S. D. Brookes
C. A. R. Hoare
Abstract
A mathematical model for communicating sequential processes is given, and a number of its interesting and useful properties are stated and proved. The possibilities of nondetermimsm are fully taken into account.
- 1 AFI', K.R., FRANCEZ, N., AND DE ROEVER, W.P.a proof system for communicating sequential processes. ACM Trans. Program Lang. Syst. 2, 3 (July 1980), 359-385. Google Scholar
- 2 BROOKES, S.D.Amodel for eommumcating sequential processes. D.Phil. d~ssertation, Oxford Univ., Oxford, England, 1983.Google Scholar
- 3 BROOKES, S.D.On the relationship of CCS and CSP. In Proceedmgs of the 1983 Internattonal Conference on Automata, Languages, and Programming (ICALP 83) Lecture Notes in Computer Science, vol. 154. Springer-Vedag, New York, 1983. Google Scholar
- 4 BROOKES, S. D.A semantics and proof system for communicating protests. In Proceedings of the NSF/ONR Conference on Logics of Programs. Lecture Notes in Computer Science, vol. 164. Springer-Verlag, New York, 1983. Google Scholar
- 5 BROOKES, S.D., AND ROSC'OE, A.W. An improved failures model for communieattng processes, to be published as CMU Teeh. Rep., 1984.Google Scholar
- 6 CHANDY, R.M., AND MISRA, J. An axaomatic proof technique for networks of communicating processes. Tech. Report TR-98, Univ. of Texas, Austin, "rex. Google Scholar
- 7 DI/KSTRA, E.W.Cooperating sequential processes. In Programmmg Languages, F. Genuys, Ed. Academic Press, New York, 1968.Google Scholar
- 8 FRANCEZ, N., LEHMANN, D., AND PNEULI, A. A linear history semantics of languages for dJstnbuted programming. In Proceedings of the 21st IEEE Foundations of Computer Science Symposium iEEE, New York, 1980.Google Scholar
- 9 HENNESSY, M., AND MILNER, R.On observing nondeterminism and concurrency. In Proceedings of the 1980 International Conference on Automata, Languages, and Programming (ICALP 80). Lecture Notes in Computer Science, vol. 85. Springer-Verlag New York, 1980. Google Scholar
- 10 HENNESS'r, M., AND DE NfCOLA, R,Testing equivalences for processes. In Proceedmgs of the 1983 lnternattonal Conference on Automata, Languages, and Programming (ICALP 83). Lecture Notes in Computer Science, vol. 154. Springer-Verlag, New York, 1983.Google Scholar
- 11 HENNESSY, M., AND PLOTKIN, G.A term model for CCS. In Proceedings of the 9th Conference on Mathematical Foundations of Computer Science Lecture Notes in Computer Science, vol. 88 Spdnger-Vedag, New York, 1980. Google Scholar
- 12 HOARE, C.A.R.Communicating sequentml processes. Commun ACM 21, 8 (Aug. 1978), 666-676. Google Scholar
- 13 HOARE, C. A. R.A model for commumcating sequential processes. Tech. Report PRG-22, Oxford Untv. Programming Research Group, Oxford, England, 1981.Google Scholar
- 14 HOARE, C.A.R., BROOKES, S.D., AND ROSCOE, A.W. A theory of communicating sequential processes. Teeh. Report PRG-t6, Oxford Univ. Programming Research Group, Oxford, England, 1981.Google Scholar
- 15 KENNAWAY, J.R.Formal semantics of nondeterminism and parallelism, D.Phii, dissertation, Oxford Univ., Oxford, England, 1981.Google Scholar
- 16 LAMPORT, L.Proving the correctness of mulfiprocess programs, IEEE Trans. Soflw. Eng. SE-3, 2 (Mar. 1977).Google Scholar
- 17 LEVlN, G. L.A proof technique for communicating sequential processes (with an example). Ph.D. dissertation, Cornell Univ., Ithaca, N.Y., 1979. Google Scholar
- 18 MILNE, R., AND STRACHEY, C.A Theory of Programming Language Semantics. Chapman Hall, London, and Wiley, New York, 1976. Google Scholar
- 19 MILNER, R.Algebras for communicating systems. Tech. Report CSR-25-78, Computer Science Dept., Edinburgh Umv., Edinburgh, England, 1978.Google Scholar
- 20 MILNER, R. A Calculus of Communtcating Systems Lecture Notes in Computer Science, vol. 92. Springer-Vedag, New York, 1980. Google Scholar
- 21 DE NICOLA, R.A complete set of axioms for a theory of communicating sequential processes. In Proceedings of the 1983 Conference on the Fundamentals of Computation Theory. Lecture Notes in Computer Science, vol. 158. Spnnger-Vedag, New York, 1983. Google Scholar
