1 Maximality Properties Dr. Mikhail Nesterenko Presented By Ibrahim Motiwala.

Slides:

Advertisements

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Advertisements

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Problems and Their Classes

CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur

Chapter 6 - Convergence in the Presence of Faults1-1 Chapter 6 Self-Stabilization Self-Stabilization Shlomi Dolev MIT Press, 2000 Shlomi Dolev, All Rights.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Program correctness The State-transition model A global state S  s 0 x s 1 x … x s m {s k = local state of process k} S0  S1  S2  … Each state transition.

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Snap-stabilizing Committee Coordination Borzoo Bonakdarpour Stephane Devismes Franck Petit IEEE International Parallel and Distributed Processing Symposium.

1/22 Programs : Semantics and Verification Charngki PSWLAB Programs: Semantics and Verification Mordechai Ben-Ari Mathematical Logic for Computer.

1 Spin Model Checker Samaneh Navabpour Electrical and Computer Engineering Department University of Waterloo SE-464 Summer 2011.

Safety and Liveness. Defining Programs Variables with respective domain –State space of the program Program actions –Guarded commands Program computation.

Lecture 2: Reasoning with Distributed Programs Anish Arora CSE 6333.

Liveness Counter Abstraction Liveness with Counter Abstraction A mir P nueli, J essie X u and L enore Z uck.

Termination Detection. Goal Study the development of a protocol for termination detection with the help of invariants.

Ordering and Consistent Cuts Presented By Biswanath Panda.

Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 3 – Distributed Systems.

CPSC 668Set 16: Distributed Shared Memory1 CPSC 668 Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch.

Discrete Mathematics Lecture 4: Sequences and Mathematical Induction

Discrete Mathematics Lecture 4 Harper Langston New York University.

Temporal Logic of Actions (TLA) Leslie Lamport

Technische Universität München Institut für Informatik D München, Germany Realizability of System Interface Specifications Manfred Broy.

Technion 1 (Yet another) decision procedure for Equality Logic Ofer Strichman and Orly Meir Technion.

Ordered Communication. Define guarantees about the order of deliveries inside group of processes Type of ordering: Deliveries respect the FIFO ordering.

 Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 6: Impossibility.

Operational Semantics Semantics with Applications Chapter 2 H. Nielson and F. Nielson

Chapter 8 Asynchronous System Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.

Information-Theoretic Security and Security under Composition Eyal Kushilevitz (Technion) Yehuda Lindell (Bar-Ilan University) Tal Rabin (IBM T.J. Watson)

Introduction to AEP In information theory, the asymptotic equipartition property (AEP) is the analog of the law of large numbers. This law states that.

Regular Model Checking Ahmed Bouajjani,Benget Jonsson, Marcus Nillson and Tayssir Touili Moran Ben Tulila

Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.

Systems of Linear Equation and Matrices

Rational Exchange Levente Buttyán and Jean-Pierre Hubaux Swiss Federal Institute of Technology – Lausanne Laboratory for Computer Communications and Applications.

Chapter 14 Asynchronous Network Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.

Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications 1.

Data Link Protocols Reliable FIFO communication using less reliable channels By Ken Schmidt.

DISTRIBUTED ALGORITHMS By Nancy.A.Lynch Chapter 18 LOGICAL TIME By Sudha Elavarti.

Issues with Clocks. Context The tree correction protocol was based on the idea of local detection and correction. Protocols of this type are complex to.

Introduction to Problem Solving. Steps in Programming A Very Simplified Picture –Problem Definition & Analysis – High Level Strategy for a solution –Arriving.

Recursive Algorithms &

Agenda Fail Stop Processors –Problem Definition –Implementation with reliable stable storage –Implementation without reliable stable storage Failure Detection.

Lecture 4,5 Mathematical Induction and Fibonacci Sequences.

CS 395T Game-Based Verification of Contract Signing Protocols.

Program correctness The State-transition model The set of global states = so x s1 x … x sm {sk is the set of local states of process k} S0 ---> S1 --->

Program correctness The State-transition model A global states S  s 0 x s 1 x … x s m {s k = set of local states of process k} S0  S1  S2  Each state.

Hwajung Lee. The State-transition model The set of global states = s 0 x s 1 x … x s m {s k is the set of local states of process k} S0  S1  S2  Each.

Network Protocols Network Systems Security Mort Anvari.

Defining Liveness by Bowen Alpern and Fred B. Schneider Presented by Joe Melnyk.

Hwajung Lee. The State-transition model The set of global states = s 0 x s 1 x … x s m {s k is the set of local states of process k} S0  S1  S2  Each.

Chap 15. Agreement. Problem Processes need to agree on a single bit No link failures A process can fail by crashing (no malicious behavior) Messages take.

Chapter 8 Asynchronous System Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.

Program Correctness. The designer of a distributed system has the responsibility of certifying the correctness of the system before users start using.

Presented by: Belgi Amir Seminar in Distributed Algorithms Designing correct concurrent algorithms Spring 2013.

1 Chapter 11 Global Properties (Distributed Termination)

Introduction to distributed systems description relation to practice variables and communication primitives instructions states, actions and programs synchrony.

Chapter 5 1. Chapter Summary  Mathematical Induction  Strong Induction  Recursive Definitions  Structural Induction  Recursive Algorithms.

Specifying and reasoning about network protocols

Advanced Algorithms Analysis and Design

Timed Automata II CS 5270 Lecture Lecture5.

Reasoning About Code.

Reasoning about code CSE 331 University of Washington.

Mathematical Structures for Computer Science Chapter 1

Copyright © Cengage Learning. All rights reserved.

Atomicity, Non-determinism, Fairness

ITEC452 Distributed Computing Lecture 5 Program Correctness

Over-Approximating Boolean Programs with Unbounded Thread Creation

Formal Methods in software development

Advanced Analysis of Algorithms

Presentation transcript:

1 Maximality Properties Dr. Mikhail Nesterenko Presented By Ibrahim Motiwala

2 Contents Notion of Maximality Proving Maximality Justification For proof rules Random assignment Faulty Channel Conclusion

3 What is Maximality? Program P that implements a given Specification S. i.e. Set |P| of executions of P is a subset of the set |S| of executions that satisfy S. If |P|=|S| then every execution that satisfies specification S is a possible execution of P.

4 Why? 3 reasons  To eliminate undesirable solutions for for a given specification, ones that restrict concurrency.  The simulation program has to be maximal for the specification of the artifact.  A single maximal program for a problem may be the basis for the family of interrelated programs, each of which may be appropriate for a different computing platform.

5 Given a program, P, that is to be proven maximal, Any sequence of states, meeting the specification is a possible output of the program. We first construct a constrained program, P’ from P and ; the constrained program retains the structure of P, but its actions are restricted by guards and augmented by assignments to certain auxiliary variables All fair executions of P’ produce and that any such execution corresponds to a fair execution of P ; hence, is a possible output of P.

6 Notations Box FairNatural integer n=0; total action :: n:=n+1 total method fnat ( x::integer ) :: x,n:=n,0 End {FairNatural} corresponds to total action to method fnat Safety and progress proof X is assigned only non- negative numbers and x is infinitely positive. Invariant x>=0 True x>0

7 Program P and specification S Any sequence that satisfies S may be obtained from any execution of P. Define infinite sequence of states =, … satisfies S. Following properties Initially p, p co Q and p q P( ) means that predicate p holds in state Sequence satisfies if it satisfies each and every property in S.

8

9

10

11

12

13

14

15

16

17

18

19 Faulty Channel : May lose messages, duplicate any message an unbounded (though finite) number of times, and permute the order of messages. For any point in the computation, it is given that not all messages beyond this point will be lost; otherwise, there can be no guarantee of any message transmission at all. Such a protocol can be studied (proved correct) by encoding the communication between the sender and the receiver using a maximal solution for the faulty channel We simulate a faulty channel using a bag b. The bag holds the messages that are to yet be delivered; it may hold several copies of the same message to simulate duplication, and the nature of a bag implements out-of-order delivery. To simulate message loss and duplication, we compute a count n whenever a message is added to b; the count is an arbitrary natural number, denoting the number of times that the message is to be delivered. If n = 0 for a message then it is immediately discarded (the message is lost), and for n exceeding 0 the message is added n times to b. In order to implement the requirement that not all messages are eventually lost, we require that n become non-zero periodically. Clearly, FairNatural can be used to compute n.

20 Conclusion Notion of Maximality, which rules out implementation with sufficient nondeterminism. A maximal program for a given specification has all the behaviors admitted by the specification. Proof methods may be used to show that a program admits a specific set of executions