Minimal Translations from Synchronous Communication to Synchronizing Locks

08/24/2021 ∙ by Manfred Schmidt-Schauß, et al. ∙ IG Farben Haus Universität München 0

In order to understand the relative expressive power of larger concurrent programming languages, we analyze translations of small process calculi which model the communication and synchronization of concurrent processes. The source language SYNCSIMPLE is a minimalistic model for message passing concurrency while the target language LOCKSIMPLE is a minimalistic model for shared memory concurrency. The former is a calculus with synchronous communication of processes, while the latter has synchronizing mutable locations - called locks - that behave similarly to binary semaphores. The criteria for correctness of translations is that they preserve and reflect may-termination and must-termination of the processes. We show that there is no correct compositional translation from SYNCSIMPLE to LOCKSIMPLE that uses one or two locks, independent from the initialisation of the locks. We also show that there is a correct translation that uses three locks. Also variants of the locks are taken into account with different blocking behavior.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

Different models of concurrency are studied and used in theory and in practice of computer science. One main approach are message passing models where the concurrently running threads (or processes) communicate by sending and receiving messages. A prominent example for a message passing model is the -calculus [7, 17]. There exist approaches with asynchronous and with synchronous message passing. In asynchronous message passing, a sender sends its message and proceeds without waiting that a receiver collects the message (thus the message is kept in some medium until the receiver collects it from that medium). In synchronous message passing, the message is exchanged in one step and thus sender and receiver wait until the communication has happened. Thus, synchronous message passing can be used for synchronization of processes.

Another main approach for concurrency are program calculi with shared memory where concurrent processes communicate by using shared memory primitives. For instance, [8] is a program calculus that models the core of the strict concurrent functional language Alice ML, and it has concurrent threads, handled futures, and memory cells with an atomic exchange-operation. Also other shared memory synchronization primitives like concurrent buffers and their encodability into are analyzed [25]. Other examples are the calculi CH [20] and CHF [15, 16, 22]. The latter is a program calculus that models the core of Concurrent Haskell [11]: it extends the functional programming language Haskell by concurrent threads and so-called MVars, which are synchronizing mutable memory locations. Thus, depending on the model (or the concurrent programming languages) there exist different primitives. The simplest approach is some kind of locking primitive to block a process until some event happens. To exchange a message, for instance, atomic read-write registers can be used. More sophisticated primitives are for example semaphores, monitors, or Concurrent Haskell’s MVars. All these approaches have in common that processes can be blocked until an event occurs, which is performed by another process.

Expressivity of (concurrent) programming languages is an important topic, since the corresponding results allow us to classify the languages and their programming constructs, and to understand their differences. Investigating the expressivity to clarify the relation between message passing models and shared memory concurrency can in principle be done by constructing correct translations from one model to the other. Our research considers the question whether and how synchronous message passing can be implemented by models that support shared memory and some of these synchronization primitives.

In previous work [20], we analyzed translations from the synchronous -calculus into a core language of Concurrent Haskell. In particular, we looked for compositional translations that preserve and reflect the convergence behavior of processes (in all program-contexts) w.r.t. may- and should-convergence. This means, processes can successfully terminate or not, where may-convergence observes whether there is a possible execution path to a successful process and should-convergence means that the ability to become successful holds for all execution paths. We found correct translations and proved them to be correct with respect to this correctness notion. Looking for small translations has several advantages: The resource usage of the translated programs is lower, they are easier to understand than larger ones, and the corresponding correctness proofs often are easier than for large ones. Hence, we also tried to find smallest translations, but in the end we could not answer the following question: what is the minimal number of MVars that are necessary to correctly encode the message passing synchronization using MVars? This leads us to the general question how synchronous communication can be encoded by synchronizing primitives and what is the minimal number of primitives that is required. This question is addressed in this paper. We choose to work with models that are as simple as possible and also as complex as needed, but nevertheless are also relevant for full programming languages (we discuss the transportion of the results to full languages in Section 2.3). Thus we consider translations from a small message passing source language into a small target language with shared memory concurrency and synchronizing primitives.

For the source language , we use a minimalistic model for concurrent processes that synchronize by communication. The language has constructs for sending (denoted by “!”) and for receiving (denoted by “?”). A communication step atomically processes one from one process together with one from another process. For simplicity, there is no message that is sent and there are no channel names (i.e. the language can be seen as a variant of the synchronous -calculus (without replication and sums) where only one global channel name exists).

For the target language we choose a similar calculus where the communication is removed and replaced by synchronizing shared memory locations. These locations are called locks. A lock can be empty or full. There are operations to fill an empty lock (put) or to empty a full lock (take). The main variant that we consider is the one where the put-operation blocks on a full lock, but the take-operation is not blocking on an empty lock. Thus these locks are like binary semaphores where put is the wait-operation and take is the signal-operation (where signal on an unlocked semaphore is allowed but has no effect). We also consider the language with several locks with different initializations (empty or full). Based on this setting, the question addressed by the paper is:

What is the minimal number of locks that is required to correctly translate the source calculus into the target calculus?

The notion of correctness of a translation requires comparing the semantics of both calculi. We adopt the approach of observational correctness [18, 23] and thus we use correctness w.r.t. a contextual equivalence which considers the may- and the must-convergence in both calculi. May-convergence means that the process can be evaluated to a successful process (in both calculi we add a constant to signal success). Due to the nondeterminism, observing may-convergence is too weak since for instance, it equates processes that must become successful with processes that either diverge or become successful. Hence we also observe must-convergence, which holds if any evaluation of the process ends with a successful process. Considering must-convergence only is also too weak since it equates processes that always fail with processes that either fail or become successful. Thus we use the combination of both convergencies as program semantics. In turn, a correct translation must preserve and reflect the may- and must-convergence of any program.

This can also be seen as a minimalistic requirement on a correct translation since for instance, requiring equivalence of strong or weak bisimulation (see e.g. [17]) would be a much stronger requirement.

Results. We show that there does not exist a correct compositional translation from into that uses one (Theorem 3.2) or two locks (Theorem 5.17), while there is a correct compositional translation that uses three locks (Theorem 2.9).

The non-existence is proved for any initial state of the lock variables and also for different kinds of blocking behaviour of the lock (i.e. whether put or whether take blocks).

Related Work. Validity of translations between process calculi is discussed in [5, 4] where five criteria for valid translations resp. encodings are proposed: compositionality, name invariance, operational correspondence, divergence reflection, and success sensitiveness. Compositionality and name invariance restrict the syntactic form of the translated processes; operational correspondence means that the transitive closure of the reduction relation is transported by the translation, modulo the syntactic equivalence; and divergence reflection and success sensitiveness are conditions on the semantics.

We adopt the first condition for our non-encodability results since we will require that the translation is compositional. The name invariance is irrelevant since our simple calculi do not have names. We do not use the third condition in the proposed form, since it has a flavour of showing equivalence of bisimulations, instead, we require equivalence of may- and must-convergence which is a bit weaker. Thus, for our non-encodability result the property could be included (still showing non-encodability), but for the correct translation in Theorem 2.9, we did not check the property. Convergence equivalence for may- and must-convergence is our replacement of Gorla’s divergence reflection and success sensitiveness.

Translations from synchronous to asynchronous communication are investigated in the -calculus [6, 2, 10, 9]. Encodability results are obtained for the -calculus without sums [6, 2], while Palamidessi analyzed synchronous and asynchronous communication in the -calculus with mixed sums and non-encodability is the main result [9, 10].

A high-level encoding of synchronous communication into shared memory concurrency is an encoding of CML-events in Concurrent Haskell using MVars [13, 3], however a formal correctness proof for the translation is not provided.

Outline. In Section 2 we introduce the process language with synchronous communication and the process language with asynchronous locks. After defining the correctness conditions on translations, we show that three locks (with a specific initialization) are sufficient for a correct translation and we discuss variants of the target language. In particular, we show that changing blocking variants is equivalent to a modification of the initial store. In Section 3 it is shown that one lock in is insufficient for a correct translation and Section 4 exhibits certain general properties of correct translations which use two or more locks. Section 5 contains the structuring into different blocking types of translations, and proofs that there are no correct translations for two locks and any initial store. Section 6 concludes the paper. For space reasons some proofs are omitted, but they can be found in the extended version of this paper [24].

2 Languages for Concurrent Processes

We define abstract and simple models for concurrent processes with synchronous communication and for concurrency with synchronizing shared memory. The former model is a simplified variant of the -calculus with a single global channel name and without replication or recursion, the latter can be seen as a variant where interprocess communication is replaced by binary semaphores. Thereafter we define correct translations, prove correctness of a specific translation and consider variants of the target language.

2.1 The Calculus

Definition 2.1.

