Abstract
Today’s distributed systems must satisfy both qualitative and quantitative properties. These properties are analyzed using very different formal frameworks: expressive untimed and non-probabilistic frameworks, such as TLA+ and Hoare/separation logics, for qualitative properties; and timed/probabilistic-automaton-based ones, such as Uppaal and Prism, for quantitative ones. This requires developing two quite different models of the same system, without guarantees of semantic consistency between them. Furthermore, it is very hard or impossible to represent intrinsic features of distributed object systems—such as unbounded data structures, dynamic object creation, and an unbounded number of messages—using finite automata.
In this paper we bridge this semantic gap, overcome the problem of manually having to develop two different models of a system, and solve the representation problem by: (i) defining a transformation from a very general class of distributed systems (a generalization of Agha’s actor model) that maps an untimed non-probabilistic distributed system model suitable for qualitative analysis to a probabilistic timed model suitable for quantitative analysis; and (ii) proving the two models semantically consistent. We formalize our models in rewriting logic, and can therefore use the Maude tool to analyze qualitative properties, and statistical model checking with PVeStA to analyze quantitative properties. We have automated this transformation and integrated it, together with the PVeStA statistical model checker, into the Actors2PMaude tool. We illustrate the expressiveness of our framework and our tool’s ease of use by automatically transforming untimed, qualitative models of numerous distributed system designs—including an industrial data store and a state-of-the-art transaction system—into quantitative models to analyze and compare the performance of different designs.
- Luca Aceto, Matteo Cimini, Anna Ingolfsdottir, Arni Hermann Reynisson, Steinar Hugi Sigurdarson, and Marjan Sirjani. 2011. Modelling and Simulation of Asynchronous Real-Time Systems using Timed Rebeca. Electronic Proceedings in Theoretical Computer Science, 58 (2011), 1–19.
Google Scholar
Cross Ref
- Gul Agha. 1986. Actors: A Model of Concurrent Computation in Distributed Systems. MIT Press, Cambridge, MA, USA. isbn:0-262-01092-5
Google Scholar
Digital Library
- Gul Agha, Carl Gunter, Michael Greenwald, Sanjeev Khanna, Jose Meseguer, Koushik Sen, and Prasanna Thati. 2005. Formal Modeling and Analysis of DoS Using Probabilistic Rewrite Theories. In Workshop on Foundations of Computer Security (FCS).
Google Scholar
- Gul Agha and Karl Palmskog. 2018. A Survey of Statistical Model Checking. ACM Trans. Model. Comput. Simul., 28, 1 (2018), 6:1–6:39.
Google Scholar
Digital Library
- Gul A. Agha, José Meseguer, and Koushik Sen. 2006. PMaude: Rewrite-based Specification Language for Probabilistic Object Systems. Electr. Notes Theor. Comput. Sci., 153, 2 (2006).
Google Scholar
- Musab AlTurki and José Meseguer. 2011. PVeStA: A Parallel Statistical Model Checking and Quantitative Analysis Tool. In CALCO’11 (LNCS, Vol. 6859). Springer, 386–392.
Google Scholar
- M. AlTurki, J. Meseguer, and C. Gunter. 2009. Probabilistic Modeling and Analysis of DoS Protection for the ASV Protocol. Electr. Notes Theor. Comput. Sci., 234 (2009), 3–18.
Google Scholar
Digital Library
- Musab A. Alturki and Grigore Rosu. 2019. Statistical Model Checking of RANDAO’s Resilience to Pre-computed Reveal Strategies. In Formal Methods. FM 2019 International Workshops (LNCS, Vol. 12232). Springer, 337–349.
Google Scholar
- Rajeev Alur, Thomas A. Henzinger, and Moshe Y. Vardi. 2015. Theory in Practice for System Design and Verification. ACM SIGLOG News, 2, 1 (2015).
Google Scholar
Digital Library
- Amazon. Accessed April, 2022. Amazon EC2. https://aws.amazon.com/ec2/
Google Scholar
- Pranav Ashok, Jan Kretínský, and Maximilian Weininger. 2019. PAC Statistical Model Checking for Markov Decision Processes and Stochastic Games. In Proc. CAV 2019 (LNCS, Vol. 11561). Springer, 497–519.
Google Scholar
Cross Ref
- Christel Baier, Luca de Alfaro, Vojtech Forejt, and Marta Kwiatkowska. 2018. Model Checking Probabilistic Systems. In Handbook of Model Checking, Edmund M. Clarke, Thomas A. Henzinger, Helmut Veith, and Roderick Bloem (Eds.). Springer, 963–999.
Google Scholar
- Peter Bailis, Alan Fekete, Ali Ghodsi, Joseph M. Hellerstein, and Ion Stoica. 2016. Scalable Atomic Visibility with RAMP Transactions. ACM Trans. Database Syst., 41, 3 (2016), 15:1–15:45.
Google Scholar
Digital Library
- Mehmet Emin Bakir, Marian Gheorghe, Savas Konur, and Mike Stannett. 2017. Comparative Analysis of Statistical Model Checking Tools. In Membrane Computing - 17th International Conference, CMC 2016 (Lecture Notes in Computer Science, Vol. 10105). Springer, 119–135.
Google Scholar
- Ananda Basu, Saddek Bensalem, Marius Bozga, Jacques Combaz, Mohamad Jaber, Thanh-Hung Nguyen, and Joseph Sifakis. 2011. Rigorous Component-Based System Design Using the BIP Framework. IEEE Softw., 28, 3 (2011), 41–48.
Google Scholar
Digital Library
- Theophilus Benson, Aditya Akella, and David A. Maltz. 2010. Network traffic characteristics of data centers in the wild. In IMC’10. ACM, 267–280.
Google Scholar
- Lucian Bentea and Peter Csaba Ölveczky. 2011. Probabilistic Real-Time Rewrite Theories and Their Expressive Power. In Proc. FORMATS 2011 (LNCS, Vol. 6919). Springer.
Google Scholar
Cross Ref
- Rakesh Bobba, Jon Grov, Indranil Gupta, Si Liu, José Meseguer, Peter Csaba Ölveczky, and Stephen Skeirik. 2018. Survivability: Design, Formal Modeling, and Validation of Cloud Storage Systems Using Maude. In Assured Cloud Computing. Wiley-IEEE Computer Society Press, 10–48.
Google Scholar
- Jonathan Bogdoll, Luis María Ferrer Fioriti, Arnd Hartmanns, and Holger Hermanns. 2011. Partial Order Methods for Statistical Model Checking and Simulation. In Proc. FMOODS/FORTE 2011 (LNCS, Vol. 6722). Springer, 59–74.
Google Scholar
Cross Ref
- Carlos E. Budde, Christian Dehnert, Ernst Moritz Hahn, Arnd Hartmanns, Sebastian Junges, and Andrea Turrini. 2017. JANI: Quantitative Model and Tool Interaction. In Proc. TACAS 2017 (LNCS, Vol. 10206). Springer, 151–168.
Google Scholar
Digital Library
- Apache Cassandra. Accessed April, 2022. Open Source NoSQL Database. https://cassandra.apache.org
Google Scholar
- Manuel Clavel, Francisco Durán, Steven Eker, Patrick Lincoln, Narciso Martí-Oliet, José Meseguer, and Carolyn L. Talcott. 2007. All About Maude (LNCS, Vol. 4350). Springer.
Google Scholar
Digital Library
- CloudLab. Accessed April, 2022. CloudLab: Flexible, scientific infrastructure for research on the future of cloud computing. https://www.cloudlab.us/
Google Scholar
- Brian F. Cooper, Adam Silberstein, Erwin Tam, Raghu Ramakrishnan, and Russell Sears. 2010. Benchmarking cloud serving systems with YCSB. In SOCC’10. ACM, 143–154.
Google Scholar
- Alexandre David, Kim G. Larsen, Axel Legay, Marius Mikucionis, and Danny Bøgsted Poulsen. 2015. Uppaal SMC tutorial. Int. J. Softw. Tools Technol. Transf., 17, 4 (2015), 397–415.
Google Scholar
Digital Library
- Robin Donaldson and David R. Gilbert. 2008. A Model Checking Approach to the Parameter Estimation of Biochemical Pathways. In CMSB 2008 (LNCS, Vol. 5307). Springer, 269–287.
Google Scholar
- Alexandre Duret-Lutz, Alexandre Lewkowicz, Amaury Fauchille, Thibaud Michaud, Etienne Renault, and Laurent Xu. 2016. Spot 2.0 — a framework for LTL and ω -automata manipulation. In ATVA 2016 (LNCS, Vol. 9938). Springer, 122–129.
Google Scholar
Cross Ref
- Jonas Eckhardt, Tobias Mühlbauer, Musab AlTurki, José Meseguer, and Martin Wirsing. 2012. Stable Availability under Denial of Service Attacks through Formal Patterns. In Proc. FASE (LNCS, Vol. 7212). Springer, 78–93.
Google Scholar
Digital Library
- Avishek Ghosh and Kannan Ramchandran. 2018. Faster Data-access in Large-scale Systems: Network-scale Latency Analysis under General Service-time Distributions. In 56th Annual Allerton Conference on Communication, Control, and Computing, Allerton 2018, Monticello, IL, USA, October 2-5, 2018. IEEE, 757–764.
Google Scholar
Digital Library
- Giacomo Giuliari, Dominik Roos, Marc Wyss, Juan Ángel García-Pardo, Markus Legner, and Adrian Perrig. 2021. Colibri: a cooperative lightweight inter-domain bandwidth-reservation infrastructure. In CoNEXT’21. ACM, 104–118.
Google Scholar
- Joseph Goguen and José Meseguer. 1992. Order-Sorted Algebra I: Equational Deduction for Multiple Inheritance, Overloading, Exceptions and Partial Operations. Theoretical Computer Science, 105 (1992), 217–273.
Google Scholar
Digital Library
- Wojciech M. Golab, Muntasir Raihan Rahman, Alvin AuYoung, Kimberly Keeton, and Indranil Gupta. 2014. Client-Centric Benchmarking of Eventual Consistency for Cloud Storage Systems. In ICDCS. IEEE Computer Society, 493–502.
Google Scholar
- G. Grimmett and D. Stirzaker. 2001. Probability and Random Processes (3rd, Ed.). Oxford University Press.
Google Scholar
- Jon Grov and Peter Csaba Ölveczky. 2014. Formal Modeling and Analysis of Google’s Megastore in Real-Time Maude. In Specification, Algebra, and Software (LNCS, Vol. 8373). Springer.
Google Scholar
- André Günther and Christian Hoene. 2005. Measuring Round Trip Times to Determine the Distance Between WLAN Nodes. In NETWORKING 2005 (LNCS, Vol. 3462). Springer, 768–779.
Google Scholar
Digital Library
- Hans Hansson and Bengt Jonsson. 1994. A Logic for Reasoning about Time and Reliability. Formal Asp. Comput., 6, 5 (1994), 512–535.
Google Scholar
Digital Library
- Arnd Hartmanns and Holger Hermanns. 2014. The Modest Toolset: An Integrated Environment for Quantitative Modelling and Verification. In Proc. TACAS 2014 (LNCS, Vol. 8413). Springer, 593–598.
Google Scholar
Cross Ref
- David Henriques, João G. Martins, Paolo Zuliani, André Platzer, and Edmund M. Clarke. 2012. Statistical Model Checking for Markov Decision Processes. In Proc. QEST 2012. IEEE Computer Society, 84–93.
Google Scholar
- Ali Jafari, Ehsan Khamespanah, Haukur Kristinsson, Marjan Sirjani, and Brynjar Magnusson. 2016. Statistical model checking of Timed Rebeca models. Comput. Lang. Syst. Struct., 45 (2016), 53–79.
Google Scholar
Digital Library
- Ali Jafari, Ehsan Khamespanah, Marjan Sirjani, Holger Hermanns, and Matteo Cimini. 2016. PTRebeca: Modeling and analysis of distributed and asynchronous systems. Science of Computer Programming, 128 (2016), 22–50.
