CIS 720 Lecture 4

Concurrency rule for all i, { Pi } Si { Qi } { P1 /\ …. /\ Pn } co S1 // …. // Sn oc { Q1 /\ …. /\ Qn}

{true} {true} x = 0; y = 1; x = 0; co co x = 1 x = x + 1 // // y = y + 1 x = x + 2 oc oc { x = 0 /\ y = 1} { x = 0} {x = 0} {x = 0} {x = 1} {x = 1} {y = 1} {x = 0} {y = 2} {x = 2} { x = 1 /\ y = 2} { x = 0 /\ x = 2}

Interference freedom Let a be a statement and C be an assertion. NI(a, C) iff { pre(a) /\ C } a { C } Execution of a does not invalidates (or interferes) with C. {pre(a) /\ C a C

{ Pi } Si { Qi }, for all i, are interference free if for all assertions C in proof outline of Si, for all actions a in Sj, i != j NI(a, C) holds

Concurrency rule { Pi } Si { Qi } are interference free { P1 /\ …. /\ Pn } co S1 // …. // Sn { Q1 /\ …. /\ Qn}

x= 0; co x = x + 1 // x = x + 2 od

NI (x = 0 \/ x = 2, x = x + 2) To prove { (x = 0 \/ x = 2) /\ (x = 0 \/ x = 1}) x := x + 2 { x = 0 \/ x = 2)} { (x = 0) x := x + 2 { x = 0 \/ x = 2)} x (x = 0 \/ x = 2 )x+ 2 (x + 2 = 0 \/ x + 2 = 2) (x = -2 \/ x = 0) x = 0  (x = -2 \/ x = 0) { (x = 0) x := x + 2 { x = 0 \/ x = 2)}

Techniques to avoid interference Disjoint variables If the write set of each process is disjoint from the read and write set of other processes, then the proof outlines will be interference free.

Avoiding interference Global Invariants: Assume that every assertion in the proof outline of Pi is of the form I /\ L, where L refers to local variables of Pi or to variables that only Pi writes. - Then the proof outlines will be interference free.

Concurrency rule for all i, { I} Si { I } { I } co S1 // …. // Sn { I}

x = 0 ; y = 0; z = 0 co x = 1 y := 1 // if y = 1  z = 1 oc

x = 0 ; y = 0; z = 0 co x = 1 y := 1 // if y = 1  z = 1 oc

Avoiding interference Weakened assertions x= 0; co x = x + 1 // x = x + 2 od {x = 0} {x = 0 \/ x = 2}

Avoiding interference Synchronization

Bank transactions co // Transfer(x,y,am): Auditor: ac[x] = ac[x] – am; total = 0; i = 0; ac[y] = ac[y] + am do i < n total = total + ac[i] i = i + 1 od oc

Avoiding interference Synchronization Await Statement rule {P /\ B } S {Q} {P} < await(B)  S > {Q} { y > 0 } y := x { x > 0 } { true } await(y > 0)  y := x { x > 0 }

b = false x = 0 ; y = 0; z = 0 co x = x + 1 b := true z = x + 3 // < await b  y = x > oc

b = false x = 0 ; y = 0; z = 0 co x = x + 1 b := true z = x + 3 // < await b  y = x > oc (I /\ x = 1 /\ not b) /\ (I /\ b) false

Bank transactions total = 0; i = 0; co // Transfer(x,y,am): Auditor: < await( (i < x /\ i < y) \/ {A1: Total = ac[1]+….+ac[i] } (i > x /\ i > y)) do i < n  ac[x] = ac[x] – am; i = i + 1 ac[y] = ac[y] + am > total = total + ac[i] od oc

Bank transactions co // Transfer(x,y,am): Auditor: if < await(!auditon)  ac[x] = ac[x] – am; auditon = 1; total = 0; i = 0; ac[y] = ac[y] + am > [] do i < n <await (auditon && ( (x < i && y < i) ||(x > i && y > i))) total = total + ac[i]  ac[x] = ac[x] – am; ac[y] = ac[y] + am> i = i + 1 fi od auditon = 0 oc