The syntax of processes and subprocesses of the calculus  is defined by the following grammar, where :

Subprocesses

Processes

We informally describe the meaning of the symbols. The symbol means the silent subprocess; the symbol means success, The operation means an output (or send-command), and means an input (or receive-command), and is parallel composition. For example, the expression is a process, and so are also and . We assume that is commutative and associative and that is an identity element w.r.t. , i.e.  for all . Thus a process can be seen as a multiset of subprocesses.

Definition 2.2.

The operational semantics of is a (non-deterministic) small-step operational semantics. A single step is defined as

where are arbitrary subprocesses and is an arbitrary process.

The reflexive-transitive closure of is denoted as .

If a process is of the form , then the process is successful. A sequence of -steps starting with is called an execution of .

Note that there may be several executions of processes, but every execution terminates.

Example 2.3.

Two examples for the execution of are:

  • , where the final process is successful.

  • where the final process is terminated, but not successful.

This means there may be executions leading to a successful process, and at the same time executions leading to a fail.

We often omit the suffix for a subprocess, i.e. whenever a subprocess ends with symbol or we mean the same subprocess extended by .

Definition 2.4.

A process is called

  • may-convergent if there is some successful process with .

  • must-convergent if for all processes with , the process is may-convergent.

  • must-divergent or a fail, if there is no execution leading to a successful process.

  • may-divergent, if there exists an execution , where is a fail.

Our definition of must-convergence is the same as so-called should-convergence (see e.g. [14, 19, 15]). However, since there are no infinite reduction sequences, the notions of should- and must-convergence coincide (see e.g. [12, 19] for more discussion on the different notions). Thus, an alternative but equivalent definition of must-convergence is: a process is must-convergent, if all maximal reductions starting from end with a successful process.

2.2 The Calculus

We now define the calculus which can be seen as a modification of where ? and ! are removed, and operations and , which mean put and take, are added where and is the number of locks (i.e. storage cells). Locks can be empty (written as ) or full (written as ). For locks, the initial store is a -tuple where . We make this explicit by writing for the language with locks and initial store . Subprocesses in for a fixed value are built from , the symbols and concatenation. Processes are a multiset of subprocesses: they are composed by parallel composition which is assumed to be associative and commutative.

Definition 2.5.

The syntax of processes and subprocesses of the calculus is defined by the following grammar:

subprocess:
process:

We first describe the operational semantics of processes of and then give the formal definition. The operational semantics is a non-deterministic small-step reduction which operates on locks (which are full (i.e. ) or empty (written as )). The execution of the operations or is as follows:

: (put) changes from , or waits, if is .
: (take) changes from , or goes on (no change), if is

Note that locks together with and behave like binary semaphores, where means (wait,signal) (or (down,up), resp.). The semaphore is set to if the lock is empty, and set to if the lock is full. Note that locks specify a particular behavior for the case of a signal operation and the semaphore set to 1: the signal has no effect (since on an empty lock does not have an effect). Now we formally define the operational semantics:

Definition 2.6.

The relation operates on a pair , where is a -process, are the storage cells. For a -process the reduction starts with initial store .

We write the state as , and with we denote that the specific cell has value . The notation means that in the value in storage cell is replaced by . The same for instead of . The relation is defined by the following two rules:

The reflexive-transitive closure of is denoted as . A sequence is called an execution of , and if then it is also called an execution of .

To simplify notation, we write for the language with locks where all locks are empty at the beginning, i.e. it is with .

Note that the blocking behavior of the put-operation is modelled by the operational semantics as follows: for there is no step (for subprocess ) defined and thus has to wait until another subprocess changes the value of .

Definition 2.7.

A process of is called successful, if there is a subprocess of , i.e.  for some . A state is called

  • successful, if is successful.

  • may-convergent, if there is some successful with .

  • must-convergent, if for all states with , the state is may-convergent.

  • must-divergent or a fail, if there is no execution leading to a successful state.

  • may-divergent, if for some state : , where is a fail.

A process is called may-convergent, must-convergent, must-divergent, or may-divergent, resp. iff the state is may-convergent, must-convergent, must-divergent, or may-divergent, resp.

An example for a reduction sequence for is:

The process is even must-convergent.

In the following, we often leave the state implicit and in abuse of notation, we “reduce” processes without explicitly mentioning the state.

As in we often omit the suffix, , for a subprocess, i.e. whenever a subprocess ends with symbol or we mean the same subprocess extended by .

2.3 Correct Translations

We are interested in translations from one full concurrent programming language with synchronous semantics into another full imperative concurrent language with locks, where the issues are expressive power and the comparison between the languages. In order to focus considerations, we investigate this issue by considering translations from a core concurrent language (SYNCSIMPLE) with synchronous semantics into a core of an imperative concurrent language (LOCKSIMPLE).

However, even in our simple languages there are interesting questions, for example, whether there exists a correct translation and how many locks are necessary for such a translation.

Since our analysis started top-down, we are sure that the non-encodability results can be transferred back to larger calculi. For discussing this, let us call the full languages and , resp. The language may be the -calculus and thus, it extends by names, named channels, name restriction, sending and receiving names and replication or recursion. The language may be a variant of the core language of Concurrent Haskell, where locks are extended to synchronising memory cells which have addresses (or names) and content (for instance, numbers). The main argument why non-encodability in the small languages implies non-encodability in the larger languages is the following: Suppose we have non-encodability between the small languages for locks, and there exists a correct (compositional) translation that uses only one synchronising memory cell in . Then the idea is to embed every -program into a -program by using only one channel, and then using the translation to derive a -program . Using this construction, we also get a translation of and into , where every ! translates into a send-prefix, and every ? into a receive-prefix. The parallel-operator remains as it is. Then the correctness of tells us that the -program has the same may- and must-convergencies. Compositionality gives us a -program that uses at most locks, and it has the same parallel-structure as , and the !,?, are translated always in the same way. The result can be reduced to a -program with at most locks, (perhaps after restricting w.r.t. contents of messages and recursion), which contradicts the result on small languages, since the reasoning holds for all .

Definition 2.8.

A mapping from the processes of into processes of is called a translation.

  • is called compositional iff , , ; does not contain the parallel operator for every subprocess ; and and for every subprocess

  • is called correct iff for all -processes , is may-convergent iff is may-convergent, and is must-convergent iff is must-convergent,

Compositional translations in our languages can be identified with the pair of strings, and we say that has length , if .

For example, a correct translation cannot map since then is must-divergent, but is must-convergent. Hence and make sense for correct translations.

We show that three locks are sufficient for a correct compositional translation.

Theorem 2.9.

For , the translation with and is correct for initial store .

Proof.

We give a sketch (the full proof can be found in [24]): A communication starts with executing of , leaving the storage . Then no other sequence in parallel processes can be executed. Then is executed, leaving the storage . The next step is that one process with may start, and is executed, leaving the storage . Now is executed, and this is the only possibility. the storage is then . Again, the only possibility is now from and the storage . The last step is executing , which restores the initial storage .

This is the only execution possibility of and , hence it can be retranslated into an interaction communication of a single and a single . ∎

There are also other correct compositional translations for : An example is a compositional correct translation of length , detected by an automated search, with and and with initial store .

The observation is that the communication is completely protected by using as a mutex, which is similar to the translation of length 6 (see Theorem 2.9)

2.4 Blocking Variants of

We choose for our locks, that blocks, but never blocks. However, also other choices are possible. Variants of where for every either blocks on a full lock, but is non-blocking, or blocks on an empty lock, but is non-blocking, do not lead to really new problems: In [24] we show that all those variants are equivalent to the previously defined language where for all : is blocking, but is non-blocking. This is possible since we take into account any initial store and thus the main argument of the equivalence is that we can change the initial store for every by switching the role of and at the same time switching the initial store for from to and vice versa. Thus this extension does not increase the number of (really) different languages for a fixed . However, the variant where blocks for a full lock and blocks for an empty lock for all (which is related to an implementation using the MVars in Concurrent Haskell) appears to be different from our languages. There are results on possibility and impossibility of correct translations from into a further restricted variant of [21]. A deeper investigation in these languages is future work.

3 One Lock is Insufficient for any Initialization

We show that there is no correct (compositional) translation into , the language with one lock, for any initial storage, i.e. for initial storage and initial storage .

Lemma 3.1.

Let be a correct translation . Then as well as either start with or have a subsequence .

Proof.

Consider the processes and which are both must-divergent. If does not satisfy the condition, then the process can be executed without any wait and is successful. The same for . However, this is a contradiction to correctness. ∎

Theorem 3.2.

There is no correct translation .

Proof.

Let be a correct translation. We first consider the case that the initial storage is . Then from Lemma 3.1 we derive that as well as have a subsequence or start with . since as a prefix is executable (and similar as in the proof of Lemma 3.1, the processes and can be used as examples to refute the correctness of ). Consider the process , which is must-convergent. First, reduce until exactly before the first occurrence of . Then reduce . Since the reduction starts with , it will block after executing the first of the leftmost subsequence (or earlier). Then , and we have a deadlock. This is a contradiction to correctness of .

Now we consider the case that the initial store is . Then Lemma 3.1 shows that and contain a subsequence or start with . We again use the must-convergent process . If both and start with , then there is an initial deadlock. Suppose that neither nor do start with a , then they both start with a , and have a subsequence . Let us consider the leftmost such subsequence for as well as for . Construct the following execution for : First until it blocks at the second of the sequence , then the execution of until the second of the sequence . Then we have a deadlock, which is impossible.

If starts with a , but not , then there is a leftmost sequence of . Execute until it is blocked at . Then we reach a deadlock. This is a contradiction. ∎

4 General Properties for at Least Two Locks

In this section, we consider compositional translations with and prove several properties of correct compositional translations that will help us later to show that is impossible. We also introduce the notion of a blocking type for a translation. The idea of this notion is recording how establishes that executing in the process blocks and why executing in the process blocks. Both processes must block if is correct, since the the processes and are both blocking (and not successful) in .

Below this notion helps to structure the arguments for different cases.

Lemma 4.1.

Let be a correct translation from for . Then there is a reduction sequence of that executes every symbol in .

Proof.

First, consider , which is must-convergent (since is must-convergent), and hence there is a reduction sequence of consuming at least all symbols in . The same sequence can be used as a partial reduction sequence of , and since this process is must-convergent (since is must-convergent), the sequence will also consume all symbols of . ∎

The notation means the number of occurrences of the symbol in the string .

Proposition 4.2.

Let for be a correct translation. Then for every : .

Proof.

The processes , and are must-convergent, hence also their images under . Now suppose the claim is false. Then for some index, say 1, . We apply Lemma 4.1 to and obtain a reduction sequence that exactly consumes the top parts and of .

Replacing by , the reduction sequence can be also used for . Since is must-convergent, can be continued to ending in a success of the form where is a suffix of , since is must-convergent.

The reduction sequence can also be used for (by interchanging and ), ending in . Since is must-convergent, the reduction sequence can be extended to resulting in .

After , we have and that the initial store for index is , due to the assumption, and since the symbols in are completely consumed. Hence must execute a before every other . But since the number of -symbols is strictly smaller than the number of -symbols, there must be a deadlock situation at least for one of the symbols .

This is a contradiction, hence the proposition holds. ∎

Definition 4.3.

For a correct translation into , a blocking prefix of a sequence of symbols in is a prefix of of one of the two forms:

  1. , where are sequences, and does not contain , and the execution of that starts with store deadlocks exactly before the last symbol, which is .

  2. , where does not contain , and the execution of that starts with store deadlocks exactly before the last symbol, which is .

We may also speak of or , respectively, as a blocking subsequence of .
In the case that has a blocking sequence, we say that the blocking type of is if the blocking sequence is , and the blocking type is , if the blocking sequence is .

We say a translation has blocking type , if is the blocking type of , and is the blocking type of .

Lemma 4.4.

Let be a correct translation where . Then there is some , such that has a blocking subsequence of the form , or , where does not contain . The same holds for .

Proof.

The reduction of cannot be completely executed, since is a fail. Hence the execution stops at a symbol , and it is either the first occurrence of , or a later occurrence. Hence the sequence before is of the form , or , where does not contain . The same arguments hold for . ∎

Lemma 4.5.

Let be a correct translation where . If is of blocking type then , and if is of blocking type then the first -symbol is , or ; The same holds for .

Proof.

The blocking type is only possible if in of the prefix there is no , hence the initial store . If the blocking type is and , then the first -symbol must be a . The other case is that is . ∎

5 Non-Existence of a Correct Translation for Two Locks

In this section, we will show that there is no correct compositional translation from to (for any initial storage ). We distinguish several cases by considering different blocking types according to Definition 4.3. When reasoning on translations, we use an extended notation of translations as pairs of strings (i.e. ): We describe sets of translations using set-concatenation (writing singletons without curly braces) and the Kleene-star. For instance, we write to denote the set of all translations where starts with arbitrary many - and -steps ending with , and starting with an arbitrary number of -steps followed by a single -step.

An automated search for compositional translations for and length has refuted the correctness of all these translations for all initializations of the initial storage. This is consistent with our general arguments in this section.

5.1 Refuting the Blocking Type

Proposition 5.1.

