
Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A homework assignment for the cpsc 668: distributed algorithms and systems course, focusing on proving the correctness of a marble jar system using safety and progress properties. Students are required to define a metric function to prove termination and an invariant to ensure the correctness of the system in all reachable configurations.
Typology: Assignments
1 / 1
This page cannot be seen from the preview
Don't miss anything!

Objective: The purpose of this homework is to provide experience in proving the correctness of action systems. This exercise will provide some familiarity with safety and progress properties. It will also provide practice in proving such properties using invariants and metric functions, respectively.
Let J be a jar containing a finite multi-set of red, blue, and green marbles. Recall that a multi-set is an unordered collection that may contain arbitrarily many duplicates of each element. Initially |J| > 1 , but the actual distribution of the marbles is unknown. Assume also that there is an infinite supply of additional red, blue, and green marbles outside of the jar. Consider the following non-deterministic action system:
{g, r} ⊆ J 7 −→ J′^ := (J − {g, r}) ∪ {r} (1) {r, b} ⊆ J 7 −→ J′^ := (J − {r, b}) ∪ {g} (2) {b, g} ⊆ J 7 −→ J′^ := (J − {b, g}) ∪ {r} (3) {g, g} ⊆ J 7 −→ J′^ := (J − {g, g}) ∪ {g} (4) {r, r} ⊆ J 7 −→ J′^ := (J − {r, r}) ∪ {g, g} (5) {b, b} ⊆ J 7 −→ J′^ := (J − {b, b}) ∪ {r, b, g} (6)
This program consists of six actions. Each action has a guard on the left followed by a command on the right. An action is said to be enabled iff the predicate in its guard evaluates to true. Execution proceeds by continually selecting any enabled action to execute its corresponding command. For example, in any configuration containing at least two red marbles, action (5) will be enabled. If selected for execution, this action causes two red marbles to be removed from J and two green marbles to be added back into J.
Progress: Does the program always terminate?
The program terminates only if the jar eventually contains fewer than two marbles. Clearly, the program terminates for some initial configurations, but perhaps it does not terminate for all possible configurations. To prove termination, define a metric function M : J → IN that maps each possible configuration of J to some natural number in IN. Show that for every configuration of J with some enabled action(s), the value of M(J) always decreases regardless of which enabled action executes next. How did you find this metric?
Safety: What does this program compute?
This program computes a partial function on the initial distribution of marbles. What does it compute? Define an invariant for the program and prove by induction that it holds in all reachable configurations. Recall that an invariant is a predicate function I : J → on the state of the program J such that (1) I(J 0 ) = true for every initial configuration J 0 , and (2) I(Jk) = true for every reachable configuration Jk resulting from the execution of k consecutive enabled actions.