No Slide Title
Download
Report
Transcript No Slide Title
Automatic On-Line Resolution of
Detected Interactions
Stephan Reiff-Marganiec
University of Glasgow
05-12-2000 FORCES
Overview
• resolution process
• an initial study
• more realistic
– an improved approach
• resolution
• processes and datatypes
• system architecture
05-12-2000 FORCES
Resolution Process - the big picture
Solutionspace
Terminating Call Screening:
{(+,dial,n)(-,announce,screened)
(+,onhook,-);
(+,dial,n)(-,tau)}
Teenline:
{(+,offhook,-)(-,announce,
PIN?)(+,onhook,-);
(+,offhook,-)(-,tau);
(+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,tau);
(+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,announce,wrongPIN)
(+,onhook,-)}
Output
Input
Generated in
Offline Phase
from Scenarios
05-12-2000 FORCES
CONSTRUCT
0: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,tau)
1: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,announce,wrong PIN)(-,tau)
(+,onhook,-)
2: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,announce,wrong PIN)
(+,onhook,-)(-,tau)
3: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,tau)(-,announce,wrong PIN)
(+,onhook,-)
4: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,announce,screened)
(+,onhook,-)(-,tau)
5: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,announce,screened)(-,tau)
(+,onhook,-)
6: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,tau)(-,announce,screened)
(+,onhook,-)
7: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,announce,wrong PIN)
(-,announce,screened)
(+,onhook,-)(+,onhook,-)
8: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,announce,wrong PIN)
(+,onhook,-)(-,announce,screened)
(+,onhook,-)
9: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,announce,screened)
(-,announce,wrong PIN)(+,onhook,-)
(+,onhook,-)
10: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,announce,screened)
(+,onhook,-)(-,announce,wrong PIN)
(+,onhook,-)
11: (+,offhook,-)(-,announce,PIN?)
(+,onhook,-)
12: (+,offhook,-)(-,tau)
13: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,announce,wrong PIN)
(+,onhook,-)
14: (+,dial,n)(-,tau)
15: (+,dial,n)(-,announce,screened)
( +,onhook,-)
RESOLUTION RULES
1) Announcement messages that occur after each
other in a trace without an input message
inbetween do not provide any meaningful
behaviour to the user.
2) Tones and announcements played to a user
after an onhook is received will never be received.
3) The unobservable message tau can be removed
from traces.
4) Duplicates of traces can be removed
PRUNING
apply rule 1 ...
... to remove traces 7 and 9.
apply rule 2 ...
... to remove traces 8 and 10.
apply rule 3 ...
...to traces 4, 5 and 6.
apply rule 3 ...
... to t races 1, 2 and 3.
apply rule 4 ...
... and remove traces 1, 2, 3 (= 13)
apply rule 4 ...
... and remove traces 4 and 5 (= 6)
Feature Manager
0: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,tau)
6: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,announce,screened)
(+,onhook,-)
11: (+,offhook,-)(-,announce,PIN?)
(+,onhook,-)
12: (+,offhook,-)
13: (+,offhook,-)(-,announce,PIN?)
(+,dial,n)(-,announce,wrong PIN)
(+,onhook,-)
14: (+,dial,n)
15: (+,dial,n)(-,announce,screened)
( +,onhook,-)
Example Features
(dial, id, id, n)
(offhook, id, id, -)
(o_inform, b, a, "DND")
(i_alert, a, b, -)
(onhook, id, id, -)
(onhook, id, id, -)
(announce, id, id, "screened")
Do Not Disturb
(announce, id, id, "PIN?")
(onhook, id, id, -)
Terminating Call
Screening
(dial, id, id, n)
(o_inform, id, a,
"Call Forwarded")
(forward_call, id, n, a)
(announce, id, id, "wrong PIN")
(forward_call, id, n, a)
(i_alert, a, b, -)
Teenline
Call Forw arding
Unconditional
05-12-2000 FORCES
Inform about Forw arding
Some Definitions
• messages
– (IO-aspect, event, value)
(rcv,dial,number)
(snd,dialtone,-)
– relations between messages:
• equal, inverse and name equivalent
• feature
– observable behaviour
– as sequence of messages
(rcv,offhook,-).(snd,announce,"PIN?").(rcv,dial,n).
(snd,announce"wrong PIN").(rcv,onhook-)
05-12-2000 FORCES
Feature Interaction
definition: Feature Interaction
n features F1…Fn with alphabets a1…an interact iff
i, j : ((1 i, j n) (i j ))
( a a i (b a j : a b))
in words: Features interfere iff they have either a common
input message (STI) or one feature’s output message is the
other features input message (SAI).
05-12-2000 FORCES
Solution Space
• what is it?
– a set of all traces that can be generated from the features
individual traces
– simple example:
f1 f2 f3 f1 f2 f3 f1 f2 f3
f2 f3
f1 f3
f1 f2
f2 f3
f1 f3
f1 f2
• how do we obtain it?
