Syntax: form ::= A: lin j E: lin ::= 3 lin j lin ^ lin j :lin j bool lin lin is a temporal formula dened over a global sequence. bool is true in g if

Size: px

Start display at page:

Download "Syntax: form ::= A: lin j E: lin ::= 3 lin j lin ^ lin j :lin j bool lin lin is a temporal formula dened over a global sequence. bool is true in g if"

Cecil Richardson
5 years ago
Views:

1 Introduction 1 Goals of the lecture: Weak Conjunctive Predicates Logic for global predicates Weak conjunctive algorithm References: Garg and Waldecker 94

2 Syntax: form ::= A: lin j E: lin ::= 3 lin j lin ^ lin j :lin j bool lin lin is a temporal formula dened over a global sequence. bool is true in g if it is true in the last state of g. Introduction 2 Logic for Global Predicates Three syntactic categories in the logic - bool, lin and form. bool ::= a predicate over a global state bool: boolean expression dened on a single global state of system. the Example: if the global state has (x = 3; y = 6), then the bool (x y) is true. lin: there exists a prex of g such that lin is true for the prex. 3 2 and _: duals of 3 and ^. A form is dened for a run and it is simply a lin qualied universal (A :) or existential (E :) quantier. with

3 j= lin 1,! lin 2 i 9i < j : g i j= lin 1 ^ g j j= lin 2 g j=a:lin i 8g : g 2 linear(r) : g j= lin r Introduction 3 Semantics g j= bool i g m j= bool, g m = last state in g g j= :lin i :g j= lin g j= 3lin i 9i : g i j= lin r j=e:lin i 9g : g 2 linear(r) : g j= lin strong predicate: formulas starting with A weak predicate: formulas starting with E.

4 Introduction 4 Weak Conjunctive Predicates weak conjunctive predicate (WCP) is true for a given run if A only if there exists a global sequence consistent with that and run in which all conjuncts are true in some global state. useful for bad or undesirable predicates Example: the classical mutual exclusion problem. detect errors that may be hidden in some run due to race conditions.

5 Introduction 5 Importance of Weak Conjunctive Predicates Sucient for detection of any boolean expression of local predicates. Example x; y and z are in three dierent processes. Then, E:3even(x) ^ ((y < 0) _ (z > 6)) E:3(even(x) ^ (y < 0))_ E:3(even(x) ^ (z > 6)) the global predicate is satised by only a nite number of global states. possible Example, E : 3(x = y), x and y are in dierent processes. (x = y) is not a local predicate Assume that x and y can only take values f0; 1g. A : 2bool can be easily detected, why?

6 LP i : a local predicate in the process P i 1 E: 3(LP 1 ^ LP 2 ^ : : : LP k ) is true for a run r Theorem for all 1 i m 9s i 2 r[i] such that LP i is true in state i s 2 s 1 Introduction 6 Conditions for Weak Conjunctive Predicates LP i (s): the predicate LP i is true in the state s. s 2 r[i]: s occurs in the sequence r[i]. assume k n because LP i ^ LP j is just another local can predicate if LP i and LP j belong to the same process. s i, and s i and s j are incomparable for i 6= j. d t t d - t d d - - d s k t d - A consistent cut

7 Introduction 7 of Weak Conjunctive Predicates: Centralized Detection Algorithm One process serves as a checker. Other processes : non-checker processes. Each non-checker maintains its local lcmvector (last causal message process vector). For P j, lcmvector[i] (i 6= j) is the message id of the most message from P i (to anybody) which has a causal recent relationship to P j. lcmvector[j] for the process P j is the next message id that j will use. P e e e u u u e u -. U Local Snapshot

8 :lcmvector[i]:=max(lcmvector[i], msg lcmvector[i]); 8i Upon (local pred = true)^ rstag do 2 Introduction 8 Algorithm: Non-checker processes var array [1..n] of integer; lcmvector: 8i : i 6= id :lcmvector[i] = 0; init = 1; lcmvector[id] boolean init true; rstag: pred: Boolean Expression; local For sending do 2 (prog, lcmvector, : : : ); send ; rstag:=true; lcmvector[id]++ Upon receive (prog, msg lcmvector, : : : ) do 2 := false; rstag (dbg, lcmvector) to the checker process; send

9 s 0 i s 0 j s i s j P i P j Introduction 9 Optimization to send the lcmvector once after each message is sent Sucient of the number of messages received. irrespective local(s) denote that the local predicate is true in state s. first(s): the local predicate is true for the rst time since most recently sent message. the wcp(s 1 ; s 2 ; :::; s m ): if s 1 ; s 2 ; :::s m are the states in dierent making the wcp true. processes 2 9s 1 ; :::; s m : wcp(s 1 ; s 2 ; :::s m ), Theorem 0 1 ; ::; s0 m : wcp(s0 1 ; s0 2 ; :::; s0 m ) ^ 8i : 1 i m : first(s0 i

10 Introduction 10 Complexity Space complexity: the array lcmvector and is O(n). message complexity is O(m s ) where m s is the number of messages sent. program In addition, program messages have to include time vectors. Time complexity detection of local predicates maintain time vectors (O(n)=message).

11 Introduction 11 Checker Process Incoming debug messages from processes are enqueued in appropriate queue. the assume that the checker process gets its message from any process in FIFO. 1 If the lcmvector at the head of one queue is less than the Lemma at the head of any other queue, then the smaller lcmvector lcmvector be eliminated from further consideration in checking to see if the may is satised. WCP Non-checker Process 1 Non-checker Process 2 Non-checker Process N queue 1 Checker queue N Checker Process

12 k, elem); insert(q (head(q k ) = elem) then begin if Introduction 12 Formal Description var 1 : : : q m : queue of lcmvector; q newchanged: set of f1,2,...,mg changed, Upon recv(elem) from P k do 2 := f k g; changed (changed 6= ) begin while := fg; newchanged i in changed, and j in f1,2,...,m gdo for (:empty(q i ) ^ :empty(q j )) then if begin

13 Introduction 13 Formal Description [Contd.] head(q i ) < head(q j ) then if [ fig; newchanged:=newchanged head(q j ) < head(q i ) then if [ fjg; newchanged:=newchanged /* if */ end; := newchanged; changed i in changed do deletehead(q i ); for while */ end;/* 8i : :empty(q i ) then found:=true; if /* if */ end; the set of indices for which the head of the queues changed: been updated. have 3 The above algorithm requires at most O(m 2 p) Theorem comparisons.

14 4 Any algorithm which determines whether there Theorem a set of incomparable vectors of size m in m chains of exists Case 2: p > 1 Introduction 14 Lower Bounds size at most p, makes at least pm(m? 1)=2 comparisons. Proof: 1: p = 1 Case

Detection of Strong Unstable Predicates in Distributed. Programs 1, Abstract

Detection of Strong Unstable Predicates in Distributed Programs 1, Vijay K. Garg Brian Waldecker Electrical and Computer Engineering Dept Austin Systems Center University of Texas at Austin Schlumberger