© Katz, Spring 2004 CS236368 Formal SpecificationsLecture-- Lamport 1 Lamport ’s State Machines Formal Specifications of Complex Systems CS236368 Spring.

Slides:



Advertisements
Similar presentations
Models of Concurrency Manna, Pnueli.
Advertisements

CS3771 Today: deadlock detection and election algorithms  Previous class Event ordering in distributed systems Various approaches for Mutual Exclusion.
 Read about Therac-25 at  [  [
Concurrency: Mutual Exclusion and Synchronization Chapter 5.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
CSC321 Concurrent Programming: §3 The Mutual Exclusion Problem 1 Section 3 The Mutual Exclusion Problem.
Program correctness The State-transition model A global state S  s 0 x s 1 x … x s m {s k = local state of process k} S0  S1  S2  … Each state transition.
A Simple Critical Section Protocol There are N concurrent processes P 1,…,P N that share some data. A process accessing the shared data is said to execute.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 5: Process Synchronization.
Multiprocessor Synchronization Algorithms ( ) Lecturer: Danny Hendler The Mutual Exclusion problem.
Concurrent Programming James Adkison 02/28/2008. What is concurrency? “happens-before relation – A happens before B if A and B belong to the same process.
CH7 discussion-review Mahmoud Alhabbash. Q1 What is a Race Condition? How could we prevent that? – Race condition is the situation where several processes.
Sept COMP60611 Fundamentals of Parallel and Distributed Systems Lecture 12 The Critical Section problem John Gurd, Graham Riley Centre for Novel.
Chapter 3 The Critical Section Problem
Concurrency.
© Katz, 2007CS Formal SpecificationsLecture - Temporal logic 1 Temporal Logic Formal Specifications CS Shmuel Katz The Technion.
CS 582 / CMPE 481 Distributed Systems
© Katz, 2003 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.
Ordering and Consistent Cuts Presented By Biswanath Panda.
© Katz, Spring 2007 CS Formal SpecificationsLecture-- Lamport 1 Lamport ’s State Machines Formal Specifications of Complex Systems CS Shmuel.
© Katz, Spring 2004 CS Formal SpecificationsLecture-- Lamport 1 Lamport (cont.): A Lossy Queue Exactly like a regular one, but with one more allowed.
Katz Formal Specifications Larch 1 Algebraic Specification and Larch Formal Specifications of Complex Systems Shmuel Katz The Technion.
Introduction to Lock-free Data-structures and algorithms Micah J Best May 14/09.
Concurrency CS 510: Programming Languages David Walker.
Modeling Software Systems Lecture 2 Book: Chapter 4.
CS294, YelickSelf Stabilizing, p1 CS Self-Stabilizing Systems
© Katz, 2007 Formal Specifications of Complex Systems-- Real-time 1 Adding Real-time to Formal Specifications Formal Specifications of Complex Systems.
Concurrency in Distributed Systems: Mutual exclusion.
Lesson 6 Functions Also called Methods CS 1 Lesson 6 -- John Cole1.
Distributed Mutex EE324 Lecture 11.
1 Thread Synchronization: Too Much Milk. 2 Implementing Critical Sections in Software Hard The following example will demonstrate the difficulty of providing.
© 2009 Matthew J. Sottile, Timothy G. Mattson, and Craig E Rasmussen 1 Concurrency in Programming Languages Matthew J. Sottile Timothy G. Mattson Craig.
Formal Model for Simulations Instructor: DR. Lê Anh Ngọc Presented by – Group 6: 1. Nguyễn Sơn Hùng 2. Lê Văn Hùng 3. Nguyễn Xuân Hậu 4. Nguyễn Xuân Tùng.
Programming Paradigms for Concurrency Part 2: Transactional Memories Vasu Singh
CS4231 Parallel and Distributed Algorithms AY 2006/2007 Semester 2 Lecture 3 (26/01/2006) Instructor: Haifeng YU.
Lecture 6-1 Computer Science 425 Distributed Systems CS 425 / ECE 428 Fall 2013 Indranil Gupta (Indy) September 12, 2013 Lecture 6 Global Snapshots Reading:
Concurrency: Mutual Exclusion and Synchronization Chapter 5.
DISTRIBUTED ALGORITHMS AND SYSTEMS Spring 2014 Prof. Jennifer Welch CSCE
Program correctness The State-transition model A global states S  s 0 x s 1 x … x s m {s k = set of local states of process k} S0  S1  S2  Each state.
Hwajung Lee. The State-transition model The set of global states = s 0 x s 1 x … x s m {s k is the set of local states of process k} S0  S1  S2  Each.
Hwajung Lee. The State-transition model The set of global states = s 0 x s 1 x … x s m {s k is the set of local states of process k} S0  S1  S2  Each.
Physical clock synchronization Question 1. Why is physical clock synchronization important? Question 2. With the price of atomic clocks or GPS coming down,
Condition Testing. Condition testing is a test case design method that exercises the logical conditions contained in a program module. A simple condition.
1 Notation and Specification of Concurrency n Concurrency Topics  1. Sequential programming notation  2. Expressing concurrency with co and process 
Program Correctness. The designer of a distributed system has the responsibility of certifying the correctness of the system before users start using.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Presented by: Belgi Amir Seminar in Distributed Algorithms Designing correct concurrent algorithms Spring 2013.
Distributed systems. distributed systems and protocols distributed systems: use components located at networked computers use message-passing to coordinate.
CSE 486/586 CSE 486/586 Distributed Systems Global States Steve Ko Computer Sciences and Engineering University at Buffalo.
Hwajung Lee. Mutual Exclusion CS p0 p1 p2 p3 Some applications are:  Resource sharing  Avoiding concurrent update on shared data  Controlling the.
Agenda  Quick Review  Finish Introduction  Java Threads.
Introduction to distributed systems description relation to practice variables and communication primitives instructions states, actions and programs synchrony.
Process Synchronization Presentation 2 Group A4: Sean Hudson, Syeda Taib, Manasi Kapadia.
Chapter 5 Concurrency: Mutual Exclusion and Synchronization Operating Systems: Internals and Design Principles, 6/E William Stallings Patricia Roy Manatee.
Chapter 3 of Programming Languages by Ravi Sethi
CSCE 668 DISTRIBUTED ALGORITHMS AND SYSTEMS
Process Synchronization: Semaphores
PROTOCOL CORRECTNESS Tutorial 3 Theoretical
G.Anuradha Reference: William Stallings
Distributed Mutex EE324 Lecture 11.
Multiplying & Dividing Integers
CS60002: Distributed Systems
ITEC452 Distributed Computing Lecture 5 Program Correctness
Mutual Exclusion CS p0 CS p1 p2 CS CS p3.
Physical clock synchronization
Linear Time Properties
ITEC452 Distributed Computing Lecture 7 Mutual Exclusion
CIS 720 Lecture 5.
Distributed Systems and Concurrency: Synchronization in Distributed Systems Majeed Kassis.
Presentation transcript:

