# INTERPROCESS COMMUNICATIONS: DEADLOCK CONDITIONS P. Ancilotti, M. Fusani, N. Lijtmaer NOTA INTERNA B75-11 AGOSTO 1975 ### 1. INTRODUCTION This work is concerned with the behaviour of systems composed by several asynchronous modules. In particular, systems whose modules communicate by means of send and receive primitives are considered and deadlock conditions, that may arise by using these message passing primitives, are analyzed. For this purpose we introduce a formal model based on computation schemata [1]. First of all we introduce sequential schemata and then we define cyclic sequential schemata in order to model cyclic sequential processes. Systems composed by a set of concurrent processes are modelled by means of parallel combination of cyclic sequential schemata. On the ground of both processes structure and connections structure, systems are classified in three types: 1) time and data independent systems; 2) data dependent and time independent systems; 3) time and data dependent systems. For the first two types of systems a set of properties are proved. In particular, for the first type of systems we prove that: If a deadlock condition arises in a particular computation, then the same deadlock condition will arise in every computation. For the second type of systems a similar argument can be proved, that is: If, given a set of input data, a deadlock condition arises in a particular computation, then, with the same input data, the same deadlock condition will arise in every computation. ### 2. COMPUTATION SCHEMATA: SOME DEFINITIONS "A computation schema, or schema, represents the manner in which functional elements and decision elements are interconnected, and their actions sequenced, to define an algorithm" [1]. More precisely: <u>Definition 2.1</u>: A schema is a triple S=(A,V,C), where: A is a set of actors, V is a set of variables, and C is a set of control sequences (control set [2]). The functional elements of a schema are called operators and the decision elements are called deciders. The set of operators and the set of deciders are denoted by O and D, respectively. These sets are disjoint. Both, operators and deciders, are called actors. Then, actors are agents capable of either transforming or testing values. Each operator $\circ$ evaluates some unspecified function $f_{\circ}$ of m input variables and assigns values to n output variables: $$f_{O} : \{m-tuples\} \rightarrow \{n-tuples\}$$ Operators having no input variables are allowed and are used to model constants. A decider d tests some unspecified predicate $\mathbf{p}_{d}$ on m input variables $$p_d : \{m-tuples\} \rightarrow \{true, false\}$$ Deciders must at least have one input value. A domain X, which is a finite subset of V, is associated to each actor a. Similarly, a range Y, which is also a finite subset of V, is associated to each operator o. A set I of variables ( $I \subseteq V$ ) is called schema input if its intersection with the range of any operator is empty. Similarly, a set U of variables ( $U \subseteq V$ ) is called schema output if its intersection with the domain of any actor is empty. While variables of schemata may be denoted, generally, by single memory cells, each input or output variable of a schema may be denoted by a queue of memory cells. Each concecutive read operation uses up a single cell of the input queue. Similarly, for each writing a new cell is added to the output queue. The interconnections between actors and variables may be represented by a data flow graph . Figure 2.1 shows a data flow graph of a schema, where circles represent actors and boxes represent variables $\left[1\right]$ . Figure 2.1 Actors, operators and deciders, will be considered the units of computational activity, as characterized by their external behaviour. Associated with an operator o there are an initiation event $\bar{o}$ and a termination event $\bar{o}$ . Associated with each decider d, there are an initiation event $\bar{d}$ and either the true or the false termination event, denoted by $d_T$ and $d_F$ respectively. A control sequence of the schema is a string $\sigma$ =abc...q... of actor initiation and termination events. The control set C represents all the allowed sequences of events. Note that if $q=\underline{a}$ belongs to a control sequence $\sigma$ , then an occurrence of a must be present in the prefix of $\sigma$ that preceds q. The sequences in which operators and deciders are permitted to act, may be specified by a precedence graph [1]. Figure 2.2 shows a possible precedence graph of the schema whose data flow graph is represented in Figure 2.1. Let us introduce some definitions needed to develop our model. <u>Definition 2.2</u>: Given a control sequence $\sigma = ab...pq...