DOCSLIB.ORG

Consistency and Completeness of Temporal Logic Specifications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Consistency and Completeness of Temporal Logic Specifications Consistency and Completeness of Temporal Logic Specifications 1 Outline • Introduction • Consistency of Temporal Specifications • Completeness of Temporal Specifications 2 Issues in Property Verification • It is hard to specify all properties to be verified – Users typically verify a few critical properties formally and also run simulation tests • It is difficult to verify all properties specified – State Explosion – FPV works well at the block level (< 10K gates) 3 How much have I specified ? • Coverage metrics quantify the coverage of a property specification • Coverage metrics may be – With respect to a implementation – Independent of an implementation 4 How much can I verify ? • Existing formal methods do not scale beyond RTL modules of moderate size • For systems consisting of multiple modules, state space explosion • A systematic methodology for modular validation of large designs is indispensable 5 Specification Issues for Open Systems • Temporal logic specifications which are satisfiable at the system level may be inconsistent when interpreted over an open system • Consistency Issues – Realizability – Sanity 6 Outline • Introduction • Consistency of Temporal Specifications – Closed systems and Open systems – Consistency problem in Closed systems • Satisfiability – Consistency problem in Open systems • Realizability • Sanity • Completeness of Temporal Specifications 7 Closed Systems and Open Systems • Closed system: – its behavior is completely determined by the state of the system • Open system: – interacts with its environment – its behavior depends on this interaction 8 Example of a Closed System • Think of a drink dispensing machine which – repeatedly boils water – makes an internal nondeterministic choice – … and serves either coffee or tea The environment can not modify any of the system variables 9 Example of an Open System • Think of another kind of drink dispensing machine which – repeatedly boils water – asks the environment to choose between coffee and tea – deterministically serves a drink according to the external choice The environment can modify some of the system variables 10 Consistency Problem in Closed Systems • Only consistency problem that arises in closed system is satisfiability – a formula is said to be satisfiable iff • there exists a closed system K which satisfies • Formally – Let the formula be (z) where z is the set of system variables – then (z) is satisfiable iff z (z) is true 11 Example • Let us consider the following LTL formula –G p F(p) • there exists no assignment of p along a path which satisfies this formula • Again consider the following CTL formula –EG(q) AF(p U q) • there exists no assignment of q along the computation tree branches from a state which satisfies this formula 12 Complex Example • Two or more satisfiable formulas may together result in an unsatisfiable specification • Consider the following specification – AG(ack done) – A(req U ack) –EG(done) It’s a nontrivial task to find whether a specification is satisfiable 13 Complexity • CTL model-checking is linear time solvable • Whereas CTL satisfiability checking is EXPTIME-complete • Both LTL model-checking and satisfiability checking is PSPACE-complete 14 Consistency Problem in Open Systems • An open system has to be correct with respect to any environment • Here comes the issue of implementability, commonly known as realizability [Pnueli’89] – a formula is said to be realizable iff • there exists a module M which satisfies under any environment • also M is not clairvoyant 15 Realizability is not same as Satisfiability • Satisfiable, but unrealizable r1 g1 G( r1 ( X(g1) X X( g1) ) ) r2 g2 • This property is satisfiable, -- consider input sequences where r1 is never asserted • It is not realizable for input sequences where r1 is asserted for two consecutive cycles • Is realizability = satisfiability over all inputs? – Not quite. Consider the property: G(g1 X r1) • The property is satisfiable for all given input sequences • The problem is in the inability to foresee the future inputs 16 Nontrivial Example • Consider the specification of an arbiter that receives requests from two masters ( req0 and req1 are the inputs and ack0 and ack1 are the outputs ) • G(req0 X ack0) • G(req1 X ack1) •G(ack0 ack1) If both req0 and req1 are asserted, there is no valid next state assignment for ack0 and ack1 17 Realizability: Formal Characterization G( req (X ( gnt ) X X( ¬gnt )) full x tree gnt = x1 0 gnt = x gnt = 1 1 0 gnt = 11 gnt = x0 gnt = x 1 0 1 0 1 0 1 0 gnt =. ? gnt =. ? gnt =. 0 gnt .= 0 gnt. = 1 gnt. = 1gnt. = x gnt. = x . 18 Realizability: Formal Definition • A formula (x, y) where x is the set of input variables and y the set of output variables is realizable iff – there exists a valuation of all the variables in y at each node of the full x tree • such that is not refuted in any path of the tree 19 Realizability is not Enough: Sanity Now, the inputs and outputs are busreq reversed Master Bus Device gnt Arbiter Output depends on future G( busreq X X gnt ) input !! Not a Sane formula for the master device 20 Formal Characterization of Sanity G( gnt X X req ) full x tree gnt = 0 gnt = 0 1 0 gnt = 0 1 0 gnt = 01 gnt = 00 gnt = 0 1 0 1 0 1 0 1 0 gnt .= 0 gnt =. 0 gnt =. 0 gnt .= 0 gnt. = 0 gnt. = 0gnt. = 0 gnt. = 0 . 21 Formal Characterization of Sanity G( gnt X X req ) full x tree gnt = 1 gnt = 0 1 0 gnt = 0 1 0 gnt = 01 gnt = 00 gnt = 0 1 0 1 0 1 0 1 0 gnt .= 0 gnt =. 0 gnt =. 0 gnt .= 0 gnt. = 0 gnt. = 0gnt. = 0 gnt. = 0 . 22 Sanity: Formal Definition • A formula (x, y) where x is the set of input variables and y the set of output variables is not sane iff – There exists a valuation of the variables in y at a particular node of the full x tree • which does not refute the formula at that point • but makes the formula unrealizable – But, some other valuation of y would have made the formula realizable 23 Outline • Introduction • Consistency of Temporal Specifications • Completeness of Temporal Specifications – With respect to the implementation – Independent of the implementation – By simulating the implementation 24 Completeness of Specifications: Motivation Fix the model/specification NO p p p specification YES Did I check Have I written everything enough that I meant Properties? to check? 25 Coverage of Formal Specifications • Coverage metrics – heuristic measures of comprehensiveness of a given test • Traditional coverage metrics for simulation are – code coverage, transition coverage, etc • Applying them blindly on model checking – gives a meaningless 100% coverage for every property • because model checking searches the implementation exhaustively 26 Coverage: Various Approaches •With respect to the implementation – introduce a small mutation in the system – check whether the mutant system is still correct with respect to the specification – if yes – this mutation is not covered • Independent of the implementation – check the completeness with respect to a high-level fault model •By simulating the implementation – inject some fault on the system – simulate the fault-injected system to see whether some property fails 27 Outline • Introduction • Consistency of Temporal Specifications • Completeness of Temporal Specifications – With respect to the implementation – Independent of the implementation – By simulating the implementation 28 Coverage Metric for Model Checking • Hoskote et al.’99 proposed a coverage metric for model checking – to identify the part of the state space which is critical for the truth of the specification • Basic idea – flip an atomic proposition at a state of the model – see whether any property fails in the perturbed model (by model checking) – if some property fails • the state is covered with respect to the atomic proposition 29 Example Flip p at S1 What is the coverage of p E(p U q) on this model? S1 p, q, r Is S1 covered S3 S2 with respect to p? p, q, r p, q, r Now E(p U q) fails!! S4 p, q, r S1 is covered with respect to p 30 Example What is the coverage of E(p U q) on this model? S1 p, q, r Is S4 covered S3 S2 with respect to p? p, q, r p, q, r Still E(p U q) passes!! p Flip p at S4 S4 p, q, r S4 is not covered with respect to p 31 Example What is the coverage of E(p U q) on this model? S1 p, q, r Is S4 covered S3 S2 with respect to q? p, q, r p, q, r Now E(p U q) fails!! q Flip q at S4 S4 p, q, r S4 is covered with respect to q 32 What Does this Coverage Metric Mean? • It can uncover functionality in the model not covered by any property – but can not point out functionality missing in the model • So, 100% coverage – does not guarantee completeness of the verification – nor correctness of the model • But, a low coverage – definitely implies incompleteness of properties 33 Further Improvements • Chockler et al.’01 introduced the distinction between – state based and logic based coverage – coverage with respect to inputs and outputs • Chockler et al.’03 – introduced falsity coverage and vacuity coverage – adapted coverage metrics for simulation to the formal verification setting 34 Outline • Introduction • Consistency of Temporal Specifications • Completeness of Temporal Specifications – With respect to the implementation – Independent of the implementation – By simulating the implementation 35 Use of a High-Level Fault Model • Existing FPV coverage metrics compare the specification with an implementation • At the highest level we do not (yet) have the implementation • How to check whether we have written enough properties? – Check coverage against a high-level fault model • The fault model could be a standard fault model such as a stuck-at fault model 36 Fault Coverage on Output Lines • Allows us to determine whether for every output line there exists a property in the specification that requires that output to take a specific value (0/1) under some input scenario.
Load more

Recommended publications
  • “The Church-Turing “Thesis” As a Special Corollary of Gödel's
    “The Church-Turing “Thesis” as a Special Corollary of Gödel’s Completeness Theorem,” in Computability: Turing, Gödel, Church, and Beyond, B. J. Copeland, C. Posy, and O. Shagrir (eds.), MIT Press (Cambridge), 2013, pp. 77-104. Saul A. Kripke This is the published version of the book chapter indicated above, which can be obtained from the publisher at https://mitpress.mit.edu/books/computability. It is reproduced here by permission of the publisher who holds the copyright. © The MIT Press The Church-Turing “ Thesis ” as a Special Corollary of G ö del ’ s 4 Completeness Theorem 1 Saul A. Kripke Traditionally, many writers, following Kleene (1952) , thought of the Church-Turing thesis as unprovable by its nature but having various strong arguments in its favor, including Turing ’ s analysis of human computation. More recently, the beauty, power, and obvious fundamental importance of this analysis — what Turing (1936) calls “ argument I ” — has led some writers to give an almost exclusive emphasis on this argument as the unique justification for the Church-Turing thesis. In this chapter I advocate an alternative justification, essentially presupposed by Turing himself in what he calls “ argument II. ” The idea is that computation is a special form of math- ematical deduction. Assuming the steps of the deduction can be stated in a first- order language, the Church-Turing thesis follows as a special case of G ö del ’ s completeness theorem (first-order algorithm theorem). I propose this idea as an alternative foundation for the Church-Turing thesis, both for human and machine computation. Clearly the relevant assumptions are justified for computations pres- ently known.
    [Show full text]
  • Truth Definitions and Consistency Proofs
    TRUTH DEFINITIONS AND CONSISTENCY PROOFS BY HAO WANG 1. Introduction. From investigations by Carnap, Tarski, and others, we know that given a system S, we can construct in some stronger system S' a criterion of soundness (or validity) for 5 according to which all the theorems of 5 are sound. In this way we obtain in S' a consistency proof for 5. The consistency proof so obtained, which in no case with fairly strong systems could by any stretch of imagination be called constructive, is not of much interest for the purpose of understanding more clearly whether the system S is reliable or whether and why it leads to no contradictions. However, it can be of use in studying the interconnection and relative strength of different systems. For example, if a consistency proof for 5 can be formalized in S', then, according to Gödel's theorem that such a proof cannot be formalized in 5 itself, parts of the argument must be such that they can be formalized in S' but not in S. Since S can be a very strong system, there arises the ques- tion as to what these arguments could be like. For illustration, the exact form of such arguments will be examined with respect to certain special systems, by applying Tarski's "theory of truth" which provides us with a general method for proving the consistency of a given system 5 in some stronger system S'. It should be clear that the considerations to be presented in this paper apply to other systems which are stronger than or as strong as the special systems we use below.
    [Show full text]
  • The Development of Mathematical Logic from Russell to Tarski: 1900–1935
    The Development of Mathematical Logic from Russell to Tarski: 1900–1935 Paolo Mancosu Richard Zach Calixto Badesa The Development of Mathematical Logic from Russell to Tarski: 1900–1935 Paolo Mancosu (University of California, Berkeley) Richard Zach (University of Calgary) Calixto Badesa (Universitat de Barcelona) Final Draft—May 2004 To appear in: Leila Haaparanta, ed., The Development of Modern Logic. New York and Oxford: Oxford University Press, 2004 Contents Contents i Introduction 1 1 Itinerary I: Metatheoretical Properties of Axiomatic Systems 3 1.1 Introduction . 3 1.2 Peano’s school on the logical structure of theories . 4 1.3 Hilbert on axiomatization . 8 1.4 Completeness and categoricity in the work of Veblen and Huntington . 10 1.5 Truth in a structure . 12 2 Itinerary II: Bertrand Russell’s Mathematical Logic 15 2.1 From the Paris congress to the Principles of Mathematics 1900–1903 . 15 2.2 Russell and Poincar´e on predicativity . 19 2.3 On Denoting . 21 2.4 Russell’s ramified type theory . 22 2.5 The logic of Principia ......................... 25 2.6 Further developments . 26 3 Itinerary III: Zermelo’s Axiomatization of Set Theory and Re- lated Foundational Issues 29 3.1 The debate on the axiom of choice . 29 3.2 Zermelo’s axiomatization of set theory . 32 3.3 The discussion on the notion of “definit” . 35 3.4 Metatheoretical studies of Zermelo’s axiomatization . 38 4 Itinerary IV: The Theory of Relatives and Lowenheim’s¨ Theorem 41 4.1 Theory of relatives and model theory . 41 4.2 The logic of relatives .
    [Show full text]
  • First-Order Logic
    Chapter 5 First-Order Logic 5.1 INTRODUCTION In propositional logic, it is not possible to express assertions about elements of a structure. The weak expressive power of propositional logic accounts for its relative mathematical simplicity, but it is a very severe limitation, and it is desirable to have more expressive logics. First-order logic is a considerably richer logic than propositional logic, but yet enjoys many nice mathemati- cal properties. In particular, there are finitary proof systems complete with respect to the semantics. In first-order logic, assertions about elements of structures can be ex- pressed. Technically, this is achieved by allowing the propositional symbols to have arguments ranging over elements of structures. For convenience, we also allow symbols denoting functions and constants. Our study of first-order logic will parallel the study of propositional logic conducted in Chapter 3. First, the syntax of first-order logic will be defined. The syntax is given by an inductive definition. Next, the semantics of first- order logic will be given. For this, it will be necessary to define the notion of a structure, which is essentially the concept of an algebra defined in Section 2.4, and the notion of satisfaction. Given a structure M and a formula A, for any assignment s of values in M to the variables (in A), we shall define the satisfaction relation |=, so that M |= A[s] 146 5.2 FIRST-ORDER LANGUAGES 147 expresses the fact that the assignment s satisfies the formula A in M. The satisfaction relation |= is defined recursively on the set of formulae.
    [Show full text]
  • The History of Logic
    c Peter King & Stewart Shapiro, The Oxford Companion to Philosophy (OUP 1995), 496–500. THE HISTORY OF LOGIC Aristotle was the first thinker to devise a logical system. He drew upon the emphasis on universal definition found in Socrates, the use of reductio ad absurdum in Zeno of Elea, claims about propositional structure and nega- tion in Parmenides and Plato, and the body of argumentative techniques found in legal reasoning and geometrical proof. Yet the theory presented in Aristotle’s five treatises known as the Organon—the Categories, the De interpretatione, the Prior Analytics, the Posterior Analytics, and the Sophistical Refutations—goes far beyond any of these. Aristotle holds that a proposition is a complex involving two terms, a subject and a predicate, each of which is represented grammatically with a noun. The logical form of a proposition is determined by its quantity (uni- versal or particular) and by its quality (affirmative or negative). Aristotle investigates the relation between two propositions containing the same terms in his theories of opposition and conversion. The former describes relations of contradictoriness and contrariety, the latter equipollences and entailments. The analysis of logical form, opposition, and conversion are combined in syllogistic, Aristotle’s greatest invention in logic. A syllogism consists of three propositions. The first two, the premisses, share exactly one term, and they logically entail the third proposition, the conclusion, which contains the two non-shared terms of the premisses. The term common to the two premisses may occur as subject in one and predicate in the other (called the ‘first figure’), predicate in both (‘second figure’), or subject in both (‘third figure’).
    [Show full text]
  • Critique of the Church-Turing Theorem
    CRITIQUE OF THE CHURCH-TURING THEOREM TIMM LAMPERT Humboldt University Berlin, Unter den Linden 6, D-10099 Berlin e-mail address: lampertt@staff.hu-berlin.de Abstract. This paper first criticizes Church's and Turing's proofs of the undecidability of FOL. It identifies assumptions of Church's and Turing's proofs to be rejected, justifies their rejection and argues for a new discussion of the decision problem. Contents 1. Introduction 1 2. Critique of Church's Proof 2 2.1. Church's Proof 2 2.2. Consistency of Q 6 2.3. Church's Thesis 7 2.4. The Problem of Translation 9 3. Critique of Turing's Proof 19 References 22 1. Introduction First-order logic without names, functions or identity (FOL) is the simplest first-order language to which the Church-Turing theorem applies. I have implemented a decision procedure, the FOL-Decider, that is designed to refute this theorem. The implemented decision procedure requires the application of nothing but well-known rules of FOL. No assumption is made that extends beyond equivalence transformation within FOL. In this respect, the decision procedure is independent of any controversy regarding foundational matters. However, this paper explains why it is reasonable to work out such a decision procedure despite the fact that the Church-Turing theorem is widely acknowledged. It provides a cri- tique of modern versions of Church's and Turing's proofs. I identify the assumption of each proof that I question, and I explain why I question it. I also identify many assumptions that I do not question to clarify where exactly my reasoning deviates and to show that my critique is not born from philosophical scepticism.
    [Show full text]
  • Axiomatic Foundations of Mathematics Ryan Melton Dr
    Axiomatic Foundations of Mathematics Ryan Melton Dr. Clint Richardson, Faculty Advisor Stephen F. Austin State University As Bertrand Russell once said, Gödel's Method Pure mathematics is the subject in which we Consider the expression First, Gödel assigned a unique natural number to do not know what we are talking about, or each of the logical symbols and numbers. 2 + 3 = 5 whether what we are saying is true. Russell’s statement begs from us one major This expression is mathematical; it belongs to the field For example: if the symbol '0' corresponds to we call arithmetic and is composed of basic arithmetic question: the natural number 1, '+' to 2, and '=' to 3, then symbols. '0 = 0' '0 + 0 = 0' What is Mathematics founded on? On the other hand, the sentence and '2 + 3 = 5' is an arithmetical formula. 1 3 1 1 2 1 3 1 so each expression corresponds to a sequence. Axioms and Axiom Systems is metamathematical; it is constructed outside of mathematics and labels the expression above as a Then, for this new sequence x1x2x3…xn of formula in arithmetic. An axiom is a belief taken without proof, and positive integers, we associate a Gödel number thus an axiom system is a set of beliefs as follows: x1 x2 x3 xn taken without proof. enc( x1x2x3...xn ) = 2 3 5 ... pn Since Principia Mathematica was such a bold where the encoding is the product of n factors, Consistent? Complete? leap in the right direction--although proving each of which is found by raising the j-th prime nothing about consistency--several attempts at to the xj power.
    [Show full text]
  • Consistency, Contradiction and Negation. Logic, Epistemology, and the Unity of Science Series
    BOOK REVIEW: CARNIELLI, W., CONIGLIO, M. Paraconsistent Logic: Consistency, Contradiction and Negation. Logic, Epistemology, and the Unity of Science Series. (New York: Springer, 2016. ISSN: 2214-9775.) Henrique Antunes Vincenzo Ciccarelli State University of Campinas State University of Campinas Department of Philosophy Department of Philosophy Campinas, SP Campinas, SP Brazil Brazil [email protected] [email protected] Article info CDD: 160 Received: 01.12.2017; Accepted: 30.12.2017 DOI: http://dx.doi.org/10.1590/0100-6045.2018.V41N2.HV Keywords: Paraconsistent Logic LFIs ABSTRACT Review of the book 'Paraconsistent Logic: Consistency, Contradiction and Negation' (2016), by Walter Carnielli and Marcelo Coniglio The principle of explosion (also known as ex contradictione sequitur quodlibet) states that a pair of contradictory formulas entails any formula whatsoever of the relevant language and, accordingly, any theory regimented on the basis of a logic for which this principle holds (such as classical and intuitionistic logic) will turn out to be trivial if it contains a pair of theorems of the form A and ¬A (where ¬ is a negation operator). A logic is paraconsistent if it rejects the principle of explosion, allowing thus for the possibility of contradictory and yet non-trivial theories. Among the several paraconsistent logics that have been proposed in the literature, there is a particular family of (propositional and quantified) systems known as Logics of Formal Inconsistency (LFIs), developed and thoroughly studied Manuscrito – Rev. Int. Fil. Campinas, v. 41, n. 2, pp. 111-122, abr.-jun. 2018. Henrique Antunes & Vincenzo Ciccarelli 112 within the Brazilian tradition on paraconsistency. A distinguishing feature of the LFIs is that although they reject the general validity of the principle of explosion, as all other paraconsistent logics do, they admit a a restrcited version of it known as principle of gentle explosion.
    [Show full text]
  • Warren Goldfarb, Notes on Metamathematics
    Notes on Metamathematics Warren Goldfarb W.B. Pearson Professor of Modern Mathematics and Mathematical Logic Department of Philosophy Harvard University DRAFT: January 1, 2018 In Memory of Burton Dreben (1927{1999), whose spirited teaching on G¨odeliantopics provided the original inspiration for these Notes. Contents 1 Axiomatics 1 1.1 Formal languages . 1 1.2 Axioms and rules of inference . 5 1.3 Natural numbers: the successor function . 9 1.4 General notions . 13 1.5 Peano Arithmetic. 15 1.6 Basic laws of arithmetic . 18 2 G¨odel'sProof 23 2.1 G¨odelnumbering . 23 2.2 Primitive recursive functions and relations . 25 2.3 Arithmetization of syntax . 30 2.4 Numeralwise representability . 35 2.5 Proof of incompleteness . 37 2.6 `I am not derivable' . 40 3 Formalized Metamathematics 43 3.1 The Fixed Point Lemma . 43 3.2 G¨odel'sSecond Incompleteness Theorem . 47 3.3 The First Incompleteness Theorem Sharpened . 52 3.4 L¨ob'sTheorem . 55 4 Formalizing Primitive Recursion 59 4.1 ∆0,Σ1, and Π1 formulas . 59 4.2 Σ1-completeness and Σ1-soundness . 61 4.3 Proof of Representability . 63 3 5 Formalized Semantics 69 5.1 Tarski's Theorem . 69 5.2 Defining truth for LPA .......................... 72 5.3 Uses of the truth-definition . 74 5.4 Second-order Arithmetic . 76 5.5 Partial truth predicates . 79 5.6 Truth for other languages . 81 6 Computability 85 6.1 Computability . 85 6.2 Recursive and partial recursive functions . 87 6.3 The Normal Form Theorem and the Halting Problem . 91 6.4 Turing Machines .
