The Publish-Subscribe (P/S) communication paradigm fosters high decoupling among distributed components. This facilitates the design of dynamic applications, but also impacts negatively on their verification, making it difficult to reason on the overall federation of components. In addition, existing P/S infrastructures offer radically different features to the applications, e.g., in terms of message reliability. This further complicates the verification as its outcome depends on the specific guarantees provided by the underlying P/S system. Although model checking has been proposed as a tool for the verification of P/S architectures, existing solutions overlook many characteristics of the underlying communication infrastructure to avoid state explosion problems. To overcome these limitations, the Loupe domain-specific model checker adopts a different approach. The P/S infrastructure is not modeled on top of a general-purpose model checker. Instead, it is embedded within the checking engine, and the traditional P/S operations become part of the modeling language. In this paper, we describe Loupe’s design and the dedicated state abstractions that enable accurate verification without incurring state explosion problems. We also illustrate our use of state-of-the-art software verification tools to assess some key functionality in Loupe’s current implementation. A complete case study shows how Loupe eases the verification of P/S architectures. Finally, we quantitatively compare Loupe’s performance against alternative approaches. The results indicate that Loupe is effective and efficient in enabling accurate verification of P/S architectures.

Loupe: Verifying Publish-Subscribe Architectures with a Magnifying Lens

BARESI, LUCIANO;GHEZZI, CARLO;MOTTOLA, LUCA
2011-01-01

Abstract

The Publish-Subscribe (P/S) communication paradigm fosters high decoupling among distributed components. This facilitates the design of dynamic applications, but also impacts negatively on their verification, making it difficult to reason on the overall federation of components. In addition, existing P/S infrastructures offer radically different features to the applications, e.g., in terms of message reliability. This further complicates the verification as its outcome depends on the specific guarantees provided by the underlying P/S system. Although model checking has been proposed as a tool for the verification of P/S architectures, existing solutions overlook many characteristics of the underlying communication infrastructure to avoid state explosion problems. To overcome these limitations, the Loupe domain-specific model checker adopts a different approach. The P/S infrastructure is not modeled on top of a general-purpose model checker. Instead, it is embedded within the checking engine, and the traditional P/S operations become part of the modeling language. In this paper, we describe Loupe’s design and the dedicated state abstractions that enable accurate verification without incurring state explosion problems. We also illustrate our use of state-of-the-art software verification tools to assess some key functionality in Loupe’s current implementation. A complete case study shows how Loupe eases the verification of P/S architectures. Finally, we quantitatively compare Loupe’s performance against alternative approaches. The results indicate that Loupe is effective and efficient in enabling accurate verification of P/S architectures.
2011
INF
File in questo prodotto:
File Dimensione Formato  
tse.pdf

accesso aperto

: Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione 3.83 MB
Formato Adobe PDF
3.83 MB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11311/573238
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 13
  • ???jsp.display-item.citation.isi??? 9
social impact