1 © 2003 Philips Electronics BV, Rob van Ommering, FMCO 2003, November 7 th, 2003 ThreadsDarwin...

transcript

Threads Darwin HorCom Q & ¬ AKoalaTeddy

Rob van OmmeringPhilips ResearchEindhoven, The Netherlands

November 7th, 2003

Component Based Architectures

Formalization and Verification

Threads Darwin HorCom Q & ¬ AKoalaTeddyIntro

First, a disclaimer:

I’m not a mathematician

I’m not a logician

I’m not even a computer scientist…

I studied physics…

Worse(?), I’m an engineer

Even worse(?), I’m a software architect

So there’s a lot that I don’t know…

PhilipsResearch

Laboratories

PhilipsResearch

Laboratories

PhilipsConsumer Electronics

PhilipsSemiconductors

PhilipsMedical Systems

UniversitiesUniversities

Research InstitutesResearch Institutes

OtherResearch Laboratories

ProductsPatentsProcessesPeople

Industryas

Laboratory

Where do I work?

Fundamentalknowledge

Appliedknowledge

My interests:

small large

Number ofproblems

Complexityof problem

I’m an architect

I’m a tool guy

I like pictures…

‘03 ‘18‘05 ‘07 ‘12

My future?

retirement

My History

My historyA.I.

FormalSpecifications

ArchitectureFormalizationVerification

ComponentModel

Architecture

SoftwareProductLines

‘82 ‘88 ‘92 ‘96 ‘98 ‘00

My domain:

20002000

2 MB2 MB

19901990

64 kB64 kB

19791979

1 kB1 kBMoore’s

LawMoore’s Law

19651965

My talk:

ArchitectureFormalization

AndVerification

ArchitectureDescriptionLanguage

andComponentModel

Non-functionalProperties

Coping withEvolution

ComposingControl Software *

Teddy Threads Darwin HorCom Q & ¬ AKoalaIntro

Problem Statement

Architecture = 1st (highest) level of design.

Current (read: 1993) programming languages do not offerproper support for defining architecture.

How do I document and communicate an architecture?

How do I verify an implementation against its architecture?

// File: ape.c#include “nut.h”...

// File: nut.h...

// File: nut.c#include “mary.h”...

// File: mary.h...

// File: mary.c#include ......

Programming in C:

Abstraction:

A layered design:

tree rose ape nut

Part-of

The architecture

The implementation

P u P -1

Can observe this

P u P -1 U

Should hold

u P-1 U P

Should hold

u \ P-1 U P

Should be

Our abstraction:

AbstractionFunction

Easy to build tool support:

u \ P-1 ( U I ) P

Some refinements:

u \ P-1 U* P

Allow self references

Transparent layers

Cycles

Nicer pictures

Et cetera

P3 P4 P5 P6

C1 C3C2 C4 C5 C7C6 C8

Only allowed if visiblethrough red arrows

ArchitectureWorld

Programmer’sWorld

Design in the large

More information• Software Practice and Experience• Thesis Rene Krikhaar• Computer Languages

Koala Threads Darwin HorCom Q & ¬ AIntro Teddy

We’ve seen how to formalize architecture, andverify whether implementations satisfy the architecture.

But this is a reactive process!And it doesn’t help the programmers.

Questions: Can I:

Make architecture explicit in a forward way?

Do this in embedded systems?

Support diversity and evolution?

interface I{ int Max(int x, int y); float Sin(float x);}

component C{ provides I p; contains module m; connects p = m; within m { p.Max(x,y) = x > y ? x : y; // p.Sin implemented in C …}

Provides Interfaces

Has-A rather than Is-A

Ports rather than Inheritancecode-carrying

C3C3 C

Looks like:

Darwin

Requires Interfaces

Can be bound differently in different products

C2C2 C3C3

SwitchSwitch Glue ModuleGlue ModuleDirectDirect

Connectors

C2C2 C3C3

The compositionprocess isrecursive…

Component instancesare encapsulated.

Component typesare not (necessarily)(see later).

Component instancesare encapsulated.

Component typesare not (necessarily)(see later).

Client of C2 and C3

Assembler of C1,C2 and C3.

Composition

C2C2 C3C3

Diversity interfacesare outgoinginterfaces whichparameterize thecomponent.

Late compile time binding,a.k.a. partial evaluation,is used to create resourceefficient configurations.

Parameterization

More information• IEEE Computer• My thesis (TBP)

A real-life example

Threads Darwin HorCom Q & ¬ AIntro KoalaTeddy

So we’re now at Level 1 in the Bengt Jonsson scale .

What about non-functional properties?

What can I do within the current Koala framework?

What can I add to the Koala framework?

