Implementation of an Interleaving Semantics for TLDA
Upcoming SlideShare
Loading in...5
×
 

Implementation of an Interleaving Semantics for TLDA

on

  • 555 views

Presentation given by Niels Lohmann on May 7, 2005 in Berlin, Germany; Overview talk for the Studienarbeit thesis at Humboldt-Universität zu Berlin.

Presentation given by Niels Lohmann on May 7, 2005 in Berlin, Germany; Overview talk for the Studienarbeit thesis at Humboldt-Universität zu Berlin.

Statistics

Views

Total Views
555
Views on SlideShare
555
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Implementation of an Interleaving Semantics for TLDA Implementation of an Interleaving Semantics for TLDA Presentation Transcript

  • Implementation of anInterleaving Semantics for TLDA Luhme XI Niels Lohmann nlohmann@informatik.hu-berlin.de http://www.informatik.hu-berlin.de/~nlohmann/arbeit 7 May 2005
  • Introduction to TLDAsemantic model and basic concepts The semantic model of TLDA is a run.! Luhme XI idle pending critical idle 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System Implementation Examples Outlook 2
  • Introduction to TLDAsemantic model and basic concepts The semantic model of TLDA is a run.! Luhme XI idle pending critical idle 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System basic concepts: Implementation Examples Outlook 2
  • Introduction to TLDAsemantic model and basic concepts The semantic model of TLDA is a run.! Luhme XI idle pending critical idle 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System basic concepts: Implementation Examples ! transitions update values Outlook 2
  • Introduction to TLDAsemantic model and basic concepts The semantic model of TLDA is a run.! Luhme XI idle t1 pending critical idle t2 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System basic concepts: Implementation Examples ! transitions update values Outlook ! …0f involved variables 2
  • Introduction to TLDAsemantic model and basic concepts The semantic model of TLDA is a run.! Luhme XI idle t1 pending critical idle t2 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System basic concepts: Implementation Examples ! transitions update values Outlook ! …0f involved variables dom(t1)={agent1} dom(t2)={agent1, sem} 2
  • Introduction to TLDAsemantic model and basic concepts The semantic model of TLDA is a run. C! Luhme XI idle pending critical idle 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System basic concepts (continued): Implementation Examples Outlook 3
  • Introduction to TLDAsemantic model and basic concepts The semantic model of TLDA is a run. C! Luhme XI idle pending critical idle 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System basic concepts (continued): Implementation Examples ! a cut can be understood as a global state Outlook 3
  • Introduction to TLDAsemantic model and basic concepts The semantic model of TLDA is a run. C0 C! Luhme XI idle pending critical idle 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System basic concepts (continued): Implementation Examples ! a cut can be understood as a global state Outlook ! every run has an initial cut 3
  • Introduction to TLDAsemantic model and basic concepts The semantic model of TLDA is a run. C C! Luhme XI idle t1 pending critical idle 1 0 1 0 idle t2 pending critical Introduction to § TLDA Semantics Transition System basic concepts (continued): Implementation Examples Outlook 4
  • Introduction to TLDAsemantic model and basic concepts The semantic model of TLDA is a run. C C! Luhme XI idle t1 pending critical idle 1 0 1 0 idle t2 pending critical Introduction to § TLDA Semantics Transition System basic concepts (continued): Implementation Examples ! when all possible transitions occur, the Outlook successor cut C is reached 4
