66 research outputs found
Probably Safe or Live
This paper presents a formal characterisation of safety and liveness
properties \`a la Alpern and Schneider for fully probabilistic systems. As for
the classical setting, it is established that any (probabilistic tree) property
is equivalent to a conjunction of a safety and liveness property. A simple
algorithm is provided to obtain such property decomposition for flat
probabilistic CTL (PCTL). A safe fragment of PCTL is identified that provides a
sound and complete characterisation of safety properties. For liveness
properties, we provide two PCTL fragments, a sound and a complete one. We show
that safety properties only have finite counterexamples, whereas liveness
properties have none. We compare our characterisation for qualitative
properties with the one for branching time properties by Manolios and Trefler,
and present sound and complete PCTL fragments for characterising the notions of
strong safety and absolute liveness coined by Sistla
Self-stabilizing Leader Election in Population Protocols over Arbitrary Communication Graphs
This paper considers the fundamental problem of \emph{self-stabilizing leader election} () in the model of \emph{population protocols}. In this model, an unknown number of asynchronous, anonymous and finite state mobile agents interact in pairs over a given communication graph. has been shown to be impossible in the original model. This impossibility can been circumvented by a modular technique augmenting the system with an \emph{oracle} - an external module abstracting the added assumption about the system. Fischer and Jiang have proposed solutions to , for complete communication graphs and rings, using an oracle , called the \emph{eventual leader detector}. In this work, we present a solution for arbitrary graphs, using a \emph{composition} of two copies of . We also prove that the difficulty comes from the requirement of self-stabilization, by giving a solution without oracle for arbitrary graphs, when an uniform initialization is allowed. Finally, we prove that there is no self-stabilizing \emph{implementation} of using , in a sense we define precisely
Monitoring Partially Synchronous Distributed Systems using SMT Solvers
In this paper, we discuss the feasibility of monitoring partially synchronous
distributed systems to detect latent bugs, i.e., errors caused by concurrency
and race conditions among concurrent processes. We present a monitoring
framework where we model both system constraints and latent bugs as
Satisfiability Modulo Theories (SMT) formulas, and we detect the presence of
latent bugs using an SMT solver. We demonstrate the feasibility of our
framework using both synthetic applications where latent bugs occur at any time
with random probability and an application involving exclusive access to a
shared resource with a subtle timing bug. We illustrate how the time required
for verification is affected by parameters such as communication frequency,
latency, and clock skew. Our results show that our framework can be used for
real-life applications, and because our framework uses SMT solvers, the range
of appropriate applications will increase as these solvers become more
efficient over time.Comment: Technical Report corresponding to the paper accepted at Runtime
Verification (RV) 201
Factor Varieties and Symbolic Computation
We propose an algebraization of classical and non-classical logics, based on factor varieties and decomposition operators. In particular, we provide a new method for determining whether a propositional formula is a tautology or a contradiction. This method can be autom-atized by defining a term rewriting system that enjoys confluence and strong normalization. This also suggests an original notion of logical gate and circuit, where propositional variables becomes logical gates and logical operations are implemented by substitution. Concerning formulas with quantifiers, we present a simple algorithm based on factor varieties for reducing first-order classical logic to equational logic. We achieve a completeness result for first-order classical logic without requiring any additional structure
Approximate Consensus in Highly Dynamic Networks: The Role of Averaging Algorithms
In this paper, we investigate the approximate consensus problem in highly
dynamic networks in which topology may change continually and unpredictably. We
prove that in both synchronous and partially synchronous systems, approximate
consensus is solvable if and only if the communication graph in each round has
a rooted spanning tree, i.e., there is a coordinator at each time. The striking
point in this result is that the coordinator is not required to be unique and
can change arbitrarily from round to round. Interestingly, the class of
averaging algorithms, which are memoryless and require no process identifiers,
entirely captures the solvability issue of approximate consensus in that the
problem is solvable if and only if it can be solved using any averaging
algorithm. Concerning the time complexity of averaging algorithms, we show that
approximate consensus can be achieved with precision of in a
coordinated network model in synchronous
rounds, and in rounds when
the maximum round delay for a message to be delivered is . While in
general, an upper bound on the time complexity of averaging algorithms has to
be exponential, we investigate various network models in which this exponential
bound in the number of nodes reduces to a polynomial bound. We apply our
results to networked systems with a fixed topology and classical benign fault
models, and deduce both known and new results for approximate consensus in
these systems. In particular, we show that for solving approximate consensus, a
complete network can tolerate up to 2n-3 arbitrarily located link faults at
every round, in contrast with the impossibility result established by Santoro
and Widmayer (STACS '89) showing that exact consensus is not solvable with n-1
link faults per round originating from the same node
Iterative Approximate Consensus in the presence of Byzantine Link Failures
This paper explores the problem of reaching approximate consensus in
synchronous point-to-point networks, where each directed link of the underlying
communication graph represents a communication channel between a pair of nodes.
We adopt the transient Byzantine link failure model [15, 16], where an
omniscient adversary controls a subset of the directed communication links, but
the nodes are assumed to be fault-free.
Recent work has addressed the problem of reaching approximate consen- sus in
incomplete graphs with Byzantine nodes using a restricted class of iterative
algorithms that maintain only a small amount of memory across iterations [22,
21, 23, 12]. However, to the best of our knowledge, we are the first to
consider approximate consensus in the presence of Byzan- tine links. We extend
our past work that provided exact characterization of graphs in which the
iterative approximate consensus problem in the presence of Byzantine node
failures is solvable [22, 21]. In particular, we prove a tight necessary and
sufficient condition on the underlying com- munication graph for the existence
of iterative approximate consensus algorithms under transient Byzantine link
model. The condition answers (part of) the open problem stated in [16].Comment: arXiv admin note: text overlap with arXiv:1202.609
Computation of the Transient in Max-Plus Linear Systems via SMT-Solving
This paper proposes a new approach, grounded in Satisfiability Modulo
Theories (SMT), to study the transient of a Max-Plus Linear (MPL) system, that
is the number of steps leading to its periodic regime. Differently from
state-of-the-art techniques, our approach allows the analysis of periodic
behaviors for subsets of initial states, as well as the characterization of
sets of initial states exhibiting the same specific periodic behavior and
transient. Our experiments show that the proposed technique dramatically
outperforms state-of-the-art methods based on max-plus algebra computations for
systems of large dimensions.Comment: The paper consists of 22 pages (including references and Appendix).
It is accepted in FORMATS 2020 First revisio
A Short Counterexample Property for Safety and Liveness Verification of Fault-tolerant Distributed Algorithms
Distributed algorithms have many mission-critical applications ranging from
embedded systems and replicated databases to cloud computing. Due to
asynchronous communication, process faults, or network failures, these
algorithms are difficult to design and verify. Many algorithms achieve fault
tolerance by using threshold guards that, for instance, ensure that a process
waits until it has received an acknowledgment from a majority of its peers.
Consequently, domain-specific languages for fault-tolerant distributed systems
offer language support for threshold guards.
We introduce an automated method for model checking of safety and liveness of
threshold-guarded distributed algorithms in systems where the number of
processes and the fraction of faulty processes are parameters. Our method is
based on a short counterexample property: if a distributed algorithm violates a
temporal specification (in a fragment of LTL), then there is a counterexample
whose length is bounded and independent of the parameters. We prove this
property by (i) characterizing executions depending on the structure of the
temporal formula, and (ii) using commutativity of transitions to accelerate and
shorten executions. We extended the ByMC toolset (Byzantine Model Checker) with
our technique, and verified liveness and safety of 10 prominent fault-tolerant
distributed algorithms, most of which were out of reach for existing
techniques.Comment: 16 pages, 11 pages appendi
The Bloom Clock for Causality Testing
Testing for causality between events in distributed executions is a
fundamental problem. Vector clocks solve this problem but do not scale well.
The probabilistic Bloom clock can determine causality between events with lower
space, time, and message-space overhead than vector clock; however, predictions
suffer from false positives. We give the protocol for the Bloom clock based on
Counting Bloom filters and study its properties including the probabilities of
a positive outcome and a false positive. We show the results of extensive
experiments to determine how these above probabilities vary as a function of
the Bloom timestamps of the two events being tested, and to determine the
accuracy, precision, and false positive rate of a slice of the execution
containing events in the temporal proximity of each other. Based on these
experiments, we make recommendations for the setting of the Bloom clock
parameters. We postulate the causality spread hypothesis from the application's
perspective to indicate whether Bloom clocks will be suitable for correct
predictions with high confidence. The Bloom clock design can serve as a viable
space-, time-, and message-space-efficient alternative to vector clocks if
false positives can be tolerated by an application
Bounded version vectors
Version vectors play a central role in update tracking under optimistic distributed systems, allowing the detection of obsolete or inconsistent versions of replicated data. Version vectors do not have a bounded representation; they are based on integer counters that grow indefinitely as updates occur. Existing approaches to this problem are scarce; the mechanisms proposed are either unbounded or operate only under specific settings. This paper examines version vectors as a mechanism for data causality tracking and clarifies their role with respect to vector clocks. Then, it introduces bounded stamps and proves them to be a correct alternative to integer counters in version vectors. The resulting mechanism, bounded version vectors, represents the first bounded solution to data causality tracking between replicas subject to local updates and pairwise symmetrical synchronization.FCT project POSI/ICHS/44304/2002, FCT under grant BSAB/390/2003
- …