an abstraction technique for parameterized model checking
play

An Abstraction Technique for Parameterized Model Checking of Leader - PowerPoint PPT Presentation

Sep 12, 2023 •282 likes •534 views

An Abstraction Technique for Parameterized Model Checking of Leader Election Protocols: Application to FTSP Ocan Sankur , Jean-Pierre Talpin Irisa, CNRS, Rennes Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 1 / 7

  1. An Abstraction Technique for Parameterized Model Checking of Leader Election Protocols: Application to FTSP Ocan Sankur , Jean-Pierre Talpin Irisa, CNRS, Rennes Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 1 / 7

  2. Parameterized Abstraction for Leader Election Protocols Goal: Model check a leader election protocol on arbitrary network topologies Verify that for all network topologies and initial states, a unique leader is eventually elected (Actually, we will verify all network topologies with given diameter ) Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 2 / 7

  3. Content of this Work 1 An abstraction technique for parameterized model checking such protocols 2 Application to a specific protocol Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 3 / 7

  4. Content of this Work 1 An abstraction technique for parameterized model checking such protocols 2 Application to a specific protocol Case Study: Flooding-Time Synchronization Protocol (FTSP) Fault-tolerant distributed protocol for maintaining time in wireless sensor networks. Has two features: Maintains a unique leader, recovers in case of link/node failures Smoothly synchronizes the clocks over the network with the clock of the leader Today, we consider the leader election part of FTSP: Verify that a unique leader is eventually elected Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 3 / 7

  5. Flooding-Time Synchronization Protocol Flooding-Time Synchronization Protocol (FTSP) – Nodes have unique identifiers but execute the same program – The network eventually elects the node with the least ID as the leader – Fault tolerant: any node that hasn’t heard from the leader for a while timeouts and declares itself leader Initially Leader=? Leader=? 1 2 3 Leader=? Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 4 / 7

  6. Flooding-Time Synchronization Protocol Flooding-Time Synchronization Protocol (FTSP) – Nodes have unique identifiers but execute the same program – The network eventually elects the node with the least ID as the leader – Fault tolerant: any node that hasn’t heard from the leader for a while timeouts and declares itself leader Timeout Leader=1 Leader=2 1 2 3 Leader=3 Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 4 / 7

  7. Flooding-Time Synchronization Protocol Flooding-Time Synchronization Protocol (FTSP) – Nodes have unique identifiers but execute the same program – The network eventually elects the node with the least ID as the leader – Fault tolerant: any node that hasn’t heard from the leader for a while timeouts and declares itself leader 2 communicates with 3 Leader=1 Leader=2 1 2 3 Leader=2 Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 4 / 7

  8. Flooding-Time Synchronization Protocol Flooding-Time Synchronization Protocol (FTSP) – Nodes have unique identifiers but execute the same program – The network eventually elects the node with the least ID as the leader – Fault tolerant: any node that hasn’t heard from the leader for a while timeouts and declares itself leader 1 communicates with 3 Leader=1 Leader=2 1 2 3 Leader=1 Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 4 / 7

  9. Flooding-Time Synchronization Protocol Flooding-Time Synchronization Protocol (FTSP) – Nodes have unique identifiers but execute the same program – The network eventually elects the node with the least ID as the leader – Fault tolerant: any node that hasn’t heard from the leader for a while timeouts and declares itself leader 2 communicates with 3: Ignored! Leader=1 Leader=2 1 2 3 Leader=1 Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 4 / 7

  10. Flooding-Time Synchronization Protocol Flooding-Time Synchronization Protocol (FTSP) – Nodes have unique identifiers but execute the same program – The network eventually elects the node with the least ID as the leader – Fault tolerant: any node that hasn’t heard from the leader for a while timeouts and declares itself leader 3 communicates with 2: Convergence! Leader=1 Leader=1 1 2 3 Leader=1 Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 4 / 7

  11. Flooding-Time Synchronization Protocol Flooding-Time Synchronization Protocol (FTSP) – Nodes have unique identifiers but execute the same program – The network eventually elects the node with the least ID as the leader – Fault tolerant: any node that hasn’t heard from the leader for a while timeouts and declares itself leader Leader=1 Leader=1 1 2 3 Leader=1 + Several local variables, message numbers, etc. Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 4 / 7

  12. Previous Verification Results Previous work : Model checking that a unique leader is eventually elected: a few fixed topologies (max: 7 nodes in ∼ 1 hour) perfectly synchronized clocks synchronous message broadcast Kusy, Abdelwahed 2006, McInnes 2009, Tan, Zhao, Wang 2010 Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 5 / 7

