Docstoc

Models for the Verification of Distributed Java Objects

Document Sample
Models for the Verification of Distributed Java Objects Powered By Docstoc
					Models for the Verification of Distributed Java Objects
Eric Madelaine
work with Tomás Barros, Rabéa Boulifa, Christophe Massol

OASIS Project, INRIA Sophia Antipolis June 2004
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

Goals
• Analysis and verification software platform for behavioural properties of distributed applications. • Long term goal: full language, usable by non-specialists • Automatic tools = static analysis, model-checkers, equivalence / preorder checkers.
Graphical / Logical Specifications

Automatic tools, diagnostics, etc.

Code analysis

Model

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Plan
• • • • • Distributed objects in ProActive Parameterized hierarchical models Extracting models Compositional verification Components

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

ProActive : distributed activities
• Active objects communicate by Remote Method Invocation. • Each active object: • has a request queue (always accepting incoming requests) • has a body specifying its behaviour (local state and computation, service of requests, submission of requests)
• manages the « wait by necessity » of responses (futures)
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

ProActive : High level semantics
• Independence wrt. distribution • Guarantee and Synchrony of delivery :
– RdV mechanism ensures the delivery of requests, and of responses.

• Determinism / Confluence :
– Asynchronous communication and processing do not change the final result of computation.
ASP Calculus: D. Caromel, L. Henrio, B. Serpette, “Asynchronous
and Deterministic Objects”, POPL’2004

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Methodology : Snapshot
Correctness of the implementation (preorder)
Informal Requirements Architecture (parameterized) Properties (parameterized)

Validate the model
Architecture (parameterized) Instantiations (abstractions)

Static Analysis

Model Checker

Correctness of the implementation (model-checking)

Abstract Source Code

Data Abstraction

Source Code

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Model (1) : Synchronisation Networks
• Labelled Transition Systems (LTS) <S,s0,L,  >
• Synchronisation Network (Net) <AG,In,T> with T=<TT,t0,LT,  > with vLT, v=[lt,1,…, n], i  Ii idle,, lt  AG • Synchronisation product : builds a global LTS from a Net of arity n, and n argument LTSs.
• Arnold 1992 : synchronisation networks • Lakas 1996 : Lotos open expressions • => Boulifa 2003, Model generation for distributed Java programs, Fidji’03
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

(2) Parameterized Networks
• Parameterized actions (with typed variables) pA • Parameterized LTS (pLTS) <K,S,s0,L,  > with state variables vs, and labels l=(b, (x), e)

• Synchronisation Network (Net) <pAG,Hn,pT> with pT =<KG,TT,t0,LT,  > with Hn = {(pIi,Ki)}i a finite set of holes vLT, v=[lt,1k1,…, nkn], iki  pIi idle, ki  Ki, lt  AG • Instantiation : for a finite abstract domain Dv pLTS x Dv  LTS Finite Network pNet x Dv  Net
• Barros, Boulifa, Madelaine “Parameterized Models for Distributed Java Objects”, Forte 2004, Madrid.
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

Graphical Models

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Large case-study: Electronic Invoices in Chile

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Electronic Invoices in Chile
Barros, Madelaine “Formalisation and Verification of the Chilean electronic invoice system”, INRIA report RR-5217, june 2004.

• 15 parameterized automata / 4 levels of hierarchy • state explosion: grouping, hiding, reduction by bisimulation : – instantiating 7 parameters yields > millions of states...

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Parameterized Properties
• Logical parameterized LTS

• Parameterized temporal logics
True/False + diagnostic
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

Extracting models by static analysis

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Model generation : key points
• Static topology : finite number of parameterized activities. • For each Active Object Class :
– – – – parameterized network of LTSs (one for each method) method calls = synchronisation messages remote calls : “wait by necessity” using proxy processes requests queue : the main potential blow-up…!
serve

• Property : starting from source code with abstracted data (simple types), we have a procedure that builds a finite parameterized model.

Aj
Req use

Qj

Pj
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

Consumer Network

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Buffer Network
Buf.Body

get
put

Buf.Queue

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Distributed Components

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Fractal hierarchical model :
composites encapsulate primitives, which encapsulates Java code
Component Identity Binding Controller

Lifecycle Controller

Content Controller

Controller

Content

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Fractal + ProActive Components for the GRID
An activity, a process, … potentially in its own JVM

1. Primitive component Java + Legacy D

C

2. Composite component
Composite: Hierarchical, and Distributed over machines

3. Parallel and composite component
Parallel: Composite + Broadcast (group)
OSMOSE -- WP2 -- Prague June 2004

Eric Madelaine

Components : correct composition
• Behaviour is an essential part of a component specification. • Model of components :
– – – – primitive = pLTS composite = pNet state-less component = static pNet controller = transducer
Controller Content

• Correctness of composition : – implementation preorder ?

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004

Conclusions
• Parameterized, hierarchical model. • Graphical language. • Validated with a realistic case-study. • Ongoing development : instantiation tool, graphical editor, generation of model from ProActive source code. • Incorporation within a verification platform
(ACI-SI Fiacre : INRIA-Oasis, INRIA-Vasy, ENST-Paris, SVF)
Eric Madelaine OSMOSE -- WP2 -- Prague June 2004

Perspectives
• Refine the graphical language, extend to other ProActive features, formalize the abstractions. • (Direct) parameterized verification. • Behavioural specifications of components, correct compositions.
http://www-sop.inria.fr/oasis/Vercors

Eric Madelaine

OSMOSE -- WP2 -- Prague June 2004


				
DOCUMENT INFO
Shared By:
Stats:
views:90
posted:4/23/2008
language:
pages:22