survey on trace analyzer (2)

Survey on Trace Analyzer (2)

Hong, Shin

23年 4月 21日1/34 Survey on Trace Analyzer (2) Hong,Shin@PSWLab KAIST

Table of Contents Introduction Motivation Simulation Trace Model JMPAX POTA Further Study References Discussion

23年 4月 21日

2/34 Survey on Trace Analyzer (2) Hong,Shin@PSWLab KAIST

Introduction 1/4 The importance of Software is getting

increased. Quality assurance of the software is very important

today.

Software are becoming more complex. Concurrency with a large number of components

To assure correctness of a software,Traditional TestingFormal verification

23年 4月 21日


Introduction 2/4 Traditional Testing

Can not prove the correctness of a software Costs a lot of time

Model Checking Labor-some process Hard to assure the correctness of executable code Costs a lot of time

These are generally infeasible for a system with a large number of components and concurrency such as SoC.

23年 4月 21日


Introduction 3/4 Trace Analyzer

Specify requirements in formal language. Extract status of process while a target program is

executing. Verify whether the trace is satisfied against a

given formal requirement.

Advantages No labor-some job is needed. Formal specifications can be used. Possible to verify executable program.

23年 4月 21日


Introduction 4/4Previously,

TemporalROVERLTL, MTL was used.

Java Path ExplorerLTL was used.

Detect existing error in current executions.

What about Java Path Explorer’s error pattern analysis?Deadlock analysis, Data race analysis

23年 4月 21日


Motivation 1/6

Example : Landing airplane

<Requirement>when the plane is landing, landing has been approved and radio signal is live.

23年 4月 21日


Motivation 2/6int landing=0, approved=0, radio=1 ;

void thread1{

askLandingApproval() ;

if (approved ==1) {

landing=1; doLanding() ; landing=0;

else printf(“Landing is not approved”);}

void askLandingApproval() {

if (radio == 0) approved = 0 ;

else approved=1;}

void thread2 {

while(1) if (time_out) radio=0;}

A bug exists

23年 4月 21日


Motivation 3/6In most cases<thead1> <thread2>

1)landing=0;radio=1;approved=0

2)if (radio == 1)

3)approved = 1

4)landing = 1

5)landing = 0

6)if (time_out)

7)radio = 0 ;

Successful execution trace

23年 4月 21日


Motivation 4/6<thread1> <thread2>

1)landing=0; 1)if (time_out)

2)radio=1; 2)radio = 0 ;

3)approved=0;

4)if (radio==0)

5)approved=1;

6)landing=1 ;

Check whether every trace from asynchronous product of two traces is satisfied with given requirement.

23年 4月 21日


Motivation 5/61)landing=0;

2)radio=1;

3)approved=0;

4)if (radio==1)

5)approved=1;

6)landing=1 ;

7)if (time_out)

8)radio = 0 ;

Partial order traces can be used to simulate some total order trace.

23年 4月 21日


Motivation 6/6

(1) Specify formal requirement of a system.

(2) Extract interesting temporal relations between

processes as partial order traces.

(3) Create partial order trace with respect to

extracted

information.

(4) Check whether the model satisfies the

requirement or not (simulating total order traces).

23年 4月 21日


Simulation Trace Model 1/5< Lamport’s happens before relation > For two distinguishable events e and f, e happens before f if and only if

(1) e occurs before f in the same process.(2) e is sending a message and f is a receiving of that message.(3) There exist e happens before g and g happens before f.

Events in the same process are totally ordered and events between different processes are partially ordered.

23年 4月 21日


Simulation Trace Model 2/5int x = 0 ; int y = 0 ;

lock a ;void thread1 {

a.acquire() ;x = 1 ;x = 2 ;a.release() ;

}

void thread2 {y = 1 ;a.acquire() ;y = 3 ;y = 4 ;a.release() ;

}

23年 4月 21日


Simulation Trace Model 3/5int x = 0 ; int y = 0 ; lock a ;void thread1 { void thread2 {

y = 1 ;a.acquire() ;x = 1 ;x = 2 ; a.acquire() ;a.release() ;

a.acquire() ;} y = 3 ;

y = 4 ;a.release() ; }

23年 4月 21日


Simulation Trace Model 4/5 Vector clocks

Represent the happen before relation A vector clock assigns timestamps to events such

that the partial order relation between events can be determined by using the timestamps.

Given a compuation G on n processv : V(G) → Nn such that for all events e and f, e happens before f if and only ife.v ≤ f.v

23年 4月 21日


Simulation Trace Model 5/5int x = 0 ; int y = 0 ; lock a ;void thread1{ [1,0] [0,1] void

thread2 {[0,2] y = 1 ;

a.acquire() ; [2,0]x = 1 ; [3,0]x = 2 ; [4,0]a.release() ; [5,0]

[2,3] a.acquire() ;} [2,4] y = 3 ;

[2,5] y = 4 ;[2,6] a.release() ; }

23年 4月 21日


JMPAX 1/3 Java MultiPathExplorer, JMPAX

Extend Java PathExplorer

Combine testing and formal methods techniques.

Possible to reveal errors in multithreaded programs that are hard to detect by observing successful executions.

23年 4月 21日


JMPAX 2/3

23年 4月 21日


JMPAX 3/3 Use past time LTL to specify safety properties.

Predict safety errors from successful executions.

Check a simulation trace model in a exhaustive way.O(|E|n) where E is events in each process and n is

the number of processes.

23年 4月 21日


POTA 1/11 Partial Order Trace Analyzer

Create a model from partial order traces State Explosion

- Regular CTL

- Computation slicing

23年 4月 21日


POTA 2/11

23年 4月 21日


POTA 3/11 The order on events must be a partial order. For a directed graph G that represent the

computation,

A global state(consistent cut) on G as- a subset of vertices s.t. if the subset contains a vertex then it contains all its incoming neighbors.- denoted by the set of its frontier.- ⊥i for initial state of process i, ⊤i for final state of process i

C(G) is the set of global states on the graph G.- it forms a distributive lattice under subset relation.

23年 4月 21日


POTA 4/11

23年 4月 21日


POTA 5/11

Predicate Detection problem

Given a distributive lattice L=(C(G), ⊆) and a

temporal logic predicate p, decide whether L,

{⊥}⊧p holds or not.

23年 4月 21日


POTA 6/11 A predicate is regular if, given two consistent

cuts that satisfy the predicate, the consistent cuts obtained by their set union and set intersection also satisfy the predicate.

Predicate p is regular iff(C satisfy p) and (D satisfy p)

(C∩D satisfy p ) and (C∪D satisfy p)

23年 4月 21日


POTA 7/11 Temporal logic : safety and liveness property

Computational Tree Logic(CTL) Path quantifier A: all full paths E:

some full path Temporal logic G:always F:eventuallyX:next time

Non-temporal predicates :

λ : C → P(AP) where AP is atomic propositions

AG(p), AF(p), EG(p), EF(p), EX(p), EX(p)[i] , AX(p) where p is a non-temporal predicate.

23年 4月 21日


POTA 8/11

23年 4月 21日


POTA 9/11

23年 4月 21日


POTA 10/11

RCTL

A sublogic of CTL

contains regular non-temporal logics and regular

temporal logic.

If p is a regular non-temporal logic then EF(p),

AG(p),EG(p), and EX(p)[j] is also regular.

Express both safety property and liveness property.

23年 4月 21日


POTA 11/11 Computation Slice

All consistent cuts of a computation that satisfy a given predicate.

A slice of a computation with respect to a predicate exists iff the set of global states that satisfy the predicate forms a sub-lattice of the lattice of global states

As long as predicate is regular, there exists efficient algorithm to compute the slice for regular predicate.

O(|p|n2|E|)23年 4月 21日


Further study

POTA- Regular predicates- Detection of global predicate

More survey on trace analyzer

23年 4月 21日


References [1] Leslie Lamport, Time, Clocks, and the Ordering

of Events in a Distributed System, 1978. [2] V K.Garg et al, On Slicing a Distributed

Computation, 1999. [3] K Sen et al, Runtime Safety Analysis of

Multithreaded Programs, 2003. [4] A Sen&V K. Garg, Partial Order Trace Analyzer

for Distributed Programs, 2003. [5] A Sen&V K.Garg, Formal Verification of

Simulation Traces Using Computation Slicing, 2006.

23年 4月 21日


Discussion

23年 4月 21日


survey on trace analyzer (2)

Documents