1

Concurrency Specification

2

Outline

Issues in concurrent systems Programming language support for

concurrency Concurrency analysis - A specification based

approach Concurrency and other formal methods Deadlock checker Concurrency and architectures

3

Concurrency

Coexistence Sharing of resources Issues

– Asynchronicity– Non-determinism

Solution– Locks

Results– Deadlock and starvation

4

Concurrency in Various Disciplines Databases

– Transaction serializability Operating systems

– Multithreading Electronic circuits

– Flip flops Real life

– Gas station example

5

Concurrency in Architecture Implementations

Component 1

Connector

Component 2

MessageQueue

Message Object AA'

.

.create(request);

.

.create(request);

.send(request);

A'

A'A'

A'

A'

handle(request){ send_to_all_upper_components(request);}

handle(request){

process(request);...

handle(request){

process(request);...

create(notification);...

}

handle(request){

process(request);...

create(notification);...

send(notification);}

A'

A'

6

PL Support for Concurrency - 1

Fork and join constructs Queue construct and the signal

operation– Concurrent Pascal

The Java synchronized keyword

7

PL Support for Concurrency - 2

Communicating sequential processes [CSP]– Producer command : consumer!m– Consumer command : producer?n– Guarded commands

• <guard> —› <command-list>• guard : list of declarations, boolean expressions or an

input command• Alternative guarded command

– [ G1 —› C1 ƀ G2 —› C2 ƀ …. ƀ Gn —› Cn]

8

From Specification to Implementation Specification Phase Implementation Phase Easy to verify safety Difficult to verify and liveness safety and liveness State spaces small State spaces and manageable large and unmanageable; testing difficult Cost of correcting Cost of correcting flaws is low flaws is high

9

Specification-Based Model - 1

Synchronizer construct– Set of variables defining the state of

shared resources– Set of operations on these variables (with

pre/post conditions)– Set of invariants

• Safety conditions• Liveness conditions

10

Specification-Based Model - 2

Process construct– Independent thread of execution– Multiple processes coexist– Control allocation/deallocation of synchronizer controlled resources

Example:– Web server : synchronizer– Web browser : process

11

Gas-Station Model

12

Gas-Station Model - Program Spec

13

Gas Station Model - RSTG

14

Gas Station Model - Event Expressions Two customers trying to buy gas concurrently

15

Gas Station Model - Reachability Graph Identifies the states that can be reached by executing enabled operations in processes and synchronizers Constructed from event expressions and RSTG

– Nodes represent states of RSTG– Edges represent operations from event expressions

A deadlock occurs if the graph contains terminal nodes

16

Tool Support for Concurrency Analysis INCA (Inequality Necessary Condition Analysis)

– Checks properties of an architectural specification (e.g. mutual exclusion)– Provides example executions that violate those properties– Verifies that a modification removes the faults

17

Detecting a Race Condition

Customer1 pays before Customer2 but

Customer2 takes up the hose before

Customer1 thus getting the amount of

gas purchased by Customer1

18

The INCA Query

19

INCA Results

INCA generates a system of

inequalities based on the violation of

properties specified by the query– A consistent inequality implies such a

situation is possible– An inconsistent inequality implies such a

situation is impossible

20

Features Common with Other Formal Methods RSTG Pre and post conditions State invariants

21

Unique Features - 1

Operation execution phases– Request phase– Enabled phase– Service phase

• Only one operation invocation can be in the service

phase

– Terminate phase

Example: Fair scheduler []<>enabled(o) -> <>service(o)

22

Unique Features - 2 Separation of control resources from

state variables Event expressions help “walk through”

the concurrency aspect Semantics of allocation and deallocation

– Helpful in detecting deadlocks

23

Deadlock Checker

Performs checks on parallel programs

written in CSP in order to prove

freedom from deadlock Takes in a network file (.net) that has

been compiled from a CSP source file

using a tool such as FDR

24

The Dining Philosophers Problem 5 philosophers and 5 chopsticks All philosophers keep thinking When a philosopher feels hungry, he

picks up the chopsticks closest to him,

eats rice and keeps the chopsticks back Deadlock:

– When all philosophers grab their left chopstick

simultaneously

25

The Dining Philosophers Problem

26

Architectures and Concurrency Component types:

– Synchronizer– Process units

Connector– Synchronization connector

27

Synchronization Connector

Process unit 1 Process unit 3Process unit 2

Synchronization connector

Synchronizer

28

Conclusions and Discussion

Analysis of concurrent systems early in

the development process reduces

complexity and cost of correcting errors A formal analysis will help detect

deadlocks and starvation and also in

direct code generation Concurrency in software architectures can

be represented in terms of CSPs