T imed Languages for Embedded Software Ethan Jackson Advisor: Dr. Janos Szitpanovits Institute for Software Integrated Systems Vanderbilt University.

Slides:

Advertisements

Similar presentations

Timed Automata.

Advertisements

Software Failure: Reasons Incorrect, missing, impossible requirements * Requirement validation. Incorrect specification * Specification verification. Faulty.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Background information Formal verification methods based on theorem proving techniques and modelchecking –to prove the absence of errors (in the formal.

Department of Software Engineering Faculty of Mathematics and Physics CHARLES UNIVERSITY IN PRAGUE Czech Republic Extracting Zing Models from C Source.

© Janice Regan Problem-Solving Process 1. State the Problem (Problem Specification) 2. Analyze the problem: outline solution requirements and design.

Page 1 Building Reliable Component-based Systems Chapter 16 - Component based embedded systems Chapter 16 Component based embedded systems.

Software Testing and Quality Assurance

PTIDES: Programming Temporally Integrated Distributed Embedded Systems Yang Zhao, EECS, UC Berkeley Edward A. Lee, EECS, UC Berkeley Jie Liu, Microsoft.

Component Technologies for Embedded Systems Johan Eker.

Integrated Design and Analysis Tools for Software-Based Control Systems Shankar Sastry (PI) Tom Henzinger Edward Lee University of California, Berkeley.

Chess Review May 11, 2005 Berkeley, CA Advances In MIC Tools for Networked Embedded Systems Applications Edited and Presented by Janos Sztipanovits ISIS,

Using Interfaces to Analyze Compositionality Haiyang Zheng and Rachel Zhou EE290N Class Project Presentation Dec. 10, 2004.

Chess Review May 11, 2005 Berkeley, CA Composable Code Generation for Distributed Giotto Tom Henzinger Christoph Kirsch Slobodan Matic.

Institute For Software Integrated Systems Vanderbilt University Applications of Model Integrated Computing to The Synchronous Language Signal Ethan Jackson.

1 Building with Assurance CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute May 10, 2004.

Design of Fault Tolerant Data Flow in Ptolemy II Mark McKelvin EE290 N, Fall 2004 Final Project.

Models of Computation for Embedded System Design Alvise Bonivento.

Chess Review, May 10, Multiple Aspect Modeling Well-formedness Rules Semantic Domain A property p is accessible iff: in every well-formed model.

Chess Review November 21, 2005 Berkeley, CA Edited and presented by Model-Based Design Overview Janos Sztipanovits and Gabor Karsai ISIS, Vanderbilt University.

SEC PI Meeting Annapolis, May 8-9, 2001 Component-Based Design of Embedded Control Systems Edward A. Lee & Jie Liu UC Berkeley with thanks to the entire.

CS533 - Concepts of Operating Systems

1 Ivan Lanese Computer Science Department University of Bologna Italy Concurrent and located synchronizations in π-calculus.

Chess Review May 11, 2005 Berkeley, CA Formal Semantics of Metamodeling Frameworks Ethan Jackson ISIS, Vanderbilt University Semantic Anchoring Infrastructure.

Chapter 1 Principles of Programming and Software Engineering.

Using the Vanderbilt Generic Modeling Environment (GME) to Address SOA QoS Sumant Tambe Graduate Intern, Applied Research, Telcordia Technologies Inc.

Designing Predictable and Robust Systems Tom Henzinger UC Berkeley and EPFL.

© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.

Software Issues Derived from Dr. Fawcett’s Slides Phil Pratt-Szeliga Fall 2009.

Models of Computation Reading Assignment: L. Lavagno, A.S. Vincentelli and E. Sentovich, “Models of computation for Embedded System Design”

Router modeling using Ptolemy Xuanming Dong and Amit Mahajan May 15, 2002 EE290N.

Chess Review October 4, 2006 Alexandria, VA Edited and presented by Model-Based Design Janos Sztipanovits Vanderbilt University.

Chess Review November 21, 2005 Berkeley, CA Edited and presented by Coupled Interface Modules for Heterogeneous Composition Ethan Jackson ISIS, Vanderbilt.

Data Structures and Programming.  John Edgar2.

Architectural Design.

An Information Theory based Modeling of DSMLs Zekai Demirezen 1, Barrett Bryant 1, Murat M. Tanik 2 1 Department of Computer and Information Sciences,

Liang, Introduction to Java Programming, Sixth Edition, (c) 2007 Pearson Education, Inc. All rights reserved Chapter 12 Object-Oriented.

November 21, 2005 Center for Hybrid and Embedded Software Systems Tivadar Szemethy, Institute for Software Integrated Systems, Vanderbilt University A.

CMSC 345 Fall 2000 Unit Testing. The testing process.

Models of Computation: FSM Model Reading: L. Lavagno, A.S. Vincentelli and E. Sentovich, “Models of computation for Embedded System Design”

Mathematical Modeling and Formal Specification Languages CIS 376 Bruce R. Maxim UM-Dearborn.

Co-design Environment for Secure Embedded Systems Matt Eby, Janos L. Mathe, Jan Werner, Gabor Karsai, Sandeep Neema, Janos Sztipanovits, Yuan Xue Institute.

SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.

Benjamin Gamble. What is Time?  Can mean many different things to a computer Dynamic Equation Variable System State 2.

SOFTWARE DESIGN.

Model-Driven Analysis Frameworks for Embedded Systems George Edwards USC Center for Systems and Software Engineering

Large Scale Software Systems Derived from Dr. Fawcett’s Notes Phil Pratt-Szeliga Fall 2010.

1 5 Nov 2002 Risto Pohjonen, Juha-Pekka Tolvanen MetaCase Consulting AUTOMATED PRODUCTION OF FAMILY MEMBERS: LESSONS LEARNED.

Toward a Semantic Anchoring Infrastructure for Domain-Specific Modeling Languages Kai Chen Janos Sztipanovits Sandeep Neema Matthew Emerson Sherif Abdelwahed.

FDT Foil no 1 On Methodology from Domain to System Descriptions by Rolv Bræk NTNU Workshop on Philosophy and Applicablitiy of Formal Languages Geneve 15.

Fall 2004EE 3563 Digital Systems Design EE 3563 VHSIC Hardware Description Language  Required Reading: –These Slides –VHDL Tutorial  Very High Speed.

Electrical and Computer Engineering University of Cyprus LAB 1: VHDL.

1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.

Future Work  Formal specification of modeling language semantic is key issue  Reliance on well-established formal models of computation (i.e. finite.

© 2006 Pearson Addison-Wesley. All rights reserved2-1 Chapter 2 Principles of Programming & Software Engineering.

© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.

Software Engineering Issues Software Engineering Concepts System Specifications Procedural Design Object-Oriented Design System Testing.

Institute for Software Integrated Systems Vanderbilt University On Metamodel Composition Akos Ledeczi, Greg Nordstrom, Gabor Karsai, Peter Volgyesi and.

Concepts and Realization of a Diagram Editor Generator Based on Hypergraph Transformation Author: Mark Minas Presenter: Song Gu.

Design-Directed Programming Martin Rinard Daniel Jackson MIT Laboratory for Computer Science.

Formal Verification. Background Information Formal verification methods based on theorem proving techniques and modelchecking –To prove the absence of.

Motivation FACE architecture encourages modularity of components on data boundaries Transport Services Segment interface is centered on sending and receiving.

SystemC Semantics by Actors and Reduction Techniques in Model Checking Marjan Sirjani Formal Methods Lab, ECE Dept. University of Tehran, Iran MoCC 2008.

From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.

From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.

Principles of Programming & Software Engineering

Software Design Methodology

Model-Driven Analysis Frameworks for Embedded Systems

Multiple Aspect Modeling of the Synchronous Language Signal

From Use Cases to Implementation

Presentation transcript:

T imed Languages for Embedded Software Ethan Jackson Advisor: Dr. Janos Szitpanovits Institute for Software Integrated Systems Vanderbilt University

E mbedded System Design M R Design methodologies and patterns with tools that support pattern reuse: Numerous non-trivial case studies Combine formal abstractions with correct-by-construction programming languages: Provably correct systems, but tool flow may be overly restrictive Combine formal abstractions with model checking and verification: Provably correct systems, when proof can be produced. Want to rethink concepts so that well-tested design methodologies help designers better understand correct-by- construction systems and/or build more analyzable systems.

T he “Isomorphic” Approach View MoCs as DSMLs, and describe these languages using MIC. The isomorphic approach makes a one-to-one mapping between a DSML and an already existing language that supports a MoC. start Degraded{ mode Degraded(navigation_output) period 8000 { exitfreq 1 do Normal(switch_driver); taskfreq 1 do Control(control_driver); actfreq 1 do display_actuator(display_driver); taskfreq 2 do Navigation(navigation_driver); } mode Normal(navigation_output) period 8000 { exitfreq 2 do Degraded(switch_driver); actfreq 1 do display_actuator(display_driver); taskfreq 4 do Navigation(navigation_driver); taskfreq 1 do Control(control_driver); } integer Time; ) ( % ----Equation box CounterEquations---- % |start ^= sec ^+ go |start := true when go default start$ |count := (count$) + 1 when started = true % ----Equation box RunnerEquations---- % |Time := count when (distance >= Length) and (distance$ < Length) |distance := distance$ + Speed when started = true |) where boolean started; integer distance, count; end; This importation of an existing syntax makes DSML construction and code generation easy, but it does not exercise the full capabilities of MIC.

H ow Could MIC Help? It is clear that the previous approach does not yield great results, so what should a better approach yield? 1.MIC deals with DSMLs and DSML design patterns. One would like to find some common structure among the languages that express various MoCs, and cast these similarities as patterns in MIC. 2.MIC provides design time constraint checking with OCL. One would like to describe MoCs so that certain rules could check behavioral properties (or conservative approximations of such properties) during design time. 3.MIC provides aspect oriented modeling, which partitions the concepts in a DSML. One would like to use aspects to partition MoC concepts, and to modularize available design time reasoning. 4.MIC requires the designer to “anchor” a DSML to a semantic domain, which attaches meaning to the abstract syntax. One would like to reuse parts of anchorings across similar models of computation.

I n Search of Patterns Ptolemy recognizes that scheduling under a certain MoC is largely independent of the underlying dataflow. Ptolemy captures this notion with directors, which can be swapped out to change to MoC. However, it can become tricky to find MoC dependent errors when the scheduler is a “black box”.

I n Search of Patterns Giotto treats timing and computation as orthogonal aspects. In Giotto, scheduling is not “black box” because the timing specification is scheduling specific information. However, it is not clear how to extend this model to handle other MoCs. start Degraded{ mode Degraded(navigation_output) period 8000 { exitfreq 1 do Normal(switch_driver); taskfreq 1 do Control(control_driver); actfreq 1 do display_actuator(display_driver); taskfreq 2 do Navigation(navigation_driver); } mode Normal(navigation_output) period 8000 { exitfreq 2 do Degraded(switch_driver); actfreq 1 do display_actuator(display_driver); taskfreq 4 do Navigation(navigation_driver); taskfreq 1 do Control(control_driver); }

I nteracting Partitions of Time and Data Using MIC, we can create a DSML for “time models” and a DSML for computation. This is a design pattern that will be reused in the semantic domain and the implementation. Aspect T Aspect C Non-orthogonal aspect interactions Semantics T Semantics C Implementation T Implementation C Required interface Meta-modeling and modeling Abstract semantics Implementation of semantics Aspect Oriented Semantics

H ierarchical Fine-Grained Modal Models Synchronous Reactive Example + A B C D C Dataflow Graph Fine-grained Modes Mode Machine

W ell-formedness Rules, Accessible Properties The Dataflow should have no dangling inputs (bounded memory) The modes should have none of these subgraphs Synchrony ConstraintsCausality Deterministic Merge This model (with some extensions) is sufficient to capture the semantics of Signal.

H ierarchical Fine-Grained Modal Models Giotto Example A B D C T1 T2 T1 T2 T1 T2 T1 T2 Read Inputs Write output Write outputs p1p1 p2p2

W ell-formedness Rules Dataflow Well-formedness rules ensure communication model Tasks read from global memories, and senors and tasks write to “private” memories Actuators read from global memories Global memories read from private memories The fine-grained modal structure is regular, so it does not need to modeled directly p p’ Mode switch Well-formedness rule: Modes switches should be well-timed

C onclusions Metamodel patterns define the first class citizens of data and time DSMLs. These patterns are used to construct MoC specific data and time DSMLs. Aspect support maintains consistency between data and time aspects. Design time well-formedness rules can verify some behavioral property. Aspect oriented semantics give an SOS to MoCs by composing a “data” SOS and a “time” SOS. The composition is defined over a minimal set of the semantics, so implementations can realize the composition once. This has been realized with TinyModes.

F uture Directions Distributing Giotto programs across many hosts make the instantaneous communication assumption unrealistic. Current research by the Giotto team shows that distributed Giotto programs can be extended with worst case communication times. Promising results show that when a developer changes the timing properties of a Giotto component, the entire system can be verified using: A linear time algorithm in the size of the component Timing information local to the host Perhaps some well-formedness rules can be found that would allow design- time checking of distributed Giotto programs?

T he End Questions?