Modeling Coordination via Asynchronous ... - Semantic Scholar

Download PDF
2 downloads 0 Views 228KB Size Report
Comment
elements from Stoken. De nition 4. De ne the set of con gurations Sconf as Seagent Sstore. Con- gurations are denoted as hA j i, where A is an (extended) agentĀ ...
Modeling Coordination via Asynchronous Communication Antonio Brogi1 and Jean-Marie Jacquet2 1 2

Dipartimento di Informatica, Universita di Pisa Corso Italia 40, 56125 Pisa, Italy [email protected]

Institut d'Informatique, Facultes Universitaires de Namur rue Grandgagnage 21, 5000 Namur, Belgium [email protected]

Abstract. The paper proposes a theoretical study of coordination languages. A language that embodies the essential features of coordination languages is considered. The language includes Linda's asynchronous communication primitives, as well as several composition operators. Computations in this language are described by means of an operational semantics, reporting the whole traces of executions. The non-compositionality of this intuitive operational semantics motivates the design of a compositional and fully abstract denotational semantics, which is then exploited for studying program equivalence in this setting.

1 Introduction Modern computer systems consist of large numbers of software components that interact one another. The process of software construction is more and more centered on the composition of generic existing packages to construct complex systems. Moreover, the rapid expansion of computer networks is highlighting the need for integrating and coordinating hetereogeneous components, which rely on di erent computational models and are physically distributed on the net. Carrero and Gelernter [3] rst pointed out the relevance of de ning coordination models and languages for combining separate computational activities into asynchronous ensembles and for supporting communication among them. Linda [2] was the rst coordination language, presented as a set of inter-agent communication primitives which can be virtually added to any programming language. The interest for coordination models and languages is rapidly growing, and several coordination-based systems are under development or already available [4]. The study of models and languages for coordinating separate activities of software components is therefore of primary importance in this scenario. The scope of this paper is to contribute to setting the theoretical foundations of the growing eld of coordination languages. In this paper we will consider a simple language L that embodies the essential features of coordination languages based on generative communication a la Linda

[2]. The language includes Linda's out, in, and rd primitives for adding, deleting and checking the presence of an object in a shared dataspace. The language also includes sequential and parallel composition operators, as well as a choice operator in the style of CCS [7]. We will rst describe the operational semantics of the language in the SOS style [9]. We will consider as observable behaviour of programs, for all possible computations, the sequences of states of the shared dataspace generated by computations. We will then de ne a denotational semantics and study the properties of compositionality and full abstraction with respect to the operational model of the language. The de nition of the denotational model is inspired by the denotational models for nonuniform concurrent languages proposed by Horita, de Bakker and Rutten in [6]. However, whereas in [6] the state of the computation is represented by the values of individual variables and is changed by assigning variables, in our setting the state of the computation is represented by the content of the shared dataspace and is changed by out and in primitives. In both cases the meaning of a process needs to represent the possible interactions between the process itself and the environment. Simply recording the initial and nal states of computation sequences does not provide a compositional description of processes. We will therefore employ sequences of states which contain gaps between steps to represent possible interactions with the environment. The denotational model of the language is de ned in a compositional way. First the denotation of atomic agents (viz., communication actions) is given. Then the denotation of sequential, parallel and choice compositions of agents is de ned by means of homomorphic operations on the denotations of agents. As the denotational semantics preserves the observational equivalence of agents, we have that denotationally equivalent programs are indistinguishable, that is, they exhibit the same observable operational behaviour in any possible context. We then show that the obtained denotational model is also fully abstract with respect to the operational model of the language. Intuitively speaking, this means that operationally indistinguishable programs are equivalent in the chosen denotational semantics. The properties of compositionality and full abstraction of the denotational semantics establish rm foundations for reasoning about programs and program transformations. Let A be an agent which is part of a larger system, or context, denoted by C [A]. Suppose that A0 is an alternative, possibly more ecient, version of A obtained for instance by applying some program transformation technique to A. If A0 is denotationally equivalent to A, that is if D(A) = D(A0 ), then the property of compositionality ensures that the substitution of A0 for A does not a ect the observable behavior of the whole system, that is O(C [A]) = O(C [A0 ]). While compositionality ensures that any pair of denotationally equivalent agents can be substituted one another without a ecting the observational behavior of a system, full abstraction establishes that only denotationally equivalent programs satisfy such a property. The paper is organized as follows. The language L is introduced in Section 2,

where syntax and operational semantics of the language are presented. A fully abstract denotational semantics for L is de ned in Section 3, while Section 4 contains some concluding remarks.

