Event structure semantics of (controlled) reversible CCS
Introduction
Reversible process calculi have been studied in works such as [7], [9], [11], [18], [19], [26]. One feature of such reversible processes compared to forward-only processes is their sensitivity to true concurrency distinctions [25]. For instance, using CCS notation, the processes and , which are respectively a parallel composition and a choice between two orderings of events, are equivalent under interleaving semantics; however in a reversible setting we can distinguish them by noting that allows us to perform a followed by b and then to reverse a, which is impossible for . This motivates us to use event structures [24] to formulate a truly concurrent semantics of a reversible process calculus.
Two reversible forms of CCS have been proposed, both using uncontrolled reversibility: RCCS [9] and CCSK [26]. RCCS creates separate memories to store past (executed) actions, what is known as dynamic reversibility, while CCSK annotates past actions with keys within the processes themselves, known as static reversibility. We formulate an event structure semantics for CCSK rather than RCCS, since the semantics for past and future actions can be defined in a similar manner, rather than having to encompass both processes and memories. We note that Lanese et al. [16], [22] showed that RCCS and CCSK can be encoded in one another, meaning one can use their encoding in conjunction with our event structure semantics to obtain an event structure semantics for RCCS.
Event structures are a model of true concurrency and have been used for modelling forward-only process calculi [3], [6], [31]. Describing reversible processes as event structures gives us a simple representation of the causal relationships between actions and also yields equivalences between processes which generate isomorphic event structures. True concurrency in semantics is particularly important in reversible process calculi, as the order actions can reverse in depends on their causal relations rather than how the parallel actions interleave [25]. Knowing the causal relationships between actions in concurrent processes is also important when using causal-consistent debugging [20] to find bugs created by interactions between processes.
Cristescu et al. [8] used rigid families [4], related to event structures, to describe the semantics of Rπ [7]. However, their semantics requires a process to first reverse all actions to find the original process, map this process to a rigid family, and then apply each of the reversed memories in order to reach the current state of the process. Aubert and Cristescu [1] used a similar approach to describe the semantics of RCCS processes without auto-concurrency, auto-conflict, or recursion as configuration structures. By contrast, we map a CCSK process (with auto-concurrency, auto-conflict, and recursion) with past actions directly to a (reversible) event structure in a strictly denotational fashion.
Reversible forms of prime [27], asymmetric [27], and general [29] event structures have already been defined, but the usual way of handling parallel composition of forward-only prime (PES) and asymmetric event structures (AES) [30] does not translate into a reversible setting, and general event structures are far more expressive than is necessary for modelling reversible CCSK. We also considered using a reversible variant of flow event structures [3], but found that the additional expressiveness of flow event structures was unnecessary, and in fact created problems when it came to defining a category of the forward-only flow event structures [5]. We therefore chose to use bundle event structures (BESs) [21].
BESs were created with the specific purpose of allowing the same event to have multiple conflicting causes, thereby making it possible to model parallel composition without creating multiple copies of events. They do this by associating events with bundles of conflicting events, , where in order for event e to happen one of the events of X must have already happened.
This approach can be used for modelling cases such as Example 1.1 below, where an action a has multiple options for synchronisation, either of which would allow the process to continue with the action b. If we model each synchronisation or lack thereof as a separate event then we clearly need to let b have multiple possible causes, which we can accomplish using BESs, but not using PESs. Having multiple copies of events depending on which causes we use is not possible in a reversible PES, as we do not know when performing an event what will cause it to reverse. If in Example 1.1 instead (the event labelled) b can reverse only from configurations containing either a or τ, we can have a situation where we do not have a or τ in the configuration we want to add b to, and then we do not know whether to add the b that can reverse when a is present or the b that can reverse when τ is present. In a reversible setting, bundles therefore not only simplify our event structures, but become necessary when we have events causing each other to reverse.
Example 1.1 Process represented as a BES The CCS process can be described by a BES with the events , the bundle , and the conflicts and as seen in Fig. 1 where a dashed line indicates conflict and connected arrows indicate a bundle. The process cannot be represented by a PES or AES without splitting some events into multiple events, due to b having multiple possible causes.
We therefore define a category of reversible BESs (RBESs) in Section 3. Since the reversibility allowed in CCSK (as in RCCS) is causal, meaning that actions can be reversed if and only if every action caused by them has already been reversed, we use the causal subcategory of RBESs for defining a denotational semantics of CCSK in Section 4.
