Presentation on theme: "Development of a Formalism for Modelling and Analysis of Dynamic Reconfiguration of Dependable Real-Time Systems: A Technical Diary Anirban Bhattacharyya."— Presentation transcript:
Development of a Formalism for Modelling and Analysis of Dynamic Reconfiguration of Dependable Real-Time Systems: A Technical Diary Anirban Bhattacharyya and John S. Fitzgerald 18 th November 2008
2 Outline 1.Motivation 2.Development of CCS dp 3.Conclusions 4.Future Work 5.Additional Material
3 Background Competition is driving computing systems, including dependable real-time (DRT) systems, towards greater: flexibility, availability, and dependability. Dynamic reconfiguration can help to increase system flexibility, availability, and reliability. Formal methods can help to increase system predictability.
4 Dynamic Reconfiguration Cases configuration 1 configuration 2 real-time Case 1 configuration 2 configuration 1 dynamic reconfiguration transactions Case 2 configuration 2 configuration 1 normal transactions dynamic reconfiguration transactions interactions (functional/temporal) Case 3
5 Previous Research on Case 3 Non-real-time distributed systems (e.g. Eternal [MMSN98]) Mode change in pre-emptively scheduled avionics [TBW92] Execution of optional components of a process [ABDSW96] The problem: there is no adequate computational formalism for Case 3.
6 Approach Formal modelling and verification to support predictability. Mobile process algebra to model computational interactions. Other kinds of modelling formalism are more problematic: -Reconfiguration process not modelled (e.g. Garp and Δ-Grammar; CHAM). -Interaction between reconfiguration and normal transactions not modelled (e.g. Garp and Δ-Grammar; CHAM; Z and VDM). -Conceptual gap between system design and formalism (e.g. CHAM). -Static configurations (e.g. CSP). Equational reasoning and model checking for verification.
7 CCS: Process Syntax
8 Case Study: Simple Sensor Array
9 Modelling Requirements 1.The right process must be deleted. 2.The total number of processes must have a uniform upper bound. Only scheduling level tasks/processes are modelled.
10 Trial using Inverse Process (P -1 )
11 Trial using P -1 raising a signal
12 Trial using P -1 ;P
13 Evaluation of P -1 Trials Non-determinism causes problems: –wrong process can be deleted –infinite number of processes can be created Fixes cause problems: –raising a signal introduces fictitious actions –semantics of sequential operator are unclear –process identity cannot avoid infinite processes and loses useful congruence properties –prioritising composition with P -1 is too inflexible
14 Backtracking from P -1 Is process deletion the best starting point (i.e. the basic construct)? Process replacement is the most important reconfiguration operation Process replacement can model process deletion What happens if process replacement is taken as the starting point?
15 Fraction Process
16 Trial using a Fraction Process
17 Conclusions Occam’s razor can be a very useful evaluation tool in developing a formalism. Integrating evaluation into the development process of a formalism, and iterating this process using small case studies can be productive. Fraction processes help to integrate the modelling of dynamic process reconfiguration and normal actions into a single formalism.
18 Future Work Prove: strong bisimulation in CCS dp is a congruence; decidability of the congruence. Do you have ideas on case studies for me to model? Iterate using a series of case studies: –Apply fraction processes to an asynchronous π-calculus, to model broadcasting processes. –Model process identity, to reconfigure concurrent processes selectively. –Add time, to model clocks and durations. –Model check, to verify safety properties.
20 CCS dp : Strong Bisimulation
21 References I [ABDSW96]N. C. Audsley, A. Burns, R. I. Davis, D. J. Scholefield, and A. J. Wellings. Integrating optional software components into hard real-time systems. Software Engineering Journal, 11(3): , [MDK93]J. Magee, N. Dulay, and J. Kramer. Structuring parallel and distributed programs. Software Engineering Journal (Special Issue), 8(2):73–82, [MMSN98]L. E. Moser, P. M. Melliar-Smith, and P. Narasimhan. Consistent object replication in the Eternal system. Theory and Practice of Object Systems, 4(2):81-92, 1998.
22 References II [SVK97]D. B. Stewart, R. A. Volpe, and P. K. Khosla. Design of Dynamically Reconfigurable Real-Time Software using Port-Based Objects. IEEE Transactions on Software Engineering, 23(12): , [TBW92]K. W. Tindell, A. Burns, and A. J. Wellings. Mode Changes in Priority Pre-emptive Scheduled Systems. In Proceedings of the 13 th IEEE Real Time Systems Symposium, pages , [Ves94]S. Vestal. Mode Changes in a Real-Time Architecture Description Language. In Proceedings of the 2 nd International Workshop on Configurable Distributed Systems, pages , 1994.
23 References III [Wer97]M. Wermelinger. A Hierarchic Architecture Model for Dynamic Reconfiguration. In Proceedings of the 2 nd International Workshop on Software Engineering for Parallel and Distributed Systems, pages , 1997.