Models for the verification of distributed java objects
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

Models for the Verification of Distributed Java Objects PowerPoint PPT Presentation


  • 72 Views
  • Uploaded on
  • Presentation posted in: General

Models for the Verification of Distributed Java Objects. Eric Madelaine work with Tomás Barros, Rabéa Boulifa, Christophe Massol OASIS Project, INRIA Sophia Antipolis June 2004. Goals. Analysis and verification software platform for behavioural properties of distributed applications.

Download Presentation

Models for the Verification of Distributed Java Objects

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Models for the verification of distributed java objects

Models for the Verification of Distributed Java Objects

Eric Madelaine

work with

Tomás Barros, Rabéa Boulifa, Christophe Massol

OASIS Project, INRIA Sophia Antipolis

June 2004


Goals

Goals

  • Analysis and verification software platform for behavioural properties of distributed applications.

  • Long term goal: full language, usable by non-specialists

  • Automatic tools = static analysis, model-checkers,

    equivalence / preorder checkers.

Graphical / Logical

Specifications

Automatic tools, diagnostics, etc.

Code analysis

Model


Models for the verification of distributed java objects

Plan

  • Distributed objects in ProActive

  • Parameterized hierarchical models

  • Extracting models

  • Compositional verification

  • Components


Proactive distributed activities

ProActive : distributed activities

  • Active objects communicate by Remote Method Invocation.

  • Each active object:

    • has a request queue (always accepting incoming requests)

    • has a body specifying its behaviour (local state and computation, service of requests, submission of requests)

    • manages the « wait by necessity » of responses (futures)


Proactive high level semantics

ProActive : High level semantics

  • Independence wrt. distribution

  • Guarantee and Synchrony of delivery :

    • RdV mechanism ensures the delivery of requests, and of responses.

  • Determinism / Confluence :

    • Asynchronous communication and processing do not change the final result of computation.

      ASP Calculus: D. Caromel, L. Henrio, B. Serpette, “Asynchronous and Deterministic Objects”, POPL’2004


Models for the verification of distributed java objects

Correctness of the

implementation

(preorder)

Architecture

(parameterized)

Properties

(parameterized)

Validate the model

Architecture

(parameterized)

Instantiations

(abstractions)

Correctness of the

implementation (model-checking)

Static Analysis

Abstract

Source Code

Source

Code

Data

Abstraction

Methodology : Snapshot

Informal

Requirements

Model Checker


Model 1 synchronisation networks

Model (1) :Synchronisation Networks

  • Labelled Transition Systems (LTS) <S,s0,L,  >

  • Synchronisation Network (Net)

    <AG,In,T> with T=<TT,t0,LT,  >

    with vLT, v=[lt,1,…, n], i  Ii idle,, lt  AG

  • Synchronisation product :

    builds a global LTS from a Net of arity n, and n argument LTSs.

  • Arnold 1992 : synchronisation networks

  • Lakas 1996 : Lotos open expressions

  • => Boulifa 2003, Model generation for distributed Java programs, Fidji’03


2 parameterized networks

(2) Parameterized Networks

  • Parameterized actions (with typed variables) pA

  • Parameterized LTS (pLTS) <K,S,s0,L,  >

    with state variables vs, and labels l=(b, (x), e)

  • Synchronisation Network (Net)

    <pAG,Hn,pT> with pT =<KG,TT,t0,LT,  >

    with Hn = {(pIi,Ki)}i a finite set of holes

    vLT, v=[lt,1k1,…, nkn], iki pIi idle, ki  Ki, lt  AG

  • Instantiation : for a finite abstract domain Dv

    pLTS x Dv  LTS

    pNet x Dv  Net

  • Barros, Boulifa, Madelaine “Parameterized Models for Distributed Java Objects”, Forte 2004, Madrid.

Finite Network


Graphical models

Graphical Models


Large case study electronic invoices in chile

Large case-study:Electronic Invoices in Chile


Electronic invoices in chile

Electronic Invoices in Chile

Barros, Madelaine “Formalisation and Verification of the Chilean electronic invoice system”, INRIA report RR-5217, june 2004.

  • 15 parameterized automata / 4 levels of hierarchy

  • state explosion: grouping, hiding, reduction by bisimulation :

    • instantiating 7 parameters yields > millions of states...


Parameterized properties

True/False + diagnostic

Parameterized Properties

  • Logical parameterized LTS

  • Parameterized temporal logics


Extracting models by static analysis

Extracting models by static analysis


Model generation key points

serve

Aj

Qj

use

Req

Pj

Model generation : key points

  • Static topology : finite number of parameterized activities.

  • For each Active Object Class :

    • parameterized network of LTSs (one for each method)

    • method calls = synchronisation messages

    • remote calls : “wait by necessity” using proxy processes

    • requests queue : the main potential blow-up…!

  • Property : starting from source code with abstracted data (simple types), we have a procedure that builds a finite parameterized model.


Consumer network

Consumer Network


Buffer network

Buffer Network

Buf.Body

get

put

Buf.Queue


Distributed components

Distributed Components


Fractal hierarchical model composites encapsulate primitives which encapsulates java code

Component

Identity

Content

Controller

Lifecycle

Controller

Binding

Controller

Fractal hierarchical model :composites encapsulate primitives, which encapsulates Java code

Controller

Content


Fractal proactive components for the grid

1. Primitive component

Java + Legacy

D

C

2. Composite component

3. Parallel and composite

component

Fractal + ProActiveComponents for the GRID

An activity, a process, …

potentially in its own JVM

Composite: Hierarchical, and

Distributed over machines

Parallel: Composite

+ Broadcast (group)


Components correct composition

Controller

Content

Components : correct composition

  • Behaviour is an essential part of a component specification.

  • Model of components :

    • primitive = pLTS

    • composite = pNet

    • state-less component = static pNet

    • controller = transducer

  • Correctness of composition :

    • implementation preorder ?


Conclusions

Conclusions

  • Parameterized, hierarchical model.

  • Graphical language.

  • Validated with a realistic case-study.

  • Ongoing development : instantiation tool, graphical editor, generation of model from ProActive source code.

  • Incorporation within a verification platform

    (ACI-SIFiacre : INRIA-Oasis, INRIA-Vasy, ENST-Paris, SVF)


Perspectives

Perspectives

  • Refine the graphical language, extend to other ProActive features, formalize the abstractions.

  • (Direct) parameterized verification.

  • Behavioural specifications of components, correct compositions.

    http://www-sop.inria.fr/oasis/Vercors


  • Login