What is Parametric Trace Slicing Good For? Giles Reger School of Computer Science, University of Manchester, UK Giles Reger What is Parametric Trace Slicing Good For? 1 / 13
The Setting: Events and Traces Parametric Trace Slicing (PTS): The Setting Events have data parameters e.g. open( readme . txt ) hasNext( iterator @ ABC123 ) add( collection @ XYZ , object @ 789 ) Traces are (finite) sequences of events Properties are sets of traces; we need to specify properties In the original work it was assumed that data values Are objects (the setting was Java) Have an inherent notion of equality Giles Reger What is Parametric Trace Slicing Good For? 3 / 13
The Setting: Events and Traces PTS: An Origin Story Here’s a kind of property we care about: � (open → ♦ close) This should apply to all files: for every f we have � (open( f ) → ♦ close( f )) The behaviours of different files are independent. Slice the trace on file values and just check the property � (open → ♦ close) on these slices The trace open( A ) open( B ) close( A ) open( B ) close( B ) open( A ) is sliced into the two slices open close open open open close Giles Reger What is Parametric Trace Slicing Good For? 4 / 13
The Setting: Events and Traces PTS: Multiple Values The tricky bit was making it work for multiple values The standard example is creating iterators from collections For every collection c and iterator i created from c, i should not be used after c is updated create( C , A ) use( A ) update( C ) create( C , B ) use( B ) is sliced into create use update update create use Notice that update( C ) is relevant to both slices The ‘tricky’ bit is building these slices incrementally as we don’t know the values to slice on upfront and, therefore, we need to track partial bindings and extend them properly Giles Reger What is Parametric Trace Slicing Good For? 5 / 13
Quantified Event Automata PTS: Extending with Local Variables In my work I added a notion of local variables Imagine we wanted to capture that a counter is strictly increasing... The idea is to have variables we do not slice on update( A , 2) update( B , 3) update( A , 4) update( B , 3) slices into update( A , 2) update( A , 4) update( B , 3) update( B , 3) but now we need to keep the values, so that we can check they are increasing.... in general need to define which variables to slice on. Giles Reger What is Parametric Trace Slicing Good For? 6 / 13
Quantified Event Automata PTS: Making quantification explicit I also made the quantification explicit So far I have been relaxed by how the result of slicing should be evaluated; in general it is for all slices i.e. universal quantification over slicing variables It is then natural to add existential quantification And this forces us to make the domain of quantification explicit This is taken as the set of values in the trace that match this variable when matching with the alphabet of the specification Perhaps some mistakes were made when defining this... Giles Reger What is Parametric Trace Slicing Good For? 7 / 13
Quantified Event Automata Quantified Event Automata A QEA consists of A list of quantifications (e.g. ∀ x ∃ y ) A (non-deterministic) automaton with transitions labelled with parametric events, guards and assignments The semantics is given by PTS as follows: For each binding θ of quantified variables Instantiate automata with θ to give A Project/slice trace using θ to give τ Check τ ∈ L ( A ) Using quantifier list to combine results to give verdict Giles Reger What is Parametric Trace Slicing Good For? 8 / 13
Quantified Event Automata By Example, the Auction Site Instrument an action site to observe some events list(t,user,item,min,period) bid(t,user,item,amount) sold(t,item,user) withdraw(t,item) Define some properties we want to hold P1. Items must be listed before being bid on and may only be listed once P2. Bids on an item must be strictly increasing P8. There are two users ‘u1‘ and ‘u2‘ such that ‘u1‘ bids on all items listed by ‘u2‘ P10. A user frequently (over 50% of the time) bids within 2 seconds of another user Giles Reger What is Parametric Trace Slicing Good For? 9 / 13
Quantified Event Automata P1+2 qea(P1and2){ forall(item) accept next state(1){ list(_,_,item,_,_) do [current:=0] -> 2 } accept next state(2){ bid(_,_,item,amount) if [amount > current ] do [current:=amount] -> 2 } } P1. Items must be listed before being bid on and may only be listed once P2. Bids on an item must be strictly increasing Giles Reger What is Parametric Trace Slicing Good For? 10 / 13
Quantified Event Automata P8 qea(P8){ exists(u1,u2) forall(item) accept skip state(1){ list(_,u2,item,_,_) -> 2 } skip state(2){ bid(_,u1,item,_) -> success } } P8. There are two users ‘u1‘ and ‘u2‘ such that ‘u1‘ bids on all items listed by ‘u2‘ Giles Reger What is Parametric Trace Slicing Good For? 11 / 13
Pros and Cons Pros and Cons What is it Good for? When you have a few quantified variables where we care about the cross-product; there are very efficient indexing structures A setting where monitored objects are garbage collected What is it Bad For? Arguably, this is not intuitive; reasoning about specifications is typically non-local (you need the full picture) When you have lots of redundancy in the cross-product domain; in certain cases we can work this out and account for it, but this is dependent on the structure of the specification Specifications using PTS are not composable Giles Reger What is Parametric Trace Slicing Good For? 12 / 13
Extras Extras Things I’m already looking at: Specification mining for QEA Extending quantification to counting quantifiers etc Combination with static analysis (Clara-like and detecting garbage) Relation of QEA to other languages (via translation) A general theory of redundancy What I haven’t begun to look at Pushing ideas from QEA back into the general JavaMOP plugin framework Composability Other theoretical properties of QEA Giles Reger What is Parametric Trace Slicing Good For? 13 / 13
Recommend
More recommend