A formalism to describe concurrent non-deterministicsystems and an application of it by analysing systems fordanger of deadlockHuis in 't Veld, R.J.

Published: 01/01/1988

Document VersionPublisher’s PDF, also known as Version of Record (includes final page, issue and volume numbers)

Please check the document version of this publication:

• A submitted manuscript is the author's version of the article upon submission and before peer-review. There can be important differencesbetween the submitted version and the official published version of record. People interested in the research are advised to contact theauthor for the final version of the publication, or visit the DOI to the publisher's website.• The final author version and the galley proof are versions of the publication after peer review.• The final published version features the final layout of the paper including the volume, issue and page numbers.

Link to publication

Citation for published version (APA):Huis In T Veld, R. J. (1988). A formalism to describe concurrent non-deterministic systems and an application ofit by analysing systems for danger of deadlock. (EUT report. E, Fac. of Electrical Engineering; Vol. 88-E-200).Eindhoven: Technische Universiteit Eindhoven.

General rightsCopyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright ownersand it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights.

• Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal ?

Take down policyIf you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediatelyand investigate your claim.

Download date: 17. Jun. 2018

A Formalism to Describe Concurrent Non-Deterministic Systems and an Application of it by Analysing Systems for Danger of Deadlock by R.J. Huis in 't Veld

EUT Report 88-E-200 ISBN 90-6144-200-1

August 1988

ISSN 0167- 9706

Eindhoven University of Technology Research Reports

EINDHOVEN UNIVERSITY OF TECHNOLOGY

Faculty of Electrical Engineering

Eindhoven The Netherlands

Coden: TEUEDE

A FORMALISM TO DESCRIBE CONCURRENT NON-DETERMINISTIC SYSTEMS

AND

AN APPLICATION OF IT BY ANALYSING SYSTEMS FOR DANGER OF DEADLOCK

by

R.J. Huis in 't Veld

EUT Report 88-E-200

ISBN 90-6144-200-1

Eindhoven

August 1988

CIP-GEGEVENS KONINKLIJKE BIBLIOTHEEK, DEN HAAG

Huis in 't Veld, R.J.

A formalism to describe concurrent non-deterministic systems and an application of it by analysing systems for danger of deadlock / by R.J. Huis in It Veld. -Eindhoven: University of Technology, Faculty of Electrical Engineering. - Fig. - (EUT report, 155N 0167-9708, 88-E-200) Met lit. opg., reg. ISBN 90-6144-200-1 5150 520.6 UDC 510.5 NUGI 811 Trefw.: procesalgebra.

A FORMALISM TO DESCRIBE CONCURRENT NON-DETERMINISTIC SYSTEMS

AND

AN APPLICATION OF IT BY ANALYSING SYSTEMS FOR DANGER OF DEADLOCK

R.J. Huis in 't Veld Faculty of Electrical Engineering,' Digital Systems Group (EB)

Eindhoven University of Technology P.O. Box 513, 5600 MB Eindhoven, The Netherlands

Abstract: A formalism is introduced to describe the behaviour of systems built out of concurrently running mechanisms. The central notion in this formalism is called process. It is used to specify the behaviour of these systems. Furthermore, criteria to differentiate between specifications are discussed. Each of these criteria will be formalized by an equivalence relation on processes. Finally, the formalism is used to analyse the behaviour of systems for deadlock-like properties. Several concepts describing these properties are introduced. It appears that a system may show one of these properties, while its components do not. For this purpose, theorems are derived. They state the conditions under which larger systems may be built out of smaller ones, without introducing deadlock-like properties.

- iii -

CONTENTS

Preface 1

1. The Formalism

1.0 Introduction 3 1.1 Process 3 1.2 Concurrency 8 1.3 Equivalence relations on processes 10 1.4 Properties of Bisimulation Equivalence 19

2. Deadlock

2.0 Introduction 23 2.1 Locked and Lockfree 25 2.2 Construction of lockfree systems 29 2.3 A substitution property 32 2.4 Deadlockfree 37

3. Other Concepts

3.0 Introduction 39 3.1 Disablefree 39 3.2 Ignorefree 40

4. Conclusions 42

5. References 43

- iv -

PREFACE

CCS (a Calculus of Communicating Systems) [6], CSP (Communicating Sequential

Processes) [3] and Trace Theory [5] have been evolved to formalize the

reasoning about systems built out of concurrently running mechanisms. Each of

these formalisms shows how abstract specifications of the behaviour of a

system and its components may be given. Then, properties of a system may be

expressed by predicates over these specifications.

In this report. we combine the mayor features of CCS and Trace Theory into a

new formalism. The central notion in this formalism is called process. It is

used to specify the behaviour of systems bull t out of concurrently running

mechanisms. Also, criteria to differentiate between the behaviour of these

systems are discussed. Each of these criteria is formalized by an equivalence

relation on processes. Furthermore, we apply the formalism to analyse systems

for danger of deadlock. A concept in terms of our formalism is presented that

corresponds to our intuitive meaning of deadlock. It appears that a system

may have danger of deadlock while its components do not. For this purpose, a

theorem is derived. It states the conditions under which larger deadlockfree

systems may be built out of smaller ones. Finally, we treat other, to

deadlock related propertles of systems.

We conclude this preface with some notational conventions used throughout

this report. Slightly unconventional notations are used for variable binding

constructs. Universal quantification is denoted by (81: d: E) where B is the

quantifier, 1 is a list of bound variables, d delineates the range of each of

these variables, and E is the quantified expression. Similarly, (E 1: d: E)

denotes existential quantification. Furthermore, we use in the same way the

quantifiers !..! and 0 to denote continued unification and continued

intersection respectively.

Given two sets X and Z. The proof that X is a subset of Z (X ~ Z) may run

like: X ~ Y and Y ~ Z for some set Y. Henceforth, we record such proofs as

follows:

- 1 -

x ~ { hint why X ~ Y }

Y ~ { hint why Y ~ Z }

Z

- 2 -

1. THE FORMALISM

1. 0 Introduction

The behaviour of a system built out of concurrently running mechanisms may

show some unwanted aspects. To determine whether these aspects are present in

the behaviour of a system, a formalism is used that is based upon CCS and

Trace Theory. In this chapter the formalism is presented.

We start by introducing the notion process. At first, a process is used to

describe the behaviour of a mechanism. Later on, this is generalized to

describe the behaviour of a system built out of concurrently running

mechanisms. Then, we continue by discussing criteria to differentiate between

the behaviour of systems. Each of these criteria is formalized by an

equivalence relation on the universe of processes. Finally, some properties

are derived for the strongest of these relations.

1.1 Process

We postulate two disjoint infinite sets Id and II. The elements of Id are

called behaviour-names. Elements and subsets of 1\ are called action-symbols

and alphabets respectively.

Let A be a set. The set of all finite-length sequences of elements of A is

denoted by A*. The empty sequence is denoted by c. Elements of 11* are called

traces.

Small and large letters near the beginning of the Latin alphabet are used to

denote action-symbols and alphabets respectively, and small and large letters

near the end of the Latin alphabet are used to denote traces and

behaviour-names respectively.

Furthermore, we denote by Exp the set of expressions defined by the following

syntax in Backus-Naur Form:

- 3 -

E .. = a:E

E + E

X

NIL

- 4 -

where a and X range over A and Id respectively. NIL is a special symbol that

is not an element of A or Id. Additionally, we assume that for expressions

Ei, i" 0, the infinite sequence EO + E1 + E2 + ... (abbreviated by

(+i:i .. O:Ei» is also an expression.

A transition-function is a partial function from Id to Exp. Frequently, we

write a transition-function 'Y as a set of pairs {(X,'Y(XllIXe dom('Y)}. For

transition-functions 'YO and 'Y1 with disjoint domains, we denote by 'YO u 'Y1

the transition-function that corresponds to the union of the with 'YO and 'Y1

associated sets of pairs.

We now have a sufficient base to introduce the notion process. Assume E to be

an expression, A to be an alphabet and 'Y to be a transition-function. We call

the triple <E,A,'Y> a process if and only if the elements of A are the only

action-symbols that occur in E and in the expressions in the range of 'Y. To

refer more easily to the three components that make up a process P,

P = <E,A,'Y>, we denote by rP the expression E, by ~P the alphabet A and by uP

the transition-function 'Y.

We attach an operational semantics to processes, by defining for each

action-symbol a the binary relation ~ on the universe P of processes.

Definition 1.1.0

For each action-symbol a, we denote by ~ the smallest binary relation on P

satisfying:

i) (a:E,A,'Y) ~ (E,A,'Y)

ii) if (EO,A,'Y) ~ (E,A,'Y) or (E1,A,'Y) ~ (E,A,':!)

then (EO + E1,A,'Yl ~ (E,A,'Yl

iii) if ('Y(X),A,':!) ~ (E,A,'Y) then (X,A,':!) ~ (E,A,'Y)

where E, EO and E1 are expressions, A is an alphabet, X is a behaviour-name,

and 'Y is a transition-function.

(End of Definition)

We continue by extending the binary relations on the universe of processes

from action-symbols to traces.

- 5 -

Definition 1. 1. 1 t For a trace t, we recursively define the binary relation --7 on P as follows

i) P ---E... P

ii) For trace s and action-symbol a:

PO ~ P2 = (EP1:P1 e P:PO ~ P1 A P1 ~ P2)

(End of Definition)

The operational semantics we have attached to a process P may be expressed

graphically. The binary relations a --7 , a eA. and the set Q,

Q = {P' I (Es: s e ~p·:P ~ P' )}, specify a rooted, directed, connected graph.