2 The L language 2.1 Syntax We shall consider a simple language L embodying the essential features of coordination languages. Consequently, it has as basic elements Linda's out, in, and rd primitives, for putting an object on a shared space, getting it and checking its presence, respectively. L also includes sequential and parallel composition operators as well as a choice operator in the style of CCS [7]. However, for simplicity purposes, only nite processes are treated here, under the observation that in nite processes can be handled by extending the results of this paper in the classical way, exempli ed, for instance, in [6]. The language L is formally de ned by the following grammar.

De nition 1. 1. Let Stoken be an in nite set, the elements of which are subsequently called tokens and are typically represented by the letters t and u, possibly subscripted. 2. De ne the set of agents Sagent by the following rules, where t is a token, A is an agent and c denotes a communication action.

c ::= tell(t) j ask(t) j get(t) A ::= c j A ; A j A jj A j A + A 3. De ne the language L as the above set Sagent.

2.2 Operational semantics Con gurations. L computations may be modelled by the following transition

system written in Plotkin's style. Following intuition, most of con gurations consist of an agent to be solved together with a multi-set of tokens denoting the tokens currently available for the computation. To easily express termination, we shall introduce particular con gurations composed of a special terminating symbol E together with a multi-set of tokens. For uniformity purposes, we shall abuse language and qualify E as an agent. However, to meet the intuition, we shall always rewrite agents of the form (E ; A), (E jj A), and (A jj E ) as A. This is technically achieved by de ning the extended set of agents as follows. In particular, simpli cations are operated by imposing a bimonoid structure.

De nition 2. De ne the extended set of agents Seagent by the following grammar

Ae ::= E j c j A ; A j A jj A j A + A

Moreover, we shall subsequently assert that the structure (Seagent; E; ; ; jj ) is a bimonoid and simplify elements of L accordingly. De nition 3. De ne the set of stores Sstore as the set of nite multisets with elements from Stoken. De nition 4. De ne the set of con gurations Sconf as Seagent  Sstore. Con gurations are denoted as hA j i, where A is an (extended) agent and  is a multi-set of tokens.

Transition rules. The transition rules de ning the operational semantics of the language are reported in Figure 1. (T) (A) (G)

hask(t) j  [ ftgi ?! hE j  [ ftgi

(S)

hA j i ?! hA0 j 0 i hA ; B j i ?! hA0 ; B j 0 i

(P)

hA j i ?! hA0 j 0 i hA jj B j i ?! hA0 jj B j 0 i hB jj A j i ?! hB jj A0 j 0 i

(C)

hA j i ?! hA0 j 0 i hA + B j i ?! hA0 j 0 i hB + A j i ?! hA0 j 0 i

htell(t) j i ?! hE j  [ ftgi hget(t) j  [ ftgi ?! hE j i

Fig. 1. The transition rules. Rule (T) states that an atomic agent tell(t) can be executed in any store , and that its execution results in adding the token t to the store . Rule (A) states that an atomic agent ask(t) can be executed in any store containing the token t, and that its execution does not modify the current store. Rule (G) also states that an atomic agent get(t) can be executed in any store containing an occurrence of t, but in the resulting store the occurrence of t has been deleted.

Rules (S), (P), and (C) describe the operational meaning of sequential, parallel and choice operators in the standard way [7].

Observables. A reasonable notion of observables consists of reporting, for all possible computations, the sequence of states the computations produce. It is de ned subsequently as the semantics Oh to stress this notion of history of states. Another reasonable notion of observable would consists in focusing on the results of the computations only. It is however considered to be outside the scope of this paper and will be studied in future work. We will use the following notation to represent sequences of elements and their concatenation. Given a set A, the set of nite sequences of elements of A is denoted by A
De nition 5. 1. Let + and ? be two fresh symbols denoting respectively success and failure. De ne the set of histories Shist as the set of nite sequences ending by one termination mark: Stoken
3 Fully abstract compositional semantics for histories There are two main reasons why the history semantics Oh is not compositional. First, the execution of a computation step produces a store which is not necessarily empty. A compositional semantics should therefore account for initial stores of any content. Second, as shown from the transition system, the computation of the agent A jj B amounts to interleaving execution steps of A and B . A compositional semantics should thus allow for transition steps made by the environment. Following [6], we shall model transition steps in the form of pairs of input and output stores and take as semantic domain sets of sequences of such pairs. These sequences possibly contain gaps, accounting for actions of the environment. Moreover, they will start in any store, allowing previous steps to result in a possibly non-empty store.

