Presentation is loading. Please wait.

Presentation is loading. Please wait.

Case Studies of POTA Hong, Shin 2016-01-10 1 / 38

Published byAbel Lester Modified over 8 years ago

Similar presentations

Presentation on theme: "Case Studies of POTA Hong, Shin 2016-01-10 1 / 38"— Presentation transcript:

1 Case Studies of POTA Hong, Shin 2016-01-10 1 / 38 Hong,Shin@PSWLab,KAIST

2 Case Studies of POTA Contents Introduction –POTA Case study # 1 : Distributed Dining Philosophers Case study # 2 : General Inter-ORB Protocol (GIOP) Conclusion Further Study 2016-01-10 2 / 38 Hong,Shin@PSWLab,KAIST

3 Case Studies of POTA Introduction 1/4 The importance of Software is getting increased.  Quality assurance of the software is very important today. To assure correctness of a software, –Traditional Testing –Formal verification  These are generally infeasible for a system with a large number of components and concurrency. Trace Analyzer –Specify requirements in formal language. –Extract status of process while a target program is executing. –Verify whether the trace is satisfied against a given formal requirement. 2016-01-10 3 / 38 Hong,Shin@PSWLab,KAIST

4 Case Studies of POTA Introduction 2/4 POTA : Partial Order Trace Analyzer Target on distributed programs. Use RCTL+ which is a subset of CTL to specify the requirements. Use partial order trace as simulation model. 2016-01-10 Hong,Shin@PSWLab,KAIST 4 / 38

5 Case Studies of POTA Introduction 3/4 Partial Order - A partial order R, events a, b, c, we have that: a R a if a R b and b R a then a = b if a R b and b R c then a R c 2016-01-10 Hong,Shin@PSWLab,KAIST 5 / 38

6 Case Studies of POTA Introduction 4/4 Partial Order Trace Analysis (1) Specify formal requirement of a system. (2) Extract interesting temporal relations between processes as partial order traces. (3) Create partial order trace with respect to extracted information. (4) Check whether partial order traces satisfy the requirement or not (simulating total order traces). 2016-01-10 Hong,Shin@PSWLab,KAIST 6 / 38

7 Case Studies of POTA Distributed Dining Philosophers1/24 Dining Philosophers Behavior of a Philosopher: Think, and eat continously. Philosopher must hold two forks in both hands to eat Philosophers are sitting in circular table. Every Philosopher shares forks; one with left side Philosopher and another with right side Philosopher. No starvation for any Philosopher. 2016-01-10 Hong,Shin@PSWLab,KAIST 7 / 38

8 Case Studies of POTA Distributed Dining Philosophers 2/24 Dining Philosophers in distributed system Every Philosopher has its own servant and sends the message of hunger to him. A servant sends messages to two neighbor servants. ; Messages of acquiring a fork and passing a fork. As Philosopher eats, forks that are used become dirty. Servant cleans a fork whenever he pass it to another servant. 2016-01-10 Hong,Shin@PSWLab,KAIST 8 / 38

9 Case Studies of POTA Distributed Dining Philosophers 3/24 2016-01-10 Hong,Shin@PSWLab,KAIST 9 / 38

10 Case Studies of POTA Distributed Dining Philosophers 4/24 Implementation in Concurrent Programming: The Java Programming Language by S. Hartley //message types class Hungry {} //Philosopher to servant class NeedL {}// servant to servant class NeedR {} class PassL {} class PassR {} 2016-01-10 Hong,Shin@PSWLab,KAIST 10 / 38

11 Case Studies of POTA Distributed Dining Philosophers 5/24 2016-01-10 Hong,Shin@PSWLab,KAIST 11 / 38 Behavior of a Philosopher to its Servant

12 Case Studies of POTA Distributed Dining Philosophers 6/24 Behavior of a Philosopher class Philosopher implements Runnable { int id ; public void run() { while (true) { think() ; myServant.takeForks(id) ; eat() ; myServant.putForks(id) ; } 2016-01-10 Hong,Shin@PSWLab,KAIST 12 / 38

13 Case Studies of POTA Distributed Dining Philosophers 7/24 class Servant implemented Runnable { private AsyncConditionalMessagePassing myChannel ; private BinarySemaphore sem_eat ; private BinarySemaphore sem_releaseForks ; public void takeForks(int id) { myChannel.send(new Hungry()) ; sem_eat.wait() ; } public void putForks(int id) { sem_releaseForks.release() ; } 2016-01-10 Hong,Shin@PSWLab,KAIST 13 / 38

14 Case Studies of POTA Distributed Dining Philosophers 8/24 Behavior of Servant 2016-01-10 Hong,Shin@PSWLab,KAIST 14 / 38

15 Case Studies of POTA Distributed Dining Philosophers 9/24 2016-01-10 Hong,Shin@PSWLab,KAIST 15 / 38 if (!haveL) left_servant_channel.send(new NeedL()) ; if (!haveR)right_servant_channel.send(new NeedR()) ; while (!(haveL && haveR)) { msg = get_a_message() ; if (msg instanceof PassL) haveL=true;dirtyL=false; else if (msg instanceof PassR) haveR=true;dirtyR=false; else if (msg instanceof NeedR){ haveL=false;dirtyL=false; left_servant_channel.send(new PassL()) ; left_servant_channel.send(new NeedL()) ; } else if (msg instanceof NeedL){ haveR=false;dirtyR=false; right_servant_channel.send(new PassR()) ; right_servant_channel.send(new NeedR()) ; }

16 Case Studies of POTA Distributed Dining Philosophers 10/24 class ServantCondition { private boolean hungry = false ; private boolean dirtyL = false ; private boolean dirtyR = false ; public boolean checkCondition(Object m) if (m instanceof Hungry) return true ; else if (!hungry) return true ; else if (m instanceof PassL || m instanceof PassR) return true ; else if (m instanceof NeedL && dirtyR) return true ; else if (m instanceof NeedR && dirtyL) return true ; else return false ; } 2016-01-10 Hong,Shin@PSWLab,KAIST 16 / 38

17 Case Studies of POTA Distributed Dining Philosophers 11/24 public static void main(String [] args) { …… for (int i = 0 ; i < N_of_Philosopher ; i++) servant[i].start() ; for (int i = 0 ; i < N_of_Philosopher ; i++) philosopher[i].start() ; …… } 2016-01-10 Hong,Shin@PSWLab,KAIST 17 / 38 …… age()=170, Philosopher 4 is thinking for 52 ms age()=220, Philosopher 4 wants to eat 330 unhungry philosopher 3 sends left fork 330 unhungry philosopher 0 sends right fork 390 hungry philosopher 4 got right fork 440 hungry philosopher 4 got left fork 440 philosopher 4 has both forks age()=440, Philosopher 4 is eating for 1842 ms age()=1210, Philosopher 1 wants to eat ……

18 Case Studies of POTA Distributed Dining Philosophers 12/24 2016-01-10 Hong,Shin@PSWLab,KAIST 18 / 38

19 Case Studies of POTA Distributed Dining Philosophers 13/24 Computational Tree Logic(CTL) –Path quantifier A: all full pathsE: some full path –Temporal logicG:alwaysF:eventuallyX:next time –Non-temporal predicates : λ : C → P (AP) where AP is atomic propositions AG(p), AF(p), EG(p), EF(p), EX(p), EX(p)[i], AX(p) where p is a non-temporal predicate. 2016-01-10 Hong,Shin@PSWLab,KAIST 19 / 38

20 Case Studies of POTA Distributed Dining Philosophers 14/24 Properties –Safety Property If a Philosopher is eating, any adjacent Philosophers can not start to eat. - The complement of ∨ i,j ∈ 0..(n-1) EF( eat i ∧ eat j ) while i, j are adjacent to each other –Liveness Property If a Philosopher feels hungry, the Philosopher definitely will eat. - The complement of ∨ i ∈ 0..(n-1) EF( hungry i ∧ EG( ¬ eat i )) - AG(EF(eat i )) 2016-01-10 Hong,Shin@PSWLab,KAIST 20 / 38

21 Case Studies of POTA Distributed Dining Philosophers 15/24 2016-01-10 Hong,Shin@PSWLab,KAIST 21 / 38

22 Case Studies of POTA Distributed Dining Philosophers 16/24 Instrumentation For each internal/send/receive event, we generate a vector clock and the values of the propositions in specification. 2016-01-10 Hong,Shin@PSWLab,KAIST 22 / 38 class VectorClock { int id, index, n_philosopher ; public int [] vectorClock ; private boolean think, hungry, eat ; …… synchronized void send(int j, int [] sentVectorClock ) ; synchronized void local( boolean think, boolean hungry, boolean eat) ; synchronized void receive(int j, int[] receivedVectorClock); }

23 Case Studies of POTA Distributed Dining Philosophers 17/24 synch void send(int j, int[] sentVectorClock) { increment() ; arrPrint(j, true) ; } synch void local( boolean think, boolean hungry, boolean eat ){ this.think=think;this.hungry=hungry;this.eat=eat; increment() ; arrPrint(id, true) ; } synch void receive(int j, int[] receivedVectorClock ){ for (int k = 0 ; k < n_philosopher ; k++) { vectorClock[k]= MAX(vectorClock[k], receivedVectorClock[k]); increment() ; arrPrint(j, false) ;} 2016-01-10 Hong,Shin@PSWLab,KAIST 23 / 38

24 Case Studies of POTA Distributed Dining Philosophers 18/24 class Message { public int id ; public int [] vectorClock = null ; Message(int id, vectorClock) { this.id=id; this.vectorClock=vectorClock;} } class Hungry extends Message { public Hungry(int id, int [] vc) { super(id, vc) ;} } …… 2016-01-10 Hong,Shin@PSWLab,KAIST 24 / 38

25 Case Studies of POTA Distributed Dining Philosophers 19/24 private void think() { think = true ; idle_for_a_while() ; } ⇓ private void think() { think = true ; vectorClock.local(think, hungry, eat) ; idle_for_a_while() ; } 2016-01-10 Hong,Shin@PSWLab,KAIST 25 / 38

26 Case Studies of POTA Distributed Dining Philosophers 20/24 public void run() { …… msg = get_a_message() ; …… } ⇓ public void run() { …… msg = get_a_message() ; vectorClock.receive(msg.id, msg.vectorClock) ; …… } 2016-01-10 Hong,Shin@PSWLab,KAIST 26 / 38

27 Case Studies of POTA Distributed Dining Philosophers 21/24 For two distinguishable events e and f, e happens before f if and only if (1) e occurs before f in the same process. (2) e is sending a message and f is a receiving of that message. (3) There exist e happens before g and g happens before f.  Events in the same process are totally ordered and events between different processes are partially ordered. 2016-01-10 Hong,Shin@PSWLab,KAIST 27 / 38

28 Case Studies of POTA Distributed Dining Philosophers 22/24 Result {(0,0),[0,0,0],[0,0,0],[false,false,false]}3 {(0,1),[1,0,0],[1,4,5],[true,false,false]}3 {(0,2),[2,0,0],[2,4,5],[false,true,false]}3 {(0,3),[3,0,0],[3,4,5],[false,false,true]}3 {(0,4),[4,0,0],[4,4,5],[false,false,false]}3 ……. {(1,0),[0,0,0],[0,0,0],[false,false,false]}3 {(1,1),[0,1,0],[6,1,5],[true,false,false]}3 {(1,2),[0,2,0],[6,2,5],[false,true,false]}3 {(1,3),[0,3,0],[6,3,5],[false,true,false]}1 {(1,4),[7,4,0],[13,4,6],[false,true,false]}2 {(1,5),[7,5,0],[13,5,6],[false,false,true]}3 {(1,6),[7,6,0],[13,6,6],[false,false,false]}3 {(1,7),[7,7,3],[13,7,6],[false,false,false]}2 {(1,8),[7,8,3],[13,8,6],[false,false,false]}1 ……. {(2,0),[0,0,0],[0,0,0],[false,false,false]}3 {(2,1),[0,0,1],[8,7,1],[true,false,false]}3 {(2,2),[0,0,2],[8,7,2],[false,true,false]}3 {(2,3),[0,0,3],[8,7,3],[false,true,false]}1 {(2,4),[0,0,4],[8,10,4],[false,true,false]}1 {(2,5),[9,3,5],[14,15,5],[false,true,false]}2 {(2,6),[9,8,6],[14,15,6],[false,true,false]}2 {(2,7),[9,8,7],[14,15,7],[false,false,true]}3 {(2,8),[9,8,8],[14,15,8],[false,false,false]}3 2016-01-10 Hong,Shin@PSWLab,KAIST 28 / 38

29 Case Studies of POTA Distributed Dining Philosophers 23/24 2016-01-10 Hong,Shin@PSWLab,KAIST 29 / 38 1.4 GHz Pentium 4 machine running Linux, 512MB main memory T: running time(sec)M: memory usage(MB)

30 Case Studies of POTA Distributed Dining Philosophers 24/24 Property 1 : 2016-01-10 Hong,Shin@PSWLab,KAIST 30 / 38

31 Case Studies of POTA GIOP 1/4 General Inter-ORB Protocol(GIOP) - ORB enables transparent client/server object interaction by linking potentially different systems. - ORB is the middleware that establishes the client- server relationship between objects. - GIOP is the standard protocol to allow communication of object invokation between objects. - GIOP messages Only client can send Request and CancelRequest Only server can send Reply and CloseConnection 2016-01-10 Hong,Shin@PSWLab,KAIST 31 / 38

32 Case Studies of POTA GIOP 2/4 Requirements i) After sending URequest message, a user should eventually receive the corresponding UReply message. The complement of EF(URequestSent i ^EG(¬UReplyReceived i )) for all user i ii) After sending an SRequest, the GIOP agent should receive a corresponding SReply The complement of EF(CRequestSent i ^EG(¬CReplyReceived i )) for all agent i 2016-01-10 Hong,Shin@PSWLab,KAIST 32 / 38

33 Case Studies of POTA GIOP 3/4 2016-01-10 Hong,Shin@PSWLab,KAIST 33 / 38

34 Case Studies of POTA GIOP 4/4 2016-01-10 Hong,Shin@PSWLab,KAIST 34 / 38 1.4 GHz Pentium 4 machine running Linux, 512MB main memory T: running time(sec)M: memory usage(MB)

35 Case Studies of POTA Conclusion POTA is scalable in the number of concurrent process. POTA is also scalable in the size of predicate POTA only works for distributed system. Extracting Happen before relation automatically is challenging. Still can not prove the correctness of program. 2016-01-10 Hong,Shin@PSWLab,KAIST 35 / 38

36 Case Studies of POTA Further Study MaC HAWK and EAGLE More survey on Trace analyzer 2016-01-10 Hong,Shin@PSWLab,KAIST 36 / 38

37 Case Studies of POTA References [1] A Sen&V K. Garg, Partial Order Trace Analyzer for Distributed Programs, 2003. [2] A Sen&V K.Garg, Formal Verification of Simulation Traces Using Computation Slicing, 2006. [3] Formalization and validation of the General Inter-ORB Protocol(GIOP) using P ROMELA and S PIN, Moataz Kamel&Stefan Leue, 2000. 2016-01-10 37 / 38 Hong,Shin@PSWLab,KAIST

38 Case Studies of POTA Discussion 2016-01-10 38 / 38 Hong,Shin@PSWLab,KAIST

Download ppt "Case Studies of POTA Hong, Shin 2016-01-10 1 / 38"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.

Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Operating Systems: Monitors 1 Monitors (C.A.R. Hoare) higher level construct than semaphores a package of grouped procedures, variables and data i.e. object.

Operating Systems: Monitors 1 Monitors (C.A.R. Hoare) higher level construct than semaphores a package of grouped procedures, variables and data i.e. object.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
Algorithmic Software Verification VII. Computation tree logic and bisimulations.

Algorithmic Software Verification VII. Computation tree logic and bisimulations.
Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.

Alan Shaffer, Mikhail Auguston, Cynthia Irvine, Tim Levin The 7th OOPSLA Workshop on Domain-Specific Modeling October 21-22, 2007 Toward a Security Domain.
Practice Session 7 Synchronization Liveness Deadlock Starvation Livelock Guarded Methods Model Thread Timing Busy Wait Sleep and Check Wait and Notify.

Practice Session 7 Synchronization Liveness Deadlock Starvation Livelock Guarded Methods Model Thread Timing Busy Wait Sleep and Check Wait and Notify.
Runtime Verification Ali Akkaya Boğaziçi University.

Runtime Verification Ali Akkaya Boğaziçi University.
Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.

Temporal Logic and the NuSMV Model Checker CS 680 Formal Methods Jeremy Johnson.
CS6133 Software Specification and Verification

CS6133 Software Specification and Verification
Chapter 6: Process Synchronization

Chapter 6: Process Synchronization
/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.

/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.
1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.

1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.
Monitors Chapter 7. The semaphore is a low-level primitive because it is unstructured. If we were to build a large system using semaphores alone, the.

Monitors Chapter 7. The semaphore is a low-level primitive because it is unstructured. If we were to build a large system using semaphores alone, the.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
Common Object Request Broker Architecture (CORBA) By: Sunil Gopinath David Watkins.

Common Object Request Broker Architecture (CORBA) By: Sunil Gopinath David Watkins.
An Associative Broadcast Based Coordination Model for Distributed Processes James C. Browne Kevin Kane Hongxia Tian Department of Computer Sciences The.

An Associative Broadcast Based Coordination Model for Distributed Processes James C. Browne Kevin Kane Hongxia Tian Department of Computer Sciences The.
Ordering and Consistent Cuts Presented By Biswanath Panda.

Ordering and Consistent Cuts Presented By Biswanath Panda.
CS 290C: Formal Models for Web Software Lecture 3: Modeling Navigation Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 3: Modeling Navigation Instructor: Tevfik Bultan.

Similar presentations

Ads by Google