Tweet
Tweet

Slide 1

Slide 1 text

DISTRIBUTED DATA STRUCTURES IN COQ Christopher Meiklejohn @cmeik Tuesday, May 14, 13

Slide 2

Slide 2 text

Tuesday, May 14, 13

Slide 3

Slide 3 text

COQ Tuesday, May 14, 13

Slide 4

Slide 4 text

CRDTs Tuesday, May 14, 13

Slide 5

Slide 5 text

G-COUNTERS Tuesday, May 14, 13

Slide 6

Slide 6 text

Vector Clocks Credit: http://en.wikipedia.org/wiki/File:Vector_Clock.svg Tuesday, May 14, 13

Slide 7

Slide 7 text

CLOCKS Tuesday, May 14, 13

Slide 8

Slide 8 text

IMPLEMENTATION Tuesday, May 14, 13

Slide 9

Slide 9 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Module ClockMap := FMapWeakList.Make (Nat_as_Legacy_OT). Module ClockMapFacts := FMapFacts.Facts (ClockMap). Tuesday, May 14, 13

Slide 10

Slide 10 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Definition Clock_merge (n1 n2 : option nat) := match n1, n2 with | None, None => None | Some n, None => Some n | None, Some n => Some n | Some n1', Some n2' => Some (max n1' n2') end. Definition Clock_compare (n1 n2 : option nat) := match n1, n2 with | None, None => None | Some n, None => Some false | None, Some n => Some true | Some n1', Some n2' => Some (leb n1' n2') end. Tuesday, May 14, 13

Slide 11

Slide 11 text

PROOFS Tuesday, May 14, 13

Slide 12

Slide 12 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Lemma Clock_merge_comm : forall n1 n2, Clock_merge n1 n2 = Clock_merge n2 n1. Proof. intros. destruct n1; destruct n2; auto. simpl. f_equal. apply Max.max_comm. Qed. Tuesday, May 14, 13

Slide 13

Slide 13 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Lemma Clock_merge_idempotent : forall n1, Clock_merge n1 n1 = n1. Proof. intros. destruct n1; auto; simpl. f_equal. apply Max.max_idempotent. Qed. Tuesday, May 14, 13

Slide 14

Slide 14 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Lemma Clock_merge_assoc : forall n1 n2 n3, Clock_merge n1 (Clock_merge n2 n3) = Clock_merge (Clock_merge n1 n2) n3. Proof. intros. destruct n1; destruct n2; destruct n3; auto. unfold Clock_merge. f_equal. apply Max.max_assoc. Qed. Tuesday, May 14, 13

Slide 15

Slide 15 text

G-COUNTERS Tuesday, May 14, 13

Slide 16

Slide 16 text

IMPLEMENTATION Tuesday, May 14, 13

Slide 17

Slide 17 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Definition G_Counter := ClockMap.t nat. Definition G_Counter_init : G_Counter := ClockMap.empty nat. Tuesday, May 14, 13

Slide 18

Slide 18 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Definition G_Counter_incr actor clocks := match ClockMap.find actor clocks with | None => ClockMap.add actor 1 clocks | Some count => (ClockMap.add actor (S count) clocks) end. Tuesday, May 14, 13

Slide 19

Slide 19 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Definition G_Counter_reveal clocks := ClockMap.fold (fun key elt acc => (plus acc elt)) clocks 0. Tuesday, May 14, 13

Slide 20

Slide 20 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Definition G_Counter_merge c1 c2 := ClockMap.map2 Clock_merge c1 c2. Tuesday, May 14, 13

Slide 21

Slide 21 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Definition G_Counter_equal (c1 c2 : G_Counter) := ClockMap.Equal c1 c2. Tuesday, May 14, 13

Slide 22

Slide 22 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Definition G_Counter_compare (c1 c2 : G_Counter) := ClockMap.Equal (ClockMap.map2 Clock_compare c1 c2) (ClockMap.map2 Clock_true c1 c2). Tuesday, May 14, 13

Slide 23

Slide 23 text

PROOFS Tuesday, May 14, 13

Slide 24

Slide 24 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Theorem G_Counter_merge_comm : forall c1 c2, G_Counter_equal (G_Counter_merge c1 c2) (G_Counter_merge c2 c1). Proof. intros; unfold G_Counter_merge. unfold ClockMap.Equal; intro. repeat rewrite ClockMapFacts.map2_1bis; auto. apply Clock_merge_comm. Qed. Tuesday, May 14, 13

Slide 25

Slide 25 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Theorem G_Counter_merge_idempotent : forall clocks, G_Counter_equal (G_Counter_merge clocks clocks) clocks. Proof. intros; unfold G_Counter_merge. unfold ClockMap.Equal; intro. repeat rewrite ClockMapFacts.map2_1bis; auto. apply Clock_merge_idempotent. Qed. Tuesday, May 14, 13

Slide 26

Slide 26 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Theorem G_Counter_merge_assoc : forall c1 c2 c3, G_Counter_equal (G_Counter_merge c1 (G_Counter_merge c2 c3)) (G_Counter_merge (G_Counter_merge c1 c2) c3). Proof. intros; unfold G_Counter_merge. unfold ClockMap.Equal; intro. repeat rewrite ClockMapFacts.map2_1bis; auto. repeat rewrite <- Clock_merge_assoc; reflexivity. Qed. Tuesday, May 14, 13

Slide 27

Slide 27 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Theorem G_Counter_incr_mono : forall clocks actor, G_Counter_compare clocks (G_Counter_incr actor clocks). Proof. intros; unfold G_Counter_compare; unfold ClockMap.Equal; intro. repeat rewrite ClockMapFacts.map2_1bis; auto. elim (eq_nat_dec actor y); intro. subst. unfold Clock_compare, Clock_true. unfold G_Counter_incr. simpl. destruct (ClockMap.find y clocks). rewrite ClockMapFacts.add_eq_o. f_equal. induction n; auto. reflexivity. reflexivity. unfold G_Counter_incr. destruct (ClockMap.find actor clocks) eqn:factor. rewrite ClockMapFacts.add_neq_o; auto. apply Clock_compare_refl. rewrite ClockMapFacts.add_neq_o; auto. apply Clock_compare_refl. Qed. Tuesday, May 14, 13

Slide 28

Slide 28 text

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Theorem G_Counter_merge_mono : forall c1 c2, G_Counter_compare c1 (G_Counter_merge c1 c2). Proof. intros; unfold G_Counter_compare. unfold ClockMap.Equal; intro. unfold Clock_compare, Clock_true, G_Counter_merge. repeat rewrite ClockMapFacts.map2_1bis; auto. destruct (ClockMap.find y c1); destruct (ClockMap.find y c2); simpl; f_equal. apply leb_max_mono. rewrite leb_correct; auto. Qed.   Tuesday, May 14, 13

Slide 29

Slide 29 text

NEXT STEPS Tuesday, May 14, 13

Slide 30

Slide 30 text

PN-COUNTERS Tuesday, May 14, 13

Slide 31

Slide 31 text

MORE DATA STRUCTURES Tuesday, May 14, 13

Slide 32

Slide 32 text

GITHUB.COM CMEIKLEJOHN/DISTRIBUTED-DATA-STRUCTURES Tuesday, May 14, 13

Slide 33

Slide 33 text

QED Tuesday, May 14, 13