Lecture 6
Review
atomic actions and first example from last time
synchronization
<< S; >> << await(B); >> and << await(B) S; >>
today: a systematic way to understand and develop concurrent programs
based on a programming logic (PL)
Proofs of Corrections (Section 2.6)
predicates { x = 0 and y = 0 }
formulas { P } S { Q } P, Q are predicates (assertions)
S is statement list
this is called a TRIPLE; give interpretation of triples
P is called the precondition; Q is called the postcondition
axioms true formulas (key one is for assignment)
inference rules -- used to construct new (true) formulas;
have rules for control statements such as if and do
H1, ..., Hn / C Hi are hypotheses, C is conclusion
[I introduce and use the assignment axiom and inference rules informally]
example: computing max of x and y
m = x;
{ m = x }
if (m < y)
{ m = x and m < y } { m = x and x < y }
m = y;
{ m = y and x < y }
{ (m = x and x >= y) or (m = y and x < y) }
this PROOF OUTLINE captures the essence of what is true at each point;
it is an encoding of an actual proof in the programming logic
concurrent execution
{ x = 0 and y = 0 }
co { x = 0 } { y = 0 } oc
x = 1; // y = 2;
{ x = 1 } { y = 2 }
{ x = 1 and y = 2 }
The precondition of the program is the conjunction (and) of the
preconditions of the processes.
If the processes are disjoint -- as here -- then the "proofs" don't
interfere, so the result is the conjunction (and) of the postconditions
of the processes.
interference -- arises because of shared variables
example from last lecture:
x = 1; // y = 2;
z = x+y; z = x-y;
What can we do about the interference?
weaken assertions -- add them to the above
add synchronization -- make the assignments above atomic
Ways to Avoid Interference (Section 2.7)
(1) disjoint variables -- independent processes
(2) weakened assertions -- say less than you could in isolation
(3) synchronization -- hide states and/or delay execution
(4) global invariants -- predicates that are true in ALL visible states
Producer/Consumer Revisited (Section 2.7.5)
remind class of the problem
give prior program -- Figure 2.2
what did we do to avoid interference? (added synchronization)
why does it work?
proof outline -- Figure 2.4