Components specify theircode sizeComponents specify theircode size

This can be summed at the product levelThis can be summed at the product level

C1C1C3C3

Sometimes a very hot issue – now maintained in Excel (transpose matrix)

Code Size

Components specify howmany resources they requireComponents specify howmany resources they require

This can be summed and provided tothe component that delivers theresources at the product level

C1C1C3C3

Resource Usage

Step 1: use message pumps created on virtual pump engines required through a diversity interface

Step 2: bind these to pump engines (a real dispatcher loop)Step 2: bind these to pump engines (a real dispatcher loop)

Problem: many (>100) activities but few (<10) threadsProblem: many (>100) activities but few (<10) threads

Same thread,No synchronisation required

Different thread,Synchronisation

required

Multi-threading

Threading Analysis

Specific symbolic thread

Same threadas above

May beanotherthread

Will bea newthread

Threadsafe

Composition Rules

Thread labels

are unified

Prepared for

call on different

threads, but called

on the same thread

q must be

same as p

C is a new thread,

and cannot beequal to q

More information• PACC2

Unification

Darwin HorCom Q & ¬ AIntro ThreadsKoalaTeddy

Back to Level 1 in the Bengt Jonsson scale .

How can I build a product line?

More specifically:

How can I manage diversity?

How can I manage evolution?

Answer: use sub typing…

What is a product line?

‘Unforeseen’ combinations of existing functions new product

GPS + GSM GSM + DigCam PDA + GPS

Convergence

A product population is: - a set of products with many commonalities, - but also with many differences, - developed by different suborganizations, - each with its own time-line / lifecycle.

SingleProductSingle

ProductProductFamily

ProductFamily

ProductPopulation

UnrelatedProductsUnrelatedProducts

DecompositionDedicated components

CompositionCOTS

Product Population

CTunerCTuner CTuner’CTuner’

CSearchTuner

tun: ITuner tun: ITuner tun2: ITuner2

tun: ITuner stun: ISearchTuner

Evolution

Looks like:

Microsoft COM

Variation in Space and in Time

CC C’C’

IB+ IBIB+ IB

Provide more...Provide more...

IA IB IA IB+ IC

C’ CC’ C

Koala subtypes interfaces based on set inclusion of

functions

Koala subtypes interfaces based on set inclusion of

functions

CC C’C’

IB- IBIB- IB

Require less…???Require less…???

IA IB-IA IB IC

C’ CC’ C

Koala reports an error if a non-existing interface is

bound…!

Koala reports an error if a non-existing interface is

bound…!

Evolution rules

More information• WICSA• SPLC 2002

CC C’C’

More evolution rules

Optional Interfaces

CC C’C’

Thread attributes

HorCom Q & ¬ AIntro Threads DarwinKoalaTeddy

We’ve seen mechanisms but no examples yet.

Control software is difficult to compose.

Question:

How can I create composable control software?

Answer: use a distributed algorithm

TubeTube

ElectronicsElectronics

SmallSignalPanel

Tune(f)Tune(f)

1. BlankOutput1. BlankOutput2. SetFrequency2. SetFrequency

3. UnblankOutput3. UnblankOutput

TunerHardware

OutputHardware

OutputHardwareantennaantenna tubetube

ControlSoftwareControl

Software

TunerDriverTunerDriver

OutputDriverOutputDriver

OutputHardware

TunerHardware

OutputHardware

OutputHardwareSwitchSwitchantennaantenna tubetube

ControlSoftwareControl

Software

SwitchDriverSwitchDriver

2. BlankOutput2. BlankOutput

3. SetFrequency3. SetFrequency

4. UnblankOutput4. UnblankOutput

Tune(t,f)Tune(t,f)

1. Which Output?1. Which Output?

ProductSpecificCode

ReusableCodeReusableCode

… unless ...… unless ...

Control software is difficult to compose…

1. SetFrequency(f)1. SetFrequency(f)

2. DropRequest2. DropRequest

3. Restore3. Restore

TunerHardware

OutputHardware

antennaantenna tubetube

HORCOM = ( dr -> ( dr.t -> re -> re.r -> HORCOM | dr.f -> da -> ( re -> re.r -> da.r -> HORCOM | da.r -> re -> re.r -> HORCOM ) ) ).

We have modeled this with LTSA.

More information• SP&E 2003

Haven’t completed this yet…

Jeff Magee

Summary

• Architecture can (partially) be formalized and verified.

• Koala as ADL and component model

• Non functional properties in Koala

• Managing diversity and evolution with sub typing

• Decomposing control by distribution

Q & ¬ A

Q & ¬ AIntro Threads Darwin HorComKoalaTeddy

Winter

BEARPOLARPANDA

Teddy Koala Ursa

Darwin

Kangaroo

FormalSpecification

Nomenclature

Q & ( ¬ ) A ?

1 © 2003 Philips Electronics BV, Rob van Ommering, FMCO 2003, November 7 th, 2003 ThreadsDarwin...

Documents