04/22/23 1

Concurrency Specification

Aliasgar RampurwalaAditya Garg

04/22/23 2

Outline

Issues in concurrent systems Programming language support for

concurrency Concurrency analysis - A specification

based approach Concurrency and other formal methods Deadlock Checker Concurrency and architectures

04/22/23 3

Concurrency Coexistence Sharing of resources Issues

– Asynchronicity– Non-determinism

Solution– Locks

Results– Deadlock and starvation

04/22/23 4

Concurrency in various disciplines Databases

– Transaction serializability Operating Systems

– Multithreading Electronic circuits

– Flip flops Real life

– Gas station example

04/22/23 5

Concurrency in architecture implementations

Component 1

Connector

Component 2

MessageQueue

Message Object AA'

.

.create(request);

.

.create(request);

.send(request);

A'

A' A' A'

A'

handle(request){ send_to_all_upper_components(request);}

handle(request){

process(request);...

handle(request){

process(request);...

create(notification);...

}

handle(request){

process(request);...

create(notification);...

send(notification);}

A'

A'

04/22/23 6

PL support for concurrency - 1

Fork and join constructs Queue construct and the signal

operation– Concurrent Pascal

The Java synchronized keyword

04/22/23 7

PL support for concurrency - 2 Communicating sequential processes [CSP]

– Producer command : consumer!m– Consumer command : producer?n– Guarded commands

• <guard> —› <command-list>• guard : list of declarations, boolean expressions or an

input command• alternative guarded command

– [ G1 —› C1 ƀ G2 —› C2 ƀ …. ƀ Gn —› Cn]

04/22/23 8

From Specification to Implementation - 1

04/22/23 9

From Specification to Implementation - 2 Specification Phase Implementation Phase Easy to verify safety Difficult to verify and

liveness safety and liveness State spaces small State spaces and

manageable large and unmanageable; testing difficult Cost of correcting Cost of correcting flaws

is low flaws is high

04/22/23 10

Specification-based model - 1

Synchronizer construct– set of variables defining the state of shared

resources– set of operations on these variables (with

pre/post conditions)– set of invariants

• safety conditions• liveness conditions

04/22/23 11

Specification-based model - 2

Process construct– independent thread of execution– multiple processes coexist– control allocation/deallocation of

synchronizer controlled resources Example:

– Web server : synchronizer– Web browser : process

04/22/23 12

Gas-station model

04/22/23 13

Gas-station model - Program spec

04/22/23 14

Gas station model - RSTG

04/22/23 15

Gas station model - Event expressionsTwo customers trying to buy gas concurrently

04/22/23 16

Gas station model - Reachability graph Identifies the states that can be reached by

executing enabled operations in processes and synchronizers

Constructed from event expressions and RSTG– Nodes represent states of RSTG– Edges represent operations from event expressions

A deadlock occurs if the graph contains terminal nodes

04/22/23 17

Tool support for concurrency analysis INCA(Inequality Necessary Condition

Analysis)– checks properties of an architectural

specification (ex. Mutual exclusion)– provides example executions that violate

those properties– verifies that a modification removes the

faults

04/22/23 18

Detecting a race condition

Customer1 pays before Customer2 but Customer2 takes up the hose before Customer1 thus getting the amount of gas purchased by Customer1

04/22/23 19

The INCA query

04/22/23 20

INCA results

INCA generates a system of inequalities based on the violation of properties specified by the query– a consistent inequality implies such a

situation is possible– an inconsistent inequality implies such a

situation is impossible

04/22/23 21

Features common with other formal methods RSTG Pre and post conditions State invariants

04/22/23 22

Unique Features - 1

Operation execution phases– Request phase– Enabled phase– Service phase

• only one operation invocation can be in the service phase.

– Terminate phaseExample: Fair scheduler:

[]<>enabled(o) -> <>service(o)

04/22/23 23

Unique Features - 2 Separation of control resources from

state variables Event expressions help “walk through”

the concurrency aspect Semantics of allocation and deallocation

– helpful in detecting deadlocks

04/22/23 24

Deadlock Checker

Performs checks on parallel programs written in CSP in order to prove freedom from deadlock

Takes in a network file(.net) that has been compiled from a CSP source file using a tool such as FDR

More information :– http://users.ox.ac.uk/~jeremy/Deadlock/

04/22/23 25

The Dining Philosophers Problem 5 philosophers and 5 chopsticks All philosophers keep thinking When a philosopher feels hungry, he

picks up the chopsticks closest to him, eats rice and keeps the chopsticks back

Deadlock :– When all philosophers grab their left

chopstick simultaneously

04/22/23 26

The Dining Philosophers Problem

04/22/23 27

Architectures and concurrency

Component types:– Synchronizer– Process units

Connector– Synchronization connector

04/22/23 28

Synchronization Connector

Process unit 1 Process unit 3Process unit 2

Synchronization connector

Synchronizer

04/22/23 29

A simple Binary Semaphore Connector in Javapackage architecture.connector;import java.lang;import architecture.framework;

public class SyncConnector extends Connector{

private boolean available;public SyncConnector() {

available = true;}public void handle(Request r) {

String messageName = r.getName();if(messageName.equals("AccessResource")) {

if(!available) {wait();

}if(available) {

available = false;super.handle(r);

}}

}

04/22/23 30

A simple Binary Semaphore Connector in Java (contd)

public void handle(Notification n) {

String messageName = n.getName();if(messageName.equals("ReleaseResource")) {

available = true;notifyAll();

}}

}

04/22/23 31

Conclusions and Discussion

Analysis of concurrent systems early in the development process reduces complexity and cost of correcting errors

A formal analysis will help detect deadlocks and starvation and also in direct code generation

Concurrency in software architectures can be represented in terms of CSPs