Generating CSP Models of Threaded Java Programs

Abstract

Communicating Sequential Processes (CSP) is a language for understanding concurrent behaviour 1]. This paper discusses how and why we might construct a CSP model of a Java program and looks at some of the problems involved that require further research.. .. Java provides support for threading but cannot protect the user from the pitfalls associated with concurrent programming. Tracking down bugs such as race conditions and deadlocks can be extremely diicult; one way of simplifying this might be to construct a model of the program and reason about that. The major beneet of choosing CSP as the modelling language, or more precisely its machine-readable form, is the availability of automated proof tools that support it. One such tool is FDR (Failures/Divergences Reenement). In addition to allowing you to test assertions about a speciication, it includes a debugger for identifying one example of failure if the assertion does not hold. Would it not be better to design and specify the program using CSP and then translate that into Java? If you are designing an application from scratch, then it is clearly better to prove that the design is correct, using CSP and the appropriate tools, and then build the program to this speciication. This is not without its diiculties-CSP is not suitable for specifying many aspects of a Java program and in implementing those aspects you could introduce threading problems. The problems of large and even innnite state spaces discussed later apply just as much when translating from CSP to Java. These diiculties aside, this approach is not helpful when faced with an existing Java program that is behaving incorrectly. In this case, you need to be able to produce a valid model of the program and test it with a tool such as FDR. By automating the process of proving a CSP speciication, FDR has allowed people to reason about much larger examples than would be possible manually. However, the CSP models still have to be created by hand, which requires a skilled person and can be a lengthy process. For this technique to become widespread, the process of constructing the model also needs to be automated.

Cite this paper

@inproceedings{Williams1999GeneratingCM, title={Generating CSP Models of Threaded Java Programs}, author={Claire Williams}, year={1999} }