Model Checking for Softwre Architectures position pper Rdu Mteescu INRIA Rhône-Alpes / VASY 655, venue de l Europe F-38330 Montbonnot Sint Mrtin http://www.inrilpes.fr/vsy 1
Outline Introduction Constructing stte spces Checking correctness requirements Hndling lrge systems Conclusion 2
Introduction Softwre Architectures (SA) [Shw-Grln-96] Gross orgniztion of system into elements Protocols for communiction nd dt ccess Functionlity of design elements Architecture Description Lnguges (ADLs) Specify SA formlly Anlyze its structure nd behviour Complex, industril-scle systems need computer-ssisted nlysis methodologies 3
Model checking methodology ADL description Correctness requirement Compiler (simultor) Model (stte spce) Model checker Verdict (Yes/No) + Dignostic 4
Model checking for ADLs (1/2) WRIGHT [Allen-97] CSP FDR (dedlock detection, refinement) Dynmic WRIGHT [Allen-Douence-Grln-98] Reconfigurtion + stedy-stte behviour Configuror process DARWIN [Mgee-Duly-Eisenbch-Krmer-95] π-clculus + FSP LTSA (LTL properties) 5
Model checking for ADLs (2/2) PADL [Abte-Bernrdo-02] Finite repliction + trnsprent routers TwoTowers (equivlence nd model checking) Publish-subscribe [Grln-Khersonsky-Kim-03] π-spce [Chudet-Oquendo-00] ArchWre ADL [Oquendo-Alloui- Cîmpn-Verjus-02] higher-order polydic π-clculus Dynmicity Mobility Evolution 6
Constructing stte spces Develop from scrtch n ADL simultor Accurte w.r.t. the opertionl semntics Complex to develop Trnslte the ADL into trget lnguge Esier to develop Reuse the existing tools Trget lnguges LOTOS [ISO-88] nd E-LOTOS [ISO-01] CADPtoolbox (http://www.inrilpes.fr/vsy/cdp) 7
Dynmic process cretion Finite-stte models bound the number of SA element replics!p P (1) P (2) P (10)... LOTOS: process Q := P Q endproc E-LOTOS: pr n:1..10 in P (n) endpr 8
Chnnel mobility (1/2) Dynmic topology (π-clculus) P Q R Q b b! P!c b R 9
Chnnel mobility (2/2) Sttic topology (LOTOS, E-LOTOS) P [G P,QR ] ( Q [G Q,R ] R ) Q b G Q,R!QtoR!b! G P,QR G Q,R P G P,QR b R G Q,R!RtoP!!c 10
Higher-order process hndling Evolvbility higher-order constructs P c!r Q Trnsltion from higher-order to first-order π-clculus [Sngiorgi-01] P c!refr Q R refr 11
Checking correctness requirements Temporl logics + mu-clculi Well-developed theory Robust model checkers Optimistion of model checking lgorithms Memory-efficient lgorithms (e.g., on trces) Improvement of user interfces Extension of TLs with higher-level constructs Identifiction of domin-specific properties Interprettion of dignostics w.r.t. ppliction 12
Hndling lrge systems Industril-scle systems Mny SA elements (prllel processes) Complex dt types Stte explosion problem Techniques to combt stte explosion On-the-fly verifiction Prtil order reduction Compositionl verifiction Sufficient loclity conditions 13
On-the-fly verifiction Incrementl construction of the stte spce initil stte dedlock stte unexplored stte spce OPEN/CAESAR environment [Grvel-98] Generic API for stte spce explortion Powerful librries for grph mnipultion 14
Prtil order reduction Independent (prllel) components redundnt interlevings of ctions unobservble ctions τ τ τ b τ b τ b τ reduction τ τ b Tu-confluence reduction [Groote-Pol-00] Preserves brnching equivlence 15
Compositionl verifiction Exploit the hierrchicl structure of the SA Construct the stte spces of SA elements Reduce them modulo suitble equivlence reltion Compose them to obtin the globl stte spce P Q SVL environment [Grvel-Lng-01] P Q R P Q R 16
Sufficient loclity conditions Prticulr requirements (e.g., no dedlock) Check requirements loclly on SA elements Ensure they hold on the whole SA P cyclic interconnection topology locl dedlock check Q S R Topology-relted sufficient conditions [Bernrdo-Cincrini-Dontiello-01] 17
Conclusion Importnt spects of model checking SA Constructing stte spces Checking requirements Hndling lrge systems combine different techniques Clim effective wy to proceed: reuse, enhnce, nd dpt the existing model checking technologies in the frmework of softwre rchitectures 18