450 likes | 473 Views
Explore the formalization and verification of component-based architectures, with a focus on non-functional properties and coping with evolution. Discuss architecture description language, formal specifications, and software product lines.
E N D
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Component Based Architectures Formalization and Verification Rob van OmmeringPhilips ResearchEindhoven, The Netherlands November 7th, 2003
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom First, a disclaimer: I’m not a mathematician I’m not a logician I’m not even a computer scientist… I studied physics… Worse(?), I’m an engineer Even worse(?), I’m a software architect So there’s a lot that I don’t know… Introduction
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Where do I work? Universities Philips Consumer Electronics Philips Research Laboratories Research Institutes Philips Semiconductors Other Research Laboratories Philips Medical Systems Products Patents Processes People Industry as Laboratory Fundamental knowledge Applied knowledge Where I work
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom My interests: Complexity of problem Not * high But * low Number of problems small large I’m an architect I’m a tool guy I like pictures… My interests
A.I. My future? Formal Specifications Architecture Formalization Verification Component Model Architecture Software Product Lines retirement ‘82 ‘88 ‘92 ‘96 ‘98 ‘00 ‘03 ‘05 ‘07 ‘12 ‘18 Intro Teddy Koala Threads Darwin Q & ¬ A HorCom My history My History
1965 1979 1 kB Moore’s Law 2000 1990 2 MB 64 kB Intro Teddy Koala Threads Darwin Q & ¬ A HorCom My domain: My Domain
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom My talk: Non-functional Properties Architecture Formalization And Verification Coping with Evolution Composing Control Software * Architecture Description Language and Component Model My Talk
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Problem Statement Architecture = 1st (highest) level of design. Current (read: 1993) programming languages do not offer proper support for defining architecture. How do I document and communicate an architecture? How do I verify an implementation against its architecture? Teddy
Abstraction: ape nut mary Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Programming in C: // File: ape.c #include “nut.h” ... // File: nut.h ... // File: nut.c #include “mary.h” ... // File: mary.h ... // File: mary.c #include ... ... Structure of a Design
tree rose fire B A ape nut mary Intro Teddy Koala Threads Darwin Q & ¬ A HorCom A layered design: Layers
The architecture U The implementation P,u Can observe this P u P -1 Should hold P u P -1 U Should hold u P-1 U P Should be u \ P-1 U P Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Our abstraction: Usage U A B P Part-of tree rose ape nut u usage Abstraction Function Relation Partition Algebra
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Easy to build tool support: RPA Tools
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Some refinements: Allow self references u \ P-1 ( U I ) P Transparent layers u \ P-1 U* P Cycles u* I Nicer pictures u- Et cetera More Architectural Rules
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Design in the large P Architecture World P1 P2 P3 P4 P5 P6 Programmer’s World C1 C2 C3 C4 C5 C6 C7 C8 Only allowed if visible through red arrows • More information • Software Practice and Experience • Thesis Rene Krikhaar • Computer Languages Recursive Packages
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom We’ve seen how to formalize architecture, andverify whether implementations satisfy the architecture. But this is a reactive process! And it doesn’t help the programmers. Questions: Can I: Make architecture explicit in a forward way? Do this in embedded systems? Support diversity and evolution? Koala
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Provides Interfaces interface I { int Max(int x, int y); float Sin(float x); } p : I C component C { provides I p; contains module m; connects p = m; within m { p.Max(x,y) = x > y ? x : y; // p.Sin implemented in C … } m Has-A rather than Is-A Ports rather than Inheritance code-carrying model Provides Interfaces
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Requires Interfaces C1 C1 Looks like: C C2 C3 C4 Darwin Can be bound differently in different products Requires Interfaces
C1 C2 C2 C3 Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Connectors C1 C1 r r r m p p p1 p2 C2 Direct Switch Glue Module Connectors
C2 C3 Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Composition Client of C2 and C3 C1 Assembler of C1, C2 and C3. The compositionprocess isrecursive… Component instancesare encapsulated. Component typesare not (necessarily)(see later). Composition
C2 C3 Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Parameterization C1 Diversity interfacesare outgoinginterfaces whichparameterize thecomponent. Late compile time binding,a.k.a. partial evaluation,is used to create resourceefficient configurations. Diversity
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom A real-life example • More information • IEEE Computer • My thesis (TBP) A Real-Life Example