$ , if $\pi = ab...p$ is a prefix of $\sigma$ , after the occurrences of the events in $\pi$ , the only feasible event in $\sigma$ is q. If t(x) denotes the time of the occurrence of an event x, then the event q is feasible in the time interval from t(p) to t(q). <u>Definition 2.3</u>: A schema S is data independent if the set of deciders is empty, otherwise S is data dependent. A more detalied treatment about schemata is contained in [1,2]. In this paper we will be concerned with the control aspects of computation schemata. In particular, we want to emphasize that our results are concerned with control and sequencing of a set of cooperating processes, and not with their specific functions. For this purpose we refer to schemata as models of uninterpreted program modules. In this context any control sequence of a schema represents a particular process the program module may give rise to during execution while input/output.variables of the schema represent the external world with which the process exchanges data. To convert a schema into a specification of a particular program module it is necessary to specify both the domains of the schema variables and a function or predicate for each operator or decider. $\sigma_{1} = \overline{a} \ \underline{a} \ \overline{b} \ \underline{b} \ \overline{c} \ \underline{c} \ \overline{d} \ \underline{d} \ \underline{e} \ \underline{e}_{T} \ \overline{f} \ \underline{f}$ $\sigma_{2} = \overline{a} \ \underline{a} \ \overline{b} \ \overline{c} \ \underline{c} \ \underline{b} \ \underline{d} \ \underline{d} \ \underline{e} \ \underline{e}_{T} \ \overline{f} \ \underline{f}$ $\sigma_{3} = \overline{a} \ \underline{a} \ \overline{b} \ \overline{c} \ \underline{c} \ \underline{b} \ \underline{d} \ \underline{d} \ \underline{e} \ \underline{e}_{T} \ \overline{f} \ \underline{f}$ $\sigma_{4} = \overline{a} \ \underline{a} \ \overline{c} \ \overline{c} \ \underline{b} \ \underline{b} \ \underline{d} \ \underline{d} \ \underline{e} \ \underline{e}_{T} \ \overline{f} \ \underline{f}$ $\sigma_{5} = \overline{a} \ \underline{a} \ \overline{c} \ \overline{b} \ \underline{b} \ \underline{c} \ \underline{d} \ \underline{d} \ \underline{e} \ \underline{e}_{T} \ \overline{f} \ \underline{f}$ $\sigma_{6} = \overline{a} \ \underline{a} \ \overline{c} \ \overline{b} \ \underline{b} \ \underline{c} \ \underline{d} \ \underline{d} \ \underline{e} \ \underline{e}_{T} \ \overline{f} \ \underline{f}$ $\sigma_{7} = \overline{a} \ \underline{a} \ \overline{b} \ \overline{b} \ \underline{c} \ \underline{c} \ \underline{d} \ \underline{d} \ \underline{e} \ \underline{e}_{T} \ \overline{f} \ \underline{g} \ \underline{g}$ $\sigma_{8} = \overline{a} \ \underline{a} \ \overline{b} \ \overline{c} \ \underline{c} \ \underline{b} \ \underline{d} \ \underline{d} \ \underline{e} \ \underline{e}_{T} \ \underline{g} \ \underline{g}$ $\sigma_{9} = \overline{a} \ \underline{a} \ \overline{c} \ \underline{c} \ \underline{b} \ \underline{d} \ \underline{d} \ \underline{e} \ \underline{e}_{T} \ \underline{g} \ \underline{g}$ $\sigma_{10} = \overline{a} \ \underline{a} \ \overline{c} \ \overline{c} \ \underline{b} \ \underline{c} \ \underline{d} \ \underline{d} \ \underline{e} \ \underline{e}_{T} \ \underline{g} \ \underline{g}$ $\sigma_{11} = \overline{a} \ \underline{a} \ \underline{c} \ \overline{b} \ \underline{c} \ \underline{d} \ \underline{d} \ \underline{d} \ \underline{e} \ \underline{e}_{T} \ \underline{g} \ \underline{g}$ $\sigma_{12} = \overline{a} \ \underline{a} \ \underline{c} \ \overline{b} \ \underline{b} \ \underline{c} \ \underline{d} \ \underline{d} \ \underline{d} \ \underline{e} \ \underline{e}_{T} \ \underline{g} \ \underline{g}$ C ≡ Figure 2.2 Definition 2.4: An interpretation of a schema S is - for each variable $v \in V$ , a value set F(V); - ii) for each operator o $\in$ 0, a function $f_0: F(V_{x1}) \times F(V_{x2}) \times ... \times F(V_{xm}) \rightarrow F(V_{y1}) \times \times$ $\begin{array}{c} \text{xF(V}_{y2}) \\ \text{x...xF(V}_{yn}), \text{ where } \\ \text{X}_{o} = \{ \\ \text{V}_{x1}, \\ \dots, \\ \text{V}_{xm} \} \end{array} \text{ and } \\ \text{Y}_{o} = \{ \\ \text{V}_{1}, \\ \dots, \\ \text{V}_{yn} \}; \\ \text{iii) for each decider } \\ \text{d} \\ \text{ED e predicate P}_{d} : \\ \text{F(V}_{x1}) \\ \text{xF(V}_{x2}) \\ \text{x...xF(V}_{xm}) \\ \text{$\rightarrow$ \{true, false\}, $} \end{array}$ where $X_d = \{ V_{x1}, \dots, V_{xm} \}$ . Definition 2.5: Given an interpretation of a schema S, an initial assignment for S is a function z defined on V, such that $z(v) \in F(v)$ for each $v \in V$ . To each v the value z(v) is assigned before the computation begins. Our attention will be focused now on sequential processes. Parallel processes will be analized later as a combination of several processes which are themselves strictly sequential. ### 3. SEQUENTIAL SCHEMATA A sequential schema is a schema characterized by an unique locus of control or, more precisely: Definition 3.1: A sequential schema is a schema S=(A,V,C) where control sequences of C satisfy the following properties: - i) for each $\sigma \in C$ , after the occurrence of $\overline{a}$ , the feasible event is $\underline{a}^{(\circ)}$ and viceversa an event $\underline{a}$ is feasible only after the occurrence of $\overline{a}$ ; - ii) the feasible event after an occurrence of an event $\underline{a}$ is the same for all occurrences of $\underline{a}$ in all control sequences; - iii) all the control sequences of C begin with the same event. The first part of this definition states that concurrent executions of two or more actors are not allowed; while the second one and the third one exclude "fork" and "join" actors for non trivial schemata. Note that if a sequential schema is data independent then there is only one possible control sequence $\,\sigma\,$ in C. While Figure 3.1(a) shows the control graph of a data dependent sequential schema, Figure 3.1(b) shows the control graph of a data independent sequential schema. Definition 3.2: A finite sequential schema is a sequential schema in which the set of actors is finite. While the control sequences of this type of schemata allow to model the behaviour of sequential processes, a new type of schema must be introduced to handle cyclic sequential processes. Definition 3.3: Given a finite sequential schema S=(A,V,C), let us define a cyclic sequential schema $S^c=(A^c,V^c,C^c)$ , where $A^c=A$ , $V^c=V$ and $\sigma^c \in C$ iff $\sigma^c=\sigma_1\sigma_2$ ... $\sigma_i$ ... with $\sigma_i \in C$ for any integer i>0. S is called the generating schema Note that if the actor is a decider d, then $\underline{a}$ may be $d_T$ in some sequences and $d_F$ in others. of $S^c$ . When a $\sigma_i$ is composed by infinite events, then $\sigma^c = \sigma_1 \cdots \sigma_i$ , that is, after a certain event, $\sigma^c$ is composed by events of $\sigma_i$ . $\sigma_{1} = \overline{a} \underline{a} \overline{b} \underline{b}_{T} \overline{c} \underline{c} \underline{d} \underline{d}$ $\sigma_{2} = \overline{a} \underline{a} \overline{b} \underline{b}_{F} \overline{e} \underline{e}$ a) b) Figure 3.1 The control graph of a cyclic schema S<sup>c</sup> is shown in Figure 3.2. This schema was generated by the schema whose control graph is represented in Figure 3.1(a). $$\sigma_1^c = \sigma_1 \sigma_2 \sigma_1 \sigma_2 \dots$$ $$\sigma_2^c = \sigma_1 \sigma_1 \sigma_1 \sigma_2 \sigma_1 \sigma_2 \dots$$ . Figure 3.2 If a cyclic sequential schema $S^c$ is data independent then there is only one possible control sequence $\sigma^c$ in $C^c$ : $\sigma^c$ = $\sigma\sigma\sigma\dots\sigma\dots$ where $\sigma$ is the unique control sequence of S. # 4. PARALLEL COMPOSITION OF CYCLIC SEQUENTIAL SCHEMATA In a parallel schema a mechanism capable of describing concurrent, asynchronous activity is needed: This mechanism consists of allowing several initiations before a termination occurs, and of keeping track of such initiations. Our attention will be focused now on schemata whose control sequences model sets of concurrent processes. They can be conceived as a combination of several processes which are themselves strictly sequential. In this section we introduce the directed parallel composition of cyclic sequential schemata to model the behaviour, and to point out special properties, of systems composed of several independent modules. Modules are connected by a message buffer mechanism. A single module becomes, during execution, a cyclic sequential process. In order to point out some properties related to concurrency, let us introduce: - i) A special type of variable, called mailbox; - ii) Two new types of actors, send and receive. Definition 4.1: A mailbox is a pair (C,N) where C, called counter, is a memory cell that can assume only integer value between zero and n, and where N is a queue of n memory cells. The integer n represents the capacity of the mailbox. Note that this capacity may be infinite. The integer w, the actual value of the counter, is referred to as the state of the mailbox. # Definition 4.2: Send and receive are actors such that: - the domain of any actors send (receive) is a set $X_s = \{x,m\}$ ( $X_r = \{m\}$ ) where the variables x and m are a memory cell and a mailbox respectively. The range of any actor send (receive) is a set $Y_s = \{m\}$ ( $Y_r = \{x,m\}$ ) where the mailbox m is the same in both the domain and the range; - ii) associated with each acror send (receive) there are an initiation event $\bar{s}$ $(\bar{r})$ and a termination event s (r); - iii) given a schema S=(A,V,C), for each control sequence $\sigma$ =ab...pq... $\epsilon$ C where $q=\underline{s}$ $(q=\underline{r})$ is the termination event of an actor send (receive), q is feasible in $\sigma$ only after the occurrence of all the events ab...p and if the state of the mailbox m is such that w<n (w>o). When $\underline{s}$ ( $\underline{r}$ ) occurs, the state of m is modified as follows: w:=w+1 (w:=w-1). The behaviour of an actor send is shown in the block diagram of Figure 4.1. Figure 4.1 A similar diagram can be made for the actor receive. Note that send and receive are the only actors that are allowed to modify the state of a mailbox. Definition 4.3: The state of a schema is the set of states of all the mailboxes of the schema. Given an initial state and a control sequence we obtain a sequence of states of the schema. From now on the initial state is assumed to be such that for each mailbox w=0. To define the parallel composition of n schemata $S_1, S_2, \ldots, S_n$ we introduce sets of mailboxes $M_{i,j}$ belonging to the range of actors send of the schema $S_i$ and to the domain of actors receive of $S_i$ . Mailbox $m_{i,j} \in M_j$ , i is at the same time an output mailbox of $S_i$ and an input mailbox of $S_j$ ; $m_{i,j}$ is said to link directly $S_i$ to $S_i$ . $^{M}$ i,j and $^{M}$ are disjoint sets, possibly empty. If M i,j=M, i= $\Phi$ , then S and S are not directly connected. Definition 4.4: A Directed Parallel Composition (DPC) of n cyclic sequential schemata $S_1, S_2, \ldots, S_n$ is a schema $S^p = (A^p, V^p, C^p)$ where: - i) $A^{p} = \bigcup_{i=1}^{n} A_{i}$ and for any pair $(S_{i}, S_{j})$ of component schemata $A_{i} \cap A_{j} = 0$ ; - ii) $V^{p} = \bigcup_{i=1}^{n} V_{i}$ , and for any pair $(S_{i}, S_{j})$ of component schemata $V_{i} \cap V_{j} = M_{i,j} \cup M_{j,i}$ ; - iii) Any $\sigma^p \in C^p$ can be generated as follows: given an n-tuple $\sigma_1 \dots \sigma_n$ where $\sigma_i \in C_i$ (i=1,...,n), for each prefix $\pi$ =abc...p of $\sigma^p$ , $\pi'$ = $\pi q$ is a prefix of $\sigma^p$ if q is the feasible event of a $\sigma_i$ after the occurrence of the events of $\sigma_i$ in $\pi$ . Moreover, we assume that all the events that become feasible infinitely many times in some $\sigma_i$ must occur in $\sigma^p$ . As