Models for the Verification of Distributed Java Objects by Semaj1212

VIEWS: 90 PAGES: 22

									Models for the Verification of Distributed Java Objects
Eric Madelaine
work with Tomás Barros, Rabéa Boulifa, Christophe Massol

OASIS Project, INRIA Sophia Antipolis June 2004
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

Goals
• Analysis and verification software platform for behavioural properties of distributed applications. • Long term goal: full language, usable by non-specialists • Automatic tools = static analysis, model-checkers, equivalence / preorder checkers.
Graphical / Logical Specifications

Automatic tools, diagnostics, etc.

Code analysis

Model

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Plan
• • • • • Distributed objects in ProActive Parameterized hierarchical models Extracting models Compositional verification Components

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

ProActive : distributed activities
• Active objects communicate by Remote Method Invocation. • Each active object: • has a request queue (always accepting incoming requests) • has a body specifying its behaviour (local state and computation, service of requests, submission of requests)
• manages the « wait by necessity » of responses (futures)
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

ProActive : High level semantics
• Independence wrt. distribution • Guarantee and Synchrony of delivery :
– RdV mechanism ensures the delivery of requests, and of responses.

• Determinism / Confluence :
– Asynchronous communication and processing do not change the final result of computation.
ASP Calculus: D. Caromel, L. Henrio, B. Serpette, “Asynchronous
and Deterministic Objects”, POPL’2004

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Methodology : Snapshot
Correctness of the implementation (preorder)
Informal Requirements Architecture (parameterized) Properties (parameterized)

Validate the model
Architecture (parameterized) Instantiations (abstractions)

Static Analysis

Model Checker

Correctness of the implementation (model-checking)

Abstract Source Code

Data Abstraction

Source Code

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Model (1) : Synchronisation Networks
• Labelled Transition Systems (LTS) <S,s0,L,  >
• Synchronisation Network (Net) <AG,In,T> with T=<TT,t0,LT,  > with vLT, v=[lt,1,…, n], i  Ii idle,, lt  AG • Synchronisation product : builds a global LTS from a Net of arity n, and n argument LTSs.
• Arnold 1992 : synchronisation networks • Lakas 1996 : Lotos open expressions • => Boulifa 2003, Model generation for distributed Java programs, Fidji’03
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

(2) Parameterized Networks
• Parameterized actions (with typed variables) pA • Parameterized LTS (pLTS) <K,S,s0,L,  > with state variables vs, and labels l=(b, (x), e)

• Synchronisation Network (Net) <pAG,Hn,pT> with pT =<KG,TT,t0,LT,  > with Hn = {(pIi,Ki)}i a finite set of holes vLT, v=[lt,1k1,…, nkn], iki  pIi idle, ki  Ki, lt  AG • Instantiation : for a finite abstract domain Dv pLTS x Dv  LTS Finite Network pNet x Dv  Net
• Barros, Boulifa, Madelaine “Parameterized Models for Distributed Java Objects”, Forte 2004, Madrid.
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

Graphical Models

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Large case-study: Electronic Invoices in Chile

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Electronic Invoices in Chile
Barros, Madelaine “Formalisation and Verification of the Chilean electronic invoice system”, INRIA report RR-5217, june 2004.

• 15 parameterized automata / 4 levels of hierarchy • state explosion: grouping, hiding, reduction by bisimulation : – instantiating 7 parameters yields > millions of states...

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Parameterized Properties
• Logical parameterized LTS

• Parameterized temporal logics
True/False + diagnostic
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

Extracting models by static analysis

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Model generation : key points
• Static topology : finite number of parameterized activities. • For each Active Object Class :
– – – – parameterized network of LTSs (one for each method) method calls = synchronisation messages remote calls : “wait by necessity” using proxy processes requests queue : the main potential blow-up…!
serve

• Property : starting from source code with abstracted data (simple types), we have a procedure that builds a finite parameterized model.

Aj
Req use

Qj

Pj
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

Consumer Network

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Buffer Network
Buf.Body

get
put

Buf.Queue

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Distributed Components

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Fractal hierarchical model :
composites encapsulate primitives, which encapsulates Java code
Component Identity Binding Controller

Lifecycle Controller

Content Controller

Controller

Content

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Fractal + ProActive Components for the GRID
An activity, a process, … potentially in its own JVM

1. Primitive component Java + Legacy D

C

2. Composite component
Composite: Hierarchical, and Distributed over machines

3. Parallel and composite component
Parallel: Composite + Broadcast (group)
OSMOSE -- WP2 -- Prague June 2004

Eric Madelaine

Components : correct composition
• Behaviour is an essential part of a component specification. • Model of components :
– – – – primitive = pLTS composite = pNet state-less component = static pNet controller = transducer
Controller Content

• Correctness of composition : – implementation preorder ?

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Conclusions
• Parameterized, hierarchical model. • Graphical language. • Validated with a realistic case-study. • Ongoing development : instantiation tool, graphical editor, generation of model from ProActive source code. • Incorporation within a verification platform
(ACI-SI Fiacre : INRIA-Oasis, INRIA-Vasy, ENST-Paris, SVF)
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

Perspectives
• Refine the graphical language, extend to other ProActive features, formalize the abstractions. • (Direct) parameterized verification. • Behavioural specifications of components, correct compositions.
http://www-sop.inria.fr/oasis/Vercors

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004


								
To top