monitoring partial order snapshots
Download
Skip this Video
Download Presentation
Monitoring Partial Order Snapshots

Loading in 2 Seconds...

play fullscreen
1 / 37

Monitoring Partial Order Snapshots - PowerPoint PPT Presentation


  • 90 Views
  • Uploaded on

Monitoring Partial Order Snapshots. Joint work with Peter Niebert. Monitoring an interleaving sequence. Assume a model of execution with local events and synchronous communication. Concurrent events are monitored according to some (arbitrary) order. What are global states?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Monitoring Partial Order Snapshots' - keira


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
monitoring partial order snapshots

Monitoring Partial Order Snapshots

Joint work with Peter Niebert

monitoring an interleaving sequence
Monitoring an interleaving sequence
  • Assume a model of execution with local events and synchronous communication.
  • Concurrent events are monitored according to some (arbitrary) order.
  • What are global states?
  • What global states appear on execution (execution sequence)?
partial order semantics
Partial Order Semantics
  • Sometimes called “real concurrency”.
  • There is no total order between events.
  • More intuitive. Closer to the actual behavior of the system.
  • More difficult to analyze.
  • Less verification results.
  • Natural transformation between models.
  • Partial order: (S , <), where < is
    • Transitive: x<y /\ y<z  x<z.
    • Antisymmetric: for no x, y, x<y /\ y>x.
    • Antireflexive: for no x, x<x.
bank example
Bank Example
  • Two branches, initially $1M each.
  • In one branch: deposit, $2M.
  • In another branch: robbery.
  • How to model the system?
global state space
Global state space

$1M, $1M

deposit

robbery

$3M, $1M

$1M, $0M

robbery

$3M, $0M

deposit

should we invest in this bank
Should we invest in this bank?

$1M, $1M

Invest!

deposit

robbery

$3M, $1M

$1M, $0M

robbery

$3M, $0M

deposit

Do not Invest!

Invest!

partial order description
Partial Order Description

$1M

$1M

deposit

robbery

$3M

$0M

constructing global states
Constructing global states

$1M

$1M

deposit

robbery

$3M

$0M

modeling with partial orders

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

m0:x:=x+1

n0:ch?z

pc1=m1,x=1

m1

n0

P1

P2

pc2=n1,y=0,z=1

pc1=m0,x=1

m1:ch!x

n1:y:=y+z

n1

m0

pc1=m1,x=2

pc2=n0,y=1,z=1

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1

Modeling with partial orders
linearizations
Linearizations

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

pc1=m0,x=0,pc2=n0,y=0,z=0

pc1=m1,x=1

pc1=m1,x=1,pc2=n0,y=0,z=0

m1

n0

pc1=m0,x=1,pc2=n1,y=0,z=1

pc2=n1,y=0,z=1

pc1=m0,x=1

pc1=m1,x=2,pc2=n1,y=0,z=1

m0

n1

pc1=m1,x=2,pc2=n0,y=1,z=1

pc1=m1,x=2

pc2=n0,y=1,z=1

pc1=m0,x=2,pc2=n1,y=1,z=2

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1

linearizations1
Linearizations

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

pc1=m0,x=0,pc2=n0,y=0,z=0

pc1=m1,x=1

pc1=m1,x=1,pc2=n0,y=0,z=0

m1

n0

pc1=m0,x=1,pc2=n1,y=0,z=1

pc2=n1,y=0,z=1

pc1=m0,x=1

pc1=m0,x=1,pc2=n0,y=1,z=1

n1

m0

pc1=m1,x=2,pc2=n0,y=1,z=1

pc1=m1,x=2

pc2=n0,y=1,z=1

pc1=m0,x=2,pc2=n1,y=1,z=2

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1

nondeterminism is different from concurrency bank with one teller
Nondeterminism is different from concurrency: Bank with one teller

$1M

$1M

deposit

deposit

robbery

$3M

$1.1M

$0M

deposit

deposit

$3.1M

partial order execution 1
Partial order execution 1

$1M

$1M

deposit

robbery

$3M

$0M

deposit

$3.1M

partial order execution 2
Partial order execution 2

$1M

$1M

deposit

robbery

$1.1M

$0M

deposit

$3.1M

traces
Traces
  • An equivalence relation among sequences. Defined using some symmetric and antireflexive independence relation I×.
  • Suppose that aIb, aIc (but not bIc).Then we have[abac ]=[baac,abac,aabc,baca,abca,bcaa ].
  • Snapshots of execution [abac ] are states after [a ], [b ], [ab ], [aa ], [bc ], [aab ], [abc ].
  • Note that the state after trace equivalent sequences, e.g., aab, aba, baa, are the same, so we can talk about the state after a trace.When clear, we write a trace also instead of the corresponding state at the end of it.
extended ltl with snapshots the logic sltl
Extended LTL: with snapshotsThe logic SLTL
  • Basic syntax as LTL.
  • In addition, the “snapshot” operator[p], where p is a conjunction of positive and negative atomic propositions.
  • Semantics of new operator:(u,v)|=p iff there exists finite sequences u1, u2 such that [u]=[u1][u2] and(u1,u2v)|=p.
how to monitor executions and find snapshots
How to monitor executions and find snapshots?
  • A deterministic automaton that keeps all the global states that are subsumed on the way.
automaton for prefixes of aabc
Automaton forprefixes of [aabc].

<[aa],>,<[a],{a}>,

<[].{a}>

b

b

<[aab],>,<[ab],{a}>,

<[b].{a}>,<[a],{a,b}><[],{a,b}>

a

<[a],>,<[],{a}>

a

b

<[ab],>,<[b],{a}>,<[a],{b}>,<[],{a,b}>

c

<[],>

a

<[aabc],>,<[abc],{a}>,<[aab],{c}>

<[bc].{a}>,

<[ab],{a,c}>

<[aa],{b,c}>,<[a],{a,b}>,<[],{a,b}>

b

a

a

<[b],>,<[],{b}>

c

<[abc],>,<[ab],{c}>,

<[b].{a,c}>,<[a],{b,c}>,<[],{a,b,c}>

c

a

<[bc],>,<[b],{c}>,<[],{b,c}>

how to construct this automaton
How to construct this automaton?
  • Each node consists of a set of pairs<s,A>, where s is a (subsumed) state and A is a subset of actions.
  • It denotes that s is a subsumed state, and it takes the actions A (with possible repetition) in some order to reach the current state.
how to update nodes

A

s

t

b

b

A

b(s)

b(t)

How to update nodes?

X

Y

…,<s,A>,…

b

…, ?, …

  • If <s,A> is in node X, then <s,A{b}> is in Y.
  • If <s,A> is in node X and b is independent of all of A, then <b(s), A> is in Y.

Size: 2|S|x2||

we make a restriction
We make a restriction:
  • Each process Pi will have its own set of propositions, related to the local states of Pi.
  • We can write in […] only a conjunction of local properties.
idea 1 grow up subset of processes with part of states satisfying conjunction case 1
Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 1

Existing subset

Execution of joint action kills subset

idea 1 grow up subset of processes with part of states satisfying conjunction case 2
Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 2

Existing subset

Execution of joint action extends subset

idea 1 grow up subset of processes with part of states satisfying conjunction case 3

Existing subset

Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 3

Execution of joint action maintains subset

can be formulated as follows
Can be formulated as follows:
  • “Freeze sets”– subsets of processes satisfying their portion of the property.
  • proc(a) – the set of processes where action a participates.
  • addproc(s, a) – when executing action a from state s, these are the local states from proc(a) that satisfy the local propositions that we check.
  • Extension: Let F1addproc(s,a) and F2 existing subset such that F2proc(a)=. Then extend F1 into F1F2.
  • Propagation: For existing subset F such that proc(a)F, we maintain F.
how to store efficiently
How to store efficiently?
  • Freeze sets T are closed under union and intersection.
  • Need to store only a basis B of T, where unions are not included.
  • In this case, size of basis is not larger than number of elements.
  • Update of basis is polynomial.
how to perform model checking
How to perform model checking?
  • Construct an automaton for A¬ as usual. Construct an automaton for each conjunction that appears inside the […] operator to run in parallel.
  • Binary search is still polynomial in number of processes and size of formula!
conclusions
Conclusions
  • Added capability of partial orders into LTL specification.
  • Freeze sets construction for detecting global states that are subsumed during execution.
  • Model checking is basically same complexity as for normal LTL!
ad