Lecture 4 Event Systems
|
|
- Abel Wells
- 5 years ago
- Views:
Transcription
1 Lecture 4 Event Systems This lecture is based on work done with Mark Bickford. Marktoberdorf Summer School, 2003
2 Formal Methods One of the major research challenges faced by computer science is providing a technology for building highly reliable software systems that perform well and evolve economically to ever-higher reliability and better performance. One approach is using formal methods, tools based on logic. They are not widely adopted. There are several approaches to improving them: More fully automated tools type checkers, model checkers, decision procedures More effective interactive tools provers 2
3 Our Experience We have worked on distributed system verification for a decade, with Ken Birman s group at Cornell. We discovered that we have accumulated sufficient knowledge that we could participate in protocol design and development at the speed of the designers and programmers. 3
4 Abstract Network Model Media Net Resources Bandwidth Resources Bandwidth Measured Frame Rate Bandwidth Bandwidth Bandwidth Bandwidth Resources Bandwidth Bandwidth Contract Bandwidth Measured Frame Rate Bandwidth Resources Contract 4
5 Concurrency Models There is an enormous literature providing models for concurrent computation and distributed systems, e.g. Petri nets, process calculi, operational semantics, domain theories, machine models (IO Automata, message automata), model theory, etc. These models support several logics of processes, e.g. temporal logics, programming logics, etc. Our work has been based on variants of Nancy Lynch s IO Automata. We presented some results in this summer school in 1999, with Jason Hickey. 5
6 Stack Model SENDER LAYER Header RECEIVER LAYER LAYER LAYER LAYER LAYER LAYER LAYER LAYER FIFO Queues BOTTOM LAYER Protocol Stack NET BOTTOM LAYER Protocol Stack LAYER Event Message 6
7 Event Systems Abstraction Specification Language State Machines System Code 7
8 Event Systems Key Concepts Type E of events abstract Type Loc of loci of events or process identifiers Type Lnk of communication links There are two kinds of events: (1) local actions and (2) receives; each can also send on links Each receive event has a unique sender Events at any locus are totally ordered, and causal order relates events among loci 8
9 Example Two-Phase Handshake S R p pl, pl, { : () } E = e E loc e = p { : (,) } Snd = e E sends el nul p { : } Rcv = e E kind e is receive on l p 9
10 Communication Diagram S R e l 1 e ' l 2 r l 1 e '' 10
11 Distributed Systems A distributed system D will be a graph G whose nodes are processes and whose links are communication channels. P 1 P 5 P 2 P 4 P 3 We will treat processes abstractly in these lectures. In our verification work we use message automata and IO Automata at the nodes. We can also imagine other abstractions e.g. active objects as well as CML or Java programs. 11
12 Executions of Distributed Systems Executions of distributed systems are event systems in a natural way. Executions are typically indexed by time, and that can be discrete, say t? N. At each moment of time, a process at i is in a state, (, ) (, ) sit mlt action,, and the links are lists of tagged messages,. At each locus i and time t, there is an ai (, t ), taken. The action can be null, no state change, no receives, hence no sends. i.e. 12
13 Fair-Fifo Executions We assume executions are fair: channels are loss-less; and fifo: messages are received in the order sent. 1. Only the process at i can send messages on links originating at i. 2. A receive action at i must be on a link whose destination is i and whose message is at the head of the queue on that link. 3. There can be null actions that leave a state unchanged between t and t Every queue is examined infinitely often, and if it is nonempty, a message is delivered. 5. The precondition of every local action is examined infinitely often and if true the action is taken. 13
14 Event Systems of Fair-Fifo Executions If w is a fair-fifo execution of a distributed system D, we can define an event system from it, Ev w. The types from D. Loc, Lnk, Kind, Tag, Id are inherited The events E are the points < it, > locus i and time t, at which a non-null action, local or receive, occurre din w. 14
15 Specifying Protocols and Systems Function specification:? x : A.? y : B. R x, y ext f : A B Protocol specification is part of a system specification. x: System ProcessSpec x ext P i i We will focus on the ProcessSpec. 15
