Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Alin Stefanescu: Slides for PhD defense

893 views

Published on

Published in: Education, Business, Technology
  • Be the first to comment

  • Be the first to like this

Alin Stefanescu: Slides for PhD defense

  1. 1. trib Automatic Synthesis of Dis ed Transition Systems ut PhD Candidate: Alin Stef˘nescu ¸ a Supervised by: Prof. Javier Esparza February 13th, A.D. 2006
  2. 2. Design of Complex Systems Specification vs. Implementation Wanted: a correct implementation w.r.t. the specification. Two approaches: • Given a specification and an implementation, check if the implementation satisfies the specification [Model Checking] • From a given specification, automatically construct an implementation → [Synthesis]
  3. 3. I. Synthesis... In which setting?
  4. 4. Synthesis: The Sequential Case Specification
  5. 5. Synthesis: The Sequential Case ? + ⇒ Specification One Agent
  6. 6. Synthesis: The Sequential Case ? + ⇒ Specification One Agent Implementation
  7. 7. Synthesis: The Distributed Case Specification
  8. 8. Synthesis: The Distributed Case ? + ⇒ Specification Team of Communicating Agents
  9. 9. Synthesis: The Distributed Case ? + ⇒ Specification Team of Communicating Agents Distributed Implementation
  10. 10. The Problem ? + ⇒ Labeled Transition System Distribution Distributed Transition System Synthesis of Distributed Transition Systems Input: Given a labeled transition system TS and a distribution ∆ of actions over a set of agents, Output: Build, if possible, a distributed transition system over ∆ whose global state space is equivalent to TS equivalent : graph-isomorphic / trace-equivalent / bisimilar
  11. 11. Building a House... roof floor 2 3 wall wall floor 0 1
  12. 12. Building a House... roof roof floor floor Agent 1 2 3 + wall wall roof wall floor 0 1 Agent 2 Distribution of {floor,wall,roof} over {1,2}: • Σlocal (1)={roof,floor}, Σlocal (2)={roof,wall} • dom(roof)={1,2}, dom(floor)={1}, dom(wall)={2}
  13. 13. Building a House... roof roof floor floor Agent 1 2 3 + wall wall roof wall floor 0 1 Agent 2
  14. 14. Building a House... roof roof roof 0 1 floor floor floor Agent 1 Agent 1 2 3 ? + ⇒ wall wall roof roof wall 0 1 wall floor 0 1 Agent 2 Agent 2
  15. 15. Synchronous Products of Transition Systems A synchronous product of transition systems consists of a set of local transition systems synchronizing on common actions. An action is executed if only if all local transition systems from its domain are able to execute that action. roof roof roof floor 0,1 1,1 0 1 0 1 floor wall wall wall floor 0,0 1,0
  16. 16. Building a House... roof roof roof 0 1 floor floor floor Agent 1 Agent 1 2 3 + ⇒ wall wall roof roof wall 0 1 wall floor 0 1 Agent 2 Agent 2 The specification is implementable!
  17. 17. Building a House... Not Always Possible! roof roof roof 0 1 floor floor floor Agent 1 Agent 1 2 3 + ⇒ wall wall roof roof wall 0 1 wall floor 0 1 Agent 2 Agent 2 When the edge (1,wall,3) is deleted, the specification is no longer implementable!
  18. 18. Asynchronous Automata Asynchronous automata [Zielonka87] generalize the synchronous products allowing more communication during synchronization. An action is executed only for chosen tuples of local states of its domain. roof 1 →floor 2 0, 1 2, 2 0 →wall 1 (0, 0) →roof (1, 1) wall roof (0, 1) →roof (2, 2) 0, 0 1, 1 floor 2, 1
  19. 19. Asynchronous Automata Asynchronous automata [Zielonka87] generalize the synchronous products allowing more communication during synchronization. An action is executed only for chosen tuples of local states of its domain. roof 1 →floor 2 0, 1 2, 2 0 →wall 1 (0, 0) →roof (1, 1) wall roof (0, 1) →roof (2, 2) 0, 0 1, 1 floor 2, 1 Not implementable as a synchronous product! (cf. wall roof floor)
  20. 20. Synthesis Flow – the whole truth Specification Global behavior and distribution TEST Is the specification distributable? no Heuristics yes Try to refine the specification so as to become distributable if possible Synthesis Core algorithms + heuristics Distributed implementation Desired format
  21. 21. II. Distributed systems... Characterizations?
  22. 22. The Diamonds of Independence A distribution generates an independence relation ⊆Σ×Σ a b ⇔ dom(a) ∩ dom(b) = ∅ The independent and forward diamond rules are: ID FD 1 1 1 1 a a b a b a b a b a b 2 =⇒ 2 4 2 3 =⇒ 2 3 b b a b a 3 3 4 The global state space of a distributed system satisfies ID and FD.
  23. 23. Characterizations Characterizations of ‘distributable’ global transitions systems given in the literature: [Zielonka87], [Morin98,99], [CastellaniMukundThiagarajan99] • modulo isomorphism: theory of regions (ID and FD necessary, but not sufficient) • modulo trace-equivalence: → SP: product languages → A ID and FD necessary and sufficient A: • modulo bisimulation: by some modifications of the above
  24. 24. Traces of Distributed Transition Systems The execution trace language Tr (TS) = the set of all possible finite executions of TS starting in an initial state. • any execution trace language Tr (TS) is prefix-closed • For any asynchronous automaton A Tr (A is ID-closed, A, A) i.e., uabv ∈ Tr (A ∧ a b ⇒ ubav ∈ Tr (A A) A) • For any deterministic asynch. aut. A Tr (A is FD-closed, A, A) i.e., ua ∈ Tr (A ∧ ub ∈ Tr (A ∧ a b ⇒ uab ∈ Tr (A A) A) A) Zielonka’s Theorem (variant) For any prefix-closed ID-FD-closed regular language L, there exists a finite deterministic asynch. automaton A with Tr (A = L. A A)
  25. 25. Languages of Distributed Transition Systems ID-closed prefix-closed Tr (NAA) = regular languages finite unions of ID-FD-closed prefix-closed regular = Tr (NSP) Tr (DAA) = prefix-closed product languages regular languages prefix-closed regular = Tr (DSP) product languages Several other variants classified: → global final states / local final states / acyclic specifications
  26. 26. III. Implementability Test... How difficult?
  27. 27. The Implementability Test Distributed Implementability Instance: a transition system TS and a distribution ∆ of actions over a set of agents Question: Is there a distributed transition system over ∆ equivalent with TS? distributed transition system : SP / A A equivalent : isomorphic / trace-equivalent / bisimilar Previous characterizations provide decision procedures, leading easily to upper bounds. We filled most of the missing lower bounds.
  28. 28. Complexity Bounds Overview Synchronous products (with one global initial state) Specification (TS) Isomorphism Trace Equivalence Bisim. (determ. impl.) Nondeterministic NP-complete PSPACE-complete PSPACE-complete Deterministic P [Mor98] Asynchronous automata (with multiple global initial states) Specification (TS) Isomorphism Trace Equivalence Bisim. (determ. impl.) Nondeterministic NP-complete PSPACE-complete P Deterministic P [Mor98] P
  29. 29. Complexity Bounds Overview Synchronous products (with one global initial state) Specification (TS) Isomorphism Trace Equivalence Bisim. (determ. impl.) Nondeterministic NP-complete PSPACE-complete PSPACE-complete Deterministic P [Mor98] Acyclic & Nondet. NP-complete coNP-complete coNP-complete Acyclic & Determ. P [Mor98] Asynchronous automata (with multiple global initial states) Specification (TS) Isomorphism Trace Equivalence Bisim. (determ. impl.) Nondeterministic NP-complete PSPACE-complete P Deterministic P [Mor98] P Acyclic & Nondet. NP-complete coNP-complete P Acyclic & Determ. P [Mor98] P
  30. 30. IV. Synthesis of deterministic asynchronous automata... More efficient?
  31. 31. A Heuristic for Smaller Asynchronous Automata • Zielonka’s procedure outputs very large asynchronous automata • Usually smaller asynchronous automata accepting the same language exist • Heuristic idea Unfold the initial transition system guided by Zielonka’s construction and test if any of the intermediary transition systems is already asynchronous (modulo isomorphism): unfold unfold Initial TS Intermediary TS Zielonka’s automaton test if asynchronous!
  32. 32. Some Special Cases Using the characterization for implementability modulo isomorphism, we gave alternatives to Zielonka’s construction in the particular cases of: • transitive distributions • conflict-free specifications • acyclic specifications
  33. 33. Relaxed Synthesis If the initial specification is not ‘distributable’... Relaxed synthesis problem Given a distribution ∆ and a transition system TS, find an asynchronous automaton A over ∆ such that Tr (A ⊆ Tr (TS) A A) A) and Σ(A = Σ(TS). We proved the above problem to be undecidable. Proposed NP-complete heuristic: IDFD subautomaton synthesis problem Given a transition system TS, find a reachable subautomaton A with Σ(A) = Σ(TS) satisfying ID&FD.
