• Aucun résultat trouvé

Tutorial on Formal Methods for Distributed and Cooperative Systems

N/A
N/A
Info
Télécharger
Protected

Academic year: 2021

Partager "Tutorial on Formal Methods for Distributed and Cooperative Systems"

Copied!
4
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

http://www-lipn.univ-paris13.fr/ petrucci/PAPERS

In 3rd Int. Coll. on Theoretical Aspects of Computing (ICTAC’06),

Tunis, Tunisia, volume 4281 of Lecture Notes in Computer Science, pages 362-365. Springer, 2006.

Tutorial on Formal Methods for Distributed and

Cooperative Systems

Christine Choppy1 , Serge Haddad2 , Hanna Klaudel3 , Fabrice Kordon4 , Laure Petrucci1

, and Yann Thierry-Mieg4 1

Universit´e Paris 13, LIPN, CNRS UMR 7030 99 avenue Jean-Baptiste Cl´ement, F-93430 Villetaneuse, France

{Christine Choppy,Laure.Petrucci}@lipn.univ-paris13.fr

2

Universit´e Paris-Dauphine, LAMSADE, CNRS UMR 7024 place du Mar´echal de Lattre de Tassigny, F-75775 Paris Cedex 16

haddad@lamsade.dauphine.fr

3

Universit´e d’Evry-Val-d’Essone, IBISC, CNRS FRE 2873 523, place des Terrasses de l’Agora, 91000 Evry - France

Hanna.Klaudel@ibisc.fr

4

Universit´e P. & M. Curie, LIP6/MoVe, CNRS UMR 7606 4, place Jussieu, F-75252 Paris Cedex 05, France Fabrice.Kordon@lip6.fr, Yann.Thierry-Mieg@lip6.fr

1

Introduction

This tutorial is proposed by representatives of the MeFoSyLoMa5

group. MeFo-SyLoMa is an informal group gathering several teams from various universities in the Paris area:

– Universit´e Paris-Dauphine (LAMSADE laboratory), – Universit´e P. & M. Curie (LIP6 laboratory),

– Universit´e Paris 13 (LIPN laboratory), – ENST (LTCI laboratory),

– Conservatoire National des Arts et M´etiers (CEDRIC laboratory).

These teams have extensive knowledge and experience in the design, analysis and implementation of distributed systems. The cooperation within the group aims at joining forces, sharing experiences and building joint projects to solve issues in the design of reliable distributed systems.

One of the major actions of this community is a collective book due to ap-pear in the fall 2006, and entitled “Formal Methods for Distributed Cooperative Systems” (M´ethodes formelles pour les syst`emes r´epartis et coop´eratifs in french, published by Herm`es). The purpose of this book is to gather a state of the art of the most advanced techniques for modelling and formal analysis of distributed systems.

The book is divided into three parts, which constitute the basis for the tu-torial we propose at ICTAC 2006. Following the design process, the first part

5

MeFoSyLoMa stands for Formal Methods for Software and Hardware Systems (M´ethodes Formelles pour les Syst`emes Logiciels et Mat´eriels in french).

(2)

deals with specification of distributed systems, the second one with analysis tech-niques and the third one presents actual experimentations of such modelling and verification techniques in real systems (i.e. industrial size case studies).

Each part of the book will correspond to a two hours tutorial presented by two of the authors of the corresponding part.

2

Part I: dedicated specification languages and models

This part is devoted to giving guidelines for designing a consistent system model. First, we present criteria to consider so as to build a specification satisfying the demands. Then, methodologies to write specifications are introduced.

Presenters: This part of the tutorial will be presented by:

– Laure Petrucci, Professor at University Paris 13, member of the CNRS laboratory LIPN,

– Christine Choppy, Professor at University Paris 13, member of the CNRS laboratory LIPN.

Outline: Many sorts of models can be used to specify a complex system. Hence, it might prove difficult, for a non-experienced designer, to choose among this large collection. Therefore, the first part of the presentation is dedicated to criteria that should be taken into account before choosing a modelling formalism: relevant concepts, abstraction level, specification goals, structuring, expected properties.

The relevant concepts are the different data types important in the system, timing issues, the structure of the system, i.e. its decomposition into subsystems, sequential or parallel execution mode, synchronous/asynchronous communica-tion. When considering the abstraction level, one should keep in mind that the specification process may include incremental development and refinement. The relevance of the concepts and the abstraction level must be considered w.r.t. the goals for designing the specification, e.g. time is relevant when checking schedul-ing issues but may not be when verifyschedul-ing the correctness of a communication protocol. Structuring the specification into subsystems allows for both a better view of the different components and reusability. Finally, the expected properties must be written in a language consistent with the modelling technique.

Considering all these criteria should help the designer in choosing a specifi-cation paradigm, the appropriate level of abstraction and the relevant properties to be checked using the model.

The second part of the presentation is concerned with guidelines to start writ-ing the detailed specification, considerwrit-ing data types structures, simple dynamic systems, and dynamic systems structured using subsystems. This approach can be combined with other approaches that guide the overall structuring of the spec-ification using structuring concepts provided by problem frames, or architectural styles, and with a component approach to combine the specifications developed.

(3)

3

Part II: dedicated verification techniques

This part is dedicated to efficient verification methods for distributed applica-tions and systems.

Presenters: This part of the tutorial will be presented by:

– SergeHaddad, Professor at University Paris-Dauphine, member of the CNRS laboratory Lamsade,

– Yann Thierry-Mieg, Associate Professor at University P. & M. Curie, member of the CNRS laboratory LIP6.

Outline: The presentation comprises two parts.

The diversity of verification methods may puzzle the engineer facing the choice of the appropriate technique for analysing her/his system. So the first part of the presentation aims at clarifying the bases of such a choice by discussing three critical questions associated with the verification process:

– How to choose the formalism for verification?

– How to express the expected properties of the system modelled? – Which verification methods apply on the model?

The second part of the presentation details one of the most successful verifi-cation methods in order to tackle the increasing complexity of the systems: the decision diagram based methods. It starts with a general introduction on data representation and manipulation using such structures. Then it shows how the reachability problem (the main verification problem) can efficiently be handled and how to generalise its application to the model-checking of temporal logic formulae. It concludes by detailing experiments in order to understand when and why the method is successful.

The whole presentation illustrates the different concepts with the help of (extended) Petri nets.

4

Part III: application to distributed systems

This part is dedicated to the effective use of the techniques presented in the design and implementation of real systems.

Presenters: This part of the tutorial will be presented by:

– Fabrice Kordon, Professor at University P. & M. Curie and head of the MoVe(Modelling and Verification) team in the CNRS laboratory LIP6, – Hanna Klaudel, Professor at University Evry-Val-d’Essonne and head of

the LIS (Languages, Interaction, Simulation) team in the CNRS laboratory IBISC.

(4)

Outline: The presentation is divided into two parts. The first one is devoted to the PolyORB experience. PolyORB is a middleware dedicated to distributed real-time systems. It thus requires high reliability that is achieved by means of an original architecture on which formal verification of qualitative properties (such as absence of deadlock or livelock) is enforced thanks to Symmetric Petri Nets6

. The presentation will explain how a strong interaction between the design of the software architecture, combined with new model-checking techniques, allows for coping with a high complexity of the formal specification.

The second part deals with the design of adaptive reactive systems, i.e. sys-tems that dynamically adapt their architecture depending on the context of the execution. We use the formalism of timed automata for the design of the modules behaviour. Hence, it is possible to evaluate beforehand the properties of the sys-tem (regarding logical correctness and timelines), thanks to model-checking and simulation techniques. The approach is illustrated by a case study for which we show how to produce very quickly a running prototype satisfying the properties of the model, and how to evaluate a priori the pertinence of adaptive strategies.

5

Conclusion

This tutorial is thus intended for young researchers or engineers to have an overview of the specification process.

The first part is concerned with specification issues. Indeed, writing a speci-fication from scratch is a difficult task for a non-experienced person. The criteria pointed out and the specification design methodology should help in choosing the appropriate formalism and starting the design of a system.

The second part is devoted to analysis issues. A complex model is intrinsically difficult to analyse. It is thus important to choose the appropriate technique to prove the expected properties of the system. Some advanced techniques are also shortly presented, which give a feeling on how to handle large systems.

Finally, the third part shows how these techniques have been succesfully applied to real systems.

6

Références

Télécharger maintenant ( PDF - 4 Page - 68.39 KB )

Documents relatifs

The workshop is the first to be held specifically

These Sherpa projeclS resulted from the common interest of local communities, whereby outsiders, such as Newar and even low-caste Sherpa (Yemba), could contribute

Solvent release from highly swollen gels under compression: an important phenomenon that has to be taken into account

As well as for V(P), the relative volume as a function of the applied pressure can be roughly described by two lines with the slopes differing in 6-7 times (see dashed lines in

On Equations of the Linear Theory of Shells with Surface Stresses Taken into Account

The equations of state (3.1) permit writing the plate equilibrium equations with the surface stresses (2.6) and (2.7) taken into account in terms of displacements w and rotations ϑ.

KarstMod: A modelling platform for rainfall - discharge analysis and modelling dedicated to karst systems

We propose an adjustable modelling platform (KarstMod) for both the simulation of spring discharge at karst outlets and analysis of the hydrodynamics of the compartments considered

An Analysis of Criteria for Choosing a First Programming Language in Universities

We compiled a rating of the nineteen most popular criteria based on the works of different researchers and on our experience of teaching the basics of

Formal Modelling and Analysis of Distributed Storage Systems

At the core of each node is the job manager that is fed by process listener shown in Figure 3: when a h request i is received by a node, it is first stored in a job manager

Opinion Mining: Taking into account the Criteria!

By performing some text preprocess- ing and taking into account a frequency of a term in a specific window of terms (see (Duthil et al., 2011) for a full description of the process

Why, How and What Should be Taught about Formal Methods?

I dislike absolute answers to sociological questions (teaching is, after all, a sociological activity). For instance, should we teach FM regardless of the length of the plan of