Survey on Trace Analyzer (2) Hong, Shin /34Survey on Trace Analyzer (2) KAIST

Table of Contents  Introduction  Motivation  Simulation Trace Model  JMP A X  POTA  Further Study  References  Discussion /34 Survey on Trace Analyzer (2) KAIST

Introduction1/4  The importance of Software is getting increased.  Quality assurance of the software is very important today.  Software are becoming more complex.  Concurrency with a large number of components  To assure correctness of a software,  Traditional Testing  Formal verification /34 Survey on Trace Analyzer (2) KAIST

Introduction2/4  Traditional Testing  Can not prove the correctness of a software  Costs a lot of time  Model Checking  Labor-some process  Hard to assure the correctness of executable code  Costs a lot of time These are generally infeasible for a system with a large number of components and concurrency such as SoC /34 Survey on Trace Analyzer (2) KAIST

Introduction3/4  Trace Analyzer  Specify requirements in formal language.  Extract status of process while a target program is executing.  Verify whether the trace is satisfied against a given formal requirement.  Advantages  No labor-some job is needed.  Formal specifications can be used.  Possible to verify executable program /34 Survey on Trace Analyzer (2) KAIST

Introduction 4/4 Previously, TemporalROVER LTL, MTL was used. Java Path Explorer LTL was used.  Detect existing error in current executions. What about Java Path Explorer’s error pattern analysis? Deadlock analysis, Data race analysis /34 Survey on Trace Analyzer (2) KAIST

Motivation1/6  Example : Landing airplane when the plane is landing, landing has been approved and radio signal is live /34 Survey on Trace Analyzer (2) KAIST

Motivation2/6 int landing=0, approved=0, radio=1 ; void thread1{ askLandingApproval() ; if (approved ==1) { landing=1; doLanding() ; landing=0; else printf(“Landing is not approved”);} void askLandingApproval() { if (radio == 0) approved = 0 ; else approved=1;} void thread2 { while(1) if (time_out) radio=0;} A bug exists /34 Survey on Trace Analyzer (2) KAIST

Motivation3/6 In most cases 1)landing=0;radio=1;approved=0 2)if (radio == 1) 3)approved = 1 4)landing = 1 5)landing = 0 6)if (time_out) 7)radio = 0 ; Successful execution trace /34 Survey on Trace Analyzer (2) KAIST

Motivation4/6 1)landing=0;1)if (time_out) 2)radio=1; 2)radio = 0 ; 3)approved=0; 4)if (radio==0) 5)approved=1; 6)landing=1 ;  Check whether every trace from asynchronous product of two traces is satisfied with given requirement /34 Survey on Trace Analyzer (2) KAIST

Motivation5/6 1)landing=0; 2)radio=1; 3)approved=0; 4)if (radio==1) 5)approved=1; 6)landing=1 ; 7)if (time_out) 8)radio = 0 ;  Partial order traces can be used to simulate some total order trace /34 Survey on Trace Analyzer (2) KAIST

Motivation6/6 (1) Specify formal requirement of a system. (2) Extract interesting temporal relations between processes as partial order traces. (3) Create partial order trace with respect to extracted information. (4) Check whether the model satisfies the requirement or not (simulating total order traces) /34 Survey on Trace Analyzer (2) KAIST

Simulation Trace Model1/5 For two distinguishable events e and f, e happens before f if and only if (1) e occurs before f in the same process. (2) e is sending a message and f is a receiving of that message. (3) There exist e happens before g and g happens before f.  Events in the same process are totally ordered and events between different processes are partially ordered /34 Survey on Trace Analyzer (2) KAIST

Simulation Trace Model2/5 int x = 0 ; int y = 0 ; lock a ; void thread1 { a.acquire() ; x = 1 ; x = 2 ; a.release() ; } void thread2 { y = 1 ; a.acquire() ; y = 3 ; y = 4 ; a.release() ; } /34 Survey on Trace Analyzer (2) KAIST

Simulation Trace Model 3/5 int x = 0 ; int y = 0 ; lock a ; void thread1 {void thread2 { y = 1 ; a.acquire() ; x = 1 ; x = 2 ;a.acquire() ; a.release() ; a.acquire() ; }y = 3 ; y = 4 ; a.release() ; } /34 Survey on Trace Analyzer (2) KAIST

Simulation Trace Model 4/5  Vector clocks  Represent the happen before relation  A vector clock assigns timestamps to events such that the partial order relation between events can be determined by using the timestamps. Given a compuation G on n process v : V(G) → N n such that for all events e and f, e happens before f if and only if e.v ≤ f.v /34 Survey on Trace Analyzer (2) KAIST

