Date post: | 03-Apr-2015 |
Category: |
Documents |
Upload: | rodolph-merle |
View: | 106 times |
Download: | 2 times |
2Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
Is there a future for applicationsout of distribution?
Some examplesAutomatic freewaySatellite constellationsDrone fleetsDomotic applicationsEtc.
Increasing complexity…
…and need for reliability
Main problem how to handle such applicationsInteractions between components (p2p approaches)Spécification, Analysis techniques, Relation to program,
DeploymentHow to capture know-how (usability for engineers)
Need for a vertical approach (no way to solve the problem locally only)
3Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
Separation of concerns
Control aspects (the difficult part;-)Computational aspects (related to an application domain)
Controlaspects
Computationalaspects
DistributedApplication
External components
Development usingdomain approaches
Model Based Develoment
Spec. of controlsFormal verif.Prog. gen.
4Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
MORSE: development Methodology centered on models
Formalspec.
Formal spec.generation
Programs
ProgramGeneration
UML (profile)
Tests & «tuning»
Reffinements
Formal verif.(Petri nets, DDD)
«Formal debug»
LfP
Reformulate/enrich
LfP =pivot language
5Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
LfP: Language overview
LfP (language for prototyping)Architectural views c ensure traceability
Deduced from UML + identification of communications elementsBehavioral views c describe behavioral contracts
Partially deduced from sequence diagrams + connection to state diagrams
Property views c expected properties (guide for verification)
Properties must be embedded into the specificationDeployment view c for program synthesis (directives for code
gen.) Link to the target architecture, detailed code generation directives
Now strongly linked to a UML-profile (UML-M)
6Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
Spec.formelle
LfP
programes
UML (profile)
Focus 1: using formal methods
Testing techniques fail Exhaustivity is not ensured
Require formal methods «premise and problems» Need for push-button tools
Approaches Theorem proving
Parameterizable Difficult to automate
Model checking Easy to automate Combinatorial explosion
Problem,mastering the complexity
7Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
An example, specific techniquesusing symbolic approaches
Client code
-- Get a reference to the current client taskClient := Get_My_Id;-- Do the main looploop -- computing data + server call Message := Get_This_message; Server := Get_This_server; Server.gr(client, message); -- Waiting for results accept ga;end loop
Server code
loop -- Waiting for an incoming service accept gr (The_Client, The_Message) do Who := The_Client; Data := The_Message; end gr; -- Processing (according to Data) if (Evaluate (Data < 2)) then Processing_1 (Data); else Processing_2 (Data); end if; -- Notifying the client Who.ga; end loop;
Hypothesis: process comute only atyellow points
8Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
Specification (Petri nets)
Parameterization according to C, S et M
rq
ack
Client
c1<C.all>
c2
sm
ga<c>
<c,s,m>
<c>
<c>
<c>
<c>
Server
s1<S.all>
s2
gr1[m < 2]
gr2[m >= 2]
sa<c>
<s><c,s>
<s> <s>
<c,s><c,s>
<c,s,m>
9Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
Where does complexity comes from?
c1<C.all>
c2
s1<S.all>
s2
rq
ack
sm
ga
gr1[m < 2]
gr2[m >= 2]
sa<c><c>
<s><c,s>
<s> <s>
<c,s><c,s>
<c,s,m><c,s,m><c,s,m>
<c>
<c>
<c>
<c>
This part generates distinct but permutable valuesToo many concreted states (the system is symmetric, clients are permutable)
Problem
10Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
State space & Symbolic state space(C=2, S=1, M=2)
sm
sm
sm
ga
gr1
sa
sm
sm
gr1
ga
sm
gr2
ga
gr2
gr2
gr1
sm
gr2
ga
sm
sm
gr1
gr1
sm
ga sm
sa
gr2
sm
sa
ga
gr2
sa
gr2
sm
gr1
sa
ga
sm
gr1
sm
sa
sm
gr1
sm
ga
sm
gr2
ga
sa
sm
sm
sa
ga
A client sends M < 2 to serverTwo paths (C1 ≠ C2)
24 nodes, 54 arcs
sm
sm
gr1
sm
sm
gr2
sm
sm
sa
sm
sm
gr1
gr2
gr1
gr2
ga
sm
sm
sa
sa
gr1
ga
gr2
ga
sa ga
ga
Same configuration, only one path (client identity can be exchanged)
14 nodes, 27 arcs
11Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
State spacedoes not
grow anymore!
Data for C=5 and M=4 (S growth)
110
1001 000
10 000100 000
1 000 00010 000 000
100 000 000
Concr. Stt
Symb. stt
Ratio
Performances
It is useless to
have S > C ;-)
12Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
Why this technique is applicable?
Yes, Well formed Petri Nets allow such an analysisUse of structural information on the specificationIdentification of static subclasses
All elements share the same behaviorDetection of total system symmetries
Extensions for partial symmetries too
Is this operational?Automatic detection of static subclasses is implemented in CPN-
AMISymbolic model checking as well (cooperation with the GreatSPN
kernel)Coming in the next release
Larger experimentations?
13Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
100 millions states
Almost a «hard limit» for numerous tools due to RAM size (then model checkers do swap)
1
10
100
1000
10000
100000
1E+06
1E+07
1E+08
1E+09
1E+10
1E+11
1E+12
2 thre
ads
3 thre
ads
4 thre
ads
5 thre
ads
6 thre
ads
7 thre
ads
Concr. SttSymb. SttRatio
Other performances (PolyORB)(P4 2.4GHz 512Mo)
Manual specification but same strategy
89 places, 72 transitions, 289 arcs
Strongly symmetric specification
14Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
Spec.formelle
LfP
programes
UML (profile)
Focus 2: relation to programs
Requires a generic prototype architecture
Integrates a communication pattern with external copnents
Requires a set of services (runtime)
Similar to programing languages;-)
Provides support functions to operate LfP specifications
LfP runtime and middleware? Similar objectives Require facilities for deployment Discussed laterProblem,
liaison with «the world»
15Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
From the model to the program
LfP contains a deployment viewYet experimental in its syntax (XML data associated to the
specification)
Generation approach
Partitioned view
Application node
Programs
N1 N2 N3
EnvironmentLfP Capsule (runtime)What needs for
the runtime?
LfP Specification
LfP element (thread?)
Runtime
Patterns &architectures
Projection of the model into implementation components
16Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
conclusion
Distributed applications are a difficult taskHandling complexity of interactionsHandling deployment onto machinesHandling configuration (on a node)
Certification, real-time, etc.
Integrated methodology can help!!!Modeling and formal methods
Experimentation on LfP Why not UML? goes somewhat in «the good» direction
Architecture languages: Software or hardware (need both?) AADL, UML/ROOM, both?
Middleware manufacturing Middleware «à la carte»
17Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
Advertising;-)the MORSE project
Méthodes et Outils pour la Réalisation et la vérification formellede Systèmes interopérables Embarqués critiques
RNTL project (June 2003- June 2006)Sagem SA (project leader)AonixLIP6-SRCLaBRI
Objectives: a methodology with its (prototype;-) toolsPrototyping approachUse of formal methods for verifying the systemUse of a pivot languageIntegration of legacy code
18Journée Informatique Embarquée: du matériel au logiciel - 13 Mai 2005 Fabrice Kordon - UPMC
Many perspectives
Need for dynamic adaptation (at execution time)Some techniques are available
Virtual Virtual machines (for the runtime)…
Need to control the development of transformation toolsModel engineering techniques are available
Metamodeling techniques? Transformation languages?
Need for more formal techniquesManagement of time? Probabilistic analysis?
Etc…
There is still some interesting work to come;-)