Soundness in negotiations Igor Walukiewicz CNRS, Bordeaux - - PowerPoint PPT Presentation

soundness in negotiations
SMART_READER_LITE
LIVE PREVIEW

Soundness in negotiations Igor Walukiewicz CNRS, Bordeaux - - PowerPoint PPT Presentation

May 27, 2023 167 likes •436 views

Soundness in negotiations Igor Walukiewicz CNRS, Bordeaux University Joint work with Javier Esparza, Denis Kuperberg, and Anca Muscholl 1 / 25 Verification of concurrent systems suffers from the state explosion problem. 2 / 25 Verification

slide-1
SLIDE 1

Soundness in negotiations

Igor Walukiewicz

CNRS, Bordeaux University

Joint work with Javier Esparza, Denis Kuperberg, and Anca Muscholl

1 / 25

slide-2
SLIDE 2

Verification of concurrent systems suffers from the state explosion problem.

2 / 25

slide-3
SLIDE 3

Verification of concurrent systems suffers from the state explosion problem. Negotiations is a restricted model for which some verification problems are much easier than usually.

3 / 25

slide-4
SLIDE 4

Proc : processes. N : atomic negotiations (nodes); dom : N → P(Proc). R : outcomes. δ : N × R × P

·

− → P(N) : partial transition function δ(n, a, p) is a set of next atomic negotiations for process p; for every n, a ∈ out(n), p ∈ dom(n),

4 / 25

slide-5
SLIDE 5

A configuration C : Proc → P(N) n is enabled in C if n ∈ C(p) for all p ∈ dom(n). A run C1

(n1,a1)

− → C2

(n2,a2)

− → C3 . . . A successful run Cinit

w

− → Cfin

5 / 25

slide-6
SLIDE 6

A negotiation is sound if every run Cinit

w

− → C can be completed to a successful run.

6 / 25

slide-7
SLIDE 7

Deterministic negotiation: δ(n, a, p) is at most singleton. Graph of a negotiation (see above). Local path a path in the graph of a negotiation. Acyclic negotiation when its graph is acyclic. Rem: For acyclic negotiations: sound ≡ no-deadlock.

7 / 25

slide-8
SLIDE 8

Deterministic acyclic negotiations L(N)∩L(A)≠∅ NP-complete Soundness in NLOGSPACE

Soundness: every run can be completed to a successful run 8 / 25

slide-9
SLIDE 9

A local path n0

p0,a0

− → n1

p1,a1

− → . . .

pk−1,ak−1

− → nk is realizable if it is a part of a run.

Lemma

Every local path is realizable.

Proof

Atomic negotiation n0 is enabled in Cinit. Suppose ni is enabled in Ci. Let C′

i be the result of executing ai. We have C′ i(p) = ni+1

By soundness from C′

i we can reach Cfin.

So on the way we reach Ci+1 where ni+1 is enabled.

9 / 25

slide-10
SLIDE 10

A local path n0

p0,a0

− → n1

p1,a1

− → . . .

pk−1,ak−1

− → nk is realizable if it is a part of a run.

Lemma

Every local path is realizable.

Lemma

There is an execution containing m and n iff there is a pattern:

10 / 25

slide-11
SLIDE 11

Lemma

There is an execution containing m and n iff there is a pattern:

Lemma

Acyclic N is not sound iff its graph has a pattern:

Theorem

Soundness of acyclic deterministic negotiations is NLOGSPACE-complete.

11 / 25

slide-12
SLIDE 12

Not everything is easy to check for deterministic acyclic negotiations

12 / 25

slide-13
SLIDE 13

Thm

L(N) ∩ L(A) = ∅ is NP-complete, for N an acyclic deterministic negotiation and A a deterministic finite automaton.

1 in 3 SAT

(x1 ∨ x2 ∨ xn) ∧ (x2 ∨ x4 ∨ xn) ∧ . . . L(A) = {Ci1

1 Ci2 2 . . . Cik k : i1, . . . , ik ∈ [n]}

13 / 25

slide-14
SLIDE 14

Deterministic acyclic negotiations L(N)∩L(A)≠∅ NP-complete Soundness in NLOGSPACE Verifying properties of sound acyclic deterministic negotiations races can be decided in PTIME some properties can be decided in PTIME

Soundness: every run can be completed to a successful run 14 / 25

slide-15
SLIDE 15

Atomic negotiations may have outcomes: alloc(x), read(x), write(x), and dealloc(x).

15 / 25

slide-16
SLIDE 16

(1) Inconsistent data: an atomic negotiation reads or writes a variable x while another atomic negotiation is writing, allocating, or deallocating it in parallel. (2) Never destroyed: there is an execution in which a variable is allocated and then never deallocated before the execution ends. (3) Weakly redundant data: there is an execution in which a variable is written and never read before it is deallocated or the execution ends.

16 / 25

slide-17
SLIDE 17

(1) Inconsistent data: an atomic negotiation reads or writes a variable x while another atomic negotiation is writing, allocating, or deallocating it in parallel. (2) Never destroyed: there is an execution in which a variable is allocated and then never deallocated before the execution ends. (3) Weakly redundant data: there is an execution in which a variable is written and never read before it is deallocated or the execution ends.

Thm

These properties can be checked in PTIME for acyclic, deterministic, sound negotiations.

17 / 25

slide-18
SLIDE 18

Concurrency of two actions

18 / 25

slide-19
SLIDE 19

We write m n if N has a reachable configuration C where both m and n are enabled.

Thm

We can decide in a linear time if in a given acyclic, deterministic, sound negotiation the two given atomic negotiations m, n satisfy m n.

Proposition

m n iff there is a run containing m, n, and there is no local path from m to n or vice versa.

Thm [Kovalyov, Esparza]

For all deterministic negotiations there is a cubic algorithm for this problem.

19 / 25

slide-20
SLIDE 20

Deterministic acyclic negotiations L(N)∩L(A)≠∅ NP-complete Soundness in NLOGSPACE Verifying properties of sound acyclic deterministic negotiations races can be decided in PTIME some properties can be decided in PTIME Soundness for bigger classes without acyclicity coNP-hard for weakly deterministic acyclic in PTIME

Soundness: every run can be completed to a successful run 20 / 25

slide-21
SLIDE 21

Thm [Espaza, Desel]

Soundness is PSPACE-complete for non-deterministic negotiations. It is CONP-complete when they are acyclic.

Thm [Esparza, Desel]

Soundness is in PTIME for deterministic negotiations.

Thm

Soundness is in PTIME for acyclic weakly non-deterministic negotiations.

Thm

Soundness is CONP-complete for very weakly non-deterministic negotiations.

21 / 25

slide-22
SLIDE 22

A process p is deterministic if δ(n, a, p) is at most a singleton, for all n, a. A negotiation is weakly non-deterministic if for every n ∈ N at least

  • ne of the processes in dom(n) is deterministic.

Thm

Soundness can be decided in PTIME for acyclic, weakly non-deterministic negotiations.

22 / 25

slide-23
SLIDE 23

A negotiation is weakly non-deterministic if for every n ∈ N at least

  • ne of the processes in dom(n) is deterministic.

Lemma

An acyclic weakly non-deterministic negotiation N is not sound if and

  • nly if:

either its restriction ND to deterministic processes is not sound,

  • r, for some non-deterministic process p, its restriction to p and

the deterministic processes is not sound.

Thm (Omitting)

It can be decided in PTIME if for a given deterministic, acyclic, and sound negotiation N and a set B ⊆ N there is a successful run of N

  • mitting B.

23 / 25

slide-24
SLIDE 24

A negotiation is weakly non-deterministic if for every n ∈ N at least

  • ne of the processes in dom(n) is deterministic.

A negotiation is very weakly non-deterministic if for every n ∈ N a ∈ R and p ∈ Proc there is a deterministic process q such that q ∈ dom(n′) for all n′ ∈ δ(n, a, p). (q decides about the next negotiation) det-acyclic: restriction to deterministic processes is acyclic.

Thm

Soundness of det-acyclic, very weakly non-deterministic negotiations is CONP-complete.

24 / 25

slide-25
SLIDE 25

Deterministic acyclic negotiations L(N)∩L(A)≠∅ NP-complete Soundness in NLOGSPACE Verifying properties of sound acyclic deterministic negotiations races can be decided in PTIME some properties can be decided in PTIME Soundness for bigger classes without acyclicity coNP-hard for weakly deterministic acyclic in PTIME

Soundness: every run can be completed to a successful run 25 / 25