Presentation is loading. Please wait.

Presentation is loading. Please wait.

RESECO - Montevideo - 22 nov 2007Reseco, Montevideo, 22 nov 2007 Eric Madelaine - OASIS Team1 Specifying and Generating Safe GCM Components INRIA – Sophia.

Published byCecil Russell Modified over 9 years ago

Similar presentations

Presentation on theme: "RESECO - Montevideo - 22 nov 2007Reseco, Montevideo, 22 nov 2007 Eric Madelaine - OASIS Team1 Specifying and Generating Safe GCM Components INRIA – Sophia."— Presentation transcript:

1 RESECO - Montevideo - 22 nov 2007Reseco, Montevideo, 22 nov 2007 Eric Madelaine - OASIS Team1 Specifying and Generating Safe GCM Components INRIA – Sophia Antipolis OASIS Team Antonio Cansado Ludovic Henrio Eric Madelaine ReSeCo meeting, Montevideo, 21-23 nov 2007

2 RESECO - Montevideo - 22 nov 2007 2 Eric Madelaine - OASIS Team Agenda Motivation VCE Prototype ( Vercors Component Environment ) Specification of GCM components Generation of safe components

3 RESECO - Montevideo - 22 nov 2007 3 Eric Madelaine - OASIS Team Proposes fundamental principles, techniques and tools for the design, development, analysis, and verification of reliable distributed systems Target, application areas: Distributed, Parallel, Concurrent applications, GRID Computing ASP Calculus Properties Model- Checking ProActive Components The OASIS Team A Threefold Approach

4 RESECO - Montevideo - 22 nov 2007 4 Eric Madelaine - OASIS Team SLOGAN /DREAM:  Bring the formal methods, tools, guarantees,  in the Development Environment => to non-expert programmers. The OASIS Team A Threefold Approach ASP Calculus Properties Model- Checking ProActive Components

5 RESECO - Montevideo - 22 nov 2007 5 Eric Madelaine - OASIS Team Build safe component-based systems Need :  Safe assembly of components Static typing of bound interfaces is not sufficient Compatibility of dynamic behaviour  Formal specification of Components Specification Language :  Integrate ADL and BDL (architecture and behaviour)

6 RESECO - Montevideo - 22 nov 2007 6 Eric Madelaine - OASIS Team Approach Specification Language Component Specification: Architecture + Behaviour Java-based UML-based graphical language: VCE Hierarchical Components Contains an abstraction of control & data – flow Finitary model (pNets) + Model-Checking Equivalence Checking Safe code : GCM/ProActive code skeletons Generate modelGenerate code

7 RESECO - Montevideo - 22 nov 2007 7 Eric Madelaine - OASIS Team Agenda Motivation VCE Prototype ( Vercors Component Environment ) Specification of GCM components Generation of safe components

8 RESECO - Montevideo - 22 nov 2007 8 Eric Madelaine - OASIS Team UML2 Prototype: Vercors Component Environment Component Diagram State Machine Diagram Need only the Data influencing the control-flow and the topology In practice: use Java interfaces, + ad-hoc abstraction

9 RESECO - Montevideo - 22 nov 2007 9 Eric Madelaine - OASIS Team VCE Prototype Functional behaviour of components  Specification given as a State Machine  Implementation given as a composition of subcomponents Integrated into Eclipse as plugins Generation of behavioural model for Verification

10 RESECO - Montevideo - 22 nov 2007 10 Eric Madelaine - OASIS Team VCE: Snapshot

11 RESECO - Montevideo - 22 nov 2007 11 Eric Madelaine - OASIS Team VCE: Validate and Verify Use of sound semantic model - pNets  Hierarchical, Parameterized Networks of Labelled Transition Systems  Simple predefined datatypes Generate Behavioural Models based on pNets  Functional and Non-Functional concerns Model-check the behavioural model  Deadlocks, Reachability, Safety, Liveness  Properties specified as automata  Functional verification + safety of reconfiguration