a final step in the construction of $C^p$ , we erase all the above defined sequences of type ...a...b... where a and b are send or receive actors operating on the same mailbox, and no occurrence of a exists between a and b. The last constraint is introduced in order to assure the indivisibility of send and receive [3]. Any control sequence $\sigma^p$ of $S^p$ can be obtained by "merging" control sequences, one for every component schema. However, it is necessary to observe the constraints among events imposed by point iii) of Definition 4.4. For example, let $S^p$ be the DPC of the schemata $S_1$ and $S_2$ . Let $M_{1,2} = \{x\}$ and $M_{2,1} = \{y\}$ be mailboxes that connect $S_1$ and $S_2$ , such that $m_x = m_y = 1$ . Given the control sequences $$\sigma_1 = \overline{a} \underline{a} \overline{b} \underline{b} \overline{r}_x \underline{r}_x \overline{c} \underline{c} \underline{c} \underline{s}_y \underline{s}_y \dots$$ $$\sigma_2 = \overline{d} \underline{d} \overline{s}_x \underline{s}_x \overline{f} \underline{f} \underline{r}_y \underline{r}_y \dots$$ where $r_x$ , $r_y$ , $s_x$ , $s_y$ denote the actors receive and send related to the mailboxes x and y respectively, then $$\sigma^{\dagger p} = \bar{a} \bar{d} \underline{a} \underline{d} \bar{b} \underline{b} \underline{s} \underline{s} \underline{s} \underline{r} \underline{r} \underline{r} \underline{r} \underline{r} \underline{r} \dots$$ is not a control sequence for $S^p$ since the event $\underline{\underline{r}}_x$ is not feasible after the occurrence of the events in the prefix $\pi'=a$ $\underline{d}$ $\underline{a}$ $\underline{d}$ $\underline{b}$ $\underline{b}$ $\underline{s}_x$ $\underline{s}_x$ $\underline{r}_x$ $\underline{r}_x$ $\underline{r}_x$ . Similarly, $$\sigma^{np} = \overline{a} \overline{d} \underline{a} \underline{d} \overline{b} \underline{b} \overline{s}_{x} \overline{r}_{x} \underline{r}_{x} \underline{s}_{x} \dots$$ is not a control sequence for $S^p$ since the indivisibility constraint of send is violated. From now on, given a $\sigma^p$ of a DPC $S^p$ , for each component schema $S_i$ , we will denote by $\sigma_i$ the control sequence of $S_i$ that concurs to generate $\sigma^p$ . A DPC $S^p$ can be represented by a connection graph G. Definition 4.5: Given a DPC $S^p$ of n cyclic sequential schemata $S_1 S_2 \dots S_n$ , the connection graph is a bipartite graph whose nodes are component schemata and mailboxes. The arcs of the connection graph represent links among schemata through mailboxes. Figure 4.2 shows the connection graph of a DPC of the schemata $s_1, s_2, s_3, s_4, s_5$ . Figure 4.2 We introduce now some definitions on connection graphs. <u>Definitions 4.6</u>: A path in the connection graph G of a DPC $S^p$ is a sequence of schemata $S_1, \ldots, S_k$ linked through k-1 mailboxes: In Figure 4.2, $S_1, S_3, S_4, S_5$ is a path. Definition 4.7: A semipath in G is a sequence of schemata $S_1, \ldots, S_k$ linked through k-1 mailboxes: $$^{m}$$ 1,2 $^{oh}$ $^{m}$ 2,1, $^{m}$ 2,3 $^{oh}$ $^{m}$ 3,2,..., $^{m}$ k-1,k $^{oh}$ $^{m}$ k,k-1 . In Figure 4.2, $S_2$ , $S_1$ , $S_3$ is a semipath. Definition 4.8: A semicycle is a semipath $S_1, \ldots, S_k$ , such that $S_k$ coincides with $S_1$ and the two mailboxes linking any triple of consecutive schemata are different. While $S_2, S_1, S_3, S_4, S_2$ is a semicycle, $S_1, S_3, S_1$ is not a semicycle (Figure 4.2). Definition 4.9: A mailbox is called one-to-one if it links only two schemata. For example, $m_{1,2}$ , $m_{1,3}$ , $m_{1,2}$ , $m_{4,5}$ are one-to-one mailboxes (Figure 4.2). Definition 4.10: Given a DPC $S^p$ of n cyclic sequential schemata $S_1, \ldots, S_n$ , for each component schema $S_i$ and for each mailbox m belonging to this schema let us denote by $\lambda$ $(S_i, m)$ the function that gives the set $\Lambda_i$ of schemata connected to $S_i$ through m. If m is one-to-one mailbox, $\Lambda_{i,m}$ is composed by only one schema. For example, in Figure 4.2, $\lambda(S_4, m_3, 4) = \lambda(S_4, m_2, 4) = \{S_2, S_3\}, \lambda(S_1, m_1, 3) = S_3$ . Definition 4.11: A DPC $S^p$ is well formed if: - i) any mailbox links at least two schemata; - ii)the connection graph G is connected. The DPC whose connection graph is shown in Figure 4.2 is well formed. Note that in a well formed DPC $S^p$ , for each component schema $S_i$ the set $i_{i,m}^{-1} = \lambda(S_i, m)$ is not empty, where m is a mailbox belonging to $S_i$ . From now on, any DPC will be tacitly considered well formed. In order to point out some properties related to the control and sequencing of a set of cooperating processes, let us give the following definitions: Definition 4.12: Given a control sequence $\sigma^p$ of a DPC $s^p$ , a deadlock occurs in $\sigma^p$ if at least one component schema $s_k$ and an event p belonging to both $\sigma_k$ and $\sigma^p$ exists such that no event that follows p in $\sigma^p$ belongs to $\sigma_k$ . Here $\sigma_k$ is said a deadlocked control sequence. The first event q that follows p in $\sigma_k$ is called the blocking event of $\sigma_k$ related to $\sigma^p$ . Note that, for each deadlocked $\sigma_k$ , the blocking event does not belong to $\sigma^p$ : It is an unfeasible termination of an actor send or receive related to a mailbox $m^*$ whose state is w=n or w=0 respectively. In such case, we will denote briefly by $\Lambda_k$ , the set $\Lambda_{k,m}^*$ of schemata connected to $S_k$ through $m^*$ . This mailbox will be called the critical mailbox of $S_k$ . Definition 4.13: Given a control sequence $\sigma^p$ of a DPC $S^p$ , for any blocking event q, belonging to a deadlocked control sequence $\sigma_i$ , if there is an event q' belonging to a control sequence $\sigma_i$ such that the occurrence of q' in $\sigma^p$ makes feasible q, then q' is called an awaking event of q. Obviously, if $\sigma_i$ is deadlocked in $\sigma^p$ , then also $\sigma_i$ is deadlocked. Definition 4.14: A deadlock in a control sequence $\sigma^p$ of a DPC $s^p$ is called a partial deadlock if $\sigma^p$ is infinite. Otherwise it is called a total deadlock. In the following sections, distinctions among different kinds of DPC's will be pointed out in order to find relevant properties of systems under deadlock conditions. # 5. DATA AND TIME INDEPENDENT SYSTEMS <u>Definition 5.1:</u> A DPC $S^p$ of n cyclic sequential schemata $S_1, \ldots, S_n$ is of type 1 if all the component schemata are data independent and all the mailboxes are one-to-one. Since they are data independent, any DPC $S^p$ of type 1 is such that all its component schemata have only one control sequence. Furthermore, we can prove that: Lemma 5.1: Given a DPC $S^p$ of type 1, if a deadlock occurs in some $\sigma^p$ , then for any blocking event q, belonging to a deadlocked control sequence $\sigma_i$ , there exists one component schema $S_j = \Lambda_i$ whose control sequence $\sigma_j$ contains the awaking event of q. Proof: Let us suppose that the critical mailbox m of $S_i$ is an output mailbox. Then, the blocking event q is an event $\underline{s}$ and the state of m is $\underline{w}=\underline{n}$ . Since the DPC $S^P$ is well formed, then there exists at least one component schema $\underline{S}_i \in \Lambda_i$ . As $S^P$ is of type 1, then $\Lambda_i = \underline{S}_i$ . By definition 4.10, the mailbox m links $\underline{S}_i$ to $\underline{S}_i$ , then $\underline{S}_i$ contains at least one actor receive related to m. Since there is only one control sequence $\underline{\sigma}_i$ of $\underline{S}_i$ , it must contain an infinite number of events $\underline{r}$ related to m. Let $\underline{p}$ denote the last event of $\underline{\sigma}_i$ in $\underline{\sigma}_i^P$ . Let us consider the prefix of $\underline{\sigma}_i^P$ whose last event is $\underline{p}$ : there exists, in the prefix, a finite number, possibly zero, of events belonging to $\underline{\sigma}_i$ . Let $\underline{p}_i^P$ denote the last of these events. The occurrence of the first event $\underline{q}_i^P = \underline{r}_i^P$ , successor of $\underline{p}_i^P$ in $\underline{\sigma}_i^P$ , should modify the state of the mailbox m from $\underline{w}=\underline{n}_i^P = \underline{r}_i^P$ and then it should make feasible $\underline{q}_i^P = \underline{r}_i^P$ is the awaking event of $\underline{q}_i^P = \underline{r}_i^P$ . A similar argument can be developed if the blocking event $\underline{q}_i^P = \underline{r}_i^P$ is an event $\underline{r}_i^P = \underline{r}_i^P$ . Q.E.D. From Lemma 5.1 the following theorem arises: Theorem 5.1: Given a $\sigma^p$ of a DPC $S^p$ of type 1, if the control sequence $\sigma_i$ of the schema $S_i$ is deadlocked, then the control sequence $\sigma_i$ of the schema $S_i = 1$ is deadlocked. In other words, a unique control sequence can not exist in $\sigma^p$ . By Theorem 5.1, if $\sigma_i$ is deadlocked in $\sigma^p$ , then also $\sigma_j$ is deadlocked, where $S_i = \lambda(S_i) = \Lambda_i$ , and then also $\sigma_k$ is deadlocked, where $S_k = \lambda(S_j) = \lambda(\lambda(S_i))$ . This will be denoted, briefly, by: $$S_k = \Lambda^2(S_i)$$ Then, we can state the following Lemma: Lemma 5.2: Given a control sequence $\sigma^p$ of a DPC $S^p$ of type 1, if a deadlock occurs in $\sigma^p$ , then, for each $S_i$ whose control sequence $\sigma_i$ is deadlocked, there is an infinite semipath, composed by schemata whose control sequences are deadlocked: $$\Lambda_{i}^{\circ}, \Lambda_{i}, \Lambda_{i}^{2}, \ldots, \Lambda_{i}^{j}, \ldots$$ where $\Lambda_{i}^{O} = S_{i}$ . Definition 5.2: Under the hypothesis of Lemma 5.2, the semipath $\Lambda_i^0$ , $\Lambda_i^2$ , $\Lambda_i^2$ , $\Lambda_i^j$ , ... is called the *critical semipath* related to $S_i$ . Now we give a necessary condition for the occurrence of a deadlock, both a partial and a total deadlock, in a control sequence $\sigma^p$ of a DPC of type 1. This condition is related to the connection topology of the component schemata. Theorem 5.2: Given a control sequence $\sigma^p$ of a DPC $S^p$ of type 1, the existence of a semicycle in the connection graph G of $S^p$ is a necessary condition for a deadlock in $\sigma^p$ . <u>Proof:</u> If a deadlock occurs in $\sigma^p$ , then at least one component schema $S_i$ exists such that the control sequence $\sigma_i$ is deadlocked. Let us consider the critical semipath related to $S_i$ : $$\Lambda_{i}^{o}$$ , $\Lambda_{i}$ , $\Lambda_{i}^{2}$ , ..., $\Lambda_{i}^{j}$ , ... Since the critical semipath is infinite and the number of component schemata in the DPC is finite, an integer $k \geqslant 0$ exists such that: $$\Lambda_{i}^{k} = \Lambda_{i}^{k+h} \qquad (h \ge 2)$$ Let us prove that: $$\Lambda_{i}^{k}, \Lambda_{i}^{k+1}, \ldots, \Lambda_{i}^{k+h}$$ is a semicycle. Let us consider the pair of consecutive schemata in the critical semipath: $$S_a = \Lambda_i^{k+t}, \qquad S_b = \Lambda_i^{k+u}$$ (where $t=|j-1|_h$ , $u=|j|_h$ , $j\geqslant 1$ ) and let $m_a$ and $m_b$ be their critical mailboxes, respectively. By definition 4.8 it is sufficient to prove that $m_a\neq m_b$ . On the contrary, if $m_a=m_b=m$ , the same mailbox would be critical for both $S_a$ and $S_b$ . Since m is one-to-one, it should be an input mailbox for $S_a$ ( $S_b$ ) and an output mailbox for $S_b$ ( $S_a$ ) respectively. Then, the state of m should be w=0 and w=n at the same time. This is a nonsense and then $m_a\neq m_b$ . From the proof of above theorem, the following corollary arises: Corollary 5.1: Given a DPC $S^p$ of type 1, each critical semipath contains at least a semicycle. If a schema has the control sequence deadlocked, in addition to the schemata of its critical semipath, other schemata have their control sequences deadlocked. More precisely: Lemma 5.4: Given a control sequence $\sigma^p$ of a DPC $S^p$ of type 1, if a deadlock occurs in $\sigma^p$ , then, for any deadlocked control sequence $\sigma_i$ , every schema $S_i$ such that a path exists in the connection graph G from $S_i$ to $S_i$ has its control sequence deadlocked. Proof: Let $$S_i, S_{p_1}, \dots, S_{p_h}, S_j$$ be a path from $S_i$ to $S_j$ . Then, an output mailbox m of $S_i$ exists such that $\Lambda_{i,m} = s_{p_1}$ . That is, $\sigma_{p_1}$ must contain an infinite number of events <u>r</u> related to m. Let q be the last event of $\sigma_i$ in $\sigma^p$ and let <u>w=x</u> be the state of m after t(q). Let p denote the last event of $\sigma_{p_1}$ in $\sigma^p$ such that t(p)<t(q). After the occurrences of at most x+1 events <u>r</u> that follow p in $\sigma_{p_1}$ , the state of m becomes w=0 and then $\sigma_{p_1}$ becomes deadlocked. Since we can apply iteratively this argument to the other schemata of the path up to S, the theorem is proved. Q.E.D. In particular, if all the mailboxes of $S^p$ have a finite capacity, then the following theorem can be proved: Theorem 5.3: Given a control sequence $\sigma^p$ of a DPC $S^p$ of type 1, where all the mailboxes of $S^p$ have a finite capacity, if a deadlock occurs in $\sigma^p$ , then it is a total deadlock. $\frac{\text{Proof:}}{\text{let us prove that any schema}}$ be a schema whose control sequence $\sigma_i$ is deadlocked. First of all, $$s_{j}, s_{dh}, \dots, s_{dl}, s_{i}$$ has its control sequence deadlocked. An input mailbox m of $S_i$ exists such that $\Lambda_{i,m}=S_{d1}$ . Then, $\sigma_{d1}$ must contain an infinite number of events $\underline{s}$ related to m. Let q be the last event of $\sigma_i$ in $\sigma^p$ and $\underline{w}=\underline{x}$ be the state of $\underline{m}$ after $\underline{t}(q)$ . Let p denote the last event of $\sigma_{d1}$ in $\sigma^p$ such that $\underline{t}(p)<\underline{t}(q)$ . After the occurrence of at most n-x+1 (by hypothesis a finite number) events $\underline{s}$ that follow p in $\sigma_{d1}$ the state of m becomes $\underline{w}=\underline{n}$ , then $\sigma_{p_1}$ becomes deadlocked. Since we can apply iteratively this argument to the other schemata of the path up to $S_{\dot{1}}$ , the above proposition is proved. From this result and from Lemma 5.2 it follows that if $S_i$ has the control sequence deadlocked then each $S_h$ such that a semipath exists between $S_i$ and $S_h$ , has the control sequence $\sigma_h$ deadlocked. By hypothesis, at least a deadlocked control sequence $\sigma_i$ exists in $S^p$ : Since the connection graph G is connected (that is, a semipath exists between $S_i$ and each other component schema), if q is the last event of $\sigma_i$ in $\sigma^p$ , there exists at most a finite number of events that follow q in $\sigma^p$ . Q.E.D. Let us state now, two important properties of any DPC Sp of type 1: Theorem 5.4: Given a DPC $S^p$ of type 1, if a partial deadlock exists in a particula control sequence $\sigma^{p^*}$ , then, denoting by $\Sigma = \{\sigma_{d1}, \sigma_{d2}, \dots, \sigma_{di}, \dots, \sigma_{dk}\}$ the set of the deadlocked control sequences in $\sigma^{p^*}$ and by $\nu_i^*$ (i=1,2,...,k) the number of events of $\sigma_{di}$ in $\sigma^{p^*}$ , for each $\sigma^p$ of $S^p$ : $$v_{i}^{*} = v_{i} \quad (i=1,2,...,k)$$ where $v_i$ is the number of events of $\sigma_i$ in $\sigma^p$ . Proof: Let us suppose that a $\sigma^p$ exists such that at least one $\sigma_{di} \in \Sigma$ has a number of events, in $\sigma^p$ , $v_i > v_i^*$ , and let us prove that this implies an absurdity. Denoting by q the blocking event $\sigma_{\rm di}$ related to $\sigma^{\rm px}$ , q must occur in $\sigma^{\rm p}$ . Let us consider the first two schemata of the critical semipath starting from ${\rm S_{di}:S_{di}}$ and ${\rm S_{dj}}$ (where ${\rm S_{dj}=A_i}$ ). From Lemma 5.1, $\sigma_{\rm dj}$ contains the awaking event q' of q. By definition 4.13, the occurrence of q' must preced the occurrence of q in $\sigma^{\rm p}$ (i.e. ${\rm t}(q')<{\rm t}(q)$ ). Then, denoting by p the blocking event of $\sigma_{\rm dj}$ related to $\sigma^{\rm px}$ , since in $\sigma^{\rm p}$ ${\rm t}(p)<{\rm t}(q')$ , it follows: $$t(p) < t(q) \tag{5.1}$$ Similarly, if we consider $s_{dh} = \Lambda_{dj} = \Lambda_{di}^2$ , then, denoting by $\ell$ the blocking event of $\sigma_{dh}$ related to $\sigma_{dh}^p$ : $$t(\ell) < t(p) < t(q) \tag{5.2}$$ We can apply the same argument, iterlatively, to the subsequent schemata of the critical semipath related to $S_{di}$ . Since this semipath contains a semicycle (Corollary 5.1), then it will contain at least twice a certain schema $S_{du}$ : $$s_{di}, s_{dj}, s_{dh}, \dots, s_{du}, \dots, s_{du}, \dots$$ Therefore, the argument that led to (5.1) and (5.2) gives the following relationship in $\sigma^p$ : $$\dots < \mathsf{t}(z) < \dots < \mathsf{t}(z) < \dots < \mathsf{t}(\ell) < \mathsf{t}(p) < \mathsf{t}(q)$$ (5.3) where z is the blocking event of $\sigma_{du}$ related to $\sigma^p$ . Since no event can preced itself, (5.3) contains an absurdity, and then the hypothesis that $\sigma_{di}$ has more events in $\sigma^p$ than in $\sigma^{p*}$ is false. The same conclusion could be obtained by assuming that $v_i < v_i^*$ , exchanging in the above demostration $\sigma^{p*}$ with $\sigma^p$ . Q.E.D. Theorem 5.4 asserts that if a partial deadlock occurs in a particular control sequence of a DPC $S^p$ of type 1, then the same partial deadlock occurs in all the control sequences of $S^p$ . In the case of total deadlock, Theorem 5.4 implies the following corollary: Corollary 5.2: Given a DPC $S^p$ of type 1, if a particular control sequence $\sigma^{p*}$ is finite and is composed of $\nu$ events, then every control sequence $\sigma^p$ is finite and is composed by $\nu$ events. Theorem 5.4 and Corollary 5.2 assert that for a DPC of type 1, a deadlock is independent of the particular control sequence. It only depends on both the topology of the connections among component schemata and the structure of each component schema. Modular systems modelled by DPC's of type 1 give rise, during execution, to a family of cooperating asynchronous processes. For these types of modular systems, a deadlock condition depends neither on the input data nor on the relative speeds of the component processes. For this reason we call this type of systems: Data and time independent systems. ### 6. DATA DEPENDENT AND TIME INDEPENDENT SYSTEMS <u>Definition 6.1</u>: A DPC $S^p$ of n cyclic sequential schemata is of $type\ 2$ if all the mailboxes in $S^p$ are one-to-one. Any DPC of type 1 is a particular case of DPC's of type 2, where all the component schemata are data independent. When deciders are present, it is no longer true that for any cyclic sequential schema there is only one possible control sequence. Therefore, for a DPC of type 2, if a deadlock occurs in some control sequence $\sigma^p$ , it is not true that for a blocking event q of a deadlocked control sequence $\sigma^p$ , it is not true that for a blocking event q of a deadlocked control sequence $\sigma^p$ , there exists a $\sigma^p$ whose control sequence $\sigma^p$ contains the awaking event of $\sigma^p$ . In particular, an unique deadlocked $\sigma^p$ can exist in $\sigma^p$ . Thus, results similar to the ones stated by Lemma 5.1, Lemma 5.2, Theorem 5.1 and Theorem 5.3 are no longer true for a DPC of type 2. For the same reason, also Theorem 5.2 is false, in general. However we can prove that it is still true only for total deadlocks. Theorem 6.1: Given a control sequence $\sigma^p$ of a DPC $S^p$ of type 2, a semicycle in the connection graph G of $S^p$ is a necessary condition for a total deadlock in $\sigma^p$ . <u>Proof:</u> Let $S_{d1}$ be a component schema of $S^p$ . By hypothesis, $\sigma_{d1}$ is deadlocked in $\sigma^p$ . Let us consider $S_{d2}=\Lambda_{d1}$ : By hypothesis, $\sigma_{d2}$ is also deadlocked. We can apply iteratively this argument to $S_{d2}$ , and so on. In this way, we detect an infinite semipath whose schemata have their control sequences deadlocked in $\sigma^p$ : $$\Lambda_{\rm dl}^{\circ}, \Lambda_{\rm dl}^{\circ}, \Lambda_{\rm dl}^{2}, \ldots, \Lambda_{\rm dl}^{i}, \ldots$$ By applying the same proof of Theorem 5.2 it follows that the above semipath contains a semicycle. Q.E.D. Theorem 5.4 is a consequence of the characteristics of a DPC of type 1, that is, all the mailboxes are one-to-one and for each component schema there is only one control sequence. Here, Theorem 5.4 is no longer true. However, an analogue Theorem can be proved, if we choose a particular interpretation of actors send and receive; namely, values are written by send in the cells of the mailbox vector N, one at a time, and they are read by receive exactly in the same order. In other words the vector N is a FIFO queue. For any DPC of type 2, let us denote by $\Omega$ the set of interpretations for which actors send and receive have the above specification. We can prove that for any DPC of type 2, given an interpretation $\omega \in \Omega$ and an input assignment, there is only one possible control sequence for any componer schema: Lemma 6.1: Given a DPC $S^p$ of type 2, for each interpretation $\omega \in \Omega$ and for each input assignment, each component schema $S_i$ has the same control sequence $\sigma_i$ in all the control sequences of $S^p$ . <u>Proof:</u> Let us suppose that two control sequences $\sigma_1^p$ and $\sigma_2^p$ exist such that the component schema S. has two different control sequences $\sigma_{i1}$ and $\sigma_{i2}$ in $\sigma_1^p$ and $\sigma_2^p$ respectively. Let us proof that this implies an absurdity. Since the schemata are sequential, by definition 3.1 (iii) $\sigma_{i1}$ and $\sigma_{i2}$ have the same prefix $\pi$ =ab...p. That is, p is the last event after which $\sigma_{i1}$ and $\sigma_{i2}$ are different. By definition 3.1 (i), p is the initiation event $\bar{d}$ of a decider d. This implies that, after the occurrence of the events of $\pi$ , the values of some variables in the domain X(d) are different in $\sigma_{i1}$ and $\sigma_{i2}$ . Since $\sigma_{1}^{p}$ and $\sigma_{2}^{p}$ have, by hypothesis, the same input assignment, it can be proved that $S_{i}$ must contain at least one input mailbox m from which different sequences of values are read in $\sigma_{i1}$ and $\sigma_{i2}$ . Let X be the <u>first</u> event <u>r</u> belonging to $S_{i}$ that reads different values from m. It results, in $\sigma_{1}^{p}$ and $\sigma_{2}^{p}$ respectively: $$t_1(x) < t_1(p)$$ $$t_2(x) < t_2(p)$$ Let us consider now the schema $S_j = \Lambda_{i,m}$ . Since the interpretation belongs to $\Omega$ , it follows that $\sigma_{j1}$ and $\sigma_{j2}$ exist, in $\sigma_1^p$ and $\sigma_2^p$ respectively, such that different sequences of values are written in m. Let y be the <u>first</u> event s belonging to s, that writes different values in m. It results, in $\sigma_1^p$ and $\sigma_2^p$ respectively: $$t_1(y) < t_1(x) < t_1(p)$$ $$t_2(y) < t_2(x) < t_2(p)$$ As well as $S_i$ , also $S_j$ must have at least one input mailbox m' from which different sequences of values are read in $\sigma_{j1}$ and $\sigma_{j2}$ . Let z be the <u>first</u> event <u>r</u> belonging to $S_j$ that reads different values from m'. It results, in $\sigma_1^p$ and $\sigma_2^p$ respectively: $$t_1(z) < t_1(y) < t_1(x) < t_1(p)$$ $$t_2(z) < t_2(y) < t_2(x) < t_2(p)$$ (6.1) By applying iteratively the above argument to $S_j$ , $\Lambda_{j,m}$ , and so on, we should find two endless chains of inequalities with their rightmost sides coinciding with (6.1): $$\dots < t_1(z) < t_1(y) < t_1(x) < t_1(p)$$ $$\dots < t_2(z) < t_2(y) < t_2(x) < t_2(p)$$ This is an absurdity, because only a finite number of event can preceed z in any control sequence of $S^p$ (see Definition 4.4 (iii)). Now an proposition analogous to Theorem 5.4 can be stated: Theorem 6.2: Given a DPC of type 2, if, for each interpretation $\omega \in \Omega$ and for each input assignment, a partial deadlock exists in a particular control sequence $\sigma^{p*}$ , then, denoting by $\Sigma = \{\sigma_{d1}, \dots, \sigma_{di}, \dots, \sigma_{dk}\}$ the set of the deadlocked component control sequences in $\sigma^{p*}$ and by $v_i^*$ (i=1,2,...,k) the number of events of $\sigma_{di}$ in $\sigma_{*}^p$ , under the same interpretation and the same input assignment, for each $\sigma^p$ of $S^p$ : $$v_i^{\star} = v_i \quad (i=1,2,\ldots,k)$$ where $v_i$ is the number of events of $\sigma_{di}$ in $\sigma^p$ . <u>Proof:</u> Let us suppose that a $\sigma^p$ exists such that one $\sigma_{di} \in \Sigma$ has a number of events, in $\sigma^p$ , $v_i > v_i^*$ and let us prove that this implies an absurdity. Denoting by q the blocking event of $\sigma_{di}$ related to $\sigma^{p*}$ , q must occur in $\sigma^p$ . Let us consider $S_{dj}=\Lambda_i$ . Its control sequence $\sigma_{dj}$ , that by Lemma 6.1 is the same that occurs to form both $\sigma^p$ and $\sigma^{p*}$ , contains the awaking event of q. Denoting by p the blocking event of $\sigma_{dj}$ related to $\sigma^{p*}$ , it may be shown, as in Theorem 5.4, that, in $\sigma^p$ , We can apply iteratively this argument to $S_{\rm dj}$ and so on. In this way, we obtain an infinite semipath of schemata belonging to $\Sigma$ . This semipath is analogous to the critical semipath in Theorem 5.4. From now on, the proof can go on in a similar way. Q.E.D. From Theorem 6.2 a proposition analogous to Corollary 5.2 can be stated: Corollary 6.1: Given a DPC of type 2, if, for some input assignment, a particular control sequence $\sigma^p_{\pm}$ is finite and composed by k events, then, for the same interpretation and for the same input assignment, every control sequence $\sigma^p$ is finite and composed by the same number k of events. Theorem 6.2 enables us to say that in any modular system modelled by a DPC of type 2 a total deadlock is independent of the relative speeds of the component processes. However, a total deadlock depends on the input data. In other words, if, for certain input data, a total deadlock occurs during a computation, then, for the same input data, the same deadlock condition occurs in any computation. For this reason we call this type of systems: Data Dependent and Time Independent Systems. We want to emphasize that the above results hold only for an interpretation $\omega \in \Omega$ . However, considering a mailbox as a FIFO queue is not a strong limitation. A DPC of type 2 is a particular case of a DPC were all the mailboxes are one-to-one. If a DPC is not of type 2, Theorem 6.2 is no longer true. In other words, for a modular system modelled by a general type of DPC a deadlock depends on the input data, and on the relative speeds of the component processes. We call this type of systems Data and Time dependent. # 6. CONCLUSIONS Deadlock conditions, that can arise in asynchronous systems, owing to interprocess communication activity, are analyzed. Systems are classified in three catagories, each of which has particular properties as far as deadlock conditions are considered. Systems modelled by DPC's of type 2 are particurarly interesting. In fact they are sufficiently general. Furthermore, for any interpretation $\omega \in \Omega$ , they belong to the class of Patil's $\beta$ systems [4], that is they are functional systems. ### 7. REFERENCES - [1] J.B. Dennis: Course Notes "Computation Structures" Department of electrical Engineering, MIT 1967. - [2] J.P. Linderman: "Productivity in Parallel Computation Schemata", MIT Project MAC-TR-111, December 1973. - [3] E.W. Dijkstra: "Computing Sequential Processes" Programming Languages, F. Genuys ed., Academic Press, 43-112, (1968). - [4] S.S. Patil: "Closure Properties of interconnections of determinate systems" Record Project MAC Conference on Concurrent Systems and Parallel Computation, ACM, N.Y. 1970.