1 / 32

Causality in Concurrent Systems

Causality in Concurrent Systems. software, hardware or even physic al systems where sets of activities run in parallel with possible occasional interactions. S.Crafa Università di Padova Italy. F. Russo Vrije Universiteit Brussel B elgium. HaPoC 31 October 2013, Paris.

elle
Download Presentation

Causality in Concurrent Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Causality in Concurrent Systems software, hardware or even physical systems where sets of activities run in parallel with possible occasional interactions S.Crafa UniversitàdiPadova Italy F. Russo VrijeUniversiteitBrussel Belgium HaPoC31 October 2013, Paris

  2. Concurrent Systems

  3. Concurrent Systems

  4. Concurrent Systems

  5. Overview • Concurrent Systems • How to deal with such a complexity? • CS offers tools: Formal/precise, expressive/general, simple/tractable • Java programming language, … • DSL for concurrent hardware, system biology, … • process algebras • Formal language • to specifythe system

  6. Overview • what causality means ? • w.r.t. traditional debates in philosophy of causality: • production and mechanisms, independence, causation by omission • Concurrent Systems • How to deal with such a complexity? • CS offers tools: Formal/precise, expressive/general, simple/tractable • Interleaving models (1 action at a time) • true-concurrent, causal modelstake the notion of concurrency/causality as fundamental • Operational model • to describe all system behaviors how causality is formalized (in PESs)? • Formal language • to specifythe system

  7. Overview • Concurrent Systems • How to deal with such a complexity? • CS offers tools: Formal/precise, expressive/general, simple/tractable • before system exec.: static analysis • during system exec.: dynamic analysis / execution profiling • after an actual exec.: trace analysis / fault diagnosis(examining causal history of error occurrence) Analysis techniques to reason/prove system properties • Operational model • to describe all system behaviors • counterfactual reasoning • as an example of causal reasoning: c. validation and refutation using the theory of N. Rescher • Formal language • to specifythe system

  8. Example: a railway system A Train 1 • each pair of stations connected by a single track • Train1 and Train2 move concurrently (at possibly different speed) between A-B and A-C. • The transit between B and C must be regulated: no collision! • between B and C must be in mutual exclusion Train2 C B

  9. Example: a railway system A Train 1 • each pair of stations connected by a single track • Train1 and Train2 move concurrently (at possibly different speed) between A-B and A-C. • The transit between B and C must be regulated: no collision! • between B and C must be in mutual exclusion Train2 C B The presence of Train1 at C depends on its previous presence at B Train1 on the track AB and Train2 on the track AC are concurrent activities: they can take place in any order, or at the same time as well The usage of track BC by Train1 is in conflict with the usage of the same track by Train2: any of the two, but not both

  10. The railway system as a PES A e5 l(e1) = Train1 in tract AB l(e2) = Train2 in track AC l(e3) = Train1 in track BC e6 Train1 • Labeled Prime Event Structure <E,<,#,l> • E is a set of events e (event=a step of computation) • l(e) action associated to the occurrence of e • < a partial order representingthe causal relation between events: • e1<e3 e1 is a cause of e3 • # irreflexive and symmetric relation called conflict: • e3#e4 two alternative behaviors • axiom: the conflict is hereditary: if e<e’ and e#e’’ then e’#e’’ Train2 e3 e4 l(e4) = Train2 in track BC l(e5) = Train1 in track BC l(e6) = Train2 in track BC C B e1 e2

  11. The railway system as a PES A e5 l(e1) = Train1 in tract AB l(e2) = Train2 in track AC l(e3) = Train1 in track BC e6 Train1 • Labeled Prime Event Structure (flow e.s., asymetric conflict,…) • Petri nets (multiple tokens, open nets, …) • generalized Labeled Transition Systems • (unstable) configuration structures • causal trees • … Train2 e3 e4 l(e4) = Train2 in track BC l(e5) = Train1 in track BC l(e6) = Train2 in track BC C B e1 e2 true-concurrent models where appears causal talking ??

  12. The meaning of causality in PESs • causality is a primitive relation: e1 causally depends on e2 iff it has been so defined • These models are intended to be used • not for causal discovery • but for (formal and automatic) reasoning on top of causal relations,e.g. prove that ‘at any time A depends on B and it is concurrent with C’ • Operational model • to describe all system behaviors how to definethe causal relation < so that the resulting PES agrees with the system behaviors ? • Formal language • to specifythe system

  13. The meaning of causality in PESs • instruction n+1 causally depends on instruction n • ok in sequential code • but: instruction n = “execute this in parallel with the following” • but: runtime reorders instructions to optimize exec. • the (Java) Memory Modeldefines a partial ordering on program instructions, the happens-before relation • runtime reordering must respect the HB-relation • new parallel hardware (multicore CPUs, GPUs) requires new memory model • Operational model • to describe all system behaviors ? • many approaches, research issue • no causal discovery • debate about how to define a precedence relation • Formal language • to specifythe system

  14. Causality vs Dependency • causal relation < encodes any form of dependency (temporal, spatial, causal,…) • well suited for the study of independent (i.e. concurrent) actions • this might be ok: it is simple and effective in many cases • e.g. independent sets of instructions can be scheduled at the same time over different CPU cores • in biological systems causality ≠ necessary conditions (knock-out causality) hence aformal treatment of causalitylike that in PESs, must be specialized

  15. The meaning of causality in philosophy • puzzling about thenature of the connection from the cause and the effect • does the event A cause the event B in the sense of producing it? • what is the causal mechanism that is responsible for a phenomenon? • e.g. in biology: a virus produces flu, and we are interested in understanding the mechanism of spread of an infection • in physical processes: production is identified in the exchange of conserved quantities [Salmon-Dowe] • in social contexts: production is identified in terms of interaction between individuals, role of norms and values [Hedstrom-Ylikoski]

  16. The meaning of causality in philosophy • puzzling about thenature of the connection from the cause and the effect most philosophers agree that, in various scientific contexts, causality involves a ‘dependence’ component AND a ‘productive’ component • Incomputer science in many cases: • causality / dependence / precedence / necessary condition • seem to be used as synonyms deliberately ?

  17. Reasoning above systems a property is a proposition that holds true in any execution of the system • concurrent systems allows many different executions: • A | B can be scheduled in any order • real models are huge, possibly unbound • models are only partially built, possibly on-the-need • an exhaustive look is unfeasible. Analysis techniques to reason/prove system properties • Operational model • to describe all system behaviors • Formal language • to specifythe system

  18. counterfactuals at work they looked at (the huge) system model until they found a behavior ending up in the error state • 4th July 1997 Mars Pathfinder landed on Mars. The Sojourner rover started gathering and transmitting data back to Earth • After few days the spacecraft began experiencing system resets • NASA engineers spent hours running the replicated system in their lab attempting to replicate the precise conditions under which they believed that the reset occurred. • When they finally reproduced a system reset on the replica, the analysis of the computation trace revealed a well-known concurrency bug, i.e. priority inversion. Rephrase in terms of counterfactual reasoning on top of the (concurrent) operational model

  19. F E • there is light: Ok it is dark: Error Communicate with Earth C D Inspect a specific object • possible runs: A .B . D or B . A . D or (A|B).D or A . C . F or A . C . E • The (huge) model had not been entirely built hence the error state went unnoticed A B move take pictures actual run we validate it using N.Resher’s theory Error explanation: Since it was dark, if the first Rover’s action had been B, it would not have entered the error state

  20. F E • there is light: Ok it is dark: Error Communicate with Earth C D Inspect a specific object Since it was dark, if the first Rover’s action had been B, it would not have entered the error state A B move take pictures actual run assume not 2 then 4 and 5 are incompatible reject 4: 5 is a law hence it has priority over 4 • A . C . E we validate it using N.Resher’s theory List of the salient beliefs: it was dark the Rover did not perform B as its first action the Rover performed C the Rover ended up in E The execution of B prevents the execution of E If E is executed, then it is dark and C has been previously executed fact fact fact fact law law B is the first action The rover does not end up in E

  21. Counterfactual reasoning • Resher’saccount well fits model-based trace analysis • the different priority levels (Meaning, Existence, Lawfulness, Fact) boil down to the distinction between facts(“event E occurred”), and laws (“A and B are independent”) • with such a clear distinction we can always decide the priority of beliefs, while in Lewis’ theory the similarity between possible worlds is an open problem • the model can be used to refute a counterfactual by showing a possible execution violating the c. • If the first action had been A, it would have ended up in error state • Show an allowed behavior where the counterfactual is false: A – B – D • Resher doesn’t refer to c. refutation, but only to proving c. negation (deinal)If the first action had been A, it would NOT have ended up in error state

  22. Conclusions • The formalization of concurrent systems is an interesting area where to investigate the meaning and the use of causal concepts • Causal talking is used in many other approaches to concurrent systems , each one with its peculiarities • We don’t aim to be general, but • to point out how tricky and subtle is causal talking, even in Computer Science • to build a bridge with the philosophy of causality developed in other scientific contexts Philosophy of Causality Computer Science

