Checking the Realizability of BPMN 2.0 Choreographies

Similar documents
Checking the Realizability of BPMN 2.0 Choreographies

Counterexample Guided Synthesis of Monitors for Realizability Enforcement. Matthias Güdemann Gwen Salaün Meriem Ouederni

Reliable Self-Deployment of Cloud Applications

Realizability of Choreographies using Process Algebra Encodings

Realizability of Choreographies using Process Algebra Encodings

VBPMN: Automated Verification of BPMN Processes

Using LNT Formal Descriptions for Model-Based Diagnosis

Asynchronous synthesis techniques for coordinating autonomic managers in the cloud

Checking Business Process Evolution

A step towards reconciling GALS industrial design with formal verification

Promela and SPIN. Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH. Promela and SPIN

Checking Business Process Evolution

Adaptation of Asynchronously Communicating Software

Cyber Physical System Verification with SAL

Course on Probabilistic Methods in Concurrency. (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1

Resource-bound process algebras for Schedulability and Performance Analysis of Real-Time and Embedded Systems

Architecture as coordination: the Orc perspective

Orchestration vs Choreography

Formal Design of Dynamic Reconfiguration Protocol for Cloud Applications

Realizability and Dynamic Reconfiguration of Chor Specifications

Automated Analysis of Industrial Workflow-based Models

A Deterministic Concurrent Language for Embedded Systems

On the Expressiveness of Infinite Behavior and Name Scoping in Process Calculi

A Deterministic Concurrent Language for Embedded Systems

Distributed Systems Programming (F21DS1) Formal Verification

! Use of formal notations. ! in software system descriptions. ! for a broad range of effects. ! and varying levels of use. !

Introduction to Model Checking

Model-Based Adaptation of Software Communicating via FIFO Buffers

Process Modelling. Fault Tolerant Systems Research Group. Budapest University of Technology and Economics

Xuandong Li. BACH: Path-oriented Reachability Checker of Linear Hybrid Automata

Automatic Distributed Code Generation from Formal Models of Asynchronous Processes Interacting by Multiway Rendezvous

Static Analysis by A. I. of Embedded Critical Software

A Deterministic Concurrent Language for Embedded Systems

Introduction to Formal Methods

Cover Page. The handle holds various files of this Leiden University dissertation

To be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 COPYRIGHT 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED.

Behavioural Equivalences and Abstraction Techniques. Natalia Sidorova

Process Modelling. Fault Tolerant Systems Research Group. Budapest University of Technology and Economics

DLC: Compiling a Concurrent System Formal Specification to a Distributed Implementation

Formal Analysis of the ACE Specification for Cache Coherent Systems-On-Chip

A Specification Language for Distributed Components

Chapter 8 Fault Tolerance

Part 1.3 Modal I/O Transition Systems as Semantics of UML4SOA

Simply-Typed Lambda Calculus

CIS 1.5 Course Objectives. a. Understand the concept of a program (i.e., a computer following a series of instructions)

1. In waterfall model, output of one phase is input to next phase. True or false.

Metamodeling with Metamodels. Using. UML/MOF including OCL

Synchronous Specification

Modular Verification of Web Services Using Efficient Symbolic Encoding and Summarization

Research on the Static Analysis Method of the Localization Embedded Platform Software Code Zhijie Gaoa, Ling Lu, Wen Jiao

Type Checking. Outline. General properties of type systems. Types in programming languages. Notation for type rules.

Written Presentation: JoCaml, a Language for Concurrent Distributed and Mobile Programming

4/6/2011. Model Checking. Encoding test specifications. Model Checking. Encoding test specifications. Model Checking CS 4271

Outline. General properties of type systems. Types in programming languages. Notation for type rules. Common type rules. Logical rules of inference

Predictable Execution with IEC 61499

Enterprise Architect Training Courses

A Model-based Certification Framework for the EnergyBus Standard

On the Semantics of Communicating Hardware Processes and their Translation into LOTOS for the Verification of Asynchronous Circuits with CADP

Software verification for ubiquitous computing

Model-based Analysis of Event-driven Distributed Real-time Embedded Systems

TURTLE Four Weddings and a Tutorial

The learning objectives of this chapter are the followings. At the end of this chapter, you shall

An improved fault-tolerant routing algorithm for a Network-on-Chip derived with formal analysis

Validating Distributed Object and Component Designs

Asynchronous Coordination of Stateful Autonomic Managers in the Cloud

Complex Systems Design &DistributedCalculusandCoordination

Enabling Flexibility in Process-Aware

COMP 181. Agenda. Midterm topics. Today: type checking. Purpose of types. Type errors. Type checking

Formal Verification. Lecture 10

Formal Modeling and Verification of GALS Systems Using GRL and CADP

Motivation: Model-driven. driven Engineering. Semantics of Model Transformation. Reiko Heckel University of Leicester, UK

INF672 Protocol Safety and Verification. Karthik Bhargavan Xavier Rival Thomas Clausen

COS 320. Compiling Techniques

Verifying Concurrent ML programs

Quantifying the Parallelism in BPMN Processes using Model Checking

Lecture 2. Decidability and Verification

Clock-directed Modular Code-generation for Synchronous Data-flow Languages

Finite Model Generation for Distributed Java Programs

Formal Methods in Software Engineering. Lecture 07

Flat (Draft) Pasqualino Titto Assini 27 th of May 2016

Tool demonstration: Spin

CS21 Decidability and Tractability

Analyzing Conversations of Web Services

Formal Specification and Verification of Fully Asynchronous Implementations of the Data Encryption Standard

Web Services Choreography and Process Algebra

Chapter 1. Introduction

Proc. XVIII Conf. Latinoamericana de Informatica, PANEL'92, pages , August Timed automata have been proposed in [1, 8] to model nite-s

Binary Decision Diagrams and Symbolic Model Checking

Modeling, Testing and Executing Reo Connectors with the. Reo, Eclipse Coordination Tools

1 A question of semantics

On the Formalization of UML Activities for Component-Based Protocol Design Specifications

TIMO: Timed Mobility in Distributed Systems

CA464 Distributed Programming

Programming Embedded Systems

Lesson 5 Web Service Interface Definition (Part II)

Application: Programming Language Semantics

Temporal Refinement Using SMT and Model Checking with an Application to Physical-Layer Protocols

Chapter Outline. Chapter 2 Distributed Information Systems Architecture. Distributed transactions (quick refresh) Layers of an information system

Asynchronous Models. Chapter Asynchronous Processes States, Inputs, and Outputs

Rule Formats for Nominal Modal Transition Systems

Transcription:

Checking the Realizability of PMN 2.0 Choreographies Gwen Salaün Grenoble INP, INRI, France joint work with Pascal Poizat LRI, University of Evry, France 1

Realizability of Choreographies Interactions among a set of services involved in a new system can be described from a global point of view using choreography specification languages Given a choreography specification, local implementations, namely peers, can be automatically generated via projection However, peers do not always implement the choreography: this problem is known as realizability a 1,2 c 1,2 b 2,3? a! c! a? c? b! b? peer 1 peer 2 peer 3 2

Contributions We propose an encoding of PMN 2.0 choreographies into the LNT specification language We chose LNT because: - It provides a good level of expressiveness for describing PMN constructs - It is equipped with CDP which offers state-of-the-art tools for state space exploration and verification This encoding allows us to: - utomate service peer generation - Verify choreography specifications using CDP - Check the realizability for both synchronous and asynchronous communication 3

Outline 1. Preliminaries: PMN 2.0, LNT, and CDP 2. Encoding into LNT 3. Verification and Realizability 4. Tool Support 5. Conuding Remarks 4

PMN 2.0 Choreographies Choreography tasks and loop types M1 M1 M1 M1 M1 Chor. Task Name Chor. Task Name Chor. Task Name Chor. Task Name Chor. Task Name M2 (a) (b) (c) (d) (e) Control flows and gateways sequence flow start state end state or exusive gateway inusive gateway parallel gateway or event-based gateway CT2 CT1 CT3 diverging pattern (diverging parallel gateway) CT2 CT1 CT3 converging pattern (converging parallel gateway) 5

Running Example n e-booking system involving four peers: a booking system (), a database (db), an online bank service (bk), and a ient () connect request abort CT1 CT2 CT3 reply book pay CT4 CT5 bk db CT6 store Peers are described using Labelled Transition Systems (LTSs) 6

LNT LOTOS NT (LNT) is a value-passing process algebra with userfriendly syntax and operational semantics LNT is an imperative-like language where you can specify data types, functions (pattern matching and recursion), and processes Excerpt of the LNT process grammar: ::= stop G(!E,?X) where E if E then 1 else 2 end if x:=e hide G in end hide P [G1,...,Gm] (E1,...,En) select 1 [] [] n end select 1 ; 2 par G in 1 n end par Verification using CDP through an automated translation to LOTOS 7

