Model Checking Software Artifacts SAnToS Laboratory, Kansas State University, USA Matt Dwyer John Hatcliff Gurdip Singh Principal.

Slides:



Advertisements
Similar presentations
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Advertisements

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Timed Automata.
Chapter 6: Process Synchronization
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
Run Time Monitoring of Reactive System Models Mikhail Auguston Naval Postgraduate School Mark Trakhtenbrot Holon Academic Institute of.
Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:
Automatic Verification of Component-Based Real-Time CORBA Applications Gabor Madl Sherif Abdelwahed
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
Static Analysis of Embedded C Code John Regehr University of Utah Joint work with Nathan Cooprider.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
Chapter 13 Embedded Systems
The Rare Glitch Project: Verification Tools for Embedded Systems Carnegie Mellon University Pittsburgh, PA Ed Clarke, David Garlan, Bruce Krogh, Reid Simmons,
November 18, 2004 Embedded System Design Flow Arkadeb Ghosal Alessandro Pinto Daniele Gasperini Alberto Sangiovanni-Vincentelli
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
SAnToS Laboratory, Kansas State University, USA Cadena: Analyzing Component- based Embedded System Designs Matthew Dwyer.
Maria-Cristina Marinescu Martin Rinard Laboratory for Computer Science Massachusetts Institute of Technology A Synthesis Algorithm for Modular Design of.
JAVA Implementation of CCM Configuration Shufeng Li MSE final Project Presentation I.
ECE 720T5 Winter 2014 Cyber-Physical Systems Rodolfo Pellizzoni.
Parallel Programming Models Jihad El-Sana These slides are based on the book: Introduction to Parallel Computing, Blaise Barney, Lawrence Livermore National.
SAnToS Laboratory, Kansas State University, USA Matt Hoosier Automated Extraction of Transition Systems from Component-
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Architectural Design l Establishing the overall structure of a software system.
Cadena: An Integrated Environment for Developing High-Assurance Component-based Systems Matt Dwyer John Hatcliff Principal.
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: Sequencing Properties Copyright , Matt Dwyer, John Hatcliff,
Model-Driven Analysis Frameworks for Embedded Systems George Edwards USC Center for Systems and Software Engineering
Component Assembly Description Compiler Sue (Shufeng) Li MSE Project Presentation 3.
Bandera Temporal Specification Patterns Matt Dwyer John Hatcliff Principal Investigators Support US National Science Foundation.
Salim Hariri HPDC Laboratory Enhanced General Switch Management Protocol Salim Hariri Department of Electrical and Computer.
Inferring Specifications to Detect Errors in Code Mana Taghdiri Presented by: Robert Seater MIT Computer Science & AI Lab.
Timed Use Case Maps Jameleddine Hassine Concordia University, Montreal, Canada URN Meeting, Ottawa, January 16-18, 2008.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 10Slide 1 Architectural Design l Establishing the overall structure of a software system.
Chapter 10 Analysis and Design Discipline. 2 Purpose The purpose is to translate the requirements into a specification that describes how to implement.
Analyzing Component-based Designs: The Cadena Environment SAnToS Laboratory, Kansas State University, USA Matt Dwyer John.
An extensible and highly-modular model checking framework SAnToS Laboratory, Kansas State University, USA Matt Dwyer.
1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.
Modeling and Analysis of Printer Data Paths using Synchronous Data Flow Graphs in Octopus Ashwini Moily Under the supervision of Dr. Lou Somers, Prof.
Adapting Side-Effects Analysis for Modular Program Model Checking M.S. Defense Oksana Tkachuk Major Professor: Matthew Dwyer Support US National Science.
Domain-specific Model Checking with Bogor SAnToS Laboratory, Kansas State University, USA US Army Research Office (ARO)
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Examples: Simple BIR-Lite Examples Copyright 2004, Matt Dwyer, John Hatcliff,
Gedae, Inc. Gedae: Auto Coding to a Virtual Machine Authors: William I. Lundgren, Kerry B. Barnes, James W. Steed HPEC 2004.
Architecture View Models A model is a complete, simplified description of a system from a particular perspective or viewpoint. There is no single view.
1 Bogor – Software Model Checking Framework Presented by: Arpita Gandhi.
Constraints Assisted Modeling and Validation Presented in CS294-5 (Spring 2007) Thomas Huining Feng Based on: [1]Constraints Assisted Modeling and Validation.
Cadena: An Integrated Environment for Developing High-Assurance Component-based Systems SAnToS Laboratory, Kansas State University,
OPERATING SYSTEMS CS 3530 Summer 2014 Systems and Models Chapter 03.
Reasoning about the Behavior of Semantic Web Services with Concurrent Transaction Logic Presented By Dumitru Roman, Michael Kifer University of Innsbruk,
Component Assembly Description Compiler Sue (Shufeng) Li MSE final Project Presentation II.
Computer Simulation of Networks ECE/CSC 777: Telecommunications Network Design Fall, 2013, Rudra Dutta.
Component Patterns – Architecture and Applications with EJB copyright © 2001, MATHEMA AG Component Patterns Architecture and Applications with EJB Markus.
Theory-Aided Model Checking of Concurrent Transition Systems Guy Katz, Clark Barrett, David Harel New York University Weizmann Institute of Science.
Specifying Multithreaded Java semantics for Program Verification Abhik Roychoudhury National University of Singapore (Joint work with Tulika Mitra)
Supporting Model-driven Development of Component-based Embedded Systems with Cadena SAnToS Laboratory, Kansas State.
Slide 1 Chapter 8 Architectural Design. Slide 2 Topics covered l System structuring l Control models l Modular decomposition l Domain-specific architectures.
Component Development and System Configuration in Cadena with OpenCCM John Hatcliff Jesse Greenwald KSU CCM Workshop May.
OPERATING SYSTEMS CS 3502 Fall 2017
Processes and Threads Processes and their scheduling
Input Space Partition Testing CS 4501 / 6501 Software Testing
Model Checking Software Using The Bogor Framework
Space-Reduction Strategies for Model Checking Dynamic Software
runtime verification Brief Overview Grigore Rosu
Real-time Software Design
Model-Driven Analysis Frameworks for Embedded Systems
Computer Simulation of Networks
Model Checking for an Executable Subset of UML
An explicit state model checker
A Refinement Calculus for Promela
The Bogor Model Checking Framework
Presentation transcript:

Model Checking Software Artifacts SAnToS Laboratory, Kansas State University, USA Matt Dwyer John Hatcliff Gurdip Singh Principal Investigators Support US National Science Foundation (NSF) US National Aeronautics and Space Agency (NASA) US Department of Defense Advanced Research Projects Agency (DARPA) US Army Research Office (ARO) Rockwell-Collins ATC Honeywell Technology Center and NASA Langley Sun Microsystems Intel Students William Deng Georg Jung Oksana Tkachuk Robby Venkatesh Ranganath Jesse Greenwald Todd Wallentine

For the past decade … We’ve been developing program analysis frameworks Standard tensions Scalable versus Precise How semantic is the analysis? Property-specific versus Language-based How rich are the properties? Push-button versus Configurable How usable is the technology?

Analyzing Source Code Worked on a broad range of case studies SPIN, SMV, … Extracting models by hand Developed a series of tool frameworks for analyzing safety properties of concurrent programs FLAVERS (Ada) INCA Translators (Ada) Bandera (Java)

Succesful? Tools are widely used For education As a basis for further work by us and others Tools have been used to find bugs in real systems LOC <10 threads Bugs that eluded significant testing efforts

Whole Program Analysis will never scale to large code bases even for highly abstract analyses (e.g., control flow) even for simple properties (e.g., def-use) Must perform modular analyses Hard to do for truly global properties? Hard to do in presence of concurrency? What are the natural module boundaries? How big can a module be?

A Solution … Target the full range of software artifacts Requirements models Architectural descriptions Designs (at various levels of refinement) Code Use semantic analyses within artifacts (properties) across different artifacts (conformance)

Features of our Vision Early and varied semantic modeling structural modeling is useful as well Analysis driven feedback and refinement Artifact generating analyses Proofs, reachable modes, … Synthesize code wherever possible Aspects of an agile process continuous delivery of working artifacts Exploit "domain information" throughout ultimately meta-tools may be useful

Development Flow Requirements Model User’s informal requirements Query checker, Visualization tools Requirements Model Requirements Model Requirements Model Consistency, Completeness, … checker

Development Flow User’s informal requirements Model-specific analysis Inter-model consistency, completeness, … checking Functional Model ’ Performance Model Functional Model Functional Model Functional Model ’ Performance Model Functional Model Functional Model ’ Performance Model Functional Model Functional Model ’ Performance Model

Development Flow Functional Model Functional Model ’ Performance Model … Design Model Conformance checker(s) Design Model

Development Flow Functional Model Functional Model ’ Performance Model … Structural Design Model Synchronization Policy Spec Quality of Service Spec Abstract Behavioral Model … Multi-layer conformance checking

Development Flow Functional Model Functional Model ’ Performance Model … Structural Design Model Synchronization Policy Spec

Development Flow Functional Model Functional Model ’ Performance Model … Structural Design Model Synchronization Policy Spec Quality of Service Spec Abstract Behavioral Model … Structural Design Model Synchronization Policy Spec Quality of Service Spec Abstract Behavioral Model … Structural Design Model Synchronization Policy Spec Quality of Service Spec Abstract Behavioral Model … Structural Design Model Synchronization Policy Spec Quality of Service Spec Abstract Behavioral Model …

Development Flow … Structural Design Model Synchronization Policy Spec Quality of Service Spec Abstract Behavioral Model … Code Conformance checker(s)

Development Flow … Structural Design Model Synchronization Policy Spec Quality of Service Spec Abstract Behavioral Model … Model/spec dependent synthesis procedures (proof generating) Domain-appropriate Implementation Framework

Lessons Adapt methods to developers Ease of use, leverage domain abstractions Use layered, incremental methods Low entry barrier, early and focused feedback Focus technology on the hard part Synchronization, timing, global properties Synthesize as much code as possible Developer buyin, reduce code-level reasoning Developers won’t write specs, so tell them they are writing code

and now for Bogor …

Model Checking in Cadena Steps toward our vision Hard problems here are not component coding (localized) Inter-component coordination (sequencing, synchronization, timing, …) Theme exploit domain semantics exploit implementation infra-structures

An Overview of … Component modeling Middle-ware modeling Develop an abstract model that captures semantics of actual middle-ware Environment modeling Exploit environment information to reduce state space Property specification Structural reductions Exploit structure of state space of periodic RT systems

Modal SP

Component Behavior component BMModal { uses ReadData dataIn; consumes DataAvailable inDataAvailable; publishes DataAvailable outDataAvailable; provides ReadData dataOut; provides ChangeMode modeChange; enum Modes {enabled,disabled}; Modes m; behavior { handles dataInReady (DataAvailable e) { case m of enabled { dataOut::data <- dataIn.getData(); push {} dataOutReady; } disabled {} } … input ports

Component Behavior component BMModal { uses ReadData dataIn; consumes DataAvailable inDataAvailable; publishes DataAvailable outDataAvailable; provides ReadData dataOut; provides ChangeMode modeChange; enum Modes (enabled,disabled); Modes m; behavior { handles dataInReady (DataAvailable e) { case m of enabled { dataOut::data <- dataIn.getData(); push {} dataOutReady; } disabled {} } … output ports

Component Behavior component BMModal { uses ReadData dataIn; consumes DataAvailable inDataAvailable; publishes DataAvailable outDataAvailable; provides ReadData dataOut; provides ChangeMode modeChange; enum Modes (enabled,disabled); Modes m; behavior { handles dataInReady (DataAvailable e) { case m of enabled { dataOut::data <- dataIn.getData(); push {} dataOutReady; } disabled {} } … mode declaration using CORBA IDL

