Internal Behavior Reduction for Services

1,466 views
1,476 views

Published on

Workshop presentation given by Niels Lohmann on February 22, 2011 in Karlsruhe, Germany at the Third Central-European Workshop on Services and their Composition (ZEUS 2011).

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,466
On SlideShare
0
From Embeds
0
Number of Embeds
844
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Internal Behavior Reduction for Services

  1. 1. INTERNALBEHAVIORREDUCTIONFORSERVICESNiels Lohmann
  2. 2. PARTNER SYNTHESIS 1 SYNTHESIS ✔
  3. 3. PARTNER SYNTHESIS 1 SYNTHESIS ✔ SERVICE / SERVICE COMPOSITION
  4. 4. PARTNER SYNTHESIS 1 INTERFACE SYNTHESIS ✔ SERVICE / SERVICE COMPOSITION
  5. 5. PARTNER SYNTHESIS 1 INTERFACE PARTNER SYNTHESIS ✔ SERVICE / SERVICE COMPOSITION
  6. 6. PARTNER SYNTHESIS 2MODELING TEST CASESUPPORT GENERATIONVALIDATION ADAPTERAND DIAGNOSIS SYNTHESIS
  7. 7. PARTNER SYNTHESIS 2MODELING TEST CASESUPPORT GENERATIONVALIDATION ADAPTERAND DIAGNOSIS SYNTHESIS
  8. 8. COMPLEXITY 3 SERVICE’S STATES + SIZE OF INTERFACE SIZE OF PARTNER ≤2
  9. 9. COMPLEXITY 3 SERVICE’S STATES + SIZE OF INTERFACE SIZE OF PARTNER ≤2 SIZE OF SERVICE MODEL 2
  10. 10. COMPLEXITY 3 SERVICE’S STATES + SIZE OF INTERFACE SIZE OF PARTNER ≤2 SIZE OF SERVICE 2 + MODEL SIZE OF INTERFACE SIZE OF PARTNER ≤2
  11. 11. REDUCTION TECHNIQUES 4 SIZE OF SERVICE 2 + MODEL SIZE OF INTERFACE SIZE OF PARTNER ≤2
  12. 12. REDUCTION TECHNIQUES 4 STRUCTURAL REDUCTION SIZE OF SERVICE 2 + MODEL SIZE OF INTERFACE SIZE OF PARTNER ≤2
  13. 13. REDUCTION TECHNIQUES 4 STRUCTURAL REDUCTION ON-THE-FLY REDUCTION SIZE OF SERVICE 2 + MODEL SIZE OF INTERFACE SIZE OF PARTNER ≤2
  14. 14. REDUCTION TECHNIQUES 4 STRUCTURAL A POSTERIORI REDUCTION ON-THE-FLY REDUCTION REDUCTION SIZE OF SERVICE 2 + MODEL SIZE OF INTERFACE SIZE OF PARTNER ≤2
  15. 15. REDUCTION TECHNIQUES 4 STRUCTURAL A POSTERIORI REDUCTION ON-THE-FLY REDUCTION REDUCTION SIZE OF HEURISTICS SERVICE 2 + MODEL SIZE OF INTERFACE SIZE OF PARTNER ≤2
  16. 16. REDUCTION TECHNIQUES 4 STRUCTURAL A POSTERIORI REDUCTION ON-THE-FLY REDUCTION REDUCTION SYMBOLICREPRESENTATION SIZE OF HEURISTICS SERVICE 2 + MODEL SIZE OF INTERFACE SIZE OF PARTNER ≤2
  17. 17. REDUCTION TECHNIQUES 4 STRUCTURAL A POSTERIORI REDUCTION ON-THE-FLY REDUCTION REDUCTION SYMBOLICREPRESENTATION SIZE OF HEURISTICS SERVICE 2 + MODEL SIZE OF INTERFACE SIZE OF PARTNER ≤2
  18. 18. EXTERNAL VS. INTERNAL ACTIONS 5 EXTERNAL ACTIONS: INSERT COINCHOOSE REFRESHING BEVERAGE TAKE ICE COLD CANINTERNAL ACTIONS: WEIGH AND CHECK COINGUIDE COIN TO COIN BASKETEVALUATE CHOICE CHECK TEMPERATURE FILL CAN SLOTTRIGGER CAN EJECTION DISPLAY “THANK YOU”
  19. 19. EXTERNAL VS. INTERNAL ACTIONS 5 EXTERNAL ACTIONS: INSERT COINCHOOSE REFRESHING BEVERAGE TAKE ICE COLD CANINTERNAL ACTIONS: ✘ WEIGH AND CHECK COINGUIDE COIN TO COIN BASKETEVALUATE CHOICE CHECK TEMPERATURE FILL CAN SLOTTRIGGER CAN EJECTION DISPLAY “THANK YOU”
  20. 20. REDUCTION OF INTERNAL BEHAVIOR 6 4148 states 13832 transitions (9288 internal) 150 states 397 transitions (12 internal)
  21. 21. REDUCTION RULES 7 946 • Eric Y. T. Juan et al. Compositional Verification of Concurrent Systems Using Petri-Net-Based Condensation Rules TADAO MURATA Fig. 23. Application of Rule 1 (Redundant Parall ERIC Y.T. JUAN, JEFFREY J.P. TSAI, and Loops). el Edges) and Rule 2 (Fusion of Intern al University of Illinois at Chicago transitional Petri-net reduction rules scale because the condensation is per- ation has obstructed its application to large- formed hierarchically on IO-graphs whic The state-explosion problem of formal verific ilure h capture the dynamic behaviors of uce a set of new condensation theories: IOT-fa systems. software systems. In this article, we introd firing-depen dence theory to cope with this problem. Rules 1 and 2 below preserve IOT-state equivalence, IOT-state equivalence, and sitional equivalence and IOT-failure r than current theories used for the compo Our condensation theories are much weake n theories can eliminate the equivalence. Therefore, Rules 1 and 2 More significantly, our new condensatio can be applied for the analysis of verification of Petri nets. technique reachable markings, boundedness, and ronously sending actions. Therefore, our deadlock states. Rule 1 removes interleaved behaviors caused by asynch ronous edges which are parallel and have identical for the compositional verification of asynch provides a much more powerful means IO-edge-labels. Rule 2 suggests analyze severa l state-based properties: boundedness, that vertices which are linked by a loop processes. Our technique can efficiently of our of internal edges can be fused into , and deadlock states. Based on the notion a macrovertex. In Rule 2, every vertex reachable markings, reachable submarkings verification of large-scale v involved in the loop of internal new theories, we develop a set of condensation rules for efficient edges is not IOT-stable because vertex i analysis of s show a significant improvement in the v i has one out-edge e i whose input software systems. The experimental result edge-label is empty. Nevertheless, the large-scale concurrent systems. macrovertex v in the condensed cation; IO-graph may be IOT-stable. This probl [Software Engineering]: Program Verifi em can be solved if we add one Categories and Subject Descriptors: D.2.4 Verifying and Reasoning about self-loop-internal edge to vertex v. Neve F.3.1 [Logics and Meanings of Programs]: Specifying and rtheless, this approach will cause overhead in verifying the preconditions Programs—mechanical verification of other rules in practice, e.g., ation, Reliability, Theory, Verification Rules 5, 6, and 7 below. Therefore, we use General Terms: Algorithms, Experiment a boolean function BF-nonstable deadlock states, to indicate that the macrovertex v is not Boundedness, compositional verification, IOT-stable, i.e., BF-nonstable(v ) Additional Key Words and Phrases: “ON.” As a result, we redefine the stabi bility graphs, reachable markings lity of vertices as shown in Petri nets, reachability analysis, reacha Definition 8.1 below. Boolean function BF-n onstable has been considered in the proofs and the parallel composition algorithm in the Appendix. Rule 1 (Redundant Parallel Edges) (IOT -State Equivalence, IOT-Failure 1. INTRODUCTION Equivalence, and Boundedness). If two edges have an identical (1) start- as a suitable tool for modeling and ing vertex, (2) ending vertex, and (3) IO-ed Petri nets have been widely recognized ge-labels, then one of the two ; Silva 1989; Tsai and Weigert edges can be removed. analyzing concurrent systems [Murata 1989 ever, because of the complexity of 1993; Tsai et al. 1996; Yoeli 1987]. How - Definition 8.1 (IOT-Stable Vertices (Stat the state-space explosion [Lipt on 1976], efficient analysis by using reach Function BF-Nonstable). A vertex of es) of IO-Graphs with Boolean m models. To deal with the state an IO-graph is IOT-stable if BF- ability graphs is restricted to small syste nonstable( ) “ON” and vertex has no outgoing edge e such that e.IEL , where BF-nonstable is a boolean funct ion. Otherwise, vertex v is not A under grant CCR-9633536. IOT-stable. J. Tsai was supported by NSF and DARP and Computer Science, University of Authors’ addre ss: Department of Electrical Engineering Definition 8.2 (Deadlock States of IO-G ; {juan; tsai; murata}@eecs. Illinois at Chicago, 851 South Morgan Street, Chicago, IL 60607 raphs). For an IO-graph G, a marking M is a deadlock state of G if and uic.edu. oom use only if M is a reachable marking part or all of this work for personal or classr of G; M has no outgoing edge; and boole Permission to make digital / hard copy of an function BF-nonstable( ) copies are not made or distributed for profit or “OFF,” where is the vertex of M. is granted without fee provided that the appear, , the title of the publication, and its date commercial advantage, the copyright notice copy otherwise, to and notice is given that copyin g is by permission of the ACM, Inc. To Rule 2 (Fusion of Internal Loops) (IOT ribute to lists, requires prior specific permi ssion -State Equivalence, IOT-Failure republish, to post on servers, or to redist Equivalence, and Boundedness). If verti ces are linked by an (internal) and / or a fee. loop p { 1 e 1 2 . . . n e n 1 } (n 1) such that @e i © 1998 ACM 0164-0925/98/0900 –0917 $5.00 p (1 i n): e i er 1998, Pages 917–979. ACM Transactions on Programming Langua ges and Systems, Vol. 20, No. 5, Septemb ges and Systems, Vol. 20, No. 5, Septem ACM Transactions on Programming Langua ber 1998.
  22. 22. REDUCTION RULES 7 x x x τ τ τ x y x τ x y y
  23. 23. IMPLEMENTATION 8 FULL REDUCEDSERVICE STATE STATE PARTNER SPACE SPACE
  24. 24. IMPLEMENTATION 8 FULL REDUCEDSERVICE STATE STATE PARTNER SPACE SPACE
  25. 25. IMPLEMENTATION 8 FULL REDUCEDSERVICE STATE STATE PARTNER SPACE SPACE
  26. 26. IMPLEMENTATION 8 FULL REDUCEDSERVICE STATE STATE PARTNER SPACE SPACE
  27. 27. EXPERIMENTAL RESULTS: REDUCTION 9100.000 STATES 92206 10.000 26667 23381 19683 11381 14569 14990 4148 1.000 420 504 100 150 10 25 1 deliver goods car analysis identity card product order SMTP philosophers1.000.000 INTERNAL TRANSITIONS 100.000 80137 70464 113023 66500 27231 34159 10.000 9288 1.000 100 164 135 10 12 0 0 1 deliver goods car analysis identity card product order SMTP philosophers
  28. 28. EXPERIMENTAL RESULTS: PARTNER SYNTHESIS 1010.000 s TIME CONSUMPTION 35 7236 4098 1.000 s 2101 0 299 12 2 210 100 s 88 108 104 75 64 10 s 0 3 3 1s deliver goods car analysis identity card product order SMTP philosophers
  29. 29. EXPERIMENTAL RESULTS: PARTNER SYNTHESIS 1010.000 s TIME CONSUMPTION 35 7236 4098 1.000 s 2101 0 299 12 2 210 100 s 88 108 104 75 64 10 s 0 3 3 1s deliver goods car analysis identity card product order SMTP philosophers10.000 MB MEMORY CONSUMPTION 6078 1.000 MB 1467 368 427 249 100 MB 75 98 10 MB 18 13 3 1 MB 2 deliver goods car analysis identity card product order SMTP philosophers
  30. 30. NEXT STEPS 11 946 • Eric Y. T. Juan et al. Fig. 23. Application of Rule 1 (Redundant Parallel Edges) and Rule 2 (Fusion of Internal Loops). transitional Petri-net reduction rules because the condensation is per- formed hierarchically on IO-graphs which capture the dynamic behaviors of systems. 948 • Eric Y. T. Juan et al. Rules 1 and 2 below preserve IOT-state equivalence and IOT-failure equivalence. Therefore, Rules 1 and 2 can be applied for the analysis of reachable markings, boundedness, and deadlock states. Rule 1 removes IMPROVE RUNTIME edges which are parallel and have identical IO-edge-labels. Rule 2 suggests that vertices which are linked by a loop of internal edges can be fused into a macrovertex. In Rule 2, every vertex v i involved in the loop of internal edges is not IOT-stable because vertex v i has one out-edge e i whose input edge-label is empty. Nevertheless, the macrovertex v in the condensed IO-graph may be IOT-stable. This problem can be solved if we add one self-loop-internalIllustration vertex 6 (Redundant Vertices Linked by an Internal Edge). Top left: Fig. 25. edge to of Rule v. Nevertheless, this approach will cause overheadCondition (a). Top the preconditions of other rules in practice, e.g., in verifying right: Condition (b). Bottom left: Condition (c). Bottom right: Condition (d). Rules 5, 6, and 7 below. Therefore, we use a boolean function BF-nonstable to indicate that the macrovertex v is not IOT-stable, i.e., BF-nonstable(v) vertices 1 and 2 are fused into one macrovertex by Rule A (Vertex “ON.” As a result, we redefine the stability of vertices as shown in Fusion); (2) redundant parallel in-edges and out-edges of vertex are Definition 8.1 below. Boolean function BF-nonstable has been considered in REMOVE removed by Rule 1; and (3) redundant self-loop internal edges are removed the proofs and theCompositional Verification of Concurrent Systems parallel composition algorithm in the Appendix. 947 by Rule 2. • Rule 1 (Redundant Parallel Edges) (IOT-State Equivalence, IOT-Failure Rule 5 is applied to remove redundant initial vertices and internal edges. Equivalence, and Boundedness). If two edges have an identical (1) start- Rule 5 preserves IOT-failure equivalence (deadlock states) and the property BUGS ing vertex, (2) ending vertex, and (3) IO-edge-labels, then one of the two of boundedness. edges can be removed. Rule 5 (Redundant Initial Vertices and Internal Edges) (IOT-Failure Definition 8.1 (IOT-Stable Vertices (States) of vertex Equivalence and Boundedness). If (1) IO-Graphs with initial vertex, (2) Boolean 1 is the FunctionvertexBF-Nonstable). in-edge and hasan unique out-edge e (Redundant A vertex of a IO-graph is IOT-stable if BF-Fig. 24. Application of has no 4 (Fusion of In-Equivalent Vertices), and Rule 5 , (3) edge e rm is an Rules 3, 1 rm nonstable( ) “ON” and vertex hasand outgoing edge ), such (4) the starting vertexInitial Vertices). internal edge (e rm .IEL no e .OEL e and that e.IEL rm , whereand ending vertexaof edge e function. Otherwise, vertex a self-loop edge), BF-nonstable is boolean v is not rm are different (e rm is not IOT-stable. then vertex 1 and edge ee .OEL be removed, and the initial vertex isis an internal edge (e i .IEL and rm can i ), then all edges in loop p removed; 8.2 (Deadlock States of IO-Graphs).. macrovertex by Rulea changed to the ending vertex of edge e rm For an IO-graph G,areDefinition all vertices in loop p are fused Compositional Verification of Concurrent Systems into one • 949 marking Fusion) below; state of G if and only if BF-nonstable( ) is set to is a deadlock conditions, function M is a reachable markingA (Vertex MRule 6 providesand boolean under which one of two vertices linked by an“ON.” M internal edge can be removed.boolean function BF-nonstable( ) of G; has no outgoing edge; and Redundant internal edges and parallel edges “OFF,” where is the as well.of M. simplicity, subconditions of Condition (3) can be are removed vertex For Rule A (Vertex Fusion) (Fusing a Set of Vertices { 1 , 2 , . . . , n } (n 2)into a Macrovertex of).Internal as in-edge in a , i ) of25. Rule i6 becomes ( IOT-failure Rule 2discussed separately Loops) (IOT-State Equivalence, preserves a , (Fusion (1) Each shown ( Figure vertex IOT-Failure Equivalence,out-edge (deadlock states)vertices are (linked by an (1 ), and each and Boundedness). If and the propertyb ), where (internal) equivalence ( , ) of vertex i b i becomes , of boundedness. in); (2) one Rule 62 verticese n 11 }Vertices ,Linked by @e i Internal Edge)n): e i loop p { of ethe (Redundant, (n . . 1) suchis the an 1 1 ... n { 2 , . n } that initial vertex, then p (1 i (IOT-Failurebecomes the initial vertex; (3) vertex Equivalence and Boundedness). represents the markings of all If there exist two distinct vertices 1 and ACM Transactions on Programming Languages and Systems, Vol. 20, No. 5, September 1998. IMPLEMENT MOREvertices { 1 , such .that n }; and (4) all has one out-edge. e7.1, and} 7.2 (Condensation and Edges in Series). 2, . . , (1) vertex 26. vertices { 1of Rules . rm which is an internal edge Fig. 1 Application , 2 , . n are removed. 2 (e rm .IEL applied to fuse in-equivalent2vertices. Rule 3 preserves , and (3) Rules 3 and 4 are and e rm .OEL ), (2) is the ending vertex of e rmIOT-state@ out-edges eand of vertex propertieseare removed, and (5)2redundant parallel edges are equivalence 1 vertex 1 the 1 edge ie rm of boundedness and ereach- vertex 2 i hence and (e 1 rm ): ? an out-edge j ofable markings. Rule 4 isremoved to Rule 3, but is satisfied—(a) 2 is not the initial and one of the similar by conditions Rule 4 preserves IOT-state following Rule 1. REDUCTION RULESfailure and therefore thethe unique in-edge of of2,deadlock states. Rule 4 .IEL; (b) vertex, e rm is reachability analysis and e 1 i .IEL e2 j e 2 jRule 7 eis i .OEL efficiently condense two-edge and e 2 into single-edge .IEL, 1 used to e 2 j .OEL, and edges e 1 i paths jalso preserves.IEL property of boundedness. e 1 i the share an ending vertex; (c) e 1 i .IEL vertexj .IEL, e 1 rm is not the initial vertex). Rule 7 paths and remove one e2 rm (if i .OEL e 2 j .OEL, Definition 8.3 (In-Equivalent Vertices). Two equivalence(d) e 2 .IEL and edges e 1 ipreserves are self-loop edges; and and 1 i are saide 2 jand the property of and e 2 j IOT-failure vertices 1 (deadlock states) .IEL,to be in-equivalent, if vertex 1 has at least ending vertex of e each in-edge ending e .OEL e boundedness. the one in-edge and for ; and .OEL; is is the 1 i 2 j 2 1 i 1
  31. 31. TAKE HOME POINTS 12 HAVE EXPERIMENTAL RESULTS EARLY!SIMPLE TECHNIQUES CANSOLVE COMPLEX PROBLEMS! DON’T BE AFRAID OF COMPLEXITY!MODULAR ARCHITECTURESEASE PROTOTYPING!
  32. 32. INTERNALBEHAVIORREDUCTIONFORSERVICESniels.lohmann@uni-rostock.dehttp://about.me/nlohmannNiels Lohmann

×