Programming Paradigms for Concurrency Lecture 11 Part III – Message Passing Concurrency TexPoint fonts used in EMF. Read the TexPoint manual before you delete this box.: A A A A A A A A A AA A A

Formal Semantics for MP Programs: The ¼ -Calculus

The ¼ -Calculus developed by Milner, Parrow, and Walker in the early 1990’s as a generalization of value-passing CCS. provides computational model for concurrent and mobile systems many applications: formal models for – Message passing programs – Web services – Business Processes – Security protocols – Biological systems

Reading Material Introductory Reading: Communication and Mobile Systems: the ¼ - calculus. Milner, Cambridge University Press, 1999 Advanced Reading: The ¼ -calculus: a Theory of Mobile Processes. Sangiorigi and Walker, Cambridge University Press, A Calculus of Mobile Processes, Parts I and II. Milner, Parrow, and Walker, Information and Computation 100:1, 1992.

Ping Pong sender Msg Ping Pong Actors

Ping Pong Msg sender Msg

Ping Pong Actors Ping Pong sender Msg

Ping Pong Actors in Scala val pingTd = actor { loop { react { case Msg(sender) => sender ! Msg(self) } } val pongTd = actor { loop { react { case Msg(sender) => sender ! Msg(self) } } val initTd = actor { pongTd ! Msg(pingTd) } pingTd.start; pongTd.start; initTd.start

Ping Pong Actors in CML datatype msg = MSG of msg chan fun pongTd (pong : msg chan) = case recv pong of MSG(sender) => send (sender, MSG(pong)); pongTd (pong) end fun pingTd (ping : msg chan) = case recv ping of MSG(sender) => send (sender, MSG(ping)); pongTd (ping) end fun initTd (ping, pong) = send(pong, MSG(ping))

Ping Pong Actors in CML let val ping = channel () val pong = channel () in spawn (fn () => initTd(ping, pong)); spawn (fn () => pingTd(ping)); spawn (fn () => pongTd(pong)) end

Ping Pong Actors in the ¼ -calculus behavior of threads is defined by parametric equations of process IDs and process terms behavior of threads is defined by parametric equations of process IDs and process terms equations can be (mutually) recursive system is given by a process term referring to the defined process IDs

fun pongTd (pong : msg chan) = case recv pong of MSG(sender) => send (sender, MSG(pong)); pongTd (pong) end Ping Pong Actors in the ¼ -calculus receive channel on pong and bind it to sender receive channel on pong and bind it to sender

fun pongTd (pong : msg chan) = case recv pong of MSG(sender) => send (sender, MSG(pong)); pongTd (pong) end Ping Pong Actors in the ¼ -calculus send pong back on sender

fun pongTd (pong : msg chan) = case recv pong of MSG(sender) => send (sender, MSG(pong)); pongTd (pong) end Ping Pong Actors in the ¼ -calculus and recurse

let val ping = channel () val pong = channel () in spawn (fn () => initTd(ping, pong)); spawn (fn () => pongTd(pong)); spawn (fn () => pingTd(ping)) end Ping Pong Actors in the ¼ -calculus create two fresh private channels and bind them to ping and pong pronounced “new”

let val ping = channel () val pong = channel () in spawn (fn () => initTd(ping, pong)); spawn (fn () => pongTd(pong)); spawn (fn () => pingTd(ping)) end Ping Pong Actors in the ¼ -calculus spawn all threads

Ping Pong Actors in the ¼ -calculus

The ¼ -Calculus There exist many different variants of the ¼ - calculus using different notations and slightly different semantics. We use one particular variant and stick to it.

Names In the ¼ -calculus channels are called names. Names serve both as communication channels and as the data that is sent when threads synchronize. We assume an infinite set of names:

Syntax of Process Terms nil process (termination) parallel composition of P and Q nondeterministic choice between P and Q generation of fresh name x with scope P reception of y on x with continuation P sending of y on x with continuation P replication of P Notational conventions: restriction input prefix output prefix

Bound and Free Names Restriction and input prefix bind names in a process term. Occurrences of names in a process term that are not bound are called free. The function fn returns the set of free names of a process term: If fn ( P ) = ; then P is called closed.

® -Equivalence We consider process terms P and Q equivalent if they are equal up to consistent renaming of bound names (denoted by P ´ ® Q ) For example: Can we replace x with z ? But we have

Name Substitution We write P [ y / x ] for the process obtained from P by replacing all free occurrences of name x by name y. We call [ y / x ] a name substitution. Substitutions use implicit ® -renaming to avoid capturing of free occurrences of names. For instance: We write [ y 1,…, y n / x 1,…, x n ] for [ y 1 / x 1 ]…[ y n / x n ]

Labeled Transition System A labeled transition system (LTS) is a tuple M = h S, L, !, I i with S a nonempty set of states L a nonempty set of labels I µ S the set of initial states ! µ S £ L £ S the transition relation For a transition we write

Executions and Traces An execution ± of an LTS M = h S, L, !, I i is a sequence of consecutive transitions starting in an initial state s 0 2 I If ± is finite then its final state s f has no outgoing transitions. A trace ¾ is the projection of an execution to its labels We denote by Traces( M ) the set of all traces of M.

Semantics of Process Terms The semantics of a process term P is defined operationally by associating a labeled transition system M P with P. M P captures the behavior of P in all possible process contexts. the initial state of M P is P itself the states of M P are process terms describing the continuations of partial executions the transition relation is defined in terms of transition rules that capture synchronization between threads the labels of M P are actions that encode whether a process synchronizes internally or with the environment

Structural Congruence The behavior of two ® -equivalent processes P and Q should be indistinguishable, i.e., ´ ® should be a congruence for the transition relation: There are other such structural equivalences. For instance, one would expect that the following processes behave equally: P | Q and Q | P We capture all these cases in a structural congruence relation ´.

Structural Congruence Rules

Structural Congruence Rules (cont’d)

Structural Congruence Example

Actions Transitions of process terms are labeled with actions. Actions describe what kind of synchronization the process term performed. Actions:

Silent Action means P synchronizes internally resulting in Q Example:

Input Action means P can receive a w over x resulting in Q [ w / y ] Example:

Free Output Action means P can send the free (i.e., publicly known) name y over x to the environment, resulting in Q Example: note that there is also a silent action possible:

Bound Output Action means P can send the bound name y over x to the environment, resulting in Q (i.e., y is leaked to the environment and no longer private to P ) Example: again there is an alternative silent action possible:

Free and Bound Names of Actions We denote by n ( ® ), fn ( ® ), and bn ( ® ) the names, free names, and bound names of action ® :

Transition Rules

Transition Rules (cont’d)

Example Execution

Ping Pong Actors in the ¼ -calculus Can we express recursive equations in our calculus?

Polyadic ¼ -Calculus Multiple names can be communicated in one step

Monadic Encoding of Polyadic Calculus We can encode the polyadic calculus in the monadic one using serialization: for some fresh name z Why is the following encoding incorrect?

Encoding Recursive Equations Given a recursive definition of a process identifier A and a process term P that uses this definition. We can encode the behavior of A in P as follows: 1.choose a fresh name y not occuring in P or Q 2.let P y and Q y be P and Q, where each occurrence of process identifier A is replaced by 3.replace P by

Monadic Ping Pong Actors

Outlook: Behavioral Equivalence PongTd ( x ) and PingTd ( x ) are ® -equivalent for all names x, so we can safely replace one by the other in any context. Next week: In general, when can we safely replace one process term by another one? They should surely have the same set of traces, but is that enough?