1 / 39

Detecting Temporal Logic Predicates on Distributed Computations

Detecting Temporal Logic Predicates on Distributed Computations. Vinit Ogale ( ogale@ece.utexas.edu ) and Vijay K. Garg ( garg@ece.utexas.edu ) Parallel and Distributed Systems Lab. Predicate Detection.

abel
Download Presentation

Detecting Temporal Logic Predicates on Distributed Computations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Detecting Temporal Logic Predicates onDistributed Computations Vinit Ogale (ogale@ece.utexas.edu) and Vijay K. Garg (garg@ece.utexas.edu) Parallel and Distributed Systems Lab

  2. Predicate Detection Predicate: A property expressed using variables on processes. e.g., more than one process is in critical section Predicate detection: Determining if an execution trace satisfies the predicate Program trace Yes Predicate detection predicate No

  3. Trace Model: Total Order • Total order: interleaving of events in a trace • Temporal Rover [Drusinsky 03], • Java-MaC [Kim, Kannan, Lee, Sokolsky, and Viswanathan 04], • JPaX [Havelund and Rosu 04] • PET [Gunter, Kurshan, Peled 00] • Low computational complexity

  4. Trace Model: Partial Order • Partial order: Lamport’s happened-before model [Lamport 78] • suitable for concurrent and distributed programs • encodes exponential number of total orders ) captures bugs that may not be found with a total order

  5. {e2,e1} {e1} {} Partial Order Traces • Predicate Detection • Exponential time algorithm for general predicate [Cooper and Marzullo 91] • NP-complete for simple boolean expressions (2-CNF) [Mittal and Garg 01] e1 e2 {e2, e1, f2, f1} P1 {e2, e1, f1} {e1, f2, f1} P2 {e1, f1} f1 f2 {f1} Computation Corresponding computation lattice

  6. Frontier notation for cuts {e2,f3} instead of {e1,e2,f1,f2,f3} Meet/join of two cuts is their intersection/union Join irreducible cut: cannot be expressed as the join of two other cuts Ideal is a set of cuts: with a unique maximum contains all cuts less than the maximum Structure of the Computation Lattice e3, f3 e3, f2 e2, f3 e1, f3 e2, f2 e3,f1 e1, f2 e2,f1 f3 e1,f1 f2 f1 {}

  7. Special Classes of Predicates • Stable predicate: • once it becomes true, it stays true, e.g., deadlock [Chandy and Lamport 85] • Meet/join closed: • global states are closed under meet/join (intersection/union) • Regular: • meet and join closed [Garg and Mittal 01] e3, f3 e3, f2 e2, f3 e1, f3 e2, f2 e3,f1 e1, f2 e2,f1 f3 e1,f1 f2 f1 {}

  8. Specification: Temporal Logic EG (p) AG (p) C C C EF (p) /  p subset of CTL [Clarke and Emerson 81] Examples: violation of mutual exclusion: EF(critical1Æcritical2) starvation freedom ::EF(request ÆEG(:granted)) resettability, AG(EF(restart)) p is true

  9. Previous Work: Temporal Predicates • POTA [A. Sen and V.K. Garg 03] • Efficient detection of RCTL predicates EF(), AG, EG, Æ • JMPax (exponential time) [K. Sen, G. Rosu, G. Agha 05] e3, f3 e3, f2 e2, f3 e1, f3 e2, f2 e3,f1 e1, f2 e2,f1 f3 e1,f1 f2 f1 {}

  10. BTL (Basis Temporal Logic) • A predicate lin BTL is defined recursively as follows: • l AP (AP is the set of atomic propositions, consists of local predicates) • If P and Q are BTL predicates then the following are BTL predicates • P  Q , P  Q , P • P (also called EF(P)) AG(P) can be represented in BTL as  (P)

  11. Basis of a Computation • Compact representation of the set of cuts which satisfy the given predicate • Efficient detection of membership Computation lattice Predicate Basis

  12. Simple Example of Basis • Predicate class : Any ideal in the computational lattice • The basis consists of the maximal element that satisfies the predicate e3, f3 e3, f2 e2, f3 e1, f3 e2, f2 e3,f1 e1, f2 e2,f1 f3 e1,f1 f2 f1 {}

  13. Regular Predicates • Slice: [Mittal, Garg 01] All join irreducible cuts of the smallest sublattice satisfying the predicate • For regular predicates the slice is a basis e3, f3 e3, f2 e2, f3 e1, f3 e2, f2 e3,f1 e1, f2 e2,f1 f3 e1,f1 f2 f1 {} A join irreducible element can not be expressed as the join of any other elements

  14. Representing Stable Predicates • P : set of ideals I´ {C1, C2} • Cut C ² P iff • 8 C’ 2I: : (C < C’) • Note: This representation is not necessarily a basis Stable Predicate P c1 c2 Ideal with max c1 Ideal with max c2

  15. Semiregular Predicates • Can be expressed as: regular predicateÆstable predicate • Generalizes regular and stable predicates • E.g. There is no token and all processes are red • Semiregular Structure • Tuple h slice,Ii e3, f3 e3, f2 e2, f3 e1, f3 e2, f2 e3,f1 e1, f2 e2,f1 f3 e1,f1 f2 f1 {} Regular Predicate Stable Predicate Predicate is true

  16. Main Idea of Algorithm • A BTL predicate can be represented as a disjunction of semiregular predicates • Basis for BTL predicates consists of a set of semiregular structures BTL predicate Semiregular predicates with efficient representation

  17. AlgorithmInputs: Predicate Pin, Computation C

  18. Predicate: paÇ pb e3, f3 S[pa] = { h slice1 , { [e3,f1], [f2]} i } e3, f2 e2, f3 S[pb] = { h slice2 , { [f3 ], [e1, f1]} i } e1, f3 e2, f2 e3,f1 e1, f2 e2,f1 f3 e1,f1 f2 pb pa f1 {} S[paÇ pb] = S[pa]  S[pb] = { h slice1 , { [e3,f1], [f2]} i , h slice2 , { [f3 ], [e1, f1]} i }

  19. Predicate: paÆ pb e3, f3 S[pa] = { h slice1 , { [e3,f1], [f2]} i } e3, f2 e2, f3 S[pb] = { h slice2 , { [f3 ], [e1, f1 ]} i } e1, f3 e2, f2 e3,f1 e1, f2 e2,f1 f3 pa pb e1,f1 f2 f1 {} S[paÆ pb] = { h slice1Å slice2 , { [e3, f1] ,[ f2 ], [f3], [ e1, f1 ] } i }

  20. Predicate: }(paÇ pb ) e3, f3 e3, f2 e2, f3 e1, f3 e2, f2 e3,f1 e1, f2 e2,f1 f3 pa pb e1,f1 f2 } pa f1 } pb {} S[}(paÆ pb)] = { h slice (}pa),{} i , h slice (}pb),{}i } Algorithm to compute slice[pa] by Sen and Garg 03

  21. Predicate: :(pcÇ pd) max(slice[pc]) max(slice[pd]) e3, f3 S[pc pd] ={ slice[pc], {} ,  slice[pd], {}  } e3, f2 e2, f3 e1, f3 e2, f2 e3,f1 e1, f2 e2,f1 f3 S[(pc pd )] ={ slice[original computation], { max(slice[pc], max(slice[pd] }  } e1,f1 f2 f1 slice[pc] {} slice[pd]

  22. Important Results • Theorem 1: The basis for a BTL predicate has at most 2k semiregular structures • Theorem 2: The total number of ideals in the basis is at most 2k • Time Space Complexity: O(2k |E|n) • |E| is the total number of events • n is the number of processes Where k is the size of the predicate

  23. Experimental ResultsBasis-based Trace Verifier (BTV) • Offline trace verifier implemented in Java POTA (with SPIN) BTV (Basis based trace verifier) Dining Philosophers Time (in seconds) Number of processes

  24. Conclusion • Polynomial time predicate detection on partially ordered traces • Properties composed of the following (nested) operators: Æ , Ç , : ,  . • Implemented and tested on Java programs and hardware system level designs (SystemC)

  25. Extra Slides

  26. Properties of Semiregular Predicates • All regular and stable predicates are semiregular • Join-closed • Closed under conjunction • Closed under } and 

  27. Basis of a Computation • Given a computational lattice C, corresponding to a computation E, and a predicate P, a subset S[P] of C is a basis of P is • (Compactness) The size of S[P] is polynomial in the size of the computation • (Efficient membership) Given any cut CC, there exists a polynomial time algorithm that takes S[P], E and C as inputs and determines if (C,E)²P

  28. Riv73 , Riv74 • Any co-regular predicate can be expressed as an union of intervals, each interval defined by a join-irreducible element and a meet-irreducible element

  29. e3, f3 e3, f2 e2, f3 e1, f3 e2, f2 e3,f1 e1, f2 e2,f1 f3 e1,f1 f2 f1 {} Predicate: pbÇ pc e1 e2 e3 pb pc Process 1 f1 f2 f3 Process 2 Original Computation Computation Lattice

  30. Predicate: pbÇ pc S[pb] ={ slice[pb], {} } e3, f3 e3, f2 e2, f3 S[pc] ={ slice[pc], {}  } e1, f3 e2, f2 e3,f1 e1, f2 e2,f1 f3 S[pb pc] ={ slice[pb], {} ,  slice[pc], {}  } e1,f1 f2 f1 slice[pb] {} slice[pc]

  31. AlgorithmInputs: Predicate Pin, Computation C

  32. Slicer Module : Big Picture state explosion trace keep all red consistent cuts slicing slice

  33. Slicer Slice: Definition slice: a sub-trace such that: • it contains all consistent cuts of the trace satisfying the given predicate • it contains the least number of consistent cuts [Garg and Mittal 01, Mittal and Garg 01] trace slice predicate

  34. C x=2 x=2 x=1 x=1 C x=0 x=0 > > y=0 y=0 y=3 y=3 y=4 y=4 C Slice: More Edges Less States Trace G x=1,y=4 x=1,y=3 x=2,y=4 ? x=1,y=0 x=2,y=3 x=2,y=0 x=0,y=3 x=0,y=0 slicing : ( (x = 1) Æ (y = 0) ) Trace H x=1,y=4 x=1,y=3 x=2,y=4 ? x=2,y=3 x=2,y=0 x=0,y=3 x=0,y=0 Observation: edges in G µ edges in H iff cuts in H µ cuts in G. Idea: To obtain the slice, add edges to the trace.

  35. x=2 x=2 x=1 x=1 x=0 x=0 > > y=0 y=0 y=3 y=3 y=4 y=4 Slice: Example D x=1,y=4 x=1,y=3 x=2,y=4 ? D x=1,y=0 x=2,y=3 x=2,y=0 x=0,y=3 x=0,y=0 no message in transit slicing D x=1,y=4 x=1,y=3 x=2,y=4 ? x=1,y=0 x=2,y=3 x=2,y=0 x=0,y=3 x=0,y=0

  36. : ordering, dependency Detect Bugs from Successful Traces Trace : CS1 : CS2 CS1 CS2 f1 f2 e2 e1 Partial Order Trace : CS1 CS1 Specification: CS1ÆCS2 Process 1 e1 e2 : CS2 CS2 Process 2 f1 f2 : CS1 CS2 CS1 : CS2 f1 e2 f2 e1

  37. 1 Partial Order Trace captures 5 Total Order Traces Total Order Trace ´ Path in the State Space e0, f1 e2, f2 e2, f0 e1, f2 e2, f1 e1, f1 e1, f0 e0, f0 State Space Trace Model: Partial Order CS1 Process 1 Initially e0, f0 e1 e2 Partial Order Trace CS2 Process 2 f1 f2 CS1ÆCS2

  38. Characterizing Predicates Predicates are generally characterized in terms of • The computation (e.g. local predicates) or • The computational lattice (e.g. semiregular predicates)

  39. Characterizing Predicates • We aim to relate these two characterizations • E.g. Our algorithm for predicate detection can support any atomic proposition that is regular as well as co-regular. This is a more general class than local predicates and precisely characterizing such a class will automatically make the algorithm more general. • Focus on locality, co-regularity, co-semiregularity and observer independence

More Related