Analysis of Concurrent Software
Models Using Partial Order Views
Qiang Sun, sun-qiang@sjtu.edu.cn
Yuting Chen, chenyt@cs.sjtu.edu.cn
Jianjun Zhao, zhao-jj@cs.sjtu.edu.cn
Shanghai Jiaotong University
13-Apr-15
Outline
• Motivation
• An approach to analysis of concurrent software models using
partial order views
• Some simple examples
Motivation
• Checking and analyzing the software design model become
crucial
• Analysis of concurrent software behavioural models still
faces challenges
– Data races, atomicity violations, bugs
• A number of analyses are on the basis of state models
– A process can be modeled as a state machine in which the transitions
are atomic or indivisible actions executed by the process.
– LTS: Labeled Transition Systems
– FSP (Finite State Processes), CCS, CSP
• Analyzing a state model usually faces difficulties
– Combination of state models leads to state space explosion
Solution?
• Modeling concurrency using partial orders
– Partial order view
• Extraction of partial orders of interest events from state
machines
– Partial orders can also be extracted from partial behavioral models.
• BiG provides the mechanism of the model transformation
and synchronization.
– State machine ↔ Pomset model
Labeled Partial Order (LPO)
– A partial order is a pair (E, <), where < is an irreflexive
transitive binary relation on the vertex set E.
– A labeled partial order (lpo) is a structure
(E, ∑, μ, <), where (E, <) is a partial order, and μ : E→∑ labels
the vertices of E with elements of the set ∑.
– (E, ∑, μ, <) and (E’, ∑’, μ’, <’) over the same set of labels ∑ are
isomorphic if
– there exists a bijection τ: E→E’ such that for all u, v ∈ E,
μ(u)= μ’(τ(u)), and u < v iff τ(u) <’ τ(v).
Partial Order Multi-Set (Pomset)
• A pomset [E, ∑, μ, <] is the isomorphism class
of an lpo (E, ∑, μ, <).
– A pomset [E, ∑, μ, <] is finite if E is finite.
– Two pomsets [E, ∑, μ, <] and [E’, ∑’, μ’, <’] are
isomorphic if
• there exist bijections τ : E→E’ and ν: ∑ → ∑’, such
that for all u, v ∈ E and for all a ∈ ∑, μ(u) = a iff μ’
(μ(u)) = ν(a), and u < v iff τ(u) <’τ(v).
Two Operations
• Let
– p = [E, ∑, <, μ]
– p' = [E’, ∑, <’, μ’]
– E ∩ E' =Φ.
• Series operation
– p;p’ = [E∪E’, ∑, (< ∪<’ ∪(E×E’)), μ ∪μ’]
• Parallel operation
– p||p’ = [E∪E’, ∑, (< ∪<’), μ ∪μ’]
• Pomset Model
– Actions & events
∑
An occurrence of an action is an event. E
• An action may occur more than once.
•
A
B
• Pomset model helps analyze and understand the behaviors
of concurrent software better.
– Happens-before relationship for the events of interest
– Calculating the possible traces
– Pomset model can avoid state space explosion; the increment of the
events is linear.
Analysis of Concurrent Software Models
Using Partial Order Views
• To extract pomset model
– Computing the partial order of events within one process.
– Merging partial orders of different processes through parallel
operation.
• To analyze pomset model and check event traces
• To revisit state model whether we detect abnormal event
traces
• Bidirectional Graph Transformation technique provides with
support in transforming state model to pomset model and
keeping model synchronization.
– The result can be easily mapped back to the original LTS.
SMALL EXAMPLES
Semaphore
up
• Semaphore LTS
-1
1
0
up
down
• Loop
up
critical 1
0
down
up
1
2
1
critical 2
0
down
2
up
critical 1
down
End
Begin
up
critical 2
down
Elevator System
• Outer request
– FLOOR × {UP, DOWN}
• Inner request
– FLOOR TO GO TO
• Controller of elevators
– Out requests: accessing request queue
– Inner requests: message passing
5 floors and
2 elevators
Outer request queue
0
getREQ
send
receive receive receive
User in elevator
0
1
2
3
response
send
response
response
response
5
elevator
4
-1
send
0
send
1
send
2
3
receive receive receive
Inner request buffer
Begin
getREQ
send
send
send
receive
receive
receive
response
End
remove
Begin
get
send
send
send
receive
receive
receive
response
End
Outer request queue
get
1’
0
remove
send
receive receive receive
User in elevator
0
1
2
3
response
send
response
response
response
5
elevator
4
-1
send
0
send
1
send
2
3
receive receive receive
Inner request buffer
receivereceivereceive
getREQ
0
1
2
3
response
Begin
getREQ
send
send
send
receive
receive
receive
response
End
4
response
response
response
5
get
0
1’
remove
receive receive receive
1
2
3
response
response
4
Begin
get
remove
response
send
send
send
receive
receive
receive
response
End
response
5
Two elevators
Outer request queue
1’
get
1’
get
remove
remove
receive receive receive
receive receive receive
0
1
2
3
response
4
response
response
response
0
1
3
response
response
5
Elevator 2
4
response
response
5
Elevator 1
2
Begin
get1
get2
remove1
remove2
get1 → get2 → remove1 → remove2
Lock & Unlock
Begin
Begin
lock
lock
lock
lock
get1
get2
get1
get2
remove1
remove2
remove1
remove2
unlock
unlock
unlock
unlock
Outer request queue
get
1’
remove
1’’
1’’’
0
1’
remove
1’’
1’’’
receive receive receive
unlock
lock
get
1
2
3
response
4
response
response
response
receive receive receive
unlock
lock
0
1
3
response
response
5
Elevator 2
4
response
response
5
Elevator 1
2
• Partial order event model provides engineers with
– A different view about the events occurring in the concurrent software
system and their order.
– Bidirectional model transformation technique helps transform state
model to partial order event model
• Detection of potential errors is possible from taking
advantage of information about partial order event model
– To detect data races by associating the events to accessing the shared
memory
– To detect atomicity violations by associating actions to accessing
resources
– Determination of the real bugs usually relies on human judgements
– Bidirectional model transformation technique helps reveal the bugs in
the state model if any abnormal event traces are found
Conclusions
• State model is widely used in practice
• Pomset model can avoid state space explosion
• An approach to checking and analyzing state model using
pomset model
• BiG provides the mechanism of model transformation and
bug elimination
Future Work
• A systematic approach
• Correctness of the approach
– Case studies and experiments
• Tool Support