3.1 Notation Before proceeding, it is convenient to introduce some notation.

De nition 6. De ne Shhist as the set (SstoreSstore)
4. For n  0 and  2 f+ ; ? g, let h = (1 ; 1 ):    :(n?1 ; n?1 ):(n ; ), be an history of Shhist. Then

diff (h) = (1 n 1 ) [ (1 n 1 ) [    [ (n?1 n n?1 ) [ (n?1 n n?1 )

where [ and n denote, respectively, multiset union and di erence. Abusing notations, we shall lift diff to sets of histories in the natural way: For any set S of histories of Shhist,

[ diff (S ) = fdiff (h) : h 2 S g

De nition 8. An history h 2 Shhist is continuous i it has the form (0 ; 1 ):(1 ; 2 ):    :(n?1 ; n ):(n ; ) with  2 f+ ; ? g. In that case, h denotes the following sequence of stores h = 0 :1 :    :n : 3.2 Denotational semantics De ning a compositional semantics consists of, on the one hand, specifying the meaning of elementary statements and, on the other hand, providing an operator at the semantic level for each syntactic operator. We start with this second task in the following section. A compositional semantics, called denotational in view of the compositionality property, is de ned next. It is then proved correct with respect to the history operational semantics Oh , and nally it is established to be fully abstract.

Semantic operators. There are three syntactic operators to combine elementary agents: Sequential composition, parallel composition, and choice. Let us examine each of them in turn. Sequential composition. Since semantic histories may include gaps and begin with any input store, composing the meaning of two agents which are sequentially composed amounts to concatenating their histories. This is achieved by the following operator, where further care is taken in the expected manner for the termination marks.

De nition 9. De ne e; : P (Shhist)  P (Shhist) ! P (Shhist) as the following function: For any subset S1 , S2 of Shhist,

S1 e; S2 = fh1:h2 : h1 :(; + ) 2 S1 ; h2 2 S2 g [ fh1 :(; ? ) : h1 :(; ? ) 2 S1 g Parallel composition. Parallel composition is modelled in an interleaving fashion. Consequently, composing in parallel two semantic histories amounts to take their merge. Again care has to be taken to termination marks, as formalized below.

De nition 10. De ne the parallel composition of two histories as the function

ekh : Shhist  Shhist ! P (Shhist) de ned inductively by the following equalities, where  stands either for + or ? . (1 ; 1 ):h1 ekh (2 ; 2 ):h2 = f(1 ; 1 ):h : h 2 h1 ekh (2 ; 2 ):h2 g [ f(2 ; 2 ):h : h 2 (1 ; 1 ):h1 ekh h2 g

(1 ; 1 ):h1 ekh (2 ; 2 ) = (2 ; 2 ) ekh (1 ; 1 ):h1 = f(1 ; 1 ):h : h 2 h1 ekh (2 ; 2 )g

8 + 1 =  2 =  + > > < ff((11 ;; ?))gg;; ifif 1)1 =1=2 and 2 and (1 ; 1 ) ekh (2 ; 2 ) = > ? or 2 = ? 2)  =  1 > : ;; if 1 = 6 2

De nition 11. De ne the parallel composition of two sets of histories as the natural lifting of function ekh , namely as the function ek : P (Shhist)  P (Shhist) ! P (Shhist) de ned as follows: for any subset S1 , S2 of Shhist, [ S1 ek S2 = fh1 ekh h2 : h1 2 S1 ; h2 2 S2 g: Choice. Choice is modelled as an internal choice, namely an agent formed from the choice of two agents can proceed as any of its components. As before care has to be taken for termination marks. The composed agent fails if the two components do so; it succeeds if at least one of the two components does.

De nition 12. De ne +e : P (Shhist) P (Shhist) ! P (Shhist) as the following function: for any subset S1 , S2 of Shhist,

S1 +e S2 = S1a [ S2a [ S1+ [ S2+ [ (S1? \ S2? )

De nition. Given the operators e; , ek , and +e , de ning the denotational semantics amounts to specifying the semantics of the basic constructs tell, ask, and get. This is achieved according to the intuition given by their operational behavior.

