1 / 57

The Temporal Semantics Of Concurrent Programs Amir Pnueli (1981)

The Temporal Semantics Of Concurrent Programs Amir Pnueli (1981). Presented by: Belgi Amir. Seminar in Distributed Algorithms  Designing correct concurrent algorithms Spring 2013. Lecture outline. Goal A simple model of concurrent programs Introduction to Temporal logic Examples

wei
Download Presentation

The Temporal Semantics Of Concurrent Programs Amir Pnueli (1981)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Temporal Semantics Of Concurrent ProgramsAmir Pnueli (1981) Presented by: Belgi Amir Seminar in Distributed Algorithms  Designing correct concurrent algorithms Spring 2013

  2. Lecture outline • Goal • A simple model of concurrent programs • Introduction to Temporal logic • Examples • A proof system • The temporal semantics of programs • Summary • Questions

  3. The notation • Giuseppe Peano - One of the founders of mathematical logic and set theory • Originally wrote for p is a consequence of q • Backwards: q is a consequence of p • denotes

  4. Goal • Our goal is: given a program , assign a temporal formula which is true on all proper execution sequences of • To prove that a program possess a property one have to prove the implication

  5. A simple model of concurrent programs • A concurrent program consists of disjoint processes • Which execute concurrently on processors • Under shared memory • And a set of initial conditions

  6. A simple model of concurrent programs – a single process • Represented by a single entry transition graph • A directed labeled graph • The labels of process are denoted by • Edges are labels by commands of the form • is a condition, if is missing we interpret it as true • called a guard • May be true • is a statement which may be an assignment • is the vector of the program variables • may be empty

  7. Process graph - Example Critical Section 2 Critical Section 1

  8. A simple model of concurrent programs • Consider any program which may be run in parallel with another and contains: • 1. tests • 2. Unconditional transfers (go to’s) • 3. assignments statements • In the graph model: there will be a node for each statement representing the state • just before the execution of this statement

  9. A simple model of concurrent programs • Corresponding to each statement which is the successor of this statement • i.e. may be reached by the execution of the statement • We draw an edge from the statement node to its successor • The labelof this edge depends on the type of the statement

  10. A simple model of concurrent programs - tests • Case 1: test statements • For statements of the form :

  11. A simple model of concurrent programs – unconditional transfers • Case 2: go to’s • For statements of the form :

  12. A simple model of concurrent programs - assignments • Case 3: assignment • For statements of the form : • Explanation with the example : • Where are auxiliary variables local to

  13. A simple model of concurrent programs - synchronization primitives • Examples of synchronization primitives: • 1. • 2. • 3. is represented as • With a corresponding at the end of the block

  14. A simple model of concurrent programs – a single process • A state is a pair • is a vector of labels • is a set of values currently assigned to the program variables

  15. Execution sequences (informally) • An execution sequence for a program is any sequence satisfying the following conditions : • 1. The initial stateis “correct” • 2. Satisfies the Multiprogramming assumption • One processor does one step and updates the values of the variables accordingly • 3. Satisfies the Fair scheduling assumption • If you can exit a node infinitely many times then you will be able to do so

  16. Execution sequences • An execution sequence for a program is any sequence satisfying the following conditions : • 1. The initial state is where are the entry labels and are the initial values of the y’s • 2. Multiprogramming assumption: A successive state is obtained from its predecessor by exactly one processor executing one transition which is enabled.

  17. Multiprogramming assumption • If the processor i contains an edge from the node to the node which is labeled by and is true, then is a possible successor of • We allow idling - • Every command is considered atomic … …

  18. Fair scheduling assumption • – denotes the exit condition of a node of process • E is the disjunction ( ) of all guards on all edges departing from • What is in most of the cases ?

  19. Fair scheduling assumption • A sequence is fairif whenever processor is stuck at then is true only at a finite number of states thereafter • negatively: no processor whose exit condition is true infinitely often may be deprived forever

  20. Fair scheduling assumption • How does the statements on the edges affect the exit condition ? • Assignments, tests, go to’s –the exit condition is identically true! • For the statements of the other type (with synchronization) - the exit condition can be NOTidentically true!

  21. Fair scheduling assumption • An important note: it is NOT sufficient to require that the processor will eventually be scheduled • it might always get scheduled when the condition is false and no transition is possible • We will need to express the stronger condition that it will eventually be scheduled when the exit condition is true

  22. Temporal logic • Used to describe a system of rules for reasoning about propositions qualified in terms of time • Something alwaysoccurs • Something occurs now • Something will occur eventually • etc.

  23. Reasoning about sequences • We will talk about an integer like time • We will reason about execution sequences which are deterministic • Each state having exactly one successor • Although that the program generating them is non- deterministic

  24. Temporal operators • X – the proposition is true in the neXtinstant • F – the proposition will be true in the Future • existential truth • G – the proposition will always be true in the future • universaltruth • Stands for Globally

  25. Temporal operators • neXt: • Future: • Globally

  26. Temporal operators

  27. Validity of a temporal formula on a sequence • Denote and

  28. Validity of a temporal formula on a sequence • A formula W is validif for all sequences • Example • Some expressions:

  29. Examples of expressing properties with Temporal formulas • Recall: • A state is a pair • is a vector of labels • In our formulas: If then the proposition will be true in a state if • We start off with properties which can be expressed as formulas of the form where contains no temporal operators • Those are Invariance properties

  30. Partial correctness • Consider a single sequential program • Entry • Exit • is a formula specifying the correctness of the program • That is: is to hold on termination • Partial correctness can be stated as What does this formula does NOTguarantee us ? • We can also add an input restriction

  31. Clean behavior • For every instruction we can write a condition which ensure a lawful termination of the instruction • Examples: • If the instruction contains division - we include a claim that the divisor does not equal to zero • If the instruction contains array reference - we include a claim that the subscript expression is within the array bounds • - The legality condition for the statement departing from • Clean behavior can be stated as

  32. Mutual Exclusion • Assume contain a critical section • For simplicity assume they consists of the single nodes • To claim that the critical sections are never simultaneously accessed we write

  33. Deadlock Freedom • Deadlock – all processors are locked and none can move • In our model – we can only get stuck in a node if the exit condition is not identically true • Let be any set of nodes with exit conditions none of which is identically true • The statement that deadlocknever occurs at can be stated as • What can we do to exclude deadlock (not only for a given set of nodes) ?

  34. Temporal formulas: Now A bit more complicated ones • We now advance to a class of properties which require a more complicated expressions • Expressible by expressions of the types:

  35. Total correctness • Same setting as the partial correctness: • a single sequential program • Entry • Exit • is a formula specifying the correctness of the program • That is: is to hold on termination • expresses the initial input restrictions • Total correctness with respect to can be expressed as • Compare it to partial correctness:

  36. Accessibility • In the context of critical sections • Expressing that if a process wishes to enter its critical section he will be granted permission to do so • m – a location (node) just before the entrance to the critical section • Of a process showing its wish to enter the critical section • m’ – a location inside thecritical section • The property of accessibilityis

  37. Responsiveness • Suppose we receives requests from many external agents • For example: A Client-Server model • A request from agent i is signaled by a variable tuning true • The program deals with the request (for example it allocates the resource) and signals that the request to agent i has been granted by setting a variable to true • Responsivenesscan be expressed as

  38. Coming up: A proof system! • We saw that the Temporal Logic language is useful for expressing and formulating interesting properties • We now present an axiomatic system in which we can provethese properties

  39. The system DX - Axioms • Axioms:

  40. The system DX – Inference rules • Inference rules: • R1: (TAU) if is an instance of a classical tautology then • R2: (MP) If and then • R3: (GEN) If then

  41. The temporal semantics of programs • Consider a nodein any of the processes • The exit condition:

  42. Clauses definitions (1) • For a node we define :

  43. Clauses definitions (2) • Fair scheduling: • Exit node – a node with no outgoing transitions • If is an exit node then, by definition, and is identically true • allowing execution of the relevant program to remain at the exit node

  44. Notation • For formulas : claims that exactlyone of the is true, while the others are false

  45. Clauses definitions (3) • Consider process with label set : • Recall: • The expression expresses the situation that process is active • That is: some transition in it is taking place

  46. Clauses definitions (4-6) • The expression Expresses the situation that process is idle • Now define

  47. Clauses definitions (7) • Consider now a complete program • Define first

  48. Defining W(P) • Assume that the initial labels in all programs are • And that the initial values of the variables are

  49. Defining W(P) • The formula expressing the semantics of the program is:

  50. Defining W(P) • The formula expressing the semantics of the program is: • - is active • - if all processes are idle then the values of the variables remain

More Related