  • Introduction to TLDAsemantic model and basic concepts The semantic model of TLDA is a run. C C! Luhme XI idle t1 pending critical idle 1 0 1 0 idle t2 pending critical Introduction to § TLDA Semantics Transition System basic concepts (continued): Implementation Examples ! when all possible transitions occur, the Outlook successor cut C is reached ! cuts C, C and the occurred transitions form a step 4
  • Introduction to TLDAsemantic model and basic concepts The semantic model of TLDA is a run. C C! Luhme XI idle t1 pending critical idle 1 0 1 0 idle t2 pending critical Introduction to § this cut cannot be reached with steps TLDA Semantics Transition System basic concepts (continued): Implementation Examples ! when all possible transitions occur, the Outlook successor cut C is reached ! cuts C, C and the occurred transitions form a step 4
  • Introduction to TLDAsyntaxsyntactic elements:! variables Luhme XI constants Introduction to TLDA Semantics Transition System Implementation Examples Outlook 5
  • Introduction to TLDAsyntaxsyntactic elements:! variables Luhme XI ! rigid variables ( ) variables describing values in current cut Introduction to TLDA Semantics Transition System Implementation Examples Outlook 5
  • Introduction to TLDAsyntaxsyntactic elements:! variables Luhme XI ! rigid variables ( ) ! flexible variables ( ) Introduction to TLDA Semantics variables describing values in successor cut Transition System Implementation Examples Outlook 5
  • Introduction to TLDAsyntaxsyntactic elements:! variables Luhme XI ! rigid variables ( ) ! flexible variables ( ) Introduction to ! primed flexible variables ( ) TLDA Semantics variables describing Transition System involvedness of sets Implementation of flexible variables Examples Outlook 5
  • Introduction to TLDAsyntaxsyntactic elements:! variables Luhme XI ! rigid variables ( ) ! flexible variables ( ) Introduction to ! primed flexible variables ( ) TLDA Semantics ! ~-variables ( ) Transition System Implementation Examples Outlook 5
  • Introduction to TLDAsyntaxsyntactic elements:! variables Luhme XI ! rigid variables ( ) ! flexible variables ( ) Introduction to ! primed flexible variables ( ) TLDA Semantics ! ~-variables ( ) Transition System Implementation! formulas Examples Outlook formulas evaluated in steps of a run 5
  • Introduction to TLDAsyntaxsyntactic elements:! variables Luhme XI ! rigid variables ( ) ! flexible variables ( ) Introduction to ! primed flexible variables ( ) TLDA Semantics ! ~-variables ( ) Transition System Implementation! formulas Examples ! step formulas Outlook step formulas with only flexible variables 5
  • Introduction to TLDAsyntaxsyntactic elements:! variables Luhme XI ! rigid variables ( ) ! flexible variables ( ) Introduction to ! primed flexible variables ( ) TLDA Semantics ! ~-variables ( ) Transition System Implementation! formulas Examples ! step formulas Outlook ! state predicate step formulas with only flexible variables 5
  • Introduction to TLDAsyntaxsyntactic elements:! variables Luhme XI ! rigid variables ( ) ! flexible variables ( ) Introduction to ! primed flexible variables ( ) TLDA Semantics ! ~-variables ( ) Transition System Implementation! formulas Examples ! step formulas Outlook ! state predicate ! run formulas formulas evaluated in a whole run 5
  • Introduction to TLDAevaluating formulasevaluating step formulas: C C! Luhme XI idle pending critical idle t 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System Implementation Examples Outlook 6
  • Introduction to TLDAevaluating formulasevaluating step formulas: C C! Luhme XI idle pending critical idle t 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System Implementation Examples Outlook 6
  • Introduction to TLDAevaluating formulasevaluating step formulas: C C! Luhme XI idle pending critical idle t 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System Implementation Examples Outlook 6
  • Introduction to TLDAevaluating formulasevaluating step formulas: C C! Luhme XI idle pending critical idle t 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System Implementation Examples Outlook 6
  • Introduction to TLDAevaluating formulasevaluating step formulas: C C! Luhme XI idle pending critical idle t 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System Implementation Examples Outlook 6
  • Introduction to TLDAevaluating formulasevaluating step formulas: C C! Luhme XI idle pending critical idle t 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System Implementation Examples Outlook Is there a transition occurring in SC involving both agent1 and sem? 6
  • Introduction to TLDAevaluating formulasevaluating step formulas: C C! Luhme XI idle pending critical idle t 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System Implementation Examples Outlook Is there a transition occurring in SC involving both agent1 and sem? 6
  • Introduction to TLDAevaluating formulasevaluating step formulas: C C! Luhme XI idle pending critical idle t 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System Implementation Examples Outlook 6
  • Introduction to TLDAevaluating formulasevaluating step formulas: There is no transition C C! involving agent2. Luhme XI idle pending critical idle t 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Transition System Implementation Examples Outlook 6
  • Introduction to TLDAevaluating formulasevaluating run formulas:! Luhme XI idle pending critical idle t1 t2 1 0 1 idle pending Introduction to § TLDA Semantics Transition System ? Implementation Examples Outlook 7
  • Introduction to TLDAevaluating formulasevaluating run formulas:! Luhme XI idle pending critical idle t1 t2 1 0 1 idle pending Introduction to § TLDA Semantics Transition System ? Implementation Examples Outlook 7
  • Introduction to TLDAevaluating formulasevaluating run formulas: C0 C1 C2 C3! Luhme XI idle pending critical idle t1 t2 1 0 1 idle pending Introduction to § TLDA Semantics Transition System ? Implementation Examples Outlook 7
  • Introduction to TLDAevaluating formulasevaluating run formulas: C0 C1 C2 C3! Luhme XI idle pending critical idle t1 t2 1 0 1 idle pending Introduction to § TLDA Semantics Transition System ? Implementation Examples Outlook 7
  • Introduction to TLDAevaluating formulasevaluating run formulas: C0 C1 C2 C3! Luhme XI idle pending critical idle t1 t2 1 0 1 idle pending Introduction to § TLDA Semantics ! ? Transition System Implementation Examples Outlook 7
  • Semanticspartial ordered semantics ! TLDA: partial order semantics ! transitions are partially ordered Luhme XI 1 u1 0 u2 1 Introduction to u1 occurs before u2 TLDA Semantics Transition System ! concurrent transitions have no order Implementation Examples Outlook idle pending Which t1 transition idle t2 pending occurs first? 8
  • Semanticsinterleaving semantics ! other formalisms (e.g. TLA): interleaving semantics Luhme XI ! all possible interleavings of transitions idle t1 pending t2 pending First t1, idle idle pending then t2! Introduction to TLDA idle t2 idle t1 pending Semantics idle pending pending First t2, Transition System then t1! Implementation idle {t1, t2} pending Examples idle pending Outlook t1 and t2 occur concurrently! ! totally ordered ! exponential number of interleavings and intermediate states 9
  • Semantics for TLDAinterleaving semantics first subject of my work: development of an interleaving semantics for TLDA Luhme XI ! model checking: ! few experiences with partial order semantics (complicated data structures) Introduction to TLDA ! interleavings can be easily represented by a Semantics Transition System labelled graph (transition system) Implementation Examples ! explicit model checkers (LoLA, Spin) base Outlook on graph search in a transition system ! Next subject: build a transition system 10
  • Transition Systemdefinition formally a quintuple TS = (S, S0, Act, R, L) Luhme XI Introduction to TLDA Semantics Transition System Implementation Examples Outlook sem ! 1 sem ! 0 sem ! 1 s0 s1 s2 11
