Exercise 8.1 Verifying Operating Systems

(1)

Applied Automata Theory (WS 2014/2015) Technische Universit¨ at Kaiserslautern

Exercise Sheet 8

Prof. Dr. Roland Meyer, Reiner H¨ uchting Due: Tue, Jan 06

Exercise 8.1 Verifying Operating Systems

Our goal is to verify an operating system that runs k processes and has a scheduler.

Consider the following B¨ uchi automata:

A _OS := A _P

₁

k . . . k A _P

_k

: Describes the behaviour of the operating system, where A P

i

represents the behavior of process P i .

A _Sched : Describes the scheduling strategy.

A _Prop : Describes a property to be checked.

Our verification task amounts to solving the following model checking problem:

L(A _OS ) ∩ L(A _Sched ) ⊆ L(A _Prop ).

To solve this problem in a general way, we introduce a most general scheduling B¨ uchi automaton A _MG that allows for arbitrary behaviours of the scheduler:

q 0

P ₁ w(P 1 )

s(P ₁ )

P _k w(P _k )

s(P k ) . . . . . . . . .

The scheduler can randomly wake up (w(P i )) and suspend (s(P i )) processes and the processes only work when awake. Unfortunately, this general scheduler is not fair : it does not necessarily wake up each process infinitely often.

(a) Modify A MG to a fair automaton A MGF that wakes up every process infinitely often.

Keep A _MGF as general as possible, do not implement a concrete scheduling strategy.

(b) Present an automaton A RR that describes the Round Robin scheduling strategy.

What is the relationship between L(A _RR ) and L(A _MG ) respectively L(A _MGF )?

(c) Why can you conclude L(A OS ) ∩ L(A RR ) ⊆ L(A Prop ) from L(A OS ) ∩ L(A MGF ) ⊆ L(A Prop )?

Exercise 8.2 NBA Emptiness and Membership

Let A be an NBA and uv ^ω be an ω-word. Give algorithms that decide whether:

L(A) = ∅ uv ^ω ∈ L(A).

(2)

Exercise 8.3 NBA Complementation Consider the NBA A over Σ = {a, b} below:

q ₀ q ₁

a b

Use B¨ uchi’s complementation method discussed in class to compute L(A) and L(A).

Exercise 8.4 Travelling Santa

Santa has decided to swap his traditional sleigh for the brand new Chrismas Racer 3000, equipped with the state of the art automata driven navigation system Rudolph Go v0.99beta. The automaton A _Rudolph controlling Rudolph is depicted below:

North

Pole refill

North America

1,2 1,2

South America 1,2

1,2

Europe 1,2 1,2

Africa 1,2 1,2

1,2 Asia 1,2

1,2 1,2

Australia 1,2 1,2

South Pole

1,2

1,2 1,2

1,2

Each time Santa lifts off, Rudolph randomly chooses a neighbouring continent. Santa drops one or two presents every time he enters a region and he can refill at the north pole. Currently, Rudolph cannot prevent Santa from running out of presents. Please help Santa by upgrading Rudolph to version 1.0:

Exercise 8.1 Verifying Operating Systems

Applied Automata Theory (WS 2014/2015) Technische Universit¨ at Kaiserslautern

Exercise Sheet 8

Prof. Dr. Roland Meyer, Reiner H¨ uchting Due: Tue, Jan 06

Exercise 8.1 Verifying Operating Systems

Our goal is to verify an operating system that runs k processes and has a scheduler.

Consider the following B¨ uchi automata:

A OS := A P

k . . . k A P

: Describes the behaviour of the operating system, where A P

represents the behavior of process P i .

A Sched : Describes the scheduling strategy.

A Prop : Describes a property to be checked.

Our verification task amounts to solving the following model checking problem:

L(A OS ) ∩ L(A Sched ) ⊆ L(A Prop ).

To solve this problem in a general way, we introduce a most general scheduling B¨ uchi automaton A MG that allows for arbitrary behaviours of the scheduler:

q 0

P 1 w(P 1 )

s(P 1 )

P k w(P k )

s(P k ) . . . . . . . . .

The scheduler can randomly wake up (w(P i )) and suspend (s(P i )) processes and the processes only work when awake. Unfortunately, this general scheduler is not fair : it does not necessarily wake up each process infinitely often.

(a) Modify A MG to a fair automaton A MGF that wakes up every process infinitely often.

Keep A MGF as general as possible, do not implement a concrete scheduling strategy.

(b) Present an automaton A RR that describes the Round Robin scheduling strategy.

What is the relationship between L(A RR ) and L(A MG ) respectively L(A MGF )?

(c) Why can you conclude L(A OS ) ∩ L(A RR ) ⊆ L(A Prop ) from L(A OS ) ∩ L(A MGF ) ⊆ L(A Prop )?

Exercise 8.2 NBA Emptiness and Membership

Let A be an NBA and uv ω be an ω-word. Give algorithms that decide whether:

L(A) = ∅ uv ω ∈ L(A).

Exercise 8.3 NBA Complementation Consider the NBA A over Σ = {a, b} below:

q 0 q 1

a b

a b

Use B¨ uchi’s complementation method discussed in class to compute L(A) and L(A).

Exercise 8.4 Travelling Santa

Santa has decided to swap his traditional sleigh for the brand new Chrismas Racer 3000, equipped with the state of the art automata driven navigation system Rudolph Go v0.99beta. The automaton A Rudolph controlling Rudolph is depicted below:

(a) Determine the minimum present capacity of the sleigh needed not to run empty.

(b) Give an NBA A Sleigh modelling how the number of presents in Santa’s sleigh changes.

(c) Explain how one can use A Rudolph and A Sleigh to create a controller that guarantees Santa to never run out of presents.

(d) How can you modify the controller so that all continents are visited infinitely often?

A _OS := A _P

k . . . k A _P

A _Sched : Describes the scheduling strategy.

A _Prop : Describes a property to be checked.

L(A _OS ) ∩ L(A _Sched ) ⊆ L(A _Prop ).

To solve this problem in a general way, we introduce a most general scheduling B¨ uchi automaton A _MG that allows for arbitrary behaviours of the scheduler:

P ₁ w(P 1 )

s(P ₁ )

P _k w(P _k )

Keep A _MGF as general as possible, do not implement a concrete scheduling strategy.

What is the relationship between L(A _RR ) and L(A _MG ) respectively L(A _MGF )?

Let A be an NBA and uv ^ω be an ω-word. Give algorithms that decide whether:

L(A) = ∅ uv ^ω ∈ L(A).

q ₀ q ₁

Santa has decided to swap his traditional sleigh for the brand new Chrismas Racer 3000, equipped with the state of the art automata driven navigation system Rudolph Go v0.99beta. The automaton A _Rudolph controlling Rudolph is depicted below:

(b) Give an NBA A _Sleigh modelling how the number of presents in Santa’s sleigh changes.