formal methods for the verification of distributed
play

Formal Methods for the Verification of Distributed Algorithms Paul - PowerPoint PPT Presentation

Dec 27, 2023 •318 likes •1.23k views

Formal Methods for the Verification of Distributed Algorithms Paul Gastin Laboratoire Spcification et Vrification ENS Paris Saclay & CNRS with C. Aiswarya (CMI) & Benedikt Bollig (LSV) Motivations Distributed algorithms are

  1. Formal Methods for the Verification of Distributed Algorithms Paul Gastin Laboratoire Spécification et Vérification ENS Paris Saclay & CNRS with C. Aiswarya (CMI) & Benedikt Bollig (LSV)

  2. Motivations • Distributed algorithms are extremely difficult to get right • Correctness proofs are often involved • Formal methods may help verifying the correctness of tricky algorithms

  3. Formal methods: Model Checking Peterson's algorithm Specification for n from 0 to N − 1 exclusive Mutual exclusion level[i] ← n last_to_enter[n] ← i � ¬ ( CS i ∧ CS j ) while last_to_enter[n] = i and there exists k ≠ i, such that level[k] ≥ n i ̸ = j wait Yes No

  4. Formal methods: Model Checking Peterson's algorithm Specification for n from 0 to N − 1 exclusive Mutual exclusion level[i] ← n last_to_enter[n] ← i � ¬ ( CS i ∧ CS j ) while last_to_enter[n] = i and there exists k ≠ i, such that level[k] ≥ n i ̸ = j wait m e l b o r p n o i s i c e D Yes No

  5. Models for programs/algorithms • Finite state machine (control points) • Data structures • Boolean variables • Integer variables • Stacks (recursivity) • Queues (asynchronous communication)

  6. Models for programs/algorithms Peterson's algorithm for n from 0 to N − 1 exclusive level[i] := n last_to_enter[n] := i while last_to_enter[n] = i and there exists k ≠ i, such that level[k] ≥ n wait init last_to_enter[n] = i n := 0 max{level[k], k ≠ i} ≥ n level[i] := n trying wait last_to_enter[n] := i else n := n+1 n < N n = N wait CS

  7. Models for programs/algorithms Franklin’s leader election algorithm Processes are arranged in an undirected ring. Each node has a unique identity. Each node is either active or passive (relay mode) at a given time. The algorithm executes as follows: – Each active node sends its identity to its neighbors. Let each active node p1 receive identities from p0 and p2. Where p0 and p2 are its either neighbors in the ring. – If min( ID[p0], ID[p2] ) > ID[p1], then p1 becomes passive – If min( ID[p0], ID[p2] ) < ID[p1], then p1 sends its ID to its neighbors again – If min( ID[p0], ID[p2] ) == ID[p1], then p1 declares itself as leader – Passive nodes only pass on messages. – The loop continues until a leader with highest unique ID has been elected. left ! id right ! id left?r 1 right?r 2 id > r 1 ∧ id > r 2 left ! id right ! id active left?r 1 right?r 2 leader id = r 1 fwd left ! id right ! id left?r 1 right?r 2 passive id < r 1 ∨ id < r 2

  8. Languages for the specification • Modal logics • Temporal logics • First-order logic • Dynamic logics

  9. Model checking: sources of undecidability • Each infinite/unbounded aspects • number of processes/agents • Integer variables (pids, timestamps, …) • FIFO channels (asynchronous communication)

  10. Model checking (Linear time) set of possible set of admissible traces traces Behavior L ( A ) L ( ϕ ) model checking | A ϕ = L ( A ) ⊆ L ( ϕ ) ? System model Specification ¬ F specificati distributed

  11. Model checking: First solution Reachability L ( ϕ ) Behavior ? = ∅ L ( A ) L ( A 0 ) ∩ effective A 0 ¬ ϕ model checking ϕ A | = L ( A ) ⊆ L ( ϕ ) ? Finite automata LTL specification ¬ F specificati distributed

  12. Model checking: Second solution Validity ? L ( ϕ ) Behavior ! ⇒ " L ( A ) effective ! model checking ϕ A | = L ( A ) ⊆ L ( ϕ ) ? Finite automata LTL specification ¬ F specificati distributed

