Eric Madelaine FORTE ’04 -- Madrid sept. 2004 1/25 Parameterized Models for Distributed Java Objects Eric Madelaine work with Tomás Barros, Rabéa Boulifa.

Slides:



Advertisements
Similar presentations
The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Advertisements

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,
Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,
Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,
Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str Thessaloniki Greece.
Timed Automata.
/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.
Denis Caromel1 Joint work with Ludovic Henrio – Eric Madelaine et. OASIS members OASIS Team INRIA -- CNRS - I3S – Univ. of Nice Sophia-Antipolis, IUF.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
The road to reliable, autonomous distributed systems
An Associative Broadcast Based Coordination Model for Distributed Processes James C. Browne Kevin Kane Hongxia Tian Department of Computer Sciences The.
Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,
Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.
1 IFM 2005 – November 30, 2005 EXP.OPEN 2.0 A flexible tool integrating partial order, compositional, and on-the-fly verification methods Frédéric Lang.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Optimisation of behaviour of component-based distributed systems INRIA - I3S - CNRS – University of Nice Sophia-Antipolis EPC SCALE Galyna Zholtkevych.
02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.
Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine.
Parallel and Distributed Computing in Model Checking Diana DUBU (UVT) Dana PETCU (IeAT, UVT)
INRIA Sophia-Antipolis, Oasis team INRIA Rhône-Alpes, Vasy team Feria–IRIT/LAAS, SVF team Toulouse GET - ENST Paris, LTCI team FIACRE Models and Tools.
Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.
RELATIONAL FAULT TOLERANT INTERFACE TO HETEROGENEOUS DISTRIBUTED DATABASES Prof. Osama Abulnaja Afraa Khalifah
Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )
Formalism and Platform for Autonomous Distributed Components Bio-inspired Networks and Services A Distributed Component Model Formalisation in Isabelle.
Eric MadelaineOSMOSE -- WP2 -- Prague June 2004 Models for the Verification of Distributed Java Objects Eric Madelaine work with Tomás Barros, Rabéa Boulifa,
Denis Caromel1 Troisieme partie Cours EJC 2003, AUSSOIS, Denis Caromel OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis.
Eric MADELAINE1 T. Barros, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis (FACS’05), Fractal workshop, Grenoble.
A graphical specification environment for GCM component-based applications INRIA – I3S – CNRS – University of Nice-Sophia Antipolis EPC OASIS Oleksandra.
Lyra – A service-oriented and component-based method for the development of communicating systems (by Sari Leppänen, Nokia/NRC) Traditionally, the design,
Asynchronous Components with Futures: Semantics, Specification, and Proofs in a Theorem Prover Components (Distributed) Futures Formalisations (and proofs)
1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.
Behavioural Verification of Distributed Components Ludovic Henrio and Eric Madelaine ICE Florence 1.
Grid programming with components: an advanced COMPonent platform for an effective invisible grid © GridCOMP Grids Programming with components.
FDT Foil no 1 On Methodology from Domain to System Descriptions by Rolv Bræk NTNU Workshop on Philosophy and Applicablitiy of Formal Languages Geneve 15.
1. 2 Objects to Distributed Components (1) Typed Group Java or Active Object ComponentIdentity Cpt = newActiveComponent (params); A a = Cpt ….getFcInterface.
1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.
Mastère RSD - TC4 2005/20061 Distributed Components –ProActive-Fractal : main concepts –Behaviour models for components –Deployment, management, transformations.
Parameterized Models for Distributed Java Objects Tomás Barros & Rabéa Boulifa OASIS Project INRIA Sophia Antipolis April 2004.
May University of Glasgow Generalising Feature Interactions in Muffy Calder, Alice Miller Dept. of Computing Science University of Glasgow.
ProActive components and legacy code Matthieu MOREL.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
Eric MadelaineOSCAR Workshop -- Santiago Nov Verification of Distributed Applications Eric Madelaine work with Isabelle Attali, Tomás Barros, Rabéa.
Parameterized models for distributed objects Eric Madelaine, Rabéa Boulifa, Tomás Barros OASIS INRIA Sophia-Antipolis, I3S, UNSA
A visualisation and debugging tool for multi-active objects Ludovic Henrio, Justine Rochas LAMHA, Nov 2015.
Transparent First-class Futures and Distributed Components Introduction: components, futures, and challenges Statically Representing Futures An Example.
Eric MADELAINE ---- OASIS1 E. Madelaine Oasis team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis RESECO ’08 Santiago – Nov. 24, 2008 Specification.
Eric MADELAINE1 A. Cansado, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis Fractal workshop, Nantes, 3 july.
RESECO - Montevideo - 22 nov 2007Reseco, Montevideo, 22 nov 2007 Eric Madelaine - OASIS Team1 Specifying and Generating Safe GCM Components INRIA – Sophia.
VERIFYING THE CORRECT COMPOSITION OF DISTRIBUTED COMPONENTS: FORMALISATION AND TOOL Ludovic Henrio 1, Oleksandra Kulankhina 1,2, Dongqian Liu 3, Eric Madelaine.
Eric MADELAINE ---- OASIS1 E. Madelaine Oasis team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis ECNU Dept of Software Engineering October 2010.
Secure Composition of Untrusted Code: Wrappers and Causality Types Kyle Taylor.
Specifying Fractal and GCM Components With UML Solange Ahumada, Ludovic Apvrille, Tomás Barros, Antonio Cansado, Eric Madelaine and Emil Salageanu SCCC.
Tomás BarrosMonday, April 18, 2005FIACRE Toulouse p. 1 Behavioural Models for Hierarchical Components Tomás Barros, Ludovic Henrio and Eric Madelaine.
Distributed Components and Futures: Models and Challenges A Distributed Component Model Distributed Reconfiguration Calculi for Components and Futures.
A Theory of Distributed Objects Toward a Foundation for Component Grid Platforms Ludovic HENRIO l A Theory of Distributed Objects l Components l Perspectives.
Eric MADELAINE -- GridComp -- OASIS 1 E. Madelaine (A. Cansado) GridComp project OASIS team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis GridComp.
Eric MADELAINE1 T. Barros, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis DCC, University.
Mastère RSD - TC4 2005/20061 Distributed JAVA Aims and Principles The ProActive library Models of behaviours Generation of finite (parameterized) models.
2. CALCULUS: A S P. A Theory of Distributed Objects D. Caromel, L. Henrio, Springer 2005, Monograph A Calculus: ASP: Asynchronous Sequential Processes.
Model Generation for Distributed Java Programs Rabéa Boulifa Eric Madelaine Oasis Team INRIA, Sophia-Antipolis France, I3S, UNSA Luxembourg, November 28,
Eric MADELAINE1 T. Barros, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis (FACS’05), Fractal workshop, Grenoble.
SOFTWARE TESTING LECTURE 9. OBSERVATIONS ABOUT TESTING “ Testing is the process of executing a program with the intention of finding errors. ” – Myers.
ASYNCHRONOUS AND DETERMINISTIC OBJECTS ASP: Asynchronous Sequential Processes l Distributed objects l Asynchronous method calls l Futures and Wait-by-necessity.
Asynchronous Distributed Components: Concurrency and Determinacy I. Context: Distributed Components and Active Objects II. Asynchronous Distributed Components.
Behavioural Models for Distributed Hierarchical Components
Formal Specification and Verification of Distributed Component Systems
Distributed Components and Futures: Models and Challenges
Designing Software for Ease of Extension and Contraction
Model Checking for an Executable Subset of UML
Presentation transcript:

