1 / 13

Process Analysis Toolkit

Process Analysis Toolkit. PAT is A SPIN-like self-contained environment for system specification, visualized simulation and automated verification. PAT is designed for supporting multiple domain specific languages.

nowak
Download Presentation

Process Analysis Toolkit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Process Analysis Toolkit PAT is A SPIN-like self-contained environment for system specification, visualized simulation and automated verification. PAT is designed for supporting multiple domain specific languages. PAT embeds complementary model checking algorithms, e.g., reachability analysis by depth/breadth first search, SCC-based LTL verification, on-the-fly refinement checking, etc. PAT is available at http://pat.comp.nus.edu.sg

  2. CSP@PAT for Concurrent Systems The modeling language combines high-level compositional operators from process algebra with program-like codes. PAT supports a variety of fairness notions for distributed algorithms, process-level weak/strong fairness, event-level weak/local strong/global strong fairness, etc. PAT outperforms SPIN for verification with fairness. PAT has been applied to many recently develop distributed algorithms (bug found!) and others.

  3. WS@PAT for Web Services WS@PAT supports specialized intermediate languages for Web Service Choreography and Orchestration, which abstract WS-CDL and WSBPEL. WS@PAT checks conformance between Choreography and Orchestration using an on-the-fly refinement checking algorithm. WS@PAT verifies implementability of choreography by syntactic analysis and generates prototype orchestration.

  4. Fairness: Motivating Examples • Peterson’s algorithm • Bounded by-pass requires weak process-level weak fairness • Population Protocols • Leader election in complete network graph (requires weak fairness) • Leader election in network rings (requires strong global fairness) • Token circulation in rings (requires strong global fairness)

  5. Process-level Fairness • Process-level weak fairness (e.g., SPIN) • Each process must make infinite progress if always possible. • Process-level strong fairness (e.g., CHESS) • Each process must make infinite progress if repeated possible.

  6. Weak Action Fairness • <>[] a is enabled => []<> a is engaged • Weak action fairness vs. process-level weak fairness

  7. Strong Local Fairness • []<> a is enabled => []<> a is engaged • Strong local fairness vs weak action fairness

  8. Strong Global Fairness • If a step is infinitely often enabled, it must be taken infinitely. • Strong global fairness vs. strong local fairness

  9. Verification under Fairness • Setting 1: one notion of fairness is applied to the whole system. • Verification under fairness = Loop searching, i.e., given a (liveness) property, a counterexample is a fair loop which fails the property. • Fair loop searching = Fair SCC searching, i.e., an on-the-fly model checking algorithm based Tarjan’s algorithm

  10. Pros and Cons • Pro: no additional user inputs. • Con: • sometimes overwhelming, e.g., the eventual leader detector. • Partial order reduction is applicable to only verification under weak action fairness or weaker.

  11. Verification under Fairness • Setting 2: individual actions are annotated with fairness constraints. • The same SCC-based verification is used to identify fair SCCs. • Pros • Different parts of the system may have different fairness, • Partial order reduction is possible. • Con: need users to annotate fairness with the relevant actions.

  12. Verification under Fairness • Setting 3: design a fair scheduler to generate only fair executions • Pros • Smaller state graph, • Nested depth-first-search is possible, • Infinite state systems may become finite. • Con: the fair scheduler needs additional data structure to guarantee.

  13. Experiments

More Related