De nition 13. De ne the denotational semantics as the following function Dh : Sagent ! P (Shhist): for any token t, for any agents A1 , A2 , Dh (tell(t)) = f(;  [ ftg):(; + ) : ;  2 Sstoreg Dh (ask(t)) = f(; ):(; + ) : ;  2 Sstore; t 2 g [ f(; ? ) :  2 Sstore; t 62 g Dh (get(t)) = f(;  n ftg):(; + ) : ;  2 Sstore; t 2 g [ f(; ? ) :  2 Sstore; t 62 g Dh (A1 ; A2 ) = Dh (A1 ) e; Dh (A2 ) Dh (A1 jj A2 ) = Dh (A1 ) ek Dh (A2 ) Dh (A1 + A2 ) = Dh (A1 ) +e Dh (A2 )

(1) (2) (3) (4) (5) (6)

Properties. It is easy to observe that the semantics Dh is compositional by construction. It is also correct with respect to the semantics Oh in the sense that the latter can be obtained from Dh . Indeed, it is sucient to take the continous histories from Dh starting in the empty store to get those produced by Oh . Proposition 14. Let : P (Shhist) ! P (Shhist) be de ned as follows: For any subset S  Shhist, (S ) = fh : h 2 S; h continuous; init(h) = ;g: Then

Oh =  D h :

Proof By structural reasoning. Proposition 14 establishes that if two agents A1 and A2 have same denotation, viz. Dh (A1 ) = Dh (A2 ), then they are indistinguishable in any context. Note that, as a corollary of this proposition an operational history 1 :    :n : corresponds biunivoquely to a continuous denotational history starting in the empty store: (;; 1 ):    :(n ; ). The denotational semantics can also be characterized in terms of the operational semantics as follows.

Proposition 15. Extend the denotational semantics to the empty agent E as follows: Dh (E ) = f(; + ) :  2 Sstoreg: Let A be an agent and ,  be stores such that Dh (A)[(;  )] = 6 ;. Moreover, let B1 , . . . , Bm be all the agents such that hA j i ! hB j  i Then,

Dh (A)[(;  )] = Dh (B1 ) [    [ Dh (Bm ):

Proof By structural reasoning. Note that Dh (B1 ) [  [Dh (Bm ) is almost Dh (B1 +    + Bm). They actually di er by the treatment of immediately failing computation: All of them are registered in Dh (B1 ) [    [ Dh (Bm ) while only those common to B1 , . . . , Bm appear in the denotational semantics of B1 +    + Bm . The next property to ask is whether Dh contains the least information nec-

essary to be compositional and correct. That corresponds to a full abstraction result. This result is so involved that it deserves a complete section, which is done in the next section. As a preliminary result, it is interesting to observe that for any agent A, the denotational semantics Dh (A) is extensible in the following sense.

Proposition 16. For any agent A, any stores , 1, . . . , n , 1. there is a continuous history in Dh (A) starting in  2. if Dh (A)[(1 ; 2 ):    :(n?1 ; n )] = 6 ; then there is a continuous history in Dh (A) of the form (1 ; 2 ):    :(n?1 ; n ):h0 Proof By structural reasoning. 3.3 Full abstraction De nitions. De nition 17. Let 2 be a fresh symbol. De ne the set of contexts Scontext by

the following rules, where t is a token, A is an agent and c denotes a communication action.

C ::= 2 j A j C ; A j A ; C j C jj A j A jj C j C + A j A + C The application of a context C to an agent A is de ned as the new agent obtained by replacing the place holder 2 in C , if any, by A. This is subsequently denoted as C [A].

De nition 18. The semantics Dh is fully abstract with respect to the semantics Oh i the following property holds: for any agents A1 , A2 , the following assertions are equivalent i) for any context C , Oh (C [A1 ]) = Oh (C [A2 ]); ii) Dh (A1 ) = Dh (A2 ).

Intuition. The compositional property of Dh together with proposition 14 establish the implication (ii) ) (i). It thus remains to prove the converse (i) ) (ii). To that end, we shall proceed by contraposition. Given two agents A1 , A2 such that Dh (A1 ) 6= Dh (A2 ) we shall construct a context C such that

Oh (C [A1 ]) 6= Oh (C [A2 ]) The two semantics reporting sets, the construction amounts to constructing from a denotational history h of one agent, say A1 , which is not in the denotation of the other A2 , a context C and an operational history of C [A1 ] not of C [A2 ]. In view of the relation between Oh and Dh as shown by in proposition 14, this amounts to establishing the existence of a continuous denotational history,

