• Aucun résultat trouvé

Towards Verification of Connection-Aware Transaction Models for Mobile Applications

N/A
N/A
Info
Télécharger
Protected

Academic year: 2022

Partager "Towards Verification of Connection-Aware Transaction Models for Mobile Applications"

Copied!
2
0
0

Chargement.... (Voir le texte intégral maintenant)

Texte intégral

(1)

Towards Verification of Connection-Aware Transaction Models for Mobile Applications

Lars M. Kristensen1and Gabriele Taentzer2and Steffen Vaupel2

1 Western Norway University of Applied Sciences [email protected]

2 Phillips-Universität Marburg

{taentzer,svaupel}@informatik.uni-marburg.de

Abstract. Applications running on mobile devices are subject to fre- quent changes in connectivity to back-end infrastructure. In order not to disrupt service and ensure fault-tolerant operation, transaction-oriented mobile applications must be able to operate in both online and offline mode. Recently, a generic software architecture has been proposed [4] to accommodate mobile transaction models that support offline transaction processing in conjunction with data replication, reintegration, and syn- chronisation. We present an initial Coloured Petri Net (CPN) [2] model of a mobile transaction system and report on the first results on verifying its behavioural correctness using model checking.

Introduction. Mobile client applications often need to execute transactions that read and write shared data sets stored on a server-side infrastructure. Ex- amples include applications involving local payment, where concurrently running applications need access to funds from a shared account. A challenge in this sce- nario is that mobile devices may often loose connectivity. To avoid disruption of service, the application must be able to operate even when the mobile device is offline. This requires specialised transaction models that replicate data for offline operation and which synchronise data when coming backonline.

Several conflict-free transaction models have been proposed to support such scenarios. As an example, the Escrow transaction model [3] is based on a logical split of the shared data set, and can be used to for instance give a mobile application access to a restricted amount of funds on an account. Vaupel et al. [4]

have proposed a generic architecture that includes online and offline transaction processing, replication, synchronisation and re-integration of data and which is able accommodate different conflict-free mobile transaction models.

CPN model. Our goal is to develop a formal executable specification of the mobile transaction architecture proposed in [4]. In particular, we want to verify the correctness of conflict-free transactions for a given mobile application. Fur- thermore, the CPN model should reflect the architecture and make it easy to change the set of transactions for a concrete mobile application.

Figure 1 shows the CPN module of the local transaction manager on the mobile client for an example with a Debit transaction operating on a shared

(2)

Log In/Out

CxTransactions In/Out

StoC In/Out ClientxMsgs In/Out CtoS In/Out

ClientxMsgs In/Out State

In/Out

CxLTMState In/Out

Amount In/Out

CxData In/Out

Application

In CxTransaction

Synchronize Synchronize Synchronize

Replicate Replicate Replicate

Execute Debit Debit Debit In

Fig. 1.Local Transaction Manager module.

Amount. The application invokes the debit transaction via theApplicationplace.

When operating in offline mode, the transactions executed are written in aLog.

The substitution transitions Synchroniseand Replicaterepresent the two major operational modes that allow data to be synchronised with the server-side when online, and conflict-free replication of data to support offline operation. The places CtoS and StoC are used for modelling the communication between the client-side and the server-side.

Verification. We perform verification using explicit-state model checking, as supported by CPN Tools [1]. The state space for the Escrow-based payment transaction system with a debit transaction has7,174 states and 22,202 edges and can be generated in less than three seconds. The transaction model replicates the amount on the account such that all mobile clients have access to an equal amount. A key property of the application is that independently of how the clients go online and offline, it should always be possible to return to aconsistent statein which the sum of the amounts replicated to the clients is equal to the total amount stored on the server-side. In computation tree logic (CTL), this property can be expressed asAG EFp, where p is a state predicate expressing that the state is consistent with respect to the amount.

References

1. CPN Tools home page. www.cpntools.org.

2. K. Jensen and L.M. Kristensen. Coloured Petri Nets: A Graphical Language for Modelling and Validation of Concurrent Systems. Communications of the ACM, 58(6):61–70, 2015.

3. P. O‘Neil. The Escrow Transactional Method. ACM Transactions on Database Systems, 11(4):405–430, 1986.

4. S. Vaupel, D. Wlochowitz, and G. Taentzer. A Generic Architecture Supporting Context-Aware Data and Transaction Management for Mobile Applications. In Prof. of MobileSoft’16, pages 111–122. ACM, 2016.

228 PNSE’17 – Petri Nets and Software Engineering

Références

Télécharger maintenant ( PDF - 2 Page - 253.70 KB )

Documents relatifs

Housing land transaction data and structural econometric estimation of preference parameters for urban economic simulation models

For the needs of the research by Caruso et al. Vuidel, Greener and larger neighborhoods make cities more sustainable! A 2D urban economics perspective, Computers Environment and

Towards Formal Modeling and Verification of Context-Aware Systems

Our proposed approach (Cherfia and Belala, 2014) consists in providing a bigraphical reactive systems based approach to formally model the different aspects

Towards the Verification of Security-Aware Transaction E-services

Before describing the reduction of the goal reachability and the log validity problems to the satisfiability of the extension of the BSR class considered in the previous section,

Modeling, Enactment and Verification of Data-Aware Processes

Interestingly, the execution semantics of DB-nets is represented in terms of (possibly) infinite labeled transition systems, where each state simultaneously accounts for a net

Expression of long non-coding RNA ANRIL predicts a poor prognosis in intrahepatic cholangiocarcinoma

Increased expression of the long non-coding RNA ANRIL promotes lung cancer cell metastasis and correlates with poor prognosis. Circulating long noncoding RNA act as potential

Lhcx proteins provide photoprotection via thermal dissipation of absorbed light in the diatom Phaeodactylum tricornutum

By knocking out the Lhcx1 and Lhcx2 genes individually in Phaeodactylum tricornutum strain 4 and complementing the knockout lines with different Lhcx proteins, multiple mutants

Models and Verification for Composition and Reconfiguration of Web of Things Applications

The reconfiguration workflow is shown in Figure 6.6. Initially, users would have designed the application and deployed it in their homes. Once a reconfiguration of the

Techniques and Tools for the Verification of Systems-on-a-Chip at the Transaction Level

Since the translation between RTL and gate-level descriptions can be done automatically and efficiently, the gate-level description is today mainly an intermediate representation