Modelling Concurrent Systems

Definition 2.15. Transition System Semantics of a Program Graph The transition system TS(PG) of program graph

PG= (Loc,Act,Effect, →,Loc0, g0) over set Var of variables is the tuple (S,Act,−→, I,AP, L) where

• S =Loc×Eval(Var)

• −→ ⊆S×Act×S is defined by the following rule (see remark below):

^g:α→ ∧ η|=g , η−−→ ^α ,Effect(α, η)

• I ={, η |∈Loc0, η |=g0}

• AP=Loc ∪ Cond(Var)

• L(, η) ={} ∪ {g∈Cond(Var)|η|=g}.

The definition of TS(PG) determines a very large set of propositions AP. But generally, only a small part of AP is necessary to formulate the relevant system properties. In the following, we exploit the degrees of freedom in choosing the set of propositions of TS(PG) and only use the atomic propositions needed in the context at hand.

Remark 2.16. Structured Operational Semantics

In Definition 2.15, the transition relation is defined using the so-called SOS-notation (Structured Operational Semantics). This notation will be frequently used in the re- mainder of this monograph. The notation

premise conclusion

Parallelism and Communication 35 should be read as follows. If the proposition above the “solid line” (i.e., the premise) holds, then the proposition under the fraction bar (i.e., the conclusion) holds as well. Such “if . . ., then. . .” propositions are also called inference rulesor simplyrules. If the premise is a tautology, it may be omitted (as well as the “solid line”). In the latter case, the rule is also called an axiom.

Phrases like “The relation → is defined by the following (axioms and) rules” have the meaning of an inductive definition where the relation→ is defined as thesmallest relation satisfying the indicated axioms and rules.

2.2 Parallelism and Communication

In the previous section, we have introduced the notion of transition systems and have shown how sequential hardware circuits and data-dependent systems (like simple sequen- tial computer programs) can be effectively modeled as transition systems. In reality, however, most hard- and software systems are not sequential but parallel in nature. This section describes several mechanisms to provide operational models for parallel systems by means of transition systems. These mechanisms range from simple mechanisms where no communication between the participating transitions systems takes place, to more ad- vanced (and realistic) schemes in which messages can be transferred, either synchronously (i.e., by means of “handshaking”) or asynchronously (i.e., by buffers with a positive ca- pacity). Let us assume that the operational (stepwise) behavior of the processes that run in parallel are given by transition systemsTS1, . . . ,TSn. The goal is to define an operator , such that:

TS = TS1 TS2 . . . TSn

is a transition system that specifies the behavior of the parallel composition of transition systems TS1 through TSn. Here, it is assumed that is a commutative and associative operator. The nature of the operator will, of course, depend on the kind of communica- tion that is supported. We will for instance see that some notions of parallel composition do not yield an associative operator. In the remainder of this section, several variants of will be considered and illustrated by means of examples. Note that the above scheme may be repeated for TSi, i.e., TSi may again be a transition system that is composed of several transition systems:

TSi = TSi,1 TSi,1 . . . TSi,n_i .

By using parallel composition in this hierarchical way, complex systems can be described in a rather structured way.

2.2.1 Concurrency and Interleaving

A widely adopted paradigm for parallel systems is that of interleaving. In this model, one abstracts from the fact that a system is actually composed of a set of (partly) inde- pendent components. That is to say, the global system state – composed of the current individual states of the components – plays a key role in interleaving. Actions of an independent component are merged (also called weaved), or “interleaved”, with actions from other components. Thus, concurrency is represented by (pure) interleaving, that is, the nondeterministic choice between activities of the simultaneously acting processes (or components). This perspective is based on the view that only one processor is available on which the actions of the processes are interlocked. The “one-processor view” is only a modeling concept and also applies if the processes run on different processors. Thereby, (at first) no assumptions are made about the order in which the different processes are executed. If there are, e.g., two nonterminating processesP and Q, say, acting completely independent of each other, then

P Q P Q P Q Q Q P . . .

P P Q P P Q P P Q . . .

P Q P P Q P P P Q . . .

are three possible sequences in which the steps (i.e., execution of actions) of P andQ can be interlocked. (In Chapter 3, certain restrictions will be discussed to ensure that each participating processor is treated in a somewhat “fair” manner. In particular, execution sequences like P, P, P, . . ., where Q is completely ignored, are ruled out. Unless stated otherwise, we accept all possible interleavings, including the unfair ones.)

The interleaving representation of concurrency is subject to the idea that there is a sched- uler which interlocks the steps of concurrently executing processes according to an a priori unknown strategy. This type of representation completely abstracts from the speed of the participating processes and thus modelsany possible realization by a single-processor machine or by several processors with arbitrary speeds.

Example 2.17. Two Independent Traffic Lights

Consider the transition systems of two traffic lights for nonintersecting (i.e., parallel) roads. It is assumed that the traffic lights switch completely independent of each other.

For example, the traffic lights may be controlled by pedestrians who would like to cross the road. Each traffic light is modeled as a simple transition system with two states, one state

Parallelism and Communication 37

TrLight1

red

green

TrLight2

red

green

TrLight1 |||TrLight2 red red green red

green green

red green

Figure 2.4: Example of interleaving operator for transition systems.

modeling a red light, the other one modeling a green light (see upper part of Figure 2.4).

The transition system of the parallel composition of both traffic lights is sketched at the bottom of Figure 2.4 where ||| denotes the interleaving operator. In principle, any form of interlocking of the “actions” of the two traffic lights is possible. For instance, in the initial state where both traffic lights are red, there is a non-deterministic choice between which of the lights turns green. Note that this nondeterminism is descriptive, and does not model a scheduling problem between the traffic lights (although it may seem so).

An important justification for interleaving is the fact that the effect of concurrently ex- ecuted, independent actions α and β, say, is identical to the effect when α and β are successively executed in arbitrary order. This can symbolically be stated as

Effect(α|||β, η) = Effect((α;β) + (β;α), η)

where the operator semicolon ; stands for sequential execution, + stands for nondetermin- istic choice, and ||| for the concurrent execution of independent activities. This fact can be easily understood when the effect is considered from two independent value assignments

x:=x+ 1

=α

||| y:=y−2 =β

.

When initiallyx= 0 andy= 7, thenxhas the value 1 andythe value 5 after executingα and β, independent of whether the assignments occur concurrently (i.e., simultaneously) or in some arbitrary successive order. This is depicted in terms of transition systems as follows:

x=0

x=1 α |||

y=7

y=5

β = x=1, y=7

x=0, y=7

x=0, y=5 x=1, y=5

α

β α

β

Note that the independence of actions is crucial. For dependent actions, the order of actions is typically essential: e.g., the final value of variable x in the parallel program x := x+1|||x := 2·x (with initial value x=0, say) depends on the order in which the assignments x:=x+1 andx:= 2·x take place.

We are now in a position to formally define the interleaving (denoted |||) of transition systems. The transition system TS1|||TS2 represents a parallel system resulting from the weaving (or merging) of the actions of the components as described by TS1 and TS2. It is assumed that no communication and no contentions (on shared variables) occur at all. The (“global”) states of TS1|||TS2 are pairs s1, s2 consisting of “local”

states si of the components TSi. The outgoing transitions of the global state s1, s2 consist of the outgoing transitions of s1 together with those ofs2. Accordingly, whenever the composed system is in state s1, s2, a nondeterministic choice is made between all outgoing transitions of local state s1 and those of local state s2.