jeroen voeten, email: [email protected] information and communication systems group 1 system...
TRANSCRIPT
1Jeroen Voeten, email: [email protected]
Information and Communication Systems Group
System Level Modelling in POOSL
J. Voeten, P. van der Putten, M. Geilen, L. van Bokhoven and M. StevensInformation and Communication Systems
Eindhoven University of TechnologyThe Netherlands
>
System Level Modelling in POOSL
Information and Communication Systems Group2
Contents
• Introduction: System Modelling
• The POOSL Language
• Formal Semantics
• Model Analysis
• Demonstration
>
System Level Modelling in POOSL
Information and Communication Systems Group3
Introduction:System Modelling
>
System Level Modelling in POOSL
Information and Communication Systems Group4
Design Decisions and Properties Design involves the investigation of design
alternatives to obtain a satisfying realisation.
Design decisions are based on the values of certain properties of alternative design realisations.
Realising design alternatives to determine the values of these properties is too costly and time-consuming.
Values of properties must be determined from models.
A property is a function on designs, realisations or models. If the range is Boolean the property is called qualitative (e.g. absence of deadlock), otherwise it is called quantitative (e.g. throughput).
>
System Level Modelling in POOSL
Information and Communication Systems Group5
Models and Adequacy
A model is an abstract representation of some design realisation.
A model must be adequate (to a certain degree of accuracy) for the properties that are relevant for making a design decision.
A model is adequate (to a certain degree of accuracy) for a property if the difference between the property value of the model and that of the design realisation is within the accuracy bound. Vice versa, the design realisation is said to satisfy the model.
>
System Level Modelling in POOSL
Information and Communication Systems Group6
Models and Abstraction If a model is more abstract
it will in general be adequate for less properties with less accuracy;
it has a larger realisation space (collection of realisations that satisfy the model) and will be more difficult to realise;
it will be more compact;
it will take less time to develop it;
it will be cheaper to deduce property values.
Design decisions taken early in the design process (based on abstract models) have a large impact on property values.
>
System Level Modelling in POOSL
Information and Communication Systems Group7
Towards System Models
Increasing Expressive
Power
Abstraction
Encapsulation
>
Less adequate and accurate
More difficult to realise
Design decisions have large impact
More compact
Less time to develop
Cheaper to deduce property
values
Hardware Software
Transistors
Gates
Registers, FSMs
Functions, Data Objects
Assembly Code
Machine Code
Functions, Data
Communicating (sub)systems
System
Behaviour
RT
Logic
Transistor
Object-Oriented
High
Assembly
Machine
System Level Modelling in POOSL
Information and Communication Systems Group8
Example: Switch Fabrics
Decision Properties
• Throughput
• Average Delay
• Jitter
• Quality of Service
Design Issues
• Queues
• Priorities
• Backpressure
• Scheduling
Modelling Concepts
• Modelling Entities
• Concurrency
• Communication/Synchronisation
• Time/Stochasticity
For different traffic types (CBR,VBR,ABR,UBR)
>
System Level Modelling in POOSL
Information and Communication Systems Group9
Language Design Considerations/Alternatives
• Modelling Entities– Separate Data & Control Autonomous Objects– Structural Behavioural– ...
• Concurrency– Synchronous Asynchronous– Inherent to Modelling Entities Orthogonality
• Communication/synchronisation– Synchronous Asynchronous– Buffered Unbuffered– ...
• Time/stochasticity– Real-time Discrete-time Synchrony
Hypothesis– Stochastic Probabilistic Non-determinism– ...
>
Mathematical semantics
Small Expressive
Collection of Blending
Language Primitives
Selection
Conflicts
Orthogonality
POOSL
System Level Modelling in POOSL
Information and Communication Systems Group10
The POOSL
Language
>
System Level Modelling in POOSL
Information and Communication Systems Group11
Overview of POOSL
POOSL (Parallel Object-Oriented Specification Language) is a formal specification language based on a timed version of process algebra CCS and on the basic concepts of traditional object-oriented programming languages (Smalltalk, Java, C++).
A POOSL specification consists of
A Top-Level Cluster;
Clusters & Cluster Classes;
Process Objects & Process Classes;
Data Objects & Data Classes.
>
System Level Modelling in POOSL
Information and Communication Systems Group12
Example: Switch Fabric
>
System Level Modelling in POOSL
Information and Communication Systems Group13
Clusters
Hierarchical structural entities;
Statically interconnected in a topology of channels;
Connect to the channels through private ports;
Consist of process objects and other clusters;
Behave asynchronous concurrent;
Communicate by synchronous message passing;
Organised in cluster classes.
>
System Level Modelling in POOSL
Information and Communication Systems Group14
Example: Multistage Switch
>
System Level Modelling in POOSL
Information and Communication Systems Group15
Process objects Behavioural asynchronous concurrent entities;
Statically interconnected in a topology of channels;
Connect to the channels through private ports;
Communicate by synchronous message passing;
Contain data objects;
Compositional behaviour descriptions
Primitive statements: data,time,communication
Constructors: Parallel composition, interrupts, …
Behavioural abstraction: methods;
Are organised in process classes.
>
System Level Modelling in POOSL
Information and Communication Systems Group16
Example: Switch
>
System Level Modelling in POOSL
Information and Communication Systems Group17
Process Statements A method body consists of a process statement PS:
The execution of PS can result in Action Performance & Time Passage
PS ::= | ch!m(DE1,…,DEn) synchronous send
| delay(DE) delay statement
| while E do PS od repetition
| DS data statement | if E then PS1 else PS2 fi selection
message receptionch?m(p1,…,pn | DE)
| sel PS1 or … or PSn les choice statement | par PS1 and … and PSn rap parallel composition | PS1 interrupt PS2 interrupt statement | PS1 abort PS2 abort statement
| [DE]PS guarded command | m(DE1,…,DEn)(p1,…,pn) method call
| PS1;PS2 sequential composition
| timestamp x read model time
System Level Modelling in POOSL
Information and Communication Systems Group18
Example 1: Intuitive Semantics
initialize()()
ch!givePosition; delay(3.14); ch?position(point).
ch
initialize()()
ch?givePosition; ch!position(point).
instance variable
point
(10,12)
instance variable
point
givePosition
(10,12)
position( )
copy
>
Time: 0 3.14
System Level Modelling in POOSL
Information and Communication Systems Group19
Example 2: initial method startUp of Switch
startUp()()
outputBufferArray:=new(Array) size(2);outputBufferArray put(1,new(BoundedFIFOBuffer) size(bufferSize));outputBufferArray put(2,new(BoundedFIFOBuffer) size(bufferSize));par handleInput1()()and handleInput2()() and handleOutput1()()and handleOutput2()()rap.
>
System Level Modelling in POOSL
Information and Communication Systems Group20
Example 3: method handleInput1 of Switch
handleInput1()()
| cell:Cell |
i1?cell(cell | outputBufferArray at(cell destinationPort) isNotFull){outputBufferArray at(cell destinationPort) put(cell); cell nextDestinationPort};
delay(cellTime);handleInput1()().
>
System Level Modelling in POOSL
Information and Communication Systems Group21
Example 4: method handleOutput1 of Switch
handleOutput1()()
[outputBufferArray at(1) isNotEmpty]o1!cell(outputBufferArray at(1) firstElement){outputBufferArray at(1) removeFirstElement};
delay(cellTime);handleOutput1()().
>
System Level Modelling in POOSL
Information and Communication Systems Group22
Example 5: Process Class Source
>
System Level Modelling in POOSL
Information and Communication Systems Group23
Example 6: method of a TransmissionChannel
transfer()()
| p:Packet |
in?packet(p); par
delay(normal nextSample);out!packet(p)
andtransfer()()
rap.
Receive a new packet p from port inWait for some stochastically determinedamount of time before p is being delivered synchronously to port out
Be simultaneously prepared to receive another packet
>
System Level Modelling in POOSL
Information and Communication Systems Group24
Example 7: timeouts and watchdogswaitForInput()(value,status:String)
ch!inputRequest;
sel ch?input(value);status:=‘ok’ or
delay 20;status:=‘timeout’ les
Wait for input on port ch. Return from the method call if an input is not received within 20 time units
>
timeCriticalComputation()()
doComputation()() abort (delay deadline; errorHandling()()).
Call method doComputation()(). If themethod has not terminated within adeadline amount of time, abort it andstart an errorHandling routine.
System Level Modelling in POOSL
Information and Communication Systems Group25
Data objects
Behavioural sequential entities;
Can be created dynamically;
Communicate by message passing;
Invoke methods upon message reception;
Return results of method invocations to sender;
Are organised in data classes.
