Presentation is loading. Please wait.

Presentation is loading. Please wait.

David Harel, Robby Lampert, Assaf Marron, Gera Weiss

Published byBarrie Jayson Payne Modified over 6 years ago

Similar presentations

Presentation on theme: "David Harel, Robby Lampert, Assaf Marron, Gera Weiss"— Presentation transcript:

1 David Harel, Robby Lampert, Assaf Marron, Gera Weiss
Composing Independent Behaviors into Executable (and Verifiable) Systems and Models David Harel, Robby Lampert, Assaf Marron, Gera Weiss Weizmann Institute of Science Ben Gurion University of the Negev

2 The Behavioral Programming Paradigm
Software modules aligned with requirements Addition, refinement, and removal of behaviors without modifying existing code class AddHotFiveTimes extends BThread {     public void runBThread() {         for (int i=1; i<=5; i++) {             bSync(addHot, none, none);         }     } } Req. 3.1 Behavior Threads Req class AddColdFiveTimes BThread {     public void runBThread() {         for (int i=1; i<=5; i++) {             bSync(addCold, none, none);         }     } } Patch 7.1 class Interleave extends BThread {     public void runBThread() {         while (true) { bSync(none, addHot, addCold); bSync(none, addCold, addHot);         }     } }

3 Execution cycle All behavior threads (b-threads) synchronize and: Request events: propose events to be considered for triggering; Wait for events: ask to be notified when events are triggered; Block events: temporarily forbid the triggering of events. An event that is requested and not blocked is selected. B-threads waiting for this event proceed to their next state.

4 Event selection mechanism
Wait B-s Behavior Threads Request Block

5 Event selection mechanism
Wait B-s Behavior Threads Request Block

6 Event selection mechanism
Wait B-s Behavior Threads Request Block

7 Example: Coding b-threads in Java
class AddHotFiveTimes extends BThread {     public void runBThread() {         for (int i=1; i<=5; i++) {             bSync(addHot, none, none);         }     } } addHot addHot addCold addCold addCold addCold addCold class AddColdFiveTimes BThread {     public void runBThread() {         for (int i=1; i<=5; i++) {             bSync(addCold, none, none);         }     } } addHot addCold addHot addCold class Interleave extends BThread {     public void runBThread() {         while (true) { bSync(none, addHot, addCold); bSync(none, addCold, addHot);         }     } }

8 Main application: reactive embedded systems
Complexity stems from the need to interleave many simultaneous behaviors

9 Modeling and simulation
Biology, Process control, Telecommunication, Safety

10 Alignment of code modules with requirements
When I put two Xs in a line, you need to put an O in the third square bSync(none, X<1,2>, none); bSync(none, X<2,2>, none); bSync(O<3,1>, none, none);

11 Some B-threads of a Tic-Tac-Toe Game
SquareTaken: (multiple instances) Wait for a given square to be marked by X or O. Block any marking of that square. AddThirdO: (multiple instances) Wait for two given O moves in a line. Request marking of the third square in that line. EnforcePlayersTurns: (one instance) Block all O moves, wait for any X move. Block all X moves, wait for any O move. X O 11/21/2018 Let’s take a few examples of TTT b-threads. Talk about different implementation. E.g. SquareTaken can be one thread that looks at the board or can be 9 threads that don’t event know that they are playing TTT – just watching for something and blocking something else. On Visualization and Comprehension of Scenario-Based Programs

12 A b-thread Example: – Detect O Win
Wait for 3 specific events Announce it by Requesting “Owin”

13 The main program: Adding all behaviors
…except for “Add-Third-O”

14 Model Checking – X Wins ! 
Verification failed: X(0,0) O(1,1) X(2,2) O(0,1) X(2,0) O(1,0) X(2,1)

15 What went Wrong? A new Requirement: when you can win – WIN!!

16 A new b-thread: Add Third O
Wait for 2 specific events Request the winning move

17 Add the new b-thread to the main program

18 Verification successful
Duration (seconds) : Msec per state : Msec per Transition: Number of states: Number of transitions: 1331 Actual depth (BFS): 9 Maximal out-degree: 9 Average out-degree: BTState cache hits: 0 Num. of state revisits: 0

19 Each new game rule or strategy is added in a separate b-thread without changing existing code

20 But… How do we know when we are done?
When each module is programmed separately, how do we avoid conflicts? An answer: Model Checking + Incremental Development

21 Model-checking behavioral programs “in-vivo” (c.f. Java Path Finder)
Transition using standard execution (by the native JVM) Backtrack using Apache javaflow continuations Notations for nondeterministic transitions State matching and search pruning by b-threads State tagging for safety and liveness properties by b-threads

22 Behavior Thread States b-thread states at bSync
. labelNextVerificationState( “A” ); bSync( … ); if( lastEvent == event1 ) { labelNextVerificationState( “B” ); } if( lastEvent == event2 ) { labelNextVerificationState( “C” ); A B C event1 event2

23 Behavioral Program State Graph
D E Program states are the Cartesian product of b-thread states A G B H C ADG I AEG BDG BDH AEI

24 Counterexamples as scenarios
Let c=e1, …, em, …,en be a counterexample Can generalize and code new b-threads or, Can use the counterexample in a patch behavior. E.g., Let em be the last event requested by the system Wait for e1, …, em-1 Block em Other b-threads will take care of the right action, “the detour”. Model-check again

25 Other MC examples and experiences
Bridge-crossing problem Dining Philosophers Scheduling in a signal-processing board

26 Flying A Quadrotor Simultaneous possibly conflicting behaviors

27 Balancing a Quadrotor - Behaviorally
We were able to balance a quadrotor – replacing linear equations with simple behaviors.

28 Scalability Approaches

29 Incremental natural modeling of complex behaviors
The behavioral programming paradigm Summary Incremental natural modeling of complex behaviors Executability Scalability Direct model checking Thank You !

Download ppt "David Harel, Robby Lampert, Assaf Marron, Gera Weiss"

Similar presentations

Operating Systems Semaphores II

Operating Systems Semaphores II
Simulation Verification of Different Constraints in System Level Design in SystemC Piyush Ranjan Satapathy CS220 Class Project Presentation.

Simulation Verification of Different Constraints in System Level Design in SystemC Piyush Ranjan Satapathy CS220 Class Project Presentation.
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 6: Process Synchronization.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition, Chapter 6: Process Synchronization.
44 nd DAC, June 4-8, 2007 Processor External Interrupt Verification Tool (PEVT) Fu-Ching Yang, Wen-Kai Huang and Ing-Jer Huang Dept. of Computer Science.

44 nd DAC, June 4-8, 2007 Processor External Interrupt Verification Tool (PEVT) Fu-Ching Yang, Wen-Kai Huang and Ing-Jer Huang Dept. of Computer Science.
Gera Weiss Department of Computer Science Ben Gurion University of The Negev.

Gera Weiss Department of Computer Science Ben Gurion University of The Negev.
Topics in Programming Reactive Systems Prof. Ronen Brafman and Dr. Gera Weiss.

Topics in Programming Reactive Systems Prof. Ronen Brafman and Dr. Gera Weiss.
1 Behavioral Programming A review of recent research: ECOOP’10, ASE’10, ICFP’10, ICPC’11, EMSOFT’11, AGERE’11, ICTAI’11 David Harel, Assaf Marron, Smadar.

1 Behavioral Programming A review of recent research: ECOOP’10, ASE’10, ICFP’10, ICPC’11, EMSOFT’11, AGERE’11, ICTAI’11 David Harel, Assaf Marron, Smadar.
Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Synchronization in Java Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Race Conditions CS550 Operating Systems. Review So far, we have discussed Processes and Threads and talked about multithreading and MPI processes by example.

Race Conditions CS550 Operating Systems. Review So far, we have discussed Processes and Threads and talked about multithreading and MPI processes by example.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts, Amherst Operating Systems CMPSCI 377 Lecture.
CHAPTER 10 Recursion. 2 Recursive Thinking Recursion is a programming technique in which a method can call itself to solve a problem A recursive definition.

CHAPTER 10 Recursion. 2 Recursive Thinking Recursion is a programming technique in which a method can call itself to solve a problem A recursive definition.
Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.

Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.
Threads II. Review A thread is a single flow of control through a program Java is multithreaded—several threads may be executing “simultaneously” If you.

Threads II. Review A thread is a single flow of control through a program Java is multithreaded—several threads may be executing “simultaneously” If you.
50.003: Elements of Software Construction Week 5 Basics of Threads.

50.003: Elements of Software Construction Week 5 Basics of Threads.
02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.
1 Model-Checking Behavioral Programs Assaf Marron Weizmann Institute of Science.

1 Model-Checking Behavioral Programs Assaf Marron Weizmann Institute of Science.
CSE 486/586 CSE 486/586 Distributed Systems PA Best Practices Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586 CSE 486/586 Distributed Systems PA Best Practices Steve Ko Computer Sciences and Engineering University at Buffalo.
A Bridge to Your First Computer Science Course Prof. H.E. Dunsmore Concurrent Programming Threads Synchronization.

A Bridge to Your First Computer Science Course Prof. H.E. Dunsmore Concurrent Programming Threads Synchronization.
From Scenic to SystemC Mehrdad Abutalebi. Outline Introducing Scenic Scenic Implementation Modeling Reactivity A Simple example From Scenic to SystemC.

From Scenic to SystemC Mehrdad Abutalebi. Outline Introducing Scenic Scenic Implementation Modeling Reactivity A Simple example From Scenic to SystemC.
Copyright 2002 Prentice-Hall, Inc. Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey F. George Joseph S. Valacich Chapter 20 Object-Oriented.

Copyright 2002 Prentice-Hall, Inc. Modern Systems Analysis and Design Third Edition Jeffrey A. Hoffer Joey F. George Joseph S. Valacich Chapter 20 Object-Oriented.

Similar presentations

Ads by Google