1 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 Specification and Verification of Data-driven Web Services Alin Deutsch, Liying Sui, Victor.

Slides:



Advertisements
Similar presentations
1 Verification by Model Checking. 2 Part 1 : Motivation.
Advertisements

OWL-S for Amazon Amazon.com publishes a WS to browse its DB and reserve goods –At the time of this experiment Amazon published only the buyer WS –Interaction.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
Tutorial I – An Introduction to Model Checking Peng WU INRIA Futurs LIX, École Polytechnique.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
CS6133 Software Specification and Verification
Single Contents Registration Manual National Institute of Informatics
Tailoring Needs Chapter 3. Contents This presentation covers the following: – Design considerations for tailored data-entry screens – Design considerations.
Efficient Query Evaluation on Probabilistic Databases
Copyright 2004 Monash University IMS5401 Web-based Systems Development Topic 2: Elements of the Web (g) Interactivity.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
Guide to Oracle10G1 Introduction To Forms Builder Chapter 5.
1 8. Safe Query Languages Safe program – its semantics can be at least partially computed on any valid database input. Safety is tied to program verification,
Lecture 4&5: Model Checking: A quick introduction Professor Aditya Ghose Director, Decision Systems Lab School of IT and Computer Science University of.
A Guide to Oracle9i1 Introduction To Forms Builder Chapter 5.
Temporal Logic and Model Checking. Reactive Systems We often classify systems into two types: Transformational: functions from inputs available at the.
Registering to SASHA The registration stage for application beings with the user selecting the ‘Profile’ button on the main menu. Registering to the application.
Review of the automata-theoretic approach to model-checking.
CS5371 Theory of Computation Lecture 10: Computability Theory I (Turing Machine)
Embedded Systems Laboratory Department of Computer and Information Science Linköping University Sweden Formal Verification and Model Checking Traian Pop.
Chapter 1 Program Design
SEEK is supported by the National Science Foundation under awards , , and Semantic Mediation System WAVE: A Verifier for.
UML exam advice. Minimal, yet sufficient UML course 80% of modeling can be done with 20% of the UML. Which 20% was that again? We’re supposed to be “Use.
CS 290C: Formal Models for Web Software Lecture 18: Verification of Data Driven Web Applications Instructor: Tevfik Bultan.
Chapter 9 Collecting Data with Forms. A form on a web page consists of form objects such as text boxes or radio buttons into which users type information.
What is Sure BDCs? BDC stands for Batch Data Communication and is also known as Batch Input. It is a technique for mass input of data into SAP by simulating.
Plan Design Analyze Develop Test Implement Maintain Systems Development Life Cycle MCC Designs Meghan Perea Carrie Ver Burg Cory Schroeder.
1 Direct Manipulation Proposal 17 Direct Manipulation is when physical actions are used instead of commands. E.g. In a word document when the user inputs.
A Logic for Decidable Reasoning about Services Yilan Gu Dept. of Computer Science University of Toronto Mikhail Soutchanski Dept. of Computer Science Ryerson.
Copyright © 2007, Oracle. All rights reserved. Managing Concurrent Requests.
1 A Static Analysis Approach for Automatically Generating Test Cases for Web Applications Presented by: Beverly Leung Fahim Rahman.
1 1 User Manual Purchase and Order Tracking on the SKF Giftzone.
Section 17.1 Add an audio file using HTML Create a form using HTML Add text boxes using HTML Add radio buttons and check boxes using HTML Add a pull-down.
COMP3121 E-Commerce Technologies Richard Henson University of Worcester November 2011.
Computational Complexity Theory Lecture 2: Reductions, NP-completeness, Cook-Levin theorem Indian Institute of Science.
XRules An XML Business Rules Language Introduction Copyright © Waleed Abdulla All rights reserved. August 2004.
Workflows in Webdam Victor Vianu UC San Diego & INRIA/Webdam.
Automatic Verification of Finite-State Concurrent Systems Using Temporal Logic Specifications 1.
 Whether using paper forms or forms on the web, forms are used for gathering information. User enter information into designated areas, or fields. Forms.
CIS 842: Specification and Verification of Reactive Systems Lecture Specifications: LTL Model Checking Copyright , Matt Dwyer, John Hatcliff,
Chapter 4: Working with ASP.NET Server Controls OUTLINE  What ASP.NET Server Controls are  How the ASP.NET run time processes the server controls on.
3 Copyright © 2004, Oracle. All rights reserved. Working in the Forms Developer Environment.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Websites with good heuristics Irene Wachirawutthichai.
1 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis December 04 Verification of Data-Intensive Web Services Grigoris Karvounarakis University of Pennsylvania.
Office of Housing Choice Voucher Program Voucher Management System – VMS Version Released October 2011.
 Shopping Basket  Stages to maintain shopping basket in framework  Viewing Shopping Basket.
Lecture 7: Foundations of Query Languages Tuesday, January 23, 2001.
1 Reasoning with Infinite stable models Piero A. Bonatti presented by Axel Polleres (IJCAI 2001,
This Week Lecture on relational semantics Exercises on logic and relations Labs on using Isabelle to do proofs.
1 CSEP590 – Model Checking and Automated Verification Lecture outline for July 9, 2003.
CS357 Lecture 13: Symbolic model checking without BDDs Alex Aiken David Dill 1.
1 Chapter 11 Global Properties (Distributed Termination)
Black Box Unit Testing What is black-box testing? Unit (code, module) seen as a black box No access to the internal or logical structure Determine.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
1 Finite Model Theory Lecture 5 Turing Machines and Finite Models.
SEEK is supported by the National Science Foundation under awards , , and Semantic Mediation System WAVE: A Verifier for.
6/12/20161 a.a.2015/2016 Prof. Anna Labella Formal Methods in software development.
CIS 540 Principles of Embedded Computation Spring Instructor: Rajeev Alur
Programming Logic and Design Fourth Edition, Comprehensive Chapter 10 Using Menus and Validating Input.
Lecture 9: Query Complexity Tuesday, January 30, 2001.
Logical Agents. Outline Knowledge-based agents Logic in general - models and entailment Propositional (Boolean) logic Equivalence, validity, satisfiability.
Complexity of Compositional Model Checking of Computation Tree Logic on Simple Structures Krishnendu Chatterjee Pallab Dasgupta P.P. Chakrabarti IWDC 2004,
Automatic Verification of Industrial Designs
Lecture 10: Query Complexity
Program correctness Branching-time temporal logics
Presentation transcript:

1 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 Specification and Verification of Data-driven Web Services Alin Deutsch, Liying Sui, Victor Vianu UCSD presented by: Grigoris Karvounarakis Univ. of Pennsylvania CIS 650 November 4, 2004

2 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Data-driven Web Services Interconnected interactive Web pages, built on top of a database (e.g., online shopping sites)  User input through text boxes, buttons and pull-down menus, usually dynamically generated  Access information in databases (e.g., product inventory of online store)  Action: transition to a new web page posting information that is output by previous step + (possibly) new menus etc for more input.

3 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Example login passwd HOMEPAGE (W 0 ) loginregisterclear REGISTRATION PAGE CUSTOMER PAGE … button(“clear”) button(“login”) Æ user(login, passwd) button(“register”) button(“login”) Æ : user(login, passwd) user-profile(login) menu from product-list user loginpasswd product-list nameprice

4 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Example login passwd HOMEPAGE (W 0 ) loginregisterclear REGISTRATION PAGE CUSTOMER PAGE … button(“clear”) button(“login”) Æ user(login, passwd) button(“register”) button(“login”) Æ : user(login, passwd) user-profile(login) menu from product-list user loginpasswd product-list nameprice ERROR PAGE(W e ) “internal” errors

5 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Outline High-level Specification model Automatic Verification  FO-LTL  CTL/CTL* Conclusions - Discussion

6 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Model for data-driven Web services A web service W is a set of web page schemas as well as  A global database D (no updates)  State relations S (representing the current state of a corresponding infinite state machine)  Input relations I  Action relations A  A home page schema W 0  An error page schema W e (captures “ internal ” / unrecoverable errors in that prohibit correct execution, not application-semantic errors, e.g., invalid passwd)

7 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Web page schemas Input choices (e.g., options of a pull-down menu)  Options = φ (Database, State, Past input) Actions (i.e., output of transition)  φ (Database, State, Input+Past input) Web Page Transitions  Target Webpage: φ (Database, State, Input+Past input) State changes  insertions/deletions := φ (Database, State, Input+Past input)  CWA: non-existence = negation φ : FO query

8 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 WP schema of example Input: login, passwd, button Input Rules:  Options button (x) à x=“login” Ç x=“register” Ç x=“clear” State Rules (this example: one state relation error):  error(“failed login”) à button(“login”) Æ : user(login, passwd) Target WP: HomePage, RegPage, CustPage Target Rules:  HomePage à button(“clear”)  RegPage à button(“register”)  CustPage à button(“login”) Æ user(login, passwd)  HomePage à button(“login”) Æ : user(login, passwd)

9 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Web Service Runs An infinite sequence of pairs of the “current” Web page with the corresponding snapshots of the db relations ( input, previous_input, state, action): A run goes through the special page W e iff in the previous state:  Some formula required some input before it was provided  The user is required to enter some input more than once  The target rules do not identify uniquely a target WP At step i+1, prev_input is updated with the input of the step i and the new input, action, state is the result of applying the corresponding rules to the contents of the db at step i

10 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Desirable Properties Basic Soundness  Every run is error-free (i.e., does not go through W e ) Semantic (application-specific)  No product is delivered before correct payment is received  No user can cancel an order that has already been shipped Navigational properties  There is a way to reach the home page from any page

11 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Verification of Web Services Different expressiveness is required for different properties Linear-time properties (LTL-FO)  Satisfied by every run (e.g., basic and semantic properties in previous slide) Branching-time properties (CTL/CTL*)  Involve quantification over runs (e.g., navigational property in previous slide)

12 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 First-Order Linear-time Temporal Logic Temporal operators  Xp: p holds in the next time  pUq: p holds until q holds  Fp: p holds eventually  Gp: p always holds  pBq: either q always holds or p holds before q fails

13 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Example No product is delivered before correct payment is received 8 pid, uname, price [ ξ (pid, uname, price) B : Ship(uname, pid)] where ξ(pid, uname, price) is the formula: PaymentPage Æ pay(price) Æ button(“authorize payment”) Æ pick(pid, price) Æ 9 pname catalog(pid, pname, price) Color code: input state action data

14 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Decidability of verification Even just deciding whether a Web service is error- free is undecidable Need restrictions: Input-boundedness  Input rules: 9 *FO with ground state atoms  All other rules: quantification only on variables that are bounded by expressions on (current or past) input relations Given an input bounded Web Service W and an input bounded LTL-FO formula φ, checking W ² φ is PSPACE-complete

15 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Not input-bounded formula No product is delivered before correct payment is received 8 pid, uname, price [ ξ (pid, uname, price) B : Ship(uname, pid)] where ξ(pid, uname, price) is the formula: PaymentPage Æ pay(price) Æ button(“authorize payment”) Æ pick(pid, price) Æ 9 pname catalog(pid, pname, price) Color code: input state action data Not bounded in any input relation

16 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Input-bounded formula No product is delivered before correct payment is received 8 pid, uname, price [ ξ (pid, uname, price) B : Ship(uname, pid)] where ξ(pid, uname, price) is the formula: PaymentPage Æ pay(price) Æ button(“authorize payment”) Æ pick(pid, price) Æ prod-price(pid, price) Note: pick is a state relation, but it essentially keeps track of previous input(?)

17 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Boundaries of decidability Relaxing the requirement that state atoms must be ground in formula defining the input options, by allowing state atoms with variables. Reduction: Does TM halt on input epsilon? Lifting the input-bounded requirement by allowing projection in state rules (i.e., existential quantification over state relations). Reduction: Implication for FDs and IDs Allowing Prev I to record all previous input to I rather than the most recent one. Reduction: Trakhtenbrot ’ s Theorem Extend the LTL-FO formula with path quantification. Reduction: validity of 9 * 8 *FO formulas

18 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Branching-time Temporal Logic CTL (Computation Tree Logic) introduces path quantifiers:  A: ” for every path ”  E: ” there exists a path ” Examples  From every page (i.e., the target of every path) there always exists a path that eventually reaches HomePage: A G E F HomePage  From every path, always if the current page is HomePage and login is selected, then there exists a path leading eventually to a page where one can authorize payment: A G [ (HP Æ button(“login”) ! E F (button(“authorize”)) ]

19 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Verification of CTL-FO Input-boundedness is not enough for decidability of CTL-FO verification Further restriction: Propositional input-bounded Web Services  Actions and states are propositional (no data values)  No rules can use Prev I atoms  Input rules need not be propositional Propositional CTL formulas  Use input, action, state relation names and WP symbols (viewed as propositions)

20 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Input-bounded propositional CTL-FO Verification of W ² φ for CTL(*) formulas for propositional Web services:  CO-NEXPTIME for CTL  EXPSPACE for CTL*

21 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Other restrictions Restrict formulas to navigational properties (i.e. only including web page symbols – no relations)  PSPACE for CTL* Don’t allow relations in input rules (i.e. specification does not use database at all)  PSPACE for CTL* Input-driven search: allow limited use of Prev_I  EXPTIME-complete for CTL  2-EXPTIME-complete for CTL*

22 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Conclusions Extend the model and verification results to allow  multiple users  custom-defined sessions to be verified (instead of all possible runs) – would allow updates (e.g., inventory updates after purchase) between sessions  interacting Web services Practical verification algorithms  Heuristics could help in achieving good performance

23 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Discussion Similar results would be interesting/useful for other service models as well Proposed model is quite limited (although more powerful than Spielmann’s)  Still, it is limited even further to achieve decidability of verification (e.g., input-bounded, propositional, not using previous inputs)  What kinds of practical applications can/cannot be expressed? Other verification approaches (e.g., approximation: sound but not complete) could possibly be employed to deal with undecidability in models of practical interest

24 UNIVERSITY of PENNSYLVANIAGrigoris Karvounarakis November 04 CIS 650 Discussion Important idea: coupling logic/verification with databases/Datalog  Using a database to represent the state and transition function of a machine that manipulates data  Useful ideas that can be applied in other models Useful results:  Introduces a model that is suitable an interesting kind of Web services  Proposes restrictions to achieve decidability of the verification of properties requiring different levels of expressiveness and provides thorough complexity results  Identifies boundaries of decidability of the verification of properties requiring different levels of expressiveness

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.