Monitoring partial order snapshots
Download
1 / 37

Monitoring Partial Order Snapshots - PowerPoint PPT Presentation


  • 84 Views
  • Uploaded on

Monitoring Partial Order Snapshots. Joint work with Peter Niebert. Monitoring an interleaving sequence. Assume a model of execution with local events and synchronous communication. Concurrent events are monitored according to some (arbitrary) order. What are global states?

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Monitoring Partial Order Snapshots' - keira


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Monitoring partial order snapshots

Monitoring Partial Order Snapshots

Joint work with Peter Niebert


Monitoring an interleaving sequence
Monitoring an interleaving sequence

  • Assume a model of execution with local events and synchronous communication.

  • Concurrent events are monitored according to some (arbitrary) order.

  • What are global states?

  • What global states appear on execution (execution sequence)?


Partial order semantics
Partial Order Semantics

  • Sometimes called “real concurrency”.

  • There is no total order between events.

  • More intuitive. Closer to the actual behavior of the system.

  • More difficult to analyze.

  • Less verification results.

  • Natural transformation between models.

  • Partial order: (S , <), where < is

    • Transitive: x<y /\ y<z  x<z.

    • Antisymmetric: for no x, y, x<y /\ y>x.

    • Antireflexive: for no x, x<x.


Bank example
Bank Example

  • Two branches, initially $1M each.

  • In one branch: deposit, $2M.

  • In another branch: robbery.

  • How to model the system?


Global state space
Global state space

$1M, $1M

deposit

robbery

$3M, $1M

$1M, $0M

robbery

$3M, $0M

deposit


Should we invest in this bank
Should we invest in this bank?

$1M, $1M

Invest!

deposit

robbery

$3M, $1M

$1M, $0M

robbery

$3M, $0M

deposit

Do not Invest!

Invest!


Partial order description
Partial Order Description

$1M

$1M

deposit

robbery

$3M

$0M


Constructing global states
Constructing global states

$1M

$1M

deposit

robbery

$3M

$0M


Modeling with partial orders

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

m0:x:=x+1

n0:ch?z

pc1=m1,x=1

m1

n0

P1

P2

pc2=n1,y=0,z=1

pc1=m0,x=1

m1:ch!x

n1:y:=y+z

n1

m0

pc1=m1,x=2

pc2=n0,y=1,z=1

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1

Modeling with partial orders


Linearizations
Linearizations

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

pc1=m0,x=0,pc2=n0,y=0,z=0

pc1=m1,x=1

pc1=m1,x=1,pc2=n0,y=0,z=0

m1

n0

pc1=m0,x=1,pc2=n1,y=0,z=1

pc2=n1,y=0,z=1

pc1=m0,x=1

pc1=m1,x=2,pc2=n1,y=0,z=1

m0

n1

pc1=m1,x=2,pc2=n0,y=1,z=1

pc1=m1,x=2

pc2=n0,y=1,z=1

pc1=m0,x=2,pc2=n1,y=1,z=2

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1


Linearizations1
Linearizations

pc1=m0,x=0

pc2=n0,y=0,z=0

m0

pc1=m0,x=0,pc2=n0,y=0,z=0

pc1=m1,x=1

pc1=m1,x=1,pc2=n0,y=0,z=0

m1

n0

pc1=m0,x=1,pc2=n1,y=0,z=1

pc2=n1,y=0,z=1

pc1=m0,x=1

pc1=m0,x=1,pc2=n0,y=1,z=1

n1

m0

pc1=m1,x=2,pc2=n0,y=1,z=1

pc1=m1,x=2

pc2=n0,y=1,z=1

pc1=m0,x=2,pc2=n1,y=1,z=2

m1

n0

pc1=m0,x=2

pc2=n1,y=1,z=2

m0

n1


Nondeterminism is different from concurrency bank with one teller
Nondeterminism is different from concurrency: Bank with one teller

$1M

$1M

deposit

deposit

robbery

$3M

$1.1M

$0M

deposit

deposit

$3.1M


Partial order execution 1
Partial order execution 1 teller

$1M

$1M

deposit

robbery

$3M

$0M

deposit

$3.1M


Partial order execution 2
Partial order execution 2 teller

$1M

$1M

deposit

robbery

$1.1M

$0M

deposit

$3.1M


Traces
Traces teller

  • An equivalence relation among sequences. Defined using some symmetric and antireflexive independence relation I×.

  • Suppose that aIb, aIc (but not bIc).Then we have[abac ]=[baac,abac,aabc,baca,abca,bcaa ].

  • Snapshots of execution [abac ] are states after [a ], [b ], [ab ], [aa ], [bc ], [aab ], [abc ].

  • Note that the state after trace equivalent sequences, e.g., aab, aba, baa, are the same, so we can talk about the state after a trace.When clear, we write a trace also instead of the corresponding state at the end of it.


