Jingshu Chen

Effect of fairness in model checking of self-stabilizing programs

Existing approaches for verifying self-stabilization with symbolic model checker have relied on the use of weak fairness. We point out that this approach has limited scalability. To overcome this limitation, we show that if self-stabilization is possible without fairness then cost of verifying self-stabilization is substantially lower. The practical meaning of this observation is if the extra effort required to verify self-stabilization under weak fairness is not necessary then the state space reached by model checking of self-stabilizing programs could be substantially larger.

Refinement of Probabilistic Stabilizing Programs Using Genetic Algorithms

In this paper, we evaluate the role of genetic algorithms GAs for identifying optimal probabilities in probabilistic self-stabilizing algorithms. Although it is known that the use of probabilistic actions is beneficial for reducing the state space requirements and solving problems that are unsolvable in the deterministic manner, identifying thei¾?ideal probabilities is often difficult. This is especially the case where several independent probability values need to be selected. We analyze two token ring protocols proposed by Herman ---an asymmetric program where one process is distinguished and a symmetric program where all processes are identical anonymous. We find that for the asymmetric program, unequal probabilities are preferred for smaller rings. Moreover, the size of the ring for which equal probability is desirable increases with the increase in the states available to individual processes. By contrast, unequal probabilities are preferred for the symmetric token ring when the number of processes increases. We also consider the case where the symmetric protocol is modified to allow each process to choose the probabilities independently. We find that making a few processes almost deterministic reduces the expected convergence time. Finally, we note that the analysis in the paper can also be used to identify the increased cost of randomization when compared to a corresponding deterministic solution.

The Complexity of Adding Multitolerance

We focus on the problem of adding multitolerance to an existing fault-intolerant program. A multitolerant program tolerates multiple classes of faults and provides a potentially different level of fault tolerance to each of them. We consider three levels of fault tolerance, namely failsafe (i.e., satisfy safety in the presence of faults), nonmasking (i.e., recover to legitimate states after the occurrence of faults), and masking (both). For the case where the program is subject to two classes of faults, we consider six categories of multitolerant programs—FF, FN, FM, MM, MN, and NN, where F, N, and M represent failsafe, nonmasking, and masking levels of tolerance provided to each class of fault. We show that the problem of adding FF, NN, and MN multitolerance can be solved in polynomial time (in the state space of the program). However, the problem is NP-complete for adding FN, MM, and FM multitolerance. We note that the hardness of adding MM and FM multitolerance is especially atypical given that MM and FM multitolerance can be added efficiently under more restricted scenarios where multiple faults occur simultaneously in the same computation. We also present heuristics for managing the complexity of MM multitolerance. Finally, we present real-world multitolerant programs and discuss the trade-off involved in design decisions while developing such programs.

A Reflective Framework for Authentication in Grid Computing Environments

A fundamental concern in building a secure grid computing environment is authentication of local and remote entities in the environment. The existing authentication technologies in the grid computing environments can effectively guarantee the valid authentication, but they cannot meet the demands of new security challenges in dynamic grid environment, such as flexibility, lightweight, and extensibility. In order to satisfy the security needs of the computational grid, we propose a reflective authentication framework which aims to improve the customizing ability of platform and adaptive ability in the open and dynamic grid environment

A New Architecture of Data Access Middleware under Grid Environment

Data sharing is one of the most important research areas in data grid. Distributed data resource and heterogeneous data schema bring difficulties to data access and sharing. This article mainly focuses on how to deal with the heterogeneity of data schema and put forward a blueprint to solve the data access and sharing problem of heterogeneous physical data resources in the grid. To solve this problem we propose the SDB resource model which extracts three data layers from the physical data resource in order to facilitate the access and sharing of data resource

MR4UM: A framework for adding fault tolerance to UML state diagrams

Modern systems often need to address the challenges brought about by a changing environment and/or newly identified faults. The economic and practical issues dictate that the existing models and/or programs be reused while providing tolerance in the presence of faults. In this paper, we propose a framework, namely MR4UM, for applying model revision for the existing program design modeled in a UML state diagram to add tolerance to newly identified faults. In particular, MR4UM starts with program design modeled in a UML state diagram, and automatically transforms the design model in the UML state diagram to the corresponding program actions in the underlying computational model (UCM). Then, MR4UM applies the techniques of model revision to the program in the UCM and generates a fault-tolerant program in the UCM. Finally, MR4UM automatically converts the fault-tolerant program in the UCM into a fault-tolerant program design in the UML state diagram. We illustrate the stepwise procedure of MR4UM with two case studies: the adaptive cruise control program from an automotive system and the altitude switch program from an aircraft altitude control system.