Component Behavior component BMModal { uses ReadData dataIn; consumes DataAvailable inDataAvailable; publishes DataAvailable outDataAvailable; provides ReadData dataOut; provides ChangeMode modeChange; enum Modes (enabled,disabled); Modes m; behavior { handles dataInReady (DataAvailable e) { case m of enabled { dataOut::data <- dataIn.getData(); push {} dataOutReady; } disabled {} } … behavior for events on dataInReady port

Component Behavior component BMModal { uses ReadData dataIn; consumes DataAvailable inDataAvailable; publishes DataAvailable outDataAvailable; provides ReadData dataOut; provides ChangeMode modeChange; enum Modes (enabled,disabled); Modes m; behavior { handles dataInReady (DataAvailable e) { case m of enabled { dataOut::data <- dataIn.getData(); push {} dataOutReady; } disabled {} } … behavior mode cases

Component Behavior component BMModal { uses ReadData dataIn; consumes DataAvailable inDataAvailable; publishes DataAvailable outDataAvailable; provides ReadData dataOut; provides ChangeMode modeChange; enum Modes (enabled,disabled); Modes m; behavior { handles dataInReady (DataAvailable e) { case m of enabled { dataOut::data <- dataIn.getData(); push {} dataOutReady; } disabled {} } … data flow specification

Component Behavior component BMModal { uses ReadData dataIn; consumes DataAvailable inDataAvailable; publishes DataAvailable outDataAvailable; provides ReadData dataOut; provides ChangeMode modeChange; enum Modes (enabled,disabled); Modes m; behavior { handles dataInReady (DataAvailable e) { case m of enabled { dataOut::data <- dataIn.getData(); push {} dataOutReady; } disabled {} } … publish event

Towards a Complete Model We have transition semantics for intra-component behavior. How should we model communication layer? ?

Middleware/Service Semantics Weak CCM and Event Services Specs (OMG) Informal : English and examples Intentionally under-specified to allow implementor freedom Looked at implemented semantics of existing ORBs and Event Services ACE/TAO, OpenCCM, K-State Developed a family of semantic models that captured their behavior

Outline of Real System Event channel with internal thread pool … Thread Pool … 60Hz20Hz5Hz1Hz ……… … passive components proxy consumer holds list of consumer references dispatch queues for each rate group publish correlation & filtering consumer refs Threads run call-backs associated with event consumer ports getData

Lots of details … What events are users interested in reasoning about? publish, dispatch, timeouts, … What state information? modes, dispatch queues, correlation automata, … Minimize detail, but retain … ability to express properties of interest correspondance with implementation semantics

System Observations Event channel with internal thread pool … Thread Pool … 60Hz20Hz5Hz1Hz ……… … invoke[m,c] publish[e,c] dispatch[e] publish correlation & filtering consumer refs accept[e,s] eof[r] getData c.m == v

Parts of Model Components Modes and attributes defined over simple types Handler/method state machines Method calls Middleware Subscriber lists, correlators, dispatch queues Scheduler, thread pool Environment Time-triggering of events Data from devices, etc.

Modeling Strategy Event channel with internal thread pool … Thread Pool … 60Hz20Hz5Hz1Hz ……… … correlation & filtering

Modeling Strategy Component Models Event Channel Model Component Models Environment Model Connection Models

Model Checker Support Ability to define efficient building blocks Sets, queues (with symmetry support) Flexible atomicity control Programmable scheduler Static data definition State compaction Flexibility in search strategies Full-state space Bounded/heuristic search State-less search BOGOR has all this and more …

Modeling of Components function tacticalSteering_push_inDataAvailable(CAD.Event event){ Data d; loc loc0: live {} when tacticalSteeringMode do {} goto loc1; when !tacticalSteeringMode do {} return; loc loc1: live{d} when true do { d := CAD.getField (AirFrame, "ReadData.data"); } goto loc2; loc loc2: live{} when true do { CAD.setField (TacticalSteering, “dataOut.data", d); } goto loc3; loc loc3: live {} invoke pushOfProxy(TacticalSteering, “dataOutReady“) return; } handles dataInReady (DataAvailable e) { case m of enabled { dataOut::data <- dataIn.getData(); push {} dataOutReady; } disabled {} } handles dataInReady (DataAvailable e) { case m of enabled { dataOut::data <- dataIn.getData(); push {} dataOutReady; } disabled {} } Structure follows component behavior spec and connection representation closely

