i o automata
play

I/O Automata Seminar on Advanced Topics in Distributed Computing - PowerPoint PPT Presentation

Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion I/O Automata Seminar on Advanced Topics in Distributed Computing (University of Saarland, MPI-SWS, Ph.D. Petr Kuznetsov) Walid


  1. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion I/O Automata Seminar on Advanced Topics in Distributed Computing (University of Saarland, MPI-SWS, Ph.D. Petr Kuznetsov) Walid Haddad March 20, 2008

  2. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Outline • Overview of the I/O automaton model • Simple example: candy vending machines • Fairness • Properties and proof techniques • Outlook and conclusion

  3. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Model overview

  4. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Model overview Developed by [Lynch, Tuttle 1987] • Similar to traditional automata in providing a simple mathematical basis for describing structure and behavior of systems of interacting components Already used for: • Distributed algorithms, impossibility results • System case studies (communication protocols (e.g. TCP), Hybrid systems, security protocols, ...)

  5. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Model overview Each system component is modeled as an I/O automaton: I O O I Characteristics: • Infinite state • Non-deterministic • Actions are classified (input/output/internal) • Modularity supported (parallel composition, levels of abstraction) • Supports also correctness proofs (using invariant assertions and simulation relations)

  6. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Model overview Classification of actions: A u t o m a t o n ’ s A c t i o n s external internal g e n e r a t e d a u t o n o m o u s l y input (output actions are transmitted o u t p u t i n s t a n t a n e o u s l y ) g e n e r a t e d b y e n v i r o n m e n t & t r a n s m i t t e d i n s t a n t a n e o u s l y t o t h e a u t o m a t o n

  7. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Model overview Classification of actions: • action signature S : is the interface between the automaton and the environment • acts ( S ) = in ( S ) ∪ out ( S ) ∪ int ( S ) • ext ( S ) = out ( S ) ∪ in ( S ) • local ( S ) = out ( S ) ∪ int ( S )

  8. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Model overview Two fundamental assumptions: 1. An I/O automaton cannot block input actions Some advantages: • Specifying what a component does in the face of unexpected input is a serious source of errors in the development of system components • Input-enabling makes the basic theory of the model work out nicely (simple notions of external behavior of an automaton, based on sequences of external actions) 2. The performance of an action is controlled by at most one system component

  9. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Model overview - formal definition An I/O automaton A consists of five components: • action signature: sig ( A ) • set of states: states ( A ) • a nonempty set: start ( A ) ⊆ states ( A ) • transition relation: step ( A ) ⊆ states ( A ) × acts ( A ) × states ( A ) with the property that for every state s ′ and input action π there is a transition (s ′ , π , s) in step ( A ) • tasks ( A ), a task partition, which is an equivalence relation on local ( A ) having at most countably many equivalence classes

  10. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Model overview - formal definition Let A be an I/O automaton: • If (s ′ , π , s) is a step of A , then π is said to be enabled in s ′ • An execution fragment of A is a finite (infinite) sequence of alternating states and actions of A such that (s ′ i , π i +1 , s i +1 ) is a step of A for all i • An execution is an execution fragment beginning with a start state • A state is said to be reachable if it is the final state of a finite execution • trace( α ): the subsequence of an execution fragment α consisting of all the external actions • execs( A ): the set of executions of A • traces( A ): the set of traces of executions of A

  11. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Model overview - operations on I/O automata Composition (action signatures): • A set of action signatures {S i : i ∈ I} is called compatible iff for all i , j ∈ I we have: 1. out ( S i ) ∩ out ( S j ) = ∅ 2. int ( S i ) ∩ acts ( S j ) = ∅

  12. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Model overview - operations on I/O automata Composition (action signatures): • A set of action signatures {S i : i ∈ I} is called compatible iff for all i , j ∈ I we have: 1. out ( S i ) ∩ out ( S j ) = ∅ 2. int ( S i ) ∩ acts ( S j ) = ∅ • S = � i ∈I S i is a composition of compatible action signatures with: 1. in ( S ) = � in ( S i ) − � out ( S i ) i ∈I i ∈I 2. out ( S ) = � out ( S i ) i ∈I 3. int ( S ) = � int ( S i ) i ∈I

  13. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Model overview - operations on I/O automata Composition (automata): • A = � i ∈I A i is a composition of compatible automata with: 1. states ( A ) = � states ( A i ) i ∈I 2. start ( A ) = � start ( A i ) i ∈I 3. sig ( A ) = � sig ( A i ), i ∈I 4. tasks ( A ) = � tasks ( A i ) i ∈I ′ 5. steps ( A ) = {{ (( s i ) i ∈I , a , ( s i ) i ∈I ) : ∀ i ∈ I ⇒ ( s i , a , s ′ a ∈ acts ( A i ) = i ) ∈ steps ( A i ) ⇒ s i = s ′ a / ∈ acts ( A i ) = i {}

  14. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Model overview - operations on I/O automata Hiding: • The effect of the hiding operator is to hide output actions by reclassifying them as internal actions • Prevents them from being used for further communication and means that they are no longer included in traces • Helps make automata compatible for composition

  15. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Example: candy vending machines

  16. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Example: candy vending machines S K Y B A R H E A T H B A R A L M O N D J O Y C A N D Y M A C H I N E C U S T O M E R P U S H 1 P U S H 2

  17. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Example: candy machines Candy machine: • action signature: • Input actions: PUSH1, PUSH2 • Output actions: SKYBAR, HEATHBAR, ALMONDJOY • Internal actions: none • transition relation: PUSH1 Effect: button-pushed ← 1 PUSH2 Effect: button-pushed ← 2 SKYBAR Precondition: button-pushed = 1 Effect: button-pushed ← 0 HEATHBAR Precondition: button-pushed = 2 Effect: button-pushed ← 0 ALMONDJOY Precondition: button-pushed = 2 Effect: button-pushed ← 0

  18. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Example: candy machines Customer: • action signature: • Input actions: SKYBAR, HEATHBAR, ALMONDJOY • Output actions: PUSH1, PUSH2 • Internal actions: none • transition relation: SKYBAR Effect: waiting ← no HEATHBAR Effect: waiting ← no ALMONDJOY Effect: waiting ← no PUSH1 Precondition: waiting = no Effect: waiting ← yes PUSH2 Precondition: waiting = no Effect: waiting ← yes

  19. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Fairness

  20. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Fairness • Fairness specifies that all the components in a system get ” fair ” turns to perform steps every so often • Recall that each automaton A i is associated with a task partition tasks ( A i ) of its locally-controlled actions • The notion of fairness for an I/O automaton requires that each task gets infinitely many opportunities to perform one of its actions

  21. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Fairness - formal definition Let α be an execution fragment of an I/O automaton A . α is said to be fair if the following conditions hold for each class C of tasks( A ): 1. If α is finite, then C is not enabled in the final state of α 2. If α is infinite, then α contains either infinitely many events from C or infinitely many occurrences of states in which C is not enabled

  22. Model overview Example: candy vending machines Fairness Properties and proof techniques Outlook and conclusion Fairness - traces and executions We can also define: • fairexecs ( A ) : the set of fair executions of automaton A • fairtraces ( A ) : the set of fair traces of automaton A

Recommend


More recommend