The Leader Election Protocol (IEEE 1394)
Transcript of The Leader Election Protocol (IEEE 1394)
![Page 1: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/1.jpg)
The Leader Election Protocol (IEEE 1394)
J.R. Abrial, D. Cansell, D. Méry
July 2002
![Page 2: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/2.jpg)
This Session
- Background :-)
- An informal presentation of the protocol :-)
- Step by step formal design :-|
- Short Conclusion. :-)
1
![Page 3: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/3.jpg)
IEEE 1394 High Performance Serial Bus (FireWire)
- It is an international standard
- There exists a widespread commercial interest in its correctness
- Sun, Apple, Philips, Microsoft, Sony, etc involved in its development
- Made of three layers (physical, link, transaction)
- The protocol under study is the Tree Identify Protocol
- Situated in the Bus Reset phase of the physical layer
2
![Page 4: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/4.jpg)
The Problem (1)
- The bus is used to transport digitized video and audio signals
- It is “hot-pluggable”
- Devices and peripherals can be added and removed at any time
- Such changes are followed by a bus reset
- The leader election takes place after a bus reset in the network
- A leader needs to be chosen to act as the manager of the bus
3
![Page 5: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/5.jpg)
The Problem (2)
- After a bus reset: all nodes in the network have equal status
- A node only knows to which nodes it is directly connected
- The network is connected
- The network is acyclic
4
![Page 6: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/6.jpg)
References (1)
BASIC
- IEEE. IEEE Standard for a High Performance Serial Bus. Std 1394-
1995. 1995
- IEEE. IEEE Standard for a High Performance Serial Bus (supple-
ment). Std 1394a-2000. 2000
5
![Page 7: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/7.jpg)
References (2)
GENERAL
- N. Lynch. Distributed Algorithms. Morgan Kaufmann. 1996
- R. G. Gallager et al. A Distributed Algorithm for Minimum Weight
Spanning Trees. IEEE Trans. on Prog. Lang. and Systems. 1983.
6
![Page 8: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/8.jpg)
References (3)
MODEL CHECKING
- D.P.L. Simons et al. Mechanical Verification of the IEE 1394a Root
Contention Protocol using Uppaal2 Springer International Journal of
Software Tools for Technology Transfer. 2001
- H. Toetenel et al. Parametric verification of the IEEE 1394a Root
Contention Protocol using LPMC Proceedings of the 7th International
Conference on Real-time Computing Systems and Applications. IEEE
Computer Society Press. 2000
7
![Page 9: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/9.jpg)
References (4)
THEOREM PROVING
- M. Devillers et al. Verification of the Leader Election: Formal Method
Applied to IEEE 1394. Formal Methods in System Design. 2000
- J.R. Abrial et al. A Mechanically Proved and Incremental Devel-
opment of IEEE 1394. To be published 2002
8
![Page 10: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/10.jpg)
Informal Abstract Properties of the Protocol
- We are given a connected and acyclic network of nodes
- Nodes are linked by bidirectional channels
- We want to have one node being elected the leader in a finite time
- This is to be done in a distributed and non-deterministic way
- Next are two distinct abstract animations of the protocol
9
![Page 11: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/11.jpg)
10
![Page 12: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/12.jpg)
11
![Page 13: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/13.jpg)
12
![Page 14: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/14.jpg)
13
![Page 15: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/15.jpg)
14
![Page 16: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/16.jpg)
15
![Page 17: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/17.jpg)
16
![Page 18: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/18.jpg)
17
![Page 19: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/19.jpg)
18
![Page 20: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/20.jpg)
19
![Page 21: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/21.jpg)
20
![Page 22: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/22.jpg)
21
![Page 23: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/23.jpg)
22
![Page 24: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/24.jpg)
23
![Page 25: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/25.jpg)
24
![Page 26: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/26.jpg)