    [Show full text]
  • METALOGIC METALOGIC an Introduction to the Metatheory of Standard First Order Logic
    METALOGIC METALOGIC An Introduction to the Metatheory of Standard First Order Logic Geoffrey Hunter Senior Lecturer in the Department of Logic and Metaphysics University of St Andrews PALGRA VE MACMILLAN © Geoffrey Hunter 1971 Softcover reprint of the hardcover 1st edition 1971 All rights reserved. No part of this publication may be reproduced or transmitted, in any form or by any means, without permission. First published 1971 by MACMILLAN AND CO LTD London and Basingstoke Associated companies in New York Toronto Dublin Melbourne Johannesburg and Madras SBN 333 11589 9 (hard cover) 333 11590 2 (paper cover) ISBN 978-0-333-11590-9 ISBN 978-1-349-15428-9 (eBook) DOI 10.1007/978-1-349-15428-9 The Papermac edition of this book is sold subject to the condition that it shall not, by way of trade or otherwise, be lent, resold, hired out, or otherwise circulated without the publisher's prior consent, in any form of binding or cover other than that in which it is published and without a similar condition including this condition being imposed on the subsequent purchaser. To my mother and to the memory of my father, Joseph Walter Hunter Contents Preface xi Part One: Introduction: General Notions 1 Formal languages 4 2 Interpretations of formal languages. Model theory 6 3 Deductive apparatuses. Formal systems. Proof theory 7 4 'Syntactic', 'Semantic' 9 5 Metatheory. The metatheory of logic 10 6 Using and mentioning. Object language and metalang- uage. Proofs in a formal system and proofs about a formal system. Theorem and metatheorem 10 7 The notion of effective method in logic and mathematics 13 8 Decidable sets 16 9 1-1 correspondence.
    [Show full text]
  • The Many Faces of Consistency
    The many faces of consistency Marcos K. Aguilera Douglas B. Terry VMware Research Group Samsung Research America Abstract The notion of consistency is used across different computer science disciplines from distributed systems to database systems to computer architecture. It turns out that consistency can mean quite different things across these disciplines, depending on who uses it and in what context it appears. We identify two broad types of consistency, state consistency and operation consistency, which differ fundamentally in meaning and scope. We explain how these types map to the many examples of consistency in each discipline. 1 Introduction Consistency is an important consideration in computer systems that share and replicate data. Whereas early computing systems had private data exclusively, shared data has become increasingly common as computers have evolved from calculating machines to tools of information exchange. Shared data occurs in many types of systems, from distributed systems to database systems to multiprocessor systems. For example, in distributed systems, users across the network share files (e.g., source code), network names (e.g., DNS entries), data blobs (e.g., images in a key-value store), or system metadata (e.g., configuration information). In database systems, users share tables containing account information, product descriptions, flight bookings, and seat assignments. Within a computer, processor cores share cache lines and physical memory. In addition to sharing, computer systems increasingly replicate data within and across components. In distributed systems, each site may hold a local replica of files, network names, blobs, or system metadata— these replicas, called caches, increase performance of the system. Database systems also replicate rows or tables for speed or to tolerate disasters.
    [Show full text]
  • First-Order Logic in a Nutshell Syntax
    First-Order Logic in a Nutshell 27 numbers is empty, and hence cannot be a member of itself (otherwise, it would not be empty). Now, call a set x good if x is not a member of itself and let C be the col- lection of all sets which are good. Is C, as a set, good or not? If C is good, then C is not a member of itself, but since C contains all sets which are good, C is a member of C, a contradiction. Otherwise, if C is a member of itself, then C must be good, again a contradiction. In order to avoid this paradox we have to exclude the collec- tion C from being a set, but then, we have to give reasons why certain collections are sets and others are not. The axiomatic way to do this is described by Zermelo as follows: Starting with the historically grown Set Theory, one has to search for the principles required for the foundations of this mathematical discipline. In solving the problem we must, on the one hand, restrict these principles sufficiently to ex- clude all contradictions and, on the other hand, take them sufficiently wide to retain all the features of this theory. The principles, which are called axioms, will tell us how to get new sets from already existing ones. In fact, most of the axioms of Set Theory are constructive to some extent, i.e., they tell us how new sets are constructed from already existing ones and what elements they contain. However, before we state the axioms of Set Theory we would like to introduce informally the formal language in which these axioms will be formulated.
    [Show full text]