Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods DARPA Order K203/AFRL Contract F33615-00-C-3044.

Slides:



Advertisements
Similar presentations
Ch:8 Design Concepts S.W Design should have following quality attribute: Functionality Usability Reliability Performance Supportability (extensibility,
Advertisements

2009 – E. Félix Security DSL Toward model-based security engineering: developing a security analysis DSML Véronique Normand, Edith Félix, Thales Research.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Object-Oriented Software Development CS 3331 Fall 2009.
CS487 Software Engineering Omar Aldawud
1 Prescriptive Process Models. 2 Prescriptive Models Prescriptive process models advocate an orderly approach to software engineering Prescriptive process.
Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:
ProActive Task Manager Component for SEGL Parameter Sweeping Natalia Currle-Linde and Wasseim Alzouabi High Performance Computing Center Stuttgart (HLRS),
Vertically Integrated Analysis and Transformation for Embedded Software John Regehr University of Utah.
Department of Computer Science & Engineering College of Engineering Dr. Betty H.C. Cheng, Laura A. Campbell, Sascha Konrad The demand for distributed real-time.
5/24/011 Advanced Tool Integration for Embedded Systems Assurance Insup Lee Department of Computer and Information Science University of Pennsylvania.
An Introduction to Programming and Object-Oriented Design Using Java By Jaime Niño and Fred Hosch Slides by Darwin Baines and Robert Burton.
Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods Automatic Derivation, Integration, and.
SAMANVITHA RAMAYANAM 18 TH FEBRUARY 2010 CPE 691 LAYERED APPLICATION.
EMI INFSO-RI SA2 - Quality Assurance Alberto Aimar (CERN) SA2 Leader EMI First EC Review 22 June 2011, Brussels.
Ranga Rodrigo. The purpose of software engineering is to find ways of building quality software.
1 Introduction to Software Engineering Lecture 1.
1/23 Prescriptive Process Models. 2/23 Prescriptive Models Prescriptive process models advocate an orderly approach to software engineering Prescriptive.
Software Engineering Prof. Ing. Ivo Vondrak, CSc. Dept. of Computer Science Technical University of Ostrava
Fundamentals of Information Systems, Second Edition 1 Systems Development.
CIS 842: Specification and Verification of Reactive Systems Lecture 1: Course Overview Copyright 2001, Matt Dwyer, John Hatcliff, and Radu Iosif. The.
FDT Foil no 1 On Methodology from Domain to System Descriptions by Rolv Bræk NTNU Workshop on Philosophy and Applicablitiy of Formal Languages Geneve 15.
Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.
PROC-1 1. Software Development Process. PROC-2 A Process Software Development Process User’s Requirements Software System Unified Process: Component Based.
Tool-support for Invariant-based Specification, Synthesis, and Verification of Synchronization in Concurrent Java Programs M.S. Defense William Deng Department.
Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods Principal Investigators Matt Dwyer John.
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Examples: Simple BIR-Lite Examples Copyright 2004, Matt Dwyer, John Hatcliff,
© 2006 Pearson Addison-Wesley. All rights reserved 2-1 Chapter 2 Principles of Programming & Software Engineering.
Software Engineering and Object-Oriented Design Topics: Solutions Modules Key Programming Issues Development Methods Object-Oriented Principles.
Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.
Software Engineering Introduction.
Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods Automatic Derivation, Integration, and.
Formal Verification. Background Information Formal verification methods based on theorem proving techniques and model­checking –To prove the absence of.
Banaras Hindu University. A Course on Software Reuse by Design Patterns and Frameworks.
February 19, February 19, 2016February 19, 2016February 19, 2016 Azusa, CA Sheldon X. Liang Ph. D. Software Engineering in CS at APU Azusa Pacific.
From Use Cases to Implementation 1. Structural and Behavioral Aspects of Collaborations  Two aspects of Collaborations Structural – specifies the static.
Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods Automatic Derivation, Integration, and.
Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods Automatic Derivation, Integration, and.
From Use Cases to Implementation 1. Mapping Requirements Directly to Design and Code  For many, if not most, of our requirements it is relatively easy.
Sung-Dong Kim, Dept. of Computer Engineering, Hansung University Java - Introduction.
Principles of Programming & Software Engineering
Review of last class Software Engineering Modeling Problem Solving
Object-Oriented Software Engineering Using UML, Patterns, and Java,
Outline Other synchronization primitives
Software Life Cycle “What happens in the ‘life’ of software”
Other Important Synchronization Primitives
Design and Implementation
Program Synthesis is a Game
Software Design Methodology
Introduction to Software Engineering
Constructive Cost Model
Concurrency Specification
Model-Driven Analysis Frameworks for Embedded Systems
Automatic Derivation, Integration and Verification
An Introduction to Software Architecture
SAMANVITHA RAMAYANAM 18TH FEBRUARY 2010 CPE 691
Visual Modeling Using Rational Rose
Automated Analysis and Code Generation for Domain-Specific Models
Presented By: Darlene Banta
Applying Use Cases (Chapters 25,26)
Applying Use Cases (Chapters 25,26)
Chapter 5 Architectural Design.
Rich Model Toolkit – An Infrastructure for Reliable Computer Systems
Chapter 2: Building a System
From Use Cases to Implementation
Building a “System” Moving from writing a program to building a system. What’s the difference?! Complexity, size, complexity, size complexity Breadth.
Logical Architecture & UML Package Diagrams
Presentation transcript:

Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods DARPA Order K203/AFRL Contract F33615-00-C-3044 Principal Investigators Matt Dwyer John Hatcliff Masaaki Mizuno Mitch Neilsen Gurdip Singh Department of Computing and Information Sciences Kansas State University http://www.cis.ksu.edu/santos

Problem Description Embedded systems are growing in complexity and developers are looking towards OO technologies to manage that complexity Embedded systems software is multi-threaded for performance reasons System correctness relies on correct synchronization of multiple activities Synchronization design/implementation is low-level and platform specific Error prone and not reusable Design methods for OO do not treat synchronization effectively

Project Objectives I. Provide high-level, modular specification of global synchronization aspects … integrated with UML/RUP … formal specification via global invariants … language of composable invariant patterns … powerful, yet easy to use II. Automatic derivation and weaving of synchronization code … multiple language and synchronization targets (Java, C++, monitors, semaphores, etc.) … weaving & optimization via abstract interpretation and program specialization techniques Here are the goals of the project in a bit more detail… We provide support for high-level modular specification of global synchronization. For us, a specification will be a global invariant that enforces certain policies for entering and exiting critical regions. One writes a spec in a very simple language of composable invariant patterns, and then these patterns are compiled down to first-order logic. The pattern language is powerful (we’ve used it to solve all the exercises in a couple of well-known concurrent programming textbooks), yet it is easy to use. Finally, the process of writing the specifications is integrated with RUP. <click>From the initial specification,<click> we’ll be able to generate synchronization code for multiple languages (e.g., Java, C++) and for multiple synchronization primitives (e.g., monitors, or semaphores). Generated synchronization code is automatically woven with core functional code using program specialization techniques. <click>After synchronization code is generated, it will be checked automatically check for critical safety and liveness properties (such as absence of deadlock) that are not captured in the global invariants. This checking is carried out using software model-checking tool called Bandera that we developed in a previous DARPA project. <click>Finally, we’ll be evaluating this approach using some military systems for networking target vehicles. III. Automatic verification of critical safety and liveness properties of woven embedded code … domain-specific model-checking engines … built on previous DARPA work –Bandera environment IV. Evaluation using Common Digital Architecture (CDA101) … a new standard for military target vehicle electronics

Technical Approach --- Invariant Patterns Users never write formulas but instead build invariants using a collection of global invariant patterns… Bound(R,n) … at most n threads can be in region R Exclusion(R1,R2) … occupancy of region R1 and R2 should be mutually exclusive Resource(R1, R2, n) … region R1 is a producer, region R2 is a consumer of some resource with n initial resource values. Barrier(R1,R2) … the kth thread to enter R1 and the kth thread to enter R2 meet and leave their respective regions together So how do we build on this? First of all, to relieve users from having to write logic formulas, we identified five simple patterns that can be combined to specify almost every synchronization problem that we encountered. Synthesize efficient implementations that enforce invariants and link them automatically to sequential implementations of core system functionality.

