Presentation is loading. Please wait.

Presentation is loading. Please wait.

Eric MADELAINE1 A. Cansado, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis Fractal workshop, Nantes, 3 july.

Published byMarlene Rose Modified over 9 years ago

Similar presentations

Presentation on theme: "Eric MADELAINE1 A. Cansado, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis Fractal workshop, Nantes, 3 july."— Presentation transcript:

1 Eric MADELAINE1 A. Cansado, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis Fractal workshop, Nantes, 3 july 2006 Verification of Distributed Components : A Case - study

2 Eric MADELAINE2 Context Behaviour Specifications for Components The ADL and the Specifications A Proposal for Fractal ADL V3 The AirPort Case-study Presentation, and Zoom-in Specification and Verification with the Vercors platform Conclusion & Perspectives Agenda

3 Eric MADELAINE3 Applications : Build complex systems from off-the-shelf components Check behavioural compatibility between sub-components Check correctness of component deployment and behaviour Check correctness of the transformation inside a running application. Specification of Software Components Aim : Build reliable components from the composition of smaller pieces by the use of their formal specifications. Component paradigm : only observe activity at interfaces. Behavioural properties: Deadlock freeness, progress/termination, safety and liveness.

4 Eric MADELAINE4 Specification of Software Components Behaviour Specifications : Interface Signatures are not Sufficient, we need formal Behaviour Specifications of Components for: => detection of composition errors (deadlocks, progress, termination) => correctness of deployment and component update => compliance Contributions : Behavior Protocols (SOFA, Fractal) : Parameterized Networks (ProActive, Fractal) :

5 Eric MADELAINE5 Context Behaviour Specifications for Components The ADL and the Specifications A Proposal for Fractal ADL V3 The AirPort Case-study Presentation, and Zoom-in Specification and Verification with the Vercors platform Group communication Conclusion & Perspectives Agenda

6 Eric MADELAINE6 Extension of Fractal ADL : A Proposal Integration into the standard is important : To foster the usage of behaviour specification, and of formal verification of component composition To enable comparison of approaches on common examples Minimal Changes and Openness : The Behaviour specification itself can be big, and left to an external Parser. Let the syntax OPEN to other formalisms.

7 Eric MADELAINE7 Extension of Fractal ADL : A Proposal A behavior element nested inside component, interface, or binding elements with : A language attribute, with current possible values FC2, Lotos, behavior-protocol A file or a values attribute, Specialized parsers, often already existing, for behaviour languages, and for additional environment information (linking the ADL and interface signature elements with the behaviour specification)

8 Eric MADELAINE8 Extension of Fractal ADL : A Proposal Examples: <behaviour file="Alarm.lotos" language=“Lotos"/> <interface name=“IFirewall” role = “server” /> value = “ ? IF.Enable* | ? IF.Disable* "/>

9 Eric MADELAINE9 Context Behaviour Specifications for Components The ADL and the Specifications A Proposal for Fractal ADL V3 The AirPort Case-study Presentation, and Zoom-in Specification and Verification with the Vercors platform Group Communication Conclusion & Perspectives Agenda

10 Eric MADELAINE10 The AIRPORT Wifi Network Case-study Origin : France-Telecom / Sofa (Charles U. Prague) Component Reliability Extensions for the Fractal Model Description : http://kraken.cs.cas.cz/ft/public Bibliography : FACS’05: Model Checking of Component Behavior Specification: A Real Life Example

11 Eric MADELAINE11 Internet and Databases Users Firewall and Airport web server Ticket, FrequentFlyer, and Card management DHCP server

12 Eric MADELAINE12 FACS’05 study (SOFA) Zooming in … This presentation Login session Firewall+Web server Arbitrator / Token dispenser Ticket Classifier Frequent Flyer Classifier

13 Eric MADELAINE13 Login to the airport network : simple scenario Choices : Specify User and Firewall as components Abstract away from time constraint (Token lease)

14 Eric MADELAINE14 Vercors Platform Tool set : Code analysis(prototype, partial) Model generation (V0.8 available) Interactions with model-checking and the CADP verification toolbox (available) Supported by FIACRE, An ACI-Security Action of the French research ministry

15 Eric MADELAINE15 Model Generation : the ADL2N tool Semantic formalism : pNets = parameterized synchronisation networks (Forte’04) Primitive Components : Behaviour Specification (Lotos) / Code analysis Composite Components : Generation of pNets from the Architectural Description + Interface signatures Spin’05 : Behavioural Models for Hierarchical Components Facs’05 : Behavioural Models for Distributed Components

