Refined interfaces for compositional verification

Similar documents
Notes on specifying systems in EST

Bisimulation. R.J. van Glabbeek

Strong Bisimulation. Overview. References. Actions Labeled transition system Transition semantics Simulation Bisimulation

Parse trees, ambiguity, and Chomsky normal form

Learning Moore Machines from Input-Output Traces

Formal Languages Simplifications of CFGs

Summer School Verification Technology, Systems & Applications

Reinforcement learning II

Finite Automata Theory and Formal Languages TMV027/DIT321 LP4 2018

Lecture 3 ( ) (translated and slightly adapted from lecture notes by Martin Klazar)

Designing finite automata II

THE EXISTENCE-UNIQUENESS THEOREM FOR FIRST-ORDER DIFFERENTIAL EQUATIONS.

Good-for-Games Automata versus Deterministic Automata.

Managing non-determinism in symbolic robot motion planning and control

Chapter 2 Finite Automata

How to simulate Turing machines by invertible one-dimensional cellular automata

Normal Forms for Context-free Grammars

Non-Deterministic Finite Automata. Fall 2018 Costas Busch - RPI 1

Informe Técnico / Technical Report

Concepts of Concurrent Computation Spring 2015 Lecture 9: Petri Nets

Theory of Computation Regular Languages. (NTU EE) Regular Languages Fall / 38

CS375: Logic and Theory of Computing

Global Types for Dynamic Checking of Protocol Conformance of Multi-Agent Systems

Convert the NFA into DFA

Semantic Reachability. Richard Mayr. Institut fur Informatik. Technische Universitat Munchen. Arcisstr. 21, D Munchen, Germany E. N. T. C. S.

Section 14.3 Arc Length and Curvature

CS 275 Automata and Formal Language Theory

Theory of Computation Regular Languages

SAT-Solving in CSP Trace Refinement

12.1 Nondeterminism Nondeterministic Finite Automata. a a b ε. CS125 Lecture 12 Fall 2016

Calculating τ-confluence Compositionally

Global Session Types for Dynamic Checking of Protocol Conformance of Multi-Agent Systems

Towards High-Level Specification & Synthesis of Dynamic Process Logic

Process Algebra CSP A Technique to Model Concurrent Programs

Centrum voor Wiskunde en Informatica REPORTRAPPORT. Supervisory control for nondeterministic systems

Frobenius numbers of generalized Fibonacci semigroups

Non Deterministic Automata. Linz: Nondeterministic Finite Accepters, page 51

Chapter 5 Plan-Space Planning

1 From NFA to regular expression

CSCI 340: Computational Models. Kleene s Theorem. Department of Computer Science

Semantic reachability for simple process algebras. Richard Mayr. Abstract

CS415 Compilers. Lexical Analysis and. These slides are based on slides copyrighted by Keith Cooper, Ken Kennedy & Linda Torczon at Rice University

Jin-Fu Li. Department of Electrical Engineering National Central University Jhongli, Taiwan

1.4 Nonregular Languages

Minimal DFA. minimal DFA for L starting from any other

12.1 Nondeterminism Nondeterministic Finite Automata. a a b ε. CS125 Lecture 12 Fall 2014

CS 267: Automated Verification. Lecture 8: Automata Theoretic Model Checking. Instructor: Tevfik Bultan

Stuttering for Abstract Probabilistic Automata

Chapter 4 Contravariance, Covariance, and Spacetime Diagrams

Safety Controller Synthesis for Switched Systems using Multiscale Symbolic Models

Introduction to spefication and verification Lecture Notes, autumn 2011

Coalgebra, Lecture 15: Equations for Deterministic Automata

LTL Translation Improvements in Spot

CS 275 Automata and Formal Language Theory

CS 275 Automata and Formal Language Theory

Uninformed Search Lecture 4

Event Structures for Arbitrary Disruption

Formal Languages and Automata

Non Deterministic Automata. Formal Languages and Automata - Yonsei CS 1

Communication à un colloque (Conference Paper)

Real-time Concepts for a Formal Specification Language for Software / Hardware Systems

Automata Theory 101. Introduction. Outline. Introduction Finite Automata Regular Expressions ω-automata. Ralf Huuck.