Extended ltl with snapshots the logic sltl
Extended LTL: with snapshots tellerThe logic SLTL

  • Basic syntax as LTL.

  • In addition, the “snapshot” operator[p], where p is a conjunction of positive and negative atomic propositions.

  • Semantics of new operator:(u,v)|=p iff there exists finite sequences u1, u2 such that [u]=[u1][u2] and(u1,u2v)|=p.


How to monitor executions and find snapshots
How to monitor executions and find snapshots? teller

  • A deterministic automaton that keeps all the global states that are subsumed on the way.


Automaton for prefixes of aabc
Automaton for tellerprefixes of [aabc].

<[aa],>,<[a],{a}>,

<[].{a}>

b

b

<[aab],>,<[ab],{a}>,

<[b].{a}>,<[a],{a,b}><[],{a,b}>

a

<[a],>,<[],{a}>

a

b

<[ab],>,<[b],{a}>,<[a],{b}>,<[],{a,b}>

c

<[],>

a

<[aabc],>,<[abc],{a}>,<[aab],{c}>

<[bc].{a}>,

<[ab],{a,c}>

<[aa],{b,c}>,<[a],{a,b}>,<[],{a,b}>

b

a

a

<[b],>,<[],{b}>

c

<[abc],>,<[ab],{c}>,

<[b].{a,c}>,<[a],{b,c}>,<[],{a,b,c}>

c

a

<[bc],>,<[b],{c}>,<[],{b,c}>


How to construct this automaton
How to construct this automaton? teller

  • Each node consists of a set of pairs<s,A>, where s is a (subsumed) state and A is a subset of actions.

  • It denotes that s is a subsumed state, and it takes the actions A (with possible repetition) in some order to reach the current state.


How to update nodes

A teller

s

t

b

b

A

b(s)

b(t)

How to update nodes?

X

Y

…,<s,A>,…

b

…, ?, …

  • If <s,A> is in node X, then <s,A{b}> is in Y.

  • If <s,A> is in node X and b is independent of all of A, then <b(s), A> is in Y.

Size: 2|S|x2||


We make a restriction
We make a restriction: teller

  • Each process Pi will have its own set of propositions, related to the local states of Pi.

  • We can write in […] only a conjunction of local properties.


Idea 1 grow up subset of processes with part of states satisfying conjunction case 1
Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 1

Existing subset

Execution of joint action kills subset


Idea 1 grow up subset of processes with part of states satisfying conjunction case 2
Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 2

Existing subset

Execution of joint action extends subset


Idea 1 grow up subset of processes with part of states satisfying conjunction case 3

Existing subset satisfying conjunction. Case 2

Idea 1: grow up subset of processes with part of states satisfying conjunction. Case 3

Execution of joint action maintains subset


Can be formulated as follows
Can be formulated as follows: satisfying conjunction. Case 2

  • “Freeze sets”– subsets of processes satisfying their portion of the property.

  • proc(a) – the set of processes where action a participates.

  • addproc(s, a) – when executing action a from state s, these are the local states from proc(a) that satisfy the local propositions that we check.

  • Extension: Let F1addproc(s,a) and F2 existing subset such that F2proc(a)=. Then extend F1 into F1F2.

  • Propagation: For existing subset F such that proc(a)F, we maintain F.


Propagation of freeze sets
Propagation of satisfying conjunction. Case 2“freeze sets”


Propagation of freeze sets1
Propagation of satisfying conjunction. Case 2“freeze sets”


Propagation of freeze sets2
Propagation of satisfying conjunction. Case 2“freeze sets”


Propagation of freeze sets3
Propagation of satisfying conjunction. Case 2“freeze sets”


Propagation of freeze sets4
Propagation of satisfying conjunction. Case 2“freeze sets”

Bingo!!


How to store efficiently
How to store efficiently? satisfying conjunction. Case 2

  • Freeze sets T are closed under union and intersection.

  • Need to store only a basis B of T, where unions are not included.

  • In this case, size of basis is not larger than number of elements.

  • Update of basis is polynomial.




We ignore some additional subsets p 1 p 2 p 3 etc
We ignore some additional subsets: others{P1, P2, P3}, etc.


We ignore some additional subsets p 1 p 2 p 3 etc1
We ignore some additional subsets: others{P1, P2, P3}, etc.


How to perform model checking
How to perform model checking? others

  • Construct an automaton for A¬ as usual. Construct an automaton for each conjunction that appears inside the […] operator to run in parallel.

  • Binary search is still polynomial in number of processes and size of formula!


Conclusions
Conclusions others

  • Added capability of partial orders into LTL specification.

  • Freeze sets construction for detecting global states that are subsumed during execution.

  • Model checking is basically same complexity as for normal LTL!


ad