Fall 98, CSE 520: Lecture 15 (Oct 15)


A Calculus for Communicating Systems

The Calculus for Communicating Systems (CCS) was developed by Milner around the 80s.

Motivation: A calculus with few, orthogonal mechanisms, able to represent all the relevant concepts of concurrent computations.

The aim of Milner was also to design a calculus which would have "maximum expressive power" (for concurrency) and use the least number of concepts. More complex mechanisms should be built by using the basic ones.

Why we need a specific calculus for concurrency

We have seen that the lambda calculus is computationally complete, i.e. it is able to express any computable function. Thus we might wonder why we need another calculus for concurrent computation. The point is, sometimes the function computed by a computation does not represent all the interesting aspects of the computation. In particular, in the case of concurrent computations, there are some aspects which cannot be captured by a sequential model. One main such aspect is the following:

Interaction among processes

In sequential programs the various components of a system interact in a rigid, fixed way. Examples: concatenation of commands, function application.

In concurrecy the interaction possibilities are much richer. Example: consider the following two fragments of programs:

A: x := 1
B: x := 0; x := x+1
If a sequential computation model, A and B are equivalent (i.e. they induce the same state-tranformation) in any context. If a concurrent computation model, on the contrary, there are context which distinguish them. Consider for instance the composition with the following
C: x := 2
We have that A | C and A | B (where | stands for the parallel composition) are not equivalent. In fact, the first can produce only the states where x is 1 or 2, while the latter can produce also the state where x is 3.

Nondeterminism

We have seen in previous example that parallel composition can induce nondeterminism. We need to spend a few words about this concept, since it is a different kind of nondeterminism from the one you might be acquainted with.

Nondeterminism in sequential models

In this context nondeterminism is a convenient tool for expressing solutions to certain problems in an easy way or to study complexity (examples: search for a path in a graph, search for a proof etc.) Examples of nondeterministic formalisms are: The characteristics of nondeterminism in these sequential formalisms are:

Nondeterminism in concurrent models

In this context nondeterminism arises because of the way processes may interact with each other. Its characteristics are: Because of this second point, controlling nondeterminism (i.e. trying to reduce the possibility of "wrong choices") it is even more important here than in sequential programming. In sequential programming is just a matter of efficiency, here is a matter of avoiding crashes.

To illustrate what are the "undesirable situations", consider the example of the dining philosophers:

n philosophers are sitting at a circular table. Between each two philosophers there is a fork (hence there are n forks on the table). Each philosopher can either think or eat. In order to eat, he needs two forks. He can take only one fork at the time. All philosophers are the same in the sense that they follow "the same attitude about thinking and eating". Also all forks are the same. Hence the situation is completely symmetric, i.e. there are no privilegies, no preestablished ordering, etc.
This example is paradigmatic of a situation in which processes are competing for some shared and distributed resources. The "bad situations" are "deadlock" (each philosopher has a fork, nobody eats) and "starvation" (some philosopher never eats because the neighboroughs are quicker in getting the forks.)

The problem of the dining philosophers is to guarrantee maximal independence (hence avoid having a scheduler or a monitor who decides whose turn is to eat) while avoiding those bad situations. Note that, even if we "convince" each philopher to give back the fork in case of deadlock, it is not so easy avoiding starvation, because we could enter a loop in all philopher take one fork each, detect deadlock, put back the fork, takes one fork again etc.

This example was proposed by Dijkstra in the 70s as a benchmark to test the expressiveness of concurrent languages. It was observed by Rabin in the 80s that a completely distributed, symmetric solution, must rely on probabilistic methods. In this solution the starvation possibility is not ruled out, but has probability 0.

Interaction

In order to have the maximum expressivity with the smalles number of constructs, we need to understand what is the basic kind of interaction (the same of course should be done also for the other concepts relevant for concurrency). In general, interaction has to do with communication.

Concurrent systems offer several kinds of communication, depending on the medium. Examples are:

Each of these kinds can be further divided into various cases: What is the basic kind of communication? Milner's answer was: none of the above!. In his view, the reduction to essential principles require to avoid separation between agents (active entities) and resources (passive entities). In his approach, everything is a process, more or less active.