Simulation Trace Model5/5 int x = 0 ; int y = 0 ; lock a ; void thread1{[1,0][0,1] void thread2 { [0,2] y = 1 ; a.acquire() ;[2,0] x = 1 ;[3,0] x = 2 ;[4,0] a.release() ;[5,0] [2,3]a.acquire() ; }[2,4]y = 3 ; [2,5]y = 4 ; [2,6]a.release() ; } /34 Survey on Trace Analyzer (2) KAIST

JMP A X1/3  Java MultiPathExplorer, JMP A X  Extend Java PathExplorer  Combine testing and formal methods techniques.  Possible to reveal errors in multithreaded programs that are hard to detect by observing successful executions /34 Survey on Trace Analyzer (2) KAIST

JMP A X2/ /34 Survey on Trace Analyzer (2) KAIST

JMP A X3/3  Use past time LTL to specify safety properties.  Predict safety errors from successful executions.  Check a simulation trace model in a exhaustive way. O(|E| n ) where E is events in each process and n is the number of processes /34 Survey on Trace Analyzer (2) KAIST

POTA1/11  Partial Order Trace Analyzer  Create a model from partial order traces  State Explosion - Regular CTL - Computation slicing /34 Survey on Trace Analyzer (2) KAIST

POTA2/ /34 Survey on Trace Analyzer (2) KAIST

POTA3/11  The order on events must be a partial order.  For a directed graph G that represent the computation, A global state(consistent cut) on G as - a subset of vertices s.t. if the subset contains a vertex then it contains all its incoming neighbors. - denoted by the set of its frontier. - ⊥ i for initial state of process i, ⊤ i for final state of process i C (G) is the set of global states on the graph G. - it forms a distributive lattice under subset relation /34 Survey on Trace Analyzer (2) KAIST

POTA4/ /34 Survey on Trace Analyzer (2) KAIST

POTA5/11  Predicate Detection problem Given a distributive lattice L =( C (G), ⊆ ) and a temporal logic predicate p, decide whether L,{ ⊥ } ⊧ p holds or not /34 Survey on Trace Analyzer (2) KAIST

POTA6/11  A predicate is regular if, given two consistent cuts that satisfy the predicate, the consistent cuts obtained by their set union and set intersection also satisfy the predicate. Predicate p is regular iff ( C satisfy p ) and ( D satisfy p )  ( C ∩ D satisfy p ) and ( C ∪ D satisfy p ) /34 Survey on Trace Analyzer (2) KAIST

POTA7/11  Temporal logic : safety and liveness property  Computational Tree Logic(CTL)  Path quantifier A: all full pathsE: some full path  Temporal logicG:alwaysF:eventuallyX:next time  Non-temporal predicates : λ : C → P (AP) where AP is atomic propositions AG(p), AF(p), EG(p), EF(p), EX(p), EX(p)[i], AX(p) where p is a non-temporal predicate /34 Survey on Trace Analyzer (2) KAIST

POTA8/ /34 Survey on Trace Analyzer (2) KAIST

POTA9/ /34 Survey on Trace Analyzer (2) KAIST

POTA10/11  RCTL  A sublogic of CTL contains regular non-temporal logics and regular temporal logic. If p is a regular non-temporal logic then EF(p), AG(p),EG(p), and EX(p)[j] is also regular. Express both safety property and liveness property /34 Survey on Trace Analyzer (2) KAIST

POTA11/11  Computation Slice  All consistent cuts of a computation that satisfy a given predicate.  A slice of a computation with respect to a predicate exists iff the set of global states that satisfy the predicate forms a sub- lattice of the lattice of global states  As long as predicate is regular, there exists efficient algorithm to compute the slice for regular predicate. O(|p|n 2 |E|) /34 Survey on Trace Analyzer (2) KAIST

Further study POTA - Regular predicates - Detection of global predicate More survey on trace analyzer /34 Survey on Trace Analyzer (2) KAIST

References  [1] Leslie Lamport, Time, Clocks, and the Ordering of Events in a Distributed System,  [2] V K.Garg et al, On Slicing a Distributed Computation,  [3] K Sen et al, Runtime Safety Analysis of Multithreaded Programs,  [4] A Sen&V K. Garg, Partial Order Trace Analyzer for Distributed Programs,  [5] A Sen&V K.Garg, Formal Verification of Simulation Traces Using Computation Slicing, /34 Survey on Trace Analyzer (2) KAIST

Discussion /34 Survey on Trace Analyzer (2) KAIST