1 Modeling and Analyzing Distributed Systems Using I/O Automata Nancy Lynch, MIT Draper Laboratory, IR&D Kickoff Meeting Aug. 30, 2002.

Slides:



Advertisements
Similar presentations
Impossibility of Distributed Consensus with One Faulty Process
Advertisements

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Timed Automata.
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
1 Mechanical Verification of Timed Automata Myla Archer and Constance Heitmeyer Presented by Rasa Bonyadlou 24 October 2002.
HSCC 03 MIT LCS Safety Verification of Model Helicopter Controller Using Hybrid Input/Output Automata Sayan Mitra MIT Hybrid Systems: Computation and Control.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Modeling and Analyzing Security Protocols using I/O Automata Nancy Lynch, MIT CSAIL DIMACS Security Workshop June 7, 2004.
Software Requirements Engineering
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL Research Qualifying Exam 20 th December.
1 Stability of Hybrid Automata with Average Dwell Time: An Invariant Approach Daniel Liberzon Coordinated Science Laboratory University of Illinois at.
Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.
Ordering and Consistent Cuts Presented By Biswanath Panda.
An Introduction to Input/Output Automata Qihua Wang.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
1 An Inheritance-Based Technique for Building Simulation Proofs Incrementally Idit Keidar, Roger Khazan, Nancy Lynch, Alex Shvartsman MIT Lab for Computer.
Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 2 – Distributed Systems.
Formal verification Marco A. Peña Universitat Politècnica de Catalunya.
Chapter 8 Asynchronous System Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.
ECE/CS 584: Hybrid Automaton Modeling Framework Executions, Reach set, Invariance Lecture 03 Sayan Mitra.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.
A Simple Method for Extracting Models from Protocol Code David Lie, Andy Chou, Dawson Engler and David Dill Computer Systems Laboratory Stanford University.
Modeling Process CSCE 668Set 14: Simulations 2 May be several algorithms (processes) runs on each processor to simulate the desired communication system.
Lecture #12 Distributed Algorithms (I) CS492 Special Topics in Computer Science: Distributed Algorithms and Systems.
Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.
1 Program Correctness CIS 375 Bruce R. Maxim UM-Dearborn.
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
Transformation of Timed Automata into Mixed Integer Linear Programs Sebastian Panek.
High Performance Embedded Computing © 2007 Elsevier Chapter 1, part 2: Embedded Computing High Performance Embedded Computing Wayne Wolf.
1 IOA: Mathematical Models  Distributed Programs Nancy Lynch November 15, 2000 Collaborators: Steve Garland, Josh Tauber, Anna Chefter, Antonio Ramirez,
Chapter 14 Asynchronous Network Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.
Timed I/O Automata: A Mathematical Framework for Modeling and Analyzing Real-Time Systems Frits Vaandrager, University of Nijmegen joint work with Dilsun.
1 Modeling and Analyzing Distributed Systems Using I/O Automata Nancy Lynch, MIT Draper Laboratory, IR&D Mid-Year Meeting December 11, 2002.
1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.
Hybrid Input/Output Automata: Theory and Applications
ECE/CS 584: Hybrid Automaton Modeling Framework Invariance, Abstractions, Simulation Lecture 04 Sayan Mitra.
1 IOA: Distributed Algorithms  Distributed Programs Nancy Lynch PODC 2000 Collaborators: Steve Garland, Josh Tauber, Anna Chefter, Antonio Ramirez, Michael.
1 I/O Automaton Models: Basic, Timed, Hybrid, Probabilistic, Etc. Nancy Lynch, Dilsun Kirli, MIT University of Illinois, Urbana-Champaign, MURI Meeting.
CSCI1600: Embedded and Real Time Software Lecture 11: Modeling IV: Concurrency Steven Reiss, Fall 2015.
Course: COMS-E6125 Professor: Gail E. Kaiser Student: Shanghao Li (sl2967)
Chapter 8 Asynchronous System Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.
1 Modeling and Analyzing Fault-Tolerant, Real-Time Communication Protocols Nancy Lynch Theory of Distributed Systems MIT Second MURI Workshop Berkeley,
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
ECE/CS 584: Verification of Embedded Computing Systems Model Checking Timed Automata Sayan Mitra Lecture 09.
From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.
Mathematical Models and Proof/Analysis Methods for Timing-Based Systems And… Their Application to Communication, Fault-Tolerant Distributed Computing,
From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.
CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.
1 Compositional Design and Analysis of Timing-Based Distributed Algorithms Nancy Lynch Theory of Distributed Systems MIT Third MURI Workshop Washington,
I/O Automaton Models: Basic, Timed, Hybrid, Probabilistic, Etc.
Unified Modeling Language
Chryssis Georgiou, University of Cyprus Peter Musial, VeroModo, Inc.
Recall The Team Skills Analyzing the Problem (with 5 steps)
Logical architecture refinement
CSCE 668 DISTRIBUTED ALGORITHMS AND SYSTEMS
Unified Modeling Language
6.852: Distributed Algorithms Spring, 2008
Internet of Things A Process Calculus Approach
ECE/CS 584: Hybrid Automaton Modeling Framework Simulations and Composition Lecture 05 Sayan Mitra.
IMPORTANT NOTICE TO STUDENTS:
IOA Code Generator (Making IOA Run)
Analysis models and design models
Lecture 8 Processes and events Local and global states Time
Design Yaodong Bi.
From Use Cases to Implementation
Modeling and Analysis of Complex Computational Systems
Presentation transcript:

1 Modeling and Analyzing Distributed Systems Using I/O Automata Nancy Lynch, MIT Draper Laboratory, IR&D Kickoff Meeting Aug. 30, 2002

2 Modeling using I/O Automata Mathematical, infinite-state, automaton models. Describe states, transitions. Describe system modularity: –Parallel composition of interacting components. –Levels of abstraction. Example: Generic distributed system: –Diagram represents interfaces only. –IOA models also describe behavior. –Abstract models for system components. –Channel: Implemented by TCP, modeled as reliable FIFO queue. –Node: Implemented by C++ or Java program, modeled as simple algorithm automaton.

3 Reliable FIFO Channel Model Signature: –Inputs: send(m), m in M –Outputs: receive(m), m in M States: –queue, a finite sequence of elements of M, initially empty Transitions: –send(m) Effect: Add m to end of queue –receive(m) Precondition: m is first on queue Effect: remove first element of queue Channel(M) send(m)receive(m)

4 Levels of Abstraction Used in system development by successive refinement. Top level: Specification for allowed behaviors. Can write in same automaton style. Refine through many levels, to code-like, detailed description. Example: Group communication: –Automata used to represent totally-ordered reliable broadcast service, group communication service, and algorithm. –Composition of algorithm and GCS automata implements TO-Bcast automaton. –Continue, implementing GCS in terms of lower-level network. TO-Bcast GCS

5 Flavors of I/O Automaton Models Ordinary, basic IOAs deal with: –What happens, in what order (not when). –Discrete events (not continuous behavior). Timing: TIOA –For describing timeout-based algorithms. –Local clocks, clock synchronization. –Timing/performance analysis. Hybrid (continuous/discrete): HIOA –Systems with real world + computer components –Vehicle control: ground, air, space –Embedded systems

6 What are these models good for? System documentation/specification –High-level, precise, reasonably easy to understand. Design validation: –Simulation of system behavior –Stating and proving correctness theorems. Manually, or with interactive theorem-provers. –Finite-state exploration, for debugging, for complete analysis of small pieces, small cases, small abstractions. Top-down system development Code validation: –Models as templates for code –Demonstrate consistency between model, code –Generate code automatically from low-level models?

7 In the remaining minutes: I/O Automata –What they are (math) –Applications: Distributed algorithms, systems –Tool support: IOA language and toolset Timed I/O Automata –What they are –Applications: Communication, performance analysis Hybrid I/O Automata –What they are –Applications: Safety-critical systems

8 I/O Automata (IOA) Static description: –Actions a (input, output, internal) –States s, start states –Transitions (s, a, s'); input actions enabled in all states. Dynamic description: –Execution: s 0 a 1 s 1 a 2 s 2 … –Trace: Sequence of input and output actions; externally visible behavior. –A implements B: traces(A)  traces(B). Operations for building automata: –Parallel composition, identifying inputs and outputs. –Action hiding. Reasoning methods: –Invariant assertions: Property holds in all reachable states. –Simulation relations: Imply one automaton implements another. –Compositional methods

9 Example Applications Theoretical distributed algorithms: –Mutual exclusion, Byzantine agreement, atomic object implementation, resource allocation, data management… Distributed systems: –Orca DSM system: Two-layer model, following the implementation. Found, fixed logical error. Proofs. –Transis group communication system: Models for key layers. Proofs. Algorithmic improvements. –Ensemble GC system: Models for key layers. Found, fixed logical error. Proofs. Algorithms for dynamic networks (new): –RAMBO reconfigurable atomic memory algorithm –Dynamic atomic broadcast algorithm

10 IOA Language + Toolset Formally-defined programming/modeling language for describing and analyzing systems modelled as I/O automata. Current tools: Simulator, connection to theorem- prover. In progress: Invariant detector, connections to other theorem-provers, automatic code generator. Steve Garland will say more. I O A

11 Timed I/O Automata (TIOA) Add special time-passage actions, pass(t), to IOA model. Example: Reliable FIFO channel that always delivers messages within time d. –send(m) Effect: Add (m, now + d) to end of queue –receive(m) Precondition: (m,u) is first on queue (for some u) Effect: remove first element of queue –pass(t) Precondition: for all (m,u) in queue, now + t  u Effect: now := now + t Can use standard automaton-based reasoning methods: –Invariant: for all (m,u) in queue, now  u  now + d. –Inductive proofs.

12 Example Applications Theoretical distributed algorithms: –Mutual exclusion, consensus,… Timeout-based communication protocols: –TCP,… Group communication systems: –Using GCS to build TO-Bcast: Conditional performance analysis. –Scalable GCS: Performance analysis. –R AMBO : Performance analysis. Hybrid (continuous/discrete) systems: –Toy examples: RR crossing, steam boiler controller –Stretched TIOA capabilities; motivated HIOA.

13 Hybrid I/O Automata (HIOA) TIOA plus facilities for representing continuous behavior. Static description: –States: input, output, internal variables; start states –Actions: input, output, internal –Discrete steps (s, a, s') –Trajectories , mapping time intervals to states Dynamic description: –Execution  0 a 1  1 a 2  2 … –Trace: Project on external variables, external actions. –A implements B if traces(A)  traces(B). Operations: Composition, hiding Reasoning methods: Invariants, simulation relations, compositional methods

14 Example Applications Ground transportation: –People-mover (Raytheon) –California PATH automated highway system: Analysis of platoon maneuvers. Aircraft control: –TCAS (Lincoln Labs): Models, proofs. –Quanser helicopter system (MIT Aero/Astro). Spacecraft, …: –ACME

15 TCAS model Aircraft Pilot Channel Conflict resolver Conflict detector Sensor Aircraft Conflict detector Conflict resolver Pilot Channel

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.