Presentation is loading. Please wait.

Presentation is loading. Please wait.

Charts and nets: States, Messages, and Events Tony Hoare In honour of David Harel ViennaJuly 2014.

Published byGeoffrey Palmer Modified over 9 years ago

Similar presentations

Presentation on theme: "Charts and nets: States, Messages, and Events Tony Hoare In honour of David Harel ViennaJuly 2014."— Presentation transcript:

1 Charts and nets: States, Messages, and Events Tony Hoare In honour of David Harel ViennaJuly 2014

2 Events basic actions and method calls that occur during execution of a program

3 Event labels basic actions and method calls that occur in the text of the program x := 9 c ! 9 c ? 9

4 Space and Time time space where and when an event occurs

5 Spatial Boundaries time space horizontal, separating concurrent activities

6 Temporal Boundaries time space vertical, separating sequential activities

7 Dependencies an event at the head of an arrow depends on the event at the tail

8 Rules for arrows do not cross a time-boundary backwards Local arrows are drawn horizontal They must not cross space boundaries Non-local arrows are not horizontal They must not close a cycle.

9 Object values x y 3 9 7 4 9 7 0 7

10 Object identifiers x y

11 Object values x y 3 9 7 4 9 7 0 7

12 Message identifiers c[26] c[25] c! c?

13 The State of Memory is a map from the identifier of each line which crosses a given temporal boundary to the value which labels the crossing arrow.

14 State of memory x y 9 0 { x = 9, y = 0}

15 OBJECTS

16 Concurrent object behaviour. A trace of behaviour of an object is an event chart, containing all the events in which it has engaged, connected by dependency arrows. A class is the set of all possible traces of objects of the class (and related objects.

17 A local object boxes represent actions of the object arrows connect successive actions

18 A local object the red arrows connect actions in the same thread protected from interference by other threads

19 A shared object blue arrows connect actions which may occur in a different threads (or they may occur in the same thread).

20 An exclusion semaphore is released by the same thread that most recently acquired it. A released semaphore may be acquired by any thread.

21 with labels The boxes are labelled to indicate the nature of the actions: enter or exit exit enter

22 Object allocation has one red output arrow and no red input arrow alloc

23 Object disposal has one red input arrow and no red output arrow disp

24 A Communication channel single input port and single output port

25 A shared output port allows multiple outputting threads

26 with labels ad to indicate that the value communicated is the same at both ends of the channel dispose disp alloc !3 !7 ?3 ?7 =7 =3

27 with a single buffer ad which is passed back to outputter for refilling disp alloc !3 !7 ?3 ?7 =7 =3

28 a synchronous channel ad no buffering at all. input and output are simultaneous disp alloc !3 !7 ?3 ?7 =7 =3

29 a re-ordering channel… ad allows crossing of arrows disp alloc !3 !7 ?7 ?3 =7 =3

30 …with loss of message ad disp alloc !7 !3 ?7 =7

31 Diagrams in Debugging display a trace of concurrent execution with slices for selected objects keyed to the text of the program with dependencies to show sources of error and consequences of its correction.

32 PROGRAMS A program (or an object class) denotes the set of all possible diagrams of execution, on any computer system running in any environment.

33 Spatial Boundaries time space horizontal, separating concurrent activities

34 Temporal Boundaries time space vertical, separating sequential activities

35 Concurrent Composition of event charts p, q, r p q r (p ‖ q)‖ r = p ‖ (q ‖ r)

36 Sequential composition (p ; q) ; r = p ; (q ; r) pq r

37 Rules for arrows do not cross a time-boundary backwards Local arrows are drawn horizontal They must not cross space boundaries Non-local arrows are not horizontal They must not close a cycle.

38 A Program Error (race)

39 Another Program Error (deadlock) p

40 Top T stands for a trace with programming error T;p = p;T = p||T otherwise…..

41 Operators p;q splits the trace across time, into parts that can be executed at different instants. p ∥ q splits it across space, into parts that can be executed in different places. I describes doing nothing

42 Sequential Composition p;q = p+q if q x p contained in neg(dep*) p||q = p+q if p x q contained in neg(red u conv(red)) n neg(dep* n conv(dep*)) } = T otherwise I={ }

43 Trace algebra

44 Refinement ≼ ≼ is a partial order Covariance: p ≼ qimplies – p;r ≼ q;r – r;p ≼ r;q – p ∥ r ≼ q ∥ r

45 Exchange Axiom (p ∥ q) ; (p’ ∥ q’) ≼ (p;p’) ∥ (q;q’) p’ q’ p q ; ≼ p’ q’ p q ; ; note the self-duality of the law

46 p ≼ q means that p and q perform all the same actions, but p performs more pairs of them sequentially, and q performs more pairs concurrently. As a result,… p is more determinate, q is more abstract

47 Interleaving (p ∥ q) ; (p’ ∥ q’) ≼ (p;p’) ∥ (q;q’) LHS is an interleaving implementation of the more general concurrency of RHS It is the special case when the two RHS ‘;’s happen to be simultaneous

