An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

Slides:

Advertisements

Similar presentations

Synthesis of Protocol Converter Using Timed Petri-Nets Anh Dang Balaji Krishnamoorthy Manoj Iyer Presented by:

Advertisements

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

MOdel-based GENeration of Tests for Embedded Systems # FP7-ICT Embedded Systems Design WP3: Qualitative Fault Modelling András Pataricza,

Model Checking for an Executable Subset of UML Fei Xie 1, Vladimir Levin 2, and James C. Browne 1 1 Dept. of Computer Sciences, UT at Austin 2 Bell Laboratories,

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

The cardiac pacemaker – SystemJ versus Safety Critical Java Heejong Park, Avinash Malik, Muhammad Nadeem, and Zoran Salcic. University of Auckland, NZ.

Formal Modelling of Reactive Agents as an aggregation of Simple Behaviours P.Kefalas Dept. of Computer Science 13 Tsimiski Str Thessaloniki Greece.

Eugene Syriani * † Hans Vangheluwe * ‡ Amr Al Mallah * † * ‡ Tuscaloosa, AL Montreal, Canada Antwerp, Belgium.

/ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by.

Automatic Verification of Component-Based Real-Time CORBA Applications Gabor Madl Sherif Abdelwahed

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

CMPT 431 Dr. Alexandra Fedorova Lecture VIII: Time And Global Clocks.

Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

Models of Computation for Embedded System Design Alvise Bonivento.

TinyOS Software Engineering Sensor Networks for the Masses.

/department of mathematics and computer science Visualization of Transition Systems Hannes Pretorius Visualization Group

Model-based Analysis of Distributed Real-time Embedded System Composition Gabor Madl Sherif Abdelwahed

Interface-based Design Donald Chai EE249. Outline Orthogonalization of concerns Formalisms Interface-based Design Example Cheetah Simulator Future Inroads.

1 Formal Engineering of Reliable Software LASER 2004 school Tutorial, Lecture1 Natasha Sharygina Carnegie Mellon University.

Chapter 8 Asynchronous System Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.

Process-oriented System Automation Executable Process Modeling & Process Automation.

Presenter : Cheng-Ta Wu Vijay D’silva, S. Ramesh Indian Institute of Technology Bombay Arcot Sowmya University of New South Wales, Sydney.

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

Cheng/Dillon-Software Engineering: Formal Methods Model Checking.

© Siemens AG, CT SE 1, Dr. A. Ulrich C O R P O R A T E T E C H N O L O G Y Research at Siemens CT SE Software & Engineering Development Techniques.

(C) 2009 J. M. Garrido1 Object Oriented Simulation with Java.

1. 2 Purpose of This Presentation ◆ To explain how spacecraft can be virtualized by using a standard modeling method; ◆ To introduce the basic concept.

Modeling Process CSCE 668Set 14: Simulations 2 May be several algorithms (processes) runs on each processor to simulate the desired communication system.

Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.

Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.

1. Validating Wireless Protocol Conformance Test Cases Amresh Nandan Paresh Jain June 2004.

Institute e-Austria in Timisoara 1 Author: prep. eng. Calin Jebelean Verification of Communication Protocols using SDL ( )

B. Fernández, D. Darvas, E. Blanco Formal methods appliedto PLC code verification Automation seminar CERN – IFAC (CEA) 02/06/2014.

Dina Workshop Analysing Properties of Hybrid Systems Rafael Wisniewski Aalborg University.

Chapter 14 Asynchronous Network Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.

Survey on Trace Analyzer (2) Hong, Shin /34Survey on Trace Analyzer (2) KAIST.

PAT: Getting started.

Ch. 2. Specification and Modeling 2.1 Requirements Describe requirements and approaches for specifying and modeling embedded systems. Specification for.

The GOOD the BAD the UGLY WS-CDL: the GOOD the BAD the UGLY.

Timed I/O Automata: A Mathematical Framework for Modeling and Analyzing Real-Time Systems Frits Vaandrager, University of Nijmegen joint work with Dilsun.

TTCN-3 MOST Challenges Maria Teodorescu

Natallia Kokash (Accepted for PACO’2011) ACG, 31/05/ Input-output conformance testing for channel-based connectors 1.

Correct-by-construction asynchronous implementation of modular synchronous specifications Jacky Potop Benoît Caillaud Albert Benveniste IRISA, France.

Page 1 Advanced Technology Center HCSS 03 – April 2003 vFaat: von Neumann Formal Analysis and Annotation Tool David Greve Dr. Matthew Wilding Rockwell.

Fall 2004EE 3563 Digital Systems Design EE 3563 VHSIC Hardware Description Language  Required Reading: –These Slides –VHDL Tutorial  Very High Speed.

1. 2 Objects to Distributed Components (1) Typed Group Java or Active Object ComponentIdentity Cpt = newActiveComponent (params); A a = Cpt ….getFcInterface.

1 CSEP590 – Model Checking and Automated Verification Lecture outline for August 6, 2003.

Towards Interoperability Test Generation of Time Dependent Protocols: a Case Study Zhiliang Wang, Jianping Wu, Xia Yin Department of Computer Science Tsinghua.

HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.

Course: COMS-E6125 Professor: Gail E. Kaiser Student: Shanghao Li (sl2967)

Protocol Derivation Assistant Matthias Anlauff Kestrel Institute

Lecture 13.  Failure mode: when team understands requirements but is unable to meet them.  To ensure that you are building the right system Continually.

Modelling and Analysis of Time-related Properties in Web Service Compositions Raman KazhamiakinParitosh K. PandyaMarco Pistore

An Overview of Scientific Workflows: Domains & Applications Laboratoire Lorrain de Recherche en Informatique et ses Applications Presented by Khaled Gaaloul.

Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The syllabus and all lectures for this course are copyrighted materials and may not be used.

Chapter 8 Asynchronous System Model by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.

1. 2 Purpose of This Presentation ◆ To explain how spacecraft can be virtualized by using a standard modeling method; ◆ To introduce the basic concept.

A Theory of Distributed Objects Toward a Foundation for Component Grid Platforms Ludovic HENRIO l A Theory of Distributed Objects l Components l Perspectives.

Automated Formal Verification of PLC (Programmable Logic Controller) Programs

From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.

SystemC Semantics by Actors and Reduction Techniques in Model Checking Marjan Sirjani Formal Methods Lab, ECE Dept. University of Tehran, Iran MoCC 2008.

MOPS: an Infrastructure for Examining Security Properties of Software Authors Hao Chen and David Wagner Appears in ACM Conference on Computer and Communications.

Symbolic Model Checking of Software Nishant Sinha with Edmund Clarke, Flavio Lerda, Michael Theobald Carnegie Mellon University.

A Framework for Automated and Composable Testing of Component-based Services Miguel A. Jiménez, Ángela Villota, Norha M. Villegas, Gabriel Tamura, Laurence.

A Semi-Automated Digital Preservation System based on Semantic Web Services Jane Hunter Sharmin Choudhury DSTC PTY LTD, Brisbane, Australia Slides by Ananta.

Distributed Systems Lecture 6 Global states and snapshots 1.

1 Modeling and Analyzing Distributed Systems Using I/O Automata Nancy Lynch, MIT Draper Laboratory, IR&D Kickoff Meeting Aug. 30, 2002.