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom So we’re now at Level 1 in the Bengt Jonsson scale . What about non-functional properties? What can I do within the current Koala framework? What can I add to the Koala framework? Threads
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Code Size C1 C3 + Components specify theircode size C1 This can be summed at the product level Sometimes a very hot issue – now maintained in Excel (transpose matrix) Calculating Code Size
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Resource Usage C1 C3 Components specify howmany resources they require + C1 This can be summed and provided tothe component that delivers theresources at the product level Configuring Resources
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Multi-threading Problem: many (>100) activities but few (<10) threads C3 Step 1: use message pumps created on virtual pump engines required through a diversity interface Different thread, Synchronisation required CFireBrigade C2 Step 2: bind these to pump engines (a real dispatcher loop) Same thread, No synchronisation required C1 Pumps and Pump Engines
a b b * a b c * Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Threading Analysis May be another thread Thread safe Specific symbolic thread Same thread as above Will be a new thread Multi-threading attriutes
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Composition Rules a a * * a X X a b * a * X X a c * * a X O a d * a * Composition Rules
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Unification q must be same as p Thread labels are unified p p q a b b Prepared for call on different threads, but called on the same thread a b c C is a new thread, and cannot beequal to q p p q • More information • PACC2 Unification
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Back to Level 1 in the Bengt Jonsson scale . How can I build a product line? More specifically: How can I manage diversity? How can I manage evolution? Answer: use sub typing… Darwin
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom What is a product line? Build-A-Bear
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Convergence ‘Unforeseen’ combinations of existing functions new product GPS + GSM GSM + DigCam PDA + GPS Convergence
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Product Population A product population is: - a set of products with many commonalities, - but also with many differences, - developed by different suborganizations, - each with its own time-line / lifecycle. SingleProduct ProductFamily ProductPopulation UnrelatedProducts DecompositionDedicated components CompositionCOTS Product Populations
CTuner CTuner’ Looks like: CSearchTuner C Microsoft COM Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Variation in Space and in Time tun: ITuner tun: ITuner tun2: ITuner2 Evolution Diversity tun: ITuner stun: ISearchTuner Diversity & Evolution
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Evolution rules IA IB IA IB+ IC IB+ IB Koala subtypes interfaces based on set inclusion of functions C C’ C’ C Provide more... IB- IB C C’ Koala reports an error if a non-existing interface is bound…! C’ C IA IB- IA IB IC Require less…??? Evolution Rules
a IA * Thread attributes C C’ C C’ * a Intro Teddy Koala Threads Darwin Q & ¬ A HorCom More evolution rules IA C C’ C C’ IA IA Optional Interfaces • More information • WICSA • SPLC 2002 More Evolution Rules
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom We’ve seen mechanisms but no examples yet. Control software is difficult to compose. Question: How can I create composable control software? Answer: use a distributed algorithm HorCom
Tube Electronics Small Signal Panel Intro Teddy Koala Threads Darwin Q & ¬ A HorCom TV What’s in a TV?
Tune(f) 1. BlankOutput 2. SetFrequency 3. UnblankOutput tube antenna Intro Teddy Koala Threads Darwin Q & ¬ A HorCom ControlSoftware TunerDriver OutputDriver TunerHardware OutputHardware A Control Problem
Tune(t,f) 2. BlankOutput 3. SetFrequency 1. Which Output? 4. UnblankOutput tube antenna Intro Teddy Koala Threads Darwin Q & ¬ A HorCom ControlSoftware TunerDriver OutputDriver SwitchDriver TunerDriver OutputDriver TunerHardware OutputHardware Switch TunerHardware OutputHardware A more difficult problem
… unless ... ProductSpecificCode ReusableCode Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Control software is difficult to compose… Composing Control
1. SetFrequency(f) 2. DropRequest 3. Restore TunerHardware OutputHardware antenna tube Intro Teddy Koala Threads Darwin Q & ¬ A HorCom TunerDriver OutputDriver Horizontal Communication
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom We have modeled this with LTSA. Jeff Magee HORCOM = ( dr -> ( dr.t -> re -> re.r -> HORCOM | dr.f -> da -> ( re -> re.r -> da.r -> HORCOM | da.r -> re -> re.r -> HORCOM ) ) ). Haven’t completed this yet… • More information • SP&E 2003 Using LTSA
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom • Summary • Architecture can (partially) be formalized and verified. • Koala as ADL and component model • Non functional properties in Koala • Managing diversity and evolution with sub typing • Decomposing control by distribution Q & ¬ A
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Nomenclature Formal Specification COLD Darwin ICE BEAR POLAR PANDA Teddy Koala Ursa Kangaroo Winter Nomenclature
Intro Teddy Koala Threads Darwin Q & ¬ A HorCom Q & ( ¬ ) A ? Questions and Answers(?)