meanings of the component processes. In effect, we define a set of opera- tions on processes, each corresponding to a syntactic operation on terms in an abstract language derived from CSP. With one notable exception, these process operations are continuous with respect to the nondeterminism order- ing. Chapter 3 contains an alternative construction of the domain of processes, in which a nondeterministic process is modelled as a set ot' deterministic processes. The basic idea is to identify a p, ocess with its set of possible im- plemenlatior'_s, each implementation being a deterministic process to ,ahich the original process is an approximation. All of the process operations of Chapter 2 can be de[ined in this new formulation.
Load more

Recommended publications
  • Texts in Computer Science
    Texts in Computer Science Editors David Gries Fred B. Schneider For other titles published in this series, go to www.springer.com/series/3191 A.W. Roscoe Understanding Concurrent Systems Prof. A.W. Roscoe Oxford University Computing Laboratory Wolfson Bldg., Parks Road Oxford OX1 3QD UK [email protected] Series Editors David Gries Fred B. Schneider Department of Computer Science Department of Computer Science Upson Hall Upson Hall Cornell University Cornell University Ithaca, NY 14853-7501, USA Ithaca, NY 14853-7501, USA ISSN 1868-0941 e-ISSN 1868-095X ISBN 978-1-84882-257-3 e-ISBN 978-1-84882-258-0 DOI 10.1007/978-1-84882-258-0 Springer London Dordrecht Heidelberg New York British Library Cataloguing in Publication Data A catalogue record for this book is available from the British Library Library of Congress Control Number: 2010936468 © Springer-Verlag London Limited 2010 Apart from any fair dealing for the purposes of research or private study, or criticism or review, as per- mitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form or by any means, with the prior permission in writing of the publish- ers, or in the case of reprographic reproduction in accordance with the terms of licenses issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publishers. The use of registered names, trademarks, etc., in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant laws and regulations and therefore free for general use.
    [Show full text]
  • Actor Model of Computation
    Published in ArXiv http://arxiv.org/abs/1008.1459 Actor Model of Computation Carl Hewitt http://carlhewitt.info This paper is dedicated to Alonzo Church and Dana Scott. The Actor model is a mathematical theory that treats “Actors” as the universal primitives of concurrent digital computation. The model has been used both as a framework for a theoretical understanding of concurrency, and as the theoretical basis for several practical implementations of concurrent systems. Unlike previous models of computation, the Actor model was inspired by physical laws. It was also influenced by the programming languages Lisp, Simula 67 and Smalltalk-72, as well as ideas for Petri Nets, capability-based systems and packet switching. The advent of massive concurrency through client- cloud computing and many-core computer architectures has galvanized interest in the Actor model. An Actor is a computational entity that, in response to a message it receives, can concurrently: send a finite number of messages to other Actors; create a finite number of new Actors; designate the behavior to be used for the next message it receives. There is no assumed order to the above actions and they could be carried out concurrently. In addition two messages sent concurrently can arrive in either order. Decoupling the sender from communications sent was a fundamental advance of the Actor model enabling asynchronous communication and control structures as patterns of passing messages. November 7, 2010 Page 1 of 25 Contents Introduction ............................................................ 3 Fundamental concepts ............................................ 3 Illustrations ............................................................ 3 Modularity thru Direct communication and asynchrony ............................................................. 3 Indeterminacy and Quasi-commutativity ............... 4 Locality and Security ............................................
    [Show full text]
  • Oral History of Sir Antony Hoare
    Oral History of Sir Antony Hoare Interviewed by: Jonathan P. Bowen Recorded: September 8, 2006 Cambridge, United Kingdom CHM Reference number: X3698.2007 © 2006 Computer History Museum Oral History of Sir Antony Hoare Jonathan Bowen: Hello, Tony. Would you like to introduce yourself briefly? Sir Antony Hoare: I’m Tony Hoare, principal researcher at Microsoft Research Limited in Cambridge. Thank you for coming here to talk to me. Bowen: Thank you, Tony. I’m looking forward to our talk together. It would be interesting to know, first of all, how you grew up, and what your mother and father did. Hoare: My father was a colonial civil servant, and my mother was the daughter of a tea planter in Ceylon. She was called out to Ceylon to act as social secretary for my grandfather, and they met in Ceylon, married there, and I was born there. Bowen: And do you have any memories of Ceylon? Hoare: Oh, yes, I have quite vivid memories of going to school there. In those days it was still quite a wild place, and we used to go out to the country -- indeed into the forest -- to see animals and elephants and tigers. Had quite exciting adventures there in the school party. Bowen: And you had brothers and sisters? Hoare: I have two younger brothers and two younger sisters. My second brother was also born in Ceylon. Bowen: And you all got on well together? You were a happy family? Hoare: Oh, yes, in the end anyway. Bowen: Yes, like all families. Yes. Hoare: We still have the opportunity to meet quite frequently.
