Abstract: We introduce the input-output automaton, a simple but powerful model of computation in asynchronous distributed networks. With this model we are able to construct modular, hierarchical correctness proofs for distributed algorithms. We de ne this model, and give aninteresting example of how itcan be used to construct such proofs. 1

Abstract not found

A new formal model is presented for studying concurrency and resiliency properties for nested transactions. The model is used to state and prove correctness of a well-known locking algorithm.

This paper has two main contributions. First, we present a comprehensive model for nested transaction systems. The model allows rigorous proofs of a wide variety of transaction-processing algorithms in a single uniform framework. The model generalizes most previous work on concurrency control to encompass nested transactions and type-specific concurrency control algorithms. We used the model to define correctness for nested transaction systems and also to discuss alternative correctness criteria. Second, we present a new concurrency control and recovery algorithm for abstract data types in a nested transaction system and prove it correct. The algorithm, which generalizes an algorithm developed by Weihl [42, 39] to handle nested transactions, uses commutativity properties of operations to achieve high levels of concurrency. The results of operations, in addition to their names and arguments, can be used in checking for conflicts, further increasing concurrency. As part of our development of the general model, we present a theorem that provides a general sufficient condition for a transaction-processing algorithm to be correct. This condition is analogous to the "absence of cycles" condition used in the more classical work on concurrency control (e.g., see [7]). We use the condition as the basis of the correctness proof of the algorithms presented in this paper. We have also used it in other work to prove the correctness of other algorithms. For example, in [2], we prove the correctness of Reed's multi-version timesta?ping algorithm [34] and of a type-specific variation of Reed's algorithm that uses the semantics of operations to permit more concurrency. The description and correctness proof of our algorithm are modular. We consider a system structure consisting of many o...

) Eugene W. Stark y Abstract The lack of expressive power of temporal logic as a specification language can be compensated to a certain extent by the introduction of powerful, high-level temporal operators, which are difficult to understand and reason about. A more natural way to increase the expressive power of a temporal specification language is by introducing conceptual state variables, which are auxiliary (unimplemented) variables whose values serve as an abstract representation of the internal state of the process being specified. The kind of specifications resulting from the latter approach are called conceptual state specifications. This paper considers a central problem in reasoning about conceptual state specifications: the problem of proving entailment between specifications. A technique, based on the notion of simulation between machines, is shown to be sound for proving entailment. A kind of completeness result can also be shown, if specifications are assumed to satisf...

This thesis investigates a particular approach, called state-transition specification, to the problem of describing the behavior of modules in a distributed or concurrent computer ,stem. A state-transition specification consists off (1) a state machine, which incorporates the safety or invariance properties of the module, and (2) validity conditions on the computations of the machine, which'capture the desired liveness or eventu;lity properties. The theory and techniques of state. transition specification are developed'from first principles to a point at which it is possible to write example sPeCificatiOns,'to check-the Specifications for coraiatency, and to perform correctlse examples.

Abstraction mappings are one of the major tools used to construct correctness proofs for concurrent algorithms. Several examples axe given of situations in which it is useful to allow the abstraction mappings to be multivalued, The examples involve algorithm optimization, algorithm distribution, and proofs of time bounds.

In this paper, we present a study on the concurrency control and recovery algorithms in nested transaction environment. We have reviewed the work done in the area of nested transaction modelling, its applications in object-oriented and mobile databases, and in workflow models. We have contrasted various nested transaction models by discussing their advantages and disadvantages. We have outlined some important future research directions in the area of nested transaction processing. 1.

We give a clear yet rigorous correctness proof for Moss's algorithm for managing data in a nested transaction system. The algorithm, which is the basis of concurrency control and recovery in the Argus system, uses read- and write-locks and a stack of versions of each object to ensure the serializability and recoverability of transactions accessing the data. Our proof extends earlier work on exclusive locking to prove that Moss's algorithm generates serially correct executions in the presence of concurrency and transaction aborts. The key contribution is the identification of a simple property of cead operations, called transparency, that permits shared locks to be used for read operations.

. This paper presents a solution to check integrity constraints in database systems supporting nested transactions. Using nested transactions allows to introduce parallelism inside a transaction and to partially recover failing transactions by defining a hierarchy of sub-transactions. If a constraint is violated by some sub-transactions, it is possible to reach the validation of the nested transaction, even if some part of it had to be aborted. In our solution, (i) only constraints that might be violated are checked, (ii) constraints are checked as soon as possible during the execution of the nested transaction and (iii) as few sub-transactions as possible are aborted. We do not interfere with the execution control of nested transaction, and users do not have to add any control code in the definition of constraints or of transactions. The main idea of our solution is to attach the checking of a constraint to the smallest common ancestor of the sub-transactions which could ...