Presentation is loading. Please wait.

Presentation is loading. Please wait.

Products of MSC-Graphs Philippe Darondeau Blaise Genest Loïc Hélouët IRISA Laboratory / CNRS&INRIA Rennes, France.

Published byDominick Griffin Modified over 8 years ago

Similar presentations

Presentation on theme: "Products of MSC-Graphs Philippe Darondeau Blaise Genest Loïc Hélouët IRISA Laboratory / CNRS&INRIA Rennes, France."— Presentation transcript:

1 Products of MSC-Graphs Philippe Darondeau Blaise Genest Loïc Hélouët IRISA Laboratory / CNRS&INRIA Rennes, France

2 General context of MSC-Graphs Use Representatives for Modeling & Verification of communication protocol. 1)Define an equivalence relation on executions: u ´ v 2)Define the equivalence closure: [X] = {u j v 2 X and u ´ v } 3)To Check M Å P = ; with [P]=P and [M]=M (M,P closed), it suffices to check R Å P = ; with [R]=M. (that is, for all u 2 M, there exist v 2 R with u ´ v) R is called a set of representatives for M, can have much fewer states than the model M. (Think about Symmetry reduction)

3 Communication Protocols: Infinite States Problem1: Model M cannot be given effectively (infinite states), and Hard to get R with [R]=M. Solution: We work only with representatives from the beginning! The Specification is R, a set of representatives, representing [R]=M Problem 2: Give powerful primitives/operators on representatives set to describe everything we want to model

4 What we want to model: -Concatenation of Models. -Loop on Model. -Choice of Models. -Parallel Composition.

5 Communicating Protocols Communicating Protocol: Set of Processes P. Actions on each process and messages sent from one process to another one. Execution of a Protocol: p(PSW) p!q(m) q(STRT) q?p(m) q(CheckID) Process p computes password Process p sends message m to q Process q receives message m Process q check the User ID Process q starts

6 Communicating Protocols p(PSW) p!q(m) q(STRT) q?p(m) q(CheckID) A message can be received Only after it is sent Dependancies: message relation + process total order + FIFO Process p does things sequencially Process q does things sequencially q?p(m) is the receive associated with send p!q(m) only if q?p(m) is the x-th message m received by q from p and p!q(m) is the x-th message m sent by p to q. FIFO:

7 Equivalence for Protocols Everything which is not dependant can commute: p(PSW) p!q(m) q(STRT) q?p(m) q(CheckID) p(PSW) q(STRT) p!q(m) q?p(m) q(CheckID) q(STRT) p(PSW) p!q(m) q?p(m) q(CheckID) ´ ´ Protocols are closed for this equivalence relation

8 Message Sequence Charts qp m Norm of the International Telecomunication Union (ITU) p(PSW) p!q(m) q(STRT) q?p(m) q(CheckID) p(PSW) q(STRT) p!q(m) q?p(m) q(CheckID) q(STRT) p(PSW) p!q(m) q?p(m) q(CheckID) ´ ´ PSW STRT CheckID Instead of choosing one representant, give a visual illustration of what happens = Message Sequence Chart MSC. (Partial Order, no cycle)

9 Regular Operators for Representatives -Concatenation of Models [M.M’] = [[R]. [R’]] = [R.R’] : R.R’ is a set of rep. -Loop on Model [M*] = [[R]*] = [R*] : R* is a set of rep. -Choice between Models M Ç M’ = [R] Ç [R’] = [R Ç R’] : R Ç R’ is set of rep. = Concatenation of representatives. = Loop on representatives. = Choice between representatives. Take [R]= M and [R’]=M’ Easy because operator commutes with [].

10 MSC-Graphs AB login AB Id AB NOK OK Identification Scenario R Norm of the International Telecomunication Union (ITU) MSC-Graph = Regular set (automaton) of Representatives

11 MSC-Graphs AB login AB Id AB NOK OK A!B(login) B?A(login) A(Id) B!A(OK) B!A(NOK) A?B(OK) A?B(NOK) 2 [R]=M ´ A!B(login) B?A(login) A(Id) B!A(OK) A?B(OK) B!A(NOK) A?B(NOK) 2 R R AB login Id OK NOK 2 [R]

12 What we want to model: -Concatenation of Models. -Loop on Model. -Choice of Models. -Parallel Composition.

13 Product of MSC Graphs AB login AB Id AB AB search AB AB NOK OK KO content Identification Scenario Search Scenario

14 Parallel Composition M // M’ = {w // w’ | [w]=M,[w’]=M’} Problem:M // M’  [R // R’] u 1 u 2 u 3 u 4 // v 1 v 2 v 3 v 4 = shuffle of u and v, e.g. u 1 u 2 v 1 u 3 u 4 v 2 v 3

15 Problem: M // M’  [R // R’] Id Idea: Create a regular R // (MSC-Graph) with [R // ] = M // M’ Bad news: R // does not always exists . AB AB m1 m2 Idea2: Check if there exists a regular R // with [R_{//}] = M // M’ AB m1m2 Cannot be generated by a MSC-graph RR’ 2 [R]//[R’]

16 Existential Boundedness AB m1 R Property: Let R a regular set (MSC-graph) with n states, u 2 R. Then u is n/2 bounded (difference number of messages sent and received in any channel is · n/2 in any prefix of u) Corollary: Let R a regular set (MSC-graph) with n states, u 2 [R]. Then u is equivalent with a n/2-bounded execution. We say that [R] is existentially n/2 bounded (every MSC of [R] has a n/2 bounded execution).

17 Existential Boundedness AB m1m2 MSC M k not existentially k-1 bounded. So (M k ) k not existentially bounded. So (M k ) k cannot be generated by a MSC-graph So [R // ] = [R] // [R’] does not exists with R // a MSC-graph k k k k MkMk Corollary: Let R a regular set (MSC-graph). then [R] is existentially bounded. Idea3: Check if [R] // [R’] is existentially bounded

18 Testing 9 -k-Boundedness of MSC AB m1m2 k k k k MkMk Prop[Lohrey-Muscholl’04]: process order + message order + rev k-1 is acyclic iff M is 9 -(k-1)-bounded (if cycle, 2p points needed to make the cycle) Add order rev k-1 between a n-th receive and n+k-1-th send on same channel MSC not 9 -(k-1)-bounded if no execution (k-1)-bounded: We cannot impose every n-th receive to be before the n+k-1-th send on same channel. It is not possible (creates a cycle). For instance, between 1st receive and k-th send.

19 Testing 9 -k-Boundedness of Product AB m1m2 2 [R]//[R’] AB m1 2 [R] AB m2 2 [R’] MSC of product described by 2 MSCs + relations not creating cycles. Relations not creating cycles + 2 MSCs represent set of MSCs of product.

20 Testing 9 -k-Boundedness of Product Problem: cannot keep track of all relations with bounded memory because no bound on size of MSCs. Solution: we non deterministically guess 2 executions of R and R’ in parallel, 2p points e 1.. e 2p, the relations between e 1.. e 2p. M1  [w]//[w’] can have out of order events wrt w,w’, But only finite number of future to remember We check 1)no cycle with process order + message order + on e 1.. e 2p (it means there is an MSC in the product) 2) cycle with process order + message order + + rev k on e 1.. e 2p (it means this MSC is not existentially bounded) Th: Check whether [R] // [R’] is existentially-k-bounded is PSPACE Problem: what if k is not given?

21 Testing 9 -Boundedness of Product Prop[Darondeau-G-Helouet’08]: [R] // [R’] is existentially bounded iff It is 9 -n-bounded, where n depends only on |R|+|R’| Solution: Pumping lemma. Problem: what if k is not given? Th[Darondeau-G-Helouet’08]: Check whether [R] // [R’] is existentially-bounded is PSPACE Problem: what if k is not given?

22 Much More in the Paper! Work same for safe Compositional MSC-graphs (still regular set of representatives) Th[Darondeau-G-Helouet’08] If product existentially bounded, we can generate R // with [R // ] = [R] // [R’] granted R or R’ is globally-cooperative. + Controlled Shuffle!

23 Product of MSC Graphs AB login AB Id AB AB search AB AB NOK OK KO content Identification Scenario Search Scenario Problem: a search can be done while the user is not logged in

24 Controlled Shuffle AB login AB Id AB AB sync AB search AB AB AB sync NOK OK KO content Identification Scenario Search Scenario Sync is a synchronization point, both scenarios should pass it in same time Means that B answer a search request only if A is logged in.