Construction and nalysis of Distributed Processes (CDP) Design of asynchronous systems Concurrent processes Message-passing communication Nondeterministic behaviours CDP (INRI/CONVECS) Formal approach rooted in concurrency theory: process calculi, Labeled Transition Systems, bisimulations, branching temporal logics Many verification techniques: simulation, model and equivalence checking, compositional verification, test case generation, performance evaluation, etc. Numerous real-world applications: avionics, embedded systems, hardware design, middleware and software architectures, etc. 8

Outline 1. Preliminaries: PMN 2.0, LNT, and CDP 2. Encoding into LNT 3. Verification and Realizability 4. Tool Support 5. Conuding Remarks 9

Encoding PMN into LNT (1/3) Translation of PMN via state machines Sequence flow process s1[ ] s2[ ] end process Message sending process s1[ ] msg1; s2[ ] end process Message receiving Synchronous communication synchronous communication via FIFO message buffers process s1[ ] msg1_rec; s2[ ] end process 10

Encoding PMN into LNT (2/3) Exusive gateway Parallel gateway C select option_[ ] [] option_[ ] [] option_c[ ] end select C par option_[ ] option_[ ] option_c[ ] end par Parallel merge (multiple merges) merge 1 merge 2 hide sync1, sync2 in par sync1, sync2 -> option_[,sync1,sync2] sync1, sync2 -> option_[,sync1,sync2] sync2 -> option_c[,sync2] 11 end par

Encoding PMN into LNT (3/3) - Inusive gateway C Inusive Merging: nalogous to parallel merge Default case needs no synchronization select option_[ ] ((option_[ ][] null) (option_c[ ][] null)) []option_[ ] ((option_[ ][] null) (option_c[ ][] null)) []option_c[ ] ((option_[ ][] null) (option_[ ][] null)) []default[ ] end select 12

Outline 1. Preliminaries: PMN 2.0, LNT, and CDP 2. Encoding into LNT 3. Verification and Realizability 4. Tool Support 5. Conuding Remarks 13

Compilation and Verification LTS models can be generated using CDP exploration tools, and verified using the Evaluator model-checker E-booking system: LTS obtained by hiding sync_ messages, and minimizing the resulting LTS We can check that a ient can make a booking or abort only if a request has been issued (safety property): [ (not CL_S_REQUEST )*. ( CL_S_OOK or CL_S_ORT ) ] false 14

Realizability Checking Realizability is computed by comparing the PMN LTS with the system composed of interacting peers using behavioural equivalences If these two systems are equivalent, the choreography is realizable In case of asynchronous communication, we generate LNT code to implement bounded FIFO buffers, and associate a buffer to each peer apeer_ apeer_db _db_store _db_store_rec buffer_ buffer_db input message output message interaction For asynchronous communication, undecidability is avoided by imposing buffer bounds or by using recent synchronizability results [asuultan-www11] 15

E-booking System Realizability Our running example is not realizable for both communication models (synchronous and asynchronous) The trace consisting of messages connect, request, reply, book appears in both systems, but _db_store is then in the distributed system, and not in the choreography LTS connect request abort CT1 CT2 reply book CT3 pay CT4 CT5 bk db CT6 store 16

E-booking System, Revisited We use a diverging parallel gateway instead and realizability checks return positive results for both communication models connect request abort CT1 CT2 CT3 reply pay book CT5 CT4 bk db CT6 store 17

Outline 1. Preliminaries: PMN 2.0, LNT, and CDP 2. Encoding into LNT 3. Verification and Realizability 4. Tool Support 5. Conuding Remarks 18

Tool Support Eipse IDE (Helios + PMN2 Editor) CDP PMN2 Choreography Encoding PMN2Py LOTOS NT Processes Model Retrieval Caesar Peer Models (LTS) Verification & Realizability Evaluator Py2LNT SVL script Reductor Intended Choreography Model (LTS) isimulator Feedback Verification & Realizability Results 19

Outline 1. Preliminaries: PMN 2.0, LNT, and CDP 2. Encoding into LNT 3. Verification and Realizability 4. Tool Support 5. Conuding Remarks 20

Conuding Remarks We have presented an encoding of PMN 2.0 choreographies into LNT, which makes the formal analysis of PMN possible using CDP verification tools s far as perspectives are concerned, we would like to: - Extend the suet of PMN choreographies accepted by our approach with hierarchical structuring aspects (sub- choreography) - Integrate looser realizability notions to our framework (pre-order, partial order, etc.) - Use recent compositional aggregation techniques [CrouzenLang-FSE11] to reduce intermediate state spaces size and computation times - Enforce realizability proposing smart projection techniques - pply our approach to a real-size case study in the e-governance domain 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback