Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Abstractions for the Verification of Web Service Compositions Raman KazhamiakinMarco Pistore DIT, University.

Published byJacob Cain Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Abstractions for the Verification of Web Service Compositions Raman KazhamiakinMarco Pistore DIT, University."— Presentation transcript:

1 Data Abstractions for the Verification of Web Service Compositions Raman KazhamiakinMarco Pistore raman@dit.unitn.itpistore@dit.unitn.it DIT, University of Trento, Italy

2 Loan Approval [ amount < 10000] [amount >= 10000] [risk != low] [ risk == low ] assess result := yes approve Ignoring data affects control flow:

3 Loan Approval [ amount < 10000] [amount >= 10000] [risk != low] [ risk == low ] assess result := yes approve Ignoring data affects control flow:

4 Loan Approval [ amount < 10000] [amount >= 10000] [risk != low] [ risk == low ] assess result := yes approve Ignoring data affects control flow:

5 Loan Approval [ amount < 10000] [amount >= 10000] [risk != low] [ risk == low ] assess result := yes approve Ignoring data affects control flow: Bad scenario: amount> 10000, approve.result = ‘no’, assess.risk = ‘low’, result = ‘yes’

6 Extended Loan Approval Ignoring data hides properties of the system: Bad scenario: amount is reduced, result is not changed Loan Approval [ !answer ] [ amount < 10000 ][ amount >= 10000 ] [risk != low] [ risk == low ] assess approve answer := true result:= amount answer:= false result:=amount amount:= reduce(amount) [! answer] amount result

7 Data Flow Analysis Current approaches Ignoring data and data flowIgnoring data and data flow (LTSA-BPEL, PN-based approaches) Finite data domain instantiationFinite data domain instantiation (WSAT, WS-VERIFY) Challenges Infinite data domainsInfinite data domains – necessity to reason on infinite-state spaces Custom functions and predicatesCustom functions and predicates – inability to reason and evaluate Non-determinismNon-determinism – accurate modeling and representation Problems ComplexityComplexity PrecisionPrecision

8 Solution 1 Conservative abstractionConservative abstraction over-approximationGiven a concrete system C, and a set of predicates (propositions over data), build an abstract system A, s.t. A is an over-approximation of C: L(A) ≥ L(C) For a (universal) property p, if p holds on A, then p holds on C. A converse does not hold existentialThis does not work for existential properties P = “Eventually amount is greater than the initial one”: C satisfies assertion (G ¬ p), and violates possibility (F p) A violates assertion (G ¬ p), and satisfies possibility (F p) Able to give only partial answer!Able to give only partial answer!

9 Solution 2 3-valued abstraction3-valued abstraction Given a concrete system C, build a 3-valued abstract system A, s.t. a proposition may have value true, false or unknown. The result of the property analysis may also have 3 values Reduced to the 2-valued problem with the help of two models/interpretations L(A o ) ≥ L(C) ≥ L(A u ) If property holds on A o, then it holds on C If property is violated in A u, then it is violated in C Less precise w.r.t. previous modelLess precise w.r.t. previous model: P = “Eventually amount is greater or less (or equal) than the initial one”: Property is trivially true A o violates the property!

10 Proposed Solution Hybrid approachHybrid approach Two models E-model: over-approximated abstraction, 2-valued logic K-Model: under-approximated abstraction, knowledge-level representation Universal and existential properties A E ⊧ A φ → C ⊧ A φ → A K ⊧ A φ A K ⊧ P φ → C ⊧ A φ → A P ⊧ A φ

11 Abstract Composition Model valuationSet of predicates P = {p 1,…,p n }, valuation V:P → 2 P Abstract STS B – set of boolean variables corresponding to P S – _PC x 2 P set of states S 0 – set of initial states R – S x S transition relation s.t. ((pc, V), (pc’, V’)) in R iff Exists (s,φ,a,Ω,s’) pc = pc(s) ; pc’ = pc(s’) applicableapplicable[t](V) execV’ = exec[t](V’) a:= 10 b:=1 [a>b]a:=a - 5[!a>b] result:=error P = {(a>b), !(a>b)} (T,F)

12 Branching Model (E-Model) Interpretation: I E (V) – set of states g s.t. V(p) = Eval g (p) applicable E [t](V) iff exists g s.t. Eval g (φ) = true Transition is applicable if its condition is true in some ground state compatible with valuation exec E [t](V) is one of the valuations V’ s.t. exists g in V, for all p V’(p) = Eval update(g,Ω) (p) Result of the execution of transition in an abstract state s is an abstract state s’ compatible with the update applied to one of the ground states compatible with s (T,F) result:=error P = {(a>b), !(a>b)} (T,F) (F,T) (T,F) (F,T)

13 Knowledge-level Model (K-Model) Interpretation: I K (V) – set of states g s.t. if V(p) = true then Eval g (p) = true If proposition is true then it is “known” to be true in all ground states applicable K [t](V) iff for all g Eval g (φ) = true Transition is applicable if its condition is true in every ground state compatible with valuation exec K [t](V) is a valuation V’ s.t. for each p, V’(p) = true iff forall g in V Eval update(g,Ω) (p) = true Result of the execution of transition in an abstract state s is an abstract state s’ with the safest knowledge about propositions P = {(a>b), !(a>b)} (T,F) (F,F)

14 Property Satisfiability K-model of the formula (φ K ): Convert to Negative Normal Form Replace propositions with corresponding boolean variables E-satisfiability Assertion: A E ⊧ A φ iff for each execution π π ⊧ φ Possibility: A E ⊧ P φ iff exists execution π π ⊧ φ K-satisfiability Assertion: A K ⊧ A φ iff for each execution π π not ⊧ (¬φ) K Possibility: A E ⊧ P φ iff exists execution π π ⊧ φ K

15 Analysis approach For an assertion: TRUEProve that E-model satisfies assertion (return TRUE) FALSEIf not, prove that K-model violates assertion (return FALSE) UNKNOWNIf not, refine (return UNKNOWN) For a possibility: TRUEProve that K-model satisfies possibility (return TRUE) FALSEIf not, prove that E-model violates possibility (return FALSE) UNKNOWNIf not, refine (return UNKNOWN)

16 Justifying the approach Over-approximated K-model has less precision Under-approximated E-model is not applicable

17 Challenges Refinement process: When the result is unknown, improve the abstraction s.t. the property satisfiability is known Counterexample analysis: Extract set of propositions that are necessary to improve the analysis Extract assumptions on the abstract functions that would remove non- determinism e.g. if ((b b

18 Loan Approval [ !answer ] Approver Customer Assessor amount [ amount < 10000 ] amount risk [ amount >= 10000 ] [risk != low] amount answer [ risk == low ] result amount := ? risk := ? assess request approve answer := ? answer := true result:= amount answer:= false result:=amount amount:= reduce(amount) [! answer]

Download ppt "Data Abstractions for the Verification of Web Service Compositions Raman KazhamiakinMarco Pistore DIT, University."

Similar presentations

1 Abstraction (Cont’d) Defining an Abstract Domain variable elimination, data abstraction, predicate abstraction Abstraction for Universal/Existential.

1 Abstraction (Cont’d) Defining an Abstract Domain variable elimination, data abstraction, predicate abstraction Abstraction for Universal/Existential.
Modal Logic with Variable Modalities & its Applications to Querying Knowledge Bases Evgeny Zolin The University of Manchester

Modal Logic with Variable Modalities & its Applications to Querying Knowledge Bases Evgeny Zolin The University of Manchester
Abstraction of Source Code (from Bandera lectures and talks)

Abstraction of Source Code (from Bandera lectures and talks)
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:

Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:
© M. Winter COSC 4P41 – Functional Programming 10. 1 Testing vs Proving Testing –uses a set of “typical” examples, –symbolic testing, –may find errors,

© M. Winter COSC 4P41 – Functional Programming Testing vs Proving Testing –uses a set of “typical” examples, –symbolic testing, –may find errors,
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?

Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
Rigorous Software Development CSCI-GA 3033-011 Instructor: Thomas Wies Spring 2012 Lecture 13.

Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 13.
1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.

1 Temporal Claims A temporal claim is defined in Promela by the syntax: never { … body … } never is a keyword, like proctype. The body is the same as for.
August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting1August 27-29 2007Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.

August Moscow meeting1August Moscow meeting1August Moscow meeting11 Deductive tools in insertion modeling verification A.Letichevsky.
Elementary Number Theory and Methods of Proof

Elementary Number Theory and Methods of Proof
– Alfred North Whitehead,

– Alfred North Whitehead,
LDK R Logics for Data and Knowledge Representation Modal Logic Originally by Alessandro Agostini and Fausto Giunchiglia Modified by Fausto Giunchiglia,

LDK R Logics for Data and Knowledge Representation Modal Logic Originally by Alessandro Agostini and Fausto Giunchiglia Modified by Fausto Giunchiglia,
RMIT University; Taylor's College This is a story about four people named Everybody, Somebody, Anybody and Nobody. There was an important job to be done.

RMIT University; Taylor's College This is a story about four people named Everybody, Somebody, Anybody and Nobody. There was an important job to be done.
Outline Recap Knowledge Representation I Textbook: Chapters 6, 7, 9 and 10.

Outline Recap Knowledge Representation I Textbook: Chapters 6, 7, 9 and 10.
1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.

1 Model Checking, Abstraction- Refinement, and Their Implementation Based on slides by: Orna Grumberg Presented by: Yael Meller June 2008.

Similar presentations

Ads by Google