Google Scholar
Digital Library
- Gijs Kant, Alfons Laarman, Jeroen Meijer, Jaco van de Pol, Stefan Blom, and Tom van Dijk. 2015. LTSmin: High-Performance Language-Independent Model Checking. In TACAS 2015 (LNCS, Vol. 9035). Springer, 692–707.
Google Scholar
- Michael Katelman, José Meseguer, and Jennifer C. Hou. 2008. Redesign of the LMST Wireless Sensor Protocol through Formal Modeling and Statistical Model Checking. In Proc. FMOODS 2008 (LNCS, Vol. 5051). Springer, 150–169.
Google Scholar
- Achim Klenke. 2006. Probability Theory. Springer.
Google Scholar
- M. Kwiatkowska, G. Norman, and D. Parker. 2011. PRISM 4.0: Verification of Probabilistic Real-time Systems. In CAV’11 (LNCS, Vol. 6806). Springer, 585–591.
Google Scholar
- Richard Lassaigne and Sylvain Peyronnet. 2012. Approximate planning and verification for large Markov decision processes. In Proceedings of the ACM Symposium on Applied Computing, SAC 2012. ACM, 1314–1319.
Google Scholar
Digital Library
- Lei Liang and Si Liu. 2021. Exploring Design Alternatives for Replicated RAMP Transactions Using Maude. In TASE. IEEE, 111–118.
Google Scholar
- Si Liu. 2022. All in One: Design, Verification, and Implementation of SNOW-Optimal Read Atomic Transactions. ACM Trans. Softw. Eng. Methodol., 31, 3 (2022), Article 43, mar, 44 pages. issn:1049-331X https://doi.org/10.1145/3494517
Google Scholar
Digital Library
- Si Liu, Jatin Ganhotra, Muntasir Rahman, Son Nguyen, Indranil Gupta, and José Meseguer. 2017. Quantitative Analysis of Consistency in NoSQL Key-Value Stores. Leibniz Transactions on Embedded Systems, 4, 1 (2017), 03:1–03:26.
Google Scholar
- Si Liu, José Meseguer, Peter Csaba Ölveczky, Min Zhang, and David Basin. 2022. Bridging the Semantic Gap between Qualitative and Quantitative Models of Distributed Systems. http://hdl.handle.net/20.500.11850/563291
Google Scholar
- Si Liu, José Meseguer, Peter Csaba Ölveczky, Min Zhang, and David Basin. 2022. The Actors2PMaude Tool. https://doi.org/10.5281/zenodo.7071693
Google Scholar
Digital Library
- Si Liu, Peter Csaba Ölveczky, Jatin Ganhotra, Indranil Gupta, and José Meseguer. 2017. Exploring Design Alternatives for RAMP Transactions through Statistical Model Checking. In ICFEM (LNCS, Vol. 10610). Springer, 298–314.
Google Scholar
Cross Ref
- Si Liu, Peter Csaba Ölveczky, and José Meseguer. 2015. Formal Analysis of Leader Election in MANETs Using Real-Time Maude. In Software, Services, and Systems (LNCS, Vol. 8950). Springer, 231–252.
Google Scholar
- Si Liu, Peter Csaba Ölveczky, and José Meseguer. 2016. Modeling and analyzing mobile ad hoc networks in Real-Time Maude. J. Log. Algebraic Methods Program., 85, 1 (2016), 34–66.
Google Scholar
Cross Ref
- Si Liu, Peter Csaba Ölveczky, Muntasir Raihan Rahman, Jatin Ganhotra, Indranil Gupta, and José Meseguer. 2016. Formal modeling and analysis of RAMP transaction systems. In SAC. ACM.
Google Scholar
- Si Liu, Peter Csaba Ölveczky, Qi Wang, Indranil Gupta, and José Meseguer. 2019. Read atomic transactions with prevention of lost updates: ROLA and its formal analysis. Formal Asp. Comput., 31, 5 (2019), 503–540.
Google Scholar
Digital Library
- Si Liu, Peter Csaba Ölveczky, Qi Wang, and José Meseguer. 2018. Formal Modeling and Analysis of the Walter Transactional Data Store. In WRLA (LNCS, Vol. 11152). Springer, 136–152.
