IWAISE November 12, 2012

Similar documents
CSC2108: Automated Verification Assignment 1 - Solutions

Structure of Abstract Syntax trees for Colored Nets in PNML

Verification of Bakery algorithm variants for two processes

NuSMV Hands-on introduction

PNML Framework: an extendable reference implementation of the Petri Net Markup Language

Overview. Discrete Event Systems - Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

Model checking and timed CTL

An Introduction to UPPAAL. Purandar Bhaduri Dept. of CSE IIT Guwahati

A New Model Checking Tool

Propositional Logic Formal Syntax and Semantics. Computability and Logic

Design/CPN ASK-CTL Manual

Compositional Analysis of Discrete Time Petri nets

Lecture1: Symbolic Model Checking with BDDs. Edmund M. Clarke, Jr. Computer Science Department Carnegie Mellon University Pittsburgh, PA 15213

System Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements

Finite State Verification. CSCE Lecture 14-02/25/2016

Extending PNML Scope: the Prioritised Petri Nets Experience

Building Petri nets tools around Neco compiler

A Simple Tutorial on NuSMV

Formal Verification: Practical Exercise Model Checking with NuSMV

A Case Study for CTL Model Update

Formal specification of semantics of UML 2.0 activity diagrams by using Graph Transformation Systems

Evinrude. How to build a Petri Net-Based IDS from Program Sources. MeFoSyLoMa Meeting

Finite State Verification. CSCE Lecture 21-03/28/2017

Propositional Logic:

Formal modelling and verification in UPPAAL

COTRE as an AADL profile

ATL: Atlas Transformation Language. ATL User Manual

Model Checking Revision: Model Checking for Infinite Systems Revision: Traffic Light Controller (TLC) Revision: 1.12

Formal Verification. Lecture 7: Introduction to Binary Decision Diagrams (BDDs)

InterprocStack analyzer for recursive programs with finite-type and numerical variables

The Model-Checking Kit

Formal Support for QVT-Relations with Coloured Petri Nets

7 Control Structures, Logical Statements

International Training Workshop on FPGA Design for Scientific Instrumentation and Computing November 2013

Report on the Model Checking Contest at Petri Nets 2011

CS 267: Automated Verification. Lecture 13: Bounded Model Checking. Instructor: Tevfik Bultan

MODELING INTERACTIVE SYSTEMS WITH HIERARCHICAL COLORED PETRI NETS

Instructions to use PIPE+

DCLI User's Guide. Data Center Command-Line Interface 2.7.0

Chapter 3. Describing Syntax and Semantics

Knowledge Representation

Semantics of ARIS Model

Modeling and Verification of Deadlock Potentials of a Concurrency Control Mechanism in Distributed Databases Using Hierarchical Colored Petri Net

Generating Petri Nets from AADL descriptions. Thomas Vergnaud

Verifying Safety Property of Lustre Programs: Temporal Induction

4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271

COMP 763. Eugene Syriani. Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science. McGill University

Algorithmic Verification. Algorithmic Verification. Model checking. Algorithmic verification. The software crisis (and hardware as well)

Model-checking with the TimeLine formalism

Using Java Pathfinder to Reason about Agent Systems

Temporal Logic and Timed Automata

(Not Quite) Minijava

The UPPAAL Model Checker. Julián Proenza Systems, Robotics and Vision Group. UIB. SPAIN

DCLI User's Guide. Data Center Command-Line Interface

Fiona A Tool to Analyze Interacting Open Nets

A computational model for MapReduce job flow

Recent Advances in Multi-paradigm Modeling (MPM 2011)

Building and verifying a Logging entity over. Distributed Hash Tables

To be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 COPYRIGHT 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Runtime assertion checking of multithreaded Java programs

Overview of Timed Automata and UPPAAL

A Modular Model Checking Algorithm for Cyclic Feature Compositions

Chapter 2 & 3: Representations & Reasoning Systems (2.2)

Cyber Physical System Verification with SAL

Model Checking of Location and Mobility Related Security Policy Specifications in Ambient Calculus

FrameKit and the prototyping of CASE environments

Introduction to SMV. Arie Gurfinkel (SEI/CMU) based on material by Prof. Clarke and others Carnegie Mellon University

Propositional Calculus. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Propositional Calculus: Boolean Functions and Expressions. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

DCLI User's Guide. Data Center Command-Line Interface 2.9.1

A MODELING TOOL FOR A NEW DEFINITION OF STOCHASTIC ACTIVITY NETWORKS *

Software Engineering Lecture Notes

SysadminSG RHCSA Study Guide

Formal Methods in Software Engineering 1

CSSE 490 Model-Based Software Engineering: Transformational Programming

French & American Educational System. Collaboration between Rutgers & Paris 6. M.S. : Distributed Systems & Applications

Logic: TD as search, Datalog (variables)

Decision Procedures in the Theory of Bit-Vectors

Homework & Announcements

Checks and Balances - Constraint Solving without Surprises in Object-Constraint Programming Languages: Full Formal Development

Data types for mcrl2

Chapter 10 Part 1: Reduction

Introduction to NuSMV

Formal Analysis and Verification of a Communication Protocol

Model Checking of the Fairisle ATM Switch Fabric using FormalCheck

Behavioural Equivalences and Abstraction Techniques. Natalia Sidorova

Model-Driven Engineering Approach for Simulating Virtual Devices in the OSATE 2 Environment

Building Petri nets tools around Neco compiler

Petri Nets ~------~ R-ES-O---N-A-N-C-E-I--se-p-te-m--be-r Applications.

