Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Modeling and Analyzing Distributed Systems Using I/O Automata Nancy Lynch, MIT Draper Laboratory, IR&D Kickoff Meeting Aug. 30, 2002.

Published bySherman Long Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Modeling and Analyzing Distributed Systems Using I/O Automata Nancy Lynch, MIT Draper Laboratory, IR&D Kickoff Meeting Aug. 30, 2002."— Presentation transcript:

1 1 Modeling and Analyzing Distributed Systems Using I/O Automata Nancy Lynch, MIT Draper Laboratory, IR&D Kickoff Meeting Aug. 30, 2002

2 2 Modeling using I/O Automata Mathematical, infinite-state, automaton models. Describe states, transitions. Describe system modularity: –Parallel composition of interacting components. –Levels of abstraction. Example: Generic distributed system: –Diagram represents interfaces only. –IOA models also describe behavior. –Abstract models for system components. –Channel: Implemented by TCP, modeled as reliable FIFO queue. –Node: Implemented by C++ or Java program, modeled as simple algorithm automaton.

3 3 Reliable FIFO Channel Model Signature: –Inputs: send(m), m in M –Outputs: receive(m), m in M States: –queue, a finite sequence of elements of M, initially empty Transitions: –send(m) Effect: Add m to end of queue –receive(m) Precondition: m is first on queue Effect: remove first element of queue Channel(M) send(m)receive(m)

4 4 Levels of Abstraction Used in system development by successive refinement. Top level: Specification for allowed behaviors. Can write in same automaton style. Refine through many levels, to code-like, detailed description. Example: Group communication: –Automata used to represent totally-ordered reliable broadcast service, group communication service, and algorithm. –Composition of algorithm and GCS automata implements TO-Bcast automaton. –Continue, implementing GCS in terms of lower-level network. TO-Bcast GCS

5 5 Flavors of I/O Automaton Models Ordinary, basic IOAs deal with: –What happens, in what order (not when). –Discrete events (not continuous behavior). Timing: TIOA –For describing timeout-based algorithms. –Local clocks, clock synchronization. –Timing/performance analysis. Hybrid (continuous/discrete): HIOA –Systems with real world + computer components –Vehicle control: ground, air, space –Embedded systems

6 6 What are these models good for? System documentation/specification –High-level, precise, reasonably easy to understand. Design validation: –Simulation of system behavior –Stating and proving correctness theorems. Manually, or with interactive theorem-provers. –Finite-state exploration, for debugging, for complete analysis of small pieces, small cases, small abstractions. Top-down system development Code validation: –Models as templates for code –Demonstrate consistency between model, code –Generate code automatically from low-level models?

7 7 In the remaining minutes: I/O Automata –What they are (math) –Applications: Distributed algorithms, systems –Tool support: IOA language and toolset Timed I/O Automata –What they are –Applications: Communication, performance analysis Hybrid I/O Automata –What they are –Applications: Safety-critical systems

8 8 I/O Automata (IOA) Static description: –Actions a (input, output, internal) –States s, start states –Transitions (s, a, s'); input actions enabled in all states. Dynamic description: –Execution: s 0 a 1 s 1 a 2 s 2 … –Trace: Sequence of input and output actions; externally visible behavior. –A implements B: traces(A)  traces(B). Operations for building automata: –Parallel composition, identifying inputs and outputs. –Action hiding. Reasoning methods: –Invariant assertions: Property holds in all reachable states. –Simulation relations: Imply one automaton implements another. –Compositional methods

9 9 Example Applications Theoretical distributed algorithms: –Mutual exclusion, Byzantine agreement, atomic object implementation, resource allocation, data management… Distributed systems: –Orca DSM system: Two-layer model, following the implementation. Found, fixed logical error. Proofs. –Transis group communication system: Models for key layers. Proofs. Algorithmic improvements. –Ensemble GC system: Models for key layers. Found, fixed logical error. Proofs. Algorithms for dynamic networks (new): –RAMBO reconfigurable atomic memory algorithm –Dynamic atomic broadcast algorithm

10 10 IOA Language + Toolset Formally-defined programming/modeling language for describing and analyzing systems modelled as I/O automata. Current tools: Simulator, connection to theorem- prover. In progress: Invariant detector, connections to other theorem-provers, automatic code generator. Steve Garland will say more. I O A

11 11 Timed I/O Automata (TIOA) Add special time-passage actions, pass(t), to IOA model. Example: Reliable FIFO channel that always delivers messages within time d. –send(m) Effect: Add (m, now + d) to end of queue –receive(m) Precondition: (m,u) is first on queue (for some u) Effect: remove first element of queue –pass(t) Precondition: for all (m,u) in queue, now + t  u Effect: now := now + t Can use standard automaton-based reasoning methods: –Invariant: for all (m,u) in queue, now  u  now + d. –Inductive proofs.

