1 / 14

Analysis of Communication Mechanisms in WS C ompositions

Analysis of Communication Mechanisms in WS C ompositions. Verification Problem. Check correctness of the behavior of WS composition with respect to the set of different properties of interest: Deadlock freeness , LTL properties

hoai
Download Presentation

Analysis of Communication Mechanisms in WS C ompositions

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Analysis of Communication Mechanisms in WS Compositions

  2. Verification Problem • Check correctness of the behavior of WS composition with respect to the set of different properties of interest: • Deadlock freeness, LTL properties • Verification relies on the existence of the formal model for: • composition representation, interactions representation • Communication mechanisms are complex and implementation-dependent: • queues, diversity of protocols, message overpasses • No appropriate formal model for the analysis that allows to analyze arbitrary composition scenario: • Complexity and decidability problems for general models • Specific models are restricted w.r.t. the set of scenarios WS-FM'05

  3. Example 1 • Problems with synchronous communication model: • Each output happens synchronously with corresponding input • Concurrent emissions are possible, queues are needed !a a ?a ?b b !b !a !b !d d ?d ?c c !c WS-FM'05

  4. Example 2 • Problems with asynchronous communication model: • Output is non-blocking • Messages are stored in FIFO queues • Message overpasses are possible, non-FIFO queues might be needed !a ?a ?b !a !b ?a ?a ?b ?b !b ?a !b ?a ?b GOOD BAD BAD GOOD WS-FM'05

  5. Aim of the Approach • Adequateness Starting from the composition scenario, find an adequate communication model that completely describes the behavior of the composition • Composition boundedness Check that the system execution does lead to infinitely growing queues • Composition completeness Check that in any possible execution messages are not lost This kind of analysis allows for abstracting from the communication-level problems, thus enabling further analysis of business-level behavioral requirements WS-FM'05

  6. Solution • Previous work (WSFM’05) • Based on the Extended Composition Model • Complex implementation • Restricted w.r.t. set of analyzable properties • Potentially incomplete results for an arbitrary scenario • Current work • Based on the STS with channels model • Simple implementation • Efficient analysis • Wider set of properties • Complete theoretical results WS-FM'05

  7. Formalization • Assumptions: • Disjoint and perfect channels • Non-blocking operations • Arbitrary (up to non-FIFO) queue implementations • Arbitrary (but bounded) queue length • No internal loops in the service implementation • STS with Channels corresponding to composition of n STSs: • State is a pair <S,C> where S=<s1,…,sn> is global control state and C = <w1,…,wm> is a content of m FIFO queues • T = GS x (I υ O υ {τ}) x GS is a transition relation: • If action is input ?a, message is consumed: a.C’ = C • If action is output !a, message is added to a queue: C’ = C.a • If action is internal τ, queue content is not changed: C’ = C WS-FM'05

  8. Formalization (cont’d) • Behavior: • Reachability tree (possibly infinite): nodes labeled with global states of CSTS root is labeled with initial state of CSTS edges labeled with actions • Reachability graph obtained from reachability tree by merging nodes with identical labels • Finiteness of the model: • THEOREM: reachability graph is bounded iff all the queues are bounded [that is there is a constant K s.t. length of the queue < K in any global state] • The problem of unboundedness is undecidable in general WS-FM'05

  9. Adequateness Problem • Given a composition scenario (set of STSs), determine a minimal CSTS (channel configuration) such that the behavior is the maximal for the scenario • Minimal model: • The simplest interaction mechanisms, the most trivial implementation • The most efficient analysis techniques • Maximal behavior: • The behavior should be the same as in the worst case where everything is possible • Relies on the model simulation relation between models • Requires the definition of the worst case - most general model WS-FM'05

  10. Adequateness Problem (cont’d) • Model simulation relation • Model Δ1 simulates model Δ2, Δ2 ≤ Δ1, if for any composition scenario set of behaviors of the composition under model Δ2 is included in the set of behaviors of the composition under model Δ1 • THEOREM: Let Δ1 Δ2 be two communication models with queue structures <M11*,…, M1m*> and <M21*,…, M2n*>. If for any alphabet M2i there exists an alphabet M1j such that M2i ≤ M1j , then Δ1 ≤ Δ2 • Most general communication model • Δ is the communication model with the following queue structure: For any message type a there is a separate queue with alphabet M = {a} • THEOREM: for any communication model Δ, Δ ≤ Δ • The boundedness problem for the Δ model is decidable WS-FM'05

  11. Adequateness Analysis • Consider a sequence of communication models from the simplest to the most general: Δ1 ≤ Δ2 ≤ … ≤ Δ • Starting from the first model, compute the behavior of the composition under the current model and compare it with the behavior under the most general model • If different, take the next model and repeat the step • If the same, then Δi = Δand therefore the model is adequate • The implementing algorithm is based on the reachability graph construction • DFS algorithm • Boundedness is checked on the fly • Completeness is checked on the fly WS-FM'05

  12. Analysis issues • The outcome of the analysis is represented as global transition system • Some states may be marked to be unbounded • Some states may be marked to be incomplete • This model is used for further analysis of properties [with presence of variables] in NuSMV Overall analysis approach is a combination of explicit search techniques (graph construction) and symbolic techniques (further model checking) WS-FM'05

  13. Analysis issues (cont’d) • The explicit search algorithm allows for application of Partial Order Reduction and on-the-fly optimizations. • The experimental results demonstrate much higher performance w.r.t. previous NuSMV implementations • Future work: Knowledge-level verification • May be performed on-the-fly combined with the graph constructions algorithm WS-FM'05

  14. ? Anyquestion WS-FM'05

More Related