True-copy token scheme for a distributed database system

A concurrency and resiliency control scheme for a distributed database system with replicated data is discussed. The scheme, true-copy token scheme, uses true-copy tokens in order to designate the physical data copies (true copies) that can be identified with the current logical data that are globally unique, and then it realizes consistent execution of transactions by the locking over these true copies. If subsystem failures occur and if some true copies are lost, the scheme regenerates lost true copies so that their continuity is preserved. In analyzing the true-copy token scheme, we establish a precise relationship between physical transactions and their corresponding logical transactions by data and time abstraction. Then we show that continuity of logical data is preserved if con­tinuity of true copies is preserved.Key Words and Phrases: distributed database system, concurrency control, resiliency control, replicated data, true-copy tokens, data abstraction, time abstractio

A Consistent and Complete Deductive System for the Verification of Parallel Programs

The semantics of a simple parallel programming language is presented in two ways: deductively, by a set of Hoare-like axioms and inference rules, and operationally, by means of an interpreter. It is shown that the deductive system is consistent with the interpreter. It would be desirable to show that the deductive system is also complete with respect to the interpreter, but this is impossible since the programming language contains the natural numbers. Instead it is proven that the deductive system is complete relative to a complete proof system for the natural numbers; this result is similar to Cook's relative completeness for sequential programs. The deductive semantics given here is an extension of an incomplete deductive system proposed by Hoare. The key difference is an additional inference rule which provides for the introduction of auxiliary variables in a program to be verified

Axiomatic Proof Techniques for Parallel Programs

This thesis presents an axiomatic method for proving certain correctness properties of parallel programs. Axioms and inference rules for partial correctness are given for two parallel programming languages: The General Parallel Language and the Restricted Parallel Language. The General Language is flexible enough to represent most standard synchronizers (e.g. semaphores, events), so that programs using these synchronizers may be verified using the GPL deductive system. However, proofs for GPL programs are in general quite complex. The Restricted Language reduces this complexity by requiring shared variables to be protected by critical sections, so that only one process at a time has access to them. This discipline does not significantly reduce the power of the language, and it greatly simplifies the process of program verification. Although the axioms and inference rules are primarily intended for proofs of partial correctness, there are a number of other important properties of parallel programs. We give some practical techniques which use information obtained from a partial correctness proof to derive other correctness properties, including program termination, mutual exclusion, and freedom from deadlock. A number of examples of such proofs are given. Finally, the axioms and inference rules are shown to be consistent and complete (in a special sense) with respect to an interpretive model of parallel execution. Thus the deductive system gives an accurate description of program execution and is powerful enough to yield a proof of any true partial correctness formula

Factors in the Performance of the AN1 Computer Network

AN1 (formerly known as Autonet) is a local area network composedof crossbar switches interconnected by 100Mbit/second, full-duplex links. In this paper, we evaluate the performance impact of certain choices in the AN1 design. These include the use of FIFO input buffering in the crossbar switch, the deadlockavoidance mechanism, cut-through routing, back-pressure for flow control, and multi-path routing. AN1's performance goals were to provide low latency and high bandwidth in a lightly loaded network. In this it is successful. Under heavy load, the most serious impediment to good performance is the use of FIFO input buffers. The deadlock-avoidance technique has an adverse effect on the performance of some topologies, but it seems to be the best alternative, given the goals and constraints of the AN1 design. Cut-through switching performs well relative to store-and-forward switching, even under heavy load. Back-pressure deals adequately with congestion in a lightly-loaded network; under ..

Proving Properties of Parallel Programs: An Axiomatic Approach

This paper presents an axiomatic technique for proving a number of properties of parallel programs. Hoare has given a set of axioms for partial correctness of parallel programs, but they are not strong enough in most cases. Here we define a deductive system which is in some sense complete for partial correctness. The information in a partial correctness proof is then used to prove such properties as mutual exclusion, blocking and termination

A Model and Temporal Proof System for Networks of Processes

A model and a sound and complete proof system for networks of processes in which component processes communicate exclusively through messages is given. The model, an extension of the trace model, can desribe both synchronous and asynchronous networks. The proof system uses temporal-logic assertions on sequences of observations - a generalization of traces. The use of observations (traces) makes the proof system simple, compositional and modular, since internal details can be hidden. The expressive power of temporal logic makes it possible to prove temporal properties (safety, liveness, precedence, etc.) in the system. The proof system is language-independent and works for both synchronous and asynchronous networks

Consistent distributed database state maintenance

A theory for resiliency control of distributed database sys­tems is developed, and schemes that preserve the consistent global database state in the presence of site crashes and message link failures are discussed. The schemes can at least theoretically be paired with any concurrency control scheme that produces y-serializable executions. Further, one of the schemes can handle “partially-replicated data” as well as “partitioned data” and “fully-replicated data”.Key Words and Phrases: distributed database system, resiliency con­trol, consistent database state, V-serializability, V-consistency, u-consistency, replicated data, partitioned data

A Model and Temporal proof system for Networks of Processes

An approach is presented for modeling networks of processes that communicate exclusively through message passing. A process (or a network) is defined by its set of possible behaviors, where each behavior is an abstraction of an infinite execution sequence of the process. The resulting model is simple and modular and facilitates information hiding. It can describe both synchronous and asynchronous networks. It supports recursively-defined networks and can characterize liveness properties such as progress of inputs and outputs, termination, and deadlock. A sound and complete temporal proof system based on the model is presented. It is compositional - a specification of a network is formed naturally from specifications of its components

High Speed Switch Scheduling for Local Area Networks

Current technology trends make it possible to build communication networks that can support high performance distributed computing. This paper describes issues in the design of a prototype switch for an arbitrary topology point-to-point network with link speeds of up to one gigabit per second. The switch deals in fixed-length ATM-style cells, which it can process at a rate of 37 million cells per second. It provides high bandwidth and low latency for datagram traffic. In addition, it supports real-time traffic by providing bandwidth reservations with guaranteed latency bounds. The key to the switch's operation is a technique called parallel iterative matching, which can quickly identify a set of conflict-free cells for transmission in a time slot. Bandwidth reservations are accommodated in the switch by building a fixed schedule for transporting cells from reserved flows across the switch; parallel iterative matching can fill unused slots with datagram traffic. Finally, we note that pa..