– add all traces of just one feature
– add all combinations of traces of 2 features
– add all combinations of traces of 3 …
–…
05-12-2000 FORCES
f3
f2 f3
f1 f2
f1
Interleaving
• fine grained vs. coarse grained interleaving
• the combinations are sets of all possible
overlapping interleavings
• here we will consider overlapping interleavings
of just 2 traces
b
b1
bi-1 bi
bi+j-1
bm
Prefix
a
oi2(a,b)
b1
05-12-2000 FORCES
bi-1
a1
aj
f
an
int
Overlapping Interleaving
• example 1:
t1 = {(+a-b+c)}
t2 = {(+x-a-b)}
oi2(t1t2) = {(+x-a+a-b+c)}
• example 2:
t3 = {(+d-e)}
t4 = {(+d-f)}
oi2(t1t2) = {(+d-e-f)(+d-f-e)}
•
[Question: Why keep -a+a?]
•
[Answer: Examples (CFB + BC with busy and BC + CND with free)]
05-12-2000 FORCES
A functional View of the FM
• the feature manager has to construct the solution space
and extract the best solution from it.
• the feature manager must work on any number of
features.
• definition: Feature Manager
Extract(P rune(Const ruct( F1...Fn ))),e)
if F1...Fn interfere
FM (e, F1...Fn )
Extract( F1 ... Fn ))),e)
otherwise
05-12-2000 FORCES
Improved Approach
• using process algebra LOTOS
– tool support for verification
– allows easy representation of features with
repetitive behaviour
• features have notion of state
• FM uses feedback process to enquire about
reactions
• FI means either (or both)
– more than 1 feature responds to trigger
– fed back messages trigger responses
05-12-2000 FORCES
LOTOS Process Model Feature
System
Feature Manager
Manager
05-12-2000 FORCES
Why LOTOS
• natural representation of features
• possibility to use datatypes and processes
– emulate behaviour by processes
– construct tree as datatype
– pruning is function on datatype
• tool support
– LoLa/Topo
• simulation
• prototype generation
05-12-2000 FORCES
Example Feature
process FeatBehave (s: nat, msg: t_msg, fid: nat):
exit (nat, t_msgseq) :=
(
[fid eq 1] -> (* the teenline feature *)
[...]
[]
[fid eq 2] -> (* call forwarding busy *)
(
[(s eq 0) and (p_event(msg) eq o_busy)] ->
exit (0, add(add(add(emptyseq
message(snd, o_alert, nil))
message(snd, billing_forwarded, nil))
message(snd, o_notify, nil)))
[]
[(s eq 0) and (p_event(msg) neq o_busy)] ->
exit (0, emptyseq)
)
[...]
)
05-12-2000 FORCES
Resolution: Pruning
Message
Independent
Rules
Relations on
Messages
Grammars
describing
Behaviour
Construct-Prune
On-the-Fly Algorithm
Algorithm
05-12-2000 FORCES
positive and
negative
examples
Resolution Rules - More Concrete
• message independent
– duplicate subtrees of same parent (1) [exa]
– choice between sequences involving different
numbers of features (2) [exa]
– priorities (3)
• message dependent
– classes of messages: treatments, billing messages
– grammars: (4)
• bad: onhook.nonoffhook*.treatment
• bad: treatment.treatment
– positive/negative examples (5)
• application order of rules
05-12-2000 FORCES
1
4
5
3
2
Example of Run
•
•
•
•
•
•
•
•
T:message(rcv,i_connect,nil)
P:mktree(mknode(message(rcv,i_connect,nil),0),
insl(emptylist,emptytree))
T:message(rcv,i_alert,nil)
P:mktree(mknode(message(rcv,i_alert,nil),0),insl(insl(emptylist,
emptytree),mktree(mknode(message(snd,o_inform,screened),
succ(succ(succ(succ(0))))),emptylist)))
T:message(rcv,i_connect,nil)
P:mktree(mknode(message(rcv,i_connect,nil),0),
insl(emptylist,emptytree))
T:message(rcv,offhook,nil)
P:mktree(mknode(message(rcv,offhook,nil),0),
insl(insl(emptylist,emptytree),mktree(mknode(message(
snd,billing_offhook,time),succ(0)),insl(emptylist,
mktree(mknode(message(snd,announce,nil),succ(0)),emptylist)))))
05-12-2000 FORCES
8 Features; Trigger: dial
05-12-2000 FORCES
Rules from Contest Features
• some rules …
– two consecutive billing treatments
(billingsplit).(billingreverse)
– misunderstanding of data, e.g. PIN as EN
(o_alert).(announce,wrongpin)
– feature behaviour ignored
(announce,screened).(o_alert)
(announce,wrongpin).(o_alert)
05-12-2000 FORCES
Correctness
• resolutions
– the trace is a possible interleaving of the features
– it does not violate any pruning rules
• overall
– automatic verification using LOTOS tools
– property checking
• verification of temporal logic properties
– behavioural equivalence
• compare on-the-fly with construct-prune
• compare results with expected results
05-12-2000 FORCES
System Architecture
• big question:
– What interactions can we detect?
• we need to decide those:
– where to put the feature manager?
– how many feature managers?
– importance of communicated information
– technical interactions vs. intention violations
05-12-2000 FORCES
Any Questions?
05-12-2000 FORCES
Resolution: Pruning
Message
Independent
Rules
Relations on
Messages
Grammars
describing
Behaviour
Construct-Prune Algorithm
05-12-2000 FORCES
positive and
negative
examples
LOTOS Process Model Feature
System Manager
05-12-2000 FORCES
LOTOS Process Model Feature
Feature Manager
05-12-2000 FORCES
LOTOS Process Model Feature Manager
05-12-2000 FORCES