Google Scholar
Cross Ref
- Si Liu, Peter Csaba Ölveczky, Min Zhang, Qi Wang, and José Meseguer. 2019. Automatic Analysis of Consistency Properties of Distributed Transaction Systems in Maude. In TACAS’19 (LNCS, Vol. 11428). Springer, 40–57.
Google Scholar
- Si Liu, Muntasir Raihan Rahman, Stephen Skeirik, Indranil Gupta, and José Meseguer. 2014. Formal Modeling and Analysis of Cassandra in Maude. In ICFEM (LNCS, Vol. 8829). Springer.
Google Scholar
- Si Liu, Atul Sandur, José Meseguer, Peter Csaba Ölveczky, and Qi Wang. 2020. Generating Correct-by-Construction Distributed Implementations from Formal Maude Designs. In NFM’20 (LNCS, Vol. 12229). Springer.
Google Scholar
- Braham Lotfi Mediouni, Ayoub Nouri, Marius Bozga, Mahieddine Dellabani, Axel Legay, and Saddek Bensalem. 2018. SBIP 2.0: Statistical Model Checking Stochastic Real-Time Systems. In ATVA’18 (LNCS, Vol. 11138). Springer, 536–542.
Google Scholar
- José Meseguer. 1992. Conditional Rewriting Logic as a Unified Model of Concurrency. Theoretical Computer Science, 96, 1 (1992), 73–155.
Google Scholar
Digital Library
- José Meseguer. 1993. A Logical Theory of Concurrent Objects and its realization in the Maude Language. In Research Directions in Concurrent Object-Oriented Programming, Gul Agha, Peter Wegner, and Akinori Yonezawa (Eds.). MIT Press, 314–390.
Google Scholar
- J. Meseguer, M. Palomino, and N. Martí-Oliet. 2010. Algebraic simulations. J. Log. Algebr. Program., 79, 2 (2010), 103–143.
Google Scholar
Cross Ref
- J. Meseguer and R. Sharykin. 2006. Specification and Analysis of Distributed Object-Based Stochastic Hybrid Systems. In HSCC (LNCS, Vol. 3927). Springer, 460–475.
Google Scholar
- Microsoft. 2018. High-level TLA+ specifications for the five consistency levels offered by Azure Cosmos DB. https://github.com/Azure/azure-cosmos-tla
Google Scholar
- C. Newcombe, T. Rath, F. Zhang, B. Munteanu, M. Brooker, and M. Deardeuff. 2015. How Amazon Web Services Uses Formal Methods. Commun. ACM, 58, 4 (2015), April, 66–73.
Google Scholar
Digital Library
- Peter Csaba Ölveczky. 2017. Designing Reliable Distributed Systems - A Formal Methods Approach Based on Executable Modeling in Maude. Springer.
Google Scholar
- Charles E. Perkins, Elizabeth M. Belding-Royer, and Samir R. Das. 2003. Ad hoc On-Demand Distance Vector (AODV) Routing. RFC, 3561 (2003), 1–37.
Google Scholar
- PRISM. Accessed April, 2022. PRISM-SMC. https://www.prismmodelchecker.org/manual/RunningPRISM/StatisticalModelChecking
Google Scholar
- R. Rubinstein and D.P. Kroese. 2017. Simulation and the Monte Carlo Method (3rd, Ed.). J. Wiley & Sons.
Google Scholar
- Rubén Rubio, Narciso Martí-Oliet, Isabel Pita, and Alberto Verdejo. 2021. Strategies, model checking and branching-time properties in Maude. J. Log. Algebraic Methods Program., 123 (2021), 100700. https://doi.org/10.1016/j.jlamp.2021.100700
Google Scholar
Cross Ref
- SCION. Accessed April, 2022. SCION: Scalability, Control, and Isolation on Next-Generation Networks. https://scion-architecture.net/
Google Scholar
- Stefano Sebastio and Andrea Vandin. 2013. MultiVeStA: Statistical Model Checking for Discrete Event Simulators. In ValueTools. ICST/ACM, 310–315.
