an abstraction technique for the verification of artifact
play

An Abstraction Technique for the Verification of Artifact-Centric - PowerPoint PPT Presentation

Mar 22, 2024 •372 likes •692 views

An Abstraction Technique for the Verification of Artifact-Centric Systems Francesco Belardinelli Laboratoire IBISC, Universit e dEvry Joint work with Alessio Lomuscio Imperial College London, UK and Fabio Patrizi Sapienza Universit` a

  1. An Abstraction Technique for the Verification of Artifact-Centric Systems Francesco Belardinelli Laboratoire IBISC, Universit´ e d’Evry Joint work with Alessio Lomuscio Imperial College London, UK and Fabio Patrizi Sapienza Universit` a di Roma, Italy within the EU funded project ACSI (Artifact-Centric Service Interoperation) JAIF – 13 June 2013 1

  2. Model Checking in one slide Model checking: technique(s) to automatically verify that a system design S satisfies a property P before deployment. More formally, given • a model M S of a system S • a formula φ P representing a property P we check that M S | = φ P 2

  3. Turing Award 2007 www.acm.org/press-room/news-releases-2008/turing-award-07 (a) E. Clarke (CMU, (b) A. Emerson (c) J. Sifakis USA) (U. Texas, USA) (IMAG, F) • Jury justification For their roles in developing model checking into a highly effective verification technology, widely adopted in the hardware and software industries. 3

  4. Overview Motivation: Artifact Systems are data-aware systems 1 Main task: formal verification of infinite-state AS 2 ◮ model checking is appropriate for control-intensive applications... ◮ ...but less suited for data-intensive applications (data typically ranges over infinite domains) [1]. Key contribution: verification of bounded and uniform AS is decidable 3 4

  5. Artifact Systems Outline • Recent paradigm for Service-Oriented Computing [2]. • Motto: let’s give data and processes the same relevance! • Artifact : data model + lifecycle ◮ (nested) records equipped with actions ◮ actions may affect several artifacts ◮ evolution stemming from the interaction with other artifacts/external actors • Artifact System : set of interacting artifacts, representing services, manipulated by agents. 5

  6. Artifact Systems Order-to-Cash Scenario 6

  7. Research questions Which syntax and semantics should we use to specify AS? 1 Is verification of AS decidable? 2 If not, can we identify relevant fragments that are reasonably well-behaved? 3 How can we implement this? 4 7

  8. Challenges Multi-agent systems, but . . . • . . . states have a relational structure, • data are potentially infinite, • state space is infinite in general. ⇒ The model checking problem cannot be tackled by standard techniques. 8

  9. Artifact Systems Results Artifact-centric multi-agent systems (AC-MAS): formal model for AS. 1 Intuition: databases that evolve in time and are manipulated by agents. FO-CTLK as a specification language: 2 AG ∀ id , pc ( ∃ � x MO ( id , pc ,� x ) → K M ∃ � y PO ( id , pc ,� y )) the manufacturer M knows that each MO has to match a corresponding PO . Abstraction techniques and finite interpretation to tackle model checking. 3 Main result: under specific conditions MC can be reduced to the finite case. 9

  10. Semantics: Databases The data model of Artifact Systems is given as a database. • a database schema is a finite set D = { P 1 / a 1 , . . . , P n / a n } of predicate symbols P i with arity a i ∈ N . • an instance on a domain U is a mapping D associating each predicate symbol P i with a finite a i -ary relation on U . • the active domain adom ( D ) is the set of all u ∈ U appearing in D • Composition : D ⊕ D ′ is the ( D ∪ D ′ )-interpretation s.t. (i) D ⊕ D ′ ( P i ) = D ( P i ), and (ii) D ⊕ D ′ ( P ′ i ) = D ′ ( P i ). 10

  11. Artifact-centric Multi-agent Systems Agents Agents have partial access (views) to the artifact system. • an agent is a tuple i = �D i , Act i , Pr i � where ◮ D i is the local database schema ◮ Act i is the set of local actions α ( � x ) with parameters � x ◮ Pr i : D i ( U ) �→ 2 Act i ( U ) is the local protocol function • the setting is reminiscent of the interpreted systems semantics for MAS [3],... • ...but here the local state of each agent is relational. Intuitively, agents manipulate artifacts and have (partial) access to the information contained in the global db schema D . 11