Model Checking for an Executable Subset of UML

Presentation transcript:

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003

2 Outline Motivation Event traces Problem Our approach Implementation Case study Conclusions and extensions

3 Motivation Analysis of distributed systems is complex and costly  Asynchrony  Lack of global timing  Absence of reference specification A practical solution is to instrument the system to generate traces of events that can be visualized and analyzed further This solution can be used to debug the system  During development  After deployment

4 Visualization Vs Analysis Tools  elaborate ad-hoc algorithms  more efficiency  more efforts  reuse an existing model checker  more expressiveness  less efforts Analysis Tools Monitoring Tool Trace distributed system of processes Event... Event Visualization Tools Visualization tools facilitate the manual inspection of collected traces Analysis tools automate the verification of properties in the traces

5 Trace Analysis Problem Given  A distributed system under test (SUT)  Some properties Verify whether the SUT satisfies the properties Solution  Monitor the SUT and collect an execution trace  Model the collected trace  Use an existing model checker to verify the properties

6 Trace Distributed processes generate local traces  Local events: state update, parameter change  Communication events: message exchange, RMI, RPC Local traces are sequential Communication  Asynchronous: send and receive events  Synchronous: rendezvous events Point-to-point communication  Each message has a send and a receive in the trace  Each rendezvous involves at least two parties

7 Event Traces Event ordering induced by local orders  i and point-to- point communication A trace is a partially ordered set E of all events Causality relation on events   If a  i b then a  b  for every message m, send(m)  receive(m)   is transitive: If a  b and b  c then a  c Event trace a tuple of local traces with an irreflexive causality relation on all events

8 Lattice of Ideals Offers an efficient way to check properties n1 = 3 pr1 pr2 n2 = 6 n1 = 4 n2 = 4 n1 = 5 n2 = 2 m1 m3 m2 time Encodes all the possible linearizations of E

9 Problem Given  An event trace of a distributed system  A set of properties How to build the lattice of ideals to verify the properties?  Monolithic approach  build the lattice explicitly  use a model checker  Modular approach  model the event trace as a system of communicating automata  build the composition of automata  prove it is isomorphic to the lattice

10 Our Approach We use finite automata to model  Local traces of processes  states are ideals  transitions are events  Message delays We build the composition of all automata We prove composition of automata  lattice of ideals Use the composition automaton to verify the properties  use an existing model checker  avoid full state space search  { send } {send, receive} send(m)receive(m)

11 Implementation We use SDL and ObjectGEODE (OG) We model the SUT as an SDL system  Local traces: designated processes  Local events: SDL TASK  Communication: signal exchange How to treat the message delay automata?  Individual processes  Individual queues  SDL “SAVE” Properties are specified in GOAL of OG

12 Workflow of the Approach Front-End tool to ObjectGEODE  System specification  Pattern specification Library of property patterns  Parameterized GOAL observers  State-based, event-based, mixed Monitoring Tool distributed system of processes Event... Event User ObjectGEODE Simulator Front End to ObjectGEODE User Interface Property Specification System Specification Trace GOAL Observer SDL Model Model results: 1. Property satisfied or not 2. Scenarios Pattern Library

13 Pattern Library Property patterns already exist  Repository of common properties  Mappings to main formalisms used in finite state verification LTL, CTL, INCA, QRE,… Library of GOAL observers Address finiteness of traces Encode common patterns  Class: order vs. occurrence  Name: response, universality,...  Scope: global, before, after,...  Parameterized GOAL specification parameters are predicates on states, events, or both

14 Pattern Template Name and Intent  Response  Cause-effect relationship Class Order Scope Global: the entire execution Example resource granted after request S responds to P in the execution

15 TRAYSIS Input: XML logfile Output: SDL model Features  Logfile conformance check  Synchronous/asynchronous  Statistics on the model processes, channels, variables, signals,...  Model customization scalability  Access to OG

16 Property Manager Supports property specification  Easy access to library  Customize observers

17 Case Study An implementation of the Sliding Window Protocol  Extension to the PROFIBUS protocol stack  Supports communication in distributed power control system Properties of interest  Maximum window size is respected  Total number of unacknowledged messages less than limit  Total number of messages in transit less than limit Execution traces are collected using protocol analyzers We used out tool set to automatically analyze the system We have analyzed large traces (15k –20k events)

18 Conclusions and Future Work Formal definition of event traces A framework to model mixed communication modes (GALS) Automata-based approach to analyze event traces A component based implementation of the approach A case study: the SWP Target more general logfiles Enhancement of the tool set

Merci beaucoup!