  13. Models of Distributed Systems 23 5 47 71 19 42

  14. Distributed algorithms: our hypotheses • Number of processes: arbitrary, unknown • Unique process identification • Comparisons: <, = • No arithmetic • Topology: fixed degree (ring, …) • Communication: Synchronous in rounds • Round: send messages, receive messages, compute and update local registers

  15. Distributed algorithms Leader election [Franklin ’82] round } z { | 5 71 42 19 47 23 Behavior left ! id right ! id left?r 1 right?r 2 id > r 1 ∧ id > r 2 active left ! id right ! id left?r 1 right?r 2 passive id < r 1 ∨ id < r 2 Distributed algorithm

  16. Distributed algorithms Leader election [Franklin ’82] round } z { | 5 71 42 19 Active id = 47 47 r1 = 23 r2 = 19 23 Behavior left ! id right ! id left?r 1 right?r 2 id > r 1 ∧ id > r 2 active left ! id right ! id left?r 1 right?r 2 passive id < r 1 ∨ id < r 2 Distributed algorithm

  17. Distributed algorithms Leader election [Franklin ’82] 5 71 42 71 47 19 47 23 Behavior left ! id right ! id left?r 1 right?r 2 id > r 1 ∧ id > r 2 active fwd left ! id right ! id left?r 1 right?r 2 passive id < r 1 ∨ id < r 2 Distributed algorithm

  18. Distributed algorithms Leader election [Franklin ’82] 5 71 71 42 19 47 23 Behavior left ! id right ! id left?r 1 right?r 2 id > r 1 ∧ id > r 2 left ! id right ! id active left?r 1 right?r 2 leader id = r 1 fwd left ! id right ! id left?r 1 right?r 2 passive id < r 1 ∨ id < r 2 Distributed algorithm

  19. Distributed algorithms Leader election [Franklin ’82] 5 71 42 19 47 23 Behavior left ! id right ! id left?r 1 right?r 2 id > r 1 ∧ id > r 2 left ! id right ! id active left?r 1 right?r 2 leader id = r 1 fwd left ! id right ! id left?r 1 right?r 2 passive id < r 1 ∨ id < r 2 Distributed algorithm

  20. Distributed algorithms 23 5 • Identical finite-state 47 processes 71 • Number of processes is unknown and unbounded right • Processes have unique left 19 pids (integers — 42 unbounded data)

  21. A formal model for distributed algorithms An automata-like way of writing DA Every process can be described by: 5 • Set of states • Set of transitions • send pids to neighbours • Initial state • receive pids from neighbours, • Set of registers and store in registers • compare registers • stores pid • update registers

  22. Behaviors two unbounded dimensions 5 71 42 19 Active id = 47 47 r1 = 23 r2 = 19 23 left ! id right ! id Cylinders left?r 1 right?r 2 Arbitrary length and width id > r 1 ∧ id > r 2 Labelled with data left ! id right ! id from an infinite domain active left?r 1 right?r 2 leader id = r 1 fwd left ! id right ! id left?r 1 right?r 2 3 sources of infinity passive id < r 1 ∨ id < r 2 Distributed algorithm

  23. Abstraction of Data Values 23 5 47 71 19 42

  24. Model Checking Distributed algorithms 5 71 42 19 Active id = 47 47 r1 = 23 r2 = 19 23 UNDECIDABLE • Behaviors: Cylinders of arbitrary width and length Data from an infinite domain • System: Register automata with data comparisons • Specification: Data PDL with data comparisons

  25. ⇒ Reduction to Satisfiability of LCPDL: Data abstraction 5 71 42 19 47 23 # $ A ϕ valid over cylinders ⇒ A | ⇐ = ϕ Distributed algorithm PDL with loop (over finite alphabet) Data PDL

  26. LCPDL: Propositional Dynamic logic with Loop and Converse ψ Ψ , Ψ ′ ::= E ψ | ¬ Ψ | Ψ ∧ Ψ ′ ψ , ψ ′ ::= ‡ | p | ¬ ψ | ψ ∧ ψ ′ | ⟨ π ⟩ ψ | loop ( π ) π , π ′ ::= { ψ } ? | → | ↓ | π + π ′ | π · π ′ | π ∗ | π − 1

  27. LCPDL: Propositional Dynamic logic with Loop and Converse ‡ Ψ , Ψ ′ ::= E ψ | ¬ Ψ | Ψ ∧ Ψ ′ ψ , ψ ′ ::= ‡ | p | ¬ ψ | ψ ∧ ψ ′ | ⟨ π ⟩ ψ | loop ( π ) π , π ′ ::= { ψ } ? | → | ↓ | π + π ′ | π · π ′ | π ∗ | π − 1

  28. LCPDL: Propositional Dynamic logic with Loop and Converse Ψ , Ψ ′ ::= E ψ | ¬ Ψ | Ψ ∧ Ψ ′ ψ , ψ ′ ::= ‡ | p | ¬ ψ | ψ ∧ ψ ′ | ⟨ π ⟩ ψ | loop ( π ) π , π ′ ::= { ψ } ? | → | ↓ | π + π ′ | π · π ′ | π ∗ | π − 1

  29. LCPDL: Propositional Dynamic logic with Loop and Converse ⟨ π ⟩ ψ ψ π ⟨↓ ∗ ← ∗ {•} ?( ↓↓ {•} ?) ∗ → ∗ {•} ? → {•} ? ↑ ∗ ⟩ • Ψ , Ψ ′ ::= E ψ | ¬ Ψ | Ψ ∧ Ψ ′ ψ , ψ ′ ::= ‡ | p | ¬ ψ | ψ ∧ ψ ′ | ⟨ π ⟩ ψ | loop ( π ) π , π ′ ::= { ψ } ? | → | ↓ | π + π ′ | π · π ′ | π ∗ | π − 1

  30. LCPDL: Propositional Dynamic logic with Loop and Converse loop ( π ) π Ψ , Ψ ′ ::= E ψ | ¬ Ψ | Ψ ∧ Ψ ′ ψ , ψ ′ ::= ‡ | p | ¬ ψ | ψ ∧ ψ ′ | ⟨ π ⟩ ψ | loop ( π ) π , π ′ ::= { ψ } ? | → | ↓ | π + π ′ | π · π ′ | π ∗ | π − 1

  31. Data abstraction: symbolic runs + tracking data 5 71 42 19 Active id = 47 47 r1 = 23 r2 = 19 23 left ! id right ! id left?r 1 right?r 2 id > r 1 ∧ id > r 2 left ! id right ! id active left?r 1 right?r 2 leader id = r 1 fwd left ! id right ! id left?r 1 right?r 2 passive id < r 1 ∨ id < r 2 Distributed algorithm

  32. Data abstraction: symbolic runs + tracking data t 3 t 3 5 t 2 t 1 t 4 71 t 1 t 3 t 3 t 2 42 t 2 t 3 t 3 19 t 1 t 2 t 3 47 t 2 t 3 t 3 23 left ! id right ! id t 1 left?r 1 right?r 2 id > r 1 ∧ id > r 2 t 4 left ! id right ! id active left?r 1 right?r 2 leader id = r 1 t 3 fwd left ! id right ! id left?r 1 right?r 2 t 2 passive id < r 1 ∨ id < r 2 Distributed algorithm

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim

Formal Hardware Verification: getting started Mary Sheeran Making Formal Verification work Aim for automation (bit level) Find niches where formal methods work well Use assertions/ properties first in sim. and then in FV (the acronym is ABV,

1.14k views • 65 slides
Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby

Software Verification/Validation Methods and Tools . . . or Practical Formal Methods John Rushby Computer Science Laboratory SRI International Menlo Park, CA John Rushby, SR I Practical Formal Methods: 1 Need: Growing Importance and Cost of

278 views • 12 slides
Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide

Formal Methods Chapter 21 Computer Security: Art and Science , 2 nd Edition Version 1.0 Slide 21-1 Outline Formal verification techniques Design verification languages Bell-LaPadula and SPECIAL Current verification systems

911 views • 63 slides
Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for

Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for

Formal Verification Methods 4: Theorem Proving Formal Verification Methods 4: Theorem Proving John Harrison Intel Corporation Need for general theorem proving Set theory vs. higher-order logic Herbrand-based approaches

475 views • 18 slides
Formal Verification Methods 5: Floating Point Verification John Harrison Intel Corporation

Formal Verification Methods 5: Floating Point Verification John Harrison Intel Corporation

Formal Verification Methods 5: Floating Point Verification Formal Verification Methods 5: Floating Point Verification John Harrison Intel Corporation Itanium overview HOL overview Floating point numbers and Itanium formats HOL

591 views • 21 slides
Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time

Specification and verification in the field: Applying formal methods to BPF just-in-time compilers in the Linux kernel Luke Nelson, Jacob Van Geffen, Emina Torlak, and Xi Wang University of Washington Goal: formally verified (e)BPF JITs in the

267 views • 22 slides
Formal Verification Methods 1: Propositional Logic John Harrison Intel Corporation Course

Formal Verification Methods 1: Propositional Logic John Harrison Intel Corporation Course

Formal Verification Methods 1: Propositional Logic Formal Verification Methods 1: Propositional Logic John Harrison Intel Corporation Course overview Propositional logic A resurgence of interest Logic and circuits Normal

424 views • 18 slides
Formal Verification Methods 2: Symbolic Simulation John Harrison Intel Corporation

Formal Verification Methods 2: Symbolic Simulation John Harrison Intel Corporation

Formal Verification Methods 2: Symbolic Simulation Formal Verification Methods 2: Symbolic Simulation John Harrison Intel Corporation Simulation Symbolic and ternary simulation BDDs Quaternary lattice Symbolic trajectory

334 views • 14 slides
Formal Specification and Verification of Distributed Components Soutenance de Thse pour obtenir

Formal Specification and Verification of Distributed Components Soutenance de Thse pour obtenir

Formal Specification and Verification of Distributed Components Soutenance de Thse pour obtenir le titre de Docteur en Sciences de l'Universit de Nice-Sophia Antipolis Jean-Paul R IGAULT Prsident Rapporteurs Carlos C ANAL Frantisek P

711 views • 55 slides
Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal

Formal Methods at Intel An Overview John Harrison Intel Corporation Second NASA Formal Methods Symposium NASA HQ, Washington DC 14th April 2010 (09:0010:00) 0 Table of contents Intels diverse verification problems Verifying

834 views • 45 slides
Formal Verification Methods 5: Floating-point verification John Harrison Intel Corporation

Formal Verification Methods 5: Floating-point verification John Harrison Intel Corporation

Formal Verification Methods 5: Floating-point verification John Harrison Intel Corporation Marktoberdorf 2003 Mon 4th August 2003 (10:35 11:20) 0 Summary Itanium overview Floating point numbers and Itanium formats HOL floating

532 views • 20 slides
Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply

Model-Checking Acknowledgment Formal Verification Formal verification means to apply mathematical arguments to prove the correctness of systems Systems have bugs Formal verification aims to find and correct such bugs Why? Computer systems

1.42k views • 122 slides
Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for

Formal Verification and Computer Architecture A Validated Formal Model of the x86 ISA for Analyzing Computing Systems Shilpi Goel shilpi@centtech.com Formal Verification Engineer Centaur Technology, Inc. Software and Reliability Can we rely

1.14k views • 78 slides
Lecture Outline 1. Course summary 2. Beyond the course DD2452 Formal Methods 3. Exam

Lecture Outline 1. Course summary 2. Beyond the course DD2452 Formal Methods 3. Exam

Lecture Outline 1. Course summary 2. Beyond the course DD2452 Formal Methods 3. Exam preparation 4. Course evaluation Concluding Lecture 1. Course Summary Formal Verification Formal methods : Two possibilities : correctness by

498 views • 3 slides
Formal Verification for an Internet of Secured Things Tutorial at the 3 rd World Congress on Formal

Formal Verification for an Internet of Secured Things Tutorial at the 3 rd World Congress on Formal

Formal Verification for an Internet of Secured Things Tutorial at the 3 rd World Congress on Formal Methods, 2019 Allan Blanchard, Nikolai Kosmatov, Fr ed eric Loulergue some slides authored by Julien Signoles Email: allan.blanchard@cea.fr,

1.69k views • 154 slides
Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI

Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI

Tools for Formal Methods: ICS, SAL, and Stateflow John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SRI ICS, SAL, and Stateflow: 1 Introduction Weve distributed the PVS Verification

978 views • 45 slides
harmonic functions and the chromatic polynomial R. Kenyon (Brown) based on joint work with A.

harmonic functions and the chromatic polynomial R. Kenyon (Brown) based on joint work with A.

harmonic functions and the chromatic polynomial R. Kenyon (Brown) based on joint work with A. Abrams, W. Lam The chromatic polynomial G ( n ) of a graph G is the number of proper colorings with n colors. (adjacent vertices have di ff erent

456 views • 26 slides
On Moment Problems in Robust Control, Spectral Estimation, Image Processing and System

On Moment Problems in Robust Control, Spectral Estimation, Image Processing and System

On Moment Problems in Robust Control, Spectral Estimation, Image Processing and System Identification Anders Lindquist Shanghai Jiao Tong University, China, and the Royal Institute of Technology, Stockholm, Sweden University of Maryland May,

937 views • 38 slides
Near-linear Time Gaussian Process Optimization with Adaptive Batching and Resparsification D.

Near-linear Time Gaussian Process Optimization with Adaptive Batching and Resparsification D.

Near-linear Time Gaussian Process Optimization with Adaptive Batching and Resparsification D. Calandriello* 1 , L. Carratino * 2 , A. Lazaric 3 , M. Valko 1 , L. Rosasco 2,4 * equal contribution. 1 DeepMind, 2 MaLGa - UniGe, 3 Facebook, 4 MIT - IIT

705 views • 45 slides
Applications of the Reverse Engineering Language REIL Hackers to Hackers Conference 2009, So

Applications of the Reverse Engineering Language REIL Hackers to Hackers Conference 2009, So

Applications of the Reverse Engineering Language REIL Hackers to Hackers Conference 2009, So Paulo Sebastian Porst zynamics GmbH (sebastian.porst@zynamics.com) Talk Overview Necessity of new RE methods Solutions we developed

762 views • 39 slides
Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different

Peer-to-Peer Networking and Discovery Technologies Week 6 Whats Peer-to-Peer? A different network architecture than client/server Each peer is both a client and a server Appropriate for applications that dont require a

353 views • 11 slides
ABITIBI GEOLOGY MIDLAND GOLD PROJECTS MARTINIERE BUG LAKE WALLBRIDGE / FENELON TABASCO

ABITIBI GEOLOGY MIDLAND GOLD PROJECTS MARTINIERE BUG LAKE WALLBRIDGE / FENELON TABASCO

ABITIBI GEOLOGY MIDLAND GOLD PROJECTS MARTINIERE BUG LAKE WALLBRIDGE / FENELON TABASCO Ind. Res. 0,59 Moz Au DETOUR LAKE Jeremie Reserves 13 Moz Au N Samson Project Casault Fleuribleu Gaudet LOWER DETOUR ZONE 58N Adam Ind.

406 views • 8 slides
On the Merit of Selecting Different Belief Merging Operators Pilar Pozos-Parra (joint work with

On the Merit of Selecting Different Belief Merging Operators Pilar Pozos-Parra (joint work with

On the Merit of Selecting Different Belief Merging Operators Pilar Pozos-Parra (joint work with Kevin McAreavey and Weiru Liu) University of Tabasco/Queens University of Belfast maripozos@gmail.com 5 July 2013 P. Pozos-Parra (UJAT)

855 views • 27 slides
Features of Emotional Planning in Software Agents Stefan Rank, Paolo Petta, Robert Trappl

Features of Emotional Planning in Software Agents Stefan Rank, Paolo Petta, Robert Trappl

ISSEK Workshop on Intelligent Agents, Udine 2004/10/01 1 Features of Emotional Planning in Software Agents Stefan Rank, Paolo Petta, Robert Trappl Austrian Research Institute for Artificial Intelligence 2004/10/01 Stefan Rank, Paolo Petta,

552 views • 31 slides

More recommend