Applications of lattice theory to model checking

textSociety is increasingly dependent on the correct operation of concurrent and distributed software systems. Examples of such systems include computer networks, operating systems, telephone switches and flight control systems. Model checking is a useful tool for ensuring the correctness of such systems, because it is a fully automatic technique whose use does not require expert knowledge. Additionally, model checking allows for the production of error trails when a violation of a desired property is detected. Error trails are an invaluable debugging aid, because they provide the programmer with the sequence of events that lead to an error. Model checking typically operates by performing an exhaustive exploration of the state space of the program. Exhaustive state space exploration is not practical for industrial use in the verification of concurrent systems because of the well-known phenomenon of state space explosion caused by the exploration of all possible interleavings of concurrent events. However, the exploration of all possible interleavings is not always necessary for verification. In this dissertation, we show that results from lattice theory can be applied to ameliorate state space explosion due to concurrency, and to produce short error trails when an error is detected. We show that many CTL formulae exhibit lattice-theoretic structure that can be exploited to avoid exploring multiple interleavings of a set of concurrent events. We use this structural information to develop efficient model checking techniques for both implicit (partial order) and explicit (interleaving) models of the state space. For formulae that do not exhibit the required structure, we present a technique called predicate filtering, which uses a weaker property with the desired structural characteristics to obtain a reduced state space which can then be exhaustively explored. We also show that lattice theory can be used to obtain a path of shortest length to an error state, thereby producing short error trails that greatly ease the task of debugging. We provide experimental results from a wide range of examples, showing the effectiveness of our techniques at improving the efficiency of verifying and debugging concurrent and distributed systems. Our implementation is based on the popular model checker SPIN, and we compare our performance against the state-of-the-art state space reduction strategies implemented in SPIN.Electrical and Computer Engineerin

Causality tracking in dynamic distributed systems

Tese de Doutoramento - Área do Conhecimento Tecnologias da ProgramaçãoA causalidade desempenha um papel central no tratamento de problemas importantes de sistemas distribuídos, tais como na replicação de dados, na análise de execuções, na comunicação em grupo e na determinação de estados globais. Por forma a ser útil, a causalidade precisa de ser concretizada em mecanismos que procedam ao seu registo. Os mecanismos existentes, tais como os vectores versão e os relógios vectoriais, assumem a existência de um mapeamento entre identificadores globalmente únicos e contadores inteiros. Num sistema em que é conhecido o número de entidades, é possível pré-configurar estes identificadores por forma a ocuparem posições distintas num vector ou serem-lhe atribuídos nomes distintos. A gestão destas identidades é bem mais problemática em ambientes dinâmicos, com grande número de entidades e onde estas são permanentemente criadas e destruídas. Esta situação é agravada na presença de partições de rede. As soluções actuais para o registo de causalidade não se revelam apropriadas a estes cenários, cada vez mais relevantes. Esta tese apresenta novos mecanismos de registo de causalidade que têm a propriedade de poder ser usados em cenários com um número dinâmico de entidades. Estes mecanismos permitem a criação descentralizada de entidades (processos ou réplicas) sem requerer identificadores globais ou coordenação global para a sua geração. Estes mecanismos apresentam codificações com tamanho variável, o que permite uma adaptação automática ao número de entidades em jogo, crescendo e colapsando de acordo com as necessidades.Causality plays a central role as a building block in solving important problems in distributed systems, such as replication, debugging, group communication and global snapshots. To be useful, causality must be realised by actual mechanisms that can track it and encode it. Existing causality tracking mechanisms, such as vector clocks and version vectors, rely on mappings from globally unique identifiers to integer counters. In a system with a well known set of entities these identifiers can be pre-configured and given distinct positions in a vector or distinct names in a mapping. Identity management is more problematic in dynamic systems, with a large and highly variable number of entities, being worsened when network partitions occur. Present solutions for causality tracking are not appropriate to these increasingly common scenarios. This thesis introduces novel causality tracking mechanisms that can be used in scenarios with a dynamic number of entities. These allow completely decentralised creation of entities (processes or replicas) with no need for global identifiers or global coordination. These mechanisms have a variable size representation that adapts automatically to the number of entities, growing or shrinking appropriately

Combating state explosion in the detection of dynamic properties of distributed computations

In the context of asynchronous distributed systems, many important applications depend on the ability to check that all observations of the execution of a distributed program, or distributed computation, satisfy a desired (or undesired) temporal evolution of states, or dynamic property. Examples include the implementation of distributed algorithms, automated testing via oracles, debugging, and building fault-tolerant applications through exception detection and handling. When a distributed program exhibits a high degree of concurrency, the number of possible observations of an execution can grow exponentially, quickly leading to an explosion in the amount of space and time required to check a dynamic property. In the worst case, detection of such properties may be defeated. This is the run-time counterpart of the well-known state explosion problem studied in model checking. In this thesis, we study the problem of state explosion as it arises in the detection of dynamic properties. In particular, we consider the potential of applying well-known techniques for dealing with state explosion from model checking to the case of dynamic property detection. Significant semantic similarities between the two problems means that there is great potential for deriving techniques for dealing with state explosion in dynamic property detection based on existing model checking techniques. However, differences between the contexts in which model checking and dynamic property detection take place mean that not all approaches to dealing with state explosion in model checking may carryover to the run-time case. We investigate these similarities and differences and provide the development and analysis of two approaches for combating state explosion in dynamic property detection based on model checking methods: on-the-fly automata theoretic model checking, and partial order reduction.EThOS - Electronic Theses Online ServiceGBUnited Kingdo