skip to main content
research-article
Free Access

Santa Claus: Formal analysis of a process-oriented solution

Published:22 April 2010Publication History
Skip Abstract Section

Abstract

With the commercial development of multicore processors, the challenges of writing multithreaded programs to take advantage of these new hardware architectures are becoming more and more pertinent. Concurrent programming is necessary to achieve the performance that the hardware offers. Traditional approaches present concurrency as an advanced topic: they have proven difficult to use, reason about with confidence, and scale up to high levels of concurrency. This article reviews process-oriented design, based on Hoare's algebra of Communicating Sequential Processes (CSP), and proposes that this approach to concurrency leads to solutions that are manageable by novice programmers; that is, they are easy to design and maintain, that they are scalable for complexity, obviously correct, and relatively easy to verify using formal reasoning and/or model checkers. These solutions can be developed in conventional programming languages (through CSP libraries) or specialized ones (such as occam-π) in a manner that directly reflects their formal expression. Systems can be developed without needing specialist knowledge of the CSP formalism, since the supporting mathematics is burnt into the tools and languages supporting it. We illustrate these concepts with the Santa Claus problem, which has been used as a challenge for concurrency mechanisms since 1994. We consider this problem as an example control system, producing external signals reporting changes of internal state (that model the external world). We claim our occam-π solution is correct-by-design, but follow this up with formal verification (using the FDR model checker for CSP) that the system is free from deadlock and livelock, that the produced control signals obey crucial ordering constraints, and that the system has key liveness properties.