16 Axioms Axiom 1: For every event e which sends a list of messages on link l, we can find an event e' at the destination of l at which all messages sent are received.? e: E.? l : Lnk.? e': E.? e'': E. ( '') = ( '') ( '') = ' = '' ( ') = receive e e sender e link e l e e loc e dst l Axiom 2: The predecessor function at each locus is one-to-one. = ( ')? ee, ': E. loc e loc e' ( pred e = pred e e = e' ) 16
17 Axiom 3: Axioms The causal order is strongly well-founded. ( ) f : E N. ee, ': E. e < e' f e < f e'. Axiom 4: If e is not the first event at a locus, then its predecessor is at the same location. <.? e : E. first e loc pred e = loc e Axiom 5: If e is a receive event, then the locus of the sender is the source of the link of e.? e : E. receive ( e) loc ( sender ( e) ) = src ( link ( e) ). 17
18 Axioms Axiom 6: Messages on a link are received in the order sent. ( ) ( link ( e) = link ( e' )) ( ')? ee, ': E. rcv e rcv e' ( sender e < sender e ) e < e'. Axiom 7 : By convention, for any event except the first, to say that an observable x has a value v when event e happens at the locus of e is to say that x after the predecessor of e is v. ( x when e = x after pred ( e) )? e : E. first e? x : Id. 18
19 Deriving Algorithms and Protocols Sequential program derivation from a specification: Nuprl supports extraction. ( ) p: State State.? s : State. Rsps,? s : State.? s ': State. Rss, ' ext p 19
20 Refinements for Programs? x : A.? y : B. R x, y ext x. λ cut x, zg. ( x, z) ; l ( x) g ( x, z) l ( x) (, ) x : A? y : B. R x, y ext cut x, z. ; by cut L g ( x, z) 1. x : Az, : L? y : B. R x, y ext bydo g x z x ( g x z ) : Az, : L R x,, 2. x : A L ext by l ( x ) 20
21 ?D: System.? es : ES D. by Comp 1. D : System GLoc,, Lnk 1 2 Refinements for Systems pf1( D1, es1), pf2 ( D2, es 2) Res ext Comp : pf ( D, es ) es ES D R es ext D : System G Loc Lnk 1 (,, ) 2: ( 2) 2 ( es 2) ext pf2 ( D2, es2) es ES D R
22 Event Systems es of Distributed System D For an (abstract) distributed system D, say that es is an event system of D, es? ES D, if es is the event system Ev( w) of an execution w of D. 22
23 Deriving the Two-Phase Handshake We illustrate this process by deriving a protocol for the two-phase handshake from a proof that its specification is realizable. (), :. : e1 e2 SndSl,? r RcvSl, e1 < e2 e1 < r < e2 (), :., : e1 e2 SndRl,? r1 r2 RcvRl, e1 < e2 r1 < e1 < r2 < e2 23
24 Deriving Handshake 1 One way to achieve alternation of sends and receives at S is to introduce a and stipulate that S sends only when rdy is true. When a send on l occurs, rdy Lemma 1: is set to false. boolean variable rdy For any two processes SR,, and links l, l, ( 1) & ( 1), ( 2) & dst ( l2 ) = S,& rdy in Id, src l = S dst l = Rsrc l = R we can realize an event system with the property that initially rdy = true at S. Call the realizer for Lemma 1 ES
25 Deriving Handshake 2 Lemma 2: We can find a realizer that extends such that for any non-empty type T, Infinitely often the process at S will examine its precondition rdy = true. If rdy has not changed, then the send will occur, and rdy will be set to false. Otherwise, rdy must be false at t, so some event e' after e set it to false. ES? e': ES. e < e' (? v : T. ( rdy after e' = false sends ( e l) = l val v ) rdy when e = false) e: E. rdy when e = true Proof : Qed S ', 1,, '. Call the realizer for Lemma 2 ES
26 Deriving Handshake 3 Lemma 3: such that We can find a realizer that extends ES ( 1) e: E. sends el, nil rdy after e = false. S 2 Proof : We constrain the realizer of Lemma 2 to satisfy the condition val Qed that there are no actions that send on except for the one specified in Lemma 2. Call the realizer for Lemma 3 ES 3. l 1 frame with tag 26
27 Deriving Handshake 3 Lemma 4: such that We can find a realizer that extends ( 2) e: E. rcv el, rdy after e = true. S ES 3 Proof : We add to the process at 2 S a response to any receive action on l, namely this receive will set rdy Qed Call this realizer ES 4. to true. 27
28 Lemma 5: such that Deriving Handshake 4 We can find realizers that extend ES? S e: E. rcv el, e': E. e < e' sends el, nil S Proof : We add the frame condition that only a receive on reset of rdy to false can affect rdy. l 2 or Note, rdy after e=true by Lemma 4. Execution is fair, thus the precondition of the send will be checked infinitely often, hence after e. Only a reset can change rdy to false by the frame condition, and this happens only if the send on l 1 is executed. Thus there will be an event e after e such that the send is executed. Qed Call this realizer ES 5. 28