  23. THE END

  24. Overview • Concurrent Systems • How to deal with such a complexity? • CS offers tools: Formal/precise, expressive/general, simple/tractable • their formal language and operational model (prime event structures) • focus on concurrent actions, hence computer scientists resorted to the causal terminology • how causality is formalized in PESs • Here: what causality means • what about traditional debates in philosophy of causality? production and mechanisms, independence, causation by omission • Here: how causal reasoning works in concurrent systems? • counterfactual reasoning as an analysis technique: counterfactual validation and refutation using the theory of Nicholas Rescher

  25. Causality vs Dependency • causal relation < encodes any form of dependency (temporal, spatial, causal,…) • well suited for the study of independent (i.e. concurrent) actions • e.g. independent sets of instructions can be scheduled at the same time over different CPU cores • e.g. the maximal number of independent actions, the “degree of concurrency”, allows to estimate the maximal number of processors the application makes use of. • for any (A,B), they are either dependent, or concurrent or in conflict: no room for unknown or yet-to-be-discovered link between events • this allows more effective proofs using “reduction ad absurdum” arguments, that derive a contradiction from a to-be-refuted false assumption • e.g. assume A and B not causally linked, then either A|B or A#B,…

  26. Resher’s theory of counterfactuals • N. Resher’s approach: A{b} -> B where b is a set of beliefs • if A where true, which we take not to be so since not-A belongs to our set of pertinent beliefs b (i.e. ¬A in b), then B would be true • to validate the c. one has to prove B from A plus a consistent subset of b\{¬A} • How to purge b\{¬A} so to restore consistency? • the choice of which belief to retain is guided by a principle of conservation of information: MELF (Meaning, Existence, Lawfulness, Fact) • conceptual relations have priority over mere facts • norms of practice over matters of brute contingency

  27. Resher’s theory of counterfactuals If this rubber band were made of copper, it would conduct electricity • this band is made of rubber (factual belief) • this band is not made of copper (factual belief) • this band does not conduct electricity (factual belief) • things made of rubber do not conduct electricity (lawful belief) • things made of copper do conduct electricity (lawful belief) negate 2. to restore consistency: keep 3. or 5. 5. is more informative than 3. then it has more priority then we keep 5. and we accept the c.

  28. Counterfactuals • A subjunctive conditional where the antecedent is known or supposed to be false • If I had not miss the buss, then I would have been on time for class • If I were Napoleon, then I would be alive in 1800 • If I were Napoleon, then I would be alive in 50 BC • counterfactual are often used to reason about causes and effects • reasoning about what would have happened had the putative cause not occurred • the goal of a c. is to pick out the ‘right’ cause and we’ll know that we picked the right one if the counterfactual holds true

  29. Independence in philosophy • Independence in PESs • A and B can occur in any order and also simultaneously • it is not the negation of causality: • ¬(A<B) implies A|B or A # B (the occurrence of A disallows B) • Granger’s independence test(in statistical modeling) • causality defined through its negative: • A does not “Granger-cause” B if the history of the variable A is irrelevant in order to determine the value of B • Causation by omission: • an absence or a non-entity causes something, e.g. not watering the plant caused it to die • if we are interested in the ‘productive’ relation between the cause and the effect we are stuck! • but we might show that the omission activates some mechanism leading to the effect, e.g. the dehydration of the plant.

  30. Counterfactuals • A subjunctive conditional where the antecedent is known or supposed to be false • If I had not miss the buss, then I would have been on time for class • If I were Napoleon, then I would be alive in 1800 • If I were Napoleon, then I would be alive in 50 BC • They are often used to reason about causes and effects • the goal of a c. is to pick out the ‘right’ cause and we’ll know that we picked the right one if the counterfactual holds true • in classical propositional logic any counterfactual is true, due to the paradox of material implication (A -> B with A false) • D. Lewis possible-world semantics • N. Resher MELF theory

  31. F E • there is light: Ok it is dark: Error Communicate with Earth C D Inspect a specific object A B move take pictures Counterfactual refutation: • Assume that the actual behavior is B . A . D • If the first action had been A, it would have ended up in error state To refute it, simply show an allowed behavior where the counterfactual is false: A – B – D Resher doesn’t refer to c. refutation, but only to proving c. negation (deinal) If the first action had been A, it would not have end up in the error state not provable

  32. Conclusions • The formalization of concurrent systems is an interesting area where to investigate the meaning and the use of causal concepts Philosophy Computer Science • in a number of (general) models the term ‘causality’ could be replaced with ‘dependence’ or ‘precedence’ with no loss of content or informativity • there is nothing there which is specifically causal, in the sense of production • (causal) reasoning on top of operational models vs debates in the philosophy of causality • e.g. counterfactuals

More Related