Eric Madelaine FORTE ’04 -- Madrid sept /25 Parameterized Models for Distributed Java Objects Eric Madelaine work with Tomás Barros, Rabéa Boulifa OASIS Project, INRIA Sophia Antipolis sept. 2004

Eric Madelaine FORTE ’04 -- Madrid sept /25 Challenges Specification language : » usable by non-specialists Automatic verification : » construction of models from source code » integrated software Standard, state-of-the-art model checkers : » finite state models » hierarchical models, compositional construction Goal Automatic Verification of Properties of Distributed Systems

Eric Madelaine FORTE ’04 -- Madrid sept /25 Motivations Complexity of (Distributed) Software Verification Classical approaches: – BDDs, partial orders, data-independance, symmetry – Hierarchical construction, compositional reduction techniques – Value-passing systems, bounded model-checking – Abstractions Parameterized / Infinite systems – ad-hoc, problem-specific solutions (induction, widening, etc.)

Eric Madelaine FORTE ’04 -- Madrid sept /25 Motivations Complexity of (Distributed) Software Verification Classical approaches: – BDDs, partial orders, data-independance, symmetry – Hierarchical construction, compositional reduction techniques – Value-passing systems, bounded model-checking – Abstractions Parameterized / Infinite systems – ad-hoc, problem-specific solutions (induction, widening, etc.) Parameterized Models Automatic Tools More Abstractions

Eric Madelaine FORTE ’04 -- Madrid sept /25 Motivations (cont’d) Cleaveland & CONCUR’94 => Abstractions for Value Passing Systems 1) Value-passing processes parameterized over “value interpretations” 2) Abstract interpretation over countable data domains using partitions (total surjections) 3) Specification Preorder for Processes 4) Result : Safe value abstractions yields safe abstractions on processes.