29 Theorem 1: Proof : Deriving Handshake 4 Let e, e be send events at S on link l. Suppose e < e By Lemma 3, rdy after e = false. The only event that can 1 set rdy to true is a receive event. the only way e < e is possible is that rdy when e after e Qed 1 Any realizer extending there must be a receive event. 2 ES 5 satisfies ( Sl ) e, e : Snd. e < e r : Rcv. e < r < e 1 2 Sl, 1 2, = true e2. Thus before and 29
30 Lamport s TLA + Specification 2003 EXTENDS Naturals VARIABLES val, rdy, ack { 01, } { 01, } TypeInvariant val? Data rdy? ack? UNCHANGED { 01, } Init val? Data rdy? ack = rdy Send rdy = ack val '? Data rdy ' = 1 rdy UNCHANGED < CONSTANT ack Rcv rdy ack ack ' = 1 ack Next Send Rv c Spec Init Next val, rdy < val, rdy, ack > Data > THEOREM Spec TypeInvariant 30
A Logic of Events. Robert L. Constable Cornell University February 10, 2003
A Logic of Events Mark Bickford ORA Robert L. Constable Cornell University February 10, 2003 Abstract There is a well-established theory and practice for creating correct-by-construction functional programs
More informationKnowledge-Based Synthesis of Distributed Systems Using Event Structures
Knowledge-Based ynthesis of Distributed ystems Using Event tructures Mark Bickford Cornell University Ithaca, NY 14853 markb@cs.cornell.edu obert Constable Cornell University Ithaca, NY 14853 rc@cs.cornell.edu
More informationSyntax: form ::= A: lin j E: lin ::= 3 lin j lin ^ lin j :lin j bool lin lin is a temporal formula dened over a global sequence. bool is true in g if
Introduction 1 Goals of the lecture: Weak Conjunctive Predicates Logic for global predicates Weak conjunctive algorithm References: Garg and Waldecker 94 Syntax: form ::= A: lin j E: lin ::= 3 lin j lin
More informationSpecifying and Verifying Systems of Communicating Agents in a Temporal Action Logic
Specifying and Verifying Systems of Communicating Agents in a Temporal Action Logic Laura Giordano 1, Alberto Martelli 2, Camilla Schwind 3 1 Dipartimento di Informatica, Università del Piemonte Orientale,
More informationLogic Model Checking
Logic Model Checking Lecture Notes 10:18 Caltech 101b.2 January-March 2004 Course Text: The Spin Model Checker: Primer and Reference Manual Addison-Wesley 2003, ISBN 0-321-22862-6, 608 pgs. the assignment
More informationAlan Bundy. Automated Reasoning LTL Model Checking
Automated Reasoning LTL Model Checking Alan Bundy Lecture 9, page 1 Introduction So far we have looked at theorem proving Powerful, especially where good sets of rewrite rules or decision procedures have
More informationThe Underlying Semantics of Transition Systems
The Underlying Semantics of Transition Systems J. M. Crawford D. M. Goldschlag Technical Report 17 December 1987 Computational Logic Inc. 1717 W. 6th St. Suite 290 Austin, Texas 78703 (512) 322-9951 1
More informationFormal Verification of Mobile Network Protocols
Dipartimento di Informatica, Università di Pisa, Italy milazzo@di.unipi.it Pisa April 26, 2005 Introduction Modelling Systems Specifications Examples Algorithms Introduction Design validation ensuring
More informationUniversity of Surrey. Bounded Retransmission in Event-B CSP: A Case Study. Steve Schneider, Helen Treharne and Heike Wehrheim
University of Surrey Bounded Retransmission in Event-B CSP: A Case Study Department of Computing Steve Schneider, Helen Treharne and Heike Wehrheim March 21 st 2011 Computing Sciences Report CS-11-04 Bounded
More informationFinite-State Model Checking
EECS 219C: Computer-Aided Verification Intro. to Model Checking: Models and Properties Sanjit A. Seshia EECS, UC Berkeley Finite-State Model Checking G(p X q) Temporal logic q p FSM Model Checker Yes,
More information7. Queueing Systems. 8. Petri nets vs. State Automata
Petri Nets 1. Finite State Automata 2. Petri net notation and definition (no dynamics) 3. Introducing State: Petri net marking 4. Petri net dynamics 5. Capacity Constrained Petri nets 6. Petri net models
More informationDesign of Distributed Systems Melinda Tóth, Zoltán Horváth
Design of Distributed Systems Melinda Tóth, Zoltán Horváth Design of Distributed Systems Melinda Tóth, Zoltán Horváth Publication date 2014 Copyright 2014 Melinda Tóth, Zoltán Horváth Supported by TÁMOP-412A/1-11/1-2011-0052
More informationBounded Retransmission in Event-B CSP: a Case Study
Available online at www.sciencedirect.com Electronic Notes in Theoretical Computer Science 280 (2011) 69 80 www.elsevier.com/locate/entcs Bounded Retransmission in Event-B CSP: a Case Study Steve Schneider
More informationEffectively Nonblocking Consensus Procedures Can Execute Forever a Constructive Version of FLP
Effectively Nonblocking Consensus Procedures Can Execute Forever a Constructive Version of FLP Robert L. Constable Cornell University July 17, 2008 1 Abstract The Fischer-Lynch-Paterson theorem (FLP) says