12 RESECO - Montevideo - 22 nov 2007 12 Eric Madelaine - OASIS Team Agenda Motivation VCE Prototype ( Vercors Component Environment ) Specification of GCM components : (Grid Component Model) Generation of safe components

13 RESECO - Montevideo - 22 nov 2007 13 Eric Madelaine - OASIS Team GCM / ProActive Components Hierarchical components Strong encapsulation of functional activity Interfaces expose all communication between components  Sorts given by: method calls, arguments, and return types State-full  Persistent variables (in primitive components)  Request queues (in primitives and composites)

14 RESECO - Montevideo - 22 nov 2007 14 Eric Madelaine - OASIS Team Specify the Behaviour of GCM / ProActive Components Service policy  How to serve requests from the request-queue Calls on service methods (and local methods) Depends on local component state Most used: serveOldest(filter) A policy can be concurrent (for composite parallel components)

15 RESECO - Montevideo - 22 nov 2007 15 Eric Madelaine - OASIS Team Behaviour of GCM / ProActive Components Service methods  Contain an abstraction of the business code Using real Java user classes  Are unaware of the request-queue  Are not allowed to call (local) service methods the only allowed interference is through shared variables  Triggers events calls on client interfaces

16 RESECO - Montevideo - 22 nov 2007 16 Eric Madelaine - OASIS Team Behaviour of GCM / ProActive components Generate skeletons for GCM components PolicyServices

17 RESECO - Montevideo - 22 nov 2007 17 Eric Madelaine - OASIS Team Agenda Motivation VCE Prototype ( Vercors Component Environment ) Specification of GCM components Generation of safe components

18 RESECO - Montevideo - 22 nov 2007 18 Eric Madelaine - OASIS Team Guidelines for Generating ProActive Code Goal  Same behaviour as the specification Generated Java/ProActive code  Full and final: GCM ADL Code of Fractal controllers Service policy: runActivity()  Skeletons for: service methods (methods defined in server interfaces) With hooks to fill-in final implementation (User-defined Business code)

19 RESECO - Montevideo - 22 nov 2007 19 Eric Madelaine - OASIS Team Black-Box View of Components Externally, components are seen as:  Sequential component These may implemented as GCM primitives or composites Our choice: generate a primitive GCM component  Concurrent component These must be implemented as GCM composites to deal with concurrency Our choice: explore the architecture for finding sequential parts which will become primitives, and concurrent ones that become composites

20 RESECO - Montevideo - 22 nov 2007 20 Eric Madelaine - OASIS Team Generate a GCM Primitive Can be generated in an isolated manner  All provided and required interfaces are known  No need to know its environment / architecture Body: runActivity() + service methods  Simulate a State-Machine with Java/ProActive code Non-determinism is an issue  Calls on client interfaces create futures: all communication is handled by ProActive Control code shouldn’t be modified  Ensure the same behaviour as the specification

21 RESECO - Montevideo - 22 nov 2007 21 Eric Madelaine - OASIS Team Generate a GCM Composite Architecture definition: ADL  XML with static information about the architecture of the component Service Policy and Sequential behaviour are treated by primitives

22 RESECO - Montevideo - 22 nov 2007 22 Eric Madelaine - OASIS Team Data within Components In the specification, there are user datatypes  Used to generate directly Java interfaces of types Need to specify an abstraction to be used within the state machines

23 RESECO - Montevideo - 22 nov 2007 23 Eric Madelaine - OASIS Team From the Architecture Definition GCM ADL..................

24 RESECO - Montevideo - 22 nov 2007 24 Eric Madelaine - OASIS Team From the Architecture Definition Fractal Controllers public String[] listFc() { return new String[]{ CASHBOXEVENTIF_BINDING }; } public Object lookupFc (String clientItfName) { if (CASHBOXEVENTIF_BINDING.equals(clientItfName)) return cashBoxEventIf; return null; } public void bindFc (String clientItfName, Object serverItf) { if (CASHBOXEVENTIF_BINDING.equals(clientItfName)) cashBoxEventIf = (CashBoxEventIf)serverItf; } public void unbindFc (String clientItfName) { if (CASHBOXEVENTIF_BINDING.equals(clientItfName)) cashBoxEventIf = null; } public String[] listFc() { return new String[]{ CASHBOXEVENTIF_BINDING }; } public Object lookupFc (String clientItfName) { if (CASHBOXEVENTIF_BINDING.equals(clientItfName)) return cashBoxEventIf; return null; } public void bindFc (String clientItfName, Object serverItf) { if (CASHBOXEVENTIF_BINDING.equals(clientItfName)) cashBoxEventIf = (CashBoxEventIf)serverItf; } public void unbindFc (String clientItfName) { if (CASHBOXEVENTIF_BINDING.equals(clientItfName)) cashBoxEventIf = null; }

25 RESECO - Montevideo - 22 nov 2007 25 Eric Madelaine - OASIS Team Generate GCM / ProActive code public void runActivity(Body body) { Service service = new Service(body); while (body.isActive()) { switch(state){ case ENABLE: // states of the automata if (service.hasRequestToServe()) { Request request = service.getOldest(); if (request.getMethodName().equals("scanCreditCard")) { service.serveOldest(); } else if (request.getMethodName().equals("expressModeDisabled")) { service.serveOldest(); } else { service.serveOldest(); state = State.DISABLE; } break; case DISABLE … // other states public void runActivity(Body body) { Service service = new Service(body); while (body.isActive()) { switch(state){ case ENABLE: // states of the automata if (service.hasRequestToServe()) { Request request = service.getOldest(); if (request.getMethodName().equals("scanCreditCard")) { service.serveOldest(); } else if (request.getMethodName().equals("expressModeDisabled")) { service.serveOldest(); } else { service.serveOldest(); state = State.DISABLE; } break; case DISABLE … // other states Service Policy: runActivity()

26 RESECO - Montevideo - 22 nov 2007 26 Eric Madelaine - OASIS Team Service Method Control structure  Control-flow and data-flow Method calls performed on client interfaces  Creation of futures  Flow of futures Data-usage  First use of a future is meaningful wait-by-necessity – synchronisation points  Programmers may use these data within the computation

27 RESECO - Montevideo - 22 nov 2007 27 Eric Madelaine - OASIS Team Generate GCM / ProActive code public void pinEntered(PIN pin) { if (creditInfo != null) { Transaction transId = bankIf.validateCard(creditInfo, pin); // call on client interface // arguments may be futures if (ProActive.getFutureValue(transId) != null) { Info info = bankIf.debitCard(transId, runningTotal); if (ProActive.getFutureValue(info) != null){ Sale sale = new SaleImpl( new PaymentModeImpl(PaymentModeImpl.CREDIT), products, runningTotal); saleRegisteredIf.bookSale(sale); info.getInfo(); // wait-by-necessity init();... } public void pinEntered(PIN pin) { if (creditInfo != null) { Transaction transId = bankIf.validateCard(creditInfo, pin); // call on client interface // arguments may be futures if (ProActive.getFutureValue(transId) != null) { Info info = bankIf.debitCard(transId, runningTotal); if (ProActive.getFutureValue(info) != null){ Sale sale = new SaleImpl( new PaymentModeImpl(PaymentModeImpl.CREDIT), products, runningTotal); saleRegisteredIf.bookSale(sale); info.getInfo(); // wait-by-necessity init();... } Service Method

28 RESECO - Montevideo - 22 nov 2007 28 Eric Madelaine - OASIS Team Correctness of the Generated Code Our modelisation preserves safety formulas Including abstraction of value-passing data Semantics of communication is sound ProActive library is based on ASP-calculus (and its properties) Semantics are simulated by the behavioural model (pNets) which closely fits in ProActive’s MOP Reliability of code is highly dependent on the set of formulas and the abstraction used in them

29 RESECO - Montevideo - 22 nov 2007 29 Eric Madelaine - OASIS Team Some Open Questions How to manage hooks for filling in the final implementation?  Don’t limit the programmer  Don’t interfere with the control code Implementation issues  Use of Java annotations? Where is the right place to put abstractions (which depend on the set of formulas to prove) ? Which is the best way to have human-readable code? [Code based on State-machines]

30 RESECO - Montevideo - 22 nov 2007 30 Eric Madelaine - OASIS Team Conclusions and Perspectives Short-term  Graphical tool for GCM Specification ( VCE ) Asynchronous distributed components  Generation of Safe code (A. Cansado PhD) Java code generated Long-term  Advanced GCM-specific features Multicast, gathercast interfaces Autonomicity : behaviour of the membranes of composites  Formalisation and proofs  Language for expressing reconfiguration of components (related to M. Rivera PhD)

31 RESECO - Montevideo - 22 nov 2007 31 Eric Madelaine - OASIS Team References http://www-sop.inria.fr/oasis/Vercors Behavioural Models Model checking distributed components: The Vercors platform. T. Barros, A. Cansado, E. Madelaine, and M. Rivera In 3 rd workshop on Formal Aspects of Component Systems Prague, Czech Republic, Sep 2006. ENTCS Case-study: CoCoME A Specification Language for Distributed Components implemented in GCM/ProActive A. Cansado, D. Caromel, L. Henrio, E. Madelaine, M. Rivera, and E. Salageanu Lecture Notes in Computer Science. Springer, (to be published 2007) Diagrams for GCM components Specifying Fractal and GCM Components With UML S. Ahumada, L. Apvrille, T. Barros, A. Cansado, E. Madelaine, and E. Salageanu. In XXVI Inter.Conf. of the Chilean Computer Science Society, Chile, Nov. 2007. IEEE

32 RESECO - Montevideo - 22 nov 2007 32 Eric Madelaine - OASIS Team Annexes

33 RESECO - Montevideo - 22 nov 2007 33 Eric Madelaine - OASIS Team ProActive Architecture

34 RESECO - Montevideo - 22 nov 2007 34 Eric Madelaine - OASIS Team Fractal hierarchical model : composites encapsulate primitives, which encapsulates code Attribute Controller Binding Controller Lifecycle Controller Content Controller Content Controller / membrane now the basis for the GCM

35 Architectural View

Download ppt "RESECO - Montevideo - 22 nov 2007Reseco, Montevideo, 22 nov 2007 Eric Madelaine - OASIS Team1 Specifying and Generating Safe GCM Components INRIA – Sophia."

Similar presentations

Semantic Formalisms 2: Software Components Eric Madelaine INRIA Sophia-Antipolis Oasis team UNICE – EdStic Mastère Réseaux.

Semantic Formalisms 2: Software Components Eric Madelaine INRIA Sophia-Antipolis Oasis team UNICE – EdStic Mastère Réseaux.
Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,

Elton Mathias and Jean Michael Legait 1 Elton Mathias, Jean Michael Legait, Denis Caromel, et al. OASIS Team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis,
Building Secure Distributed Systems The CIF model : Component Information Flow Lilia Sfaxi DCS Days - 26/03/2009.

Building Secure Distributed Systems The CIF model : Component Information Flow Lilia Sfaxi DCS Days - 26/03/2009.
European Commission Directorate-General Information Society Unit F2 – Grid Technologies INSERT PROJECT ACRONYM HERE BY EDITING THE MASTER SLIDE (VIEW.

European Commission Directorate-General Information Society Unit F2 – Grid Technologies INSERT PROJECT ACRONYM HERE BY EDITING THE MASTER SLIDE (VIEW.
Concurrency: introduction1 ©Magee/Kramer 2 nd Edition Concurrency State Models and Java Programs Jeff Magee and Jeff Kramer.

