Proving Correctness of a Marble Jar System in Distributed Algorithms and Systems, Assignments of Computer Science

A homework assignment for the cpsc 668: distributed algorithms and systems course, focusing on proving the correctness of a marble jar system using safety and progress properties. Students are required to define a metric function to prove termination and an invariant to ensure the correctness of the system in all reachable configurations.

Typology: Assignments

Pre 2010

Uploaded on 02/10/2009

koofers-user-c8i
koofers-user-c8i 🇺🇸

9 documents

1 / 1

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CPSC 668: Distributed Algorithms and Systems
Homework #1 Due Thursday, September 15th at 9:30am
Objective: The purpose of this homework is to provide experience in proving the correctness of action
systems. This exercise will provide some familiarity with safety and progress properties. It will also provide
practice in proving such properties using invariants and metric functions, respectively.
Let Jbe a jar containing a finite multi-set of red, blue, and green marbles. Recall that a multi-set is an
unordered collection that may contain arbitrarily many duplicates of each element. Initially |J|>1 , but the
actual distribution of the marbles is unknown. Assume also that there is an infinite supply of additional red,
blue, and green marbles outside of the jar. Consider the following non-deterministic action system:
{g,r} J7−→ J0:=(J {g,r}) {r}(1)
{r,b} J7− J0:=(J {r,b}) {g}(2)
{b,g} J7−→ J0:=(J {b,g}) {r}(3)
{g,g} J7−→ J0:=(J {g,g}) {g}(4)
{r,r} J7− J0:=(J {r,r}) {g,g}(5)
{b,b} J7−→ J0:=(J {b,b}) {r,b,g}(6)
This program consists of six actions. Each action has a guard on the left followed by a command on the
right. An action is said to be enabled iffthe predicate in its guard evaluates to true. Execution proceeds
by continually selecting any enabled action to execute its corresponding command. For example, in any
configuration containing at least two red marbles, action (5) will be enabled. If selected for execution, this
action causes two red marbles to be removed from Jand two green marbles to be added back into J.
Progress: Does the program always terminate?
The program terminates only if the jar eventually contains fewer than two marbles. Clearly, the program
terminates for some initial configurations, but perhaps it does not terminate for all possible configurations.
To prove termination, define a metric function M:JIN that maps each possible configuration of Jto
some natural number in IN. Show that for every configuration of Jwith some enabled action(s), the value
of M(J) always decreases regardless of which enabled action executes next. How did you find this metric?
Safety: What does this program compute?
This program computes a partial function on the initial distribution of marbles. What does it compute?
Define an invariant for the program and prove by induction that it holds in all reachable configurations.
Recall that an invariant is a predicate function I:Jon the state of the program Jsuch that (1)
I(J0)=true for every initial configuration J0, and (2) I(Jk)=true for every reachable configuration Jk
resulting from the execution of kconsecutive enabled actions.

Partial preview of the text

Download Proving Correctness of a Marble Jar System in Distributed Algorithms and Systems and more Assignments Computer Science in PDF only on Docsity!

CPSC 668: Distributed Algorithms and Systems

Homework #1 — Due Thursday, September 15th at 9:30am

Objective: The purpose of this homework is to provide experience in proving the correctness of action systems. This exercise will provide some familiarity with safety and progress properties. It will also provide practice in proving such properties using invariants and metric functions, respectively.

Let J be a jar containing a finite multi-set of red, blue, and green marbles. Recall that a multi-set is an unordered collection that may contain arbitrarily many duplicates of each element. Initially |J| > 1 , but the actual distribution of the marbles is unknown. Assume also that there is an infinite supply of additional red, blue, and green marbles outside of the jar. Consider the following non-deterministic action system:

{g, r} ⊆ J 7 −→ J′^ := (J − {g, r}) ∪ {r} (1) {r, b} ⊆ J 7 −→ J′^ := (J − {r, b}) ∪ {g} (2) {b, g} ⊆ J 7 −→ J′^ := (J − {b, g}) ∪ {r} (3) {g, g} ⊆ J 7 −→ J′^ := (J − {g, g}) ∪ {g} (4) {r, r} ⊆ J 7 −→ J′^ := (J − {r, r}) ∪ {g, g} (5) {b, b} ⊆ J 7 −→ J′^ := (J − {b, b}) ∪ {r, b, g} (6)

This program consists of six actions. Each action has a guard on the left followed by a command on the right. An action is said to be enabled iff the predicate in its guard evaluates to true. Execution proceeds by continually selecting any enabled action to execute its corresponding command. For example, in any configuration containing at least two red marbles, action (5) will be enabled. If selected for execution, this action causes two red marbles to be removed from J and two green marbles to be added back into J.

Progress: Does the program always terminate?

The program terminates only if the jar eventually contains fewer than two marbles. Clearly, the program terminates for some initial configurations, but perhaps it does not terminate for all possible configurations. To prove termination, define a metric function M : J → IN that maps each possible configuration of J to some natural number in IN. Show that for every configuration of J with some enabled action(s), the value of M(J) always decreases regardless of which enabled action executes next. How did you find this metric?

Safety: What does this program compute?

This program computes a partial function on the initial distribution of marbles. What does it compute? Define an invariant for the program and prove by induction that it holds in all reachable configurations. Recall that an invariant is a predicate function I : J → ‚ on the state of the program J such that (1) I(J 0 ) = true for every initial configuration J 0 , and (2) I(Jk) = true for every reachable configuration Jk resulting from the execution of k consecutive enabled actions.