Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000

Download Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000

Post on 18-Dec-2015

215 views

Category:

Documents

2 download

Embed Size (px)

TRANSCRIPT

<ul><li> Slide 1 </li> <li> Fault-Tolerant Real-Time Networks Tom Henzinger UC Berkeley MURI Kick-off Workshop Berkeley, May 2000 </li> <li> Slide 2 </li> <li> Participants Mostafa Ammar (Georgia Tech) Luca de Alfaro (Univ of California, Berkeley) Tom Henzinger (Univ of California, Berkeley) Idit Keidar (MIT) Nancy Lynch (MIT) Kang Shin (Univ of Michigan) Kishor Trivedi (Duke Univ) Avideh Zakhor (Univ of California, Berkeley) </li> <li> Slide 3 </li> <li> Network Protocols: The Conventional Research Tasks Design Experiment Analysis validatepredict </li> <li> Slide 4 </li> <li> Network Protocols: Our View of the Research Tasks Design Experiment Analysis validatepredict Theory Practice Formal Modeling Design Methodology </li> <li> Slide 5 </li> <li> Network Protocols: The Research Issues Rely on weaker assumptions: Dynamic traffic changes Dynamic network changes (e.g. faults) Heterogeneous network properties (e.g. wireless) Heterogeneous collection of protocols Provide stronger guarantees: Reliability (e.g. no packet loss) Real time (e.g. multimedia) Inter-stream and inter-protocol fairness Network stability and utilization Security </li> <li> Slide 6 </li> <li> Formal Modeling and Analysis: The Algorithmic Approach Model Checking Tool Formal model Desired property Affirmation or Failure scenario State space exploration Decomposition of the analysis Protocol Formal Automatic </li> <li> Slide 7 </li> <li> Formal Modeling and Analysis: The Algorithmic Approach What we know how to do well: Highly concurrent systems Very large but regular systems (e.g. hardware) Reliability and fairness properties What we dont know how to do well: Real time Global properties (e.g. performance, utilization) Dynamically changing systems Heterogeneous systems Uncertain behavior (probabilistic models) Adversarial behavior (game modes) </li> <li> Slide 8 </li> <li> Formal Modeling and Analysis: The Algorithmic Approach What helps? Design structure which enables the decomposition of the analysis </li> <li> Slide 9 </li> <li> Formal Modeling and Analysis: The Algorithmic Approach What helps? Design structure which enables the decomposition of the analysis Examples of design structure: Spatial hierarchy (e.g. process, host, subnet) Temporal hierarchy (e.g. bit, packet, message) Orthogonalize concerns (e.g. syntax, process semantics, communication semantics, timing, probabilities) </li> <li> Slide 10 </li> <li> Assume-Guarantee Reasoning R &lt; S Sender Receiver Property || has </li> <li> Slide 11 </li> <li> Assume-Guarantee Reasoning R R &lt; &lt; S S </li> <li> Slide 12 </li> <li> R R &lt; &lt; S R S S S R &lt; </li> <li> R R -&gt; S R S S RS RS &amp; &amp; &amp; &amp; </li> <li> Slide 17 </li> <li> Assume-Guarantee Reasoning R R -&gt; S S RS &amp; &amp; &amp; &amp; R R S S R R S S Need Receptiveness! </li> <li> Slide 18 </li> <li> Decomposing the Analysis We have assume-guarantee methods: Parallel (spatial) composition Reliability properties We need assume-guarantee methods: Sequential (temporal) composition Real-time properties Probabilistic properties (e.g. fault tolerance, performance) Adversarial properties (e.g. security) </li> <li> Slide 19 </li> <li> Masaccio: A Formal Model for Hierarchical Real-Time Processes Predecessor models and tools: Reactive Modules and Mocha (spatial hierarchy) Hybrid Automata and HyTech (real time) The new model includes: Parallel and sequential composition, arbitrarily nested Real-time behavior </li> <li> Slide 20 </li> <li> Masaccio: A Formal Model for Hierarchical Real-Time Processes Short-term plan: Assume-guarantee decomposition Model checking algorithms Long-term plan: Stochastic behavior and analysis Adversarial behavior and analysis </li> <li> Slide 21 </li> <li> Masaccio: A Formal Model for Hierarchical Real-Time Processes Semantics: Process = interface + behaviors Interface (the statics): Input and output variables (data) Some of the variables are real-valued clocks Entry and exit locations (control) Behavior (the dynamics): Sequence of transitions (instantaneous) and delays (real-valued duration) Variables may change with transitions Clocks change with delays </li> <li> Slide 22 </li> <li> Masaccio: A Formal Model for Hierarchical Real-Time Processes Syntax: Process = operators applied to atomic processes Operators (six): Parallel and sequential composition Variable and location renaming (connection) Variable and location hiding (abstraction) Atomic processes (two): Atomic discrete process = guarded difference equation Atomic continuous process = guarded differential equation </li> <li> Slide 23 </li> <li> Masaccio: A Formal Model for Hierarchical Real-Time Processes Example: Send a message every 5 time units. P = hide x in (C+D) /* m: message (output) */ /* x: clock (hidden) */ C: x x:=1 D: x=5 -&gt; m:=msg; x:=0 Behavior: delay of duration 5 followed by transition that sends a message and resets the clock x to 0, followed by delay of duration 5 etc. </li> <li> Slide 24 </li> <li> Summary of Activities Compositional modeling of hierarchical real-time processes Time, games, and probabilities in model checking Rich APIs for network protocols (Luca de Alfaro) </li> </ul>