Monitoring partial order snapshots
This presentation is the property of its rightful owner.
Sponsored Links
1 / 37

Monitoring Partial Order Snapshots PowerPoint PPT Presentation


  • 48 Views
  • Uploaded on
  • Presentation posted in: General

Monitoring Partial Order Snapshots. Joint work with Peter Niebert. Monitoring an interleaving sequence. Assume a model of execution with local events and synchronous communication. Concurrent events are monitored according to some (arbitrary) order. What are global states?

Download Presentation

Monitoring Partial Order Snapshots

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Monitoring partial order snapshots

Monitoring Partial Order Snapshots

Joint work with Peter Niebert


Monitoring an interleaving sequence

Monitoring an interleaving sequence

  • Assume a model of execution with local events and synchronous communication.

  • Concurrent events are monitored according to some (arbitrary) order.

  • What are global states?

  • What global states appear on execution (execution sequence)?


Partial order semantics

Partial Order Semantics

  • Sometimes called “real concurrency”.

  • There is no total order between events.

  • More intuitive. Closer to the actual behavior of the system.

  • More difficult to analyze.

  • Less verification results.

  • Natural transformation between models.

  • Partial order: (S , <), where < is

    • Transitive: x<y /\ y<z  x<z.

    • Antisymmetric: for no x, y, x<y /\ y>x.

    • Antireflexive: for no x, x<x.


Bank example

Bank Example

  • Two branches, initially $1M each.

  • In one branch: deposit, $2M.

  • In another branch: robbery.

  • How to model the system?


Global state space

Global state space

$1M, $1M

deposit

robbery

$3M, $1M

$1M, $0M

robbery

$3M, $0M

deposit


Should we invest in this bank

Should we invest in this bank?

$1M, $1M

Invest!

deposit

robbery

$3M, $1M

$1M, $0M

robbery

$3M, $0M

deposit

Do not Invest!

Invest!


Partial order description

Partial Order Description

$1M

$1M

deposit

robbery

$3M

$0M


Constructing global states

Constructing global states

$1M

$1M

deposit

robbery

$3M

$0M


Modeling with partial orders

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

m0:x:=x+1

n0:ch?z

pc1=m1,x=1

m1

n0

P1

P2

pc2=n1,y=0,z=1

pc1=m0,x=1

m1:ch!x

n1:y:=y+z

n1

m0

pc1=m1,x=2

pc2=n0,y=1,z=1

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1

Modeling with partial orders


Linearizations

Linearizations

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

pc1=m0,x=0,pc2=n0,y=0,z=0

pc1=m1,x=1

pc1=m1,x=1,pc2=n0,y=0,z=0

m1

n0

pc1=m0,x=1,pc2=n1,y=0,z=1

pc2=n1,y=0,z=1

pc1=m0,x=1

pc1=m1,x=2,pc2=n1,y=0,z=1

m0

n1

pc1=m1,x=2,pc2=n0,y=1,z=1

pc1=m1,x=2

pc2=n0,y=1,z=1

pc1=m0,x=2,pc2=n1,y=1,z=2

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1


Linearizations1

Linearizations

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

pc1=m0,x=0,pc2=n0,y=0,z=0

pc1=m1,x=1

pc1=m1,x=1,pc2=n0,y=0,z=0

m1

n0

pc1=m0,x=1,pc2=n1,y=0,z=1

pc2=n1,y=0,z=1

pc1=m0,x=1

pc1=m0,x=1,pc2=n0,y=1,z=1

n1

m0

pc1=m1,x=2,pc2=n0,y=1,z=1

pc1=m1,x=2

pc2=n0,y=1,z=1

pc1=m0,x=2,pc2=n1,y=1,z=2

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1


Nondeterminism is different from concurrency bank with one teller

Nondeterminism is different from concurrency: Bank with one teller

$1M

$1M

deposit

deposit

robbery

$3M

$1.1M

$0M

deposit

deposit

$3.1M


Partial order execution 1

Partial order execution 1

$1M

$1M

deposit

robbery

$3M

$0M

deposit

$3.1M


Partial order execution 2

Partial order execution 2

$1M

$1M

deposit

robbery

$1.1M

$0M

deposit

$3.1M


Traces

Traces

  • An equivalence relation among sequences. Defined using some symmetric and antireflexive independence relation I×.

  • Suppose that aIb, aIc (but not bIc).Then we have[abac ]=[baac,abac,aabc,baca,abca,bcaa ].

  • Snapshots of execution [abac ] are states after [a ], [b ], [ab ], [aa ], [bc ], [aab ], [abc ].

  • Note that the state after trace equivalent sequences, e.g., aab, aba, baa, are the same, so we can talk about the state after a trace.When clear, we write a trace also instead of the corresponding state at the end of it.


Extended ltl with snapshots the logic sltl

Extended LTL: with snapshotsThe logic SLTL

  • Basic syntax as LTL.

  • In addition, the “snapshot” operator[p], where p is a conjunction of positive and negative atomic propositions.

  • Semantics of new operator:(u,v)|=p iff there exists finite sequences u1, u2 such that [u]=[u1][u2] and(u1,u2v)|=p.


How to monitor executions and find snapshots

How to monitor executions and find snapshots?

  • A deterministic automaton that keeps all the global states that are subsumed on the way.


Automaton for prefixes of aabc

Automaton forprefixes of [aabc].

<[aa],>,<[a],{a}>,

<[].{a}>

b

b

<[aab],>,<[ab],{a}>,

<[b].{a}>,<[a],{a,b}><[],{a,b}>

a

<[a],>,<[],{a}>

a

b

<[ab],>,<[b],{a}>,<[a],{b}>,<[],{a,b}>

c

<[],>

a

<[aabc],>,<[abc],{a}>,<[aab],{c}>

<[bc].{a}>,

<[ab],{a,c}>

<[aa],{b,c}>,<[a],{a,b}>,<[],{a,b}>

b

a

a

<[b],>,<[],{b}>

c

<[abc],>,<[ab],{c}>,

<[b].{a,c}>,<[a],{b,c}>,<[],{a,b,c}>

c

a

<[bc],>,<[b],{c}>,<[],{b,c}>


How to construct this automaton

How to construct this automaton?

  • Each node consists of a set of pairs<s,A>, where s is a (subsumed) state and A is a subset of actions.

  • It denotes that s is a subsumed state, and it takes the actions A (with possible repetition) in some order to reach the current state.


How to update nodes

A

s

t

b

b

A

b(s)

b(t)

How to update nodes?

X

Y

…,<s,A>,…

b

…, ?, …

  • If <s,A> is in node X, then <s,A{b}> is in Y.

  • If <s,A> is in node X and b is independent of all of A, then <b(s), A> is in Y.

Size: 2|S|x2||


We make a restriction

We make a restriction:

  • Each process Pi will have its own set of propositions, related to the local states of Pi.

  • We can write in […] only a conjunction of local properties.


Idea 1 grow up subset of processes with part of states satisfying conjunction case 1

Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 1

Existing subset

Execution of joint action kills subset


Idea 1 grow up subset of processes with part of states satisfying conjunction case 2

Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 2

Existing subset

Execution of joint action extends subset


Idea 1 grow up subset of processes with part of states satisfying conjunction case 3

Existing subset

Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 3

Execution of joint action maintains subset


Can be formulated as follows

Can be formulated as follows:

  • “Freeze sets”– subsets of processes satisfying their portion of the property.

  • proc(a) – the set of processes where action a participates.

  • addproc(s, a) – when executing action a from state s, these are the local states from proc(a) that satisfy the local propositions that we check.

  • Extension: Let F1addproc(s,a) and F2 existing subset such that F2proc(a)=. Then extend F1 into F1F2.

  • Propagation: For existing subset F such that proc(a)F, we maintain F.


Propagation of freeze sets

Propagation of “freeze sets”


Propagation of freeze sets1

Propagation of “freeze sets”


Propagation of freeze sets2

Propagation of “freeze sets”


Propagation of freeze sets3

Propagation of “freeze sets”


Propagation of freeze sets4

Propagation of “freeze sets”

Bingo!!


How to store efficiently

How to store efficiently?

  • Freeze sets T are closed under union and intersection.

  • Need to store only a basis B of T, where unions are not included.

  • In this case, size of basis is not larger than number of elements.

  • Update of basis is polynomial.


Another example we do not keep sets that are unions of others

Another example. We do not keep sets that are unions of others


Another example

Another example


We ignore some additional subsets p 1 p 2 p 3 etc

We ignore some additional subsets: {P1, P2, P3}, etc.


We ignore some additional subsets p 1 p 2 p 3 etc1

We ignore some additional subsets: {P1, P2, P3}, etc.


How to perform model checking

How to perform model checking?

  • Construct an automaton for A¬ as usual. Construct an automaton for each conjunction that appears inside the […] operator to run in parallel.

  • Binary search is still polynomial in number of processes and size of formula!


Conclusions

Conclusions

  • Added capability of partial orders into LTL specification.

  • Freeze sets construction for detecting global states that are subsumed during execution.

  • Model checking is basically same complexity as for normal LTL!


  • Login