Liveness of Communicating Transactions
|
|
- Roland Boyd
- 5 years ago
- Views:
Transcription
1 (joint work with Vasileios Koutavas and Matthew Hennessy) TRINITY COLLEGE DUBLIN COLÁISTE NA TRÍONÓIDE, BAILE ÁTHA CLIATH Dublin Concurrency Workshop 2011
2 Traditional Transactions Transactions provide an abstraction for error recovery in a concurrent setting.
3 Traditional Transactions Transactions provide an abstraction for error recovery in a concurrent setting. The transactional system guarantees: Atomicity: Each transaction will either run in its entirety or not at all Consistency: Faults caused by a transaction are automatically detected and rolled-back Isolation: The effects of a transaction are concealed from the rest of the system until the transaction commits Durability: After a transaction commits, its effects are permanent.
4 Traditional Transactions Transactions provide an abstraction for error recovery in a concurrent setting. The transactional system guarantees: Atomicity: Each transaction will either run in its entirety or not at all Consistency: Faults caused by a transaction are automatically detected and rolled-back Isolation: The effects of a transaction are concealed from the rest of the system until the transaction commits Durability: After a transaction commits, its effects are permanent. However, isolation limits concurrency The semantics of traditional transactions is sequential schedules Traditional transactions do not offer an abstraction for recovery from distributed errors (e.g. deadlocks)
5 Communicating Transactions We drop isolation to increase concurrency There is no limit on the communication between a transaction and its environment The transactional system guarantees: Atomicity: Each transaction will either run in its entirety or not at all Consistency: Faults caused by a transaction are automatically detected and rolled-back, together with all effects of the transaction to its environment Durability: After all transactions that have interacted commit, their effects are permanent (coordinated checkpointing) We are interested in safety and especially liveness properties First theory of liveness in the presence of transactions We have studied the transactional properties of communicating transactions in [CONCUR 2010]
6 Safety Safety: Nothing bad will happen [Lamport 77] A safety property can be formulated as a safety test T ; which signals on channel ; when it detects the bad behaviour P passes the safety test T ; when P T ; cannot output on ; This is the negation of passing a may test [DeNicola-Hennessy 84]
7 Liveness Liveness: Something good will eventually happen [Lamport 77] A liveness property can be formulated as a liveness test T ω which detects and reports good behaviour on ω. P passes the liveness test T ω when all future states of P T ω can output on ω This is a should test [Binksma-Rensink-Vogler 95, Rensink-Vogler 07] It excludes pathological traces We will later see why must testing [DeNicola-Hennessy 84] is not appropriate for transactions
8 TransCCS [CONCUR 2010] Syntax: P, Q ::= µ i.p i guarded choice P Q parallel νa.p hiding µx.p recursion P k Q transaction (k bound in P) co k commit
9 TransCCS [CONCUR 2010] Syntax: P, Q ::= µ i.p i guarded choice P Q parallel νa.p hiding µx.p recursion P k Q transaction (k bound in P) co k commit
10 TransCCS [CONCUR 2010] Syntax: P, Q ::= µ i.p i guarded choice P Q parallel νa.p hiding µx.p recursion P k Q transaction (k bound in P) Default co k commit
11 TransCCS [CONCUR 2010] Syntax: P, Q ::= µ i.p i guarded choice P Q parallel νa.p hiding µx.p recursion P k Q transaction (k bound in P) Alternative co k commit
12 TransCCS [CONCUR 2010] Syntax: P, Q ::= µ i.p i guarded choice P Q parallel νa.p hiding µx.p recursion P k Q transaction (k bound in P) Name co k commit
13 TransCCS [CONCUR 2010] Syntax: P, Q ::= µ i.p i guarded choice P Q parallel νa.p hiding µx.p recursion P k Q transaction (k bound in P) co k commit Main reductions: R-Comm a i = b j a i.p i b j.q j P i Q j i I j J R-Co P co k k Q P R-Emb k / R P k Q R P R k Q R R-Ab P k Q Q
14 TransCCS [CONCUR 2010] Syntax: P, Q ::= µ i.p i guarded choice P Q parallel νa.p hiding µx.p recursion P k Q transaction (k bound in P) co k commit Main reductions: R-Comm a i = b j a i.p i b j.q j P i Q j i I j J R-Co P co k k Q P R-Emb k / R P k Q R P R k Q R R-Ab P k Q Q
15 TransCCS [CONCUR 2010] Syntax: P, Q ::= µ i.p i guarded choice P Q parallel νa.p hiding µx.p recursion P k Q transaction (k bound in P) co k commit Main reductions: R-Comm a i = b j a i.p i b j.q j P i Q j i I j J R-Co P co k k Q P R-Emb k / R P k Q R P R k Q R R-Ab P k Q Q
16 Simple Example a.c.ω + e.; a.c.co k + e k r
17 Simple Example a.c.ω + e.; a.c.co k + e k r
18 Simple Example a.c.ω + e.; a.c.co k + e k R-Emb a.c.ω + e.; a.c.co k + e k a.c.ω + e.; r r
19 Simple Example a.c.ω + e.; a.c.co k + e k R-Emb a.c.ω + e.; a.c.co k + e k a.c.ω + e.; r R-Comm c.ω c.co k k a.c.ω + e.; r r
20 Simple Example a.c.ω + e.; a.c.co k + e k R-Emb a.c.ω + e.; a.c.co k + e k a.c.ω + e.; r R-Comm c.ω c.co k k a.c.ω + e.; r R-Comm ω co k k a.c.ω + e.; r r
21 Simple Example a.c.ω + e.; a.c.co k + e k R-Emb a.c.ω + e.; a.c.co k + e k a.c.ω + e.; r R-Comm c.ω c.co k k a.c.ω + e.; r R-Comm ω co k k a.c.ω + e.; r R-Co ω r