  13. Previous Verification Results Previous work : Model checking that a unique leader is eventually elected: a few fixed topologies (max: 7 nodes in ∼ 1 hour) perfectly synchronized clocks synchronous message broadcast Kusy, Abdelwahed 2006, McInnes 2009, Tan, Zhao, Wang 2010 Parameterized verification is difficult: Arbitrary topology (not a complete graph), distinct node identifiers: no symmetry Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 5 / 7

  14. Previous Verification Results Previous work : Model checking that a unique leader is eventually elected: a few fixed topologies (max: 7 nodes in ∼ 1 hour) perfectly synchronized clocks synchronous message broadcast Kusy, Abdelwahed 2006, McInnes 2009, Tan, Zhao, Wang 2010 Parameterized verification is difficult: Arbitrary topology (not a complete graph), distinct node identifiers: no symmetry Present work Arbitrary network topology within given diameter K e.g. we can check a grid network with 169 nodes in 15 minutes Deviating clocks Synchronous or asynchronous broadcast Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 5 / 7

  15. Abstraction Idea for Parameterized Verification How the leader is propagated: Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 6 / 7

  16. Abstraction Idea for Parameterized Verification How the leader is propagated: Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 6 / 7

  17. Abstraction Idea for Parameterized Verification How the leader is propagated: Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 6 / 7

  18. Abstraction Idea for Parameterized Verification How the leader is propagated: Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 6 / 7

  19. Abstraction Idea for Parameterized Verification How the leader is propagated: Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 6 / 7

  20. Abstraction Idea for Parameterized Verification How the leader is propagated: Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 6 / 7

  21. Abstraction Idea for Parameterized Verification Abstracting the network: Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 6 / 7

  22. Abstraction Idea for Parameterized Verification Abstracting the network: Pick a shortest path from the future leader to some node Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 6 / 7

  23. Abstraction Idea for Parameterized Verification Abstracting the network: ⊑ Model the path concretely but all other nodes very abstractly Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 6 / 7

  24. Abstraction Idea for Parameterized Verification Abstracting the network: ⊑ Model the path concretely but all other nodes very abstractly + Apply data abstraction to local variables and node identifiers Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 6 / 7

  25. ⊑ Verification results: Topologies with “diameter” 1 up to 7 ( 13 minutes). With clock rates within 1 ± 10 − 2 . E.g. 2D grids with 169 nodes, or 3D grids in 2197 nodes. A custom algorithm implemented within NuSMV synchronous asynchronous K N time N time 1 8 0s 8 0s K: Diameter 2 14 1s 14 1s 3 23 1s 25 28s N: Number of steps to convergence 4 35 3s 39 130s 5 54 16s 63 65mins 6 67 76s TO TO 7 107 13mins TO TO Future work: Model checking time synchronization 1 Max distance from the future leader Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 7 / 7

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Parameterized Model Checking of Fault-tolerant Distributed Algorithms by Abstraction Annu John

Parameterized Model Checking of Fault-tolerant Distributed Algorithms by Abstraction Annu John

Parameterized Model Checking of Fault-tolerant Distributed Algorithms by Abstraction Annu John Igor Konnov Ulrich Schmid Helmut Veith Josef Widder FMCAD13 Portland, OR, USA, Oct 20-23, 2013 Igor Konnov (www.forsyte.at) Parameterized

939 views • 70 slides
SMT and POR beat Counter Abstraction Parameterized Model Checking of Threshold-Based Distributed

SMT and POR beat Counter Abstraction Parameterized Model Checking of Threshold-Based Distributed

SMT and POR beat Counter Abstraction Parameterized Model Checking of Threshold-Based Distributed Algorithms Igor Konnov Helmut Veith Josef Widder Alpine Verification Meeting May 4-6, 2015 Why fault-tolerant (FT) distributed algorithms

859 views • 64 slides
BMCMT Bounded Model Checking of TLA + Specifications with SMT Jure Kukovec Igor Konnov Thanh

BMCMT Bounded Model Checking of TLA + Specifications with SMT Jure Kukovec Igor Konnov Thanh

BMCMT Bounded Model Checking of TLA + Specifications with SMT Jure Kukovec Igor Konnov Thanh Hai Tran work in progress TLA + Community Event Oxford, UK, July 2018 APALACHE Abstraction-based Parameterized TLA + Checker A.1 TLA + patterns

864 views • 58 slides
From Model Checking to Proof Checking ... and Back Kedar Namjoshi Bell Labs April 29, 2005

From Model Checking to Proof Checking ... and Back Kedar Namjoshi Bell Labs April 29, 2005

From Model Checking to Proof Checking ... and Back Kedar Namjoshi Bell Labs April 29, 2005 Abstraction Model Checking = Deductive Proof MODEL CHECKING PROOF CHECKING M | = M Completeness Abstraction Proof Lifting M | = M

626 views • 36 slides
Model Checking of Parameterized Systems on Weak Memory David Declerck Laboratoire de Recherche

Model Checking of Parameterized Systems on Weak Memory David Declerck Laboratoire de Recherche

Model Checking of Parameterized Systems on Weak Memory David Declerck Laboratoire de Recherche en Informatique Universit e Paris-Sud October 3rd, 2017 Work supported by French ANR project PARDI (DS0703) David Declerck A Backward

327 views • 10 slides
Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is

Modeling and Analyzing Concurrent Systems using Model Checking Robert B. France 1 What is Model Checking? Model checking is an automated technique that, given a finite-state model of a system and a logical property , systematically

484 views • 36 slides
Statistical model checking for parameterized model t Delahaye 1 Paulin Fournier 1 Didier Lime 2

Statistical model checking for parameterized model t Delahaye 1 Paulin Fournier 1 Didier Lime 2

Statistical model checking for parameterized model t Delahaye 1 Paulin Fournier 1 Didier Lime 2 Beno Universit e de Nantes - LS2N, UMR 6004 - Nantes, France Ecole Centrale de Nantes - LS2N, UMR 6004 - Nantes, France SynCoP 2018

685 views • 42 slides
THETA: a Framework for Abstraction Refinement-Based Model Checking Tams Tth 1 , kos Hajdu

THETA: a Framework for Abstraction Refinement-Based Model Checking Tams Tth 1 , kos Hajdu

THETA: a Framework for Abstraction Refinement-Based Model Checking Tams Tth 1 , kos Hajdu 1,2 , Andrs Vrs 1,2 , Zoltn Micskei 1 , Istvn Majzik 1 1 Budapest University of Technology and Economics Department of Measurement and

786 views • 12 slides
Monotonic Abstraction Techniques: from Parametric to Software Model Checking . Alberti 1 , S.

Monotonic Abstraction Techniques: from Parametric to Software Model Checking . Alberti 1 , S.

Monotonic Abstraction Techniques: from Parametric to Software Model Checking . Alberti 1 , S. Ghilardi 2 , N. Sharygina 1 F 1 University of Lugano, Switzerland 2 University of Milan, Italy Milano, September 25, 2014 S. Ghilardi (UniMi)

1.2k views • 103 slides
Software Model Checking and Counter-example Guided Abstraction Refinement Claire Le Goues 1

Software Model Checking and Counter-example Guided Abstraction Refinement Claire Le Goues 1

Software Model Checking and Counter-example Guided Abstraction Refinement Claire Le Goues 1 Motivation: How should we analyze this? * means something we cant analyze (user input, random value) Line 5: the lock is held if and only

886 views • 63 slides
Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking

Statistical Statistical Statistical Model Statistical Model Model Checking Model Checking Checking Checking for Timed Automata Timed Automata Coll C l C ll b llabora orators: t ors: Peter Bulychev, Alexandre David Axel Legay, Marius

725 views • 59 slides
Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree

Hoare Logic and Model Checking Model Checking Lecture 11: Model checking for Computation Tree Logic Dominic Mulligan Based on previous slides by Alan Mycroft and Mike Gordon Programming, Logic, and Semantics Group University of Cambridge

402 views • 25 slides
Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Outline Introduction Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software Counterexample-Guided Abstraction Refinement Computing Existential Abstractions of Programs Version 1.0, 2010 Checking the

429 views • 12 slides
EJCP 2016 Model Checking Modulo Theories with Cubicle Sylvain Conchon LRI (UMR 8623),

EJCP 2016 Model Checking Modulo Theories with Cubicle Sylvain Conchon LRI (UMR 8623),

EJCP 2016 Model Checking Modulo Theories with Cubicle Sylvain Conchon LRI (UMR 8623), Universit e Paris-Sud Equipe Toccata, INRIA Saclay Ile-de-France 1 Cubicle An SMT based model checker for parameterized systems 2 Contents

1.74k views • 140 slides
Hoare logic and Model checking If we can express the artefact as a temporal model too, and if the

Hoare logic and Model checking If we can express the artefact as a temporal model too, and if the

Hoare logic and Model checking If we can express the artefact as a temporal model too, and if the crucial aspects of the artefact. ...still, another crucial aspect of modelling is to not discard the M Abstraction of traffjc lights by some

538 views • 4 slides
Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model

Bounded Model Checking bmc Revision: 1.11 1 [BiereCimattiClarkeZhu99] uses SAT for model checking historically not the first symbolic model checking approach scales better than original BDD based techniques mostly incomplete in

521 views • 28 slides
Learned Scheduling of LDPC Decoders Based on Multi-armed Bandits Salman Habib, Allison Beemer,

Learned Scheduling of LDPC Decoders Based on Multi-armed Bandits Salman Habib, Allison Beemer,

Learned Scheduling of LDPC Decoders Based on Multi-armed Bandits Salman Habib, Allison Beemer, and J org Kliewer The Center for Wireless Information Processing, New Jersey Institute of Technology June 2020 IEEE International Symposium on

606 views • 50 slides
Mixes Mixes - state of the art Enables the user to communicate with each other without

Mixes Mixes - state of the art Enables the user to communicate with each other without

Mixes Mixes - state of the art Enables the user to communicate with each other without identifying each other in general If a mix-mediated system is used to transmit messages, the communicating parties cannot be correlated by anybody

338 views • 33 slides
Evading Cellular Data Monitoring With Human Movement Networks Adam J. Aviv, Micah Sherr*, Matt

Evading Cellular Data Monitoring With Human Movement Networks Adam J. Aviv, Micah Sherr*, Matt

Evading Cellular Data Monitoring With Human Movement Networks Adam J. Aviv, Micah Sherr*, Matt Blaze, and Jonathan M. Smith University of Pennsylvania, *Georgetown University Adam J. Aviv University of Pennsylvania HotSec '10 1 Motivation

443 views • 33 slides
Project 5 Soumya Basu Department of Computer Science Cornell University September 18, 2015

Project 5 Soumya Basu Department of Computer Science Cornell University September 18, 2015

Project 5 Soumya Basu Department of Computer Science Cornell University September 18, 2015 Administrivia Project 5 is due on November 18 Will be implementing a Link State routing protocol The Five Parts Connecting two nodes

389 views • 24 slides
Self-Organization in Autonomous Sensor/Actuator Networks [SelfOrg] Dr.-Ing. Falko Dressler

Self-Organization in Autonomous Sensor/Actuator Networks [SelfOrg] Dr.-Ing. Falko Dressler

Self-Organization in Autonomous Sensor/Actuator Networks [SelfOrg] Dr.-Ing. Falko Dressler Computer Networks and Communication Systems Department of Computer Sciences University of Erlangen-Nrnberg

853 views • 24 slides
for Inter Mesh Networks Masaaki Ohnishi, Kazuyuki Shudo Tokyo Institute of Technology Tokyo Tech 1

for Inter Mesh Networks Masaaki Ohnishi, Kazuyuki Shudo Tokyo Institute of Technology Tokyo Tech 1

, ICOIN 2019 January 2019 Distributed ID/Locator Resolution System for Inter Mesh Networks Masaaki Ohnishi, Kazuyuki Shudo Tokyo Institute of Technology Tokyo Tech 1 / 10 InterMesh: Inter mesh networks

279 views • 11 slides
Tree Algorithms Stefan Schmid @ T-Labs, 2011 Broadcast Why trees? E.g., efficient broadcast,

Tree Algorithms Stefan Schmid @ T-Labs, 2011 Broadcast Why trees? E.g., efficient broadcast,

Foundations of Distributed Systems: Tree Algorithms Stefan Schmid @ T-Labs, 2011 Broadcast Why trees? E.g., efficient broadcast, aggregation, routing, ... Important trees? E.g., breadth-first trees, minimal spanning trees, ... Stefan

411 views • 37 slides
Session Initiation Protocol (SIP) Chapter 5 Introduction A powerful alternative to H.323

Session Initiation Protocol (SIP) Chapter 5 Introduction A powerful alternative to H.323

Session Initiation Protocol (SIP) Chapter 5 Introduction A powerful alternative to H.323 More flexible, simpler Easier to implement Advanced features Better suited to the support of intelligent user devices A part of IETF

654 views • 32 slides

More recommend