  • Transition Systemdefinition formally a quintuple TS = (S, S0, Act, R, L) ! S: nonempty set of states Luhme XI Introduction to TLDA Semantics Transition System Implementation Examples Outlook sem ! 1 sem ! 0 sem ! 1 s0 s1 s2 11
  • Transition Systemdefinition formally a quintuple TS = (S, S0, Act, R, L) ! S: nonempty set of states Luhme XI ! S0 " S: nonempty set of initial states Introduction to TLDA Semantics Transition System Implementation Examples Outlook sem ! 1 sem ! 0 sem ! 1 s0 s1 s2 11
  • Transition Systemdefinition formally a quintuple TS = (S, S0, Act, R, L) ! S: nonempty set of states Luhme XI ! S0 " S: nonempty set of initial states ! Act: finite set of actions Introduction to TLDA Semantics Transition System Implementation Examples Outlook {a2, a3} sem ! 1 sem ! 0 sem ! 1 {a0} {a1} s0 s1 s2 11
  • Transition Systemdefinition formally a quintuple TS = (S, S0, Act, R, L) ! S: nonempty set of states Luhme XI ! S0 " S: nonempty set of initial states ! Act: finite set of actions Introduction to TLDA ! R " S # (Act) # S: transition relation, labeled Semantics with a nonempty set of actions Transition System Implementation Examples Outlook {a2, a3} sem ! 1 sem ! 0 sem ! 1 {a0} {a1} s0 s1 s2 11
  • Transition Systemdefinition formally a quintuple TS = (S, S0, Act, R, L) ! S: nonempty set of states Luhme XI ! S0 " S: nonempty set of initial states ! Act: finite set of actions Introduction to TLDA ! R " S # (Act) # S: transition relation, labeled Semantics with a nonempty set of actions Transition System Implementation ! L: S " (Var " Val): function to label states Examples with a mapping variables/values Outlook {a2, a3} sem ! 1 sem ! 0 sem ! 1 {a0} {a1} s0 s1 s2 11
  • Transition Systemconstruction We can construct a transition system TS! for TLDA specifications ! in normal form: Luhme XI ! Definition: normal form: Introduction to TLDA ! , Init $ Next $ Progress Semantics Transition System state predicate step formula ignored right now Implementation Examples Outlook ! Actions: Act is the set of the clauses of the disjunctive normal form of Next. 12
  • Transition Systemconstruction ! States, initial states, labels C0! Luhme XI idle pending critical idle 1 0 1 0 idle pending critical Introduction to § TLDA Semantics For each cut reachable with steps from C0, Transition System Implementation add a new state and label it. Examples sC Outlook 0 13
  • Transition Systemconstruction ! States, initial states, labels C0 C1! Luhme XI idle pending critical idle 1 0 1 0 idle pending critical Introduction to § TLDA Semantics For each cut reachable with steps from C0, Transition System Implementation add a new state and label it. Examples sC sC Outlook 0 1 13
  • Transition Systemconstruction ! States, initial states, labels C0 C1 C2! Luhme XI idle pending critical idle 1 0 1 0 idle pending critical Introduction to § TLDA Semantics For each cut reachable with steps from C0, Transition System Implementation add a new state and label it. Examples sC sC sC Outlook 0 1 2 Repeat this for all runs of !. 13
  • Transition Systemconstruction ! Transition relation: C0 C1 C2! Luhme XI idle pending critical idle 1 0 1 0 idle pending critical Introduction to § TLDA Semantics Each step fulfils a set of clauses Ai of Next. Transition System ImplementationLabel the new transition relation with Ai (Ai " Act). Examples sC sC sC Outlook 0 1 2 A0 A1 Repeat this for all runs of !. 14
  • Transition Systemproperties properties of TS!: Luhme XI ! For all runs of !, for all cuts C reachable with steps from the initial cut, there Introduction to exists a corresponding state sC in TS! TLDA Semantics reachable from an initial state. Transition System Implementation ! For all states sC in TS! reachable from Examples Outlook an initial state, there exists a run of ! with a corresponding cut C reachable with steps from the initial cut. 15
  • Transition Systemproperties Do we reach all cuts with steps from C0? Luhme XI!* C0 C1 C2 C3 idle t1 pending critical idle t2 t4 Introduction to 1 0 1 0 TLDA t5 idle t3 pending critical Semantics § Transition System " u1 " u2 " " Implementation Examples Outlook 16
  • Transition Systemproperties Do we reach all cuts with steps from C0? Luhme XI!* C0 C1 C2 C* C3 idle t1 pending critical idle t2 t4 Introduction to 1 0 1 0 TLDA t5 idle t3 pending critical Semantics § Transition System " u1 " u2 " " Implementation Examples Outlook 16
  • Transition Systemproperties Do we reach all cuts with steps from C0? Luhme XI!* C0 C1 C2 C* C3 idle t1 pending critical idle t2 t4 Introduction to 1 0 1 0 TLDA t5 idle t3 pending critical Semantics § Transition System " u1 " u2 " " Implementation Examples Outlook 16
  • Transition Systemproperties Do we reach all cuts with steps from C0? Luhme XI!* C0 C1 C2 C* idle t1 pending critical idle t2 t4 Introduction to 1 0 1 0 TLDA t5 idle t3 pending critical Semantics Transition System " u1 " u2 " " Implementation Examples § Outlook 16
  • Transition Systemproperties Do we reach all cuts with steps from C0? ! Luhme XI!* C0 C1 C2 C* idle t1 pending critical idle t2 t4 Introduction to 1 0 1 0 TLDA t5 idle t3 pending critical Semantics Transition System " u1 " u2 " " Implementation Examples § Outlook 16
  • Transition Systemproperties Does "# ⊨ ! hold? Not necessarily! Luhme XI But it always holds for environment invariant formulas. Introduction to TLDA Semantics Transition System Can be understood literally: Implementation A formula ! is called environment invariant Examples Outlook i! for all runs " with " ⊨ ! holds: when "# has the same restrictions on the system variables as ", then "# ⊨ !. 17
  • Transition Systemproperties revised Properties of TS! (! environment invariant): Luhme XI ! For all runs of !, for all cuts C reachable with steps from the initial cut, there Introduction to exists a corresponding state sC in TS! TLDA Semantics reachable from an initial state. Transition System Implementation ! For all states sC in TS! reachable from Examples Outlook an initial state, there exists a run of ! with a corresponding cut C reachable with steps from the initial cut. 18
  • Transition Systempropositions Properties of TS! (! environment invariant): Luhme XI 1. Every cut is represented by a state. 2. Every run is represented by a sequence of Introduction to states beginning at an initial state. TLDA Semantics 3. Every state represents a cut. Transition System Implementation 4. Every sequence of states beginning at an Examples initial state represents a run. Outlook All interleavings of ! are contained in TS!. ! TS! is a TLDA interleaving semantics. 19
  • Implementationoverviewsecond subject of my work: the prototypic implementation “TLDC” Luhme XI! present features: ! parse a TLDA specification Introduction to ! build a DNF-tree TLDA Semantics ! discard irrelevant/contradicting actions Transition System ! create C-code to build the transition system Implementation Examples! future: Outlook ! better heuristics ! TLDA model checking ! reduction techniques 20
  • Implementationpruning heuristicscreation of actions/pruning of contradictions Luhme XI DNF-tree (n=4) Introduction to TLDA " " Semantics Transition System " " Implementation Examples Outlook " " 21
  • Implementationpruning heuristicscreation of actions/pruning of contradictions Luhme XI DNF-tree (n=4) Introduction to TLDA " " Semantics Transition System " " Implementation Examples Outlook " " 21
  • Implementationpruning heuristicscreation of actions/pruning of contradictions Luhme XI DNF-tree (n=4) Introduction to TLDA " " Semantics Transition System " " Implementation Examples Outlook " " 21
  • Implementationpruning heuristicscreation of actions/pruning of contradictions Luhme XI DNF-tree (n=4) Introduction to TLDA " " Semantics Transition System " " Implementation Examples Outlook " " 21
  • Implementationpruning heuristicscreation of actions/pruning of contradictions Luhme XI DNF-tree (n=4) Introduction to TLDA " " Semantics Transition System " " Implementation Examples Outlook " " 21
  • Implementationpruning heuristicscreation of actions/pruning of contradictions Luhme XI DNF-tree (n=4) # " " Introduction to TLDA Semantics Transition System " " Implementation Examples Outlook " " 21
  • Implementationpruning heuristicscreation of actions/pruning of contradictions Luhme XI DNF-tree (n=4) Introduction to TLDA " " Semantics Transition System " " Implementation Examples continue here… Outlook " " 21
  • Implementationgaining knowledge treating ~-variables ! most actions contradict because of Luhme XI ~-variables ! ! “the more, the better” Introduction to ! a lot of knowledge can be gained: TLDA Semantics ! d Transition System Implementation ! Examples Outlook ! ! ! " 22
  • Examplesmutual exclusion Luhme XI requesting1 requesting2 Introduction to TLDA critical1 critical2 Semantics Transition System semaphore Implementation idle1 idle2 Examples Outlook 23
  • Examplesmutual exclusion First example: mutual exclusion ! Petri net Luhme XI requesting1 requesting2 Introduction to TLDA critical1 critical2 Semantics Transition System semaphore Implementation idle1 idle2 Examples Outlook ! TLDA: three components/variables 23
  • Examplesmutual exclusion Luhme XI Introduction to TLDA Semantics Transition System Tool demonstration #1 Implementation Examples Outlook 24
  • Examplesmutual exclusion Luhme XI Introduction to TLDA Semantics Transition System Implementation Examples Outlook state inscriptions: agent1 agent2 semaphore 25
  • Examplesmutual exclusion Luhme XI Introduction to TLDA Semantics Transition System Implementation Examples Outlook state inscriptions: agent1 agent2 semaphore 25
  • Examplesmutual exclusion Luhme XI Introduction to TLDA Semantics Transition System Implementation Examples Outlook state inscriptions: agent1 agent2 semaphore 25
  • Examplescrossing the river ! Second example: ! farmer bought a wolf, a goat and cabbage Luhme XI ! all have to cross a river with a small boat ! the farmer can only take one thing with him Introduction to ! left unattended, the goat eats the cabbage TLDA Semantics ! left unattended, the wolf eats the goat Transition System Implementation Examples Outlook Can they cross the river safely? 26
  • Examplescrossing the river Luhme XI Introduction to TLDA Semantics Transition System Tool demonstration #2 Implementation Examples Outlook 27
  • Examplescrossing the river state inscriptions: Luhme XI farmer goat wolf cabbage Introduction to TLDA Semantics Transition System Implementation Examples Outlook 28
  • Examplescrossing the river initial state (all at east side of the river) state inscriptions: Luhme XI farmer goat wolf cabbage Introduction to TLDA Semantics Transition System Implementation Examples Outlook 28
  • Examplescrossing the river initial state (all at east side of the river) state inscriptions: Luhme XI farmer goat wolf cabbage Introduction to TLDA Semantics Transition System Implementation Examples Outlook goal state (all at west side of the river) 28
  • Outlookproblems ! many exponential problems: ! disjunctive normal form: Luhme XI Peterson’s Mutex-algorithm could not yet be modelled: few lines of TLDA end up in milliards of actions. (pruning at its limits) Introduction to TLDA ! ~-variables: Semantics Dining philosophers’ problem could not Transition System Implementation yet be modelled: 5 forks and 5 philosophers Examples lead to 1023 ~-variables and 2046 variables Outlook in C++. (a new data structure might help) ! actions: step-explosion (Stephan Roch’s work) 29
  • Outlookfuture/further work ! TLDA inapplicable for explicit model checking? Luhme XI ! Would symbolic model checking help? Introduction to TLDA Semantics ! Any solutions for open problems? Transition System Implementation Examples Outlook ! Any questions about my Studienarbeit? ! Ideas for subjects for a Diplomarbeit? 30
  • Implementation of anInterleaving Semantics for TLDA Thank you! Niels Lohmann nlohmann@informatik.hu-berlin.de http://www.informatik.hu-berlin.de/~nlohmann/arbeit 7 May 2005