Communicating Parallel Processes. Stephen Brookes

Similar documents
Trace semantics: towards a unification of parallel paradigms Stephen Brookes. Department of Computer Science Carnegie Mellon University

Deconstructing CCS and CSP Asynchronous Communication, Fairness, and Full Abstraction

Shared-Variable Concurrency

A Brief History of Shared memory C M U

Review of The π-calculus: A Theory of Mobile Processes

The State Explosion Problem

Communication and Concurrency: CCS

Communication and Concurrency: CCS. R. Milner, A Calculus of Communicating Systems, 1980

Models of Concurrency

Decentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication

1 Introduction. 1.1 The Problem Domain. Self-Stablization UC Davis Earl Barr. Lecture 1 Introduction Winter 2007

Trace Refinement of π-calculus Processes

A Denotational Semantic Theory of Concurrent Systems

Design and Analysis of Distributed Interacting Systems

arxiv: v1 [cs.dc] 3 Oct 2011

The Underlying Semantics of Transition Systems

Automatic Synthesis of Distributed Protocols

Specifying and Analysing Networks of Processes in CSP T (or In Search of Associativity)

Design of Distributed Systems Melinda Tóth, Zoltán Horváth

Compositional Abstractions for Interacting Processes

Bounded Stacks, Bags and Queues

Coinductive big-step semantics and Hoare logics for nontermination

Implementation of the stable revivals model in CSP-Prover

A Modern Mathematical Theory of Co-operating State Machines

Timo Latvala. March 7, 2004

A Characterization of Regular Expressions under Bisimulation

Bounded Retransmission in Event-B CSP: a Case Study

Trace-based Process Algebras for Real-Time Probabilistic Systems

A Timed Model of Circus with the Reactive Design Miracle

A semantics for concurrent separation logic

A Thread Algebra with Multi-level Strategic Interleaving

Classical Program Logics: Hoare Logic, Weakest Liberal Preconditions

Hoare Logic (I): Axiomatic Semantics and Program Correctness

Unifying Theories of Programming

Structure Preserving Bisimilarity,

Computer-Aided Program Design

Liveness of Communicating Transactions

Circus Time with Reactive Designs

Automata-Theoretic Model Checking of Reactive Systems

An introduction to process calculi: Calculus of Communicating Systems (CCS)

Programming Language Concepts, CS2104 Lecture 3

Introduction to Formal Verification Methods Exercise 4

arxiv: v1 [cs.pl] 12 Feb 2017

Decentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication 1

Formal Methods for Probabilistic Systems

A Humble Introduction to DIJKSTRA S A A DISCIPLINE OF PROGRAMMING

Chapter 3: Linear temporal logic

Full abstraction without synchronization primitives

Lecture Notes on Inductive Definitions

Denotational semantics

Chapter 5: Linear Temporal Logic

Laws of Parallel Synchronised Termination

Oce National d' Etudes. et de Recherches Aerospatiales. Centre d' Etudes et de Recherche de l' Ecole Nationale Superieure

A MODEL OF COOPERATIVE THREADS

G54FOP: Lecture 17 & 18 Denotational Semantics and Domain Theory III & IV

Semantics and Verification

Overview. overview / 357

Algebraic Trace Theory

The Las-Vegas Processor Identity Problem (How and When to Be Unique)

Lecture Notes on Inductive Definitions

Synchronous Reactive Systems

Logic Model Checking

Models for Concurrency

A UTP Semantics for Communicating Processes with Shared Variables

Formal Methods for Specifying and Verifying Distributed Algorithms Process Algebra vs I/O Automata

Temporal logics and explicit-state model checking. Pierre Wolper Université de Liège

Failure Diagnosis of Discrete Event Systems With Linear-Time Temporal Logic Specifications

Causal Dataflow Analysis for Concurrent Programs

Shared Memory vs Message Passing

Algebraic Trace Theory

Combining CTL, Trace Theory and Timing Models

Static Program Analysis

We are going to discuss what it means for a sequence to converge in three stages: First, we define what it means for a sequence to converge to zero

Communicating and Mobile Systems

Using the Principles of Synchronous Languages in Discrete-event and Continuous-time Models

Computation Tree Logic

From CCS to Hybrid π via baby steps. Bill Rounds CSE, U of Michigan

Hoare Logic: Reasoning About Imperative Programs

Chapter 4: Computation tree logic

Iris: Higher-Order Concurrent Separation Logic. Lecture 9: Concurrency Intro and Invariants

Programming Languages and Compilers (CS 421)

Program verification. Hoare triples. Assertional semantics (cont) Example: Semantics of assignment. Assertional semantics of a program

ROBUST & SPECULATIVE BYZANTINE RANDOMIZED CONSENSUS WITH CONSTANT TIME COMPLEXITY IN NORMAL CONDITIONS

Trace- and Failure-Based Semantics for Responsiveness

Component-Based Construction of Deadlock-Free Systems

7. Queueing Systems. 8. Petri nets vs. State Automata

Bilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft)

Blocking Synchronization: Streams Vijay Saraswat (Dec 10, 2012)

A Tutorial Introduction to CSP in Unifying Theories of Programming

Coinductive big-step operational semantics

Their proof is rather lengthy and hard to grasp; it ultimately relies on showing a periodicity for any transition graph generated from normed context-

Modeling Concurrent Systems

States and Actions: An Automata-theoretic Model of Objects

The Journal of Logic and Algebraic Programming

Denotational Semantics of Mobility in Unifying Theories of Programming (UTP)

Valency Arguments CHAPTER7

Concurrency theory. proof-techniques for syncronous and asynchronous pi-calculus. Francesco Zappa Nardelli. INRIA Rocquencourt, MOSCOVA research team

Verifying Randomized Distributed Algorithms with PRISM

Duration Calculus of Weakly Monotonic Time

BRICS. Finite Equational Bases in Process Algebra: Results and Open Questions

Transcription:

Communicating Parallel Processes Stephen Brookes Carnegie Mellon University Deconstructing CSP 1

CSP sequential processes input and output as primitives named parallel composition synchronized communication generalized guarded commands Communicating Sequential Processes, CACM, 1978 2

Parallel composition [π 1 ::P 1 π n ::P n ] disjoint processes P i distinct process names π i π j?x in P i matches π i!e in P j Guarded commands if (g 1 P 1 ) (g k P k ) fi do (g 1 P 1 ) (g k P k ) od input guards: b π?x b π j?x in π i is true when b holds and π j is at a matching output input-guarded conditional waits for match 3

Contrasts shared-memory (Dijkstra 68) cooperating sequential processes no input-output global state conditional critical regions dataflow networks (Kahn/MacQueen 77) asynchronous communication deterministic, CSP-like syntax fair execution Despite common roots, these paradigms have grown apart from CSP 4

Design issues Communication vs. assignment Limited parallelism Naming and scope Synchronous vs. asynchronous Fairness Extending CSP procedures objects 5

Communication vs. assignment Regarded as independent concepts communication affects environment assignment affects local state Semantic models reflect this separation traces, refusals, failures local state change Nevertheless it can be advantageous to blur the distinction... 6

Limited parallelism No nesting of parallel constructs static network topology need n-ary parallel operators Naming and scope Explicit process names cause library problem Awkward scope rules: [π 1 ::[σ 1 ::P 11 σ 2 ::P 12 ] π 2 ::P 2 ] How do π 1 and π 2 communicate? Hard to formulate associativity law Solution Plotkin: decouple name binding 1983 Hoare: named channels, hiding operator TCSP, occam 7

TCSP Process algebra based on CSP (cf. Milner s CCS, 1982) Channel-based events h?v input h!v output Processes, alphabets P Q external choice P Q internal choice a P prefix P Q parallel composition P \a hiding Algebraic laws (P Q) R = (P R) (Q R) A theory of communicating sequential processes, HBR 81, J. ACM, 1984 8

Synchrony vs. asynchrony Synchronous communication input or output waits until a match is ready Asynchronous communication output always proceeds input only waits if no output available CSP assumed synchrony Equally reasonable to assume asynchrony 9

Why synchrony? easy to implement... (?) simple models Why not asynchrony? less realistic to implement can readily be specified Reassessment asynchrony is easier to implement asynchrony is more realistic synchronization can readily be specified simplicity is misleading ignores fairness hard to generalize 10

Fairness Want to abstract away from scheduler Assume that processes are executed without unreasonable delay Pragmatically important every reasonable scheduler is fair vital for liveness properties Semantically awkward hard to model with powerdomains A plethora of fairness notions (strong, weak) process fairness (strong, weak) channel fairness unconditional Γ-extreme fairness... 11

Strong vs. weak A scheduler is strongly fair if every process enabled infinitely often will run eventually A scheduler is weakly fair if every process enabled persistently will run eventually For shared-variable programs weak fairness is reasonable (Park, 80) For synchronous processes weak fairness is reasonable but not very useful enabledness is not local Strong fairness is not realistic too much book-keeping (Older, 96) For asynchronous processes weak fairness is both reasonable and useful 12

Example a!0 n:=0; go:=true; do (go a?x go:=false) (go n:=n + 1) od It would be unfair to keep executing the second alternative..., since this would keep ignoring the potential for synchronized communication between the two processes, which could have been performed on an infinite number of occasions. An efficient implementation should try to be reasonably fair... and should ensure that an output command is not delayed unreasonably often after it first becomes executable. 13

What s fair? Such an execution is not strongly fair, but weakly fair. Assuming strong fairness the program terminates with n 0. Assuming weak fairness the program may also diverge. CSP isn t fair Should a programming language definition specify that an implementation must be fair? i.e. strongly fair Hoare was fairly sure that the answer is NO : unbounded non-determinism strong fairness isn t realistic But we shouldn t dismiss weak fairness. 14

Deadlock P = if (true a?x) (true b?x) fi Q = if (a?x skip) (b?x skip) fi P \a may deadlock, Q\a cannot Divergence R = [ do (a?x skip) od do (true a!0) od]\a R = [ do (a?x skip) (in?y out!y) od do (true a!0) od]\a R must diverge, R may diverge 15

Models of TCSP traces (H, 1980) communication sequences P = Q failures (HBR, 1981) traces, refusals P Q failures/divergences (BR, 1982) traces, refusals, divergences divergence is catastrophic R = R, P Q stable failures traces, stable refusals ignore divergence R R, P Q (Jategaonkar/Meyer/Roscoe/Valmari) 16

Features Close ties to operational intuition describe partial behaviors natural closure conditions full abstraction results ordering based on non-determinism Algebraic laws basis for model checking Reasoning principles unique fixed-point Milner-style expansion Limitations Fairness hard to incorporate Extreme view of divergence 17

Idealized CSP parallel imperative processes asynchronous communication weakly fair parallel composition local variable declarations recursive processes Unification asynchronous CSP shared-variable Kahn-style dataflow Generalization CSP + procedures Idealized Algol + processes non-deterministic Kahn networks 18

Semantic model Transition traces s 0, s 0 s 1, s 1... s n, s n... fair interactive computation process changes vs. environment changes Communication Channel = queue-valued variable Input and output = state change Waiting = stuttering Process set of traces closed under stuttering and mumbling trace sets ordered by inclusion 19

Semantics P Q, R R Sequential composition = concatenation Parallel composition = fair merge Recursion = greatest fixed-point Environment never changes local variables Advantages Mathematically simple traces suffice... models deadlock and divergence fairness built-in Unification of paradigms one model fits all 20

Features Close ties to operational intuition describes complete behaviors safety and liveness properties full abstraction at ground types Algebraic laws locality properties fairness Reasoning principles fixed-point fair expansion ΣA i ; P i ΣB j ; Q j = Σ(A i B j ); (P i Q j ) No unique fixed-point property, but... 21

Fixed-point theorems Parallel recursion If p i = j A ij; p j are fair expansions then p ij = i,j (A ii A jj ); p i j are valid and the fixed-points satisfy p ij = p i p j Local recursion If p i = j A ij; p j are fair expansions and {x = v i }A ij {x = v j } A ij = def local x = v i in A ij then q i = j A ij; q j are valid and the fixed-points satisfy q i = local x = v i in p i 22

Local input Laws local h = vρ in P (h?x; Q) = local h = ρ in P (x:=v; Q) if h? not free in P Local output local h = ρ in P (h!v; Q) = local h = ρv in P Q if h! not free in P Fair promotion local h = ɛ in (h?x; P ) (Q 1 ; Q 2 ) = Q 1 ; local h = ɛ in (h?x; P ) Q 2 if h not free in Q 1 23

Desiderata develop practical tools model checking theorem-proving exploit unification reasoning across paradigms explore further probabilistic processes real-time concurrent objects stay faithful to ideals simplicity elegance 24

References Full abstraction for a shared-variable parallel language The essence of Parallel Algol LICS 93 LICS 96 Idealized CSP: combining procedures with communicating processes MFPS 97 On the Kahn Principle and fair networks MFPS 98 Reasoning about recursive processes: Expansion isn t always fair MFPS 99 25

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback