Observable Behavior of Distributed Systems: Component Reasoning for Concurrent Objects
advertisement
Observable Behavior of Distributed Systems:
Component Reasoning for Concurrent Objects
Crystal Chang Din, Johan Dovland, Einar Broch Johnsen, Olaf Owe
Precise Modeling and Analysis group (PMA),
University of Oslo
The 22nd Nordic Workshop on Programming Theory - NWPT ’10
10 November 2010, Turku, Finland
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
1 / 31
Motivation
What kind of software systems do we focus on?
Why it is challenging to reason about distributed systems?
How do we solve these problems?
Compositional Verification System
Each component can be analyzed independently from its surrounding
components.
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
2 / 31
Motivation
What kind of software systems do we focus on?
Why it is challenging to reason about distributed systems?
How do we solve these problems?
Compositional Verification System
Each component can be analyzed independently from its surrounding
components.
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
2 / 31
Motivation
What kind of software systems do we focus on?
Why it is challenging to reason about distributed systems?
How do we solve these problems?
Compositional Verification System
Each component can be analyzed independently from its surrounding
components.
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
2 / 31
Motivation
What kind of software systems do we focus on?
Why it is challenging to reason about distributed systems?
How do we solve these problems?
Compositional Verification System
Each component can be analyzed independently from its surrounding
components.
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
2 / 31
Main Purpose
Reasoning
Distributed, concurrent system
Main features
I
I
encapsulation
asynchronous method calls
ABS is suitable language for this purpose
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
3 / 31
Main Purpose
Reasoning
Distributed, concurrent system
Main features
I
I
encapsulation
asynchronous method calls
ABS is suitable language for this purpose
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
3 / 31
Outline
1
The ABS Language
2
Observable Behavior of Distributed Systems
3
Reasoning System for the ABS Classes
4
Object Composition for Concurrency and Object Generation
5
Summary
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
4 / 31
Abstract Behavioral Specification language (ABS)
high-level imperative and OO language
concurrent objects
method call
asynchronous
no access to the internal state variables of other objects
avoid intra-object interference (only one process is allowed)
processor release point
I
I
conditional (await guard;)
unconditional (suspend;)
abstract data types for data structures
inspired by the Creol language but without inheritance
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
5 / 31
Abstract Behavioral Specification language (ABS)
high-level imperative and OO language
concurrent objects
method call
asynchronous
no access to the internal state variables of other objects
avoid intra-object interference (only one process is allowed)
processor release point
I
I
conditional (await guard;)
unconditional (suspend;)
abstract data types for data structures
inspired by the Creol language but without inheritance
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
5 / 31
Abstract Behavioral Specification language (ABS)
high-level imperative and OO language
concurrent objects
method call
asynchronous
no access to the internal state variables of other objects
avoid intra-object interference (only one process is allowed)
processor release point
I
I
conditional (await guard;)
unconditional (suspend;)
abstract data types for data structures
inspired by the Creol language but without inheritance
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
5 / 31
Abstract Behavioral Specification language (ABS)
high-level imperative and OO language
concurrent objects
method call
asynchronous
no access to the internal state variables of other objects
avoid intra-object interference (only one process is allowed)
processor release point
I
I
conditional (await guard;)
unconditional (suspend;)
abstract data types for data structures
inspired by the Creol language but without inheritance
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
5 / 31
Abstract Behavioral Specification language (ABS)
high-level imperative and OO language
concurrent objects
method call
asynchronous
no access to the internal state variables of other objects
avoid intra-object interference (only one process is allowed)
processor release point
I
I
conditional (await guard;)
unconditional (suspend;)
abstract data types for data structures
inspired by the Creol language but without inheritance
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
5 / 31
Abstract Behavioral Specification language (ABS)
high-level imperative and OO language
concurrent objects
method call
asynchronous
no access to the internal state variables of other objects
avoid intra-object interference (only one process is allowed)
processor release point
I
I
conditional (await guard;)
unconditional (suspend;)
abstract data types for data structures
inspired by the Creol language but without inheritance
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
5 / 31
Abstract Behavioral Specification language (ABS)
high-level imperative and OO language
concurrent objects
method call
asynchronous
no access to the internal state variables of other objects
avoid intra-object interference (only one process is allowed)
processor release point
I
I
conditional (await guard;)
unconditional (suspend;)
abstract data types for data structures
inspired by the Creol language but without inheritance
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
5 / 31
Abstract Behavioral Specification language (ABS)
high-level imperative and OO language
concurrent objects
method call
asynchronous
no access to the internal state variables of other objects
avoid intra-object interference (only one process is allowed)
processor release point
I
I
conditional (await guard;)
unconditional (suspend;)
abstract data types for data structures
inspired by the Creol language but without inheritance
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
5 / 31
Reader-Writer Example of ABS
class RWController() implements RW{
DataSet readers; Obj writer; DB db; Int pr;
{readers:=Empty;writer:=null;db:=new DataBase();pr:=0;}
Void openR(){await writer=null;
readers:=Cons(caller, readers);}
Void openW(){await writer=null; writer:=caller;}
Void closeR(){readers:=delete(caller,readers);}
Void closeW(){await writer=caller; writer:=null;}
Data read(Int key){Data result;
await isElement(caller,readers);pr:=pr+1;
await result:=db.read(key);pr:=pr-1; return result;}
Void write(Int key, Data value){
await caller=writer && readers=Empty && pr=0;
db.write(key, value);}
}
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
6 / 31
Outline
1
The ABS Language
2
Observable Behavior of Distributed Systems
3
Reasoning System for the ABS Classes
4
Object Composition for Concurrency and Object Generation
5
Summary
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
7 / 31
A Method Call Cycle
o
o0
o → o 0 .m(e)
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
8 / 31
A Method Call Cycle
o
o0
o → o 0 .m(e)
o o 0 .m(e)
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
8 / 31
A Method Call Cycle
o
o0
o → o 0 .m(e)
o o 0 .m(e)
o ← o 0 .m(v )
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
8 / 31
A Method Call Cycle
o
o0
o → o 0 .m(e)
o o 0 .m(e)
o ← o 0 .m(v )
o o 0 .m(v )
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
8 / 31
Representation of the Execution in Distributed System
Communication History
The communication history (H) of a (sub)system up to a given time is a
finite sequence of events [Hoare’85, Dahl’87, Broy’01].
Example:
H:= H `o → o 0 .m(e)
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
9 / 31
Representation of the Execution in Distributed System
Communication History
The communication history (H) of a (sub)system up to a given time is a
finite sequence of events [Hoare’85, Dahl’87, Broy’01].
Example:
H:= H `o → o 0 .m(e)
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
9 / 31
Representation of the Execution in Distributed System
Communication History
The communication history (H) of a (sub)system up to a given time is a
finite sequence of events [Hoare’85, Dahl’87, Broy’01].
Example:
H:= H `o → o 0 .m(e)
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
9 / 31
Representation of the Execution in Distributed System
Communication History
The communication history (H) of a (sub)system up to a given time is a
finite sequence of events [Hoare’85, Dahl’87, Broy’01].
Example:
H:= H `o → o 0 .m(e)
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
9 / 31
Communication History and Well-formedness
o
o0
o → o 0 .m(e)
o o 0 .m(e)
o ← o 0 .m(v )
o o 0 .m(v )
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
10 / 31
Class Invariant
contract between the different processes
must hold
I
I
I
after initialization
after method termination
before suspension
may assume
I
I
when method starts
after suspension
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
11 / 31
Verification Problem of openR()
relates observable communication and internal state
I(readers,H): Readers (H) = readers
where Readers (H)
I
I
abstractly captures the registered readers
completed openR() but not closeR()
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
12 / 31
Class Invariant
IC (w , hthis ) , I(w ,hthis ) ∧ wf (hthis ) ∧
hthis bw parent(this) this.new C (cp).
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
13 / 31
Class Invariant
IC (w , hthis ) , I(w ,hthis ) ∧ wf (hthis ) ∧
hthis bw parent(this) this.new C (cp).
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
13 / 31
Class Invariant
IC (w , hthis ) , I(w ,hthis ) ∧ wf (hthis ) ∧
hthis bw parent(this) this.new C (cp).
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
13 / 31
Class Invariant
IC (w , hthis ) , I(w ,hthis ) ∧ wf (hthis ) ∧
hthis bw parent(this) this.new C (cp).
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
13 / 31
Outline
1
The ABS Language
2
Observable Behavior of Distributed Systems
3
Reasoning System for the ABS Classes
4
Object Composition for Concurrency and Object Generation
5
Summary
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
14 / 31
Semantic Definition of ABS by a Syntactic Encoding
In [Apt’81,Apt’84], Apt shows that the usual proof system is sound and
relative complete in the following sequential language with the syntax:
skip | abort | v := e | s1 ; s2 | if b then s1 [else s2 ]? fi.
Additionally, we add extra statements (S) and the corresponding
weakest liberal preconditions (WLP):
statement S
wlp(S,Q)
y := some x . P(x)
∀ x . (P(x) ⇒ Qxy )
assert b
b∧Q
assume b
b⇒Q
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
15 / 31
Semantic Definition of ABS by a Syntactic Encoding
In [Apt’81,Apt’84], Apt shows that the usual proof system is sound and
relative complete in the following sequential language with the syntax:
skip | abort | v := e | s1 ; s2 | if b then s1 [else s2 ]? fi.
Additionally, we add extra statements (S) and the corresponding
weakest liberal preconditions (WLP):
statement S
wlp(S,Q)
y := some x . P(x)
∀ x . (P(x) ⇒ Qxy )
assert b
b∧Q
assume b
b⇒Q
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
15 / 31
Semantic Definition of ABS by a Syntactic Encoding
In [Apt’81,Apt’84], Apt shows that the usual proof system is sound and
relative complete in the following sequential language with the syntax:
skip | abort | v := e | s1 ; s2 | if b then s1 [else s2 ]? fi.
Additionally, we add extra statements (S) and the corresponding
weakest liberal preconditions (WLP):
statement S
wlp(S,Q)
y := some x . P(x)
∀ x . (P(x) ⇒ Qxy )
assert b
b∧Q
assume b
b⇒Q
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
15 / 31
Semantic Definition of ABS by a Syntactic Encoding
In [Apt’81,Apt’84], Apt shows that the usual proof system is sound and
relative complete in the following sequential language with the syntax:
skip | abort | v := e | s1 ; s2 | if b then s1 [else s2 ]? fi.
Additionally, we add extra statements (S) and the corresponding
weakest liberal preconditions (WLP):
statement S
wlp(S,Q)
y := some x . P(x)
∀ x . (P(x) ⇒ Qxy )
assert b
b∧Q
assume b
b⇒Q
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
15 / 31
Semantic Definition of ABS by a Syntactic Encoding
In [Apt’81,Apt’84], Apt shows that the usual proof system is sound and
relative complete in the following sequential language with the syntax:
skip | abort | v := e | s1 ; s2 | if b then s1 [else s2 ]? fi.
Additionally, we add extra statements (S) and the corresponding
weakest liberal preconditions (WLP):
statement S
wlp(S,Q)
y := some x . P(x)
∀ x . (P(x) ⇒ Qxy )
assert b
b∧Q
assume b
b⇒Q
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
15 / 31
Semantic Definition of ABS by a Syntactic Encoding
In [Apt’81,Apt’84], Apt shows that the usual proof system is sound and
relative complete in the following sequential language with the syntax:
skip | abort | v := e | s1 ; s2 | if b then s1 [else s2 ]? fi.
Additionally, we add extra statements (S) and the corresponding
weakest liberal preconditions (WLP):
statement S
wlp(S,Q)
y := some x . P(x)
∀ x . (P(x) ⇒ Qxy )
assert b
b∧Q
assume b
b⇒Q
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
15 / 31
Semantic Definition of ABS by a Syntactic Encoding
In [Apt’81,Apt’84], Apt shows that the usual proof system is sound and
relative complete in the following sequential language with the syntax:
skip | abort | v := e | s1 ; s2 | if b then s1 [else s2 ]? fi.
Additionally, we add extra statements (S) and the corresponding
weakest liberal preconditions (WLP):
statement S
wlp(S,Q)
y := some x . P(x)
∀ x . (P(x) ⇒ Qxy )
assert b
b∧Q
assume b
b⇒Q
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
15 / 31
Semantic Definition of ABS by a Syntactic Encoding
In [Apt’81,Apt’84], Apt shows that the usual proof system is sound and
relative complete in the following sequential language with the syntax:
skip | abort | v := e | s1 ; s2 | if b then s1 [else s2 ]? fi.
Additionally, we add extra statements (S) and the corresponding
weakest liberal preconditions (WLP):
statement S
wlp(S,Q)
y := some x . P(x)
∀ x . (P(x) ⇒ Qxy )
assert b
b∧Q
assume b
b⇒Q
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
15 / 31
Syntactic Encoding and WLP of Methods
hh m(x) B ii ,
H := H ` caller this.m(return); hh B ii
H := H ` caller ← this.m(return); assume wf(H)
wlp(m(x) B, Q) ,
wlp(H := H ` caller this.m(return); B;
H := H ` caller ← this.return, wf(H) ⇒ Q)
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
16 / 31
Syntactic Encoding and WLP of await b
hh await b ii ,
if b then skip else assert IC (w , H);
w , H := some w , H0 . H 6 H0 ∧ IC (w , H0 ) ∧ b fi
wlp(await b, Q) ,
if b then Q else IC (w , H) ∧
H
∀w , H0 . (H 6 H0 ∧ IC (w , H0 ) ∧ b) ⇒ QH
0
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
17 / 31
Hoare Reasoning
{P} S {Q} is the same as P ⇒ wlp(S, Q)
Given that wlp is Sound and Complete
{P} S {Q} is sound if P ⇒ wlp(S, Q).
{P} S {Q} is complete if P ⇔ wlp(S, Q).
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
18 / 31
Hoare Reasoning
{P} S {Q} is the same as P ⇒ wlp(S, Q)
Given that wlp is Sound and Complete
{P} S {Q} is sound if P ⇒ wlp(S, Q).
{P} S {Q} is complete if P ⇔ wlp(S, Q).
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
18 / 31
Derived Hoare Rule for Methods
Derived Hoare Rule for m(x) B:
H
{IC H
pop(H) ∧ H ew caller this.m(x)} B {IC H`caller←this.m(return) }
Follows by WLP for m(x) B
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
19 / 31
Derived Hoare Rule for Methods
Derived Hoare Rule for m(x) B:
H
{IC H
pop(H) ∧ H ew caller this.m(x)} B {IC H`caller←this.m(return) }
Follows by WLP for m(x) B
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
19 / 31
Derived Hoare Rules for await b
{H0 = H} await b {H0 6 H ∧ b}
{IC } await b {IC ∧ b}
{Q ∧ b} await b {Q ∧ b}
Follows by WLP for await b
The await rules can be shown complete (assuming standard
adaptation and disjunction rules).
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
20 / 31
Derived Hoare Rules for await b
{H0 = H} await b {H0 6 H ∧ b}
{IC } await b {IC ∧ b}
{Q ∧ b} await b {Q ∧ b}
Follows by WLP for await b
The await rules can be shown complete (assuming standard
adaptation and disjunction rules).
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
20 / 31
Derived Hoare Rules for await b
{H0 = H} await b {H0 6 H ∧ b}
{IC } await b {IC ∧ b}
{Q ∧ b} await b {Q ∧ b}
Follows by WLP for await b
The await rules can be shown complete (assuming standard
adaptation and disjunction rules).
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
20 / 31
Reasoning About openR in RW Example
{I : Readers(H) = readers}
openR()
{
H
{Ipop(H)
∧ H ew caller this.openR}
{Readers(H) = readers}
await writer = NULL;
{Readers(H) = readers ∧ writer = NULL}
{Readers(H) ∪ {caller } = Cons(caller , readers)}
readers := Cons(caller , readers)
H
{IH`caller←this.openR
}
}
{I : Readers(H) = readers}
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
21 / 31
Reasoning About openR in RW Example
{I : Readers(H) = readers}
openR()
{
H
{Ipop(H)
∧ H ew caller this.openR}
{Readers(H) = readers}
await writer = NULL;
{Readers(H) = readers ∧ writer = NULL}
{Readers(H) ∪ {caller } = Cons(caller , readers)}
readers := Cons(caller , readers)
H
{IH`caller←this.openR
}
}
{I : Readers(H) = readers}
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
21 / 31
Reasoning About openR in RW Example
{I : Readers(H) = readers}
openR()
{
H
{Ipop(H)
∧ H ew caller this.openR}
{Readers(H) = readers}
await writer = NULL;
{Readers(H) = readers ∧ writer = NULL}
{Readers(H) ∪ {caller } = Cons(caller , readers)}
readers := Cons(caller , readers)
H
{IH`caller←this.openR
}
}
{I : Readers(H) = readers}
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
21 / 31
Reasoning About openR in RW Example
{I : Readers(H) = readers}
openR()
{
H
{Ipop(H)
∧ H ew caller this.openR}
{Readers(H) = readers}
await writer = NULL;
{Readers(H) = readers ∧ writer = NULL}
{Readers(H) ∪ {caller } = Cons(caller , readers)}
readers := Cons(caller , readers)
H
{IH`caller←this.openR
}
}
{I : Readers(H) = readers}
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
21 / 31
Reasoning About openR in RW Example
{I : Readers(H) = readers}
openR()
{
H
{Ipop(H)
∧ H ew caller this.openR}
{Readers(H) = readers}
await writer = NULL;
{Readers(H) = readers ∧ writer = NULL}
{Readers(H) ∪ {caller } = Cons(caller , readers)}
readers := Cons(caller , readers)
H
{IH`caller←this.openR
}
}
{I : Readers(H) = readers}
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
21 / 31
Outline
1
The ABS Language
2
Observable Behavior of Distributed Systems
3
Reasoning System for the ABS Classes
4
Object Composition for Concurrency and Object Generation
5
Summary
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
22 / 31
Safety Properties of the Execution in Distributed System
History Invariant
History invariant is a predicate over the communication history expressing
safety properties [Dahl’87, Dahl’92] .
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
23 / 31
Composition Rule
Object Invariant
Io:C (E ) (ho ) , ∃ w . (IC (w , hthis ))this,cp
o,E
abstracting away the internal state
Global Invariant
I(H) , (
V
Io:C (e) (H/o)) ∧ wf (H )
(o:C (e))∈ob(H)
reflecting concurrent composition of objects and dynamic object
creation where H/o = ho
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
24 / 31
Composition Rule
Object Invariant
Io:C (E ) (ho ) , ∃ w . (IC (w , hthis ))this,cp
o,E
abstracting away the internal state
Global Invariant
I(H) , (
V
Io:C (e) (H/o)) ∧ wf (H )
(o:C (e))∈ob(H)
reflecting concurrent composition of objects and dynamic object
creation where H/o = ho
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
24 / 31
Outline
1
The ABS Language
2
Observable Behavior of Distributed Systems
3
Reasoning System for the ABS Classes
4
Object Composition for Concurrency and Object Generation
5
Summary
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
25 / 31
Conclusion
A sound and complete reasoning system for the ABS language
Classes can be specified independently from the surroundings
Modularity is achieved
Global specification is realized from composing local specifications
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
26 / 31
Comparison to Related Work
The work is based on [Dovland’08, Ahrent’10] but simpler
No concept of input insensitivity and need not prove it
Different notion of locality and events
No nondeterministic extension of the history with environment activity
Unrestricted use of assumptions on the environment
Valuable when reasoning about objects in an open environment
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
27 / 31
Future Work
Extend the system for ABS future variables
Implementation in KeY
Semi-automatic verification
Large case studies
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
28 / 31
References
1. C . C . Din, J. Dovland , E . B. Johnsen, and O. Owe. Observable behavior of distributed systems :
Component reasoning for concurrent objects. Research report 401,
Department of Informatics, University of Oslo, Norway , Nov . 2010.
2. W . Ahrendt and M. Dylla. A system for compositional verification of asynchronous objects.
Science of Computer Programming , In Press, 2010.
3. B. Alpern and F . B. Schneider . Defining liveness. Information Processing Letters,
21(4) : 181-185, Oct. 1985.
4. K . R. Apt. Ten years of Hoare 0 s logic : A survey − Part I . ACM Transactions on
Programming Languages and Systems, 3(4) : 431-483, Oct. 1981.
5. K . R. Apt. Ten years of Hoare 0 s logic : A survey − Part II : Nondeterminism.
Theoretical Computer Science, 28(1-2) : 83-109, Jan. 1984.
6. M. Broy and K . Stølen. Specification and Development of Interactive Systems.
Monographs in Computer Science. Springer -Verlag , 2001.
7. O.-J. Dahl . Object − oriented specifications. In Research directions in object − oriented programming ,
pages 561-576. MIT Press, Cambridge, MA, USA, 1987.
8. O.-J. Dahl . Verifiable Programming . International Series in Computer Science.
Prentice Hall , New York, N.Y ., 1992.
9. J. Dovland , E . B. Johnsen, and O. Owe. Verification of concurrent objects with asynchronous method calls.
In Proceedings of the IEEE International Conference on Software − Science, Technology & Engineering
(SwSTE 0 05), pages 141-150. IEEE Computer Society Press, Feb. 2005.
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
29 / 31
References
10. J. Dovland , E . B. Johnsen, and O. Owe. Observable Behavior of Dynamic Systems :
Component Reasoning for Concurrent Objects. Electronic Notes in Theoretical Computer Science,
203(3) : 19-34, 2008.
11. R. Hähnle, E . B. Johnsen, B. M. Østvold , J. Schäfer , M. Steffen, and A. B. Torjusen.
Deliverable D1.1A Report on the Core ABS Language and Methodology : Part A.
http : //www .cse.chalmers.se/research/hats/sites/default/files/Deliverable11a_rev 2.pdf , 2010.
12. C . A. R. Hoare. Communicating Sequential Processes. International Series in Computer Science.
Prentice Hall , 1985.
13. International Telecommunication Union. Open Distributed Processing − Reference Model parts 1-4.
Technical report, ISO/IEC , Geneva, July 1995.
14. E . B. Johnsen and O. Owe. An asynchronous communication model for distributed concurrent objects.
Software and Systems Modeling , 6(1) : 35-58, Mar . 2007.
15. N. Soundarara jan. Axiomatic semantics of communicating sequential processes.
ACM Transactions on Programming Languages and Systems, 6(4) : 647-662, Oct. 1984.
16. N. Soundarara jan. A proof technique for parallel programs. Theoretical Computer Science,
31(1-2) : 13-29, May 1984.
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
30 / 31
Thank You
Crystal Chang Din @ UiO
Observable Behavior of Distributed Systems
NWPT ’10
31 / 31
