Stephen D. Brookes
Carnegie Mellon University
Featured researches published by Stephen D. Brookes.
Journal of the ACM | 1984
Stephen D. Brookes; C. A. R. Hoare; A. W. Roscoe
A mathematical model for communicating sequential processes isgiven, and a number of its interesting and useful properties arestated and proved. The possibilities of nondetermimsm are fullytaken into account.
logic in computer science | 1993
Stephen D. Brookes
Gives a new denotational semantics for a shared variable parallel programming language and proves full abstraction. The semantics gives identical meanings to commands if and only if they induce the same partial correctness behavior in all program contexts. The meaning of a command is a set of transition traces, which record the ways in which a command may interact with and be affected by its environment. It is shown how to modify the semantics to incorporate new program constructs, to allow for different levels of granularity or atomicity, and to model fair infinite computation, in each case achieving full abstraction with respect to an appropriate notion of program behavior. >
international conference on concurrency theory | 2004
Stephen D. Brookes
We present a denotational semantics based on action traces, for parallel programs which share mutable data and synchronize using resources and conditional critical regions. We introduce a resource-sensitive logic for partial correctness, adapting separation logic to the concurrent setting, as proposed by O’Hearn. The logic allows program proofs in which “ownership” of a piece of state is deemed to transfer dynamically between processes and resources. We prove soundness of this logic, using a novel “local” interpretation of traces, and we show that every provable program is race-free.
international colloquium on automata, languages and programming | 1983
Stephen D. Brookes
This paper compares two models of concurrency, Milners Calculus of Communicating Systems (CCS) and the failures model of Communicating Sequential Processes (CSP) developed by Hoare, Brookes and Roscoe. By adapting Milners synchronisation trees to serve as notation for both CCS and CSP, we are able to define a representation mapping for CSP processes. We define an equivalence relation on synchronisation trees which corresponds precisely to the notion of failure equivalence. Milners calculus is founded on a different notion, observation equivalence. We show how these two equivalences are related. Just as Milners equivalence can be characterised as the smallest relation satisfying a set of axioms, we find a suitable set of axioms for the failures equivalence relation. This again makes explicit the differences between the two systems, as well as revealing that the semantic models underlying CCS and CSP are comparable.
international colloquium on automata, languages and programming | 1983
Stephen D. Brookes; William C. Rounds
In this paper we compare the descriptive power of three programming logics by studying the elementary equivalence relations which the logics induce on nondeterministic state-transition systems. In addition, we compare these relations with other natural state-equivalence relations for nondeterministic systems. We find that the notions of bisimilarity (Park [P], Ogden [O]) and observation equivalence (Milner [M]) are very strong equivalences compared with those induced by the logics. These three comprise regular trace logic (RTL), propositional dynamic logic (PDL), and Hennessy-Milner logic (HML). Regular trace logic is a new logic which can be used to give behavioural specifications for concurrent systems (e.g. Wolper [W], but with significant differences). It is a way of formalising those properties of programs which have been given informally in terms of path expressions [CH]. The model theory and axiomatics of this logic are interesting in their own right. Propositional dynamic logic is well-known; our treatment differs from the standard one only in that we regard the modalities as specifying intended behaviour instead of being programs. Hennessy-Milner logic is a simplified modal logic which those authors used as a characterisation of their notion of observation equivalence, which we call weak observation equivalence in this paper. We also include a brief treatment in this context of two other natural equivalences for nondeterministic systems: failure equivalence [HBR] and trace equivalence [H], both of which are weaker than the relations induced by the logics but can be characterised using appropriate logical subsets.
foundations of computer science | 1981
William C. Rounds; Stephen D. Brookes
Two distinct models for the notion of communicating processes are introduced, developed and related. The first, called the possible-futures model, is a generalization to nondeterministic systems of the familiar derivative (Nerode equivalence class) construction. The second, called the acceptance-refusals model, is a slight strengthening of a model introduced by Hoare, Brookes, and Roscoe. The PF model can be mapped onto the AR model homomorphically, and the equivalence classes of this map can be characterized by imposing a very natural equivalence relation on the PF model. The resulting quotient algebra admits a complete partial order structure in which the algebraic operations are continuous.
Distributed Computing | 1991
Stephen D. Brookes; A. W. Roscoe
We use the failures model of CSP to describe the behaviour of a class of networks of communicating processes. This model is well suited to reasoning about the deadlock potential of networks. We introduce a number of simple conditions on networks which aid deadlock analysis either by localizing the analysis required for a proof of deadlock-freedom or by restricting the circumstances in which deadlock could occur. In particular, we formulate some simple theorems which characterize the states in which deadlock can occur, and use them to prove some theorems on the absence of global deadlock in systems. We identify a special class of unidirectional networks and develop specialized results on their deadlock-freedom. We develop more general methods based on (at most) pairwise local deadlock analysis in networks, applicable to the large class of conflict-free networks. We introduce a methodology for proving deadlock-freedom in a large network by decomposing it into subnetworks which can be analysed separately. A variety of examples is given to show the utility of these results. We compare our work with earlier work by several other authors, and make some suggestions for future research.
international conference on mathematical foundations of programming semantics | 1985
Stephen D. Brookes
In this paper we discuss the semantics of a simple block-structured programming language which allows sharing or aliasing. Sharing, which arises naturally in procedural languages which permit certain forms of parameter passing, has typically been regarded as problematical for the semantic treatment of a language. Difficulties have been encountered in both denotational and axiomatic treatments of sharing in the literature. Nevertheless, we find that it is possible to define a clean and elegant formal semantics for sharing. The key to our success is the choice of semantic model; we show that conventional approaches based on locations are less than satisfactory for the purposes of reasoning about partial correctness, and that in a well defined sense locations are unnecessary.
international conference on concurrency theory | 2002
Stephen D. Brookes
We provide a denotational trace semantics for processes with synchronous communication and a form of weakly fair parallelism. The semantics is fully abstract: processes have the same trace sets if and only if their communication behaviors are identical in all contexts. The model can easily be adapted for asynchronously communicating processes, or for shared-memory parallel programs. We also provide a partial-order semantics, using pomsets adapted for synchronization and our form of fairness. The pomset semantics can also be adjusted to model alternative paradigms. The traces of a process can be recovered from the pomset semantics by taking all fair interleavings consistent with the partial order.
Proceedings of the Conference on Logic of Programs | 1985
Stephen D. Brookes
This paper describes a semantically-based axiomatic treatment of a parallel programming language with shared variable concurrency and conditional critical regions, essentially the language discussed by Owicki and Gries [20,21]. We use a structural operational semantics for this language, based on work of Hennessy and Plotkin [22,26], and we use the semantic structure to suggest a class of assertions for expressing properties of commands. We then define syntactic operations on assertions which correspond precisely to syntactic constructs of the programming language; in particular, we define sequential and parallel composition of assertions. This enables us to design a truly compositional proof system for program properties. Our proof system is sound and relatively complete. We examine the relationship between our proof system and the Owicki-Gries proof system. Our assertions are more expressive than Owickis, and her proof outlines correspond roughly to a special subset of our assertion language. Owickis parallel rule can be thought of as being based on a slightly different form of parallel composition of assertions; our form does not require interference-freedom, and our proof system is relatively complete without the need for auxiliary variables. Connections with other work, including the “Generalized Hoare Logic” of Lamport and Schneider [16,17], and with the Transition Logic of Gerth [11], are discussed briefly.