More informationSFM-11:CONNECT Summer School, Bertinoro, June 2011
SFM-:CONNECT Summer School, Bertinoro, June 20 EU-FP7: CONNECT LSCITS/PSS VERIWARE Part 3 Markov decision processes Overview Lectures and 2: Introduction 2 Discrete-time Markov chains 3 Markov decision
More informationFormal Verification Techniques. Riccardo Sisto, Politecnico di Torino
Formal Verification Techniques Riccardo Sisto, Politecnico di Torino State exploration State Exploration and Theorem Proving Exhaustive exploration => result is certain (correctness or noncorrectness proof)
More informationPractical State Machines for Computer Software and Engineering
Practical State Machines for Computer Software and Engineering Victor Yodaiken January 7, 2016 Abstract This paper introduces methods for describing properties of possibly very large state machines in
More informationTableau-Based Automata Construction for Dynamic Linear Time Temporal Logic
Tableau-Based Automata Construction for Dynamic Linear Time Temporal Logic Laura Giordano Università del Piemonte Orientale Alessandria, Italy laura@mfn.unipmn.it Alberto Martelli Università di Torino
More informationAgreement. Today. l Coordination and agreement in group communication. l Consensus
Agreement Today l Coordination and agreement in group communication l Consensus Events and process states " A distributed system a collection P of N singlethreaded processes w/o shared memory Each process
More informationIntroduction. Pedro Cabalar. Department of Computer Science University of Corunna, SPAIN 2013/2014
Introduction Pedro Cabalar Department of Computer Science University of Corunna, SPAIN cabalar@udc.es 2013/2014 P. Cabalar ( Department Introduction of Computer Science University of Corunna, SPAIN2013/2014
More informationMulti-Message Broadcast with Abstract MAC Layers and Unreliable Links
Multi-Message Broadcast with Abstract MAC Layers and Unreliable Links Mohsen Ghaffari MIT ghaffari@csail.mit.edu Erez Kantor MIT erezk@csail.mit.edu Calvin Newport Georgetown University cnewport@cs.georgetown.edu
More informationModeling and Analysis of Communicating Systems
Modeling and Analysis of Communicating Systems Lecture 5: Sequential Processes Jeroen Keiren and Mohammad Mousavi j.j.a.keiren@vu.nl and m.r.mousavi@hh.se Halmstad University March 2015 Outline Motivation
More informationConsistent Global States of Distributed Systems: Fundamental Concepts and Mechanisms. CS 249 Project Fall 2005 Wing Wong
Consistent Global States of Distributed Systems: Fundamental Concepts and Mechanisms CS 249 Project Fall 2005 Wing Wong Outline Introduction Asynchronous distributed systems, distributed computations,
More informationDistributed Algorithms (CAS 769) Dr. Borzoo Bonakdarpour
Distributed Algorithms (CAS 769) Week 1: Introduction, Logical clocks, Snapshots Dr. Borzoo Bonakdarpour Department of Computing and Software McMaster University Dr. Borzoo Bonakdarpour Distributed Algorithms
More informationCS3110 Spring 2017 Lecture 21: Distributed Computing with Functional Processes
CS3110 Spring 2017 Lecture 21: Distributed Computing with Functional Processes Robert Constable Date for Due Date PS6 Out on April 24 May 8 (day of last lecture) 1 Introduction In the next two lectures,
More informationA Brief Introduction to Model Checking
A Brief Introduction to Model Checking Jan. 18, LIX Page 1 Model Checking A technique for verifying finite state concurrent systems; a benefit on this restriction: largely automatic; a problem to fight:
More informationThe State Explosion Problem
The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis
More informationAutomatic Synthesis of Distributed Protocols
Automatic Synthesis of Distributed Protocols Rajeev Alur Stavros Tripakis 1 Introduction Protocols for coordination among concurrent processes are an essential component of modern multiprocessor and distributed
More informationMAD. Models & Algorithms for Distributed systems -- 2/5 -- download slides at
MAD Models & Algorithms for Distributed systems -- /5 -- download slides at http://people.rennes.inria.fr/eric.fabre/ 1 Today Runs/executions of a distributed system are partial orders of events We introduce
More informationModeling Concurrent Systems
Modeling Concurrent Systems Wolfgang Schreiner Wolfgang.Schreiner@risc.uni-linz.ac.at Research Institute for Symbolic Computation (RISC) Johannes Kepler University, Linz, Austria http://www.risc.uni-linz.ac.at
More informationEDA045F: Program Analysis LECTURE 10: TYPES 1. Christoph Reichenbach
EDA045F: Program Analysis LECTURE 10: TYPES 1 Christoph Reichenbach In the last lecture... Performance Counters Challenges in Dynamic Performance Analysis Taint Analysis Binary Instrumentation 2 / 44 Types
