models for the verification of distributed java objects
DESCRIPTION
Models for the Verification of Distributed Java Objects. Eric Madelaine work with Tomás Barros, Rabéa Boulifa, Christophe Massol OASIS Project, INRIA Sophia Antipolis June 2004. Goals. Analysis and verification software platform for behavioural properties of distributed applications. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/1.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Models for the Verification of Distributed Java Objects
Eric Madelainework with
Tomás Barros, Rabéa Boulifa, Christophe Massol
OASIS Project, INRIA Sophia AntipolisJune 2004
![Page 2: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/2.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Goals• Analysis and verification software platform for behavioural properties of distributed applications.
• Long term goal: full language, usable by non-specialists
• Automatic tools = static analysis, model-checkers,
equivalence / preorder checkers.
Graphical / Logical Specifications
Code analysis Model
Automatic tools, diagnostics, etc.
![Page 3: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/3.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Plan
• Distributed objects in ProActive
• Parameterized hierarchical models
• Extracting models
• Compositional verification
• Components
![Page 4: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/4.jpg)
OSMOSE -- WP2 -- Prague June 2004
Eric Madelaine
ProActive : distributed activities
• Active objects communicate by Remote Method Invocation.
• Each active object:
• has a request queue (always accepting incoming requests)
• has a body specifying its behaviour (local state and computation, service of requests, submission of requests)
• manages the « wait by necessity » of responses (futures)
![Page 5: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/5.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
ProActive : High level semantics
• Independence wrt. distribution
• Guarantee and Synchrony of delivery :– RdV mechanism ensures the delivery of requests,
and of responses.
• Determinism / Confluence :– Asynchronous communication and processing do
not change the final result of computation.
ASP Calculus: D. Caromel, L. Henrio, B. Serpette, “Asynchronous and Deterministic Objects”, POPL’2004
![Page 6: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/6.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Methodology : SnapshotInformal
Requirements
Model Checker
Source
Code
Architecture
(parameterized)
Properties
(parameterized)
Instantiations
(abstractions)
Abstract
Source Code
Data
Abstraction
Architecture
(parameterized)
Static Analysis
Validate the model
Correctness of the
implementation (model-
checking)
Correctness of the
implementation
(preorder)
![Page 7: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/7.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Model (1) :Synchronisation Networks
• Labelled Transition Systems (LTS) <S,s0,L, >
• Synchronisation Network (Net) <AG,In,T> with T=<TT,t0,LT, >
with vLT, v=[lt,1,…, n], i Ii idle,, lt AG
• Synchronisation product : builds a global LTS from a Net of arity n, and n
argument LTSs.
• Arnold 1992 : synchronisation networks• Lakas 1996 : Lotos open expressions• => Boulifa 2003, Model generation for distributed Java programs, Fidji’03
![Page 8: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/8.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
• Parameterized actions (with typed variables) pA• Parameterized LTS (pLTS) <K,S,s0,L, >
with state variables vs, and labels l=(b, (x), e)
• Synchronisation Network (Net) <pAG,Hn,pT> with pT =<KG,TT,t0,LT, >
with Hn = {(pIi,Ki)}i a finite set of holes
vLT, v=[lt,1k1,…, n
kn], iki
pIi idle, ki Ki, lt AG
• Instantiation : for a finite abstract domain Dv
pLTS x Dv LTS
pNet x Dv Net
• Barros, Boulifa, Madelaine “Parameterized Models for Distributed Java Objects”, Forte 2004, Madrid.
(2) Parameterized Networks
Finite Network
![Page 9: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/9.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Graphical Models
![Page 10: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/10.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Large case-study:Electronic Invoices in Chile
![Page 11: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/11.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Electronic Invoices in ChileBarros, Madelaine “Formalisation and Verification of the Chilean electronic invoice system”, INRIA report RR-5217, june 2004.
• 15 parameterized automata / 4 levels of hierarchy
• state explosion: grouping, hiding, reduction by bisimulation :
– instantiating 7 parameters yields > millions of states...
![Page 12: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/12.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Parameterized Properties
True/False + diagnosticTrue/False + diagnostic
• Logical parameterized LTS
• Parameterized temporal logics
![Page 13: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/13.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Extracting models by static analysis
![Page 14: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/14.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Model generation : key points
• Static topology : finite number of parameterized activities.
• For each Active Object Class : – parameterized network of LTSs (one for each method)– method calls = synchronisation messages– remote calls : “wait by necessity” using proxy processes– requests queue : the main potential blow-up…!
• Property : starting from source code with abstracted data (simple types), we have a procedure that builds a finite parameterized model.
Aj Qj
serve
Pj
Requse
![Page 15: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/15.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Consumer Network
![Page 16: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/16.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Buffer Network
Buf.Body
put
Buf.Queue
get
![Page 17: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/17.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Distributed Components
![Page 18: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/18.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Fractal hierarchical model : composites encapsulate primitives, which encapsulates Java code
ComponentIdentity
BindingController
LifecycleController
ContentController
Content
Controller
![Page 19: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/19.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Fractal + ProActive Components for the GRID
An activity, a process, …potentially in its own JVM
2. Composite component
C
1. Primitive component Java + Legacy
3. Parallel and composite component
D
Composite: Hierarchical, and Distributed over machines Parallel: Composite
+ Broadcast (group)
![Page 20: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/20.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Components : correct composition• Behaviour is an essential part of a component
specification.
• Model of components :– primitive = pLTS
– composite = pNet
– state-less component = static pNet
– controller = transducer
• Correctness of composition :– implementation preorder ?
ContentController
![Page 21: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/21.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Conclusions• Parameterized, hierarchical model.
• Graphical language.
• Validated with a realistic case-study.
• Ongoing development : instantiation tool, graphical editor, generation of model from ProActive source code.
• Incorporation within a verification platform
(ACI-SI Fiacre : INRIA-Oasis, INRIA-Vasy, ENST-Paris, SVF)
![Page 22: Models for the Verification of Distributed Java Objects](https://reader036.vdocuments.net/reader036/viewer/2022062518/5681459f550346895db292e1/html5/thumbnails/22.jpg)
Eric MadelaineOSMOSE -- WP2 -- Prague June
2004
Perspectives• Refine the graphical language, extend to other ProActive features, formalize the abstractions.
• (Direct) parameterized verification.
• Behavioural specifications of components, correct compositions.
http://www-sop.inria.fr/oasis/Vercors