Your SlideShare is downloading. ×
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Verification with LoLA: 5 Case Studies
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Verification with LoLA: 5 Case Studies

406

Published on

Published in: Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
406
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • Problem hier: delta T wird beliebig klein \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze -> triviale Idee\nFlankenplätze -> D. Gomm\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • Pegelplätze: LL-Netz reicht aus\n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • \n
  • Transcript

    • 1. 5. Case Studies Niels Lohmann
    • 2. Exploring biochemical The ErbB Network (CARTOON FORM) reaction chains
    • 3. Reaction chains• Domain: symbolic system biology• “Symbolic systems biology is the qualitative and quantitative study of biological processes as integrated systems rather than as isolated parts.”• Property: reachability
    • 4. Mcf2-act Rhob-GDP Ngef-reloc Trio-act 221-2 798-2 807-2 Cit Prkcl1 Rhob-GTP Diaph1 Rock1 Ktn1 591-2 581-2 680-2 679-4 700-2f1-act Crkl-reloc Erk2 Prkcl1-act Diaph1-act Diaph1-act Limk1 Myl9 Rock1-act PP1 Ktn1-03 672 238 671 697 Actin-mono Pfn1 Arp23-act Srf Limk1-act Myl9-phos PP1-inhib 11 732 58 Pxn Vasp Actinin Tns1 Tln-act Integrins-clustered Actin-poly Srf-act Vcl Zyx Ilk: 165 764 713 601 813 1076 1075 Pxn Vasp Src-act Actinin Ptk2-act Tns1 Vcl Zyx Ilk:Lims1:Parva 434
    • 5. Reaction chains• “For reachability queries on our nets, answering a reachability query that would have taken hours using a general purpose model-checking tool takes on the order of a second in LoLA — fast enough to permit interactive use.”
    • 6. Finding Hazards in GALS Circuits
    • 7. GALS circuits• Domain: asynchronous/ synchronous hardware design• prototype for IEEE-802.11 chip• asynchronous hardware is not clocked - order/timing of events makes a difference• problem: glitch
    • 8. Glitch P(a) = 1a AND P(c) = 0 cb Gate P(b) = 0 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 9
    • 9. Glitch P(a) = 1 0a AND P(c) = 0 cb Gate P(b) = 0 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 9
    • 10. Glitch P(a) = 1 0 0a AND P(c) = 0 0 cb Gate P(b) = 0 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 9
    • 11. Glitch P(a) = 1 0 0a AND P(c) = 0 0 1 cb Gate P(b) = 0 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 9
    • 12. Glitch P(a) = 1 0 0a AND P(c) = 0 0 0 1 cb Gate P(b) = 0 1 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 9
    • 13. Glitch P(a) = 1a AND P(c) = 0 cb Gate P(b) = 0 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 10
    • 14. Glitch P(a) = 1a AND P(c) = 0 1 cb Gate P(b) = 0 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 10
    • 15. Glitch P(a) = 1a AND P(c) = 0 1 1 cb Gate P(b) = 0 1 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 10
    • 16. Glitch P(a) = 1 0a AND P(c) = 0 1 1 cb Gate P(b) = 0 1 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 10
    • 17. Glitch P(a) = 1 0 0a AND P(c) = 0 1 0 1 cb Gate P(b) = 0 1 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 10
    • 18. Glitch P(a) = 1 0 0a AND P(c) = 0 1 0 1 cb Gate P(b) = 0 1 Hazard 1 P(a): 0 1 P(c): 0 P(b): 1 0 ΔT 10
    • 19. Petri Net Model of AND
    • 20. Petri Net Model of AND a• Events c• Level• Logics b
    • 21. Petri Net Model of AND (P(a),P(b)) a 01• Events 11 c• Level• Logics 00 b 10
    • 22. Petri Net Model of AND (P(a),P(b)) a 01• Events 11 c• Level• Logics 00 b 10
    • 23. Petri Net Model of AND (P(a),P(b)) a 01• Events 11 c• Level• Logics 00 b 10
    • 24. Petri Net Model of AND
    • 25. Petri Net Model of AND
    • 26. Petri Net Model of AND
    • 27. Petri Net Model of AND
    • 28. Petri Net Model of AND
    • 29. Petri Net Model of AND
    • 30. Petri Net Model of AND
    • 31. GALS circuits • Property: reachability • Problem: • partial order reduction not effective enough in isolation • sweep line helped • initial model: 204 places/368 transitions; manual abstractions necessary • found 8 hazards, 2 were actual problemsgals
    • 32. Verifying ServiceChoreographies
    • 33. Service Choreography• Domain: service-oriented architectures• Original model: BPEL4Chor• translation: compiler BPEL2oWFN• Design flaw in chorgrography model.• Property: deadlock freedom
    • 34. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    • 35. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    • 36. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    • 37. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    • 38. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    • 39. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    • 40. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    • 41. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    • 42. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    • 43. Service Choreography• ein Reisenderer, ein Reisebüro, mehrere Fluglinien
    • 44. Service Choreographybpel4chor
    • 45. Service Choreography • Komposition kann verklemmen!bpel4chor
    • 46. Service Choreography • Komposition kann verklemmen!bpel4chor
    • 47. Service Choreography • Komposition kann verklemmen!bpel4chor
    • 48. Service Choreography • Komposition kann verklemmen!bpel4chor
    • 49. Service Choreography • Komposition kann verklemmen!bpel4chor
    • 50. Service Choreography • Komposition kann verklemmen!bpel4chor
    • 51. Service Choreography • Komposition kann verklemmen!bpel4chor
    • 52. Service Choreography • Komposition kann verklemmen!bpel4chor
    • 53. Service Choreography • Komposition kann verklemmen!bpel4chor
    • 54. Service Choreography • Komposition kann verklemmen!bpel4chor
    • 55. Service Choreography • Komposition kann verklemmen!bpel4chor
    • 56. Service Choreography • Komposition kann verklemmen!bpel4chor
    • 57. Service ChoreographyCase Study airline instances Analyzing BPEL4Chor - Verification and Partner Synthesis 1 5 10 100 1000 places 20 63 113 1013 10013 transitions 10 41 76 706 7006 states ! 14 3483 9806583 % % states " 14 561 378096 % % states # 11 86 261 18061 1752867 states $ 11 30 50 410 4010  complete complete/unreduced!  symmetries"  stubbornreduction symmetry sets#  symmetriesreduction partial order and stubborn sets$  overflow reduction and partial order reduction symmetry (>2 GB)
    • 58. Service ChoreographyCase Study airline instances Analyzing BPEL4Chor - Verification and Partner Synthesis 1 5 10 100 1000 places 20 63 113 1013 10013 transitions 10 41 76 706 7006 states ! 14 3483 9806583 %exponential % states " 14 561 378096 % growth  % states # 11 86 261 18061 1752867 states $ 11 30 50 410 4010  complete complete/unreduced!  symmetries"  stubbornreduction symmetry sets#  symmetriesreduction partial order and stubborn sets$  overflow reduction and partial order reduction symmetry (>2 GB)
    • 59. Service ChoreographyCase Study airline instances Analyzing BPEL4Chor - Verification and Partner Synthesis 1 5 10 100 1000 places 20 63 113 1013 10013 transitions 10 41 76 706 7006 states ! 14 3483 9806583 %exponential % states " 14 561 378096 % growth  % states # 11 86 261 18061 1752867 states $ 11 30 50 410 4010  complete linear complete/unreduced!  symmetries"  stubbornreduction symmetry sets growth #  symmetriesreduction partial order and stubborn sets$  overflow reduction and partial order reduction symmetry (>2 GB)
    • 60. Soundness ofBusiness Processes M2 M1 J1 F1
    • 61. Soundness• 735 real-world business processes from IBM customers• original formalism: UML dialect from the IBM Websphere Business Modeler• translation: compiler UML2oWFN• original question: can soundness be verified using model checking techniques
    • 62. Soundness
    • 63. Soundness• “IBM Soundness” = absence of • lack of synchronization (= unsafe marking) • deadlock (= deadlock) • + certain assumptions on the structure• for LoLA: two checks • Is the final marking life? • Is the net safe?
    • 64. Soundness for each SESE fragment matches " structural heuristics? !/ A B SESE " translation C decomposition sound counterexample business process model workflow graph SESE fragments soundness check analysis result (plain state space) choice depends on SESE fragment IBM WebSphere Business Modeler / SESE approach liveness check !/ (reduced state space) translation " sound counterexample Petri net safeness check analysis result (reduced state space) always perform both checks LoLA trivial workflow net? ! sound extension to structural analysis result workflow net reduction workflow net reduced workflow net soundness check (structure and state space) !/ sound " structural information analysis resultCompiler Woflan choice depends on net structure
    • 65. Soundness • execution scheduled and optimized using Makefiles • max. 50 ms per check • “analysis on demand” • observed effect: structural reduction techniques do not pay off when using stubborn setssoundness
    • 66. Verification ofConcurrent Programs
    • 67. Concurrent Programs• concurrent processes• shared and global variables• goal: find Aa. small-model roening, and T . Wahl 650 K aiser, D . K property to make a statement on the correctness of an arbitrary number of instances |R n | |R| |R| (a) (b) n m c
    • 68. Concurrent Programs • problem can be solved by checking for reachable states in a coverability graph • challenge: number of places = number of states of a process • concurrency only through tokens • it took a while to beat LoLAconcurrent
    • 69. Solving AI Planning Problems
    • 70. AI Planning• setting: smart conference room• several projectors, canvases, documents, and lamps• AI planning problem: Configure the room to display document A on that canvas.• original formalism: proprietary planning language; manually translated
    • 71. AI Planning • straightforward translation to state predicateGoals: FORMULA( LightOn 1 Lamp1 ); LightOn.<Lamp1|TRUE> = 1 AND( LightOn 1 Lamp2 ); LightOn.<Lamp2|TRUE> = 1 AND( DocShown 1 Doc1 LW3 ); DocShown.<Doc1|LW3|TRUE> = 1 AND( DocShown 1 Doc2 LW1 ); DocShown.<Doc2|LW1|TRUE> = 1 AND( CanvasDown 1 VD1 ); CanvasDown.<VD1|TRUE> = 1 • system is extremely concurrent • depth-first search actually finds shortest path planner

    ×