- 22 PLOTKIN, G.An operational semantics for CSP. In Proceedmgs of the W.G.Z2 Conference, 1982.Google Scholar
- 23 RoscoE, A.W.A mathematical theory of commumcating processes. D.Pkil. dissertation, Oxford Umv., Oxford, England, 1982.Google Scholar
- 24 ROSCOE, A. W. Denotational Semantics for occam In preparation.Google Scholar
- 25 Roum>s, W.C., AND BROOKES, S.D. Possible futures, acceptances, refusals and communicating processes. In Proceedings of the 22nd IEEE Foundations of Computer Science Symposium. IEEE, New York, 1981.Google Scholar
- 26 SCOTT, D.S.Data types as latttces. SIAM J Comput. 5 (1976), 522-587.Google Scholar
- 27 SMYTH, M.B.Powerdomams. J Comput. Syst. Sct 16 (1978).Google Scholar
- 28 STOY, J. E.Denotatmnat Semanttcs MIT Press, Cambridge, Mass., 1977.Google Scholar
- 29 ZHou, C.C., AND HOARE, C. A.R. Partial correctness of communicating processes and protocols. Tech. Report PRG-20, Oxford Umv. Programming Research Group, Oxford, England, 1981.Google Scholar
Index Terms
- A Theory of Communicating Sequential Processes
Recommendations
A Proof System for Communicating Sequential Processes
An axiomatic proof system is presented for proving partial correctness and absence of deadlock (and failure) of communicating sequential processes. The key (meta) rule introduces cooperation between proofs, a new concept needed to deal with proofs about ...
Comments on “Communicating Sequential Processes”
In his recent paper, “Communicating Sequential Processes” (Comm. ACM 21, 8 (Aug. 1978), 666-677), C.A.R. Hoare outlines a programming language notation for interprocess communication in which processes are synchronized by the messages they exchange. The ...
Reviews
A. Prasad Sistla
Giving precise and well-defined meanings to programs and programming languages allows implementors of programming languages to prove the correctness of their implementations with respect to their specifications. For sequential programs, the meaning of a program is a partial function from the input domain to the output domain. In the case of concurrent programs, the meaning of a program should also capture the intermediate behavior of the program. The languages CSP [1] and CCS [2] have been introduced as formalisms for describing the behavior of concurrent programs. The main feature of these languages is that processes do not use any shared variables; they communicate through synchronization on common actions. These formalisms have influenced the later development of practical programming languages such as Ada and OCCAM. For this reason it is important to give precise semantics of CCS and CSP programs. Both of the papers under review have made important contributions to the semantics of CCS and CSP, and they take different approaches. <__?__Pub Lcl partst="bold-italic" pindent="0pt" paboveskip="10pt">Hennessy and Milner This paper presents the semantics of processes in terms of an equivalence relation between processes called <__?__Pub Fmt italic>observational congruence;<__?__Pub Fmt /italic> it gives complete algebraic axiom systems for proving observational congruence of finite processes defined by simple languages of CCS terms. In order to define observational congruence, the operational meaning of a process is assumed to be given by the relations ? &agr; for each action a ?M , where <__?__Pub Fmt italic>M<__?__Pub Fmt /italic> is an alphabet of actions. Intuitively, <__?__Pub Fmt italic>p<__?__Pub Fmt /italic><__?__Pub Fmt kern Amount="4pt">? &agr; <__?__Pub Fmt kern Amount="4pt"><__?__Pub Fmt italic>q<__?__Pub Fmt /italic> means that process <__?__Pub Fmt italic>p<__?__Pub Fmt /italic> permits the action &agr; after which it behaves like process <__?__Pub Fmt italic>q.<__?__Pub Fmt /italic> Observational congruence is defined in terms of the relation <__?__Pub Fmt italic>observational equivalence.<__?__Pub Fmt /italic> Observational equivalence is the largest equivalence relation ? that satisfies the following property: p?q if for all a ?M , for all p ?, p?p ? a implies that for some q ?, q?q ? a and p ??q ? ; similarly, for all q ?, q?q ? a implies that for some p ?, p?p ? a and<__?__Pub Fmt hardspace> <__?__Pub Caret1> p ??q ? . Processes <__?__Pub Fmt italic>p<__?__Pub Fmt /italic> and <__?__Pub Fmt italic>q<__?__Pub Fmt /italic> are <__?__Pub Fmt italic>observationally congruent<__?__Pub Fmt /italic> if<__?__Pub Fmt hardspace>in all process contexts, substituting <__?__Pub Fmt italic>p<__?__Pub Fmt /italic>, <__?__Pub Fmt italic>q<__?__Pub Fmt /italic> respectively results in processes that are observationally equivalent. This paper defines the semantics of a process as the observational congruence class of the process. The paper also introduces a simple modal logic and shows that when the relations ? &agr; are image finite, two processes satisfy the same formulas of the logic if and only if they are observationally equivalent. Thus, observational equivalence can also be characterized in terms of logic. The paper considers processes defined by CCS expressions over three operator sets S 1, S 2, and S 3, where S 1 contains a unary operator corresponding to each member in <__?__Pub Fmt italic>M<__?__Pub Fmt /italic>, the non-deterministic choice operator, and the special process NIL; S 2 contains all the operators of S 1 together with the parallel composition operator; and S 3 contains all the operators of S 2 together with renaming operators. The alphabet <__?__Pub Fmt italic>M<__?__Pub Fmt /italic> contains a special action t denoting an internal action of a process. For each of the above operator sets, two kinds of observational congruences are considered by treating t as an observable action or as an unobservable action, resulting in six different cases. For all six cases, the authors present complete algebraic axioms for proving observational congruence. It turns out that when t is treated as an observable action, observational congruence coincides with observational equivalence. <__?__Pub Lcl partst="bold-italic" pindent="0pt" paboveskip="10pt">Brookes, Hoare, and Roscoe The authors present a mathematical domain for specifying the semantics of communicating sequential processes. As above, the authors assume that the only thing observable about a process is its interactions with the external world. The observation of a process is a finite experiment that can be carried out on the process; two processes are identical if they cannot be distinguished by an experiment. As in the previous paper, the operational semantics of a process is assumed to be given by the relations ? &agr; . The denotational semantics of a process is defined in terms of the failures of the process. For a sequence of actions given by <__?__Pub Fmt italic>s<__?__Pub Fmt /italic>, and for a subset of actions <__?__Pub Fmt italic>X<__?__Pub Fmt /italic>, the pair (<__?__Pub Fmt italic>s,X<__?__Pub Fmt /italic><__?__Pub Fmt kern Amount="1.2pt">) is a failure of the process <__?__Pub Fmt italic>p<__?__Pub Fmt /italic> if <__?__Pub Fmt italic>p<__?__Pub Fmt /italic> can engage in the sequence of actions given by <__?__Pub Fmt italic>s<__?__Pub Fmt /italic> and then refuse all the actions in <__?__Pub Fmt italic>X<__?__Pub Fmt /italic>. For a process <__?__Pub Fmt italic>p<__?__Pub Fmt /italic>, the denotation of <__?__Pub Fmt italic>p<__?__Pub Fmt /italic> is given by failures(<__?__Pub Fmt kern Amount="1.2pt"><__?__Pub Fmt italic>p<__?__Pub Fmt /italic>), the set of all failures of <__?__Pub Fmt italic>p<__?__Pub Fmt /italic>. This semantics maintains more information than the trace-based semantics in which the semantics of a process is given by the set of traces that it can engage in. For instance, the failure-based semantics has enough information to detect the possibility of deadlocks. Process <__?__Pub Fmt italic>p<__?__Pub Fmt /italic> is said to be more deterministic than process <__?__Pub Fmt italic>q<__?__Pub Fmt /italic> if failures(<__?__Pub Fmt kern Amount="1.2pt"><__?__Pub Fmt italic>p<__?__Pub Fmt /italic>) ? failures(<__?__Pub Fmt italic>q<__?__Pub Fmt /italic>). The authors show that this defines a complete partial order on the set of processes. The paper introduces many operators on processes, including nondeterministic choice, sequential composition, various parallel compositions, hiding, renaming, and recursion operators. The semantics of all the operators are defined as functions that map failure sets to failure sets. All the operators are shown to be continuous. As a consequence, recursive equations have solutions; and the semantics for the recursion operator is given in terms of the least fixed points of equations. The paper illustrates the main ideas with many examples. <__?__Pub Lcl partst="bold-italic" pindent="0pt" paboveskip="10pt">Related Work The semantics of processes based on observational equivalence as given in Hennessy and Milner are stronger than the failure semantics of Brookes, Hoare, and Roscoe. Two processes that are observationally equivalent have the same failure semantics; however, simple processes exist that are identified by the failure semantics but are not observationally equivalent. While Hennessy and Milner do not consider divergence, Brookes, Hoare, and Roscoe handle divergence by identifying a process that diverges with a special process called CHAOS that can engage in any sequence of actions but that can refuse to accept any action after this. Brookes and Roscoe [3] give an improved failure semantics that handles divergence in a more sophisticated manner. One of the earliest semantics of CSP using computation trees was given in Francez et al. [4]. A later paper presents a semantics of CSP that uses traces of communications and special states called expectation sets to characterize potential deadlocks. Milner introduced the notion of bisimulation, which is similar to observational equivalence [2]. DeNicola and Hennessy [6] present three different notions of the equivalence of CCS processes based on testing. They present complete axiom systems for proving the three notions of test equivalence of processes and give a denotational semantics based on tree representations. Pneuli [7] gives an elegant classification of the various semantics according to the approaches they take: semantics by equivalence classes, exterior semantics, and semantics by logics. He further classifies them according to the view they take: a branching view or a linear view. In this classification, the observational congruence considered in Hennessy and Milner is semantics by equivalence that takes a branching view, while the failure semantics of Brookes, Hoare, and Roscoe is exterior semantics based on a linear view. The semantics given by DeNicola and Hennessy [6] is based on equivalence classes taking a linear view. The semantics of Francez, Lehmann, and Pnueli [5] and Francez et al. [4] are exterior semantics that take linear and branching views, respectively. Olderog and Hoare give a uniform framework for presenting semantics of communicating processes by defining four denotational models that capture different levels of detail about process behaviors that handle divergence in different ways [8]. They give four models, called the counter model, the trace model, the readiness model, and the failures model. The counter model is the weakest of these. The failure model is similar to the model of Brookes, Hoare, and Roscoe but it handles divergence by having a special symbol ? to denote divergence. The readiness model defines a process semantics as a set of elements of the form <__?__Pub Fmt italic>s<__?__Pub Fmt /italic>, (<__?__Pub Fmt italic>s,X<__?__Pub Fmt /italic>) where <__?__Pub Fmt italic>s<__?__Pub Fmt /italic> is the sequence of actions that the process can engage in and <__?__Pub Fmt italic>X<__?__Pub Fmt /italic> is the set of actions that the process can accept after engaging in <__?__Pub Fmt italic>s<__?__Pub Fmt /italic>; if the process can diverge after engaging in <__?__Pub Fmt italic>s<__?__Pub Fmt /italic>, then this ability is captured by having the element <__?__Pub Fmt italic>s<__?__Pub Fmt /italic> ? in the semantics; readiness semantics is similar to the semantics of Francez, Lehman, and Pnueli [5] and is shown to be equivalent to the failure semantics.
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments