1 / 25

Symbolic Verification of Complex Synchronizations in Distributed Real-Time Systems

Symbolic Verification of Complex Synchronizations in Distributed Real-Time Systems. Farn Wang National Taiwan University ICFEM 2005. Complex Synchronizations in Distributed Real-Time Systems. explosion. explosion. hitting. explosion. Modeling granularity ?.

falgoutj
Download Presentation

Symbolic Verification of Complex Synchronizations in Distributed Real-Time Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Symbolic Verification of Complex Synchronizations in Distributed Real-Time Systems Farn Wang National Taiwan University ICFEM 2005 Farn Wang. ICFEM'2005-Manchester

  2. Complex Synchronizations in Distributed Real-Time Systems explosion explosion hitting explosion

  3. Modeling granularity ? Did the hit and explosion happen at the same time ? • No, at the fine level of quantum mechanics • Extremely fine models • Extreme confidence in the verification result • Yes, for the complexity of verification • Intuitive, natural, and acceptable • Usable analysis result Farn Wang. ICFEM'2005-Manchester

  4. Complex Synchronizations in the CSP style ?explosion ?explosion !explosion !explosion ?hitting !hitting !explosion ?explosion

  5. Complex Synchronizationsin the CSP style • Multiple-party synchronizations constructed through binary synchronizations • Global transitions constructed through process transitions • For each channel, # input event = # output event • For interleaving semantics Minimality of global transitions • Modular descriptions and specifications • Flexibility in the descriptions of process response variations Farn Wang. ICFEM'2005-Manchester

  6. Process Timed Automata (PTA) A= ∑, X, Q, I0, , E, , ,,  E={e1,e2} (e1) = (m,m) (e1) = (m,h) (e1)= z =50 (e2)= true (e1)= {z}  (e2)= {} (e1,sample)=-1 (e1,explode)=0 (e2,sample)=0 (e2,explode)=+1 Q={m, h} ∑={sample, explode} X={x,z} /* local clocks */ I=m (m)= x  500z  50 (h)= true m: monitor x  500ms z  50ms x:=0; z:=0 !explode ?sample z=50ms h: hit Farn Wang. ICFEM'2005-Manchester z:=0

  7. Communicating Timed Automata (CTA) Σ,A1,A2, . . .,Am • PTA Ap=  Σp, Xp, Qp, Ip, p, Ep, p, p,p, p • ΣpΣ • Xp  Xp’ = , 1p<p’m • Qp  Qp’ = , 1p<p’m • Ep  Ep’ = , 1p<p’m Farn Wang. ICFEM'2005-Manchester

  8. CTA {start,end,collision},Sender1,Sender2,Bus ?collision ?collision Idle 7 14 Idle Idle 15 6 13 18 2 9 1 8 17 ?collision !end x1<=5 ?collision !end x1<=5 !collision !collision !start x1=0; !start x1=0; ?start ?end ?collision ?collision 4 11 busy 16 collision retry ?collision send retry ?collision send 5 12 ?start !start x1=0; !start x1=0; 3 10 Bus Sender 2 Sender 1 Sender1,Sender2, and Bus are all PTAs. Farn Wang. ICFEM'2005-Manchester

  9. State of CTA Σ,A1,A2, . . .,Am • State ν: a valuation that • ν(modep) ∈ Qp • for each x ∈ ∪1≤p≤mXp, ν(x) ∈ R+ • ν╞ /\1≤p≤mμp(ν(modep)) • ν+δ: Time progression of ν by δ∈ R+ • x∈X, (ν+ δ ) (x) = ν(x) + δ Farn Wang. ICFEM'2005-Manchester

  10. CTA Σ, A1,..,AmGlobal transition T a mapping: •  1≤p≤m, T(p) ∈Ep∪{⊥} • ⊥ means no transition • νν’ iff  1≤p≤m s.t. T(p)≠⊥ • ν╞τp(T(p)) • (ν(modep), ν’(modep)) = (T(p)) • ν’(x)=0 if x∈πp(T(p)) T Farn Wang. ICFEM'2005-Manchester

  11. CTA Σ, A1,..,AmGlobal transition T Legitimacy of global transitions • synchronized TΣ (sum 1  pm; T(p)⊥p (e,)=0) • minimal • Cannot be broken down to more than one nontrivial global ones. Farn Wang. ICFEM'2005-Manchester

  12. System modelCommunicating timed automaton (CTA) Legitimate global transitions start: (1,15), (1,18), (2,15), (2,18), (8,15), (8,18), (9,15), (9,18) collision: (4,11,18) ?collision ?collision Idle 7 14 Idle Idle 15 6 13 18 3 10 1 8 17 ?collision !end x1<=5 ?collision !end x1<=5 !collision !collision !start x1=0; !start x1=0; ?start ?end ?collision ?collision 4 11 busy 16 collision retry ?collision send retry ?collision send 5 12 ?start !start x1=0; !start x1=0; 2 9 Bus Sender 1 Sender 2 Farn Wang. ICFEM'2005-Manchester

  13. Legitimate global transitionswith n senders When n = 3, collision: (4,11,19,25) (4,11,20,25) (4,11,21,25) (4,12,18,25) (4,13,18,25) (4,14,18,25) (5,11,18,25) (6,11,18,25) (7,11,18,25) ?collision 7i Idle Idle 7i-1 7i-4 7n+1 7n+4 7i-6 ?collision !end x1<=5 7n+3 !start x1=0; ?start ?end !collision …. !collision ?collision 7i-3 retry send busy collision ?collision 7n+2 7i-2 ?start !start x1=0; 7i-5 Bus Sender i Farn Wang. ICFEM'2005-Manchester

  14. Pre/post condition calculation in the traditional style := false; for each global transition T { for each 1pm with T(p) and (T(p))=(q,q’) { :=  (x  p(e) x=0) modep=q’;  := FM_elim( , p(e){ modep}) ; } Add in the triggering conditions of participating transitions in T to . :=  ; } Return ; An enumeration of global transitions Farn Wang. ICFEM'2005-Manchester

  15. 7i-2 7j-2 7k-2 ... ... ... ... ... ... 7i-1 7j-1 7k-1 7i 7j 7k Legitimate global transitionswith n senders in the traditional style 7a-3 7b-3 We cannot even enumerate the global transitions! n(n-1)3n-2/2 global transitions ?collision 7i Idle Idle 7i-1 7i-4 7n+1 7n+4 7i-6 ?collision !end x1<=5 7n+3 !start x1=0; ?start ?end !collision …. !collision ?collision 7i-3 retry send busy collision ?collision 7n+2 7i-2 ?start !start x1=0; 7i-5 Bus Farn Wang. ICFEM'2005-Manchester Sender i

  16. Efficient representation for global transitions {start,end,collision},Sender1,Sender2,Sender3,Bus T1 [5,7] [1,2] 4 3  T2 T2 T2 T2 T2 10 [8,9] 11    [12,14] 11 M T3 T3 T3 T3 T3 17 [15,16]   [19,21] 18 T4 T4 T4 24 25 True Farn Wang. ICFEM'2005-Manchester

  17. Symbolic procedure for M global-transitions (CTA M) {  := ;  := false; for each 1 p  m, e  Ep, { H := ; for each ∑ { H := [ p(e, )]; := Tp=e rec-global-transitions(H, p); } } return ; } Farn Wang. ICFEM'2005-Manchester

  18. Symbolic procedure for M rec-global-transitions(H,K) { if   (H,K, ) , return ; ……..…………………….(b) else if  ∑ (H()=0) { := {(H,K, pK(Tp=))}; return pK(Tp=); ….(c) } :=false; get one ∑ such that H() 0; for each 1 p  m such that pK { for each e Ep such that H() p(e, ) < 0 { H':=H; for ’∑, H’:= H [’ H(’)+p(e, ’)]; ….(d)  :=  Tp=erec-global-transitions(H', K{p}; } } := {(H,K, )}; return ; ………………………….(e) } Farn Wang. ICFEM'2005-Manchester

  19. Xplans_bck() Let  := M; for p:=1 to m { := Tp=; for each e Ep with (e)=(q,q’) { := Tp=e (x  p(e) x=0) modep=q’; :=  FM_elim( , p(e){ modep}) ; }  := ; } Add in all the triggering conditions of the participating process transitions to . return FM_elim(, {T1,…,Tm}); Farn Wang. ICFEM'2005-Manchester

  20. Implementation RED 5.5, model-checker/simulator for dense-time systems • BDD-like data-structures (CRD) for timed systems (VMCAI’2003 & STTT 4(1), July 2004) • Symbolic coverage estimation (FORTE’2003) • Speedup techniques (CIAA’2003, CAV’2004, ICFEM’2005) • BDD-like data-structures (HR) for linear hybrid systems (CAV 2004 & IEEE TSE, Jan. 2005) • Library for C/C++(announced in an ICFEM 2005 tutorial) • http://cc.ee.ntu.edu.tw/~val/ Farn Wang. ICFEM'2005-Manchester

  21. Fischer’s mutual exclusion Farn Wang. ICFEM'2005-Manchester

  22. CSMA/CD Farn Wang. ICFEM'2005-Manchester

  23. An observation in the experiments • Simple synchronizations • 2 or 3 processes involved • Perform well with the traditional style • Complex synchronizations • Perform well with the new style • Strategy,  : a parameter Synchronization • <   traditional style •   new style Farn Wang. ICFEM'2005-Manchester

  24. Performance Data Farn Wang. ICFEM'2005-Manchester

  25. Summary • Complex synchronization • constructed from binary CSP-style synchronization • modular descriptions • appropriate abstraction • Control verification complexity • Symbolic procedures • for symbolic representation of complex synchronizations • precondition/postcondition procedure taking advantage of the complex synchronizations Farn Wang. ICFEM'2005-Manchester

More Related