1-14hit |
Ceph is an object-based parallel distributed file system that provides excellent performance, reliability, and scalability. Additionally, Ceph provides its Cephx authentication system to authenticate users, so that it can identify users and realize authentication. In this paper, we first model the basic architecture of Ceph using process algebra CSP (Communicating Sequential Processes). With the help of the model checker PAT (Process Analysis Toolkit), we feed the constructed model to PAT and then verify several related properties, including Deadlock Freedom, Data Reachability, Data Write Integrity, Data Consistency and Authentication. The verification results show that the original model cannot cater to the Authentication property. Therefore, we formalize a new model of Ceph where Cephx is adopted. In the light of the new verification results, it can be found that Cephx satisfies all these properties.
Yoshinao ISOBE Nobuhiko MIYAMOTO Noriaki ANDO Yutaka OIWA
In this paper, we demonstrate that a formal approach is effective for improving reliability of cooperative robot designs, where the control logics are expressed in concurrent FSMs (Finite State Machines), especially in accordance with the standard FSM4RTC (FSM for Robotic Technology Components), by a case study of cooperative transport robots. In the case study, FSMs are modeled in the formal specification language CSP (Communicating Sequential Processes) and checked by the model-checking tool FDR, where we show techniques for modeling and verification of cooperative robots implemented with the help of the RTM (Robotic Technology Middleware).
Ning FU Yingfeng ZHANG Lijun SHAN Zhiqiang LIU Han PENG
With the in-depth development of service computing, it has become clear that when constructing service applications in an open dynamic network environment, greater attention must be paid to trustworthiness under the premise of functions' realization. Trustworthy computing requires theories for business process modeling in terms of both behavior and trustworthiness. In this paper, a calculus for ensuring the satisfaction of trustworthiness requirements in service-oriented systems is proposed. We investigate a calculus called QPi, for representing both the behavior and the trustworthiness property of concurrent systems. QPi is the combination of pi-calculus and a constraint semiring, which has a feature when problems with multi-dimensional properties must be tackled. The concept of the quantified bisimulation of processes provides us a measure of the degree of equivalence of processes based on the bisimulation distance. The QPi related properties of bisimulation and bisimilarity are also discussed. A specific modeling example is given to illustrate the effectiveness of the algebraic method.
Tomohiro KAIZU Yoshinao ISOBE Masato SUZUKI
Sequence diagrams are often used in the modular design of softwares. In this paper, we propose a method to verify correctness of sequence diagrams. With this method, using the process algebra CSP, concurrent systems can be synthesized from a number of sequence diagrams. We define new CSP operators for the synthesis of sequence diagrams. We also report on a tool implementing our synthesis method and demonstrate how the tool analyzes sequence diagrams.
Junkil PARK Jungjae LEE Jin-Young CHOI Insup LEE
The algebra of communicating shared resources (ACSR) is a timed process algebra which extends classical process algebras with the notion of a resource. In analyzing ACSR models, the existing techniques such as bisimulation checking and Hennessy-Milner Logic (HML) model checking are very important in theory of ACSR, but they are difficult to use for large complex system models in practice. In this paper, we suggest a framework to verify ACSR models against their requirements described in an expressive timed temporal logic. We demonstrate the usefulness of our approach with a real world case study.
This paper proposes a framework for building a reusable mobile agent from two kinds of components: an itinerary component and an application-specific logic component. Both components are implemented as mobile agents. The former is a carrier of the latter over particular networks and the latter defines management tasks performed at each host independently of the network. This framework also provides a mechanism for matchmaking the two mobile agent-based components. Since the mechanism is formulated based on a process algebra approach, it can strictly select a suitable itinerary component to perform management tasks at the hosts that the tasks want to visit over the networks. A prototype implementation of this framework and its application were built on a Java-based mobile agent system. We summarize the lessons learned while formalizing and implementing the approach and we compare it to related work.
In this paper, we describe the development and the analysis of the Label Distribution Protocol (LDP) for Multiprotocol Label Switching System. We review the implementation issues that are required to construct the LDP for a gigabit switched router and propose a detailed design of the LDP. We present the detailed design using the Deviation Tree of the protocol state machine and a formal specification of the state machine using the process algebra. These specifications are based on the IETF standard. By analyzing the protocol behaviors of the Deviation Trees and the formal specification, we prove the interoperability, completeness, liveness, reachability, and the safety of the implemented LDP. We expect that the reliability would be improved using these analyses. With these proofs we expect the implemented LDP will be interoperable with other commercialized products. As a result we validate the protocol behaviors of the implemented LDP.
Yoshinao ISOBE Yutaka SATO Kazuhito OHMAKI
We have already proposed a process algebra µLOTOS as a mathematical framework to synthesize a process from a number of (incomplete) specifications, in which requirements for the process do not have to be completely determined. It is guaranteed that the synthesized process satisfies all the given specifications, if they are consistent. For example, µLOTOS is useful for incremental design. The advantage of µLOTOS is that liveness properties can be expressed by least fixpoints and disjunctions . In this paper, we present µLOTOSR, which is a refined µLOTOS. The improvement is that µLOTOSR has a conjunction operator . Therefore, the consistency between a number of specifications S1,,S2 can be checked by the satisfiability of the conjunction specification S1 S2. µLOTOSR does not need the complex consistency check used in µLOTOS.
Yoshiyuki SHINKAWA Masao J. MATSUMOTO
Adaptability evaluation of software systems is one of the key concerns in both software engineering and requirements engineering. In this paper, we present a formal and systematic approach to evaluate adaptability of software systems to requirements in enterprise business applications. Our approach consists of three major parts, that is, the common modeling method for both business realms and software realms, functional adaptability evaluation between the models with Σ algebra and behavioral adaptability evaluation with process algebra. By our approach, one can rigorously and uniquely determine whether a software system is adaptable to the requirements, either totally or partially. A sample application from an order processing is illustrated to show how this approach is effective in solving the adaptability evolution problem.
Shigetomo KIMURA Yoshihiko EBIHARA
Fairness is one of the important notion for programming language, such as process algebras like CCS, that includes concurrency (or parallelism) and nondeterminism. This ensures that while repeatedly choosing among a set of alternatives, no alternative will be postponed forever. However, the fairness does not mention at what frequency these alternatives are selected. In this paper, we propose a quantitative fairness, which is called economic-oriented fairness, to each alternatives. This fairness ensures that the expected number of selection for each alternatives are same. We give a condition for probability assignment of selection of each alternative to be satisfied for economic-oriented fairness. First we show a simple probability assignment rule. In this assignment, between any two alternatives, if an alternative is selected n times and the other m times then the probability to select the former alternative is (m + 1)/(n + 1) times the probability for the latter. We prove that this assignment satisfies the condition of economic-oriented fairness. For a model of the economic-oriented fairness, we adopt a probabilistic process algebra. Finally, we elaborate with two process models of the economic-oriented fairness. The first one is a server and client model, where each client communicates only with the server, but not among them. In this model, the expected number of communication by each client are equal. The second model considers communication between two processes. In practice, a process has several subprocesses. Each subprocess communicates via a communication port, In the second model, there is economic-oriented fairness where the expected number of communications via each communication port are equal.
Cinzia BERNARDESCHI Andrea BONDAVALLI Luca SIMONCINI
Data flow is a paradigm for concurrent computations in which a collection of parallel processes communicate asynchronously. For nondeterministic data flow networks many semantic models have been defined, however, it is complex to reason about the semantics of a network. In this paper, we introduce a transformation between data flow networks and the LOTOS specification language to make available theories and tools developed for process algebras for the semantic analysis based on traces of the networks. The transformation does not establish a one-to-one mapping between the traces of a data flow network and the LOTOS specification, but maps each network in a specification which usually contains more traces. The obtained system specification has the same set of traces as the corresponding network if they are finite, otherwise also non fair traces are included. Formal analysis and verification methods can still be applied to prove properties of the original data flow network, allowing in case of networks with finite traces to prove also network equivalence.
Yoshinao ISOBE Isao KOJIMA Kazuhito OHMAKI
The purpose of this research is to analyze production rules with coupling modes in active databases and to exploit an assistant system for rule programming. Each production rule is a specification including an event, a condition, and an action. The action is automatically executed whenever the event occurs and the condition is satisfied. Coupling modes are useful to control execution order of transactions. For example, a transaction for consistency check should be executed after transactions for update. An active database, which is a database with production rules, can spontaneously update database states and check their consistency. Production rules provide a powerful mechanism for knowledge-bases. However it is very difficult in general to predict how a set of production rules will behave because of cascading rule triggers, concurrency, and so on. We are attempting to adopt a process algebra as a basic tool to analyze production rules. In order to describe and analyze concurrent and communicating systems, process algebras such as CCS, CSP, ACP, and π-calculus, are well known. However there are some difficulties to apply existing process algebras to analysis of production rules in growing process trees by process creation. In this paper we propose a process algebra named CCSPR (a Calculus of Communicating Systems with Production Rules), Which is an extension of CCS. An advantage of CCSPR is to syntactically describe growing process trees. Therefore, production rules can be appropriately analyzed in CCSPR. After giving definitions and properties of CCSPR, we show an example of analysis of production rules in CCSPR.
Atsushi TOGASHI Shigetomo KIMURA
This paper considers algebraic basic processes, a subset of communicating processes in CCS by Milner, and presents a synthesis algorithm to infer a process that satisfies the properties of the process, represented as fomulae in Hennessy-Milner Logic. The validity of the proposed algorithm can be stated that it synthesizes a process in the limit, which cannot be distinguished from the target one with respect to the strong equivalence.
kazuhito OHMAKI Yutaka SATO Ichiro OGATA Kokichi FUTATSUGI
We often use data flow diagrams or state transition diagrams to design software systems with concurrency. We call those diagrams as nets in this paper. Semantics of any methods to describe such software systems should be defined in some formal ways. There would be no doubts that any nets should be supported by appropriate theoretical frameworks. In this paper, we use CCS as a typical algebraic approach of using formulas to express concurrent behaviors and point out the different features of CCS from Petri nets. Any approaches should be not only theoretically beautiful but also practically useful. We use a specification language LOTOS as such example which has two features, CCS and ADT, and is designed to specify practical communication protocols. Algebraic approaches of using formulas, like LOTOS, can be considered as a compact way to express concurrent behaviors. We explore our discussions of net-oriented approaches into UIMS research fields. After mentioning state transition models of UIMS, we exemplify a practically used example, VIA-UIMS, which has been developed by one of authors. VIA-UIMS employs a net-oriented architecture. It has been designed to reconstuct tools which have already been widely used in many sites.