1 IOA: Distributed Algorithms  Distributed Programs Nancy Lynch PODC 2000 Collaborators: Steve Garland, Josh Tauber, Anna Chefter, Antonio Ramirez, Michael.

Slides:

Advertisements

Similar presentations

Formal Methods in Software Engineering

Advertisements

Impossibility of Distributed Consensus with One Faulty Process

Semantics Static semantics Dynamic semantics attribute grammars

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Specification, Partitioning, and Composition Techniques for Web Applications in the Context of Event-B Abdolbaghi Rezazadeh Michael Butler University of.

Presenter: PCLee VLSI Design, Automatic and Test, (VLSI-TSA-DAT).

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

Modeling and Analyzing Security Protocols using I/O Automata Nancy Lynch, MIT CSAIL DIMACS Security Workshop June 7, 2004.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

1 Linear Bounded Automata LBAs. 2 Linear Bounded Automata are like Turing Machines with a restriction: The working space of the tape is the space of the.

Component-Level Design

An Introduction to Input/Output Automata Qihua Wang.

Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.

Conformance Simulation Relation ( ) Let and be two automata over the same alphabet simulates () if there exists a simulation relation such that Note that.

1 An Inheritance-Based Technique for Building Simulation Proofs Incrementally Idit Keidar, Roger Khazan, Nancy Lynch, Alex Shvartsman MIT Lab for Computer.

Describing Syntax and Semantics

© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.

System-Level Types for Component-Based Design Paper by: Edward A. Lee and Yuhong Xiong Presentation by: Dan Patterson.

Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.

Chapter 8 Asynchronous System Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.

Implementation Yaodong Bi. Introduction to Implementation Purposes of Implementation – Plan the system integrations required in each iteration – Distribute.

Modeling Process CSCE 668Set 14: Simulations 2 May be several algorithms (processes) runs on each processor to simulate the desired communication system.

Chapter 1 Introduction Dr. Frank Lee. 1.1 Why Study Compiler? To write more efficient code in a high-level language To provide solid foundation in parsing.

Lecture #12 Distributed Algorithms (I) CS492 Special Topics in Computer Science: Distributed Algorithms and Systems.

Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.

SOFTWARE DESIGN.

1 IOA: Mathematical Models  Distributed Programs Nancy Lynch November 15, 2000 Collaborators: Steve Garland, Josh Tauber, Anna Chefter, Antonio Ramirez,

Low-Level Detailed Design SAD (Soft Arch Design) Mid-level Detailed Design Low-Level Detailed Design Design Finalization Design Document.

ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.

Introduction CS 3358 Data Structures. What is Computer Science? Computer Science is the study of algorithms, including their  Formal and mathematical.

Lyra – A service-oriented and component-based method for the development of communicating systems (by Sari Leppänen, Nokia/NRC) Traditionally, the design,

Timed I/O Automata: A Mathematical Framework for Modeling and Analyzing Real-Time Systems Frits Vaandrager, University of Nijmegen joint work with Dilsun.

6.852: Distributed Algorithms Spring, 2008 Class 13.

Natallia Kokash (Accepted for PACO’2011) ACG, 31/05/ Input-output conformance testing for channel-based connectors 1.

Requirements Specification. Welcome to Software Engineering: “Requirements Specification” “Requirements Specification”  Verb?  Noun?  “Specification”

Programming Languages and Design Lecture 3 Semantic Specifications of Programming Languages Instructor: Li Ma Department of Computer Science Texas Southern.

1 Modeling and Analyzing Distributed Systems Using I/O Automata Nancy Lynch, MIT Draper Laboratory, IR&D Mid-Year Meeting December 11, 2002.

1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.

ECSE Software Engineering 1I HO 4 © HY 2012 Lecture 4 Formal Methods A Library System Specification (Continued) From Specification to Design.

Algorithms 1.Notion of an algorithm 2.Properties of an algorithm 3.The GCD algorithm 4.Correctness of the GCD algorithm 5.Termination of the GCD algorithm.

1 Theory of Distributed Systems (TDS) Group Leaders: Nancy Lynch, Idit Keidar PhD students: Victor Luchangco, Josh Tauber, Roger Khazan, Carl Livadas,

© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.

© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.

1 Linear Bounded Automata LBAs. 2 Linear Bounded Automata (LBAs) are the same as Turing Machines with one difference: The input string tape space is the.

Principle of Programming Lanugages 3: Compilation of statements Statements in C Assertion Hoare logic Department of Information Science and Engineering.

Shinya Umeno Nancy Lynch’s Group CSAIL, MIT TDS seminar September 18 th, 2009 Machine-Assisted Parameter Synthesis of the Biphase Mark Protocol Using Event.

Chapter 8 Asynchronous System Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.

Chapter 1 Software Engineering Principles. Problem analysis Requirements elicitation Software specification High- and low-level design Implementation.

1 Modeling and Analyzing Fault-Tolerant, Real-Time Communication Protocols Nancy Lynch Theory of Distributed Systems MIT Second MURI Workshop Berkeley,

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

ECE/CS 584: Verification of Embedded Computing Systems Model Checking Timed Automata Sayan Mitra Lecture 09.

