Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Generalized Deadlock-Free Process Calculus Eijiro Sumii Naoki Kobayashi University of Tokyo.

Published byJoan Mitchell Modified over 9 years ago

Similar presentations

Presentation on theme: "A Generalized Deadlock-Free Process Calculus Eijiro Sumii Naoki Kobayashi University of Tokyo."— Presentation transcript:

1 A Generalized Deadlock-Free Process Calculus Eijiro Sumii Naoki Kobayashi University of Tokyo

2 Merit and Demerit of Concurrent Languages Compared with sequential languages... zMerit: more expressive power yInherently concurrent application (e.g. GUI) yParallel/distributed computation

3 Merit and Demerit of Concurrent Languages Compared with sequential languages... zMerit: more expressive power yInherently concurrent application (e.g. GUI) yParallel/distributed computation zDemerit: more complicated behavior  Non-determinism (possibility of various results)  Deadlock (failure of due communication)

4 Merit and Demerit of Concurrent Languages Compared with sequential languages... zMerit: more expressive power yInherently concurrent application (e.g. GUI) yParallel/distributed computation zDemerit: more complicated behavior  Non-determinism (possibility of various results)  Deadlock (failure of due communication) è Errors & inefficiencies

5 Example of Complication (1/2) In ML: f : int->int├ f(3) : int è eventually returns a unique result (unless ‘infinite loop’ or ‘side effect’)

6 Example of Complication (1/2) In CML: f : int->int├ f(3) : int è may return: ― different results in parallel (  non-determinism) fun f(i) = let val c : int chan = channel() in (spawn(fn () => send(c, i + 1)); spawn(fn () => send(c, i + 2)); recv(c)) end

7 Example of Complication (1/2) In CML: f : int->int├ f(3) : int è may return: ― different results in parallel (  non-determinism) ― no result at all (  deadlock) fun f(i) = let val c : int chan = channel() in recv(c) end

8 Example of Complication (2/2) Mutex channel m : unit chan zcorrect use: ― receive once, send once recv(m); CriticalSection ; send(m, ())

9 Example of Complication (2/2) Mutex channel m : unit chan zcorrect use: ― receive once, send once zincorrect use: ― receive once, send never (  deadlock) recv(m); CS ; () ― receive once, send twice (  non-determinism) recv(m); CS ; send(m, ()); send(m, ());

10 Example of Complication (2/2) Mutex channel m, n : unit chan zcorrect use: ― receive once, send once zincorrect use: ― receive once, send never (  deadlock) ― receive once, send twice (  non-determinism) ― use in various order (  deadlock) spawn(fn () => recv(m); recv(n); …); spawn(fn () => recv(n); recv(m); …)

11 Possible Approaches zProvide higher-level constructs e.g.: ― parallel functions ― binary semaphores ― concurrent objects

12 Possible Approaches zProvide higher-level constructs e.g.: ― parallel functions ― binary semaphores ― concurrent objects 8 “chaos” outside them 8 complicated syntax & semantics

13 Possible Approaches zProvide higher-level constructs 8 “chaos” outside them 8 complicated syntax & semantics zEnrich channel types: control communication with a static type system

14 Possible Approaches zProvide higher-level constructs 8 “chaos” outside them 8 complicated syntax & semantics zEnrich channel types: control communication with a static type system  Our approach

15 Outline zIntroduction zBasic Ideas zThe Type System zRelated Work zConclusion

16 Target Language Asynchronous variant of Milner’s  -calculus  new x in P (channel creation)  x![y] (output)  x?[y].P (input)  P | Q (parallel execution)  def x[y]=P in Q (process definition)  if x then P else Q (conditional branch)

17 Target Language Asynchronous variant of Milner’s  -calculus  new x in P (channel creation)  x![y] (output)  x?[y].P (input)  P | Q (parallel execution)  def x[y]=P in Q (process definition)  if x then P else Q (conditional branch) ― x?[y].P | x![z]  P { z / y } ― def x[y]=P in x![z]  def x[y]=P in P { z / y }

18 Outline zIntroduction zBasic Ideas  Usages & Usage Calculus  “In what way each channel may be used”  Time Tags & Time Tag Ordering  “In what order those channels may be used” zThe Type System zRelated Work zConclusion