  34. 34. V. A Case Study – Mutual exclusion
  35. 35. Synthesis Flow – reloaded Specification Global behavior and distribution TEST Is the specification distributable? no Heuristics yes Try to refine the specification so as to become distributable if possible Synthesis Core algorithms + heuristics Distributed implementation Desired format
  36. 36. Mutual Exclusion (n=2) • actions: Σ := {req 1 , enter 1 , exit 1 , req 2 , enter 2 , exit 2 } • processes: Proc := {A1 , A2 , V1 , V2 } req 1 enter 1 exit 1 req 2 enter 2 exit 2 dom {A1 , V1 } {A1 , V2 } {A1 , V1 } {A2 , V2 } {A2 , V1 } {A2 , V2 } → req 1 and req 2 are independent → each action involves only one process and one variable
  37. 37. Regular Specification for Mutex(2) Behavior Mutex of a mutual exclusion algorithm: • the runs are interleavings of the local behaviours (reqi enteri exiti )∗ • forbid sequences where enter 1 is followed by enter 2 without exit 1 in between (mutual exclusion) • forbid sequences where req 1 is followed by two enter 2 without enter 1 in between (strong absence of starvation) • any execution of Mutex is the prefix of another execution of Mutex (deadlock freedom)
  38. 38. Global Automaton (1) – FD not satisfied req 1 req 2 exit 1 exit 2 req 2 req 1 enter 1 enter 2 exit 1 exit 2 req 2 req 1 enter 1 enter 2 enter 1 exit 1 exit 2 enter 2 req 2 req 1 enter 1 enter 2
  39. 39. Global Automaton (2) – Distributable req 1 req 2 exit 1 exit 2 req 2 req 1 enter 1 enter 2 exit 1 exit 2 req 2 req 1 enter 1 enter 2 exit 1 req 1 enter 2
  40. 40. Global Automaton of the Solution req 1 req 2 exit 1 enter 2 req 2 req 1 enter 1 exit 2 exit 1 exit 2 exit 2 req 1 req 2 enter 1 enter 1 req 2 exit 2 req 1 exit 1 enter 2 req 2 req 1 enter 2 enter 2 req 1 req 1 enter 1
  41. 41. Synthesized Mutex(2) Algorithm Initialization: v1 := 0; v2 := 0 Agent 1 Agent 2 ncs 1 : [NCS1]; ncs 2 : [NCS2]; case (v1 = 0): v1 := 1; goto e1 case (v2 = 0): v2 := 1; goto e2 ′ case (v1 = 2): v1 := 1; goto e1 case (v2 = 2): v2 := 3; goto e2 ′ case (v1 = 3): v1 := 4; goto e1 e2 : await v1 ∈ {0, 2, 3, 4} then e1 : await v2 ∈ {0, 1} then case (v1 = 0): v1 := 2; goto cs 2 case (v2 = 0): goto cs 1 case (v1 = 2): v1 := 0; goto cs 2 case (v2 = 1): goto cs ′ 1 case (v1 = 3): v1 := 2; goto cs 2 ′ e1 : await v2 ∈ {2, 3} then case (v1 = 4): v1 := 1; goto cs 2 case (v2 = 2): v2 := 0; goto cs 1 cs 2 : [CS2]; case (v2 = 3): v2 := 1; goto cs ′ 1 case (v2 = 1): v2 := 2; goto ncs 2 cs 1 : [CS1]; v1 := 0; goto ncs 1 case (v2 = 3): v2 := 0; goto ncs 2 cs ′ : 1 [CS1]; v1 := 3; goto ncs 1 Particularity: Priority is given to the first process in case both processes request access
  42. 42. Prototype Implementations Prototypes to support the full synthesis cycle: • Synchronous products: → Via projections on local alphabets [translation to the input of the reachability checkers of the Model-Checking Kit] • Asynchronous automata: → heuristics for finding an ID-FD subautomata [implementation in the constraint-based logic programming framework Smodels] → unfolding-based heuristics for Zielonka [implementation in C] • Benchmarks: mutual exclusion, dining philosophers. E.g., for mutual exclusion with N processes: → original Zielonka’s construction can handle only N=2 processes (specification size: |TS| = 14, |Proc| = 4, |Σ| = 6) → our heuristics can handle up to N=5 processes (specification size: |TS| = 25, 537, |Proc| = 10, |Σ| = 15)
  43. 43. VI. Coming to an end... Contributions?
  44. 44. Related Papers (DBLP) Many of the results of this thesis appeared in:
  45. 45. Contributions Synthesis of synchronous products and asynchronous automata: • A careful study and survey of characterizations of the global structure (graph isomorphism) and behaviors (traces of executions) of the two theoretical models with several variants • Matching computational complexity bounds for the implementability tests for several combinations • Alternatives to Zielonka’s construction in special cases • Several heuristics for finding smaller synthesized solutions • Prototype implementations for most of the algorithms ¡ Thank you !

×