Communications Software Engineering Condition Synchronization and Liveness

Similar documents
3C03 Concurrency: Starvation and Deadlocks

C340 Concurrency: Semaphores and Monitors. Goals

CSCI 5828: Foundations of Software Engineering

Monitors & Condition Synchronization

Monitors & Condition Synchronization

COMP30112: Concurrency Topics 4.1: Concurrency Patterns - Monitors

Monitors & Condition Synchronisation

Monitors & Condition Synchronization

CSCI 5828: Foundations of Software Engineering

Lecture 9: Introduction to Monitors

Processes & Threads. Concepts: processes - units of sequential execution.

Chapter 2. Processes & Threads. Concurrency: processes & threads 1. Magee/Kramer

SFDV3006 Concurrent Programming

Shared Objects & Mutual Exclusion

CSCI 5828: Foundations of Software Engineering

Concurrent processes. Processes and Threads. Processes and threads. Going back to Concurrency. Modelling Processes. Modeling processes

Q1. From post-it note. Question asked after Prev. Lecture. thread life-cycle in Java. Q2. Concurrency and parallelism. Definitions

Chapter 6. Deadlock. DM519 Concurrent Programming

5. Liveness and Guarded Methods

Concurrency 6 - Deadlock

G52CON: Concepts of Concurrency

Concurrency: Deadlock 1. Magee/Kramer 2 nd Edition

Chapter 6. Deadlock Concurrency: Deadlock. Magee/Kramer 2 nd Edition

Model Requirements and JAVA Programs MVP 2 1

Deadlock. INF2140 Parallel Programming: Lecture 6. March 07, INF2140 Parallel Programming: Lecture 6 Deadlock

$ Program Verification

Safety & Liveness Properties

Deadlock. Concepts: Models: Practice: Aim: deadlock avoidance - to design systems where deadlock cannot occur. Chapter 6. Deadlock

Lecture 10: Introduction to Semaphores

Contribution:javaMultithreading Multithreading Prof. Dr. Ralf Lämmel Universität Koblenz-Landau Software Languages Team

Concurrency: State Models & Design Patterns

Synchronization. CS 475, Spring 2018 Concurrent & Distributed Systems

Java Monitors. Parallel and Distributed Computing. Department of Computer Science and Engineering (DEI) Instituto Superior Técnico.

Monitors; Software Transactional Memory

7: Interprocess Communication

THE QUEEN S UNIVERSITY OF BELFAST

Dealing with Issues for Interprocess Communication

The Dining Philosophers Problem CMSC 330: Organization of Programming Languages

Monitors; Software Transactional Memory

CMSC 330: Organization of Programming Languages. The Dining Philosophers Problem

Multithreaded Programming Part II. CSE 219 Stony Brook University, Department of Computer Science

Shared Objects & Mutual Exclusion

Reintroduction to Concurrency

Chapter 6: Process Synchronization

Operating Systems. Designed and Presented by Dr. Ayman Elshenawy Elsefy

COMP 150-CCP Concurrent Programming. Lecture 12: Deadlock. Dr. Richard S. Hall

Lesson 6: Process Synchronization

Shared Objects & Mutual Exclusion

Concurrent Programming using Threads

Concurrency and Synchronisation

Week 7. Concurrent Programming: Thread Synchronization. CS 180 Sunil Prabhakar Department of Computer Science Purdue University

CMSC 330: Organization of Programming Languages. Threads Classic Concurrency Problems

Interprocess Communication By: Kaushik Vaghani

Process Management And Synchronization

Concurrency and Synchronisation

Concurrency in Java Prof. Stephen A. Edwards

Learning Outcomes. Concurrency and Synchronisation. Textbook. Concurrency Example. Inter- Thread and Process Communication. Sections & 2.

Summary Semaphores. Passing the Baton any await statement. Synchronisation code not linked to the data

Reminder from last time

Overview. CMSC 330: Organization of Programming Languages. Concurrency. Multiprocessors. Processes vs. Threads. Computation Abstractions

Semaphores. A semaphore is an object that consists of a. methods (e.g., functions): signal and wait. semaphore. method signal. counter.

Answer the first question and two further questions. i. action prefix ( -> ) [3 marks]

Performance Throughput Utilization of system resources

Process Synchronization

CS370 Operating Systems

Operating Systems Antonio Vivace revision 4 Licensed under GPLv3

Synchronization II: EventBarrier, Monitor, and a Semaphore. COMPSCI210 Recitation 4th Mar 2013 Vamsi Thummala

Chapter 5: Process Synchronization. Operating System Concepts 9 th Edition

Concurrency. Chapter 5

Chapter 6 Process Synchronization

Process Synchronization

Chapter 6: Process Synchronization

CHAPTER 6: PROCESS SYNCHRONIZATION

Synchronization Principles

Semaphores. To avoid busy waiting: when a process has to wait, it will be put in a blocked queue of processes waiting for the same event

Semaphores. Semaphores. Semaphore s operations. Semaphores: observations

Chapter 5: Process Synchronization. Operating System Concepts Essentials 2 nd Edition

Chapter 6: Synchronization. Chapter 6: Synchronization. 6.1 Background. Part Three - Process Coordination. Consumer. Producer. 6.

Chapter 7: Process Synchronization!

Roadmap. Readers-Writers Problem. Readers-Writers Problem. Readers-Writers Problem (Cont.) Dining Philosophers Problem.

Deadlock and Monitors. CS439: Principles of Computer Systems September 24, 2018

THREADS & CONCURRENCY

Models of concurrency & synchronization algorithms

Concurrency - Topics. Introduction Introduction to Subprogram-Level Concurrency Semaphores Monitors Message Passing Java Threads

CSE 4/521 Introduction to Operating Systems

Concurrent Programming

Semaphore. Originally called P() and V() wait (S) { while S <= 0 ; // no-op S--; } signal (S) { S++; }

Enforcing Mutual Exclusion Using Monitors

Introduction to Linear-Time Temporal Logic. CSE 814 Introduction to LTL

Concurrency & Parallelism. Threads, Concurrency, and Parallelism. Multicore Processors 11/7/17

CSE 153 Design of Operating Systems

Only one thread can own a specific monitor

IV. Process Synchronisation

Threads. Definitions. Process Creation. Process. Thread Example. Thread. From Volume II

Threads, Concurrency, and Parallelism

Programming Language Concepts: Lecture 11

Need for synchronization: If threads comprise parts of our software systems, then they must communicate.

RACE CONDITIONS AND SYNCHRONIZATION

Multiple Inheritance. Computer object can be viewed as

Concurrency COMS W4115. Prof. Stephen A. Edwards Spring 2002 Columbia University Department of Computer Science

Transcription:

Communications Software Engineering Condition Synchronization and Liveness Wolfgang Emmerich 1 Lecture Overview Concurrency in Programming Languages Mutual Exclusion Condition Synchronization Deadlocks Liveness 2

Threads and OS Processes Process Heap Code Context/ Attributes Stack Stack Stack Context/ Attributes Context/ Attributes Context/ Attributes Thread 1 Thread 2 Thread n OS process provides protected address space. Many threads may execute within space. Each thread: stack & context (saved registers). 3 Threads using Inheritance Thread run() MyThread run() class MyThread extends Thread { public void run() {... Creation of thread: MyThread t=new MyThread(); 4

Threads implementing Interfaces Runnable run() Thread MyRun run() class MyRun implements Runnable { public void run() {... Creation of thread: Thread t=new Thread(new MyRun); 5 Thread Lifecycle Started by start() which invokes run() Terminated when run() returns or explicitly terminated by stop(). A started thread may be running or runnable (waiting to be scheduled) Thread gives up processor using yield(). A thread may be suspended by suspend() If Suspended gets runnable by resume(). sleep() suspends for a given time and then resumes 6

FSP Model of Java Thread Lifecycle THREAD = CREATED, CREATED = ( start -> RUNNING stop -> TERMINATED), RUNNING = ( {suspend,sleep-> NON_RUNNABLE yield -> RUNNABLE {stop, end ->TERMINATED run -> RUNNING), RUNNABLE= ( suspend -> NON_RUNNABLE dispatch -> RUNNING stop -> TERMINATED), NON_RUNNABLE = ( resume ->RUNNABLE stop -> TERMINATED), TERMINATED = STOP. 7 stop LTS of Java Thread Lifecycle start end stop stop suspend sleep run yield 0 1 2 3 4 Key: 0: CREATED 1: TERMINATED 2: RUNNING 3: NON_RUNNABLE 4: RUNNABLE stop resume suspend dispatch 8

Example: CountDown Timer Demo: CountDown FSP of CountDown: COUNTDOWN (N=60) = COUNTDOWN[N], COUNTDOWN[i:0..N] = ( when(i>0) tick->countdown[i-1] when(i==0) beep->stop ). 9 CountDown Timer - Class diagram Applet init() start() stop() Runnable run() Runnable is an interface CountDown start() stop() run() paint() 10

CountDown Timer - Java class import java.awt.*; //windows toolkit import java.applet.*; //applet support public class CountDown extends Applet implements Runnable{ int counter; Thread cd; public void start() { // create thread counter = 60; cd = new Thread(this); cd.start(); public void stop() { cd = null; public void run() { // executed by Thread while (counter>0 && cd!=null) { try{thread.sleep(1000); catch (InterruptedException e){ --counter; repaint(); //update screen public void paint(graphics g) { if (counter>0) g.drawstring(string.valueof(counter),25,75); else g.drawstring( Bang, 10, 50); 11 Concurrent Threads Parallel composition operator Implemented by creation of several new thread objects Example: ThreadDemo Creates two thread objects that execute concurrently 12

FSP Spec of Thread Demo DISPLAY_THREAD = SUSPENDED, SUSPENDED = ( resume->running ), RUNNING = ( rotate->running suspend->suspended ). THREAD_DEMO = (a:display_thread b:display_thread). 13 Class Diagram of ThreadDemo Applet Thread ThreadDemo init() start() stop() destroy() action() 2 2 DisplayThread suspenddisplay() resumedisplay() rotate() run() GraphicCanvas 14

Summary Threads vs. operating system processes Threads through class inheritance / interface implementation Thread lifecycle Concurrent threads by creating new thread objects Class diagrams Next: Java Thread Programming Lab 15 Mutual Exclusion 16

Ornamental Garden Problem Garden open to the public Enter through either one of two turnstiles Computer to count number of visitors Garden East Turnstile Count West Turnstile Each turnstile implemented by a thread 17 Ornamental Garden: Counter class class Counter { int value_=0; public void increment() { int temp = value_; //read Simulate.interrupt(); ++temp; //add1 value_=temp; //write Simulated interrupt calls yield() to force thread switch. 18

Ornamental Garden: Turnstile class class Turnstile extends Thread { Counter people_; Turnstile(Counter c) { people_ = c; public void run() { while(true) people_.increment(); For full implementation see online version 19 Ornamental Garden: Program Counter people_ = new Counter(); Turnstile west_ = new Turnstile(people_); Turnstile east_ = new Turnstile(people_); west_.start(); east_.start(); What will happen? Demo: Ornamental Garden 20

FSP Spec of Ornamental Garden const N = 3 range T = 0..N VAR = VAR[0], VAR[u:T] = (read[u] -> VAR[u] write[v:t]-> VAR[v]). TURNSTILE = ( arrive -> INCREMENT suspend-> resume-> TURNSTILE), INCREMENT = (val.read[x:t] -> val.write[x+1]-> TURNSTILE)+{val.read[T],val.write[T]. GARDEN = (east:turnstile west: TURNSTILE {east,west::val:var )/{stop/east.suspend, stop/west.suspend, start/east.start, start/west.start. LTSA 21 Interference FSP spec supports the following trace: east.arrive east.val.read.0 west.arrive west.val.read.0 east.val.write.1 west.val.write.1 This is an example of a destructive update Destructive updates caused by arbitrary interleaving of read and write actions on shared variables is called interference Avoid interference by making access to critical sections mutually exclusive 22