This graph is called the state graph of P, and it is defined by:

There exists a one to one correspondence between the vertices of the

graph and the processes in Q. The root of the graph corresponds to P.

The arcs of the graph are labelled by action-symbols. There exists an

arc labelled by action-symbol a from the vertex associated with

process PO to the vertex associated with process P1 if and only if

PO ~ P1.

When drawing the state graph of a process, the root is denoted by o.

Furthermore, we label some of the vertices of the graph sometimes by their

corresponding processes.

Example 1.1.2

Let ~ be the transition-function {(W,a:X), (X,c:Y + d:Z), (Y,b:W),(Z,NIL)}.

Furthermore, let P be the process <W,{a,b,c,d},~>.

The state graph of P is presented in Figure 1.1.0, where the processes PO, P1

and P2 are defined by: PO = <X,{a,b,c,d},~> P1 = <Y,{a,b,c,d},~> P2 = <Z,{a,b,c,d},~>

01°P

c d .~. -----?

P1 PO P2

Figure 1.1.0: The state graph of process P.

(End of Example)

We call two state graphs GO and G1 isomorfic if there exists a bijection f

- 6 -

from the vertices of GO to the vertices of Gl such that:

The root of GO is mapped into the root of Gl.

The labelled arcs that are drawn between any two vertices VO and Vl in

GO are the same labelled arcs that are drawn between the vertices

f(VO) and f(Vl) in Gl.

Notice that two processes have the same operational semantics if their state

graphs are isomorfic.

A process P may be used to describe the behaviour of a mechanism as follows:

The vertices of the state graph of P correspond to the states the

mechanism may be in. The action-symbols in i1,P correspond to actions

the mechanism may perform. We assume that these actions have no

duration and that they do not overlap.

Initially the mechanism is in the state that corresponds to [Po

Let A be a state in the state graph of P, and let the mechanism be in

in this state. Then, the mechanism can only perform next one of the

with the labels of the outgoing arcs of A associated actions. Assume A

has an outgoing arc that is labelled by action-symbol a. After

performing the action associated with a, the mechanism will be in a

new (perhaps the same) state. This is one of the states to which A has

an outgoing arc that is labelled by a.

Let G be a rooted, directed, connected graph in which the arcs are labelled

by action-symbols. A process with G as state graph is easily constructed.

Define an injective function f from the vertices of G to Id. Assume that the

root of G is mapped into Z. A process PO has G as state graph if it

satisfies:

[PO = Z

aPO contains at least the action-symbols that label the arcs in G.

·dom(nPO) = rng(f)

For each X, X E rng(f), nPO(X) denotes an expression that is obtained

by placing in a sequence of all the elements of the set

{a:Y!a E A AYE rng(f)

A there is an arc labelled a from f- 1 (X) to f- 1(y)}

between each two successive elements the + operator. If this set is

empty nPO(X) is NIL.

- 7 -

Let P be a process. If P can be obtained by applying the above construction

method to its state graph, P is said to be in normal form.

We call two processes PO and P1 identical, denoted by PO = P1, if they have

the same alphabets and the same operational semantics. Since the operational

semantics of a process is fully captured by the process's state graph, two

processes are identical if they have the same alphabets and isomorfic state

graphs. Clearly, for each process in P there exists a process in normal form

that is identical to it. So, without loss of generality, we confine ourselves

in the sequel to processes in normal form. Therefore, we postulate a largest

possible set Q of processes in normal form. Each two different elements in Q

have disjoint behaviour-names and they are not identical. Henceforth, we

assume that a process either is an element of Q or denotes its identical

element in Q. Moreover, sets of processes are subsets of Q.

A consequence of restricting ourselves to processes in Q is that the state

graph of a process does not contain two or more vertices with which identical

processes are associated.

Each element of Exp is built out of action-symbols, behaviour-names and NIL

that are glued together by the operators: and +. In Definition 1.1.0 we have

given the semantics of these operators. Similar operators may be introduced

on processes.

Definition 1.1.3

(0) For each process P, P = <E, A, ':I>, and for each action-symbol a, we

denote by a:P the process in Q that is identical to <a:E,A u {a},':I>.

(1) Let PO and P1 be processes such that PO = <EO,A,':IO>, P1 = <El,A,':I1>

and the behaviour-names occurring in PO and Pl are disjoint. We

denote by PO + P1 the process in Q that is identical to

<EO + E1,A,':IO u ':11>.

(End of Definition)

Let PO and Pl be processes, and let a be an action-symbol. With a: PO a

mechanism may be associated that initially performs the action that

corresponds to a, and whose successive behaviour is specified by PO. With

PO + P1 a mechanism may be associated that has an initial choice: Either to

behave as specified by PO or to behave as specified by Pl.

- 8 -

Property 1. 1. 4

Let PO and P1 be processes with the same alphabets. Furthermore, we denote

for each alphabet A by NULLA the process in Q that is identical to <NIL,A,0>.

Then,

(0) PO + P1 = P1 + PO

(1 ) PO + NULLl!.PO = PO

(End of Property)

1. 2 Concurrency

Consider two mechanisms. One of these mechanisms, called the sender,

repeatedly receives via a channel co a message from its environment and then

puts it on channel Cl. The other mechanism, called the receiver, repeatedly

receives a message put on channel Cl and sends it to its environment by

placing it on channel C2. The precise behaviour of the sender and the

receiver is specified by the processes Sand R respectively.

S = <SO, {co,cil, {(SO,co:S1), (S1,Cl:SO)}>

R = <RO,{Cl,C2},{(RO,Cl:Rl + cl:R2), (R1,C2:RO), (R2,C2:R3), (R3,NUL)}>

In Sand R we have used the names of the channels as action-symbols. They

denote the actions of the sender and the receiver regarding these channels

In order to state anything about the behaviour of the Sender-Receiver System,

we consider a system built out of concurrently running mechanisms to be a

mechanism as well. Consequently, the behaviour of a system has to be

specified by a process. Since such a process is related to the processes

describing the behaviour of the system's components, it is derived from these

processes.

We introduce on the universe of processes a new infix operator I, called the

composition operator. The semantics of this operator is presented in the

following definition.

- 9 -

Definition 1.2.0 (composition)

For each a, a E A, we denote by ~ the smallest binary relation on

{pIQiP E Q A Q E Q} satisfying:

i) if <EO,AO,~O> ~ <E,AO,~O> and a ~ A1 then

<EO,AO,~0>I<E1,A1.~1> ~ <E,AO,~0>I<E1,A1,~1>

ii) if <E1,A1,~1> ~ <E,A1,~1> and a ~ AO then

<EO,AO,~O>I<El,Al,~l> ~ <EO,AO,~0>I<E,A1,~1>

iii) if PO ~ PO' and P1 ~ Pl' then POlp1 ~ PO'IP1'

where E, EO and El are expressions, AO and A1 are alphabets, and ~O and ~1

are transition-functions.

(End of Definition)

Similar to Definition 1. 1. 1, we extend the above defined relations from

action-symbols to traces.

Let P and Q be processes. As we have seen

a E A, on the set {POIQOiPO E Q A QO E Q A

a for processes, the relations ~,

(Es:s E A-:pIQ ~ POIQO)} specify

a graph G with plQ as root. In the sequel, we denote by plQ the process in Q

that has G as state graph and gP U gQ as alphabet.

Applying the above to our Sender-Receiver System, SiR denotes the process:

<Z, {cO,CI,C2}, { (Z,co:QO), (QO,ct:Q1 + c1:Q2), (Ql,co:Q3 + C2:Z)

,(Q2,co:Q4 + C2:QS), (Q3,C2:QO>, (Q4,C2:Q6), (QS,co:Q6)

, (Q6,NIL)}>

Notice that SiR does not completely specify the behaviour of the

Sender-Receiver System. For instance, according to SiR there is no time laps

between the moment the sender puts a message on CI and the moment the

receiver removes it from ct. In real practice, this transfer of messages can

not be instantaneous. If the system is in the state associated with Q1, it

may either perform co or C2. These actions will be performed by different

components of the system, and they involve interaction with the system's

environment. If the environment has no objections, they may be performed

simultaneously. Although we are aware of these kinds of limitations, we take

them for granted in this report.

Property 1. 2. 1

(0) POlp1 = P11PO

(1) POl (P1In) = (POlpll1P2

(end of Property)

- 10 -

(commutative)

(associative)

The composition operator is not idempotent. For instance, take process P,

P = <X,{a,b,c},{(X,a:XO + a:X2),(XO,b:Xll,(X1,NIL), (X2,c:X1))>. pip is the

process <Z,{a,b,c},{(Z,a:ZO + a:Z1 + a:Z2),(ZO,b:Z1), (Zl,NIL),(Z2,c:Z1)}>.

Obviously, the state graphs of P and pip are not isomorfic.

Since the composition operator is commutative and associative, composition

may be extended to sets of processes. Let X be a set of processes. We denote

by C(X) the process obtained by composing the elements in X. By definition,

C(,,) denotes the process NULL,,' In this report, we implicitly assume that

composition is only applied on sets of processes that do not contain two or

more processes with the same alphabets. Consequently, the next property is

only defined for those sets X and Y of processes such that X, Y and X u Y

satisfy this condition.

Property 1. 2. 2

Let X and Y be sets of processes such that X n Y = ". Then

C(X)IC(Y) = C(X u Y)

(End of Property)

1.3 Equivalence relations on processes.

Consider a system S specified by a process P. This system may be embedded in

a system T. S may perform two types of actions regarding T. First, the

actions by which S and T interact. These actions are called the observable

actions of S regarding T. Second, all the other actions S may perform. These

are the actions by which the components of S interact with one another, and

the actions by which S interacts with the environment of the system composed

of Sand T. They are called the unobservable actions of S regarding T.

By interacting with S, T only experiences a part of the behaviour of S.

Namely, the observable actions of S regarding T. This experienced behaviour

can be described by process P. But P specifies in detail the unobservable

actions of S regarding T. Clearly, the nature of these unobservable actions

are not important for the specification of the behaviour of S as it is

- 11 -

experienced by T. Only their occurrences matter. So, instead of P, we may use

the process P in which all action-symbols that denote the unobservable

actions are replaced by the same, fresh action-symbol.

The above shows how to abstract from details in a process. We formalize it by

introducing the operation hiding on processes. Therefore, A is extended by a

special action-symbol T, T f A. The set A v {T} is denoted by A . T

In the

sequel, traces are elements

the notion of process is

of A • and alphabets T

are subsets of A . Moreover, T

modified a little. All we have stated about

action-symbols holds also for T, except that a T may never occur in the

alphabet of a process. The universe of processes Q is extended by a maximal

set of processes in normal form such that T occurs at least once in each of

these processes. Furthermore, each two different processes in this set are

not identical and have disjoint behaviour-names. The extended universe of

processes is denoted by Q . T

Definition 1.3.0 (hiding)

Let P be a process, and let A be an alphabet.

We denote by P~A the process

~ is the transition-function

in Q that is identical to <rP,~P A A,~>, where T

obtained from nP by replacing in each expression

in the range of nP each occurrence of an action-symbol in ~P\A by a T.

(End of Definition)

Informally, we may associate with a process in which T-symbols occur a

mechanism that is capable of performing some unspecified actions.

To facilitate our discussion of processes, we no longer distinguish between

processes and the mechanisms they specify.

The above suggests a criterion to differentiate between two systems T and U.

T and U are the same regarding a set A of actions if and only if each system

that only interacts by the actions in A with T and U respectively experiences

no difference between them. In the sequel, this criterion is formalized by an

equivalence relation on processes. The relation is called bisimulation

equivalence. Preceding its definition, other equivalence relations on

processes are given that at first sight seem to capture our criterion. In

order to do this, the concepts projection and successor-set are introduced

first.

- 12 -

The notion of hiding is extended to traces.

Definition 1.3.1 (projection)

For trace t and alphabet A, we recursively define the projection of t on A,

denoted by ttA, by:

etA = e

(sa) tA = stA

(sa) tA = (stA)a

(End of Definition)

for trace s and action-symbol a such that a ~ A.

for trace s and action-symbol a such that a e A.

Informally, the projection of trace t on alphabet A denotes the trace

t in which all occurrences of action-symbols not in A are removed.

Definition 1.3.2 (successor-set)

For a process P, the successor-set of P, denoted by Succ(P), is the set of

action-symbols

{ala e aP A (Ep':p'e Q : (Et:t e (aP v {T})* A ttaP = a :P ~ P' »} T

(End of Definition)

Informally, for a process P we denote by Succ(P) the maximal subset of non T

actions that the process may perform next.

Let P and P' be processes, and let s be a trace in aP*. In the sequel we t) s abbreviate (Et:t e (aP v {T})* A ttaP = soP ~ P' by P ==+ P'.

We continue with an enumeration of a number of equivalence relations on

processes. These relations are only defined between processes with the same

alphabets.

Throughout the remainder of this section we assume PO and P1 to be processes

with the same alphabets. Moreover, all non '[-actions are considered to be

observable actions.

Intuitively, a first approach to distinguish between processes is to look at

finite-length sequences of actions. Each of these sequences specifies the

actions that a process may consecutively engage itself in from the moment it

starts operating. Then, two processes may be called equivalent if they have

the same set of finite-length sequences of actions. This equivalence relation

is known as trace equivalence, and it is formalized in the following

- 13 -

definition.

Definition 1.3.3 (trace equivalence)

PO and Pl are called trace-equlvalent, denoted by PO '" Pl, if and only if 1

the following holds

(BP,s:P e Q As e gPO· A PO ~ P:(EP':P'e Q A Pl ~ P':true)) ... ... A (BP',s:P'e Q AS e aPl· A Pl ~ P': (EP:Pe Q A PO ~ P:true)) ... ...

(End of Definition)

Consider the state graphs of the processes PO and Pl (Figure 1.3.0).

PO Pl 0 0

Y"'z La • • •

Ib Ib • •

Figure 1.3.0: The state graphs of processes PO and Pl.

Contrary to process Pl, process PO may never be able to perform action b

after having performed action a. Easily, a system can be found that

distinguishes between these trace equivalent processes. This suggests the

following equivalence relation.

Definition 1.3.4 (fallure equivalence)

PO and Pl are called failure equivalent, denoted by PO ~ Pl, if and only if

the following predicate holds:

(BP,s,X:P e Q ... A S e gPO· A PO ~ P A X ~ A A X n Succ(P) = 0

: (EP':P'e Q A Pl ~ P':X n Succ(P') = 0)) ... A (BP',s,X:P'e Q AS e aPl· A Pl ~ P' A X ~ A A X n Succ(P') = 0 ...

: (EP:P e Q A PO ~ P:X n Succ(p) = 0)) ... (End of Definition)

- 14 -

Figure 1.3.1 shows the state graphs of processes PO and Pl.

PO Pl

;/aI~ 0

;/ ~ • • • • •

bi Ci bi~ bi iC

• • • • • • Figure 1. 3.1: The state graphs of processes POandP1.

These processes are failure equivalent. After they both perform action a, PO

may still choose between band c. Pl, however, has no choice. A system that

can monitor all the observable actions a process may perform next

distinguishes between these processes. This observation yields the following

equivalence relation.

Definition 1.3.5 (successor equivalence)

PO and Pl are successor equivalent, denoted by PO 6 Pl, if and only if the

following holds:

(BP,s:P E a A s E aPO· A PO ~ P T

: (EP':P'E a A Pl ~ P':Succ(P) = Succ(P' I)) T

A (BP',s:P'E a AS E aPl- A Pl ~ P' T

: (EP:P E 0T A PO ~ P:Succ(P) = Succ(P')))

(End of Definition)

Consider the state graphs of the processes PO and Pl. (Figure 1.3.2).

PO Pl

;/0~ 0

;/~ • • • •

bi bi~ bi bi~ • • • • •

di ei ei di

• • • • Figure 1.3.2: The state graphs of processes PO and Pl.

•

In spite of PO 6 Pl, we can think of a reason to differentiate between these

processes. Suppose we have a system that interacts via the actions a, b, c, d

- 15 -

and e with either process in the following way:

The interactions have no duration and they do not overlap. Moreover,

an interaction takes place if both the process and the system agree

on it.

Fi r st, the sys t em in t eracts with a process by action a. If the

process is then capable of interacting by action b as well as by

action C, the system wishes to interact by the actions band e

successively. Otherwise, the system

actions band d successively.

wishes to interact by the

If the system interacts with PO, it will encounter no problems. Yet by

interacting with PI a problem may arise. Suppose the system wishes to

interact by a, band e successively. The last interaction will never take

place, since PI only wishes to interact by d. The above suggests the

following equivalence relation.

Definition 1.3.6 (k-equivalence & ~-equivalence) For k, k i?:: 0,

k-equivalent) by:

we recursively define PO '" P1 k

PO '" P1 always holds o

For n, n i!! 1,

PO '" Pl n

=

( pronounce: PO and P1 are

(BP, s: P e Q II S e aPO· II PO ~ P: (EP' : P' e Q 1\ PI ~ P' : P '" P')) T T n-l

II

(BP' ,s: P' e QT

1\ S e aP1- 1\ P1 ~ P' : (EP: P e QT

1\ PO ~ P: P '" P' II n-l

PO and Pl are called i-equivalent, denoted by PO i PI, if and only if for all

k, k >: 0, PO '" PI. k

(End of Definition)

The following property shows the relations between the various equivalence

relations introduced so far.

Property 1.3.7

(0) PO i} Pl .. PO "'1Pl (1) PO ~ P1 .. PO ~ P1

(2) PO '" P1 2

.. PO 6 P1

(3) PO '" PI = (Bi: 0 '" i S k:PO '" Pl) , for k >: O. k I

- 16 -

Proof

The proof of (0) through (2) follows immediately from the definitions.

We only show, by induction on k, that (3) holds.

Base:For k = 0 and k = 1 the proof is trivial.

Step:For k = n + I, n ~ I, we have:

po" not

PI

= { Definition " k }

(BP,s:P e Q .. A S e aPO· 1\ PO ~ P: (EP' : P' e Q A PI ~ P' : P " P' » .. n

A (BP',s:p'e Q .. A S e aP1· A PI ~ P': (EP:P e Q 1\ po ~ P:P" P'» .. n

= {

= {

induction hypothesis }

po" not

PI

A (BP,s:Pe Q 1\ S e aPo· A .. A (BP',s:P'e Q 1\ S e aP1· ..

Definit ion " k

}

PO" PI A PO" PI n+l n

= { induction hypothesis}

PO ~ P: (EP' : P' e Q .. 1\

1\ PI ~ P' : (EP: P e Q ..

PO" PI A (Ai:O '" 1 :s n:PO "Pll n+l - 1

= { predicate calculus }

(Bi:O '" i :s n + l:PO " PI) I

(End of Proof and Property)

PI ~ P' : P" P' ) ) n-l

1\ PO ~ P: P" P' » n-l

Notice that each example preceding the definition of an equivalence relation

ensures that the implications in (0) through (3) may not be replaced by

equalities.

Referring to the constructive way in which i-equivalence is defined, it may

be asked whether there exists a simpler, recursively defined equivalence

relation with almost the same power of expression. Indeed, such a relation,

called bisimulation equivalence, exists.

Definition 1.3.8 (bislmulation)

A subset ~ of Q x Q is called a bisimulation if and only if for each pair .. .. (PO,PI) in ~ the following holds:

(BP,s:P e Q .. A S e ilPO· A PO ~ P: (Ep':P'e Q .. A PI ~ P': (P,P') e ~»

(AP' s:P'e Q AS e ilPI· A PI ~ P': (EP:P e Q 1\ PO ~ P: (P,P') e ~» _. 1: 1:.

(End of Definition)

- 17 -

Definition 1.3.9 (bisimulation equivalence)

PO and P1 are bisimulation equivalent, denoted by PO E P1, if and only if

there exists a bisimulation ~ such that (PO,P1) e ~

(End of Definition)

Bisimulation equivalence is a stronger equivalence relation on processes than

l-equivalence. Yet, a large class of processes exists for which they are the

same. The following theorem clarifies this. Preceding it, we first have to

introduce the notion non-divergent.

A process P is called non-divergent,

if for each s e aP' the set {POlpO e

Theorem 1. 3.10

denoted by non-divergent(P),

Q A P ~ PO} is finite. .,.

For all non-divergent processes PO and P1 in Q , we have .,. PO l P1 = PO E P1 - -

(End of Theorem)

if and only

The proof of this theorem is based upon the validity of two lemmata.

Lemma 1. 3. 11

Let P and P' be non-divergent processes.

Furthermore, let po and PI denote the sets of processes:

po = {POlpO e Q A (Es:s e ~P':P ~ PO)} .,. pI = {P11p1 e Q A (Es:s e ~P':P'~ P1)} .,.

Then, the set ~, ~ = {(PO, P1) I (PO, Pll e po x pI A PO ~ Pll}' is a

bisimulation.

Proof

We first observe that, since P and P' are non-divergent, the elements in po

and pI are also non-divergent.

The symmetry of the definition of bisimulation ensures that the following

derivation is sufficient to prove the lemma.

(PO, Pl) e ~

= { Definitions: ~ and l-equivalence }

PO e po A P1 e pI A (Bk:k ~ O:PO ~kP1)

~ { predicate calculus, Definitions: ~k' po and PI }

(Bk: k ~ 1:

: (BPO',s:PO'e po A S e ~PO' A PO ~ PO'

: (EP1' : PI' e PI A P1 ~ P1': PO' ~ P1' ))) k-l

- 18 -

= { P1 is non-divergent, Property 1.3.7.3 }

(BPO' ,s:PO'e po A S e aPO*A PO ~ PO'

: (EP1':P1'e pi A P1 ~ P1': (Bk:k ~

= { Definition ~ }

(BPO' ,s:PO'e po A S e ~PO·A PO ~ PO'

l:PO'.. P1'») '-1

: (EP1' : P1' e pi A P1 ~ P1' : (PO' ,P1') e ~»)

(*)

Notice that the equality marked by (*) boils down to stating that the

universal quantification may distribute over the existential quantification.

This is allowed, since the dummy P1' in the existential quantification ranges

over a finite set of processes (due to our assumption of non-divergence) and

Property 1.3.7.3 holds.

(End of Proof and Lemma)

Lemma 1.3.12

Let ~ be a bisimulation. Then, for each pair (PO,P1) in ~ we have PO l Pl.

Proof

According to the Definition of k-equivalence, it is sufficient to demonstrate

for each pair (PO,Pl) in ~ that (Bk:k ~ 0: PO

We prove it by mathematical induction on k.

Let (PO, PO e ~

'" Pl). k

Base: For k = 0 the proof is trivial, since each two processes are

O-equi valent.

Step:For k = n + 1, n ~ 1, we have

(PO, Pll e ~

= { Definition bisimulation }

A PO ~ PO' (BPO',s:PO'e Q~ A S e aPO·

: [EP1':P1'e Q A Pl ~

~ Pl':(PO',Pl') eM)

A (BP1' ,s:Pl'e Q A S e !!oPl· A P1 ~ Pl' ~

: (EPO':PO'e Q~ A PO ~ PO': (PO',Pl')

~ { induction hypothesis }

(BPO',s:PO'e Q~ A S e

: (EP1' : Pl' e Q ~

!!oPO· A PO ~ PO'

A P1 ~ Pl':PO'''' P1'»

A (BP1',s:Pl'e Q AS e ~

:(EPO':PO'eQ ~

= { Definition'" }

PO '" Pl n+1

k

(End of Proof and Lemma)

n

ePt- A PI ~ PI'

A PO ~ PO':PO'" Pl'» n

e ~»

- 19 -

1.4 Properties of Bisimulalion Equivalence

In this section we elaborate on bisimulation equivalence. Some of the

properties treated here may be extended to the other equivalence relations.

We start with the introduction of the notion after.

Definition 1.4.0 (after)

Let P be a process.

We denote by after(P) the set of

after(P) = {SiS e Qy A (Et:t e

(End of Definition)

processes defined t gP':P ~ S)}

Property 1. 4.1

For processes P and p'. such that P ~ P' , we have

(0) a:P B a:P' for action-symbol a, a

(1) nA B P' tA for alphabet A, A ~ A . y

(2 ) piS ~ p'IS for process S, S e Q. y

Proof

by

eA. y

To prove (0) through (2 l, we have to find for each case U), O:s i :s 2, a

bisimulation

(piS, p'IS) e B2

B I

such that (a:P,a:P') e Bo

' (PtA, P' tAl e B , and

We give B , Band B2

. It is left to the interested reader to verify that o , they satisfy.

There exists a bisimulation B, B ~ after(P) x after(P'), such that

(P,P') e B. Then, we define:

BO= B u {(a:P,a:P')}

B,= {(POtA,P1tA) I (PO,P1) e B}

B2= {(POISO,P1IS0) I (PO,P1) e B A SO E after(S)}

(End of Proof and Property)

Let P, P' and S be processes such that P 7l P'. Generally, we do not have

P + S B P'+ S. This is shown in the next example.

- 20 -

Example 1. 4. 2

Let PO and Pl be processes with alphabet {b} and whose state graphs are drawn

in Figure 1.4. O.

r-·.·.-.·--· .. -.----.--··i 'PO 'Pl

IT r--·Ib • _. __ ...... _ ...... _ .. __ ... _._.J •

Ib I • . ... _ .... _ ...... __ .. _ ......... _---_.j

Figure 1.4.0: The state graphs of processes PO and Pl.

There exists a bisimulation such that PO B P1. This bisimulation is made

explicit in Figure 1. 4. 0 by drawing for each pair of processes in the

bisimulation a dotted line between the with these processes corresponding

vertices.

Consider, furthermore, the process S, S: <Z,{c},{(Z,c:ZO), (ZO, NIL)}>. The

state graphs of PO + Sand Pl + S are drawn in Figure 1.4.1.

PO + S Pl + S

Yj 0

.~ c b c

• • Figure 1.4.1: The state graphs of processes PO + Sand Pl + S

Consider the vertex that can be reached in the state graph of PO + S by

performing an initial T action. The process associated with that vertex is

not bisimulation equivalent with any of the processes that correspond to the

vertices of the state graph of Pl + S. Hence, ,(PO ~ Pl).

(End of Example)

Property 1.4.3

Let PO and Pl be processes, and let A be an alphabet such that aPO n aPl ~ A.

We have:

(POlpl)tA ~ (POtA)I(PltA)

Proof

A bisimulation B that ensures the above is:

- 21 -

B = {«plp'ltA, (PtA)I(P'tA»lp e after(PO) A P'e after(Pll}

We will prove that this is indeed a bisimulation.

Let TO and TO' be elements of after(PO), let T1 and n' be elements of

after(P1), and let trace r be an element of A*. We derive

(Toln) tA ~ (TO'ln') tA

= { Definition hiding }

(Es:s e (aTO u aT1)* A stA = r: (TOIT1)

= { Definition composition}

• """"* (TO'ln'»

(Es,t,u:s e (aTO u aT1)* A stA = rAt = staTO A u = staT1

:TO ~ TO' A T1 ~ T1')

= { note }

r e «aTO u an) () A)* A (Et:t e aTO* A ttA rtaTO:TO t = """"* A (Eu: u e an* A utA = rtaT1:T1 ~ T1')

= { Definition hiding }

TO' )

r e «aTO u an) () A)* A TOtA rtaTO, TO' tA A T1tA rtaT1, T1' tA

= { r e A*, Definition composition}

(TOtAlntA) ~ (TO' tAln' tAl

Note

For traces t and u such that t e aTO*, u e aT1*, ttA = rtaTO and utA = rtaT1,

we clarify the implication:

TO ~ TO' A T1 ~ T1' Are «aTO u aT1) () A)*

(Es:s e (aTO u aT1)* A stA = rAt = staTO A u = staT1 t u :TO ==* TO' A T ==* T1')

Its validity is based upon the following observation. Let qO and q1 be

traces. The set that consists of the symbols out of which qO is composed is

denoted by sym(qO). Similarly, we define sym(q1). Then, we have

=

qOtsym(q1) = q1tsym(qO)

(Eq2:q2 e (sym(qO) u sym(q1»* A sym(q2) = sym(qO) u sym(q1)

:q2tsym(qO) = qO A q2tsym(q1) = q1)

This property is known as the Lift Theorem, and its proof can be found in

[5, p8-9).

