1 / 9

Mathematical Models and Proof/Analysis Methods for Timing-Based Systems

Mathematical Models and Proof/Analysis Methods for Timing-Based Systems. And… Their Application to Communication, Fault-Tolerant Distributed Computing, and Hybrid Systems. Nancy Lynch Theory of Distributed Systems MIT Laboratory for Computer Science. PI : Nancy Lynch

parley
Download Presentation

Mathematical Models and Proof/Analysis Methods for Timing-Based Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Mathematical Models and Proof/Analysis Methods for Timing-Based Systems And… Their Application to Communication, Fault-Tolerant Distributed Computing, and Hybrid Systems Nancy Lynch Theory of Distributed Systems MIT Laboratory for Computer Science

  2. PI: Nancy Lynch • Research Associates: John Lygeros, Alex Shvartsman • Collaborators: Myla Archer, Mike Branicky, Alan Fekete, Steve Garland, Frans Kaashoek, Butler Lampson, Sergio Rajsbaum, Roberto Segala, Nir Shavit, Frits Vaandrager • Students: Anna Chefter, Oleg Cheiner, Gio della Libera, Roberto De Prisco, Katya Dolginova, Gunnar Hoest, Henrik Jensen, Roger Khazan, Carl Livadas, Victor Luchangco, Tsvetomir Petrov, Anna Pogosyants, Mark Smith, Josh Tauber, Mandana Vaziri, H. B. Weinberg

  3. OVERVIEW • Math models, proof methods, for complex distributed algorithms. Infinte-state machines, shared action communication: I/O automata [Lynch, Tuttle]; Timed I/O automata [Lynch, Vaandrager]; Composition, invariant assertions, levels of abstraction Timing analysis • System decomposition • Impact: Careful descriptions, proofs. Raised standards. Helped unify field. • DARPA project: Extend models, metgods to practical applications: Communication, fault-tolerant distributed computing, hybrid systems.

  4. HIGHLIGHTSA. Models and Proof Methods • Computer-aided verification of invariants and simulation relations [Garland, Archer, Jensen, Luchangco, Petrov] • Timed I/O automata and liveness properties [Gawlick, Lynch, Segala, Sogaard-Andersen] • Clock Automata [De Prisco, Lynch] • Hybrid I/O automata, invariants, simulation relations [Lynch, Segala, Vaandrager, Weinberg] • Abstraction to finite-state systems [Jensen]

  5. B. TCP, T/TCP [Smith; Clark, Lynch] Specified service, using I/O automata. Modelled TCP protocol with unbounded UIDs. Proved correctness, using invariants, simulation relations. Modelled TCP with bounded UIDs, using timed I/O automata. Identified needed timing assumptions (more than in TCP specs) Proved correctness, using invariants, simulation to unbounded TCP. • TCP: • T/TCP: Modelled T/TCP using timed automata. Tried to show simulation relation from T/TCP to TCP. Failed. Showed impossibility result. Gave weaker spec.

  6. C. Group Communication Services [De Prisco, Fekete, Khazan, Lynch, Shvartsman] • Uses: Load-balancing, communication, coherent shared memory • VS (“view-synchrony”) service definition: Group membership VS state machine, VS performance/fault-tolerant property Used VS to implement TO-broadcast; spec, proofs. • New: Most invariants proved using PVS [Archer] VS implementation model, proofs [Fekete, Lesley] Adaptive TO-bcast [Chockler] Load balancing application [Khazan] • Dynamic view-synchrony [De Prisco, Fekete, Lynch, Shvartsman] DVS service spec, implementation, application to TO, proofs.

  7. D. Other Distributed System Building Blocks • Orca [Fekete, Kaashoek, Lynch] • Quorom-based broadcast-convergecast service [Lynch, Shvartsman] • Transformation of fault-tolerant algorithms [Borowsky, Gafni, Lynch, Rajsbaum] • Eventually Serializable Data Services [Fekete, Luchangco, Lynch, Shvartsman] • Paxos [De Prisco, Lampson, Lynch]

  8. E. AutomatedTransportation • TIOA -> HIOA, for hybrid (continuous/discrete) systems: State machine with continuous trajectories. Shared action and shared variables. Composition, invariants, abstraction. • Deceleration maneuvers [Weinberg, Lynch] • Acceleration maneuver, using levels of abstraction [Lynch] • Vehicle protection systems (Raytheon) [Weinberg, Livadas, Delisle, Lynch] • Platoon safety (PATH - Berkeley): Single collisions [Branicky, Dolginova, Lynch]; Multiple collisions [Lygeros, Lynch] • Aircraft control (Lincoln Labs, TASC, Honeywell, NASA Langley): TCAS model, preliminary theorems [Lygeros, Livadas, Lynch] Center TRACON landing protocol model [Lygeros et al].

  9. F. IOA [Chefter, Garland, Lynch Tauber, Vaziri] • Language, tools to support modelling, proofs, use in distributed system software development. • IOA Language: Describes I/O automata; Transition definitions with preconditions/effects; Axiomatic data types; Operational and axiomatic styles; Nondeterminism; Expresses composition, invariants, abstraction. • IOA Toolset: Parser, static semantic checker; Support for composition, abstraction; Interface to theorem-provers, model-checkers; Simulator; Paired simulation; Code generator; Node, channel automata; Abstract channels.

More Related