Monitoring partial order snapshots
This presentation is the property of its rightful owner.
Sponsored Links
1 / 37

Monitoring Partial Order Snapshots PowerPoint PPT Presentation


  • 52 Views
  • Uploaded on
  • Presentation posted in: General

Monitoring Partial Order Snapshots. Joint work with Peter Niebert. Monitoring an interleaving sequence. Assume a model of execution with local events and synchronous communication. Concurrent events are monitored according to some (arbitrary) order. What are global states?

Download Presentation

Monitoring Partial Order Snapshots

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Monitoring Partial Order Snapshots

Joint work with Peter Niebert


Monitoring an interleaving sequence

  • Assume a model of execution with local events and synchronous communication.

  • Concurrent events are monitored according to some (arbitrary) order.

  • What are global states?

  • What global states appear on execution (execution sequence)?


Partial Order Semantics

  • Sometimes called “real concurrency”.

  • There is no total order between events.

  • More intuitive. Closer to the actual behavior of the system.

  • More difficult to analyze.

  • Less verification results.

  • Natural transformation between models.

  • Partial order: (S , <), where < is

    • Transitive: x<y /\ y<z  x<z.

    • Antisymmetric: for no x, y, x<y /\ y>x.

    • Antireflexive: for no x, x<x.


Bank Example

  • Two branches, initially $1M each.

  • In one branch: deposit, $2M.

  • In another branch: robbery.

  • How to model the system?


Global state space

$1M, $1M

deposit

robbery

$3M, $1M

$1M, $0M

robbery

$3M, $0M

deposit


Should we invest in this bank?

$1M, $1M

Invest!

deposit

robbery

$3M, $1M

$1M, $0M

robbery

$3M, $0M

deposit

Do not Invest!

Invest!


Partial Order Description

$1M

$1M

deposit

robbery

$3M

$0M


Constructing global states

$1M

$1M

deposit

robbery

$3M

$0M


pc1=m0,x=0

pc2=n0,y=0,z=0

m0

m0:x:=x+1

n0:ch?z

pc1=m1,x=1

m1

n0

P1

P2

pc2=n1,y=0,z=1

pc1=m0,x=1

m1:ch!x

n1:y:=y+z

n1

m0

pc1=m1,x=2

pc2=n0,y=1,z=1

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1

Modeling with partial orders


Linearizations

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

pc1=m0,x=0,pc2=n0,y=0,z=0

pc1=m1,x=1

pc1=m1,x=1,pc2=n0,y=0,z=0

m1

n0

pc1=m0,x=1,pc2=n1,y=0,z=1

pc2=n1,y=0,z=1

pc1=m0,x=1

pc1=m1,x=2,pc2=n1,y=0,z=1

m0

n1

pc1=m1,x=2,pc2=n0,y=1,z=1

pc1=m1,x=2

pc2=n0,y=1,z=1

pc1=m0,x=2,pc2=n1,y=1,z=2

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1


Linearizations

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

pc1=m0,x=0,pc2=n0,y=0,z=0

pc1=m1,x=1

pc1=m1,x=1,pc2=n0,y=0,z=0

m1

n0

pc1=m0,x=1,pc2=n1,y=0,z=1

pc2=n1,y=0,z=1

pc1=m0,x=1

pc1=m0,x=1,pc2=n0,y=1,z=1

n1

m0

pc1=m1,x=2,pc2=n0,y=1,z=1

pc1=m1,x=2

pc2=n0,y=1,z=1

pc1=m0,x=2,pc2=n1,y=1,z=2

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1


Nondeterminism is different from concurrency: Bank with one teller

$1M

$1M

deposit

deposit

robbery

$3M

$1.1M

$0M

deposit

deposit

$3.1M


Partial order execution 1

$1M

$1M

deposit

robbery

$3M

$0M

deposit

$3.1M


Partial order execution 2

$1M

$1M

deposit

robbery

$1.1M

$0M

deposit

$3.1M


Traces

  • An equivalence relation among sequences. Defined using some symmetric and antireflexive independence relation I×.

  • Suppose that aIb, aIc (but not bIc).Then we have[abac ]=[baac,abac,aabc,baca,abca,bcaa ].

  • Snapshots of execution [abac ] are states after [a ], [b ], [ab ], [aa ], [bc ], [aab ], [abc ].

  • Note that the state after trace equivalent sequences, e.g., aab, aba, baa, are the same, so we can talk about the state after a trace.When clear, we write a trace also instead of the corresponding state at the end of it.


Extended LTL: with snapshotsThe logic SLTL

  • Basic syntax as LTL.

  • In addition, the “snapshot” operator[p], where p is a conjunction of positive and negative atomic propositions.

  • Semantics of new operator:(u,v)|=p iff there exists finite sequences u1, u2 such that [u]=[u1][u2] and(u1,u2v)|=p.


How to monitor executions and find snapshots?

  • A deterministic automaton that keeps all the global states that are subsumed on the way.


Automaton forprefixes of [aabc].

<[aa],>,<[a],{a}>,

<[].{a}>

b

b

<[aab],>,<[ab],{a}>,

<[b].{a}>,<[a],{a,b}><[],{a,b}>

a

<[a],>,<[],{a}>

a

b

<[ab],>,<[b],{a}>,<[a],{b}>,<[],{a,b}>

c

<[],>

a

<[aabc],>,<[abc],{a}>,<[aab],{c}>

<[bc].{a}>,

<[ab],{a,c}>

<[aa],{b,c}>,<[a],{a,b}>,<[],{a,b}>

b

a

a

<[b],>,<[],{b}>

c

<[abc],>,<[ab],{c}>,

<[b].{a,c}>,<[a],{b,c}>,<[],{a,b,c}>

c

a

<[bc],>,<[b],{c}>,<[],{b,c}>


How to construct this automaton?

  • Each node consists of a set of pairs<s,A>, where s is a (subsumed) state and A is a subset of actions.

  • It denotes that s is a subsumed state, and it takes the actions A (with possible repetition) in some order to reach the current state.


A

s

t

b

b

A

b(s)

b(t)

How to update nodes?

X

Y

…,<s,A>,…

b

…, ?, …

  • If <s,A> is in node X, then <s,A{b}> is in Y.

  • If <s,A> is in node X and b is independent of all of A, then <b(s), A> is in Y.

Size: 2|S|x2||


We make a restriction:

  • Each process Pi will have its own set of propositions, related to the local states of Pi.

  • We can write in […] only a conjunction of local properties.


Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 1

Existing subset

Execution of joint action kills subset


Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 2

Existing subset

Execution of joint action extends subset


Existing subset

Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 3

Execution of joint action maintains subset


Can be formulated as follows:

  • “Freeze sets”– subsets of processes satisfying their portion of the property.

  • proc(a) – the set of processes where action a participates.

  • addproc(s, a) – when executing action a from state s, these are the local states from proc(a) that satisfy the local propositions that we check.

  • Extension: Let F1addproc(s,a) and F2 existing subset such that F2proc(a)=. Then extend F1 into F1F2.

  • Propagation: For existing subset F such that proc(a)F, we maintain F.


Propagation of “freeze sets”


Propagation of “freeze sets”


Propagation of “freeze sets”


Propagation of “freeze sets”


Propagation of “freeze sets”

Bingo!!


How to store efficiently?

  • Freeze sets T are closed under union and intersection.

  • Need to store only a basis B of T, where unions are not included.

  • In this case, size of basis is not larger than number of elements.

  • Update of basis is polynomial.


Another example. We do not keep sets that are unions of others


Another example


We ignore some additional subsets: {P1, P2, P3}, etc.


We ignore some additional subsets: {P1, P2, P3}, etc.


How to perform model checking?

  • Construct an automaton for A¬ as usual. Construct an automaton for each conjunction that appears inside the […] operator to run in parallel.

  • Binary search is still polynomial in number of processes and size of formula!


Conclusions

  • Added capability of partial orders into LTL specification.

  • Freeze sets construction for detecting global states that are subsumed during execution.

  • Model checking is basically same complexity as for normal LTL!


  • Login