ensuring liveness properties of distributed systems
play

Ensuring Liveness Properties of Distributed Systems (A Research - PowerPoint PPT Presentation

Feb 28, 2023 •573 likes •878 views

Ensuring Liveness Properties of Distributed Systems (A Research Agenda) Rob van Glabbeek Data61, CSIRO, Sydney, Australia University of New South Wales, Sydney, Australia September 2016 Distributed Systems systems consisting of multiple

  1. Ensuring Liveness Properties of Distributed Systems (A Research Agenda) Rob van Glabbeek Data61, CSIRO, Sydney, Australia University of New South Wales, Sydney, Australia September 2016

  2. Distributed Systems systems consisting of multiple components that interact with each other ◮ distributed databases ◮ communication networks ◮ many operating systems ◮ industrial control systems ◮ a bank with a network of teller machines ◮ a group of people organising a workshop ◮ workflow of a publisher ◮ an airline ◮ etc., etc. Harder to think of anything that isn’t a distributed system.

  3. How to ensure their correct working? Formal methods

  4. How to ensure their correct working? Formal methods ◮ Specification formalisms ◮ for the intended requirements of a distributed system what should it accomplish? e.g. Temporal Logic (LTL, CTL)

  5. How to ensure their correct working? Formal methods ◮ Specification formalisms ◮ for the intended requirements of a distributed system what should it accomplish? e.g. Temporal Logic (LTL, CTL) ◮ for the intended behaviour of a distributed system how does it do that? e.g. Process algebra, Petri nets

  6. How to ensure their correct working? Formal methods ◮ Specification formalisms ◮ for the intended requirements of a distributed system what should it accomplish? e.g. Temporal Logic (LTL, CTL) ◮ for the intended behaviour of a distributed system how does it do that? e.g. Process algebra, Petri nets ◮ Tools and analysis methods to study and reason about vital properties of the system e.g. (statistical) model checking

  7. How to ensure their correct working? Formal methods ◮ Specification formalisms ◮ for the intended requirements of a distributed system what should it accomplish? e.g. Temporal Logic (LTL, CTL) ◮ for the intended behaviour of a distributed system how does it do that? e.g. Process algebra, Petri nets ◮ Tools and analysis methods to study and reason about vital properties of the system e.g. (statistical) model checking ◮ Mathematically rigorous methods to verify that 1. a system specification ensures the required properties 2. an implementation meets the specification. Formal proofs - manual, automatic or interactive

  8. How to ensure their correct working? Formal methods Alternatives

  9. How to ensure their correct working? Formal methods Alternatives ◮ Specification methods descriptions in English or other natural languages riddled with ambiguities, contradictions and under-specification.

  10. How to ensure their correct working? Formal methods Alternatives ◮ Specification methods descriptions in English or other natural languages riddled with ambiguities, contradictions and under-specification. ◮ Tools and analysis methods to study and reason about vital properties of the system ◮ Simulation ◮ Test-bed experiments

  11. How to ensure their correct working? Formal methods Alternatives ◮ Specification methods descriptions in English or other natural languages riddled with ambiguities, contradictions and under-specification. ◮ Tools and analysis methods to study and reason about vital properties of the system ◮ Simulation ◮ Test-bed experiments - important and valid methods for system evaluation

  12. How to ensure their correct working? Formal methods Alternatives ◮ Specification methods descriptions in English or other natural languages riddled with ambiguities, contradictions and under-specification. ◮ Tools and analysis methods to study and reason about vital properties of the system ◮ Simulation ◮ Test-bed experiments - important and valid methods for system evaluation - resource-intensive and time-consuming

  13. How to ensure their correct working? Formal methods Alternatives ◮ Specification methods descriptions in English or other natural languages riddled with ambiguities, contradictions and under-specification. ◮ Tools and analysis methods to study and reason about vital properties of the system ◮ Simulation ◮ Test-bed experiments - important and valid methods for system evaluation - resource-intensive and time-consuming - No general guarantees about correct system behaviour for a wide range of unpredictable deployment scenarios.