Causal reversibility has the drawback of allowing a process to get into a loop doing and undoing the same action indefinitely; there is no control on whether or when a computation reverses. We modify CCSK to control reversibility by adding the rollback introduced for roll-π in [17]. In Roll-CCSK every action receives a tag γ, and the process only reverses when reaching a primitive, upon which the action tagged with γ, together with all actions caused by it, are reversed. As in roll-π, the rollback in Roll-CCSK is maximally permissive, meaning that any subset of reached rollbacks may be executed, even if one of them rolls back the actions leading to another.
The operational semantics of rollback works somewhat differently in Roll-CCSK from roll-π, since roll-π has a set of memories describing past actions in addition to a π-calculus process, while CCSK has the past actions incorporated into the structure of the process, meaning that it is harder to know whether one has found all the actions necessary to reverse. Since roll-π is based on higher order-π, it can create recursion by sending processes. Roll-CCSK on the other hand has explicit recursion, and therefore needs to use bindings on tags to avoid ambiguity about which tag a roll is associated with.
As in roll-π, we also describe a more distributed semantics of rollback. This version of the semantics reverses each action marked for rollback individually, rather than performing the entire roll in one step. However, unlike roll-π, we mark all past actions in one step. We do this because propagating a marking of past actions would otherwise require the action being marked to be able to look at previous actions further back in the structure of the process to find markings it can propagate. In roll-π this is not an issue, since one has a set of parallel memories all at the same level, which can easily be compared to find out which order they are in. We describe both of these operational semantics of Roll-CCSK in Section 6.
Rollback has also been defined for μKlaim, a tuple-based language with shared memory [13]. This was done similarly to roll-π, giving the locations of shared memories keys, which change when a process interacts with the location. Another variant of CCS with rollback, CCSroll was defined in [23]. CCSroll, like roll-π, has memories in parallel with the process and equips the process with an ordering of keys, which it uses to determine which actions have been caused by the action being rolled back. This makes the semantics less compositional than Roll-CCSK. The causal-consistent reversible debugger for Erlang, CauDEr [20], allows the user to roll back not only to a checkpoint, but to other past events such as receiving or sending a specific message.
Once a event has happened, we need to ensure that not only are the events caused by the γ-tagged action able to reverse, but they cannot re-occur until the rollback is complete, at which point the event is reversed. This requires us to model asymmetric conflict between and events caused by (apart from itself). Asymmetric conflict is allowed in extended BESs (EBESs) [21]. We define a category of reversible EBESs (REBESs) in Section 5 and use them to give an event structure semantics of rollback in Section 7. Note that we do not restrict ourselves to the causal subcategory of REBESs, since reversibility in Roll-CCSK is not necessarily causal: an action tagged with γ is a cause of , but we want to reverse before does.
Outline. Section 2 recalls CCSK. Section 3 describes (reversible) bundle event structures and their categories. Section 4 defines the event structure semantics of CCSK. Section 5 describes (reversible) extended bundle event structures. Section 6 defines Roll-CCSK, a version of CCSK where reversibility is controlled by rollback, and its operational semantics, and Section 7 uses reversible extended bundle event structures to describe the event structure semantics of Roll-CCSK.
Changes from conference version [14].
- •
We include proofs of all results.
- •
Sections 3 and 5 include categorical definitions of the forward-only bundle and extended bundle event structures.
- •
Sections 3 and 5 include functors between the newly introduced categories and their forward-only counterparts and between RBES and REBES and other categories of reversible event structures introduced in [15] creating the categories of reversible event structures and functors between them shown in Fig. 2.
- •
Section 2 includes Proposition 4.8 showing that our ordering on event structures is a complete partial order and Lemma 4.9, Lemma 4.10, Lemma 4.11, Lemma 4.12 showing that the operations we define on the event structures are monotonic.
- •
Section 5 includes full definitions of REBES-morphisms, a functor from REBES to CS, and causal and cause-respecting REBESs. It also includes characterisations of products and coproducts of REBESs.
- •
We correct Definition 6.1, Definition 6.2 so that they deal with keys rather than tags, as tags are not necessarily unique. As a consequence we change rollbacks to be performed on tags after they find their associated action and therefore do not need the concept of bound tags.
- •
We add a more distributed small-step variant of the rollback semantics to Section 6. This semantics marks all the actions needing to be reversed and afterwards reverses them individually, rather than reversing them all at once when the rollback is performed. While the marked actions are being reversed, subprocesses not preceded by marked actions can continue to perform forward actions.
