Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods Automatic Derivation, Integration, and.

Published byHarold Hill Modified over 8 years ago

Similar presentations

Presentation on theme: "Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods Automatic Derivation, Integration, and."— Presentation transcript:

1

2 Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods DARPA Order K203/AFRL Contract F33615-00-C-3044 Principal Investigators Matt Dwyer John Hatcliff Masaaki Mizuno Mitch Neilsen Gurdip Singh Department of Computing and Information Sciences Kansas State University http://www.cis.ksu.edu/saves

3 Problem Description Embedded systems are growing in complexity and developers are looking towards OO technologies to manage that complexity Design methods for OO do not treat synchronization effectively Embedded systems software is multi-threaded for performance reasons –System correctness relies on correct synchronization of multiple activities Synchronization design/implementation is low-level and platform specific –Error prone and not reusable

4 Project Objectives III. Automatic verification of critical safety and liveness properties of woven embedded code … domain-specific model-checking engines … built on previous DARPA work – Bandera environment II. Automatic derivation and weaving of synchronization code … multiple language and synchronization targets (Java, C++, monitors, event service,etc.) … weaving & optimization via abstract interpretation and program specialization techniques I. Provide high-level, modular specification of global synchronization aspects … integrated with UML/RUP … formal specification via global invariants … language of composable invariant patterns … powerful, yet easy to use IV. Evaluation using BoldStroke OEP

5 Contribution to PCES Goals Invariant patterns enable reuse of synchronization “solutions” across multiple systems and languages Evaluate reduction in effort in context of BoldStroke OEP on controlled system development (class projects) Synthesis of “correct” synchronization implementations potentially eliminates a class of subtle coding errors –Evaluate potential for reducing errors and validation effort The overarching goal of the PCES program is novel technology and supporting engineering approaches that can greatly reduce effort to program embedded systems, while increasing confidence in the embedded software product.

6 Contribution to Relevant Military Application Apply our approach to BoldStoke OEP event service Event Service Application synchronization specification - Enhance event service to include synchronization support - Extract synchronization regions from existing Boldstroke applications and re-engineer them using our approach DoD Target System Studies - CAN based event service implementation - Seaborne (ST 2000) and Airborne (BQM- 74, MQM-107)

7 Project Tasks/Schedule Integration Verification Code generation Aspect code synthesis Synch Aspect language Key Tasks Non-synch Aspects Initial Optimized Full-scale Evaluation 5/01 5/02 10/01 10/01 + 5/02 10/01 + 5/03 5/02 + 5/03 5/01 (Java,C) 10/01 (CAN) 10/01 (ES)5/02 (ES) 11/02 (ES)+ 11/02 (CAN)+ 5/02 (CAN) 11/02 (Java)+5/02 (Java/C)

8 A Typical Synchronization Problem Flow policies in Boldstroke: control-push, data pull Sensor Logical Sensor Logical Actuator set event get event get

9 A Typical Synchronization Problem Flow policies in Boldstroke: control-push, data pull Sensor Logical Sensor Logical Actuator set event get event get Multiple sensors and actuators: Get single data value Get multiple values from single component Get multiple values via multiple calls to single component Get multiple values via multiple calls to multiple components Synchronization issues per Boeing OEP contacts

10 Gyroscope/Rudder System Logical gyroscope Buffer Logical rudder Logical gyroscope updates buffer Logical rudder reads position values from buffer and uses them to actuate the physical rudder

11 Gyroscope/Rudder System Logical gyroscope Buffer Logical rudder Logical gyroscope updates buffer Logical rudder reads position values from buffer and uses them to actuate the physical rudder : while (true) { : get new value from physical gyroscope : place value in buffer } while (true) { : get value from buffer : actuate physical rudder : }

12 Technical Progress Actors: Use Cases Classes: Use-Case Realizations Component Code Step 1: Synchronization specifications –via invariants and regions –Identify common idioms/patterns Global Invariant Specs Rational Unified Process (RUP)

13 Gyroscope/Rudder System Logical gyroscope Buffer Logical rudder while (true) { : get new value from physical gyroscope : place value in buffer } while (true) { : get value from buffer : actuate physical rudder : } wait until buffer is empty wait until buffer is full In G ++ Out G ++ Implicit Counters In R ++ Out R ++ Implicit Counters Assume each region has associated implicit in and out counters that are incremented as regions are entered and exited Step 1 Identify intended critical regions State a global invariant constraining occupancy of the regions

14 Invariants Invariants control entry and exit from regions by imposing constraints on counter values Exclusion(R A, R B ):(Out A – In A = 0) \/ (Out B – In B = 0) Pattern based approach: - template formula encoding a commonly occurring synchronization problem User never writes formulas but instead build invariants using a collection of global invariant patterns Invariant pattern repository on the project web-page

15 Gyroscope/Rudder Synchronization Logical Gyroscope Buffer ProduceConsume Produce Logical Rudder RGRG R Gyroscope Value Empty Buffer Slot Resource(R G,R R,0) Resource(R R,R G,1) Exclusion(R G,R R ) Resource(R G,R R,0) + Resource(R R,R G,1) + Exclusion(R G,R R ) Invariant:

16 Technical Progress Actors: Use Cases Classes: Use-Case Realizations Component Code Step 1: Synchronization specifications –via invariants –Identify common idioms/patterns Global Invariant Specs Coarse-Grain Solution Step 2: Automatic generation of coarse-grain generation solution – optimization using SVC Rational Unified Process (RUP)

17 Coarse-grain Solution Gyroscope Rudder Buffer C> …wait until B then execute C atomically …execute C atomically Step 2 From the invariant, guards for region enter/exit are generated automatically <await (In G == Out R ) && (In R == Out R ) -> In G ++> <await (In R < Out G ) && (In G == Out G ) -> In R ++> Semantics captured by high-level & language-independent intermediate representation Resource(R G,R R,0) + Resource(R R,R G,1) + Exclusion(R G,R R ) Invariant:

18 Complete Program Technical Progress Actors: Use Cases Classes: Use-Case Realizations Component Code Complete Program Fine-Grain Synchronization Code Step 3: Synch-code generation –C/C++ and Java - prototype released 9/01 -CAN: active monitor, replication -Tao event service (in progress) Complete Program Rational Unified Process (RUP) Step 1: Synchronization specifications –via invariants –Identify common idioms/patterns Global Invariant Specs Coarse-Grain Solution Step 2: Automatic generation of coarse-grain generation solution – optimization using SVC

19 Fine-grain Solution Gyroscope Rudder Buffer Call Gyro_Enter(); Call Gyro_Exit(); Call Rudder_Enter(); Call Rudder_Exit(); …monitors, rendezvous, semaphores, etc… Step 3 await and atomic statements are automatically translated to chosen synchronization mechanism Monitor Proc Gyro_Enter() … …; Proc Gyro_Exit() … …; Proc Rudder_Enter() … …; Proc Rudder_Exit() … …; Monitor

20 Fine-grain Solution using Tao Event Service Gyroscope Rudder Buffer Call Gyro_Enter(); Call Gyro_Exit(); Call Rudder_Enter(); Call Rudder_Exit(); Step 3 await and atomic statements are automatically translated to primitives in an enhanced version of the Tao Event Service Fine-grain Solution Implementation Tao Event Service Our enhancements for history and conditional events We believe that this will allow confident use of more sophisticated synchronization policies within the BoldStroke environment.

