200 likes | 320 Views
Maximality Properties. Dr. Mikhail Nesterenko Presented By Ibrahim Motiwala. Contents. Notion of Maximality Proving Maximality Justification For proof rules Random assignment Faulty Channel Conclusion. What is Maximality?. Program P that implements a given Specification S.
E N D
Maximality Properties Dr. Mikhail Nesterenko Presented By Ibrahim Motiwala
Contents • Notion of Maximality • Proving Maximality • Justification For proof rules • Random assignment • Faulty Channel • Conclusion
What is Maximality? • Program P that implements a given Specification S. i.e. Set |P| of executions of P is a subset of the set |S| of executions that satisfy S. If |P|=|S| then every execution that satisfies specification S is a possible execution of P.
Why? • 3 reasons • To eliminate undesirable solutions for for a given specification, ones that restrict concurrency. • The simulation program has to be maximal for the specification of the artifact. • A single maximal program for a problem may be the basis for the family of interrelated programs , each of which may be appropriate for a different computing platform.
Given a program, P , that is to be proven maximal, Any sequence of states, meeting the specification is a possible output of the program. We first construct a constrained program, P’ from P and ; the constrained program retains the structure of P , but its actions are restricted by guards and augmented by assignments to certain auxiliary variables All fair executions of P’ produce and that any such execution corresponds to a fair execution of P ; hence, is a possible output of P.
Box FairNatural integer n=0; total action :: n:=n+1 total method fnat ( x::integer ) :: x,n:=n,0 End {FairNatural} corresponds to total action to method fnat Notations Safety and progress proof X is assigned only non-negative numbers and x is infinitely positive. Invariant x>=0 True x>0
Program P and specification S Any sequence that satisfies S may be obtained from any execution of P. Define infinite sequence of states = , … satisfies S. Following properties Initially p, p co Q and p q P( ) means that predicate p holds in state Sequence satisfies if it satisfies each and every property in S.
Faulty Channel : May lose messages, duplicate any message an unbounded (though finite) number of times, and permute the order of messages. For any point in the computation, it is given that not all messages beyond this point will be lost; otherwise, there can be no guarantee of any message transmission at all. Such a protocol can be studied (proved correct) by encoding the communication between the sender and the receiver using a maximal solution for the faulty channel We simulate a faulty channel using a bag b. The bag holds the messages that are to yet be delivered; it may hold several copies of the same message to simulate duplication, and the nature of a bag implements out-of-order delivery. To simulate message loss and duplication, we compute a count n whenever a message is added to b; the count is an arbitrary natural number, denoting the number of times that the message is to be delivered. If n = 0 for a message then it is immediately discarded (the message is lost), and for n exceeding 0 the message is added n times to b. In order to implement the requirement that not all messages are eventually lost, we require that n become non-zero periodically. Clearly, FairNatural can be used to compute n.
Conclusion Notion of Maximality, which rules out implementation with sufficient nondeterminism. A maximal program for a given specification has all the behaviors admitted by the specification. Proof methods may be used to show that a program admits a specific set of executions