Mathematical Models and Proof/Analysis Methods for Timing-Based Systems And… Their Application to Communication, Fault-Tolerant Distributed Computing,

Slides:

Advertisements

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Advertisements

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

LIFE CYCLE MODELS FORMAL TRANSFORMATION

HSCC 03 MIT LCS Safety Verification of Model Helicopter Controller Using Hybrid Input/Output Automata Sayan Mitra MIT Hybrid Systems: Computation and Control.

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

Modeling and Analyzing Security Protocols using I/O Automata Nancy Lynch, MIT CSAIL DIMACS Security Workshop June 7, 2004.

ISBN Chapter 3 Describing Syntax and Semantics.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

CS 355 – Programming Languages

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL Research Qualifying Exam 20 th December.

1 Stability of Hybrid Automata with Average Dwell Time: An Invariant Approach Daniel Liberzon Coordinated Science Laboratory University of Illinois at.

Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

1 An Inheritance-Based Technique for Building Simulation Proofs Incrementally Idit Keidar, Roger Khazan, Nancy Lynch, Alex Shvartsman MIT Lab for Computer.

Temporal Logic of Actions (TLA) Leslie Lamport

Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.

1 Compositional Verification of Hybrid Systems Using Simulation Relations Doctorate Defense Goran Frehse Radboud Universiteit, Nijmegen, Oct. 10, 2005.

Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.

The Rare Glitch Project: Verification Tools for Embedded Systems Carnegie Mellon University Pittsburgh, PA Ed Clarke, David Garlan, Bruce Krogh, Reid Simmons,

Describing Syntax and Semantics

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.

Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.

Transformation of Timed Automata into Mixed Integer Linear Programs Sebastian Panek.

1 Unit 1: Automata Theory and Formal Languages Readings 1, 2.2, 2.3.

Overview of Formal Methods. Topics Introduction and terminology FM and Software Engineering Applications of FM Propositional and Predicate Logic Program.

1 IOA: Mathematical Models  Distributed Programs Nancy Lynch November 15, 2000 Collaborators: Steve Garland, Josh Tauber, Anna Chefter, Antonio Ramirez,

Impossibility of Consensus in Distributed Systems… and other tales about distributed computing theory Nancy Lynch MIT Adriaan van Wijngaarden lecture CWI.

Framework for the Development and Testing of Dependable and Safety-Critical Systems IKTA 065/ Supported by the Information and Communication.

ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.

Formal Verification Lecture 9. Formal Verification Formal verification relies on Descriptions of the properties or requirements Descriptions of systems.

Timed I/O Automata: A Mathematical Framework for Modeling and Analyzing Real-Time Systems Frits Vaandrager, University of Nijmegen joint work with Dilsun.

3.2 Semantics. 2 Semantics Attribute Grammars The Meanings of Programs: Semantics Sebesta Chapter 3.

ISBN Chapter 3 Describing Semantics.

Semantics In Text: Chapter 3.

Syntax and Semantics CIS 331 Syntax: the form or structure of the expressions, statements, and program units. Semantics: the meaning of the expressions,

1 Modeling and Analyzing Distributed Systems Using I/O Automata Nancy Lynch, MIT Draper Laboratory, IR&D Mid-Year Meeting December 11, 2002.

Hybrid Input/Output Automata: Theory and Applications

1 IOA: Distributed Algorithms  Distributed Programs Nancy Lynch PODC 2000 Collaborators: Steve Garland, Josh Tauber, Anna Chefter, Antonio Ramirez, Michael.

1 Theory of Distributed Systems (TDS) Group Leaders: Nancy Lynch, Idit Keidar PhD students: Victor Luchangco, Josh Tauber, Roger Khazan, Carl Livadas,

- 1 -  P. Marwedel, Univ. Dortmund, Informatik 12, 05/06 Universität Dortmund Validation - Formal verification -

1 I/O Automaton Models: Basic, Timed, Hybrid, Probabilistic, Etc. Nancy Lynch, Dilsun Kirli, MIT University of Illinois, Urbana-Champaign, MURI Meeting.

Verification & Validation By: Amir Masoud Gharehbaghi

Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event.

Chapter 8 Asynchronous System Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.

1 Modeling and Analyzing Fault-Tolerant, Real-Time Communication Protocols Nancy Lynch Theory of Distributed Systems MIT Second MURI Workshop Berkeley,

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

ECE/CS 584: Verification of Embedded Computing Systems Model Checking Timed Automata Sayan Mitra Lecture 09.

1 Formal Models for Stability Analysis of Hybrid Systems: Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL Research Qualifying.

1 Compositional Design and Analysis of Timing-Based Distributed Algorithms Nancy Lynch Theory of Distributed Systems MIT Third MURI Workshop Arlington-Ballston,

1 Communication and Data Management in Dynamic Distributed Systems Nancy Lynch MIT June 20, 2002 …

1 Reliable Group Communication: a Mathematical Approach Nancy Lynch Theory of Distributed Systems MIT LCS Kansai chapter, IEEE July 7, 2000 GC …

1 New Directions for NEST Research Nancy Lynch MIT NEST Annual P.I. Meeting Bar Harbor, Maine July 12, 2002 …

Formal Methods. What Are Formal Methods Formal methods refers to a variety of mathematical modeling techniques that are applicable to computer system.

NTT - MIT Research Collaboration — Bi-Annual Report, July 1—December 31, 1999 MIT : Cooperative Computing in Dynamic Environments Nancy Lynch, Idit.

1 Compositional Design and Analysis of Timing-Based Distributed Algorithms Nancy Lynch Theory of Distributed Systems MIT Third MURI Workshop Washington,

1 Modeling and Analyzing Distributed Systems Using I/O Automata Nancy Lynch, MIT Draper Laboratory, IR&D Kickoff Meeting Aug. 30, 2002.

Verifying Stability of Network Protocols

I/O Automaton Models: Basic, Timed, Hybrid, Probabilistic, Etc.

Chryssis Georgiou, University of Cyprus Peter Musial, VeroModo, Inc.

Chapter 10: Mathematical proofs

IOA Code Generator (Making IOA Run)

Project Management: Inspections and Reviews Formal Specifications

Modeling and Analysis of Complex Computational Systems

Presentation transcript:

Mathematical Models and Proof/Analysis Methods for Timing-Based Systems And… Their Application to Communication, Fault-Tolerant Distributed Computing, and Hybrid Systems Nancy Lynch Theory of Distributed Systems MIT Laboratory for Computer Science

PI: Nancy Lynch Research Associates: John Lygeros, Alex Shvartsman Collaborators: Myla Archer, Mike Branicky, Alan Fekete, Steve Garland, Frans Kaashoek, Butler Lampson, Sergio Rajsbaum, Roberto Segala, Nir Shavit, Frits Vaandrager Students: Anna Chefter, Oleg Cheiner, Gio della Libera, Roberto De Prisco, Katya Dolginova, Gunnar Hoest, Henrik Jensen, Roger Khazan, Carl Livadas, Victor Luchangco, Tsvetomir Petrov, Anna Pogosyants, Mark Smith, Josh Tauber, Mandana Vaziri, H. B. Weinberg

OVERVIEW Math models, proof methods, for complex distributed algorithms. Infinte-state machines, shared action communication: I/O automata [Lynch, Tuttle]; Timed I/O automata [Lynch, Vaandrager]; Composition, invariant assertions, levels of abstraction Timing analysis System decomposition Impact: Careful descriptions, proofs. Raised standards. Helped unify field. DARPA project: Extend models, metgods to practical applications: Communication, fault-tolerant distributed computing, hybrid systems.

HIGHLIGHTS A. Models and Proof Methods Computer-aided verification of invariants and simulation relations [Garland, Archer, Jensen, Luchangco, Petrov] Timed I/O automata and liveness properties [Gawlick, Lynch, Segala, Sogaard-Andersen] Clock Automata [De Prisco, Lynch] Hybrid I/O automata, invariants, simulation relations [Lynch, Segala, Vaandrager, Weinberg] Abstraction to finite-state systems [Jensen]

B. TCP, T/TCP [Smith; Clark, Lynch] TCP: T/TCP: Specified service, using I/O automata. Modelled TCP protocol with unbounded UIDs. Proved correctness, using invariants, simulation relations. Modelled TCP with bounded UIDs, using timed I/O automata. Identified needed timing assumptions (more than in TCP specs) Proved correctness, using invariants, simulation to unbounded TCP. Modelled T/TCP using timed automata. Tried to show simulation relation from T/TCP to TCP. Failed. Showed impossibility result. Gave weaker spec.

C. Group Communication Services [De Prisco, Fekete, Khazan, Lynch, Shvartsman] Uses: Load-balancing, communication, coherent shared memory VS (“view-synchrony”) service definition: Group membership VS state machine, VS performance/fault-tolerant property Used VS to implement TO-broadcast; spec, proofs. New: Most invariants proved using PVS [Archer] VS implementation model, proofs [Fekete, Lesley] Adaptive TO-bcast [Chockler] Load balancing application [Khazan] Dynamic view-synchrony [De Prisco, Fekete, Lynch, Shvartsman] DVS service spec, implementation, application to TO, proofs.

D. Other Distributed System Building Blocks Orca [Fekete, Kaashoek, Lynch] Quorom-based broadcast-convergecast service [Lynch, Shvartsman] Transformation of fault-tolerant algorithms [Borowsky, Gafni, Lynch, Rajsbaum] Eventually Serializable Data Services [Fekete, Luchangco, Lynch, Shvartsman] Paxos [De Prisco, Lampson, Lynch]

E. Automated Transportation TIOA -> HIOA, for hybrid (continuous/discrete) systems: State machine with continuous trajectories. Shared action and shared variables. Composition, invariants, abstraction. Deceleration maneuvers [Weinberg, Lynch] Acceleration maneuver, using levels of abstraction [Lynch] Vehicle protection systems (Raytheon) [Weinberg, Livadas, Delisle, Lynch] Platoon safety (PATH - Berkeley): Single collisions [Branicky, Dolginova, Lynch]; Multiple collisions [Lygeros, Lynch] Aircraft control (Lincoln Labs, TASC, Honeywell, NASA Langley): TCAS model, preliminary theorems [Lygeros, Livadas, Lynch] Center TRACON landing protocol model [Lygeros et al].

F. IOA [Chefter, Garland, Lynch Tauber, Vaziri] Language, tools to support modelling, proofs, use in distributed system software development. IOA Language: Describes I/O automata; Transition definitions with preconditions/effects; Axiomatic data types; Operational and axiomatic styles; Nondeterminism; Expresses composition, invariants, abstraction. IOA Toolset: Parser, static semantic checker; Support for composition, abstraction; Interface to theorem-provers, model- checkers; Simulator; Paired simulation; Code generator; Node, channel automata; Abstract channels.