More informationThe Leader Election Protocol (IEEE 1394)
The Leader Election Protocol (IEEE 1394) J.R. Abrial, D. Cansell, D. Méry July 2002 This Session - Background :-) - An informal presentation of the protocol :-) - Step by step formal design :- - Short
More informationAsynchronous Models For Consensus
Distributed Systems 600.437 Asynchronous Models for Consensus Department of Computer Science The Johns Hopkins University 1 Asynchronous Models For Consensus Lecture 5 Further reading: Distributed Algorithms
More informationAbstractions and Decision Procedures for Effective Software Model Checking
Abstractions and Decision Procedures for Effective Software Model Checking Prof. Natasha Sharygina The University of Lugano, Carnegie Mellon University Microsoft Summer School, Moscow, July 2011 Lecture
More informationImpossibility of Distributed Consensus with One Faulty Process
Impossibility of Distributed Consensus with One Faulty Process Journal of the ACM 32(2):374-382, April 1985. MJ Fischer, NA Lynch, MS Peterson. Won the 2002 Dijkstra Award (for influential paper in distributed
More informationInteger Linear Programming Based Property Checking for Asynchronous Reactive Systems
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING 1 Integer Linear Programming Based Property Checking for Asynchronous Reactive Systems Stefan Leue Department of Computer and Information Science University of
More informationModel Checking of Systems Employing Commutative Functions
Model Checking of Systems Employing Commutative Functions A. Prasad Sistla, Min Zhou, and Xiaodong Wang University of Illinois at Chicago Abstract. The paper presents methods for model checking a class
More informationNCS Lecture 11 Distributed Computation for Cooperative Control. Richard M. Murray (Caltech) and Erik Klavins (U. Washington) 17 March 2008
NCS Lecture 11 Distributed Computation for Cooperative Control Richard M. Murray (Caltech) and Erik Klavins (U. Washington) 17 March 2008 Goals: Describe methods for modeling and analyzing distributed
More informationTECHNICAL REPORT YL DISSECTING ZAB
TECHNICAL REPORT YL-2010-0007 DISSECTING ZAB Flavio Junqueira, Benjamin Reed, and Marco Serafini Yahoo! Labs 701 First Ave Sunnyvale, CA 94089 {fpj,breed,serafini@yahoo-inc.com} Bangalore Barcelona Haifa
More informationFormal Methods for Specifying and Verifying Distributed Algorithms Process Algebra vs I/O Automata
Formal Methods for Specifying and Verifying Distributed Algorithms Process Algebra vs I/O Automata Marina Gelastou, Chryssis Georgiou and Anna Philippou Department of Computer Science, University of Cyprus,
More informationVariations on Itai-Rodeh Leader Election for Anonymous Rings and their Analysis in PRISM
Variations on Itai-Rodeh Leader Election for Anonymous Rings and their Analysis in PRISM Wan Fokkink (Vrije Universiteit, Section Theoretical Computer Science CWI, Embedded Systems Group Amsterdam, The
More information6.045J/18.400J: Automata, Computability and Complexity. Quiz 2. March 30, Please write your name in the upper corner of each page.
6.045J/18.400J: Automata, Computability and Complexity March 30, 2005 Quiz 2 Prof. Nancy Lynch Please write your name in the upper corner of each page. Problem Score 1 2 3 4 5 6 Total Q2-1 Problem 1: True
More informationRequirements Validation. Content. What the standards say (*) ?? Validation, Verification, Accreditation!! Correctness and completeness
Requirements Validation Requirements Management Requirements Validation?? Validation, Verification, Accreditation!! Check if evrything is OK With respect to what? Mesurement associated with requirements
More informationA brief history of model checking. Ken McMillan Cadence Berkeley Labs
A brief history of model checking Ken McMillan Cadence Berkeley Labs mcmillan@cadence.com Outline Part I -- Introduction to model checking Automatic formal verification of finite-state systems Applications
More informationSemantic Equivalences and the. Verification of Infinite-State Systems 1 c 2004 Richard Mayr
Semantic Equivalences and the Verification of Infinite-State Systems Richard Mayr Department of Computer Science Albert-Ludwigs-University Freiburg Germany Verification of Infinite-State Systems 1 c 2004
More informationAxiomatic Semantics. Operational semantics. Good for. Not good for automatic reasoning about programs
Review Operational semantics relatively l simple many flavors (small vs. big) not compositional (rule for while) Good for describing language implementation reasoning about properties of the language eg.