19 Usages (1/2): Input/Output  U (usage) :=  O (output)  I. U(input + sequential execution)  U | V(parallel execution)   (none) 4 x:[]/(O|I)├ x![] | x?[] 8 x:[]/(O|I)├ x![] | x![] | x?[] | x?[]

20 Usages (1/2): Input/Output  U (usage) :=  O (output)  I. U(input + sequential execution)  U | V(parallel execution)   (none) 4 y:[]/(O|O|I.I)├ y![] | y![] | y?[].y?[] 8 y:[]/(O|O|I.I)├ y![] | y![] | y?[] | y?[]

21 Usages (2/2): Obligation and Capability  U (usage) :=  O a (output)  I a. U(input + sequential execution) y…  a (attributes) :=  (none)  o (obligation: “must be performed”)  c (capability: “can be performed successfully”)  co (both)

22 Usages (2/2): Obligation and Capability x:[int]/Oo “must send an integer value to x ” 4 x:[int]/Oo├ x![3] 8 x:[int]/Oo├ 0

23 Usages (2/2): Obligation and Capability y:[int]/Ic “can receive an integer value from y successfully” 4 y:[int]/Ic├ y?[v].0  eventually reduces to 0 (by communication with an external process) 4 y:[int]/Ic├ 0

24 Usages (2/2): Obligation and Capability What to Ensure: zAn obligation must be fulfilled eventually zA capability can be used successfully  Otherwise “deadlock”

25 Reliability of Usages & the Usage Calculus 8 new x:[int]/Ic in x?[v].P

26 Reliability of Usages & the Usage Calculus 8 new x:[int]/Ic in x?[v].P “For every I/O with capability, a corresponding O/I with obligation” 4 new x:[int]/(Ic|Oo) in (x?[v].P | x![3])

27 Reliability of Usages & the Usage Calculus “For every I/O with capability, a corresponding O/I with obligation” 8 new x:[]/(Oo|Ic|Ic) in (x![] | x?[].P | x?[].Q)  new x:[]/Ic in x?[].Q

28 Reliability of Usages & the Usage Calculus “For every I/O with capability, a corresponding O/I with obligation” 8 new x:[]/(Oo|Ic|Ic) in (x![] | x?[].P | x?[].Q)  new x:[]/Ic in x?[].Q Oo|Ic|Ic  Ic

29 Outline zIntroduction zBasic Ideas  Usages & Usage Calculus  “In what way each channel may be used”  Time Tags & Time Tag Ordering  “In what order those channels may be used” zThe Type System zRelated Work zConclusion

30 Dependency between Obligation and Capability 4 x:[int]/Oo├ x![3] 8 y:[]/I, x:[int]/Oo├ y?[].x![3] 4 y:[]/Ic, x:[int]/Oo├ y?[].x![3]

31 Dependency between Obligation and Capability t<s “a capability with t may be used before an obligation with s is fulfilled” 4 y:[]/Ic t, x:[int]/Oo s ; t<s├ y?[].x![3] 8 y:[]/Ic t, x:[int]/Oo s ;  ├ y?[].x![3] 8 y:[]/Ic t, x:[int]/Oo s ; s<t├ y?[].x![3]

32 Preventing & Detecting Cycles in the Dependency  = c:[]/(Oo s |Ic s ), d:[]/(Oo t |Ic t ) 4  ; s<t├ c?[].d![] |... 8  ; s<t├ d?[].c![] |...

33 Preventing & Detecting Cycles in the Dependency  = c:[]/(Oo s |Ic s ), d:[]/(Oo t |Ic t ) 4  ; s<t├ c?[].d![] |... 8  ; s<t├ d?[].c![] |... 4  ; t<s├ d?[].c![] |... 8  ; t<s├ c?[].d![] |...

