scispace - formally typeset
Search or ask a question
Proceedings ArticleDOI

Performance Modeling of a Quorum Pattern in Layered Service Systems

17 Sep 2007-pp 201-210
TL;DR: An analytic approximation is given for the delay to achieve the quorum, which also accounts for the contention and delay caused by the (N - K) delayed responses.
Abstract: Quorum consensus protocols execute requests in parallel and proceed once K out of N responses are received The performance of a system depends on the value of K, the distributions of the quorum response delays, and on the use of system resources by the N concurrent requests An analytic approximation is given for the delay to achieve the quorum, which also accounts for the contention and delay caused by the (N - K) delayed responses Compared to simulation results, our approximation gives reasonable accuracy; about 5% in most cases Our method is shown to be rapid and scalable

Summary (2 min read)

1. Introduction

  • The π-calculus [15] is a process algebra for modelling concurrency and mobility.
  • For both classes of systems, probability is often also a key ingredient.
  • For efficiency reasons, however, the authors take a compositional approach, applying MMCsp to each parallel component of a system, processing the results to produce a high-level description in the modelling language of PRISM and then performing probabilistic verification.
  • Various tools exist for automatic verification of the (non-probabilistic) π-calculus.
  • In [5], a variant which is essentially the same as that used in this paper was presented and probabilistic testing equivalences were defined to reason about randomised security protocols.

2. The simple probabilistic π-calculus

  • The π-calculus is a process algebra for modelling concurrency and mobility.
  • Any process not satisfying this condition can easily be converted to an structurally congruent one that does (through renaming of bound names).
  • The operational semantics for probabilistic extensions of the π-calculus are typically expressed in terms of MDPs or, equivalently, probabilistic automata [20], which allow both probabilistic and nondeterministic behaviour.
  • This allows a compositional approach to be adopted: given a parallel composition of several processes, the semantics of each can be computed in full separately, and then composed afterwards.
  • More specifically, it encodes the set of terms derivable from Q by substitutions applied to its input-bound names.

3. Generating PSTGs using MMC

  • In this section the authors describe the automatic generation of the probabilistic symbolic transition graph (PSTG) for an arbitrary process expressed in the simple probabilistic π-calculus.
  • Firstly it gives a clear and intuitive implementation; secondly, and more importantly, this encoding is provably correct [24], also known as This has several benefits.
  • The authors then adapt MMC’s predicate trans to represent the symbolic semantics of πsp.
  • This is effectively a depth-first traversal of the PSTG and enumeration of all states and probabilis- tic symbolic transitions found.
  • All bound names are given unique names (e.g. h417) and displayed on lines beginning >.

4. Translating PSTGs into PRISM

  • The scheme described in the previous section can be used to translate an arbitrary process described in the simple probabilistic π-calculus into its probabilistic symbolic transition graph (PSTG).
  • At the level of PSTGs, their restricted form ensures that there are no bounded output transitions x̄(y).
  • In brief, (1) is handled by enumerating the set of all free names (which is known since the system is input-closed), assigning each an (identically named) integer constant to represent it, and (2) is handled by introducing a synchronous action label for each required combination of process sender/receiver pair, channel and name.
  • The full semantics of the PRISM language can be found at [18].

5. Implementation and results

  • Firstly, the authors consider the dining cryptographers protocol (DCP) [6], Chaum’s randomised solution to the classic anonymity problem in which a group of N parties collectively establish whether either one of the group or an independent party has to make a payment.
  • Thirdly, the authors constructed a πsp model of mobile communication network (MCN), based on the (non-probabilistic) π-calculus model in [17].
  • The mobile station roams between the base stations.
  • Finally, the authors give the time to check a single PCTL property for each using PRISM (with the MTBDD engine).

6. Conclusions

  • In this paper the authors have demonstrated the feasibility of implementing model checking for the probabilistic πcalculus.
  • The variant of the calculus (with blind probabilistic choice) to which their techniques are applicable has proved to be expressive enough for the appropriate application domains (probabilistic algorithms for security and dynamic communication protocols with failures and/or randomisation) and yet amenable to analysis with extensions and adaptions of existing verifica- tion tools.
  • Furthermore the authors have shown, through its application to several large examples, the efficiency of the approach.
  • For convenience of modelling, the authors plan to add support for polyadic communication over channels.
  • Finally, the authors will investigate ways to further improve the efficiency of their implementation, in particular, with regards to the automatically generated PRISM code.

Did you find this useful? Give us your feedback

Content maybe subject to copyright    Report

HAL Id: inria-00201069
https://hal.inria.fr/inria-00201069
Submitted on 23 Dec 2007
HAL is a multi-disciplinary open access
archive for the deposit and dissemination of sci-
entic research documents, whether they are pub-
lished or not. The documents may come from
teaching and research institutions in France or
abroad, or from public or private research centers.
L’archive ouverte pluridisciplinaire HAL, est
destinée au dépôt et à la diusion de documents
scientiques de niveau recherche, publiés ou non,
émanant des établissements d’enseignement et de
recherche français ou étrangers, des laboratoires
publics ou privés.
Model checking the probabilistic pi-calculus
Gethin Norman, Catuscia Palamidessi, David Parker, Peng Wu
To cite this version:
Gethin Norman, Catuscia Palamidessi, David Parker, Peng Wu. Model checking the probabilistic
pi-calculus. 4th International Conference on the Quantitative Evaluation of SysTems (QEST), Sep
2007, Edinburgh, United Kingdom. pp.169-178, �10.1109/QEST.2007.27�. �inria-00201069�

Model checking the probabilistic π-calculus
Gethin Norman
1
, Catuscia Palamidessi
2
, David Parker
1
and Peng Wu
3
1
School of Computer Science, University of Birmingham, Birmingham, B15 2TT, UK
2
INRIA Futurs and LIX,
´
Ecole Polytechnique, Rue de Saclay, 91128 Palaiseau Cedex, France
3
CNRS and LIX,
´
Ecole Polytechnique, Rue de Saclay, 91128 Palaiseau Cedex, France
gxn@cs.bham.ac.uk,catuscia@lix.polytechnique.fr,dxp@cs.bham.ac.uk,wu@lix.polytechnique.fr
Abstract
We present an implementation of model checking for
the probabilistic π-calculus, a process algebra which sup-
ports modelling of concurrency, mobility and discrete
probabilistic behaviour. Formal verification techniques
for this calculus have clear applications in several do-
mains, including mobile ad-hoc network protocols and
random security protocols. Despite this, no implementa-
tion of automated verification exists. Building upon the
(non-probabilistic) π-calculus model checker MMC, we
first show an automated procedure for constructing the
Markov decision process representing a probabilistic π-
calculus process. This can then be verified using existing
probabilistic model checkers such as PRISM. Secondly,
we demonstrate how for a l arge class of systems a more
efficient, compositional approach can be applied, which
uses our extension of MMC on each parallel component
of the system and then translates the results into a high-
level model description for the PRISM tool. The feasibil-
ity of our techniques is demonstrated through three case
studies from the π-calculus literature.
1. Introduction
The π-calculus [15] is a process algebra for modelling
concurrency and mobility. It is well suited to modelling,
for example, communication protocols for dynamic net-
work topologies and security protocols. For both classes
of systems, probability is often also a key ingredient.
Mobile ad-hoc network protocols, for example, can ex-
hibit stochastic behaviour both in terms of communi-
cation failures and random back-off procedures. Ran-
domised security protocols are used, for example, to
tackle anonymity or contract-signing [7]. The proba-
bilistic π-calculus, which extends the original process
algebra with discrete probabilistic choice, has been pro-
posed as a formalism to model and reason about such
systems. The benefits for automatic formal verification
and tool support in this context are clear: reasoning
correctly about the behaviour of such models, particu-
larly interactions between pr obabilistic and nondeter-
ministic b ehaviour, is known to be non-trivial. Further-
more, the state spaces of probabilistic models of realis-
tic systems have a tendency to grow extremely quickly,
making manual verification difficult or infeasible.
In this paper, we describe an implementation of
probabilistic model checking for models described in
the simple probabilistic π-calculus: an extension of the
π-calculus which adds a discrete probabilistic choice
operator in addition to the existing nondeterministic
choice operator. This probabilistic choice is blind, in
the sense that each choice is followed immediately by a
silent τ action. This proves to be sufficiently expressive
for modelling the classes of system we are interested
in, whilst simplifying the semantics, and thus verifica-
tion, of the formalism.
Our approach is to adapt and reuse e xisting tools
for verification of mobile systems and of probabilistic
systems. We first developed an extension of the tool
MMC [24] , a logic programming based model checker
for the π-calculus. This extension, MMC
sp
, can derive
the semantic model for an arbitrary (input-closed) pro-
cess in the (finite-control) probabilistic π-calculus. The
semantic model, which is given by a Markov decision
process (MDP), can then be analysed using standard
tools, such as the probabilistic model checker PRISM
[11]. For efficiency reasons, however, we take a com-
positional approach, applying MMC
sp
to each paral-
lel component of a system, processing the results to
produce a high-level description in the modelling lan-
guage of PRISM and then performing probabilistic ver-
ification. This avoids a potential blow-up in the size of
the intermediate MDP representation and allows us t o
exploit the effic ient symbolic model construction and

analysis techniques in PRISM. We present experimen-
tal results to illustrate the performance of our imple-
mentation on three π-calculus case studies.
Related work. Various tools exist for automatic veri-
fication of the (non-probabilistic) π-calculus. The Mo-
bility Workbench (MWB’99) [22] provides a bisimula-
tion checker and a π-µ-calculus model checker. MMC
(Mobility Model Checker) [24], a more recently devel-
oped tool, also supports the π-µ-calculus. The latter
places particular emphasis on efficiency. and is built
using logic programming technology. ProVerif [2] sup-
ports verification of the applied π-calculus, a variant
of the basic calculus. It is aimed primarily at analy-
sis of cryptographic protocols and is theorem-prover
based. Two alternative approaches are the PIPER sys-
tem [4], which verifies π-calculus processes augmented
with type signatures based on an extraction of sound
model using types and CCS processes, and [23, 21]
which translate a subset of the π-calculus to the lan-
guage Promela for model checking in the SPIN tool.
A number of existing papers have proposed proba-
bilistic extensions of the π-calculus. The first [10] ex-
tended the asynchronous version of the calculus, which
removes the output prefix construct, meaning processes
must terminate immediately after sending output. In
[5], a variant which is essentially the same as that used
in this paper was presented and probabilistic testing
equivalences were defined to reason about randomised
security protocols. In [1], the probabilistic π-calculus
was used to formalise definitions of anonymity. To our
knowledge, this paper constitutes the first attempt to
implement automated verification in this area.
Also related are stochastic variants of the π-calculus
[19] whose semantics are continuous-time Markov
chains. A number of associated discrete-event simu-
lators for this formalism are available, (e.g. SPIM,
BioSpi) but no model checking tools. Both the stoch as-
tic π-calculus and probabilistic model checking tech-
niques have been applied successfully to case studies in
the field of systems biology. It is hoped that the tech-
niques proposed in this paper will also prove to be
valuable in this domain.
Structure. The remainder of this paper is structured
as follows. Section 2 introduces and explains the prob-
abilistic π-calculus and its semantics. Sections 3 and
4 describe our extension of MMC for evaluating these
semantics and how the result of this can be processed
into input for the PRISM tool. Section 5 presents ex-
perimental results and Section 6 concludes the paper.
2. The simple probabilistic π-calculus
The π-calculus is a process algebra for modelling con-
currency and mobility. Based on the process algebra
CCS, a key distinguishing feature of the calculus is
that it uses a single datatype, names, for both chan-
nels and variables, with the consequence that it is possi-
ble to communicate channel names between processes.
We use a probabilistic extension of the π-calculus called
the simple probabilistic π-calculus or π
sp
.
Syntax. We let N denote a countable set of names,
ranged over by x, x
i
, y, etc. Using P , P
i
to range over
terms and α to denote an action, the syntax of the sim-
ple probabilistic π-calculus is:
α ::= τ
x(y)
¯xy
P ::= 0
α.P
P
iI
P
i
P
iI
p
i
τ.P
i
P | P
νxP
[x = y]P
A(y
1
, . . . , y
n
)
where I is an index set, p
i
(0, 1] with
P
iI
p
i
= 1
and A(x
1
, . . . , x
n
) , P is a process definition.
Intuitively, the operators of the calculus are de-
scribed as follows. The inactive process, denoted 0, can
perform no actions. The action-prefixed process α.P
can perform action α and then evolve into P , where
α is one of three types: x(y) inputs a name on x and
stores it in y, ¯xy outputs the name y on x; and τ is the
silent ac tion representing internal communication.
There are two types of choice: nondeterministic
P
iI
P
i
and probabilistic
P
iI
p
i
τ.P
i
. The former is
standard in the π-calculus (and indeed CCS). The lat-
ter is the only new operator i n this probabilistic exten-
sion of the π-calculus. Notice that branches of the prob-
abilistic choice operator are always prefixed with τ ac-
tions, indicating that
P
iI
p
i
τ.P
i
randomly selects an
index i I with probability p
i
, performs a τ action and
then evolves as process P
i
. This restricted form of prob-
abilistic choice is in practice sufficiently expressive but
simplifies semantics and analysis.
Parallel composition P
1
| P
2
means that processes
P
1
and P
2
can either proceed asynchronously or in-
teract though matching input/output actions. The re-
striction νxP , localises the scope of x in process P , i.e.
x can be considered a new and unique name within P .
The match construction [x = y]P can evolve to pro-
cess P only if the names x and y are identical. Finally,
A(y
1
, . . . , y
n
) is a recursively defined process with a def-
inition clause of the form A(x
1
, . . . , x
n
) , P .
An occurrence of name y in process P is bound if it
is in a subexpression of P of the form x(y) or νy; oth-
erwise, it is free. The sets of free and b ound names
of process P are denoted by fn(P ) and bn(P ). A pro-
cess is closed if it does not contain any free names.
2

A substitution σ is mapping from N to N . The sim-
plest substitutions are of the form {y/x} which map
x to y and all other names to themselves. We use the
notation P σ to denote the term obtained from P by
substituting names according to σ. A substitution σ
satisfies the match [x = y], denoted σ |= [x = y] if
σ(x) = σ(y). Satisfaction extends to conjunctions of
matches in the obvious way.
In order to facilitate model checking of probabilistic
π-calculus proc esses, we make a few simple assump-
tions. Firstly, we restrict our attention to the finite-
control version of the calculus, i.e. where recursion is
not permitted within parallel composition. This is nec-
essary to ensure that the resulting models are finite-
state. Secondly, we require that all bound names in
a process are d istinct both from each other and from
any free names. Any process not satisfying this condi-
tion can easily be converted to an structurally congru-
ent one that does (through renaming of bound names).
Both of these restrictions are in fact also imposed by
the MMC π-calculus model checker, on which our work
relies. Lastly, we require that π-calculus processes are
input-closed, meaning that they require no inputs from
the environment.
Symbolic semantics. The operational semantics for
probabilistic extension s of the π-calculus are typically
expressed in terms of MDPs or, equivalently, prob-
abilistic automata [20], which allow both probabilis-
tic and nondeterministic behaviour. In this paper, we
give a symbolic presentation of the operational seman-
tics. This approach is in fact quite c ommon for the π-
calculus and is particularly beneficial in the context of
automatic tool support, as is the case here, or for de-
velopment of bisimulation theories.
Consider the simple process a(x).¯xb which inputs a
name x on channel a and then uses x as a channel on
which to output the name b. A concrete approach to
the semantics can immediately establish the first step
of this process, i.e. that it inputs x on a. Subsequent be-
haviour, however, is dependent on the actual input to
x, and can only be determined once the process is com-
posed with another which sends output on a. A sym-
bolic approach allows the semantics of a process to i n-
clude variables (e.g. x) which can be used in actions
(e.g. ¯xb). This allows a compositional approach to be
adopted: given a parallel composition of several pro-
cesses, the semantics of each can be computed in full
separately, and then composed afterwards.
The symbolic semantics of the π
sp
calculus are ex-
pressed in terms of probabilistic symbolic transition
graphs (PSTGs). These are a simple probabilistic ex-
tension of the symbolic transition graphs of [9], previ-
ously used for the (non-probabilistic) π-calculus [12, 3,
13, 14] and for CCS [9]. Alternative, they can be seen
as a symbolic extension of Markov decision processes.
Probabilistic symbolic transition graphs. Let N
be a countable set of names and P be a π
sp
process. The
probabilistic symbolic transition graph (PSTG) for P
is a tuple (S, s
init
, T ) where:
S is the set of symbolic states, each of which is a
term of the simple probabilistic π-calculus;
s
init
S, the initial state, is the term P ;
T S × C ond × Act × Dist(S) is the set of prob-
abilistic symbolic transitions and is given by the
rules in Figure 1.
In the above,
C ond denotes the set of all conditions on N , where
a condition is a finite conjunction of matches over
N (or true);
Act is a set of actions of four basic types: τ , x(y),
¯xy and ¯x(y), where x, y N .
Dist(S) denotes the set of probability distributions
over the set S.
We use the notation Q
M
{p
i
: Q
i
}
i
for the prob-
abilistic symbolic transition (Q, M, α, µ) T where
µ(R) =
P
Q
i
=R
p
i
for any π
sp
term R. We abbrevi-
ate Q
M
{1 : Q
} to Q
M
Q
.
A symbolic state Q encodes a set of π
sp
terms. More
specifically, i t encodes the set of terms derivable from
Q by substitutions applied to its input-bound names.
For example the symbolic state Q = a(x).¯xb represents
the terms Q{z/x} for any n ame z. Of the four action
types in Act the first three types are described in the
previous section. The fourth ¯x(y) denotes output of a
bound name and is used by the rules Open and Close
to extend the scope of of the bound variable x.
A transition Q
M
{p
i
: Q
i
}
i
represents the fact,
that under any substitution σ satisfying M , the process
term can perform action α and then with probabil-
ity p
i
evolve as process Q
i
σ. Formally, we have the fol-
lowing Lemma which relates the symbolic (PSTG) and
concrete (MDP) semantics of π
sp
. This corresponds to
Lemma 2.4 in [13] for the (non-probabilistic) π-calculus
and can be proved in similar fashion.
Lemma 1. Let P be a π
sp
term.
(a) If P
M
{p
i
: P
i
}
i
, then for any substitution σ
such that σ M with bn(α) (fn(P ) n(σ )) = ,
P σ
ασ
{p
i
: P
i
σ}
i
.
(b) If P σ
α
{p
i
: P
i
}
i
, then P
M
{p
i
: P
i
}
i
where
σ |= M , α = βσ and P
i
= P
i
σ.
3

Pre
α.P
α
{1 : P }
Prob
(
P
i
p
i
τ.P
i
)
τ
{p
i
: P
i
}
i
Sum
P
j
M
{p
j
k
: P
j
k
}
j
k
P
iI
P
i
M
{p
j
k
: P
j
k
}
j
k
j I
Par
P
M
{p
i
: P
i
}
i
P | Q
M
{p
i
: (P
i
| Q)}
i
bn(α) fn(Q) = Com
P
M,y(z)
{p
i
: P
i
}
i
Q
N,¯xv
{q
j
: Q
j
}
j
P | Q
[x=y ] M N
{p
i
·q
j
: P
i
{v/z} | Q
j
}
i,j
Res
P
M
{p
i
: P
i
}
i
νx P
νxM
{p
i
: νx P
i
}
i
x 6∈ n(α) Close
P
M,y(z)
{p
i
: P
i
}
i
Q
N,¯x(v)
{q
j
: Q
j
}
j
P | Q
[x=y ] M N
{p
i
·q
j
: νv(P
i
{v/z} | Q
j
)}
i,j
Open
P
M,¯yx
{p
i
: P
i
}
i
νx P
νxM,¯y(x)
{p
i
: P
i
}
i
x 6= y Match
P
M
{p
i
: P
i
}
i
[x = y]P
[x=y ] M
{p
i
: P
i
}
i
{x, y} bn(α) =
Ide
P {y
1
, . . . , y
n
/x
1
, . . . , x
n
}
M
{p
i
: P
i
}
i
A(y
1
, . . . , y
n
)
M
{p
i
: P
i
}
i
A(x
1
, . . . , x
n
) , P
νx true = true νx[x = x] = true
νx[x = y] = false νx[y = z] = [y = z]
νx(M N) = νxM νxN
Figure 1. The symbolic semantics for π
sp
, including (inset) application of operator νx to conditions
3. Generating PSTGs using MMC
In this section we describe the automatic generation
of the probabilistic symbolic transition graph (PSTG)
for an arbitrary process expressed in the simple proba-
bilistic π-calculus. This is achieved with an extension of
the (non-probabilistic) π-calculus model checker MMC
[24], which from this point on we refer to as MMC
sp
.
MMC
sp
is based on only a subset of MMC’s func-
tionality: essentially the capability to construct the full
set of reachable states of a process. The restrictions
placed on the syntax of the calculus are the same that
we impose, as described in Section 2. MMC works by
(and derives its efficiency from) exploiting the simi-
larity between the way in which resolution-based logic
programming techniques handle variables and the way
in which the symbolic semantics of the π-calculus han-
dle names [24]. It is implemented in the logic program-
ming system XSB, which is a dialect of Prolog.
With π-calculus names represented by logic pro-
gramming (XSB) variables, the symbolic semantics of
the calculus can be directly encoded into XSB rules.
This has several benefits: firstly it gives a clear and
intuitive implementation; secondly, and more impor-
tantly, this encoding is provably correct [24].
Our implementation, MMC
sp
, is a direct extension
of this approach. We have a straightforward encoding
of the s yntax of π
sp
into the language of XSB, with
π
sp
names and process identifiers represented by XSB
variables and constants, respectively. We then adapt
MMC’s predicate trans to represent the symbolic se-
mantics of π
sp
. Letting function f
ρ
denote the one-to-
one mapping of π
sp
conditions, actions and processes
from XSB syntax to π
sp
syntax, then a tuple trans(P,
PSteps, M) in XSB, where PSteps is a list of com-
pound structures psteps(p
i
, act, P
i
), represents the
symbolic probabilistic transition:
f
ρ
(P)
f
ρ
(M),f
ρ
(act)
{p
i
: f
ρ
(P
i
)}
i
The full definition of this encoding (the syntax of π
sp
and the function f
ρ
) are included in th e Appendix.
Appendix 6. To relate this to the original version
of MMC, observe that a tuple trans(P, [psteps(1,
act, Q)], M) is equivalent to the definition trans(P,
act, M, Q) in [24].
Again adapting the approach of MMC, the defini-
tion of trans is a direct encoding of the symbolic se-
mantics of MMC
sp
and is shown in the Appendix. The
soundness and completeness of the encoding can be es-
tablished by induction on the length of derivati ons of
a query answer of trans and a symbolic transition in
π
sp
, respectively. The proof details are similar to The-
orem 2 and 3 in [24].
Finally, we add an extra XSB predicate stg(P),
which uses query-evaluation on trans to derive the
PSTG of process P and output it in a simple textual
format. This is e ffectively a depth-first traversal of the
PSTG and enumeration of all states and probabilis-
4

Citations
More filters
Journal ArticleDOI
TL;DR: The layered queueing network (LQN) model is described here in a unified fashion, including its many more extensions to match the semantics of sophisticated practical distributed and parallel systems.
Abstract: Layered queues are a canonical form of extended queueing network for systems with nested multiple resource possession, in which successive depths of nesting define the layers. The model has been applied to most modern distributed systems, which use different kinds of client-server and master-slave relationships, and scales up well. The layered queueing network (LQN) model is described here in a unified fashion, including its many more extensions to match the semantics of sophisticated practical distributed and parallel systems. These include efficient representation of replicated services, parallel and quorum execution, and dependability analysis under failure and reconfiguration. The full LQN model is defined here and its solver is described. A substantial case study to an air traffic control system shows errors (compared to simulation) of a few percent. The LQN model is compared to other models and solutions, and is shown to cover all their features.

215 citations

Journal ArticleDOI
TL;DR: An implementation of model checking for probabilistic and stochastic extensions of the pi-calculus, a process algebra which supports modelling of concurrency and mobility, is presented.
Abstract: We present an implementation of model checking for probabilistic and stochastic extensions of the pi-calculus, a process algebra which supports modelling of concurrency and mobility. Formal verification techniques for such extensions have clear applications in several domains, including mobile ad-hoc network protocols, probabilistic security protocols and biological pathways. Despite this, no implementation of automated verification exists. Building upon the pi-calculus model checker MMC, we first show an automated procedure for constructing the underlying semantic model of a probabilistic or stochastic pi-calculus process. This can then be verified using existing probabilistic model checkers such as PRISM. Secondly, we demonstrate how for processes of a specific structure a more efficient, compositional approach is applicable, which uses our extension of MMC on each parallel component of the system and then translates the results into a high-level modular description for the PRISM tool. The feasibility of our techniques is demonstrated through a number of case studies from the pi-calculus literature.

31 citations

Book ChapterDOI
08 Sep 2014
TL;DR: It is shown that a queueing Petri net model can scale to represent the characteristics of read workloads for different replication strategies and cluster sizes and identify the effect that node capacity and configuration has on the overall performance of the cluster.
Abstract: Distributed NoSQL datastores have been developed to cater for the usage scenarios of Web 2.0 applications. These systems provide high availability through the replication of data across different machines and data centers. The performance characteristics of NoSQL datastores are determined by the degree of data replication and the consistency guarantees required by the application. This paper presents a novel performance study of the Cassandra NoSQL datastore deployed on the Amazon EC2 cloud platform. We show that a queueing Petri net model can scale to represent the characteristics of read workloads for different replication strategies and cluster sizes. We benchmark one Cassandra node and predict response times and throughput for these configurations. We study the relationship between cluster size and consistency guarantees on cluster performance and identify the effect that node capacity and configuration has on the overall performance of the cluster.

16 citations

Book ChapterDOI
01 Jan 2009
TL;DR: This chapter explains how biological pathways can be modeled in the probabilistic model checker PRISM and how this enables the analysis of a rich selection of quantitative properties.
Abstract: Probabilistic model checking is a formal verification framework for systems which exhibit stochastic behavior. It has been successfully applied to a wide range of domains, including security and communication protocols, distributed algorithms and power management. In this chapter, we demonstrate its applicability to the analysis of biological pathways and show how it can yield a better understanding of the dynamics of these systems. Through a case study of the Mitogen-Activated Protein (MAP), Kinase cascade, we explain how biological pathways can be modeled in the probabilistic model checker PRISM and how this enables the analysis of a rich selection of quantitative properties.

14 citations

Journal ArticleDOI
Yongzhi Cao1
TL;DR: The notion of reliability degree, which is based upon a new approximate bisimulation, is introduced and it is found that bisimilar agents may have different reliability degrees and even the agent with the greatest reliability degree may not be satisfactory.
Abstract: To model the behavior of channels in real-world mobile systems, Ying introduced an extension of the π-calculus by taking channel noise into account. Unfortunately, this extension is not faithful in the sense that its semantics does not coincide with the standard one for the π-calculus in the noise-free case. In this paper, we consider a simple variant of the π-calculus, the asynchronous π-calculus (Aπ), which has been used for modeling some concurrent systems with asynchronous communication. To model these systems with noisy channels, we propose a faithful extension of Aπ, called the Aπn-calculus. After giving a probabilistic transitional semantics of Aπn, we introduce bisimilarity in Aπn and show that it is a partial input congruence. If a specification of a system is described as a process P in Aπ and we view the behavior of P in Aπn as an implementation of the specification, then it is interesting to measure how far the behavior in Aπn is from that in Aπ. We thus introduce the notion of reliability degree, which is based upon a new approximate bisimulation. We find that bisimilar agents may have different reliability degrees and even the agent with the greatest reliability degree may not be satisfactory. We thus appeal to Shannon's noisy channel coding theorem and show that reliability degrees can be improved by employing coding techniques.

12 citations

References
More filters
Journal ArticleDOI
19 Oct 2003
TL;DR: This paper presents file system interface extensions designed to support distributed applications, discusses many aspects of the design, and reports measurements from both micro-benchmarks and real world use.
Abstract: We have designed and implemented the Google File System, a scalable distributed file system for large distributed data-intensive applications. It provides fault tolerance while running on inexpensive commodity hardware, and it delivers high aggregate performance to a large number of clients. While sharing many of the same goals as previous distributed file systems, our design has been driven by observations of our application workloads and technological environment, both current and anticipated, that reflect a marked departure from some earlier file system assumptions. This has led us to reexamine traditional choices and explore radically different design points. The file system has successfully met our storage needs. It is widely deployed within Google as the storage platform for the generation and processing of data used by our service as well as research and development efforts that require large data sets. The largest cluster to date provides hundreds of terabytes of storage across thousands of disks on over a thousand machines, and it is concurrently accessed by hundreds of clients. In this paper, we present file system interface extensions designed to support distributed applications, discuss many aspects of our design, and report measurements from both micro-benchmarks and real world use.

5,429 citations


"Performance Modeling of a Quorum Pa..." refers background in this paper

  • ...Diversity also improves performance by reducing the distance traveled by the data [14] or by spreading the load [11]....

    [...]

Journal ArticleDOI
TL;DR: The a-calculus is presented, a calculus of communicating systems in which one can naturally express processes which have changing structure, including the algebraic theory of strong bisimilarity and strong equivalence, including a new notion of equivalence indexed by distinctions.
Abstract: We present the a-calculus, a calculus of communicating systems in which one can naturally express processes which have changing structure. Not only may the component agents of a system be arbitrarily linked, but a communication between neighbours may carry information which changes that linkage. The calculus is an extension of the process algebra CCS, following work by Engberg and Nielsen, who added mobility to CCS while preserving its algebraic properties. The rr-calculus gains simplicity by removing all distinction between variables and constants; communication links are identified by names, and computation is represented purely as the communication of names across links. After an illustrated description of how the n-calculus generalises conventional process algebras in treating mobility, several examples exploiting mobility are given in some detail. The important examples are the encoding into the n-calculus of higher-order functions (the I-calculus and combinatory algebra), the transmission of processes as values, and the representation of data structures as processes. The paper continues by presenting the algebraic theory of strong bisimilarity and strong equivalence, including a new notion of equivalence indexed by distinctions-i.e., assumptions of inequality among names. These theories are based upon a semantics in terms of a labeled transition system and a notion of strong bisimulation, both of which are expounded in detail in a companion paper. We also report briefly on work-in-progress based upon the corresponding notion of weak bisimulation, in which internal actions cannot be observed. 0 1992 Academic Press, Inc.

3,093 citations

Proceedings Article
01 Jan 1990
TL;DR: The authors' goal is always to offer you an assortment of cost-free ebooks too as aid resolve your troubles.

2,593 citations


"Performance Modeling of a Quorum Pa..." refers background in this paper

  • ...The submodels are solved bySchweitzerorLinearizerapproximateMVA[ 13 ], andthe solutions modify the parameters of neighboring layers (the service times seen by the next layer up, and the workload demands seen by the next layer down)....

    [...]

Book
01 Jan 1991
TL;DR: The art of computer systems performance analysis by is one of the most effective vendor publications worldwide as discussed by the authors. But have you had it? Not at all? Ridiculous of you.
Abstract: the art of computer systems performance analysis by is one of the most effective vendor publications worldwide? Have you had it? Not at all? Ridiculous of you. Currently, you can get this impressive book simply here. Locate them is layout of ppt, kindle, pdf, word, txt, rar, as well as zip. Just how? Merely download and even read online in this site. Now, never ever late to read this the art of computer systems performance analysis. Whatever our proffesion, the art of computer systems performance analysis can be good source for reading. Find the existing reports of word, txt, kindle, ppt, zip, pdf, and also rar in this website. You can absolutely read online or download this book by right here. Currently, never miss it. Our goal is always to offer you an assortment of cost-free ebooks too as aid resolve your troubles. We have got a considerable collection of totally free of expense Book for people from every single stroll of life. We have got tried our finest to gather a sizable library of preferred cost-free as well as paid files. GO TO THE TECHNICAL WRITING FOR AN EXPANDED TYPE OF THIS THE ART OF COMPUTER SYSTEMS PERFORMANCE ANALYSIS, ALONG WITH A CORRECTLY FORMATTED VERSION OF THE INSTANCE MANUAL PAGE ABOVE.

2,424 citations

Book
01 Jan 1991
TL;DR: The intended audience and the goals of the book are to provide computer professionals simple and straightforward performance analysis techniques in a comprehensive textbook.
Abstract: In the preface to The Art of Computer Systems Performance Analysis: Techniques for Experimental Design, Measurement, Simulation, and Modeling, Raj Jain discusses the intended audience and the goals of the book, which are to:• Provide computer professionals simple and straightforward performance analysis techniques in a comprehensive textbook.• Give basic modeling, simulation, measurement, experimental design, and statistical analysis background.• Emphasize and integrate the modeling and measurement aspects of performance analysis.• Discuss common mistakes and games in performance analysis studies.• Illustrate the presented techniques using examples and case studies from the field of computer systems.• Summarize key techniques and results in "boxes".• Organize chapters in 45-minute lectures and include appropriate exercises.

1,827 citations

Frequently Asked Questions (2)
Q1. What have the authors contributed in "Model checking the probabilistic pi-calculus" ?

The authors present an implementation of model checking for the probabilistic π-calculus, a process algebra which supports modelling of concurrency, mobility and discrete probabilistic behaviour. Formal verification techniques for this calculus have clear applications in several domains, including mobile ad-hoc network protocols and random security protocols. Building upon the ( non-probabilistic ) π-calculus model checker MMC, the authors first show an automated procedure for constructing the Markov decision process representing a probabilistic πcalculus process. Secondly, the authors demonstrate how for a large class of systems a more efficient, compositional approach can be applied, which uses their extension of MMC on each parallel component of the system and then translates the results into a highlevel model description for the PRISM tool. 

The authors would like to extend this work in several directions. For convenience of modelling, the authors plan to add support for polyadic communication over channels. The authors also hope to add support for more flexible property specifications using watchdog processes and to extend their approach to the stochastic π-calculus. Possibilities include optimisations to reduce the resulting symbolic ( MTBDD ) storage in PRISM and bisimulation minimisation techniques.