Automatic Derivation Integration and Verification of Synchronization Aspects

Problem Description Embedded systems are growing in complexity and developers are looking towards OO

Project Objectives I. Provide high-level, modular specification of global synchronization aspects … powerful, yet

Technical Approach --- Invariant Patterns Users never write formulas but instead build invariants using

Contribution to PCES Goals The overarching goal of the PCES program is novel technology

Contribution to Relevant Military Application l Provide synchronization aspects for CDA 101 Common Digital

Project Tasks/Schedule Key Tasks Synch Aspect language Aspect code synthesis Initial Optimized Full-scale Evaluation

Technical Progress/Accomplishments Rational Unified Process (RUP) Actors: Use Cases Classes: Use-Case Realizations Component Code

Synchronization Regions Use-case Realizations System Use-case Realizations Wake. Up Use-Case Wait Wake. Up Wait

Synchronization Patterns (excerpts) Bound(R, n) In R n Out Barrier(R_1, R_2) Relay(R_1, R_2) Barrier.

Multiple Target Detectors and a Single Firing Battery Use-case realizations B 1. Wait until

Patterns for Target System Barrier. With. Info. Ex( Barrier(R_B 1, R_T 2) T 1

Next Milestones Generate solutions to a large collection of standard synchronization problems l Integrate

Collaborations l l l l Stanford (SVC) MIT (analyses to optimize weaved code) Rockwell-Collins,

Technology Transition/Transfer l Do. D Target Systems – Seaborne Targets: ST 2000 – Airborne

Program Issues Difficult to do long range planning when there is a sense that

Slides: 18

Download presentation

Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods DARPA Order K 203/AFRL Contract F 33615 -00 -C-3044 Principal Investigators Matt Dwyer Department of Computing and John Hatcliff Information Sciences Masaaki Mizuno Mitch Neilsen Kansas State University Gurdip Singh http: //www. cis. ksu. edu/santos

Problem Description Embedded systems are growing in complexity and developers are looking towards OO technologies to manage that complexity l Embedded systems software is multi-threaded for performance reasons l – System correctness relies on correct synchronization of multiple activities l Synchronization design/implementation is low-level and platform specific – Error prone and not reusable l Design methods for OO do not treat synchronization effectively

Project Objectives I. Provide high-level, modular specification of global synchronization aspects … powerful, yet easy to use … formal specification via global invariants … language of composable invariant … integrated with UML/RUP patterns II. Automatic derivation and weaving of synchronization code … multiple language and … weaving & optimization via synchronization targets (Java, abstract interpretation and C++, monitors, semaphores, etc. ) program specialization techniques III. Automatic verification of critical safety and liveness properties of woven embedded code … domain-specific model-checking engines … built on previous DARPA work – Bandera environment IV. Evaluation using Common Digital Architecture (CDA 101) … a new standard for military target vehicle electronics

Technical Approach --- Invariant Patterns Users never write formulas but instead build invariants using a collection of global invariant patterns… l Bound(R, n) … at most n threads can be in region R l Exclusion(R 1, R 2) … occupancy of region R 1 and R 2 should be mutually exclusive l Resource(R 1, R 2, n) … region R 1 is a producer, region R 2 is a consumer of some resource with n initial resource values. l Barrier(R 1, R 2) … the kth thread to enter R 1 and the kth thread to enter R 2 meet and leave their respective regions together Synthesize efficient implementations that enforce invariants and link them automatically to sequential implementations of core system functionality.

Contribution to PCES Goals The overarching goal of the PCES program is novel technology and supporting engineering approaches that can greatly reduce effort to program embedded systems, while increasing confidence in the embedded software product. Invariants enable reuse of synchronization “code” across multiple systems and languages – reduced effort l Synthesis of “correct” synchronization implementations – Eliminate a class of subtle errors reduced testing effort, increased confidence l Verification of properties not guaranteed by construction – increased confidence l

Contribution to Relevant Military Application l Provide synchronization aspects for CDA 101 Common Digital Architecture – CDA 101 provides a common architecture for networking a wide range of target vehicle electronics – Synchronization patterns can be used in existing systems and more importantly for future, more complex, target systems. l Do. D Target Systems – Seaborne Targets: ST 2000 – Airborne Targets: BQM-74, MQM-107 – Ground Targets

Project Tasks/Schedule Key Tasks Synch Aspect language Aspect code synthesis Initial Optimized Full-scale Evaluation 5/01 5/02 5/01 11/01 + Code weaver 5/01 5/02 + Verification 11/01 5/02 + Integration 11/01 5/03 Non-synch Aspects 11/01 5/03 11/01 +

Technical Progress/Accomplishments Rational Unified Process (RUP) Actors: Use Cases Classes: Use-Case Realizations Component Code Global Invariant Specs l Global invariant pattern Coarse-Grain Solution l – Extensions and assessment l Coarse grain generation: Complete Program Fine-Grain Synchronization Code Synch code generators – C/? ? ? and Java l Initial CDA-101 case-study – Seaborne Target (ST 2000) – SVC and pattern based l Prototype release 9/01

Synchronization Regions Use-case Realizations System Use-case Realizations Wake. Up Use-Case Wait Wake. Up Wait Actor Classes/Objects

Synchronization Patterns (excerpts) Bound(R, n) In R n Out Barrier(R_1, R_2) Relay(R_1, R_2) Barrier. With. Info. Ex(R_1, R_2) In_1 R_1 Out_1 In_2 R_2 Out_2 • ? ? ? patterns in current collection • General enough to solve all synchronization problems in Andrew’s book • We welcome challenge problems from PCES participants

Multiple Target Detectors and a Single Firing Battery Use-case realizations B 1. Wait until a detector locks on a target l B 2. Receive information from the detector and fire l B 3. Release the detector l T 1. Lock on a target l T 2. Wait until the battery is available l T 3. Send information to the battery l T 4. Wait until released l

Patterns for Target System Barrier. With. Info. Ex( Barrier(R_B 1, R_T 2) T 1 B 1 R_B 1 B 2 R_T 2 Communicate T 2 T 3 Bound(R_F, 1) Relay(R_B 3, R_T 4) Fire R_F B 3 R_T 4

Next Milestones Generate solutions to a large collection of standard synchronization problems l Integrate Bandera to check safety/liveness properties l Extend synthesis approach to distributed CAN-based systems including Can. Kingdom and CDA 101 l – Examine existing CDA 101 target code to assess how much of the adhoc synchronization code can be expressed in terms of our patterns – Provide translations from patterns to CDA 101 Add GUI with UML support to current prototype l Extend global invariant approach to include real-time properties l

Collaborations l l l l Stanford (SVC) MIT (analyses to optimize weaved code) Rockwell-Collins, a. Jile systems (JEM boards) Honeywell Grammatech, Inc. (slicing techniques) Kvaser, AB (CAN Kingdom = CDA 101/11) Seaborne Targets Engineering Lab (CDA 101) National Marine Electronics Association (NMEA)

Technology Transition/Transfer l Do. D Target Systems – Seaborne Targets: ST 2000 – Airborne Targets: • BQM-74 • MQM-107 – Ground Targets l Commercial Applications – NMEA 2000, Can. Kingdom - standards for realtime networking – Precision farming, in-vehicle electronics, industrial automation

Seaborne Target 2000 (ST 2000)

Program Issues Difficult to do long range planning when there is a sense that funding is in jeapordy l Program meetings provide little time for technical interchange l Involvement of more industrial participants to provide challenge problems l Limited equipment availability restricts full deployment of prototypes l