48 Frame Laws (p ∥ q) ; (p’ ∥ q’) ≼ (p;p’) ∥ (q;q’) Theorems (frame): 1.(p ∥ q) ; q’ ≼ p ∥ (q;q’) 2.p;(p’ ∥ q’) ≼ (p;p’) ∥ q’ 3.p;q’ ≼ p ∥ q’and q;p’ ≼ p’ ∥ q Proof: substitute  for variables of the axiom that are omitted in the theorem

49 Example abcd ∥ xyzw (a;bcd) ∥ (xy;zw) (a ∥ xy) ; (bcd ∥ zw) (a ∥ x;y) ; (b;cd ∥ zw) (a ∥ x);y ; (b ∥ zw) ; cd xayzbwcd

50 A Program is the set of all traces that it can evoke when executed on any computer system and in any interacting environment. P;Q = {p;q | p e P & q e Q } P||Q = {p||q | p e P & q e Q } P < Q = all p e P. exists q e Q. p < q All our laws for ; and || are preserved for sets

51 The Hoare triple Definition: {p} q {r} = p;q ≼ r – If p describes what has happened so far, – and q is then executed to completion, – the trace of overall execution will be r.

52 The Milner transition Definition: r >- q -> p = q;p ≼ r – i.e., the dual of {p} q {r} – r may be executed by first executing q, with p as continuation for later execution. – (maybe there are other ways of executing r) Tautology: (q ; p) >- q -> p – (CCS prefix rule) Proof: from reflexivity: q;p ≼ q;p

53 Modularity rules {p} q {r} {p’} q’ {r’}Logic {p ∥ p’} q ∥ q’{r ∥ r’} r >–q-> pr >-q’-> p’ CCS (r ∥ r’) >-(q ∥ q’)-> (p ∥ p’) In CCS, the rule is restricted – by requiring synchronisation of p and p’, – e.g. input and output on the same channel.

54 O’Hearn Frame Rule {p} q {r} {p ∥ f} q {r ∥ f} – adapts a triple to a concurrent environment f – much better than the Hoare rule of adaptation: {p} q {r} with side-condition {p&f} q {r&f} – that no variable of f is assigned by q

55 Milner Frame Rule r >–q-> p (r ∥ f) >–q-> (p ∥ f) – a step q that is possible for a single thread r is still possible when r is executed concurrently with f, which does not change when q happens

56 Sequential composition {p} q {s} {s} q’ {r} {p} q;q’ {r} is equivalent to p;(q;q’) ≼ (p;q);q’

57 Sequential composition r >–q’-> s s >–q-> p r >–(q’;q)-> p is equivalent to (q’;q);p ≼ q’;(q;p), which is dual to p;(q;q’) ≼ (p;q);q’

58 Unifying Theories The Algebraic Laws of Programming are strong enough to derive – A verification logic for program correctness – An operational semantics for programming language implementation. Many laws can be derived from the other two forms of semantics

59 Summary so far… Process Calculus Verification Logic & Algebraic Laws Denotational Model

60 Assignments and fetches := =:

61 labelled with values ack= 3 := 3 := 7 =: 3 :=kassigns a constant k =:kfetches a value k =kpoints to a value k acksync signal

62 and by reference to object ack = 3 [37] := 3 [37]:= 7 [37]=:3 [v]:=kassigns to location v =kcommunication of k [v]=:kfetches value from v ackprevents further reads of previous assignment

63 or to a variable named x ack =3 x:= 3 x:= 7 x=:3 :=kassigns a constant k =:kfetches a value k =kcommunicates k acksync signal

64 fetching by another thread ack =3 x:= 3 x:= 7 x=:3

65 A variable alloc disp := =: leaving out colours & some labels

66 Execution as Petri net begin end := =:

67 Token move begin end := =:

68 Token split begin end :=3:= =:

69 Concurrency begin end := =:

70 Synchronisation begin end := =:

71 Token reconstitution begin end := =:

72 Concurrent object behaviour is modelled by an acyclic directed graph with boxes representing event occurrences and arrows recording dependency and labels on both boxes and arrows.

73 Examples Objects: allocation, ownership, disposal. Semaphores: exclusion, signalling. Channels: buffering, synchrony, overtaking. Variables: locality, sharing.

74 Weakly consistent memory as implemented in multi-core architecture, is more complicated to define … and even more complicated to use!

75 Weak memory (no ack) := := 3 =:3 =: 7 Any past value may be delivered at any later time := 7

76 Weak memory (no ack) := := 3 =:3 =: 7 a fence needs ack signals from earlier assignments := 7 fence

77 Weak memory (with fence) := := 3 =:3 =: 7 this cycle is impossible, := 7 fence

78 Weak memory (with fence) := := 3 =:3 =: 7 so the 3 and the 7 must be fetched in the right order := 7 fence

79 x =:3 y=:4 x := 7 An atomic event:

80 x = :3 y=: 4 x := 7 (atomic) x := 3 x := 17 ack y := 4y := 18

81 Threads fork alloc disp alloc join alloc disp fork join

82 Events and atomic actions Each occurrence of an event in the trace of program execution belongs to the trace of exactly one resource (thread, variable, channel,…) Atomic actions are groups of synchronised events, including exactly one from the thread which invoked the action, and one (or more) from every resource used by it.

