Deadlock and Termination Detection using IMDS Formalism and Model Checking. Version 2

📝 Abstract

Modern model checking techniques concentrate on global properties of verified systems, because the methods base on global state space. Local features like partial deadlock or process termination are not easy to express and check. In the paper a description of distributed system in an Integrated Model of Distributed Systems (IMDS) combined with model checking is presented. IMDS expresses a dualism in distributed systems: server view and agent view. The formalism uses server states and messages. A progress in computations is defined in terms of actions consuming and producing states and messages. Distributed actions are totally independent and they do not depend on global state. Therefore, IMDS allows the designer to express local features of subsystems. In this model it is easy to describe various kinds of deadlock (including partial deadlock) and to differentiate deadlock from termination. The integration of IMDS with model checking is presented. Temporal formulas testing various kinds of deadlock (in communication or over resources) and termination are proposed.

💡 Analysis

Modern model checking techniques concentrate on global properties of verified systems, because the methods base on global state space. Local features like partial deadlock or process termination are not easy to express and check. In the paper a description of distributed system in an Integrated Model of Distributed Systems (IMDS) combined with model checking is presented. IMDS expresses a dualism in distributed systems: server view and agent view. The formalism uses server states and messages. A progress in computations is defined in terms of actions consuming and producing states and messages. Distributed actions are totally independent and they do not depend on global state. Therefore, IMDS allows the designer to express local features of subsystems. In this model it is easy to describe various kinds of deadlock (including partial deadlock) and to differentiate deadlock from termination. The integration of IMDS with model checking is presented. Temporal formulas testing various kinds of deadlock (in communication or over resources) and termination are proposed.

📄 Content

1 Institute of Computer Science Warsaw University of Technology

Research Report No. 2/2008

Deadlock and Termination Detection using IMDS Formalism and Model Checking Version 2

Wiktor B. Daszczuk Institute of Computer Science, Warsaw University of Technology wbd@ii.pw.edu.pl

Abstract: Modern model checking techniques concentrate on global properties of verified systems, because the methods base on global state space. Local features like partial deadlock or process termination are not easy to express and check. In the paper a description of distributed system in an Integrated Model of Distributed Systems (IMDS) combined with model checking is presented. IMDS expresses a dualism in distributed systems: server view and agent view. The formalism uses server states and messages. A progress in computations is defined in terms of actions consuming and producing states and messages. Distributed actions are totally independent and they do not depend on global state. Therefore, IMDS allows the designer to express local features of subsystems. In this model it is easy to describe various kinds of deadlock (including partial deadlock) and to differentiate deadlock from termination. The integration of IMDS with model checking is presented. Temporal formulas testing various kinds of deadlock (in communication or over resources) and termination are proposed.

1 Introduction

First attempts to deadlock detection were made on global state space of a centralized system [Haqu06, Zhou99] (or rather its model), by analysis of a graph of dependences called “wait- for graph”. This approach allowed to predict a risk of deadlock statically. Alternate methods allowed to observe a system on-line in a selected “snapshots”, which allowed to discover deadlocks in run-time [Chan85]. This is useful especially in systems in which global behavior cannot be predicted, like in a set of independent user programs requesting shared resources.

This approach was transferred to distributed systems with addition of locality obligation, as global state does not exist in general in such systems. Locality means that there are no notions like real time or simultaneity: a global decision of a deadlock state is made basing on independent local circumstances reported by system components [Chan83, Elma86, Mitc84]. The wait-for graph approach is successfully used till now, especially in run-time deadlock detection [Agar06, Knap87].

On the other hand, distributed termination detection techniques evolved [Huan89, Matt89, Peri04]. The methods are based on observation of special features of distributed processes (sometimes defined specially for termination detection) or control over message traffic.

2 Many modern system verification techniques are based on model checking, i.e. static exploration of global state space of a system (or a part of it in some techniques) [Clar99]. Many methods are used, typically based on temporal logics or similar formalisms. These techniques are exploded in research and lastly even in the verification of commercial software. Among the methods are graph-based (as statecharts [Hare87]) and language-based (as Promela [Holz95]). In verification, features are tested like safety (usually checked by “always” operator) and liveness (usually checked by “eventually”).

The activities of the system are expressed in terms of local features of its components, and the global state space of the system is constructed. Many local features of system components may be expressed and verified by means of model checking. Deadlock is not a temporal property (it cannot be expressed by any temporal formula), but most model chceckers are equipped with deadlock detection procedures [Corb96, Puha00] , for example in SPIN [Holz95, Holz97, Have00]. Other approaches to identify deadlock by model checking are presented in [Kara91]. Usage of model checking techniques led to redefinition of deadlock, as it is difficult to express wait-for graphs in terms of temporal operators. Deadlock is usually defined as “state with no future”, i.e. a strongly connected subgraph containing one state only: the deadlock itself [Kave01, Mage99].

This concerns total deadlock, when all components cannot make progress. Unfortunately, partial deadlock (in which there are processes than cannot continue, but there are still other processes that can run) can be neither expressed not found using model checking. Moreover, it is difficult to differentiate deadlock of a process from its termination (in both cases the process discontinues).

In the paper we will propose the application of Integrated Model of Distributed Systems (IMDS [Chro02]), which highlights locality of properties of verified system and exploits communication dualism (message passing/variable sharing). When combined with model checking, IMDS allows to express and find partial deadlock and to differentiate it from process termination

This content is AI-processed based on ArXiv data.