Skip Supplemental Material Section

Supplemental Material

References

  1. Barnes, F. 2006. Compiling CSP. In Communicating Process Architectures 2006, P. Welch, J. Kerridge, and F. Barnes, Eds. Concurrent Systems Engineering Series, vol. 64, WoTUG-29. IOS Press, Amsterdam, The Netherlands, 377--388.Google ScholarGoogle Scholar
  2. Barnes, F. and Welch, P. 2004. Communicating mobile processes. In Communicating Process Architectures 2004, I. East, J. Martin, P. Welch, D. Duce, and M. Green, Eds. Concurrent Systems Engineering Series, vol. 62, WoTUG-27. IOS Press, Amsterdam, The Netherlands, 201--218.Google ScholarGoogle Scholar
  3. Barnes, F., Welch, P., Moores, J., and Wood, D. 2010a. The KRoC home page. Systems Research Group, University of Kent, http://www.cs.kent.ac.uk/projects/ofa/kroc/.Google ScholarGoogle Scholar
  4. Barnes, F., Welch, P., Sampson, A., Ritson, C., Dimmich, D., Brown, N., Simpson, J., Warren, D., and Bonnici, E. 2010b. Concurrency Research Group, Computing Laboratory, University of Kent. http://www.cs.kent.ac.uk/research/groups/sys/concur.html.Google ScholarGoogle Scholar
  5. Barrett, G. 1995. Model checking in practice: The T9000 virtual channel processor. IEEE Trans. Softw. Engin. 21, 2, 69--78. doi:10.1109/32.345823. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Ben-Ari, M. 1998. How to solve the Santa Claus problem. Concur. Pract. Exper. 10, 6, 485--496.Google ScholarGoogle ScholarCross RefCross Ref
  7. Benton, N. 2003. Jingle bells: Solving the Santa Claus problem in polyphonic C#. Tech. rep. Microsoft Research.Google ScholarGoogle Scholar
  8. Benton, N., Cardelli, L., and Fournet, C. 2004. Modern concurrency abstractions for C#. ACM Trans. Program. Lang. Syst. 26, 5. ACM Press, 769--804. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Biere, A., Cimatti, A., Clarke, E., and Zhu, Y. 1999. Symbolic model checking without BDDs. In Tools and Algorithms for Construction and Analysis of Tools and Algorithms for Construction and Analysis of Systems. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Brown, N. 2007. C++CSP2: A many-to-many threading model for multicore architectures. In Communicating Process Architectures 2007, A. McEwan, S. Schneider, W. Ifill, and P. Welch, Eds. Concurrent Systems Engineering Series, vol. 65, WoTUG-30. IOS Press, Amsterdam, The Netherlands, 183--205.Google ScholarGoogle Scholar
  11. Brown, N. and Welch, P. 2003. An introduction to the Kent C++CSP library. In Communicating Process Architectures 2003, J. Broenink and G. Hilderink, Eds. Concurrent Systems Engineering Series, vol. 61, WoTUG-26. IOS Press, Amsterdam, The Netherlands, 139--156.Google ScholarGoogle Scholar
  12. Bryant, R. 1986. Graph-Based algorithms for boolean function manipulation. IEEE Trans. Comput. C-35, 8, 253--267. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. Buth, B., Kouvaras, M., Peleska, J., and Shi, H. 1997. Deadlock analysis for a fault-tolerant system. In Proceedings of the 6th International Conference on Algebraic Methodology and Software Technology (AMAST'97). 60--75. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. Buth, B., Peleska, J., and Shi, H. 1999. Combining methods for the livelock analysis of a fault-tolerant system. In Proceedings of the 7th International Conference on Algebraic Methodology and Software Technology (AMAST'98). 124--139. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Cameron, N., Damiani, F., Drossopoulou, S., Giachino, E., and Giannini, P. 2006. Solving the Santa Claus problem using state classes. Tech. rep. Dipartimento di Informatica, Università di Torino. http://www.di.unito.it/~damiani/papers/scp.pdf.Google ScholarGoogle Scholar
  16. Chandy, K. and Misra, J. 1988. Parallel Program Design—A Foundation. Addison-Wesley. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. Cimatti, A., Clarke, E., Giunchiglia, E., Giunchiglia, F., Pistore, M., Roveri, M., Sebastiani, R., and Tacchella, A. 2002. νSMV 2: An open source tool for symbolic model checking. In Proceedings of the International Conference on Computer-Aided Verification (CAV'02). 27--31. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Dill, D., Drexler, A., Hu, A., and Yang, C. 1992. Protocol verification as a hardware design aid. In Proceedings of the IEEE International Conference on Computer Design. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Dongarra, J. 1994. MPI: A message passing interface standard. The Int. J. Supercomput. High Perform. Comput. 8, 165--184.Google ScholarGoogle Scholar
  20. Formal Systems (Europe) Ltd. 1998. Failures-Divergence Refinement: FDR2 Manual.Google ScholarGoogle Scholar
  21. Goldsmith, M., Roscoe, A., and Scott, B. 1993. Denotational semantics for occam2 (part 1). Transput. Comm. 1, 2, 65--91. John Wiley & Sons Ltd.Google ScholarGoogle Scholar
  22. Goldsmith, M., Roscoe, A., and Scott, B. 1994. Denotational semantics for occam2 (part 2). Transput. Comm. 2, 1, 25--67. John Wiley & Sons Ltd.Google ScholarGoogle Scholar
