1 / 12

Concurrency 6

This article explores the specification and verification of distributed schedulers and counters in the CCS framework. It provides examples and proofs of correctness for the implementation of these systems.

holtl
Télécharger la présentation

Concurrency 6

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Concurrency 6 Specification and Verification in CCS Catuscia Palamidessi catuscia@lix.polytechnique.fr

  2. Example: A distributed scheduler • 1,...,n are tasks identifiers. Tasks have to be executed repeatedly,in a cyclic order. There can be more than one task executed at the same time, but the next instance of Task i cannot start before previous instance has finished. • Specification: We use: • ak as the signal start to Taks k and • bk as the signal that Task k has terminated Assume: • X  {1,...,n } are the tasks in progress • Task i is next ScSpec(i,X)  { bk. ScSpec(i,X-{k}) | k  X} if i  X ScSpec(i,X)  ai.ScSpec(i+1,XU{i}) +  { bk. ScSpec(i,X-{k}) | k  X} if i  X Concurrency 6

  3. Example: A distributed scheduler • Implementation: We build the scheduler, Sched, as a ring of n cells each linked to one task • Cell: A  a.C C  c.E E  b.D + d.B B  b.A D  d.A Note: A stands for A(a,b,c,d), B stands for B(a,b,c,d), etc. We will also use Ak for A(ak,bk,ck,ck-1), Bk for B(ak,bk,ck,ck-1), etc. • Definition Sched  (n c1)...(n cn) ( A1 |  { Dk | k  1}) • Theorem 1 (Correctness of the implementation wrt the specification): Sched = ScSpec(1,) Concurrency 6

  4. Scheduler: Proof of correctness • The meaning of the various cells: • Ai : Task i is next, and it is ready to initiate • Bi: Task i is next, but it is not ready to initiate • Di: Task i is not next, but it is ready to initiate • Ei: Task i is not next, and it is not ready to initiate • Definition: Sched(i,X) (n c)(Bi |  {Dk | k  X} |  {Em | m  X-{i} } ) if i  X Sched(i,X) (n c)(Ai |  {Dk | k  X U {i} } |  { Em | m  X } ) if i  X • Proposition 2: Sched(i,X) = ScSpec(i,X) • Theorem 1 is a particular case of Proposition 2 Concurrency 6

  5. Implementation of the scheduler: how it works D cn b1 next A a1 c1 b2 D a2 c2 D b3 a3 Concurrency 6

  6. Implementation of the scheduler: how it works D cn b1 C a1 T1 c1 b2 D a2 c2 D b3 a3 Concurrency 6

  7. Implementation of the scheduler: how it works D cn b1 E a1 T1 c1 b2 A next a2 c2 D b3 a3 Concurrency 6

  8. Implementation of the scheduler: a possible future configuration E cn b1 B Tn next a1 T1 c1 b2 D a2 c2 T3 E b3 a3 Concurrency 6

  9. Scheduler: Proof of Correctness Proposition 2: Sched(i,X) = ScSpec(i,X) Proof • Lemma 3 • (1) (n ci) ( Ci | Di+1 ) = t.(n ci) ( Ei | Ai+1 ) • (2) (n ci) ( Ci | Ei+1 ) = t.(n ci) ( Ei | Bi+1 ) Proof: By exapansion law • Lemma 4 • Sched(i,X) =  { bk. Sched(i,X-{k}) | k  X } if i  X • Sched(i,X) = ai.Sched(i+1,XU{i}) +  { bk. Sched(i,X-{k}) | k  X } if i  X Proof: By Expansion law and Lemma 3 From Lemma 4 and the Definition law we obtain that Sched(i,X) = ScSpec(i,X)□ Concurrency 6

  10. Example: Counter • It is possible in CCS to create structures which grow and shrink dynamically. Examples include unbounded queues and stacks, and counters. • Specification of a Counter A counter is an object that can be • tested for zero zero • incremented inc • decremented dec Count0 inc.Count1 + zero. Count0 Countn inc.Countn+1 + dec. Countn-1 n > 0 Concurrency 6

  11. Example: Counter • Implementation: A structure obtained by linking together a process B and n copies of a process C specified as follows: B inc.(B^C) + zero.B C inc.(C^C) + dec.D D  d.C + z.B P^Q  (n i’)(n z’)(n d’)(P(z,d,i’,z’,d’) | Q(z’,d’, inc,zero,dec)) Note: B, C and D stand for B(z,d,inc,zero,dec), C(z,d,inc,zero,dec), and D(z,d,inc,zero,dec) respectively. (P^Q) stands for (P^Q)(z,d,inc,zero,dec). Proposition: ^ is associative, i.e. P^(Q^R) = (P^Q)^R inc B inc C zero z zero dec dec d Concurrency 6

  12. Example: Counter • Implementation: Definition: C(n) B^C^C^...^C (n times) • Theorem (Correctness): C(n) = Countn Proof Lemma: (1) C^D  D^C (2) B^D  B^B (3) B^B = B We can now prove that • C(0) = inc. C(1) + zero. C(0) and • C(n) = C(n-1) ^C for n > 0 by definition = inc. (C(n-1) ^C^C) + dec. (C(n-1) ^D) by expansion law = inc. C(n+1) + dec. C(n-1) by the lemma above Hence C(n) satisfies the same equations as Countn. By the unique solution law we can conclude C(n) = Countn □ Concurrency 6

More Related