12 12 Example Applications Theoretical distributed algorithms: –Mutual exclusion, consensus,… Timeout-based communication protocols: –TCP,… Group communication systems: –Using GCS to build TO-Bcast: Conditional performance analysis. –Scalable GCS: Performance analysis. –R AMBO : Performance analysis. Hybrid (continuous/discrete) systems: –Toy examples: RR crossing, steam boiler controller –Stretched TIOA capabilities; motivated HIOA.

13 13 Hybrid I/O Automata (HIOA) TIOA plus facilities for representing continuous behavior. Static description: –States: input, output, internal variables; start states –Actions: input, output, internal –Discrete steps (s, a, s') –Trajectories , mapping time intervals to states Dynamic description: –Execution  0 a 1  1 a 2  2 … –Trace: Project on external variables, external actions. –A implements B if traces(A)  traces(B). Operations: Composition, hiding Reasoning methods: Invariants, simulation relations, compositional methods

14 14 Example Applications Ground transportation: –People-mover (Raytheon) –California PATH automated highway system: Analysis of platoon maneuvers. Aircraft control: –TCAS (Lincoln Labs): Models, proofs. –Quanser helicopter system (MIT Aero/Astro). Spacecraft, …: –ACME

15 15 TCAS model Aircraft Pilot Channel Conflict resolver Conflict detector Sensor Aircraft Conflict detector Conflict resolver Pilot Channel

Download ppt "1 Modeling and Analyzing Distributed Systems Using I/O Automata Nancy Lynch, MIT Draper Laboratory, IR&D Kickoff Meeting Aug. 30, 2002."

Similar presentations

Impossibility of Distributed Consensus with One Faulty Process

Impossibility of Distributed Consensus with One Faulty Process
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Timed Automata.

Timed Automata.
Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.

Verification of Hybrid Systems An Assessment of Current Techniques Holly Bowen.
1 Mechanical Verification of Timed Automata Myla Archer and Constance Heitmeyer Presented by Rasa Bonyadlou 24 October 2002.

1 Mechanical Verification of Timed Automata Myla Archer and Constance Heitmeyer Presented by Rasa Bonyadlou 24 October 2002.
HSCC 03 MIT LCS Safety Verification of Model Helicopter Controller Using Hybrid Input/Output Automata Sayan Mitra MIT Hybrid Systems: Computation and Control.

HSCC 03 MIT LCS Safety Verification of Model Helicopter Controller Using Hybrid Input/Output Automata Sayan Mitra MIT Hybrid Systems: Computation and Control.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Modeling and Analyzing Security Protocols using I/O Automata Nancy Lynch, MIT CSAIL DIMACS Security Workshop June 7, 2004.

Modeling and Analyzing Security Protocols using I/O Automata Nancy Lynch, MIT CSAIL DIMACS Security Workshop June 7, 2004.
Software Requirements Engineering

Software Requirements Engineering
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL Research Qualifying Exam 20 th December.

1 Formal Models for Stability Analysis : Verifying Average Dwell Time * Sayan Mitra MIT,CSAIL Research Qualifying Exam 20 th December.
1 Stability of Hybrid Automata with Average Dwell Time: An Invariant Approach Daniel Liberzon Coordinated Science Laboratory University of Illinois at.

1 Stability of Hybrid Automata with Average Dwell Time: An Invariant Approach Daniel Liberzon Coordinated Science Laboratory University of Illinois at.
Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.

Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000.
Ordering and Consistent Cuts Presented By Biswanath Panda.

Ordering and Consistent Cuts Presented By Biswanath Panda.
An Introduction to Input/Output Automata Qihua Wang.

An Introduction to Input/Output Automata Qihua Wang.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
1 An Inheritance-Based Technique for Building Simulation Proofs Incrementally Idit Keidar, Roger Khazan, Nancy Lynch, Alex Shvartsman MIT Lab for Computer.

1 An Inheritance-Based Technique for Building Simulation Proofs Incrementally Idit Keidar, Roger Khazan, Nancy Lynch, Alex Shvartsman MIT Lab for Computer.
Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 2 – Distributed Systems.

Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 2 – Distributed Systems.

Similar presentations

Ads by Google