1 / 17

Principal Investigators

Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design Methods DARPA Order K203/AFRL Contract F33615-00-C-3044. Principal Investigators. Matt Dwyer John Hatcliff Masaaki Mizuno Mitch Neilsen Gurdip Singh.

iain
Download Presentation

Principal Investigators

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Automatic Derivation, Integration, and Verification of Synchronization Aspects in Object-Oriented Design MethodsDARPA Order K203/AFRL Contract F33615-00-C-3044 Principal Investigators Matt Dwyer John Hatcliff Masaaki Mizuno Mitch Neilsen Gurdip Singh Department of Computing and Information Sciences Kansas State University http://www.cis.ksu.edu/santos

  2. Problem Description • Embedded systems are growing in complexity and developers are looking towards OO technologies to manage that complexity • Design methods for OO do not treat synchronization effectively • Embedded systems software is multi-threaded for performance reasons • System correctness relies on correct synchronization of multiple activities • Synchronization design/implementation is low-level and platform specific • Error prone and not reusable

  3. I.Provide high-level, modular specification of global synchronization aspects … powerful, yet easy to use … formal specification via global invariants … language of composable invariant patterns … integrated with UML/RUP II.Automatic derivation and weaving of synchronization code … multiple language and synchronization targets (Java, C++, monitors, semaphores, etc.) … weaving & optimization via abstract interpretation and program specialization techniques III. Automatic verification of critical safety and liveness properties of woven embedded code … built on previous DARPA work –Bandera environment … domain-specific model-checking engines IV. Evaluation using Common Digital Architecture (CDA 101) … a new standard for military target vehicle electronics Project Objectives

  4. Rational Unified Process (RUP) Complete Program Complete Program Actors: Use Cases Classes: Use-Case Realizations Component Code Global Invariant Specs Fine-Grain Synchronization Code Coarse-Grain Solution • Synchronization specifications • via invariants • Identify common idioms/patterns • Synch-code generators • C/C++ and Java • Monitor, Semaphore, … • Automated coarse-grain generation • SVC and pattern-based Technical Approach/Accomplishments Complete Program • Prototype release 9/01

  5. Technical Approach --- Specifications Users never write raw invariants but instead build synchronization specifications using a collection of global invariant patterns (idioms)… • Bound(R,n) … at most n threads can be in region R • Exclusion(R1,R2) … occupancy of region R1 and R2 should be mutually exclusive • Resource(R1, R2, n) … region R1 is a producer, region R2 is a consumer of some resource with n initial resource values. • Barrier(R1,R2) … the kth thread to enter R1 and the kth thread to enter R2 meet and leave their respective regions together • …

  6. Contribution to PCES Goals The overarching goal of the PCES program is novel technology and supporting engineering approaches that can greatly reduce effort to program embedded systems, while increasing confidence in the embedded software product. • Invariant patterns enable reuse of synchronization “solutions” across multiple systems and languages • Evaluate reduction in effort • in the context of OEPs • on existing applications, if suitable code/design history is available • on controlled system development (class projects) • Synthesis of “correct” synchronization implementations potentially eliminates a class of subtle coding errors • Evaluate potential for reducing errors and validation effort • as above

  7. Contribution to Relevant Military Application • Apply our approach to CDA 101 based systems • CDA 101 provides a common architecture for networking target vehicle electronics using CAN • Extract synchronization regions from existing applications and re-engineer using our approach • DoD Target System Studies • Seaborne (ST 2000) and Airborne (BQM-74, MQM-107) • CDA 101 and NMEA 2000 co-evolving standards • NMEA 2000 working group member • Regular interaction with and source-code from Seaborne Targets Engineering Group (NAWC – Point Mugu, CA)

  8. Project Tasks/Schedule Key Tasks Initial Optimized Evaluation Full-scale Integration Synch Aspect language 5/02 5/01 11/01 + Aspect code synthesis 5/01 11/01 11/01 + 5/01 5/02 5/02 + Code weaver 5/02 5/02 + 11/01 Verification 5/03 11/01 5/03 5/02 Non-synch Aspects

  9. Collaborations • Stanford (SVC) • Berkeley (Bane) • MIT (analyses to optimize weaved code) • Grammatech, Inc. (slicing/verification techniques) • Collins, aJile systems (JEM boards) • Honeywell (challenge problems from avionics) • Kvaser, AB (CAN Kingdom = CDA 101/11) • Seaborne Targets Engineering Lab (CDA 101) • National Marine Electronics Association (NMEA)

  10. Technology Transition/Transfer • CDA 101 based Target Systems • Seaborne Targets: • ST 2000 • Airborne Targets: • BQM-74 • MQM-107 • Commercial Applications • NMEA 2000, CanKingdom - standards for real-time networking • Precision farming, industrial automation

  11. Program Issues • Difficult to do long range planning when there is a sense that funding is in jeopardy • Program meetings provide little time for technical interchange • i.e., identifying future collaborators • Involvement of more industrial participants to provide challenge problems • i.e., need more than code and documentation • Limited equipment availability restricts full deployment of prototypes

  12. Use-case Realizations Use-case Realizations WakeUp Use-Case Use-Case Wait WakeUp Wait Actor Actor Classes/Objects Synchronization Regions System

  13. In Relay(R_1,R_2) R n In_2 In_1 Out R_2 R_1 Out_2 Out_1 Synchronization Patterns (excerpts) Barrier(R_1,R_2) BarrierWithInfoEx(R_1,R_2) Bound(R, n) • 8 basic patterns in current collection (many more composite patterns) • Pattern compositions can solve all synchronization problems in Andrew’s and Hartley’s books • We welcome challenge problems from PCES participants

  14. B1. Wait until a detector locks on a target B2. Receive information from the detector and fire B3. Release the detector T1. Lock on a target T2. Wait until the battery is available T3. Send information to the battery T4. Wait until released Multiple Target Detectorsand a Single Firing BatteryUse-case realizations

  15. B1. Wait until a detector locks on a target B2. Receive information from the detector and fire B3. Release the detector T1. Lock on a target T2. Wait until the battery is available T3. Send information to the battery T4. Wait until released Multiple Target Detectorsand a Single Firing BatteryUse-case realizations

  16. T1 BarrierWithInfoEx( R_B1, R_T2) Barrier(R_B1, R_T2) R_T2 B1 R_B1 T2 Communicate T3 B2 Bound(R_F,1) R_F Fire R_T4 R_B3 T4 B3 Relay(R_B3, R_T4) Relay(R_B3, R_T4) Patterns for Target System

  17. Next Milestones (6-9-12 months) • Extend synthesis approach to distributed CAN-based systems including CanKingdom and CDA 101 • Public distribution of prototype synchronization specification, code generation, and weaving tools • Generate solutions to other synchronization problems from CDA 101, Industrial Automation (KTEC) and Agricultural (John Deere) applications • Extend global invariant approach to address real-time synchronization properties (e.g., priority inversion) • Integrate Bandera to check safety/liveness properties

More Related