Multiparty half-duplex systems and synchronous communications☆
Introduction
FIFO automata, also known as asynchronous communicating automata (i.e., finite state automata that exchange messages via FIFO queues) are an interesting formalism for modeling distributed protocols. In their most general formulation, these automata are Turing powerful, and in order to be able to model check them it is necessary to reduce their expressiveness.
Binary half-duplex systems, introduced by Cécé and Finkel [1], are systems with two participants and a bidirectional channel formed of two FIFO queues such that communication happens only in one direction at a time. The stereotypical half-duplex device is the walkie-talkie (or the CB radio). In several applications, in particular when FIFO buffers are bounded and sends may be blocking, half-duplex communications are considered a good practice to avoid send-send deadlocks. Language support for enforcing this discipline of communication includes, for instance, binary session types [2], [3] or Sing# channel contracts [4], [5].
In [1], Cécé and Finkel show that (i) whether a system is half-duplex is decidable in polynomial time, (ii) the set of reachable configurations is regular, and (iii) properties like progress and boundedness are decidable in polynomial time. Cécé and Finkel also present two possible notions of “multiparty half-duplex” systems generalizing their class to systems of any number of machines for peer-to-peer communications (one FIFO queue per pair of machine).
The first generalization involves assuming that at most one queue over all queues is non-empty at any time. This generalization preserves decidability but is very restrictive. The second generalization restricts the communications between each pair of participants to half-duplex communications, that is, only one buffer per bidirectional channel can be used simultaneously. This generalization, however, does not preserve decidability: systems with at least three machines with half-duplex bidirectional channels are Turing powerful.
It could be believed that these results end the discussion about multiparty half-duplex systems. In this work, we claim conversely that there is another natural and relevant notion of multiparty half-duplex communications that allows us to generalize the results of Cécé and Finkel. We consider systems realizable with synchronous communications (RSC systems), which are systems for which all executions can be rescheduled in such a way that all receptions are immediately preceded by their corresponding send. This notion has already been studied (with some differences) in the literature (cfr. [6], [7], [8]). It is quite natural, and closely related to other notions like synchronizability [9], 1-synchronizable systems [10], or existentially 1-bounded systems [11] (see Sections 3 and 6 for a detailed discussion).
We also introduce multiparty half-duplex systems. We call an execution half-duplex if every machine only sends to others when its input buffers are empty. A half-duplex system is a system for which all executions are causally equivalent1 to half-duplex executions.
We establish the following results:
- 1.
whether a system is RSC is decidable in polynomial time (when the number of processes is fixed);
- 2.
for RSC systems, all regular safety properties, which includes reachability, absence of unspecified receptions, progress, and boundedness are decidable in polynomial time;
- 3.
mailbox half-duplex systems are RSC, and mailbox RSC systems without unmatched messages are half-duplex;
- 4.
peer-to-peer half-duplex systems are not RSC, and are actually Turing powerful.
The first result exploits the definition of borderline violation given in Bouajjani et al. [10] for k-synchronous systems. The main challenge here is that we address a more general model of communicating systems that encompasses both mailbox and peer-to-peer communications, but also allows any form of sharing of buffers among processes. The second result is based on an approach that, to the best of our knowledge, is new, although it borrows from some general principles from regular model-checking. The challenge is that, unlike for binary half-duplex systems, the reachability set of RSC systems is not regular, which complicates how automata-based techniques can be used to solve regular safety problems. The two last contributions demonstrate some strengths and weaknesses of our proposal to generalize the half-duplex property to multiparty communications, and underline the major role of the RSC property.
Outline The paper is organized as follows: Section 2 introduces communicating automata and systems. Section 3 defines RSC systems and establishes the decidability of the RSC property. Section 4 discusses regular safety properties for RSC systems. Section 5 introduces the notion of multiparty half-duplex systems, compares RSC systems and half-duplex systems, first in the binary setting, then in the multiparty setting. Finally, Section 6 concludes with some final remarks and discusses related works.
This paper is an extended and revised version of the paper [12]. What we called “greedy systems” in this previous one is now named an “RSC system”, after the terminology introduced by Charron-Bost et al. [6]. Moreover the generalization to peer-to-peer systems is new.
Section snippets
Preliminaries
For a finite set S, denotes the set of finite words over S, denotes the concatenation of two words, denotes the length of w, and ε denotes the empty word. We assume some familiarity with non-deterministic finite state automata, and we write for the language accepted by the automaton . For two sets S and I, we write b (in bold) for an element of , and for the i-th component of .
A FIFO automaton is a finite state machine equipped with FIFO queues (buffers) where
RSC systems
In this section we discuss systems realizable with synchronous communications (in short, RSC systems). Those systems aim at mimicking rendezvous or synchronous communications by checking whether each execution can be rescheduled to an equivalent one where all receptions immediately follow their corresponding send.
Definition 6 RSC system An execution e is RSC if all matching pairs are of the form . A system is RSC if for all execution , there exists an RSC execution such that .
Example 3 RSC system The system
Model-checking RSC systems
Given a property P, the P safety problem consists in checking whether a system is such that . Cécé and Finkel showed that, for a binary half-duplex system , is regular and computable in polynomial time [1, Theorem 26]. Since the emptiness of the intersection of two polynomial time computable regular languages is decidable in polynomial time, for any regular polynomial time property P, the P safety problem, is decidable in polynomial time for binary half-duplex systems. For
Multi-party half-duplex systems
In this last section, we single out a class of systems that has been defined in the literature and that appertain to RSC systems. As remarked in the introduction, this work originates from the analysis of binary half-duplex systems (called simply half-duplex by Cécé and Finkel [1]). These are binary systems where all reachable configurations are such that either or . Such systems enjoy the same decidability and complexity results as RSC systems and, as we will see later
Conclusion
We have introduced RSC systems, a new class of communicating systems, generalizing the notion of half-duplex systems to any number of processes, and to an arbitrary model of FIFO communication (encompassing both peer-to-peer and mailbox communications). We have shown that the RSC property of a system is decidable in polynomial time and that, for RSC systems, regular safety properties, such as reachability, progress, and boundedness are also decidable in polynomial time (always considering the
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Acknowledgements
We would like to thank all the reviewers (from ICE and from the special issue) for their careful reading and detailed comments, in particular for some shorter and more intuitive arguments, that greatly improved the present paper.
References (38)
- et al.
Verification of programs with half-duplex communication
Inf. Comput.
(2005) - et al.
On deciding synchronizability for asynchronously communicating systems
Theor. Comput. Sci.
(2016) - et al.
Unreliable channels are easier to verify than perfect channels
Inf. Comput.
(1996) - et al.
Verifying programs with unreliable channels
Inf. Comput.
(1996) Verifying lossy channel systems has nonprimitive recursive complexity
Inf. Process. Lett.
(2002)- et al.
Bounded MSC communication
Inf. Comput.
(2004) Types for dyadic interaction
- et al.
Language primitives and type discipline for structured communication-based programming
- et al.
Language support for fast and reliable message-based communication in singularity OS
- et al.
Reliable contracts for unreliable half-duplex communications
Synchronous, asynchronous, and causally ordered communication
Distrib. Comput.
Reachability analysis of communicating pushdown systems
Log. Methods Comput. Sci.
On the diversity of asynchronous communication
Form. Asp. Comput.
On the completeness of verifying message passing programs under bounded asynchrony
On communicating automata with bounded channels
Fundam. Inform.
Towards generalised half-duplex systems
Automated verification of automata communicating via FIFO and bag buffers
Form. Methods Syst. Des.
Multiparty asynchronous session types
J. ACM
Cited by (0)
- ☆
This work has been supported by the French government, through the EUR DS4H Investments in the Future project managed by the National Research Agency (ANR) with the reference number ANR-17-EURE-0004.