More informationHelsinki University of Technology Laboratory for Theoretical Computer Science Research Reports 66
Helsinki University of Technology Laboratory for Theoretical Computer Science Research Reports 66 Teknillisen korkeakoulun tietojenkäsittelyteorian laboratorion tutkimusraportti 66 Espoo 2000 HUT-TCS-A66
More informationModels for Efficient Timed Verification
Models for Efficient Timed Verification François Laroussinie LSV / ENS de Cachan CNRS UMR 8643 Monterey Workshop - Composition of embedded systems Model checking System Properties Formalizing step? ϕ Model
More informationFirst-order resolution for CTL
First-order resolution for Lan Zhang, Ullrich Hustadt and Clare Dixon Department of Computer Science, University of Liverpool Liverpool, L69 3BX, UK {Lan.Zhang, U.Hustadt, CLDixon}@liverpool.ac.uk Abstract
More informationarxiv: v2 [cs.dc] 18 Feb 2015
Consensus using Asynchronous Failure Detectors Nancy Lynch CSAIL, MIT Srikanth Sastry CSAIL, MIT arxiv:1502.02538v2 [cs.dc] 18 Feb 2015 Abstract The FLP result shows that crash-tolerant consensus is impossible
More informationLinear Temporal Logic and Büchi Automata
Linear Temporal Logic and Büchi Automata Yih-Kuen Tsay Department of Information Management National Taiwan University FLOLAC 2009 Yih-Kuen Tsay (SVVRL @ IM.NTU) Linear Temporal Logic and Büchi Automata
More informationAutomata-Theoretic Model Checking of Reactive Systems
Automata-Theoretic Model Checking of Reactive Systems Radu Iosif Verimag/CNRS (Grenoble, France) Thanks to Tom Henzinger (IST, Austria), Barbara Jobstmann (CNRS, Grenoble) and Doron Peled (Bar-Ilan University,
More informationSoftware Verification using Predicate Abstraction and Iterative Refinement: Part 1
using Predicate Abstraction and Iterative Refinement: Part 1 15-414 Bug Catching: Automated Program Verification and Testing Sagar Chaki November 28, 2011 Outline Overview of Model Checking Creating Models
More informationHigh Performance Computing
Master Degree Program in Computer Science and Networking, 2014-15 High Performance Computing 2 nd appello February 11, 2015 Write your name, surname, student identification number (numero di matricola),
More informationThe Weakest Failure Detector to Solve Mutual Exclusion
The Weakest Failure Detector to Solve Mutual Exclusion Vibhor Bhatt Nicholas Christman Prasad Jayanti Dartmouth College, Hanover, NH Dartmouth Computer Science Technical Report TR2008-618 April 17, 2008
More informationPerformance Analysis of ARQ Protocols using a Theorem Prover
Performance Analysis of ARQ Protocols using a Theorem Prover Osman Hasan Sofiene Tahar Hardware Verification Group Concordia University Montreal, Canada ISPASS 2008 Objectives n Probabilistic Theorem Proving
More informationTimo Latvala. March 7, 2004
Reactive Systems: Safety, Liveness, and Fairness Timo Latvala March 7, 2004 Reactive Systems: Safety, Liveness, and Fairness 14-1 Safety Safety properties are a very useful subclass of specifications.
More informationTheoretical Foundations of the UML
Theoretical Foundations of the UML Lecture 17+18: A Logic for MSCs Joost-Pieter Katoen Lehrstuhl für Informatik 2 Software Modeling and Verification Group moves.rwth-aachen.de/teaching/ws-1718/fuml/ 5.
More informationAsynchronous Communication 2
Asynchronous Communication 2 INF4140 22.11.12 Lecture 11 INF4140 (22.11.12) Asynchronous Communication 2 Lecture 11 1 / 37 Overview: Last time semantics: histories and trace sets specification: invariants
More information6.852: Distributed Algorithms Fall, Class 10
6.852: Distributed Algorithms Fall, 2009 Class 10 Today s plan Simulating synchronous algorithms in asynchronous networks Synchronizers Lower bound for global synchronization Reading: Chapter 16 Next:
More informationEvent Operators: Formalization, Algorithms, and Implementation Using Interval- Based Semantics
Department of Computer Science and Engineering University of Texas at Arlington Arlington, TX 76019 Event Operators: Formalization, Algorithms, and Implementation Using Interval- Based Semantics Raman
More informationDecomposing Specifications of Concurrent Systems
327 Decomposing Specifications of Concurrent Systems Martín Abadi and Leslie Lamport Systems Research Center, Digital Equipment Corporation 130 Lytton Avenue, Palo Alto, CA 94301, U.S.A. We introduce a
More informationUsing Patterns and Composite Propositions to Automate the Generation of Complex LTL Specifications
Using Patterns and Composite Propositions to Automate the Generation of Complex LTL Specifications Salamah Salamah, Ann Q. Gates, Vladik Kreinovich, and Steve Roach Dept. of Computer Science, University
More informationCausality Interfaces and Compositional Causality Analysis
Causality Interfaces and Compositional Causality Analysis Edward A. Lee Haiyang Zheng Ye Zhou {eal,hyzheng,zhouye}@eecs.berkeley.edu Center for Hybrid and Embedded Software Systems (CHESS) Department of
More informationSlides for Chapter 14: Time and Global States
Slides for Chapter 14: Time and Global States From Coulouris, Dollimore, Kindberg and Blair Distributed Systems: Concepts and Design Edition 5, Addison-Wesley 2012 Overview of Chapter Introduction Clocks,
More informationDistributed Systems Principles and Paradigms. Chapter 06: Synchronization
Distributed Systems Principles and Paradigms Maarten van Steen VU Amsterdam, Dept. Computer Science Room R4.20, steen@cs.vu.nl Chapter 06: Synchronization Version: November 16, 2009 2 / 39 Contents Chapter
More informationOverview. 1 Lecture 1: Introduction. 2 Lecture 2: Message Sequence Charts. Joost-Pieter Katoen Theoretical Foundations of the UML 1/32
Overview 1 Lecture 1: Introduction 2 Lecture 2: Message Sequence Charts Joost-Pieter Katoen Theoretical Foundations of the UML 1/32 Theoretical Foundations of the UML Lecture 1: Introduction Joost-Pieter
More informationLecture 16: Computation Tree Logic (CTL)
Lecture 16: Computation Tree Logic (CTL) 1 Programme for the upcoming lectures Introducing CTL Basic Algorithms for CTL CTL and Fairness; computing strongly connected components Basic Decision Diagrams
More informationDistributed Algorithms Time, clocks and the ordering of events
Distributed Algorithms Time, clocks and the ordering of events Alberto Montresor University of Trento, Italy 2016/04/26 This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International
More informationCOMP2111 Glossary. Kai Engelhardt. Contents. 1 Symbols. 1 Symbols 1. 2 Hoare Logic 3. 3 Refinement Calculus 5. rational numbers Q, real numbers R.