starting in ;, which is in Dh (C [A1 ]) and not in Dh (C [A2 ]). To that end, following [6], we shall construct from h a new history h0 and an agent T such that h0 is in the denotation of A1 jj T and not in the denotation of A2 jj T . The proof basically proceeds by induction on the length of h. In the base case, h takes the form (; ) with  being either + or ? . The tester T then essentially construct a continuous sequence yielding  from the initial store ; in a way that, on the one hand, prevent A1 and A2 to do any intermediary step, and, on the other hand, forces A1 and A2 to do the last step (; ). By hypothesis, this is possible for A1 and not for A2 . In the non basic case, h takes the form (;  ):h for some history h . Two cases are possible: either there is no history starting by (;  ) in Dh (A2 ) or those which start by (;  ) cannot end by h . In the rst case, the proof proceeds as in the base case. In the second case, the proof uses induction. However, the induction should be applied for h in Dh (A1 )[(;  )] and not in Dh (A2 )[(;  )]. As stated by proposition 15, these sets turned out to be basically but not exactly the denotations Dh (A01 ) and Dh (A02 ), of some agents A01 and A02 . We shall consequently generalize a bit the induction to sets of denotational histories. This extension being discarded here for the sake of simplicity, we thus apply the induction hypothesis for h , A01 and A02 . It points out a tester T 0 and an history h00 which is in Dh (A01 jj T 0 ) and not in Dh (A02 jj T 0 ). From there we should construct a tester T and an history h000 in Dh (A1 jj T ) and not in Dh (A2 jj T ). Basically, the step (;  ) has to be done before h00 and since h000 needs to be continuous, h00 has to start in a possibly non empty store. Hence, we have to generalize the theorem and construct in general from h an history h0 which start in any initial store. Given this generalization, the tester T basically consists of rst making the steps necessary to produce  from the given initial store, then of making an auxiliary transition from  to some  0 chosen so as to ensure that A1 and A2 have to do the step (;  ), and nally consists of T 0.

Auxiliary concepts. The above intuition points out an auxiliary task which

consists of making by an auxiliary agents the steps necessary to produce a given target store  from a given initial store . These steps are subsequently achieved by means of the following agent AgV! .

De nition 19. Let V be a nite set of tokens, and  and  be two stores. Let  n  = fg1;    ; gm g  n  = ft1;    ; tn g with m; n  0. Let a1 , . . . , am+n be tokens not in V , , and  . Abusing language by forgetting in the notation about these ai 's, we denote by AgV! , the agent

(actually one of the possible such agents) get(g1); tell(a1);



get(gm); tell(am); tell(t1); tell(am+1);



tell(tn); tell(am+n); get(a1);    ; get(am+n ) Moreover, we note by V! the associated sequence of states (0 ; 1 ):( 1 ; 1 ):



(m?1 ; m ):( m ; m ): (m ; 1 ):(1 ; m+1 ):



(m+n?1 ; n ):(n ; m+n ): (0 ; 1 ):    :(m+n?1 ; m+n ) where

0 =  0 = m+n m+n = 

i = i?1 n fgi g i = i [ fai g j = m+j?1 [ ftj g m+j = j [ fam+j g k = k?1 n fak g

(1  i  m) (1  i  m) (1  j  n) (1  j  n) (1  k  m + n)

Obviously, AgV! can perform the history V! :(m+n ; + ). If V is suitably chosen, it also has the property of being responsible for making the steps of V! when placed in parallel with another agent.

Proposition 20. Let  and  be two stores. Let A be an agent and let V contain the tokens present in the tell, get and read communication primitives of A.

1. Any history h = V! :h0 of Dh (AgV! jj A) is of the set V! :( ; + ) ekh ha for some store and some history ha 2 Dh (A). 2. For any agent B , any history h = V! :h0 of Dh ((AgV! ; B ) jj A) is of the set V! :hb ekh ha for some histories ha 2 Dh (A) and hb 2 Dh (B ).

Proof Let us establish the rst part of the proposition, the proof of the other part being similar. By de nition 13, if h is in Dh (AgV! jj A), there are h1 2 Dh (AgV! ) and h2 2 Dh (A) such that h 2 h1 ekh h2 . Moreover, in view of AgV! , h1 is necessarily of the following form:

( 1 ; 1 n fg1g):( 1 ; 1 [ fa1 g):

:

( m ; m n fgmg):( m ; m [ famg): ( m+1 ; m+1 [ ft1 g):( m+1 ; m+1 [ fam+1 g):



( m+n ; m+n [ ftn g):( m+n ; m+n [ fam+ng): (1 ; 1 n fa1g):