Contribution to PCES Goals The overarching goal of the PCES program is novel technology and supporting engineering approaches that can greatly reduce effort to program embedded systems, while increasing confidence in the embedded software product. Invariants enable reuse of synchronization “code” across multiple systems and languages reduced effort Synthesis of “correct” synchronization implementations Eliminate a class of subtle errors  reduced testing effort, increased confidence Verification of properties not guaranteed by construction increased confidence

Contribution to Relevant Military Application Provide synchronization aspects for CDA101 - Common Digital Architecture CDA101 provides a common architecture for networking a wide range of target vehicle electronics Synchronization patterns can be used in existing systems and more importantly for future, more complex, target systems. DoD Target Systems Seaborne Targets: ST 2000 Airborne Targets: BQM-74, MQM-107

Project Tasks/Schedule Key Tasks Initial Optimized Full-scale Evaluation Synch Aspect language 5/01 5/02 11/01 + Aspect code synthesis 5/01 11/01 11/01 + Code weaver 5/01 5/02 5/02 + Verification 11/01 5/02 5/02 + 11/01 5/03 Integration 5/03 Non-synch Aspects 11/01

Technical Progress/Accomplishments Rational Unified Process (RUP) Fine-Grain Synchronization Code Complete Program Synch code generators C/??? and Java Complete Program Actors: Use Cases Classes: Use-Case Realizations Component Code Global invariant pattern Extensions and assessment Global Invariant Specs Coarse-Grain Solution Coarse grain generation: SVC and pattern based Initial ST2000 case-study

Synchronization Patterns Barrier(R_1,R_2) BarrierWithInfoEx(R_1,R_2) Relay(R_1,R_2) Bound(R, n) R n In Out R_1 In_1 Out_1 R_2 In_2 Out_2

Multiple Target Detectors and a Single Firing Battery Use-case realizations B1. Wait until a detector locks on a target B2. Receive information from the detector and fire B3. Release the detector T1. Lock on a target T2. Wait until the battery is available T3. Send information to the battery T4. Wait until released

Multiple Target Detectors and a Single Firing Battery Use-case realizations B1. Wait until a detector locks on a target B2. Receive information from the detector and fire B3. Release the detector T1. Lock on a target T2. Wait until the battery is available T3. Send information to the battery T4. Wait until released

Patterns for Target System R_B3 R_T4 B3 T4 R_B1 R_T2 B1 B2 T3 T2 T1 Communicate BarrierWithInfoEx( R_B1, R_T2) Barrier(R_B1, R_T2) R_F Fire Bound(R_F,1) Relay(R_B3, R_T4)

Next Milestones Generate solutions to a large collection of standard synchronization problems Integrate Bandera to check safety/liveness properties Extend synthesis approach to distributed CAN-based systems including CanKingdom and CDA101 Examine existing CDA101 target code to assess how much of the adhoc synchronization code can be expressed in terms of our patterns Provide translations from patterns to CDA101 Add GUI with UML support to current prototype Extend global invariant approach to include real-time properties

Collaborations Stanford (SVC) MIT (analyses to optimize weaved code) Rockwell-Collins, aJile systems (JEM boards) Honeywell Grammatech, Inc. (slicing techniques) Kvaser, AB (CAN Kingdom = CDA 101/11) Seaborne Targets Engineering Lab (CDA101) National Marine Electronics Association (NMEA)

Technology Transition/Transfer DoD Target Systems Seaborne Targets: ST 2000 Airborne Targets: BQM-74 MQM-107 Ground Targets Commercial Applications NMEA 2000, CanKingdom - standards for real-time networking Variable-rate farming, in-vehicle electronics, industrial automation (PLC networks)

Seaborne Target 2000 (ST 2000)

Program Issues Difficult to do long range planning when there is a sense that funding is in jeapordy Program meetings provide little time for technical interchange Involvement of more industrial participants to provide challenge problems Limited equipment availability restricts full deployment of prototypes