Constraints for the Construction of Component-Based Systems Simon - PowerPoint PPT Presentation

Synthesizing Glue Operators from Glue Constraints for the Construction of Component-Based Systems Simon Bliudze and Joseph Sifakis urich, June 30 th , 2011 Z¨

Outline Motivation BIP and the Glue Synthesizing glue operators Design flow Quite some liberties taken w.r.t. the paper for the sake of the pre- sentation clarity! urich, June 30 th , 2011 — 2 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Outline Motivation BIP and the Glue Synthesizing glue operators Design flow urich, June 30 th , 2011 — 3 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

At the TOOLS keynote on Tuesday... ...Oscar Nierstrasz spoke of the necessity of Manipulating the models Bridging the gap between high-level models and run-time code Questions: Recently, did we get any closer to these objectives? If not, what is the way there? Does not raising the abstraction level rather increase the gap? Answer: We should build solid and light-weight bridges! urich, June 30 th , 2011 — 4 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Solid and light-weight bridges A unified modelling formalism Solid: Clearly established formal semantics Heterogeneity computation, execution, implementation Certifying code generation Light-weight: Clear, accessible formal semantics Minimal set of primitives Separation of concerns coordination is a first-class citizen Efficient implementation for popular platforms urich, June 30 th , 2011 — 5 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

More specifically Context: Component-based modelling, design and validation of embedded (safety-critical) systems. Presently: A number of coordination mechanisms for concurrent systems shared variables, semaphores, message passing, etc. Ad-hoc use and analysis methodologies. Our goal: Unified framework for component-based modelling and design Incremental description Correctness by construction Heterogeneity synchronous and asynchronous execution event- and data-driven computation centralised and distributed implementation urich, June 30 th , 2011 — 6 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Outline Motivation BIP and the Glue Synthesizing glue operators Design flow urich, June 30 th , 2011 — 7 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Component design by refinement Three layers: 1 Component behaviour 2 Coordination 3 Data transfer urich, June 30 th , 2011 — 8 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Component design by refinement Three layers: 1 Component f 1 A behaviour p 1 2 Coordination r 1 b 1 3 Data transfer b 2 p 3 f 3 B b 3 f 2 C r 3 urich, June 30 th , 2011 — 9 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Component design by refinement Three layers: 1 Component f 1 A behaviour p 1 2 Coordination r 1 b 1 3 Data transfer b 2 p 3 f 3 B b 3 f 2 C r 3 urich, June 30 th , 2011 — 10 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Component design by refinement Three layers: A . x :=max( B . y , C . z ) 1 Component f 1 A behaviour p 1 2 Coordination r 1 b 1 3 Data transfer b 2 p 3 f 3 B b 3 f 2 C r 3 urich, June 30 th , 2011 — 11 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Unbuffered synchronous communication (Not to confuse with synchronous execution !) Channel collect deliver � ❅ � ❅ � ❅ Channel . buf := A . m B . m := Channel . buf � ❅ send receive A B A sends a message m to B : Two synchronisations with the channel Each synchronisation allows a data transfer An explicit model of the channel behaviour urich, June 30 th , 2011 — 12 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Scope of the basic BIP model f 1 A p 1 r 1 b 1 Three layers: b 2 1 Component behaviour p 3 f 3 B b 3 f 2 2 Coordination C r 3 3 Data transfer Interesting results already at this level, e.g. Analysis of synchronisation deadlocks S. Bensalem, M. Bozga, J. Sifakis, T.-H. Nguyen. D-Finder: A Tool for Compositional Deadlock Detection and Verification. [CAV’09] Synthesis of glue for safety properties urich, June 30 th , 2011 — 13 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Basic model of BIP Priorities (conflict resolution) Interactions (collaboration) B E H A V I O U R Layered component model Behaviour — labelled transition systems with disjoint sets of ports Interaction — set of interactions (interaction = set of ports) Priorities — strict partial order on interactions urich, June 30 th , 2011 — 14 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

BIP examples Modulo-8 counter: ✐ ✐ ✐ ✕ pq ✕ ✕ rs tu p q r s t u p ☛ ☛ ☛ r t ✐ ✐ ✐ Interactions: { p , pqr , pqrst , pqrstu } . Mutual exclusion: ✐ ✐ ✕ ✕ b 1 b 2 b 1 f 1 b 2 f 2 ☛ ☛ f 1 f 2 ✇ ✐ ✐ ✇ Interactions: { b 1 , f 1 , b 2 , f 2 } Priority: b 1 ≺ f 2 , b 2 ≺ f 1 . urich, June 30 th , 2011 — 15 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Glue semantics in BIP: Solid B i = ( Q i , P i , → i , ↑ i ): P i pairwise disjoint, P = � i P i Q × 2 P × Q → ⊆ Q × P such that ( ∃ a ∈ 2 P : p ∈ a ∧ q a ↑ ⊆ → ) ⇒ q ↑ p Interaction model: γ ⊆ 2 P — set of allowed interactions � � � � a ∩ P i → q ′ q i − � i ∈ [1 , n ] , a ∩ P i � = ∅ i for each a ∈ γ , a → � q 1 . . . � q 1 . . . q n q n where � q i denotes q ′ i if a ∩ P i � = ∅ , and q i otherwise. Priority model: ≺ ⊆ 2 P × 2 P — strict partial order → q ′ { q � ↑ a ′ | a ≺ a ′ } a q for each a ∈ 2 P a → ≺ q ′ q urich, June 30 th , 2011 — 16 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Outline Motivation BIP and the Glue Synthesizing glue operators Design flow urich, June 30 th , 2011 — 17 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Connector synthesis b f Mutual preemption: ✐ p 1 A running task is preempted, when the ❄ f b ✻ p ✲ r other one begins computation. ✐ ✇ ✐ ✛ r 2 A preempted task resumes computation, when the other one finishes. true ⇒ b 1 ∨ f 1 ∨ b 2 ∨ f 2 ✉ ✉ � � r p 2 b 1 f 1 2 p 1 ⇒ b 2 p 2 ⇒ b 1 p 1 ✉ b 2 ◭ T 1 T 2 r 1 ⇒ f 2 r 2 ⇒ f 1 r ✉ f 2 ◭ 1 Mutual exclusion?.. { b 1 , b 2 , b 1 p 2 , b 2 p 1 , f 1 , f 2 , f 1 r 2 , f 2 r 1 } S. Bliudze, J. Sifakis. Causal semantics for the algebra of connectors. In Formal Methods in System Design , 2010. urich, June 30 th , 2011 — 18 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Mutual exclusion (design front-end) ✐ ✐ ✕ b 1 ✕ b 2 b 1 f 1 b 2 f 2 f 1 ☛ f 2 ☛ ✇ ✐ ✇ ✐ 1 B 1 can enter the critical state if B 2 is in the non-critical one or leaves the critical state simultaneously fire ( b 1 ) ⇒ ¬ active ( f 2 ) ∨ fire ( f 2 ) 2 Idem for B 2 : fire ( b 2 ) ⇒ ¬ active ( f 1 ) ∨ fire ( f 1 ) 3 B 1 and B 2 cannot enter the critical state simultaneously � � ¬ fire ( b 1 ) ∧ fire ( b 2 ) urich, June 30 th , 2011 — 19 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Mutual exclusion (semantic back-end) Notation: For a port p ∈ P , let p and ˙ p — boolean activation and firing variables Constraints: � � � � b 1 ⇒ f 2 ∨ ˙ ˙ b 2 ⇒ f 1 ∨ ˙ ˙ ∧ ˙ b 1 ˙ ∧ b 2 — Mutual exclusion f 2 f 1 � � ∧ b 1 ∨ f 1 ∨ b 2 ∨ f 2 — Progress � � ∧ ˙ f 1 ˙ f 1 ∨ ˙ ˙ f 2 ∧ f 2 ⇒ b 1 b 2 — “Internality” of finish b 1 ˙ ˙ b 2 ˙ f 1 ˙ b 1 ˙ ˙ b 2 ˙ f 1 ˙ b 1 ˙ ˙ b 2 ˙ f 1 ˙ b 1 ˙ ˙ b 2 ˙ f 1 ˙ = f 2 ∨ f 2 ∨ f 2 f 2 ∨ f 2 f 1 f 1 f 2 b 1 b 2 q 1 → q ′ q 2 → q ′ q 1 → q ′ 1 q 2 � ↑ f 2 q 1 � ↑ f 1 q 2 → q ′ 1 2 2 , , , f 1 f 2 b 1 b 2 → q ′ → q 1 q ′ → q ′ → q 1 q ′ q 1 q 2 1 q 2 q 1 q 2 q 1 q 2 1 q 2 q 1 q 2 2 2 � �� � Priorities: b 1 ≺ f 2 , b 2 ≺ f 1 urich, June 30 th , 2011 — 20 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨

Rescue robot (design front-end) f r r u N E a a b m S h R 1 Must not advance and rotate at the same time: ˙ a ˙ r ; 2 Must not leave the region: b ⇒ ˙ a ; 3 Must not drive into hot areas: h ⇒ ˙ a ; 4 Must stop, when objective is found: f ⇒ ˙ a ˙ r ; 5 Must update navigation and sensor data on every move (advance or rotate): ˙ a ∨ ˙ r ⇒ ˙ u ˙ m . urich, June 30 th , 2011 — 21 / 29 SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Z¨