'. rECHNION - Israel Institute ot Technology Computer Science Dep~rtment ,A.WEAKEST PRECO~DITION SEMANTICS FOR eOMMUNICATING PROCESSES by Tzilla Elrad ~nd Nissim Francez Technical .Report #244 May '1982 Technion - Computer Science Department - Technical Report CS0244 - 1982 - -.., ...... A WEAKEST PRECONDITION SEMANTICS' FOR "'.... Cm~MUNI,CAtIN'G PROCESSES (~) by TZil-lei El-rad(H and Nissim ~ranceL(2} nept. of Compu~er Science Technion - Israel Institute df Technology Haifa 32000, Israel -5Uftt1ARY Aweakest precondition semantics for communicating processes is presented, bas~d on a centr~lized one level approach. Semantic equa­ tions are given for the CSP constructs and th€1r continuity i$ proved. The 'representation of various operation9-'l con<;:epts, i.ncluding delay, is discussed. S~~eral examples bf appiying ~he rules ~re gi~en. Key Words and Concepts: Weakes t preconditi on, semanti cs, communi cati:ng processes, di stri I;>uted· 'programming, nonde~erminism, termination, deadlock. CR Categories: 5.24,4.32. (1) The work of the first author was supportep by NSf grant MCS~80-l7577. (2) The.work of the second author wa~ supported By a grant by IBM-Israel. Technion - Computer(*) A Science preliminary Department version - Technical of Report thist CS0244 paper -was 1982 pre~ented i'n the 5th Inter­ national Confer.ence on ProgrammJng, Torino, Apri' 198~. 1 ... 1. INTRODUCTION The 'mportance of the axiomatic approach to Tormal definixlons ;)­ of the semantics of 1anguages for conc~rrent programming js by 'now \:lidely' reco~nized:[OG, AfR , FS, LS, >LG]. 1fie purpose of~thi.s paper is to im"~stig.ate th"e use of WP (Weakest • 1 Pr~condi~ion) semantics as a tpol for th~ f~rmal definition of the semantics of languages for concurrent and'distributed pro~ramming. As far as we know, all th~ ~revious attempts ~o ~se ~P s~maht{cs were by means of redustion to sequential ~ondeterminjsm· [LS, FSJ. " Here we aim at a direct conc.urrent semantics, preserving the processes st~uctur.e of the program. Due to recent deve'loPfl1ents in the technoJogy Of micro-processors" there is an increasin~"·trend towar~s th,e use qf- langua~es suppor.tirrg d~stributed activi"ty involving, communjc~t;"ort;, e.g. CSR ~H.J, puts [FE], 13i stri bLrted Processes tBH] and" recent'lY, ADA [A,DA}. As a m~del langqagefor our inv~stig~tion, ~SP 'has been crosen. Thi s 1anguate (and t~e"rJ1o,de 1 of concurrency on whi ch it, i's lrased) alr'eady haye be.en, given other formal definition,sC[FHLR], EFLP]., [CH], ,[AF"R'], [CC"J, [CM]" [LG]" [PJ) anq attracte,d c6nsider~ble attention. An impo~tant Teatu~e of CSP is its emphasis on terminating ·con­ ... ~ ~ " current ~r.og~ams, as o.pposed" t9 [M~] or [M1], for exa~ple, where non­ termfnation is the rul,e.. Th"is fits nicel.¥With the 'use ofWP.ythich al so ernphas i zes ter.mination..· 10 the denQta:l:i ana1 semar'iti cs already, gi ven, for' CSP [FHLRJ, rFLP], [CC'] , as well ~s in the various proof rules' {Q.r partial 90rrectness, no attempt' was mgde :to character-he" pio\ler'ly te.rmi natifJg programs. • >"" • We show that properties like freedom o{deadlocks are aJso.n?tlJrally Technion - Computer Science Department - Technical Report CS0244 - 1982 reflected, 'in" a WP semantj cs 2 Some aspect~ of CSP which need to be clarified by formal defini­ tion of their semaDtics,. are~ a) Stress on simultaneity rather than on mutual excluSion as the synchronization means. b} The function of the 'communication pr{mitfv~s "of i~p.ut and output (traditionally ~ribwn as sepd and receiye) a~ a tho,i cE! mechani sm and repetition control mechanism. This is an extens'ion of Oijkstra's guarded commands l~nguage [oj allowing two kind~ of non-deterministic resolutions: local (\~'i..thj.n a process) anp global, (among several processes). c} The distributed terminatio~ convention, 'by means of which the "),1) r • - ( to.. "jI ;.~ global property of terminati"On (depending on the slate. of the ! ..... j.... ""~a' who le iJrogram) fs di s tri b'ute'd to- .th~ y,ar~ous processes. By thi>s ri I (, .~ ') '. "'l, f~ (,,; t 1 conven't'ron ~ pro'c~s wi'" ei ther t'ermi nate by itse"{ or its term- ~iJ1' b~e i~~duced' com~ i n;tYon' by other >pro.cesses with whf<;l'\ i t • .. .., t'l" ~l"~ ••1 mum c.,s. :.