  23. Güntensperger, R. and Gutknecht, J. 2004. Active C#. In Proceedings of the 2nd International Workshop .NET Technologies. 47--59.Google ScholarGoogle Scholar
  24. Hall, A. and Chapman, R. 2002. Correctness by construction: Developing a commercial secure system. IEEE Softw. 19, 1, 18--25. doi:10.1109/52.976937. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. Hewitt, C. 1977. Viewing control structures as patterns of passing messages. Elsevier Science Artif. Intel. 8, 3, 323--364.Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. Hoare, C. A. R. 1985. Communicating Sequential Processes. Prentice-Hall. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Holzmann, G. 1997. The model checker spin. IEEE Trans. Softw. Engin. 23, 5, 279--295. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. Huber, P., Jensen, A., Jepsen, L., and Jensen, K. 1985. Reachability trees for high-level Petri nets. Theor. Comput. Sci. 45, 261--292. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. Hurt, J. and Pedersen, J. B. 2008. Solving the Santa Claus problem: A comparison of various concurrent programming techniques. In Communicating Process Architectures 2008. Concurrent Systems Engineering Senes, vol. 66, WoTUG-31. IOS Press, Amsterdam, The Netherlands, 381--396.Google ScholarGoogle Scholar
  30. Ip, C. and Dill, D. 1996. Better verification through symmetry. Formal Methods Syst. Des. 9, 1-2, 41--75. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Jacobsen, C. and Jadud, M. 2004. The Transterpreter: A transputer interpreter. In Communicating Process Architectures 2004, D. East, P. Duce, D. Green, J. Martin, and P. Welch, Eds. Concurrent Systems Engineering Series, vol. 62, WoTUG-27. IOS Press, Amsterdam, The Netherlands, 99--106.Google ScholarGoogle Scholar
  32. Jensen, K. 1997. Coloured Petri Nets: Basic Concepts, Analysis Methods and Practical Use (Volume 1). Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. Jones, S. 2007. Beautiful concurrency. In Beautiful Code: Leading Programmers Explain How They Think, A. Oram and G. Wilson Eds., O'Reilly.Google ScholarGoogle Scholar
  34. Lamport, L. 1978. Time, clocks and the orderings of events in a distributed system. Comm. ACM 21, 558--565. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Lowe, G. 1996. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Tools and Algorithms for the Construction and Analysis of Systems. Springer, 147--166. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. McEwan, A. 2006. Concurrent program development. DPhil thesis, University of Oxford.Google ScholarGoogle Scholar
  37. McEwan, A. and Schneider, S. 2007. Modeling and analysis of the AMBA bus using CSP and B. In Communicating Process Architectures 2007, A. McEwan, S. Schneider, W. Ifill, and P. Welch Eds. Concurrent Systems Engineering Series, vol. 65. WoTUG-30. IOS Press Amsterdam, The Netherlands, 379--398. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. Melton, R., David, L. Dill, Ip, C., and Stern, U. 1996. Murφ Annotated Reference Manual. Stanford University.Google ScholarGoogle Scholar
  39. Milner, R. 1999. Communicating and Mobile Systems: The π-Calculus. Cambridge University Press. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. Mitchell, J., Mitchell, M., and Stern, U. 1997. Automated analysis of cryptographic protocols using Murφ. In Proceedings of the IEEE Symposium on Security and Privacy. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Muller, H. and Walrath, K. 2000. Threads and swing. Sun Developer Network. http://java.sun.com/products/jfc/tsc/articles/threads/threads1.html.Google ScholarGoogle Scholar
  42. Ritson, C. and Welch, P. 2007. A process-oriented architecture for complex system modelling. In Communicating Process Architectures 2007, A. McEwan, S. Schneider, W. Ifill, and P. Welch Eds. Concurrent Systems Engineering Series, vol. 65. WoTUG-30. IOS Press, Amsterdam, The Netherlands, 249--266.Google ScholarGoogle Scholar
  43. Ritson, C. G., Sampson, A. T., and Barnes, F. R. M. 2009. Multicore scheduling for lightweight communicating processes. In Proceedings of the Coordination Models and Languages, COORDINATION. J. Field and V. T. Vasconcelos, Eds. Lecture Notes in Computer Science, vol. 5521. Springer, 163--183. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. Roscoe, A. 1997. The Theory and Practice of Concurrency. Prentice Hall. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. Roscoe, A. 2009. On the expressiveness of CSP. http://www.comlab.ox.ac.uk/publications/publication2766-abstract.html.Google ScholarGoogle Scholar
  46. Sampson, A. 2007. Compiling occam to C with Tock -- CPA 2007 Fringe. Systems Research Group, University of Kent, http://www.wotug.org/paperdb/send_file.php?num=217.Google ScholarGoogle Scholar
  47. Sampson, A., Ritson, C., Jadud, M., Barnes, F., and Welch, P. 2010a. occam-π home page. Systems Research Group, University of Kent, http://occam-pi.org/.Google ScholarGoogle Scholar
  48. Sampson, A., Brown, N. C. C., Ritson, C. G., Jacobsen, C. L., Jadud, M. C., and Simpson, J. 2010b. Tock (Translator from occam to C from Kent) home page. Systems Research Group, University of Kent, http://projects.cs.kent.ac.uk/projects/tock/trac/.Google ScholarGoogle Scholar
  49. Schneider, S. 1999. Concurrent and Real-time Systems—The CSP Approach. Wiley and Sons Ltd., Chichester, UK. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. Schneider, S. and Delicata, R. 2004. Verifying security protocols: An application of CSP. In Communicating Sequential Processes. The First 25 Years, A. Abdallah, C. Jones, and J. Sanders, Eds. Lecture Notes in Computer Science, vol. 3525. Springer, 243--263. Google ScholarGoogle ScholarDigital LibraryDigital Library
  51. Sgs-Thomson Microelectronics Limited. 1995. occam 2.1 Reference Manual, Prentice-Hall.Google ScholarGoogle Scholar
  52. Siegel, S. 2007. Model checking non-blocking MPI programs. Verific. Model Checking, Abstract Interpr. 4349, 44--58. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. Sulzmann, M., Lam, E., and Van Weert, P. 2008. Actors with multi-headed message receive patterns. In Proceedings of the Coordination Models and Languages (COORDINATION'08), D. Lea and G. Zavattaro, Eds. Lecture Notes in Computer Science, vol. 5052. Springer. Google ScholarGoogle ScholarDigital LibraryDigital Library
  54. Trono, J. 1994. A new exercise in concurrency. SIGCSE Bull. 26, 3, 8--10. Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. Valiant, L. 1990. A bridging model for parallel computation. Comm. ACM 33, 8. ACM Press, 103--111. Google ScholarGoogle ScholarDigital LibraryDigital Library
  56. Welch, P. 2000. Process oriented design for Java: Concurrency for all. In Proceedings of Parallel and Distributed Process Techniques and Applications, H. Arabnia, Ed. Vol. 1. CSREA, CSREA Press, 51--57.Google ScholarGoogle Scholar
  57. Welch, P. 2006. A fast resolution of choice between multiway synchronisations. In Communicating Process Architectures 2006. Concurrent Systems Engineering Series, vol. 64. WoTUG-29. IOS Press, Amsterdam, The Netherlands, 389.Google ScholarGoogle Scholar
  58. Welch, P. and Austin, P. 2010. Communicating sequential processes for Java (JCSP) Home Page. Systems Research Group, University of Kent, www.cs.kent.ac.uk/projects/ofa/jcsp.Google ScholarGoogle Scholar
  59. Welch, P. and Barnes, F. 2005a. Communicating mobile processes: Introducing occam-pi. In 25 Years of CSP, A. Abdallah, C. Jones, and J. Sanders Eds. Lecture Notes in Computer Science, vol. 3525. Springer, 175--210. Google ScholarGoogle ScholarDigital LibraryDigital Library
  60. Welch, P. and Barnes, F. 2005b. Mobile barriers for occam-π: Semantics, implementation and application. In Communicating Process Architectures 2005, J. Broenink, H. Roebbers, J. Sunter, P. Welch, and D. Wood Eds. Concurrent Systems Engineering Series, vol. 63. WoTUG-63. IOS Press, Amsterdam, The Netherlands, 289--316.Google ScholarGoogle Scholar
  61. Welch, P. and Barnes, F. 2008. A CSP model for mobile channels. In Communicating Process Architectures 2008. Concurrent Systems Engineering Series, vol. 66. WoTUG-31. IOS Press, Amsterdam, The Netherlands, 17--33.Google ScholarGoogle Scholar
  62. Welch, P., Barnes, F., and Polack, F. 2006. Communicating complex systems. In Proceedings of the 11th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'06), M. Hinchey, Ed. IEEE, 107--117. Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. Welch, P., Brown, N., Moores, J., Chalmers, K., and Sputh, B. 2007. Integrating and Extending JCSP. In Communicating Process Architectures 2007, A. McEwan, S. Schneider, W. Ifill, and P. Welch, Eds. Concurrent Systems engineering Series, vol. 65. WoTUG-30. IOS Press, Amsterdam, The Netherlands, 349--370.Google ScholarGoogle Scholar
  64. Wikipedia. 2007. Stealth aircraft. http://en.wikipedia.org/wiki/Stealth_aircraft.Google ScholarGoogle Scholar
  65. Wood, D. and Welch, P. 1996. The Kent retargetable occam compiler. In Proceedings of the Parallel Processing Developments, WoTUG'19, B. O'Neill, Ed. Concurrent Systems Engineering, vol. 47. WoTUG-19. IOS Press, Amsterdam, The Netherlands, 143--166. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Santa Claus: Formal analysis of a process-oriented solution

                          Recommendations

                          Comments

                          Login options

                          Check if you have access through your login credentials or your institution to get full access on this article.

                          Sign in

                          Full Access

                          PDF Format

                          View or Download as a PDF file.

                          PDF

                          eReader

                          View online with eReader.

                          eReader
                          About Cookies On This Site

                          We use cookies to ensure that we give you the best experience on our website.

                          Learn more

                          Got it!