Java threads are synchronised through primitives based upon monitor concepts developed in the early 1970s. The semantics of Java's primitives have only been presented in natural language-this paper remedies this with a simple and formal CSP model. In view of the difficulties encountered in reasoning about any non-trivial interactions between Java threads, being able to perform that reasoning in a formal context (where careless errors can be highlighted by mechanical checks) should be a considerable confidence boost. Further automated model-checking tools can be used to root out dangerous states (such as deadlock and livelock), find overlooked race hazards and prove equivalence between algorithms (e.g. between optimised and unoptimised versions). A case study using the CSP model to prove the correctness of the JCSP channel implementation (which is built in terms of standard Java monitor synchronisations) is presented.
[1]
Andrew William Roscoe,et al.
The Theory and Practice of Concurrency
,
1997
.
[2]
Johannes F. Broenink,et al.
Communicating Java Threads
,
1997
.
[3]
A. W. Roscoe,et al.
Formal Verification of Arbitrary Network Topologies
,
1999,
PDPTA.
[4]
Richard M. Karp,et al.
Turing award lecture
,
1985,
ACM '85.
[5]
George S. Avrunin,et al.
Data flow analysis for checking properties of concurrent Java programs
,
1999,
Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).
[6]
C. A. R. Hoare,et al.
The emperor's old clothes
,
1981,
CACM.
[7]
Jeremy M. R. Martin,et al.
A Tool for Checking the CSP sat Property
,
2000,
Comput. J..
[8]
Peter H. Welch.
Java threads in the light of occam/CSP
,
1997
.