Let be a correct translation of blocking type . Then .

Proof.

W.l.o.g. assume that the blocking type is . Then the blocking prefixes of and are and , respectively. Now we reduce the must-convergent process by selecting the following reduction sequence: first, reduce until is completely executed, and then reduce as far as possible. Let be the prefix of of the form . If is the symbol from of , then a deadlock would occur, which is not possible, since is must-convergent. Hence as a prefix of must be of the form . There are two cases:

  1. After executing it holds and .

    1. . Now, since reducing starts with , and the final of resets , the reduction sequence starting with and then executing is possible until the end of . Since now and in both pending subprocesses a is to be executed, we have a deadlock, which is impossible due to must-convergence of .

    2. . Then the first -symbol of cannot be , since it would block. Hence the first -symbol of is . Then the further reduction of is independent of the initial values and it is the same as in the previous case.

  2. After executing it holds and . Then the first symbol of cannot be , since this would be a deadlock. Also, the first symbol of cannot be , since then the reduction of alone is the same as started with the initialization , and the reduction proceeds until the end of the blocking sequence, which leads to a deadlock. Hence starts with . The prefix of cannot be , since this either blocks within or at . Hence the prefix is . This implies that is executable until the blocking , and thus leads to a deadlock. Hence this case is also not possible.

We have checked all cases, hence is not possible and the lemma is proved. ∎

We consider the blocking type in the rest of this subsection, which suffices due to symmetry and Proposition 5.1.

Lemma 5.2.

Let be a correct translation of blocking type . Then the following holds:

  1. The blocking prefix of is and the blocking prefix of is .

  2. is a prefix of , and is a prefix of .

Proof.

Let the blocking prefix of be and the blocking prefix of be . Then first execute , and then until it blocks. If it blocks at a , then it is a deadlock. If it blocks at a , then cannot be both executed, hence a deadlock. Hence has a blocking prefix where . By symmetry, we obtain that the blocking prefix of is where . Now let the blocking prefix of be . Execute until is left, and then execute . Clearly, must block, independent of the previous executions. If blocks at , then we have a deadlock, and if it blocks at , then we also have a deadlock. Hence the blocking prefix of is of the form .

By symmetry, we obtain that the blocking prefix of is of the form . Now we prove restrictions on the prefix of and . Assume that the prefix of is . Then first reduce until it blocks before , then reduce , until it blocks within or at the (first) in . Both cases lead to a deadlock, hence this case is impossible. Thus has prefix . ∎

For the rest of this subsection, we assume blocking type , and that only correct translations are of interest.

Lemma 5.3.

Let be a correct translation. Then for any initial storage the prefix of cannot be nor .

Proof.

In each case the must-divergent process with sufficiently many subprocesses can be reduced such that it leads to a success, which contradicts the correctness of : Fix the first subprocess and reduce it until the end using the prefixes of the other subprocesses to proceed in case of a blocking. This leads to success, which is a contradiction. ∎

Lemma 5.2 implies:

Lemma 5.4.

The prefix of cannot be .

Lemma 5.5.

Let be a correct translation. Then the prefix of cannot be .

Proof.

Consider the must-convergent process . First reduce all the prefixes in all until is the first symbol. Since is a prefix of , and due to the assumption of the blocking type, reduction cannot block at a in . Hence is executed, which means that reduction is now independent of the initial store. We reduce until it stops before the second of the blocking subsequence. Then it is a deadlock, which contradicts correctness of . ∎

Lemma 5.6.

The prefix of cannot be .

Proof.

Assume the prefix of is . Then due to the assumption that the blocking type is . Consider the must-convergent process , where we fix the number of -subprocesses later if this is necessary. We will use the structure of the subprocesses and proved in Lemma 5.2 whenever necessary.

  1. Reduce before it stops at the second of the blocking subsequence. After this we have .

  2. Reduce one subprocess until it blocks. Since at the start and is a prefix of , the reduction is the same as started with , hence it stops at the second of the blocking subsequence and so at the end.

  3. We go on with the reduction of until it blocks. It cannot block at a , since this would be a deadlock. If the reduction consumes all of , then we reduce the next : The prefix shows that it cannot block at of , since this would be a deadlock, hence is executed, Now it cannot block at a before the end of the blocking sequence. Thus reduction will lead to a deadlock at the end of the blocking sequence, since all remaining subprocesses start with a .

    The last case is that the further reduction of blocks at a . Then again we reduce the next subprocess . It cannot block at of the prefix