reduction revisited verifying round based distributed
play

Reduction Revisited: Verifying Round-Based Distributed Algorithms - PowerPoint PPT Presentation

Mar 28, 2024 •16 likes •576 views

Reduction Revisited: Verifying Round-Based Distributed Algorithms Stephan Merz INRIA Nancy & LORIA joint work with Bernadette Charron-Bost, LIX & CNRS MPC 2010 June 23, 2010 Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 1

  1. Reduction Revisited: Verifying Round-Based Distributed Algorithms Stephan Merz INRIA Nancy & LORIA joint work with Bernadette Charron-Bost, LIX & CNRS MPC 2010 June 23, 2010 Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 1 / 39

  2. Example: mutual exclusion algorithms integer turn = 0; boolean req0, req1 = false; process P0 process P1 loop loop nc 0 : skip ; nc 1 : skip ; rq 0 : req0 := true; rq 1 : req1 := true; � ps 0 : turn := 1; ps 1 : turn := 0; wt 0 : await ¬ req1 ∨ turn = 0; wt 1 : await ¬ req0 ∨ turn = 1; cs 0 : skip ; cs 1 : skip ; ex 0 : req0 := false; ex 1 : req1 := false; endloop endloop Critical section can be abstracted to atomic step Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 2 / 39

  3. Example: mutual exclusion algorithms integer turn = 0; boolean req0, req1 = false; process P0 process P1 loop loop nc 0 : skip ; nc 1 : skip ; rq 0 : � req0 := true; rq 1 : � req1 := true; turn := 1; � � turn := 0; � wt 0 : await ¬ req1 ∨ turn = 0; wt 1 : await ¬ req0 ∨ turn = 1; cs 0 : skip ; cs 1 : skip ; ex 0 : req0 := false; ex 1 : req1 := false; endloop endloop Critical section can be abstracted to atomic step Is it okay to combine the following actions into an atomic step? statements rq i and ps i 1 Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 2 / 39

  4. Example: mutual exclusion algorithms integer turn = 0; boolean req0, req1 = false; process P0 process P1 loop loop nc 0 : skip ; nc 1 : skip ; rq 0 : � req0 := true; rq 1 : � req1 := true; � turn := 1; turn := 0; await ¬ req1 ∨ turn = 0; � await ¬ req0 ∨ turn = 1; � cs 0 : skip ; cs 1 : skip ; ex 0 : req0 := false; ex 1 : req1 := false; endloop endloop Critical section can be abstracted to atomic step Is it okay to combine the following actions into an atomic step? statements rq i and ps i 1 statements rq i , ps i , and wt i 2 Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 2 / 39

  5. Example: mutual exclusion algorithms integer turn = 0; boolean req0, req1 = false; process P0 process P1 loop loop nc 0 : skip ; nc 1 : skip ; rq 0 : req0 := true; rq 1 : req1 := true; � ps 0 : turn := 1; ps 1 : turn := 0; wt 0 : await ¬ req1 ∨ turn = 0; wt 1 : await ¬ req0 ∨ turn = 1; cs 0 : � skip ; cs 1 : � skip ; req0 := false; � req1 := false; � endloop endloop Critical section can be abstracted to atomic step Is it okay to combine the following actions into an atomic step? statements rq i and ps i 1 statements rq i , ps i , and wt i 2 statements cs i and ex i 3 Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 2 / 39

  6. Outline Reduction Theorems for the Verification of Concurrent Programs 1 Fault-Tolerant Distributed Computing 2 Reduction for Round-Based Distributed Algorithms 3 Experiments: Verification of Consensus Algorithms 4 Conclusion 5 Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 3 / 39

  7. Reduction: overall idea Justify combining subsequent operations into an atomic step Fewer atomic steps � simpler verification Theorem (folklore) One can pretend that a sequence of statements is executed atomically if it contains at most one access to a shared variable. Folk theorem justifies combining cs i and ex i (previous example) Folk theorem does not justify combining rq i and ps i Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 4 / 39

  8. Reduction: overall idea Justify combining subsequent operations into an atomic step Fewer atomic steps � simpler verification Theorem (folklore) One can pretend that a sequence of statements is executed atomically if it contains at most one access to a shared variable. Folk theorem justifies combining cs i and ex i (previous example) Folk theorem does not justify combining rq i and ps i Consider the single-process program where initially x = y y : = x + 1; x : = y Since no variable is shared, it should be equivalent to � y : = x + 1; x : = y � Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 4 / 39

  9. Reduction: overall idea Justify combining subsequent operations into an atomic step Fewer atomic steps � simpler verification Theorem (folklore) One can pretend that a sequence of statements is executed atomically if it contains at most one access to a shared variable. Folk theorem justifies combining cs i and ex i (previous example) Folk theorem does not justify combining rq i and ps i Consider the single-process program where initially x = y y : = x + 1; x : = y Since no variable is shared, it should be equivalent to � y : = x + 1; x : = y � But the latter program satisfies � ( x = y ) ! Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 4 / 39

  10. Left and right movers Definition (Lipton 1975) An action a is a right mover if whenever α ab is a computation where a and b are performed by different processes then α ba is also a computation and these computations result in the same state. The definition of a left mover is symmetrical. s ab → t ⇒ s ba Right mover − − → t for all b ◮ right commutes with every action of different processes ◮ example: acquisitions of resources (e.g., semaphores) s ba → t ⇒ s ab Left mover − − → t for all b ◮ left commutes with every action of different processes ◮ example: releases of resources R.J. Lipton. Reduction: A Method of Proving Properties of Parallel Programs. CACM 18(12):717-721, 1975. Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 5 / 39

  11. Left and right movers in example integer turn = 0; boolean req0, req1 = false; process P0 process P1 loop loop nc 0 : skip ; nc 1 : skip ; rq 0 : req0 := true; rq 1 : req1 := true; � ps 0 : turn := 1; ps 1 : turn := 0; wt 0 : await ¬ req1 ∨ turn = 0; wt 1 : await ¬ req0 ∨ turn = 1; cs 0 : skip ; cs 1 : skip ; ex 0 : req0 := false; ex 1 : req1 := false; endloop endloop Actions rq i are right movers ◮ in particular, cannot make await condition of other process true rq 0 wt 1 wt 1 rq 0 ◮ formally, s − − − − → t implies s − − − − → t Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 6 / 39

  12. Left and right movers in example integer turn = 0; boolean req0, req1 = false; process P0 process P1 loop loop nc 0 : skip ; nc 1 : skip ; rq 0 : req0 := true; rq 1 : req1 := true; � ps 0 : turn := 1; ps 1 : turn := 0; wt 0 : await ¬ req1 ∨ turn = 0; wt 1 : await ¬ req0 ∨ turn = 1; cs 0 : skip ; cs 1 : skip ; ex 0 : req0 := false; ex 1 : req1 := false; endloop endloop Actions rq i are right movers ◮ in particular, cannot make await condition of other process true rq 0 wt 1 wt 1 rq 0 ◮ formally, s − − − − → t implies s − − − − → t Actions cs i and ex i are left movers Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 6 / 39

  13. Left and right movers in example integer turn = 0; boolean req0, req1 = false; process P0 process P1 loop loop nc 0 : skip ; nc 1 : skip ; rq 0 : req0 := true; rq 1 : req1 := true; � ps 0 : turn := 1; ps 1 : turn := 0; wt 0 : await ¬ req1 ∨ turn = 0; wt 1 : await ¬ req0 ∨ turn = 1; cs 0 : skip ; cs 1 : skip ; ex 0 : req0 := false; ex 1 : req1 := false; endloop endloop Actions rq i are right movers ◮ in particular, cannot make await condition of other process true rq 0 wt 1 wt 1 rq 0 ◮ formally, s − − − − → t implies s − − − − → t Actions cs i and ex i are left movers Actions ps i and wt i are neither left nor right movers Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 6 / 39