COMP2111 Glossary Kai Engelhardt Revision: 1.3, May 18, 2018 Contents 1 Symbols 1 2 Hoare Logic 3 3 Refinement Calculus 5 1 Symbols Booleans B = {false, true}, natural numbers N = {0, 1, 2,...}, integers
More informationThe TLA + proof system
The TLA + proof system Stephan Merz Kaustuv Chaudhuri, Damien Doligez, Leslie Lamport INRIA Nancy & INRIA-MSR Joint Centre, France Amir Pnueli Memorial Symposium New York University, May 8, 2010 Stephan
More informationModel Checking: An Introduction
Model Checking: An Introduction Meeting 3, CSCI 5535, Spring 2013 Announcements Homework 0 ( Preliminaries ) out, due Friday Saturday This Week Dive into research motivating CSCI 5535 Next Week Begin foundations
More information6.852: Distributed Algorithms Fall, Class 8
6.852: Distributed Algorithms Fall, 2009 Class 8 Today s plan Basic asynchronous system model, continued Hierarchical proofs Safety and liveness properties Asynchronous networks Asynchronous network algorithms:
More informationSynchronized Petri Net: A Formal Specification Model for Multi Agent Systems
JOURNAL OF SOFTWARE, VOL. 8, NO. 3, MARCH 2013 587 Synchronized Petri Net: A Formal Specification Model for Multi Agent Systems Sofia Kouah University of Oum El-Bouaghi, Algeria MISC Laboratory, University
More informationNotes on BAN Logic CSG 399. March 7, 2006
Notes on BAN Logic CSG 399 March 7, 2006 The wide-mouthed frog protocol, in a slightly different form, with only the first two messages, and time stamps: A S : A, {T a, B, K ab } Kas S B : {T s, A, K ab
More informationA note on the attractor-property of infinite-state Markov chains
A note on the attractor-property of infinite-state Markov chains Christel Baier a, Nathalie Bertrand b, Philippe Schnoebelen b a Universität Bonn, Institut für Informatik I, Germany b Lab. Specification
More information11.1 Temporal Logic for Specification and Verification
Temporal Logic In classical logic, the predicate P in if P (P Q) then Q retains its truth value even after Q has been derived. In other words, in classical logic the truth of a formula is static. However,
More informationTime and Timed Petri Nets
Time and Timed Petri Nets Serge Haddad LSV ENS Cachan & CNRS & INRIA haddad@lsv.ens-cachan.fr DISC 11, June 9th 2011 1 Time and Petri Nets 2 Timed Models 3 Expressiveness 4 Analysis 1/36 Outline 1 Time
More informationMechanizing a Process Algebra for Network Protocols
Submitted to Journal of Automated Reasoning October 2015 Mechanizing a Process Algebra for Network Protocols Timothy Bourke Robert J. van Glabbeek Peter Höfner Abstract This paper presents the mechanization
More informationThe Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security
The Expressivity of Universal Timed CCP: Undecidability of Monadic FLTL and Closure Operators for Security Carlos Olarte and Frank D. Valencia INRIA /CNRS and LIX, Ecole Polytechnique Motivation Concurrent
More informationDistributed Systems Principles and Paradigms
Distributed Systems Principles and Paradigms Chapter 6 (version April 7, 28) Maarten van Steen Vrije Universiteit Amsterdam, Faculty of Science Dept. Mathematics and Computer Science Room R4.2. Tel: (2)
More informationFormal Methods for Java
Formal Methods for Java Lecture 12: Soundness of Sequent Calculus Jochen Hoenicke Software Engineering Albert-Ludwigs-University Freiburg June 12, 2017 Jochen Hoenicke (Software Engineering) Formal Methods
More informationTemporal Logic of Actions
Advanced Topics in Distributed Computing Dominik Grewe Saarland University March 20, 2008 Outline Basic Concepts Transition Systems Temporal Operators Fairness Introduction Definitions Example TLC - A
More informationConjoining Specifications
Conjoining Specifications Martín Abadi and Leslie Lamport 3 November 1995 This is a revised version of SRC Research Report 118. It will appear in ACM Transactions on Programming Languages and Systems.
More informationSeamless Model Driven Development and Tool Support for Embedded Software-Intensive Systems
Seamless Model Driven Development and Tool Support for Embedded Software-Intensive Systems Computer Journal Lecture - 22nd June 2009 Manfred Broy Technische Universität München Institut für Informatik
More informationInformation System Design IT60105
n IT60105 Lecture 13 Statechart Diagrams Lecture #13 What is a Statechart diagram? Basic components in a state-chart diagram and their notations Examples: Process Order in OLP system What is a Statechart
More informationLectures on Separation Logic. Lecture 2: Foundations
Lectures on Separation Logic. Lecture 2: Foundations Peter O Hearn Queen Mary, University of London Marktoberdorf Summer School, 2011 Outline for this lecture Part I : Assertions and Their Semantics Part
More informationRealizability and Verification of MSC Graphs
Realizability and Verification of MSC Graphs Rajeev Alur a,1 a Department of Computer and Information Science, University of Pennsylvania Kousha Etessami b b Bell Laboratories, Lucent Technologies Mihalis
More informationAutomata-based Verification - III
COMP30172: Advanced Algorithms Automata-based Verification - III Howard Barringer Room KB2.20: email: howard.barringer@manchester.ac.uk March 2009 Third Topic Infinite Word Automata Motivation Büchi Automata
More information(INTER-)ACTION REFINEMENT: THE EASY WAY 1
(INTER-)ACTION REFINEMENT: THE EASY WAY 1 Manfred Broy Institut für Informatik Technische Universität München Postfach 20 24 20, 8 München 2, Germany Abstract We outline and illustrate a formal concept
More informationA Short Introduction to Hoare Logic
A Short Introduction to Hoare Logic Supratik Chakraborty I.I.T. Bombay June 23, 2008 Supratik Chakraborty (I.I.T. Bombay) A Short Introduction to Hoare Logic June 23, 2008 1 / 34 Motivation Assertion checking
More informationDiscrete Event Systems Exam
Computer Engineering and Networks Laboratory TEC, NSG, DISCO HS 2016 Prof. L. Thiele, Prof. L. Vanbever, Prof. R. Wattenhofer Discrete Event Systems Exam Friday, 3 rd February 2017, 14:00 16:00. Do not
More informationClocks in Asynchronous Systems
Clocks in Asynchronous Systems The Internet Network Time Protocol (NTP) 8 Goals provide the ability to externally synchronize clients across internet to UTC provide reliable service tolerating lengthy
More informationDynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics
Dynamic Semantics Operational Semantics Denotational Semantic Dynamic Semantics Operational Semantics Operational Semantics Describe meaning by executing program on machine Machine can be actual or simulated
More informationDistributed Computing. Synchronization. Dr. Yingwu Zhu
Distributed Computing Synchronization Dr. Yingwu Zhu Topics to Discuss Physical Clocks Logical Clocks: Lamport Clocks Classic paper: Time, Clocks, and the Ordering of Events in a Distributed System Lamport
More informationProcess Algebras and Concurrent Systems
Process Algebras and Concurrent Systems Rocco De Nicola Dipartimento di Sistemi ed Informatica Università di Firenze Process Algebras and Concurrent Systems August 2006 R. De Nicola (DSI-UNIFI) Process
More informationSimulation of Spiking Neural P Systems using Pnet Lab
Simulation of Spiking Neural P Systems using Pnet Lab Venkata Padmavati Metta Bhilai Institute of Technology, Durg vmetta@gmail.com Kamala Krithivasan Indian Institute of Technology, Madras kamala@iitm.ac.in
More informationPart I. Principles and Techniques
Introduction to Formal Methods Part I. Principles and Techniques Lecturer: JUNBEOM YOO jbyoo@konkuk.ac.kr Introduction Text System and Software Verification : Model-Checking Techniques and Tools In this
More informationDistributed Algorithms
Distributed Algorithms December 17, 2008 Gerard Tel Introduction to Distributed Algorithms (2 nd edition) Cambridge University Press, 2000 Set-Up of the Course 13 lectures: Wan Fokkink room U342 email:
More informationSMV the Symbolic Model Verifier. Example: the alternating bit protocol. LTL Linear Time temporal Logic
Model Checking (I) SMV the Symbolic Model Verifier Example: the alternating bit protocol LTL Linear Time temporal Logic CTL Fixed Points Correctness Slide 1 SMV - Symbolic Model Verifier SMV - Symbolic
More information