Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mathematical Models and Proof/Analysis Methods for Timing-Based Systems And… Their Application to Communication, Fault-Tolerant Distributed Computing,

Published byCorey Hodge Modified over 8 years ago

Similar presentations

Presentation on theme: "Mathematical Models and Proof/Analysis Methods for Timing-Based Systems And… Their Application to Communication, Fault-Tolerant Distributed Computing,"— Presentation transcript:

1 Mathematical Models and Proof/Analysis Methods for Timing-Based Systems And… Their Application to Communication, Fault-Tolerant Distributed Computing, and Hybrid Systems Nancy Lynch Theory of Distributed Systems MIT Laboratory for Computer Science

2 PI: Nancy Lynch Research Associates: John Lygeros, Alex Shvartsman Collaborators: Myla Archer, Mike Branicky, Alan Fekete, Steve Garland, Frans Kaashoek, Butler Lampson, Sergio Rajsbaum, Roberto Segala, Nir Shavit, Frits Vaandrager Students: Anna Chefter, Oleg Cheiner, Gio della Libera, Roberto De Prisco, Katya Dolginova, Gunnar Hoest, Henrik Jensen, Roger Khazan, Carl Livadas, Victor Luchangco, Tsvetomir Petrov, Anna Pogosyants, Mark Smith, Josh Tauber, Mandana Vaziri, H. B. Weinberg

3 OVERVIEW Math models, proof methods, for complex distributed algorithms. Infinte-state machines, shared action communication: I/O automata [Lynch, Tuttle]; Timed I/O automata [Lynch, Vaandrager]; Composition, invariant assertions, levels of abstraction Timing analysis System decomposition Impact: Careful descriptions, proofs. Raised standards. Helped unify field. DARPA project: Extend models, metgods to practical applications: Communication, fault-tolerant distributed computing, hybrid systems.

4 HIGHLIGHTS A. Models and Proof Methods Computer-aided verification of invariants and simulation relations [Garland, Archer, Jensen, Luchangco, Petrov] Timed I/O automata and liveness properties [Gawlick, Lynch, Segala, Sogaard-Andersen] Clock Automata [De Prisco, Lynch] Hybrid I/O automata, invariants, simulation relations [Lynch, Segala, Vaandrager, Weinberg] Abstraction to finite-state systems [Jensen]

5 B. TCP, T/TCP [Smith; Clark, Lynch] TCP: T/TCP: Specified service, using I/O automata. Modelled TCP protocol with unbounded UIDs. Proved correctness, using invariants, simulation relations. Modelled TCP with bounded UIDs, using timed I/O automata. Identified needed timing assumptions (more than in TCP specs) Proved correctness, using invariants, simulation to unbounded TCP. Modelled T/TCP using timed automata. Tried to show simulation relation from T/TCP to TCP. Failed. Showed impossibility result. Gave weaker spec.

6 C. Group Communication Services [De Prisco, Fekete, Khazan, Lynch, Shvartsman] Uses: Load-balancing, communication, coherent shared memory VS (“view-synchrony”) service definition: Group membership VS state machine, VS performance/fault-tolerant property Used VS to implement TO-broadcast; spec, proofs. New: Most invariants proved using PVS [Archer] VS implementation model, proofs [Fekete, Lesley] Adaptive TO-bcast [Chockler] Load balancing application [Khazan] Dynamic view-synchrony [De Prisco, Fekete, Lynch, Shvartsman] DVS service spec, implementation, application to TO, proofs.

7 D. Other Distributed System Building Blocks Orca [Fekete, Kaashoek, Lynch] Quorom-based broadcast-convergecast service [Lynch, Shvartsman] Transformation of fault-tolerant algorithms [Borowsky, Gafni, Lynch, Rajsbaum] Eventually Serializable Data Services [Fekete, Luchangco, Lynch, Shvartsman] Paxos [De Prisco, Lampson, Lynch]

8 E. Automated Transportation TIOA -> HIOA, for hybrid (continuous/discrete) systems: State machine with continuous trajectories. Shared action and shared variables. Composition, invariants, abstraction. Deceleration maneuvers [Weinberg, Lynch] Acceleration maneuver, using levels of abstraction [Lynch] Vehicle protection systems (Raytheon) [Weinberg, Livadas, Delisle, Lynch] Platoon safety (PATH - Berkeley): Single collisions [Branicky, Dolginova, Lynch]; Multiple collisions [Lygeros, Lynch] Aircraft control (Lincoln Labs, TASC, Honeywell, NASA Langley): TCAS model, preliminary theorems [Lygeros, Livadas, Lynch] Center TRACON landing protocol model [Lygeros et al].

9 F. IOA [Chefter, Garland, Lynch Tauber, Vaziri] Language, tools to support modelling, proofs, use in distributed system software development. IOA Language: Describes I/O automata; Transition definitions with preconditions/effects; Axiomatic data types; Operational and axiomatic styles; Nondeterminism; Expresses composition, invariants, abstraction. IOA Toolset: Parser, static semantic checker; Support for composition, abstraction; Interface to theorem-provers, model- checkers; Simulator; Paired simulation; Code generator; Node, channel automata; Abstract channels.

Download ppt "Mathematical Models and Proof/Analysis Methods for Timing-Based Systems And… Their Application to Communication, Fault-Tolerant Distributed Computing,"

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
LIFE CYCLE MODELS FORMAL TRANSFORMATION

LIFE CYCLE MODELS FORMAL TRANSFORMATION
HSCC 03 MIT LCS Safety Verification of Model Helicopter Controller Using Hybrid Input/Output Automata Sayan Mitra MIT Hybrid Systems: Computation and Control.

HSCC 03 MIT LCS Safety Verification of Model Helicopter Controller Using Hybrid Input/Output Automata Sayan Mitra MIT Hybrid Systems: Computation and Control.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Modeling and Analyzing Security Protocols using I/O Automata Nancy Lynch, MIT CSAIL DIMACS Security Workshop June 7, 2004.

Modeling and Analyzing Security Protocols using I/O Automata Nancy Lynch, MIT CSAIL DIMACS Security Workshop June 7, 2004.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
CS 355 – Programming Languages

CS 355 – Programming Languages
1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture 05.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.

An Integration of Program Analysis and Automated Theorem Proving Bill J. Ellis & Andrew Ireland School of Mathematical & Computer Sciences Heriot-Watt.
1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL Research Qualifying Exam 20 th December.

1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL Research Qualifying Exam 20 th December.
1 Stability of Hybrid Automata with Average Dwell Time: An Invariant Approach Daniel Liberzon Coordinated Science Laboratory University of Illinois at.

1 Stability of Hybrid Automata with Average Dwell Time: An Invariant Approach Daniel Liberzon Coordinated Science Laboratory University of Illinois at.
Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.

Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
1 An Inheritance-Based Technique for Building Simulation Proofs Incrementally Idit Keidar, Roger Khazan, Nancy Lynch, Alex Shvartsman MIT Lab for Computer.

1 An Inheritance-Based Technique for Building Simulation Proofs Incrementally Idit Keidar, Roger Khazan, Nancy Lynch, Alex Shvartsman MIT Lab for Computer.
Temporal Logic of Actions (TLA) Leslie Lamport

Temporal Logic of Actions (TLA) Leslie Lamport
Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.

Transaction Ordering Verification using Trace Inclusion Refinement Mike Jones 11 January 2000.

Similar presentations

Ads by Google