© Katz, Spring 2004 CS Formal SpecificationsLecture-- Lamport 1 Lamport ’s State Machines Formal Specifications of Complex Systems CS Spring 2004 Shmuel Katz The Technion titleBoth on mastertitleBoth on master

© Katz, Spring 2004 CS Formal SpecificationsLecture-- Lamport 2 Specifying Concurrent Modules Classic paper by Leslie Lamport, ACM TOPLAS, vol. 5, no. 2, 1983 Texual, parametric state machine Insight on overlapping, interference For concrete program unit, like Larch interface, but reactive assumes sequential data structures

© Katz, Spring 2004 CS Formal SpecificationsLecture-- Lamport 3 Open versus Closed systems A Closed system has all components inside the specification, and a simple interface to an Environment An Open system has “unknown” assignments, messages, events at any time. Much harder to specify and show correct, but sometimes necessary. When do operations take effect?

© Katz, Spring 2004 CS Formal SpecificationsLecture-- Lamport 4 Overlapping Can Be Tricky Initially x = 0 Execute x := x+1 in parallel with x:= x+2. What are the possible results? The answer can depend on what is considered ‘atomic’ Many systems today have multiple processes (sometimes with time sharing)

© Katz, Spring 2004 CS Formal SpecificationsLecture-- Lamport 5 Shared Memory Concurrency Multiple processes that change the same variables (operate over the same state) Have to consider what happens DURING an implementation....input/output is not enough. New issues: > waiting, > deadlock, > mutual exclusion, > starvation

© Katz, Spring 2004 CS Formal SpecificationsLecture-- Lamport 6 Basic set-up Have sets of atomic actions First part--for safety properties Later--temporal logic for liveness Get values of a state from State Functions, that take the state to a value. x:S --> V and at(c) are state functions. Since the domain is always the state, just write f:R where R is the range

© Katz, Spring 2004 CS Formal SpecificationsLecture-- Lamport 7 Parts of a Spec. State functions f1: R1, f2: R2,... Initial conditions I1, I2,... Properties P1, P2,.... If the initial state satisfies the initial conditions, all subsequent states satisfy the properties Pi, when examined through the state functions f j. If Pi is a regular logic predicate, asserts that it is an invariant of the system.

© Katz, Spring 2004 CS Formal SpecificationsLecture-- Lamport 8 Other ways of writing Pi A leaves unchanged f when Q >A: a set of actions >f: a state function >Q: a predicate >Means: if a is in A, and Q(s), s---> s’ then f(s ’) = f(s) TOP leaves unchanged stack >TOP is a set of actions, stack is a state function INREAR leaves unchanged front when ~empty

© Katz, Spring 2004 CS Formal SpecificationsLecture-- Lamport 9 Allowed Changes allowed changes to g1 when Q1 g2 when Q2 A1: R1 --> S Am: Rm --> Sm >gi: state functions, Qi: predicates >Ai: set of actions, Ri: predicate >Si: binary function on s, s’ pairs for any a taking s to s’, if Qi(s) and gi(s’) =/= gi(s), then for some j, a is in Aj, Rj(s), and Sj(s, s’ )

© Katz, Spring 2004 CS Formal SpecificationsLecture-- Lamport 10 Allowed Changes (cont.) “If it changes, it does so in one of these ways....” Does not force change--for safety only Assume that the condition for activating is made false by the change, so we won ’t just keep repeating the same action. Use f and f’ instead of f(s) and f(s’) Assume gj’ = gj if gj’ is not in Si allowed changes to stack POP: | stack| > 0 --> stack = out’ stack’

© Katz, Spring 2004 CS Formal SpecificationsLecture-- Lamport 11 Procedures and Parameter Passing Modules with procedures Can have several procedures active at once, but only one copy of each. Parameters are passed in a global variable (on purpose to show problems) SUB is in MOD, calls are from outside MOD SUB.PAR : state function for the parameter at(SUB) = control is at beginning of SUB after(SUB) = control just after last of SUB in(SUB) = control is in SUB (including at the beginning, but NOT the exit point

© Katz, Spring 2004 CS Formal SpecificationsLecture-- Lamport 12 module SQ with sub SQUARE All of SUB with SQUARE substituted state function val: Integer at(SQUARE) ==> val = SQUARE.PAR after(SQUARE) ==> SQUARE.PAR = val unchanged val when in(SQUARE) (Above are safety properties only-- need separate guarantee of progress/ liveness)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.