Eliminating Proofs of Interference-freedom from Levin-Gries CSP Program Proofs

The proof system for Hoare's CSP language proposed by Levin and Gries requires that for each predicate used in the proof of a process interference-freedom proofs be given--for each command that can be executed in parallel with the code of the process. In the worse case, the effort required to provide such proofs could be enormous. To address this proble!rl, Levin and Gries suggest the use of s)'Ilc1lronOlI.\'!y altered varialbes and uni\'ersal as~>'(.mimlS. III a recent paper, Prasad claimed thal the Levin-Gries system could be modified in a mann~i that eliminated the need for many interference-freedom proofs. Unfortunately, tllC system he proposed was incorrect. In this paper we propose a system that provides a simililr reduction in the number of proofs of non-interference required &I1d prove that it (s equivalent to the Levin-Gries system. In a recent paper [4], Prasad presented a new proof system ior Hoare's CSP language[l]. His system was based on an earlier system proposed by Levin and Gries [2], but improved on their system by reducing the amount of work required to prove noninterference between the proof of one process and the activities of other processes. Prasad's proof system has several technical flaws. Fortunately, however, his intuition that much of the effort required for non-interference proofs in the Levin-Gries system is unessential was correcl. In this paper we will discuss the problems with Prasad's system and pre~ent an approach that corrects these problems. Our discussion will be divided into 3 sections. In the next section, we will review the nature of the Levin-Gries system emphasizing the role of interference-freedom proofs. In section 2, we will discuss Prasad's system and explain one of its flaws. In section 3 we will present our alternative to his system. 1. The Levjn~Gries CSP Proof System In the proof system for CSP proposed by Levin and Gries, one can prove a statement of the form: by finding proofs of the form for all i that have properties which Levin and Gries caU satisfaction and interferencefreedom. Satisfaction involves assumptions made about inter-process communication in the proofs. The axioms for the communication statements of CSP used in the Levin-Gries system are