83 Summary occurrence nets are adequate to describe the dynamic behaviour of many kinds of concurrent object

84 Fundamental Theorem Boxed Petri nets are a model of Concurrent Kleene Algebra Tony Hoare, Bernhard Moeller, Georg Struth, Ian Wehrman, Concurrent Kleene Algebra and its Foundations, J. Log. Algebr. Program. 80(6): 266- 296(2011).

85 Hoare Logic Let P{Q}R = (P;Q) => R Theorem: The structural rules of separation logic are valid in the net model – Ian Wehrman, C.A.R.Hoare, Peter O’Hearn: Graphical Models of Separation Logic. Inf Process. Lett. (IPL) 109(17):1001-1004 (2009) Proof: by a short algebraic calculation

86 Process Algebra Let P –Q-> R=R => Q;P =P{Q}R! Theorem: The transition rules of operational semantics are valid in the net model. – C.A.R.Hoare, A.Hussain, B.Moeller, P.W. O’Hearn, R.L. Petersen, G. Struth. On Locality and the Exchange Law for Concurrent Processes. CONCUR 2011:250-264. Proof: by a short algebraic calculation.

87 Acknowledgements Lucia Pomello, Matthew Parkinson, Philippa Gardiner, Hongseok Yang, John Wickerson, Thomas Dinsdale-Young Georg Struth, Bernhard Moeller, Rasmus Petersen, Peter O’Hearn

Download ppt "Charts and nets: States, Messages, and Events Tony Hoare In honour of David Harel ViennaJuly 2014."

Similar presentations

Models of Concurrency Manna, Pnueli.

Models of Concurrency Manna, Pnueli.
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 11.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Event structures Mauro Piccolo. Interleaving Models Trace Languages:  computation described through a non-deterministic choice between all sequential.

Event structures Mauro Piccolo. Interleaving Models Trace Languages:  computation described through a non-deterministic choice between all sequential.
Tracelets: a Model for the Laws of Concurrent Programming Tony Hoare OxfordFeb 2012.

Tracelets: a Model for the Laws of Concurrent Programming Tony Hoare OxfordFeb 2012.
Deterministic Negotiations: Concurrency for Free Javier Esparza Technische Universität München Joint work with Jörg Desel and Philipp Hoffmann.

Deterministic Negotiations: Concurrency for Free Javier Esparza Technische Universität München Joint work with Jörg Desel and Philipp Hoffmann.
Distributed Computing 5. Snapshot Shmuel Zaks ©

Distributed Computing 5. Snapshot Shmuel Zaks ©
Unifying Theories of Concurrency: CCSandCSP He Jifeng and Tony Hoare BCTCSApril 6, 2006.

Unifying Theories of Concurrency: CCSandCSP He Jifeng and Tony Hoare BCTCSApril 6, 2006.
Algebra unifies calculi of programming Tony Hoare Feb 2012.

Algebra unifies calculi of programming Tony Hoare Feb 2012.
Algebra of Concurrent Programming Tony Hoare Cambridge 2011.

Algebra of Concurrent Programming Tony Hoare Cambridge 2011.
7M701 1 Activity Diagram. 7M701 2 Example 7M701 3 Activity Diagram: what is it? Describes activities and flows of data or decisions between activities.

7M701 1 Activity Diagram. 7M701 2 Example 7M701 3 Activity Diagram: what is it? Describes activities and flows of data or decisions between activities.
CPSC 668Set 14: Simulations1 CPSC 668 Distributed Algorithms and Systems Spring 2008 Prof. Jennifer Welch.

CPSC 668Set 14: Simulations1 CPSC 668 Distributed Algorithms and Systems Spring 2008 Prof. Jennifer Welch.
Winter 2007SEG2101 Chapter 41 Chapter 4 SDL – Structure and Behavior.

Winter 2007SEG2101 Chapter 41 Chapter 4 SDL – Structure and Behavior.
Synthesis of Embedded Software Using Free-Choice Petri Nets.

Synthesis of Embedded Software Using Free-Choice Petri Nets.
Drawing TimeML Relations

Drawing TimeML Relations
Ordering and Consistent Cuts Presented By Biswanath Panda.

Ordering and Consistent Cuts Presented By Biswanath Panda.
1 Synchronization strategies for global computing models Ivan Lanese Computer Science Department University of Bologna.

1 Synchronization strategies for global computing models Ivan Lanese Computer Science Department University of Bologna.
An Algebra for Program Designs Tony Hoare MoscowJuly 2011.

An Algebra for Program Designs Tony Hoare MoscowJuly 2011.
1 Formal Models for Distributed Negotiations Concurrent Languages Translation Roberto Bruni Dipartimento di Informatica Università di Pisa XVII Escuela.

1 Formal Models for Distributed Negotiations Concurrent Languages Translation Roberto Bruni Dipartimento di Informatica Università di Pisa XVII Escuela.
Models of Computation for Embedded System Design Alvise Bonivento.

Models of Computation for Embedded System Design Alvise Bonivento.

Similar presentations

Ads by Google