    [Show full text]
  • Communicating Parallel Processes
    Communicating Parallel Processes Stephen Brookes Abstract Tony Hoare's 1978 paper introducing the programming language Communicating Sequential Processes is now a classic. CSP treated input and output as fundamental programming primitives, and in- cluded a simple form of parallel composition based on synchronized communication. This paper provides an excellent example of Tony's clarity of vision and intuition. The notion of processes is easy to grasp intuitively, provides a natural abstraction of the way many par- allel systems behave, and has an abundance of applications. Ideas from CSP have influenced the design of more recent programming languages such as occam and Ada. Investigations of the semantic foundations of CSP and its successors and derivatives have flourished, bringing forth a variety of mathematical models, each tailored to focus on a particular kind of program behavior. In this paper we re-examine the rationale for some of the original language design decisions, equipped with the benefit of hindsight and the accumulation of two decades of research into programming language semantics. We propose an \ide- alized" version of CSP whose syntax generalizes the original language along familiar lines but whose semantics is based on asynchronous communication and fair parallel execution, in direct contrast with the original language and its main successors. This language permits nested and recursive uses of parallelism, so it is more appropriate for us to refer to Communicating Parallel Processes. We outline a sim- ple semantics for this language and compare its structure with the most prominent models of the synchronous language. Our semantic framework is equally well suited to modelling asynchronous processes, shared-variable programs, and Kahn-style dataflow networks, so that we achieve a unification of paradigms.
    [Show full text]
  • The Theory and Practice of Concurrency A.W. Roscoe
    Contents i The Theory and Practice of Concurrency A.W. Roscoe Published 1997, revised to 2000 and lightly revised to 2005. The original version is in print in April 2005 with Prentice-Hall (Pearson). This version is made available for personal reference only. This version is copyright (c ) Pearson and Bill Roscoe. Contents Preface ix 0 Introduction 1 0.1 Background 1 0.2 Perspective 4 0.3 Tools 7 0.4 What is a communication? 8 I A FOUNDATION COURSE IN CSP 11 1 Fundamental concepts 13 1.1 Fundamental operators 14 1.2 Algebra 29 1.3 The traces model and traces refinement 35 1.4 Tools 48 2 Parallel operators 51 2.1 Synchronous parallel 51 2.2 Alphabetized parallel 55 2.3 Interleaving 65 2.4 Generalized parallel 68 iv Contents 2.5 Parallel composition as conjunction 70 2.6 Tools 74 2.7 Postscript: On alphabets 76 3 Hiding and renaming 77 3.1 Hiding 77 3.2 Renaming and alphabet transformations 86 3.3 A basic guide to failures and divergences 93 3.4 Tools 99 4 Piping and enslavement 101 4.1 Piping 101 4.2 Enslavement 107 4.3 Tools 112 5 Buffers and communication 115 5.1 Pipes and buffers 115 5.2 Buffer tolerance 127 5.3 The alternating bit protocol 130 5.4 Tools 136 5.5 Notes (2005) 137 6 Termination and sequential composition 139 6.1 What is termination? 139 6.2 Distributed termination 143 6.3 Laws 144 6.4 Effects on the traces model 147 6.5 Effects on the failures/divergences model 148 II THEORY 151 7 Operational semantics 153 7.1 A survey of semantic approaches to CSP 153 7.2 Transition systems and state machines 155 Contents v 7.3 Firing rules
    [Show full text]
  • Translating Between Models of Concurrency
    Translating between models of concurrency David Mestel∗ A.W. Roscoe† April 23, 2019 Abstract Hoare’s Communicating Sequential Processes (CSP) [8] admits a rich universe of semantic models closely related to the van Glabbeek spectrum. In this paper we study finite observational models, of which at least six have been identified for CSP, namely traces, stable failures, revivals, ac- ceptances, refusal testing and finite linear observations [20]. We show how to use the recently-introduced priority operator ([21], ch.20) to transform refinement questions in these models into trace refinement (language in- clusion) tests. Furthermore, we are able to generalise this to any (rational) finite observational model. As well as being of theoretical interest, this is of practical significance since the state-of-the-art refinement checking tool FDR4 [5] currently only supports two such models. In particular we study how it is possible to check refinement in a discrete version of the Timed Failures model that supports Timed CSP. 1 Introduction In this paper we re-examine part of the Linear-Time spectrum that forms part of the field of study of van Glabbeek in [31, 30], specifically the part characterised by finite linear observations. A number of different forms of process calculus have been developed for the modeling of concurrent programs, including Hoare’s Communicating Sequential Processes (CSP) [8], Milner’s Calculus of Communicating Systems (CCS) [12], arXiv:1904.09875v1 [cs.FL] 22 Apr 2019 and the π-calculus [13]. Unlike the latter two, CSP’s semantics are traditionally given in behavioural semantic models coarser than bisimulation, normally ones that depend on linear observations only.
