Presentation is loading. Please wait.

Presentation is loading. Please wait.

Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Verification of Distributed Applications Eric Madelaine work with Isabelle Attali, Tomás Barros, Rabéa.

Published byAriel Stevenson Modified over 8 years ago

Similar presentations

Presentation on theme: "Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Verification of Distributed Applications Eric Madelaine work with Isabelle Attali, Tomás Barros, Rabéa."— Presentation transcript:

1 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Verification of Distributed Applications Eric Madelaine work with Isabelle Attali, Tomás Barros, Rabéa Boulifa, Christophe Massol, Alejandro Vera OASIS Project: INRIA, CNRS-I3S, UNSA Nov. 2004

2 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Goal Automatic verification of properties of distributed systems. Graphical / Logical Behaviour Specifications Code analysis Model Automatic tools, diagnostics, etc. Behaviour properties : communication events (with values) deadlocks, reachability, temporal ordering of requests -

3 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Challenges Specification language : » usable by non-specialists Automatic verification : » construction of models from source code » integrated software Standard, state-of-the-art model checkers : » finite state models, » hierarchical models, compositional construction

4 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Challenges (2) Complexity of (Distributed) Software Verification Classical approaches: – BDDs, partial orders, data-independance, symmetry, state abstractions – Value-passing systems, bounded model-checking, data abstractions – Hierarchical construction, compositional reduction techniques Parameterized / Infinite systems – ad-hoc, problem-specific solutions (induction, widening, etc.) Safe Abstractions Parameterized Models Automatic Tools

5 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Plan Parameterized hierarchical models Graphical Specification Language Extracting Models from ProActive Code Compositional verification Components

6 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Model (1) : Synchronisation Networks Labelled Transition Systems (LTS) : Synchronisation Network (Net) : –operator over transition systems (finite arity, arguments with sorts) –synchronisation vectors : Ag <- [*, *, a3, *, a4, a5, *] –dynamic synchronisation : transducers Synchronisation product : builds a global LTS from a Net of arity n, and n argument LTSs. Arnold 1992 : synchronisation networks Lakas 1996 : Lotos open expressions Boulifa, Madelaine 2003, Model generation for distributed Java programs, Fidji’03

7 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Process Parameters : –denotes families of LTSs. Variables : –associated to each state, assigned by transitions. Simple (countable) Types : –booleans, finite enumerations, integers and intervals, records. Parameterized LTS (pLTS) with parameterized transitions : (2) Parameterized Transition Systems [b]  (x), x’:=e(x)

8 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Synchronisation Network (pNet) > –global action alphabet pAg, –finite set of arguments, each with sort pI i and params K i, corresponding to as many actual arguments as necessary in a given instantiation, –parameterized synchronisation vectors pAg <- [*, *, a3(k3), *, a4(k4), *] Instantiation : for a finite abstraction of the parameters domains D v (3) Parameterized Networks Finite Network pLTS x D v  LTS pNet x D v  Net

9 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Graphical Models

10 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Graphical Models : – Less powerful than general parameterized models (static, finite, 1-1 communication). – More intuitive : can be used by non-specialists. Models Generated from Code : – Very expressive : encode various schemes of communication. Use common model to compare specification versus implementation (preorders).

11 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Extracting models : principles

12 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 ProActive : distributed activities Active objects communicate by Remote Method Invocation. Each active object: has a request queue (always accepting incoming requests) has a body specifying its behaviour (local state and computation, service of requests, submission of requests) manages the « wait by necessity » of responses (futures)

13 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 ProActive : High level semantics Independence wrt. distribution Guarantee and Synchrony of delivery : –RdV mechanism ensures the delivery of requests, and of responses. Determinism / Confluence : –Asynchronous communication and processing do not change the final result of computation. ASP Calculus: D. Caromel, L. Henrio, B. Serpette, “Asynchronous and Deterministic Objects”, POPL’2004

14 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Step 1: Front end abstractions Various methods for simplifying source code, with respect to a (set of) properties to be proven: –Data abstraction : transform the application data domains into “simple types”. –Slicing : only keep variables and instructions influencing the property of interest. The BANDERA toolset offers modules for slicing and data abstraction. We have adapted them to deal with ProActive code. We use JIMPLE as an intermediate code for defining our static analysis functions (simpler than bytecode).

15 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Step 2 : Parameterized Call Graphs control flow : class analysis + method calls data flow : sequences of instructions (bytecode level) distribution : identification of active objects in the code: activities, remote calls, futures. Complex static analysis : –class analysis –alias analysis –approximation of object topology –simulation of generated code.

16 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Step 3a : Model generation Global Network Static topology : finite number of parameterized activities. ­Identify parameters ­Build boxes and links for each activity For each Active Object Class : –Body : parameterized network of LTSs –local method calls : synchronisation messages –remote calls : “wait by necessity” using proxy processes –requests queue : the main potential blow-up…! AjAj QjQj serve PjPj Req use

17 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Step 3b : Model generation Global Network Property : for each distributed active object class, starting from source code with abstracted data (simple types), our procedure terminates and builds a finite parameterized model.

18 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Step 3c : Model generation Method LTS One pLTS for each method in the Active Object For each method : – a residual algorithm for crossing the pMCG – generates a parameterized LTS of linear size (each pMCG node is crossed only once) – imprecision of the static analysis results in non- determinism.

19 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Approximations from static analysis: –class imprecision –remote/local objects Local calls : sends an activation message to the corresponding process, and waits for the return message. Remote calls : sends a request message to the proxy and to the remote object. Example : Call rule

20 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Buffer Network Buf.Body put Buf.Queue get

21 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Large case-study: Electronic Invoices in Chile

22 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Electronic Invoices in Chile Barros, Madelaine “Formalisation and Verification of the Chilean electronic invoice system”, SCCC’04 Arica and INRIA report RR-5217, june 2004. 15 parameterized automata / 4 levels of hierarchy state explosion: grouping, hiding, reduction by bisimulation instantiating 7 parameters yields > millions of states...

23 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Parameterized Properties True/False + diagnostic Logical parameterized LTS Parameterized temporal logics

24 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Prototype tools pNET (FC2 param) Graphical Editor ProActive Code ProActive Code Data Abstraction pMCG Static Analysis Bandera + Soot + Spark + Reqs Behaviour Semantics (CAML) Translation EXP pNET (FC2) Instantiation Link Product Minimisation Equivalences Minimisation Model-check Equivalences Preorders FC2Tools CADP

25 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Distributed Componants Context : –Very few established models for hierarchical distributed components –Provide/Require interfaces »Correctness = standard typing of RPC –Research ongoing on Behavioural Typing Tracks : –Fractal Hierarchical model –Fractal / ProActive Distributed Components –pNets as behavioural types for composition.

26 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Fractal hierarchical model : composites encapsulate primitives, which encapsulates Java code Component Identity Binding Controller Lifecycle Controller Content Controller Content Controller

27 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Fractal + ProActive Components for the GRID An activity, a process, … potentially in its own JVM 2. Composite component C 1. Primitive component Java + Legacy 3. Parallel and composite component D Composite: Hierarchical, and Distributed over machines Parallel: Composite + Broadcast (group)

28 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Components : correct composition Behaviour is an essential part of a component specification. Model of components : – primitive = pLTS – composite = pNet – state-less component = static pNet – controller = transducer Correctness of composition : – implementation preorder ? Content Controller

29 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Conclusions Parameterized, hierarchical model. Graphical specification language. Validated with a realistic case-study. Generation of models from ProActive code. Ongoing development of prototype tools, incorporation within a verification platform. ( ACI-SI Fiacre : INRIA-Oasis, INRIA-Vasy, ENST-Paris, SVF )

30 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Perspectives Refine the graphical language, extend to other ProActive features, extend the formalization of abstractions. (Direct) parameterized verification. Behavioural specifications of components, correct compositions. http://www-sop.inria.fr/oasis/Vercors

31 Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Thank you http://www-sop.inria.fr/oasis/Vercors

Download ppt "Eric MadelaineOSCAR Workshop -- Santiago Nov. 2004 Verification of Distributed Applications Eric Madelaine work with Isabelle Attali, Tomás Barros, Rabéa."

Similar presentations

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.

The Quest for Correctness Joseph Sifakis VERIMAG Laboratory 2nd Sogeti Testing Academy April 29th 2009.
Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,

Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,
Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.

Tintu David Joy. Agenda Motivation Better Verification Through Symmetry-basic idea Structural Symmetry and Multiprocessor Systems Mur ϕ verification system.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
European Commission Directorate-General Information Society Unit F2 – Grid Technologies INSERT PROJECT ACRONYM HERE BY EDITING THE MASTER SLIDE (VIEW.

European Commission Directorate-General Information Society Unit F2 – Grid Technologies INSERT PROJECT ACRONYM HERE BY EDITING THE MASTER SLIDE (VIEW.
Timed Automata.

Timed Automata.
/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.

/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.
Denis Caromel1 Joint work with Ludovic Henrio – Eric Madelaine et. OASIS members OASIS Team INRIA -- CNRS - I3S – Univ. of Nice Sophia-Antipolis, IUF.

Denis Caromel1 Joint work with Ludovic Henrio – Eric Madelaine et. OASIS members OASIS Team INRIA -- CNRS - I3S – Univ. of Nice Sophia-Antipolis, IUF.
ISBN 0-321-33025-0 Chapter 3 Describing Syntax and Semantics.

ISBN Chapter 3 Describing Syntax and Semantics.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
An Associative Broadcast Based Coordination Model for Distributed Processes James C. Browne Kevin Kane Hongxia Tian Department of Computer Sciences The.

An Associative Broadcast Based Coordination Model for Distributed Processes James C. Browne Kevin Kane Hongxia Tian Department of Computer Sciences The.
Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,

Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,
Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.

Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.
1 IFM 2005 – November 30, 2005 EXP.OPEN 2.0 A flexible tool integrating partial order, compositional, and on-the-fly verification methods Frédéric Lang.

1 IFM 2005 – November 30, 2005 EXP.OPEN 2.0 A flexible tool integrating partial order, compositional, and on-the-fly verification methods Frédéric Lang.
Communication in Distributed Systems –Part 2

Communication in Distributed Systems –Part 2
Describing Syntax and Semantics

Describing Syntax and Semantics
1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.
Optimisation of behaviour of component-based distributed systems INRIA - I3S - CNRS – University of Nice Sophia-Antipolis EPC SCALE Galyna Zholtkevych.

Optimisation of behaviour of component-based distributed systems INRIA - I3S - CNRS – University of Nice Sophia-Antipolis EPC SCALE Galyna Zholtkevych.
02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.
Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine.

Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine.

Similar presentations

Ads by Google