Presentation is loading. Please wait.

Presentation is loading. Please wait.

GCM/ProActive: a distributed component model, its implementation, and its formalisation Ludovic Henrio OASIS Team INRIA – UNS – I3S – CNRS Sophia Antipolis.

Published byNelson Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "GCM/ProActive: a distributed component model, its implementation, and its formalisation Ludovic Henrio OASIS Team INRIA – UNS – I3S – CNRS Sophia Antipolis."— Presentation transcript:

1 GCM/ProActive: a distributed component model, its implementation, and its formalisation Ludovic Henrio OASIS Team INRIA – UNS – I3S – CNRS Sophia Antipolis http://www-sop.inria.fr/oasis/Ludovic.Henrio/

2 Our general approach 2 Programming model and definitions Optimizations Implementation Optimizations Verification and tools GenericpropertiesGenericproperties

3 3 Programming model and definitions Programming model and definitions Optimizations Implementation Optimizations Verification tools GenericpropertiesGenericproperties definitions properties Definitions and Properties are easy to understand check the proofs Our general approach

4 4 Programming model and definitions Programming model and definitions Optimizations Implementation Optimizations Verification tools GenericpropertiesGenericproperties definitions properties Definitions and Properties are easy to understand Our general approach

5 Agenda I.A Distributed Component Model: implementation and formalisation II.Behavioural Specification III.A Few Hot Topics 5

6 What are Components? 6 Business code Primitive component Server / input Client / output

7 What are GCM Components? 7 Business code Primitive component Business code Primitive component Composite component  Grid Component Model (GCM) An extension of Fractal for Distributed computing  Reference implementation: GCM/ProActive based on the ProActive Java library  Grid Component Model (GCM) An extension of Fractal for Distributed computing  Reference implementation: GCM/ProActive based on the ProActive Java library

8 But what is a Good size for a (primitive) Component? Not a strict requirement, but somehow imposed by the model design According to CCA or SCA, a service (a component contains a provided business function) According to Fractal, a few objects According to GCM, a process 8 GCM: A Grid Extension to Fractal for Autonomous Distributed Components - F. Baude, D. Caromel, C. Dalmasso, M. Danelutto, V. Getov, L. Henrio, C. Pérez - Annals of Telecom. - 2008  In GCM/ProActive, 1 Component (data/code unit) = 1 Active object (1 thread = unit of concurrency) = 1 Location (unit of distribution)  In GCM/ProActive, 1 Component (data/code unit) = 1 Active object (1 thread = unit of concurrency) = 1 Location (unit of distribution)

9 A Primitive GCM Component 9 CI.foo(p) In ProActive/GCM a primitive component is an active object  Primitive components communicating by asynchronous requests on interfaces  Components abstract away distribution and concurrency In ProActive/GCM a primitive component is an active object  Primitive components communicating by asynchronous requests on interfaces  Components abstract away distribution and concurrency CI

10 Futures for Components 10 f=CI.foo(p) ………. g=f+3 Component are independent entities (threads are isolated in a component) + Asynchronous requests with results  Futures are necessary Component are independent entities (threads are isolated in a component) + Asynchronous requests with results  Futures are necessary 1 2 3

11 First-class Futures 11 f=CI.foo(p) ……………… CI.foo(f) Only strict operations are blocking (access to a future) Communicating a future is not a strict operation In ProActive and ASP, futures are created and accessed implicitly (no explicit type “future”) IN contrast with Creol, Jcobox,... Last minute note: Any service policy (FIFO or FIFO filtered) Only strict operations are blocking (access to a future) Communicating a future is not a strict operation In ProActive and ASP, futures are created and accessed implicitly (no explicit type “future”) IN contrast with Creol, Jcobox,... Last minute note: Any service policy (FIFO or FIFO filtered)

12 First-class Futures and Hierarchy … … … Without first-class futures, one thread is systematically blocked in the composite component. A lot of blocked threads In GCM/ProActive  systematic deadlock Without first-class futures, one thread is systematically blocked in the composite component. A lot of blocked threads In GCM/ProActive  systematic deadlock return C1.foo(x) 12

13 Future Update Strategies (Muhammad Khan) How to bring future values to components that need them? A “naive” approach: Any component can receive a value for a future reference it holds. More operational is the lazy approach: 13 require future value

14 Eager home-based future update avoids to store future values indefinitely Relies on future registration 14 register future Results sent as soon as available Every component with future reference is registered Un-necessary transfers Garbage collection of computed results possible Formalised in Isabelle Results sent as soon as available Every component with future reference is registered Un-necessary transfers Garbage collection of computed results possible Formalised in Isabelle First Class Futures: Specification and Implementation of Update Strategies L. Henrio, Muhammad U. Khan, Nadia Ranaldo, Eugenio Zimeo CoreGRID@Europar 2010.

15 A Framework for Reasoning on Components in Isabelle/HOL Formalise GCM in a theorem prover (Isabelle/HOL ) Component hierarchical Structure Bindings, etc… Design Choices  Suitable abstraction level  Suitable representation (List / Finite Set, etc …) Basic lemmas on component structure Semantics for primitive components (~LTS) Delegation semantics for composites 15 Business code Primitive component Composite component A Framework for Reasoning on Component Composition Ludovic Henrio, Florian Kammüller, and Muhammad Uzair Khan - FMCO 2009, Springer

16 Properties on Future updates Future updates remove all references to a given future All Future references are registered during reduction register future Garbage collectable Complete registration Ludovic Henrio and Muhammad Uzair Khan “Asynchronous Components with Futures: Semantics and Proofs in Isabelle/HOL” - FESCA 2010 - ENTCS 16

17 A refined GCM model in Isabelle/HOL More precise than GCM, give a semantics to the model:  asynchronous communications: future / requests  request queues  no shared memory between components  notion of request service More abstract than ProActive/GCM  can be multithreaded  no active object, not particularly object-oriented 17 Similarities with: SCA and Fractal (structure), Creol (futures) A guide for implementing and proving properties of component middlewares

18 Agenda I.A Distributed Component Model: implementation and formalisation II.Behavioural Specification III.A Few Hot Topics 18

19 How to ensure the correct behaviour of a given program? Theorem proving too complicated for the ProActive programmer Our approach: behavioural specification 19 Service methods pNets: Behavioural Models for Distributed Fractal Components Antonio Cansado, Ludovic Henrio, and Eric Madelaine - Annals of Telecommunications - 2008  Trust the implementation step  Or static analysis  Generate correct (skeletons of) components (+static and/or runtime checks)  Trust the implementation step  Or static analysis  Generate correct (skeletons of) components (+static and/or runtime checks)

20 Full picture: a pNet 20 !Q_Write(b) ?Q_Write(x) Support for parameterized families Syncronisation vectors

21 Basic pNets: parameterized LTS 21 Labelled transition systems, with: Value passing Local variables Guards…. Can be written as a UML diagram Eric MADELAINE

22 Use-case: Fault-tolerant storage 22 1 composite component with 2 external services Read/Write. The service requests are delegated to the Master. 1 multicast interface sending write/read/commit requests to all slaves. the slaves reply asynchronously, the master only needs enough coherent answers to terminate Verifying Safety of Fault-Tolerant Distributed Components Rabéa Ameur-Boulifa, Raluca Halalai, Ludovic Henrio, and Eric Madelaine - FACS 2011

23 Properties proved Reachability(*): 1- The Read service can terminate  fid:nat among {0...2}. ∃ b:bool. true 2- Is the BFT hypothesis respected by the model ? true Termination: After receiving a Q_Write(f,x) request, it is (fairly) inevitable that the Write services terminates with a R_Write(f) answer, or an Error is raised. Functional correctness: After receiving a ?Q_Write(f1,x), and before the next ?Q_Write, a ?Q_Read requests raises a !R_Read(y) response, with y=x (*) Model Checking Language (MCL), Mateescu et al, FM’08 23 Prove  generic properties like absence of deadlock  or properties specific to the application logic Prove  generic properties like absence of deadlock  or properties specific to the application logic

24 Recent advances in behavioural specification for GCM Scaling-up : gained orders of magnitude by a combination of:  data abstraction,  compositional and contextual minimization,  distributed state-space generation. Specified formally the whole generation process (in progress) 24 pNets: 2004-2008 CoCoME: hier. & synch. FACS’08: 1 st class futures WCSI’10: group communication FACS’11: GCM & multicast interfaces Application to BFT More to come ? Reconfiguration...

25 Agenda I.A Distributed Component Model: implementation and formalisation II.Behavioural Specification III.A Few Hot Topics 25

26 Adaptation in the GCM Functional adaptation: adapt the architecture + behaviour of the application to new requirements/objectives Non-functional adaptation: adapt the architecture of the container+middleware to changing environment/NF requirements (QoS …) Additional support for reconfiguration: A stopping algorithm for GCM components A Scripting language for reconfiguring distributed components 26 A Component Platform for Experimenting with Autonomic Composition Françoise Baude, Ludovic Henrio, and Paul Naoumenko. Autonomics 2007. Both functional and non-functional adaptation are expressed as reconfigurations Language support for distributed reconfiguration: GCM-script A platform for designing and running autonomic components Both functional and non-functional adaptation are expressed as reconfigurations Language support for distributed reconfiguration: GCM-script A platform for designing and running autonomic components

27 Formalising Reconfiguration (preliminary) In our Isabelle/HOL model component structure known at runtime  Two reconfiguration primitives formalised  Basic proofs illustrate the feasibility of the approach In our behavioural model  Old results: start/stop/bind for Fractal components  For GCM: formalisation and experiments in progress 27

28 Correct component reconfiguration Towards safety and autonomicity Verify reconfiguration procedures Safe adaptation procedures for autonomic applications Some directions:  Parameterized topologies: ADL[N] ; behavioural specification (pNets) ; reconfiguration primitives  Use of theorem proving + prove equivalence between the Isabelle GCM model and the behavioural specification  prove and use generic properties of reconfiguration procedures 28

29 Correct component reconfiguration Towards safety and autonomicity Verify reconfiguration procedures Safe adaptation procedures for autonomic applications Some directions:  Parameterized topologies: ADL[N] ; behavioural specification (pNets) ; reconfiguration primitives  Use of theorem proving + prove equivalence between the Isabelle GCM model and the behavioural specification  prove and use generic properties of reconfiguration procedures 29 [N]

30 Primitive Multi-Active GCM Component 30 add() { … … } monitor() {… … } add() { CI.foo(p) } Provided add, add and monitor are compatible join() Compatibility is defined by annotations in the Java code Fewer deadlocks, better adapted to multicore architectures Fewer deadlocks, better adapted to multicore architectures

31 Implemented multi-active objects above ProActive Added dynamic compatibility rules Used on case studies (NAS, CAN) Specified the semantics of Multi-ASP Proved first properties, i.e., the semantics guarantees that two requests executed in parallel are compatible Next steps:  Publish the model  Formalisation in Isabelle/HOL  Use the new model  Prove stronger properties (confluence?) Results / Status 31 Conclusion: Active objects and components fit well together

32 Special thanks to … 32 Eric Madelaine Antonio Cansado Marcela Rivera Paul Naoumenko Muhammad Khan Boutheina Bannour Florian Kammueller Françoise Baude CoreGrid partners Denis Caromel Some of the people involved in this work Fabrice Huet Zsolt Istvan Rabéa Boulifa And others !!! Tomas Barros

Download ppt "GCM/ProActive: a distributed component model, its implementation, and its formalisation Ludovic Henrio OASIS Team INRIA – UNS – I3S – CNRS Sophia Antipolis."

Similar presentations

Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,

Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,
Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.

Translation-Based Compositional Reasoning for Software Systems Fei Xie and James C. Browne Robert P. Kurshan Cadence Design Systems.
Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.

Foundational Certified Code in a Metalogical Framework Karl Crary and Susmit Sarkar Carnegie Mellon University.
Towards a Practical Composition Language Oscar Nierstrasz Software Composition Group University of Bern.

Towards a Practical Composition Language Oscar Nierstrasz Software Composition Group University of Bern.
Denis Caromel1 Joint work with Ludovic Henrio – Eric Madelaine et. OASIS members OASIS Team INRIA -- CNRS - I3S – Univ. of Nice Sophia-Antipolis, IUF.

Denis Caromel1 Joint work with Ludovic Henrio – Eric Madelaine et. OASIS members OASIS Team INRIA -- CNRS - I3S – Univ. of Nice Sophia-Antipolis, IUF.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,

Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,
Nadia Ranaldo - Eugenio Zimeo Department of Engineering University of Sannio – Benevento – Italy 2008 ProActive and GCM User Group Orchestrating.

Nadia Ranaldo - Eugenio Zimeo Department of Engineering University of Sannio – Benevento – Italy 2008 ProActive and GCM User Group Orchestrating.
Session 2: task 3.2 GCM, Kracow, June 27 2006 l Current status of GCM Denis Caromel (10 mn each talk) l Wrapping CCA Components as GCM Components Maciej.

Session 2: task 3.2 GCM, Kracow, June l Current status of GCM Denis Caromel (10 mn each talk) l Wrapping CCA Components as GCM Components Maciej.
Concurrency CS 510: Programming Languages David Walker.

Concurrency CS 510: Programming Languages David Walker.
A Case Study in Componentising a Scientific Application for the Grid  Nikos Parlavantzas, Matthieu Morel, Françoise Baude, Fabrice Huet, Denis Caromel,

A Case Study in Componentising a Scientific Application for the Grid  Nikos Parlavantzas, Matthieu Morel, Françoise Baude, Fabrice Huet, Denis Caromel,
Optimisation of behaviour of component-based distributed systems INRIA - I3S - CNRS – University of Nice Sophia-Antipolis EPC SCALE Galyna Zholtkevych.

Optimisation of behaviour of component-based distributed systems INRIA - I3S - CNRS – University of Nice Sophia-Antipolis EPC SCALE Galyna Zholtkevych.
INTRODUCING SCA Byungwook Cho Nov.2007.

INTRODUCING SCA Byungwook Cho Nov.2007.
Asynchronous Components Asynchronous communications: from calculi to distributed components.

Asynchronous Components Asynchronous communications: from calculi to distributed components.
Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine.

Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine.
INRIA Sophia-Antipolis, Oasis team INRIA Rhône-Alpes, Vasy team Feria–IRIT/LAAS, SVF team Toulouse GET - ENST Paris, LTCI team FIACRE Models and Tools.

INRIA Sophia-Antipolis, Oasis team INRIA Rhône-Alpes, Vasy team Feria–IRIT/LAAS, SVF team Toulouse GET - ENST Paris, LTCI team FIACRE Models and Tools.
Formal Models for Programming and Composing Correct Distributed Systems Jury : Gordon BlairFabienne BoyerEric Madelaine Pascal PoizatMichel RiveillDavide.

Formal Models for Programming and Composing Correct Distributed Systems Jury : Gordon BlairFabienne BoyerEric Madelaine Pascal PoizatMichel RiveillDavide.
Oct. 2012 Multi-threaded Active Objects Ludovic Henrio, Fabrice Huet, Zsolt Istvàn June 2013 –

Oct Multi-threaded Active Objects Ludovic Henrio, Fabrice Huet, Zsolt Istvàn June 2013 –
The Grid Component Model: an Overview “Proposal for a Grid Component Model” DPM02 “Basic Features of the Grid Component Model (assessed)” -- DPM04 CoreGrid.

The Grid Component Model: an Overview “Proposal for a Grid Component Model” DPM02 “Basic Features of the Grid Component Model (assessed)” -- DPM04 CoreGrid.
Oct. 2012 Active objects: programming and composing safely large-scale distributed applications Ludovic Henrio SCALE team, CNRS – Sophia Antipolis July.

Oct Active objects: programming and composing safely large-scale distributed applications Ludovic Henrio SCALE team, CNRS – Sophia Antipolis July.

Similar presentations

Ads by Google