Synthesis of large dynamic concurrent programs from dynamic specifications

Attie, Paul C.

doi:10.1007/s10703-016-0252-9

Cited by 9 publications

(6 citation statements)

References 59 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The notions of wait-for-graph and supercycle [7,8] were initially defined for a shared memory program P = P 1 ∥ • • • ∥ P K in pairwise normal form [4,5]: a binary symmetric relation I specifies the directly interacting pairs ("neighbors") {P i , P j } If P i has neighbors P j and P k , then the code in P i that interacts with P j is expressed separately from the code in P i that interacts with P k . These synchronization codes are executed synchronously and atomically, so the grain of atomicity is proportional to the degree of I .…”

Section: Related Work Discussion and Further Workmentioning

confidence: 99%

Global and Local Deadlock Freedom in BIP

Attie

Bensalem

Bozga

et al. 2017

ACM Trans. Softw. Eng. Methodol.

Self Cite

View full text Add to dashboard Cite

We present a criterion for checking local and global deadlock freedom of finite state systems expressed in BIP: a component-based framework for constructing complex distributed systems. Our criterion is evaluated by model-checking a set of subsystems of the overall large system. If satisfied in small subsystems, it implies deadlock-freedom of the overall system. If not satisfied, then we re-evaluate over larger subsystems, which improves the accuracy of the check. When the subsystem being checked becomes the entire system, our criterion becomes complete for deadlock-freedom. Hence our criterion only fails to decide deadlock freedom because of computational limitations: state-space explosion sets in when the subsystems become too large. Our method thus combines the possibility of fast response together with theoretical completeness. Other criteria for deadlock freedom, in contrast, are incomplete in principle, and so may fail to decide deadlock freedom even if unlimited computational resources are available. Also, our criterion certifies freedom from local deadlock, in which a subsystem is deadlocked while the rest of the system executes. Other criteria only certify freedom from global deadlock. We present experimental results for dining philosophers and for a multi-token-based resource allocation system, which subsumes several data arbiters and schedulers, including Milner’s token-based scheduler.

show abstract

Section: Related Work Discussion and Further Workmentioning

confidence: 99%

Global and Local Deadlock Freedom in BIP

Attie

Bensalem

Bozga

et al. 2017

ACM Trans. Softw. Eng. Methodol.

Self Cite

View full text Add to dashboard Cite

show abstract

“…The inspect tool [46] is based on runtime model checking, which does not accept cyclic reachability spaces. In pairwise model checking [47], the general temporal formula is used for every pair of mutually-related processes operating in shared memory.…”

Section: Deadlock and Termination Checkingmentioning

confidence: 99%

Specification and Verification in Integrated Model of Distributed Systems (IMDS)

Daszczuk

2018

Computers

View full text Add to dashboard Cite

Distributed systems, such as the Internet of Things (IoT) and cloud computing, are becoming popular. This requires modeling that reflects the natural characteristics of such systems: the locality of independent components, the autonomy of their decisions, and asynchronous communication. Automated verification of deadlocks and distributed termination supports rapid development. Existing techniques do not reflect some features of distribution. Most formalisms are synchronous and/or use some kind of global state, both of which are unrealistic. No model supports the communication duality that allows the integration of a remote procedure call and client-server paradigm into a single, uniform model. The majority of model checkers refer to total deadlocks. Usually, they do not distinguish between communication deadlocks from resource deadlocks and deadlocks from distributed termination. Some verification mechanisms check partial deadlocks at the expense of restricting the structure of the system being verified. The paper presents an original formalism for the modeling and verification of distributed systems. The Integrated Model of Distributed Systems (IMDS) defines a distributed system as two sets: states and messages, and the relationship of the “actions” between these sets. Communication duality provides projections on servers and on traveling agents, but the uniform specification of the verified system is preserved. General temporal formulas over IMDS, independent of the structure of the verified system, allow automated verification. These formulas distinguish between deadlocks and distributed termination, and between communication deadlocks and resource deadlocks. Partial deadlocks and partial termination can be checked. The Dedan tool was developed using IMDS formalism.

show abstract

“…Some other approaches to partial deadlock detection use temporal formulas that are not related to the structure of a verified model. However, such model-unrelated formulas require the system to have specific properties [15] [16]. If a system is non-terminating (cycling), a discontinuation of a process is obviously a deadlock [3].…”

Section: Related Work On Deadlock Detectionmentioning

confidence: 99%

“…As in typical programming language, server types are introduced (lines 3, 12), with formal parameters that specify agents and other servers used in actions. Every server has sets of its states (l.4, 13), services (l.5, 14) and actions (l.7-10, [16][17][18][19]. An action in Dedan is denoted {a.s.r, s.v}{a.s'.r', s.v'}.…”

Section: Example -Bounded Buffermentioning

confidence: 99%

Siphon-based deadlock detection in Integrated Model of Distributed Systems (IMDS)

Daszczuk

2018

Annals of Computer Science and Information Systems

View full text Add to dashboard Cite

Integrated Model of Distributed Systems (IMDS) is a formalism for specification and verification of distributed systems, especially following IoT (Internet of Things) paradigm. The formalism emphasizes such features as asynchrony of actions and communication, locality of decisions, and autonomy in executing actions. In conjunction with model checking, IMDS allows to analyze such features of distributed systems as deadlocks or distributed termination. However, the nature of model checking allows to find one deadlock in a single run of the verifier, which produces a counterexample.The conversion of IMDS specification to a Petri net is used to identify multiple deadlocks in one verification, using siphons. Model checking is used to verify if a siphon can become empty, which denotes a true deadlock in a purely cyclic system, like FMS (Flexible Manufacturing Systems). The extension of the verification by temporal checking allows to cover systems with any structure: cyclic, terminating, or with a more complex scheme. In addition, the proposed procedure allows to easily identify processes participating in partial deadlocks. Two types of deadlock can be identified: communication deadlocks and resource deadlocks. I. INTRODUCTION MDS (Integrated Model of Distributed Systems [1][2]) is a formalism for describing the behavior of distributed systems, especially for finding deadlocks. A system is modeled as a set of actions, having servers' states and agents' messages on input and on output. In IMDS, a communication dualism is exploited, since the modeled system is represented as server processes that communicate by messages, or alternatively by travelling processes (agents) that communicate by means of servers' states. A model of a distributed system is uniform (that is, it has a single form), but it can be decomposed ("cut") to a set of server processes or a set of agent processes. System actions are combined in sequences to form the processes. An action has a current server's state and an agent's current message on input, and it produces a similar pair (a new server's state and a new agent's message) on output.The two views of a system (server view and agent view) are obtained by the two possible groupings of a set of all actions into sequences. In the server view, actions of an indi-This work was not supported by any organization vidual server are grouped into a process (the definition of processes is included in Sect. IIIB). The server's states are the carrier of the server process, and the messages are the communication means between server processes. In the agent view, actions concerning an individual agent conform a process. Messages are internal to a process: they are the carrier of the process. The agent processes communicate via servers' states.

show abstract

Synthesis of large dynamic concurrent programs from dynamic specifications

Cited by 9 publications

References 59 publications

Global and Local Deadlock Freedom in BIP

Global and Local Deadlock Freedom in BIP

Specification and Verification in Integrated Model of Distributed Systems (IMDS)

Siphon-based deadlock detection in Integrated Model of Distributed Systems (IMDS)

Contact Info

Product

Resources

About