Post on 13-Oct-2020
The challenges of non-stable predicatesConsider a non-stable predicate encoding, say, a safety property. We want to determine whether holds for our program.
!
!
The challenges of non-stable predicatesConsider a non-stable predicate encoding, say, a safety property. We want to determine whether holds for our program.
Suppose we apply to
!
!
! !s
The challenges of non-stable predicatesConsider a non-stable predicate encoding, say, a safety property. We want to determine whether holds for our program.
Suppose we apply to
holding in does not preclude the possibility that our program violates safety!
!
!
! !s
! !s
The challenges of non-stable predicatesConsider now a different non-stable predicate . We want to determine whether ever holds during a particular computation.
Suppose we apply to
!
!
! !s
The challenges of non-stable predicatesConsider now a different non-stable predicate . We want to determine whether ever holds during a particular computation.
Suppose we apply to
holding in does not imply that ever held during the actual computation!
!
!
! !s
! !s
!
Example
Detect whether the following predicates hold: Assume that initially:
x = 3 x = 4 x = 5
y = 6 y = 4 y = 2
e1
1 e2
1 e3
1 e4
1 e5
1
e1
2 e2
2 e3
2
e6
1
e4
2 e5
2
x = y x = y ! 2 x = 0; y = 10
Possibly
If is or , . ccc is detected, but it may never have occurred
!00
!10 !
01
!11 !
02
!12
!22
!32
!42
!03
!13
!23
!31
!41
!43
!33
!44
!45
!65
!64
!63
!53
!54
!21
!55
x = y ! 2
!41
!31
!s
x = y ! 2
Possibly
If is or , . ccc is detected, but it may never have occurred
Possibly( ) There exists a consistent observation of the computation such that holds in a global state of
!00
!10 !
01
!11 !
02
!12
!22
!32
!42
!03
!13
!23
!31
!41
!43
!33
!44
!45
!65
!64
!63
!53
!54
!21
!55
x = y ! 2
!41
!31
!s
x = y ! 2
!
O
!
O
Definitely
We know that has occurred, but it may not be detected if tested before or after
!00
!10 !
01
!11 !
02
!12
!22
!32
!42
!03
!13
!23
!31
!41
!43
!33
!44
!45
!65
!64
!63
!53
!54
!21
!55
x = y
x = y
!32
!54
Definitely
We know that has occurred, but it may not be detected if tested before or after
Definitely( ) For every consistent observation of the computation, there exists a global state of in which holds
!00
!10 !
01
!11 !
02
!12
!22
!32
!42
!03
!13
!23
!31
!41
!43
!33
!44
!45
!65
!64
!63
!53
!54
!21
!55
x = y
x = y
!32
!54
!
O
!O
Computing Possibly
Scan lattice, level after level
If holds in one global state, then Possibly( )
!00
!10 !
01
!11 !
02
!12
!22
!32
!42
!03
!13
!23
!31
!41
!43
!33
!44
!45
!65
!64
!63
!53
!54
!21
!55
!
!
Computing Possibly
Scan lattice, level after level
If holds in one global state, then Possibly( )
!00
!10 !
01
!11 !
02
!12
!22
!32
!42
!03
!13
!23
!31
!41
!43
!33
!44
!45
!65
!64
!63
!53
!54
!21
!55
!
!
Computing Possibly
Scan lattice, level after level
If holds in one global state, then Possibly( )
!00
!10 !
01
!11 !
02
!12
!22
!32
!42
!03
!13
!23
!31
!41
!43
!33
!44
!45
!65
!64
!63
!53
!54
!21
!55
!
!
Computing Possibly
Scan lattice, level after level
If holds in one global state, then Possibly( )
!00
!10 !
01
!11 !
02
!12
!22
!32
!42
!03
!13
!23
!31
!41
!43
!33
!44
!45
!65
!64
!63
!53
!54
!21
!55
!
!
Computing Possibly
Scan lattice, level after level
If holds in one global state, then Possibly( )
!00
!10 !
01
!11 !
02
!12
!22
!32
!42
!03
!13
!23
!41
!43
!33
!44
!45
!65
!64
!63
!53
!54
!21
!55
!
!
!31
Possibly (x = y ! 2)
Computing DefinitelyScan lattice, level after level
!00
!10 !
01
!11 !
02
!12
!22
!32
!42
!03
!13
!23
!31
!41
!43
!33
!44
!45
!65
!64
!63
!53
!54
!21
!55
Computing DefinitelyScan lattice, level after level
Given a level, only expand nodes that correspond to states for which
!00
!10 !
01
!11 !
02
!12
!22
!32
!42
!03
!13
!23
!31
!41
!43
!33
!44
!45
!65
!64
!63
!53
!54
!21
!55
¬!
Computing DefinitelyScan lattice, level after level
Given a level, only expand nodes that correspond to states for which
If no such state, then Definitely( )
If reached last state , and , then ¬Definitely( )
!00
!10 !
01
!11 !
02
!12
!22
!32
!42
!03
!13
!23
!31
!41
!43
!33
!44
!45
!65
!64
!63
!53
!54
!21
!55
!
!
¬!
!l
!("l)
Computing DefinitelyScan lattice, level after level
Given a level, only expand nodes that correspond to states for which
If no such state, then Definitely( )
If reached last state , and , then ¬Definitely( )!
!
¬!
!l
!("l)
!00
!10 !
01
!11 !
02
!12
!22
!03
!13
!23
!31
!41
!21
!32
!42
!33
Definitely (x = y)
Building the lattice:collecting local statesTo build the global states in the lattice, collects local states from each process.
keeps the set of local states received from in a FIFO queue
Key questions:
1. when is it safe for to discard a local state of ?
2. Given level of the lattice, how does one build level ?
p0
pi
p0
p0
pi!ki
i
i + 1
Qi
Garbage-collecting local states
For each local state , we need to determine:
, the earliest consistent state that can belong to
, the latest consistent state that . can belong to
!ki
!ki
!min(!ki ))
!max(!ki ))
!ki
Defining “earliest” and “latest”
Consistent Global State
Defining “earliest” and “latest”
Consistent Global State
Consistent Cut
Defining “earliest” and “latest”
Consistent Global State
Consistent Cut
Frontier
Defining “earliest” and “latest”
Consistent Global State
Consistent Cut
Frontier
Vector Clock
Defining “earliest” and “latest”
Associate a vector clock with each consistent global state
is the consistent global state with the lowest vector clock that has on its frontier
is the one with the highest
Consistent Global State
Consistent Cut
Frontier
Vector Clock
!min(!ki ))
!max(!ki ))
!ki
Computing !min
[1,0,0]
[1,0,0] [1,2,0]
[2,0,0]
[0,0,1] [0,0,2] [1,5,3] [4,5,4] [4,5,5]
[1,3,1]
[1,4,1]
[1,5,1]
[3,4,1] [4,4,1] [5,5,5]
[1,6,1]
Label with
and have the same vector clock!
!ki
!ki VC(ek
i )
!min(!ki ) !
ki
!min(!ki ) = (!c1
1, !c2
2, . . . , !cn
n ) : !j : cj = VC(!ki )[j]
Computing [1,0,0]
[1,0,0] [1,2,0]
[2,0,0]
[0,0,1] [0,0,2] [1,5,3] [4,5,4] [4,5,5]
[1,3,1]
[1,4,1]
[1,5,1]
[3,4,1] [4,4,1] [5,5,5]
[1,6,1]
!ki
!max
!max(!ki ) = (!c1
1, !
c2
2, . . .!
cn
n ) :
!"j : VC(!cj
j )[i] # VC(!ki )[i]
!((!cj
j = !cf
j ) " VC(!cj+1
j )[i] > VC(!ki )[i]))
Computing [1,0,0]
[1,0,0] [1,2,0]
[2,0,0]
[0,0,1] [0,0,2] [1,5,3] [4,5,4] [4,5,5]
[1,3,1]
[1,4,1]
[1,5,1]
[3,4,1] [4,4,1] [5,5,5]
[1,6,1]
!ki
!max
!max(!ki ) = (!c1
1, !
c2
2, . . .!
cn
n ) :
!"j : VC(!cj
j )[i] # VC(!ki )[i]
!((!cj
j = !cf
j ) " VC(!cj+1
j )[i] > VC(!ki )[i]))
set of local statesone for each process, s.t.
Computing [1,0,0]
[1,0,0] [1,2,0]
[2,0,0]
[0,0,1] [0,0,2] [1,5,3] [4,5,4] [4,5,5]
[1,3,1]
[1,4,1]
[1,5,1]
[3,4,1] [4,4,1] [5,5,5]
[1,6,1]
!ki
!max
!max(!ki ) = (!c1
1, !
c2
2, . . .!
cn
n ) :
!"j : VC(!cj
j )[i] # VC(!ki )[i]
!((!cj
j = !cf
j ) " VC(!cj+1
j )[i] > VC(!ki )[i]))
set of local statesone for each process, s.t. all local states are pair-
wise consistent with !ki
Computing [1,0,0]
[1,0,0] [1,2,0]
[2,0,0]
[0,0,1] [0,0,2] [1,5,3] [4,5,4] [4,5,5]
[1,3,1]
[1,4,1]
[1,5,1]
[3,4,1] [4,4,1] [5,5,5]
[1,6,1]
!ki
!max
!max(!ki ) = (!c1
1, !
c2
2, . . .!
cn
n ) :
!"j : VC(!cj
j )[i] # VC(!ki )[i]
!((!cj
j = !cf
j ) " VC(!cj+1
j )[i] > VC(!ki )[i]))
set of local statesone for each process, s.t. all local states are pair-
wise consistent with !ki
and they are the last such state
Assembling the levelsTo build level
wait until each contains a local state for whose vector clock:
To build level For each global state on level , build
Using s, check whether these global states are consistent
l
Qi
!n
i=1VC[i] ! l
l + 1
l
!i1,i2,...,in
VC
!i1+1,i2,...,in
,
!i1,i2+1,...,in
, . . . ,
!i1,i2,...,in+1