  14. How to ensure their correct working? Formal methods Alternatives ◮ Specification methods descriptions in English or other natural languages riddled with ambiguities, contradictions and under-specification. ◮ Tools and analysis methods to study and reason about vital properties of the system ◮ Simulation ◮ Test-bed experiments - important and valid methods for system evaluation - resource-intensive and time-consuming - No general guarantees about correct system behaviour for a wide range of unpredictable deployment scenarios. ◮ Verification None

  15. Process algebra and related formalisms ◮ algebraic languages for the specification of processes ◮ algebraic laws to reason about processes ◮ induction principles to derive behaviours of infinite systems Mayor toolsets that have been successfully applied to the specification and verification of industrial size distributed systems: Equivalence checking Model Refinement checking Other CADP INRIA � � mCRL2 Eindhoven � � FDR Oxford � � TLA Microsoft � SPIN Bell Labs � UPPAAL Aalborg & Uppsala � PRISM Oxford � Psi-calculi workbench Uppsala � � LOTOS, XEludo, PSF, Concurrency workbench, FC2tools, Xeve, Circal, XVersa, SMV, NuSMV, XMC, Mur φ , COSPAN, STeP, Kronos, SGM.

  16. Crucial correctness properties of systems Safety Something bad will never happen. Liveness Something good will happen eventually.

  17. Crucial correctness properties of systems Safety Something bad will never happen. Liveness Something good will happen eventually. Whether a liveness property holds often depends on underlying fairness assumptions one chooses to make.

  18. Fairness assumptions Weak fairness If a task, from some point onwards, is perpetually enabled (meaning in each state) it will eventually be scheduled. Strong fairness If a task is enabled infinitely often, but allowing interruptions during which it is not enabled, it will eventually be scheduled.

  19. Fairness Strong or weak fairness can be ◮ indispensable for certain applications, such as a correctness proof of the alternating bit protocol. ◮ patently wrong when used where not appropriate. E with E def = a . E + b . 0.

  20. Fairness Strong or weak fairness can be ◮ indispensable for certain applications, such as a correctness proof of the alternating bit protocol. ◮ patently wrong when used where not appropriate. E with E def = a . E + b . 0. ◮ could be a spec. of a mobile phone ◮ b is a successful dialing attempt ◮ a is an unsuccessful dialing attempt. Fairness amounts to saying that if you try often enough, dialing will succeed.

  21. Fairness Strong or weak fairness can be ◮ indispensable for certain applications, such as a correctness proof of the alternating bit protocol. ◮ patently wrong when used where not appropriate. E with E def = a . E + b . 0. ◮ could be a spec. of a mobile phone ◮ b is a successful dialing attempt ◮ a is an unsuccessful dialing attempt. Fairness amounts to saying that if you try often enough, dialing will succeed. ◮ This is wishful thinking. The real world is not fair.

  22. Crucial question How to ensure liveness properties of distributed system without (weak or strong) fairness assumptions?

  23. Incompatibility of bisimulation equivalence and liveness x := 1 � repeat y := y + 1 forever ( P ) Program P is the parallel composition of two non-interacting processes, one of which sets the variable x to 1 , and the other repeatedly increments a variable y. I assume that both variables x and y are initialised to 0 . ( Q ) repeat case if True then y:=y+1 fi if x = 0 then x:=1 fi end forever The programs P and Q are strongly bisimilar; both can be represented by means of the following labelled transition system: x := 1 y := y + 1 y := y + 1

  24. Incompatibility of bisimulation equivalence and liveness P | = AF ( y = 7) ? A: Q | = AF ( y = 7) ? A: Q | = AF ( x = 1) ? A: P | = AF ( x = 1) ? A:

  25. Incompatibility of bisimulation equivalence and liveness P | = AF ( y = 7) ? A: Only when assuming progress . Q | = AF ( y = 7) ? A: Q | = AF ( x = 1) ? A: P | = AF ( x = 1) ? A:

  26. Incompatibility of bisimulation equivalence and liveness P | = AF ( y = 7) ? A: Only when assuming progress . Q | = AF ( y = 7) ? A: Same answer. Q | = AF ( x = 1) ? A: P | = AF ( x = 1) ? A:

  27. Incompatibility of bisimulation equivalence and liveness P | = AF ( y = 7) ? A: Only when assuming progress . Q | = AF ( y = 7) ? A: Same answer. Q | = AF ( x = 1) ? A: Only when assuming (strong or weak) fairness . P | = AF ( x = 1) ? A:

  28. Incompatibility of bisimulation equivalence and liveness P | = AF ( y = 7) ? A: Only when assuming progress . Q | = AF ( y = 7) ? A: Same answer. Q | = AF ( x = 1) ? A: Only when assuming (strong or weak) fairness . P | = AF ( x = 1) ? A: Yes, when assuming justness (or strong progress ).