Modeling of Connections CAD.connectEvent(GPS, “dataCurrent", AirFrame,"inDataAvailable", 20, false); instance AirFrame of BMLazyActive on l2 { connect dataAvailable to GPS.dataCurrent atRate 20 connect dataIn to GPS.dataOut Modeled very directly in BOGOR

Modeling Middleware (Threads) thread threadgroup5() { Pair.type pair; EventHandlerEnum handler; CAD.Event event; loc loc0: live { handler, event } when Queue.size >(Q5) > 0 do invisible { pair := Queue. getFront >(Q5); Queue.dequeue >(Q5); handler := Pair. first (pair); event := Pair.second (pair); } goto loc1; loc loc1: live {} invoke virtual f(handler, event) goto loc0; } … Thread Pool 60Hz20Hz5Hz1Hz Dispatch queue polling

Extend model checker types Polymorphic extension Modeling Middleware (Queues) extension Queue for edu.ksu.cis.cadena.bogor.ext.Queue { typedef type ; expdef int size (Queue.type ); expdef int capacity (Queue.type ); expdef boolean isFull (Queue.type ); expdef boolean isEmpty (Queue.type ); expdef Queue.type create (int); actiondef enqueue (Queue.type, 'a); expdef 'a getFront (Queue.type ); actiondef dequeue (Queue.type ); expdef boolean containsPair (Queue.type,'a); } ……… Data in state space, operations implemented as Java code

Modeling Middleware (Scheduling) … Thread Pool 60Hz20Hz5Hz1Hz ……… … Bold Stroke Systems are scheduled based on RMA run highest-priority (i.e., rate) enabled action many fewer schedules, contains all real schedules BOGOR allows encoding specific schedules Java plugin filters enabled actions in state exploration algorithm Typically model checkers use non- deterministic scheduling i.e., choose from set of enabled transitions in a state set of all such schedules contains all real schedules

Modeling of Environment Model time directly expensive (state space becomes acyclic) hard to get accurate timing info (platform specific) Boeing isn’t very interested in real-time properties other than schedulability (?) Abstract time modeling strategies Timeouts can happen at any time Bound number of timeouts in hyper-period Bound relative number of timeouts in adjacent rate groups Approximate passage of time System behavior is driven by periodic time-triggered events

Modeling of Environment The maximum rate timeout count (tc) keeps track of the number of timeouts that have occurred during a hyper-period Assume a group of harmonic rates (R 1, …, R max ), where R max is the maximum rate Let p(R i ) be the normalized period of R i with respect to R max e.g., {5,10,20} => p(5) = 200ms/50ms, p(10) = 100ms/50ms, p(20) = 50ms/50ms For rate R i, timeouts are issued whenever tc % p(R i ) == 0 Increment tc between 0 and p(R 1 ) after every timeout of rate R max is issued

Relative Timeout Counts R1R2R3R1R2R3 R1R1 R1R1 R 1, R 2 R 1, R 2, R 3 Assume that worst case execution time of R i work can be performed in the period of R i There is a pattern to the number of timeout counts in a frame e.g., in frame of R i there are two timeouts of R i-1

Relative Timeout Counts Enforce only the relative # of timeouts for adjacent rates Timeout for R i is enabled after work for R i is complete proper number of timeouts for R i-1 are performed R1R2R1R2 R1R1 R 1, R 2 Problem: Don’t know how long R 2 work takes?

Relative Timeout Counts Enforce only the relative # of timeouts for adjacent rates Timeout for R i is enabled after work for R i is complete proper number of timeouts for R i-1 are performed R1R2R1R2 R 1, R 2 Problem: Don’t know how long R 2 work takes? Next R 1 timeout could fall in the middle of R 2 work R1R1 Must consider all interleavings of R 1 timeout and actions performed in R 2 work (or R 3 work, …)

Relative Timeout Counts R1R2R1R2 R 1, R 2 R1R1 R1R2R1R2 R1R1 R1R2R1R2 R1R1 R1R2R1R2 R1R1

Modeling of Environment Previous model does not relate component execution with passage of time Assume we have worst-case execution bounds for event handlers e.g., from schedulability analysis Keep track of intra-hyper-period time (ihp) normalized by duration of shortest action Increment ihp by duration bounds for handlers as they are executed One tricky issue …

Lazily-Timed Components ihp 12 t handler ihp 2 t handler Handler duration fits in before next frame boundary: 1.ihp += t handler 2.execute handler to completion 1.ihp += t handler 2.execute handler to completion ihp 1 t handler - Handler duration overruns next frame boundary: 1.ihp += 2.choose prefix of handler to execute 3.assign residual duration to handler suffix 1.ihp += 2.choose prefix of handler to execute 3.assign residual duration to handler suffix

Preliminary Results (Full Search) Basic 1 rate, 3 components, 2 events per hyper-period Multi-Rate 2 rates, 6 components, 6 events per hyper-period Modal 3 rates, 8 components, 125 events per hyper-period Medium 2 rates, 50 components, 820 events per hyper-period System ND Priority Lazily-Timed 20,.12s12,.11s14,.11s 120k, 5m100,.38s33,.19s 3M+, ?9.1k, 8.6s900, 1.3s 13M+, ?740k, 29m4k, 8.6s

Functional Properties Property II: If navSteering is enabled when 20Hz timeout occurs, then airFrame should fetch navSteering data [before end of frame] Property II: If navSteering is enabled when 20Hz timeout occurs, then airFrame should fetch navSteering data [before end of frame] Property I: System never reaches a state where TacticalSteering and NavSteering are both disabled Property I: System never reaches a state where TacticalSteering and NavSteering are both disabled

Lack of Model Analysis Boeing OEP Challenge Problems If component 1 is in mode A when component 2 produces event E, then component 3 will consume event F (Section ) A temporal property well-suited for model-checking!

Event-based Specifications Many properties of interest in this domain are event oriented Some require access to state information A state qualified event (written e + f ) defines the occurrence of an observable event, e, in a state that satisfies a given formula, f. For example, If component c1 is in mode A when component c2 produces event E, them component c3 will consume event F.*; publish[E, c2] + c1.mode == A; [- invoke[F handler, c3]]* No trace of form

Exploiting System Structure Symmetry reductions Equivalence between states Partial order reductions Commutativity between transitions Collapse compression Sharing between state components Can we exploit the time-triggered nature of real-time systems?

A Simple Transition System l1: y = 0; goto l2; l2: x = 0; goto l3; l3: true -> x = 2; goto l4; true -> x = 3; goto l4; l4: y = y + x; goto l5; l5: y>5 -> skip; goto end; y skip; goto l2; end:

System State Space

State Space Decomposition

Synopsis A system is quasi-cyclic if A subset of its state variables repeatedly reach certain fixed values (e.g., initial values) The rest of the variables can vary freely Decompose DFS of quasi-cyclic system BFS of quasi-cyclic regions DFS within regions Memory bounded by region DFS Time penalty due to redundant state visits

Cadena models are quasi-cyclic

Parallel Quasi-cyclic Search Region DFS are completely independent Embarassingly parallel Naïve implementation on 4 processors overcomes overhead This summer check realistic scenario ~400 components, ~130 modal components

Ultimate Modeling View CCM IDL Model Layer Check mode behaviors, temporal properties, timing constraints Code Layer Check that implementations satisfy/refinement high-level specs – leverage the fact that code skeletons are automatically generated Generate code, fill- in skeletons, check for refinement We don’t do all of this yet!

Some Ongoing Work Integration of specification support into Cadena Model generation from Cadena Counter-example display Refinement checking (e.g., dependences against state machines) Incorporating synchronization info Modeling distributed nodes Incorporating time into spec language

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.