22 Simple Example a.c.ω + e.; a.c.co k + e k R-Emb a.c.ω + e.; a.c.co k + e k a.c.ω + e.; r R-Comm c.ω c.co k k a.c.ω + e.; r R-Comm ω co k k a.c.ω + e.; r R-Co ω r
23 Simple Example (a second trace) a.c.ω + e.; a.c.co k + e k r
24 Simple Example (a second trace) a.c.ω + e.; a.c.co k + e k R-Emb a.c.ω + e.; a.c.co k + e k a.c.ω + e.; r r
25 Simple Example (a second trace) a.c.ω + e.; a.c.co k + e k R-Emb a.c.ω + e.; a.c.co k + e k a.c.ω + e.; r R-Comm ; k a.c.ω + e.; r r
26 Simple Example (a second trace) a.c.ω + e.; a.c.co k + e k R-Emb a.c.ω + e.; a.c.co k + e k a.c.ω + e.; r R-Comm ; k a.c.ω + e.; r r
27 Simple Example (a second trace) a.c.ω + e.; a.c.co k + e k R-Emb a.c.ω + e.; a.c.co k + e k a.c.ω + e.; r R-Comm ; k a.c.ω + e.; r R-Ab a.c.ω + e.; r r
28 Simple Example (a second trace) a.c.ω + e.; a.c.co k + e k R-Emb a.c.ω + e.; a.c.co k + e k a.c.ω + e.; r R-Comm ; k a.c.ω + e.; r R-Ab a.c.ω + e.; r r (The environment is restored)
29 Simple Example (all traces) R-Ab a.c.ω + e.; a.c.co k + e k r a.c.ω + e.; r R-Emb R-Ab R-Comm P 1 R-Comm P 2 P 2 R-Comm P 3 R-Co ω
30 Restarting transactions a.c.ω + e.; µx. a.c.co k + e k X
31 Restarting transactions a.c.ω + e.; µx. a.c.co k + e k X R-Emb R-Ab R-Comm P 1 R-Comm P 2 P 2 R-Comm P 3 R-Co ω
32 Restarting transactions a.c.ω + e.; µx. a.c.co k + e k X R-Emb R-Ab R-Comm P 1 R-Comm P 2 P 2 R-Comm P 3 R-Co ω Infinitely aborting loop
33 Compositional Semantics The embedding rule is simple but entangles the processes We need to reason about the behaviour of P Q in terms of P and Q We introduce a compositional Labelled Transition System that uses secondary transactions: P k Q
34 Compositional Semantics The embedding rule is simple but entangles the processes We need to reason about the behaviour of P Q in terms of P and Q We introduce a compositional Labelled Transition System that uses secondary transactions: P k Q a.c.ω + e.; a.c.co k + e k r emb k a.c.ω + e.; k a.c.ω + e.; k(a) c.ω k a.c.ω + e.; k(c) ω k a.c.ω + e.; co k ω emb k a.c.co k + e k r k(a) c.co k k r k(c) co k k r co k 0
35 Compositional Semantics The embedding rule is simple but entangles the processes We need to reason about the behaviour of P Q in terms of P and Q We introduce a compositional Labelled Transition System that uses secondary transactions: P k Q a.c.ω + e.; a.c.co k + e k r emb k a.c.ω + e.; k a.c.ω + e.; k(e) c.ω k a.c.ω + e.; ab k a.c.ω + e.; emb k a.c.co k + e k r k(e) k r ab k r
36 Compositional Semantics (2) The behaviour of processes in TransCCS can be understood by CCS-like Clean traces derived by the LTS that: consider only traces where all actions are eventually committed ignore transactional annotations on the traces
37 Compositional Semantics (2) The behaviour of processes in TransCCS can be understood by CCS-like Clean traces derived by the LTS that: consider only traces where all actions are eventually committed ignore transactional annotations on the traces L( a.c.co k + e k r ) = {ɛ, a c, r}
38 Compositional Semantics (2) The behaviour of processes in TransCCS can be understood by CCS-like Clean traces derived by the LTS that: consider only traces where all actions are eventually committed ignore transactional annotations on the traces L( a.c.co k + e k r ) = {ɛ, a c, r} (Non-prefix-closed set)
39 Compositional Semantics (2) The behaviour of processes in TransCCS can be understood by CCS-like Clean traces derived by the LTS that: consider only traces where all actions are eventually committed ignore transactional annotations on the traces L( a.c.co k + e k r ) = {ɛ, a c, r} (Non-prefix-closed set) L(µX. a.c.co k + e k X ) = {ɛ, a c}
40 Compositional Semantics (2) The behaviour of processes in TransCCS can be understood by CCS-like Clean traces derived by the LTS that: consider only traces where all actions are eventually committed ignore transactional annotations on the traces L( a.c.co k + e k r ) = {ɛ, a c, r} (Non-prefix-closed set) L(µX. a.c.co k + e k X ) = {ɛ, a c} (Atomicity: all-or-nothing)
41 Compositional Semantics (2) The behaviour of processes in TransCCS can be understood by CCS-like Clean traces derived by the LTS that: consider only traces where all actions are eventually committed ignore transactional annotations on the traces L( a.c.co k + e k r ) = {ɛ, a c, r} (Non-prefix-closed set) L(µX. a.c.co k + e k X ) = {ɛ, a c} (Atomicity: all-or-nothing) enable compositional reasoning: L(P Q) = L(P) zip L(Q) L(P) L(Q) implies L(P R) L(Q R)
42 Safety Definition (Basic Observable) P a iff there exists P such that P P a Basic observable actions are permanent
43 Safety Definition (Basic Observable) P a iff there exists P such that P P a Basic observable actions are permanent Definition (P passes safety test T ; ) P cannot T ; when P T ; ;
44 Safety Definition (Basic Observable) P a iff there exists P such that P P a Basic observable actions are permanent Definition (P passes safety test T ; ) P cannot T ; when P T ; ; Definition (Safety preservation) S safe I when T ;. S cannot T ; implies I cannot T ;
45 Safety Definition (Basic Observable) P a iff there exists P such that P P a Basic observable actions are permanent Definition (P passes safety test T ; ) P cannot T ; when P T ; ; Definition (Safety preservation) S safe I when T ;. S cannot T ; implies I cannot T ; Theorem (Characterization of safety preservation) S safe I iff L(S) L(I )