  12. Example 1: the Order-to-Cash Scenario • Agents: Customer, Manifacturer, Supplier. • Local db schema D C ◮ Products(prod code, budget) ◮ PO(id, prod code, offer, status) • Local db schema D M ◮ PO(id, prod code, offer, status) ◮ MO(id, prod code, price, status) • Local db schema D S ◮ Materials(mat code, cost) ◮ MO(id, prod code, price, status) • Then, D = { Materials , Products , PO , MO } . • Parametric actions can introduce values from an infinite domain U . ◮ createPO(prod code, offer) belongs to Act C . ◮ createMO(prod code, price) belongs to Act M . 12

  13. Artifact-centric Multi-agent Systems AC-MAS Agents are modules that can be composed together to obtain AC-MAS. • Global states are tuples s = � D 0 , . . . , D n � ∈ D ( U ). • An AC-MAS is a tuple P = � Ag , s 0 , τ � where: ◮ Ag = { 0 , . . . , n } is a finite set of agents ◮ s 0 ∈ D ( U ) is the initial global state ◮ τ : D ( U ) × Act ( U ) �→ 2 D ( U ) is the transition function • Temporal transition : s → s ′ iff there is α ( � u ) s.t. s ′ ∈ τ ( s , α ( � u )). • Epistemic relation : s ∼ i s ′ iff D i = D ′ i . • AC-MAS are infinite-state systems in general. AC-MAS are first-order temporal epistemic structures. Hence, FO-CTLK can be used as a specification language. 13

  14. Syntax: FO-CTLK • Data call for First-order Logic. • Evolution calls for Temporal Logic. • Agents (operating on artifacts) call for Epistemic Logic. The specification language FO-CTLK: t ) | t = t ′ | ¬ ϕ | ϕ → ϕ | ∀ x ϕ | AX ϕ | A ϕ U ϕ | E ϕ U ϕ | K i ϕ ϕ ::= P ( � Alternation of free variables and modal operators is enabled. 14

  15. Semantics of FO-CTLK Formal definition An AC-MAS P satisfies an FO-CTLK-formula ϕ in a state s for an assignment σ , iff = P i ( � ( P , s , σ ) | t ) iff � σ ( t 1 ) , . . . , σ ( t a i ) � ∈ D s ( P i ) = t = t ′ σ ( t ) = σ ( t ′ ) ( P , s , σ ) | iff ( P , s , σ ) | = ¬ ϕ iff ( P , s , σ ) �| = ϕ ( P , s , σ ) | = ϕ → ψ iff ( P , s , σ ) �| = ϕ or ( P , s , σ ) | = ψ for all u ∈ adom ( s ), ( P , s , σ x ( P , s , σ ) | = ∀ x ϕ iff u ) | = ϕ for all runs r , r 0 = s implies ( P , r 1 , σ ) | ( P , s , σ ) | = AX ϕ iff = ϕ for all runs r , r 0 = s implies ( P , r k , σ ) | = ϕ ′ for some k ≥ 0, = A ϕ U ϕ ′ ( P , s , σ ) | iff and ( P , r k ′ , σ ) | = ϕ for all 0 ≤ k ′ < k there exists r s.t. r 0 = s , ( P , r k , σ ) | = ϕ ′ for some k ≥ 0, = E ϕ U ϕ ′ ( P , s , σ ) | iff = ϕ for all 0 ≤ k ′ < k and ( P , r k ′ , σ ) | for all states s ′ , s ∼ i s ′ implies ( P , s ′ , σ ) | ( P , s , σ ) | = K i ϕ iff = ϕ • Active-domain semantics for quantifiers. 15

  16. Semantics of FO-CTLK Intuition (d) AX ϕ (e) A ϕ U ψ (f) E ϕ U ψ 16

  17. Verification of AC-MAS How do we verify FO-CTLK specifications on AC-MAS? • the manufacturer M knows that each MO has to match a corresponding PO : AG ∀ id , pc ( ∃ pr , s MO ( id , pc , pr , s ) → K M ∃ o , s ′ PO ( id , pc , o , s ′ )) • the client C knows that every PO will eventually be discharged (by M): AG ∀ id , pc ( ∃ pr , s MO ( id , pc , pr , s ) → EF K C ∃ o PO ( id , ps , o , shipped)) Problem: the infinite domain U may generate infinitely many states! Investigated solution: can we simulate the concrete values from U with a finite set of abstract symbols? 17

  18. Abstraction: Isomorphism and Bisimulation • Two states s , s ′ are isomorphic , or s ≃ s ′ , if there is a bijection ι : adom ( s ) ∪ C �→ adom ( s ′ ) ∪ C such that ◮ ι is the identity on C ◮ for every � u ∈ adom ( s ) a i , i ∈ Ag , � u ) ∈ D ′ u ∈ D i ( P j ) ⇔ ι ( � i ( P j ) D ′ D a b 1 2 ≃ b c 2 c d e 4 5 ◮ ι : a �→ 1 b �→ 2 c �→ c d �→ 4 e �→ 5 18

  19. Abstraction: Isomorphism and Bisimulation • Two states s , s ′ are bisimilar , or s ≈ s ′ , if ◮ s ≃ s ′ ◮ if s → t then there is t ′ s.t. s ′ → t ′ , s ⊕ t ≃ s ′ ⊕ t ′ , and t ≈ t ′ s t ≈ s ′

  20. Abstraction: Isomorphism and Bisimulation • Two states s , s ′ are bisimilar , or s ≈ s ′ , if ◮ s ≃ s ′ ◮ if s → t then there is t ′ s.t. s ′ → t ′ , s ⊕ t ≃ s ′ ⊕ t ′ , and t ≈ t ′ s t ≈ ≈ s ′ t ′ ◮ the other direction holds as well ◮ similarly for the epistemic relation ∼ i 19

  21. Abstraction: Isomorphism and Bisimulation However, bisimulation is not sufficient to preserve FO-CTLK formulas: P 1 2 3 4 5 6 P ′ a b φ = AG ∀ x ( P ( x ) → AX AG ¬ P ( x )) 20

  22. Uniformity • An AC-MAS P is uniform iff for s , t , s ′ ∈ S and t ′ ∈ D ( U ): ◮ s → t and s ⊕ t ≃ s ′ ⊕ t ′ imply s ′ → t ′ s t a b a f b c f c d e s ′ t ′ 1 2 1 6 2 c 6 c 4 5

  23. Uniformity • An AC-MAS P is uniform iff for s , t , s ′ ∈ S and t ′ ∈ D ( U ): ◮ s → t and s ⊕ t ≃ s ′ ⊕ t ′ imply s ′ → t ′ s t a b a f b c f c d e s ′ t ′ 1 2 1 6 2 c 6 c 4 5 • Intuitively, the behaviour of uniform AC-MAS is independent from data not explicitly named in the system description. • Uniform AC-MAS cover a vast number of interesting cases [2, 4]. 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Counter Abstraction Technique for the Verification of Probabilistic Swarm Systems Alessio

A Counter Abstraction Technique for the Verification of Probabilistic Swarm Systems Alessio

A Counter Abstraction Technique for the Verification of Probabilistic Swarm Systems Alessio Lomuscio and Edoardo Pirovano Imperial College London, UK 18 September 2019 Highlights 2019 Based on a paper at AAMAS19 Robot Swarms Introduction

1.1k views • 22 slides
technique for EEG to correct the Ocular Artifact Mahesh Khadtare, Pragati Dharmale Plan of

technique for EEG to correct the Ocular Artifact Mahesh Khadtare, Pragati Dharmale Plan of

Accelerated SWT based de-noising technique for EEG to correct the Ocular Artifact Mahesh Khadtare, Pragati Dharmale Plan of Session I. Introduction II. Overview III. Stationary Wavelet Transform (SWT) IV. Algorithmic &amp; implementation

707 views • 32 slides
Verification and Validation of a Verification and Validation of a Fault- -Tolerant Architectural

Verification and Validation of a Verification and Validation of a Fault- -Tolerant Architectural

Verification and Validation of a Verification and Validation of a Fault- -Tolerant Architectural Abstraction Tolerant Architectural Abstraction Fault Patrick H. S. Brito - Unicamp, Brazil Rogrio de Lemos - University of Kent, UK Eliane

381 views • 21 slides
Compositional Verification of PLC Software using Horn Clauses and Mode Abstraction Dimitri

Compositional Verification of PLC Software using Horn Clauses and Mode Abstraction Dimitri

Compositional Verification of PLC Software using Horn Clauses and Mode Abstraction Dimitri Bohlender | Stefan Kowalewski WODES 2018, June 1, 2018 Introduction CHC-based Verification Conclusion Outline Introduction CHC-based Verification

1.75k views • 118 slides
Using the SAL technique for ensemble forecast verification Sabine Radanovics Until March 2017:

Using the SAL technique for ensemble forecast verification Sabine Radanovics Until March 2017:

Why spatial verification? SAL Ensemble SAL MesoVICT data Results Conclusions Using the SAL technique for ensemble forecast verification Sabine Radanovics Until March 2017: LSCE/ESTIMR, now: CNRM/GMME/MICADO May 10, 2017 1 / 19 Why

440 views • 29 slides
Automatic Verification of RMA Programs via Abstraction Extrapolation Cedric Baumann 1 , Andrei

Automatic Verification of RMA Programs via Abstraction Extrapolation Cedric Baumann 1 , Andrei

Automatic Verification of RMA Programs via Abstraction Extrapolation Cedric Baumann 1 , Andrei Marian Dan 1 , Yuri Meshman 2 , Torsten Hoefler 1 , Martin Vechev 1 1 Department of Computer Science, ETH Zurich, Switzerland 2 IMDEA Software Institute,

761 views • 61 slides
Compiler Verification meets Cross-Language Linking via Data Abstraction Peng Wang,

Compiler Verification meets Cross-Language Linking via Data Abstraction Peng Wang,

Compiler Verification meets Cross-Language Linking via Data Abstraction Peng Wang, MIT CSAIL Santiago Cuellar, Princeton University Adam Chlipala, MIT CSAIL Verified Compiler Program Verification Techniques

706 views • 35 slides
JPF2: Predicate Abstraction CS 510 / 10 Predicate Abstraction Extract a finite state model from

JPF2: Predicate Abstraction CS 510 / 10 Predicate Abstraction Extract a finite state model from

JPF2: Predicate Abstraction CS 510 / 10 Predicate Abstraction Extract a finite state model from an infinite state system Used to prove assertions or safety properties Successfully applied for verification of C programs SLAM (used in windows

543 views • 42 slides
State Abstraction Techniques for the Verification of Reactive Circuits Designing Correct

State Abstraction Techniques for the Verification of Reactive Circuits Designing Correct

Title Page State Abstraction Techniques for the Verification of Reactive Circuits Designing Correct Circuits, European Joint Conference on Theory and Practice of Software, Grenoble, France april 6-7 2002 Yannis Bres, CMA-EMP / INRIA

422 views • 20 slides
Closed-loop Verification of Medical Devices with Model Abstraction and Refinement Zhihao

Closed-loop Verification of Medical Devices with Model Abstraction and Refinement Zhihao

Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) Closed-loop Verification of Medical Devices with Model Abstraction and Refinement Zhihao Jiang, Miroslav Pajic, Rajeev Alur and Rahul Mangharam University

759 views • 22 slides
System Design and Verification of the Precession Electron Diffraction Technique Christopher S.

System Design and Verification of the Precession Electron Diffraction Technique Christopher S.

System Design and Verification of the Precession Electron Diffraction Technique Christopher S. Own Thesis defense 2005.07.13 Acknowledgements People L.D. Marks Wharton Sinkler Marks Group Arun Subramanian, Jim Ciston, Bin

850 views • 56 slides
Point, Line, &amp; Plane 1 Abstraction Abstraction is the act of considering something as a

Point, Line, &amp; Plane 1 Abstraction Abstraction is the act of considering something as a

Point, Line, &amp; Plane 1 Abstraction Abstraction is the act of considering something as a general quality or characteristic, apart from concrete realities, specific objects, or actual instances. 2 Abstraction Abstraction is

478 views • 21 slides
CS137: Today Electronic Design Automation Specification/Implementation Abstraction

CS137: Today Electronic Design Automation Specification/Implementation Abstraction

CS137: Today Electronic Design Automation Specification/Implementation Abstraction Functions Correctness Condition Day 15: February 13, 2006 Verification Processor Verification Self-Consistency 1 2 CALTECH CS137

334 views • 7 slides
An Abstraction Technique for Parameterized Model Checking of Leader Election Protocols:

An Abstraction Technique for Parameterized Model Checking of Leader Election Protocols:

An Abstraction Technique for Parameterized Model Checking of Leader Election Protocols: Application to FTSP Ocan Sankur , Jean-Pierre Talpin Irisa, CNRS, Rennes Ocan Sankur Abstractions For Parameterized Model Checking of FTSP 1 / 7

534 views • 25 slides
CSCE 488: Performance Evaluation Proper experimental technique is essential to system

CSCE 488: Performance Evaluation Proper experimental technique is essential to system

Why are We Here? CSCE 488: Performance Evaluation Proper experimental technique is essential to system verification Without it, were just hoping that everything works OK Stephen D. Scott Here Ill focus on timing verification,

438 views • 4 slides
Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software

Outline Introduction Predicate Abstraction with SATABS Existential Abstraction Predicate Abstraction for Software Counterexample-Guided Abstraction Refinement Computing Existential Abstractions of Programs Version 1.0, 2010 Checking the

429 views • 12 slides
Tips n Tricks with ColumnStore Jim Tommaney Alibaba Cloud 2006-2014 - InfiniDB Chief

Tips n Tricks with ColumnStore Jim Tommaney Alibaba Cloud 2006-2014 - InfiniDB Chief

Tips n Tricks with ColumnStore Jim Tommaney Alibaba Cloud 2006-2014 - InfiniDB Chief Architect/CTO Tips n Tricks with ColumnStore about Jim Tommaney 25+ years data architecture, modeling, tuning 2006-2014 Chief Architect/CTO for

872 views • 47 slides
Linear Classifier Linear classifiers are single layer neural networks. x 2 4 x 2 = 2 x 1 Observe,

Linear Classifier Linear classifiers are single layer neural networks. x 2 4 x 2 = 2 x 1 Observe,

b b b Linear Classifier Linear classifiers are single layer neural networks. x 2 4 x 2 = 2 x 1 Observe, that x 2 = 2 x 1 can also be 3 expressed as 2 1 w 1 x 1 + w 2 x 2 = 0 x 2 = w 1 x 1 , 0 w 2 x 1 -1 where for instance -2 -3

768 views • 29 slides
How to Start a User Group Who am I? Elizabeth Tucker Long (Beth - @e3betht)

How to Start a User Group Who am I? Elizabeth Tucker Long (Beth - @e3betht)

How to Start a User Group Who am I? Elizabeth Tucker Long (Beth - @e3betht) Editor-in-Chief of php|architect magazine Want to write? See me after. PHP Essentials Instructor Freelance consultant Audience Participation?

468 views • 14 slides
Simulations for FCC-ee beam self-polarization E. Gianfelice (Fermilab) Contents: -

Simulations for FCC-ee beam self-polarization E. Gianfelice (Fermilab) Contents: -

Simulations for FCC-ee beam self-polarization E. Gianfelice (Fermilab) Contents: - Sokolov-Ternov polarization in a 100 km ring - Polarization in presence of wigglers; parametric studies - Simulations at 45 and 80 GeV in presence of

587 views • 44 slides
Learning to learn by gradient descent by gradient descent Liyan Jiang July 18, 2019 1

Learning to learn by gradient descent by gradient descent Liyan Jiang July 18, 2019 1

Learning to learn by gradient descent by gradient descent Liyan Jiang July 18, 2019 1 Introduction The general aim of machine learning is always learning the data by itself, with as less human efforts as possible. Then it comes to the focus

396 views • 10 slides
Mobility Coalition Oct Octobe ober r 202 2020 Welcome! Review Agenda Welcome &amp;

Mobility Coalition Oct Octobe ober r 202 2020 Welcome! Review Agenda Welcome &amp;

North King County Mobility Coalition Oct Octobe ober r 202 2020 Welcome! Review Agenda Welcome &amp; Introductions Ice Breaker: What was your favorite Halloween costume? Announcements Announcements The Gaps Analysis

760 views • 42 slides
Gemplus electronic purse JavaCard applet that runs on JavaCard smart cards. Specifying and

Gemplus electronic purse JavaCard applet that runs on JavaCard smart cards. Specifying and

Gemplus electronic purse JavaCard applet that runs on JavaCard smart cards. Specifying and Verifying an Debit and credit operations on a global example: balance. Secured communication and a decimal representation in Java

339 views • 5 slides
Mondex , an Electronic Purse : Specification &amp; Refinement Checks with the Alloy Model-Finding

Mondex , an Electronic Purse : Specification &amp; Refinement Checks with the Alloy Model-Finding

MPRI M1 Internship March 6 th August 26 th , 2006 Mondex , an Electronic Purse : Specification &amp; Refinement Checks with the Alloy Model-Finding method Tahina Ramananandro cole Normale Suprieure Paris, France Daniel Jackson

838 views • 40 slides

More recommend