Syntax The syntax of CSP defines the “legal” ways in which processes and events may be combined. Let be an event, be a boolean, and be a set of events. Then the basic
syntax of CSP can be defined as: \begin{array}{lcll} {Proc} & ::= & \mathrm{STOP} & \; \\ &|& \mathrm{SKIP} & \; \\ &|& e \rightarrow {Proc} & (\text{prefixing})\\ &|& {Proc} \;\Box\; {Proc} & (\text{external} \; \text{choice})\\ &|& {Proc} \;\sqcap\; {Proc} & (\text{nondeterministic} \; \text{choice})\\ &|& {Proc} \;\vert\vert\vert\; {Proc} & (\text{interleaving}) \\ &|& {Proc} \;|[ \{ X \} ]| \;{Proc} & (\text{interface} \; \text{parallel})\\ &|& {Proc} \setminus X & (\text{hiding})\\ &|& {Proc} ; {Proc} & (\text{sequential} \; \text{composition})\\ &|& \mathrm{if} \; b \; \mathrm{then} \; {Proc}\; \mathrm{else}\; Proc & (\text{boolean} \; \text{conditional})\\ &|& {Proc} \;\triangleright\; {Proc} & (\text{timeout})\\ &|& {Proc} \;\triangle\; {Proc} & (\text{interrupt}) \end{array} Note that, in the interests of brevity, the syntax presented above omits the \mathbf{div} process, which represents
divergence, as well as various operators such as alphabetized parallel, piping, and indexed choices.
Formal semantics CSP has been imbued with several different
formal semantics, which define the
meaning of syntactically correct CSP expressions. The theory of CSP includes mutually consistent
denotational semantics,
algebraic semantics, and
operational semantics.
Denotational semantics The three major denotational models of CSP are the
traces model, the
stable failures model, and the
failures/divergences model. Semantic mappings from process expressions to each of these three models provide the denotational semantics for CSP. Denotational semantics allows several definitions of a
partial order of
refinement on processes, which in turn can be used to elegantly represent several properties on processes. Generally, P \sqsubseteq Q denotes Q
refines P.
Traces model The
traces model defines the meaning of a process expression as the set of sequences of events (traces) that the process can be observed to perform. For example, • \mathrm{traces}\left(\mathrm{STOP}\right) = \left\{ \langle\rangle \right\} since \mathrm{STOP} performs no events • \mathrm{traces}\left(a\rightarrow b \rightarrow \mathrm{STOP}\right) = \left\{\langle\rangle ,\langle a \rangle, \langle a, b \rangle \right\} since the process (a\rightarrow b \rightarrow \mathrm{STOP}) can be observed to have performed no events, the event , or the sequence of events followed by More formally, the traces model \mathcal T is defined as the set of non-empty prefix-closed subsets of \Sigma^{\ast}. The meaning of a process in the traces model is defined as \mathrm{traces}\left(P\right) \subseteq \Sigma^{\ast} such that: • \langle\rangle \in \mathrm{traces}\left(P\right) (i.e. \mathrm{traces}\left(P\right) contains the empty sequence) • s_1 \smallfrown s_2 \in \mathrm{traces}\left(P\right) \implies s_1 \in \mathrm{traces}\left(P\right) (i.e. \mathrm{traces}\left(P\right) is prefix-closed) where \Sigma^{\ast} is the set of all possible finite sequences of events. A process P is said to
trace-refine another Q if and only if \mathrm{traces}(P) \supseteq \mathrm{traces}(Q). P
trace-refines Q is denoted Q \sqsubseteq_{\mathrm{T}} P.
Stable failures model The
stable failures model \mathcal F extends the traces model with refusal sets, which are sets of events X \subseteq \Sigma that a process can refuse to perform. A
failure is a pair \left(s,X\right), consisting of a trace , and a refusal set which identifies the events that a process may refuse once it has executed the trace . The observed behavior of a process in the stable failures model is described by the pair \left(\mathrm{traces}\left(P\right), \mathrm{failures}\left(P\right)\right). For example, \mathrm{failures}\left(\left(a \rightarrow \mathrm{STOP}\right) \Box \left(b \rightarrow \mathrm{STOP}\right)\right) = \left\{\left(\langle\rangle,\emptyset\right), \left(\langle a \rangle, \left\{a,b\right\}\right), \left(\langle b \rangle,\left\{a,b\right\}\right) \right\} \mathrm{failures}\left(\left(a \rightarrow \mathrm{STOP}\right) \sqcap \left(b \rightarrow \mathrm{STOP}\right)\right) = \left\{ \left(\langle\rangle,\left\{a\right\}\right), \left(\langle\rangle,\left\{b\right\}\right), \left(\langle a \rangle, \left\{a,b\right\}\right), \left(\langle b \rangle,\left\{a,b\right\}\right) \right\} A process P
stable-failures-refines Q if and only if \mathrm{traces}(P) \supseteq \mathrm{traces}(Q) \land \mathrm{failures}(P) \supseteq \mathrm{failures}(Q). P
stable-failures-refines Q is denoted Q \sqsubseteq_{\mathrm{F}} P.
Failures/divergences model The
failures/divergence model \mathcal N further extends the failures model to handle
divergence. The semantics of a process in the failures/divergences model is a pair \left(\mathrm{failures}_\perp\left(P\right), \mathrm{divergences}\left(P\right)\right) where \mathrm{divergences}\left(P\right) is defined as the extension-closure of the set of all traces after which the process can immediately diverge, and \mathrm{failures}_\perp\left(P\right) = \mathrm{failures}\left(P\right) \cup \left\{\left(s,X\right) \mid s \in \mathrm{divergences}\left(P\right), X \subseteq \Sigma^*\right\}, which is the extension of \mathrm{failures}(P) with all divergent traces. A process P
failures-divergences-refines Q if and only if \mathrm{failures}_\bot(P) \supseteq \mathrm{failures}_\bot(Q) \land \mathrm{divergences}(P) \supseteq \mathrm{divergences}(Q). P
failures-divergences refines Q is denoted Q \sqsubseteq_{\mathrm{FD}} P.
Unique fixed points One of the most important principles in CSP is the
unique fixed points (UFP) rule. Generally, it states that a process which satisfies certain nice properties has a single semantic interpretation. It can be used to conclude algebraic proofs that two processes are equal in a model of CSP. A version for single recursions in the traces model is outlined here. Consider processes as their trace sets. The operator \downarrow is defined for all processes P, all n \in \mathbb N so that P \downarrow n = \{ s \in P : \#s \leq n \}, where \#s denotes the length of string s: the set of traces in P of length at most n. This allows a
metric to be defined on \mathcal T. For each P, Q, let d(P, Q) = \mathrm{inf}\{2^{-n} : P \downarrow n = Q \downarrow n\}. Informally, a process which agrees on traces with another up to some length is ‘more distant’ from it than one which agrees with it up to a greater length. It can be shown that this forms a
complete metric space. A function on trace sets F : \mathcal T \rightarrow \mathcal T is called
constructive if and only if for all processes P, Q, all n \in \mathbb N, if P \downarrow n = Q \downarrow n then F(P) \downarrow (n + 1) = F(Q) \downarrow (n + 1). This means that a function is constructive if and only if it is a
contraction mapping with respect to the metric on trace sets. By the
Banach fixed-point theorem, if F is a constructive function, it has a unique
fixed point. This means that if X and Y are processes defined recursively as X = F(X) and Y = F(Y), then they are equivalent in the traces model. UFP can also be extended to mutual recursions (by using vectors of processes) and other models of CSP (e.g., in \mathcal F by defining the metric as in \mathcal T, with respect to the trace parts of a process's trace-failure pair). It can be derived using UFP (and
Tarski's fixed-point theorem), that for
monotonic F, a recursive term defined as X = F(X) has the semantic interpretation \sqcap_{n=0}^\infty F^n(\bot), where \bot is the least element of the model. In the traces, stable failures and failures/divergences models, \bot = \mathbf{div} (equivalent to \mathrm{STOP} in the traces model). ==Tools==