  14. Lipton’s reduction theorem Theorem (Lipton 1975) Suppose that A = A 1 ; . . . ; A k is such that for some i: A 1 , . . . , A i − 1 are right movers, A i + 1 , . . . , A k are left movers, and each A 2 , . . . , A k can always execute. and let P / A denote the program obtained from P by replacing A 1 ; . . . ; A k by � A 1 ; . . . ; A k � . Then P halts iff P / A halts and the final states of P equal the final states of P / A. Preservation of deadlock-freedom and partial correctness Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 7 / 39

  15. Application to example Lipton’s theorem justifies reduction to integer turn = 0; boolean req0, req1 = false; process P0 process P1 loop loop nc 0 : skip ; nc 1 : skip ; rq 0 : � req0 := true; rq 1 : � req1 := true; turn := 1; � � turn := 0; � wt 0 : � await ¬ req1 ∨ turn = 0; wt 1 : � await ¬ req0 ∨ turn = 1; skip ; skip ; req0 := false; � req1 := false; � endloop endloop . . . but only for proving absence of deadlock Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 8 / 39

  16. Doeppner’s reduction theorem Theorem Let Π be a program and S have the form R ; � A � ; L where all actions in R are right movers and all actions in L are left movers. Let in ( S ) be true iff control resides inside S and Q be an arbitrary predicate. Then Q is an invariant of Π / S iff Q ∨ in ( S ) is an invariant of Π . Generalization of Lipton’s theorem to invariant reasoning Can be used for proving mutual exclusion of example program T.W. Doeppner. Parallel program correctness through refinement. POPL 1977 (ACM), pp. 155-169. Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 9 / 39

Recommend

SpaceSearch: A Library for Building and Verifying Solver-Aided Tools Konstantin Steven S.

SpaceSearch: A Library for Building and Verifying Solver-Aided Tools Konstantin Steven S.

SpaceSearch: A Library for Building and Verifying Solver-Aided Tools Konstantin Steven S. Stefan Emina Michael Zachary Weitz Lyubomirsky Heule Torlak D. Ernst Tatlock Reduction SMT Reduction SMT Reduction SpaceSearch Reduction

747 views • 57 slides
SpaceSearch: A Library for Building and Verifying Solver-Aided Tools Konstantin Steven S.

SpaceSearch: A Library for Building and Verifying Solver-Aided Tools Konstantin Steven S.

SpaceSearch: A Library for Building and Verifying Solver-Aided Tools Konstantin Steven S. Stefan Emina Michael Zachary Weitz Lyubomirsky Heule Torlak D. Ernst Tatlock Reduction SMT Reduction SMT Reduction SpaceSearch

696 views • 59 slides
Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint

Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint

Verifying Distributed Programs via Canonical Sequentialization Klaus von Gleissenthall Joint work with Alexander Bakst, Ranjit Jhala and Rami Gkhan Kc 1 Writing distributed programs A bug appears Issue: random hangs / deadlock in

809 views • 79 slides
Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong

Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong

Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong University. Wenling Liu @ SJTU Table of Contents Lattice Backgrounds LenstraLenstraLov asz Reduction Hemite SVP reduction and DBKZ Algorithm

930 views • 49 slides
Verifying distributed systems with unbounded channels egis Gascon & R Eric Madelaine

Verifying distributed systems with unbounded channels egis Gascon & R Eric Madelaine

Verifying distributed systems with unbounded channels egis Gascon & R Eric Madelaine INRIA Sophia Antipolis SAFA Workshop - September 23rd, 2009 egis Gascon & Verifying distributed systems with unbounded channels R Eric

601 views • 46 slides
Graph Reduction Hardware Revisited Rob Stewart ( R.Stewart@hw.ac.uk ) 1 Evgenij Belikov 1

Graph Reduction Hardware Revisited Rob Stewart ( R.Stewart@hw.ac.uk ) 1 Evgenij Belikov 1

Graph Reduction Hardware Revisited Rob Stewart ( R.Stewart@hw.ac.uk ) 1 Evgenij Belikov 1 Hans-Wolfgang Loidl 1 Paulo Garcia 2 14 th June 2018 1 Mathematical and Computer Sciences Heriot-Wat University Edinburgh, UK 2 United Technologies Research

564 views • 31 slides
BYOD Revisited: BUILD Your Own Device Ron Munitz The PSCG about://Ron_Munitz Distributed

BYOD Revisited: BUILD Your Own Device Ron Munitz The PSCG about://Ron_Munitz Distributed

BYOD Revisited: BUILD Your Own Device Ron Munitz The PSCG about://Ron_Munitz Distributed Fault Tolerant Avionic Systems Linux, VxWorks, very esoteric libraries, 0s and 1s Highly distributed video routers Linux Real

617 views • 49 slides
Building and verifying a quasi-certification entity over Distributed Hash Tables F. Kordon -

Building and verifying a quasi-certification entity over Distributed Hash Tables F. Kordon -

Building and verifying a quasi-certification entity over Distributed Hash Tables F. Kordon - Universit P. & M. Curie - CC2016 Join work with X. Bonnaire, R. Cortes & O. Marin UPMC (France), UFSM (Chile), NYUS (China)

648 views • 53 slides
Verifying Safety of Fault-Tolerant Distributed Components R. Ameur-Boulifa (1) , R. Halalai (2) ,

Verifying Safety of Fault-Tolerant Distributed Components R. Ameur-Boulifa (1) , R. Halalai (2) ,

Verifying Safety of Fault-Tolerant Distributed Components R. Ameur-Boulifa (1) , R. Halalai (2) , L. Henrio (2) , E. Madelaine (2) (1) Telecom-ParisTech Sophia-Antipolis (2) Oasis team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis

750 views • 27 slides
Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya

Specifying and Verifying Concurrent Algorithms with Histories and Subjectivity Ilya Sergey Aleks Nanevski Anindya Banerjee ESOP 2015 A logic-based approach for Specifying and Verifying Concurrent Algorithms An

2.36k views • 186 slides
Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or

Toy Example Toy Example Toy Example Toy Example Toy Example D 1 weak classifiers = vertical or horizontal half-planes Round 1 Round 1 Round 1 Round 1 Round 1 h 1 D 2 " 1 =0.30 ! =0.42 1 Round 2 Round 2 Round 2 Round 2 Round

188 views • 5 slides
Verifying the entire hardware of distributed real time systems W. Paul Universitt Saarbrcken

Verifying the entire hardware of distributed real time systems W. Paul Universitt Saarbrcken

Verifying the entire hardware of distributed real time systems W. Paul Universitt Saarbrcken wiss. Gesamtprojektleiter bmb+f Projekt Verisoft www.verisoft.de You all know how to design hardware... Hardware verification is the process

473 views • 44 slides
Ranking-Based Voting How to Describe . . . Revisited: Maximum Utility-Based Decision . . . How

Ranking-Based Voting How to Describe . . . Revisited: Maximum Utility-Based Decision . . . How

Need for Voting and . . . What Information Can . . . Ranking-Based . . . Why Borda Count? Ranking-Based Voting How to Describe . . . Revisited: Maximum Utility-Based Decision . . . How to Make a Group . . . Entropy Approach Case of

468 views • 28 slides
Galindo-Garcia Identity-Based Signature Revisited. Sanjit Chatterjee, Chethan Kamath and Vikas

Galindo-Garcia Identity-Based Signature Revisited. Sanjit Chatterjee, Chethan Kamath and Vikas

Galindo-Garcia Identity-Based Signature Revisited. Galindo-Garcia Identity-Based Signature Revisited. Sanjit Chatterjee, Chethan Kamath and Vikas Kumar Indian Institute of Science, Bangalore November 2, 2013 Galindo-Garcia Identity-Based

584 views • 57 slides
SABER: Module-LWR based KEM Round 2 J. P. DAnvers A. Karmakar S. S. Roy F. Vercauteren KU

SABER: Module-LWR based KEM Round 2 J. P. DAnvers A. Karmakar S. S. Roy F. Vercauteren KU

SABER: Module-LWR based KEM Round 2 J. P. DAnvers A. Karmakar S. S. Roy F. Vercauteren KU Leuven August 22, 2019 0 Outline 1 Introduction 2 Round 2 changes 3 Implementations 4 Conclusion 1 SABER 1 Outline 1 Introduction 2 Round 2

