Parameterized Models for Distributed Java Objects Tomás Barros & Rabéa Boulifa OASIS Project INRIA Sophia Antipolis April 2004
Agenda Main Goal Parametrized Models Generation of Models Properties Study Case Conclusion Perspectives
Main Goal Analysis and Verification of Behavioural Properties of Distributed (Java) Systems – Naturally description of realistic distributed systems – (Semi) Automatic model generation from source code – Hierarchy & Compositionability
Rabea Tomás Aims Snapshot Informal Requirements Model Checker Source Code (ProActive) Architecture (parameterized) Properties (parameterized) Instantiations Abstract Source Code Abstraction Architecture (parameterized) Static Analysis
Parameterized Models
ProActive library Active objects communicate by Remote Method Invocation. Each active object: has a request queue (always accepting incoming requests) has a body specifying its behaviour (local state and computation, service of requests, submission of requests) manages the « wait by necessity » of responses (futures)
!Serv_m(args) request served (executed and removed) response received !Serv_m(args) Method Calls : informal diagram method call Current object iRemote object j request arriving in the queue !Req_m(args) ?Req_m(args) !Rep_m(val) ?Rep_m(val) !Req_m(args) ?Req_m(args) ?Rep_m(val) response sent back !Rep_m(val)
Parameterized Networks O= {Oi} a set of active object classes. Dom(Oi) a set of instantiations of each class (by abstraction of creation parameters). Req(args) Rep(v) Behaviour pLTS Queue pLTSActive Object i Active Object j AiAi QiQi serve PiPi Req use AjAj QjQj serve PjPj Req use Parameterized Synchronisation Networks
Networks of synchronised pLTSs Parametrized Labelled transition systems, pLTSs= LTSs with guarded parameterized transitions 1 pNet per activity=pLTS body + pLTS queue + pLTS proxy Labels= Requests/Responses (method name + finite abstraction of parameters) Construction by rules, based on the eXtended Method Call Graph.
eXtended Method Call Graph MCG= method name nodes call edges transfer edges p a nodes { ent(m, args), pp(lab), ret(val), call(var, o.m, ags), use(val), serve(mset, pred) } with o typed as remote or local It encodes both the usual control flow usual in MCG (resolution of class analysis and of method calls), and the data low relative to interesting parameters.
Buffer XMCG
Procedure Global Network: analyse the source code of the application, parameterized by some finite abstraction of parameters. For each Active Object Class (with all required passive classes): –build the eXtended Method Call Graph, XMCG –compute the sequential pLTS, using rules –for each use node construct the proxy "Future" pLTS –generate the request queue pLTS –Combine the pLTSs (the body, the queue and the proxy). Property : For a finite data abstraction Termination guarantied
Algorithm… rules
Call rule If o is remote, we simply generate a send message ! o.Q_m(this, f, args) encoding the method name, its status and its (abstracted) param. with future var. else the message !o. Call_m(args) is sent to the method proccess and according to the return value is void or no the response is awaited or no.
Consumer Network
Buffer Network Buf.Body put Buf.Queue get
Parameterized Property True/False + diagnostic
Electronic Invoices in Chile
15 parameterized automata 4 level of hierarchy state explosion: grouping, hiding, reduction by bisimulation 7 properties successful verified (after fixing the model)
Conclusions Outlined a graphical language Developed instantiating tool Generation of model from ProActive source code Validated our approach into a realistic application
Perspectives Refine the language and formalise the abstractions Parameterized verification and pre-order relation Components and dynamic binding/creation On-the-fly model checking and graphical editor (currently started)
Thank you Tomás Barros Rabea Boulifa Vercors: ProActive: