#### ANALOG PROCESSES #### Luca Cardelli Department of Computer Science University of Edinburgh J.C.M.B., The King's Buildings Edinburgh EH9 3JZ # Introduction We intend to study systems of communicating processes in which processes interact with each other in a continuous asynchronous fashion, as do planets around a star. Such processes cannot be considered "computing agents" as they just behave instant by instant according to laws which are not "computations" in any mechanical sense. Their interactions are not instantaneous synchronous communications, but rather a continuous flow of information which does not fit in the message passing paradigm. These systems develop in continuous time and their interactions are often expressed in terms of continuous values. More importantly, their behaviour cannot be fully understood by forcing them into a discrete environment, as a whole range of interesting phenomena is then lost. Asynchronous electronic circuits will be used as a source of interesting examples, and we shall be able to model and analyse puzzling behaviours like asynchronous feedbacks, metastable states, arbitration and indeterminacy. All these phenomena will be explained in terms of a single principle, which simply forbids the existence of null-delay feedback loops. This also shows that these complex real-world behaviours can be described by just assuming concurrency in continuous time, and do not necessarely depend on other features of the physical universe, like relativistic or quantum mechanic effects. ### Analog Processes A signal is a value varying in continuous time, and an analog process is a transformation of signals, for example: The signals above can be expressed as functions of time: $$S_{\alpha}(t) = \sin t$$ $S_{\beta}(t) = 1$ and the process P transforming $S_{\alpha}$ into $S_{\beta}$ can be described by a single transition $T_{\alpha\beta}$ which could be in this case; $$T_{\alpha\beta}(s)(t) = s(t) - \sin t + 1$$ In fact, applying $T_{\alpha\beta}$ to $S_{\alpha}$ we get $S_{\beta}$ : $$T_{\alpha\beta}(S_{\alpha})$$ = $\lambda t$ . $S_{\alpha}(t)$ - $\sin t + 1$ = $\lambda t$ . $\sin t - \sin t + 1$ = $\lambda t$ . $1$ = $S_{\beta}$ In general a process will consist of several transitions, and systems will comprise several connected processes. ## An algebra of analog processes A process is described by a collection of transitions $M \to \beta$ , where the term M is the signal produced by the transition, and $\beta$ is the output port of the transition. The signal M is an expression of some of the input ports of the process. Here is an example of the syntax we shall use to talk about processes: $$(\alpha \rightarrow \beta) + ((\alpha \forall \gamma) \rightarrow \delta)$$ For clarity we shall sometimes prefix processes with their input ports, although this is not strictly necessary as the input ports of a process will always coincide with the free variables of the signal parts of the transitions: $$\alpha \gamma: \alpha \rightarrow \beta + \alpha \forall \gamma \rightarrow \delta$$ (1) this is a process with input ports $\alpha$ , $\gamma$ and output ports $\beta$ , $\delta$ (parenthesis have been omitted). The intended behaviour of processes will be explained by algebraic laws. We will only be concerned with the most interesting laws and we shall not try to present a complete set of equations. The following three laws express the fact that processes are unordered collections of transitions: $$[++] \cdot (T + T') + T'' = T + (T' + T'')$$ $$[+] \quad T + T' = T' + T$$ $$[NIL]$$ $T + NIL = T$ where NIL is the empty transition and $T_{\bullet}T'$ and T'' range over transitions. The intended meaning of expression (1) is a process which at any instant of time produces on the output port $\beta$ the current value of the input port $\alpha$ , and on the output port $\delta$ the current value of the *join* ( $\Theta$ ) of $\alpha$ with $\gamma$ . The join operation represents the simultaneous presence of two signals on the same "line", and its exact meaning is left unspecified, except that the join operation must exist for every pair of signals (of the same type) and it must satisfy: $$[\, \uplus \,] \qquad M \, \uplus \, N \ = \ N \, \uplus \, M$$ For example, for boolean-valued signals $s_1, s_2$ we might define $s_1 \uplus s_2$ to be at any instant of time a boolean or, i.e.: $(s_1 \uplus s_2)(t) = s_1(t)$ or $s_2(t)$ . The existence of a constant $\stackrel{\bullet}{-}$ (nosignal) is also assumed; it relates to join as follows: $$\lceil \stackrel{\bullet}{-} \rceil$$ $M \uplus \stackrel{\bullet}{-} = M$ In the previous boolean example we can define nosignal as the signal constantly false, i.e.: $\dot{-}(t) = false$ . The join operation is also used in the following law, which accounts for the presence of repeated output ports: $$[ \forall + ] \quad M \rightarrow \beta + N \rightarrow \beta = M \cup N \rightarrow \beta$$ Now we will define some basic operations on processes, together with their algebraic laws. COMPOSITION. The composition of two processes P and Q is written P|Q. The output ports of P are linked to the homonymous input ports of Q, and the output ports of Q are linked to the homonymous input ports of P; the idea being that signals flow through these connections from one process to the other. We have the following rules for composition: $$[ \mid \mid ] \quad (P \mid Q) \mid R = P \mid (Q \mid R)$$ $$[ \ ] \qquad P \mid Q = Q \mid P$$ $$\begin{array}{lll} \hbox{[]} +\hbox{]} & (\sum_{i\in \mathbf{I}} T_i) & (\sum_{j\in \mathbf{J}} T_j) & = & \sum_{k\in \mathbf{IUJ}} T_k \\ & \text{where I and J are disjoint sets of indexes} \end{array}$$ An example of the law [|+] is: $$(\alpha: \alpha \rightarrow \beta) | (\beta: \beta \rightarrow \gamma) = \alpha \beta: \alpha \rightarrow \beta + \beta \rightarrow \gamma$$ Note that composition may introduce loops of signals ( $\beta$ being both an input and an output port) and indeed such loops may be present in the first place. We will come later to the exact semantics of such situations; for the moment it will be intended that a looping signal overwrites itself by a join operation. RESTRICTION. The restriction $P \setminus \alpha$ of P cancels $\alpha$ from the input and output ports of P, making communication via $\alpha$ impossible. We have: $$[\] P \alpha = P \quad \text{if } \alpha \notin \text{ports}(P)$$ $$[\ \ \ ] P \setminus \alpha \setminus \beta = P \setminus \beta \setminus \alpha$$ [\\] $$(P \mid Q) \setminus \alpha = P \setminus \alpha \mid Q \setminus \alpha$$ if not $((\alpha \in \text{input-ports}(P) \text{ and } \alpha \in \text{output-ports}(Q)) \text{ or}$ $(\alpha \in \text{output-ports}(P) \text{ and } \alpha \in \text{input-ports}(Q)))$ Now we need a law to distribute \ over +, and at first sight this could be: $$(\sum_{i \in I} T_i) \setminus \alpha = \sum_{i \in I} (T_i \setminus \alpha)$$ $$(M \to \alpha) \setminus \alpha = NIL$$ $$(\dots \alpha \dots \to \beta) \setminus \alpha = \dots \to \beta$$ Unfortunately this does not work well in the case: $$(\alpha: M \to \alpha + \alpha \to \beta) \setminus \alpha = \stackrel{\bullet}{\longrightarrow} \beta$$ In fact we want to interpret \ as a hiding operator, which should not change the inner behaviour of the process. The result we want to get is, at least: $$(M \rightarrow \alpha + \alpha \rightarrow \beta) \setminus \alpha = M \rightarrow \beta$$ But even this is not enought in the case that M is an expression $M[\alpha]$ of $\alpha$ itself, e.g. when we have a loop over the restriction variable whose result is exported through another output port (in this case $\beta$ ). To solve this problem we need to introduce recursively defined signals $(\mu\alpha.\ M)$ : $$[\mu]$$ $\mu\alpha$ . $M = \mu\beta$ . $M[\beta/\alpha]$ $[\mu\mu]$ $\mu\alpha$ . $M = M[\mu\alpha$ . $M/\alpha]$ Then the law for restriction is: $$\begin{array}{lll} [\backslash +] & (\sum_{i \in \mathbf{I}} T_i) \backslash \alpha &=& \sum_{j \in \mathbf{J}} T_j' \\ & \text{ where } \mathbf{J} &=& \{i \in \mathbf{I} \colon T_i = M_i \rightarrow \alpha_i \text{ and } \alpha_i \neq \alpha \} \\ & \text{ and } T_j' &=& T_j [\mu \alpha \cdot N/\alpha] \\ & \text{ with } N &=& \text{ the join of all the } M_i \text{ such that } T_i = M_i \rightarrow \alpha_i \\ & \text{ is in } \sum_{i \in \mathbf{I}} T_i \text{ and } \alpha_i = \alpha \text{ (and } N = \stackrel{\bullet}{-} \text{ if no such } M_i \text{ exists)} \end{array}$$ Examples: $$(\alpha: \alpha \rightarrow \beta) \setminus \alpha = (\mu\alpha. \stackrel{\bullet}{-}) \rightarrow \beta = \stackrel{\bullet}{-} \rightarrow \beta$$ $$(\alpha \beta: \alpha \rightarrow \beta + \beta \rightarrow \gamma) \setminus \beta = \alpha: \alpha \rightarrow \gamma$$ $$(\alpha \beta: \alpha \rightarrow \beta + \beta \rightarrow \alpha) \setminus \beta = \alpha: \alpha \rightarrow \alpha$$ $$(\alpha: \alpha \rightarrow \alpha) \setminus \alpha = NIL$$ $$(\alpha: \alpha \rightarrow \alpha + \alpha \rightarrow \beta) \setminus \alpha = (\mu\alpha. \alpha) \rightarrow \beta$$ The important point in this definition is that looping situations are somehow hidden or preserved, but never "unfolded" by $\alpha$ . RELABELLING. The relabelling $P<\alpha_1/\beta_1$ ; ...; $\alpha_n/\beta_n>$ is the process obtained from P simulataneously substituting the (input and/or output) ports $\alpha_1$ ... $\alpha_n$ by $\beta_1$ ... $\beta_n$ . A relabelling <R> = $<\alpha_i/\beta_i>$ is a bijection R:L $\rightarrow$ L over the ports L of P, i.e. $\beta_i$ are all and only the ports of P, and $\alpha_i$ are distinct port names. Dummy substitutions will be omitted, so that $<> = <\alpha_i/\alpha_i>$ . [<>] $$P$$ <> = $P$ [<><>] $P$ ~~= $P$ ~~\circ R> [<>\] $(P \setminus \alpha)$ = $(P$ \beta/\alpha>)\ $\beta$ if $\alpha \in \text{ports}(P)$ and $\beta \notin \text{range}(R)$ [<>|] $(P \mid Q)$ = $(P$ )| $(Q$ ) where R' = R restricted to ports $(P)$ and R" = R restricted to ports $(Q)$~~~~ To distribute <R> over + we actually perform a (metasyntactical) substitution: $$[<>+] \quad (\sum_{i \in I} T_i) < \alpha_j / \beta_j > = \sum_{i \in I} (T_i [\alpha_j / \beta_j])$$ Ex: $$(\alpha \beta: \alpha \rightarrow \beta + \beta \rightarrow \alpha) < \alpha/\beta; \beta/\alpha > = \beta \alpha: \beta \rightarrow \alpha + \alpha \rightarrow \beta$$ The algebraic laws we have so far presented form what we will call an analog algebra. These laws can be grouped into two categories: external laws (relating |, $\alpha$ and $\alpha$ : [||], [|], [\], [\], [\], [\], [\], [\]], and [\] concerning the syntesis of processes from simpler processes, and internal laws (all the others) concerning the inner structure of processes. The external laws hold for Milner's flow algebras [Milner 79]. Flow algebras are extended in [Milner 78] by a set of internal laws for communicating processes, and are then called behaviour algebras. Our internal laws are quite different from Milner's ones, but they seem to fit very well in the general framework of flow algebras, even if the meaning of |, $\alpha$ and $\alpha$ P is radically different. ### A denotational model In the rest of this paper we will study a particular