[PPT] - V erication 1 Objectives of this Lecture Induction on ! PowerPoint Presentation

SLIDE 1 V erication 1 Objectives

f

this Lecture

Induction
n

!

Induction
n

6!

F
rmal

p ro

f
f

the vecto r clo ck algo rithm c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 2 V erication 2 Causally p recedes and its complem ent

s

1

s

2

s

3

s

4

t

1

t

2

t

3

t

4

k

! relation used fo r induction

n

!. F

r

k > 0, s k ! t 4 = ml (s; t) = k Thus s k ! t if and

nly

if s ! t and the longest chain from s to t has length k . c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 3 V erication 3 Induction

n

! Lemma 1 s ! t , (9k : k > : s k ! t) Lemma 2 s 1 ! t ) s

1

t _ s ; t Is Con v erse true ? Pro

f:

s 1 ! t ) ml (s; t) = 1 f defn

f

k ! g ) 9c : f ir st(c) = s ^ l ast(c) = t ^ l en(c) = 1 ) s

1

t ^ s ; t f defn

f

a chain g Lemma 3 (s k ! t) ^ (k > 1) ) (9u :: s k 1 ! u ^ u 1 ! t) Pro

f:

(s k ! t) ^ (k > 1) ) (ml (s; t) = k ) ^ (k > 1) f defn

f

k ! g ) (9u :: ml (s; u) = k

1

^ ml (u; t) = 1) f chain lemma g ) (9u :: s k 1 ! u ^ u 1 ! t) f defn

f

k ! g c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 4 V erication 4 The relation 6!

s

1

s

2

s

3

s

4

t

1

t

2

t

3

t

4

Dene

fo r k

0:

s k 6! t 4 = s 6! t ^ ml (I nit; t) = k Thus s k 6! t if and

nly

if s 6! t and the longest chain from some initial state to t has length k . c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 5 V erication 5 Induction

n

6! Lemma 4 s 6! t , (9k : k

:

s k 6! t) Pro

f:

s 6! t , (s 6! t) ^ (ml (I nit; t)

0)

f b y defn

f

ml (I nit; t) g , (9k : k

:

s k 6! t) f defn

f

k ! g Lemma 5 s 6! t , I nit(t) c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 6 V erication 6 Induction

n

6! [Contd.] Lemma 6 (k > 0) ^ (s k 6! t) ^ (u ! t) ) (9j :

j

< k : s j 6! u) Pro

f

: k > ^ s k 6! t ^ u ! t ) k > ^ s 6! u ^ s k 6! t fotherwise s ! tg ) k > ^ s 6! u ^ ml (I nit; t) = k fdefn

f

k 6! g ) k > ^ s 6! u ^ ml (I nit; u) < k fotherwise ml (I nit; t) > k g ) (9j :

j

< k : s j 6! u) fdefn

f

j 6! g c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 7 V erication 7 A va riant

f

the vecto r clo ck algo rithm

vecto

r comp

nents

incremented less frequently; it maintains: (8s; t : s:p 6= t:p : s:v < t:v , s ! t) F

r

any initial state s: (8i : i 6= s:p : s:v [i] = 0) ^ (s:v [s:p] = 1) Rule fo r a send event (s; snd; t): t:v := s:v ; t:v [t:p] + +; Rule fo r a receive event (s; r cv (u); t): t:v := max (s:v ; u:v ); Rule fo r an internal event (s; int; t): t:v := s:v ; c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 8 V erication 8 Pro

f
(8s;

t : s:p 6= t:p : s:v < t:v , s ! t). accomplished b y s:p 6= t:p ^ s ! t ) s:v < t:v (1) s:p 6= t:p ^ s:v < t:v ) s ! t (2) Lemma 7 s ! t ) s:v

t:v

c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 9 V erication 9 Pro

f

[Contd.] Pro

f

: Sucient to sho w that 8 k > : s k ! t ) s:v

t:v

Base (k = 1) : s 1 ! t ) s

1

t _ s ; t flemma 2 g ) (s; int; t) _ (s; snd; t) _ (9u :: (s; r cv (u); t)) _(9u :: (u; r cv (s); t)) fexpand s

t

and s ; tg ) (s:v = t:v ) _ (s:v < t:v ) _ (s:v

t:v

) _ (s:v

t:v

) fSnd, Rcv, and Int rulesg ) s:v

t:v

f simplify g Induction: (k > 1) s k ! t ^ (k > 1) ) (9u :: s k 1 ! u ^ u 1 ! t) flemma 3g ) (9u :: s:v

u:v

^ u:v

t:v

) finduction hyp

thesisg

) s:v

t:v

fsimplifyg c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 10 V erication 10 Use

f

induction

n

k 6! [Base Case] Contrap

sitive
f

2: 8s; t : s:p 6= t:p : s 6! t ) :(s:v < t:v ): Lemma 8 (8s; t : s:p 6= t:p : s 6! t ) t:v [s:p] < s:v [s:p]) Pro

f

Base (k = 0) : s 6! t ^ s:p 6= t:p ) I nit(t) ^ s:p 6= t:p flemma 7g ) I nit(t) ^ s:p 6= t:p ^ flet u b e initial state in s:pg (9u : I nit(u) ^ u:p = s:p : u = s _ u ! s) ) I nit(t) ^ s:p 6= t:p ^ flemma 7g (9u : I nit(u) ^ u:p = s:p : u:v = s:v _ u:v

s:v

) ) t:v [s:p] = ^ fInit ruleg (9u : u:v [s:p] = 1 : u:v = s:v _ u:v

s:v

) ) t:v [s:p] < s:v [s:p] fsimplifyg c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 11 V erication 11 Pro

f

[Induction Case] Induction: (k > 0) s k 6! t ^ s:p 6= t:p ^ k > ) f let u satisfy u

1

t, u exists since :I nit(t) g s k 6! t ^ s:p 6= t:p ^ u:p = t:p ^ u

1

t ) f lemma 6 g s j 6! u ^

j

< k ^ u:p 6= s:p ^ u

1

t ) f inductive hyp

thesis

g u:v [s:p] < s:v [s:p] ^ u

1

t ) f expand u

1

t g u:v [s:p] < s:v [s:p] ^ ((u; int; t) _ (u; snd; t) _ (u; r cv (w ); t)) Consider each disjunct sepa rately . c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 12 V erication 12 Pro

f
f

Inductive Case [Contd.] Case 1: (u; int; t) u:v [s:p] < s:v [s:p] ^ (u; int; t) ) u:v [s:p] < s:v [s:p] ^ t:v = u:v fInt ruleg ) t:v [s:p] < s:v [s:p] fsimplifyg Case 2: (u; snd; t) u:v [s:p] < s:v [s:p] ^ (u; snd; t) ) u:v [s:p] < s:v [s:p] ^ t:v [s:p] = u:v [s:p] fSnd rule, s:p 6= t:pg ) t:v [s:p] < s:v [s:p] fsimplify g Case 3: (u; r cv (w ); t) u:v [s:p] < s:v [s:p] ^ (u; r cv (w ); t) ) u:v [s:p] < s:v [s:p] ^ (u; r cv (w ); t) ^ fRcv ruleg (t:v [s:p] = u:v [s:p] _ t:v [s:p] = w :v [s:p]) ) (t:v [s:p] < s:v [s:p]) _ fsimplifyg ((u; r cv (w ); t) ^ t:v [s:p] = w :v [s:p]) It suces to p rove the t w

cases:

w :p = s:p and w :p 6= s:p. c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 13 V erication 13 Pro

f
f

Inductive Case [Contd.] Case 3A: w :p = s:p t:v [s:p] = w :v [s:p] ^ (u; r cv (w ); t) ) t:v [s:p] = w :v [s:p] ^ (w ; snd; x) 8 > > > > > > > > > < > > > > > > > > > : let x satisfy w

x,

x exists since w ; t implies :F inal (w ) 9 > > > > > > > > > = > > > > > > > > > ; ) t:v [s:p] = w :v [s:p] ^ (w ; snd; x) fotherwise s ! tg ^ w ! s ) t:v [s:p] = w :v [s:p] ^ (w ; snd; x) fsince w

xg

^ (x = s _ x ! s) ) t:v [s:p] = w :v [s:p] ^ w :v [s:p] < x:v [s:p] ^ (x = s _ x ! s) fSnd ruleg ) t:v [s:p] = w :v [s:p] ^ w :v [s:p] < x:v [s:p] ^ (x:v

s:v

) flemma 7g ) t:v [s:p] < s:v [s:p] fsimplifyg c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 14 V erication 14 Pro

f
f

Inductive Case [Contd.] Case 3B: w :p 6= s:p t:v [s:p] = w :v [s:p] ^ (u; r cv (w ); t) ^ w :p 6= s:p ) f use s k 6! t, k > 0, and lemma 6 g t:v [s:p] = w :v [s:p] ^ w :p 6= s:p ^ s j 6! w ^

j

< k ) f inductive hyp

thesis

g t:v [s:p] = w :v [s:p] ^ w :v [s:p] < s:v [s:p] ) f simplify g t:v [s:p] < s:v [s:p] c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 15 V erication 15 Converse Eqn 2 : s:p 6= t:p ^ s:v < t:v ) s ! t Lemma 9 (8s; t : s:p 6= t:p : s ! t ) s:v < t:v ) Pro

f

Base (k = 1) : s 1 ! t ^ s:p 6= t:p ) s ; t ^ s:p 6= t:p fdefn

f

1 ! and lemma 2g ) s:p 6= u:p ^ (u; r cv (s); t) flet u satisfy u

tg

) 8 > > > > < > > > > :

therwise

t ! s (since there is

nly
ne

event b et w een u and t) 9 > > > > = > > > > ; u 6! s ^ s:p 6= u:p ^ (u; r cv (s); t) ) s:v [u:p] < u:v [u:p] flemma 8 and rcv ruleg ^ (8i :: t:v [i] = max (u:v [i]; s:v [i])) ) s:v < t:v c Vija y K. Ga rg Distributed Systems Sp ring 96

SLIDE 16 V erication 16 Converse [Contd.] Induction (k > 0) : s k ! t ^ k > ^ s:p 6= t:p ) (9u :: s k 1 ! u ^ u 1 ! t ^ s:p 6= t:p) flemma 3g ) (9u :: s k 1 ! u ^ u 1 ! t ^ fu:p can not have t w

valuesg

(u:p 6= t:p _ u:p 6= s:p)) ) (9u :: (s k 1 ! u ^ u 1 ! t ^ u:p 6= t:p) _ (s k 1 ! u ^ u 1 ! t ^ u:p 6= s:p)) ) (9u :: (s k 1 ! u ^ u:v < t:v )_ finductive hyp

thesisg

(s:v < u:v ^ u 1 ! t)) ) (9u :: (s:v

u:v

^ u:v < t:v )_ flemma 7g (s:v < u:v ^ u:v

t:v

)) ) s:v < t:v Theorem 1 (8s; t : s:p 6= t:p : s ! t , s:v < t:v ) c Vija y K. Ga rg Distributed Systems Sp ring 96