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work

On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work

On proving liveness properties of programs Alexey Gotsman University of Cambridge joint work with Byron Cook, Andreas Podelski, and Andrey Rybalchenko BCTCS06, 6 April 2006 State-of-the-art Systems Model checking Abstraction Properties

484 views • 13 slides
COMP31212: Concurrency Topic 5.3: Liveness and Topic 5.4 Fairness Topic 5.3: Liveness Properties

COMP31212: Concurrency Topic 5.3: Liveness and Topic 5.4 Fairness Topic 5.3: Liveness Properties

Topic 5.3: Liveness Properties Topic 5.4: Fairness and Starvation COMP31212: Concurrency Topic 5.3: Liveness and Topic 5.4 Fairness Topic 5.3: Liveness Properties Topic 5.4: Fairness and Starvation Outline Topic 5.3: Liveness Properties

509 views • 34 slides
Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties

Liveness Checking as Safety Checking to Find Shortest Counterexamples to Linear Time Properties Viktor Schuppan Computer Systems Institute, ETH Z urich http://www.inf.ethz.ch/schuppan/ Defense Thesis ETH 16268 September 28, 2005, Z

382 views • 19 slides
Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner

Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner

Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner Alexander Ivrii Ziv Nevo IBM Outline Generalized counterexamples to liveness and why they are especially interesting How to detect that a

135 views • 12 slides
Consistency in Distributed Systems Recall the fundamental DS properties DS may be large in

Consistency in Distributed Systems Recall the fundamental DS properties DS may be large in

Consistency in Distributed Systems Recall the fundamental DS properties DS may be large in scale and widely distributed 1. concurrent execution of components 2. independent failure modes 3 3. t transmission delay i i d l 4. no

377 views • 21 slides
Liveness of Randomised Parameterised Systems under Arbitrary Schedulers Anthony W. Lin and

Liveness of Randomised Parameterised Systems under Arbitrary Schedulers Anthony W. Lin and

Liveness of Randomised Parameterised Systems under Arbitrary Schedulers Anthony W. Lin and Philipp Ruemmer Summary of results Automatic method for proving liveness for randomised parameterised systems, e.g., Randomised Self-Stabilising

484 views • 45 slides
Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi] Traditional distributed systems: The

Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi] Traditional distributed systems: The

Analysis and Design of Blockchains Rafael Pass Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi] Traditional distributed systems: The Permissioned Model Consistency Liveness Paxos/PBFT Traditional distributed systems: The

757 views • 53 slides
Type checking liveness properties of mobile processes Maxime Gamboni 1 Instituto de

Type checking liveness properties of mobile processes Maxime Gamboni 1 Instituto de

Type checking liveness properties of mobile processes Maxime Gamboni 1 Instituto de Telecomunica c oes, Instituto Superior T ecnico October 30, 2008 1 Joint work with Ant onio Ravara Motivation TyPiCal Receptiveness,

983 views • 59 slides
Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness

Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness

Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness property, something good eventually happens. e.g. program termination. A safety property, something bad never happens. e.g.

338 views • 16 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges

5/19/2018 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

131 views • 9 slides
Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges

Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges

5/17/2017 Distributed Systems Goals of Distributed Systems 13A. Distributed Systems: Goals & Challenges scalability and performance apps require more resources than one computer has 13B. Distributed Systems: Communication grow

572 views • 7 slides
Emergent Distributed Bio-Organization: A Framework for Achieving Emergent Properties in

Emergent Distributed Bio-Organization: A Framework for Achieving Emergent Properties in

Emergent Distributed Bio-Organization: A Framework for Achieving Emergent Properties in Unstructured Distributed Systems George Eleftherakis ( The University of Sheffield International Faculty, CITY College ) Ognen Paunovski ( South-East

427 views • 14 slides
A Timeless Model for the Verification of Quasi-Periodic Distributed Systems Maryam Dabaghchian

A Timeless Model for the Verification of Quasi-Periodic Distributed Systems Maryam Dabaghchian

A Timeless Model for the Verification of Quasi-Periodic Distributed Systems Maryam Dabaghchian Zvonimir Rakamari School of Computing University of Utah Motivating Example Safety property: speed is always in a valid range Liveness property:

596 views • 3 slides
Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F.

Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F.