Finite Automata. Informatics 2A: Lecture 3. John Longley. 22 September School of Informatics University of Edinburgh

Extended nonlocal games from quantum-classical games

Probabilistic Model Checking Michaelmas Term Dr. Dave Parker. Department of Computer Science University of Oxford

Hennessy-Milner Logic 1.

Conjunction on processes: Full abstraction via ready-tree semantics

NFAs and Regular Expressions. NFA-ε, continued. Recall. Last class: Today: Fun:

Lecture 9: LTL and Büchi Automata

Jonathan Mugan. July 15, 2013

CS:4330 Theory of Computation Spring Regular Languages. Equivalences between Finite automata and REs. Haniel Barbosa

Infinite Geometric Series

1 Online Learning and Regret Minimization

FABER Formal Languages, Automata and Models of Computation

AUTOMATA AND LANGUAGES. Definition 1.5: Finite Automaton

19 Optimal behavior: Game theory

Definite integral. Mathematics FRDIS MENDELU

Lexical Analysis Finite Automate

CS5371 Theory of Computation. Lecture 20: Complexity V (Polynomial-Time Reducibility)

Finite Automata Part Three

Non-Deterministic Finite Automata

Component Based Testing with ioco

Verifying Concurrent Message-Passing C Programs with Recursive Calls

Kleene Theorems for Free Choice Nets Labelled with Distributed Alphabets

A Formal Approach for Contextual Planning Management: Application to Smart Campus Environment.

A From LTL to Deterministic Automata A Safraless Compositional Approach

Intermediate Math Circles Wednesday, November 14, 2018 Finite Automata II. Nickolas Rollick a b b. a b 4

From LTL to Symbolically Represented Deterministic Automata

Jim Lambers MAT 169 Fall Semester Lecture 4 Notes

Finite Automata-cont d

Safety Controller Synthesis for Switched Systems using Multiscale Symbolic Models

EE273 Lecture 15 Asynchronous Design November 16, Today s Assignment

Math Lecture 23

Regular expressions, Finite Automata, transition graphs are all the same!!

Foundations for Timed Systems

Module 6: LINEAR TRANSFORMATIONS

Duality # Second iteration for HW problem. Recall our LP example problem we have been working on, in equality form, is given below.

Definite integral. Mathematics FRDIS MENDELU. Simona Fišnarová (Mendel University) Definite integral MENDELU 1 / 30

Playing Games with Timed Games,

A Tracking Semantics for CSP

Transcription:

Refined interfces for compositionl verifiction Frédéric Lng INRI Rhône-lpes http://www.inrilpes.fr/vsy

Motivtion Enumertive verifiction of concurrent systems Prllel composition of synchronous processes Systemtic explortion of the stte/trnsition grph obtined by interleving nd synchroniztion ompositionl verifiction to pllite stte explosion Simple: reduce stte/trnsition grphs incrementlly Enhnced: use interfce constrints to void intermedite stte explosion This tlk is bout tool to build interfce constrints utomticlly 2

Stte/trnsition grphs Semntic model of ction-bsed processes, lso clled Lbelled Trnsition System (LTS) Trnsitions between sttes re lbelled by events Synchronizble/observble events Non-synchronizble/hidden event τ b c τ c P toolbox llows on-the-fly explortion of stte/trnsition grphs (OPEN/ESR) 3

Using interfce constrints big grph P cn be reduced using interfce constrints, represented s grph I nd set of lbels through which P nd I interct Projection opertor P I (Grf & Steffen, Krimm & Mounier) omputes the sub-grph of P rechble in P I I cn be reduced modulo sfety equivlence fter hiding ll lbels outside similr pproch exists for SP (heung & Krmer) Norml prllel composition insted of projection Requires tu elimintion nd determiniztion (expensive) in I to ensure context trnsprency 4

