SIMULATING I/O AUTOMATA. TRACE PROPERTIES
|
|
- Sydney Brendan Green
- 5 years ago
- Views:
Transcription
1 SIMULATING I/O AUTOMATA. TRACE PROPERTIES Cristian Gavrilă and Ioan Jurca University Politehnica of Timişoara Computer Science Department Abstract I/O automaton is a mathematical model used for synchronous distributed algorithms. I/O automaton is a state machine with very little structure, and with labeled transitions. IOA language was developed for this automata. This article presents the building of a simulator for I/O automata described in a dialect of this language. The use of the simulator is to generate traces of the automata, so that we can verify some of them properties. Key words: algorithm, distributed systems, simulation. 1. Introduction Distributed algorithms are a subclass of concurrent algorithms. Originally, the term was used to refer to algorithms that were designed to run on many processors situated in wide geographical areas. But now the term includes algorithms that run on local networks and algorithms for shared memory multiprocessors. Some attributes of distributed algorithms are: the interprocess communication (IPC) method; the timing model; the failure model; the problem addressed. The distributed algorithms have a higher degree of uncertainty and more independence of activities compared with traditional concurrent algorithms. Generally we have an unknown number of processors, unknown network topology, independent inputs at different locations, several programs executing at once, starting at different times, and operating at different speeds. We also have uncertain message delivery times, and unknown message ordering with possible failures. For a distributed algorithm we do not try to understand everything about its behavior, but we try to understand certain selected properties of its behavior.
2 2. I/O automaton model I/O automaton [2, 3] is a mathematical model for the description of concurrent asynchronous systems. It facilitates a precise description of the interaction among components, and it is used to reason about the system behavior. I/O automata can be composed into more complex automata representing concurrent systems. An I/O automaton is a state machine with labeled transitions associated with actions. There are three classes of actions: input actions not under the control of the automaton; output actions; internal actions. A signature S is a triple consisting of the previus sets of actions. We define acts(s) to be all the actions of S. An I/O automaton,a, has five components: sig(a) signature of A; states(a) states set; start(a) starting states set, which is a nonempty subset of states(a); trans(a) ternary relation: trans(a) states(a) acts(sig(a)) states(a). For every state s and every input action π, there is a transition (s;π;s 0 ) 2 trans(a); tasks(a) a task partition: an equivalence relation on local(sig(a)) with at most countably many equivalence classes. An execution fragment is a finite or an infinite sequence of alternating states and actions. An execution fragment beginning with a start state is called an execution. A state is said to be reachable ina if it is the final state of a finite execution ofa. Often we are interested in observing only the external behavior of an I/O automaton. Thus, the trace of an execution α ofa: trace(α) is the subsequence of α consisting of all external actions (input and output actions). In distributed systems we are interested only in the executions of the composed automaton where all components get fair turns to perform steps. The notion of fairness means that each task gets infinitely many opportunities to perform one of its actions. An execution fragment α is said to be fair if none of the tasks C 2 tasks(a) are enabled in the final state of α. A trace is fair if it belongs to a fair execution. I/O automata are used not only for a more precise description of the distributed asynchronous systems, but also to formulate and prove properties of system behavior. We can consider an I/O automaton as a black box, and we can see only the automaton traces. Some properties of I/O automata are naturally formulated like trace properties or fair trace properties. A trace propertyp consists of the following: sig(p) a signature containing no internal actions; traces(p) a set of finite or infinite sequences of actions in acts(sig(p)).
3 A trace property specifies an external interface and a set of sequences observed at that interface. Any external behavior that can be produced by the automaton A is admitted by the propertyp. We say that a trace propertyp is a trace safety property if it satisfies the following conditions: 1. traces(p) 6= /0 2. traces(p) is prefix-closed: β 2 traces(p) β 0 β 00 = β ) β 0 2 traces(p) 3. traces(p) is limit-closed: β 1 ;β 2 ; : : : with β i prefix for β i+1 ) the unique sequence β that is the limit of the β i, is in traces(p). A safety property is often interpreted as saying that some particular bad thing never happens. A trace property P is a trace liveness property provided that every finite sequence over acts(p) has some extension in traces(p). This is often informally understood as saying that some particular good thing eventually happens. 3. IOA language IOA language [1, 4] was developed for defining I/O automata and stating their properties. IOA provides simple abstract descriptions of distributed systems, invariants, and simulation relations. An IOA specification contains different kinds of units: type definitions, used to represent state components or indices for automata; automaton definitions; assertions about automata, e.g., invariant and simulation relations. When we define a primitive automaton, we have to describe its signature, states, transitions, and a task partition (optional). Input transitions will be described just by their effect, and local transitions (internal and output transitions) will be described by their precondition and effect. Preconditions and effects are program fragments, usually described in Larch language. In this article we consider preconditions and effects as C++ code. The following example describes in IOA language an automaton for a FIFO reliable channel: Automaton C Signature Input Send0 Input Send1 Output Receive0
4 Output Receive1 States Queue : Seq Transitions Input Send0 Eff Queue.Add(0); Input Send1 Eff Queue.Add(1); Output Receive0 Pre (0 == Queue.Top()); Eff Queue.Pop(); Output Receive1 Pre (1 == Queue.Top()); Eff Queue.Pop(); 4. Code generator The code generator reads an I/O automaton description in IOA language and produces the code of a simulator for the automaton, in C++. The code generator is structured in three important parts: lexical analyzer; syntactic analyzer; simulator generator. Lexical and syntactic analysis was implemented for the whole language, but code generation is presently implemented only for primitive automata with nonparameterized actions. Standard data types of the IOA language were implemented as C++ libraries included in the simulator code. This means that data types can be easily extended or modified. The most important data structure is the symbol table, which is a hash table. Here we have actions, states and identifiers, their name and type, with an optional associated value (initial state), pointers to elements of the same kind (list of states, list of actions). 5. Simulation The simulator will read a file describing the input actions, and will generate a fair trace of execution of the automaton. The simulator is composed of two important components: the I/O automaton described as a C++ object; a simulation kernel for the automaton. For the automaton described in section 3, the definition of the object for the generated simulator is:
5 class c public: void effsend0(void); void effsend1(void); int prereceive0(void); void effreceive0(void); int prereceive1(void); void effreceive1(void); private: seq queue; public: c(void) ; Preconditions are described as functions with boolean value, and effects as functions with void type. As noticed, for the input actions we are generating just the precondition functions. In the constructor we give the initial values to the state variables. The simulation kernel will execute four steps at every iteration. 1. Intercepting the input actions: i++; if(i == pos) if(!strcmp("send1", action)) aut.effsend1(); if(!strcmp("send0", action)) aut.effsend0(); if(!feof(in)) fscanf(in, "%d%s", &pos, action); continue; 2. Finding the enabled local actions: for(a = active = 0; a < NR_LOCAL; a++) switch(a) case receive1: actiontable[a] = aut.prereceive1(); if(actiontable[a])
6 active++; break; case receive0: actiontable[a] = aut.prereceive0(); if(actiontable[a]) active++; break; default: printf("unknown action.\n"); exit(1); 3. Selecting an enabled action for execution: todo = random() % active; a = 0; while(todo!actiontable[a]) if(actiontable[a]) todo--; a++; 4. Executing the selected action: switch(a) case receive1: aut.effreceive1(); break; case receive0: aut.effreceive0(); break; default: printf("unknown action.\n"); exit(1); When there is no local action enabled, we finish a finite fair execution. 6. Trace properties The traces generated by the simulator have some specific properties. For verifying a trace property we should prove that all the traces of the automaton verify that property. For proving that a trace property is not verified, it is enough to find a trace that does not verify that property. Proving that a trace property is not verified is easier than proving that a trace property is verified.
7 For the automaton described in section 3 we can prove that it does not verify the following trace property: After a send action there are an odd number of actions. To prove this we find a fair trace like: send0; receive0; send0; send1; receive0; receive1; send0; receive0 (1) which does not satisfy this property, because after send1 action there are four actions. To prove a property we normally use formal methods. For example the property: The number of send equals the number of receive actions, can be proved with formal methods, but it can not be proved by simulation. By simulation we can achieve only some confidence in the results. 7. Conclusions I/O automaton is a very useful model in studying distributed algorithms, and simulating these models can bring important informations regarding the properties of some distributed algorithms. This simulator is a software tool for the study of asynchronous automata like reliable FIFO channels, reliable channels with messages reordering, channels with failures, process automata, broadcast channels, multicast channels. These automata can be composed, in order to study network asynchronous algorithms like: leader election, building spanning trees, broadcast and convergecast problems, communication protocols [5, 6], etc. The study of algorithms with this simulator is not a complete one, but rather a preliminary one. We can say when a property is not satisfied by an I/O automaton, and we can say when it is worth trying to prove a certain property by mathematical methods, or by other methods except the simulation. The main problems regarding the simulation are: the existence of infinitely long fair traces; the existence of an infinitely set fair traces; the actions parametrized with variables that have too many values.
8 References [1] Stephen J. Garland, Nancy A. Lynch, and Mandana Varizi. IOA: A Language for Specifying, Programming, and Validating Distributed Systems. MIT Laboratory for Computer Science, [2] Nancy Lynch. Distributed Algorithms. Morgan Kaufmann Publishers, San Mateo, CA, [3] Nancy Lynch, Michael Merritt, William Weihl, and Alan Fekete. Atomic Transactions. Morgan Kaufmann Publishers, [4] Nancy A. Lynch and Mark R. Tuttle. An Introduction to Input/Output Automata. CWI Quarterly, 2(3): , [5] Joergen Soegaard-Andersen. Correctness of Protocols in Distributed Systems. PhD thesis, Department of Computer Science, Technical University of Denmark, Lyngby, Denmark, December ID-TR: [6] Butler W.Lampson. Reliable Messages and Connection Establishment. In Sape Mullender, editor, Distributed Systems. ACM Press and Addison-Wesley, chapter 10, pages , 1993.
