Download presentation
Presentation is loading. Please wait.
Published byKellie Bryan Modified over 9 years ago
1
/ 30Hong,Shin @ PSWLAB Efficient Decentralized Monitoring of Safety in Distributed System K Sen, A Vardhan, G Agha, G Rosu 20 th July 2007 Presented by Shin Hong at PSWLAB, KAIST 1Efficient Decentralized Monitoring of Safety in Distributed System2015-05-08
2
/ 30Hong,Shin @ PSWLAB Contents Introduction Distributed System Past-time Linear Temporal Logic Past-time Distributed Temporal Logic Monitoring Algorithm for PT-DTL Conclusion 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System2
3
/ 30Hong,Shin @ PSWLAB Introduction (1/6) The correctness of a software is very important today. Model Checking and Testing are two approaches to assure the correctness of software. Model Checking The size of systems for which model checking is feasible remains limited. Traditional Testing Ad-hoc Test coverage is limited. 3Efficient Decentralized Monitoring of Safety in Distributed System2015-05-08
4
/ 30Hong,Shin @ PSWLAB Introduction (2/6) Runtime Verification Dynamic monitoring of target system with formal specifications. Monitors are automatically synthesized from formal specifications. Scalable 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System4
5
/ 30Hong,Shin @ PSWLAB Introduction (3/6) Runtime Verification has been used to monitor distributed systems that have concurrency and asynchrony. In many distributed systems, it’s quite impractical to monitor requirements expressed in classical temporal logics such as LTL. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System5
6
/ 30Hong,Shin @ PSWLAB Introduction (4/6) Ex. Mobile Networks Requirement: No node receives a reply from a node to which is has not previously issued a request. How to specify this requirement with LTL? 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System6 Reques t Reply
7
/ 30Hong,Shin @ PSWLAB Introduction (5/6) Propositional LTL is impractical to specify the requirements in distributed systems. –Not scalable –Hard to capture global snapshot To address these difficulties, introduce new specification logic for runtime verification in distributed system, Past-time Distributed Temporal Logic. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System7
8
/ 30Hong,Shin @ PSWLAB Introduction (6/6) Past-time DTL specifies requirements in local monitor on each node. Previous Mobile Networks example Requirement can be re-written : If Node A has received a value, then it must be the case that previously in the past, Node B has computed the value and at Node A a request to Node B was made. ReceivedValue → @ NodeB ( ◈ (computedValue && @ NodeA ( ◈ requestedValue))) 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System8
9
/ 30Hong,Shin @ PSWLAB Contents Introduction Distributed System Past-time Linear Temporal Logic Past-time Distributed Temporal Logic Monitoring Algorithm for PT-DTL Conclusion 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System9
10
/ 30Hong,Shin @ PSWLAB Distributed System (1/5) Characteristics of Distributed System A collection of n processes (p 1, p 2, … p n ) each with its own local state. No global or shared variables. A process communicates with others using asynchronous messages whose order of arrival is indeterminate. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System10
11
/ 30Hong,Shin @ PSWLAB Distributed System (2/5) Modeling of Distributed System Event: a computation of each process. internal events send events receive events Process: A set of events. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System11
12
/ 30Hong,Shin @ PSWLAB Distributed System (3/5) Partial Order ≺ E i : set of events of process p i E : U i E i ⋖ : E ✕ E e ⋖ e’ if e, e’ ∈ E i then e happens immediately before e’ e ⋖ e’ if e is the send event of a message at some process and e’ is the corresponding receive event of the message at the recipient process. ≺ : transtive closure of ⋖ relation. ≼ : reflexive and transitive closure of ⋖ relation. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System12
13
/ 30Hong,Shin @ PSWLAB Distributed System (4/5) ↓ e := { e’ | e’ ≼ e } can be thought as the local state LS i := {↓ e | e ∈ E i } the set of local states of a process p i causal j (s i ) : the latest state of process p j that the process p i knows while in state s i ∈ LS i. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System13
14
/ 30Hong,Shin @ PSWLAB Distributed System (5/5) 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System14 causal p1 ( ↓ e 23 ) = ↓ e 12
15
/ 30Hong,Shin @ PSWLAB Contents Introduction Distributed System Past-time Linear Temporal Logic Past-time Distributed Temporal Logic Monitoring Algorithm for PT-DTL Conclusion 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System15
16
/ 30Hong,Shin @ PSWLAB Past-Time Linear Temporal Logic (1/3) PT-LTL has been used to express, monitor, and predict violation of safety properties of software system. Syntax F ::= true | false | a ∈ A | ¬ F | F ∧ F | F ∨ F | F → F | ⊙ F | ⊡ F | ◈ F | F S F where A is the set of atomic propositions 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System16
17
/ 30Hong,Shin @ PSWLAB Past-Time Linear Temporal Logic (2/3) Temporal Logics in PT-LTL ⊙ : previously ρ ⊨ ⊙ F iff ρ’ ⊨ F where ρ’= ρ n-1 if n>1, and ρ’=ρ if n=1 ⊡ : always in the past ρ ⊨ ⊡ F iff ρ i ⊨ F for all 1≤ i < n, ◈ : eventually in the past ρ ⊨ ◈ F iff ρ i ⊨ F for some 1≤ i < n, S : since ρ ⊨ F 1 S F 2 iff ρ j ⊨ F 2 for some 1≤ j ≤ n and ρ i ⊨ F 1 for all j ≤ i ≤ n 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System17
18
/ 30Hong,Shin @ PSWLAB Past-Time Linear Temporal Logic (3/3) ⊡ ((action ∧ ⊙¬ action) → ¬ Stop S Start)) 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System18
19
/ 30Hong,Shin @ PSWLAB Contents Introduction Distributed System Past-time Linear Temporal Logic Past-time Distributed Temporal Logic Monitoring Algorithm for PT-DTL Conclusion 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System19
20
/ 30Hong,Shin @ PSWLAB Past-Time Distributed Temporal Logic (1/4) Distributed systems are usually asynchronous and the absolute global state of the system is not available to processes. The best thing that each process can do is to reason about the global state that it is aware of. PT-DTL expresses safety properties of distributed message passing system. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System20
21
/ 30Hong,Shin @ PSWLAB Past-Time Distributed Temporal Logic (2/4) PT-DTL extends PT-LTL Remote operator @ Evaluate an expression or a formula in the last known state of a remote process x > @ j y a → @ j b 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System21
22
/ 30Hong,Shin @ PSWLAB Past-Time Distributed Temporal Logic (3/4) Syntax op : ∧, ∨, → ξ i is a tuple of expressions on process p i. f is function over tuples. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System22
23
/ 30Hong,Shin @ PSWLAB Past-Time Distributed Temporal Logic (4/4) Semantics The semantics of PT-DTL is a natural extension of PT-LTL. the value of the expression ξ j in the state s j =causal j (s i ) which is the latest state of process p j of which process p i is aware of. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System23
24
/ 30Hong,Shin @ PSWLAB Monitoring algorithm for PT-DTL (1/6) Synthesized monitor is distributed local monitors running on each processes. Goal Monitoring should be fast. Little memory overhead. # of messages that need to be sent between process for monitoring purpose should be minimal. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System24
25
/ 30Hong,Shin @ PSWLAB Monitoring algorithm for PT-DTL (2/6) A local monitor may attach additional information to every outgoing message. Evaluating a remote expression at process p i, process p j send the value of the expression attached on every messages with sequence number. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System25
26
/ 30Hong,Shin @ PSWLAB Monitoring algorithm for PT-DTL (3/6) Knowledge Vector At process p i, KV i [j]: the entry for process p j on a vector KV. KV i [j].seq: the sequence number of the last event seen at p j. KV i [j].values : storing the values remote expressions and remote formulas on process j. The monitor of process p i attaches a copy of KV i with every outgoing messages. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System26
27
/ 30Hong,Shin @ PSWLAB Monitoring algorithm for PT-DTL (4/6) for internal event update KV i [i] for send event KV i [i].seq := KV i [i].seq + 1 ; for receive event KV m : given KV from received message. for all j, KV m [j].seq > KV i [j].seq → KV i [j] := KV m [j] ; Every process should know initial value of all variables. Initial value of all variables can be found by initial broadcast or static analysis. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System27
28
/ 30Hong,Shin @ PSWLAB Monitoring algorithm for PT-DTL (5/6) Once KV is properly updated, the local monitor can compute the boolean value of the formula to be monitored, by recursively evaluating the boolean value of each of its subformulae in the current state. 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System28
29
/ 30Hong,Shin @ PSWLAB Monitoring algorithm for PT-DTL (6/6) 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System29 Example 3 processes p 1 has a local variable x whose initial value is 5. p 2 has a local variable y with initial value 7. And p 2 monitors the formula
30
/ 30Hong,Shin @ PSWLAB Conclusion DIANA – Distributed Analysis based on Java using Actor formalism instrumentation at bytecode 2015-05-08Efficient Decentralized Monitoring of Safety in Distributed System30
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.