5 Exmple of projection 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 {,, } = 0 1 2 8 4 0 5 1 6 2 7 3

The PROJETOR tool of P Softwre implementtion of projection (Krimm & Mounier 1997) OPEN/ESR grph P G grph (interfce) I Synchroniztion set PROJETOR G Grph P I 6

omputing the interfce constrints Solution 1: User-specified interfce The user provides n interfce correct interfce is hrd to guess ut correctness cn be checked fterwrds Solution 2: "Exct" interfce correct interfce is computed utomticlly from the environment Krimm & Mounier give n lgorithm bsed on n nlysis of the lgebric LOTOS-like expression describing the composition of processes The interfce I is process of the composition The synchroniztion set is derived utomticlly 7

Limittion 1 of K&M lgorithm The method to compute the synchroniztion set is specific to LOTOS prllel composition How cn we build exct interfces in expressions tht use different nd/or more generl opertors? 8

Limittion 2 of K&M lgorithm It is impossible to compute interfce constrints induced by combintion of (distnt) processes Sometimes, only such constrints llow reductions Exmple: in b c {, b, d} ( {c, d} ) b d d P 1 P 2 P 3 restricting P 3 w.r.t. either P 1 or P 2 yields no reduction: P 3 {, d} P 1 = P 3 {c, d} P 2 = P 3 Using n interfce obtined by combintion of P 1 nd P 2 (synchronized on b) would yield better reductions d c c d c 9

Limittion 3 of K&M lgorithm Interfces my be not precise enough when nondeterministic synchroniztion is involved Exmple: in b b Restricting P 2 w.r.t. P 1 yields no reduction: P 2 {} P 1 = P 2 However P 1 implies tht two successive b ctions cnnot be reched without n in between b, b b {, b} ( {} ) P 1 P 2 P 3 d 10

Refined interfces We propose new lgorithm which solves the limittions of K&M lgorithm The lgorithm works in three phses 1. Trnsltion of the composition of processes into generl model clled "synchroniztion networks" 2. Extrction of n "interfce network" from the network model 3. Genertion of the interfce grph corresponding to the interfce network 11

Phse 1: synchroniztion networks generl synchroniztion model Synchroniztion of processes P 1,..., P n described by set of synchroniztion vectors of the form where L i,1,..., L i,n L i ech L i,j is either lbel of P j or the specil symbol denoting inction of P j L i is the lbel used in the product grph s the result of the synchroniztion between the P j 's 12

Exmple 1 d b c d d ( c c c b ) {, b, d} {c, d} d P 1 P 2 P 3 cn be represented by the set of synchroniztion vectors,, b, b, b, c, c c d, d, d d 13

Exmple 2 b b b, b b {, b} ( {} ) d P 1 P 2 P 3 cn be represented by the set of synchroniztion vectors,, b, b, b b,, b b,, d d } nondeterministic synchroniztion on b for P 1 14

Phse 2: Interfce network extrction Extrction of network N' representing n bstrction of the environment of process to be constrined Inputs: The synchroniztion network N of system P 1,..., P n The index i of the process P i to be constrined The indices j 1,..., j m (user-given) of the constrining processes lgorithm: for ech vector v in N, crete in N' vector v[j 1 ],..., v[j m ] r where r = v[i] if v[i] (P i ctive in synchroniztion) r = τ otherwise 15

Exmple P1, P2, P3 synchronized by the vectors,, b, b, b b,, b b,, d d The interfce network of P2 induced by P1 is: b b b τ τ (This lst one cn be removed) 16

Phse 3: interfce grph genertion Generte the grph corresponding to N' (product of P j1,..., P jm ) Thnks to congruence, P j1,..., P jm cn be reduced modulo sfety equivlence beforehnd Prtil order reduction llows to void useless interlevings 17

Using the generted interfce The (possibly lrge) grph of P i cn be replced by (smller) grph of P i I where I is n interfce obtined by our lgorithm Forml proof provided in FORTE'2006 pper 18

Limittion 1 solved The lgorithm pplies on synchroniztion networks, generl model similr to ME nd F2 networks We implemented the trnsltion into networks for S, SP, LOTOS, mrl prllel composition E-LOTOS generlized prllel composition nd m mong n synchroniztion The trnsltion cn still be done for other opertors 19

Limittion 2 solved Interfce constrints induced by ny combintion of processes cn be computed Exmple: in b c d d ( c c c ) {, b, d} b {c, d} d d P 1 P 2 P 3 the interfce I of P 3 induced by P 1 nd P 2 is: c τ c d d c It yields reduction of P 3 s P 3 {, c, d} I = c 20

Limittion 3 solved Interfces re precise even in presence of nondeterministic synchroniztion, b b {, b} ( {} ) b b b d P 1 P 2 P 3 The interfce I of P 2 induced by P 1 is: b τ It yields reduction of P 2 s P 2 {, b} I = b 21

Implementtion in P lgorithm implemented in Exp.Open 2.0 (-interfce option) Exmple: odp.exp hide ll but WORK in pr EXPORT, IMPORT in pr WORK #2 in "object_1.bcg" "object_2.bcg" "object_3.bcg" "object_4.bcg" end pr "trder.bcg" end pr end hide 22

Implementtion in P exp.open -wektrce -interfce "5: 1 2 3" "odp.exp" genertor "trder_interfce.bcg" Genertes n interfce grph "trder_interfce.bcg" induced by the 1st ("object_1.bcg"), 2nd ("object_2.bcg"), nd 3rd ("object_3.bcg") grphs in "odp.exp" The interfce grph cn be used to constrin the 5th grph ("trder.bcg") Prtil order reduction (persistent set method) preserving observble trces is pplied 23

pplictions (1/3) Philips' HVi Home udio-video leder election Modeled in LOTOS by J. Romijn (Eindhoven) Lrgest process (404,477 sttes) ws: Reduced downto 365,923 sttes (182s, 46Mb) using interfce obtined by K&M lgorithm Reduced downto 645 sttes (11s, 8.5Mb) using refined interfce http://www.inrilpes.fr/vsy/cdp/demos/demo_27.html 24

pplictions (2/3) OP (Open istributed Processing) Trder Modeled in E-LOTOS by Grvel & Sighirenu (INRI) Uses m mong n synchroniztion to model the dynmicity of object exchnges Trder reduced from 1 M sttes without interfce downto 256 sttes using refined interfce http://www.inrilpes.fr/vsy/cdp/demos/demo_37.html 25

pplictions (3/3) che oherency Protocol Modeled in LOTOS by M. Zendri (ull) 5 gents ccessing remote directory concurrently No reduction using interfce obtined by K&M lgorithm Remote directory reduced from 1 M sttes downto 60 sttes using refined interfce irectory generted for configurtion with 7 gents (81 sttes) http://www.inrilpes.fr/vsy/cdp/demos/demo_28.html 26

Refined bstrction in SVL Refined interfce genertion nd projection cn be done esily within the SVL scripting lnguge New "refined bstrction" opertor clls EXP.OPEN nd PROJETOR utomticlly Exmple: "cche.bcg" = root lef strong reduction of ( (GENT_1 GENT_2 GENT_3) [GET_LINE_STTUS, PUT_LINE_STTUS] (refined bstrction GENT_1, GENT_2 using IR_STRT of IRETORY) ); 27

onclusions We provided new lgorithm to synthesize interfce constrints utomticlly The lgorithm solves the 3 limittions of K&M's lgorithm It does not depend on prticulr input lnguge It permits to tke into ccount constrints induced by combintion of distnt processes It permits finer nlysis of synchroniztion ptterns between processes, thus yielding better reductions The method is fully implemented in P It is esy to use thnks to the SVL scripting lnguge Experiments indicte possible reductions by severl orders of mgnitude 28

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback