Models of Concurrency Manna, Pnueli

Chapter 1 1.1 The Generic Model 1.2 Model 1: Transition Diagrams 1.3 Model 2: Shared-Variables Text 1.4 Semantics of Shared-Variables Text 1.5 Structural Relations Between Statements 1.6 Behavioral Equivalence 1.7 Grouped Statements 1.8 Semaphore Statements 1.9 Region Statements 1.10 Model 3: Message-Passing Text 1.11 Model 4: Petri-Nets

Model 2: shared-variable text In transition diagram representation of shared-variables programs We only have guarded assignment We need structured constructs to allow hierarchical programs  readability, modifiability, analysis

Shared-variable text language Basic (simple) statements Grouped statements (atomic execution) Synchronization statements Semaphore Region statement

Simple statements Skip: a trivial do-nothing statement Basic steps, atomic Skip: a trivial do-nothing statement skip Assignment: for ŷ a list of variables and ē a list of expressions of the same length and corresponding types. ŷ:=ē Await: for c a boolean expression await c

await c c is the guard Wait until c becomes true, and then terminates. What happens if in a sequential program we have an await ?

In which states is await c enabled? What about skip and assignment statements?

Compound statements A controlling frame applied to one or more simpler statements (body). May require several computation steps. Conditional (if then else) Concatenation (sequential composition) Selection (non-deterministic choice) Cooperation (parallel composition) While (while do) Block (a block with local dcls, like in Algol)

Conditional If c then S1 else S2 Step 1: evaluate c Step 2: execute one of statements What is the difference between conditional statement and await (await c)?

Concatenation S1; S2 Sequential composition Step 1: first step of S1 Subsequent steps: rest of S1 and then S2 Multiple concatenation statement S S1; S2; …; Sn Si children of S

We define Concatenation await c; S as when c do S as an abbreviation. c: the guard, S: body Not atomic

Selection S1 or S2 Step 1: first step of one of S1 or S2 which is enabled. Subsequent steps: the rest of the selected statement. What if S1 and S2 are both enabled? Non-deterministic choice What if none is enabled? The statement is disabled

Si children of the selection statement. Multiple selection statement S1 or S2 or … or Sn Abbreviated to ORin=1 Si Si children of the selection statement.

Dijkstra’s guarded command: if c1  S1  c2  S2  …  cn  Sn fi How to write it in our language (using or)? [when c1 do S1] or … [when cn do Sn]

First step: arbitrary choosing an i such that ci is currently true, and passing the guard ci. Subsequent steps: execute the selected Si The order of the list does not imply priority.

Non-exclusiveness allows ?? Non-exhaustiveness allows ?? ci s are not exclusive, not necessarily ci  (cj) for every i j Non-exhaustive ci s are not exhaustive, not always \/in=1 ci is true. QUESTIONS: Non-exclusiveness allows ?? nondeterminism Non-exhaustiveness allows ?? Possibility of deadlock

Cooperation S1 || S2 Parallel execution of S1 and S2 Step 1: entry step, setting the stage for the parallel execution of S1 and S2 Subsequent steps: steps from S1 and S2 Last step: an additional exit step that close the parallel execution.

Multiple cooperation statement S1 || S2 … || Sn Si children of the cooperation statement QUESTION: In [S1 || S2 ]; S3 , when does S3 start? After both S1 and S2 are terminated.

While while c do S First step: evaluation of guard c Subsequent steps: C true: at least one more repetition of the body S C false: terminating the execution of while

What are the differences between: Question What are the differences between: while c do S when c do S ?

Block [local dcl; S] S is the body of the block. Local dcl: Local variable, …,variable: type where   : yi = ei yi declared in this statement, ei depends on program’s input variables  is the initialization of variables Once, at the beginning of the program (static) and not every time we enter the block.

Statement S may refer to variables which are declared at the head of the program or at the head of a block containing S.

Programs P:: [dcl; [P1::S1 || … || Pm::SM]] P1 , …,Pm :names of the processes S1, …,Sm : top-level processes of the program [P1::S1 || … || Pm::SM] : body of the program Names of the program and top-level processes are optional QUESTION: body of a program is like which statement?? a cooperation statement (but allow m=1)  Uniformity

declarations: mode variable, …, variable: type where  mode: in , local, out Assertion : restrict the initial values of the variables on entry to the program

Labels: Statements in the body may be labeled. We use them in our discussions and specifications. No statement refer to the labels.

Examples Binomial coefficient Greatest common divisor P. 27, 28

BINOM in k, n : integer where 0<= k <= n Local y1, y2: integer where y1 = n, y2 = 1 out b : integer where b = 1 P1 :: … || P2 :: …

Program GCD in a,b : integer where a>0, b>0 local y1,y2: integer where y1=a, y2=b out g: integer l1: while y1<> y2 do l3: when y1> y2 do l4: y1:=y1-y2 l2: or l5: when y2> y1 do l6: y2:=y2-y1 l7: g:=y1

Labels in Text Program Pre-label, post-label of statements Two important roles: Unique identification and reference to the statements Serve as possible sites of control in a way similar to nodes in a transition diagram P. 30 fig. 1.6, P. 31 fig. 1.7

The label equivalence relation P. 31 Locations in the text language an equivalence class of labels A location is an equivalence class of labels with respect to the label equivalence relation ~L P. 32

Conditional: S=[if c then S1 else S2] post(S) ~L post(S1) ~L post(S2) Concatenation: S =[S1 … Si;Si+1 … Sm] post(Si) ~L pre(Si+1) pre(S) ~L pre(S1) post(S) ~L post(Sm) when statement S =[when c do S’] post(S’) ~L post(S) Selection statement S =[S1 or…or Sm] pre(S) ~L pre(S1) … pre(Sm) post(S) ~L post(S1) … post(Sm)

while statement S =[while c do S’] block statement S = [dcl; S’] post(S’) ~L pre(S) block statement S = [dcl; S’] pre(S) ~L pre(S’) post(S) ~L post(S’) cooperation statement No equivalency

1.4 Semantics of Shared-Variables Text Giving the semantics of Shared-Variables Text: Establishing the correspondence between text programs and the generic model of basic transition systems (,,,) Identifying the components of a basic transition system in text programs

State variables, : (, , , )  = {Y, } Y is the set of data variables, explicitly declared (input, output, local)  is single control variable: ranges over sets of locations All the locations of the program that are currently active (statements candidate for execution)

Example out x: integer where x=0 l0: [l1 : x:= x+1; l2: x:=2; l3: x:=x+2]:l’0 QUESTION:  = ?? Note: adequately labeled (equivalence classes) Instead of {[l1], …} we represent it by {l1, …} Here: {l0}, {l2}, {l3}, {l’0}

States, : (,,,) All possible interpretations that assign to the state variables values over their respective domains. Question: States of the previous example? Reachable states of it? (p.34)

Transitions (,,,) The transition relation for idling transition The transition relations for diligent transitions l , shall be defined for each statement, as trans(S). p. 34 – p. 37

l : skip : l’, l : ŷ:=ē : l’, (Assignment) l : await c : l’, l : if c then [ l1: S1 ] else [ l2: S2 ], l : when c do [l’ : S ] l : [while c do [l1 : S ]]: l’, l : [[l1 : S1 : l’1] || … || [lm : Sm : l’m]] : l’, (Cooperation) ---------------------------------- Concatenation: S= [S1;S2] Selection: S= [S1 or S2 or … or Sn] Block: S= [local dcl; S’]

The Initial Condition [dcl; [P1 :: [lm : S1] || … || Pm::[lm : Sm ]]]  is the data precondition of the program. : (={l1, …, lm}) 

Computation Computation of a basic transition system: an infinite sequence of states satisfying the following requirement: Initiation: first state satisfy the initial condition Consecution: for two consecutive states in the computation, the corresponding transition is in the set of transitions. Diligence: the sequence contains infinitely many diligent steps or it contains a terminal state.

GCD example State variables: , y1, y2, g P. 39

Program GCD in a,b : integer where a>0, b>0 local y1,y2: integer where y1=a, y2=b out g: integer l1: while y1<> y2 do l3: when y1> y2 do l4: y1:=y1-y2 l2: or l5: when y2> y1 do l6: y2:=y2-y1 l7: g:=y1 ---------------------- <, y1, y2, g>: <{l0},4,6,->  <{l2},4,6,->  <{l6},4,6,->  <{l1},4,2,->  <{l2},4,2,->  <{l4},4,2,->  <{l1},2,2,->  <{l7},2,2,->  <{l0’},2,2,2>  …

Problem 1.1, 1.2

Subscripted variables We allow subscripted variables u[e]

1.5 Structural Relations Between Statements The relations are determined by the syntax of the program. Sub-statements For statements S and S’ , S is defined to be a substatement of S’ , denoted by S  S’ , if either S=S’ or S is a substatement of one of the children of S’.

Being a substatement: the reflexive transitive closure of the childhood relation. A is a child of B B is a child of C Then C is a substatement of A And so on, recursively, the union of all

S  S’ S is a substatement of S’ S’ is an ancestor of S S is a descendent of S’ S is defined to be a proper substatement of S’ , denoted by S< S’ if S  S’ and S  S’ .

A statement S1 is at front of a statement S2 if S1  S2 and pre(S1) ~L pre(S2) . S1 is at the front of …? S1 [S1;S2] [[S1,S2 ] or S3] S1 || S2

S1 [S1;S2] [[S1,S2 ] or S3] S1 || S2 pre(S) ~L pre(S1) pre(S) ~L pre([S1, S2 ]) ~L pre(S3) S1 || S2 No label equivalence definition is associated with cooperation statement.

We defined trans(S) : the set of transitions associated with a statement S We also can Define trans-in(S) : the set of all transitions associated with substatements of S trans-in(S) = S’ S trans(S’)

Least Common Ancestor Common ancestor of S1 and S2 is S, if S1  S and S2  S. S is the least common ancestor (lca) of S1 and S2 if S is a common ancestor of S1 and S2 and For any other common ancestor S’ of S1 and S2 , S  S’ .

Any two statements in a program have a unique least common ancestor. P: [S1; [S2 || S3]; S4] || S5 lca of S2 and S3 [S2||S3] lca of S2 and S4 [S1; [S2 || S3]; S4] lca of S2 and S5 [S1; [S2 || S3]; S4] || S5

The state predicates: at, after, in Several control predicates that identify the current location of control in a state, in terms of labels and statements. at-l , at-S after-l, after-S in-l, in-S Page 42

s |= at_l , if [l]  holds in s s |= at_S, if [pre(S)]  holds in s [l] s[ ] s |= at_S, if [pre(S)]  holds in s Pre[S]  s [ ] For the l:S, the two predicates are equivalent.

at_S implies in_S after_S implies !in_S after_S, after_l in_S, in_l s |= after_S, if [post(S)]  s[] in_S, in_l In_S = \/S’S at_S’ at_S implies in_S after_S implies !in_S

Enabledness of a statement A statement S is defined to be enabled on a state s if one of the transitions associated with S (some transition in trans(S)) is enabled on s.

Processes and parallel statements The diagram language allows only one level of parallelism, at top The text language allows nested parallelism For a statement S in a program P, S is defined to be a process of P if S is a child of a cooperation statement. Covers the top-level processes (children of the body of the program)

S’ and S’’ in a program P are defined to be (syntactically) parallel in P if the least common ancestor of S’ and S’’ is a cooperation statement that is different from both S’ and S’’.

P::[dcl; [[S1; [S2||S3];S4] || S5]] The processes: Is parallel to each other? S2, S3 :T S2, S4 :F S2||S3, S2 :F S2, S5 :T

Competing statements S1 and S2 : two statements in a program P S: Their lca S1 and S2 are defined to be competing in P if either S1=S2 or S is a selection statement, different from both S1 and S2, such that both S1 and S2 are at front of S, pre(S1)~L pre(S2)~l pre(S)

[S1; [[S2;S3] or [S4;S5]];S6]] Comp(S2) = {S2, S4, [S4;S5]}

Behavioral Equivalence (section 1.6)