1 / 45

Formalization and Verification of Component-Based Architectures

Explore the formalization and verification of component-based architectures, with a focus on non-functional properties and coping with evolution. Discuss architecture description language, formal specifications, and software product lines.

Download Presentation

Formalization and Verification of Component-Based Architectures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Component Based Architectures Formalization and Verification Rob van OmmeringPhilips ResearchEindhoven, The Netherlands November 7th, 2003

  2. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom First, a disclaimer: I’m not a mathematician I’m not a logician I’m not even a computer scientist… I studied physics… Worse(?), I’m an engineer Even worse(?), I’m a software architect So there’s a lot that I don’t know… Introduction

  3. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Where do I work? Universities Philips Consumer Electronics Philips Research Laboratories Research Institutes Philips Semiconductors Other Research Laboratories Philips Medical Systems Products Patents Processes People Industry as Laboratory Fundamental knowledge Applied knowledge Where I work

  4. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom My interests: Complexity of problem Not * high But * low Number of problems small large I’m an architect I’m a tool guy I like pictures…  My interests

  5. A.I. My future? Formal Specifications Architecture Formalization Verification Component Model Architecture Software Product Lines retirement ‘82 ‘88 ‘92 ‘96 ‘98 ‘00 ‘03 ‘05 ‘07 ‘12 ‘18 Intro Teddy Koala Threads Darwin Q & ¬ A HorCom My history My History

  6. 1965 1979 1 kB Moore’s Law 2000 1990 2 MB 64 kB Intro Teddy Koala Threads Darwin Q & ¬ A HorCom My domain: My Domain

  7. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom My talk: Non-functional Properties Architecture Formalization And Verification Coping with Evolution Composing Control Software * Architecture Description Language and Component Model My Talk

  8. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Problem Statement Architecture = 1st (highest) level of design. Current (read: 1993) programming languages do not offer proper support for defining architecture. How do I document and communicate an architecture? How do I verify an implementation against its architecture? Teddy

  9. Abstraction: ape nut mary Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Programming in C: // File: ape.c #include “nut.h” ... // File: nut.h ... // File: nut.c #include “mary.h” ... // File: mary.h ... // File: mary.c #include ... ... Structure of a Design

  10. tree rose fire B A ape nut mary Intro Teddy Koala Threads Darwin Q & ¬ A HorCom A layered design: Layers

  11. The architecture U The implementation P,u Can observe this P  u  P -1 Should hold P  u  P -1  U Should hold u  P-1 U  P Should be  u \ P-1 U  P Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Our abstraction: Usage U A B P Part-of tree rose ape nut u usage Abstraction Function Relation Partition Algebra

  12. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Easy to build tool support: RPA Tools

  13. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Some refinements: Allow self references u \ P-1 ( U  I ) P Transparent layers u \ P-1 U*  P Cycles u*  I Nicer pictures u- Et cetera More Architectural Rules

  14. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Design in the large P Architecture World P1 P2 P3 P4 P5 P6 Programmer’s World C1 C2 C3 C4 C5 C6 C7 C8 Only allowed if visible through red arrows • More information • Software Practice and Experience • Thesis Rene Krikhaar • Computer Languages Recursive Packages

  15. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom We’ve seen how to formalize architecture, andverify whether implementations satisfy the architecture. But this is a reactive process! And it doesn’t help the programmers. Questions: Can I: Make architecture explicit in a forward way? Do this in embedded systems? Support diversity and evolution? Koala

  16. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Provides Interfaces interface I { int Max(int x, int y); float Sin(float x); } p : I C component C { provides I p; contains module m; connects p = m; within m { p.Max(x,y) = x > y ? x : y; // p.Sin implemented in C … } m Has-A rather than Is-A Ports rather than Inheritance code-carrying model  Provides Interfaces

  17. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Requires Interfaces C1 C1 Looks like: C C2 C3 C4 Darwin Can be bound differently in different products Requires Interfaces

  18. C1 C2 C2 C3 Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Connectors C1 C1 r r r m p p p1 p2 C2 Direct Switch Glue Module Connectors

  19. C2 C3 Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Composition Client of C2 and C3 C1 Assembler of C1, C2 and C3. The compositionprocess isrecursive… Component instancesare encapsulated. Component typesare not (necessarily)(see later). Composition

  20. C2 C3 Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Parameterization C1 Diversity interfacesare outgoinginterfaces whichparameterize thecomponent. Late compile time binding,a.k.a. partial evaluation,is used to create resourceefficient configurations. Diversity

  21. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom A real-life example • More information • IEEE Computer • My thesis (TBP) A Real-Life Example

  22. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom So we’re now at Level 1 in the Bengt Jonsson scale . What about non-functional properties? What can I do within the current Koala framework? What can I add to the Koala framework? Threads

  23. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Code Size C1 C3 + Components specify theircode size C1 This can be summed at the product level Sometimes a very hot issue – now maintained in Excel (transpose matrix) Calculating Code Size

  24. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Resource Usage C1 C3 Components specify howmany resources they require + C1 This can be summed and provided tothe component that delivers theresources at the product level Configuring Resources

  25. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Multi-threading Problem: many (>100) activities but few (<10) threads C3 Step 1: use message pumps created on virtual pump engines required through a diversity interface Different thread, Synchronisation required CFireBrigade C2 Step 2: bind these to pump engines (a real dispatcher loop) Same thread, No synchronisation required C1 Pumps and Pump Engines

  26. a b b * a b c * Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Threading Analysis May be another thread Thread safe Specific symbolic thread Same thread as above Will be a new thread Multi-threading attriutes

  27. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Composition Rules a a * * a X X a b * a * X X a c * * a X O a d * a * Composition Rules

  28. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Unification q must be same as p Thread labels are unified p p q a b b Prepared for call on different threads, but called on the same thread a b c C is a new thread, and cannot beequal to q p p q • More information • PACC2 Unification

  29. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Back to Level 1 in the Bengt Jonsson scale . How can I build a product line? More specifically: How can I manage diversity? How can I manage evolution? Answer: use sub typing… Darwin

  30. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom What is a product line? Build-A-Bear

  31. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Convergence ‘Unforeseen’ combinations of existing functions  new product GPS + GSM GSM + DigCam PDA + GPS Convergence

  32. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Product Population A product population is: - a set of products with many commonalities, - but also with many differences, - developed by different suborganizations, - each with its own time-line / lifecycle. SingleProduct ProductFamily ProductPopulation UnrelatedProducts DecompositionDedicated components CompositionCOTS Product Populations

  33. CTuner CTuner’ Looks like: CSearchTuner C Microsoft COM Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Variation in Space and in Time tun: ITuner tun: ITuner tun2: ITuner2 Evolution Diversity tun: ITuner stun: ISearchTuner Diversity & Evolution

  34. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Evolution rules IA IB IA IB+ IC IB+ IB Koala subtypes interfaces based on set inclusion of functions C C’ C’  C Provide more... IB- IB C C’ Koala reports an error if a non-existing interface is bound…! C’  C IA IB- IA IB IC Require less…??? Evolution Rules

  35. a IA * Thread attributes C C’ C C’ * a Intro Teddy Koala Threads Darwin Q & ¬ A HorCom More evolution rules IA C C’ C C’ IA IA Optional Interfaces • More information • WICSA • SPLC 2002 More Evolution Rules

  36. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom We’ve seen mechanisms but no examples yet. Control software is difficult to compose. Question: How can I create composable control software? Answer: use a distributed algorithm HorCom

  37. Tube Electronics Small Signal Panel Intro Teddy Koala Threads Darwin Q & ¬ A HorCom TV What’s in a TV?

  38. Tune(f) 1. BlankOutput 2. SetFrequency 3. UnblankOutput tube antenna Intro Teddy Koala Threads Darwin Q & ¬ A HorCom ControlSoftware TunerDriver OutputDriver TunerHardware OutputHardware A Control Problem

  39. Tune(t,f) 2. BlankOutput 3. SetFrequency 1. Which Output? 4. UnblankOutput tube antenna Intro Teddy Koala Threads Darwin Q & ¬ A HorCom ControlSoftware TunerDriver OutputDriver SwitchDriver TunerDriver OutputDriver TunerHardware OutputHardware Switch TunerHardware OutputHardware A more difficult problem

  40. … unless ... ProductSpecificCode ReusableCode Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Control software is difficult to compose… Composing Control

  41. 1. SetFrequency(f) 2. DropRequest 3. Restore TunerHardware OutputHardware antenna tube Intro Teddy Koala Threads Darwin Q & ¬ A HorCom TunerDriver OutputDriver Horizontal Communication

  42. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom We have modeled this with LTSA. Jeff Magee HORCOM = ( dr -> ( dr.t -> re -> re.r -> HORCOM | dr.f -> da -> ( re -> re.r -> da.r -> HORCOM | da.r -> re -> re.r -> HORCOM ) ) ). Haven’t completed this yet… • More information • SP&E 2003 Using LTSA

  43. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom • Summary • Architecture can (partially) be formalized and verified. • Koala as ADL and component model • Non functional properties in Koala • Managing diversity and evolution with sub typing • Decomposing control by distribution Q & ¬ A

  44. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Nomenclature Formal Specification COLD Darwin ICE BEAR POLAR PANDA Teddy Koala Ursa Kangaroo Winter Nomenclature

  45. Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Q & ( ¬ ) A ? Questions and Answers(?)

More Related