Laurea in Computer Science (1991) University of Salerno, Italy
Revisiting the Paxos Algorithm by Roberto De Prisco Laurea in Computer Science (1991) University of Salerno, Italy Submitted to the Department of Electrical Engineering and Computer Science in partial
More informationUsing Self-Similarity for Efficient Network Testing
Using Self-Similarity for Efficient Network Testing Constantinos Djouvas, Nancy D. Griffeth, Nancy A. Lynch June 1, 2005 1 Introduction Network testing presents different challenges from software testing.
More informationSimulation of Timed Input/Output Automata
Simulation of Timed Input/Output Automata M.Eng Thesis Proposal Panayiotis P. Mavrommatis December 13, 2005 Abstract This proposal describes the design of the TIOA Simulator, a vital component of the TIOA
More information6.852: Distributed Algorithms Fall, Class 12
6.852: Distributed Algorithms Fall, 2009 Class 12 Today s plan Weak logical time and vector timestamps Consistent global snapshots and stable property detection. Applications: Distributed termination.
More informationImplementing I/O-Automaton Specifications on Erlang
SCIS & ISIS 2010, Dec. 8-12, 2010, Okayama Convention Center, Okayama, Japan Implementing I/O-Automaton Specifications on Erlang Yoshinobu Kawabe and Jun Zhao Department of Information Science Aichi Institute
More informationA Correctness Proof for a Practical Byzantine-Fault-Tolerant Replication Algorithm
Appears as Technical Memo MIT/LCS/TM-590, MIT Laboratory for Computer Science, June 1999 A Correctness Proof for a Practical Byzantine-Fault-Tolerant Replication Algorithm Miguel Castro and Barbara Liskov
More informationA UNITY-based Formalism for Dynamic Distributed Systems
A UNITY-based Formalism for Dynamic Distributed Systems Daniel M. Zimmerman Computer Science 256-80 California Institute of Technology Pasadena, California 91125 USA dmz@cs.caltech.edu Abstract We describe
More informationLecture 1: Introduction to distributed Algorithms
Distributed Algorithms M.Tech., CSE, 2016 Lecture 1: Introduction to distributed Algorithms Faculty: K.R. Chowdhary : Professor of CS Disclaimer: These notes have not been subjected to the usual scrutiny
More informationFormal verification of simulations between I/O automata by Andrej Bogdanov B.S., Massachusetts Institute of Technology (2000) Submitted to the Departm
Formal verification of simulations between I/O automata by Andrej Bogdanov B.S., Massachusetts Institute of Technology (2000) Submitted to the Department of Electrical Engineering and Computer Science
More information6.852 Lecture 17. Atomic objects Reading: Chapter 13 Next lecture: Atomic snapshot, read/write register
6.852 Lecture 17 Atomic objects Reading: Chapter 13 Next lecture: Atomic snapshot, read/write register Shared-memory model Single I/O automaton with locality restrictions doesn't exploit I/O automaton
More informationAn Introduction to Input/Output Automata. Nancy A. Lynch and Mark R. Tuttle. Massachusetts Institute of Technology. Cambridge, Mass.
An Introduction to Input/Output Automata Nancy A. Lynch and Mark R. Tuttle Massachusetts Institute of Technology Cambridge, Mass. 02139 November 18, 1988 1 Introduction The input/output automaton model
More informationModel checking pushdown systems
Model checking pushdown systems R. Ramanujam Institute of Mathematical Sciences, Chennai jam@imsc.res.in Update Meeting, IIT-Guwahati, 4 July 2006 p. 1 Sources of unboundedness Data manipulation: integers,
More informationSpecifying and Verifying External Behaviour of Fair Input/Output Automata by Using the Temporal Logic of Actions
INFORMATICA, 2015, Vol. 26, No. 4, 685 704 685 2015 Vilnius University DOI: http://dx.doi.org/10.15388/informatica.2015.71 Specifying and Verifying External Behaviour of Fair Input/Output Automata by Using
More information1 Introduction Good design, from the highest level down, is fundamental to the success and ecacy of operating systems. The goal of design is to descri
I/O Automaton Model of Operating System Primitives Daniel Yates Nancy Lynch y Victor Luchangco z Margo Seltzer x May 13, 1999 Abstract Current research in the eld of operating systems has been very systems-oriented
More informationSpecifying and Proving Broadcast Properties with TLA
Specifying and Proving Broadcast Properties with TLA William Hipschman Department of Computer Science The University of North Carolina at Chapel Hill Abstract Although group communication is vitally important
More informationA Note on Fairness in I/O Automata. Judi Romijn and Frits Vaandrager CWI. Abstract
A Note on Fairness in I/O Automata Judi Romijn and Frits Vaandrager CWI P.O. Box 94079, 1090 GB Amsterdam, The Netherlands judi@cwi.nl, fritsv@cwi.nl Abstract Notions of weak and strong fairness are studied
More informationDistributed Algorithms 6.046J, Spring, 2015 Part 2. Nancy Lynch
Distributed Algorithms 6.046J, Spring, 2015 Part 2 Nancy Lynch 1 This Week Synchronous distributed algorithms: Leader Election Maximal Independent Set Breadth-First Spanning Trees Shortest Paths Trees
More informationOleg M. Cheiner. Submitted to the Department of Electrical Engineering and Computer Science. August 21, 1997
Implementation and Evaluation of an Eventually-Serializable Data Service by Oleg M. Cheiner Submitted to the Department of Electrical Engineering and Computer Science in Partial Fulfillment of the Requirements
More informationDependences between Critical Sections in Synchronized Memory Models
Dependences between Critical Sections in Synchronized Memory Models Pablo Boronat Departament de Informàtica Universitat Jaume I boronat@inf.uji.es Vicent Cholvi Departament de Informàtica Universitat
More informationC OMMUTATIVITY-BASED LOCKING FOR NESTED TRANSACTIONS
LABORATORY FORASSACHUSETTS COMPUTER LABOATOR SCIENCE FORINSTITUTE 7 TECHNOLOGY OF CMIT/LCS/TM-370 C OMMUTATIVITY-BASED LOCKING FOR NESTED TRANSACTIONS Alan Fekete Nancy Lynch Michael Merritt Bill Weihl
More informationTotal No. of Questions : 18] [Total No. of Pages : 02. M.Sc. DEGREE EXAMINATION, DEC First Year COMPUTER SCIENCE.
(DMCS01) Total No. of Questions : 18] [Total No. of Pages : 02 M.Sc. DEGREE EXAMINATION, DEC. 2016 First Year COMPUTER SCIENCE Data Structures Time : 3 Hours Maximum Marks : 70 Section - A (3 x 15 = 45)
More information[module 2.2] MODELING CONCURRENT PROGRAM EXECUTION
v1.0 20130407 Programmazione Avanzata e Paradigmi Ingegneria e Scienze Informatiche - UNIBO a.a 2013/2014 Lecturer: Alessandro Ricci [module 2.2] MODELING CONCURRENT PROGRAM EXECUTION 1 SUMMARY Making
More informationFork Sequential Consistency is Blocking
Fork Sequential Consistency is Blocking Christian Cachin Idit Keidar Alexander Shraer May 14, 2008 Abstract We consider an untrusted server storing shared data on behalf of clients. We show that no storage
More informationFork Sequential Consistency is Blocking
Fork Sequential Consistency is Blocking Christian Cachin Idit Keidar Alexander Shraer Novembe4, 008 Abstract We consider an untrusted server storing shared data on behalf of clients. We show that no storage
More informationDistributed Algorithms 6.046J, Spring, Nancy Lynch
Distributed Algorithms 6.046J, Spring, 205 Nancy Lynch What are Distributed Algorithms? Algorithms that run on networked processors, or on multiprocessors that share memory. They solve many kinds of problems:
More informationA Theory of Atomic Transactions. Nancy Lynch, M.I.T. Michael Merritt, AT&T Bell Labs William Weihl, M.I.T. Alan Fekete, M.I.T.
A Theory of Atomic Transactions Nancy Lynch, M.I.T. Michael Merritt, AT&T Bell Labs William Weihl, M.I.T. Alan Fekete, M.I.T. Abstract: This paper describes some results of a recent project to develop
More informationA Case Study of Agreement Problems in Distributed Systems : Non-Blocking Atomic Commitment
A Case Study of Agreement Problems in Distributed Systems : Non-Blocking Atomic Commitment Michel RAYNAL IRISA, Campus de Beaulieu 35042 Rennes Cedex (France) raynal @irisa.fr Abstract This paper considers
More informationT Reactive Systems: Kripke Structures and Automata
Tik-79.186 Reactive Systems 1 T-79.186 Reactive Systems: Kripke Structures and Automata Spring 2005, Lecture 3 January 31, 2005 Tik-79.186 Reactive Systems 2 Properties of systems invariants: the system
More informationDistributed Systems. coordination Johan Montelius ID2201. Distributed Systems ID2201
Distributed Systems ID2201 coordination Johan Montelius 1 Coordination Coordinating several threads in one node is a problem, coordination in a network is of course worse: failure of nodes and networks
More informationVerifying Distributed Algorithms via Dynamic Analysis and Theorem Proving
Verifying Distributed Algorithms via Dynamic Analysis and Theorem Proving Toh Ne Win and Michael Ernst Technical report MIT-LCS-TR-841 May 25, 2002 MIT Lab for Computer Science 200 Technology Square Cambridge,
More informationLTL Reasoning: How It Works
Distributed Systems rogramming F21DS1 LTL Reasoning: How It Works Andrew Ireland School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Distributed Systems rogramming F21DS1 2 Overview
More informationTimo Latvala. January 28, 2004
Reactive Systems: Kripke Structures and Automata Timo Latvala January 28, 2004 Reactive Systems: Kripke Structures and Automata 3-1 Properties of systems invariants: the system never reaches a bad state
More informationOn the Definition of Sequential Consistency
On the Definition of Sequential Consistency Ali Sezgin Ganesh Gopalakrishnan Abstract The definition of sequential consistency is compared with an intuitive notion of correctness. A relation between what
More informationA Type System for Object Initialization In the Java TM Bytecode Language
Electronic Notes in Theoretical Computer Science 10 (1998) URL: http://www.elsevier.nl/locate/entcs/volume10.html 7 pages A Type System for Object Initialization In the Java TM Bytecode Language Stephen
More informationConcurrent Objects and Linearizability
Chapter 3 Concurrent Objects and Linearizability 3.1 Specifying Objects An object in languages such as Java and C++ is a container for data. Each object provides a set of methods that are the only way
More informationAsynchronous Models. Chapter Asynchronous Processes States, Inputs, and Outputs
Chapter 3 Asynchronous Models 3.1 Asynchronous Processes Like a synchronous reactive component, an asynchronous process interacts with other processes via inputs and outputs, and maintains an internal
More informationThread Synchronization: Foundations. Properties. Safety properties. Edsger s perspective. Nothing bad happens
Edsger s perspective Testing can only prove the presence of bugs Thread Synchronization: Foundations Properties Property: a predicate that is evaluated over a run of the program (a trace) every message
More informationThe SPIN Model Checker
The SPIN Model Checker Metodi di Verifica del Software Andrea Corradini Lezione 1 2013 Slides liberamente adattate da Logic Model Checking, per gentile concessione di Gerard J. Holzmann http://spinroot.com/spin/doc/course/
More informationLeveraging DTrace for runtime verification
Leveraging DTrace for runtime verification Carl Martin Rosenberg June 7th, 2016 Department of Informatics, University of Oslo Context: Runtime verification Desired properties System Every request gets
More information6.852 Lecture 10. Minimum spanning tree. Reading: Chapter 15.5, Gallager-Humblet-Spira paper. Gallager-Humblet-Spira algorithm
6.852 Lecture 10 Gallager-Humblet-Spira algorithm Reading: Chapter 15.5, Gallager-Humblet-Spira paper Assume undirected graph (i.e., bidirectional communication) distinct edge weights size and diameter
More informationAutomatic synthesis of switching controllers for linear hybrid systems: Reachability control
Automatic synthesis of switching controllers for linear hybrid systems: Reachability control Massimo Benerecetti and Marco Faella Università di Napoli Federico II, Italy Abstract. We consider the problem
More informationAnalyzing Security Protocols using Probabilistic I/O Automata
Analyzing Security Protocols using Probabilistic I/O Automata Nancy Lynch MIT, EECS, CSAIL Workshop on Discrete Event Systems (Wodes 06) Ann Arbor, Michigan July 11, 2006 1 References Authors: Ran Canetti,
More informationAuthor... Department of Electrical Engineering and Computer Science February 4, 1994
Automatic Verification of the Timing Properties of MMT Automata by Ekrem Sezer S6ylemez Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements
More informationDistributed Systems Programming (F21DS1) SPIN: Formal Analysis II
Distributed Systems Programming (F21DS1) SPIN: Formal Analysis II Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Introduce
More informationAP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS
AP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS PAUL L. BAILEY Abstract. This documents amalgamates various descriptions found on the internet, mostly from Oracle or Wikipedia. Very little of this
More informationCOMP 763. Eugene Syriani. Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science. McGill University
Eugene Syriani Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science McGill University 1 OVERVIEW In the context In Theory: Timed Automata The language: Definitions and Semantics
More informationAn Algorithm for an Intermittently Atomic Data Service Based on Group Communication
An Algorithm for an Intermittently Atomic Data Service Based on Group Communication Roger Khazan and Nancy Lynch rkh_@mit.edu, lynch@lcs.mit.edu I. INTRODUCTION Group communication provides a convenient
More informationOverview. Probabilistic Programming. Dijkstra s guarded command language: Syntax. Elementary pgcl ingredients. Lecture #4: Probabilistic GCL
Overview Lecture #4: Probabilistic GCL 1 Joost-Pieter Katoen 2 3 Recursion RWTH Lecture Series on 2018 Joost-Pieter Katoen 1/31 Joost-Pieter Katoen 2/31 Dijkstra s guarded command language: Syntax Elementary
More informationClock General Timed Automaton (Clock GTA) model. The Clock GTA. is based on the General Timed Automaton (GTA) of Lynch and Vaandrager.
Revisiting the Paxos algorithm Roberto De Prisco?, Butler Lampson, Nancy Lynch MIT Laboratory for Computer Science 545 Technology Square NE43, Cambridge, MA 02139, USA. Abstract. This paper develops a
More informationVerification of a Leader Election Protocol. M.C.A. Devillers, W.O.D. Griffioen, J.M.T. Romijn, F.W. Vaandrager. Computing Science Institute/
Verification of a Leader Election Protocol M.C.A. Devillers, W.O.D. Griffioen, J.M.T. Romijn, F.W. Vaandrager Computing Science Institute/ CSI-R9728 December 1997 Computing Science Institute Nijmegen Faculty
More informationSynchronization SPL/2010 SPL/20 1
Synchronization 1 Overview synchronization mechanisms in modern RTEs concurrency issues places where synchronization is needed structural ways (design patterns) for exclusive access 2 Overview synchronization
More informationModel Checking Revision: Model Checking for Infinite Systems Revision: Traffic Light Controller (TLC) Revision: 1.12
Model Checking mc Revision:.2 Model Checking for Infinite Systems mc 2 Revision:.2 check algorithmically temporal / sequential properties fixpoint algorithms with symbolic representations: systems are
More informationFormal Definition of Computation. Formal Definition of Computation p.1/28
Formal Definition of Computation Formal Definition of Computation p.1/28 Computation model The model of computation considered so far is the work performed by a finite automaton Formal Definition of Computation
More informationDesign and Analysis of Distributed Interacting Systems
Design and Analysis of Distributed Interacting Systems Lecture 5 Linear Temporal Logic (cont.) Prof. Dr. Joel Greenyer May 2, 2013 (Last Time:) LTL Semantics (Informally) LTL Formulae are interpreted on
More informationVerifying Concurrent Data Structures by Simulation
Electronic Notes in Theoretical Computer Science 137 (2005) 93 110 www.elsevier.com/locate/entcs Verifying Concurrent Data Structures by Simulation Robert Colvin 1,2 Simon Doherty 3 Lindsay Groves 4 School
More informationMIT Specifying Languages with Regular Expressions and Context-Free Grammars
MIT 6.035 Specifying Languages with Regular essions and Context-Free Grammars Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology Language Definition Problem How to precisely
More informationLOGIC AND DISCRETE MATHEMATICS
LOGIC AND DISCRETE MATHEMATICS A Computer Science Perspective WINFRIED KARL GRASSMANN Department of Computer Science University of Saskatchewan JEAN-PAUL TREMBLAY Department of Computer Science University
More informationPromela and SPIN. Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH. Promela and SPIN
Promela and SPIN Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH Promela and SPIN Promela (Protocol Meta Language): Language for modelling discrete, event-driven
More informationThread Safety. Review. Today o Confinement o Threadsafe datatypes Required reading. Concurrency Wrapper Collections
Thread Safety Today o Confinement o Threadsafe datatypes Required reading Concurrency Wrapper Collections Optional reading The material in this lecture and the next lecture is inspired by an excellent
More informationReasoning about programs
Reasoning about programs Last time Coming up This Thursday, Nov 30: 4 th in-class exercise sign up for group on moodle bring laptop to class Final projects: final project presentations: Tue Dec 12, in
More informationModeling and Verification for the Micropayment Protocol Netpay
Modeling and Verification for the Micropayment Protocol Netpay Kaylash Chaudhary, and Ansgar Fehnker Abstract There are many virtual payment systems available to conduct micropayments. It is essential
More information2 Review of Set Theory
2 Review of Set Theory Example 2.1. Let Ω = {1, 2, 3, 4, 5, 6} 2.2. Venn diagram is very useful in set theory. It is often used to portray relationships between sets. Many identities can be read out simply
More informationLast time. Reasoning about programs. Coming up. Project Final Presentations. This Thursday, Nov 30: 4 th in-class exercise
Last time Reasoning about programs Coming up This Thursday, Nov 30: 4 th in-class exercise sign up for group on moodle bring laptop to class Final projects: final project presentations: Tue Dec 12, in
More informationLogic Model Checking
Logic Model Checking Lecture Notes 17:18 Caltech 101b.2 January-March 2005 Course Text: The Spin Model Checker: Primer and Reference Manual Addison-Wesley 2003, ISBN 0-321-22862-6, 608 pgs. checking omega
More informationIntermediate Code Generation
Intermediate Code Generation In the analysis-synthesis model of a compiler, the front end analyzes a source program and creates an intermediate representation, from which the back end generates target
More informationDISTRIBUTED ALGORITHM SIMULATION USING INPUT/OUTPUT AUTOMATA
LABORATORY FOR COMPUTER SCIENCE L MASSACHUSETTS INSTITTE OF TECHNOLOGY MIT/LCS/TR-490 DISTRIBUTED ALGORITHM SIMULATION USING INPUT/OUTPUT AUTOMATA Kenneth J. Goldman September 1990. 545 T'E;CIINOIA)GY
More information6.852: Distributed Algorithms Fall, Instructor: Nancy Lynch TAs: Cameron Musco, Katerina Sotiraki Course Secretary: Joanne Hanley
6.852: Distributed Algorithms Fall, 2015 Instructor: Nancy Lynch TAs: Cameron Musco, Katerina Sotiraki Course Secretary: Joanne Hanley What are Distributed Algorithms? Algorithms that run on networked
More informationVerification of a Concurrent Deque Implementation
Verification of a Concurrent Deque Implementation Robert D. Blumofe C. Greg Plaxton Sandip Ray Department of Computer Science, University of Texas at Austin rdb, plaxton, sandip @cs.utexas.edu June 1999
More informationByzantine Consensus in Directed Graphs
Byzantine Consensus in Directed Graphs Lewis Tseng 1,3, and Nitin Vaidya 2,3 1 Department of Computer Science, 2 Department of Electrical and Computer Engineering, and 3 Coordinated Science Laboratory
More informationMA651 Topology. Lecture 4. Topological spaces 2
MA651 Topology. Lecture 4. Topological spaces 2 This text is based on the following books: Linear Algebra and Analysis by Marc Zamansky Topology by James Dugundgji Fundamental concepts of topology by Peter
More informationFormal Methods for Software Development
Formal Methods for Software Development Model Checking with Temporal Logic Wolfgang Ahrendt 21st September 2018 FMSD: Model Checking with Temporal Logic /GU 180921 1 / 37 Model Checking Check whether a
More information4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271
Mel Checking LTL Property System Mel Mel Checking CS 4271 Mel Checking OR Abhik Roychoudhury http://www.comp.nus.edu.sg/~abhik Yes No, with Counter-example trace 2 Recap: Mel Checking for mel-based testing
More informationComputer Lab 1: Model Checking and Logic Synthesis using Spin (lab)
Computer Lab 1: Model Checking and Logic Synthesis using Spin (lab) Richard M. Murray Nok Wongpiromsarn Ufuk Topcu Calornia Institute of Technology AFRL, 25 April 2012 Outline Spin model checker: modeling
More informationA Deterministic Concurrent Language for Embedded Systems
A Deterministic Concurrent Language for Embedded Systems Stephen A. Edwards Columbia University Joint work with Olivier Tardieu SHIM:A Deterministic Concurrent Language for Embedded Systems p. 1/30 Definition
More informationCS 512, Spring 2017: Take-Home End-of-Term Examination
CS 512, Spring 2017: Take-Home End-of-Term Examination Out: Tuesday, 9 May 2017, 12:00 noon Due: Wednesday, 10 May 2017, by 11:59 am Turn in your solutions electronically, as a single PDF file, by placing
More informationFAdo: Interactive Tools for Learning Formal Computational Models
FAdo: Interactive Tools for Learning Formal Computational Models Rogério Reis Nelma Moreira DCC-FC& LIACC, Universidade do Porto R. do Campo Alegre 823, 4150 Porto, Portugal {rvr,nam}@ncc.up.pt Abstract
More informationA General Characterization of Indulgence
A General Characterization of Indulgence R. Guerraoui 1,2 N. Lynch 2 (1) School of Computer and Communication Sciences, EPFL (2) Computer Science and Artificial Intelligence Laboratory, MIT Abstract. An
More informationProgram verification. Generalities about software Verification Model Checking. September 20, 2016
Program verification Generalities about software Verification Model Checking Laure Gonnord David Monniaux September 20, 2016 1 / 43 The teaching staff Laure Gonnord, associate professor, LIP laboratory,
More informationComputational Models for Concurrent Streaming Applications
2 Computational Models for Concurrent Streaming Applications The challenges of today Twan Basten Based on joint work with Marc Geilen, Sander Stuijk, and many others Department of Electrical Engineering
More informationProving the Correctness of Distributed Algorithms using TLA
Proving the Correctness of Distributed Algorithms using TLA Khushboo Kanjani, khush@cs.tamu.edu, Texas A & M University 11 May 2007 Abstract This work is a summary of the Temporal Logic of Actions(TLA)
More informationCIS 1.5 Course Objectives. a. Understand the concept of a program (i.e., a computer following a series of instructions)
By the end of this course, students should CIS 1.5 Course Objectives a. Understand the concept of a program (i.e., a computer following a series of instructions) b. Understand the concept of a variable
More informationA Deterministic Concurrent Language for Embedded Systems
A Deterministic Concurrent Language for Embedded Systems Stephen A. Edwards Columbia University Joint work with Olivier Tardieu SHIM:A Deterministic Concurrent Language for Embedded Systems p. 1/38 Definition
More informationCantor s Diagonal Argument for Different Levels of Infinity
JANUARY 2015 1 Cantor s Diagonal Argument for Different Levels of Infinity Michael J. Neely University of Southern California http://www-bcf.usc.edu/ mjneely Abstract These notes develop the classic Cantor
More informationDISCRETE MATHEMATICS
DISCRETE MATHEMATICS WITH APPLICATIONS THIRD EDITION SUSANNA S. EPP DePaul University THOIVISON * BROOKS/COLE Australia Canada Mexico Singapore Spain United Kingdom United States CONTENTS Chapter 1 The
More informationMIT Specifying Languages with Regular Expressions and Context-Free Grammars. Martin Rinard Massachusetts Institute of Technology
MIT 6.035 Specifying Languages with Regular essions and Context-Free Grammars Martin Rinard Massachusetts Institute of Technology Language Definition Problem How to precisely define language Layered structure
More informationEECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization
EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Dataflow Lecture: SDF, Kahn Process Networks Stavros Tripakis University of California, Berkeley Stavros Tripakis: EECS
More informationOverview. Discrete Event Systems - Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?
Computer Engineering and Networks Overview Discrete Event Systems - Verification of Finite Automata Lothar Thiele Introduction Binary Decision Diagrams Representation of Boolean Functions Comparing two
More informationCounting multiplicity over infinite alphabets
Counting multiplicity over infinite alphabets Amal Dev Manuel and R. Ramanujam The Institute of Mathematical Sciences, Chennai, India {amal,jam}@imsc.res.in Summary Motivation for infinite data. We need
More informationFormal Languages and Compilers Lecture I: Introduction to Compilers
Formal Languages and Compilers Lecture I: Introduction to Compilers Free University of Bozen-Bolzano Faculty of Computer Science POS Building, Room: 2.03 artale@inf.unibz.it http://www.inf.unibz.it/ artale/
More informationRevisiting the PAXOS algorithm
Theoretical Computer Science 243 (2000) 35 91 www.elsevier.com/locate/tcs Fundamental Study Revisiting the PAXOS algorithm Roberto De Prisco a;, Butler Lampson b, Nancy Lynch a a MIT Laboratory for Computer
More informationtempo2hsal: Converting Tempo Models into HybridSal Tool Description
tempo2hsal: Converting Tempo Models into HybridSal Tool Description Ashish Tiwari Bruno Dutertre Computer Science Laboratory SRI International Menlo Park CA 94025 USA Report submitted under Honeywell subcontract
More informationFORMAL METHODS IN NETWORKING COMPUTER SCIENCE 598D, SPRING 2010 PRINCETON UNIVERSITY LIGHTWEIGHT MODELING IN PROMELA/SPIN AND ALLOY
FORMAL METHODS IN NETWORKING COMPUTER SCIENCE 598D, SPRING 2010 PRINCETON UNIVERSITY LIGHTWEIGHT MODELING IN PROMELA/SPIN AND ALLOY Pamela Zave AT&T Laboratories Research Florham Park, New Jersey, USA
More informationUsing mappings to prove timing properties*
Distrib Comput (1992) 6:121-139 9 Springer-Verlag 1992 Using mappings to prove timing properties* Nancy A. Lynch 1 and Hagit Attiya a 1 Laboratory for Computer Science, MIT, 545 Technology Square, Cambridge,
More informationA Delay-Optimal Group Mutual Exclusion Algorithm for a Tree Network
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 24, 573-583 (2008) Short Paper A Delay-Optimal Group Mutual Exclusion Algorithm for a Tree Network VINAY MADENUR AND NEERAJ MITTAL + Internet Services Qualcomm,
More informationCover Page. The handle holds various files of this Leiden University dissertation
Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue
More informationThe alternator. Mohamed G. Gouda F. Furman Haddix
Distrib. Comput. (2007) 20:21 28 DOI 10.1007/s00446-007-0033-1 The alternator Mohamed G. Gouda F. Furman Haddix Received: 28 August 1999 / Accepted: 5 July 2000 / Published online: 12 June 2007 Springer-Verlag
More informationA Virtually Synchronous Group Multicast Algorithm for WANs: Formal Approach
A Virtually Synchronous Group Multicast Algorithm for WANs: Formal Approach Idit Keidar Roger Khazan Massachusetts Institute of Technology Lab for Computer Science 545 Technology Square, Cambridge, MA
More informationThe Timed Asynchronous Distributed System Model By Flaviu Cristian and Christof Fetzer
The Timed Asynchronous Distributed System Model By Flaviu Cristian and Christof Fetzer - proposes a formal definition for the timed asynchronous distributed system model - presents measurements of process
More informationChapter 1 Game Theoretic Approaches to Attack Surface Shifting
Chapter 1 Game Theoretic Approaches to Attack Surface Shifting Pratyusa K. Manadhata Abstract A software system s attack surface is the set of ways in which the system can be attacked. In our prior work,
More informationLectures 20, 21: Axiomatic Semantics
Lectures 20, 21: Axiomatic Semantics Polyvios Pratikakis Computer Science Department, University of Crete Type Systems and Static Analysis Based on slides by George Necula Pratikakis (CSD) Axiomatic Semantics
More information