80 likes | 168 Views
Lecture 2: Distributed Programs and their Correctness. Anish Arora CSE 6333. Distributed programs: Example 0. maxima finding Given : Graph (V,E), V = {1,2,3} E = {(1,2), (1,3), (2,1), (3,1)} constant id.1, id.2, id.3 : integer
E N D
Lecture 2:Distributed Programs and their Correctness Anish Arora CSE 6333
Distributed programs: Example 0 maxima finding Given : Graph (V,E), V = {1,2,3} E = {(1,2), (1,3), (2,1), (3,1)} constant id.1, id.2, id.3 : integer var m.1, m.2, m.3 : integer Design : (j: jV : id.j=m.j)leads-to (j : jV : m.j=(max k : kV: id.k)) program max m.1 < m.2 m.1 = m.2 ▯ m.1 < m.3 m.1 = m.3 ▯m.2 < m.1 m.2 = m.1 ▯ m.3 < m.1 m.3 = m.1
Distributed programs: Example 1 program max-abbreviated parameter j, k : V (▯ j, k : (j, k) E : m.j < m.k m.j = m.k) id.1 id.2 id.3 1 2 3
Distributed programs: Example 1 program token ring Given : Graph (V,E), where V = {0,1,…,N-1} E = {Uj : jV : (j, j N 1)) ... vart.j : boolean Design : Initially, exactly one node j has the token (t.j is true) Infinitely often, every node receives that unique token programtring ▯j : j V : t.j t.j, t.(j N 1):= false, true 1 N-2 0 N-1
Proof of programs (distributed) 0. program max invariant: (j : jV : (k : kV : m.j = id.k)) (j : jV : m.j = (max k : kV : id.k)) variant function: (j : jV : (max k : kV : id.k)–m.j) 1. program tring invariant: (j : jV : t.j) (j,k : j,kV : (t.j t.k) j = k) variant function for j: clockwise distance between node with token & j
Mutual Exclusion program Peterson’s_Mutual_Exclusion var f.1, f.2, cs.1, cs.2, pc.1, pc.2 : Boolean ; turn : {1,2} process j : {1,2} begin pc.j f.j pc.j, f.j := true, true ▯pc.j pc.j, turn := false, 3-j ▯ pc.j f.j (f.(3-j) turn=(3-j)) cs.j := true ▯cs.j cs.j, f.j := false, false end
Proof of Correctness • An invariant S is (j : j {1,2} : pc.j f.j cs.j ( f.j pc.j (f.(3-j) pc.(3-j) turn=(3-j)) Safety Proof: Observe that S (cs.1 cs.2) • If the first two statements of process j are changed to : pc.j f.j pc.j, turn := true, 2 ▯ pc.j pc.j, f.j := false, true there exists a state transition that violates S
Proof of Correctness Liveness There exists a sequence of state transitions that yield a state where cs.1 cs.2 holds Proof Consider a state where all boolean valued variables are false Now: • execute the first action of process 2; • execute the first, second & third action of process 1; • finally execute the second & third action of process 2