Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 IOA: Mathematical Models  Distributed Programs Nancy Lynch November 15, 2000 Collaborators: Steve Garland, Josh Tauber, Anna Chefter, Antonio Ramirez,

Published byHester Francis Modified over 9 years ago

Similar presentations

Presentation on theme: "1 IOA: Mathematical Models  Distributed Programs Nancy Lynch November 15, 2000 Collaborators: Steve Garland, Josh Tauber, Anna Chefter, Antonio Ramirez,"— Presentation transcript:

1 1 IOA: Mathematical Models  Distributed Programs Nancy Lynch November 15, 2000 Collaborators: Steve Garland, Josh Tauber, Anna Chefter, Antonio Ramirez, Michael Tsai, Chris Luhrs, Rui Fan, Laura Dean, Andrej Bogdanov I O A

2 2 What we want to do: See how abstract I/O automaton models of distributed algorithms and services could be used in producing and maintaining actual distributed programs.

3 3 Why use models? Models let you: –Build very complex things and get them right –Change things and understand the consequences –Explain clearly how things work Other engineering disciplines use them

4 4 But why I/O automaton models? Very simple mathematical basis for describing structure + behavior of systems of interacting components Already used for: –Distributed algorithms, impossibility results –System case studies: Group communication services (Orca, Transis, Ensemble,…) Communication protocols (TCP, T/TCP,…) Hybrid (continuous/discrete) systems (TCAS,…)...

5 5 What are I/O automata? Nondeterministic state machines Infinite state Input/output/internal actions Transitions, executions, traces Supports modularity: –Composition –Levels of abstraction Math model, language-independent

6 6 Model service specs, distributed algorithms Refine, from high level global service spec to detailed distributed algorithm Make models as nondeterministic as possible Prove correctness, using invariants, simulation relations, composition Using I/O automata

7 7 TO Broadcast Service Spec Signature: input: broadcast(a,p) output: receive(a,p,q) internal: order(a,p) State: queue, sequence of (a,p), initially empty for each p: pending[p], sequence of a, initially empty next[p], positive integer, initially 1 TO

8 8 TO Broadcast Spec Transitions : broadcast(a,p) Effect: append a to pending[p] order(a,p) Precondition: a is head of pending[p] Effect: remove head of pending[p]; append (a,p) to queue receive(a,p,q) Precondition: queue[next[q]] = (a,p) Effect: next[q] := next[q] + 1

9 9 IOA Language [Garland, Lynch 97] Programming/specification language for defining I/O automata Similar to pseudocode Explicitly describes : –Signature, structured state, precondition/effects –Nondeterministic choice, composition, invariants, levels of abstraction Declarative + imperative For proofs For simulation, code generation I O A

10 10 IOA Tools Front end: Parser, static checker, intermediate Java representation [Garland, Ramirez] Support for: –Composing models [Chefter 98] [Garland, Lynch] –Refining models, from global specification to low-level distributed algorithm model: Step correspondence [Ramirez 00]

11 11 IOA Tools Prototype code generator, for generating distributed code from low-level distributed algorithm models [Tauber, Tsai] Validation tools: –Simulator [Chefter 98] [Ramirez 00] Paired simulation: –Theorem-prover interfaces: PVS [Devillers], Isabelle? LP? NuPRL? [Nolte] –Automatic?

12 12 Code Generator Start from node models + channel models Implementing node automata: –Generate code (Java, C++) automatically –Use library of hand-written data type implementations Implementing channel automata: –Use real communication service (TCP, MPI) –Abstract channels

13 13 Abstract Channels Model with nodes and abstract channels (e.g., FIFO queue): Algorithm that implements abstract channel in terms of real channel (model):

14 14 Abstract Channels Generate Code

15 15 Modeling Projects Distributed spanning tree algorithms [Luhrs, Nolte] Distributed replicated data management algorithms: Lamport state machines; Attiya, Bar-Noy, Dolev, … [Dean, Karlovich, Rosen] Future: –Practical communication protocols, services –Interacting Java objects

Download ppt "1 IOA: Mathematical Models  Distributed Programs Nancy Lynch November 15, 2000 Collaborators: Steve Garland, Josh Tauber, Anna Chefter, Antonio Ramirez,"

Similar presentations

Formal Methods in Software Engineering

Formal Methods in Software Engineering
Semantics Static semantics Dynamic semantics attribute grammars

Semantics Static semantics Dynamic semantics attribute grammars
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Lecture 8: Asynchronous Network Algorithms

Lecture 8: Asynchronous Network Algorithms
2011.07.21 - Presenter: PCLee VLSI Design, Automatic and Test, 2005. (VLSI-TSA-DAT).

Presenter: PCLee VLSI Design, Automatic and Test, (VLSI-TSA-DAT).
Termination Detection of Diffusing Computations Chapter 19 Distributed Algorithms by Nancy Lynch Presented by Jamie Payton Oct. 3, 2003.

Termination Detection of Diffusing Computations Chapter 19 Distributed Algorithms by Nancy Lynch Presented by Jamie Payton Oct. 3, 2003.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Modeling and Analyzing Security Protocols using I/O Automata Nancy Lynch, MIT CSAIL DIMACS Security Workshop June 7, 2004.

Modeling and Analyzing Security Protocols using I/O Automata Nancy Lynch, MIT CSAIL DIMACS Security Workshop June 7, 2004.
1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.

1 Semantic Description of Programming languages. 2 Static versus Dynamic Semantics n Static Semantics represents legal forms of programs that cannot be.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
10.6.2008 Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.

Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.
1 Linear Bounded Automata LBAs. 2 Linear Bounded Automata are like Turing Machines with a restriction: The working space of the tape is the space of the.

1 Linear Bounded Automata LBAs. 2 Linear Bounded Automata are like Turing Machines with a restriction: The working space of the tape is the space of the.
Component-Level Design

Component-Level Design
An Introduction to Input/Output Automata Qihua Wang.

An Introduction to Input/Output Automata Qihua Wang.
Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.

Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.
Conformance Simulation Relation ( ) Let and be two automata over the same alphabet simulates () if there exists a simulation relation such that Note that.

Conformance Simulation Relation ( ) Let and be two automata over the same alphabet simulates () if there exists a simulation relation such that Note that.
1 An Inheritance-Based Technique for Building Simulation Proofs Incrementally Idit Keidar, Roger Khazan, Nancy Lynch, Alex Shvartsman MIT Lab for Computer.

1 An Inheritance-Based Technique for Building Simulation Proofs Incrementally Idit Keidar, Roger Khazan, Nancy Lynch, Alex Shvartsman MIT Lab for Computer.
Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.

Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.
System-Level Types for Component-Based Design Paper by: Edward A. Lee and Yuhong Xiong Presentation by: Dan Patterson.

System-Level Types for Component-Based Design Paper by: Edward A. Lee and Yuhong Xiong Presentation by: Dan Patterson.

Similar presentations

Ads by Google