Concurrency: introduction1 ©Magee/Kramer 2 nd Edition Concurrency State Models and Java Programs Jeff Magee and Jeff Kramer.
PAGIS: An Architecture for Programming on the Grid Andrew Wendelborn Distributed & High Performance Computing Group Department of Computer Science, University.

PAGIS: An Architecture for Programming on the Grid Andrew Wendelborn Distributed & High Performance Computing Group Department of Computer Science, University.
Denis Caromel1 Joint work with Ludovic Henrio – Eric Madelaine et. OASIS members OASIS Team INRIA -- CNRS - I3S – Univ. of Nice Sophia-Antipolis, IUF.

Denis Caromel1 Joint work with Ludovic Henrio – Eric Madelaine et. OASIS members OASIS Team INRIA -- CNRS - I3S – Univ. of Nice Sophia-Antipolis, IUF.
Component Interaction in Distributed Systems Nat Pryce Imperial College

Component Interaction in Distributed Systems Nat Pryce Imperial College
Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,

Eric MADELAINE1 E. Madelaine, Antonio Cansado, Emil Salageanu OASIS Team, INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis OSCAR meeting, Valparaiso,
Session 2: task 3.2 GCM, Kracow, June 27 2006 l Current status of GCM Denis Caromel (10 mn each talk) l Wrapping CCA Components as GCM Components Maciej.

Session 2: task 3.2 GCM, Kracow, June l Current status of GCM Denis Caromel (10 mn each talk) l Wrapping CCA Components as GCM Components Maciej.
A Case Study in Componentising a Scientific Application for the Grid  Nikos Parlavantzas, Matthieu Morel, Françoise Baude, Fabrice Huet, Denis Caromel,

A Case Study in Componentising a Scientific Application for the Grid  Nikos Parlavantzas, Matthieu Morel, Françoise Baude, Fabrice Huet, Denis Caromel,
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
Optimisation of behaviour of component-based distributed systems INRIA - I3S - CNRS – University of Nice Sophia-Antipolis EPC SCALE Galyna Zholtkevych.

Optimisation of behaviour of component-based distributed systems INRIA - I3S - CNRS – University of Nice Sophia-Antipolis EPC SCALE Galyna Zholtkevych.
02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.

02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.
Asynchronous Components Asynchronous communications: from calculi to distributed components.

Asynchronous Components Asynchronous communications: from calculi to distributed components.
Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine.

Safe composition of distributed adaptable components A distributed component model Behavioural specification and verification Ludovic Henrio and Eric Madelaine.
INRIA Sophia-Antipolis, Oasis team INRIA Rhône-Alpes, Vasy team Feria–IRIT/LAAS, SVF team Toulouse GET - ENST Paris, LTCI team FIACRE Models and Tools.

INRIA Sophia-Antipolis, Oasis team INRIA Rhône-Alpes, Vasy team Feria–IRIT/LAAS, SVF team Toulouse GET - ENST Paris, LTCI team FIACRE Models and Tools.
Oct. 2012 Multi-threaded Active Objects Ludovic Henrio, Fabrice Huet, Zsolt Istvàn June 2013 –

Oct Multi-threaded Active Objects Ludovic Henrio, Fabrice Huet, Zsolt Istvàn June 2013 –
The Grid Component Model: an Overview “Proposal for a Grid Component Model” DPM02 “Basic Features of the Grid Component Model (assessed)” -- DPM04 CoreGrid.

The Grid Component Model: an Overview “Proposal for a Grid Component Model” DPM02 “Basic Features of the Grid Component Model (assessed)” -- DPM04 CoreGrid.
Oct. 2012 Active objects: programming and composing safely large-scale distributed applications Ludovic Henrio SCALE team, CNRS – Sophia Antipolis July.

Oct Active objects: programming and composing safely large-scale distributed applications Ludovic Henrio SCALE team, CNRS – Sophia Antipolis July.

Similar presentations

Ads by Google