- •
Section 7 includes intermediate results Lemma 7.17, Lemma 7.18.
- •
We have added Example 3.5, Example 3.22, Example 3.26, Example 6.3, Example 6.7, Example 6.14, Example 7.2, Example 7.5.
Section snippets
CCSK
CCSK was defined in [26], and distinguishes itself from most reversible process calculi by retaining the structure of the process when actions are performed, and annotating past actions with keys instead of generating memories. This means we get , with the shared key n denoting that a and have previously communicated, and we therefore cannot reverse one without reversing the other.
We call the set of action of CCSK and let range over , range over ,
Reversible bundle event structures
In this section we define the reversible bundle event structures which we intend to use for defining denotational true concurrency semantics of CCSK in Section 4. For this we want a categorical definition, since we can use morphisms to determine relationships between the event structures generated by different processes and use products and coproducts to define parallel composition and choice operators. Forward-only bundle event structures were introduced by [21], but have not yet been defined
Event structure semantics of CCSK
Having defined RBESs, we will now use them to describe the semantics of CCSK. Unlike the event structure semantics of CCS [3], [31], our semantics will generate both an event structure and an initial configuration containing all the events corresponding to past actions. This means that for any CCSK processes P and , if then P and will be described by the same, or at least isomorphic, event structures with different initial states.
First we define the operators we will use in the
Reversible extended bundle event structures
Suppose one wishes to model a program consisting of multiple parallel processes, but rather than allowing the process to do and undo actions whenever as in CCSK, it might be preferable to have one action that causes all actions, or all actions since the last safe state, to be reversed before the process can continue, similar to the command of [17]. RBESs can easily ensure that this roll event is required for other events to reverse. We simply say that for all e, but preventing
Roll-CCSK
In this section we add a rollback operator, similar to that of roll-π [17], to CCSK. The semantics of roll-π is not directly translatable to CCSK, as it makes use of the fact that one can know, when looking at a memory, whether the communication it was associated with was with another process or not, and therefore, for a given subprocess P and a memory m, one knows whether all the memories and subprocesses caused by m are part of P. In CCSK, this is not the case, as the rollback in the
Event structure semantics of roll-CCSK
Now that we have defined operational semantics of rollback, we are ready to describe a more formal method for using LREBESs to model rollback than the ad-hoc approach we used in Example 5.1.
To model a rollback in an event structure, we have two events, one which triggers the rollback, labelled , and another which starts the actual rollback by allowing the events caused by the associated action to begin reversing. When prefixing a process P with an action , we now need to ensure
Conclusion
We have defined a reversible variant of bundle event structures and a category using these as objects, and used a causal subcategory of this to describe event structure semantics of uncontrolled CCSK, the first event structure semantics of a reversible calculus that we are aware of. We chose to use CCSK for this purpose because the way CCSK records previous actions preserves the structure of the process, meaning we can use very similar semantics for previous and future actions.
Unlike previous
Declaration of Competing Interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Acknowledgements
This work was partially supported by an EPSRC DTP award; and also by the following EPSRC projects: EP/V000462/1, EP/K034413/1, EP/K011715/1, EP/L00058X/1, EP/N027833/1, EP/T006544/1, EP/N028201/1 and EP/T014709/1; and by EU COST Action IC1405 on Reversible Computation.
References (31)
- et al.
Contextual equivalences in configuration structures and reversibility
J. Log. Algebraic Methods Program.
(2017) - et al.
Strategies as concurrent processes
Electron. Notes Theor. Comput. Sci.
(2014) - et al.
Parallel product of event structures
Theor. Comput. Sci.
(1997) - et al.
Formal molecular biology done in CCS-R
Electron. Notes Theor. Comput. Sci.
(2007) - et al.
Bundle event structures: a revised cpo approach
Inf. Process. Lett.
(2002) - et al.
Causal-consistent rollback in a tuple-based language
J. Log. Algebraic Methods Program.
(2017) - et al.
Towards a categorical representation of reversible event structures
J. Log. Algebraic Methods Program.
(2019) - et al.
Reversibility and models for concurrency
Electron. Notes Theor. Comput. Sci.
(2007) - et al.
Reversing algebraic process calculi
J. Log. Algebraic Methods Program.
(2007) - et al.
Reversibility and asymmetric conflict in event structures
J. Log. Algebraic Methods Program.
(2015)