DCLI User's Guide. Modified on 20 SEP 2018 Data Center Command-Line Interface

Mixed Integer Linear Programming

By: Chaitanya Settaluri Devendra Kalia

THUR 3:30 PM BUILDING AN AUTOMATED PROCESS THAT INTERACTS WITH DIFFERENT SYSTEMS

Verification Options. To Store Or Not To Store? Inside the UPPAAL tool. Inactive (passive) Clock Reduction. Global Reduction

PCP-based Solution for Resource Sharing in Reconfigurable Timed Net Condition/Event Systems

Multi-step transactions specification and verification in a mobile database community

Formal Verification. Lecture 10

1 Lexical Considerations

An Evolution of Mathematical Tools

UMC 3.3 User Guide. Franco Mazzanti. ISTI Technical Report 2006-TR-33, September 2006

Transcription:

IWAISE 2012 Modeling and Verifying Distributed Systems with Petri Nets Tutorial - Practical work Souheib Baarir Fabrice Kordon LIP6 LIP6 Université Paris Ouest Nanterre Université P. & M. Curie 200 avenue de la République 4 Place Jussieu 92000 Nanterre 75005 Paris France France Souheib.Barrir@lip6.fr Fabrice.Kordon@lip6.fr

Contents 1 Introduction 1 2 Installing the environment 1 3 First Practice Simple swimming pool 3 4 Second Practice a protocol for the swimming pool 4 5 Third Practice couples of clients/servers 5 A Syntax for CTL fomulæ in PNXDD 6

1 Introduction This document provide all the required informatioon to perform the practical work planned for the Modeling and Verifying Distributed Systems with Petri Nets tutorial. We firt present the CosyVerif 1 environment, jointly developed by LIP6, LIPN and LSV, three laboratories in le de France where an strong verification activity in formal methods take place. Then, the two parts of the pratical work are presented. 2 Installing the environment CosyVerif is a generic verification environment based on a client/serveur approach (see figure 1). It is composed of a graphical user interface, Coloane, and an integration platform that allows one to plyg his own tools, Alligator. Both communicate via web-services. Coloane can be replaced by any client supporting the web services required to operate the tools integrated in the tool server. WS-based client Client machine Web services handling connection, menus, etc. Tool server Server machine Figure 1: Architecture of teh CosyVerif Environment. So, you must operate both parts of the environment to use CosyVerif. The server and the clients may run on the same machine, this is the case for this practical work that you will perform on your own machine. There is a public environment reachable from the user interface but it requires a good internet connection. As in the web site (download section), we provide a distribution for the graphical user interface and tool server. You must get these two files prior to any installation. The tool server. The tool server is distributed as an image disk running on a virtual machine (in the Alligator.zip archive). VirtualBox should be previously istalled in the tool server machine (here, your computer). When unpacking the archive, you get a directory with to files: Alligator.vbox: this is the virtual box configuration file. Typically, double clicking on this file should launch VirtualBox with the appropriate disk image, Alligator.vdi: this is the disk image containing the tool server. When VirtualBox has launched your tool server, the following sentences should be displayed: Starting CosyVerif server (Alligator) on http://10.0.2.15:9000/ Startig Alligator server The tool server is now ready to be contacter by the User Interface. Page 1 out of 7

Figure 2: The Coloane User Interface (here under MacOS). Coloane, the Graphical User Interface 2. You must select your distribution (among Linux, MacOS, Windows, both 32 and 64 bits). It is built on top of Eclipse but distributed as a standalone executable file. Once the file uncompressed, you get a directory containing an executable file. Run it to access a working window similar to the one presented in figure 2) that is typical of an Eclipse working environment. On the left, you find navigators for files and in the model. Then, in the center, you have th working zone, above the property window (left) and the console (right). The ColoaneServices menu allows you to access to the services provided by the tool server. But you need firt to get into the Settings menu to set-up preferences. You need to go in the Coloane section, then select the Aliogator Preference subsection. If you use the public envirnoment, nothing has to be changed. Otherwise, you must specify the URL of your environment: http://your server/servicemanager In the configuration of this tutorial, your server is localhost:9000. Click on Apply to have your preferences updated. Figure 3: creating a modeling project 1 See http://cosyverif.org for more information (documentation, download the environment, etc.). 2 The tool server is reachable by means of web services. Thus, any program able to invoke Alligator with its WS protocol can be substituted to Coloane. Page 2 out of 7

Figure 4: selecting a formalism You must create a modeling project in your Coloane repository. To do so, control-click on the file navigator and select New/Modeling Project... as shown in figure 3 and provide a name to your project as for any Eclipse project. To create a model, you repeat this operation but you need to select New/Model.... You then have to select the formalism to be used for modeling among the choice provided by Coloane (see figure 4). For this practical work, only two formalisms are used: Place/Transition nets and Colored Petri net. Select your formalism, enter a model name (a default one is proposed) and a palette to create Petri net objects appears in the modeling zone. You are now ready to go on the practical work for this tutorial. You may desin a Petri net model, affect name to places and transitions, marking to places and values to arcs (using the property window). Once your model is debugged, you may launch a service from the tool server via the Coloane Services menu. 3 First Practice Simple swimming pool This first practical sections aims to let you specify a simple system with P/T nets. Question 1: swimming pool, first approach. One wants to model the behavior of a swimming pool. In this system, users behave using the following protocol: 1. enter in the swimming pool building, 2. get the key of a cabin they keep until they leave the swimming pool, 3. enter the cabin and change their clothes against a swimming suit, 4. get into the swimming pool, have fun and swim, 5. get back to the cabin, dry and get dressed, 6. return the cabin key, Page 3 out of 7

7. exit the building. You must model this system using a P/T net. For initial values of the system, you may consider 10 users and 4 cabins. Question 2: a little bit of reachability analysis. Use reachability formulæ to logically identify the states where a maximul of user can stay in the swimming pool. Once you have determined the maximum number of people in the swimming pool for this initial marking, please extrapolate this value for anu configuration with u users and c cabins. 4 Second Practice a protocol for the swimming pool Question 1: a Swimming Pool Protocol. a new director is hired and suggest a new protocol to avoid the limitation previously observed (first practise). Now, a user must behave as following: 1. enter in the swimming pool building, 2. get a cabin key, 3. get a bag for his clothes, it will keep this bag until he gets out. 4. enter the cabin, change clothes for his swimming suit, 5. return the vcabin key to the office, 6. drop the bag with his clothes in the office too, 7. get into the swimming pool, have fun and swim, 8. request for a cabin key, then request for the bag containing his clothes, 9. get back to the cabin, dry and get dressed, 10. give back the key at the office, 11. give back the bag at the office, 12. exit the building. You must now model this new protocol. For the initial value, we suggest 4 cabins, 12 users and 8 bags for clothes. Question 2: analysis of the new swimming pool capacity. evaluate the capacity of the swimming pool for the suggested initial marking. Please extrapolate to compute this capacity based on the following parameters: c (the number of cabions), b (the number of bags) and u (the number of people in the system). Question 3: deadlock-free property. the director wants to check if any user entering in the building can leave after some finite time spent in the pool. Write the CTL formula that expresses this Question 4: Evaluating the property. Is this property true? if not: why? what must be changed in the model to avoid this? Page 4 out of 7

5 Third Practice couples of clients/servers We study a simple client/server problem. Question 1: modeling the problem. Let us consider a set of clients and servers. Each client and server is identified by its id. Each client sends a query message with its id to a dedicated server (the one whith the same id). Servers only get message having their Id from the network. Once they received a message, they send an acknowledge implemented as an event with no semantics to the clients. The following hypotheses are made on the network: it is reliable, it does not preserve the order of messages. Question 2: analysis of messages. is it possible to have twice a on the network a query holding the same id? express this as a colored reachability formula. Check this formula with PNXDD. What can you conclude? Question 3: corrected model. Correct the previous specification and check again your formula on it. Page 5 out of 7

A Syntax for CTL fomulæ in PNXDD PNXDD follows the syntax of the VIS model checker. An entire formula should be followed by a semicolon. All text from # to the end of a line is treated as a comment. Atomic Propositions. TRUE, FALSE, and var-name=value are CTL formulas, where var-name is the full hierarchical name of a variable, and value is a legal value in the domain of the variable. var-name1 == var-name2 is the atomic formula that is true if var-name1 has the same value as var-name2. Currently it can be used only in the Boolean domain (it cannot be used for variables of enumerated types). Places are encoded as variables and their marking can be compared. The following expression compares the marking of place 1 with the one of place 2. place 1 = place 2 The marking can be compared to a constant (number of tokens) as follows. The following formula checks there are 3 tokens in place place = 3 Only equality can be tested with PNXDD at this stage. Boolean and Logical Operators. thanks to the following operators: *: boolean and, Atomic propositions can be combined into more complex ones +: boolean or, ^: boolean xor,!: boolean negation, ->: implication, <->: equivalence. Composed atomic expressions can be parenthesed. CTL Operators. the following CTL operators are available (f and g are atomic propositions): AG f: f is always true, AF f: f is always verified in the future, AX f: f is always true at the next step, EG f: f is true sometimes, EF f: f is true in some future, EX f: f is true in some of the next step, A(f U g): f is always true until g becomes true, Page 6 out of 7

E(f U g): sometimes, f remains true until g becomes true. Operator Precedence. Operators are evaluated using the following priority (1 is the highest): 1.! 2. AG, AF, AX, EG, EF, EX, 3. *, 4. +, 5. ^, 6. <->, 7. ->, 8. U. Page 7 out of 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback