Automatic Derivation Integration and Verification of Synchronization Aspects
- Slides: 17
Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods DARPA Order K 203/AFRL Contract F 33615 -00 -C-3044 Principal Investigators Matt Dwyer Department of Computing and John Hatcliff Information Sciences Masaaki Mizuno Mitch Neilsen Kansas State University Gurdip Singh http: //www. cis. ksu. edu/santos
Problem Description Embedded systems are growing in complexity and developers are looking towards OO technologies to manage that complexity l Design methods for OO do not treat synchronization effectively l Embedded systems software is multi-threaded for performance reasons l – System correctness relies on correct synchronization of multiple activities l Synchronization design/implementation is low-level and platform specific – Error prone and not reusable
Project Objectives I. Provide high-level, modular specification of global synchronization aspects … powerful, yet easy to use … formal specification via global invariants … language of composable invariant … integrated with UML/RUP patterns II. Automatic derivation and weaving of synchronization code … multiple language and … weaving & optimization via synchronization targets (Java, abstract interpretation and C++, monitors, semaphores, etc. ) program specialization techniques III. Automatic verification of critical safety and liveness properties of woven embedded code … domain-specific model-checking engines … built on previous DARPA work – Bandera environment IV. Evaluation using Common Digital Architecture (CDA 101) … a new standard for military target vehicle electronics
Technical Approach/Accomplishments Rational Unified Process (RUP) Actors: Use Cases Classes: Use-Case Realizations Component Code Global Invariant Specs l Synchronization specifications Coarse-Grain Solution l Automated coarse-grain generation – SVC and pattern-based Fine-Grain Synchronization Code Synch-code generators – C/C++ and Java – Monitor, Semaphore, … – via invariants – Identify common idioms/patterns l Complete Program l Prototype release 9/01
Technical Approach --- Specifications Users never write raw invariants but instead build synchronization specifications using a collection of global invariant patterns (idioms)… l Bound(R, n) … at most n threads can be in region R l Exclusion(R 1, R 2) … occupancy of region R 1 and R 2 should be mutually exclusive l Resource(R 1, R 2, n) … region R 1 is a producer, region R 2 is a consumer of some resource with n initial resource values. l Barrier(R 1, R 2) … the kth thread to enter R 1 and the kth thread to enter R 2 meet and leave their respective regions together l …
Contribution to PCES Goals The overarching goal of the PCES program is novel technology and supporting engineering approaches that can greatly reduce effort to program embedded systems, while increasing confidence in the embedded software product. l Invariant patterns enable reuse of synchronization “solutions” across multiple systems and languages – Evaluate reduction in effort • in the context of OEPs • on existing applications, if suitable code/design history is available • on controlled system development (class projects) l Synthesis of “correct” synchronization implementations potentially eliminates a class of subtle coding errors – Evaluate potential for reducing errors and validation effort • as above
Contribution to Relevant Military Application l Apply our approach to CDA 101 based systems – CDA 101 provides a common architecture for networking target vehicle electronics using CAN – Extract synchronization regions from existing applications and re-engineer using our approach l Do. D Target System Studies – Seaborne (ST 2000) and Airborne (BQM-74, MQM-107) l CDA 101 and NMEA 2000 co-evolving standards – NMEA 2000 working group member – Regular interaction with and source-code from Seaborne Targets Engineering Group (NAWC – Point Mugu, CA)
Project Tasks/Schedule Key Tasks Synch Aspect language Aspect code synthesis Initial Optimized Full-scale Evaluation 5/01 5/02 5/01 11/01 + Code weaver 5/01 5/02 + Verification 11/01 5/02 + Integration 11/01 5/03 Non-synch Aspects 5/02 5/03 11/01 +
Collaborations l l l l l Stanford (SVC) Berkeley (Bane) MIT (analyses to optimize weaved code) Grammatech, Inc. (slicing/verification techniques) Collins, a. Jile systems (JEM boards) Honeywell (challenge problems from avionics) Kvaser, AB (CAN Kingdom = CDA 101/11) Seaborne Targets Engineering Lab (CDA 101) National Marine Electronics Association (NMEA)
Technology Transition/Transfer l CDA 101 based Target Systems – Seaborne Targets: • ST 2000 – Airborne Targets: • BQM-74 • MQM-107 l Commercial Applications – NMEA 2000, Can. Kingdom - standards for realtime networking – Precision farming, industrial automation
Program Issues Difficult to do long range planning when there is a sense that funding is in jeopardy l Program meetings provide little time for technical interchange l – i. e. , identifying future collaborators l Involvement of more industrial participants to provide challenge problems – i. e. , need more than code and documentation l Limited equipment availability restricts full deployment of prototypes
Synchronization Regions Use-case Realizations System Use-case Realizations Wake. Up Use-Case Wait Wake. Up Wait Actor Classes/Objects
Synchronization Patterns (excerpts) Bound(R, n) In R n Out Barrier(R_1, R_2) Relay(R_1, R_2) Barrier. With. Info. Ex(R_1, R_2) In_1 R_1 Out_1 In_2 R_2 Out_2 • 8 basic patterns in current collection (many more composite patterns) • Pattern compositions can solve all synchronization problems in Andrew’s and Hartley’s books • We welcome challenge problems from PCES participants
Multiple Target Detectors and a Single Firing Battery Use-case realizations B 1. Wait until a detector locks on a target l B 2. Receive information from the detector and fire l B 3. Release the detector l T 1. Lock on a target l T 2. Wait until the battery is available l T 3. Send information to the battery l T 4. Wait until released l
Multiple Target Detectors and a Single Firing Battery Use-case realizations B 1. Wait until a detector locks on a target l B 2. Receive information from the detector and fire l B 3. Release the detector l T 1. Lock on a target l T 2. Wait until the battery is available l T 3. Send information to the battery l T 4. Wait until released l
Patterns for Target System Barrier. With. Info. Ex( Barrier(R_B 1, R_T 2) T 1 B 1 R_B 1 B 2 R_T 2 Communicate T 2 T 3 Bound(R_F, 1) Relay(R_B 3, R_T 4) Fire R_F B 3 R_T 4
Next Milestones (6 -9 -12 months) Extend synthesis approach to distributed CAN-based systems including Can. Kingdom and CDA 101 l Public distribution of prototype synchronization specification, code generation, and weaving tools l Generate solutions to other synchronization problems from CDA 101, Industrial Automation (KTEC) and Agricultural (John Deere) applications l Extend global invariant approach to address real-time synchronization properties (e. g. , priority inversion) l Integrate Bandera to check safety/liveness properties l
- Leftmost derivation and rightmost derivation
- Forward integration and backward integration
- Make or buy continuum
- Simultaneous integration examples
- Synchronization algorithms and concurrent programming
- Fast clock to slow clock synchronization
- Types of semaphore in os
- Process synchronization in os
- Data synchronization in tally
- Multiprocessor synchronization
- Lean synchronization
- Basic bgp configuration
- Lock free synchronization
- Classical synchronization problems
- Synchronization tools in operating system
- Process synchronization in os
- Basic synchronization principles
- Windchill workspace synchronization