5. Case Studies    Niels Lohmann
Exploring biochemical   The ErbB Network    (CARTOON FORM)   reaction chains
Reaction chains• Domain: symbolic system biology• “Symbolic systems biology is the  qualitative and quantitative study of ...
Mcf2-act            Rhob-GDP                   Ngef-reloc            Trio-act                                             ...
Reaction chains• “For reachability queries on our nets,  answering a reachability query that would  have taken hours using...
Finding Hazards in  GALS Circuits
GALS circuits• Domain: asynchronous/  synchronous hardware design• prototype for IEEE-802.11 chip• asynchronous hardware i...
Glitch                P(a) = 1a                    AND        P(c) = 0                                            cb      ...
Glitch                P(a) = 1            0a                    AND        P(c) = 0                                       ...
Glitch                P(a) = 1 0            0a                    AND        P(c) = 0 0                                   ...
Glitch                P(a) = 1 0            0a                    AND        P(c) = 0 0            1                      ...
Glitch                P(a) = 1 0            0a                    AND        P(c) = 0 0 0            1                    ...
Glitch                P(a) = 1a                    AND         P(c) = 0                                             cb    ...
Glitch                P(a) = 1a                    AND         P(c) = 0            1                                cb    ...
Glitch                P(a) = 1a                    AND         P(c) = 0 1            1                                 cb ...
Glitch                P(a) = 1            0a                    AND         P(c) = 0 1            1                       ...
Glitch                P(a) = 1 0            0a                    AND         P(c) = 0 1 0            1                   ...
Glitch                P(a) = 1 0            0a                    AND         P(c) = 0 1 0            1                   ...
Petri Net Model of AND
Petri Net Model of AND           a• Events            c• Level• Logics           b
Petri Net Model of AND                 (P(a),P(b))           a        01• Events            11                           c...
Petri Net Model of AND                 (P(a),P(b))           a        01• Events            11                           c...
Petri Net Model of AND                 (P(a),P(b))           a        01• Events            11                           c...
Petri Net Model of AND
Petri Net Model of AND
Petri Net Model of AND
Petri Net Model of AND
Petri Net Model of AND
Petri Net Model of AND
Petri Net Model of AND
GALS circuits   • Property: reachability   • Problem:    • partial order reduction not effective         enough in isolati...
Verifying ServiceChoreographies
Service Choreography• Domain: service-oriented  architectures• Original model: BPEL4Chor• translation: compiler  BPEL2oWFN...
Service Choreography• ein Reisenderer, ein Reisebüro, mehrere  Fluglinien
Service Choreography• ein Reisenderer, ein Reisebüro, mehrere  Fluglinien
Service Choreography• ein Reisenderer, ein Reisebüro, mehrere  Fluglinien
Service Choreography• ein Reisenderer, ein Reisebüro, mehrere  Fluglinien
Service Choreography• ein Reisenderer, ein Reisebüro, mehrere  Fluglinien
Service Choreography• ein Reisenderer, ein Reisebüro, mehrere  Fluglinien
Service Choreography• ein Reisenderer, ein Reisebüro, mehrere  Fluglinien
Service Choreography• ein Reisenderer, ein Reisebüro, mehrere  Fluglinien
Service Choreography• ein Reisenderer, ein Reisebüro, mehrere  Fluglinien
Service Choreography• ein Reisenderer, ein Reisebüro, mehrere  Fluglinien
Service Choreographybpel4chor
Service Choreography   • Komposition kann verklemmen!bpel4chor
Service Choreography   • Komposition kann verklemmen!bpel4chor
Service Choreography   • Komposition kann verklemmen!bpel4chor
Service Choreography   • Komposition kann verklemmen!bpel4chor
Service Choreography   • Komposition kann verklemmen!bpel4chor
Service Choreography   • Komposition kann verklemmen!bpel4chor
Service Choreography   • Komposition kann verklemmen!bpel4chor
Service Choreography   • Komposition kann verklemmen!bpel4chor
Service Choreography   • Komposition kann verklemmen!bpel4chor
Service Choreography   • Komposition kann verklemmen!bpel4chor
Service Choreography   • Komposition kann verklemmen!bpel4chor
Service Choreography   • Komposition kann verklemmen!bpel4chor
Service ChoreographyCase Study                                airline instances                                           ...
Service ChoreographyCase Study                                airline instances                                           ...
Service ChoreographyCase Study                                airline instances                                           ...
Soundness ofBusiness Processes             M2  M1                  J1        F1
Soundness• 735 real-world business processes  from IBM customers• original formalism: UML dialect  from the IBM Websphere ...
Soundness
Soundness• “IBM Soundness” = absence of • lack of synchronization (= unsafe marking) • deadlock (= deadlock) • + certain a...
Soundness                                                                                              for each SESE fragm...
Soundness   • execution scheduled and optimized using     Makefiles   • max. 50 ms per check   • “analysis on demand”   • o...
Verification ofConcurrent Programs
Concurrent Programs• concurrent processes• shared and global variables• goal: find Aa. small-model roening, and T . Wahl   ...
Concurrent Programs   • problem can be solved by checking for      reachable states in a coverability graph   • challenge:...
Solving AI Planning Problems
AI Planning• setting: smart conference room• several projectors, canvases, documents,  and lamps• AI planning problem: Con...
AI Planning • straightforward translation to state predicateGoals:                     FORMULA( LightOn 1 Lamp1 );        ...
Verification with LoLA: 5 Case Studies
Upcoming SlideShare
Loading in...5
×

Verification with LoLA: 5 Case Studies

445

Published on

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
445
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Verification with LoLA: 5 Case Studies

    1. 1. 5. Case Studies Niels Lohmann
    2. 2. Exploring biochemical The ErbB Network (CARTOON FORM) reaction chains
    3. 3. Reaction chains• Domain: symbolic system biology• “Symbolic systems biology is the qualitative and quantitative study of biological processes as integrated systems rather than as isolated parts.”• Property: reachability
    4. 4. Mcf2-act Rhob-GDP Ngef-reloc Trio-act 221-2 798-2 807-2 Cit Prkcl1 Rhob-GTP Diaph1 Rock1 Ktn1 591-2 581-2 680-2 679-4 700-2f1-act Crkl-reloc Erk2 Prkcl1-act Diaph1-act Diaph1-act Limk1 Myl9 Rock1-act PP1 Ktn1-03 672 238 671 697 Actin-mono Pfn1 Arp23-act Srf Limk1-act Myl9-phos PP1-inhib 11 732 58 Pxn Vasp Actinin Tns1 Tln-act Integrins-clustered Actin-poly Srf-act Vcl Zyx Ilk: 165 764 713 601 813 1076 1075 Pxn Vasp Src-act Actinin Ptk2-act Tns1 Vcl Zyx Ilk:Lims1:Parva 434
    5. 5. Reaction chains• “For reachability queries on our nets, answering a reachability query that would have taken hours using a general purpose model-checking tool takes on the order of a second in LoLA — fast enough to permit interactive use.”
    6. 6. Finding Hazards in GALS Circuits
    7. 7. GALS circuits• Domain: asynchronous/ synchronous hardware design• prototype for IEEE-802.11 chip• asynchronous hardware is not clocked - order/timing of events makes a difference• problem: glitch
    8. 8. Glitch P(a) = 1a AND P(c) = 0 cb Gate P(b) = 0 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 9
    9. 9. Glitch P(a) = 1 0a AND P(c) = 0 cb Gate P(b) = 0 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 9
    10. 10. Glitch P(a) = 1 0 0a AND P(c) = 0 0 cb Gate P(b) = 0 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 9
    11. 11. Glitch P(a) = 1 0 0a AND P(c) = 0 0 1 cb Gate P(b) = 0 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 9
    12. 12. Glitch P(a) = 1 0 0a AND P(c) = 0 0 0 1 cb Gate P(b) = 0 1 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 9
    13. 13. Glitch P(a) = 1a AND P(c) = 0 cb Gate P(b) = 0 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 10
    14. 14. Glitch P(a) = 1a AND P(c) = 0 1 cb Gate P(b) = 0 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 10
    15. 15. Glitch P(a) = 1a AND P(c) = 0 1 1 cb Gate P(b) = 0 1 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 10
    16. 16. Glitch P(a) = 1 0a AND P(c) = 0 1 1 cb Gate P(b) = 0 1 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 10
    17. 17. Glitch P(a) = 1 0 0a AND P(c) = 0 1 0 1 cb Gate P(b) = 0 1 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 10
    18. 18. Glitch P(a) = 1 0 0a AND P(c) = 0 1 0 1 cb Gate P(b) = 0 1 Hazard 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 10
    19. 19. Petri Net Model of AND
    20. 20. Petri Net Model of AND a• Events c• Level• Logics b
    21. 21. Petri Net Model of AND (P(a),P(b)) a 01• Events 11 c• Level• Logics 00 b 10
    22. 22. Petri Net Model of AND (P(a),P(b)) a 01• Events 11 c• Level• Logics 00 b 10
    23. 23. Petri Net Model of AND (P(a),P(b)) a 01• Events 11 c• Level• Logics 00 b 10
    24. 24. Petri Net Model of AND
    25. 25. Petri Net Model of AND
    26. 26. Petri Net Model of AND
    27. 27. Petri Net Model of AND
    28. 28. Petri Net Model of AND
    29. 29. Petri Net Model of AND
    30. 30. Petri Net Model of AND
    31. 31. GALS circuits • Property: reachability • Problem: • partial order reduction not effective enough in isolation • sweep line helped • initial model: 204 places/368 transitions; manual abstractions necessary • found 8 hazards, 2 were actual problemsgals
    32. 32. Verifying ServiceChoreographies
    33. 33. Service Choreography• Domain: service-oriented architectures• Original model: BPEL4Chor• translation: compiler BPEL2oWFN• Design flaw in chorgrography model.• Property: deadlock freedom
    34. 34. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    35. 35. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    36. 36. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    37. 37. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    38. 38. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    39. 39. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    40. 40. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    41. 41. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    42. 42. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    43. 43. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    44. 44. Service Choreographybpel4chor
    45. 45. Service Choreography • Komposition kann verklemmen!bpel4chor
    46. 46. Service Choreography • Komposition kann verklemmen!bpel4chor
    47. 47. Service Choreography • Komposition kann verklemmen!bpel4chor
    48. 48. Service Choreography • Komposition kann verklemmen!bpel4chor
    49. 49. Service Choreography • Komposition kann verklemmen!bpel4chor
    50. 50. Service Choreography • Komposition kann verklemmen!bpel4chor
    51. 51. Service Choreography • Komposition kann verklemmen!bpel4chor
    52. 52. Service Choreography • Komposition kann verklemmen!bpel4chor
    53. 53. Service Choreography • Komposition kann verklemmen!bpel4chor
    54. 54. Service Choreography • Komposition kann verklemmen!bpel4chor
    55. 55. Service Choreography • Komposition kann verklemmen!bpel4chor
    56. 56. Service Choreography • Komposition kann verklemmen!bpel4chor
    57. 57. Service ChoreographyCase Study airline instances Analyzing BPEL4Chor - Verification and Partner Synthesis 1 5 10 100 1000 places 20 63 113 1013 10013 transitions 10 41 76 706 7006 states ! 14 3483 9806583 % % states " 14 561 378096 % % states # 11 86 261 18061 1752867 states $ 11 30 50 410 4010  complete complete/unreduced!  symmetries"  stubbornreduction symmetry sets#  symmetriesreduction partial order and stubborn sets$  overflow reduction and partial order reduction symmetry (>2 GB)
    58. 58. Service ChoreographyCase Study airline instances Analyzing BPEL4Chor - Verification and Partner Synthesis 1 5 10 100 1000 places 20 63 113 1013 10013 transitions 10 41 76 706 7006 states ! 14 3483 9806583 %exponential % states " 14 561 378096 % growth  % states # 11 86 261 18061 1752867 states $ 11 30 50 410 4010  complete complete/unreduced!  symmetries"  stubbornreduction symmetry sets#  symmetriesreduction partial order and stubborn sets$  overflow reduction and partial order reduction symmetry (>2 GB)
    59. 59. Service ChoreographyCase Study airline instances Analyzing BPEL4Chor - Verification and Partner Synthesis 1 5 10 100 1000 places 20 63 113 1013 10013 transitions 10 41 76 706 7006 states ! 14 3483 9806583 %exponential % states " 14 561 378096 % growth  % states # 11 86 261 18061 1752867 states $ 11 30 50 410 4010  complete linear complete/unreduced!  symmetries"  stubbornreduction symmetry sets growth #  symmetriesreduction partial order and stubborn sets$  overflow reduction and partial order reduction symmetry (>2 GB)
    60. 60. Soundness ofBusiness Processes M2 M1 J1 F1
    61. 61. Soundness• 735 real-world business processes from IBM customers• original formalism: UML dialect from the IBM Websphere Business Modeler• translation: compiler UML2oWFN• original question: can soundness be verified using model checking techniques
    62. 62. Soundness
    63. 63. Soundness• “IBM Soundness” = absence of • lack of synchronization (= unsafe marking) • deadlock (= deadlock) • + certain assumptions on the structure• for LoLA: two checks • Is the final marking life? • Is the net safe?
    64. 64. Soundness for each SESE fragment matches " structural heuristics? !/ A B SESE " translation C decomposition sound counterexample business process model workflow graph SESE fragments soundness check analysis result (plain state space) choice depends on SESE fragment IBM WebSphere Business Modeler / SESE approach liveness check !/ (reduced state space) translation " sound counterexample Petri net safeness check analysis result (reduced state space) always perform both checks LoLA trivial workflow net? ! sound extension to structural analysis result workflow net reduction workflow net reduced workflow net soundness check (structure and state space) !/ sound " structural information analysis resultCompiler Woflan choice depends on net structure
    65. 65. Soundness • execution scheduled and optimized using Makefiles • max. 50 ms per check • “analysis on demand” • observed effect: structural reduction techniques do not pay off when using stubborn setssoundness
    66. 66. Verification ofConcurrent Programs
    67. 67. Concurrent Programs• concurrent processes• shared and global variables• goal: find Aa. small-model roening, and T . Wahl 650 K aiser, D . K property to make a statement on the correctness of an arbitrary number of instances |R n | |R| |R| (a) (b) n m c
    68. 68. Concurrent Programs • problem can be solved by checking for reachable states in a coverability graph • challenge: number of places = number of states of a process • concurrency only through tokens • it took a while to beat LoLAconcurrent
    69. 69. Solving AI Planning Problems
    70. 70. AI Planning• setting: smart conference room• several projectors, canvases, documents, and lamps• AI planning problem: Configure the room to display document A on that canvas.• original formalism: proprietary planning language; manually translated
    71. 71. AI Planning • straightforward translation to state predicateGoals: FORMULA( LightOn 1 Lamp1 ); LightOn.<Lamp1|TRUE> = 1 AND( LightOn 1 Lamp2 ); LightOn.<Lamp2|TRUE> = 1 AND( DocShown 1 Doc1 LW3 ); DocShown.<Doc1|LW3|TRUE> = 1 AND( DocShown 1 Doc2 LW1 ); DocShown.<Doc2|LW1|TRUE> = 1 AND( CanvasDown 1 VD1 ); CanvasDown.<VD1|TRUE> = 1 • system is extremely concurrent • depth-first search actually finds shortest path planner

    ×