# Monitoring Partial Order Snapshots - PowerPoint PPT Presentation

1 / 37

Monitoring Partial Order Snapshots. Joint work with Peter Niebert. Monitoring an interleaving sequence. Assume a model of execution with local events and synchronous communication. Concurrent events are monitored according to some (arbitrary) order. What are global states?

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

Monitoring Partial Order Snapshots

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

## Monitoring Partial Order Snapshots

Joint work with Peter Niebert

### Monitoring an interleaving sequence

• Assume a model of execution with local events and synchronous communication.

• Concurrent events are monitored according to some (arbitrary) order.

• What are global states?

• What global states appear on execution (execution sequence)?

### Partial Order Semantics

• Sometimes called “real concurrency”.

• There is no total order between events.

• More intuitive. Closer to the actual behavior of the system.

• More difficult to analyze.

• Less verification results.

• Natural transformation between models.

• Partial order: (S , <), where < is

• Transitive: x<y /\ y<z  x<z.

• Antisymmetric: for no x, y, x<y /\ y>x.

• Antireflexive: for no x, x<x.

### Bank Example

• Two branches, initially \$1M each.

• In one branch: deposit, \$2M.

• In another branch: robbery.

• How to model the system?

\$1M, \$1M

deposit

robbery

\$3M, \$1M

\$1M, \$0M

robbery

\$3M, \$0M

deposit

\$1M, \$1M

Invest!

deposit

robbery

\$3M, \$1M

\$1M, \$0M

robbery

\$3M, \$0M

deposit

Do not Invest!

Invest!

\$1M

\$1M

deposit

robbery

\$3M

\$0M

\$1M

\$1M

deposit

robbery

\$3M

\$0M

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

m0:x:=x+1

n0:ch?z

pc1=m1,x=1

m1

n0

P1

P2

pc2=n1,y=0,z=1

pc1=m0,x=1

m1:ch!x

n1:y:=y+z

n1

m0

pc1=m1,x=2

pc2=n0,y=1,z=1

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1

### Linearizations

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

pc1=m0,x=0,pc2=n0,y=0,z=0

pc1=m1,x=1

pc1=m1,x=1,pc2=n0,y=0,z=0

m1

n0

pc1=m0,x=1,pc2=n1,y=0,z=1

pc2=n1,y=0,z=1

pc1=m0,x=1

pc1=m1,x=2,pc2=n1,y=0,z=1

m0

n1

pc1=m1,x=2,pc2=n0,y=1,z=1

pc1=m1,x=2

pc2=n0,y=1,z=1

pc1=m0,x=2,pc2=n1,y=1,z=2

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1

### Linearizations

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

pc1=m0,x=0,pc2=n0,y=0,z=0

pc1=m1,x=1

pc1=m1,x=1,pc2=n0,y=0,z=0

m1

n0

pc1=m0,x=1,pc2=n1,y=0,z=1

pc2=n1,y=0,z=1

pc1=m0,x=1

pc1=m0,x=1,pc2=n0,y=1,z=1

n1

m0

pc1=m1,x=2,pc2=n0,y=1,z=1

pc1=m1,x=2

pc2=n0,y=1,z=1

pc1=m0,x=2,pc2=n1,y=1,z=2

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1

\$1M

\$1M

deposit

deposit

robbery

\$3M

\$1.1M

\$0M

deposit

deposit

\$3.1M

\$1M

\$1M

deposit

robbery

\$3M

\$0M

deposit

\$3.1M

\$1M

\$1M

deposit

robbery

\$1.1M

\$0M

deposit

\$3.1M

### Traces

• An equivalence relation among sequences. Defined using some symmetric and antireflexive independence relation I×.

• Suppose that aIb, aIc (but not bIc).Then we have[abac ]=[baac,abac,aabc,baca,abca,bcaa ].

• Snapshots of execution [abac ] are states after [a ], [b ], [ab ], [aa ], [bc ], [aab ], [abc ].

• Note that the state after trace equivalent sequences, e.g., aab, aba, baa, are the same, so we can talk about the state after a trace.When clear, we write a trace also instead of the corresponding state at the end of it.

### Extended LTL: with snapshotsThe logic SLTL

• Basic syntax as LTL.

• In addition, the “snapshot” operator[p], where p is a conjunction of positive and negative atomic propositions.

• Semantics of new operator:(u,v)|=p iff there exists finite sequences u1, u2 such that [u]=[u1][u2] and(u1,u2v)|=p.

### How to monitor executions and find snapshots?

• A deterministic automaton that keeps all the global states that are subsumed on the way.

### Automaton forprefixes of [aabc].

<[aa],>,<[a],{a}>,

<[].{a}>

b

b

<[aab],>,<[ab],{a}>,

<[b].{a}>,<[a],{a,b}><[],{a,b}>

a

<[a],>,<[],{a}>

a

b

<[ab],>,<[b],{a}>,<[a],{b}>,<[],{a,b}>

c

<[],>

a

<[aabc],>,<[abc],{a}>,<[aab],{c}>

<[bc].{a}>,

<[ab],{a,c}>

<[aa],{b,c}>,<[a],{a,b}>,<[],{a,b}>

b

a

a

<[b],>,<[],{b}>

c

<[abc],>,<[ab],{c}>,

<[b].{a,c}>,<[a],{b,c}>,<[],{a,b,c}>

c

a

<[bc],>,<[b],{c}>,<[],{b,c}>

### How to construct this automaton?

• Each node consists of a set of pairs<s,A>, where s is a (subsumed) state and A is a subset of actions.

• It denotes that s is a subsumed state, and it takes the actions A (with possible repetition) in some order to reach the current state.

A

s

t

b

b

A

b(s)

b(t)

### How to update nodes?

X

Y

…,<s,A>,…

b

…, ?, …

• If <s,A> is in node X, then <s,A{b}> is in Y.

• If <s,A> is in node X and b is independent of all of A, then <b(s), A> is in Y.

Size: 2|S|x2||

### We make a restriction:

• Each process Pi will have its own set of propositions, related to the local states of Pi.

• We can write in […] only a conjunction of local properties.

### Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 1

Existing subset

Execution of joint action kills subset

### Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 2

Existing subset

Execution of joint action extends subset

Existing subset

### Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 3

Execution of joint action maintains subset

### Can be formulated as follows:

• “Freeze sets”– subsets of processes satisfying their portion of the property.

• proc(a) – the set of processes where action a participates.

• addproc(s, a) – when executing action a from state s, these are the local states from proc(a) that satisfy the local propositions that we check.

• Extension: Let F1addproc(s,a) and F2 existing subset such that F2proc(a)=. Then extend F1 into F1F2.

• Propagation: For existing subset F such that proc(a)F, we maintain F.

Bingo!!

### How to store efficiently?

• Freeze sets T are closed under union and intersection.

• Need to store only a basis B of T, where unions are not included.

• In this case, size of basis is not larger than number of elements.

• Update of basis is polynomial.

### How to perform model checking?

• Construct an automaton for A¬ as usual. Construct an automaton for each conjunction that appears inside the […] operator to run in parallel.

• Binary search is still polynomial in number of processes and size of formula!

### Conclusions

• Added capability of partial orders into LTL specification.

• Freeze sets construction for detecting global states that are subsumed during execution.

• Model checking is basically same complexity as for normal LTL!