Critical Section A critical section is a sequence of actions that must be executed by at most one process or thread at a time Can be found by searching for sections of code that access or update variables or objects that are shared by concurrent processes. 23 Modelling Mutual Exclusion A lock can be modelled by: LOCK = (acquire->release->lock). Attaching lock to shared resource (VAR): LOCKVAR = (LOCK VAR ). Critical section acquires/releases lock: INCREMENT = (value.acquire -> val.read[x:t] -> val.write[x+1]-> value.release -> TURNSTILE) +{val.read[t],val.write[t]. 24

Critical Sections in Java Synchronised methods implement mutual exclusion Implicitly locking objects class Counter { int value_=0; public synchronized void increment() { int temp = value_; //read Simulate.interrupt(); ++temp; //add1 value_=temp; //write Demo: Correct Ornamental Garden 25 Synchronised Statements in Java Locks on individual objects: public void run() { while(true) synchronized(people_){ people_.increment(); Less elegant than synchronized methods More efficient than synchronized methods 26

Semaphores and Monitors 27 Semaphores Introduced by Dijkstra in 1968 ADT with counter and waiting list P/Wait/Down: if (counter > 0) counter-- else add caller to waiting list S/Signal/Up: if (threads wait) activate waiting thread else counter++ 28

Semaphores and Mutual Exclusion One semaphore for each critical section Initialize semaphore to 1. Embed critical sections in wait/signal pair Example in Java: Semaphore S=new Semaphore(1); S.down(); <critical section> S.up(); Demo: Semaphores 29 Evaluation of Semaphores + Nice and simple mechanism + Can be efficiently implemented + Available in every programming language Too low level of abstraction Unstructured use of signal and wait leads to spaghetti synchronisation Error prone and errors are dangerous Omitting signal leads to deadlocks Omitting wait leads to safety violations 30

Semaphore in Java class Semaphore { private int value_; Semaphore (int initial) { value_ = initial; synchronized public void up() { ++value_; notify(); synchronized public void down() { while (value_== 0) { try {wait(); catch (InterruptedException e){ --value_; 31 Critical Regions Guarantee mutual exclusion by definition Note subtle difference to critical sections language features implement critical regions Example: Java synchronised method 32

Monitors Hoare s response to Dijkstra s semaphores Higher-level Structured Monitors encapsulate data structures that are not externally accessible Mutual exclusive access to data structure enforced by compiler or language run-time 33 Monitors in Java All instance and class variables need to be private or protected All methods need to be synchronised Example: semaphore implementation Use of Monitors: Carpark Problem 34

Carpark Problem Only admit cars if carpark is not full Cars can only leave if carpark is not empty Car arrival and departure are independent threads Demo: CarPark 35 Carpark Model Events or actions of interest: Arrive and depart Processes: Arrivals, departures and carpark control Process and Interaction structure: CARPARK ARRIVALS arrive CARPARK CONTROL depart DEPART- URES 36

Carpark FSP Specification CARPARKCONTROL(N=4) = SPACES[N], SPACES[i:0..N] = (when(i>0) arrive-> SPACES[i-1] when(i<n) depart-> SPACES[i+1] ). ARRIVALS = (arrive-> ARRIVALS). DEPARTURES = (depart-> DEPARTURES). CARPARK = (ARRIVALS CARPARKCONTROL DEPARTURES). LTSA 37 Java Class Carpark public class Carpark extends Applet { final static int N=4; public void init() { CarParkControl cpk = new CarParkControl(N); Thread arrival,departures; arrivals=new Thread(new Arrivals(cpk)); departures=new Thread(new Departures(cpk)); arrivals.start(); departures.start(); 38