    [Show full text]
  • Security and Trust for Ubiquitous Communication
    Security and trust for ubiquitous communication S. Creese Systems Assurance Group, QinetiQ, Malvern Technology Centre, UK G. M. Reed International Institute for Software Technology United Nations University Macau A. W. Roscoe and J. W. Sanders Programming Research Group University of Oxford Oxford, UK Prepared for the ITU WSIS Thematic Meeting on Cybersecurity 28 June – 1 July, 2005, Geneva Switzerland June 15, 2005 1 Abstract In this paper we report on an ethical approach to security and trust in contemporary computing and communication systems and we discuss some of its specific detailed consequences. The approach is that of the principle of distribution, in which control resides as much as possible with the individual rather than in centralised agents. The consequences on which we elaborate here include: the importance of establishing entirely distributed protocols, in particular for the secure and trusted dynamic networking of mobile ICT devices; that in view of their pervasive popularity, cellphones be subject to the same stringent criteria of security and trust as networked computers; the promotion of open-source software to bridge the digital divide and empower developing nations in configuring accepted software in their own languages and to their own needs. We report on the United Kingdom’s Department of Trade and Industry’s FOR- WARD program concerning security and trust in human-centric systems and on the United Nations University’s International Institute for Software Technology’s recent Open Computing Initiative, and end by raising some pertinent questions. 2 Introduction 1. We live in an age in which information and communications technologies span the globe, providing users with mobile and real-time access to information, services and each other.
    [Show full text]
  • Communicating Parallel Processes Stephen Brookes 2
    Communicating Parallel Processes Stephen Brookes 2 Abstract Tony Hoare’s 1978 paper introducing the programming language Communicating Sequential Processes is now a classic. CSP treated input and output as fundamen- tal programming primitives, and included a simple form of parallel composition based on synchronized communication. This paper provides an excellent example of Tony’s clarity of vision and intuition. The notion of processes is easy to grasp intuitively, provides a natural abstraction of the way many parallel systems behave, and has an abundance of applications. Ideas from CSP have influenced the design of more recent programming languages such as occam and Ada. Investigations of the semantic foundations of CSP and its successors and derivatives have flourished, bringing forth a variety of mathematical models, each tailored to focus on a par- ticular kind of program behavior. In this paper we re-examine the rationale for some of the original language design decisions, equipped with the benefit of hind- sight and the accumulation of two decades of research into programming language semantics. We propose an “idealized” version of CSP whose syntax generalizes the original language along familiar lines but whose semantics is based on asyn- chronous communication and fair parallel execution, in direct contrast with the original language and its main successors. This language permits nested and recur- sive uses of parallelism, so it is more appropriate for us to refer to Communicating Parallel Processes. We outline a simple semantics for this language and compare its structure with the most prominent models of the synchronous language. Our semantic framework is equally well suited to modelling asynchronous processes, shared-variable programs, and Kahn-style dataflow networks, so that we achieve a unification of paradigms.
    [Show full text]
  • Discrete Analysis of Continuous Behaviour in Real-Time Concurrent Systems
    Discrete Analysis of Continuous Behaviour in Real-Time Concurrent Systems Jo¨el Ouaknine St Cross College and University College Thesis submitted for the degree of Doctor of Philosophy at the University of Oxford, Michaelmas 2000 Discrete Analysis of Continuous Behaviour in Real-Time Concurrent Systems Jo¨el Ouaknine Thesis submitted for the degree of Doctor of Philosophy at the University of Oxford, Michaelmas 2000 Abstract This thesis concerns the relationship between continuous and discrete mod- elling paradigms for timed concurrent systems, and the exploitation of this relationship towards applications, in particular model checking. The frame- work we have chosen is Reed and Roscoe's process algebra Timed CSP, in which semantic issues can be examined from both a denotational and an operational perspective. The continuous-time model we use is the timed fail- ures model; on the discrete-time side, we build a suitable model in a CSP-like setting by incorporating a distinguished tock event to model the passage of time. We study the connections between these two models and show that our framework can be used to verify certain specifications on continuous-time processes, by building upon and extending results of Henzinger, Manna, and Pnueli's. Moreover, this verification can in many cases be carried out directly on the model checker FDR1. Results are illustrated with a small railway level crossing case study. We also construct a second, more sophisticated discrete- time model which reflects continuous behaviour in a manner more consistent with one's intuition, and show that our results carry over this second model as well.
    [Show full text]