~.. " , . t ... ,~\' t However; in· view of ~e 1TIWlY semantit deffuitions of CSp a~readY PUbf~h~d tonl~-s~e of which ~ave.be~n referreq to above), one could '~ifk a natural question~ why is another semantic definition, " though using a method not appliep. sofar, needed? To justify the definition $uggested here·, we. would like to draw attention to the ~ following phenomenon: 1, ~. , In priniciple,one -Can envisage two approaGh~s .to.,attributing a , semantics to lang~age for concurrent programs. According to the One app.ro~. some a priori .sema~ti cs ; s attributed sep arately to each p~oc~s~~.and then tho~e meanlhgs are bound to~~ther to, yield the .. semant~cs of the~Kole progr,am. This approa~h was used in [FHLR], Technion - Computer Science Department - Technical Report CS0244 - 1982 and '[MIJ~ [M ] and in the denotational setting and in [OG] , ______....... .!. "1 ~_r __ .:.. •. a .• 3 In: previous attempts by Apt, de Ro~ver and 'Francez CVnpublished) this approach was t~ied in P WP setting, and ca~se~ the use of complicated states involvi'ng histories. I'n order to"appreciate the .'difficulty in\lolv,ed~ consider- tfre following situation: from a. given state "(J., in process Pi' two ,possible cOQtinuations, are possible. The one Pl"Qc~ss, involves a communicatlon with a second say, Pj , and jf it happens leads to a railing c·omputation. The second involves a cOlTl1]unica-' ~ tion wi"th a thi rd profess ,Sgy Pk, whJ ch 1eads. to successful termination-. )V\ communication , communication w~ th ~i', ~th P'R .... ( success, ) '. Now~ the question aris~s, should the state a be, included in the weakes.t precondjtion of Pi? If it js includea, then the envir.onment may choose the Ilbad" communic'ation', whi.ch makes the choice ..wrong,.. If it is exc)uded, again the en vi r6nment may. decide on tbe IgoyQd" communi~<!'tion., again making '. 'the choice wrong: The concl usiOn -is, t~at ttfe '(simple) state~oes no~ c6nt~.i n enough information to faCi,litate' a defipition .of WP.of a single process, and '" extension~ of the state, to in~Jude cOlJ1!1unication histories (or fu1;ures) are needed. Even with such e,<tensions, a proper weake'sl precondition: semantics for a singie process could not 'ge. found, s~nce any such s~ant­ ics recoYlds only positi-ve information about succes~flJl computations, and :di s regards unsuccessful paths, whi ch sti 11 may" match with pnottier' process I fatl iog ,path an,d. th.~is create' a global fai l'ure. Technion - Computer Science Department - Technical Report CS0244 - 1982 4 -Here' we have chosen the· Second approacl1, where a central i z,ed semantics is given directly to the whole;p~ogram, thereby avoiding the consideration of·histQries as part of'th~ state but. paying the price of givjng up full i~auct;on on the'syntax of the program. We would like- to pose the problem of devising a two-levelled WP-semantics for CSP asa challen~e to researchers in semal1tics: is it inherently impossible (as believed>by Oijkst~a [priva,te communicationJ)or just needs some new insight, missed in Ilrevjous .attemp"ts?) " Technion - Computer Science Department - Technical Report CS0244 - 1982 5. I1. TH~ SEMANTI C E.QUATIONS ~e start with some preliminaries: L"et P::[P11I ~ •. IIP-iIL ..• I~Pn] be a program with (var.i,able disjoint} common.icating'·processes Pi' i=l , ...-,n. The symbo"l 1/11" denotes concurrent cOmposition. We refer the reader unfamiJiar with SCP to [+l] for 9-n ;nfo'rma'l and detalled.. description of the 1ang'uage. Let Q be a oredicate over the disjoint union of all "" I~, .~ the (local) states of the. pi1s, to be called the global state~ We denote by It an..empty "process (with no instructlons). We assume P~, P~ that each non-emptv,- proce?is is structured- as' p.:1 :5.;l' with , possibly It. ~Je call P~ the rest of process P'i' and it has' a l1)ajor'signific­ ance in ·the definitio.n of the "rest of the (whole~ program", a central concept in w~at follows. We denote by S~Q all non-empty sequenti&l program sections, i.e. those sections which contain no communication commands. We assume WP[S,Q] as known .[DJ fol" S E SEQ. We denote by ~F all g~ard~d selection s~ateme~ts. For notational convenience, we shall as~um~ that each guar.d ~ has two compon~nts: a boolean component b (we take b 5 true if it ~s no~ includ~d) and a comrnunicati'on component s; (we take', by conv~ntion, c = skip, in case it . ;s not i.ncl uded [LG]). Thus, if S'i E IF, has the form l " ·[b·l. c -+ .S i",' j T1, c c n· n. n. b.'. ' c., , -+ T',• ]. Also, DO denotes the'set of all repetitive statements. A subscript •. in a statement denotes the index· of ~he pr9ces~ to which the statement Technion - Computer Science Department - Technical Report CS0244 - 1982 belongs.