Java Classes Arrivals & Departures public class Arrivals implements Runnable { CarParkControl carpark; Arrivals(CarParkControl c) {carpark = c; public void run() { while (true) carpark.arrive(); class Departures implements Runnable {... public void run() { while (true) carpark.depart(); 39 Java Class CarParkControl (Monitor) class CarParkControl {// synchronisation? private int spaces; private int N; CarParkControl(int capacity) { N = capacity; spaces = capacity; synchronized public void arrive() { -- spaces; {// Block if full? synchronized public void depart() { ++ spaces; {// Block if empty? 40

Problems with CarParkControl How do we send arrivals to sleep if car park is full? How do we awake it if space becomes available? Solution: Condition synchronisation 41 Condition Synchronization 42

Thread Waiting Queues in Java public final void notify() Wakes up a single thread that is waiting on this object s queue public final void notifyall() Wakes up all threads that are waiting on this object s queue public final void wait() throws InterruptedException Waits to be notified by another thread when notified must reacquire monitor 43 Condition synchronisation in Java Thread enters monitor when it acquires mutual exclusion lock of monitor Thread exits monitor when releasing lock Wait causes thread to exit monitor Monitor data Wait() Notify() 44

Semaphore as a Java Monitor class Semaphore { private int value_; Semaphore (int initial) { value_=initial; public synchronised up() { ++value_; notify(); public synchronised down() { while (value_==0) wait(); --value; 45 Condition Synchronisation in Java FSP Model: when cond act -> NEWSTATE Java: public synchronized void act() throws InterruptedException { while (! cond) wait(); // modify monitor data notifyall(); Loop re-tests cond to make sure that it is valid when it re-enters the monitor 46

CarParkControl revisited class CarParkControl { private int spaces; private int N; synchronized public void arrive() { while (spaces<=0) { try { wait(); catch(interruptedexception e){ --spaces; notify(); 47 FSP and Condition Synchronisation For each guarded action in the FSP model of a monitor Implement action as a synchronised method That invokes wait() in a while loop before it begins While condition is negation of guard condition Every change in the monitor are signalled to waiting threads using notify() or notifyall() 48

Example: Producer/Consumer Producer Buffer Consumer put get Demo 49 Producer Consumer in FSP PRODUCER = (put -> PRODUCER). CONSUMER = (get -> CONSUMER). BUFFER(SIZE=5) = BUFFER[0], BUFFER[count:0..SIZE] = ( when (count<size) put->buffer[count+1] when (count>0) get -> BUFFER[count-1]). PC=(PRODUCER BUFFER CONSUMER). LTSA 50

Bounded Buffer - Outline class Buffer { private protected Object[] buf; private protected int in = 0;//index put private protected int out = 0;//index get private protected int count = 0; //no items private protected int size; Buffer(int size) { this.size = size; buf = new Object[size]; synchronized public void put(object o) { synchronized public Object get() { 51 Bounded Buffer - put synchronized public void put(object o) { while (count==size) { try { wait(); catch(interruptedexception e){ buf[in] = o; ++count; in=(in+1) % size; notify(); // [count>0] 52

Bounded Buffer - get synchronized public Object get() { while (count==0) { try { wait(); catch (InterruptedException e){ Object o =buf[out]; buf[out]=null; // for display purposes --count; out=(out+1) % size; notify(); // [count < size] return (o); 53 Monitor Invariants Monitor invariant is assertion concerning attributes encapsulated by monitor Assertion must hold when no thread is in monit Examples: CarParkControl: 0<=spaces<=N Semaphore: 0<=value BoundedBuffer: (0<=count && 0<=in<=size && 0<=out<=size && in=(out+count) % size) Used to reason about correctness monitors 54

Summary Condition synchronization In Java using wait(), notify() and notifyall() Used to implement Semaphores in Java Relation between FSP model and implementation in Java monitor Monitor invariants 55 Deadlocks 56

Goals Reader/Writer problem Starvation Dining Philosophers Problem Deadlocks Liveness Analysis using LTS 57 Reader / Writer Problem Monitors and Java s synchronize statement guarantee mutual access to objects / methods Often it is ok for multiple readers to access the object concurrently Properties required: Demo: Reader/Writer 58

Read/Write Monitor class ReadWrite { private protected int readers = 0; private protected boolean writing = false; // Invariant: (readers>=0 and!writing) or // (readers==0 and writing) synchronized public void acquireread() { while (writing) { wait(); ++readers; synchronized public void releaseread() { --readers; if(readers==0) notify(); synchronized public void acquirewrite() { while (readers>0 writing) { wait(); writing = true; synchronized public void releasewrite() { writing = false; notifyall(); Starvation 59 Writer Starvation NotifyAll awakes both readers and writers Program relies on Java having a fair scheduling strategy When readers continually read resource: Writer never gets chance to write. This is an example of starvation. Solution: Avoid writer starvation by making readers defer if there is a writer waiting 60

Read/Write Monitor (Version 2) class ReadWrite { // as before private int waitingw = 0;// # waiting Writers synchronized public void acquireread() { while (writing waitingw>0) { wait(); ++readers; synchronized public void releaseread() { synchronized public void acquirewrite() { while (readers>0 writing) { ++waitingw; try{ wait(); --waitingw; writing = true; synchronized public void releasewrite() { Demo: Reader/Writer v2 61 Reader Starvation If there is always a waiting writer: Readers starve Solution: Alternating preference between readers and writers To do so: Another boolean attribute readersturn in Monitor that indicates whose turn it is readersturn is set by releasewrite() and cleared by releaseread() 62

Read/Write Monitor (Version 3) class ReadWrite { // as before private boolean readersturn = false; synchronized public void acquireread() { while(writing (waitingw>0 &&!readersturn)) { wait(); ++readers; synchronized public void releaseread() { --readers; readersturn=false; if(readers==0) notifyall(); synchronized public void acquirewrite() { synchronized public void releasewrite() { writing=false; readersturn=true; notifyall(); Demo: Reader/Writer v3 63 Deadlocks Process is in a deadlock if it is blocked waiting for a condition that will never become true Process is in a livelock if it is spinning while waiting for a condition that will never become true (busy wait deadlock) Both happen if concurrent processes and threads are mutually waiting for each other Example: Dining philosophers 64

Dining Philosopher Problem 5 Philosophers sit around table They think or eat 3 2 2 Eat with 2 chopsticks Only 5 chopsticks available Each philosopher only uses sticks to her left and right 4 3 4 0 0 1 1 65 FSP Model of Dining Philosophers PHIL=(hungry->left.get->right.get->eating-> left.put->right.put->thinking->phil). FORK = (left.get-> left.put -> FORK right.get->right.put -> FORK). COLLEGE(N=5)= (phil[0..n-1]:phil fork[0..n-1]:fork) /{phil[i:0..n-1].left/fork[i].left, phil[i:0..n-1].right/fork[((i-1)+n)%n].right. LTSA 66

Dining Philosophers in Java class Philosopher extends Thread { int identity; Chopstick left; Chopstick right; Philosopher(Chopstick left,chopstick right){ this.left = left; this.right = right; public void run() { while (true) { try { sleep( ); // thinking right.get(); left.get(); // hungry sleep( ) ; // eating right.put(); left.put(); catch (InterruptedException e) { 67 Chopstick Monitor class Chopstick { boolean taken=false; synchronized void put() { taken=false; notify(); synchronized void get() throws InterruptedException { while (taken) wait(); taken=true; 68

Applet for Diners for (int i =0; i<n; ++I) // create Chopsticks stick[i] = new Chopstick(); for (int i =0; i<n; ++i){ // create Philosophers phil[i]=new Philosopher( stick[(i-1+n)%n],stick[i]); phil[i].start(); Demo: Diners 69 Deadlock in Dining Philosopher If each philosopher has acquired her left chopstick the threads are mutually waiting for each other Potential for deadlock exists independent of thinking and eating times Only probability is increased if these times become shorter 70

Analysing cause of Deadlock We can use LTS for deadlock analysis A dead state in the composed LTS is one that does not have outgoing transitions Are these dead states reachable? Use of reachability analysis Traces to dead states helps understanding the causes of a deadlock LTSA 71 Deadlock Avoidance Deadlock in dining philosophers can be avoided if one philosopher picks up sticks in reverse order (right before left). Demo: Deadlock free Diners What is the problem with this solution? Are there other solutions? Deadlock can also be avoided if there is always one philosopher who thinks 72

Summary Reader / Writer Problem Starvation Avoidance of Starvation Dining Philosophers Problem Deadlocks and Livelocks Deadlock Avoidance Next Session: Safety 73 Liveness & Progress 74

Motivation Problem with single lane bridge: Cars cannot pass from north to south if there is a continuous stream of cars from south to north! We would like to guarantee that cars will eventually cross the bridge. In more general terms this is referred to as liveness 75 Liveness A liveness property asserts that something good eventually happens. We want to specify liveness for our FSP models We want to analyze our FSP models to be certain that the liveness properties hold General form of liveness requires consideration of temporal precedence relationship between states We use more restricted form of progress 76

Progress A progress property asserts that whatever state a system is in, it is always the case that a specified action will eventually be executed Progress is the opposite form of starvation Notion of progress is sufficiently powerful to capture wide range of liveness properties Progress properties are simple to specify in FSP 77 Progress Properties in FSP Specification of progress needs assumption of a fair scheduling policy. If a transition from a set is chosen infinitely often and every transition in the set will be executed infinitely often, the scheduling policy is said to be fair. progress P={a1,a2,,an defines a progress property P which asserts that in an infinite execution at least one of the actions a1, a2,, an will be executed infinitely often. 78

Example: Tossing Coins COIN = ( toss -> heads -> COIN toss -> tails -> COIN). toss toss 0 heads 1 2 tails progress HEADS = {heads progress TAILS = {tails 79 Example: Tossing Trick Coins TWOCOIN = (pick->coin pick->trick), COIN = ( toss -> heads -> COIN toss -> tails -> COIN), TRICK = (toss->heads->trick). progress HEADS = {heads progress TAILS = {tails pick toss toss toss 0 pick 1 2 heads 3 heads 4 5 tails 80

Progress Analysis We can automate analysis of progress properties A set of states where every state is reachable from every other state in the set and no state has transitions to states outside the set is a terminal set of states. Terminal set of states can be found using a graph algorithm that searches for a strongly connected component. LTSA 81 Default Progress Properties Default progress properties assert in a system with fair choices that every action in the alphabet will be executed infinitely often. Default progress properties of example: progress p1 = {pick progress p2 = {toss progress p3 = {heads progress p4 = {tail How many violations? LTSA 82

Priorities Default progress analysis of single lane bridge does not reveal violation. LTSA Problem is scheduling policy. Cars arriving in the south get priority if there are already northbound cars on the bridge To detect such progress violations we have to reflect such priorities in the FSP model 83 High Priority in FSP C = (P Q)<<{a1,,an specifies a composition in which the actions a1,,an have higher priority than any other action in the alphabet of P Q including the silent action tau. In any choice in this system which has one or more of the actions a1,,an labelling a transition, the transitions labelled with lower priority actions are discarded. 84

Low Priority in FSP C = (P Q)>>{a1,,an specifies a composition in which the actions a1,,an have lower priority than any other action in the alphabet of P Q including the silent action tau. In any choice in this system which has one or more transitions not labelled by a1,,an, the transitions labelled by a1,,an are discarded. 85 Simplification of LTS Priorities simplify the LTS resulting of the composition. Example: NORMAL=(work->play->NORMAL sleep->play->normal). HIGH=(NORMAL)<<{work. LOW= (NORMAL)>>{work. Use of priorities lead to more realistic liveness checks. LTSA 86

Summary Liveness Progress Progress Specification in FSP Progress-Analysis of LTS Priorities 87

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback