Presentation is loading. Please wait.

Presentation is loading. Please wait.

Eric Madelaine FORTE ’04 -- Madrid sept. 2004 1/25 Parameterized Models for Distributed Java Objects Eric Madelaine work with Tomás Barros, Rabéa Boulifa.

Published byDarlene Simmons Modified over 9 years ago

Similar presentations

Presentation on theme: "Eric Madelaine FORTE ’04 -- Madrid sept. 2004 1/25 Parameterized Models for Distributed Java Objects Eric Madelaine work with Tomás Barros, Rabéa Boulifa."— Presentation transcript:

1 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 1/25 Parameterized Models for Distributed Java Objects Eric Madelaine work with Tomás Barros, Rabéa Boulifa OASIS Project, INRIA Sophia Antipolis sept. 2004

2 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 2/25 Challenges Specification language : » usable by non-specialists Automatic verification : » construction of models from source code » integrated software Standard, state-of-the-art model checkers : » finite state models » hierarchical models, compositional construction Goal Automatic Verification of Properties of Distributed Systems

3 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 3/25 Motivations Complexity of (Distributed) Software Verification Classical approaches: – BDDs, partial orders, data-independance, symmetry – Hierarchical construction, compositional reduction techniques – Value-passing systems, bounded model-checking – Abstractions Parameterized / Infinite systems – ad-hoc, problem-specific solutions (induction, widening, etc.)

4 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 4/25 Motivations Complexity of (Distributed) Software Verification Classical approaches: – BDDs, partial orders, data-independance, symmetry – Hierarchical construction, compositional reduction techniques – Value-passing systems, bounded model-checking – Abstractions Parameterized / Infinite systems – ad-hoc, problem-specific solutions (induction, widening, etc.) Parameterized Models Automatic Tools More Abstractions

5 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 5/25 Motivations (cont’d) Cleaveland & Riely @ CONCUR’94 => Abstractions for Value Passing Systems 1) Value-passing processes parameterized over “value interpretations” 2) Abstract interpretation over countable data domains using partitions (total surjections) 3) Specification Preorder for Processes 4) Result : Safe value abstractions yields safe abstractions on processes.

6 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 6/25 Plan Models : – Finite systems and Synchronisation Networks. – Parameterized LTS, Networks, Instantiation. Graphical Language Extracting models : – Java/ProActive distributed applications. – Abstraction and Static Analysis. – LTS and network computation. Conclusions and Perspectives

7 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 7/25 Model (1) : Synchronisation Networks Labelled Transition Systems (LTS) : Synchronisation Network (Net) : –operator over transition systems (finite arity, arguments with sorts) –synchronisation vectors : Ag <- [*, *, a3, *, a4, a5, *] –dynamic synchronisation : transducers Synchronisation product : builds a global LTS from a Net of arity n, and n argument LTSs. Arnold 1992 : synchronisation networks Lakas 1996 : Lotos open expressions Boulifa, Madelaine 2003, Model generation for distributed Java programs, Fidji’03

8 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 8/25 Process Parameters : –denotes families of LTSs. Variables : –associated to each state, assigned by transitions. Simple (countable) Types : –booleans, finite enumerations, integers and intervals, records. Parameterized LTS (pLTS) with parameterized transitions : (2) Parameterized Transition Systems [b]  (x), x’:=e(x)

9 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 9/25 Synchronisation Network (pNet) > –global action alphabet pAg, –finite set of arguments, each with sort pI i and params K i, corresponding to as many actual arguments as necessary in a given instantiation, –parameterized synchronisation vectors pAg <- [*, *, a3(k3), *, a4(k4), *] Instantiation : for a finite abstraction of the parameters domains D v (3) Parameterized Networks Finite Network pLTS x D v  LTS pNet x D v  Net

10 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 10/25 Plan Models : – Finite systems and Synchronisation Networks – Parameterized LTS, Networks, Instantiation. Graphical Language Extracting models : – Java/ProActive distributed applications, – Abstraction and Static Analysis, – LTS and network computation. Conclusion and Future

11 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 11/25 Generating a subset of our parameterized networks ­ static networks ­ communication “a la CCS” Graphical specification language at early stages of specification. The mapping to the formal model allows for model-checking temporal properties of the graphical specification. ­ Attali, Barros, Madelaine “Formalisation and Verification of the Chilean electronic invoice system”, JCCC’04, Arica, Chili, nov’2004 Could be extended naturally for : ­ transducers (dynamic topology) ­ 1 to n communication ­ component-like interfaces. Graphical Specifications

12 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 12/25 Graphical Specifications

13 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 13/25 Plan Models : – Finite systems and Synchronisation Networks – Parameterized LTS, Networks, Instantiation. Graphical Language Extracting models : – Java/ProActive distributed applications, – Abstraction and Static Analysis, – LTS and network computation. Conclusion and Future

14 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 14/25 Extracting models : principles

15 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 15/25 ProActive : distributed activities Active objects communicate by Remote Method Invocation. Each active object: has a request queue (always accepting incoming requests) has a body specifying its behaviour (local state and computation, service of requests, submission of requests) manages the « wait by necessity » of responses (futures)

16 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 16/25 ProActive : High level semantics Independence wrt. distribution Guarantee and Synchrony of delivery : –RdV mechanism ensures the delivery of requests, and of responses. Determinism / Confluence : –Asynchronous communication and processing do not change the final result of computation. ASP Calculus: D. Caromel, L. Henrio, B. Serpette, “Asynchronous and Deterministic Objects”, POPL’2004

17 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 17/25 Step 1: Front end abstractions Various methods for simplifying source code, with respect to a (set of) properties to be proven: –Data abstraction : transform the application data domains into “simple types”. –Slicing : only keep variables and instructions influencing the property of interest. The BANDERA toolset offers modules for slicing and data abstraction. We have adapted them to deal with ProActive code. We use JIMPLE as an intermediate code for defining our static analysis functions (simpler than bytecode).

18 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 18/25 Step 2 : Extended Call Graphs control flow : class analysis + method calls data flow : sequences of instructions (bytecode level) distribution : identification of active objects in the code: activities, remote calls, futures. Complex static analysis : –class analysis –alias analysis –approximation of object topology –simulation of generated code.

19 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 19/25 Step 3a : Model generation Global Network Static topology : finite number of parameterized activities. ­Identify parameters ­Build boxes and links for each activity ­Add Proxies and Queues for the management of messages For each Active Object Class : –Body : parameterized network of LTSs –local method calls : synchronisation messages –remote calls : “wait by necessity” using proxy processes –requests queue : the main potential blow-up…! AjAj QjQj serve PjPj Req use

20 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 20/25 Step 3b : Model generation Global Network Property : for each distributed active object class, starting from source code with abstracted data (simple types), our procedure terminates and builds a finite parameterized model.

21 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 21/25 Step 3c : Model generation Method LTS One pLTS for each method in the Active Object For each method : – a residual algorithm for crossing the XMCG – generates a parameterized LTS of linear size (each XMCG node is crossed only once) – imprecision of the static analysis results in non- determinism.

22 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 22/25 Approximations from static analysis: –class imprecision –remote/local objects Local calls : sends an activation message to the corresponding process, and waits for the return message. Remote calls : sends a request message to the proxy and to the remote object. Example : Call rule

23 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 23/25 Buffer Network Buf.Body put Buf.Queue get

24 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 24/25 Conclusions Parameterized, hierarchical model. Validated with a realistic case-study. Automatic construction of model from the code using safe approximations. Ongoing development verification platform for ProActive : – graphical editor, generation of model from ProActive source code, instantiation tool, connections with finite-state checkers.

25 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 25/25 Perspectives What is so special with ProActive ? Could be done for other languages / middlewares, endowed with a formal semantics. Refine the graphical language, extend to other ProActive features. (Direct) parameterized verification. Behavioural specifications of components, correct compositions.

26 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 26/25 Thank you ! http://www-sop.inria.fr/oasis/Vercors

27 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 27/25 Electronic Invoices in Chile Barros, Madelaine “Formalisation and Verification of the Chilean electronic invoice system”, INRIA report RR-5217, june 2004. 15 parameterized automata / 4 levels of hierarchy state explosion: grouping, hiding, reduction by bisimulation : – instantiating 7 parameters yields > millions of states...

28 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 28/25 Large case-study: Electronic Invoices in Chile

29 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 29/25 Electronic Invoices in Chile Barros, Madelaine “Formalisation and Verification of the Chilean electronic invoice system”, INRIA report RR-5217, june 2004. 15 parameterized automata / 4 levels of hierarchy state explosion: grouping, hiding, reduction by bisimulation

30 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 30/25 Parameterized Properties True/False + diagnostic Logical parameterized LTS Parameterized temporal logics

31 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 31/25 Methodology : Snapshot Informal Requirements Model Checker Source Code Architecture (parameterized) Properties (parameterized) Instantiations (abstractions) Abstract Source Code Data Abstraction Architecture (parameterized) Static Analysis Validate the model Correctness of the implementation (model-checking) Correctness of the implementation (preorder)

32 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 32/25 Algorithm… rules

33 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 33/25 Consumer Network

34 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 34/25 Fractal hierarchical model : composites encapsulate primitives, which encapsulates Java code Component Identity Binding Controller Lifecycle Controller Content Controller Content Controller

35 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 35/25 Fractal + ProActive Components for the GRID An activity, a process, … potentially in its own JVM 2. Composite component C 1. Primitive component Java + Legacy 3. Parallel and composite component D Composite: Hierarchical, and Distributed over machines Parallel: Composite + Broadcast (group)

36 Eric Madelaine FORTE ’04 -- Madrid sept. 2004 36/25 Components : correct composition Behaviour is an essential part of a component specification. Model of components : – primitive = pLTS – composite = pNet – state-less component = static pNet – controller = transducer Correctness of composition : – implementation preorder ? Content Controller

Download ppt "Eric Madelaine FORTE ’04 -- Madrid sept. 2004 1/25 Parameterized Models for Distributed Java Objects Eric Madelaine work with Tomás Barros, Rabéa Boulifa."

Similar presentations

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,

Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,
Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,

Seyedehmehrnaz Mireslami, Mohammad Moshirpour, Behrouz H. Far Department of Electrical and Computer Engineering University of Calgary, Canada {smiresla,
Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,

Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,
Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str. 546 24 Thessaloniki Greece.

Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str Thessaloniki Greece.
Timed Automata.

Timed Automata.
/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.

/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.
Denis Caromel1 Joint work with Ludovic Henrio – Eric Madelaine et. OASIS members OASIS Team INRIA -- CNRS - I3S – Univ. of Nice Sophia-Antipolis, IUF.

Denis Caromel1 Joint work with Ludovic Henrio – Eric Madelaine et. OASIS members OASIS Team INRIA -- CNRS - I3S – Univ. of Nice Sophia-Antipolis, IUF.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
The road to reliable, autonomous distributed systems

The road to reliable, autonomous distributed systems
An Associative Broadcast Based Coordination Model for Distributed Processes James C. Browne Kevin Kane Hongxia Tian Department of Computer Sciences The.

An Associative Broadcast Based Coordination Model for Distributed Processes James C. Browne Kevin Kane Hongxia Tian Department of Computer Sciences The.
Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,

Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,
Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.

Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.
1 IFM 2005 – November 30, 2005 EXP.OPEN 2.0 A flexible tool integrating partial order, compositional, and on-the-fly verification methods Frédéric Lang.

1 IFM 2005 – November 30, 2005 EXP.OPEN 2.0 A flexible tool integrating partial order, compositional, and on-the-fly verification methods Frédéric Lang.
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Optimisation of behaviour of component-based distributed systems INRIA - I3S - CNRS – University of Nice Sophia-Antipolis EPC SCALE Galyna Zholtkevych.

Optimisation of behaviour of component-based distributed systems INRIA - I3S - CNRS – University of Nice Sophia-Antipolis EPC SCALE Galyna Zholtkevych.
02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.
Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine.

Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine.
Parallel and Distributed Computing in Model Checking Diana DUBU (UVT) Dana PETCU (IeAT, UVT)

Parallel and Distributed Computing in Model Checking Diana DUBU (UVT) Dana PETCU (IeAT, UVT)

Similar presentations

Ads by Google