Shared Variables
Interaction Diagrams
Radu Grosu
State University of New York at Stony Brook
joint work with
Rajeev Alur
University of Pennsylvania
Motivation
• Scenario-based specifications are very
popular in concurrent systems development:
– intuitive description of design requirements,
– intuitive presentation of system executions,
– compact presentation test sequences.
Fact
•
Concurrent systems are usually
constructed around one of the following
communication models:
–
Shared variables
–
Message passing
Message Passing
•
standardized notation in form of MSCs
(UML-SDs)
•
precise semantics subjected to
analysis,
•
algorithms and tools (race conditions,
timing conflicts…)
Shared Variables?
No formal notation so far!
• but plenty informal diagrams
In This Work
• Define Shared Variables Interaction Diagrams (SVID):
– introduce the notion of consistent SVID,
– analyze complexity of consistency checking:
• many-to-many communication
• one-to-many communication
• Define refinement notion between SVIDs:
– intuitive syntactic refinement steps,
– analyze complexity of refinement checking:
• many-to-many communication
• point-to-point communication
Peterson Mutual Exclusion Protocol
p1
p2
p1
p2
ini
ini
ini
ini
f1:=F
f2:=F
f1:=F
f2:=F
idle
idle
idle
idle
f1:=T
t :=2
reqCS
f2
inCS
f1:=T
f2:=T
t :=2
t :=1
f1= T: p1 wants to enter critical section
reqCS
reqCS
f2= T: p2 wants to enter critical
section
t
t
t = 1: p1 has priority
f1
f1:=F
idle
inCS
f1:=F
idle
idle
reqCS
Processes
p1
p2
ini
ini
f1:=F
f2:=F
idle
p1.Xr = {f2} idle - read variables
f2:=T variables
p1.Xs = {t} f1:=T - write shared
t :=2
t :=1
p1.Xe = {f1}
- write exclusive variables
reqCS
reqCS
p1.Xw = {t,f1} - write variables
t
p1.X = {t,f1,f2}- all variables
inCS
t
f1
f1:=F
idle
reqCS
Vertices
v11
v12
p1
p2
ini
ini
f1:=F
f2:=F
idle
idle
f1:=T
t :=2
f2:=T
t :=1
reqCS
reqCS
t
t
v23
f1
v24
v13
inCS
v14
f1:=F
idle
reqCS
v21
v22
Vertices
linear
order
=
time
flow
v11
v12
p1
p2
ini
ini
f1:=F
f2:=F
idle
v1i.p = idle
p1
f1:=T
t :=2
reqCS
v13
t
inCS
v14
<p1
f2:=T
v22
p1.V =t :=1
{v11,v12,v13,v14}
reqCS
V = p1.V  p2.V
t
v23
f1
v24
< = <p1  <p2
f1:=F
idle
v21
reqCS
Atomic Update Boxes
p1
explicit write
variables (t,f1)
p2
ini
ini
assignment
(state)
f2:=F
f1:=F
idle
v12
v13
idle
f1:=T
t :=2
f2:=T
t :=1
reqCS
reqCS
inCS
f1:=F
implicit write
variables (f1) idle
t
t
f1
read
variables (t)
reqCS
Read Edges
v12
partial order
among vertices
p1
p2
ini
ini
f1:=F
f2:=F
idle
idle
f1:=T
t :=2
f2:=T
t :=1
reqCS
reqCS
t
t
v23
f1
v24
v13
inCS
1:=F v
v12 v22 v13 v23 vf24
12 v22 v23 v13 v24
idle
reqCS
no intervening
vertex writes t
v22
v12 v22 v23 v24 v13
Consistent SVID
There is a sequence v1 v2 … vn that:
(1) is consistent with time order <
(2) is consistent with read order E
(3) respects most recent updates.
Inconsistent SVID
v11
v21
v12
v22
p1
p1
one
one
v11 o1:=T
o2:=T
two
v12 o1:=F o2
three
v21
two
o2:=F o1 v22
three
v11
v21
v22
v12
Checking Consistency
One-to-many communication (write exclusive):
- Solved in linear time.
- Reduces to finding a cycle in a graph.
Many-to-many communication (write shared):
- In general NP complete.
- Resolving implicit dependencies -> backtrack.
Refinement
When does I refine S written I  S?
-
Interested in a refinement notion that has
a syntactic counterpart that guides users.
Three simple ways to refine an SVID:
- By moving arrows and adding empty boxes.
- By splitting vertices.
- By splitting processes.
Moving Arrows & Adding Empty Boxes
p1
p2
p1
p2
ini
ini
ini
ini
f1:=F
f2:=F
f1:=F
f2:=F
idle
idle
idle
idle
f1:=T
t :=2
f2:=T
t :=1
f1:=T
t :=2
f2:=T
t :=1
reqCS
reqCS
reqCS
reqCS
t
t
t
t
inCS
f1
f1:=F
idle

inCS
f1
f1:=F
reqCS
idle
reqCS
Splitting Vertices
p1
p2
p1
p2
ini
ini
ini
ini
f1:=F
f2:=F
f1:=F
f2:=F
idle
idle
idle
idle
f11:=T
tt :=2
:=2
f22:=T
tt :=1
:=1
f1:=T
t :=2
f2:=T
t :=1
reqCS
reqCS
reqCS
reqCS
t
t
t
t
inCS
f1
f1:=F
idle

inCS
f1
f1:=F
reqCS
idle
reqCS
Splitting Processes
p1
p1
ini
ini
t
p2 p2
p1
p2
ini ini
ini
ini
f1:=F f1:=F
f2:=F
f2:=F
f1:=F
f2:=F
idle idle
idleidle
idle
idle
f1:=T f1:=T
f2:=T
f2:=T
f1:=T
f2:=T
t :=2
t :=1
reqCS
reqCS
t
t
t :=2 t :=2
reqCSreqCS t :=1
t
t
inCS inCS
t :=1
reqCS
reqCS
t
t
f1 f1
f1:=F f1:=F
idle idle

inCS
f1
f1:=F
reqCS
reqCS
idle
reqCS
Refinement
When does I refine S written I  S?
-
Variables: S.X = I.X
-
Processes: p.X  q.X = {} or p.X  q.X
-
Boxes: there is a surjective map r form the
vertices I to the vertices of S that preserves the
variables.
-
Dependency: The specification partial order (S.E 
S.<) is included in the image r(I.E  I.<).
Checking Refinement
p1
t
p2
p1
p2
ini
ini
ini
ini
f1:=F
f2:=F
f1:=F
f2:=F
idle
idle
idle
idle
f1:=T
f2:=T
f1:=T
t :=2
f2:=T
t :=1
reqCS
reqCS
reqCS
t
t
t
t :=2
reqCS
t
inCS
t :=1
f1
f1:=F
idle

inCS
f1
f1:=F
reqCS
idle
reqCS
Checking Refinement
Point-to-point communication:
- Solved in O(|V|3).
- Reduces to computing the transitive closure.
Many-to-many communication:
- In general NP complete.
- Guessing the vertex map -> backtrack.
Deadlock for Dining Philosophers
p1
p2
p3
ini
ini
ini
f1:=F
f2:=F
f3:=F
tstR
tstR
tstR
f1:=T f1
f2:=T f2
f3:=T f3
tstL
tstL
tstL
f3
tstL
f1
tstL
f2
tstL
Deadlock for Dining Philosophers
p1
f1
p2
f2
p3
f3
ini
ini
ini
ini
ini
ini
tstR
set(F)
get tstR
tstR
get tstR
val(F)
set(T)
val(F)
set(T)
tstL
tstL
get
tstL
tstL
val(T)
get
val(T)
tstL
set(F)
tstL
tstL
tstL
set(F)
tstR
get tstR
val(F)
set(T)
tstL
tstL
tstL
tstL
get
val(T)
Wrap Up
• Defined Shared Variables Interaction Diagrams (SVID):
– introduced the notion of consistent SVID,
– analyzed complexity of consistency checking:
• many-to-many communication
• one-to-many communication
• Defined refinement notion between SVIDs:
– intuitive syntactic refinement steps,
– analyzed complexity of refinement checking:
• many-to-many communication
• point-to-point communication