What is Parametric Trace Slicing Good For? Giles Reger School of - - PowerPoint PPT Presentation

What is Parametric Trace Slicing Good For?

Giles Reger

School of Computer Science, University of Manchester, UK

Giles Reger What is Parametric Trace Slicing Good For? 1 / 13

The Setting: Events and Traces

Parametric Trace Slicing (PTS): The Setting

Events have data parameters e.g.

• pen(readme.txt)

hasNext(iterator@ABC123) add(collection@XYZ, object@789) Traces are (finite) sequences of events Properties are sets of traces; we need to specify properties In the original work it was assumed that data values Are objects (the setting was Java) Have an inherent notion of equality

Giles Reger What is Parametric Trace Slicing Good For? 3 / 13

The Setting: Events and Traces

PTS: An Origin Story

Here’s a kind of property we care about: (open → ♦close) This should apply to all files: for every f we have (open(f ) → ♦close(f )) The behaviours of different files are independent. Slice the trace on file values and just check the property (open → ♦close) on these slices The trace

• pen(A) open(B) close(A) open(B) close(B) open(A)

is sliced into the two slices

• pen close open
• pen open close

Giles Reger What is Parametric Trace Slicing Good For? 4 / 13

The Setting: Events and Traces

PTS: Multiple Values

The tricky bit was making it work for multiple values The standard example is creating iterators from collections For every collection c and iterator i created from c, i should not be used after c is updated create(C, A) use(A) update(C) create(C, B) use(B) is sliced into create use update update create use Notice that update(C) is relevant to both slices The ‘tricky’ bit is building these slices incrementally as we don’t know the values to slice on upfront and, therefore, we need to track partial bindings and extend them properly

Giles Reger What is Parametric Trace Slicing Good For? 5 / 13

Quantified Event Automata

PTS: Extending with Local Variables

In my work I added a notion of local variables Imagine we wanted to capture that a counter is strictly increasing... The idea is to have variables we do not slice on update(A, 2) update(B, 3) update(A, 4) update(B, 3) slices into update(A, 2) update(A, 4) update(B, 3) update(B, 3) but now we need to keep the values, so that we can check they are increasing.... in general need to define which variables to slice on.

Giles Reger What is Parametric Trace Slicing Good For? 6 / 13

Quantified Event Automata

PTS: Making quantification explicit

I also made the quantification explicit So far I have been relaxed by how the result of slicing should be evaluated; in general it is for all slices i.e. universal quantification over slicing variables It is then natural to add existential quantification And this forces us to make the domain of quantification explicit This is taken as the set of values in the trace that match this variable when matching with the alphabet of the specification Perhaps some mistakes were made when defining this...

Giles Reger What is Parametric Trace Slicing Good For? 7 / 13

Quantified Event Automata

Quantified Event Automata

A QEA consists of A list of quantifications (e.g. ∀x∃y) A (non-deterministic) automaton with transitions labelled with parametric events, guards and assignments The semantics is given by PTS as follows: For each binding θ of quantified variables Instantiate automata with θ to give A Project/slice trace using θ to give τ Check τ ∈ L(A) Using quantifier list to combine results to give verdict

Giles Reger What is Parametric Trace Slicing Good For? 8 / 13

Quantified Event Automata

By Example, the Auction Site

Instrument an action site to observe some events list(t,user,item,min,period) bid(t,user,item,amount) sold(t,item,user) withdraw(t,item) Define some properties we want to hold

• P1. Items must be listed before being bid on and may only be listed once
• P2. Bids on an item must be strictly increasing
• P8. There are two users ‘u1‘ and ‘u2‘ such that ‘u1‘ bids on all items

listed by ‘u2‘

• P10. A user frequently (over 50% of the time) bids within 2 seconds of

another user

Giles Reger What is Parametric Trace Slicing Good For? 9 / 13

Quantified Event Automata

P1+2

qea(P1and2){ forall(item) accept next state(1){ list(_,_,item,_,_) do [current:=0] -> 2 } accept next state(2){ bid(_,_,item,amount) if [amount > current ] do [current:=amount]

• > 2

} }

• P1. Items must be listed before being bid on and may only be listed once
• P2. Bids on an item must be strictly increasing

Giles Reger What is Parametric Trace Slicing Good For? 10 / 13

Quantified Event Automata

P8

qea(P8){ exists(u1,u2) forall(item) accept skip state(1){ list(_,u2,item,_,_) -> 2 } skip state(2){ bid(_,u1,item,_) -> success } }

• P8. There are two users ‘u1‘ and ‘u2‘ such that ‘u1‘ bids on all items

listed by ‘u2‘

Giles Reger What is Parametric Trace Slicing Good For? 11 / 13

Pros and Cons

Pros and Cons

What is it Good for? When you have a few quantified variables where we care about the cross-product; there are very efficient indexing structures A setting where monitored objects are garbage collected What is it Bad For? Arguably, this is not intuitive; reasoning about specifications is typically non-local (you need the full picture) When you have lots of redundancy in the cross-product domain; in certain cases we can work this out and account for it, but this is dependent on the structure of the specification Specifications using PTS are not composable

Giles Reger What is Parametric Trace Slicing Good For? 12 / 13

Extras

Extras

Things I’m already looking at: Specification mining for QEA Extending quantification to counting quantifiers etc Combination with static analysis (Clara-like and detecting garbage) Relation of QEA to other languages (via translation) A general theory of redundancy What I haven’t begun to look at Pushing ideas from QEA back into the general JavaMOP plugin framework Composability Other theoretical properties of QEA

Giles Reger What is Parametric Trace Slicing Good For? 13 / 13