46 Liveness Definition (P Passes liveness Test T ω [Rensink-Vogler 07]) P shd T ω when R. P T ω R implies R ω
47 Liveness Definition (P Passes liveness Test T ω [Rensink-Vogler 07]) P shd T ω when R. P T ω R implies R ω a.c.ω + e.; µx. a.c.co k + e k X R-Emb R-Ab P 1 R-Comm R-Comm P 2 P 2 R-Comm P 3 R-Co ω
48 Liveness Definition (P Passes liveness Test T ω [Rensink-Vogler 07]) P shd T ω when R. P T ω R implies R ω a.c.ω + e.; µx. a.c.co k + e k X R-Emb R-Ab P 1 R-Comm R-Comm P 2 P 2 must testing would consider the infinite loop R-Comm P 3 R-Co ω
49 Liveness Definition (P passes liveness test T ω [Rensink-Vogler 07]) P shd T ω when R. P T ω R implies R ω Definition (Tree Failures [Rensink-Vogler 07]) (t, Ref ) is a tree failure of P when P. P t = CL P and L(P ) Ref = F(P) = {(t, Ref ) tree failure of P} Ref t
50 Liveness Definition (P passes liveness test T ω [Rensink-Vogler 07]) P shd T ω when R. P T ω R implies R ω Definition (Tree Failures [Rensink-Vogler 07]) (t, Ref ) is a tree failure of P when P. P t = CL P and L(P ) Ref = F(P) = {(t, Ref ) tree failure of P} Ref t Ref is generally non-prefix-closed
51 Liveness Definition (P passes liveness test T ω [Rensink-Vogler 07]) P shd T ω when R. P T ω R implies R ω Definition (Tree Failures [Rensink-Vogler 07]) (t, Ref ) is a tree failure of P when P. P t = CL P and L(P ) Ref = F(P) = {(t, Ref ) tree failure of P} Ref t Ref is generally non-prefix-closed Theorem (Characterization of liveness preservation) S live I iff F(S) F(I )
52 Simple Examples Let S ab = µx. a.b.co k k X L(S ab ) = {ɛ, ab} F(S ab ) = {(ɛ, S\ab), (ab, S) S A }
53 Simple Examples Let S ab = µx. a.b.co k k X L(S ab ) = {ɛ, ab} F(S ab ) = {(ɛ, S\ab), (ab, S) S A } S ab safe I 1 = a.b.co k k 0 L(I 1 ) = {ɛ, ab} S ab live I 1 F(I 1 ) = {(ɛ, S), (ab, S) S A }
54 Simple Examples Let S ab = µx. a.b.co k k X L(S ab ) = {ɛ, ab} F(S ab ) = {(ɛ, S\ab), (ab, S) S A } S ab safe I 1 = a.b.co k k 0 L(I 1 ) = {ɛ, ab} S ab live I 1 F(I 1 ) = {(ɛ, S), (ab, S) S A } S ab safe I 2 = µx. a.b.co k + e k X L(I 2 ) = L(S ab ) S ab live I 2 F(I 2 ) = F(S ab )
55 Comparison with CCS (1) Safety in TransCCS is characterized by non-prefix-closed sets of traces Safety in CCS is characterized by prefix-closed sets of traces
56 Comparison with CCS (1) Safety in TransCCS is characterized by non-prefix-closed sets of traces Safety in CCS is characterized by prefix-closed sets of traces TransCCS safety tests have the same distinguishing power as CCS safety tests If in CCS P safe Q then also in TransCCS P safe Q
57 Comparison with CCS (1) Safety in TransCCS is characterized by non-prefix-closed sets of traces Safety in CCS is characterized by prefix-closed sets of traces TransCCS safety tests have the same distinguishing power as CCS safety tests If in CCS P safe Q then also in TransCCS P safe Q No way to encode non-prefix-closed traces in CCS; thus no fully-abstract translation from TransCCS to CCS
58 Comparison with CCS (2) Liveness in TransCCS is characterized by tree failures Liveness in CCS is characterized by a more complex model [Rensink-Vogler 07]
59 Comparison with CCS (2) Liveness in TransCCS is characterized by tree failures Liveness in CCS is characterized by a more complex model [Rensink-Vogler 07] TransCCS liveness tests have more distinguishing power than CCS liveness tests In CCS a.(b.c + b.d) live a.b.c + a.b.d In TransCCS a.(b.c + b.d) live a.b.c + a.b.d (a, {bd}) F(a.(b.c + b.d)) (a, {bd}) F(a.b.c + a.b.d) TransCCS distinguishing liveness test in the paper
60 Comparison with CCS (2) Liveness in TransCCS is characterized by tree failures Liveness in CCS is characterized by a more complex model [Rensink-Vogler 07] TransCCS liveness tests have more distinguishing power than CCS liveness tests In CCS a.(b.c + b.d) live a.b.c + a.b.d In TransCCS a.(b.c + b.d) live a.b.c + a.b.d (a, {bd}) F(a.(b.c + b.d)) (a, {bd}) F(a.b.c + a.b.d) TransCCS distinguishing liveness test in the paper Thus no sound translation from TransCCS to CCS that is the identity on CCS terms
61 Also in [APLAS 2010] Canonical class of tests for liveness and safety See how restarting transactions add fault tolerance to CCS (Ex. 6) A sound, but incomplete bisimulation proof method, using the clean LTS transitions Many examples
62 Conclusions Communicating transactions: Traditional transactions without the isolation requirement No limit on communication or concurrency Simple safety and liveness theory First theory of liveness in the presence of transactions Future directions: Reference implementation/evaluation of the construct in a programming language. Advertisement Joint Trinity/Microsoft Research PhD on extending Haskell with communicating transactions. We need a good student :)
63
64 ACD Properties A commit step makes the effects of the transaction permanent (Durability ) a.b.ω + e.; µx. a.b.co k + e k X R-Emb P1 R-Comm P2 R-Comm P2 R-Comm P3 R-Co ω R-Ab An abort step: restarts the transaction rolls-back embedded processes to their state before embedding (Consistency ) does not roll-back actions that happened before embedding does not affect non-embedded processes The semantics of transactions transactions are non-prefix-closed traces (Atomicity ).
