Model Checking Publish-Subscribe Software Architectures David Garlan Carnegie Mellon University.

Slides:

Advertisements

Similar presentations

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Advertisements

Programming Languages for End-User Personalization of Cyber-Physical Systems Presented by, Swathi Krishna Kilari.

A component- and message-based architectural style for GUI software

Towards a Practical Composition Language Oscar Nierstrasz Software Composition Group University of Bern.

Architectural Mismatch: Why Reuse Is So Hard David Garlan, Robert Allen, and John Ockerbloom Presented by Hoang Bao CSC 509 – Winter 2005.

1 Concurrency Specification. 2 Outline 4 Issues in concurrent systems 4 Programming language support for concurrency 4 Concurrency analysis - A specification.

Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,

Variability Oriented Programming – A programming abstraction for adaptive service orientation Prof. Umesh Bellur Dept. of Computer Science & Engg, IIT.

Page 1 Building Reliable Component-based Systems Ivica Crnkovic Chapter 9 Component Composition and Integration.

Automated Analysis and Code Generation for Domain-Specific Models George Edwards Center for Systems and Software Engineering University of Southern California.

Architecture is More Than Just Meeting Requirements Ron Olaski SE510 Fall 2003.

Architectural Styles. Definitions of Architectural Style  Definition. An architectural style is a named collection of architectural design decisions.

Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.

Software Connectors. Attach adapter to A Maintain multiple versions of A or B Make B multilingual Role and Challenge of Software Connectors Change A’s.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors Software Architecture Lecture 7.

Lecture 23: Software Architectures

1 Software Architecture: a Roadmap David Garlen Roshanak Roshandel Yulong Liu.

Unified Modeling (Part I) Overview of UML & Modeling

The Rare Glitch Project: Verification Tools for Embedded Systems Carnegie Mellon University Pittsburgh, PA Ed Clarke, David Garlan, Bruce Krogh, Reid Simmons,

ARCHITECTURAL MISMATCH Heather T. Kowalski September 5, 2000.

1 Computer Systems & Architecture Lesson 1 1. The Architecture Business Cycle.

Institute for Software Research©2001, University of California, Irvine Product-Line Architectures André van der Hoek Institute for Software Research University.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

HW2 INTRODUCTION CSCI-578 Spring Implicit Invocation  Indirectly or implicitly calls to methods and interfaces in response to an event or a received.

HW2 INTRODUCTION CSCI-578 Fall Event-Based Style  Independent components asynchronously emit and receive events communicated over event buses.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors Software Architecture Lecture 7.

David Garlan Ivan Ruchkin Carnegie Mellon University Pittsburgh, PA, USA December 2014.

Architectural Design.

CSET 4650 Field Programmable Logic Devices

Software Architecture Classification for Estimating the Costs of COTS Integration Yakimovich, Bieman, Basili; icse 99.

An Introduction to Software Architecture

Assessing the Suitability of UML for Modeling Software Architectures Nenad Medvidovic Computer Science Department University of Southern California Los.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Implementing Architectures Software Architecture.

4/2/03I-1 © 2001 T. Horton CS 494 Object-Oriented Analysis & Design Software Architecture and Design Readings: Ambler, Chap. 7 (Sections to start.

Rebecca Modeling Language Mahdieh Ahmadi Verification of Reactive Systems March 2014.

Architecture styles Pipes and filters Object-oriented design Implicit invocation Layering Repositories.

 CS 5380 Software Engineering Chapter 2 – Software Processes Chapter 2 Software Processes1.

Ævol : A Tool for Planning Architecture Evolution David Garlan & Bradley Schmerl Carnegie Mellon University.

Programming Models & Runtime Systems Breakout Report MICS PI Meeting, June 27, 2002.

WSMX Execution Semantics Executable Software Specification Eyal Oren DERI

DISTRIBUTED COMPUTING PARADIGMS. Paradigm? A MODEL 2for notes

A Language for Task-Level Executives Reid Simmons David Apfelbaum Carnegie Mellon University.

Class 5 Architecture-Based Self-Healing Systems David Garlan Carnegie Mellon University.

An Ontological Framework for Web Service Processes By Claus Pahl and Ronan Barrett.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Architectural Styles Part II Software Architecture Lecture 6.

Chapter 10 Analysis and Design Discipline. 2 Purpose The purpose is to translate the requirements into a specification that describes how to implement.

Modeling Component-based Software Systems with UML 2.0 George T. Edwards Jaiganesh Balasubramanian Arvind S. Krishna Vanderbilt University Nashville, TN.

Model Checking and Model-Based Design Bruce H. Krogh Carnegie Mellon University.

DISTRIBUTED COMPUTING. Computing? Computing is usually defined as the activity of using and improving computer technology, computer hardware and software.

Unit 2 Architectural Styles and Case Studies | Website for Students | VTU NOTES | QUESTION PAPERS | NEWS | RESULTS 1.

SOFTWARE DESIGN AND ARCHITECTURE LECTURE 13. Review Shared Data Software Architectures – Black board Style architecture.

Mike Graves Summer 2005 University of Texas at Dallas Implicit Invocation: The Task Control Architecture Mike Graves CS6362 Term Paper Dr. Lawrence Chung.

A QoS Policy Modeling Language for Publish/Subscribe Middleware Platforms A QoS Policy Modeling Language for Publish/Subscribe Middleware Platforms Joe.

Course: COMS-E6125 Professor: Gail E. Kaiser Student: Shanghao Li (sl2967)

Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.

E81 CSE 532S: Advanced Multi-Paradigm Software Development Venkita Subramonian, Christopher Gill, Ying Huang, Marc Sentany Department of Computer Science.

Slide 1 Lecture 15 Enterprise Systems Development ( CSC447 ) COMSATS Islamabad Muhammad Usman, Assistant Professor.

Software Connectors Acknowledgement: slides mostly from Software Architecture: Foundations, Theory, and Practice; Richard N. Taylor, Nenad Medvidovic,

April, 2005 ebSOA Based on FERA Reference Model Vasco Drecun Collaborative Product Development Associates, LLC Goran Zugic ebXMLsoft Inc.

Copyright © Richard N. Taylor, Nenad Medvidovic, and Eric M. Dashofy. All rights reserved. Software Connectors in Practice Software Architecture.

Université Toulouse I 1 CADUI' June FUNDP Namur Implementation Techniques for Petri Net Based Specifications of Human-Computer Dialogues.

Architectural Mismatch: Why reuse is so hard? Garlan, Allen, Ockerbloom; 1994.

Software Connectors. What is a Software Connector? 2 What is Connector? – Architectural element that models Interactions among components Rules that govern.

Implementing Architectures

Hongyu Zhang, Jeremy S. Bradbury, James R. Cordy, Juergen Dingel

Software Architecture Lecture 7

Software Architecture Lecture 7

Software Architecture Lecture 7

Architectural Mismatch: Why reuse is so hard?

Software Architecture Lecture 6

Presentation transcript:

Model Checking Publish-Subscribe Software Architectures David Garlan Carnegie Mellon University

Carnegie Mellon: The Rare Glitch Project2David Garlan Research Approach Specification and analysis of software architectures  Components and their interactions  Architectural styles (e.g., client-server, pipe-filter, publish-subscribe)  Architectural frameworks (e.g. for specific domains and product lines) Why?  Architectural design is a critical design artifact  Can explore system properties before implementation  A good level of abstraction for reasoning about system properties -- especially quality attributes  State of arch practice is informal - needs formalism  Amortized effort when architecture used by many systems

Carnegie Mellon: The Rare Glitch Project3David Garlan Specific Thrusts Past research  Specification languages for software architecture Wright -- based on CSP  Analysis of specific architectural frameworks High-level architecture for distributed simulation Enterprise JavaBeans JavaPhone  Tools for software architects Current research  Specification and analysis of publish-subscribe software architectures (today’s talk)  Compositional mechanisms for component interactions  Self-configuring systems

Carnegie Mellon: The Rare Glitch Project4David Garlan Publish-Subscribe Architectures An architectural style  components: objects, processes, functions  connectors: event registration  computational model: event announcement triggers invocation of the zero or more methods/tasks that are registered for that event Features  Anonymous multi-cast supports decoupling between components Hence easy to modify and maintain  Widely used UIs, Prog envts, JavaBeans, Visual Basic, JINI, CORBA, robots  Many variants synch/asynch, dispatch policies, concurrency, shared state

Carnegie Mellon: The Rare Glitch Project5David Garlan Examples Set-Counter  Set (S) has operations insert/delete  Counter (C) has operations inc/dec  Establish “invariant” |S| = C Distributed Simulation (HLA)  Arbitrary number of simulations publish values of objects that they simulate  Run-time infrastructure (RTI) maintains state (e.g., ownership of objects), mediates protocols of interaction  Many invariants (e.g., each object is owned by a single simulation) SetCounter Sim 1 Sim n … RTI

Carnegie Mellon: The Rare Glitch Project6David Garlan More Examples (State-based duals) Shared-variable triggered systems  Aka “continuous query” systems  State changes trigger computations  Components read/write shared variables, but are otherwise independent Real-time periodic tasks  Tasks placed in periodically-scheduled buckets  Tasks consume values of certain variables; produce values of other variables  Tasks within bucket must complete before bucket period Comp 1 Comp 2 Sensor/Actuator Variables Task 1,1 Task n,1 Shared Variables Task 1,2 Task n,2 Task n,3

Carnegie Mellon: The Rare Glitch Project7David Garlan Pub-Sub Systems are Hard to Reason About Burden of correctness falls to system integrator Lots of inherent non-determinism  Order of invocation of multiple event recipients  In-transit events  Non-determinism in “dispatch” mechanism Questions that are hard to answer  What do we want to say about such systems? What’s an “invariant”?  Do the components announce the events that they should announce?  What will be the effect of announcing a particular event?  Are there the correct event subscriptions?  If a new component is added, will it break what is already there?

Carnegie Mellon: The Rare Glitch Project8David Garlan Technical Approach - Foundations Key ideas  Events have semantics  Explicit specification of non-interference conditions  Compositionality via component environment specn Rely-guarantee verification framework  Joint work with Juergen Dingel, Somesh Jha [Din98b]  Based on Jones rely-guarantee approach  Results: It works, but is hard to use, and often requires stronger invariants than are necessary Temporal logic verification framework  Explicit modeling of dispatcher [Din98a]  Properties expressed in LTL  Results: Properties are more naturally expressed

Carnegie Mellon: The Rare Glitch Project9David Garlan Technical Approach - Tools Features  Based on (LTL) foundations mentioned earlier  Specifications translated to Cadence SMV Model Checker input  Attempts to reduce cost of (a) building a system model and (b) specifying the properties to check Provides a Parameterized Model Generator Supports certain Built-in Checks  Currently in early stages of development and experimentation

Carnegie Mellon: The Rare Glitch Project10David Garlan Parameterized Model Generator Generate most of the run-time event delivery and dispatch mechanisms  Greatly reduce cost of constructing model for pub-sub systems Support common dispatcher alternatives  Allow easy exploration of alternatives  Delivery options Asynchronous: immediate return from announcement Synchronous: return after event completely processed  Concurrency options Single thread per component Multiple threads per component  Dispatch order FCFS, Prioritized, Lossy, etc.

Carnegie Mellon: The Rare Glitch Project11David Garlan Model Architecture Environment (external event source) Shared state Delivery Policy Dispatcher Interface Comp 1 Interface Comp N … Event Announcement Data Exchange Event Delivery

Carnegie Mellon: The Rare Glitch Project12David Garlan Shared Environment (external event source) Shared state Delivery Policy Dispatcher Interface Comp 1 Interface Comp N … Event Announcement Data Exchange Event Delivery

Carnegie Mellon: The Rare Glitch Project13David Garlan Built-in Checks Provide many of the common sanity checks  Move towards push-button tools Special cases  Model-view topology  UI event model  Idempotent systems  Procedure call pairs General consistency/completeness checks  Components respect event semantics  Events that are published, but not subscribed to  Events that are subscribed to, but not published  Liveness properties  Race conditions

Carnegie Mellon: The Rare Glitch Project14David Garlan Next Steps (and opportunities for collaboration) Tool development  More built-in checks, parameterization options  Alternative model-checker substrates Applications  Realistic problems  Pub-sub “bridges”  Current plan is to work on part of NASA remote agent architecture Better linkage to code  Auto generation of component models?  Counterexample explanation New specification capabilities  Dynamism, timing, real-time Bridge C2C1D2D1

Carnegie Mellon: The Rare Glitch Project15David Garlan More information ABLE Project web site: Papers: [All98] Formal Modeling and Analysis of the HLA Component Integration Standard. R. Allen, D. Garlan, and J. Ivers. Proc of the 6th International Symposium on the Foundations of Software Engineering (FSE-6), Nov [Din 98a] Reasoning About Implicit Invocation. J. Dingel, D. Garlan, S. Jha, and D. Notkin. Proc of of the Sixth International Symposium on the Foundations of Software Engineering (FSE-6), Nov [Din 98b] Towards a Formal Treatment of Implicit Invocation using Rely/Guarantee Reasoning," J. Dingel, D. Garlan, S. Jha, and D. Notkin. Formal Aspects of Computing 10, 1998.