(m+n ; m+n n fam+n g) Let us rst progressively establish that h1 = V! :h01 for some history h01 . Using the notations of de nition 19, we rst observe that h2 cannot be of the form (0 ; 1 ):h02 . Indeed, if this was the case, then, in view of the merge operator ekh , either h1 = ( 1 ; 1 ):h01 or h02 = ( 1 ; 1 ):h002 . However, both cases are impossible. In the rst case, in view of the above form of h1 , one would have 1 = 1 nfg1g and thus a1 62 1 since a1 62 1 whereas by de nition of 1 , a1 2 1 . In the second case, since a1 cannot be told by A by choice of a1 , then again a1 62 1 whereas by de nition of 1 , a1 2 1 . Hence,

h1 = (0 ; 1 ):r1 Moreover, as just explained, by its choice, a1 cannot be told by A and consequently, h2 cannot be of the form h2 = ( 1 ; 1 ):h02 , for some h02 . It follows that

h1 = (0 ; 1 ):( 1 ; 1 ):r2

By similar reasoning, h1 can be proved to be of the form

h1 = (0 ; 1 ):( 1 ; 1 ):    :(m?1 ; m ):( m ; m ):(m ; 1 ):(1 ; m+1 ):    (m+n?1 ; n ):(n ; m+n ):r3 Now, since by de nition A cannot get any ai , h1 must further be of the form (0 ; 1 ):( 1 ; 1 ):



(m?1 ; m ):( m ; m ): (m ; 1 ):(1 ; m+1 ):



(m+n?1 ; n ):(n ; m+n ): (0 ; 1 ):    :(m+n?1 ; m+n ):r4 Summing up, the agent AgV! has made all the 2*(m+n) steps and thus has reached completion successfully. It follows that r4 should be ( ; + ), for some store . Proposition 20 can be extended to more general sets of denotational histories.

De nition 21. A set of denotational histories is called coherent if it is extensible (in the sense of proposition 16) and if it its set diff (S ) is nite.

Proposition 22. Let  and  be two stores. Let S be a coherent subset of Shhist and let V contain diff (S ).

1. Any history h = V! :h0 of Dh (AgV! ) ek S is of the set V! :( ; + ) ekh hs for some store and some history hs 2 S . 2. For any agent B , any history h = V! :h0 of Dh (AgV! ; B ) ek S is of the set V! :hb ekh hs for some histories hs 2 S and hb 2 Dh (B ).

Proof Similar to that of proposition 20.

Key proposition. Theorem 23. Let S1, S2 be two coherent subsets of Shhist such that S1 n S2 6= ;. Then, for any store , there is an agent T and a continuous history h 2 (S1 ek Dh (T )) n (S2 ek Dh (T )) which starts in . Proof The proof is conducted by induction on the minimum Lg of the length of the histories which are in S1 and not in S2 .

Case I: Lg = 1. Then there is an history h 2 S1 n S2 which is of the form (; + ) or of the form (; ? ). Subcase i: h = (; + ). Let us rst examine the case where h = (; + ). By hypothesis, (; + ) 62 S2 . Let V be the set diff (S2). Consider T = Ag V! . Obviously, h =  V! :(; + ) is a continuous history belonging to S1 ek Dh (T ). To conclude in this case, let us prove that it does not belong to S2 ek Dh (T ). Indeed, if so, by proposition 22, h should come from the following merge:

h 2  V! :( ; + ) ekh hs for some store and some history hs 2 S2 . Moreover, since h ends after  V! by (; + ), one should have, by de nition of the merge (see de nition 10), =  and hs = (; + ). Therefore, (; + ) should belong to S2 , which contradicts the hypothesis on A2 . Subcase ii: h = (; ? ). The case where h = (; ? ) can be treated similarly with the proof ending by noting that hs = (; ? ) should belong to S2 , which contradicts the hypothesis.

Case II: Lg > 1. Let us now consider the case where the minimum of the lengths of the histories of S1 n S2 is greater than 1. In that case, let h be such an history of minimum length. It is thus of the form h = (;  ):h0 for some stores ;  and some history h0 . There are two cases to be considered: either S2 [(;  )] = ; or S2 [(;  )] 6= ; but h0 62 S2 [(;  )].

