Loading in 5 sec....

Monitoring Partial Order SnapshotsPowerPoint Presentation

Monitoring Partial Order Snapshots

- By
**keira** - Follow User

- 89 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about ' Monitoring Partial Order Snapshots' - keira

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### Monitoring Partial Order Snapshots

Joint work with Peter Niebert

Monitoring an interleaving sequence

- Assume a model of execution with local events and synchronous communication.
- Concurrent events are monitored according to some (arbitrary) order.
- What are global states?
- What global states appear on execution (execution sequence)?

Partial Order Semantics

- Sometimes called “real concurrency”.
- There is no total order between events.
- More intuitive. Closer to the actual behavior of the system.
- More difficult to analyze.
- Less verification results.
- Natural transformation between models.
- Partial order: (S , <), where < is
- Transitive: x<y /\ y<z x<z.
- Antisymmetric: for no x, y, x<y /\ y>x.
- Antireflexive: for no x, x<x.

Bank Example

- Two branches, initially $1M each.
- In one branch: deposit, $2M.
- In another branch: robbery.
- How to model the system?

Should we invest in this bank?

$1M, $1M

Invest!

deposit

robbery

$3M, $1M

$1M, $0M

robbery

$3M, $0M

deposit

Do not Invest!

Invest!

pc2=n0,y=0,z=0

m0

m0:x:=x+1

n0:ch?z

pc1=m1,x=1

m1

n0

P1

P2

pc2=n1,y=0,z=1

pc1=m0,x=1

m1:ch!x

n1:y:=y+z

n1

m0

pc1=m1,x=2

pc2=n0,y=1,z=1

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1

Modeling with partial ordersLinearizations

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

pc1=m0,x=0,pc2=n0,y=0,z=0

pc1=m1,x=1

pc1=m1,x=1,pc2=n0,y=0,z=0

m1

n0

pc1=m0,x=1,pc2=n1,y=0,z=1

pc2=n1,y=0,z=1

pc1=m0,x=1

pc1=m1,x=2,pc2=n1,y=0,z=1

m0

n1

pc1=m1,x=2,pc2=n0,y=1,z=1

pc1=m1,x=2

pc2=n0,y=1,z=1

pc1=m0,x=2,pc2=n1,y=1,z=2

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1

Linearizations

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

pc1=m0,x=0,pc2=n0,y=0,z=0

pc1=m1,x=1

pc1=m1,x=1,pc2=n0,y=0,z=0

m1

n0

pc1=m0,x=1,pc2=n1,y=0,z=1

pc2=n1,y=0,z=1

pc1=m0,x=1

pc1=m0,x=1,pc2=n0,y=1,z=1

n1

m0

pc1=m1,x=2,pc2=n0,y=1,z=1

pc1=m1,x=2

pc2=n0,y=1,z=1

pc1=m0,x=2,pc2=n1,y=1,z=2

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1

Nondeterminism is different from concurrency: Bank with one teller

$1M

$1M

deposit

deposit

robbery

$3M

$1.1M

$0M

deposit

deposit

$3.1M

Traces teller

- An equivalence relation among sequences. Defined using some symmetric and antireflexive independence relation I×.
- Suppose that aIb, aIc (but not bIc).Then we have[abac ]=[baac,abac,aabc,baca,abca,bcaa ].
- Snapshots of execution [abac ] are states after [a ], [b ], [ab ], [aa ], [bc ], [aab ], [abc ].
- Note that the state after trace equivalent sequences, e.g., aab, aba, baa, are the same, so we can talk about the state after a trace.When clear, we write a trace also instead of the corresponding state at the end of it.

Extended LTL: with snapshots tellerThe logic SLTL

- Basic syntax as LTL.
- In addition, the “snapshot” operator[p], where p is a conjunction of positive and negative atomic propositions.
- Semantics of new operator:(u,v)|=p iff there exists finite sequences u1, u2 such that [u]=[u1][u2] and(u1,u2v)|=p.

How to monitor executions and find snapshots? teller

- A deterministic automaton that keeps all the global states that are subsumed on the way.

Automaton for tellerprefixes of [aabc].

<[aa],>,<[a],{a}>,

<[].{a}>

b

b

<[aab],>,<[ab],{a}>,

<[b].{a}>,<[a],{a,b}><[],{a,b}>

a

<[a],>,<[],{a}>

a

b

<[ab],>,<[b],{a}>,<[a],{b}>,<[],{a,b}>

c

<[],>

a

<[aabc],>,<[abc],{a}>,<[aab],{c}>

<[bc].{a}>,

<[ab],{a,c}>

<[aa],{b,c}>,<[a],{a,b}>,<[],{a,b}>

b

a

a

<[b],>,<[],{b}>

c

<[abc],>,<[ab],{c}>,

<[b].{a,c}>,<[a],{b,c}>,<[],{a,b,c}>

c

a

<[bc],>,<[b],{c}>,<[],{b,c}>

How to construct this automaton? teller

- Each node consists of a set of pairs<s,A>, where s is a (subsumed) state and A is a subset of actions.
- It denotes that s is a subsumed state, and it takes the actions A (with possible repetition) in some order to reach the current state.

A teller

s

t

b

b

A

b(s)

b(t)

How to update nodes?X

Y

…,<s,A>,…

b

…, ?, …

- If <s,A> is in node X, then <s,A{b}> is in Y.
- If <s,A> is in node X and b is independent of all of A, then <b(s), A> is in Y.

Size: 2|S|x2||

We make a restriction: teller

- Each process Pi will have its own set of propositions, related to the local states of Pi.
- We can write in […] only a conjunction of local properties.

Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 1

Existing subset

Execution of joint action kills subset

Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 2

Existing subset

Execution of joint action extends subset

Existing subset satisfying conjunction. Case 2

Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 3Execution of joint action maintains subset

Can be formulated as follows: satisfying conjunction. Case 2

- “Freeze sets”– subsets of processes satisfying their portion of the property.
- proc(a) – the set of processes where action a participates.
- addproc(s, a) – when executing action a from state s, these are the local states from proc(a) that satisfy the local propositions that we check.
- Extension: Let F1addproc(s,a) and F2 existing subset such that F2proc(a)=. Then extend F1 into F1F2.
- Propagation: For existing subset F such that proc(a)F, we maintain F.

Propagation of satisfying conjunction. Case 2“freeze sets”

Propagation of satisfying conjunction. Case 2“freeze sets”

Propagation of satisfying conjunction. Case 2“freeze sets”

Propagation of satisfying conjunction. Case 2“freeze sets”

Propagation of satisfying conjunction. Case 2“freeze sets”

Bingo!!

How to store efficiently? satisfying conjunction. Case 2

- Freeze sets T are closed under union and intersection.
- Need to store only a basis B of T, where unions are not included.
- In this case, size of basis is not larger than number of elements.
- Update of basis is polynomial.

Another example others

We ignore some additional subsets: others{P1, P2, P3}, etc.

We ignore some additional subsets: others{P1, P2, P3}, etc.

How to perform model checking? others

- Construct an automaton for A¬ as usual. Construct an automaton for each conjunction that appears inside the […] operator to run in parallel.
- Binary search is still polynomial in number of processes and size of formula!

Conclusions others

- Added capability of partial orders into LTL specification.
- Freeze sets construction for detecting global states that are subsumed during execution.
- Model checking is basically same complexity as for normal LTL!

Download Presentation

Connecting to Server..