Concurrency Theory - Dekker Algorithm

Massimo Nicosia 146613

Overview of the Dekker Algorithm

The Dekker Algorithms code is executed in a loop. Let i be the described process and let j be the concurrent process. At the beginning process i manifests its willingness to enter the critical section setting the variable bi to true. If process j does not want to enter the critical section (bj = false) the bigger loop is skipped, the code in the critical section is executed and k is set to j. k is a shared variable containing the id of the process entitled to enter the critical section. At the end of the critical section, process i gives the turn to process j. Then process i revokes its willingness to enter the critical zone setting bi to false. But if bj is true, process j wants to enter the critical section, and the code inside the bigger loop is executed. If inspecting k process i nds out that it is turn of j, then it revokes its willingness to enter the critical section setting bi to false. Then it waits until k is dierent from j, meaning that process j exited the critical section and set k to i. After this step process i reexpresses the willingness to enter the critical section setting bi to true. At this point process i could stay in the loop if process j had the time to set bj to true. In this case also bi is set to true so process i stays in the loop until process j enters the loop and deregisters its interest to enter the critical section, since k says that now it is the turn of process i. Now process i can execute the critical section. If process j had not the time to set bj to true, process i executes straight the critical section.

Translation into CCS

In [1] there are explanations and examples on how to convert algorithms into CCS. In translating CCS each variable used by the program is represented by a family of CCS agents. Each variable is modeled as a process. A variable v with domain D is represented as a family {Vd | d D} of agents with access sorts {rd | d D} {wd | d D} dened as: Vd = rd.V d +
def eD

we.V e

The idea is that for every value that a variable v can have there is a corresponding agent. The initial state of v depends on its initialization value. If the current value of the variable is d, this value can be read by any process capable

of communicating with V by performing the reading action rd. Furthermore a value e can be written to v by any process capable of communicating with V by performing the coaction we. Thus every agent Vd will have a number of possible behaviours equal to 1 + |D|. Once the variables are modeled, the agents corresponding to the processes can be dened, thinking of them like states machine that can do dierent transitions due to the values of the variables. Eventually the agents of the processes and the agents corresponding to the initial states of each variable, can be put in parallel, restricted by a set containing all the reading and writing actions of the variables. Indeed we want that the state of a variable can evolve only by mean of synchronization with a process. The Dekker algorithm uses three variables. The variables b1 and b2 are boolean and thus can assume only two values. k holds the id of the processes, and also in this case the domain of the variable has size 2. Thus we have: B1 t = b1 rt.B1 t + b1 wt.B1 t + b1 wf.B1 f def B1 f = b1 rf .B1 f + b1 wt.B1 t + b1 wf.B1 f def B2 t = b2 rt.B2 t + b2 wt.B2 t + b2 wf.B2 f def B2 f = b2 rf .B2 f + b2 wt.B2 t + b2 wf.B2 f def Ki = kri.Ki + kwi.Ki + kwj.Kj def Kj = krj.Kj + kwi.Ki + kwj.Kj Process Pi and Pj are dened as follows: Pi = b1 wt.Pi 1 def Pi 1 = b2 rt.Pi 2 + b2 rf.Pi 4 def Pi 2 = kri.Pi 1 + krj.b1 wf .Pi 3 def Pi 3 = kri.b1 wt.Pi 1 + krj.Pi 3 def Pi 4 = enteri .exiti .kwj.b1 wf .Pi Pj = b2 wt.Pj 1 Pj 1 = b1 rt.Pj 1 + b1 rf.Pj 4 Pj 2 = krj.Pj 1 + kri.b2 wf .Pj 3 Pj 3 = krj.b2 wt.Pj 1 + kri.Pj 3 Pj 4 = enterj .exitj .kwi.b2 wf .Pj Then the Dekker Algorithm is dened as: Dekker = (Pi |Pj |Ki|B1 f |B2 f )\L where L is the union of the access sort of the variables (all actions but enteri , exiti , enterj , exitj ) and the process i has the rst turn. 2
def def def def def def def def

The CWS model of the Dekker Algorithm is in the attached cws le.

Mutual exclusion

Mutual exclusion is guarranted if the two processes cannot be both in the critical section. In our CCS model the mutual exclusion property is represented by the impossibility that at any moment process i can perform exiti and simultaneously process j can perform exitj [2]. The following Hennessy-Milner modal logic proposition is false only when both processes are in the critical section, and thus can perform their respective exit action: = [exiti ] [exitj ] In the CWB syntax: P = [exiti ]F | [exitj ]F Obviously we want that the property holds at all points in the execution of the process. In HML we can specify the property with recursion using formulae of the form Inv(F): Inv(F ) = F [Act]Inv(F ) F is our . The corresponding CWB command to check the property recursively for every state of the Dekker process is the following: checkprop(Dekker, max(X.([exiti ]F | [exitj ]F ) & []X)) where Dekker is the main process agent, and max is the Maximal Fixed Point operator, useful for expressing invariance properties of a process. The result of checking the property is true thus the property holds for every possible conguration of the process and the two concurrent processes cannot be in the critical section at the same time. In conclusion mutual exclusion is preserved throughout the process.
def

References
[1] D. J. Walker. 1989. Automated analysis of mutual exclusion algorithms using CCS. Form. Asp. Comput. 1, 3 (July 1989), 273-292. [2] Luca Aceto et al. Reactive systems: modelling, specication and verication. Cambridge University Press; 2007, (hardback), ISBN 978-0-521-87546-2147148.