25
![Page 27: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/27.jpg)
26
![Page 28: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/28.jpg)
27
![Page 29: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/29.jpg)
Summary of Development Process
- Formal definition and properties of the network
- A one-shot abstract model of the protocol
- Presenting a (still abstract) loop-like centralized solution
- Introducing message passing between the nodes (delays)
- Modifying the data structure in order to distribute the protocol
28
![Page 30: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/30.jpg)
Let ND be a set of nodes (with at least 2 nodes)
29
![Page 31: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/31.jpg)
Let gr be a graph built and defined on ND
30
![Page 32: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/32.jpg)
gr is a symmetric and irreflexive graph
31
![Page 33: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/33.jpg)
gr is a graph built on ND gr ⊆ ND ×ND
32
![Page 34: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/34.jpg)
gr is a graph built on ND gr ⊆ ND ×ND
gr is defined on ND dom (gr) = ND
33
![Page 35: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/35.jpg)
gr is a graph built on ND gr ⊆ ND ×ND
gr is defined on ND dom (gr) = ND
gr is symmetric gr = gr−1
34
![Page 36: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/36.jpg)
gr is a graph built on ND gr ⊆ ND ×ND
gr is defined on ND dom (gr) = ND
gr is symmetric gr = gr−1
gr is irreflexive id (ND) ∩ gr = ∅
35
![Page 37: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/37.jpg)
gr is connected and acyclic
36
![Page 38: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/38.jpg)
A Little Detour Through Trees
- A tree is a special graph
- A tree has a root
- A tree has a, so-called, father function
- A tree is acyclic
- A tree is connected from the root
37
![Page 39: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/39.jpg)
the root
A tree t built on a set of nodes
38
![Page 40: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/40.jpg)
the root
t is a function defined on ND except at the root
39
![Page 41: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/41.jpg)
Avoidind cycles
BAD
the root
40
![Page 42: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/42.jpg)
A cycle Its inverse image
in their inverse imageThe nodes of a cycle are included
41
![Page 43: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/43.jpg)
- Given
- a set ND
- a subset p of ND
- a binary relation t built on ND
- The inverse image of p under t is denoted by t−1[p]
t−1[p] =̂ {x |x ∈ ND ∧ ∃ y · ( y ∈ p ∧ (x, y) ∈ t) }
- When t is a partial function, this reduces to
{x |x ∈ dom (t) ∧ t(x) ∈ p }
42
![Page 44: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/44.jpg)
- If p is included in its inverse image, we have then:
∀x · (x ∈ p ⇒ x ∈ dom (t) ∧ t(x) ∈ p )
- Notice that the empty set enjoys this property
∅ ⊆ t−1[∅]
43
![Page 45: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/45.jpg)
- The property of having no cycle is thus equivalent to:
The only subset p of ND s.t. p ⊆ t−1[p] is EMPTY
∀p ·
p ⊆ ND ∧p ⊆ t−1 [p]⇒p = ∅
44
![Page 46: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/46.jpg)
The predicate tree (r, t)
45
![Page 47: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/47.jpg)
The predicate tree (r, t)
r is a member of ND r ∈ ND
46
![Page 48: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/48.jpg)
The predicate tree (r, t)
r is a member of ND r ∈ ND
t is a function t ∈ ND − {r} → ND
47
![Page 49: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/49.jpg)
The predicate tree (r, t)
r is a member of ND r ∈ ND
t is a function t ∈ ND − {r} → ND
t is acyclic ∀p ·
p ⊆ ND ∧p ⊆ t−1 [p]⇒p = ∅
48
![Page 50: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/50.jpg)
t is acyclic: equivalent formulations
∀p ·
p ⊆ ND ∧p ⊆ t−1 [p]⇒p = ∅
⇔ ∀q ·
q ⊆ ND ∧r ∈ q ∧t−1 [q] ⊆ q⇒ND ⊆ q
49
![Page 51: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/51.jpg)
This gives an Induction Rule
∀q ·
q ⊆ ND ∧r ∈ q ∧∀x· (x ∈ ND − {r} ∧ t(x) ∈ q ⇒ x ∈ q )⇒ND ⊆ q
50
![Page 52: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/52.jpg)
The predicate tree (r, t)
r is a member of ND r ∈ ND
t is a function t ∈ ND − {r} → ND
t is acyclic ∀q ·
q ⊆ ND ∧r ∈ q ∧t−1 [q] ⊆ q⇒ND ⊆ q
51
![Page 53: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/53.jpg)
A spanning tree t of the graph gr
52
![Page 54: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/54.jpg)
The predicate spanning (r, t, gr)
r, t is a tree tree (r, t)
t is included in gr t ⊆ gr
53
![Page 55: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/55.jpg)
The graph gr is connected and acyclic (1)
- Defining a relation fn linking a node to the possible
spanning trees of gr having that node as a root:
fn ⊆ ND × (ND 7→ ND)
∀(r, t) ·
r ∈ ND ∧t ∈ ND 7→ ND
⇒(r, t) ∈ fn ⇔ spanning (r, t, gr)
54
![Page 56: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/56.jpg)
The graph gr is connected and acyclic (2)
Totality of relation fn ⇒ Connectivity of gr
Functionality of relation fn ⇒ Acyclicity of gr
55
![Page 57: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/57.jpg)
Summary of constants gr and fn
gr ⊆ ND ×NDdom (gr) = ND
gr = gr−1
id (ND) ∩ gr = ∅
fn ∈ ND → (ND 7→ ND)
∀(r, t) ·
r ∈ ND ∧t ∈ ND 7→ ND
⇒t = fn(r) ⇔ spanning (r, t, gr)
56
![Page 58: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/58.jpg)
Election in One Shot: Building a Spanning Tree
- Variables rt and ts
rt ∈ NDts ∈ ND ↔ ND
elect =̂beginrt, ts : spanning (rt, ts, gr)
end
57
![Page 59: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/59.jpg)
First Refinement (1)
- Introducing a new variable, tr, corresponding to the
"tree" in construction
- Introducing a new event: the progression event
- Defining the invariant
- Back to the animation : Observe the construction
of the tree
58
![Page 60: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/60.jpg)
59
![Page 61: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/61.jpg)
60
![Page 62: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/62.jpg)
61
![Page 63: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/63.jpg)
62
![Page 64: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/64.jpg)
63
![Page 65: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/65.jpg)
64
![Page 66: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/66.jpg)
65
![Page 67: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/67.jpg)
66
![Page 68: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/68.jpg)
67
![Page 69: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/69.jpg)
- The green arrows correspond to the tr function
- The blue nodes are the domain of tr
- The function tr is a forest (multi-tree) on nodes
- The red nodes are the roots of these trees
68
![Page 70: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/70.jpg)
The predicate invariant (tr)
tr ∈ ND 7→ ND
69
![Page 71: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/71.jpg)
The predicate invariant (tr)
tr ∈ ND 7→ ND
∀p ·
p ⊆ ND ∧ND − dom (tr) ⊆ p ∧tr−1 [p] ⊆ p⇒ND ⊆ p
70
![Page 72: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/72.jpg)
The predicate invariant (tr)
tr ∈ ND 7→ ND
∀p ·
p ⊆ ND ∧ND − dom (tr) ⊆ p ∧tr−1 [p] ⊆ p⇒ND ⊆ p
dom (tr) C (tr ∪ tr−1) = dom (tr) C gr
71
![Page 73: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/73.jpg)
72
![Page 74: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/74.jpg)
First Refinement (2)
- Introducing the new event "progress"
- Refining the abstract event "elect"
- Back to the animation : Observe the "guard" of progress
73
![Page 75: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/75.jpg)
74
![Page 76: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/76.jpg)
75
![Page 77: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/77.jpg)
When a red node x is connected to AT MOST one other
red node y then event "progress" can take place
progress =̂any x, y wherex, y ∈ gr ∧x /∈ dom (tr) ∧y /∈ dom (tr) ∧gr[{x}] = tr−1[{x}] ∪ {y}
thentr := tr ∪ {x 7→ y}
end
76
![Page 78: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/78.jpg)
To be proved
invariant(tr) ∧x, y ∈ gr ∧x /∈ dom (tr) ∧y /∈ dom (tr) ∧gr[{x}] = tr−1[{x}] ∪ {y}⇒invariant(tr ∪ {x 7→ y})
77
![Page 79: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/79.jpg)
78
![Page 80: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/80.jpg)
79
![Page 81: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/81.jpg)
When a red node x is ONLY connected to blue nodes then
event "elect" can take place
elect =̂any x wherex ∈ ND ∧gr[{x}] = tr−1[{x}]
thenrt, ts := x, tr
end
80
![Page 82: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/82.jpg)
elect =̂beginrt, ts : spanning (rt, ts, gr)
end
elect =̂any x wherex ∈ ND ∧gr[{x}] = tr−1[{x}]
thenrt, ts := x, tr
end
81
![Page 83: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/83.jpg)
To be proved
invariant(tr) ∧x ∈ ND ∧gr[{x}] = tr−1[{x}]ts = tr
⇒spanning(x, ts, gr)
82
![Page 84: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/84.jpg)
Summary of First Refinement
- 15 proofs
- Among which 9 were interactive (one is a bit difficult !)
83
![Page 85: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/85.jpg)
Second Refinement
- Nodes are communicating with their neighbors
- This is done by means of messages
- Messages are acknowledged
- Acknowledgements are confirmed
- Next is a local animation
84
![Page 86: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/86.jpg)
gr
85
![Page 87: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/87.jpg)
tr
86
![Page 88: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/88.jpg)
gr
87
![Page 89: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/89.jpg)
msg
Sending a message
88
![Page 90: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/90.jpg)
msgack
Sending Acknowledgement
Receiving a message
89
![Page 91: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/91.jpg)
msgacktr
Receiving Acknowledgement
Sending Confirmation
90
![Page 92: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/92.jpg)
msgacktr
Receiving Confirmation
91
![Page 93: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/93.jpg)
92
![Page 94: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/94.jpg)
93
![Page 95: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/95.jpg)
94
![Page 96: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/96.jpg)
95
![Page 97: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/97.jpg)
96
![Page 98: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/98.jpg)
97
![Page 99: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/99.jpg)
98
![Page 100: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/100.jpg)
99
![Page 101: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/101.jpg)
100
![Page 102: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/102.jpg)
101
![Page 103: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/103.jpg)
102
![Page 104: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/104.jpg)
103
![Page 105: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/105.jpg)
104
![Page 106: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/106.jpg)
105
![Page 107: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/107.jpg)
106
![Page 108: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/108.jpg)
107
![Page 109: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/109.jpg)
108
![Page 110: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/110.jpg)
109
![Page 111: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/111.jpg)
110
![Page 112: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/112.jpg)
111
![Page 113: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/113.jpg)
112
![Page 114: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/114.jpg)
113
![Page 115: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/115.jpg)
114
![Page 116: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/116.jpg)
115
![Page 117: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/117.jpg)
116
![Page 118: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/118.jpg)
117
![Page 119: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/119.jpg)
118
![Page 120: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/120.jpg)
119
![Page 121: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/121.jpg)
120
![Page 122: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/122.jpg)
Invariant (1)
- Each node sends AT MOST one message
- Each node receives AT MOST one acknowledgment
- Each node sends AT MOST one confirmation
msg ∈ ND 7→ ND
ack ∈ ND 7→ ND
tr ⊆ ack ⊆ msg ⊆ gr
121
![Page 123: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/123.jpg)
Node x sends a message to node y
send msg =̂any x, y wherex, y ∈ gr ∧x /∈ dom (tr) ∧y, x /∈ tr ∧gr[{x}] = tr−1[{x}] ∪ {y} ∧y, x /∈ ack ∧x /∈ dom (msg)
thenmsg := msg ∪ {x 7→ y}
end
122
![Page 124: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/124.jpg)
Node y sends an acknowledgement to node x
send ack =̂any x, y wherex, y ∈ msg − ack ∧y /∈ dom (msg)
thenack := ack ∪ {x 7→ y}
end
123
![Page 125: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/125.jpg)
Node x sends a confirmation to node y
progress =̂any x, y wherex, y ∈ ack ∧x /∈ dom (tr)
thentr := tr ∪ {x 7→ y}
end
124
![Page 126: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/126.jpg)
Invariant (2)
∀ (x, y) ·
x, y ∈ msg − ack⇒x, y ∈ gr ∧x /∈ dom (tr) ∧ y /∈ dom (tr) ∧gr[{x}] = tr−1[{x}] ∪ {y}
∀ (x, y) ·
x, y ∈ ack ∧x /∈ dom (tr)⇒x, y ∈ gr ∧y /∈ dom (tr) ∧gr[{x}] = tr−1[{x}] ∪ {y}
125
![Page 127: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/127.jpg)
Second Refinement: The problem of contention
- Explaining the problem
- Proposing a partial solution
- Towards a better treatment
- Back to the local animation
126
![Page 128: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/128.jpg)
127
![Page 129: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/129.jpg)
128
![Page 130: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/130.jpg)
129
![Page 131: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/131.jpg)
130
![Page 132: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/132.jpg)
gr
131
![Page 133: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/133.jpg)
msg
Sending a message
132
![Page 134: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/134.jpg)
msg
msg
Sending another message
133
![Page 135: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/135.jpg)
msg
Discovering Contention
134
![Page 136: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/136.jpg)
Discovering Contention
135
![Page 137: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/137.jpg)
Recovering from Contention
136
![Page 138: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/138.jpg)
msg
Sending a message
137
![Page 139: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/139.jpg)
msg
msg
Sending another message
138
![Page 140: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/140.jpg)
msg
Discovering Contention
139
![Page 141: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/141.jpg)
Discovering Contention
140
![Page 142: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/142.jpg)
Recovering from Contention
141
![Page 143: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/143.jpg)
msg
Sending a Message
142
![Page 144: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/144.jpg)
msg
msg
Sending another message
143
![Page 145: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/145.jpg)
msg
Discovering Contention
144
![Page 146: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/146.jpg)
Discovering Contention
145
![Page 147: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/147.jpg)
Recovering from Contention
146
![Page 148: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/148.jpg)
msg
Sending a message
147
![Page 149: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/149.jpg)
msgack
Sending Acknowledgement
Receiving a message
148
![Page 150: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/150.jpg)
msgacktr
Receiving Acknowledgement
Sending Confirmation
149
![Page 151: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/151.jpg)
msgacktr
Receiving Confirmation
150
![Page 152: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/152.jpg)
Discovering the Contention (1)
- Node y discovers the contention with node x because:
- It has sent a message to node x
- It has not yet received acknowledgment x
- It receives instead a message from node x
151
![Page 153: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/153.jpg)
Discovering the Contention (2)
- Node x also discovers the contention with node y
- Assumption: The time between both discoveries
IS SUPPOSED TO BE BOUNDED
BY τ ms
- The time τ is the maximum transmission time
between 2 connected nodes
152
![Page 154: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/154.jpg)
A Partial Solution
- Each node waits for τ ms after its own discovery
- After this, each node thus knows that the other
has also discovered the contention
- Each node then retries immediately
- PROBLEM: This may continue for ever
153
![Page 155: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/155.jpg)
A Better Solution (1)
- Each node waits for τ ms after its own discovery
- Each node then choses with equal probability:
- either to wait for a short delay
- or to wait for a large delay
- Each node then retries
154
![Page 156: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/156.jpg)
A Better Solution (2)
- Question: Does this solves the problem ?
- Are we sure to eventually have one node winning ?
- Answer: Listen carefully to Caroll Morgan’s lectures
155
![Page 157: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/157.jpg)
Node y discovers a contention with node x
send ack =̂any x, y wherex, y ∈ msg − ack ∧y /∈ dom (msg)
thenack := ack ∪ {x 7→ y}
end
contention =̂any x, y wherex, y ∈ msg − ack ∧y ∈ dom (msg)
thencnt := cnt ∪ {x 7→ y}
end
- Introducing a dummy contention channel: cnt
cnt ∈ ND 7→ ND
cnt ⊆ msg
ack ∩ cnt = ∅
156
![Page 158: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/158.jpg)
Solving the contention (simulating the τ delay)
solve contention =̂any x, y wherex, y ∈ cnt ∪ cnt−1
thenmsg := msg − cnt ‖cnt := ∅
end
157
![Page 159: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/159.jpg)
Summary of Second Refinement
- 73 proofs
- Among which 34 were interactive
158
![Page 160: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/160.jpg)
Third Refinement: Localization
- The representation of the graph gr is modified
- The representation of the tree tr is modified
- Other data structures are localized
159
![Page 161: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/161.jpg)
Localization (1)
The graph gr and the tree tr are now localized
nb ∈ ND → P(ND)
∀x · (x ∈ ND ⇒ nb(x) = gr[{x}] )
sn ∈ ND → P(ND)
∀x · (x ∈ ND ⇒ sn(x) ⊆ tr−1[{x}] )
160
![Page 162: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/162.jpg)
Localization (2)
bm ⊆ ND
bm = dom (msg)
bt ⊆ ND
bt = dom (tr)
ba ∈ ND → P(ND)
∀x · (x ∈ ND ⇒ ba(x) = ack−1[{x}] )
161
![Page 163: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/163.jpg)
- Node x is elected the leader
elect =̂any x wherex ∈ ND ∧nb(x) = sn(x)
thenrt := x
end
162
![Page 164: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/164.jpg)
- Node x sends a message to node y (y is unique)
send msg =̂any x, y wherex ∈ ND − bm ∧y ∈ ND − (ba(x) ∪ sn(x)) ∧nb(x) = sn(x) ∪ {y}
thenmsg := msg ∪ {x 7→ y} ‖bm := bm ∪ {x}
end
163
![Page 165: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/165.jpg)
- Node y sends an acknowledgement to node x
send ack =̂any x, y wherex, y ∈ msg ∧x /∈ ba(y) ∧y /∈ bm
thenack := ack ∪ {x 7→ y} ‖ba(y) := ba(y) ∪ {x}
end
164
![Page 166: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/166.jpg)
- Node x sends a confirmation to node y
progress =̂any x, y wherex, y ∈ ack ∧x /∈ bt
thentr := tr ∪ {x 7→ y} ‖bt := bt ∪ {x}
end
165
![Page 167: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/167.jpg)
- Node y receives confirmation from node x
rcv cnf =̂any x, y wherex, y ∈ tr ∧x /∈ sn(y)
thensn(y) := sn(y) ∪ {x}
end
166
![Page 168: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/168.jpg)
contention =̂any x, y wherex, y ∈ cnt ∪ cnt−1 ∧x /∈ ba(y) ∧y ∈ bm
thencnt := cnt ∪ {x 7→ y}
end
167
![Page 169: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/169.jpg)
solve contention =̂any x, y wherex, y ∈ cnt ∪ cnt−1
thenmsg := msg − cnt ‖bm := bm− dom (cnt) ‖cnt := ∅
end
168
![Page 170: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/170.jpg)
Summary of Third Refinement
- 29 proofs
- Among which 19 were interactive
169
![Page 171: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/171.jpg)
Main Summary
- 119 proofs
- Among which 63 were interactive
170
![Page 172: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/172.jpg)
Conclusion: a Systematic Approach to Distribution
- Establishing the mathematical framework
171
![Page 173: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/173.jpg)
Conclusion: a Systematic Approach to Distribution
- Establishing the mathematical framework
- Resolving the mathematical problem in one shot
172
![Page 174: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/174.jpg)
Conclusion: a Systematic Approach to Distribution
- Establishing the mathematical framework
- Resolving the mathematical problem in one shot
- Resolving the same problem on a step by step basis
173
![Page 175: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/175.jpg)
Conclusion: a Systematic Approach to Distribution
- Establishing the mathematical framework
- Resolving the mathematical problem in one shot
- Resolving the same problem on a step by step basis
- Involving communication by means of messages
174
![Page 176: The Leader Election Protocol (IEEE 1394)](https://reader030.fdocuments.in/reader030/viewer/2022012606/619ae1bbe46b45707a16fab7/html5/thumbnails/176.jpg)
Conclusion: a Systematic Approach to Distribution
- Establishing the mathematical framework
- Resolving the mathematical problem in one shot
- Resolving the same problem on a step by step basis
- Involving communication by means of messages
- Towards the localization of data structures
175