1 / 8

Distributed Programs and their Correctness

This lecture discusses distributed programs, focusing on the correctness of two examples: maximum finding and token ring. It also covers the proof of correctness for Peterson's Mutual Exclusion program.

ebateman
Télécharger la présentation

Distributed Programs and their Correctness

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 2:Distributed Programs and their Correctness Anish Arora CSE 6333

  2. Distributed programs: Example 0 maxima finding Given : Graph (V,E), V = {1,2,3} E = {(1,2), (1,3), (2,1), (3,1)} constant id.1, id.2, id.3 : integer var m.1, m.2, m.3 : integer Design : (j: jV : id.j=m.j)leads-to (j : jV : m.j=(max k : kV: id.k)) program max m.1 < m.2  m.1 = m.2 ▯ m.1 < m.3  m.1 = m.3 ▯m.2 < m.1  m.2 = m.1 ▯ m.3 < m.1  m.3 = m.1

  3. Distributed programs: Example 1 program max-abbreviated parameter j, k : V (▯ j, k : (j, k)  E : m.j < m.k  m.j = m.k) id.1 id.2 id.3 1 2 3

  4. Distributed programs: Example 1 program token ring Given : Graph (V,E), where V = {0,1,…,N-1} E = {Uj : jV : (j, j N 1)) ... vart.j : boolean Design : Initially, exactly one node j has the token (t.j is true) Infinitely often, every node receives that unique token programtring ▯j : j  V : t.j t.j, t.(j N 1):= false, true 1 N-2 0 N-1

  5. Proof of programs (distributed) 0. program max invariant: (j : jV : (k : kV : m.j = id.k))  (j : jV : m.j = (max k : kV : id.k)) variant function: (j : jV : (max k : kV : id.k)–m.j) 1. program tring invariant: (j : jV : t.j)  (j,k : j,kV : (t.j  t.k)  j = k) variant function for j: clockwise distance between node with token & j

  6. Mutual Exclusion program Peterson’s_Mutual_Exclusion var f.1, f.2, cs.1, cs.2, pc.1, pc.2 : Boolean ; turn : {1,2} process j : {1,2} begin  pc.j  f.j  pc.j, f.j := true, true ▯pc.j  pc.j, turn := false, 3-j ▯  pc.j  f.j (f.(3-j)  turn=(3-j))  cs.j := true ▯cs.j  cs.j, f.j := false, false end

  7. Proof of Correctness • An invariant S is (j : j  {1,2} : pc.j  f.j  cs.j  ( f.j  pc.j (f.(3-j)  pc.(3-j)  turn=(3-j)) Safety Proof: Observe that S  (cs.1  cs.2) • If the first two statements of process j are changed to : pc.j  f.j  pc.j, turn := true, 2 ▯ pc.j  pc.j, f.j := false, true there exists a state transition that violates S

  8. Proof of Correctness Liveness There exists a sequence of state transitions that yield a state where  cs.1  cs.2 holds Proof Consider a state where all boolean valued variables are false Now: • execute the first action of process 2; • execute the first, second & third action of process 1; • finally execute the second & third action of process 2

More Related