Eric Madelaine FORTE ’04 -- Madrid sept /25 Plan Models : – Finite systems and Synchronisation Networks. – Parameterized LTS, Networks, Instantiation. Graphical Language Extracting models : – Java/ProActive distributed applications. – Abstraction and Static Analysis. – LTS and network computation. Conclusions and Perspectives

Eric Madelaine FORTE ’04 -- Madrid sept /25 Model (1) : Synchronisation Networks Labelled Transition Systems (LTS) : Synchronisation Network (Net) : –operator over transition systems (finite arity, arguments with sorts) –synchronisation vectors : Ag <- [*, *, a3, *, a4, a5, *] –dynamic synchronisation : transducers Synchronisation product : builds a global LTS from a Net of arity n, and n argument LTSs. Arnold 1992 : synchronisation networks Lakas 1996 : Lotos open expressions Boulifa, Madelaine 2003, Model generation for distributed Java programs, Fidji’03

Eric Madelaine FORTE ’04 -- Madrid sept /25 Process Parameters : –denotes families of LTSs. Variables : –associated to each state, assigned by transitions. Simple (countable) Types : –booleans, finite enumerations, integers and intervals, records. Parameterized LTS (pLTS) with parameterized transitions : (2) Parameterized Transition Systems [b]  (x), x’:=e(x)

Eric Madelaine FORTE ’04 -- Madrid sept /25 Synchronisation Network (pNet) > –global action alphabet pAg, –finite set of arguments, each with sort pI i and params K i, corresponding to as many actual arguments as necessary in a given instantiation, –parameterized synchronisation vectors pAg <- [*, *, a3(k3), *, a4(k4), *] Instantiation : for a finite abstraction of the parameters domains D v (3) Parameterized Networks Finite Network pLTS x D v  LTS pNet x D v  Net

Eric Madelaine FORTE ’04 -- Madrid sept /25 Plan Models : – Finite systems and Synchronisation Networks – Parameterized LTS, Networks, Instantiation. Graphical Language Extracting models : – Java/ProActive distributed applications, – Abstraction and Static Analysis, – LTS and network computation. Conclusion and Future

Eric Madelaine FORTE ’04 -- Madrid sept /25 Generating a subset of our parameterized networks ­ static networks ­ communication “a la CCS” Graphical specification language at early stages of specification. The mapping to the formal model allows for model-checking temporal properties of the graphical specification. ­ Attali, Barros, Madelaine “Formalisation and Verification of the Chilean electronic invoice system”, JCCC’04, Arica, Chili, nov’2004 Could be extended naturally for : ­ transducers (dynamic topology) ­ 1 to n communication ­ component-like interfaces. Graphical Specifications

Eric Madelaine FORTE ’04 -- Madrid sept /25 Graphical Specifications

Eric Madelaine FORTE ’04 -- Madrid sept /25 Plan Models : – Finite systems and Synchronisation Networks – Parameterized LTS, Networks, Instantiation. Graphical Language Extracting models : – Java/ProActive distributed applications, – Abstraction and Static Analysis, – LTS and network computation. Conclusion and Future

Eric Madelaine FORTE ’04 -- Madrid sept /25 Extracting models : principles

Eric Madelaine FORTE ’04 -- Madrid sept /25 ProActive : distributed activities Active objects communicate by Remote Method Invocation. Each active object: has a request queue (always accepting incoming requests) has a body specifying its behaviour (local state and computation, service of requests, submission of requests) manages the « wait by necessity » of responses (futures)

Eric Madelaine FORTE ’04 -- Madrid sept /25 ProActive : High level semantics Independence wrt. distribution Guarantee and Synchrony of delivery : –RdV mechanism ensures the delivery of requests, and of responses. Determinism / Confluence : –Asynchronous communication and processing do not change the final result of computation. ASP Calculus: D. Caromel, L. Henrio, B. Serpette, “Asynchronous and Deterministic Objects”, POPL’2004

Eric Madelaine FORTE ’04 -- Madrid sept /25 Step 1: Front end abstractions Various methods for simplifying source code, with respect to a (set of) properties to be proven: –Data abstraction : transform the application data domains into “simple types”. –Slicing : only keep variables and instructions influencing the property of interest. The BANDERA toolset offers modules for slicing and data abstraction. We have adapted them to deal with ProActive code. We use JIMPLE as an intermediate code for defining our static analysis functions (simpler than bytecode).

Eric Madelaine FORTE ’04 -- Madrid sept /25 Step 2 : Extended Call Graphs control flow : class analysis + method calls data flow : sequences of instructions (bytecode level) distribution : identification of active objects in the code: activities, remote calls, futures. Complex static analysis : –class analysis –alias analysis –approximation of object topology –simulation of generated code.

Eric Madelaine FORTE ’04 -- Madrid sept /25 Step 3a : Model generation Global Network Static topology : finite number of parameterized activities. ­Identify parameters ­Build boxes and links for each activity ­Add Proxies and Queues for the management of messages For each Active Object Class : –Body : parameterized network of LTSs –local method calls : synchronisation messages –remote calls : “wait by necessity” using proxy processes –requests queue : the main potential blow-up…! AjAj QjQj serve PjPj Req use

Eric Madelaine FORTE ’04 -- Madrid sept /25 Step 3b : Model generation Global Network Property : for each distributed active object class, starting from source code with abstracted data (simple types), our procedure terminates and builds a finite parameterized model.

Eric Madelaine FORTE ’04 -- Madrid sept /25 Step 3c : Model generation Method LTS One pLTS for each method in the Active Object For each method : – a residual algorithm for crossing the XMCG – generates a parameterized LTS of linear size (each XMCG node is crossed only once) – imprecision of the static analysis results in non- determinism.

Eric Madelaine FORTE ’04 -- Madrid sept /25 Approximations from static analysis: –class imprecision –remote/local objects Local calls : sends an activation message to the corresponding process, and waits for the return message. Remote calls : sends a request message to the proxy and to the remote object. Example : Call rule

Eric Madelaine FORTE ’04 -- Madrid sept /25 Buffer Network Buf.Body put Buf.Queue get

Eric Madelaine FORTE ’04 -- Madrid sept /25 Conclusions Parameterized, hierarchical model. Validated with a realistic case-study. Automatic construction of model from the code using safe approximations. Ongoing development verification platform for ProActive : – graphical editor, generation of model from ProActive source code, instantiation tool, connections with finite-state checkers.

Eric Madelaine FORTE ’04 -- Madrid sept /25 Perspectives What is so special with ProActive ? Could be done for other languages / middlewares, endowed with a formal semantics. Refine the graphical language, extend to other ProActive features. (Direct) parameterized verification. Behavioural specifications of components, correct compositions.

Eric Madelaine FORTE ’04 -- Madrid sept /25 Thank you !

Eric Madelaine FORTE ’04 -- Madrid sept /25 Electronic Invoices in Chile Barros, Madelaine “Formalisation and Verification of the Chilean electronic invoice system”, INRIA report RR-5217, june parameterized automata / 4 levels of hierarchy state explosion: grouping, hiding, reduction by bisimulation : – instantiating 7 parameters yields > millions of states...

Eric Madelaine FORTE ’04 -- Madrid sept /25 Large case-study: Electronic Invoices in Chile

Eric Madelaine FORTE ’04 -- Madrid sept /25 Electronic Invoices in Chile Barros, Madelaine “Formalisation and Verification of the Chilean electronic invoice system”, INRIA report RR-5217, june parameterized automata / 4 levels of hierarchy state explosion: grouping, hiding, reduction by bisimulation

Eric Madelaine FORTE ’04 -- Madrid sept /25 Parameterized Properties True/False + diagnostic Logical parameterized LTS Parameterized temporal logics

Eric Madelaine FORTE ’04 -- Madrid sept /25 Methodology : Snapshot Informal Requirements Model Checker Source Code Architecture (parameterized) Properties (parameterized) Instantiations (abstractions) Abstract Source Code Data Abstraction Architecture (parameterized) Static Analysis Validate the model Correctness of the implementation (model-checking) Correctness of the implementation (preorder)

Eric Madelaine FORTE ’04 -- Madrid sept /25 Algorithm… rules

Eric Madelaine FORTE ’04 -- Madrid sept /25 Consumer Network

Eric Madelaine FORTE ’04 -- Madrid sept /25 Fractal hierarchical model : composites encapsulate primitives, which encapsulates Java code Component Identity Binding Controller Lifecycle Controller Content Controller Content Controller

Eric Madelaine FORTE ’04 -- Madrid sept /25 Fractal + ProActive Components for the GRID An activity, a process, … potentially in its own JVM 2. Composite component C 1. Primitive component Java + Legacy 3. Parallel and composite component D Composite: Hierarchical, and Distributed over machines Parallel: Composite + Broadcast (group)

Eric Madelaine FORTE ’04 -- Madrid sept /25 Components : correct composition Behaviour is an essential part of a component specification. Model of components : – primitive = pLTS – composite = pNet – state-less component = static pNet – controller = transducer Correctness of composition : – implementation preorder ? Content Controller