34 Preventing & Detecting Cycles in the Dependency  = c:[]/(Oo s |Ic s ), d:[]/(Oo t |Ic t ) 8  ; s<t├ c?[].d![] | d?[].c![] 8  ; t<s├ c?[].d![] | d?[].c![]  ; s<t,t<s├ c?[].d![] | d?[].c![]

35 Outline zIntroduction zBasic Ideas zThe Type System yType Judgment & Typing Rules yCorrectness & Expressiveness yType Checking zRelated Work zConclusion

36 Type Judgment  ;  ├ P   : type environment (mapping from variables to types)   : time tag ordering (binary relation on time tags) P uses communication channels according to: ― the usage specified by  ― the order specified by 

37 Example of Typing Rules T-Out (simplified):  includes obligations ⇒ a includes capability s < time tags on obligations included in   includes no obligation ───────────────────  + x:[  ]/O a s + y:  ; <├ x![y]

38 Example of Typing ret :[ int ]/Oo u ;  ├ def fib [i: int,r:[ int ]/Oo s ] = if i<2 then r![1] else new c:[ int ]/(Oo t |Oo t |Ic t.Ic t ) in ( fib ![i-1,c] | fib ![i-2,c] | c?[j].c?[k].r![j+k]) in fib ![10, ret ]

39 Example of Typing ret :[ int ]/Oo u ;  ├ def fib [i: int,r:[ int ]/Oo s ] = if i<2 then r![1] else new c:[ int ]/(Oo t |Oo t |Ic t.Ic t ) in ( fib ![i-1,c] | fib ![i-2,c] | c?[j].c?[k].r![j+k]) in fib ![10, ret ]

40 Example of Typing ret :[ int ]/Oo u ;  ├ def fib [i: int,r:[ int ]/Oo s ] = if i<2 then r![1] else new c:[ int ]/(Oo t |Oo t |Ic t.Ic t ) in ( fib ![i-1,c] | fib ![i-2,c] | c?[j].c?[k].r![j+k]) in fib ![10, ret ]

41 Example of Typing ret :[ int ]/Oo u ;  ├ def fib [i: int,r:[ int ]/Oo s ] = if i<2 then r![1] else new c:[ int ]/(Oo t |Oo t |Ic t.Ic t ) in ( fib ![i-1,c] | fib ![i-2,c] | c?[j].c?[k].r![j+k]) in fib ![10, ret ]

42 Outline zIntroduction zBasic Ideas zThe Type System yType Judgment & Typing Rules yCorrectness & Expressiveness yType Checking zRelated Work zConclusion

43 Correctness of the Type System No immediate deadlock: Well-typed processes are not in deadlock

44 Correctness of the Type System No immediate deadlock: Well-typed processes are not in deadlock + Subject reduction: Well-typedness is preserved by reduction

45 Correctness of the Type System No immediate deadlock: Well-typed processes are not in deadlock + Subject reduction: Well-typedness is preserved by reduction  Deadlock-freedom: Well-typed processes never fall into deadlock throughout reduction

46 Correctness of the Type System Deadlock-freedom: (the case of an output obligation)   + x:[  ]/O o t ;  ├ P  Every usage in  + x:[  ]/O o t is reliable z  + is a strict partial order  P will eventually perform output on x (unless ‘infinite loop’)

47 Expressiveness of the Calculus Expressive enough to encode: yParallel functions yTypical concurrent objects yVarious semaphores

48 Expressiveness of the Calculus Expressive enough to encode: yParallel functions yTypical Concurrent Objects yVarious Semaphores Too conservative to express: yCase-by-case dependency c:[]/(I co s |O co s ), d:[]/(I co t |O co t ); s<t,t<s├ c![] | d![] | if … then c?[].….d?[].… else d?[].….c?[].…

49 Outline zIntroduction zBasic Ideas zThe Type System yType Judgment & Typing Rules yCorrectness & Expressiveness yType Checking zRelated Work zConclusion

50 Issues in Type Checking zUsages of channels: must be explicitly specified by programmers zReliability of usages: can be automatically checked (by a co-inductive method) zTime tag ordering: can be automatically inferred (by generation & satisfaction of constraints)

51 Outline zIntroduction zBasic Ideas zThe Type System zRelated Work zConclusion

52 Related Work (1/4) [Kobayashi 97] Partially deadlock-free typed process calculus zIn what way each channel may be used yLinear Channels (used just once for communication) yMutex Channels (used like binary semaphores) yReplicated Input Channels (used for process definition) zIn what order those channels may be used ― Time tags and their ordering

53 Related Work (2/4) [Pierce & Sangiorgi 93] I/O Types: In what direction a channel may be used (for input, for output, or for both) c:  [ int ] ⇔ c:[ int ]/!O [Kobayashi & Pierce & Turner 96] Linear Types: How many times a channel may be used (once or unlimitedly) c:  1 [ int ] ⇔ c:[ int ]/(O co |I co )

54 Related Work (3/4) [Yoshida 96] Graph Types: In what order processes perform input/output on channels ― Only ‘capability + obligation’; cannot express ‘capability without obligation’ and ‘obligation without capability’

55 Related Work (4/4) [Boudol 97] Hennessy-Milner logic with recursion: On what channels processes are ready to receive values ― Deadlock-freedom only for output; cannot guarantee deadlock-freedom for input

56 Outline zIntroduction zBasic Ideas zThe Type System zRelated Work zConclusion

57 Conclusion (1/2): Summary Static type system that prevents deadlock: zUsages & Usage Calculus “In what way each channel is used” + zTime Tags & Time Tag Ordering “In what order those channels are used”

58 Conclusion (2/2): Future Work zDevelop a (partial) type inference algorithm zApply to practical concurrent languages zUtilize for compile-time optimization Prototype type checker available at: http://www.is.s.u-tokyo.ac.jp /~sumii/pub/

Download ppt "A Generalized Deadlock-Free Process Calculus Eijiro Sumii Naoki Kobayashi University of Tokyo."

Similar presentations

Types and Programming Languages Lecture 4 Simon Gay Department of Computing Science University of Glasgow 2006/07.

Types and Programming Languages Lecture 4 Simon Gay Department of Computing Science University of Glasgow 2006/07.
Type Checking, Inference, & Elaboration CS153: Compilers Greg Morrisett.

Type Checking, Inference, & Elaboration CS153: Compilers Greg Morrisett.
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
Inference of progress properties for (multi party) sessions Mario Coppo (Universita’ di Torino) joint work with Mariangiola Dezani, Nobuko Yoshida Lisbon,

Inference of progress properties for (multi party) sessions Mario Coppo (Universita’ di Torino) joint work with Mariangiola Dezani, Nobuko Yoshida Lisbon,
Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.

Budapest University of Technology and EconomicsDagstuhl 2004 Department of Measurement and Information Systems 1 Towards Automated Formal Verification.
Formal Semantics of Programming Languages 虞慧群 Topic 6: Advanced Issues.

Formal Semantics of Programming Languages 虞慧群 Topic 6: Advanced Issues.
1 Mooly Sagiv and Greta Yorsh School of Computer Science Tel-Aviv University Modern Compiler Design.

1 Mooly Sagiv and Greta Yorsh School of Computer Science Tel-Aviv University Modern Compiler Design.
Timed Automata.

Timed Automata.
Type checking © Marcelo d’Amorim 2010.

Type checking © Marcelo d’Amorim 2010.
INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.

INF 212 ANALYSIS OF PROG. LANGS Type Systems Instructors: Crista Lopes Copyright © Instructors.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Introduction to Data Flow Graphs and their Scheduling Sources: Gang Quan.

Introduction to Data Flow Graphs and their Scheduling Sources: Gang Quan.
CS 355 – Programming Languages

CS 355 – Programming Languages
Type Checking.

Type Checking.
Course on Probabilistic Methods in Concurrency (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1 The pi-calculus and the asynchronous.

Course on Probabilistic Methods in Concurrency (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1 The pi-calculus and the asynchronous.
09.04.2005Foundations of Interaction ETAPS `05 0 Ex nihilo: a reflective higher- order process calculus The  -calculus L.G. Meredith 1 & Matthias Radestock.

Foundations of Interaction ETAPS `05 0 Ex nihilo: a reflective higher- order process calculus The  -calculus L.G. Meredith 1 & Matthias Radestock.
DATAFLOW PROCESS NETWORKS Edward A. Lee Thomas M. Parks.

DATAFLOW PROCESS NETWORKS Edward A. Lee Thomas M. Parks.
Chapter 7Louden, Programming Languages1 Chapter 7 - Control I: Expressions and Statements Control is the general study of the semantics of execution.

Chapter 7Louden, Programming Languages1 Chapter 7 - Control I: Expressions and Statements "Control" is the general study of the semantics of execution.
Ordering and Consistent Cuts Presented By Biswanath Panda.

Ordering and Consistent Cuts Presented By Biswanath Panda.
1 Operational Semantics Mooly Sagiv Tel Aviv University 640-6706 Textbook: Semantics with Applications.

1 Operational Semantics Mooly Sagiv Tel Aviv University Textbook: Semantics with Applications.

Similar presentations

Ads by Google