Communicating Transactions (Extended Abstract)
Communicating Transactions (Extended Abstract) Edsko de Vries, Vasileios Koutavas, and Matthew Hennessy Trinity College Dublin {Edsko.de.Vries,Vasileios.Koutavas,Matthew.Hennessy}@cs.tcd.ie Dedicated to
More informationBisimulations for Communicating Transactions
Bisimulations for Communicating Transactions (Extended Abstract) Vasileios Koutavas, Carlo Spaccasassi, and Matthew Hennessy Trinity College Dublin Abstract. We develop a theory of bisimulations for a
More informationA Note on Scope and Infinite Behaviour in CCS-like Calculi p.1/32
A Note on Scope and Infinite Behaviour in CCS-like Calculi GERARDO SCHNEIDER UPPSALA UNIVERSITY DEPARTMENT OF INFORMATION TECHNOLOGY UPPSALA, SWEDEN Joint work with Pablo Giambiagi and Frank Valencia A
More informationTrace semantics: towards a unification of parallel paradigms Stephen Brookes. Department of Computer Science Carnegie Mellon University
Trace semantics: towards a unification of parallel paradigms Stephen Brookes Department of Computer Science Carnegie Mellon University MFCSIT 2002 1 PARALLEL PARADIGMS State-based Shared-memory global
More informationThe State Explosion Problem
The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis
More informationModels of Concurrency
Models of Concurrency GERARDO SCHNEIDER UPPSALA UNIVERSITY DEPARTMENT OF INFORMATION TECHNOLOGY UPPSALA, SWEDEN Thanks to Frank Valencia Models of Concurrency p.1/57 Concurrency is Everywhere Concurrent
More informationTemporal Logic. Stavros Tripakis University of California, Berkeley. We have designed a system. We want to check that it is correct.
EE 244: Fundamental Algorithms for System Modeling, Analysis, and Optimization Fall 2016 Temporal logic Stavros Tripakis University of California, Berkeley Stavros Tripakis (UC Berkeley) EE 244, Fall 2016
More informationTRINITY COLLEGE DUBLIN. First-Order Reasoning for Higher-Order Concurrency
TRINITY COLLEGE DUBLIN COLÁISTE NA TRÍONÓIDE, BAILE ÁTHA CLIATH First-Order Reasoning for Higher-Order Concurrency Vasileios Koutavas Matthew Hennessy Computer Science Department Technical Report TCS-CS-YYYY-NN
More informationFailure Diagnosis of Discrete Event Systems With Linear-Time Temporal Logic Specifications
Failure Diagnosis of Discrete Event Systems With Linear-Time Temporal Logic Specifications Shengbing Jiang and Ratnesh Kumar Abstract The paper studies failure diagnosis of discrete event systems with
More informationOn Compensation Primitives as Adaptable Processes
On Compensation Primitives as Adaptable Processes Jovana Dedeić University of Novi Sad Jovanka Pantović (Novi Sad) and Jorge A. Pérez (Groningen) LAP 2015 - Dubrovnik, September 24, 2015 Outline 1 Context
More informationIntroduction to Temporal Logic. The purpose of temporal logics is to specify properties of dynamic systems. These can be either
Introduction to Temporal Logic The purpose of temporal logics is to specify properties of dynamic systems. These can be either Desired properites. Often liveness properties like In every infinite run action
More informationCommunicating Parallel Processes. Stephen Brookes
Communicating Parallel Processes Stephen Brookes Carnegie Mellon University Deconstructing CSP 1 CSP sequential processes input and output as primitives named parallel composition synchronized communication
More informationTrace-based Process Algebras for Real-Time Probabilistic Systems
Trace-based Process Algebras for Real-Time Probabilistic Systems Stefano Cattani A thesis submitted to The University of Birmingham for the degree of Doctor of Philosophy School of Computer Science The
More informationStructure Preserving Bisimilarity,
Structure Preserving Bisimilarity, Supporting an Operational Petri Net Semantics of CCSP Rob van Glabbeek NICTA, Sydney, Australia University of New South Wales, Sydney, Australia September 2015 Milner:
More informationAutomata-Theoretic Model Checking of Reactive Systems
Automata-Theoretic Model Checking of Reactive Systems Radu Iosif Verimag/CNRS (Grenoble, France) Thanks to Tom Henzinger (IST, Austria), Barbara Jobstmann (CNRS, Grenoble) and Doron Peled (Bar-Ilan University,
More informationLecture 2 Automata Theory
Lecture 2 Automata Theory Ufuk Topcu Nok Wongpiromsarn Richard M. Murray Outline: Transition systems Linear-time properties Regular propereties EECI, 14 May 2012 This short-course is on this picture applied
More informationModal and Temporal Logics
Modal and Temporal Logics Colin Stirling School of Informatics University of Edinburgh July 23, 2003 Why modal and temporal logics? 1 Computational System Modal and temporal logics Operational semantics
More informationAn introduction to process calculi: Calculus of Communicating Systems (CCS)
An introduction to process calculi: Calculus of Communicating Systems (CCS) Lecture 2 of Modelli Matematici dei Processi Concorrenti Paweł Sobociński University of Southampton, UK Intro to process calculi:
More informationSafety and Liveness Properties
Safety and Liveness Properties Lecture #6 of Model Checking Joost-Pieter Katoen Lehrstuhl 2: Software Modeling and Verification E-mail: katoen@cs.rwth-aachen.de November 5, 2008 c JPK Overview Lecture
More informationVerification. Arijit Mondal. Dept. of Computer Science & Engineering Indian Institute of Technology Patna
IIT Patna 1 Verification Arijit Mondal Dept. of Computer Science & Engineering Indian Institute of Technology Patna arijit@iitp.ac.in Introduction The goal of verification To ensure 100% correct in functionality
More informationTimo Latvala. March 7, 2004
Reactive Systems: Safety, Liveness, and Fairness Timo Latvala March 7, 2004 Reactive Systems: Safety, Liveness, and Fairness 14-1 Safety Safety properties are a very useful subclass of specifications.