Subcase i: S2 [(;  )] = ;. If S2 [(;  )] = ;, then let us rst observe, by proposition 16, that there is a continuous history of the form (;  ):hr in S1 . Let us then consider V and T = Ag V! as above. Obviously, h =  V! :(;  ):hr is a continuous history starting in . Moreover, if (!; ) is the last pair of the sequence hr , then h belongs to the merge of the histories  V! :(!; + ) and (;  ):hr , and consequently to S1 ek Dh (T ). To conclude, let us establish that it does not belong to S2 ek Dh (T ). Indeed, otherwise, following proposition 22, h should then come from the merge of two histories of the form  V! :( ; + ) and hs with hs 2 S2 . According to the de nition of the merge operation, one would then have hs = (;  ):hr and thus S2 [(;  )] would be non-empty, which contradicts the hypothesis. Subcase ii: S2 [(;  )] 6= ; but h0 62 S2 [(;  )]. In that case, by hypothesis 0 h 2 S1 [(;  )] n S2 [(;  )] and the minimum of the length of those histories which are in S1 [(;  )] and not in S2 [(;  )] is strictly less than Lg. We are thus in the position of applying the induction hypothesis. For an arbitrarily given store 0 | to be speci ed in a moment | it delivers a tester T 0 and a continuous history hr starting in 0 and which is in (S1 [(;  )] ek Dh (T 0)) n (S2 [(;  )] ek Dh (T 0 )). The proof then consists of pre xing T 0 by some actions, yielding T , and hr by a suitable sequence, yielding h , such as h starts, as required, in , is continuous, and is in S1 ek Dh (T ) and not in S2 ek Dh (T ). Applying the previous technique, T should start by Ag V! to bring the store to , then leave S1 and S2 do the step (;  ) and then resume by doing T 0. In order to force the Si 's to do so, we need a trick which basically consists of adding in h after (;  ) a step that can only be made by T . Hence, let t be a fresh token not appearing in diff (S1 ), diff (S2), and in the tokens used by Ag V! and let 0 be [ ftg. Moreover, let us take T = Ag V! ; tell(t) ; T 0 and h =  V! :(;  ):(; 0 ):hr . Then, h is in S1 ek Dh (T ). Indeed, as hr 2 S1 [(;  )] ek Dh (T 0), there is h1 2 S1 [(;  )] and ht 2 Dh (T 0) such that hr 2 h1 ekh ht . Therefore, (;  ):h1 2 S1 and  V! :(; 0 ):ht 2 Dh (T ). It follows that h 2 (;  ):h1 ekh  V! :(; 0 ):ht is in S1 ek Dh (T ).

To conclude, it remains to be established that h 62 S2 ek Dh (T ). Let us proceed by contradiction as before. Otherwise, in view of proposition 22, h should be in the set V! :ht ekh hs for some histories ht 2 Dh (tell(t) ; T 0) and hs 2 S2 . Moreover, T cannot be responsible for the step (;  ) ie, restated in formal terms, ht cannot be of the form ht = (;  ):h0t . Indeed, if this was the case, then  =  [ ftg, whereas by de nition t 62  . Hence, hs = (;  ):h0s for some history h0s . Note that, since hs 2 S2 , h0s 2 S2 [(;  )]. Moving one step further in h , again, thanks to the choice of the token t, S2 cannot perform the step (; 0 ) ie h0s cannot rewrite as h0s = (; 0 ):h00s . Therefore, ht = (; 0 ):h0t . Summing up, hr 2 h0t ekh h0s for some histories h0t 2 Dh (T 0 ) and h0s 2 S2 [(;  )] and consequently, hr 2 S2 [(;  )] ek Dh (T 0), which contradicts the fact that by construction hr is in (S1 [(;  )] ek Dh (T 0 )) n (S2 [(;  )] ek Dh (T 0 )).

Proof of the full abstraction property. We are now in a position to establish

the full abstraction property.

Theorem 24. The semantics Dh is fully abstract with respect to the semantics Oh . Proof Following de nition 18, two following properties should be established equivalent: i) for any context C , Oh (C [A1 ]) = Oh (C [A2 ]); ii) Dh (A1 ) = Dh (A2 ). The implication ii) ) i) follows directly from proposition 14. The other implication i) ) ii) is proved by contraposition. Assume Dh (A1 ) = 6 Dh (A2 ). Then, since both Dh (A1 ) and Dh (A2 ) are sets, there is an history h which is in one set and not in the other one. Without lost of generality, we may assume that h 2 Dh (A1 ) and h 62 Dh (A2 ). Then Dh (A1 ) n Dh (A2 ) = 6 ; and, consequently taking as coherent sets S1 = Dh (A1 ), S2 = Dh (A2 ), and ; as ini-

tial store , theorem 23 establishes that there is an agent T and a continuous history h 2 (Dh (A1 ) ek Dh (T )) n (Dh (A2 ) ek Dh (T )) which starts in ;. Note that, by de nition 13, h 2 Dh (A1 jj T ) n Dh (A2 jj T ). Therefore, by proposition 14, h is an operational history of Oh (A1 jj T ) which is not in Oh (A2 jj T ). There is thus a context C = 2 jj T , such that Oh (C [A1 ]) 6= Oh (C [A2 ]), which concludes the proof.

