Predicting Task Automata Needed for the FLAVERS

Analysis of a Concurrent System

Kris HaumanDistributed Mentor Student, Summer 2002

Western Carolina University

FLAVERS Flow Analysis for Verification of Systems

FLAVERS is a Finite State Verification System

FLAVERS first creates a concise, but imprecise model of the system

If results are inconclusive, the user usually has to make the model more accurate by adding constraints

Property

System

Property/Constraint Translator

SystemTranslator

ReasoningEngine

TFG

ConsistentFSA

Ada, Java, C++, Jovial

Inconsistent+

counter example

Event alphabet

Architecture of FLAVERS Constraints

FLAVERS model of the system

3

4

2

9

T1 T2

5

7

8

1 6e1

e2

e3

4

9

T1 T2

5

8

1e1

e2

e3

e06 e0

Common Types of Constraints Variable Automaton (VA) Task Automaton (TA) Context Automaton (CA)

Example Boolean Variable Automaton

== is a predicate

= is assignment

viol

S==trueS=true

S==trueS=true

S==true

S==falseS=false

S==false

S==trueS=true

S==falseS=false

S==falseS=false

S=false

S=true

true false

unknown

Example Task Automaton

Previous example T1 task automaton

4

T1

5

1

3

4

2

9

T1 T2

5

7

8

1 6e1

e2

e3

4

9

T1 T2

5

8

1e1

e2

e3

e06 e0

Motivation for Predicting TAs It usually takes several iterations of

choosing constraints and running the analysis, before getting conclusive results or finding an error

If FLAVERS could predict at least some of the needed TAs, it could save the user some time and effort

Potential Ways of Predicting TAs

alphabet-related tasks property related constraint related

communication-related tasks tasks that communicate with alphabet-

related tasks

Finding related tasks

alphabet-related tasks, Given an FSA (e.g., property, VA, CA) and a TFG, G,

returns a set of tasks T such that

T = {t | t G e [e FSA e t e ≠ tau]}

communication-related tasks Given a task t1 and a TFG, G,

Returns a set of tasks T such that

T = {t | t G n [n Nt1 n Nt n = com-node t1 ≠ t2]}

Experiments:How useful are the predicted TAs?

Compare analysis problems that include the minimum number of TAs needed for property verification to the problems that include the predicted TAs Consider the analysis-runtime, the TAs used, and

the verification results These comparisons will help determine:

Are the predicted TAs enough to verify the property?

How many unneeded TAs are predicted? Does the analysis time suffer from the extra TAs?

Experiments:The predicted TAs TA added to an analysis problem, in addition

to any needed VA or context constraints: all property-related TA some property-related TA

3 or more events property-related and com-related to those constraint-related (VA or CA) constraint-related and com-related to those property, constraint, and com-related to both

Experiments:Measurements

For each prediction approach, for each example problem, measure:• number of predicted TAs• number of predicted TAs required• number of required TAs not predicted• verification results• difference in analysis run-times • percent of run-time difference • number of VA and context-constraints required

Experiments:Results - Percent Conclusive

0102030405060708090

100

P P+Cm P- C C+Cm all

Future Work Other prediction approaches to consider

Effect of increasing the number of events that a task must have in common with the selected alphabet

Effect of considering the number of occurrences of events (instead of just the number of events)

Effect of considering priority events Effect of considering the number of

communications