Towards scalable model checking of self-stabilizing programs

Existing approaches for verifying self-stabilization with a symbolic model checker have relied on the use of weak fairness. We point out that this approach has limited scalability. To overcome this limitation, first, we show that if self-stabilization is possible without fairness then the cost of verifying self-stabilization is substantially lower. In fact, we observe from several case studies that the cost of verification under weak fairness is more than 1000 times that of the cost without fairness. For the case where weak fairness is essential for self-stabilization, we demonstrate the feasibility of two approaches for improving scalability: (1) decomposition and (2) utilizing the weaker version of self-stabilization, namely weak stabilization. In the first approach, the designer partitions the program into components where each component satisfies its property without fairness. We show that the first approach enables us to verify Huangs mutual exclusion program for uniform rings with 31 processes (state space 10^1^3^8) whereas without this approach, it was not possible to verify the same program with 5 processes (state space 10^1^0). In the second approach, a weaker version of self-stabilization is verified. For Hoepmans ring-orientation program on odd-length ring, we show that it is possible to verify weak stabilization for 301 processes (state space 10^1^8^1) whereas self-stabilization could not be verified for 9 processes (state space 10^5) under weak fairness. Furthermore, one can utilize transformation algorithms to convert weak stabilizing programs to probabilistically stabilizing programs. Hence, for the case where it is not possible to verify deterministic self-stabilization, one can obtain the assurance provided by probabilistic self-stabilization at a significantly reduced cost. Finally, we also present 5 case studies to illustrate the scalability of stabilization with techniques suggested in this paper.

Ensuring Average Recovery with Adversarial Scheduler.

In this paper, we focus on revising a given program so that the average recovery time in the presence of an adversarial scheduler is bounded by a given threshold lambda. Specifically, we consider the scenario where the fault (or other unexpected action) perturbs the program to a state that is outside its set of legitimate states. Starting from this state, the program executes its actions/transitions to recover to legitimate states. However, the adversarial scheduler can force the program to reach one illegitimate state that requires a longer recovery time. To ensure that the average recovery time is less than lambda, we need to remove certain transitions/behaviors. We show that achieving this average response time while removing minimum transitions is NP-hard. In other words, there is a tradeoff between the time taken to synthesize the program and the transitions preserved to reduce the average convergence time. We present six different heuristics and evaluate this tradeoff with case studies. Finally, we note that the average convergence time considered here requires formalization of hyperproperties. Hence, this work also demonstrates feasibility of adding (certain) hyperproperties to an existing program.

SMT-Based Model Checking for Stabilizing Programs ,

We focus on the verification of stabilizing programs using SMT solvers. SMT solvers have the potential to convert the verification problem into a satisfiability problem of a Boolean formula and utilize efficient techniques to determine whether it is satisfiable. We focus on utilizing techniques from bounded model checking to determine whether the given program is stabilizing. We illustrate our approach using three case studies. We also identify tradeoffs between verification with SMT solvers and existing approaches.

Application of automated revision for UML models: a case study

Modern systems often need to address changing environment and/or faults. The economic and practical issues dictate that the existing models and/or programs be reused while providing fault-tolerance in the presence of faults. Our paper proposes a framework of automated revision of existing program design modeled in UML to add fault-tolerance. Our framework starts with program design modeled in UML state diagram, and then automatically transforms design model to the corresponding underlying computational model. Subsequently, automated revision algorithms are applied to the underlying computational model. Finally the revised program model is converted into an UML model that provides the desired fault-tolerance property. We illustrate the whole work-flow with a case study from automotive systems.