Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine.

Slides:

Advertisements

Similar presentations

Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,

Advertisements

A component- and message-based architectural style for GUI software

Denis Caromel1 Joint work with Ludovic Henrio – Eric Madelaine et. OASIS members OASIS Team INRIA -- CNRS - I3S – Univ. of Nice Sophia-Antipolis, IUF.

Implementing Remote Procedure Calls Andrew Birrell and Bruce Nelson Presented by Kai Cong.

Designing, programming, and verifying (large scale) distributed systems Eric Madelaine INRIA Sophia-Antipolis SCALE team

Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,

Nadia Ranaldo - Eugenio Zimeo Department of Engineering University of Sannio – Benevento – Italy 2008 ProActive and GCM User Group Orchestrating.

Concurrency CS 510: Programming Languages David Walker.

1 Ivan Lanese Computer Science Department University of Bologna Italy Evolvable systems: some ideas for modelling With input from Davide Sangiorgi, Fabrizio.

1 Modeling and Analysis of Networked Secure Systems with Application to Trusted Computing Jason Franklin Joint work with Deepak Garg, Dilsun Kaynar, and.

SEDA: An Architecture for Well-Conditioned, Scalable Internet Services

What is Architecture  Architecture is a subjective thing, a shared understanding of a system’s design by the expert developers on a project  In the.

DOT’98 Heidelberg 1 A. Hoffmann & M. Born Requirements for Advanced Distribution and Configuration Support GMD FOKUS Andreas Hoffmann & Marc Born

Asynchronous Components Asynchronous communications: from calculi to distributed components.

Formal Models for Programming and Composing Correct Distributed Systems Jury : Gordon BlairFabienne BoyerEric Madelaine Pascal PoizatMichel RiveillDavide.

Oct Multi-threaded Active Objects Ludovic Henrio, Fabrice Huet, Zsolt Istvàn June 2013 –

1 Chapter 2. Communication. STEM-PNU 2 Layered Protocol TCP/IP : de facto standard Our Major Concern Not always 7-layered Protocol But some other protocols.

The Grid Component Model: an Overview “Proposal for a Grid Component Model” DPM02 “Basic Features of the Grid Component Model (assessed)” -- DPM04 CoreGrid.

Oct Active objects: programming and composing safely large-scale distributed applications Ludovic Henrio SCALE team, CNRS – Sophia Antipolis July.

The Grid Component Model and its Implementation in ProActive CoreGrid Network of Excellence, Institute on Programming Models D.PM02 “Proposal for a Grid.

Programming and Verifying Distributed and Adaptable Autonomous Components with GCM/ProActive Ludovic Henrio SCALE Team INRIA – UNS – I3S – CNRS Sophia.

Formalism and Platform for Autonomous Distributed Components Bio-inspired Networks and Services A Distributed Component Model Formalisation in Isabelle.

Eric Madelaine FORTE ’04 -- Madrid sept /25 Parameterized Models for Distributed Java Objects Eric Madelaine work with Tomás Barros, Rabéa Boulifa.

Eric MadelaineOSMOSE -- WP2 -- Prague June 2004 Models for the Verification of Distributed Java Objects Eric Madelaine work with Tomás Barros, Rabéa Boulifa,

A Locally Nameless Theory of Objects 1.Introduction:  -calculus and De Bruijn notation 2.locally nameless technique 3.formalization in Isabelle and proofs.

Advanced Computer Networks Topic 2: Characterization of Distributed Systems.

Eric MADELAINE1 T. Barros, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis (FACS’05), Fractal workshop, Grenoble.

A graphical specification environment for GCM component-based applications INRIA – I3S – CNRS – University of Nice-Sophia Antipolis EPC OASIS Oleksandra.

Asynchronous Components with Futures: Semantics, Specification, and Proofs in a Theorem Prover Components (Distributed) Futures Formalisations (and proofs)

1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.

Behavioural Verification of Distributed Components Ludovic Henrio and Eric Madelaine ICE Florence 1.

Behavioural Verification of Distributed Components Ludovic Henrio and Eric Madelaine ICE

Grid programming with components: an advanced COMPonent platform for an effective invisible grid © GridCOMP Grids Programming with components.

Structural Design Patterns

Grid programming with components: an advanced COMPonent platform for an effective invisible grid © 2006 GridCOMP Grids Programming with components. An.

1. 2 Objects to Distributed Components (1) Typed Group Java or Active Object ComponentIdentity Cpt = newActiveComponent (params); A a = Cpt ….getFcInterface.

A Component Platform for Experimenting with Autonomic Composition A component framework for supporting composition of autonomic services and bio-inspired.

ASPfun: A Distributed Object Calculus and its Formalization in Isabelle Work realized in collaboration with Florian Kammüller and Henry Sudhof (Technische.

Mastère RSD - TC4 2005/20061 Distributed Components –ProActive-Fractal : main concepts –Behaviour models for components –Deployment, management, transformations.

ProActive components and legacy code Matthieu MOREL.

Eric MadelaineOSCAR Workshop -- Santiago Nov Verification of Distributed Applications Eric Madelaine work with Isabelle Attali, Tomás Barros, Rabéa.

A visualisation and debugging tool for multi-active objects Ludovic Henrio, Justine Rochas LAMHA, Nov 2015.

Transparent First-class Futures and Distributed Components Introduction: components, futures, and challenges Statically Representing Futures An Example.

Eric MADELAINE1 A. Cansado, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis Fractal workshop, Nantes, 3 july.

RESECO - Montevideo - 22 nov 2007Reseco, Montevideo, 22 nov 2007 Eric Madelaine - OASIS Team1 Specifying and Generating Safe GCM Components INRIA – Sophia.

VERIFYING THE CORRECT COMPOSITION OF DISTRIBUTED COMPONENTS: FORMALISATION AND TOOL Ludovic Henrio 1, Oleksandra Kulankhina 1,2, Dongqian Liu 3, Eric Madelaine.

1 Distributed Systems Distributed Object-Based Systems Chapter 10.

1 ProActive GCM – CCA Interoperability Maciej Malawski, Ludovic Henrio, Matthieu Morel, Francoise Baude, Denis Caromel, Marian Bubak Institute of Computer.

Tomás BarrosMonday, April 18, 2005FIACRE Toulouse p. 1 Behavioural Models for Hierarchical Components Tomás Barros, Ludovic Henrio and Eric Madelaine.

A Mechanized Model of the Theory of Objects 1.Functional  -calculus in Isabelle 2.Confluence Proof in Isabelle 3.Ongoing Work, Applications, Conclusion.

Distributed Components and Futures: Models and Challenges A Distributed Component Model Distributed Reconfiguration Calculi for Components and Futures.

A Theory of Distributed Objects Toward a Foundation for Component Grid Platforms Ludovic HENRIO l A Theory of Distributed Objects l Components l Perspectives.

Eric MADELAINE -- GridComp -- OASIS 1 E. Madelaine (A. Cansado) GridComp project OASIS team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis GridComp.

Eric MADELAINE1 T. Barros, L. Henrio, E. Madelaine OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis DCC, University.

Concurrent Object-Oriented Programming Languages Chris Tomlinson Mark Scheevel.

1 Chapter 2. Communication. STEMPusan National University STEM-PNU 2 Layered Protocol TCP/IP : de facto standard Our Major Concern Not always 7-layered.

GCM/ProActive: a distributed component model, its implementation, and its formalisation Ludovic Henrio OASIS Team INRIA – UNS – I3S – CNRS Sophia Antipolis.

2. CALCULUS: A S P. A Theory of Distributed Objects D. Caromel, L. Henrio, Springer 2005, Monograph A Calculus: ASP: Asynchronous Sequential Processes.

Formal Models for Programming and Composing Correct Distributed Systems Ludovic Henrio OASIS Team INRIA – UNS – I3S – CNRS Sophia Antipolis.

© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.

ASYNCHRONOUS AND DETERMINISTIC OBJECTS ASP: Asynchronous Sequential Processes l Distributed objects l Asynchronous method calls l Futures and Wait-by-necessity.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Asynchronous Distributed Components: Concurrency and Determinacy I. Context: Distributed Components and Active Objects II. Asynchronous Distributed Components.

Abstract Factory Pattern

Behavioural Models for Distributed Hierarchical Components

Distributed Components and Futures: Models and Challenges

Abstract Factory Pattern

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S

Remote Procedure Call (invocation) RPC

The Grid Component Model and its Implementation in ProActive

Presentation transcript:

Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine Journée Composition Logicielle – Avril 2009

A DISTRIBUTED COMPONENT MODEL

Motivation A component model for distributed systems (GCM) Following active objects (actors) principles Simple to program Verification of safe composition ➡ Strong guarantees from ➡ the programming model point of view (on middleware / execution) ➡ behavioural point of view (on program instances, e.g. no dead lock) A component model “derived” from GCM (≈ ProActive/GCM) + A verification environment for ProActive/GCM

What are (GCM) Components? Bindings Business code Server interfaces Client interfaces Primitive component Composite component NF (server) interfaces GCM components are adaptable !!!

A Primitive GCM Component CI.foo(p) Primitive components communicating by asynchronous remote method invocations on interfaces (requests)  Components abstract away distribution and concurrency in ProActive components are mono-threaded  simplifies concurrency but can create deadlocks

Composition in GCM Bindings: Requests = Asynchronous method invocations

Futures for Components f=CI.foo(p) ………. f.bar() Component are independent entities (threads are isolated in a component) + Asynchronous method invocations with results  Futures are necessary

Replies f=CI.foo(p) ……………… f.bar()

First-class Futures f=CI.foo(p) ……………… CI.foo(f) Only strict operations are blocking (access to a future) Communicating a future is not a strict operation

Advantages of our approach Primitive components contain the business code Primitive components act as the unit of distribution and concurrency (each thread is isolated in a component) Communications follow component bindings Hierarchy for building complex applications Adaptable: Fractal’s introspection and reconfiguration Futures allow communication to be asynchronous requests ➡ Easy to program (no shared memory) ➡ Same behaviour whatever the order of future replies ➡ Behaviour easy to study (actor like)

One Ongoing / future work Specification of this component model in Isabelle/HOL  Isabelle/HOL is a theorem prover  To prove properties on the component model + on protocols for managing components and execution A first prototype specification + small proofs Next steps Basic correctness proofs Specification of future update strategies + proofs More properties on dead locks, on component stop, …

BEHAVIOURAL SPECIFICATION AND VERIFICATION

First-class Futures and Hierarchy Without first-class futures, one thread is systematically blocked in the composite component.

First-class Futures and Hierarchy … … … Almost systematic dead-lock in ProActive A lot of blocked threads otherwise

Reply Strategies In ASP / ProActive, the result is insensitive to the order of replies (shown for ASP-calculus) Ongoing experiments with different strategies