Download presentation

Presentation is loading. Please wait.

Published byFabiola Trone Modified over 2 years ago

1
Enforcing Concurrent Temporal Behaviors Doron Peled, Dept. of CS University of Warwick

2
Verification of systems Modeling (translating) Verifying Checking against original code Code, Design Some representation Counterexample Failed. Some feedback information Passed, inform developers!!

3
Problems: Given as a sequence of states/events: zConcurrent information is lost. zLong and complicated. So where is the error among 2,375 states in the sequence? zIf concurrent/nondeterministic, may not actually happen when running the code under same initial state+input.

4
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes Initially: turn=1

5
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

6
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

7
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

8
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

9
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

10
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

11
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

12
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

13
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

14
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes Initially: turn=1 (same)

15
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

16
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

17
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

18
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

19
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

20
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

21
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

22
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

23
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

24
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

25
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

26
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

27
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

28
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

29
0:START P1 11:c1:=1 12:true 13:end 2:c1:=0 8:c2=0? 7:turn=2? 6:c1:=0 3:c1:=1 11:turn:=2 10:c1:=1 9:critical-1 4:no-op 5:turn=2? no no no noyes yes yes yes 0:START P2 11:c2:=1 12:true 13:end 2:c2:=0 8:c1=0? 7:turn=1? 6:c2:=0 3:c2:=1 11:turn:=1 10:c2:=1 9:critical-2 4:no-op 5:turn=1? no no no noyes yes yes yes

30
Goals zGuaranteeing the same execution. zMinimal changes to the software. zPreserving concurrency independence. zPreserve the checked property. zApplying the transformation to finite sequences as well as ultimately periodic ones.

31
First execution again: (p1(0):start) (P2(0):start) [P1(1):c1:=1] [P2(1):c2:=1] yes [p2(2):c2:=0] no

32
How to obtain the order? zDefine dependency D (A A) relation: ya and b are in the same process, or ya and b use or define (update) same variable. zMake the following restrictions on occurrences in : ya k occurs before b l in the sequence , and ya and b are interdependent.

33
Causal constraints: (p1(0):start) (P2(0):start) [P1(1):c1:=1] [P2(1):c2:=1] yes [p2(2):c2:=0] no Same process P1 (same program counter)

34
More causal constraints (p1(0):start) (P2(0):start) [P1(1):c1:=1] [P2(1):c2:=1] yes [p2(2):c2:=0] no Same process P2 (same program counter)

35
Even more constraints: (p1(0):start) (P2(0):start) [P1(1):c1:=1] [P2(1):c2:=1] yes [p2(2):c2:=0] no The mutual use of variable c1 in both processes.

40
Need to add to the program: zFor each pair of processes p i and p j with some occurrences a k -->b l there is a variable V ij zAfter a k we perform Free ij : V ij := V ij + 1 zBefore b l we perform Wait ij : wait V ij >0 then V ij := V ij - 1 zCount all actions that need to be synchronized. Make syncrhonization on correct count.

41
In what sense did we preserve the concurrency? zOne way of looking at a concurrent execution is to observe all the linearizations into total orders. zThe given sequence is a linearization of some partial order execution E. zBut when we transform the program, we add some actions. zInformally: We obtain E’. When removing the additional actions, we obtain E. zWhen removing the additional actions from lin(E’) we obtain lin(E).

42
Some notation zCl D ( ) The sequences obtained from after commuting independent actions. zHide B (S) The sequences obtained from the ones in S by omitting the events in B. zExec(P) The executions of program P. zWe add actions A’ such that D’ (A A)=D. (dependency between old actions unaffected). zIf we transform the program into a program P’, we obtain that Hide A’ \ A (Exec (P’ ))= Cl D ( )

43
Preserving a temporal property zSuppose we selected a sequence since it satisfied (or failed) property L (language). zProblem: when both: yCl D ( ) L yCl D ( ) L zHow to solve this?

44
A solution zSearch a graph where each node is one of the equivalent executions, with original node . zAn edge exists between a two nodes if one is obtained from the other by one shuffle of actions. zWhenever the shuffle does not preserve property, insert another Wait/Free pair. Rename such pair of events and make them interdependent (so other occurrences are unaffected). zCost: expensive (can be exponential in number of processes). zNP-complete: May guess the interleaving of the path and the place of bad commutation, then check it. Hardness from Hamiltonian Path.

45
Simpler approximation zAssume property closed under stuttering. zCheck which actions can affect the propositions that appear in the property. zMake these actions interdependent. zComplexity: Low. Quadratic in number of transitions.

46
Ultimately periodic sequences. zTest sequences for unbounded length of time. Finite prefix v, finite recurring sequence w. Can take care of both parts v, w separately. One possibility: Make an artificial syncrhonization between the end of v and the beginning of w. zAnother possibility: create a graph, where P are processes, and p i -->p j E if there are some events a k -->b l belonging to p i, p j, respectively. v w

47
There are three cases: 1 There is a single strongly connected component. In this case, in some linearizations, the i+1st iteration may start in some processes while the i th iteration still executes in others. 2 The graph includes all the processes in different components. Then there can be arbitrary overtaking between the iterations. 3 The graph does not include all the processes. In this case, it might be that the sequence was “unfair”, and some additional actions and interactions occurs. Then synchronization is advised.

48
Conculusions zGiven a counterexample, we may need to execute it on the checked code. zNeed to transform code to enforce execution when nondeterminism present. zMore synchronization for preserving temporal properties. zSeveral cases for preserving ultimately periodic executions.

Similar presentations

OK

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

1 Formal Methods in SE Qaisar Javaid Assistant Professor Lecture # 11.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on kirchhoff's current and voltage laws Ppt on media revolution help Ppt on game theory poker Ppt on latest technology in electrical engineering Ppt on job rotation pros Ppt on kinetic energy and potential energy Ppt on french revolution class 9 Ppt on viruses and anti viruses for computer Ppt on beer lambert law practice Ppt on polynomials and coordinate geometry graph