ch7 - Chapter 7 Safety & Liveness Properties...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon
Concurrency: safety & liveness properties 1 ©Magee/Kramer 2 nd Edition Chapter 7 Safety & Liveness Properties
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Concurrency: safety & liveness properties 2 ©Magee/Kramer 2 nd Edition safety & liveness properties Concepts properties true for every possible execution safety : nothing bad happens liveness : something good  eventually  happens    Models : safety :  no reachable  ERROR/STOP  state progress an action is  eventually  executed   fair choice and action priority Practice :   threads and monitors Aim :  property satisfaction.
Background image of page 2
Concurrency: safety & liveness properties 3 ©Magee/Kramer 2 nd Edition   STOP  or deadlocked state (no outgoing transitions)   ERROR  process (-1) to detect erroneous behaviour 7.1 Safety ACTUATOR =(command->ACTION), ACTION =(respond->ACTUATOR |command-> ERROR ). Trace to ERROR: command command  analysis using LTSA: (shortest trace) safety  property asserts that nothing  bad  happens. command respond -1 0 1
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Concurrency: safety & liveness properties 4 ©Magee/Kramer 2 nd Edition Safety - property specification ERROR  conditions state what is  not  required (cf. exceptions).  in complex systems, it is usually better to specify safety  properties   by stating  directly what  is  required.  property SAFE_ACTUATOR = (command -> respond -> SAFE_ACTUATOR ).   analysis using  LTSA  as before.  command respond respond -1 0 1
Background image of page 4
Concurrency: safety & liveness properties 5 ©Magee/Kramer 2 nd Edition Safety properties property POLITE = Property  that it is polite to knock before entering a room. Traces: knock enter enter knock knock (knock->enter->POLITE). In  all  states,  all  the  actions  in the alphabet  of  a property are eligible  choices.  knock enter -1 0 1
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Concurrency: safety & liveness properties 6 ©Magee/Kramer 2 nd Edition Safety properties Safety property P  defines a deterministic process that asserts  that any trace including actions in the alphabet of  P,  is accepted by  P . Thus, if  P  is composed with  S , then traces of actions in the alphabet of  S   alphabet of  P  must also be valid traces of  P , otherwise  ERROR  is  reachable.  Transparency of safety properties :                           Since all  actions in the alphabet of a property are eligible choices, composing a property with a  set of processes does not affect their  correct  behavior. However, if a behavior can occur  which violates the safety property, then  ERROR  is reachable.    Properties must be  deterministic to be transparent. 
Background image of page 6
Concurrency: safety & liveness properties 7 ©Magee/Kramer 2 nd Edition Safety properties   How can we specify that some action,  disaster , never occurs?
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 8
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 59

ch7 - Chapter 7 Safety & Liveness Properties...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online