4 Concluding Remarks We have considered a simple language that embodies the essential features of coordination languages based on generative communication a la Linda. The de nition of a fully abstract compositional semantics for the language sets a rm foundation for reasoning about agents and agent compositions in a coordination-oriented setting. For instance, the denotational semantics induces a number of semantic equalities among agents. The following proposition reports a few classical ones.

Proposition 25. (C 1) (C 2) (C 3)

X + X =X X + Y =Y + X X + (Y + Z ) = (X + Y ) + Z

(P 1) (P 2)

X jj Y = Y jj X X jj (Y jj Z ) = (X jj Y ) jj Z

(SC ) (E 1) (E 2) (E 3)

(X + Y ) ; Z = (X ; Z ) + (Y ; Z )

X; E=X E; X =X E jj X = X

Proof Direct from de nitions 9, 10, 11, 12, and 13. It is worth noting that, on the other hand, the equality X ; (Y + Z ) = (X ; Y ) + (X ; Z ) does not hold. Future work will be devoted to develop and analyse semantics-preserving program transformation techniques in this setting. As we already pointed out in the Introduction, our denotational semantics is inspired to the denotational models for concurrent languages proposed by Horita, de Bakker and Rutten in [6]. In [6] the problem of de ning fully abstract denotational semantics for concurrent languages is studied in the context of an concurrent imperative setting based on assignments of variables and if-thenelse constructs as basic operations. Our contribution has been to show that whereas the concurrent language L di ers substantially from this setting, the denotational model proposed in [6] can be applied to characterize L. Namely, the idea of employing gaps in state sequences to represent possible interactions of agents with the state and the testing technique allow us to obtain a fully abstract compositional denotational semantics for L. A general framework embodying a variety of concurrent languages all based on asynchronous communication is studied in [5]. Among others, a full abstraction result similar to ours is claimed however without much details. Our contribution was to show how the peculiarities of the L language can be used to actually establish the claim in a restricted setting. Full abstraction for a shared variable parallel imperative language is also studied in [1]. However, the observables are composed of the nal states of the computation coupled to termination marks. They thus substantially di er from what is returned by the semantics Oh and hence, so are the denotational semantics although traces are also used in [1]. De Nicola and Pugliese de ned in [8] a testing scenario for a process algebra based on Linda's primitives. The language considered in [8] is richer than the

language L considered in this paper, in that the former includes several other composition operators and allows in nite processes. The work by De Nicola and Pugliese however di ers from ours in the type of description chosen to model Linda-based coordination languages (testing vs. denotational semantics).

References 1. S. Brookes. Full Abstraction for a Shared-Variable Parallel Language. In Proceedings of the Eighth Annual IEEE Symposium on Logic in Computer Science, pages 98{109, Montreal, Canada, June 1993. IEEE Computer Society Press. 2. N. Carriero and D. Gelernter. Linda in Context. Communications of the ACM, 32(4):444{458, 1989. 3. N. Carriero and D. Gelernter. Coordination Languages and Their Signi cance. Communications of the ACM, 35(2):97{107, 1992. 4. P. Ciancarini and C. Hankin, editors. Proceedings of The First International Conference on Coordination Models and Languages, number 1061 in LNCS. SpringerVerlag, 1996. 5. F.S. de Boer, J.N. Kok, C. Palamidessi, and J.J.M.M. Rutten. The Failure of Failures in a Paradigm of Asynchronous Communication. In J.C.M. Baeten and J.F. Groote, editors, Proc. 2nd Int. Conf. on Concurrency Theory (Concur'91), volume 527 of Lecture Notes in Computer Science, pages 111{126, Amsterdam, The Netherlands, 1991. Springer-Verlag. 6. E. Horita, J.W. de Bakker, and J.J.M.M. Rutten. Fully abstract denotational models for nonuiform concurrent languages. Information and computation, 115(1):125{ 178, 1994. 7. R. Milner. A Calculus of communucating systems. Springer-Verlag, 1980. 8. R. De Nicola and R. Pugliese. A process algebra based on Linda. In P. Ciancarini and C. Hankin, editors, COORDINATION 96, number 1061 in LNCS. SpringerVerlag, 1996. 9. G. Plotkin. A structural approach to operational semantics. Technical Report DAIMI-FN-19, Aarhus University, 1981.

This article was processed using the LATEX macro package with LLNCS style