Reconciling nondeterministic and probabilistic choices

This thesis is written in the context of probabilistic verification. Our primary goal is to develop modeling frameworks that can be used for both specification and verification of randomized distributed algorithms. We focus on semantic aspects of such modeling frameworks; for example, we try to give precise mathematical semantics to processes definable in these frameworks and we prove basic theorems that allow us to manipulate and reason with semantic objects. Our models typically allow both nondeterministic and probabilistic choices. In order to obtain well-defined probability distributions from a specification, one must somehow aauntangle'' these two types of choices. This is usually done by means of adversaries/schedulers, which resolve all nondeterministic choices in a specification. We study mathematical properties of adversaries and try to understand how different definitions of parallel composition translate into different assumptions on the behavior of adversaries. This allows us to identify some key properties of adversaries that affect compositionality of trace-style semantics. We also try to make a connection between the notions of adversaries captured by our formal definitions and those that are actually used in distributed computing,for example, in the areas of security protocols and randomized consensus. This thesis is organized into three parts. In Part I, we work with Segala's Probabilistic Automata model and prove many technical theorems regarding adversaries and their induced probability distributions. These results are then used to extend the testing semantics proposed by Stoelinga and Vaandrager. In Part II, we introduce our own variant of Probabilistic Input/Output Automata and use that as a basis of two specialized models, both of which come with a compositional trace-style semantics. Finally, Part III presents a randomized consensus algorithm, together with a manual correctness proof and a mechanized analysis using the probabilistic model checker PRISM.

[1]  Michael A. Bender,et al.  Efficient execution of nondeterministic parallel programs on asynchronous systems , 1996, SPAA '96.

[2]  Simona Orzan,et al.  On Distributed Verification and Verified Distribution , 2004 .

[3]  S. Hart,et al.  Termination of Probabilistic Concurrent Programs. , 1982 .

[4]  Joost-Pieter Katoen,et al.  On Generative Parallel Composition , 1998, PROBMIV.

[5]  Nancy A. Lynch,et al.  An introduction to input/output automata , 1989 .

[6]  B. Nordstrom FINITE MARKOV CHAINS , 2005 .

[7]  Richard E. Overill,et al.  Foundations of Cryptography: Basic Tools , 2002, J. Log. Comput..

[8]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[9]  Brian A. Davey,et al.  An Introduction to Lattices and Order , 1989 .

[10]  Michael O. Rabin,et al.  How To Exchange Secrets with Oblivious Transfer , 2005, IACR Cryptol. ePrint Arch..

[11]  Dino Salvo Distefano,et al.  On model checking the dynamics of object-based software : a foundational approach , 2003 .

[12]  J.J.H. Fey,et al.  Design of a fruit juice blending and packaging plant , 2000 .

[13]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[14]  Leslie Pack Kaelbling,et al.  Planning and Acting in Partially Observable Stochastic Domains , 1998, Artif. Intell..

[15]  Olga Tveretina,et al.  A Decision Procedure for Equality Logic with Uninterpreted Functions , 2004, AISC.

[16]  Marta Z. Kwiatkowska,et al.  Verifying Randomized Byzantine Agreement , 2002, FORTE.

[17]  M. Oostdijk Generation and presentation of formal mathematical documents , 2001 .

[18]  Andrew C. Myers,et al.  Language-based information-flow security , 2003, IEEE J. Sel. Areas Commun..

[19]  Frits W. Vaandrager,et al.  Root Contention in IEEE 1394 , 1999, ARTS.

[20]  Erik P. de Vink,et al.  A hierarchy of probabilistic system types , 2003, CMCS.

[21]  V Victor Bos,et al.  Formal specification and analysis of industrial systems , 2002 .

[22]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[23]  Peter Verbaan,et al.  The Computational Complexity of Evolving Systems , 2006 .

[24]  Nancy A. Lynch,et al.  Using Probabilistic I/O Automata to Analyze an Oblivious Transfer Protocol , 2005, IACR Cryptol. ePrint Arch..

[25]  Philippe Flajolet,et al.  Mathematics and Computer Science II , 2002 .

[26]  Michael O. Rabin,et al.  The choice coordination problem , 1982, Acta Informatica.

[27]  Frederick P. Brooks,et al.  No Silver Bullet: Essence and Accidents of Software Engineering , 1987 .

[28]  Michael A. Bender,et al.  Efficient Execution of Nondeterministic Parallel Programs on Asynchronous Systems , 1997, Inf. Comput..

[29]  Birgit Pfitzmann,et al.  A General Composition Theorem for Secure Reactive Systems , 2004, TCC.

[30]  Håkan L. S. Younes,et al.  Numerical vs. Statistical Probabilistic Model Checking: An Empirical Study , 2004, TACAS.

[31]  Jan A. Bergstra,et al.  Verification of an alternating bit protocol by means of process algebra , 1985, Mathematical Methods of Specification and Synthesis of Software Systems.

[32]  Tac Tim Willemse Semantics and verification in process algebras with data and timing , 2003 .

[33]  John C. Mitchell,et al.  Probabilistic Bisimulation and Equivalence for Security Analysis of Network Protocols , 2004, FoSSaCS.

[34]  Marcos K. Aguilera,et al.  Failure detection and consensus in the crash-recovery model , 2000, Distributed Computing.

[35]  H.M.A. van Beek,et al.  Specification and analysis of Internet applications , 2005 .

[36]  Christel Baier,et al.  Model checking for a probabilistic branching time logic with fairness , 1998, Distributed Computing.

[37]  Nancy A. Lynch,et al.  Proving time bounds for randomized distributed algorithms , 1994, PODC '94.

[38]  Farrokh Vatan,et al.  Distribution functions of probabilistic automata , 2001, STOC '01.

[39]  van Robert Liere,et al.  Studies in Interactive Visualization , 2001 .

[40]  Ivan Christoff,et al.  Testing Equivalences and Fully Abstract Models for Probabilistic Processes , 1990, CONCUR.

[41]  Marieke Huisman,et al.  Reasoning about Java programs in higher order logic using PVS and Isabelle , 2001 .

[42]  Bernhard Steffen,et al.  Reactive, Generative and Stratified Models of Probabilistic Processes , 1995, Inf. Comput..

[43]  R. A. Silverman,et al.  Introductory Real Analysis , 1972 .

[44]  M.H.G. Kesseler,et al.  The implementation of functional languages on parallel machines with distributed memory , 1996 .

[45]  Reinder J. Bril,et al.  Real-time scheduling for media processing using conditionally guaranteed budgets , 2004 .

[46]  Håkan L. S. Younes,et al.  Probabilistic Verification of Discrete Event Systems Using Acceptance Sampling , 2002, CAV.

[47]  Jan A. Bergstra,et al.  On the Consistency of Koomen's Fair Abstraction Rule , 1987, Theor. Comput. Sci..

[48]  James Aspnes,et al.  Lower bounds for distributed coin-flipping and randomized consensus , 1997, STOC '97.

[49]  Kim Guldstrand Larsen,et al.  Specification and refinement of probabilistic processes , 1991, [1991] Proceedings Sixth Annual IEEE Symposium on Logic in Computer Science.

[50]  Maurice Herlihy,et al.  Fast Randomized Consensus Using Shared Memory , 1990, J. Algorithms.

[51]  Ad M. G. Peeters,et al.  An asynchronous low-power 80C51 microcontroller , 1998, Proceedings Fourth International Symposium on Advanced Research in Asynchronous Circuits and Systems.

[52]  Hartmut Peter Benz,et al.  Casual Multimedia Process Annotations -- CoMPAs , 2003 .

[53]  Michael A. Bender,et al.  Efficient low-contention asynchronous consensus with the value-oblivious adversary scheduler , 2004, Distributed Computing.

[54]  Marta Z. Kwiatkowska,et al.  Automated Verification of a Randomized Distributed Consensus Protocol Using Cadence SMV and PRISM , 2001, CAV.

[55]  Amos Israeli,et al.  On processor coordination using asynchronous hardware , 1987, PODC '87.

[56]  G Georgina Fabian,et al.  A language and simulator for hybrid systems , 1999 .

[57]  Karl R. Abrahamson On achieving consensus using a shared memory , 1988, PODC '88.

[58]  John C. Mitchell,et al.  A probabilistic poly-time framework for protocol analysis , 1998, CCS '98.

[59]  Jpl John Segers Algorithms for the simulation of surface processes , 1999 .

[60]  Yonatan Aumann,et al.  Efficient asynchronous consensus with the weak adversary scheduler , 1997, PODC '97.

[61]  Rmc Rene Ahn,et al.  Agents, objects and events : a computational approach to knowledge, observation and communication , 2001 .

[62]  Shay Kutten,et al.  Time Optimal Self-Stabilizing Spanning Tree Algorithms , 1993, FSTTCS.

[63]  Mark Moir,et al.  Wait-free synchronization in multiprogrammed systems: integrating priority-based and quantum-based scheduling , 1999, PODC '99.

[64]  Manuel Núñez,et al.  Denotational Semantics for Probabilistic Refusal Testing , 1998, PROBMIV.

[65]  Ricardo Corin,et al.  Analysis Models for Security Protocols , 2006 .

[66]  Nancy A. Lynch,et al.  Probabilistic Simulations for Probabilistic Processes , 1994, Nord. J. Comput..

[67]  R. Blute,et al.  Bisimulation for Labeled Markov Processes , 1997 .

[68]  Nancy A. Lynch,et al.  Computer-Assisted Simulation Proofs , 1993, CAV.

[69]  Wang Yi,et al.  Testing preorders for probabilistic processes can be characterized by simulations , 2002, Theor. Comput. Sci..

[70]  Birgit Pfitzmann,et al.  A composable cryptographic library with nested operations , 2003, CCS '03.

[71]  R Rene Schiefer,et al.  Viper : a visualisation tool for parallel program construction , 1999 .

[72]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[73]  J. P. Warners,et al.  Nonlinear approaches to satisfiability problems , 1999 .

[74]  Sebastian Maneth,et al.  Models of tree translation , 2004 .

[75]  Judi Maria Tirza Romijn,et al.  Analysing Industrial Protocols with Formal Methods , 1999 .

[76]  R. V. Glabbeek CHAPTER 1 – The Linear Time - Branching Time Spectrum I.* The Semantics of Concrete, Sequential Processes , 2001 .

[77]  T. Kuipers,et al.  Techniques for understanding legacy software systems , 2002 .

[78]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[79]  D Dmitri Chkliaev,et al.  Mechanical verification of concurrency control and recovery protocols , 2001 .

[80]  Erik P. de Vink,et al.  Probabilistic Automata: System Types, Parallel Composition and Comparison , 2004, Validation of Stochastic Systems.

[81]  Wang Yi,et al.  Testing Probabilistic and Nondeterministic Processes , 1992, PSTV.

[82]  Mahesh Viswanathan,et al.  Statistical Model Checking of Black-Box Probabilistic Systems , 2004, CAV.

[83]  Joost Visser,et al.  Generic traversal over typed source code representations , 2003 .

[84]  Memorandum Cosor,et al.  Faculty of Mathematics and Computing Science , 1986 .

[85]  Mariëlle Stoelinga,et al.  Alea jacta est : verification of probabilistic, real-time and parametric systems , 2002 .

[86]  Wladyslaw M. Turski,et al.  No Silver Bullet - Essence and Accidents of Software Engineering - Response , 1986, IFIP Congress.

[87]  Rocco De Nicola,et al.  Testing Equivalences for Processes , 1984, Theor. Comput. Sci..

[88]  Amos Israeli,et al.  Wait-Free Consensus Using Asynchronous Hardware , 1994, SIAM J. Comput..

[89]  Nancy A. Lynch,et al.  Compositionality for Probabilistic Automata , 2003, CONCUR.

[90]  Ling Cheung,et al.  Switched Probabilistic I/O Automata , 2004, ICTAC.

[91]  Frits W. Vaandrager,et al.  A Testing Scenario for Probabilistic Automata , 2003, ICALP.

[92]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[93]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.

[94]  Ling Cheung,et al.  Causal Dependencies in Parallel Composition of Stochastic Processes , 2005 .

[95]  Ralf Küsters,et al.  On the Relationships between Notions of Simulation-Based Security , 2005, Journal of Cryptology.

[96]  Roberto Segala,et al.  A Compositional Trace-Based Semantics for Probabilistic Automata , 1995, CONCUR.

[97]  Mariëlle Stoelinga,et al.  An Introduction to Probabilistic Automata , 2002, Bull. EATCS.

[98]  Rance Cleaveland,et al.  Testing Preorders for Probabilistic Processes , 1992, Inf. Comput..

[99]  A. G. Engels,et al.  Languages for analysis and testing of event sequences , 2001 .

[100]  R. S. Venema,et al.  Aspects of an integrated neural prediction system , 1999 .

[101]  EO Esko Dijk Indoor ultrasonic position estimation using a single base station , 2004 .

[102]  Abbas Edalat Domain theory in stochastic processes , 1995, Proceedings of Tenth Annual IEEE Symposium on Logic in Computer Science.

[103]  G Giovanni Russello,et al.  Separation and adaptation of concerns in a shared data space , 2006 .

[104]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[105]  Ophir Rachman,et al.  Randomized Consensus in Expected O(n²log n) Operations , 1991, WDAG.

[106]  Ling Cheung,et al.  A testing scenario for probabilistic processes , 2007, JACM.

[107]  Thomas A. Henzinger,et al.  Compositional Methods for Probabilistic Systems , 2001, CONCUR.

[108]  Amir Pnueli,et al.  Verification of multiprocess probabilistic protocols , 2005, Distributed Computing.

[109]  Dimitri P. Bertsekas,et al.  Dynamic Programming and Optimal Control, Two Volume Set , 1995 .

[110]  Moshe Y. Vardi Automatic verification of probabilistic concurrent finite state programs , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[111]  Cruz Filipe,et al.  Constructive real analysis : a type-theoretical formalization and applications , 2004 .

[112]  John C. Mitchell,et al.  Composition of Cryptographic Protocols in a Probabilistic Polynomial-Time Process Calculus , 2003, CONCUR.

[113]  Dick Alstein,et al.  Distributed algorithms for hard real-time systems , 1996 .

[114]  Roberto Segala,et al.  Testing Probabilistic Automata , 1996, CONCUR.

[115]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[116]  Daan Leijen,et al.  The λ Abroad - A Functional Approach to Software Components , 2003 .

[117]  Alessandro Panconesi,et al.  On the importance of having an identity or, is consensus really universal? , 2005, Distributed Computing.

[118]  Scott A. Smolka,et al.  Composition and Behaviors of Probabilistic I/O Automata , 1994, Theor. Comput. Sci..

[119]  Birgit Pfitzmann,et al.  A model for asynchronous reactive systems and its application to secure message transmission , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[120]  Roberto Segala,et al.  Verification of the randomized consensus algorithm of Aspnes and Herlihy: a case study , 2000, Distributed Computing.

[121]  Erika Ábrahám,et al.  An Assertional Proof System for Multithreaded Java - Theory and Tool Support , 2005 .

[122]  J. K. Hunter,et al.  Measure Theory , 2007 .

[123]  Ling Cheung,et al.  Concise Graphs and Functional Bisimulations , 2004, CMCIM/GETCO@CONCUR.

[124]  D. Turi,et al.  Functional Operational Semantics and its Denotational Dual , 1996 .

[125]  Frits W. Vaandrager,et al.  Verification of a Leader Election Protocol: Formal Methods Applied to IEEE 1394 , 2000, Formal Methods Syst. Des..

[126]  Andrea Bianco,et al.  Model Checking of Probabalistic and Nondeterministic Systems , 1995, FSTTCS.

[127]  Amos Israeli,et al.  Optimal multi-writer multi-reader atomic register , 1992, PODC '92.

[128]  L. D. Alfaro The Verification of Probabilistic Systems Under Memoryless Partial-Information Policies is Hard , 1999 .

[129]  Kishor S. Trivedi Probability and Statistics with Reliability, Queuing, and Computer Science Applications , 1984 .

[130]  Jaap-Henk Hoepman,et al.  Communication, synchronization and fault tolerance , 1996 .

[131]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[132]  James Aspnes,et al.  Randomized Consensus in Expected O(n log² n) Operations Per Processor , 1996, SIAM J. Comput..

[133]  Maurice H. ter Beek,et al.  Team Automata: A Formal Approach to the Modeling of Collaboration Between System Components , 2003 .

[134]  Yonatan Aumann,et al.  Cooperative sharing and asynchronous consensus using single-reader single-writer registers , 1999, SODA '99.

[135]  Boudewijn R. Haverkort Performance of computer communication systems , 1998 .

[136]  Tushar Deepak Chandra Polylog randomized wait-free consensus , 1996, PODC '96.

[137]  Kim G. Larsen,et al.  Bisimulation through Probabilistic Testing , 1991, Inf. Comput..

[138]  Martijn Hendriks,et al.  Model checking timed automata : techniques and applications , 2006 .

[139]  Maurice Herlihy,et al.  On the space complexity of randomized synchronization , 1993, PODC '93.

[140]  Y Yuechen Qian,et al.  Data synchronization and browsing for home environments , 2004 .

[141]  Gabriele Lenzini,et al.  Integration of Analysis Techniques in Security and Fault-Tolerance , 2005 .

[142]  Bengt Jonsson,et al.  Probabilistic Process Algebra , 2001 .

[143]  Nancy A. Lynch,et al.  Switched PIOA: Parallel composition via distributed scheduling , 2006, Theor. Comput. Sci..

[144]  Håkan L. S. Younes Probabilistic Verification for "Black-Box" Systems , 2005, CAV.

[145]  Birgit Pfitzmann,et al.  Composition and integrity preservation of secure reactive systems , 2000, CCS.