More informationA Canonical Contraction for Safe Petri Nets
A Canonical Contraction for Safe Petri Nets Thomas Chatain and Stefan Haar INRIA & LSV (CNRS & ENS Cachan) 6, avenue du Président Wilson 935 CACHAN Cedex, France {chatain, haar}@lsvens-cachanfr Abstract
More informationLecture 2 Automata Theory
Lecture 2 Automata Theory Ufuk Topcu Nok Wongpiromsarn Richard M. Murray EECI, 18 March 2013 Outline Modeling (discrete) concurrent systems: transition systems, concurrency and interleaving Linear-time
More informationTimed Automata. Semantics, Algorithms and Tools. Zhou Huaiyang
Timed Automata Semantics, Algorithms and Tools Zhou Huaiyang Agenda } Introduction } Timed Automata } Formal Syntax } Operational Semantics } Verification Problems } Symbolic Semantics & Verification }
More informationSimply Typed Lambda Calculus
Simply Typed Lambda Calculus Language (ver1) Lambda calculus with boolean values t ::= x variable x : T.t abstraction tt application true false boolean values if ttt conditional expression Values v ::=
More informationAn Introduction to Temporal Logics
An Introduction to Temporal Logics c 2001,2004 M. Lawford Outline Motivation: Dining Philosophers Safety, Liveness, Fairness & Justice Kripke structures, LTS, SELTS, and Paths Linear Temporal Logic Branching
More informationSemantics and Verification
Semantics and Verification Lecture 2 informal introduction to CCS syntax of CCS semantics of CCS 1 / 12 Sequential Fragment Parallelism and Renaming CCS Basics (Sequential Fragment) Nil (or 0) process
More informationModelling Membranes with Brane Calculi
Modelling Membranes with Brane Calculi (and translation of Brane Calculi into CLS) 1/42 Introduction A biological cellular membrane is an closed surface that can perform various molecular functions. Membranes
More informationChapter 4: Computation tree logic
INFOF412 Formal verification of computer systems Chapter 4: Computation tree logic Mickael Randour Formal Methods and Verification group Computer Science Department, ULB March 2017 1 CTL: a specification
More informationIntroduction to Formal Verification Methods Exercise 4
Introduction to Formal Verification Methods Exercise 4 Guy Katz, 301062063 May 30, 2013 Question 1 We argue that there exists a weakly fair non-progress cycle in the given model. ssuming weak fairness,
More informationCoinductive big-step semantics and Hoare logics for nontermination
Coinductive big-step semantics and Hoare logics for nontermination Tarmo Uustalu, Inst of Cybernetics, Tallinn joint work with Keiko Nakata COST Rich Models Toolkit meeting, Madrid, 17 18 October 2013
More informationTopics in Concurrency
Topics in Concurrency Lecture 3 Jonathan Hayman 18 October 2016 Towards a more basic language Aim: removal of variables to reveal symmetry of input and output Transitions for value-passing carry labels
More informationAbstractions and Decision Procedures for Effective Software Model Checking
Abstractions and Decision Procedures for Effective Software Model Checking Prof. Natasha Sharygina The University of Lugano, Carnegie Mellon University Microsoft Summer School, Moscow, July 2011 Lecture
More informationFrom Liveness to Promptness
From Liveness to Promptness Orna Kupferman Hebrew University Nir Piterman EPFL Moshe Y. Vardi Rice University Abstract Liveness temporal properties state that something good eventually happens, e.g., every
More informationTemporal logics and explicit-state model checking. Pierre Wolper Université de Liège
Temporal logics and explicit-state model checking Pierre Wolper Université de Liège 1 Topics to be covered Introducing explicit-state model checking Finite automata on infinite words Temporal Logics and
More informationTIMED automata, introduced by Alur and Dill in [3], have
1 Language Inclusion Checking of Timed Automata with Non-Zenoness Xinyu Wang, Jun Sun, Ting Wang, and Shengchao Qin Abstract Given a timed automaton P modeling an implementation and a timed automaton S
More informationThe Underlying Semantics of Transition Systems
The Underlying Semantics of Transition Systems J. M. Crawford D. M. Goldschlag Technical Report 17 December 1987 Computational Logic Inc. 1717 W. 6th St. Suite 290 Austin, Texas 78703 (512) 322-9951 1
More informationCharacterizing Fault-Tolerant Systems by Means of Simulation Relations
Characterizing Fault-Tolerant Systems by Means of Simulation Relations TECHNICAL REPORT Ramiro Demasi 1, Pablo F. Castro 2,3, Thomas S.E. Maibaum 1, and Nazareno Aguirre 2,3 1 Department of Computing and
More informationGuest lecturer: Prof. Mark Reynolds, The University of Western Australia
Università degli studi di Udine Corso per il dottorato di ricerca: Temporal Logics: Satisfiability Checking, Model Checking, and Synthesis January 2017 Lecture 01, Part 02: Temporal Logics Guest lecturer:
More informationConservation of Information
Conservation of Information Amr Sabry (in collaboration with Roshan P. James) School of Informatics and Computing Indiana University May 8, 2012 Amr Sabry (in collaboration with Roshan P. James) (IU SOIC)
More informationClojure Concurrency Constructs, Part Two. CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014
Clojure Concurrency Constructs, Part Two CSCI 5828: Foundations of Software Engineering Lecture 13 10/07/2014 1 Goals Cover the material presented in Chapter 4, of our concurrency textbook In particular,
More informationFAIRNESS FOR INFINITE STATE SYSTEMS
