Parameterized Models for Distributed Java Objects

Tomás Barros & Rabéa BoulifaOASIS Project

INRIA Sophia AntipolisApril 2004

Agenda

• Main Goal

• Parametrized Models

• Generation of Models

• Properties

• Study Case

• Conclusion

• Perspectives

Main Goal

Analysis and Verification of Behavioural Properties of Distributed (Java) Systems

– Naturally description of realistic distributed systems

– (Semi) Automatic model generation from source code

– Hierarchy & Compositionability

Rabea

Tomás

Aims SnapshotInformal

Requirements

Model Checker

Source

Code

(ProActive)

Architecture

(parameterized)

Properties

(parameterized)

Instantiations

Abstract

Source CodeAbstraction

Architecture

(parameterized)

Static Analysis

Parameterized Models

ProActive library• Active objects communicate by

Remote Method Invocation.

• Each active object:

• has a request queue (always accepting incoming requests)

• has a body specifying its behaviour (local state and computation, service of requests, submission of requests)

• manages the « wait by necessity » of responses (futures)

!Serv_m(args)• request served (executed and removed)

• response received

!Serv_m(args)

Method Calls : informal diagram

• method call

Current object i Remote object j

• request arriving in the queue

!Req_m(args)

?Req_m(args)

!Rep_m(val)

?Rep_m(val)

!Req_m(args)

?Req_m(args)

?Rep_m(val)

• response sent back !Rep_m(val)

Parameterized Networks

• O= {Oi} a set of active object classes.• Dom(Oi) a set of instantiations of each class (by abstraction

of creation parameters).

Req(args)

Rep(v)

Behaviour pLTS

Queue pLTSActive Object i

Active Object j

Ai Qi

serve

Pi

Requse

Aj Qj

serve

Pj

Requse

Parameterized Synchronisation Networks

Networks of synchronised pLTSs• Parametrized Labelled transition systems, pLTSs= LTSs with guarded parameterized transitions

• 1 pNet per activity=pLTS body + pLTS queue + pLTS proxy

• Labels= Requests/Responses (method name + finite abstraction of parameters)• Construction by rules, based on the eXtended Method

Call Graph.

eXtended Method Call Graph

MCG=<id, V, C, T >

method name nodes call edges transfer edges

pa

nodes { ent(m, args), pp(lab), ret(val), call(var, o.m, ags), use(val), serve(mset, pred) }

with o typed as remote or local

It encodes both the usual control flow usual in MCG (resolution of class analysisand of method calls), and the data low relative to interesting parameters.

Buffer XMCG

Procedure

• Global Network: analyse the source code of the application, parameterized by some finite abstraction of parameters.

• For each Active Object Class (with all required passive classes):

– build the eXtended Method Call Graph, XMCG– compute the sequential pLTS, using rules– for each use node construct the proxy "Future" pLTS– generate the request queue pLTS– Combine the pLTSs (the body, the queue and the

proxy).

• Property: For a finite data abstraction Termination guarantied

Algorithm… rules

Call rule

• If o is remote, we simply generate a send message !o.Q_m(this, f, args) encoding the method name, its status and its (abstracted) param. with future var.

• else the message !o.Call_m(args) is sent to the method proccess and according to the return value is void or no the response is awaited or no.

Consumer Network

Buffer Network

Buf.Body

put

Buf.Queue

get

Parameterized Property

True/False + diagnosticTrue/False + diagnostic

Electronic Invoices in Chile

Electronic Invoices in Chile

• 15 parameterized automata

• 4 level of hierarchy

• state explosion: grouping, hiding, reduction by bisimulation

• 7 properties successful verified (after fixing the model)

Conclusions

• Outlined a graphical language

• Developed instantiating tool

• Generation of model from ProActive source code

•Validated our approach into a realistic application

Perspectives

• Refine the language and formalise the abstractions

• Parameterized verification and pre-order relation

• Components and dynamic binding/creation

• On-the-fly model checking and graphical editor (currently started)

Thank you

Tomás Barros

Tomas.Barros@sophia.inria.fr

Rabea Boulifa

Rabea.Boulifa@sophia.inria.fr

Vercors: http://www-sop.inria.fr/oasis/Vercors

ProActive: http://www-sop.inria.fr/oasis/ProActive