analog algebra, built within the denotational semantics framework. This will allow us to study the exact meaning of processes just by computing their semantics and observing their input-output behaviour. The denotational semantics will also prove useful in discussing some tricky situations like feedbacks and recursive signals. Unfortunately we do not have space for full details and we shall only try to sketch the main ideas. Processes are collections of transitions; in particular a process with n inputs is an association of labels (the output ports) to transitions with n inputs: $$P_n = L \rightarrow T_n$$ where $P_n$ , L and $T_n$ are semantic domains (complete partial orders): L is the flat domain of port labels, $T_n$ is the domain of transitions with n inputs, and $P_n$ is the domain of processes with n inputs. The domain P will also denote (the disjoint union of) the domains $P_n$ for any n. A transition with n inputs is a function taking n input signals (each labelled with its input ports) and producing an output signal: $$T_n = S_{T_n}^n \rightarrow S$$ where $\mathbf{S}_{\mathrm{L}}^{n}$ is some domain of unordered labelled n-tuples of signals. Signals are functions from time to a domain of values. We can have several types of signals, like boolean signals, real signals etc. $$S = K \rightarrow V$$ where K is the flat domain of positive real numbers, and V is some data domain admitting a constant $\phi \in V$ and an (infix) operation $\upsilon \colon V \times V \to V$ such that the properties $[\upsilon \upsilon]$ , $[\upsilon]$ and $[\overset{\bullet}{-}]$ hold by defining: $$\dot{-}(t) = \phi \qquad s_1(t) \cup s_2(t) = (s_1 \cup s_2)(t)$$ for all $t \in K$ and $s_1, s_2 \in S$ . We need some notation for elements in these domains; $\lambda$ -notation will be used for signals $s \in S = K + V$ . Elements of $S_L^n$ will be denoted by expressions like: [ $$\alpha_1$$ : $s_1$ ; ...; $\alpha_n$ : $s_n$ ] with $\alpha_1$ ... $\alpha_n \in L$ , $s_1$ ... $s_n \in S$ which are meant to be unordered tuples of labelled signals $\alpha_i:s_i$ with the additional property: [ ... $$\alpha$$ : $s'$ ; $\alpha$ : $s''$ ... ] = [ ... $\alpha$ : $s'$ $\forall s''$ ... ] and operations: Elements of $T_n = S_L^n \to S$ of the form: $$\lambda x$$ . ... $x \cdot \alpha_1$ ... $x \cdot \alpha_n$ ... $(\alpha_1 \ldots \alpha_n \in L)$ will be abbreviated (with a change of font) as: $$\lambda[a_1 \ldots a_n]. \ldots a_1 \ldots a_n \ldots$$ where $[a_1 \dots a_n]$ is an unordered tuple of variables. Notice that this notation allows for unordered application by label names, as in: $$(\lambda[a_1 \ a_2]. \ a_1 * a_2)[\alpha_2:3; \alpha_1:5] = 5*3$$ Finally, processes $p \in P_n = L \to T_n$ of the form: $$\lambda x. (x=\alpha_1) \Rightarrow t_1 ; \dots ; (x=\alpha_n) \Rightarrow t_n ; (\lambda[]. \overset{\bullet}{-})$$ will be abbreviated as: $$\{t_1 \rightarrow \alpha_1; \ldots; t_n \rightarrow \alpha_n\}$$ There are three semantic evaluation functions: T: terms $\times$ vars $\rightarrow$ T for term expressions $S: signals \times ports \rightarrow S$ for signal expressions P: processes × ports + P for process expressions with two kinds of environments: vars = $Ide \rightarrow V$ ; ports = $L \rightarrow S$ . We shall first discuss the semantics of process expressions, then the semantics of signal expressions, giving the syntax at the same time. We shall not treat the semantics of terms, as term expressions will always have an evident meaning. The following is the semantics of a very simple process, consisting of a single transition: $$\begin{split} \mathbb{P} & [\alpha_i \colon S \to \beta] | \sigma = \\ & \forall \ \lambda \mathbb{P} \cdot \{\lambda [a_i] \cdot \mathbb{S} [S] | \sigma [a_i \colon \theta \ \mathbb{P}(\beta) [\alpha_i \colon a_i] / \alpha_i] \to \beta \} \end{split}$$ The fixpoint and the join operation are needed just in case $\beta$ is equal to one of the $\alpha_i$ , i.e. when there is a feedback. Otherwise the previous expression reduces simply to: { $$\lambda[a_i]$$ . $S[S]\sigma[a_i/\alpha_i]$ } In case of a feedback, say $\alpha_3=\beta$ , the input to $\alpha_3$ is $a_3$ (the input to processor P) joined to what comes out of $\beta$ , which is $P(\beta)[\alpha_i:a_i]$ . In fact $P(\beta)$ is the transition associated with $\beta$ , which receives as input the same input of the process: $[\alpha_i:a_i]$ . The same idea is used in giving the semantics of composition, in which the component processes may feed each other in complex ways: $$\begin{split} p | q &= \text{let } p = \{s_i \rightarrow \gamma_i\} \\ &\quad \text{and } q = \{r_j \rightarrow \delta_j\} \text{ in} \\ &\quad \cdot \text{let } s_i = \lambda [\mathsf{a}_h] \cdot M_i \\ &\quad \text{and } r_j = \lambda [\mathsf{b}_k] \cdot N_j \text{ in} \\ &\quad \text{Y } \lambda \mathsf{R} \cdot \{\lambda [\mathsf{a}_h \mathsf{b}_k] \cdot p(\gamma_i) [\alpha_h : \mathsf{a}_h \ \forall \ \mathsf{R}(\alpha_h) [\alpha_h : \mathsf{a}_h; \ \beta_k : \mathsf{b}_k]] \ \rightarrow \gamma_i \} \\ &\quad \forall \{\lambda [\mathsf{a}_h \mathsf{b}_k] \cdot q(\delta_j) [\beta_k : \mathsf{b}_k \ \forall \ \mathsf{R}(\beta_k) [\alpha_h : \mathsf{a}_h; \ \beta_k : \mathsf{b}_k]] \ \rightarrow \delta_j \} \end{split}$$ This composition is commutative ([]] holds); to prove associativity ([||]) we had to assume absorption of $\forall$ , i.e. $s \forall s = s$ (which also implies P|P = P). The other laws of analog algebras are easily verified, if we complete the definition of P by the following equations: We pass now to consider signals; a simple way to specify them is to describe their value at any instant of time, using a sort of $\lambda$ -notation: $$S[[0t.V]]\sigma = \lambda a. T[[V]]\epsilon[a/t]$$ ( $\epsilon$ is the empty environment) for example @t. 3\*sin t. We have the equivalences $\dot{-} = \text{@t.} \phi$ and a $\theta$ b = @t. a(t) $\theta$ b(t). The notation $\theta$ will be used as an abbreviation of @t. $\theta$ , when t is not a free variable in $\theta$ , like in $\theta$ 3 = @t. 3. Signals can also be defined by recursion: $$S[\mu s. S]\sigma = \gamma \lambda a. S[S]\sigma[a/s]$$ like in $~\mu s$ . Qt. t<1 => $\varphi$ ; s (t-1) $\equiv$ . Two other useful abbreviations are conditional signals and delays: $$S \Rightarrow S'$$ ; $S'' = \text{ Qt. } S(t) \Rightarrow S'(t)$ ; $S''(t)$ $S' \triangle S'' = \text{ Qt. } t < S''(t) \Rightarrow \phi$ ; $S'(t - S''(t))$ A simple example of delay is $S \wedge ^3$ which is the signal S constantly delayed by 3 units of time, yielding $\phi$ during the first three units of time. This notation also allows us to express variable delays. Notice that the Q-notation has too big an expressive power, being able for example to define a signal in terms of the "future" of another signal (or even of itself), but we might impose syntactic restriction to avoid that, leaving $\Delta$ as a primitive. ### Unfeasibility Great care has been put into the definition of the algebraic laws and of the denotational semantics, in order to be able to treat circularities; so let us see how it works. The simplest example of a feedback can be found in the following fast loop process: $$\alpha: \alpha \rightarrow \alpha$$ This process has an input port $\alpha$ , whose input is mixed to the output coming from the output port $\alpha$ . The tricky point is that this process has no internal delay, and the output at any instant t depends on the input at the same instant t, which depends again on the output at time t. Computing the semantics: $$\begin{split} P \llbracket \alpha \colon & \alpha \to \alpha \rrbracket \sigma \\ &= & \gamma \ \lambda P. \ \{\lambda \llbracket \alpha \rrbracket \sigma \llbracket \alpha \uplus P(\alpha) \llbracket \alpha \colon a \rrbracket / \alpha \rrbracket \to \alpha \} \\ &= & \gamma \ \lambda P. \ \{\lambda \llbracket \alpha \rrbracket. \ a \uplus P(\alpha) \llbracket \alpha \colon a \rrbracket \to \alpha \} \ =_{def} \ p \end{split}$$ It is not immediatly clear what p does, but we can try to understand its behaviour by applying some input. We first extract the transition we are interested in (there is only one in this case) applying the output port $\alpha$ : $$p(\alpha) = \lambda[a]. a \uplus p(\alpha)[\alpha:a]$$ then we apply an input signal to see what is the response of the transition; we choose to apply nosignal: $$p(\alpha)[\alpha:\overset{\bullet}{:}] = \overset{\bullet}{\cdot} \forall p(\alpha)[\alpha:\overset{\bullet}{:}] = p(\alpha)[\alpha:\overset{\bullet}{:}] = \bot$$ the result is 1: it happens that the output of the fast loop is 1 for any input, if we assume 8 to be strict in both its arguments. Here we have a first example of a clearly "unfeasible" process, which is semantically mapped to undefined. We can also see that a $slow\ loop$ is not mapped to 1 and is perfectly well-defined: ``` P[\alpha: \alpha \Delta ^1 \rightarrow \alpha]\sigma = \gamma \lambda P. \{\lambda[a]. \lambda t. t<1 \Rightarrow \phi ; (a \uplus P(\alpha)[\alpha:a])(t-1) \rightarrow \alpha\} = \underset{def}{def} p(\alpha)[\alpha:\dot{-}] = \lambda t. t<1 \Rightarrow \phi ; (p(\alpha)[\alpha:\dot{-}])(t-1) = \dot{-} ``` There are also processes whose output signals are only partially undefined; an example is the zeno loop: ``` \alpha: \alpha \Delta (@t. t<1 => 1-t; 0) \rightarrow \alpha ``` this is a feedback loop which increases its speed, and at a finite point in time reaches an infinite speed (i.e. a zero delay). The output of the zero loop for a nosignal input is $\lambda t$ . t<1 => $\phi$ ; 1. As a general principle, the output of a feedback loop is defined as long as the delay in the loop is greater than zero. This may look trivial, but feedback loops appear in almost any interesting process, and this simple fact has several intriguing consequences. We are going now to look at some of these. #### Unexpressibility We have seen that we can express several physically unfeasible processes. This suggests that our formalism has too big an expressive power, and we might try to impose some constraints in order to exclude unwanted processes. However it would be wrong to think that we can express anything we like. In particular there are several processes which cannot be exactly expressed, and yet admit approximations up to an arbitrary degree of accuracy. We shall call such unexpressible processes perfect, and imperfect their expressible approximations. Consider for example the following (naive) memory cell. $$\alpha \beta$$ : $\alpha \forall \beta \Delta ^1 \rightarrow \beta$ To work properly as a (write once) memory cell, this process must receive a set impulse of length 1 on $\alpha$ . Then this impulse gets into the loop and is "remembered". This memory cell presents two main defects: it will not work properly (i) if the set impulse is longer than 1, or (ii) if the set impulse is shorter than 1. We can solve the first problem by the following (improved) memory cell: $$\alpha \beta$$ : $(\alpha = - > \alpha ; \beta) \Delta ^1 \rightarrow \beta$ This process will cut off its $\alpha$ line after having received a signal different from $\dot{-}$ for 1 unit of time. But the second problem still remains; if the $\alpha$ signal differs from $\dot{-}$ for less then one unit of time, the output $\beta$ is not constant. The same problem occurs when the set impulse changes its value during the setting time. Then a varying signal is recorded into the feedback loop, and the output of the memory cell oscillates: we get a (quench free) metastable state. In effect what we really want is a perfect memory cell which stores constantly the value of an instantaneous setting spike, so that there can be no indeterminacy due to fluctuations of the input signal. Notice that starting from our improved memory cell we can get better and better approximations to a perfect cell, simply by reducing the delay in the feedback loop. Unfortunatly if we reduce the delay to zero, we do not get a perfect storage device, but only an undefined output. Hence (conjecture) there is no expression denoting a perfect memory cell (which yet exists inside our semantic domains) because there seems to be no way to define a storing device without the use of feedbacks. Therefore, expressible memory cells are imperfect. It is important to notice that many useful processes have memory cells (or their equivalent) as basic building blocks, and such processes must take into account this imperfection and are likely to be themselves imperfect. In general an imperfect process works "correctly" under some classes of input signals, but in certain critical circumstances there is no way to guarantee its intended operation. ## Indeterminacy Consider the problem of designing a process which determines the time of occurrence of an event, or which measures — the value of a signal when some event (e.g. "measure it now") occurs. First we must agree on a definition of determining or measuring, and a sensible one seems to be storing constantly for an unlimited amount of time. We will not go into the details of such design because it is very similar to the problem of producing a perfect memory cell. In factit is not difficult to see that perfect determination is impossible, just because perfect storage devices are unfeasible. A well known case of indeterminacy is arbitration, where a device attempts to determine which of two events arrives first. A simple way of implementing an arbiter is to use a decider and a memory cell. The decider tells at any instant whether the first, the second or both signals are arriving, and the memory cell tries to remember the first decision of the decider. But memory cells are imperfect and so are arbiters based on memory cells. If the two signals arrive too close, the decider changes its decision while the cell is storing it, and the output of the cell is unstable. An alternative way of building an arbiter is by using two detectors to determine the time of occurrence of two events, and then compare these times. But it can be shown that detectors are imperfect, and so are arbiters built in this way. In general the order or coincidence in time of two events cannot be determined. The order cannot be determined when the signals are too close, and the coincidence cannot be determined when the simultaneous signals are too short. #### Flip-flops In this last section we analyse a particular analog process, showing how its detailed behaviour can be derived from its semantics: This is an SR flip-flop. In its steady state condition we have the following values on the ports: $$R = S = s = false;$$ $r = true$ Starting from this condition and applying a set pulse to the port S we get s=true and r=false. Another set pulse has no effect. Then applying a reset pulse to the port R we change the output back to s=false and r=true. Another reset pulse has no effect. Applying both a set and a reset signal, the output signals oscillate between true and false, and this is called a metastable state. The actual behaviour of a real flip-flop in a metastable state can be rather different from the one described above. We believe it can be modelled by introducing some "quench", but here we shall not undertake this analysis. The SR can be synthetized from smaller components: $OR = in1 \ in2: (in1 \ or \ in2) \ \Delta \ ^d' \rightarrow out$ $NOT = in: (not in) \triangle ^d" \rightarrow out$ OR1 = OR < R/in1; r/in2; w1/out> OR2 = OR < S/in1; s/in2; w2/out> NOT1 = NOT<w1/in;s/out> NOT2 = NOT < w2/in; r/out > $SR = (OR1 \mid NOT1 \mid OR2 \mid NOT2) \backslash w1 \backslash w2$ It is an easy exercise to show that this is equivalent to: ``` SR = SRsr: not(Rorr) \Delta \hat{d} \rightarrow s + not(Sors) \Delta \hat{d} \rightarrow r ``` where d=d'+d''. Unfortunatly if we try to switch on the flip-flop without supplying any signal (i.e. supplying false on all inputs) we immediatly get a metastable state. This happens because starting with false on all the inputs, we are not in the steady state condition. To enforce a well defined start, we supply true to r for the first d seconds. At that time the signal from s reaches r and the system is ready to work. Hence we redefine: ``` SR = SRSr: not(R or r) \Delta ^d \rightarrow s + (not(S or s) \Delta ^d) \uplus (@t. t < d) \rightarrow r ``` Computing the semantics: ``` SR = P[SR]\sigma = \gamma \lambda SR. \{\lambda[S R S r]. \lambda t. t < d \Rightarrow false ; not(R(t-d) \text{ or } r(t-d) \text{ or } SR(r)[S:S;R:R;s:s;r:r](t-d)) \Rightarrow s; \lambda[S R S r]. \lambda t. t < d \Rightarrow true ; not(S(t-d) \text{ or } SR(s)[S:S;R:R;s:s;r:r](t-d)) \Rightarrow r\} ``` and extracting the output transitions: $$SR(s) = \gamma \lambda T. \lambda[S R s r]. \lambda t. t < d \Rightarrow false;$$ $$not(R(t-d) \text{ or } r(t-d) \text{ or}$$ $$(t < 2d \Rightarrow true;$$ $$not(S(t-2d) \text{ or } s(t-2d) \text{ or}$$ $$T[S:S;R:R;s:s;r:r](t-2d)))$$ We look at the output signals in absence of input: $SR(r) = \dots$ $$SR(s)[S: \dot{-};R: \dot{-};s: \dot{-};r:\dot{-}] = \gamma \lambda S. \lambda t. t<2d \Rightarrow false ; S(t-2d)$$ $$= \lambda t. false$$ $SR(r)[S: \dot{-};R: \dot{-};s: \dot{-};r:\dot{-}] = \lambda t. true$ This means that for $S=^false$ , $R=^false$ we obtain $s=^false$ , $r=^ttrue$ ; we are in the steady state condition. Now we supply a pulse ( $\lambda t$ . $t<\pi$ ) of an unspecified length $\pi$ : SR(s)[S: ( $$\lambda$$ t. t< $\pi$ );R: $\stackrel{.}{\cdot}$ ;s: $\stackrel{.}{\cdot}$ ;r: $\stackrel{.}{\cdot}$ ] = Y $\lambda$ S. $\lambda$ t. t<2d => false; t<2d+ $\pi$ => true; S(t-2d) There are two cases: (i) the length of the set pulse is $\pi \ge 2d$ ; then the flip-flop is properly set (the expression above reduces to $\lambda t$ . t<2d => false; true) or (ii) the length of the set pulse is $\pi < 2d$ ; then the flip-flop is in a metastable state and the output signal oscillates between true and false. ## Acknowledgements Milner's papers on concurrent behaviours have been of inspiration and guide to this work. Robin Milner and Gordon Plotkin also contributed with discussion to the clarification and refinement of several points. I had encouraging talks with Matthew Hennessy at the very beginning of this research, which has been carried out under a scholarship from the Italian National Research Council. ## References [MacQueen 79] D. B. MacQueen, "Models for Distributed Computing", Report 351, IRIA-Laboria, April 1979. [Milner 78] R. Milner, "Synthesis of Communicating Behaviour", 7th Symposium on Mathematical Foundations of Computer Science, Zakopane, Poland, 1978. [Milner 79] R. Milner, "Flowgraphs and Flow Algebras", J.ACM, vol 26, n 4, Oct 1979, pp. 794-818.