1 / 85

Verifying parameterized Networks Clarke, Grumberg, Jha

Verifying parameterized Networks Clarke, Grumberg, Jha. Presented by Adi Sosnovich , April 2012. Outline. Introduction Verification of parameterized systems Definitions Labeled transition system Network grammars Specification language Abstract LTS Verification Method

avani
Download Presentation

Verifying parameterized Networks Clarke, Grumberg, Jha

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verifying parameterized Networks Clarke, Grumberg, Jha Presented by Adi Sosnovich , April 2012

  2. Outline • Introduction • Verification of parameterized systems • Definitions • Labeled transition system • Network grammars • Specification language • Abstract LTS • Verification Method • Synchronous model of computation • Conclusion

  3. Verification of parameterized systems • Given a temporal property and an infinite family of distributed systems composed of similar processes, check for all the finite models from . • In general the problem is undecidable. [Apt, Kozen 86] • For specific families, the problem may be solvable. • Various cases may depend on: • Communication topology of the family F • Parallelism: synchronous, asynchronous • Synchronization primitives • Temporal properties: local , global

  4. Verification of parameterized systems • Previous work: • Establishing a bisimulation relation between a 2-process token ring and an n-process token ring for any . • Drawback: constructing manually the bisimulation relation. • Finding network invariants: • Constructing an invariant s.t : for all . • Using traditional model-checking on the invariant process. • Drawbacks: • the invariant is explicitly provided by the user. • Can handle only networks with one repetitive component.

  5. Verification of parameterized systems • Current work: • Works on context-free network grammars • The network is an infinite family of distributed systems composed of similar processes. • Trying to generate the invariant automatically based on the -grammar’s structure • The invariant simulates all processes in the language of the grammar. (all the finite models from the family).

  6. Outline • Introduction • Verification of parameterized systems • Definitions • Labeled transition system • Network grammars • Specification language • Abstract LTS • Verification Method • Synchronous model of computation • Conclusion

  7. Labeled Transition System (LTS) • An LTS is a structure where: • - set of states • - set of initial states • – set of actions • – total transition relation

  8. Labeled Transition System (LTS) • Example : • We define the process P by the following LTS: get-token nc cs send-token

  9. Labeled Transition System (LTS) • Another example : • We define the process Q by the following LTS: get-token nc cs send-token

  10. Labeled Transition System (LTS) • Composition function: • Given 2 LTSs: • and • has the form: • R’ depends on the exact semantic of the composition function

  11. Network grammars • Network: • the set of all LTSs derived by a context-free network grammar • Network grammar: • Defined over S (set of states) and ACT (set of actions). • – set of terminals, each is an LTS, defined over S and ACT. Also referred as basic processes. • – set of nonterminals, each defines a network. • – set of production rules of the form: • – start symbol, represents the network generated by G.

  12. Network grammars - example • , • , where • The grammar produces rings with one process Q and at least 2 processes P. • The network consists of LTSs that perform a simple mutual exclusion using a token ring algorithm.

  13. Network grammars - example has the form: Reachable states in LTS cs,nc,nc nc,cs,nc nc,nc,cs

  14. Outline • Introduction • Verification of parameterized systems • Definitions • Labeled transition system • Network grammars • Specification language • Abstract LTS • Verification Method • Synchronous model of computation • Conclusion

  15. Specification Language • Goal: specify a network of LTSs composed of any number of components (basic processes). • How to specify property of a global state of a system consisting of many components? • Such a state is an n-tuple, for some n. • Typical properties: • Some component is in state • At least (at most) k components are in state • (Some component in state ) (some component in state ) • Such properties are conveniently expressed in terms of regular languages.

  16. Specification Language • Global state: • The word instead of n-tuple . • Property: • A regular language the property • Having the property: • The state has the property iff . • Example • Property: • Specifies states in which exactly one process is in its critical section.

  17. Specification Language • Defining atomic state properties: • The regular language is specified by a deterministic automaton over : • is the set of words accepted by . • A state of an LTS is a tuple from , for some . • Example: nc nc nc,cs q0 q1 q2 cs cs Automaton D with

  18. Specification Language • Assume we have a network defined by a grammar on the tuple . • The specification language is , with finite automata over as the atomic formula.

  19. Specification Language

  20. Specification Language • Example: cs,nc,nc nc,cs,nc nc,nc,cs get-token nc cs send-token

  21. Specification Language • Another Example: expresses non-starvation for process Q. • Non-starvation is guaranteed only if some kind of fairness is assumed. cs,nc,nc nc,cs,nc nc,nc,cs

  22. Outline • Introduction • Verification of parameterized systems • Definitions • Labeled transition system • Network grammars • Specification language • Abstract LTS • Verification Method • Synchronous model of computation • Conclusion

  23. Abstract LTS • Using abstraction in order to reduce the state space required for the verification of networks. • Requirements: • There must be a simulation preorder an LTS is smaller by than the abstract LTS. • Composing 2 abstract states will result in an abstraction of their composition.

  24. State Equivalence • Goal: • Given an , define equivalence relation over , s.t equivalence classes are the states of the abstract LTS . • Requirements: • equivalent states both satisfy/falsify atomic formula. • preserving equivalence under composition.

  25. State Equivalence • First try: • Satisfies 1st requirement • Doesn’t satisfy 2nd requirement • Example for a composition in which equivalence is not preserved: • The LTS:

  26. Explaining the example We need a refined equivalence relation that will be preserved under composition.

  27. State Equivalence • Refining the equivalence relation • Definition: • Given an automaton and a word , the function induced by on , is:

  28. Example • D= • To find , we need to find for each . nc nc nc,cs q0 q1 q2 cs cs

  29. Example • Finding : nc nc nc,cs q0 q1 q2 cs cs

  30. Example • Finding : nc nc nc,cs q0 q1 q2 cs cs

  31. Example • Finding : • = nc nc nc,cs q0 q1 q2 cs cs

  32. Example • Finding : nc nc nc,cs q0 q1 q2 cs cs

  33. Example • Finding : nc nc nc,cs q0 q1 q2 cs cs

  34. Example • Finding : • = nc nc nc,cs q0 q1 q2 cs cs

  35. Example • Finding : nc nc nc,cs q0 q1 q2 cs cs

  36. Example • Finding : nc nc nc,cs q0 q1 q2 cs cs

  37. Example • Finding : • = nc nc nc,cs q0 q1 q2 cs cs

  38. Example • D= • Conclusion: nc nc nc,cs q0 q1 q2 cs cs

  39. State Equivalence • Refining the equivalence relation • Defining equivalence • is the abstraction of s , and is denoted by .

  40. State Equivalence • The new equivalence relation satisfies both requirements. • Proof: • Comment: • We extend to abstract states s.t ,in order to interpret specifications on abstract LTSs.

  41. State Equivalence • Example: • Considering the automaton over , induces functions for every : There are only 3 different functions, each identifying an equivalence class over . nc nc nc,cs q0 q1 q2 cs cs

  42. Abstract States • - set of functions corresponding to the deterministic automaton . • – the set of states of . • In the worst case: • In practice, the size is much smaller. • In the previous example: • In practice:

  43. Extension to any set of atomic formulas • Where • The abstraction of : • iff for all : States that are mapped to the same abstract states agree on all atomic properties.

  44. Abstract LTS • Example: cs,nc,nc nc,cs,nc nc,nc,cs h

  45. Simulation • Definition: • iff there is a simulation preorder that satisfies: • there is s.t : . • Notation: • If , we say that .

  46. Abstract LTS • Lemma: • The simulation relation is: • Let be the simulation relation between .Define the relation as the following:

  47. Abstract LTS • Theorem: • And there are some more cases to prove…

  48. Abstract LTS • Conclusion: • Proof: • there is s.t : • : (theorem)

  49. Abstract LTS and Simulation • Example: h cs,nc,nc nc,cs,nc nc,nc,cs

  50. Abstract LTS and Simulation • Another Example: h get-token get-token nc cs send-token send-token

More Related