25 Result on Controlled Shuffle Th[Darondeau-G-Helouet’08]: Undecidable to test whether [R] // [R’] is existentially-bounded if synchronization point on 2 processes or more. (encode PCP) Th[Darondeau-G-Helouet’08]: Checking whether [R] // [R’] is existentially-bounded is PSPACE (same as before) Th[Darondeau-G-Helouet’08]: Check whether [R] // [R’] is existentially-bounded is Co-NP-hard It is co-NP-complete if no content of messages. If synchronizations on a single process:

26 Conclusion: Under certain condition, decidable whether there exists a regular R // with [R // ] = [R] // [R’], and then we can check it What about non regular R // ? We can use R // = rational trace language, that is a causal MSC-graph! (equivalently another relation []) Observation : such a R // always exists when control on one process. (independance relation a I b if a   i  b   i ) Probably: decidable to know whether caMSC-graphs is Existentially-bounded Important to compare two caMSC-graphs with different I, Since this question is in general probably undecidable.

Download ppt "Products of MSC-Graphs Philippe Darondeau Blaise Genest Loïc Hélouët IRISA Laboratory / CNRS&INRIA Rennes, France."

Similar presentations

Model checking with Message Sequence Charts Doron Peled Collaborators: R. Alur, E. Gunter, G. Holzmann, A. Muscholl, Z. Su Department of Computer Science.

Model checking with Message Sequence Charts Doron Peled Collaborators: R. Alur, E. Gunter, G. Holzmann, A. Muscholl, Z. Su Department of Computer Science.
Global States in a Distributed System By John Kor and Yvonne Cheng.

Global States in a Distributed System By John Kor and Yvonne Cheng.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Lecture 24 MAS 714 Hartmut Klauck

Lecture 24 MAS 714 Hartmut Klauck
8/27/2009 Sofya Raskhodnikova Intro to Theory of Computation L ECTURE 2 Theory of Computation Finite Automata Operations on languages Nondeterminism L2.1.

8/27/2009 Sofya Raskhodnikova Intro to Theory of Computation L ECTURE 2 Theory of Computation Finite Automata Operations on languages Nondeterminism L2.1.
Non Interference, Open Systems, Information flows quantification Loïc HélouëtINRIA Rennes.

Non Interference, Open Systems, Information flows quantification Loïc HélouëtINRIA Rennes.
Timed Automata.

Timed Automata.
Pushdown Automata Chapter 12. Recognizing Context-Free Languages Two notions of recognition: (1) Say yes or no, just like with FSMs (2) Say yes or no,

Pushdown Automata Chapter 12. Recognizing Context-Free Languages Two notions of recognition: (1) Say yes or no, just like with FSMs (2) Say yes or no,
Programming Paradigms for Concurrency Lecture 11 Part III – Message Passing Concurrency TexPoint fonts used in EMF. Read the TexPoint manual before you.

Programming Paradigms for Concurrency Lecture 11 Part III – Message Passing Concurrency TexPoint fonts used in EMF. Read the TexPoint manual before you.
The Big Picture Chapter 3. We want to examine a given computational problem and see how difficult it is. Then we need to compare problems Problems appear.

The Big Picture Chapter 3. We want to examine a given computational problem and see how difficult it is. Then we need to compare problems Problems appear.
Parosh Aziz Abdulla Pritha Mahata Aletta Nyl é n Uppsala University Downward Closed Language Generators.

Parosh Aziz Abdulla Pritha Mahata Aletta Nyl é n Uppsala University Downward Closed Language Generators.
Merged Processes of Petri nets Victor Khomenko Joint work with Alex Kondratyev, Maciej Koutny and Walter Vogler.

Merged Processes of Petri nets Victor Khomenko Joint work with Alex Kondratyev, Maciej Koutny and Walter Vogler.
1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.

1 Towards formal manipulations of scenarios represented by High-level Message Sequence Charts Loïc Hélouet Claude Jard Benoît Caillaud IRISA/PAMPA (INRIA/CNRS/Univ.
The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.

The Language Theory of Bounded Context-Switching Gennaro Parlato (U. of Illinois, U.S.A.) Joint work with: Salvatore La Torre (U. of Salerno, Italy) P.
CS21 Decidability and Tractability

CS21 Decidability and Tractability
1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Decidable Languages Prof. Amos Israeli.
1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.

1 Introduction to Computability Theory Lecture12: Reductions Prof. Amos Israeli.
Ordering and Consistent Cuts Presented By Biswanath Panda.

Ordering and Consistent Cuts Presented By Biswanath Panda.
Lecture 8 Recursively enumerable (r.e.) languages

Lecture 8 Recursively enumerable (r.e.) languages
1 More Properties of Regular Languages. 2 We have proven Regular languages are closed under: Union Concatenation Star operation Reverse.

1 More Properties of Regular Languages. 2 We have proven Regular languages are closed under: Union Concatenation Star operation Reverse.

Similar presentations

Ads by Google