- 22 -

The following derivation proves the implication:

TO ~ TO' A T1 ~ T1' Are «9TO u 9T1) n A)­

~ { Lift Theorem, ttA = rt9TO, utA = rt9T1 }

(EsO,sl:s0 e (sym(t) u sym(r»- A sl e (sym(u) u sym(r»­

:sym(sO) = sym(t) u sym(r) A sym(sl) = sym(u) u sym(r)

A sOtA = sltA = r A sOtsym(t) = t A sltsym(r) = u

Are «9TO u 9T1) n A)- A TO ~ TO'A T1 ~ T1'»

~ { Lift Theorem, set-calculus, 9TO n 9T1 ~ A }

(Es2:s2 e (9TO u 9T1)- A s2tA = rAt = S2t9TO A u = s2t9T1

:TO ~ TO' A T1 ~ T1')

(End of Proof and Property)

Property 1. 4. 4

Let PO, P1, SO and Sl be processes such that 9PO n ~SO = ~P1 n 9S1.

Furthermore, let AO and A1 be alphabets such that 9PO n 9S0 ~ AO ~ ~PO n ~P1,

~PO n 9S0 ~ A1 ~ gSO n 9S1, POtAO ~ P1tAO and SOtA1 B SltA1. Then

(POISO)t(AO u A1) ~ (P1IS1)t(AO u A1)

(POISO)t(AO u A1)

~ { ~PO n ~SO ~ AO u A1, Property 1. 4.3 }

POt(AO u A1)ISOt(AO u A1)

~ { (AO u A1) n 9PO = AO, (AO u A1) n 9S0 = A1 }

(POtAO) I (SOtA1)

~ { POtAO ~ P1tAO, SOtA1 ~ SltA1, Property 1.4.1.2 }

(P1 tAO) I (Sl tAl)

~ { (AO u A1) n 9PO = AO, (AO u A1) n 9S1 = A1 }

P1t(AO u A1)IS1t(AO u A1)

~ { 9P1 n ~Sl ~ AO u A1, Property 1.4.3 }

(P1IS1)t(AO u Al)

(End of Proof and Property)

2. DEADLOCK

2.0 Introduction

The phenomenon deadlock is treated in many articles and books concerning

parallelism. Informally, it may be defined by:

'Given a set of concurrently running mechanisms. This system has

danger of deadlock if it may stop while some of its components

still want to continue.'

Applying this informal definition to a system built out of concurrently

running mechanisms that never stop, we may phrase that such a system has

danger of deadlock alternatively:

'The system may stop.'

The latter formulation is frequently used in the literature, cf [3).

We continue with an example of a system that has danger of deadlock.

Example 2.0.0

Consider the three processes 00, RO and 50 with ~OO = {aO,bO}, ~RO = {al,bl}

and ~50 = {bO,bl}. Their state graphs are presented in Figure 2.0.0.

QO

[} RO 50 bO 51

o ---=.-=----+l •

Ibl Ibl [} bO • ---=.-=----+l • Ql Rl 52 53

Figure 2.0.0: The state graphs of the processes QO, RO and 50.

The process U is the composition of these processes, i.e. U = C({QO,RO,50}).

U (Figure 2.0.1) may be viewed as the specification of a system consisting of

two work-stations (specified by 00 and RO) and one computer (specified by

50). The action-symbols of ~(C({OO,RO,50}» correspond to the following

actions:

- 23 -

- 24 -

aO: a file is placed in the memory of the work-station specified by QO. bO: a file in the memory of the work-station specified by Ql is updated

by the computer.

al: as aO but for the work-station specified by Rl.

bl: as bO but for the work-station specified by Rl.

The system stops after it has performed six actions. Then, each of the

work-stations has a file in its memory that needs to be updated by the

computer. Hence, the system has danger of deadlock.

(End of Example)

(OOIROISO) (QlIROISO) (OOIROISl) (Ql!ROISll U:

aO bO aO 0 ) . ) . ) .

all all all all

(ooIRqSO) (QqRqsO) (oolRqSll (QqRqSll aO bO aO • ) . ) . ) .

bll bll bll bll

(OOI RO IS2) (Q1 IRO IS2) (QOIRO IS3) (Qq Ro IS3) aO bO aO • ) . ) . ) .

all all all all

aO bO aO • ) . ) . ) . (QOIRl IS2) (QqRqS2) (ooIRqS3) (QqRqS3)

Figure 2.0.1: The state graph of process u.

From the processes 00, RO, SO and U, it can be derived that the system in the

above example has danger of deadlock. This is made explicit in the following

sections.

We conclude this section with some notions needed throughout the remainder of

this report.

First, the notion successor-set is redefined. In section 1. 3. 2 the

successor-set of a process denotes the maximal set of non T actions this

-----,-_ ..

- 25 -

process may perform next. Henceforth, it is defined by:

Succ(P) = {ala e A A (EP':P'e after(P) A P ~ P')} T

We say that P is non-terminating if and only if for each PO, PO e after(P),

Succ(PO) ~ 121.

Let X be a set of processes in which no two elements have the same alphabet.

By restricting ourselves to processes in Q, the definition of composition T

states that with each process T, T e after(C(X)), several sets of processes

may be associated. Informally, each of these sets denotes the states that the

components of system X may be in, while the composite is in state T. In the

sequel, we wish to address each process in after(C(X)) together with all its

corresponding sets of processes. Therefore, the notion after is modified.

Each process U, U e after(C(X)), is assumed to occur as many times in

after(C(X)) as there are 'sets of processes associated with U. Hence,

after(C(X)) becomes a bag. We implicitly assume some sort of one to one

mapping between the processes U in after(C(X)) and the with U associated sets

of processes. Then, e(V,P,X), P e X and Ve after(C(X)), denotes the unique

element of after(P) that occurs in the with V associated set of processes.

2.1 Locked and Lockfree

Throughout the remainder of this report, X is a set of processes and P is an

element of X. Furthermore, only processes Q with a finite number of elements

in the set after(Q) are considered.

We start by formalizing the informal definition of danger of deadlock by the

concept lockfree.

Definition 2.1.0 (locked)

locked(P,X)

=

(ET:T e after(C(X)):Succ(T) # 121 A Succ(e(T,P,X)) ~ 121)

(End of Definition)

Definition 2.1.1 (lockfree)

lockfree(X) = (BP:P e X:~locked(P,X))

(End of Definition)

If ~lockfree(X) holds, we say that the system specified by X has danger of

peiqg locked.

Property 2.1.2

lockfree(e)

lockfree ({P})

- 26 -

, for any process P

(0)

(1)

(2) C(X) is non-terminating ~ lockfree(X)

(End of Property)

Property 2.1.3

Let PO be a process in after(C(X». We then have

Succ(PO) ~ (UT:T e X:Succ(e(PO,T,X»)

Proof

a e Succ(PO)

= { Definition Succ(P) }

a e {bib e AT A (EP':P'e after(PO):PO ~ P')}

= { set calculus }

a e A A (EP':P'e after(C(PO»:PO ~ P')} T

~ { PO e after(C(X), Definition composition}

(ET:T e X:a E A A (EP':P'E after(T):e(PO,T,X) ~ P')} T .

= { Definition Succ(P) }

(ET:T E X:a E Succ(e(PO,T,X»)

= { set calculus }

a E (UT:T E X:Succ(e(PO,T,X»)

(End of Proof and Property)

Property 2.1.4

lockfree(X)

=

1 >

(BPO:PO E after(C(X»: (Succ(PO) = e) = (BT:T E X:Succ(e(PO,T,X» = e»

lockfree(X)

= { Definition lockfree }

(BT:T e X:~locked(T,X»

= { Definition locked}

(BT:T E X: (BPO:PO E after(C(X»:Succ(PO) * e v Succ(e(PO,T,X»

= { predicate calculus }

(BPO:PO E after(C(X»:Succ(PO) = " ~ (BT:T E X:Succ(e(PO, T,X»

= { Property 2.1.3 }

= e))

= e»

- 27 -

(BPO:PO e after(C(X»: (Succ(PO) = 0) = (BT:T e X:Succ(e(PO,T,X» = 0»

(End of Proof and Property)

Theorem 2.1.5

Let X be a set of processes. For each process T, T e X, T denotes the process

C(X\{T}). Then A

lockfree(X) =(BT:T e X:lockfree({T,T}»

lockfree(X)

= { Definition lockfree }

(BT:T e X:,locked(T,X»

= { note } A A

(BT:T e X:,locked(T,X» A (BT:T e X :,locked(T,{T,T}» A A

= { C(X) = C({T,T}), T e {T,T}, Definition locked} A A A

(BT:T e X:,locked(T,{T,T}» A (BT:T e X:,locked(T,{T,T}»

= { predicate calculus, Definition lockfree } A

(BT:T e X:lockfree({T,T}»

We prove: A A

(BT:T e X:,locked(T,X» ~ (BT:T e X:,locked(T,{T,T}»

For any T, T E X, we derive: A A

locked(T, {T, T})

= { Definition locked} A A A

(EPO:PO e after(C{T,T}):Succ(PO) = 0 A Succ(p(PO,T,{T,T}» * 0)

~ { C({T,T}) = C(X), Property 2.1.3 }

(EPO:PO e after(C(X»:Succ(PO) = 0 A (EU:U e X\{T}:Succ(e(PO,U,X» * 0»

= { predicate calculus, Definition locked}

(EU:U e x\{T}:locked(U,X»

~ { predicate calculus }

(EU:U e X:locked(U,X»

(End of Proof and Theorem)

- 28 -

Example 2.1.6

Consider the three processes 00, RO and SO that were introduced in example

2.0.0.

Let X = {OO,RO,SO}, and let PO be the process that corresponds to the

composition of the elements in {Q1,R1,S3}.

As it can be derived from Figure 2.0.1, PO is an element of after(C(X».

Since Succ(PO) = e and Succ(Q1) * e, we conclude locked(OO,X) and

locked (00, {OO,C(x\{OO})}).

(End of Example)

Example 2.1.7

Consider the processes va, va and WO. Their alphabets only contain the

action-symbols that label the arcs of their state graphs (Figure 2.1.0).

Let X = {VO,VO,WO}.

Each vertex in the state graph of C(X) (Figure 2.1.1) has at least one

outgoing arc. Hence, C(X) is non-terminating. Moreover, Property 2.1.2.2

yields lockfree(X).

(End of Example)

UO

V2 VI

WI

• V2

vo

• V1

Figure 2.1.0: The state graphs of the processes va, va and WI.

- 29 -

(U2IVOIW2) (UlI VO IWll C(X) :

:y.~;y.~ (U2IV2IWO) a (UOIVOIWO) b (UIIVIIWO)

• ) 0 E •

~/O~/, • •

(UOIV2IW4) (UOIVIIW3)

Figure 2.1.1: The state graph of process C(X).

2.2 Construction of lockfree systems

It is difficult to determine whether a system that is specified by a set X of

processes has danger of being locked. If X only consists of non-terminating

processes, we may proceed as in example 2.1.7. A more general method is

presented in this section.

Lemma 2.2.0

Let X and Y be sets of processes such that X A Y = 0 and lockfree(X). Then

~locked(C(X),{C(X),C(Y)}) = (BT:T e X:~locked(T,X u Y))

~locked(C(X),{C(X),C(Y)})

= { Definition locked}

(BPO:PO e after(C({C(X),C(Y)}))

:Succ(PO) * 0 v Succ(e(PO,C(X),{C(X),C(Y)})) = 0)

= { lockfree(X) }

(BPO:PO e after(C({C(X),C(Y)}))

:Succ(PO) * 0 v (BT:T e X:Succ(e(e(PO,C(X),{C(X),C(Y)}),T,X)) = 0))

= { C({C(X),C(Y)}) = C(X u y) }

(BPO:PO e after(C(X u Y))

:Succ(PO) * 0 v (BT:T e X:Succ(e(PO,T,X u Y)) = 0))

= { predicate calculus, Definition: locked}

(BT:T e X:~locked(T,X u y))

(End of Proof and Lemma)

- 30 -

The following theorem shows how to build larger lockfree systems out of

smaller ones.

Theorem 2.2.1

Let both X and Y be a set of processes such that X n Y = 0, lockfree(X) and

lockfree(Y). We have:

lockfree({C(X),C(Y)} = lockfree(X u Y)

lockfree({C(X),C(Y)})

= { Definition lockfree }

~locked(C(X),{C(X),C(Y)}) A ~locked(C(Y),{C(X),C(Y)})

= { Lemma 2.2.0 }

(BPO: PO e X:~locked(PO,X v Y)) A (BPO:PO e Y:~locked(PO,X v Y))

= { predicate calculus, Definition lockfree }

lockfree(X v Y)

(End of Proof and Theorem)

Using Theorem 2.2.1 and Properties 2.1. 2.1 and 2.1.2.2, we may be able to

determine for a finite set X of processes whether lockfree (X) holds. To

explain this further, the notion of partition-tree is introduced.

A partition-tree of X is a finite binary tree in which the nodes are labelled

by non-empty subsets of X. The root of the tree is labelled by X. Each node

that is not a leaf is labelled by the union of the sets that label this

node's children. Furthermore, each leaf is labelled by a singleton such that

each two different leaves have different labels.

Example 2.2.2

For the set X, X = {XO, Xl, X2}, of processes, the following graph is a

partition-tree of X.

{XO,X1,X2}

1....---·

/~ • {XO} • {Xl}

1 •

Figure 2.2.0: A partition-tree of X.

{X2}

- 31 -

Notice that several partition-trees of X exist.

(End of Example)

From Property 2.1.2.1, we infer that the singletons that label the leaves of

a partition-tree of X are lockfree. If such a tree can be traversed from

leaves to root using Property 2.1.2.2 and Theorem 2.2.1, lockfree(X) holds.

Example 2.2.3

Consider the processes PO, QO, RO and SO. Their alphabets only contain those

action-symbols that label the arcs in their state graphs (Figure 2.2.1)

PO o

QO RO SO

/j. • E b •

[} [} [} P2 Q1 R1 S1

Figure 2.2.1: The state graphs of processes PO, QO, RO and SO.

Let X = {PO,QO,RO,SO}.

Lockfree(X) can be proven using the following partition-tree.

{PO,QO,RO,SO}

!r--- • ---""1

~~R;;}1 f{Qo~s;;}1 •

{PO} •

{RO} •

{QO} •

{SO}

Figure 2.2.2: A partition-tree of X.

Since ilPO " ilRO = 121 and PO as well as RO is non-terminating, C( {PO, RO}) is

non-terminating. Property 2.1.2.2 then states lockfree({PO,RO}).

Similar reasoning yields lockfree({QO,SO}).

It is easily verified that lockfree({C({PO,RO}),C({QO,SO})}).

Hence, we may conclude from Theorem 2.2.1 that lockfree(X) holds.

(End of Example)

The above strategy does not always work. There are lockfree systems for which

a proper partition-tree can not be found. The following example shows such a

system.

- 32 -

Example 2.2.4

Let us consider the processes QO, RO and SO such that

gQO = {a,b,c,d,e,f}

gRO = {a,b,c,d,e,g}

~SO = {a,b,c,d,e,h}

Their state graphs are presented in Figure 2.2.3.

QO RO

R3

a a

SO

/Id~ • S1 c..; S2 ~S3

a

Figure 2.2.3: The state graphs of processes QO, RO and SO.

Let X = {QO,RO,SO}.

For each subset Z of X that consists of two elements of X, ,lockfree(Z)

holds. So, in spite of lockfree (X), there does not exist a partition-tree

by which we may prove it.

(End of Example)

2.3 A substitution property.

Generally, the system that is obtained by replacing a process in a lockfree

system by a bisimulation equivalent one is not lockfree. The following

example demonstrates this.

Example 2.3.0

Consider the processes PO, QO and RO such that ~PO = gQO = {a,b,c} and

~RO = {a,b,c,d}. Their state graphs are presented in Figure 2.3.0.

From the definition of bisimulation equivalence, we may conclude that

PO ~ QO.

Furthermore, it is easily seen that 10ckfree({PO,RO}) and ,lockfree({QO,RO})

- 33 -

hold.

PO QO RO

fa 01C

° d la

eQ1 eQ3 '==+ eR1

Ib Ib eQ2 eR2

Ic eR3

Figure 2.3.0: The state graphs of the processes PO, QO and RO.

(End of Example)

The above suggests that bisimulation equivalence does not sufficiently

distinguish between processes on the occurrences of T'S. We make this

explicit by presenting a stronger equivalence relation, called livelock

bisimulation equivalence, on processes. Successively, we present in Theorem

2.3.3 the conditions under which a lockfree system stays lockfree after one

of its process is substituted for another.

Definition 2.3.1 (livelock)

Let P be a process.

We say that P may have livelock, denoted by livelock(P), whenever the

following predicate holds:

(EP' ,s:P'e after(P) A s e {T}+:P ~ P' A P'~ P')

Henceforth, ,livelock(P) is denoted by livelockfree(P).

(End of Definition)

When a process P may have livelock, it boils down to the fact that P may

continue infinitely performing only T actions.

Using the concept l1velock, we now define a new equivalence relation on

processes. This relation is called livelock bisimulation equivalence, and it

is a stronger relation than bisimulation equivalence.

- 34 -

Definition 2.3.2 (livelock bisimulation equivalence)

Two processes PO and PI are called livelock bisimulation equivalent, denoted

by PO !!L PI, if and only if there exists a bisimulation /3 such that

(PO,Pl) e /3 and for all pairs (U,V) in /3 livelock(U) = livelock(V).

(End of Definition)

Without proof, we state that by restricting ourselves to processes P with

after(P) finite, all properties derived in section 1.4 also hold for livelock

bisimulation equivalence.

Theorem 2.3.3

Let TO, Tl and S be processes such that ~TO n ~S = ~Tl n ~S.

Furthermore, let A be an alphabet such that ~TO n ~S !;; A !;; ~TO n ~Tl and

TO~A !!L Tl~A. We have:

lockfree({TO,S}) = lockfree({Tl,S})

Proof

Since TO~A !!L Tl~A, there exists a proper bisimulation /3 for it.

According to Property 1.4.4 (TOIS)t(A u ~S) !!L (T1IS)t(A U ~S).

Applying Property 1.4.1.2 makes it obvious that a corresponding bisimulation

r is: {((POISO), (PtlSO»1 (PO,Pl) e /3 A SO e after(S)}

We will only derive locked(TO,{TO,S}) = locked(Tl,{Tl,S}), because then the

proof of locked(S,{TO,S}) = locked(S,{Tl,S}) will be trivial.

locked(TO, {TO,S})

= { Definition locked}

(EP:P e after(C({TO,S}»:Succ(P) = 0 A Succ(e(P,TO,{TO,S}» ~ 0)

= { set calculus, Definition composition}

(EP:P e after(C({TO,S}»

:Succ(P) = 0 A (Ea:a e ~TO n ~S:a e Succ(e(P,TO,{TO,S}»»

= { note }

(EP:P e after(C({Tl,S}»

:Succ(P) = 0 A (Ea:a e ~Tl n ~S:a e Succ(e(P,Tl,{Tl,S}»»

= { set calculus, Definition composition}

(EP:P e after(C({Tl,S}»:Succ(P) = 0 A Succ(e(P,Tl,{Tl,S}» ~ 0)

= { Definition locked}

locked(Tl,{Tl,S})

- 35 -

Note

We prove that

(EP:P e after(C({TO,S}»

:Succ(P) = 0 A (Ea:a e ~TO n ~S:a e Succ(e(P,TO,{TO,S}»»

(EP:P e after(C({Tl,S}»

:Succ(P) = 0 A (Ea:a e aTl n as:a e Succ(e(P,Tl,{Tl,S}»»

For reasons of symmetry, the converse is omitted.

Let P be a process in after<C( {TO, S}» such that Succ(P) = 0 and

Succ(e(P,TO,{TO,S}» contains an element of aTO n as.

From (TOIS)t(A v as) ~L (Tl!S)t(A vaS) and P e after(C({TO,S}»). it is

inferred that there exists a process Q, Q e after(C({Tl,S}», such that:

(Pt(A v as),Qt(A v ~S» e r

Since Succ(P) = 0 and aTl n as ~ A, the definitions of composition, hiding

and live lock bisimulatlon equivalence state that there exists a process Q'

such that Q ~ Q' (t e (~Tl\A)'), (Pt(A v as»,Q't(A v ~S» e rand

Succ(Q') = 0.

According to the definition of r, processes PO and a process QO exist such

that PO = e(P,TO,{TO,S}) and QO = e(Q',Tl,{Tl,S}).

Since ~TO n as ~ A and Succ(PO) contains an element of aTO n as, Succ(POtA)

contains an element of ~TO n as. Furthermore, it may be concluded from

Succ(Q') = 0 and the definitions of composition and hiding that

Succ(QOtA) ~ aTl n ~S.

Then, we infer from (POtA,QOtA) e ~ and aTO n as = ~Tl n ~S that Succ(QOtA)

contains an element of aTl n as. Hence Succ(QO) contains an element of

aTl n as.

(End of Proof and Theorem)

- 36 -

Theorem 2.3.3 may be generalized.

Theorem 2.3.4

Let X be a set of processes, let P be an element of X, and let Q be a

process. Assume that Q ~ X\{P} and aC(X\{P}} naP = gC(Y\{Q}) n aQ.

Furthermore, let A be an alphabet such that aC(X\{P}) n aP ~ A ~ aP n aQ and

PtA ~L QtA.

If Y denotes the set X of processes in which P is substituted for Q, we have

lockfree(X) = lockfree(Y)

lockfree(X)

= { Theorem 2. 1. 5 }

(ST:T e X:lockfree({T,C(x\{T})}))

= { note },

(ST:T e X:lockfree({T,C(y\{T})}))

= { Theorem 2. 1. 5 }

lockfree(Y)

Note

This equality is based upon two observations.

First: C(x\{P}) = C(Y\{Q}), ptA ~L QtA and Theorem 2.3.3 yields

lockfree({P,C(X\{P})}) = lockfree({Q,C(Y\{Q})})

Second: Let T e x\{P} (and thus T e Y\{Q}).

Easily, it is seen that aT n aC(x\{T}) = aT n aC(y\{T}).

Furthermore, notice that aC(x\{T,P}) u A = i1,C(y\{T,Q}) u A.

and i1,T n i1,C(x\{T}) ~ aC(x\{T,P}) u A ~ aC(x\{T}) n aC(y\{T}).

From Property 1.4.2.2 and Property 1.4.3, we infer that

C(x\{T})t(aC(x\{T,P}) u A) ~L C(y\{T})t(i1,C(y\{T,Q}) u A)

Then Theorem 2.3.3 states:

lockfree({T,C(x\{T})}) = lockfree({T,C(y\{T})})

(End of Proof and Theorem)

P.J. de Graaff [2) has shown that within each class of bisimulation

equivalent processes there exists a unique process Whose state graph has the

smallest number of vertices and arcs from all the other processes. An

algorithm exists that computes for a given process this unique

representative. The algorithm is called the minimization algorithm for

bisimulation equivalence. Without going into further details, we state that

- 37 -

the above can be extended to livelock bisimulation equivalence.

The complexity of computing lockfree(X) is proportional to the total number

of arcs and vertices of the state graphs that correspond to the processes in

X. Theorem 2.3.4 and the minimization algorithm for livelock bisimulation

equivalence may be used to reduce the complexity of computing lockfree(X).

2.4 Deadlockfree

In section 2.0, we informally defined danger of deadlock in a system built

out of concurrently running mechanisms. Unfortunately, this definition does

not cover all the aspects that are generally implied by danger of deadlock.

Consider a system built out of two or more SUbsystems. Each two subsystems do

not interfere in one another's behaviour. Intuitively, this system has danger

of deadlock if and only if one or more of the subsystems have danger of

deadlock. Yet, let one of these separate subsystems have danger of deadlock

while another never stops. Then, the composite system never stops. Although

this system has danger of deadlock, the informal definition states otherwise.

The above and Property 2.1.2.2 yields that the concept lockfree is a to weak

predicate to state whether or not a system has danger of deadlock. Therefore,

we present in this section an other concept, called deadlockfree, that

resolves our objections against the concept lockfree.

Definition 2.4.0 (connected)

connected (X)

=

(BY:Y ~ X A Y ¢ 0 A Y ¢ X:gC(Y) n gC(x\Y) ¢ 0 )

(End of Definition)

Definition 2.4.1 (maximal connected)

Let X be a set of processes, and let Y be a subset of X. We define:'

maximal connected(Y,X) = connected(Y) A (BP:P e x\Y:, connected(Y v {P}»

(End of Definition)

Definition 2.4.2 (deadlockfree)

deadlockfree(X) = (BY:Y ~ X A maximal connected(Y,X):lockfree(Y»

(End of Definition)

Property 2.4.3

deadlockfree(X) • lockfree(X)

(End of Property)

- 38 -

3. OTHER CONCEPTS

3.0 Introduction

In the previous chapter, we have introduced the concept deadlockfree to

describe the presence or absence of deadlock in a system built out of

concurrently running mechanisms. Similarly, properties related to danger of

deadlock may be formalized. In this chapter, two of these properties, called

danger of being disabled and danger of being ignored, will be presented. A

short treatment of each of them is given. For more information about these

concepts and their extensions to actions, the reader is referred to [4].

3.1 Disablefree

Consider a system that has performed actions up to some moment in time.

From this moment on, a not yet terminated component of the system can never

again participate in whatever actions the system shall perform. One might say

that this component has danger of being disabled by the system. We formalize

this property as follows:

Definition 3.1.0 (disabled)

disabled(P,X)

=

(ET: T e after(C(X)

:Succ(E(T,P,X») e P(aP n aC(X))'{{e}}

A (BT':T'e after(T):Succ(T') naP = e»

(End of Definition)

Definition 3.1.1 (disablefree)

disablefree(X) = (BP:P e X:~disabled (P,X))

(End of Definition)

The concept disablefree is stronger than the concept deadlockfree.

If we replace each occurrence of lockfree in the properties 2.1.2. a and

2.1. 2. 1 and in the theorems 2.1.5, 2.3.3 and 2.3.4 by disablefree, these

properties and theorems are still correct. Unfortunately, substituting

- 39 -

- 40 -

each occurrence of lockfree for disablefree in Theorem 2.2.1 yields a theorem

that does not hold. Hence, we do not have a construction theorem that shows

how larger disablefree systems may be built from smaller ones.

3.2 Ignorefree

A disablefree system may always perform a sequence of actions such that each

not terminated component participates in one of these actions. However, this

does not imply that for each not terminated component the system can only

perform a finite number of actions in which this component does not

participate.

When a system may continuously perform actions in which a not terminated

component does not participate, we say that that component may be ignored by

the system. This will now be formalized.

Definition 3.2.0 (ignored)

Let X be a set of processes and let P be a process in X.

For each process T, T E after(C(X», Tp denotes

C({Qi (EV:V E X'-{P}:Q = e(T,V,X)}).

Then, we define:

ignored(P,X) = locked(P,X) v processlivelock(P,X)

where processlivelock(P,X) denotes:

the

(ET:T E after(C(X»:Succ(e(T,P,X» ~ 0 A livelock(T taC(X'-{P}») p

(End of Definition)

Definition 3.2.1 (jgnorefree)

ignorefree(X) = (BT:T E after(C(X»:,ignored(T,X»

(End of Definition)

process

When (BT:T E X:,processlivelock(T,X» is abbreviated by systemlivelockfree(X)

, the following theorem is self evident.

Theorem 3.2.2

ignorefree(X) = lockfree(X) A systemlivelockfree(X)

(End of Theorem)

Furthermore, it is easily seen that ignorefree is a stronger concept than

disablefree.

In Properties 2.1. 2. 0 and 2.1. 2.1 and in Theorem 2.1.5, all occurrences of

lockfree may be replaced by systemlivelockfree, without changing the

- 41 -

correctness of these properties and theorems. If we add to Theorem 2.2.1 that

C(X) and C(Y) are non-terminating, to Theorem 2.3.3 that both TO and T1 are

non-terminating and to Theorem 2.3.4 that P and Q are non terminating, these

modified theorems also hold if we replace in them all occurrences of lockfree

by systemlivelockfree.

Theorem 3.2.2 ensures that all the modified properties and theorems that are

presented in this section also hold if we replace in them all occurrences of

systemlivelockfree by ignorefree.

This section is concluded by presenting a theorem that shows how a larger

disablefree system may be built out of two ignorefree systems.

Theorem 3.2.3

Let X and Y be processes such that C(X) and C(Y) are non-terminating,

X n Y = ~, and ignorefree(X) and ignorefree(Y). Then

disablefree({C(X),C(Y)}) = disablefree(X u Y)

(End of Theorem)

4. CONCLUSIONS

In this report, we have combined mayor features of CCS and Trace Theory into

a new formalism. The central notion in this formalism is called process. It

is used to specify the behaviour of systems. Like CCS, we do not exclude

non-determinism in the specification of the behaviour of a system.

Furthermore, the specification of the behaviour of a larger system is

obtained from the specifications of the system's components in a way similar

to the one used in Trace Theory. We have introduced the T-action. Contrary

to CCS, T-actions are not used to specify the interaction between two

systems. They are only used to abstract from certain actions of a system.

Besides presenting a formalism, we have also given a summary of some

equivalence relations on the universe of processes. Furthermore, a concept is

presented that describes when a system has danger of deadlock. A theorem is

given that shows how larger deadlockfree systems may be built out of smaller

ones. Conditions are stated under which a system without danger of deadlock

stays deadlockfree after one of its processes is substi tuted for another.

Finally, the same is performed for other deadlock-like properties.

Further research will be focused on putting the results in this report into

practice. Concretely, this means that the investigation alms to embed the

results into some sort of top-down design trajectory for a class of

concurrent systems. The important aspect in this trajectory will be a

meaningful decomposition of a system that is hard to design into components

that are easier to design. By a meaningful decomposition, we emphasize the

point that the composite behaviour of the components has to correspond to the

behaviour of the system to be designed. For instance, decomposition may not

introduce deadlock.

Acknowledgements:

The author is indebted to anyone who somehow has contributed to this report.

Special thanks are due to P.J. de Graaff, A.F.P. van Putten, H.H.M. van de

Weij and M.R.M. Winter for their fruitful comments.

- 42 -

5. REFERENCES

[1] Brookes, S.D. and C.R. Rounds

Behavioural Equivalent Relations Induced By Programming Logics

Internal report (CMU-CS-83-112), Department of Computer Science,

Carnegie Mellon University,

Pittsburgh, Pennsylvania, 1983

[2] Graaff, P.J. de,

Some notes on observation equivalence

Faculty of Electrical Engineering,

Digital Systems Group (EB),

Eindhoven University of Technology,

Personal communications

[3] Hoare, C.A.R.

Communicating Sequential Processes,

Prentice-Hall International Series in Computer Science,

Englewood Cliffs, New Jersey, 1985

[4] Huis in 't Veld, R.J.

Deadlock properties expressed in terms of Trace Theory

M. Sc. -thesis, Faculty of Mathematics and Computing Science,

Eindhoven University of Technology, 1987

[5] Kaldewaij, A.

A Formalism for Concurrent Processes

Ph. D. -thesis,

Eindhoven University of Technology, 1986

[6] Milner, R.

A Calculus of Communicating Systems

Lecture Notes in Computer Science, vol. 92

Berlin: Springer, 1980

- 43 -

£indhoven University of Technology Research Reports faculty of Electrical Engineering

ISSN 0167-9708 Coden: TEU£DE

( 1711

( 1721

(173 )

(174)

( 175)

( 176)

( 177)

(178)

(179)

(1801

(181 )

Monnee, P. and M.H.A.J. Herben MLITJnn5LE-8EAM GROUNOSTAT~FLECTOR ANTENNA SYSTEM: A preliminary study. EUT Report 87-E-171. 1987. ISBN 90-6144-171-4

Bastiaans, M.J. and A.H.M. Akkermans ERROR REDUC110N IN lWO-OIMENSloNAl PULSE-AREA MOOULA110N, WIIH APPLICATION TO COMPUTER-GENERATED TRANSPARENCIES. EUI Report 87-E-172. 1987. ISBN 90-6144-172-2

Zhu Yu-Cai on-A BDUND OF THE MODELLING ERRORS OF BLACK-BOX EUT Report 87-E-173. 1987. ISBN 90-6144-173-0

TRANSFER FUNCTION ESTIMATES.

Berkelaar, M.R.C.M. and J.F.M. Theeuwen TECHNOLOGY MAPPING FROM BOOLEAN EXPRESSIONS 10 STANDARD CELLS. EUT Report 87-E-174. 1987. ISBN 90-6144-174-9

Janssen, P.H.M. FURl HER RESULTS ON THE McMILLAN DEGREE AND THE KRONECKER EUT Report 81-E-175. 1987. ISBN 90-6144-175-7

INDICES OF ARMA MODELS.

Janssen, P.H.M. and P. Stoiea, T. Soderstrom, P. E~khOff MODEL STRUCTURE SELECTI~ MULTIVARIABLE SYSTEM BY CROSS-VALIDATION METHODS. EUT Report 87-E-176. 1987. ISBN 90-6144-176-5

Stefanov, B. and A. Veefkind, L. Zarkova ARCS IN CESIUM SEEDED NOBLE GASES RESULTING FROM A MAGNETICALLY FIELD. EUT Report 87-E-177. 1987. ISBN 90-6144-177-3

Janssen, P.H.M. and P. Stoica

INDUCED ELECTRIC

ON THE EXPECTATION OF THE PRODUCT OF FOUR MATRIX-VALUED GAUSSIAN RANDOM VARIABLES. EUT Report 87-E-178. 1987. ISBN 90-6144-178-1

Lieshout, C.J.P. van and L.P.P.P. van Cinneken GM: A gate matrix layout generator. EUT Report 87-E-179. 1987. ISBN 90-6144-179-X

Cinneken, L.P.P.P. van GRIDLESS RoUTING FOR GENERALIZED CELL ASSEMBLIES: EUT Report 87-E-180. 1987. ISBN 90-6144-180-3

Report and user manual.

Bollen, M.H.J. and P.T.M. Vaessen ~NCY SPECTRA FOR ADMITTANCE ANO VOLTAGE TRANSFERS MEASUREO ON A THREE-PHASE POWER TRANSFORMER. EUT Report 87-E-181. 1987. ISBN 90-6144-181-1

(182) Zhu Yu-C.i ~CK-BOX IDENTIFICATION OF MIMO TRANSFER FUNCTIONS: Asymptotic properties of prediction error models. EUT Report 87-E-182. 1987. ISBN 90-6144-182-X

(183) Zhu Yu-C.i

(184 )

( 185)

on-THE BOUNDS OF THE MODELLING ERRORS OF BLACK-BOX MIMO TRANSFER FUNCTION ESTIMATES. EUT Report 87-E-183. 1987. ISBN 90-6144-183-8

Kadete, H. ENHANCEMENT OF HEAT TRANSFER BY CORONA WIND. EUT Report 87-E-184. 1987. ISBN 90-6144-6

Hermans, P.A.M. and A.M.J. Kwaks, r.v. Bruza, J. Di~b THE IMPACT OF TELECOMMUNICA~ON RURA~AS IN 0 ELOPING COUNTRIES. EUT Report 87-E-185. 1987. ISBN 90-6144-185-4

(186) Fu Yanhong

( 187)

THE INFLUENECE OF CONTACT SURFACE MICROSTRUCTURE ON VACUUM ARC STABILITY AND ARC VOLT AGE. EUT Report 87-E-186. 1987. ISBN 90-6144-186-2

Kaiser, F. and L. Stok, R. van den Born DESTCN AND IMPLEMENTATION OF A MODULE LIBRARY TO SUPPORT THE STRUCTURAL SYNTHESIS. EUT Report 87-E-187. 1987. ISBN 90-6144-187-0

Eindhoven University of Technoloqy Research Reports Faculty of Electrlcal Enqineerlng

ISSN 0167-9708 Coden: TEUEDE

( 188)

(189)

Jozwiak, J. THE FuLL DECOMPOSITION OF SEQUENTIAL MACHINES WITH THE STATE AND OUTPUT BEHAVIOUR REALIZATION. EUT Report 88-E-188. 1988. ISBN 90-6144-188-9

Pineda de Cyvez, J. ALWAys: A system for wafer yield analysis. EUT Report 88-E-189. 1988. ISBN 90-6144-189-7

(190) Siuzdak, J. OpllCAL COUPLERS FOR COHERENT OPTICAL PHASE DIVERSITY SYSTEMS. EUT Report 88-E-190. 1988. ISBN 90-6144-190-0

(191) Bastiaans, M.J. LOCAL-FREQUENCY DESCRIPTION OF OPTICAL SIGNALS AND SYSTEMS. EUT Report 88-E-191. 1988. ISBN 90-6144-191-9

(192)

(193)

Worm, S.C.J. AlMULTI-FREQUENCY ANTENNA SYSTEM FOR PROPAGATION EXPERIMENTS WITH THE OLYMPUS SATELLITE. EUT Report 88-E-192. 1988. ISBN 90-6144-192-7

Kersten, W.F.J. and G.A.P. Jacobs ANALOG AND DIGITAL SIMULATI~LINE-ENERGIZING OVERVOLTAGES AND COMPARISON WITH MEASUREMENTS IN A 400 kV NETWORK. EUT Report 88-E-193. 1988. ISBN 90-6144-193-5

(194) Hosselet, L.M.L.F. MARTINUS VAN MARUM: A Dutch scientist in a revolutionary time. EUT Report 88-E-194. 1988. ISBN 90-6144-194-3

(195) Bondarev, V.N.

( 196)

ON SYS1EM IDENTIFICATION USING PULSE-FREQUENCY MODULATED SIGNALS. EUT Report 88-E-195. 1988. ISBN 90-6144-195-1

Liu Wen-Jiang, Zhu Yu-Cai and Cai Da-Wei MODEL BUILDING FOR AN INGOT HEAfTNG PROCESS: Physical identification approach. EUT Report 88-E-196. 1988. ISBN 90-6144-196-X

modelling approach and