Thus the fundamental kind of interaction is not the one between two proceeses P and Q communicating via a buffer B, but rather between P and B, and Q and B. In Milner's view, the fundamental model of interaction is synchronous and symmetric, i.e. the partners act at the same time performing complementary actions. This kind of interaction is called handshaking: the partners agree simoultaneously on performing the two (complementary) actions.

In the following, the complement of an action a will be denoted by ^a. Usually we will regard a as the action of "receiving along channel (or interface, or port) a", and ^a as the action of "sending along channel (interface, port) a". But let us not forget that this terminology is purely a convention: the two actions have really the same status from every possible point of view. We will also use the terms "input" and "output" to denote the same distinction between the two counterparts of the action.

If we name in the interface of the buffer B where it receives data, and out the interface where its data are made available, then the buffer can be specified as follows (assuming for simplicity that it has only one cell, i.e. that it can store only one datum at a time) :

B = in(x).B'(x)
B'(x) = ^out(x).B
The "." here is called "action prefixing" and denotes sequentialization; i.e. B'(x) becomes active only after the action in(x) has been performed. The sending and the receiving processes will then be specified as follows (assuming that P send the datum d):
P = ^in(d).P'
Q = out(x).Q'(x)
As explained above, the complementary actions ^in(d) and in(x) must take place at the same time (and cause the instantiation of x with d). Same for ^out(x) (by then instantiated to ^out(d)) and out(x). In other words, we want that the system P | B | Q evolve as follows:
P | B | Q --> P' | B'(d) | Q --> P' | B | Q'(d)

Structural Operational Semantics

In sequential (functional) languages, beta reduction captures the essential mechanism in the evolution of computation. It is a structural semantics, in the sense that the evolution of a complex term is defined in terms of the evolution of the components (i.e. if M -> M' then MN -> M'N etc.) Other semantics we have seen (lazy, eager evaluation) are also defined structurally.

In concurrency, in order to achieve a structural definition, we must add some information in the transition relation (specifying the behaviour of processes). In particular, to model interaction, we have to specify the action that is being preformed during a transition. Transitions will then be formalized as a relation between two processes (or configurations) and one action.

A process with an input prefix can make a transition by performing the corresponding input action:

   a.P -a-> P 
Analogously, a process with an output prefix can make a transition by performing the corresponding output action:
   ^a.P -^a-> P 
Finally, the interaction between two parallel processes is captured by the following rule:
    P -^a-> P'  Q -a-> Q'
   ----------------------
     P | Q -tau-> P'| Q'   
Were the label tau in the conclusion represents "a silent action", and is the only action which does not have a complement. This is to express the fact that if P and Q are interacting with each other, they cannot (at the same time) interact with anybody else (two-ways interaction).

Two parallel processes should not be obliged to interact at every step. For this reason, we need also another rule for parallel composition, which models the situation in which one process makes a step and the other does not (is idle). The rule is the following:

        P -a-> P'  
   ------------------
    P | Q -a-> P'| Q  
Of course there will be also the symmetric rule (where P and Q roles are exchanged), and a here can also represent an output action.

In some formalisms for concurrency there are also other rules, tro represent the fact that two processes can be active at the same time independenty, i.e. without interacting. These are called "true concurrency models". In CCS, however, the avove two rules (and the symmetric of the second) are all we have for the parallel construct. Such a kind of model of concurrent computation is called "interleaving": the actions of the processes are interleaved so that at each moment only one (at most) is observed.

We leave to the interested reader to apply these rules to prove the two transitions of the system above (P | B | Q). Actually, the rule for interaction needs to be modified so to cope with parameter-passing. A natural definition is:

    P -^a(d)-> P'  Q -a(x)-> Q'(x)
   --------------------------------
         P | Q -tau-> P'| Q'(d)   
CCS does however does not deal explicitly with parameter-passing. We will see how parameter-passing can be modeled in CCS.