Model Generation for Distributed Java Programs Rabéa Boulifa Eric Madelaine Oasis Team INRIA, Sophia-Antipolis France, I3S, UNSA Luxembourg, November 28,

Slides:

Advertisements

Similar presentations

Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,

Advertisements

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Model Driven Generative Programming Reza Azimi February 6, 2003 ECE1770: Trends in Middleware Systems.

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Lecture 8: Asynchronous Network Algorithms

Pontus Boström and Marina Waldén Åbo Akademi University/ TUCS Development of Fault Tolerant Grid Applications Using Distributed B.

PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,

Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str Thessaloniki Greece.

Remote Procedure Call (RPC)

Goal and Scenario Validation: a Fluent Combination Chin-Yi Tsai.

Denis Caromel1 Joint work with Ludovic Henrio – Eric Madelaine et. OASIS members OASIS Team INRIA -- CNRS - I3S – Univ. of Nice Sophia-Antipolis, IUF.

1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.

Fabrice Huet Mobility of Active Objects Fabrice Huet INRIA-I3S-CNRS.

Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,

Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.

1 IFM 2005 – November 30, 2005 EXP.OPEN 2.0 A flexible tool integrating partial order, compositional, and on-the-fly verification methods Frédéric Lang.

Basic Definitions Data Structures: Data Structures: A data structure is a systematic way of organizing and accessing data. Or, It’s the logical relationship.

Operational Semantics Semantics with Applications Chapter 2 H. Nielson and F. Nielson

Optimisation of behaviour of component-based distributed systems INRIA - I3S - CNRS – University of Nice Sophia-Antipolis EPC SCALE Galyna Zholtkevych.

Software Testing Verification and validation planning Software inspections Software Inspection vs. Testing Automated static analysis Cleanroom software.

Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine.

APPLICATIONS OF CONTEXT FREE GRAMMARS BY, BRAMARA MANJEERA THOGARCHETI.

INRIA Sophia-Antipolis, Oasis team INRIA Rhône-Alpes, Vasy team Feria–IRIT/LAAS, SVF team Toulouse GET - ENST Paris, LTCI team FIACRE Models and Tools.

Oct Multi-threaded Active Objects Ludovic Henrio, Fabrice Huet, Zsolt Istvàn June 2013 –

Formalizing the Asynchronous Evolution of Architecture Patterns Workshop on Self-Organizing Software Architectures (SOAR’09) September 14 th 2009 – Cambrige.

Formalism and Platform for Autonomous Distributed Components Bio-inspired Networks and Services A Distributed Component Model Formalisation in Isabelle.

Java Threads 11 Threading and Concurrent Programming in Java Introduction and Definitions D.W. Denbo Introduction and Definitions D.W. Denbo.

Eric Madelaine FORTE ’04 -- Madrid sept /25 Parameterized Models for Distributed Java Objects Eric Madelaine work with Tomás Barros, Rabéa Boulifa.

Eric MadelaineOSMOSE -- WP2 -- Prague June 2004 Models for the Verification of Distributed Java Objects Eric Madelaine work with Tomás Barros, Rabéa Boulifa,

Reactive systems – general

Denis Caromel1 Troisieme partie Cours EJC 2003, AUSSOIS, Denis Caromel OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 22 Slide 1 Software Verification, Validation and Testing.

Eric MADELAINE1 T. Barros, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis (FACS’05), Fractal workshop, Grenoble.

A graphical specification environment for GCM component-based applications INRIA – I3S – CNRS – University of Nice-Sophia Antipolis EPC OASIS Oleksandra.

GSFL: A Workflow Framework for Grid Services Sriram Krishnan Patrick Wagstrom Gregor von Laszewski.

TTCN-3 MOST Challenges Maria Teodorescu

Asynchronous Components with Futures: Semantics, Specification, and Proofs in a Theorem Prover Components (Distributed) Futures Formalisations (and proofs)

1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.

1 Romain Quilici ObjectWeb Architecture meeting July 2nd 2003 ProActive Architecture of an Open Middleware for the Grid.

3 June Paris Seminar Modelling and Analysis of TCP’s Connection Management Procedures Jonathan Billington and Bing Han Computer Systems Engineering.

1. 2 Objects to Distributed Components (1) Typed Group Java or Active Object ComponentIdentity Cpt = newActiveComponent (params); A a = Cpt ….getFcInterface.

Mastère RSD - TC4 2005/20061 Distributed Components –ProActive-Fractal : main concepts –Behaviour models for components –Deployment, management, transformations.

Parameterized Models for Distributed Java Objects Tomás Barros & Rabéa Boulifa OASIS Project INRIA Sophia Antipolis April 2004.

May University of Glasgow Generalising Feature Interactions in Muffy Calder, Alice Miller Dept. of Computing Science University of Glasgow.

ProActive components and legacy code Matthieu MOREL.

Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.

Eric MadelaineOSCAR Workshop -- Santiago Nov Verification of Distributed Applications Eric Madelaine work with Isabelle Attali, Tomás Barros, Rabéa.

Parameterized models for distributed objects Eric Madelaine, Rabéa Boulifa, Tomás Barros OASIS INRIA Sophia-Antipolis, I3S, UNSA

A visualisation and debugging tool for multi-active objects Ludovic Henrio, Justine Rochas LAMHA, Nov 2015.

Transparent First-class Futures and Distributed Components Introduction: components, futures, and challenges Statically Representing Futures An Example.

Eric MADELAINE ---- OASIS1 E. Madelaine Oasis team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis RESECO ’08 Santiago – Nov. 24, 2008 Specification.

Eric MADELAINE1 A. Cansado, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis Fractal workshop, Nantes, 3 july.

RESECO - Montevideo - 22 nov 2007Reseco, Montevideo, 22 nov 2007 Eric Madelaine - OASIS Team1 Specifying and Generating Safe GCM Components INRIA – Sophia.

VERIFYING THE CORRECT COMPOSITION OF DISTRIBUTED COMPONENTS: FORMALISATION AND TOOL Ludovic Henrio 1, Oleksandra Kulankhina 1,2, Dongqian Liu 3, Eric Madelaine.

Specifying Fractal and GCM Components With UML Solange Ahumada, Ludovic Apvrille, Tomás Barros, Antonio Cansado, Eric Madelaine and Emil Salageanu SCCC.

Tomás BarrosMonday, April 18, 2005FIACRE Toulouse p. 1 Behavioural Models for Hierarchical Components Tomás Barros, Ludovic Henrio and Eric Madelaine.

Distributed Components and Futures: Models and Challenges A Distributed Component Model Distributed Reconfiguration Calculi for Components and Futures.

A Theory of Distributed Objects Toward a Foundation for Component Grid Platforms Ludovic HENRIO l A Theory of Distributed Objects l Components l Perspectives.

Eric MADELAINE -- GridComp -- OASIS 1 E. Madelaine (A. Cansado) GridComp project OASIS team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis GridComp.

Eric MADELAINE1 T. Barros, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis DCC, University.

Concurrent Object-Oriented Programming Languages Chris Tomlinson Mark Scheevel.

Mastère RSD - TC4 2005/20061 Distributed JAVA Aims and Principles The ProActive library Models of behaviours Generation of finite (parameterized) models.

1 Romain Quilici OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis, IUF July 2nd 2003 ProActive Architecture.

1 Chapter 11 Global Properties (Distributed Termination)

Topic 4: Distributed Objects Dr. Ayman Srour Faculty of Applied Engineering and Urban Planning University of Palestine.

Behavioural Models for Distributed Hierarchical Components

Formal Specification and Verification of Distributed Component Systems

Distributed Components and Futures: Models and Challenges

Princess Nourah bint Abdulrahman University

Semantic Formalisms 3: Distributed Applications

Presentation transcript:

Model Generation for Distributed Java Programs Rabéa Boulifa Eric Madelaine Oasis Team INRIA, Sophia-Antipolis France, I3S, UNSA Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation

Outline Distributed Java Applications, the ProActive Library Approach Models: Networks and LTSs Model Construction Conclusion scientiFic engIneering of Distributed Java applIcationLuxembourg, November 28, 2003

Context, ProActive library Active objects communicate by Remote Method Invocation. Each active object: has a request queue (always accepting incoming requests) has a body specifying its behaviour (local state and computation, service of requests, submission of requests) manages the « wait by necessity » of responses (futures) Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation

Approach Behavioural model (Labelled Transition Systems), built in a compositional (structural) manner : One LTS per active object. Synchronisation based on ProActive semantics Usable for Model-checking  finite / small models MCG LTS ProActive Application Control flow analysis Behavioural Semantics scientiFic engIneering of Distributed Java applIcationLuxembourg, November 28, 2003

!Serv_m request served (executed and removed) response received !Serv_m Method Calls : informal diagram method call Current objectRemote object request arriving in the queue !Req_m ?Req_m !Rep_m ?Rep_m !Req_m ?Req_m ?Rep_m response sent back !Rep_m Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation

Model: Networks of synchronised LTSs Finite enumeration active objects  Synchro. Networks [Arnold 80] Boxes and links computed by static analysis Labelled transition systems, LTSs 1 LTS per activity = LTS behaviour + LTS queue. Labels=Requests/Responses (meth. name + finite abstract. of param.) Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation AiAi QiQi serve AjAj QjQj Req(args) Rep(v) Behaviour LTS Queue LTS Active Object i Active Object j

Construction procedure Finite network: analyse the source code of the application, by some finite abstraction of parameters. For each Active Object Class (with all required passive classes): –build the Method Call Graph, MCG –compute the sequential LTS, using the SOS rules –interleave at each “wait by necessity” points, using the Future rule (=> asynchronous LTS). –generate the request queue LTS. –combine the asynchronous LTS with the queue LTS. Property : For a finite data abstraction  Termination guaranteed Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation

Building of Network Enumeration: O ={O i } a finite number of active object classes. Dom ( O i ) a finite number of instantiations of each class. (use a finite abstraction of creation parameters) Incoming ports (available services) = set of public methods Outgoing links = remote requests (use a finite abstraction of message parameters) Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation

Method Call Graph MCG= method name nodes call edges transfer edges reference to future nodes  {ent(id), call(id), rep(id), seq, ret} public void getForks(){ ObjectForSynchro lf= Fork[id].take(); ObjectForSynchro lr= Fork[right_ind].take(); waitFor(lf); waitFor(lr);} Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation

Rules: SOS-style {Premisses}  At beginning : MCG node LTS node LTSmapping Continuation stack method stack Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation

Local Call v1  M v1  C v2 v1  T v2' Passive (O) fresh(n’)  L_Call M We will go and analyse its code, just as if we where inlining it. We shall not develop loops or recursive procedures. Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation

Remote Call v1  T v2 Active(O) fresh(n')  R_Call !Req_M O is a remote active object. We simply generate a send message !Req_M encoding the method name and its (abstracted) parameters. Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation

Futures V v = O.m1(x); xxx; yyy; v.f();  A ’  (v1)=v2 n1=M(v1) n2=M(v2) A’ = (A  ) ? Rep_M Fut Where M is the phantom of M, i.e. the union of all Ms during the construction procedure n1 n2 scientiFic engIneering of Distributed Java applIcationLuxembourg, November 28, 2003

Example (Philosopher Diner) public void runActivity(){ while(true){ think(); getForks(); eat(); putForks(); }} public void getForks(){ ObjectForSynchro lf= Fork[id].take(); ObjectForSynchro lr= Fork[right_ind].take(); waitFor(lf); waitFor(lr);} Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation

MCG  LTS Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation 5: ent(think) think:runActivity4 5 6: ret 6 runActivity[] ScSm [] 8: ent(getForks) getForks:runActivity : seq []runActivity 4 3: call(think) 4runActivity : call(getForks) 4 9: call(Fork[id].take) 7runActivity : ent(runActivity) []runActivity 1

MCG  LTS Sc Sm Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation []

MCG  LTS Sc Sm [] Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation []

Conclusion Behaviour models of ProActive distributed applications encode asynchronous communication between distributed objects. With usual data/structure abstraction, we build finite, hierarchical, models suitable for automatic verification. Prototype implementation based on Soot and Bandera tools. Future directions Parameterised models can be finitely instantiated (adapted to each property), or directly fed into specialised tools. They are more compact and more flexible. Other ProActive features : group communication, exceptions. Behaviour specification for distributed components. Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation

Properties Check properties: deadlocks, livelock, temporal logic formulas Check equivalence with Luxembourg, November 28,2003scientiFic engIneering of Distributed Java applIcation

Model Generation for Distributed Java Programs Rabéa Boulifa Eric Madelaine Oasis Team INRIA, Sophia-Antipolis France Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation

Model: Networks of synchronised LTSs(2) Labelled transition systems, LTSs 1 LTS per activity = LTS behaviour + LTS queue. Labels= Requests/Responses (method name + finite abstraction of parameters) Construction by SOS rules, based on the Method Call Graph. Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation

MCG  LTS Luxembourg, November 28, 2003scientiFic engIneering of Distributed Java applIcation 5: ent(think) think:runActivity4 5 6: ret 6 runActivity[] 3: call(think) 4runActivity ScSm [] 8: ent(getForks) getForks:runActivity : seq []runActivity 9: call(Fork[id].take) 7runActivity : ent(runActivity) []runActivity : call(getForks) 7