FAIRNESS FOR INFINITE STATE SYSTEMS Heidy Khlaaf University College London 1 FORMAL VERIFICATION Formal verification is the process of establishing whether a system satisfies some requirements (properties),
More informationModels for Concurrency
Models for Concurrency (A revised version of DAIMI PB-429) Glynn Winskel Mogens Nielsen Computer Science Department, Aarhus University, Denmark November 1993 Abstract This is, we believe, the final version
More informationShared-Variable Concurrency
University of Science and Technology of China 12/17/2013 Parallel Composition (or Concurrency Composition) Syntax: (comm) c ::=... c 0 c 1... Note we allow nested parallel composition, e.g., (c 0 ; (c
More informationIntroduction to Model Checking. Debdeep Mukhopadhyay IIT Madras
Introduction to Model Checking Debdeep Mukhopadhyay IIT Madras How good can you fight bugs? Comprising of three parts Formal Verification techniques consist of three parts: 1. A framework for modeling
More informationTopics in Concurrency
Topics in Concurrency Lecture 3 Jonathan Hayman 18 February 2015 Recap: Syntax of CCS Expressions: Arithmetic a and Boolean b Processes: p ::= nil nil process (τ p) silent/internal action (α!a p) output
More informationRevising UNITY Programs: Possibilities and Limitations 1
Revising UNITY Programs: Possibilities and Limitations 1 Ali Ebnenasir, Sandeep S. Kulkarni, and Borzoo Bonakdarpour Software Engineering and Network Systems Laboratory Department of Computer Science and
More informationBenefits of Interval Temporal Logic for Specification of Concurrent Systems
Benefits of Interval Temporal Logic for Specification of Concurrent Systems Ben Moszkowski Software Technology Research Laboratory De Montfort University Leicester Great Britain email: benm@dmu.ac.uk http://www.tech.dmu.ac.uk/~benm
More informationOn the coinductive nature of centralizers
On the coinductive nature of centralizers Charles Grellois INRIA & University of Bologna Séminaire du LIFO Jan 16, 2017 Charles Grellois (INRIA & Bologna) On the coinductive nature of centralizers Jan
More informationFormal Methods for Probabilistic Systems
Formal Methods for Probabilistic Systems Annabelle McIver Carroll Morgan Source-level program logic Meta-theorems for loops Examples Relational operational model Standard, deterministic, terminating...
More informationESE601: Hybrid Systems. Introduction to verification
ESE601: Hybrid Systems Introduction to verification Spring 2006 Suggested reading material Papers (R14) - (R16) on the website. The book Model checking by Clarke, Grumberg and Peled. What is verification?
More informationDeconstructing CCS and CSP Asynchronous Communication, Fairness, and Full Abstraction
Deconstructing CCS and CSP Asynchronous Communication, Fairness, and Full Abstraction Stephen Brookes Carnegie Mellon University Paper presented at MFPS 16 In honor of Robin Milner Abstract The process
More informationMODEL CHECKING. Arie Gurfinkel
1 MODEL CHECKING Arie Gurfinkel 2 Overview Kripke structures as models of computation CTL, LTL and property patterns CTL model-checking and counterexample generation State of the Art Model-Checkers 3 SW/HW
More informationComplexity Issues in Automated Addition of Time-Bounded Liveness Properties 1
Complexity Issues in Automated Addition of Time-Bounded Liveness Properties 1 Borzoo Bonakdarpour and Sandeep S. Kulkarni Software Engineering and Network Systems Laboratory, Department of Computer Science
More informationInterpreting the Full λ-calculus in the π-calculus
Interpreting the Full λ-calculus in the π-calculus Xiaojuan Cai Joint work with Yuxi Fu BASICS Lab October 12, 2009 Motivation The λ-calculus: sequential model; The π-calculus: concurrent model A deep
More informationCommunication and Concurrency: CCS
Communication and Concurrency: CCS R. Milner, A Calculus of Communicating Systems, 1980 cours SSDE Master 1 Why calculi? Prove properties on programs and languages Principle: tiny syntax, small semantics,
More informationAutomatic Synthesis of Distributed Protocols
Automatic Synthesis of Distributed Protocols Rajeev Alur Stavros Tripakis 1 Introduction Protocols for coordination among concurrent processes are an essential component of modern multiprocessor and distributed
More informationCS 6112 (Fall 2011) Foundations of Concurrency
CS 6112 (Fall 2011) Foundations of Concurrency 29 November 2011 Scribe: Jean-Baptiste Jeannin 1 Readings The readings for today were: Eventually Consistent Transactions, by Sebastian Burckhardt, Manuel
More informationReasoning About Imperative Programs. COS 441 Slides 10b
Reasoning About Imperative Programs COS 441 Slides 10b Last time Hoare Logic: { P } C { Q } Agenda If P is true in the initial state s. And C in state s evaluates to s. Then Q must be true in s. Program
More informationCommunicating Multi-Stack Visibly Pushdown Processes
Communicating Multi-Stack Visibly Pushdown Processes by Davidson Madudu A thesis submitted to the Department of Computer Science in conformity with the requirements for the degree of Master of Science
More informationComputation Tree Logic (CTL) & Basic Model Checking Algorithms
Computation Tree Logic (CTL) & Basic Model Checking Algorithms Martin Fränzle Carl von Ossietzky Universität Dpt. of Computing Science Res. Grp. Hybride Systeme Oldenburg, Germany 02917: CTL & Model Checking
More informationChapter 5: Linear Temporal Logic
Chapter 5: Linear Temporal Logic Prof. Ali Movaghar Verification of Reactive Systems Spring 94 Outline We introduce linear temporal logic (LTL), a logical formalism that is suited for specifying LT properties.
More informationWhat is Temporal Logic? The Basic Paradigm. The Idea of Temporal Logic. Formulas
What is Temporal Logic? A logical formalism to describe sequences of any kind. We use it to describe state sequences. An automaton describes the actions of a system, a temporal logic formula describes
More informationFrom EBNF to PEG. Roman R. Redziejowski. Concurrency, Specification and Programming Berlin 2012
Concurrency, Specification and Programming Berlin 2012 EBNF: Extended Backus-Naur Form A way to define grammar. EBNF: Extended Backus-Naur Form A way to define grammar. Literal = Decimal Binary Decimal
More informationCS477 Formal Software Dev Methods
CS477 Formal Software Dev Methods Elsa L Gunter 2112 SC, UIUC egunter@illinois.edu http://courses.engr.illinois.edu/cs477 Slides based in part on previous lectures by Mahesh Vishwanathan, and by Gul Agha
More informationProcess Algebras and Concurrent Systems
Process Algebras and Concurrent Systems Rocco De Nicola Dipartimento di Sistemi ed Informatica Università di Firenze Process Algebras and Concurrent Systems August 2006 R. De Nicola (DSI-UNIFI) Process
More informationFinite-State Model Checking
EECS 219C: Computer-Aided Verification Intro. to Model Checking: Models and Properties Sanjit A. Seshia EECS, UC Berkeley Finite-State Model Checking G(p X q) Temporal logic q p FSM Model Checker Yes,
More informationTHEORY OF SYSTEMS MODELING AND ANALYSIS. Henny Sipma Stanford University. Master class Washington University at St Louis November 16, 2006
THEORY OF SYSTEMS MODELING AND ANALYSIS Henny Sipma Stanford University Master class Washington University at St Louis November 16, 2006 1 1 COURSE OUTLINE 8:37-10:00 Introduction -- Computational model
More informationEmbedded Systems 2. REVIEW: Actor models. A system is a function that accepts an input signal and yields an output signal.
Embedded Systems 2 REVIEW: Actor models A system is a function that accepts an input signal and yields an output signal. The domain and range of the system function are sets of signals, which themselves
More informationCommunication and Concurrency: CCS. R. Milner, A Calculus of Communicating Systems, 1980
Communication and Concurrency: CCS R. Milner, A Calculus of Communicating Systems, 1980 Why calculi? Prove properties on programs and languages Principle: tiny syntax, small semantics, to be handled on
More informationMODEL CHECKING TIMED SAFETY INSTRUMENTED SYSTEMS
TKK Reports in Information and Computer Science Espoo 2008 TKK-ICS-R3 MODEL CHECKING TIMED SAFETY INSTRUMENTED SYSTEMS Jussi Lahtinen ABTEKNILLINEN KORKEAKOULU TEKNISKA HÖGSKOLAN HELSINKI UNIVERSITY OF
More informationTemporal Logic of Actions
Advanced Topics in Distributed Computing Dominik Grewe Saarland University March 20, 2008 Outline Basic Concepts Transition Systems Temporal Operators Fairness Introduction Definitions Example TLC - A
More informationAlan Bundy. Automated Reasoning LTL Model Checking
Automated Reasoning LTL Model Checking Alan Bundy Lecture 9, page 1 Introduction So far we have looked at theorem proving Powerful, especially where good sets of rewrite rules or decision procedures have
More informationDecentralized Failure Diagnosis of Discrete Event Systems
IEEE TRANSACTIONS ON SYSTEMS, MAN AND CYBERNETICS PART A: SYSTEMS AND HUMANS, VOL., NO., 2005 1 Decentralized Failure Diagnosis of Discrete Event Systems Wenbin Qiu, Student Member, IEEE, and Ratnesh Kumar,
More informationBilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft)
Bilateral Proofs of Safety and Progress Properties of Concurrent Programs (Working Draft) Jayadev Misra December 18, 2015 Contents 1 Introduction 3 2 Program and Execution Model 4 2.1 Program Structure..........................
More informationSyntax and Semantics of Propositional Linear Temporal Logic
Syntax and Semantics of Propositional Linear Temporal Logic 1 Defining Logics L, M, = L - the language of the logic M - a class of models = - satisfaction relation M M, ϕ L: M = ϕ is read as M satisfies
More informationRecursion in Coalgebras
Recursion in Coalgebras Mauro Jaskelioff mjj@cs.nott.ac.uk School of Computer Science & IT FoP Away Day 2007 Outline Brief overview of coalgebras. The problem of divergence when considering unguarded recursion.
More informationThe Polyranking Principle
The Polyranking Principle Aaron R. Bradley, Zohar Manna, and Henny B. Sipma Computer Science Department Stanford University Stanford, CA 94305-9045 {arbrad,zm,sipma}@theory.stanford.edu Abstract. Although
More informationRevising Distributed UNITY Programs is NP-Complete
Revising Distributed UNITY Programs is NP-Complete Borzoo Bonakdarpour and Sandeep S. Kulkarni Department of Computer Science and Engineering Michigan State University East Lansing, MI 48824, U.S.A. {borzoo,sandeep}@cse.msu.edu
More informationChoreographies and Behavioural Contracts on the Way to Dynamic Updates
Choreographies and Behavioural Contracts on the Way to Dynamic Updates Mario Bravetti Gianluigi Zavattaro University of Bologna, Italy / INRIA, France {mario.bravetti,gianluigi.zavattaro}@unibo.it We survey
More informationTimed Automata VINO 2011
Timed Automata VINO 2011 VeriDis Group - LORIA July 18, 2011 Content 1 Introduction 2 Timed Automata 3 Networks of timed automata Motivation Formalism for modeling and verification of real-time systems.
More informationDistributed transactions and reversibility
Distributed transactions and reversibility Pawel Sobocinski, University of Cambridge Southampton, 26 September 2006 based on joint work with Vincent Danos and Jean Krivine Motivation Reversible CCS (RCCS)
More informationBasics of Linear Temporal Proper2es
Basics of Linear Temporal Proper2es Robert B. France State vs ac2on view Ac2on view abstracts out states; focus only on ac2on labels State view: focus only on states and the proposi2ons that are true in
More informationModel Checking with CTL. Presented by Jason Simas
Model Checking with CTL Presented by Jason Simas Model Checking with CTL Based Upon: Logic in Computer Science. Huth and Ryan. 2000. (148-215) Model Checking. Clarke, Grumberg and Peled. 1999. (1-26) Content
More informationModels. Lecture 25: Model Checking. Example. Semantics. Meanings with respect to model and path through future...
Models Lecture 25: Model Checking CSCI 81 Spring, 2012 Kim Bruce Meanings with respect to model and path through future... M = (S,, L) is a transition system if S is a set of states is a transition relation
More informationDecentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication
Decentralized Control of Discrete Event Systems with Bounded or Unbounded Delay Communication Stavros Tripakis Abstract We introduce problems of decentralized control with communication, where we explicitly
More informationConcurrent Flexible Reversibility
Concurrent Flexible Reversibility Ivan Lanese 1, Michael Lienhardt 2, Claudio Antares Mezzina 3, Alan Schmitt 4, and Jean-Bernard Stefani 4 1 Focus Team, University of Bologna/Inria, Italy lanese@cs.unibo.it
More informationOverview. overview / 357
Overview overview6.1 Introduction Modelling parallel systems Linear Time Properties Regular Properties Linear Temporal Logic (LTL) Computation Tree Logic syntax and semantics of CTL expressiveness of CTL
More informationCASPA - A Tool for Symbolic Performance Evaluation and Stochastic Model Checking
CASPA - A Tool for Symbolic Performance Evaluation and Stochastic Model Checking Boudewijn R. Haverkort 1, Matthias Kuntz 1, Martin Riedl 2, Johann Schuster 2, Markus Siegle 2 1 : Universiteit Twente 2
More informationOn Real-time Monitoring with Imprecise Timestamps
On Real-time Monitoring with Imprecise Timestamps David Basin 1, Felix Klaedtke 2, Srdjan Marinovic 1, and Eugen Zălinescu 1 1 Institute of Information Security, ETH Zurich, Switzerland 2 NEC Europe Ltd.,
More informationSemantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr
Semantic Equivalences and the Verification of Infinite-State Systems Richard Mayr Department of Computer Science Albert-Ludwigs-University Freiburg Germany Verification of Infinite-State Systems 1 c 2004
More informationProbabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford
Probabilistic Model Checking Michaelmas Term 2011 Dr. Dave Parker Department of Computer Science University of Oxford Overview Temporal logic Non-probabilistic temporal logic CTL Probabilistic temporal
More informationIntroduction to process algebra
Introduction to process algebra Luís S. Barbosa DI-CCTC Universidade do Minho Braga, Portugal March, 2010 Actions & processes Action is a latency for interaction for a L, L denoting a set of names Act
More informationComputer-Aided Program Design
Computer-Aided Program Design Spring 2015, Rice University Unit 3 Swarat Chaudhuri February 5, 2015 Temporal logic Propositional logic is a good language for describing properties of program states. However,
More informationTemporal Logic. M φ. Outline. Why not standard logic? What is temporal logic? LTL CTL* CTL Fairness. Ralf Huuck. Kripke Structure
Outline Temporal Logic Ralf Huuck Why not standard logic? What is temporal logic? LTL CTL* CTL Fairness Model Checking Problem model, program? M φ satisfies, Implements, refines property, specification
More informationContextual equivalence
Techniques 16/22 ACS L16, lecture 2 4/10 Contextual equivalence Two phrases of a programming language are ( Morris style ) contextually equivalent ( = ctx ) if occurrences of the first phrase in any program
More informationThe Join calculus A calculus of mobile agents
The Join calculus p. 1/32 The Join calculus A calculus of mobile agents Martin Mosegaard Jensen Mobile Computing seminar 2004, DAIMI The Join calculus p. 2/32 Plan Motivation The reflexive CHAM Distribution:
More informationModel checking, verification of CTL. One must verify or expel... doubts, and convert them into the certainty of YES [Thomas Carlyle]
Chater 5 Model checking, verification of CTL One must verify or exel... doubts, and convert them into the certainty of YES or NO. [Thomas Carlyle] 5. The verification setting Page 66 We introduce linear
More informationA Simplified Approach for Testing Real-Time Systems Based on Action Refinement
A Simplified Approach for Testing Real-Time Systems Based on Action Refinement Saddek Bensalem, Moez Krichen, Lotfi Majdoub, Riadh Robbana, Stavros Tripakis Verimag Laboratory, Centre Equation 2, avenue
More informationEmbedded systems specification and design
Embedded systems specification and design David Kendall David Kendall Embedded systems specification and design 1 / 21 Introduction Finite state machines (FSM) FSMs and Labelled Transition Systems FSMs
More information