abstractions, semantic models and analysis tools for...
TRANSCRIPT
![Page 1: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/1.jpg)
Abstractions, Semantic Models and
Analysis Tools for Concurrent
Systems: Progress and Open Problems
Gul Agha
University of Illinois at Urbana-Champaign
Embedor Technologies
http://osl.cs.uiuc.edu
![Page 2: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/2.jpg)
Acknowledgements
Work reported here is joint with Carl Hewitt, Chris Houck,
WooYoung Kim, Pohao Chang, Rajesh Karmani, Mark Astley,
Dan Sturman, Stas Negara, Rajendra Panwar, Svend Frolund,
Reza Shiftehfar, Koushik Sen among others.
Supported in part by AFOSR/AFRL Air Force Research
Laboratory and the Air Force Office of Scientific Research under
agreement FA8750-11-2-0084 for the Assured Cloud Computing
at the University of Illinois at Urbana-Champaign, and by the
National Science Foundation under grant NSF CCF 14-38982 and
NSF CCF 16-17401.
July 6, 2016 Gul Agha, University of Illinois 2
![Page 3: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/3.jpg)
INTERNET OF THINGS TO
ENABLE SMART
INFRASTRUCTURE
July 6, 2016 Gul Agha, University of Illinois
Motivation
3
![Page 4: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/4.jpg)
The Aging Civil Infrastructure
America’s $20 trillion+ investment in civil infrastructure is in dire shape, and will continue to deteriorate if we fail to act.
Continuous monitoring and precision targeting of maintenance can improve safety and save billions of dollars for infrastructure owners.
American Society of Civil Engineers report card grades
July 6, 2016 Gul Agha, University of Illinois 4
![Page 5: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/5.jpg)
Smart infrastructure can improve safety, facilitate smart
transportation systems.
Monitor infrastructure, pinpoint deficiencies.
Control: dampen vibrations to limit damage
Scalable cyberphysical systems required.
Sensor Clouds for Smart Infrastructure
July 6, 2016 Gul Agha, University of Illinois
Infrastructure is aging.
Estimated 70,000 structurally deficient bridges in US.
5
![Page 6: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/6.jpg)
Keeping Tabs on the Infrastructure
July 6, 2016 Gul Agha, University of Illinois
“… one highly intelligent bridge knows what to do when trouble arises: send an e-mail.”
“A small army of electronic sentinels…
monitor the bridge’s structural health. (As of
last week, the bridge said it was just fine.)”
Illinois Structural Health Monitoring Project
See: http://shm.cs.illiniois.edu
6
![Page 7: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/7.jpg)
July 6, 2016 Gul Agha, University of Illinois
Dense Sensor Clouds for Smart Structures
7
![Page 8: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/8.jpg)
xnode : Environmentally Hardened Enclosure
Connection to
External Analog
Sensors
Connection to
Energy
Harvester/USB
IP66 Waterproof Enclosure
Magnet
LED Indicator
July 6, 2016 Gul Agha, University of Illinois 8
![Page 9: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/9.jpg)
A calibrated model and strategically placed smart sensors allow for the force in all structural members to be determined with high accuracy and remaining service life to be estimated. Checkout the video at: http://embedortech.com
July 6, 2016 Gul Agha, University of Illinois 9
![Page 10: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/10.jpg)
Example: National Smart Structures Grid
Highway
Bridge
Dam
Railroad
Cut slope
Tunnel
Cloud Data RepositoryData
Control
Cloud Network
10
![Page 11: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/11.jpg)
MODELS OF CONCURRENCY
July 6, 2016 Gul Agha, University of Illinois 11
![Page 12: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/12.jpg)
Models of Concurrency
Petri Nets
Process Algebras
Actors
July 6, 2016 Gul Agha, University of Illinois 12
![Page 13: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/13.jpg)
Efficiency
Distribution
Concurrency
Scalability
Stability and Robustness
Programming Scalable Applications
July 6, 2016 Gul Agha, University of Illinois 13
![Page 14: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/14.jpg)
Scalable Applications
Martian Rover (1990s)
Twitter's message queuing
LiftWeb Framework (Scala for web
applications)
Image processing in MS Visual Studio
2010
Vendatta game engine (Erlang)
Facebook Chat System (Erlang)
Microsoft Orleans: used by >343 industries,
platform for all of Halo 4 cloud services
July 6, 2016 Gul Agha, University of Illinois
33 to 49 minutes for radio waves to
travel from Jupiter to Earth
14
![Page 15: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/15.jpg)
Concurrency
``When people read about Scala, it's almost always in the
context of concurrency. Concurrency can be solved by a good
programmer in many languages, but it's a tough problem to
solve. Scala has an Actor library that is commonly used to
solve concurrency problems, and it makes that problem a lot
easier to solve.''
--Alex Payne, ``How and Why Twitter Uses Scala” http://blog.redfin.com/devblog/2010/05/how_and_why_twitter_uses_scala.html
(emphasis added)
July 6, 2016 Gul Agha, University of Illinois 15
![Page 16: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/16.jpg)
Stability and Scalability
“..the actor model has worked really well for us, and we
wouldn't have been able to pull that off in C++ or Java.
Several of us are big fans of Python and I personally like
Haskell for a lot of tasks, but the bottom line is that, while
those languages are great general purpose languages,
none of them were designed with the actor model at
heart.”
--Facebook Engineering
https://www.facebook.com/notes/facebook-engineering/chat-stability-and-scalability/51412338919
July 6, 2016 Gul Agha, University of Illinois 16
![Page 17: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/17.jpg)
Actor Languages and Frameworks
Erlang
E
Axum
Stackless Python
Theron (C++)
RevActor (Ruby)
Dart
Asynchronous Agents Library
Scala Actors/Akka
ActorFoundry
SALSA
Kilim
Jetlang
Actor’s Guild
Clojure
… a growing list
July 6, 2016 Gul Agha, University of Illinois 17
![Page 18: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/18.jpg)
Characteristics of the Actor Model
Computation broken into autonomous, concurrent
agents called actors:
Actors do not share state
Analogous to animals in natural systems.
Each actor operates asynchronously
The rate at which an actor operates may vary.
An actor is like a virtual processor.
An actor may interact with other actors.
[Actors: A Model of Concurrent Computation in Distributed Systems," Gul Agha. MIT Press, 1986.]
July 6, 2016 Gul Agha, University of Illinois 18
![Page 19: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/19.jpg)
Message-Passing
There is no action at a distance
An actor a1 an only affect a2 by sending it a message.
Messages are asynchronous
a1
a2
July 6, 2016 Gul Agha, University of Illinois 19
![Page 20: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/20.jpg)
Distribution and Parallelism
Each actors represents a point in a
virtual space.
Events at an actor are ordered linearly.
Events may change the state of an
actor
An event on one actor may activate an
event on another by sending a
message (causal order).
Transitive closure results in a partial
order
a1
e1
e3
a2
e'1
e'2
e2
time
July 6, 2016 Gul Agha, University of Illinois 20
![Page 21: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/21.jpg)
Fairness
Each actor makes progress if it can:
If multiple actors execute on a single processor, each actor is
scheduled.
Every messages is eventually delivered if it can be:
When an actor is idle and has a pending message, it processes
that message.
Multiple pending messages are processed in an order so none is
permanently ignored by the target actor.
July 6, 2016 Gul Agha, University of Illinois 21
![Page 22: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/22.jpg)
Actor Names
The name (mail address) of each actor is unique and
cannot be guessed.
An actor must know the name (mail address) of the target
actor to send it a message
Called the locality property of actors.
Locality property provides a built in capability architecture
for security.
July 6, 2016 Gul Agha, University of Illinois 22
![Page 23: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/23.jpg)
Actor Topology
If an actor a1 knows the address of another actor a2 , a1 may
communicate the name of an a2 in a message.
The interconnection topology of actors is dynamic.
Supports mobility and reconfiguration of actors.
July 6, 2016 Gul Agha, University of Illinois 23
![Page 24: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/24.jpg)
Actor Creation
New actors may be created:
Increases the available concurrency in a computation.
Facilitates dynamic parallelism for load balancing.
Enables mechanisms for fault-tolerance.
July 6, 2016 Gul Agha, University of Illinois 24
![Page 25: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/25.jpg)
Actor anatomy: Actors and Threads
Actors = encapsulated state + behavior +
independent control + mailboxObject
July 6, 2016 Gul Agha, University of Illinois 25
![Page 26: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/26.jpg)
July 6, 2016 Gul Agha, University of Illinois
The Actor Model:
Runtime Support
ThreadState
Procedure
ThreadState
Procedure
ThreadState
Procedure
Interface
Send
Messages
ThreadState
Procedure
Interface
Create
Receive
Messages
26
![Page 27: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/27.jpg)
Defining an actor language
Start with a sequential object-based language or framework, add concurrency to objects, operators for:
actor creation
create(class, params)
Locally or at remote nodes
message sending
send(actor, method, params)
state change
ready to process next message
July 6, 2016 Gul Agha, University of Illinois 27
![Page 28: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/28.jpg)
Message Patterns
More complex message
patterns may be
defined in terms of
asynchronous
messages:
a1 a2
e1
e2
e3
rpc like messaging
Actor Event Diagrams
July 6, 2016 Gul Agha, University of Illinois 28
![Page 29: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/29.jpg)
Actor Encapsulation: State Isolation
Recall: no shared state between actors
‘Access’ another actor’s state only by sending it a message
and requesting it:
Messages have send-by-value semantics
Implementation may be relaxed on shared memory platforms, if
“safe”
July 6, 2016 Gul Agha, University of Illinois 29
![Page 30: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/30.jpg)
Location Transparent Naming
Enables automatic load-balancing and fault-tolerance
mechanisms
Run-time can exploit resources available on cluster, grid or
scalable multicores (distributed memory)
Uniform model for multicore and distributed programming
July 6, 2016 Gul Agha, University of Illinois 30
![Page 31: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/31.jpg)
Synchronization and Coordination
Essential for correct functioning of actor
systems
A source of complexity in concurrent programs
July 6, 2016 Gul Agha, University of Illinois 31
![Page 32: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/32.jpg)
Synchronizing in a Concurrent World
The interface of an actor may be dynamic: Cannot get from an empty buffer
Cannot put into a full buffer
Producer
Buffer
Consumer
put
get
July 6, 2016 Gul Agha, University of Illinois 32
![Page 33: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/33.jpg)
Separation of Concerns
Abstract Data Types:
Enable separation of interface (what) from the representation (how).
Actors:
When actions happen is underspecified (asynchrony).
Recipient may not be ready to process a message when it arrives –synchronization constraints (when).
Separate specification of when from how to facilitate modularity in code.
July 6, 2016 Gul Agha, University of Illinois 33
![Page 34: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/34.jpg)
Local Synchronization Constraints
Constrain the “local” order of processing messages
Delay or reject out of order messages
Function of local state and message contents
These have delay semantics i.e. disabled messages are buffered
Implementations: Disabling constraints in AF, Pattern matching in Erlang, Scala
July 6, 2016 Gul Agha, University of Illinois 34
![Page 35: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/35.jpg)
Expressing Local Synchronization Constraints (Abstractly)
Per actor logical rules which determine the legality of invocations:
disable get when empty? (buffer)
Producer
Buffer
Consumer
put
get
July 6, 2016 Gul Agha, University of Illinois 35
![Page 36: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/36.jpg)
Implementation of Local Synchronization Constraints
Mail Queue
Synchronization
Constraints
ControllerData and Methods
Incoming
Messages
Pending
queue
Actor
July 6, 2016 Gul Agha, University of Illinois 36
![Page 37: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/37.jpg)
Scalable Reasoning Tools
Computational Learning for Verification
Concolic Testing and its variants
Runtime verification (Monitoring)
Inferring interfaces: session types, concurrency structure
Computational learning for verification (won’t discuss today)
Quantitative Tools:
Statistical Model Checking
Euclidean Model Checking
July 6, 2016 Gul Agha, University of Illinois 37
![Page 38: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/38.jpg)
Execution Paths of a Program Can be seen as a binary tree with
possibly infinite depth
Computation tree
Each node represents the execution of
a “if then else” statement
Each edge represents the execution of
a sequence of non-conditional
statements
Each path in the tree represents an
equivalence class of inputs.
What about loops?
Unroll to finite depth.
F T
F F
F
F
T
T
T
T
T
T
38
![Page 39: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/39.jpg)
What is Testing?
Execute the program and observe how it behaves under
different scenarios:
Vary the inputs.
In concurrent programs: vary the schedules.
July 6, 2016 Gul Agha, University of Illinois 39
![Page 40: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/40.jpg)
Goal
Automated Scalable Unit Testing of real-world sequential
programs
Generate test inputs
Execute unit under test on generated test inputs
so that all reachable statements are executed
Any assertion violation gets caught
July 6, 2016 Gul Agha, University of Illinois 40
![Page 41: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/41.jpg)
What is a bug?
Traverse all execution
paths one by one to detect
errors
assertion violations
program crash
uncaught exceptions
combine with valgrind to
discover memory errors
F T
F F
F
F
T
T
T
T
T
T
July 6, 2016 Gul Agha, University of Illinois 41
![Page 42: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/42.jpg)
Example of Computation Tree
void test_me(int x, int y) {
if(2*x==y){
if(x != y+10){
printf(“I am fine here”);
} else {
printf(“I should not reach here”);
ERROR;
}
}
}
2*x==y
x!=y+10
N Y
N Y
ERROR
July 6, 2016 Gul Agha, University of Illinois 42
![Page 43: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/43.jpg)
Random Testing
generate random inputs
execute the program on
generated inputs
Probability of reaching an error
can be astronomically less
test_me(int x){
if(x==94389){
ERROR;
}
}
Probability of hitting ERROR =
1/232
July 6, 2016 Gul Agha, University of Illinois 43
![Page 44: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/44.jpg)
Symbolic Execution
use symbolic values for input variables
execute the program symbolically on symbolic input values
collect symbolic path constraints
use theorem prover to check if a branch can be taken
test_me(int x){
if (x==94389){
ERROR;
}
}
July 6, 2016 Gul Agha, University of Illinois 44
![Page 45: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/45.jpg)
Symbolic Execution
What if we can solve the constraint?
Symbolic execution will say both branches are reachable:
False positive
Does not scale for large programs
test_me(int x){
if((x%10)*4!=17){
ERROR;
} else {
ERROR;
}
}
July 6, 2016 Gul Agha, University of Illinois 45
![Page 46: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/46.jpg)
Approach
Combine concrete and symbolic execution for unit testing
Concrete + Symbolic = Concolic
In a nutshell
Use concrete execution over a concrete input to guide symbolic execution
Concrete execution helps Symbolic execution to simplify complex and
unmanageable symbolic expressions
by replacing symbolic values by concrete values
Achieves Scalability
Higher branch coverage than random testing
No false positives or scalability issue like in symbolic execution based testing
July 6, 2016 Gul Agha, University of Illinois 46
![Page 47: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/47.jpg)
Example: Simultaneous Concrete and Symbolic Execution
int foo (int v) {
return (v*v) % 50;
}
void testme (int x, int y) {
z = foo (y);
if (z == x) {
if (x > y+10) {
ERROR;
}
}
}
Concrete
Execution
Symbolic
Execution
concrete
state
symbolic
state
path condition
x = 22, y = 7 x = x0, y = y0
July 6, 2016 Gul Agha, University of Illinois 47
![Page 48: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/48.jpg)
int foo (int v) {
return (v*v) % 50;
}
void testme (int x, int y) {
z = foo (y);
if (z == x) {
if (x > y+10) {
ERROR;
}
}
}
Concrete
Execution
Symbolic
Execution
concrete
state
symbolic
state
path condition
x = 22, y = 7,
z = 49
x = x0, y = y0,
z = (y0 *y0)%50
(y0*y0)%50 !=x0
Solve: (y0*y0 )%50 == x0
Don’t know how to solve!
Stuck?
Example : Simultaneous Concrete and Symbolic Execution
July 6, 2016 Gul Agha, University of Illinois 48
![Page 49: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/49.jpg)
void testme (int x, int y) {
z = foo (y);
if (z == x) {
if (x > y+10) {
ERROR;
}
}
}
Concrete
Execution
Symbolic
Execution
concrete
state
symbolic
state
path condition
x = 22, y = 7,
z = 49
x = x0, y = y0,
z = foo (y0)
foo (y0) !=x0
Example : Simultaneous Concrete and Symbolic Execution
Solve: foo (y0) == x0
Don’t know how to solve!
Stuck?
July 6, 2016 Gul Agha, University of Illinois 49
![Page 50: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/50.jpg)
int foo (int v) {
return (v*v) % 50;
}
void testme (int x, int y) {
z = foo (y);
if (z == x) {
if (x > y+10) {
ERROR;
}
}
}
Concrete
Execution
Symbolic
Execution
concrete
state
symbolic
state
path condition
x = 22, y = 7,
z = 49
x = x0, y = y0,
z = (y0 *y0)%50
(y0*y0)%50 !=x0
Solve: (y0*y0 )%50 == x0
Don’t know how to solve!
Not Stuck!
Use concrete state
Replace y0 by 7 (sound)
Example : Simultaneous Concrete and Symbolic Execution
July 6, 2016 Gul Agha, University of Illinois 50
![Page 51: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/51.jpg)
int foo (int v) {
return (v*v) % 50;
}
void testme (int x, int y) {
z = foo (y);
if (z == x) {
if (x > y+10) {
ERROR;
}
}
}
Concrete
Execution
Symbolic
Execution
concrete
state
symbolic
state
path condition
x = 22, y = 7,
z = 48
x = x0, y = y0,
z = 49
49 !=x0
Solve: 49 == x0
Solution : x0 = 49, y0 = 7
Example : Simultaneous Concrete and Symbolic Execution
July 6, 2016 Gul Agha, University of Illinois 51
![Page 52: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/52.jpg)
int foo (int v) {
return (v*v) % 50;
}
void testme (int x, int y) {
z = foo (y);
if (z == x) {
if (x > y+10) {
ERROR;
}
}
}
Concrete
Execution
Symbolic
Execution
concrete
state
symbolic
state
path condition
x = 49, y = 7 x = x0, y = y0
Example : Simultaneous Concrete and Symbolic Execution
July 6, 2016 Gul Agha, University of Illinois 52
![Page 53: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/53.jpg)
int foo (int v) {
return (v*v) % 50;
}
void testme (int x, int y) {
z = foo (y);
if (z == x) {
if (x > y+10) {
ERROR;
}
}
}
Concrete
Execution
Symbolic
Execution
concrete
state
symbolic
state
path condition
x = 49, y = 7,
z = 49
x = x0, y = y0 ,
z = 49
2*y0 == x0
x0 > y0+10
Program Error
Example : Simultaneous Concrete and Symbolic Execution
July 6, 2016 Gul Agha, University of Illinois 53
![Page 54: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/54.jpg)
Concolic Testing in a Nutshell
Use ConcolicExecution to Generate Data input
Use generated data input to
Execute program both concretely and symbolically (concolically)
Use symbolic
execution to To generate data input
Use concrete execution to Guide
symbolic execution
Use smart search strategies: e.g.
Concolic Walk in space defined by
constraints
July 6, 2016 Gul Agha, University of Illinois 54
![Page 55: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/55.jpg)
Schedules are another branching condition
Partial order reduction helps
Multistep Semantics for Actors
Still too many interleavings..
Use backward symbolic execution
Branch coverage is an uninteresting metric
Unchecked conditions
Runtime Verification
Concolic Execution for Concurrent Programs
July 6, 2016 Gul Agha, University of Illinois 55
![Page 56: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/56.jpg)
July 6, 2016
Decentralized Runtime Verification
Properties expressed with respect to an actor (Epistemic Logic)
Properties are in Distributed Temporal Logic
Decentralize Monitoring
Maintain knowledge of relevant state at each process
Update knowledge with incoming messages
Attach knowledge with outgoing messages
At each actor check safety property against local knowledge
Gul Agha, University of Illinois 56
![Page 57: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/57.jpg)
July 6, 2016
Decentralized Monitoring Example
“If a receives a value from b then b calculated the value after receiving request from a” valRcv → @b((valComputed @a(valReq)))
valReq
valComputed
valRcva
b
valReqvalRcv → @b((valComputed @a(valReq)))
(valComputed @a(valReq))@a(valReq)
valComputed @a(valReq)
Gul Agha, University of Illinois 57
![Page 58: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/58.jpg)
July 6, 2016
KnowledgeVector
Let KV be a vector. KV is a knowledge vector if it has:
one entry for each process appearing in formula
KV[j] denotes entry for actor j
KV[j].seq is the sequence number of last event seen at actor j
KV[j].values stores values of j-expressions and j-formulae
Gul Agha, University of Illinois 58
![Page 59: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/59.jpg)
July 6, 2016
Example
p3
p2
p1X=6 X=4 X=4
Y=7 Y=5
0
_
0
_
0
6
1
6
1
4
2
4
2
4
2
4
2
4
2
4
2
4
✓
⊡(Y ≥ @1X) at p2
KV[1].seq
KV[1].values
Y=5
0
_
2
4
Y=5
✓
Gul Agha, University of Illinois 59
![Page 60: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/60.jpg)
July 6, 2016
Example: Another Potential Execution
p3
p2
p1
X=5X=6
X=4
Y=7 Y=5
0
-
0
-
0
5
0
6
1
6
1
4
2
4
2
4
2
4
1
6
1
6
2
4
✕
⊡(Y ≥ @1X) at p2
KV[1].seq
KV[1].values
Y=5
0
_
Gul Agha, University of Illinois
60
![Page 61: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/61.jpg)
Predictive Monitoring
Can predict the violation from the run that did not have the
violation.
Cannot detect a violation if there is no direct communication
of intermediate value from p1 to p2
July 6, 2016 Gul Agha, University of Illinois 61
![Page 62: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/62.jpg)
July 6, 2016
DIANA Architecture
pt-DTL
Monitor
Gul Agha, University of Illinois 62
![Page 63: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/63.jpg)
July 6, 2016
Causality Cone
Heuristics
Gul Agha, University of Illinois 63
![Page 64: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/64.jpg)
Probabilistic Programs
An actor program is a
probabilistic program in a
distributed space with
concurrent time.
The behavior of a program is
statistical in nature.
t
P
Q
R
T
Past causality
Future causality
y
x
S
U
Not causally
connected
July 6, 2016 Gul Agha, University of Illinois 64
![Page 65: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/65.jpg)
July 6, 2016
Properties in CSL sub-logic
::= true | a | ⋀ | : | PQ p()
::= U<t | X where Q 2 {<,>,¸,·}
P< 0.5(◊<10 full)
Probability that queue becomes full in 10 units of time is less than 0.5
P>0.98(: retransmit U<200 receive)
Probability that a message is received successfully within 200 time units without any need for retransmission is greater than 0.98
Gul Agha, University of Illinois 65
![Page 66: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/66.jpg)
July 6, 2016
Statistical Model Checking
Model or Implementation
No:
Model-Checker
Yes:
Don’t Know
•Decoupled from the tool
• Run implementation to
generate samples, or
• Get Samples from Monte-
Carlo simulation of model
Property
Gul Agha, University of Illinois 66
![Page 67: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/67.jpg)
July 6, 2016
Checking P<0.6(p U<12 q) statistically at s
On 21 paths (p U<12 q) is satisfied
21/30 > 0.6 can we say that P<0.6(p U<12 q) is violated
at s ??
Statistically, yes, provided we quantify the error in our decision
error =
= Pr[On 21 (or more) out of 30 paths (p U<12 q) hold
| probability that (p U<12 q) holds on a path is less
than 0.6]
· Pr[X ¸ 21 ] where X~Binomial(30,0.6)
Sample contains, say, 30
paths from s
…….
p U<12 q
Gul Agha, University of Illinois 67
![Page 68: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/68.jpg)
July 6, 2016
Error (p-value)
Let r = (# of paths on which (p U<12 q) hold / # of total paths)
Let p = Pr[(p U<12 q) holds on a path]
“no” answer : (formula violates)
“yes” answer : (formula holds)
0.0 1.010/30 0.6
pr
0.0 1.021/30
0.6
rp error = Pr[r ≥ 21/30 | p ≤ 0.6]
error = Pr[r ≤ 10/30 | p > 0.6]
Gul Agha, University of Illinois 68
![Page 69: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/69.jpg)
July 6, 2016
Nested: Checking P<0.6(1U<122) at s
• 1 and 2 contain nested probabilistic operators
Checking (1 U<12 2) over a path
Answers are not simply “yes” or “no”
Answers can be
“yes” with error
“no” with error
“don’t know”
Need a modified decision procedure
Handle “don’t know” to get useful answers
Incorporate error of decision for sub-formulas
Gul Agha, University of Illinois 69
![Page 70: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/70.jpg)
July 6, 2016
Checking P<0.6(1U<122) at s (Problem)
Solution
1. Resolve “don’t know” (?) in adversarial fashion
Observation region
2. Create “uncertainty region”to incorporate error associated with sub-formulas.
…….
1 U<12 2
?1 32
?
Gul Agha, University of Illinois 70
![Page 71: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/71.jpg)
Evolving Systems
Big data applications require
approximate answers in a real-time.
Probabilistic actor-based programming
Adaptive programs:
Use predictive distributed monitoring and
statistical inference.
Learning and prediction using Bayesian
methods
time
pro
babili
ty
approximation
July 6, 2016 Gul Agha, University of Illinois 71
![Page 72: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/72.jpg)
100 nodes, 5 Abstract States 5100 potential states
Interested in aggregate properties or expected values
Model state as pmf vector (superposition of probabilities)
Representing State
July 6, 2016 Gul Agha, University of Illinois
nnspspsps ...2211
1s 2s 3snss …
72
![Page 73: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/73.jpg)
Transitions may be governed by a Markov model
pmf vector defines the initial state for a DTMC
Search in an Euclidean space
Property stabilizes after a computable depth
Model checking reduced to linear algebra
Euclidean Model Checking
Evolution of Probability Distributions
July 6, 2016 Gul Agha, University of Illinois 73
![Page 74: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/74.jpg)
Programming based on the Actor Model facilitates
scalable, secure development of concurrent
programs.
Probabilistic programming methods needed
New reasoning methods needed:
Scalable
Model probabilistic computation
Address quantitative properties
Conclusions
July 6, 2016 Gul Agha, University of Illinois 74
![Page 75: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/75.jpg)
Gul Agha, ACTORS - a model of concurrent computation in distributed systems, MIT Press Series in
Artificial Intelligence. MIT Press, 1986.
Gul Agha, “Concurrent object-oriented programming,” Communications of the ACM, 33(9):125–141,
Sep 1990.
Gul Agha, Ian A. Mason, Scott F. Smith, and Carolyn L. Talcott, “Towards a theory of actor
computation,” in Rance Cleaveland, editor, CONCUR ’92, Third International Conference on
Concurrency Theory, Stony Brook, NY, USA, August 24-27, 1992, Proceedings, volume 630 of Lecture
Notes in Computer Science, pages 565–579. Springer, 1992.
Gul Agha, Ian A. Mason, Scott F. Smith, and Carolyn L. Talcott, “A foundation for actor computation,”
Journal of Functional Programming, 7(1):1–72, 1997.
WooYoung Kim and Gul Agha. “Efficient Support of Location Transparency in Concurrent Object-
Oriented Programming Languages”. In: Proceedings of Supercomputing ’95, San Diego, CA, USA,
December 4-8, 1995. Ed. by Sidney Karin. IEEE Computer Society / ACM, 1995, 39pp.
References I: Actors
July 6, 2016 Gul Agha, University of Illinois 75
![Page 76: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/76.jpg)
Christopher R. Houck and Gul Agha. “HAL: A High-Level Actor Language and Its Distributed
Implementation”. In: Proceedings of the 1992 International Conference on Parallel Processing (ICPP).
1992, pp. 158–165. Svend Frolund and Gul Agha. “A Language Framework for Multi-Object
Coordination”. In: ECOOP’93 - Object-Oriented Programming, 7th European Conference,
Kaiserslautern, Germany, July 26-30, 1993, Proceedings. Ed. by Oscar Nierstrasz. Vol. 707. Lecture
Notes in Computer Science. Springer, 1993, pp. 346–360.
Gul Agha, Svend Frolund, WooYoung Kim, Rajendra Panwar, Anna Patterson, and Daniel C. Sturman.
“Abstraction and modularity mechanisms for concurrent computing”. In: IEEE Parallel and Distributed
Technology 1.2 (1993), pp. 3–14.
Carlos A. Varela and Gul Agha. “Programming Dynamically Reconfigurable Open Systems with
SALSA”. In: SIGPLAN Notices. ACM Conference on Object-Oriented Programming, Systems,
Languages and Applications: Onward! Track. Vol. 36. 12. 2001, pp. 20–34
Peter Dinges and Gul Agha. “Scoped Synchronization Constraints for Large Scale Actor Systems”. In:
Coordination Models and Languages - 14th International Conference, COORDINATION 2012,
Stockholm, Sweden, June 14-15, 2012. Proceedings. Ed. by Marjan Sirjani. Vol. 7274. Lecture Notes in
Computer Science. Springer, 2012, pp. 89–103.
References II: Actor Languages and Coordination
July 6, 2016 Gul Agha, University of Illinois 76
![Page 77: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/77.jpg)
K. Sen, D. Marinov, and G. Agha, “Cute: a concolic unit testing engine for C,” In M. Wermelinger and H. Gall,
editors, Proceedings of the 10th European Software Engineering Conference held jointly with 13th ACM SIGSOFT
International Symposium on Foundations of Software Engineering, 2005, Lisbon, Portugal, September 5-9, 2005,
pages 263–272. ACM, 2005.
K. Sen and G. Agha, “A race-detection and flipping algorithm for automated testing of multi-threaded programs,” In
E. Bin, A. Ziv, and S. Ur, editors, Hardware and Software, Verification and Testing, Second International Haifa
Verification Conference, HVC 2006, Haifa, Israel, October 23-26, 2006. Revised Selected Papers, volume 4383 of
Lecture Notes in Computer Science, pages 166–182. Springer, 2007.
P. Dinges and G. Agha “Solving complex path conditions through heuristic search on induced polytopes,” In
Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering, FSE
2014, pages 425–436. ACM, 2014.
Peter Dinges and Gul Agha. 2014. Targeted test input generation using symbolic-concrete backward execution. In
Proceedings of the 29th ACM/IEEE international conference on Automated software engineering (ASE '14). ACM,
New York, NY, USA, 31-36. DOI=http://dx.doi.org/10.1145/2642937.2642951
References III: Concolic Testing
July 6, 2016 Gul Agha, University of Illinois 77
![Page 78: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/78.jpg)
K. Sen and G. Agha, “Automated systematic testing of open distributed programs,” In L. Baresi and R.
Heckel, editors, Fundamental Approaches to Software Engineering, 9th International Conference,
FASE 2006, Held as Part of the Joint European Conferences on Theory and Practice of Software,
ETAPS 2006, Vienna, Austria, March 27-28, 2006, Proceedings, volume 3922 of Lecture Notes in
Computer Science, pages 339–356. Springer, 2006.
Steven Lauterburg, Mirco Dotta, Darko Marinov, and Gul Agha. 2009. A Framework for State-Space
Exploration of Java-Based Actor Programs. In Proceedings of the 2009 IEEE/ACM International
Conference on Automated Software Engineering (ASE '09). IEEE Computer Society, Washington, DC,
USA, 468-479. DOI=http://dx.doi.org/10.1109/ASE.2009.88
Steven Lauterburg, Rajesh K. Karmani, Darko Marinov, and Gul Agha. 2010. Basset: a tool for
systematic testing of actor programs. In Proceedings of the eighteenth ACM SIGSOFT international
symposium on Foundations of software engineering (FSE '10). ACM, New York, NY, USA, 363-364.
DOI=http://dx.doi.org/10.1145/1882291.1882349
References IV: Actor Testing Tools
July 6, 2016 Gul Agha, University of Illinois 78
![Page 79: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/79.jpg)
Koushik Sen, Abhay Vardhan, Gul Agha, and Grigore Rosu. 2004. Efficient Decentralized
Monitoring of Safety in Distributed Systems. In Proceedings of the 26th International
Conference on Software Engineering (ICSE '04). IEEE Computer Society, Washington, DC,
USA, 418-427.
Sen, Koushik, Grigore Roşu, and Gul Agha. "Online efficient predictive safety analysis of
multithreaded programs." International Conference on Tools and Algorithms for the
Construction and Analysis of Systems. Springer Berlin Heidelberg, 2004.
References V: Runtime Verification
July 6, 2016 Gul Agha, University of Illinois 79
![Page 80: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/80.jpg)
Kwon, YoungMin, and Gul Agha. "Linear inequality LTL (iLTL): A model checker for discrete time
markov chains." International conference on formal engineering methods. Springer Berlin Heidelberg,
2004.
Sen, Koushik, Mahesh Viswanathan, and Gul Agha. "Statistical model checking of black-box
probabilistic systems." International Conference on Computer Aided Verification. Springer Berlin
Heidelberg, 2004.
Sen, Koushik, Mahesh Viswanathan, and Gul Agha. "On statistical model checking of stochastic
systems." International Conference on Computer Aided Verification. Springer Berlin Heidelberg, 2005.
Agha, Gul, José Meseguer, and Koushik Sen. "PMaude: Rewrite-based specification language for
probabilistic object systems." Electronic Notes in Theoretical Computer Science 153.2 (2006): 213-239.
Korthikanti, Vijay Anand, et al. "Reasoning about MDPs as transformers of probability distributions."
Quantitative Evaluation of Systems (QEST), 2010 Seventh International Conference on the. IEEE,
2010.
Kwon, YoungMin, and Gul Agha. "Verifying the evolution of probability distributions governed by a
DTMC." IEEE Transactions on Software Engineering 37.1 (2011): 126-141.
References VI: Probabilistic Programming, Statistical Model
Checking and Euclidean Model Checking
July 6, 2016 Gul Agha, University of Illinois 80
![Page 81: Abstractions, Semantic Models and Analysis Tools for ...staf2016.conf.tuwien.ac.at/wp-content/uploads/SEFM2016-GulAgha.pdfScalable Applications Martian Rover (1990s) Twitter's message](https://reader034.vdocuments.mx/reader034/viewer/2022042223/5ec9a21f49808464723fd084/html5/thumbnails/81.jpg)
Rice, Jennifer A., et al. "Flexible smart sensor framework for autonomous structural health
monitoring." Smart structures and Systems 6.5-6 (2010): 423-438.
Jang, Shinae, et al. "Structural health monitoring of a cable-stayed bridge using smart sensor
technology: deployment and evaluation." Smart Structures and Systems 6.5-6 (2010): 439-
459.
Kwon, YoungMin, Kirill Mechitov, and Gul Agha. "Design and implementation of a mobile
actor platform for wireless sensor networks." Concurrent objects and beyond. Springer Berlin
Heidelberg, 2014. 276-316.
Khamespanah, Ehsan, Kirill Mechitov, Marjan Sirjani, and Gul Agha. "Schedulability Analysis
of Distributed Real-Time Sensor Network Applications Using Actor-Based Model Checking."
In International Symposium on Model Checking Software, pp. 165-181. Springer
International Publishing, 2016.
Sensor Network Application
July 6, 2016 Gul Agha, University of Illinois 81