21 Event Service - Anonymous one-way communication between producers and consumers Supplier Proxies Subscription & Filtering Event Correlation Dispatching module Consumer Proxies Supplier Consumer - A consumer can subscribe to conjunction or disjunction of events - An event is pushed to all consumers that subscribe to it

22 Event service with synchronization - Enhance event service to include synchronization support Supplier Proxies Subscription & Filtering Event Correlation Dispatching module Consumer Proxies Supplier Consumer Synchronization

23 Translation for event-service In G ++> /* insert gyroscope value into buffer */ Logical gyroscope region: In R ++> /* read gyroscope value from buffer */ Logical rudder region: Supplier Proxies Subscription & Filtering Event Correlation Dispatching module Consumer Proxies Synchronization

24 Translation for event-service In G ++> /* insert gyroscope value into buffer */ Logical gyroscope region: In R ++> /* read gyroscope value from buffer */ Logical rudder region: Supplier Proxies Subscription & Filtering Event Correlation Dispatching module Consumer Proxies Publish Synchronization

25 Translation for event-service await (In G +1 <= Out R +1) && (In R == Out R ) /* insert gyroscope value into buffer */ Logical gyroscope region: <await (In G < Out R ) && (In G == Out G ) /* read gyroscope value from buffer */ Logical rudder region: Supplier Proxies Subscription & Filtering Event Correlation Dispatching module Consumer Proxies  In G ++  In R ++ > Counts the number of notifications Synchronization Publish Subscribe < > Control the number of notifications

26 Synchronization in Event Service Supplier Proxies Subscription & Filtering Event Correlation Dispatching module Consumer Proxies Supplier Consumer Synchronization - Exactly k semantics: an event is pushed to exactly k consumers - At most k semantics: an event is pushed to at most k consumers - At least k semantics: an event is pushed to at least k consumers Controlling the number of notifications: 1

27 Synchronization in Event Service Supplier Proxies Subscription & Filtering Event Correlation Dispatching module Consumer Proxies Supplier Consumer Synchronization - published(e): number of events of type e published so far - notified(e): number of notifications for event e pushed so far - Condition event: a predicate on published and notification counters - Event channel publishes condition events

28 Translation to event based solution In G ++> /* insert gyroscope value into buffer */ Logical gyroscope region: In R ++> /* read gyroscope value from buffer */ Logical rudder region: Condition events Simple events

29 Tao Real-time Event Service PushConsumer ProxyPushSupplier SupplierAdmin ProxyPushConsumer PushSupplier ProxyPushSupplier Dispatching

30 Modified Real-time Event Service PushConsumer ProxyPushSupplier SupplierAdmin ProxyPushConsumer PushSupplier ProxyPushSupplier Dispatching SynchAdmin synchronization event evaluate condition events publish condition events

31 Event service issues Event service issues Incorporate subscription changes Federated event channels Real-time scheduling with synchronization

32 Next Milestones (6-9-12 months) Public distribution of prototype synchronization specification, code generation, and weaving tools Modify Tao Real-time event service to include synchronization support Re-engineer Boldstroke applications to use event-service based synchronization CAN-based event service Extend global invariant approach to address real-time synchronization properties (e.g., priority inversion) Provide evidence of correctness of synchronization policies implemented via event channel Integrate Bandera to check safety/liveness properties

33 Collaborations Stanford (SVC) Berkeley (Bane, Banshee) MIT (analyses to optimize weaved code) Grammatech, Inc. (slicing/verification techniques) Collins, aJile systems (JEM boards) Honeywell (challenge problems from avionics) Boeing (BoldStroke OEP) Kvaser, AB (CAN Kingdom = CDA 101/11) Seaborne Targets Engineering Lab (CDA 101) National Marine Electronics Association (NMEA)

34 Technology Transition/Transfer Boeing BoldStroke applications CDA 101 based Target Systems –Seaborne Targets: ST 2000 –Airborne Targets: BQM-74 MQM-107 Commercial Applications –NMEA 2000, CanKingdom - standards for real- time networking –Precision farming, industrial automation

35 Program Issues Repository of embedded systems applications illustrating the problems to be addressed Program meetings provide little time for technical interchange –i.e., identifying future collaborators Involvement of more industrial participants to provide challenge problems –i.e., need more than code and documentation

36 Funding Profile and Financial Expenditures to Date We are burning our Salary/IDC at 100% –Due to a clerical error certain charges made against the project have not hit the project account –It may appear that we are underspending, but back-charges will hit within the next month. We are burning our travel money at ~80% –Travel money from the 1 st funding period was shifted to the second period. This means that 100% burn of the second period’s travel money will appear as if we are underburning. –Note that due to this shift we had to pay for travel to the PCES kickoff meeting from non-PCES sources.

Download ppt "Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods Automatic Derivation, Integration, and."

Similar presentations

Bernd Bruegge & Allen Dutoit Object-Oriented Software Engineering: Conquering Complex and Changing Systems 1 Software Engineering September 12, 2001 Capturing.

Bernd Bruegge & Allen Dutoit Object-Oriented Software Engineering: Conquering Complex and Changing Systems 1 Software Engineering September 12, 2001 Capturing.
Object-Oriented Software Development CS 3331 Fall 2009.

Object-Oriented Software Development CS 3331 Fall 2009.
OBJECT ORIENTED PROGRAMMING M Taimoor Khan

OBJECT ORIENTED PROGRAMMING M Taimoor Khan
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:

Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:
Assurance through Enhanced Design Methodology Orlando, FL 5 December 2012 Nirav Davé SRI International This effort is sponsored by the Defense Advanced.

Assurance through Enhanced Design Methodology Orlando, FL 5 December 2012 Nirav Davé SRI International This effort is sponsored by the Defense Advanced.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Programming Distributed Systems Lab Institute of Computer Science University of Augsburg Universitätsstraße 14, D-86159 Augsburg Tel.: (+49) 821/598-2174,

Programming Distributed Systems Lab Institute of Computer Science University of Augsburg Universitätsstraße 14, D Augsburg Tel.: (+49) 821/ ,
Object-Oriented Analysis and Design

Object-Oriented Analysis and Design
Rational Unified Process

Rational Unified Process
ECE 667 - Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.

ECE Synthesis & Verification1 ECE 667 Spring 2011 Synthesis and Verification of Digital Systems Verification Introduction.
PDDL: A Language with a Purpose? Lee McCluskey Department of Computing and Mathematical Sciences, The University of Huddersfield.

PDDL: A Language with a Purpose? Lee McCluskey Department of Computing and Mathematical Sciences, The University of Huddersfield.
1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.
SE 464: Industrial Information systems Systems Engineering Department Industrial Information System LAB 02: Introduction to SAP.

SE 464: Industrial Information systems Systems Engineering Department Industrial Information System LAB 02: Introduction to SAP.
Supplement 02CASE Tools1 Supplement 02 - Case Tools And Franchise Colleges By MANSHA NAWAZ.

Supplement 02CASE Tools1 Supplement 02 - Case Tools And Franchise Colleges By MANSHA NAWAZ.
End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI 48019-2122.

End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI
Department of Computer Science & Engineering College of Engineering Dr. Betty H.C. Cheng, Laura A. Campbell, Sascha Konrad The demand for distributed real-time.

Department of Computer Science & Engineering College of Engineering Dr. Betty H.C. Cheng, Laura A. Campbell, Sascha Konrad The demand for distributed real-time.
5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.
Software Engineering Tools and Methods Presented by: Mohammad Enamur Rashid(2009-1-96-04) Mohammad Rashim Uddin(2009-1-96-008) Masud Ur Rahman(2009-1-96-009)

Software Engineering Tools and Methods Presented by: Mohammad Enamur Rashid( ) Mohammad Rashim Uddin( ) Masud Ur Rahman( )
CSC230 Software Design (Engineering)

CSC230 Software Design (Engineering)

Similar presentations

Ads by Google