969 views • 40 slides
Reuse-based & Choreography-based Distributed Systems Reuse-based Software Engineering

Reuse-based & Choreography-based Distributed Systems Reuse-based Software Engineering

Reuse-based & Choreography-based Distributed Systems Reuse-based Software Engineering Distributed Systems Mar Marco Autili BPMN2 Choreographies basics University of LAquila Invited Seminar Lecture 1 Course: Advanced

724 views • 59 slides
On Bringing Object-Oriented Software Metrics into the Model-Based World Verifying ISO 26262

On Bringing Object-Oriented Software Metrics into the Model-Based World Verifying ISO 26262

On Bringing Object-Oriented Software Metrics into the Model-Based World Verifying ISO 26262 Compliance in Simulink Lukas Murer, Torben Stolte Tanja Hebecker, Michael Lipaczewski Uwe Mhrstdt, Frank Ortmeier Motivation Functional safety

589 views • 21 slides
Detecting Erroneous Assumptions when verifying software using SMT solvers David R. Cok Eastman

Detecting Erroneous Assumptions when verifying software using SMT solvers David R. Cok Eastman

Detecting Erroneous Assumptions when verifying software using SMT solvers David R. Cok Eastman Kodak Company Research Laboratories 14 July 2008 AFM 08 (Note: E-version distributed at CAV is the preliminary, not final version) Context

455 views • 44 slides
Hom and Ext, Revisited Justin Lyle Lawrence, KS justin.lyle@ku.edu April 28, 2018 JL Hom and

Hom and Ext, Revisited Justin Lyle Lawrence, KS justin.lyle@ku.edu April 28, 2018 JL Hom and

Hom and Ext, Revisited Hom and Ext, Revisited Justin Lyle Lawrence, KS justin.lyle@ku.edu April 28, 2018 JL Hom and Ext, Revisited Hom and Ext, Revisited Joint work with Hailong Dao and Mohammad Eghbali JL Hom and Ext, Revisited Hom

872 views • 45 slides
A Model-driven Methodology for Generating and Verifying CSP-based Java Code no 1 ul N.N. Alborodo

A Model-driven Methodology for Generating and Verifying CSP-based Java Code no 1 ul N.N. Alborodo

A Model-driven Methodology for Generating and Verifying CSP-based Java Code no 1 ul N.N. Alborodo 2 Julio Mari Ra 1 Universidad Polit 2 IMDEA Software Institute ecnica de Madrid Babel research group raul.alborodo@imdea.org

758 views • 45 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 10 November, 2017 1/34 Outline Motivation and related work Our approach

681 views • 34 slides
Differential Analysis of Round-Reduced AES Faulty Ciphertexts Amir-Pasha Mirbaha Jean-Max

Differential Analysis of Round-Reduced AES Faulty Ciphertexts Amir-Pasha Mirbaha Jean-Max

DFT 2013 Differential Analysis of Round-Reduced AES Faulty Ciphertexts Amir-Pasha Mirbaha Jean-Max Dutertre Assia Tria Outline Introduction State-of-the-art of the Round Reduction Analysis Theory of our attacks and the realizations

591 views • 14 slides
Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of

Verifying filesystems in ACL2 Towards verifying file recovery tools Mihir Mehta Department of Computer Science University of Texas at Austin mihir@cs.utexas.edu 09 March, 2017 Overview 1. Why we need a verified filesystem 2. Our approach

514 views • 29 slides
A Round-Efficient Distributed Betweenness Centrality Algorithm Loc Hoang , Matteo Pontecorvi,

A Round-Efficient Distributed Betweenness Centrality Algorithm Loc Hoang , Matteo Pontecorvi,

A Round-Efficient Distributed Betweenness Centrality Algorithm Loc Hoang , Matteo Pontecorvi, Roshan Dathathri, Gurbinder Gill, Bozhi You, Keshav Pingali, and Vijaya Ramachandran 1 Betweenness Centrality Betweenness Centrality (BC) used to

1.06k views • 53 slides

More recommend