Multiparty half-duplex systems and synchronous communications

https://doi.org/10.1016/j.jlamp.2022.100843Get rights and content

Abstract

FIFO automata are finite state machines communicating through FIFO queues. They can be used, for instance, to model distributed protocols. Due to the unboundedness of the FIFO queues, several verification problems are undecidable for these systems. In order to model check such systems, one may look for decidable subclasses of FIFO systems. Binary half-duplex systems are systems of two FIFO automata exchanging over a half-duplex channel. They were studied by Cécé and Finkel who established the decidability in polynomial time of several properties. There is no obvious way to generalize the half-duplex property to multiparty systems. Cécé and Finkel proposed some generalizations but concluded that their notions of multiparty half-duplex systems were either too restrictive or too expressive.

We explore in this paper other ways of generalizing half-duplex systems to multiparty. First, we introduce systems realizable with synchronous communications (RSC) and we show that RSC systems generalize half-duplex systems and retain the same good properties as binary half-duplex systems. Second, we introduce a notion of multiparty half-duplex systems that differs from the ones explored by Cécé and Finkel, and we show two results about this notion: (1) for mailbox communications, half-duplex systems are essentially the same as RSC systems, and (2) for peer-to-peer communications, the two notions are distinct, and RSC systems appear to be “the good one”, since peer-to-peer half-duplex systems are Turing powerful.

Introduction

FIFO automata, also known as asynchronous communicating automata (i.e., finite state automata that exchange messages via FIFO queues) are an interesting formalism for modeling distributed protocols. In their most general formulation, these automata are Turing powerful, and in order to be able to model check them it is necessary to reduce their expressiveness.

Binary half-duplex systems, introduced by Cécé and Finkel [1], are systems with two participants and a bidirectional channel formed of two FIFO queues such that communication happens only in one direction at a time. The stereotypical half-duplex device is the walkie-talkie (or the CB radio). In several applications, in particular when FIFO buffers are bounded and sends may be blocking, half-duplex communications are considered a good practice to avoid send-send deadlocks. Language support for enforcing this discipline of communication includes, for instance, binary session types [2], [3] or Sing# channel contracts [4], [5].

In [1], Cécé and Finkel show that (i) whether a system is half-duplex is decidable in polynomial time, (ii) the set of reachable configurations is regular, and (iii) properties like progress and boundedness are decidable in polynomial time. Cécé and Finkel also present two possible notions of “multiparty half-duplex” systems generalizing their class to systems of any number of machines for peer-to-peer communications (one FIFO queue per pair of machine).

The first generalization involves assuming that at most one queue over all queues is non-empty at any time. This generalization preserves decidability but is very restrictive. The second generalization restricts the communications between each pair of participants to half-duplex communications, that is, only one buffer per bidirectional channel can be used simultaneously. This generalization, however, does not preserve decidability: systems with at least three machines with half-duplex bidirectional channels are Turing powerful.

It could be believed that these results end the discussion about multiparty half-duplex systems. In this work, we claim conversely that there is another natural and relevant notion of multiparty half-duplex communications that allows us to generalize the results of Cécé and Finkel. We consider systems realizable with synchronous communications (RSC systems), which are systems for which all executions can be rescheduled in such a way that all receptions are immediately preceded by their corresponding send. This notion has already been studied (with some differences) in the literature (cfr. [6], [7], [8]). It is quite natural, and closely related to other notions like synchronizability [9], 1-synchronizable systems [10], or existentially 1-bounded systems [11] (see Sections 3 and 6 for a detailed discussion).

We also introduce multiparty half-duplex systems. We call an execution half-duplex if every machine only sends to others when its input buffers are empty. A half-duplex system is a system for which all executions are causally equivalent1 to half-duplex executions.

We establish the following results:

  • 1.

    whether a system is RSC is decidable in polynomial time (when the number of processes is fixed);

  • 2.

    for RSC systems, all regular safety properties, which includes reachability, absence of unspecified receptions, progress, and boundedness are decidable in polynomial time;

  • 3.

    mailbox half-duplex systems are RSC, and mailbox RSC systems without unmatched messages are half-duplex;

  • 4.

    peer-to-peer half-duplex systems are not RSC, and are actually Turing powerful.

The first result exploits the definition of borderline violation given in Bouajjani et al. [10] for k-synchronous systems. The main challenge here is that we address a more general model of communicating systems that encompasses both mailbox and peer-to-peer communications, but also allows any form of sharing of buffers among processes. The second result is based on an approach that, to the best of our knowledge, is new, although it borrows from some general principles from regular model-checking. The challenge is that, unlike for binary half-duplex systems, the reachability set of RSC systems is not regular, which complicates how automata-based techniques can be used to solve regular safety problems. The two last contributions demonstrate some strengths and weaknesses of our proposal to generalize the half-duplex property to multiparty communications, and underline the major role of the RSC property.

Outline  The paper is organized as follows: Section 2 introduces communicating automata and systems. Section 3 defines RSC systems and establishes the decidability of the RSC property. Section 4 discusses regular safety properties for RSC systems. Section 5 introduces the notion of multiparty half-duplex systems, compares RSC systems and half-duplex systems, first in the binary setting, then in the multiparty setting. Finally, Section 6 concludes with some final remarks and discusses related works.

This paper is an extended and revised version of the paper [12]. What we called “greedy systems” in this previous one is now named an “RSC system”, after the terminology introduced by Charron-Bost et al. [6]. Moreover the generalization to peer-to-peer systems is new.

Section snippets

Preliminaries

For a finite set S, S denotes the set of finite words over S, w1w2 denotes the concatenation of two words, |w| denotes the length of w, and ε denotes the empty word. We assume some familiarity with non-deterministic finite state automata, and we write L(A) for the language accepted by the automaton A. For two sets S and I, we write b (in bold) for an element of SI, and bi for the i-th component of b=(bi)iI.

A FIFO automaton is a finite state machine equipped with FIFO queues (buffers) where

RSC systems

In this section we discuss systems realizable with synchronous communications (in short, RSC systems). Those systems aim at mimicking rendezvous or synchronous communications by checking whether each execution can be rescheduled to an equivalent one where all receptions immediately follow their corresponding send.

Definition 6 RSC system

An execution e is RSC if all matching pairs are of the form {j,j+1}. A system S is RSC if for all execution eexecutions(S), there exists an RSC execution e such that ee.

Example 3 RSC system

The system

Model-checking RSC systems

Given a property P, the P safety problem consists in checking whether a system S is such that RS(S)P(S)=. Cécé and Finkel showed that, for a binary half-duplex system S, RS(S) is regular and computable in polynomial time [1, Theorem 26]. Since the emptiness of the intersection of two polynomial time computable regular languages is decidable in polynomial time, for any regular polynomial time property P, the P safety problem, is decidable in polynomial time for binary half-duplex systems. For

Multi-party half-duplex systems

In this last section, we single out a class of systems that has been defined in the literature and that appertain to RSC systems. As remarked in the introduction, this work originates from the analysis of binary half-duplex systems (called simply half-duplex by Cécé and Finkel [1]). These are binary systems where all reachable configurations (l1,l2,b1,b2) are such that either b1=ε or b2=ε. Such systems enjoy the same decidability and complexity results as RSC systems and, as we will see later

Conclusion

We have introduced RSC systems, a new class of communicating systems, generalizing the notion of half-duplex systems to any number of processes, and to an arbitrary model of FIFO communication (encompassing both peer-to-peer and mailbox communications). We have shown that the RSC property of a system is decidable in polynomial time and that, for RSC systems, regular safety properties, such as reachability, progress, and boundedness are also decidable in polynomial time (always considering the

Declaration of Competing Interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Acknowledgements

We would like to thank all the reviewers (from ICE and from the special issue) for their careful reading and detailed comments, in particular for some shorter and more intuitive arguments, that greatly improved the present paper.

References (38)

  • B. Charron-Bost et al.

    Synchronous, asynchronous, and causally ordered communication

    Distrib. Comput.

    (1996)
  • A. Heußner et al.

    Reachability analysis of communicating pushdown systems

    Log. Methods Comput. Sci.

    (2012)
  • F. Chevrou et al.

    On the diversity of asynchronous communication

    Form. Asp. Comput.

    (2016)
  • A. Bouajjani et al.

    On the completeness of verifying message passing programs under bounded asynchrony

  • B. Genest et al.

    On communicating automata with bounded channels

    Fundam. Inform.

    (2007)
  • C. Di Giusto et al.

    Towards generalised half-duplex systems

  • L. Akroun et al.

    Automated verification of automata communicating via FIFO and bag buffers

    Form. Methods Syst. Des.

    (2018)
  • Itu-ts: Itu-ts recommendation z. 120: Message sequence chart (msc). itu-ts,...
  • K. Honda et al.

    Multiparty asynchronous session types

    J. ACM

    (2016)
  • Cited by (0)

    This work has been supported by the French government, through the EUR DS4H Investments in the Future project managed by the National Research Agency (ANR) with the reference number ANR-17-EURE-0004.

    View full text