Google Scholar
- Koushik Sen, Mahesh Viswanathan, and Gul Agha. 2005. On Statistical Model Checking of Stochastic Systems. In CAV’05 (LNCS, Vol. 3576). Springer.
Google Scholar
- Koushik Sen, Mahesh Viswanathan, and Gul A. Agha. 2005. VESTA: A Statistical Model-checker and Analyzer for Probabilistic Systems. In QEST’05. IEEE Computer Society, 251–252.
Google Scholar
- Marjan Sirjani, Ali Movaghar, Amin Shali, and Frank S. de Boer. 2004. Modeling and Verification of Reactive Systems using Rebeca. Fundamenta Informaticae, 63, 4 (2004), 385–410.
Google Scholar
Digital Library
- Stephen Skeirik, Rakesh B. Bobba, and José Meseguer. 2013. Formal Analysis of Fault-tolerant Group Key Management Using ZooKeeper. In CCGRID. 636–641.
Google Scholar
- Abraão Aires Urquiza, Musab A. AlTurki, Max I. Kanovich, Tajana Ban Kirigin, Vivek Nigam, Andre Scedrov, and Carolyn L. Talcott. 2019. Resource-Bounded Intruders in Denial of Service Attacks. In CSF. IEEE, 382–396.
Google Scholar
- Anduo Wang, Carolyn L. Talcott, Limin Jia, Boon Thau Loo, and Andre Scedrov. 2011. Analyzing BGP Instances in Maude. In FMOODS’11 (LNCS, Vol. 6722). Springer, 334–348.
Google Scholar
- Bow-Yaw Wang, José Meseguer, and Carl A. Gunter. 2000. Specification and Formal Analysis of a PLAN Algorithm in Maude. In ICDCS Workshop on Distributed System Validation and Verification 2000. E49–E56.
Google Scholar
- Yu Wang, Nima Roohi, Matthew West, Mahesh Viswanathan, and Geir E. Dullerud. 2020. Statistically Model Checking PCTL Specifications on Markov Decision Processes via Reinforcement Learning. In 59th IEEE Conference on Decision and Control, CDC 2020. IEEE, 1392–1397.
Google Scholar
- Thilo Weghorn, Si Liu, Christoph Sprenger, Adrian Perrig, and David Basin. 2022. N-Tube: Formally Verified Secure Bandwidth Reservation in Path-Aware Internet Architectures. In CSF 2022. IEEE. To appear
Google Scholar
- Brian White, Jay Lepreau, Leigh Stoller, Robert Ricci, Shashi Guruprasad, Mac Newbold, Mike Hibler, Chad Barb, and Abhijeet Joglekar. 2002. An Integrated Experimental Environment for Distributed Systems and Networks. In OSDI. USENIX Association.
Google Scholar
- Håkan L. S. Younes and Reid G. Simmons. 2006. Statistical probabilistic model checking with a focus on time-bounded properties. Inf. Comput., 204, 9 (2006), 1368–1409.
Google Scholar
Digital Library
Index Terms
Bridging the semantic gap between qualitative and quantitative models of distributed systems
Recommendations
Web Service Selection with Quantitative and Qualitative User Preferences
WI-IAT '11: Proceedings of the 2011 IEEE/WIC/ACM International Conferences on Web Intelligence and Intelligent Agent Technology - Volume 01Most existing approaches of Web service selection with user preferences are either quantitative or qualitative. However, using a qualitative or quantitative approach alone cannot handle all the non-functional properties(NFPs). To solve this problem, we ...
Bridging the qualitative-quantitative divide: guidelines for conducting mixed methods research in information systems
Mixed methods research is an approach that combines quantitative and qualitative research methods in the same research inquiry. Such work can help develop rich insights into various phenomena of interest that cannot be fully understood using only a ...
Quantitative Analysis of Multiagent Systems Through Statistical Model Checking
Revised, Selected, and Invited Papers of the Third International Workshop on Engineering Multi-Agent Systems - Volume 9318Due to their immense complexity, large-scale multiagent systems are often unamenable to exhaustive formal verification. Statistical approaches that focus on the verification of individual traces can provide an interesting alternative. However, due to ...






Comments