September 1999Compaq Computer CorporationSlide 1 of 16 Verification of cache-coherence protocols with TLA+ Homayoon Akhiani, Damien Doligez, Paul Harter,

1 Reliable Group Communication: a Mathematical Approach Nancy Lynch Theory of Distributed Systems MIT LCS Kansai chapter, IEEE July 7, 2000 GC …

Mathematical Models and Proof/Analysis Methods for Timing-Based Systems And… Their Application to Communication, Fault-Tolerant Distributed Computing,

Copyright 1999 G.v. Bochmann ELG 7186C ch.1 1 Course Notes ELG 7186C Formal Methods for the Development of Real-Time System Applications Gregor v. Bochmann.

1 Compositional Design and Analysis of Timing-Based Distributed Algorithms Nancy Lynch Theory of Distributed Systems MIT Third MURI Workshop Washington,

1 Modeling and Analyzing Distributed Systems Using I/O Automata Nancy Lynch, MIT Draper Laboratory, IR&D Kickoff Meeting Aug. 30, 2002.

Principles of Programming & Software Engineering

Chapter 0: Introduction

PROPERTIES OF REGULAR LANGUAGES

Chryssis Georgiou, University of Cyprus Peter Musial, VeroModo, Inc.

An explicit state model checker

IOA Code Generator (Making IOA Run)

Sub-system interfaces

Lecture One: Automata Theory Amjad Ali

Modeling and Analysis of Complex Computational Systems

Presentation transcript:

1 IOA: Distributed Algorithms  Distributed Programs Nancy Lynch PODC 2000 Collaborators: Steve Garland, Josh Tauber, Anna Chefter, Antonio Ramirez, Michael Tsai, Mandana Vaziri, Tina Nolte I O A

2 What we want to do: See how abstract I/O automaton models of distributed algorithms and services could be used in producing and maintaining actual distributed programs.

3 Why use models in programming? Models let you: –Build complex things and get them right –Change things and understand the consequences –Explain clearly how things work Other engineering disciplines use them

4 But why I/O automaton models? Simple mathematical basis for describing structure + behavior of systems of interacting components Already used for: –Distributed algorithms, impossibility results –System case studies: Group communication services (Orca, Transis, Ensemble,…) Communication protocols (TCP, T/TCP,…) Hybrid (continuous/discrete) systems (TCAS,…)

5 I/O automata [Lynch, Tuttle 87] Nondeterministic state machines Infinite state Input/output/internal actions Transitions, executions, traces Supports modularity: –Composition –Levels of abstraction Mathematical model, language-independent

6 Model service specs, distributed algorithms Refine, from high level global service spec to detailed distributed algorithm: Make models as nondeterministic as possible Prove correctness, using invariants, simulation relations, composition How I/O automata are used

7 TO Broadcast Service Spec [Fekete, Lynch, Shvartsman, PODC 97] Signature: input: broadcast(a,p) output: receive(a,p,q) internal: order(a,p) State: queue, sequence of (a,p), initially empty for each p: pending[p], sequence of a, initially empty next[p], positive integer, initially 1 TO

8 TO Broadcast Transitions : broadcast(a,p) Effect: append a to pending[p] order(a,p) Precondition: a is head of pending[p] Effect: remove head of pending[p]; append (a,p) to queue receive(a,p,q) Precondition: queue[next[q]] = (a,p) Effect: next[q] := next[q] + 1

9 IOA Language [Garland, Lynch 97] Programming/specification language for defining I/O automata Similar to pseudocode Explicitly describes : –Signature, structured state, precondition/effects –Nondeterministic choice, composition, invariants, levels of abstraction Declarative + imperative For proofs For simulation, code generation I O A

10 IOA Tools Front end: Parser, static checker, intermediate Java representation [Garland, Ramirez] Support for: –Composing models [Chefter 98] [Garland, Lynch] –Refining models, from global specification to low-level distributed algorithm model: Step correspondence [Ramirez 00]

11 IOA Tools Prototype code generator, for generating distributed code from low-level distributed algorithm models [Tauber, Tsai] Validation tools: –Simulator [Chefter 98] [Ramirez 00] Paired simulation: –Theorem-prover interfaces: PVS [Devillers], Isabelle? LP? NuPRL? [Nolte] –Automatic?

12 Modeling Projects Distributed spanning tree algorithms [Luhrs, Nolte] Distributed replicated data management algorithms: Lamport state machines; Attiya, Bar-Noy, Dolev, … [Dean, Karlovich, Rosen] Future: –Practical communication protocols, services –Interacting Java objects

13 TLA and IOA TLA and IOA both: –Use precondition/effect style –Support nondeterministic choice –Support similar kinds of assertional proofs TLA: –Is typeless –Is declarative –Has good automatic tools IOA: –Uses Larch Shared Language data types –Declarative + imperative –Emphasizes system decomposition