16 Eric MADELAINE16 Model Generation : the ADL2N tool ADL files + signatures Purely Functional B(Max,S) !B.Q_g et() !B.R_g et(v) C(c) … … … S Q_get( ) R_get(v ) Primitive behaviour (lotos)

17 Eric MADELAINE17 Model Generation : the ADL2N tool ADL files + signatures + Controllers Primitive behaviour (lotos) Body ProxyQueue LFLF Resp… Req… C( c) B !Err(xxx) P( p) !start ?bind Selection of non functional features, asynchronous mechanisms, errors, etc

18 Eric MADELAINE18 Building the global model Simple scenario, Branching minimization, keeping all upper level events visible. Instantiation : 1 single user 3 web pages, 2 tickets, 2 databases Sizes : global system = 2152 st / 6553 trs minimized = 57 st / 114 trs biggest primitive component = 5266 st / 27300 trs Mastering the complexity :  Smaller representations (i.e. partial orders, symmetries)  Reduce the number of visible events  Use distributed verification tools  Reason at component level

19 Eric MADELAINE19 Proving Properties Press-button verification : Finding Deadlocks Absence of usual errors : –J. Adamek “Composition Errors” –ProActive “Deployment Errors” Logical languages : –CADP : regular μ-calculus –Specification patterns Custom scenarios specifying the execution environment Equivalence / Compliance with a specification

20 Eric MADELAINE20 Proving Properties Deadlock : our initial specification has one. Diagnostic : ""loginWithFlyTicketId(IAccess)(0,1,1)"" ""loginWithFlyTicketId(ILogin)(0,1,1)"" ""loginWithFlyTicketId(IAccess)(0,1,1)"" ""CreateToken_req(IFTAuth)(1,1)"" ""GetFlyTicketValidity_req(IFTAuth)(1,1)"" ""GetFlyTicketValidity_resp(IFTAuth)(1,1)"" ""CreateToken_resp(IFTAuth)(1)"" Asks twice for loggin The Arbitrator (synchronous and monothreaded) gets the first answer, but blocks on the second request.

21 Eric MADELAINE21 Restrict the possible behaviours of our User component : (Specified in LOTOS and compiled with CAESAR (CADP)) => Result : no deadlock. Custom Scenario / Environment

22 Eric MADELAINE22 Proving Properties Functional property: If user is not logged in, it will always be redirected [not(‘login(0,1)’)*.’get_resp(0,1)’] false If the user asks for loggin, will he inevitably get it ? [""loginWithFlyTicketId(IAccess)(0,1,1)""] μ X. ( true Λ [not ""disablePortBlock(IReconfiguration)(0)""] X) You don’t like μ-calculus ? Use specification patterns…

23 Eric MADELAINE23 Context Behaviour Specifications for Components The ADL and the Specifications A Proposal for Fractal ADL V3 The AirPort Case-study Presentation, and Zoom-in Specification and Verification with the Vercors platform Group Communication Conclusion & Perspectives Agenda

24 Eric MADELAINE24 Second Scenario Multicast / gathercast interface to several DBs Complexity contained inside a composite component. 24634 states 47538 trans. 91 labels Minimised 7 states 90 trans. 24097 states 88545 trans. 118 labels Minimised 98 states 360 trans. After composition : 111634 states 202380 trans. 39 labels Minimised 12 states 92 trans. Instantiation domains: Each ticket has 2 values Each DB sends 0 or 1 ticket The Query returns 0 to 2 tickets

25 Eric MADELAINE25 Proposal for ADL Extension: GRID’S Specifics Collective Interfaces (Matthieu Morel) Distributed, parallel components require specific methods for distributing and gathering information. New attribute : cardinality = “multicast”( 1 to n ) cardinality = “gathercast”( n to 1 )  ProActive implementation  Model generation for behaviour verification

26 Eric MADELAINE26 Ongoing work Model generation : Including NF-controllers, asynchronous semantics Multicast Interfaces Expression of Properties : Pattern language specific to Grid Application Perspectives: Parameterized components at specification level

27 Eric MADELAINE27 Conclusions Formalisms for specifying the dynamic behaviour of components Tools for building finite models of behaviours from the Architecture Description Realistic Use-case Question (to FT & Sofa) : Available for comparisons of formalisms, methods, tools ? Papers, Use-cases and Tools at : http://www-sop.inria.fr/oasis/Vercors

28 Eric MADELAINE28 Thank you. Papers, Use-cases and Tools at : http://www-sop.inria.fr/oasis/Vercors

29 Eric MADELAINE29 Fractive Behavioural Models

30 Eric MADELAINE30 Fractive implementation Primitive component => Active object Composite membrane => Active object

31 Eric MADELAINE31 Previous work: ProActive behavioural models (presented at Forte 2004) T. Barros, R. Boulifa, E. Madelaine: Parameterized Models for Distributed Java Objects, Forte'2004 Conference, Madrid, Sep. 2004, LNCS 3235, © Springer-Verlag

32 Eric MADELAINE32 Fractive composites

33 Eric MADELAINE33 3) Membrane for primitive Asynchronous components = request queues, future proxies 4) … and also for composites components

Download ppt "Eric MADELAINE1 A. Cansado, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis Fractal workshop, Nantes, 3 july."

Similar presentations

Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,

Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,
Specification, Partitioning, and Composition Techniques for Web Applications in the Context of Event-B Abdolbaghi Rezazadeh Michael Butler University of.

Specification, Partitioning, and Composition Techniques for Web Applications in the Context of Event-B Abdolbaghi Rezazadeh Michael Butler University of.
European Commission Directorate-General Information Society Unit F2 – Grid Technologies INSERT PROJECT ACRONYM HERE BY EDITING THE MASTER SLIDE (VIEW.

European Commission Directorate-General Information Society Unit F2 – Grid Technologies INSERT PROJECT ACRONYM HERE BY EDITING THE MASTER SLIDE (VIEW.
Denis Caromel1 Joint work with Ludovic Henrio – Eric Madelaine et. OASIS members OASIS Team INRIA -- CNRS - I3S – Univ. of Nice Sophia-Antipolis, IUF.

Denis Caromel1 Joint work with Ludovic Henrio – Eric Madelaine et. OASIS members OASIS Team INRIA -- CNRS - I3S – Univ. of Nice Sophia-Antipolis, IUF.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.

1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.
Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,

Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,
Irina Rychkova. 9/20061 Systemic approach towards model definition Model transformation semantics.

Irina Rychkova. 9/20061 Systemic approach towards model definition Model transformation semantics.
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
Session 2: task 3.2 GCM, Kracow, June 27 2006 l Current status of GCM Denis Caromel (10 mn each talk) l Wrapping CCA Components as GCM Components Maciej.

Session 2: task 3.2 GCM, Kracow, June l Current status of GCM Denis Caromel (10 mn each talk) l Wrapping CCA Components as GCM Components Maciej.
Π-Method: A Model-Driven Formal Method for Architecture- Centric Software Engineering By Flavio Oquendo Presented by: Sajith Wickramaratne.

Π-Method: A Model-Driven Formal Method for Architecture- Centric Software Engineering By Flavio Oquendo Presented by: Sajith Wickramaratne.
1 Static vs dynamic SAGAs Ivan Lanese Computer Science Department University of Bologna/INRIA Italy.

1 Static vs dynamic SAGAs Ivan Lanese Computer Science Department University of Bologna/INRIA Italy.
Course Instructor: Aisha Azeem

Course Instructor: Aisha Azeem
Optimisation of behaviour of component-based distributed systems INRIA - I3S - CNRS – University of Nice Sophia-Antipolis EPC SCALE Galyna Zholtkevych.

Optimisation of behaviour of component-based distributed systems INRIA - I3S - CNRS – University of Nice Sophia-Antipolis EPC SCALE Galyna Zholtkevych.
Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.

Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.
Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine.

Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine.
Speaking Bluntly about SharpHDL: Some Old Stuff and Some Other Proposed Future Extensions Gordon J. Pace & Christine Vella Synchron’05 Malta, November.

Speaking Bluntly about SharpHDL: Some Old Stuff and Some Other Proposed Future Extensions Gordon J. Pace & Christine Vella Synchron’05 Malta, November.
INRIA Sophia-Antipolis, Oasis team INRIA Rhône-Alpes, Vasy team Feria–IRIT/LAAS, SVF team Toulouse GET - ENST Paris, LTCI team FIACRE Models and Tools.

INRIA Sophia-Antipolis, Oasis team INRIA Rhône-Alpes, Vasy team Feria–IRIT/LAAS, SVF team Toulouse GET - ENST Paris, LTCI team FIACRE Models and Tools.
The Grid Component Model: an Overview “Proposal for a Grid Component Model” DPM02 “Basic Features of the Grid Component Model (assessed)” -- DPM04 CoreGrid.

The Grid Component Model: an Overview “Proposal for a Grid Component Model” DPM02 “Basic Features of the Grid Component Model (assessed)” -- DPM04 CoreGrid.
The Grid Component Model and its Implementation in ProActive CoreGrid Network of Excellence, Institute on Programming Models D.PM02 “Proposal for a Grid.

The Grid Component Model and its Implementation in ProActive CoreGrid Network of Excellence, Institute on Programming Models D.PM02 “Proposal for a Grid.

Similar presentations

Ads by Google