Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods DARPA Order K203/AFRL Contract F33615-00-C-3044.

Published byMichael Brandt Modified over 5 years ago

Similar presentations

Presentation on theme: "Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods DARPA Order K203/AFRL Contract F33615-00-C-3044."— Presentation transcript:

1 Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods DARPA Order K203/AFRL Contract F C-3044 Principal Investigators Matt Dwyer John Hatcliff Masaaki Mizuno Mitch Neilsen Gurdip Singh Department of Computing and Information Sciences Kansas State University

2 Problem Description Embedded systems are growing in complexity and developers are looking towards OO technologies to manage that complexity Embedded systems software is multi-threaded for performance reasons System correctness relies on correct synchronization of multiple activities Synchronization design/implementation is low-level and platform specific Error prone and not reusable Design methods for OO do not treat synchronization effectively

3 Project Objectives I. Provide high-level, modular specification of global synchronization aspects … integrated with UML/RUP … formal specification via global invariants … language of composable invariant patterns … powerful, yet easy to use II. Automatic derivation and weaving of synchronization code … multiple language and synchronization targets (Java, C++, monitors, semaphores, etc.) … weaving & optimization via abstract interpretation and program specialization techniques Here are the goals of the project in a bit more detail… We provide support for high-level modular specification of global synchronization. For us, a specification will be a global invariant that enforces certain policies for entering and exiting critical regions. One writes a spec in a very simple language of composable invariant patterns, and then these patterns are compiled down to first-order logic. The pattern language is powerful (we’ve used it to solve all the exercises in a couple of well-known concurrent programming textbooks), yet it is easy to use. Finally, the process of writing the specifications is integrated with RUP. <click>From the initial specification,<click> we’ll be able to generate synchronization code for multiple languages (e.g., Java, C++) and for multiple synchronization primitives (e.g., monitors, or semaphores). Generated synchronization code is automatically woven with core functional code using program specialization techniques. <click>After synchronization code is generated, it will be checked automatically check for critical safety and liveness properties (such as absence of deadlock) that are not captured in the global invariants. This checking is carried out using software model-checking tool called Bandera that we developed in a previous DARPA project. <click>Finally, we’ll be evaluating this approach using some military systems for networking target vehicles. III. Automatic verification of critical safety and liveness properties of woven embedded code … domain-specific model-checking engines … built on previous DARPA work –Bandera environment IV. Evaluation using Common Digital Architecture (CDA101) … a new standard for military target vehicle electronics

4 Technical Approach --- Invariant Patterns
Users never write formulas but instead build invariants using a collection of global invariant patterns… Bound(R,n) … at most n threads can be in region R Exclusion(R1,R2) … occupancy of region R1 and R2 should be mutually exclusive Resource(R1, R2, n) … region R1 is a producer, region R2 is a consumer of some resource with n initial resource values. Barrier(R1,R2) … the kth thread to enter R1 and the kth thread to enter R2 meet and leave their respective regions together So how do we build on this? First of all, to relieve users from having to write logic formulas, we identified five simple patterns that can be combined to specify almost every synchronization problem that we encountered. Synthesize efficient implementations that enforce invariants and link them automatically to sequential implementations of core system functionality.

5 Contribution to PCES Goals
The overarching goal of the PCES program is novel technology and supporting engineering approaches that can greatly reduce effort to program embedded systems, while increasing confidence in the embedded software product. Invariants enable reuse of synchronization “code” across multiple systems and languages reduced effort Synthesis of “correct” synchronization implementations Eliminate a class of subtle errors  reduced testing effort, increased confidence Verification of properties not guaranteed by construction increased confidence

6 Contribution to Relevant Military Application
Provide synchronization aspects for CDA101 - Common Digital Architecture CDA101 provides a common architecture for networking a wide range of target vehicle electronics Synchronization patterns can be used in existing systems and more importantly for future, more complex, target systems. DoD Target Systems Seaborne Targets: ST 2000 Airborne Targets: BQM-74, MQM-107

7 Project Tasks/Schedule
Key Tasks Initial Optimized Full-scale Evaluation Synch Aspect language 5/01 5/02 11/01 + Aspect code synthesis 5/01 11/01 11/01 + Code weaver 5/01 5/02 5/02 + Verification 11/01 5/02 5/02 + 11/01 5/03 Integration 5/03 Non-synch Aspects 11/01

8 Technical Progress/Accomplishments
Rational Unified Process (RUP) Fine-Grain Synchronization Code Complete Program Synch code generators C/??? and Java Complete Program Actors: Use Cases Classes: Use-Case Realizations Component Code Global invariant pattern Extensions and assessment Global Invariant Specs Coarse-Grain Solution Coarse grain generation: SVC and pattern based Initial ST2000 case-study

9 Synchronization Patterns
Barrier(R_1,R_2) BarrierWithInfoEx(R_1,R_2) Relay(R_1,R_2) Bound(R, n) R n In Out R_1 In_1 Out_1 R_2 In_2 Out_2

10 Multiple Target Detectors and a Single Firing Battery Use-case realizations
B1. Wait until a detector locks on a target B2. Receive information from the detector and fire B3. Release the detector T1. Lock on a target T2. Wait until the battery is available T3. Send information to the battery T4. Wait until released

11 Multiple Target Detectors and a Single Firing Battery Use-case realizations
B1. Wait until a detector locks on a target B2. Receive information from the detector and fire B3. Release the detector T1. Lock on a target T2. Wait until the battery is available T3. Send information to the battery T4. Wait until released

12 Patterns for Target System
R_B3 R_T4 B3 T4 R_B1 R_T2 B1 B2 T3 T2 T1 Communicate BarrierWithInfoEx( R_B1, R_T2) Barrier(R_B1, R_T2) R_F Fire Bound(R_F,1) Relay(R_B3, R_T4)

13 Next Milestones Generate solutions to a large collection of standard synchronization problems Integrate Bandera to check safety/liveness properties Extend synthesis approach to distributed CAN-based systems including CanKingdom and CDA101 Examine existing CDA101 target code to assess how much of the adhoc synchronization code can be expressed in terms of our patterns Provide translations from patterns to CDA101 Add GUI with UML support to current prototype Extend global invariant approach to include real-time properties

14 Collaborations Stanford (SVC) MIT (analyses to optimize weaved code)
Rockwell-Collins, aJile systems (JEM boards) Honeywell Grammatech, Inc. (slicing techniques) Kvaser, AB (CAN Kingdom = CDA 101/11) Seaborne Targets Engineering Lab (CDA101) National Marine Electronics Association (NMEA)

15 Technology Transition/Transfer
DoD Target Systems Seaborne Targets: ST 2000 Airborne Targets: BQM-74 MQM-107 Ground Targets Commercial Applications NMEA 2000, CanKingdom - standards for real-time networking Variable-rate farming, in-vehicle electronics, industrial automation (PLC networks)

16 Seaborne Target 2000 (ST 2000)

17 Program Issues Difficult to do long range planning when there is a sense that funding is in jeapordy Program meetings provide little time for technical interchange Involvement of more industrial participants to provide challenge problems Limited equipment availability restricts full deployment of prototypes

Download ppt "Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods DARPA Order K203/AFRL Contract F33615-00-C-3044."

Similar presentations

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,

Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,
2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Object-Oriented Software Development CS 3331 Fall 2009.

Object-Oriented Software Development CS 3331 Fall 2009.
CS487 Software Engineering Omar Aldawud

CS487 Software Engineering Omar Aldawud
1 Prescriptive Process Models. 2 Prescriptive Models Prescriptive process models advocate an orderly approach to software engineering Prescriptive process.

1 Prescriptive Process Models. 2 Prescriptive Models Prescriptive process models advocate an orderly approach to software engineering Prescriptive process.
Presented by: Thabet Kacem Spring 2010. Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:

Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:
ProActive Task Manager Component for SEGL Parameter Sweeping Natalia Currle-Linde and Wasseim Alzouabi High Performance Computing Center Stuttgart (HLRS),

ProActive Task Manager Component for SEGL Parameter Sweeping Natalia Currle-Linde and Wasseim Alzouabi High Performance Computing Center Stuttgart (HLRS),
Vertically Integrated Analysis and Transformation for Embedded Software John Regehr University of Utah.

Vertically Integrated Analysis and Transformation for Embedded Software John Regehr University of Utah.
Department of Computer Science & Engineering College of Engineering Dr. Betty H.C. Cheng, Laura A. Campbell, Sascha Konrad The demand for distributed real-time.

Department of Computer Science & Engineering College of Engineering Dr. Betty H.C. Cheng, Laura A. Campbell, Sascha Konrad The demand for distributed real-time.
5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.

5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.
An Introduction to Programming and Object-Oriented Design Using Java By Jaime Niño and Fred Hosch Slides by Darwin Baines and Robert Burton.

An Introduction to Programming and Object-Oriented Design Using Java By Jaime Niño and Fred Hosch Slides by Darwin Baines and Robert Burton.
Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods Automatic Derivation, Integration, and.

Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods Automatic Derivation, Integration, and.
SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.

SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.
EMI INFSO-RI-261611 SA2 - Quality Assurance Alberto Aimar (CERN) SA2 Leader EMI First EC Review 22 June 2011, Brussels.

EMI INFSO-RI SA2 - Quality Assurance Alberto Aimar (CERN) SA2 Leader EMI First EC Review 22 June 2011, Brussels.
Ranga Rodrigo. The purpose of software engineering is to find ways of building quality software.

Ranga Rodrigo. The purpose of software engineering is to find ways of building quality software.
1 Introduction to Software Engineering Lecture 1.

1 Introduction to Software Engineering Lecture 1.
1/23 Prescriptive Process Models. 2/23 Prescriptive Models Prescriptive process models advocate an orderly approach to software engineering Prescriptive.

1/23 Prescriptive Process Models. 2/23 Prescriptive Models Prescriptive process models advocate an orderly approach to software engineering Prescriptive.

Similar presentations

Ads by Google