Results 1  10
of
48
Compositionality for probabilistic automata
 In Proc. 14th International Conference on Concurrency Theory (CONCUR 2003), volume 2761 of LNCS
, 2003
"... x ..."
(Show Context)
Robust emulation of shared memory using dynamic quorumacknowledged broadcasts
 In TwentySeventh Annual International Symposium on FaultTolerant Computing (FTCS’97
, 1997
"... This paper presents robust emulation of multiwriter/multireader registers in messagepassing systems using dynamic quorum congurations. In addition to processor and link failures, this emulation tolerates changes in quorum congurations, i.e., online replacements of one quorum system consisting of ..."
Abstract

Cited by 61 (12 self)
 Add to MetaCart
(Show Context)
This paper presents robust emulation of multiwriter/multireader registers in messagepassing systems using dynamic quorum congurations. In addition to processor and link failures, this emulation tolerates changes in quorum congurations, i.e., online replacements of one quorum system consisting of read and write quorums with another such system. This work extends the results of Attiya, BarNoy and Dolev [1] who showed how to emulate singlewriter/multireader registers robustly in messagepassing systems using majorities. The emulation in this paper is specied using a modular twolayer architecture. The lower layer uses unreliable broadcast to disseminate a request from the higher layer to a set of processors, and then to collect responses from a subset of the processors. The subset can be specied by a predicate or by using a quorum system. The lower layer then computes a function on the collected responses and returns the result to the higher layer. The broadcast can take advantage of hardwareassisted broadcast as we do not assume that the broadcast is reliable or that it has fifo, causal or atomic properties. The higher layer algorithm emulates robust multiwriter/multireader registers where quorum congurations are used to ensure that the registers are atomic.
Assumeguarantee verification for probabilistic systems
, 2009
"... Abstract. We present a compositional verification technique for systems that exhibit both probabilistic and nondeterministic behaviour. We adopt an assumeguarantee approach to verification, where both the assumptions made about system components and the guarantees that they provide are regular sa ..."
Abstract

Cited by 43 (15 self)
 Add to MetaCart
(Show Context)
Abstract. We present a compositional verification technique for systems that exhibit both probabilistic and nondeterministic behaviour. We adopt an assumeguarantee approach to verification, where both the assumptions made about system components and the guarantees that they provide are regular safety properties, represented by finite automata. Unlike previous proposals for assumeguarantee reasoning about probabilistic systems, our approach does not require that components interact in a fully synchronous fashion. In addition, the compositional verification method is efficient and fully automated, based on a reduction to the problem of multiobjective probabilistic model checking. We present asymmetric and circular assumeguarantee rules, and show how they can be adapted to form quantitative queries, yielding lower and upper bounds on the actual probabilities that a property is satisfied. Our techniques have been implemented and applied to several large case studies, including instances where conventional probabilistic verification is infeasible. 1
On the Space Complexity of Randomized Synchronization
 Journal of the ACM
, 1993
"... The "waitfree hierarchy" provides a classification of multiprocessor synchronization primitives based on the values of n for which there are deterministic waitfree implementations of nprocess consensus using instances of these objects and readwrite registers. In a randomized waitfree ..."
Abstract

Cited by 42 (8 self)
 Add to MetaCart
(Show Context)
The "waitfree hierarchy" provides a classification of multiprocessor synchronization primitives based on the values of n for which there are deterministic waitfree implementations of nprocess consensus using instances of these objects and readwrite registers. In a randomized waitfree setting, this classification is degenerate, since nprocess consensus can be solved using only O(n) readwrite registers. In this paper, we propose a classification of synchronization primitives based on the space complexity of randomized solutions to nprocess consensus. A historyless object, such as a readwrite register, a swap register, or a test&set register, is an object whose state depends only on the last nontrivial operation that was applied to it. We show that, using historyless objects,\Omega\Gamma p n) object instances are necessary to solve nprocess consensus. This lower bound holds even if the objects have unbounded size and the termination requirement is nondeterministi...
Deciding Bisimilarity and Similarity for Probabilistic Processes
, 2000
"... This paper deals with probabilistic and nondeterministic processes represented by a variant of labelled transition systems where any outgoing transition of a state s is augmented with probabilities for the possible successor states. Our main contribution are algorithms for computing the bisimulatio ..."
Abstract

Cited by 41 (4 self)
 Add to MetaCart
This paper deals with probabilistic and nondeterministic processes represented by a variant of labelled transition systems where any outgoing transition of a state s is augmented with probabilities for the possible successor states. Our main contribution are algorithms for computing the bisimulation equivalence classes as introduced by Larsen & Skou [44] and the simulation preorder `a la Segala & Lynch [57]. The algorithm for deciding bisimilarity is based on a variant of the traditional partitioning technique [43, 51] and runs in time O(mn(log m+ log n)) where m is the number of transitions and n the number of states. The main idea for computing the simulation preorder is the reduction to maximum flow problems in suitable networks. Using the method of Cheriyan, Hagerup & Mehlhorn [15] for computing the maximum flow, the algorithm runs in time O((mn 6 +m 2 n 3 )= log n). Moreover, we show that the networkbased technique is also applicable to compute the simulationlike relation...
Memory space requirements for selfstabilizing leader election protocols
 IN PODC99 PROCEEDINGS OF THE EIGHTEENTH ANNUAL ACM SYMPOSIUM ON PRINCIPLES OF DISTRIBUTED COMPUTING
, 1999
"... We study the memory requirements of selfstabilizing leader election (SSLE) protocols. We are mainly interested in two types of systems: anonymous systems and idbased systems. We consider two classes of protocols: deterministic ones and randomized ones. We prove that a nonconstant lower bound on t ..."
Abstract

Cited by 36 (16 self)
 Add to MetaCart
(Show Context)
We study the memory requirements of selfstabilizing leader election (SSLE) protocols. We are mainly interested in two types of systems: anonymous systems and idbased systems. We consider two classes of protocols: deterministic ones and randomized ones. We prove that a nonconstant lower bound on the memory space is required by a SSLE protocol on unidirectional, anonymous rings (even if the protocol is randomized). We show that, if there is a deterministic protocol solving a problem on idbased systems where the processor memory space is constant and the idvalues are not bounded then there is a deterministic protocol on anonymous systems using constant memory space that solves the same problem. Thus impossibility results on anonymous rings (i.e. one may design a deterministic SSLE protocol, only on prime size rings, under a centralized daemon) can be extended to those kinds of idbased rings. Nevertheless, it is possible to design a silent and deterministic SSLE protocol requiring constant memory space on unidirectional, idbased rings where the idvalues are bounded. We present such a protocol. We also present a randomized SSLE protocol and a token circulation protocol under an unfair, distributed daemon on anonymous and unidirectional rings of any size. We give a lower bound on memory space requirement proving that these protocols are space optimal. The memory space required is constant on average.
Modeling consensus in a process calculus
 In CONCUR: 14th International Conference on Concurrency Theory. LNCS
, 2003
"... Abstract. We give a process calculus model that formalizes a wellknown algorithm (introduced by Chandra and Toueg) solving consensus in the presence of a particular class of failure detectors (♦S); we use our model to formally prove that the algorithm satisfies its specification. 1 ..."
Abstract

Cited by 35 (5 self)
 Add to MetaCart
(Show Context)
Abstract. We give a process calculus model that formalizes a wellknown algorithm (introduced by Chandra and Toueg) solving consensus in the presence of a particular class of failure detectors (♦S); we use our model to formally prove that the algorithm satisfies its specification. 1
Observing Branching Structure through Probabilistic Contexts
 SIAM J. Comput
"... Abstract. Probabilistic automata (PAs) constitute a general framework for modeling and analyzing discrete event systems that exhibit both nondeterministic and probabilistic behavior, such as distributed algorithms and network protocols. The behavior of PAs is commonly defined using schedulers (also ..."
Abstract

Cited by 28 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Probabilistic automata (PAs) constitute a general framework for modeling and analyzing discrete event systems that exhibit both nondeterministic and probabilistic behavior, such as distributed algorithms and network protocols. The behavior of PAs is commonly defined using schedulers (also called adversaries or strategies), which resolve all nondeterministic choices based on past history. From the resulting purely probabilistic structures, trace distributions can be extracted, whose intent is to capture the observable behavior of a PA. However, when PAs are composed via an (asynchronous) parallel composition operator, a global scheduler may establish strong correlations between the behavior of system components and, for example, resolve nondeterministic choices in one PA based on the outcome of probabilistic choices in the other. It is well known that, as a result of this, the (lineartime) trace distribution precongruence is not compositional for PAs. In his 1995 Ph.D. thesis, Segala has shown that the (branchingtime) probabilistic simulation preorder is compositional for PAs. In this paper, we establish that the simulation preorder is, in fact, the coarsest refinement of the trace distribution preorder that is compositional. We prove our characterization result by providing (1) a context of a given PA A, called the tester, which may announce the state of A to the outside world, and (2) a specific global scheduler, called the observer, which ensures that the state information that is announced is actually correct. Now when another PA B is composed with the tester, it may generate the same external behavior as the observer only when it is able to simulate A in the sense that whenever A goes to some state s, B can go to a corresponding state u, from which it may generate the same external behavior. Our result shows that probabilistic contexts together with global schedulers are able to exhibit the branching structure of PAs.
Root Contention in IEEE 1394
, 1999
"... The model of probabilistic I/O automata of Segala and Lynch is used for the formal speci cation and analysis of the root contention protocol from the physical layer of the IEEE 1394 ("FireWire") standard. In our model ..."
Abstract

Cited by 27 (4 self)
 Add to MetaCart
The model of probabilistic I/O automata of Segala and Lynch is used for the formal speci cation and analysis of the root contention protocol from the physical layer of the IEEE 1394 ("FireWire") standard. In our model
Automated Verification of a Randomized Distributed Consensus Protocol Using Cadence SMV and PRISM
, 2001
"... We consider the randomized consensus protocol of Aspnes and Herlihy for achieving agreement among N asynchronous processes that communicate via read/write shared registers. The algorithm guarantees termination in the presence of stopping failures within polynomial expected time. Processes proceed th ..."
Abstract

Cited by 27 (17 self)
 Add to MetaCart
(Show Context)
We consider the randomized consensus protocol of Aspnes and Herlihy for achieving agreement among N asynchronous processes that communicate via read/write shared registers. The algorithm guarantees termination in the presence of stopping failures within polynomial expected time. Processes proceed through possibly unboundedly many rounds; at each round, they read the status of all other processes and attempt to agree. Each attempt involves a distributed random walk: when processes disagree, a shared coinipping protocol is used to decide their next preferred value. Achieving polynomial expected time depends on the probability that all processes draw the same value being above an appropriate bound. For the nonprobabilistic part of the algorithm, we use the proof assistant Cadence SMV to prove validity and agreement for all N and for all rounds. The coinipping protocol is verified using the probabilistic model checker PRISM. For a finite number of processes (up to 10) we automatically calculate the minimum probability of the processes drawing the same value. The correctness of the full protocol follows from the separately proved properties. This is the first time a complex randomized distributed algorithm has been mechanically verified.