Heuristics for Checking Liveness Properties with Partial Order Reductions A. Duret-Lutz, F. Kordon, D. Poitrenaud, E. Renault Tuesday, October 18th E. Renault ATVA16 Tuesday, October 18th 1 / 17 State Space Explosion Two concurrent

941 views • 52 slides
Distributed Systems Reasons for distributed systems Resource sharing sharing and

Distributed Systems Reasons for distributed systems Resource sharing sharing and

CSC 4103 - Operating Systems Motivation Spring 2007 Distributed system is collection of loosely coupled processors that do not share memory Lecture - XXII interconnected by a communications network Distributed Systems

477 views • 4 slides
Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a

Distributed File Systems Distributed File Systems A distributed file system (DFS) is a distributed Definitions implementation of a classical time-sharing model of a file Distributed system - A number of loosely coupled system. machines

997 views • 8 slides
MicroOS Desktop Richard Brown The Road to Daily Driving MicroOS Release Engineer aka We Need

MicroOS Desktop Richard Brown The Road to Daily Driving MicroOS Release Engineer aka We Need

MicroOS Desktop Richard Brown The Road to Daily Driving MicroOS Release Engineer aka We Need YOUR HELP rbrown@opensuse.org sysrich on Freenode.net @sysrich About Me ~15 years with openSUSE & other FOSS communities >7 years

637 views • 28 slides
Boomerang Switch in Multiple Rounds Application to AES Variants and Deoxys Haoyang Wang, Thomas

Boomerang Switch in Multiple Rounds Application to AES Variants and Deoxys Haoyang Wang, Thomas

Boomerang Switch in Multiple Rounds Application to AES Variants and Deoxys Haoyang Wang, Thomas Peyrin School of Physical and Mathematical Sciences, Nanyang Technological University, Singapore FSE 2019, Paris March 26, 2019 Outline

594 views • 30 slides
ARXtools: A toolkit for ARX analysis . . . . . . . . . . . . . . . . . . . . . . Gatan

ARXtools: A toolkit for ARX analysis . . . . . . . . . . . . . . . . . . . . . . Gatan

1 / 26 Introduction Third NIST SHA-3 conference S-system Analysis ARXtools: A toolkit for ARX analysis Differential characteristics G. Leurent (pres: P.-A. Fouque) Application ARXtools: A toolkit for ARX analysis . . . . . . . . . . . . .

721 views • 38 slides
Quantifying the incompatibility of Quantifying the incompatibility of quantum measurements

Quantifying the incompatibility of Quantifying the incompatibility of quantum measurements

Quantifying the incompatibility of Quantifying the incompatibility of quantum measurements quantum measurements relative to a basis relative to a basis Georgios Styliaris Paolo Zanardi Georgios Styliaris Paolo Zanardi arXiv: 1901.06382

737 views • 27 slides
Weak and Strong Compatibility in Data Fitting Problems under Interval Uncertainty Sergey P.

Weak and Strong Compatibility in Data Fitting Problems under Interval Uncertainty Sergey P.

Weak and Strong Compatibility in Data Fitting Problems under Interval Uncertainty Sergey P. Shary Institute of Computational Technologies SB RAS and Novosibirsk State University, Novosibirk, Russia E-mail: shary@ict.nsc.ru Abstract For

772 views • 31 slides
C O R P O R AT E "Success is not final; failure is not fatal: It is the courage to continue

C O R P O R AT E "Success is not final; failure is not fatal: It is the courage to continue

C O R P O R AT E "Success is not final; failure is not fatal: It is the courage to continue that counts." What is Corporate? A corporation is an organization, usually a group of people or a company, authorized to act as a single

442 views • 10 slides
Standard Microsystems Corporation (Name of Registrant as Specified In Its Charter) Microchip

Standard Microsystems Corporation (Name of Registrant as Specified In Its Charter) Microchip

UNITED STATES SECURITIES AND EXCHANGE COMMISSION Washington, D.C. 20549 SCHEDULE 14A Proxy Statement Pursuant to Section 14(a) of the Securities Exchange Act of 1934 Filed by the Registrant Filed by a Party other than the Registrant Check

555 views • 34 slides
Limited Liability Company Designed to be a hybrid between the corporation and the

Limited Liability Company Designed to be a hybrid between the corporation and the

Limited Liability Company Designed to be a hybrid between the corporation and the partnership Formation: Articles of Incorporation must be filed with the state (as with the corporation) describing the purpose and

301 views • 6 slides

More recommend