On Specification and Verification of Location- Based Fault Tolerant Mobile Systems Alexei Iliasov, Victor Khomenko, Maciej Koutny and Alexander Romanovsky.

Slides:



Advertisements
Similar presentations
TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
Advertisements

1 Concurrency: Deadlock and Starvation Chapter 6.
Feichter_DPG-SYKL03_Bild-01. Feichter_DPG-SYKL03_Bild-02.
1 Vorlesung Informatik 2 Algorithmen und Datenstrukturen (Parallel Algorithms) Robin Pomplun.
© 2008 Pearson Addison Wesley. All rights reserved Chapter Seven Costs.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2013 Elsevier Inc. All rights reserved. Chapter 1 Embedded Computing.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 6 Author: Julia Richards and R. Scott Hawley.
Author: Julia Richards and R. Scott Hawley
1 Copyright © 2013 Elsevier Inc. All rights reserved. Appendix 01.
Properties Use, share, or modify this drill on mathematic properties. There is too much material for a single class, so you’ll have to select for your.
UNITED NATIONS Shipment Details Report – January 2006.
1 RA I Sub-Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Casablanca, Morocco, 20 – 22 December 2005 Status of observing programmes in RA I.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Exit a Customer Chapter 8. Exit a Customer 8-2 Objectives Perform exit summary process consisting of the following steps: Review service records Close.
FACTORING ax2 + bx + c Think “unfoil” Work down, Show all steps.
Addition Facts
Year 6 mental test 5 second questions
Year 6 mental test 10 second questions
1 Term 2, 2004, Lecture 6, TransactionsMarian Ursu, Department of Computing, Goldsmiths College Transactions 3.
Solve Multi-step Equations
Richmond House, Liverpool (1) 26 th January 2004.
Ken C. K. Lee, Baihua Zheng, Huajing Li, Wang-Chien Lee VLDB 07 Approaching the Skyline in Z Order 1.
REVIEW: Arthropod ID. 1. Name the subphylum. 2. Name the subphylum. 3. Name the order.
Turing Machines.
Minimum Weight Plastic Design For Steel-Frame Structures EN 131 Project By James Mahoney.
PP Test Review Sections 6-1 to 6-6
EU market situation for eggs and poultry Management Committee 20 October 2011.
Bellwork Do the following problem on a ½ sheet of paper and turn in.
2 |SharePoint Saturday New York City
VOORBLAD.
Name Convolutional codes Tomashevich Victor. Name- 2 - Introduction Convolutional codes map information to code bits sequentially by convolving a sequence.
1 public class Newton { public static double sqrt(double c) { double epsilon = 1E-15; if (c < 0) return Double.NaN; double t = c; while (Math.abs(t - c/t)
Constant, Linear and Non-Linear Constant, Linear and Non-Linear
1 RA III - Regional Training Seminar on CLIMAT&CLIMAT TEMP Reporting Buenos Aires, Argentina, 25 – 27 October 2006 Status of observing programmes in RA.
Factor P 16 8(8-5ab) 4(d² + 4) 3rs(2r – s) 15cd(1 + 2cd) 8(4a² + 3b²)
Basel-ICU-Journal Challenge18/20/ Basel-ICU-Journal Challenge8/20/2014.
1..
Vasileios Germanos 1, Stefan Haar 2, Victor Khomenko 1, and Stefan Schwoon 2 1 School of Computing Science, Newcastle University, UK 2 INRIA & LSV (ENS.
Shortest Violation Traces in Model Checking Based on Petri Net Unfoldings and SAT Victor Khomenko University of Newcastle upon Tyne Supported by IST project.
CONTROL VISION Set-up. Step 1 Step 2 Step 3 Step 5 Step 4.
© 2012 National Heart Foundation of Australia. Slide 2.
1 © 2004, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.1 Module 6 Ethernet Fundamentals.
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
Model and Relationships 6 M 1 M M M M M M M M M M M M M M M M
25 seconds left…...
Januar MDMDFSSMDMDFSSS
Analyzing Genes and Genomes
We will resume in: 25 Minutes.
©Brooks/Cole, 2001 Chapter 12 Derived Types-- Enumerated, Structure and Union.
Essential Cell Biology
Intracellular Compartments and Transport
PSSA Preparation.
Essential Cell Biology
1 Chapter 13 Nuclear Magnetic Resonance Spectroscopy.
Energy Generation in Mitochondria and Chlorplasts
Distributed Computing 9. Sorting - a lower bound on bit complexity Shmuel Zaks ©
1 Undirected Graphical Models Graphical Models – Carlos Guestrin Carnegie Mellon University October 29 th, 2008 Readings: K&F: 4.1, 4.2, 4.3, 4.4,
1 Decidability continued…. 2 Theorem: For a recursively enumerable language it is undecidable to determine whether is finite Proof: We will reduce the.
Compiler Construction
Apostolos Niaouris Newcastle University Industry Day Mobility Plug-in.
Presentation transcript:

On Specification and Verification of Location- Based Fault Tolerant Mobile Systems Alexei Iliasov, Victor Khomenko, Maciej Koutny and Alexander Romanovsky Supported by IST project (RODIN)

2 Introduction and motivation Verification of concurrent systems specified in B Combine theorem proving with model checking:  They have complementary strengths, e.g. cumbersome theorems/invariants can be verified by a model-checker  B machines are not very convenient for modelling sequential activity (need ‘program counter’) – it would be good to combine B and some process algebra Combining theorem proving and model checking is proven efficient in industry, e.g. Intel’s verification of Pentium 4 floating point unit

3 CAMA Architecture Agent – global structuring unit of the system Scope – structuring unit of coordination space and agent activity Role – structuring unit of agent functionality and also the basis for formal specification of functionality Location – structuring unit of agent context

4 CAMA Operations Location operations:Scope Operations: Linda operations: in, rd, inp, rdp, ina, rd, inpa, rdpa

5 Approach PNKlaim B B Code Prefix Properties MC

6 KLAIM A process algebra related to pi-calculus: A network of nodes, identified by localities (names) Each node has an associated tuple space A node runs a set of processes Processes can create new nodes Processes can input/output tuples from/to tuple spaces of nodes they know Processes can start new processes on the nodes they know (e.g. move)

7 CAMA  KLAIM Just a simple syntactic translation Can combine the system described in CAMA with one described in KLAIM

8 KLAIM  PN Compositional translation is possible Example: a simple mobile robot (SMR) Intended behaviour of the system: input a start-up message FOREVER DO input locality u output your previous locality move to u

9 KLAIM  PN Possible KLAIM model: a :: nil | | || b :: || c :: where SMR(w) = nil

10 Example: SMR b a c SYS

11 Example: SMR b a c SMR

12 Example: SMR b a c SMR

13 Example: SMR b a c SMR

14 Example: SMR b a c SMR

15 Example: SMR Possible (compositional) translation to HL Petri nets: in eval x z x λxλx λ λxλx x.z a.s a.c b.c c.b λ is the empty string net of SMR a s

16 Example: SMR in eval x z x λxλx λ λxλx x.z a.s a.c b.c c.b a s in can be fired with z = s x = a leading to

17 Example: SMR in eval x z x λxλx λ λxλx x.z a.c b.c c.b a s

18 Example: SMR in eval x z x λxλx λ λxλx x.z a.c b.c c.b a s eval can be fired with x = a leading to

19 Example: SMR in eval x z x λxλx λ λxλx x.z a.c b.c c.b a s λaλa λ λaλa

20 Example: SMR eval σtz a.c b.c c.b λaλa λ λaλa σtσt x.z t σxσx σxσx σxσx σtx σ σ σ σ σ out in σzσz σzσz σzσz

21 Example: SMR eval σtz a.c b.c c.b λaλa λ λaλa σtσt x.z t σxσx σxσx σxσx σtx σ σ σ σ σ out in σzσz σzσz σzσz in can be fired with σ = λ x = a z = c leading to

22 Example: SMR eval σtz b.c c.b λaλa λ λaλa σtσt x.z t σxσx σxσx σxσx σtx σ σ σ σ σ out in σzσz σzσz σzσz λcλc

23 Example: SMR eval σtz b.c c.b λaλa λ λaλa σtσt x.z t σxσx σxσx σxσx σtx σ σ σ σ σ out in σzσz σzσz σzσz out can be fired with σ = λ x = a z = a leading to λcλc

24 Example: SMR eval σtz b.c c.b λaλa λ λaλa σtσt x.z t σxσx σxσx σxσx σtx σ σ σ σ σ out in σzσz σzσz σzσz λcλc a.a

25 Example: SMR eval σtz b.c c.b λaλa λ λaλa σtσt x.z t σxσx σxσx σxσx σtx σ σ σ σ σ out in σzσz σzσz σzσz λcλc a.a eval can be fired with σ = λ x = a z = c leading to

26 Example: SMR eval σtz b.c c.b λaλa λaλa σtσt x.z t σxσx σxσx σxσx σtx σ σ σ σ σ out in σzσz σzσz σzσz λcλc a.a t ta tc which is in fact

27 Example: SMR eval σtz b.c c.b λaλa λaλa σtσt x.z t σxσx σxσx σxσx σtx σ σ σ σ σ out in σzσz σzσz σzσz λcλc a.a t ta tc

28 Example: SMR eval σtz b.c c.b λaλa λaλa σtσt x.z t σxσx σxσx σxσx σtx σ σ σ σ σ out in σzσz σzσz σzσz λcλc a.a t ta tc in can be fired with σ = t x = c z = b leading to

29 Example: SMR eval σtz b.c λaλa λaλa σtσt x.z t σxσx σxσx σxσx σtx σ σ σ σ σ out in σzσz σzσz σzσz λcλc a.a t ta tc tb

30 Example: SMR eval σtz b.c λaλa λaλa σtσt x.z t σxσx σxσx σxσx σtx σ σ σ σ σ out in σzσz σzσz σzσz λcλc a.a t ta tc tb... and so on...

31 Petri net unfolding prefixes Partial-order semantics of PNs Concurrency represented explicitly, using an acyclic PN Alleviate the state space explosion problem Efficient model checking algorithms Can be used for coloured PNs

32 Example: Dining Philosophers P5P5 P 13 T1T1 P3P3 T3T3 P2P2 T2T2 P1P1 T5T5 P6P6 T4T4 P4P4 P7P7 P8P8 P9P9 P 11 P 10 P 14 P 12 T9T9 T7T7 T 10 T6T6 T8T8 T1T1 P1P1 T2T2 T3T3 P2P2 P3P3 P4P4 P5P5 T4T4 P6P6 T5T5 P1P1 P7P7 P8P8 P7P7 P8P8 P9P9 T6T6 T7T7 P 10 P 11 T8T8 P 13 P 12 T9T9 P 14 T 10 P9P9 P7P7 P8P8

33 Model checking on PN unfoldings A Boolean expression  is built using the prefix, such that:   is unsatisfiable iff the property holds  Every satisfiable assignment of  gives a violation trace  has a form CONF  VIOL Some of the variables of  are associated with the events of the prefix

34 Shortest violation traces In the workshop’s proceedings: V. Khomenko: “Computing Shortest Violation Traces in Model Checking Based on Petri Net Unfoldings and SAT” The structure of the prefix can be exploited to compute the shortest violation traces efficiently They can be much shorter than the first computed trace Do not contain incidental system activity unrelated to the found error Facilitate debugging, saving the designer’s time

35 Future work Checking the properties related to fault tolerance, e.g.:  correctness of scoping structure  handling all exceptions  absence of deadlocks  absence of information smuggling between scopes  involving (if necessary) all agents in a a scope in cooperative handling  etc. Translation of B properties to PN

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.