CIS 720 Lecture 4.

Slides:

Advertisements

Similar presentations

1 Reasoning with Promela Safety properties bad things do not happen can check by inspecting finite behaviours Liveness properties good things do eventually.

Advertisements

The "if structure" is used to execute statement(s) only if the given condition is satisfied.

50.530: Software Engineering Sun Jun SUTD. Week 13: Rely-Guarantee Reasoning.

Virtual Time “Virtual Time and Global States of Distributed Systems” Friedmann Mattern, 1989 The Model: An asynchronous distributed system = a set of processes.

CIS 720 Lecture 2. Concurrency …shared variable declaration…. …shared variable initialization… co P 1 // P 2 // P 3 // P 4 oc Execution of P 1 … P 4 starts.

Reduction, abstraction, and atomicity: How much can we prove about concurrent programs using them? Serdar Tasiran Koç University Istanbul, Turkey Tayfun.

Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.

Multiprocessor Synchronization Algorithms ( ) Lecturer: Danny Hendler The Mutual Exclusion problem.

Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 12 The Critical Section problem John Gurd, Graham Riley Centre for Novel.

CIS 720 Mutual Exclusion. Critical Section problem Process i do (true) entry protocol; critical section; exit protocol; non-critical section od.

PZ12A Programming Language design and Implementation -4th Edition Copyright©Prentice Hall, PZ12A - Guarded commands Programming Language Design.

Quiz 9 Chapter 13 Note the two versions A & B Nov

VIDE Integrated Environment for Development and Verification of Programs.

Discrete Mathematics Lecture 4 Harper Langston New York University.

TR1413: INTRO TO DISCRETE MATHEMATICS LECTURE 2: MATHEMATICAL INDUCTION.

Lecture 4 Discrete Mathematics Harper Langston. Algorithms Algorithm is step-by-step method for performing some action Cost of statements execution –Simple.

Verifying a Wait Free Register Algorithm Using Assertional Reasoning Xu Qiwen Faculty of Science and Technology University of Macau.

Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 15 More Advanced Program Properties: Temporal logic and jSpin John Gurd,

Program Correctness. 2 Program Verification An object is a finite state machine: –Its attribute values are its state. –Its methods optionally: Transition.

Lecture 6-1 Computer Science 425 Distributed Systems CS 425 / ECE 428 Fall 2013 Indranil Gupta (Indy) September 12, 2013 Lecture 6 Global Snapshots Reading:

Logical Reasoning:Proof Prove the theorem using the basic axioms of algebra.

Mutual Exclusion Using Atomic Registers Lecturer: Netanel Dahan Instructor: Prof. Yehuda Afek B.Sc. Seminar on Distributed Computation Tel-Aviv University.

CIS 720 Correctness of Concurrent Programs. i := 1 max := A[1] do i < n  i = i + 1 if (max < A[i]) max = A[i] od.

From … to Induction CS 270 Math Foundations of CS Jeremy Johnson.

CIS 720 Lecture 5. Techniques to avoid interference Disjoint variables –If the write set of each process is disjoint from the read and write set of other.

Presented by: Belgi Amir Seminar in Distributed Algorithms Designing correct concurrent algorithms Spring 2013.

A Calculus of Atomic Actions Tayfun Elmas, Shaz Qadeer and Serdar Tasiran POPL ‘ – Seminar in Distributed Algorithms Cynthia Disenfeld 27/05/2013.

Program Analysis and Verification

1 Computer Algorithms Tutorial 2 Mathematical Induction Some of these slides are courtesy of D. Plaisted et al, UNC and M. Nicolescu, UNR.

5-5 Indirect Proof. Indirect Reasoning: all possibilities are considered and then all but one are proved false. The remaining possibility must be true.

Software Verification 1 Deductive Verification Prof. Dr. Holger Schlingloff Institut für Informatik der Humboldt Universität und Fraunhofer Institut.

11.7 – Proof by Mathematical Induction

EQUATION IN TWO VARIABLES:

CSE 311: Foundations of Computing

What I Teach (Do what I say, not what I do)

Self-stabilization.

Mathematical Structures for Computer Science Chapter 1

Atomicity, Non-determinism, Fairness

Notes 9.5 – Mathematical Induction

Lecture 19 Syed Mansoor Sarwar

Logic for Computer Security Protocols

CIS 720 Mutual Exclusion 2.

IS 2150 / TEL 2810 Introduction to Security

Invariant Based Methodology

Chapter 11: Further Topics in Algebra

CIS 720 Lecture 5.

Program correctness Axiomatic semantics

CIS 720 Lecture 6.

COMP60621 Designing for Parallelism

CIS 720 Lecture 4.

CIS 720 Lecture 4.

CIS 720 Lecture 3.

Chapter 2 Sets Active Learning Lecture Slides

CIS 720 Lecture 3.

' · · ,.-.., '' !'",. -,..._ ·-.·-...;.· -

CIS 720 Lecture 5.

CIS 720 Lecture 2.

IS 2150 / TEL 2810 Introduction to Security

CIS825 Lecture 5 1.

CIS 720 Lecture 4.

If there is any case in which true premises lead to a false conclusion, the argument is invalid. Therefore this argument is INVALID.

CIS 720 Lecture 2.

CIS 720 Mutual Exclusion 2.

IS 2150 / TEL 2810 Information Security & Privacy

CIS 720 Lecture 4.

If there is any case in which true premises lead to a false conclusion, the argument is invalid. Therefore this argument is INVALID.

Program Analysis and Verification

11.4 Mathematical Induction

Program Correctness an introduction.

Presentation transcript:

CIS 720 Lecture 4

Concurrency rule for all i, { Pi } Si { Qi } { P1 /\ …. /\ Pn } co S1 // …. // Sn oc { Q1 /\ …. /\ Qn}

{true} {true} x = 0; y = 1; x = 0; co co x = 1 x = x + 1 // // y = y + 1 x = x + 2 oc oc { x = 0 /\ y = 1} { x = 0} {x = 0} {x = 0} {x = 1} {x = 1} {y = 1} {x = 0} {y = 2} {x = 2} { x = 1 /\ y = 2} { x = 0 /\ x = 2}

Interference freedom Let a be a statement and C be an assertion. NI(a, C) iff { pre(a) /\ C } a { C } Execution of a does not invalidates (or interferes) with C. {pre(a) /\ C a C

{ Pi } Si { Qi }, for all i, are interference free if for all assertions C in proof outline of Si, for all actions a in Sj, i != j NI(a, C) holds

Concurrency rule { Pi } Si { Qi } are interference free { P1 /\ …. /\ Pn } co S1 // …. // Sn { Q1 /\ …. /\ Qn}

x= 0; co x = x + 1 // x = x + 2 od

Techniques to avoid interference Disjoint variables If the write set of each process is disjoint from the read and write set of other processes, then the proof outlines will be interference free.

Avoiding interference Global Invariants: Assume that every assertion in the proof outline of Pi is of the form I /\ L, where L refers to local variables of Pi or to variables that only Pi writes. - Then the proof outlines will be interference free.

Concurrency rule for all i, { I} Si { I } { I } co S1 // …. // Sn { I}

x = 0 ; y = 0; z = 0 co x = 1 y := 1 // if y = 1  z = 1 oc

x = 0 ; y = 0; z = 0 co x = 1 y := 1 // if y = 1  z = 1 oc

Avoiding interference Synchronization

Bank transactions co // Transfer(x,y,am): Auditor: ac[x] = ac[x] – am; total = 0; i = 0; ac[y] = ac[y] + am do i < n total = total + ac[i] i = i + 1 od oc

Avoiding interference Synchronization Await Statement rule {P /\ B } S {Q} {P} < await(B)  S > {Q} { y > 0 } y := x { x > 0 } { true } await(y > 0)  y := x { x > 0 }

b = false x = 0 ; y = 0; z = 0 co x = x + 1 b := true z = x + 3 // < await b  y = x > oc

b = false x = 0 ; y = 0; z = 0 co x = x + 1 b := true z = x + 3 // < await b  y = x > oc (I /\ x = 1 /\ not b) /\ (I /\ b) false

Bank transactions total = 0; i = 0; co // Transfer(x,y,am): Auditor: < await( (i < x /\ i < y) \/ {A1: Total = ac[1]+….+ac[i] } (i > x /\ i > y)) do i < n  ac[x] = ac[x] – am; i = i + 1 ac[y] = ac[y] + am > total = total + ac[i] od oc

Bank transactions co // Transfer(x,y,am): Auditor: if < await(!auditon)  ac[x] = ac[x] – am; auditon = 1; total = 0; i = 0; ac[y] = ac[y] + am > [] do i < n <await (auditon && ( (x < i && y < i) ||(x > i && y > i))) total = total + ac[i]  ac[x] = ac[x] – am; ac[y] = ac[y] + am> i = i + 1 fi od auditon = 0 oc