>
System Level Modelling in POOSL
Information and Communication Systems Group26
Example: Data class Exponential
>
System Level Modelling in POOSL
Information and Communication Systems Group27 >
Data Statements and Expressions
DS ::= x:=DE | DS1;DS2
| while DE do DS | if E then DS1 else DS2 fi
| DE
assignment to variable or parametersequential compositionrepetitionselectiondata expression
•A method body consist of a data statement DS :
>
DE ::= x | new(C) | self | DE m (DE1,…,DEn)
| -1,0,’a’,’b’,3.14,true,false | nil
data object referenced by xnewly created data object of data class Cdata object evaluating this expressionmethod callconstants of primitive classes constantsundefined data object
• DE is a data expression, always evaluating to a data object:
System Level Modelling in POOSL
Information and Communication Systems Group28
mu
rand
withParam(m:Real):Exponential
mu:=m;
rand:=new(RandomGenerator);
return(self).
Example: Intuitive Semantics
Consider the execution of the following statement:exp:=new(Exponential) withParam(3)
3
some
Random
>
System Level Modelling in POOSL
Information and Communication Systems Group29
FormalSemantics
>
System Level Modelling in POOSL
Information and Communication Systems Group30
Formal Semantics: Transition System• Plotkin-style Structural Operational Interleaving Semantics defines a
probabilistic labelled transition system:
Model M can perform action a with probability p and then behave as M’
Model M can delay for time t with probability p and then behave as M’
>
(Mod,Act,T,{ | a Act,p [0,1]},{ | t T,p [0,1]})a,p t,p
M M’a,p
• Compositional Definition with Axioms and Inference Rules
M M’t,p
delay(t) t,1
M2 M’2t,p2M1 M’1
t,p1
M1 || M2 M’1 || M’2t,p1• p2
System Level Modelling in POOSL
Information and Communication Systems Group31
Action Urgency: Two-Phase Model [X.Nicollin, J.Sifakis ’91]
Asynchronous Execution of Actions
Synchronous Passage of Time
>
System Level Modelling in POOSL
Information and Communication Systems Group32
Example: Lossy Channel
>
System Level Modelling in POOSL
Information and Communication Systems Group33
Transition System of a Lossy Channel
in?cell
out!cell
100
1.0 1.0
0.9
0.1
1.0
1.0
>
System Level Modelling in POOSL
Information and Communication Systems Group34
ModelAnalysis
>
System Level Modelling in POOSL
Information and Communication Systems Group35
Analysis
• Validation– Are we building the correct model
• Qualitative Verification– Analyse correctness properties
• Quantitative Verification– Analyse performance properties
• Synthesis– for rapid model analysis– for implementation/realisation
>
System Level Modelling in POOSL
Information and Communication Systems Group36
Validation
>
System Level Modelling in POOSL
Information and Communication Systems Group37
Qualitative Verification: Equivalence Checking
Abstraction to CCS
Minimisation
Equivalent minimised protocol
>
System Level Modelling in POOSL
Information and Communication Systems Group38
Qualitative Verification: Model Checking • Specify the property () to verify in a temporal logic (LTL).• Example: A stimulus S always results in a response R within 10 ms• Construct an automaton that accepts precisely the traces satisfying
this property.• Check whether the model satisfies the property
–Exhaustively• Generate complete transition system (T) of the model • Check for language inclusion L(T) L() or for empty intersection
L(T) L() = • Proof of correctness but only applicable in case of relatively small
finite-state systems.–Non-exhaustively
• Generate one execution trace from transition system (T)• Check whether some infinite completion of this trace can be
accepted by the automaton• No proof of correctness, but always applicable to detect errors.
>
System Level Modelling in POOSL
Information and Communication Systems Group39
Quantitative Verification: Performance Analysis• Specify the performance metric as a (temporal) reward.• Examples: jitter, buffer fill levels.• Determine the long-run average metric value
–Analytically• Generate the complete probabilistic labelled transition system • Interpret it as a Markov chain with (temporal) reward structure• Compute performance metric by using the strong law of large numbers
and the ergodic theorem for Markov chains• Certain/precise results but only applicable in case of relatively small finite-
state systems.–Empirically
• Generate one execution trace• Estimate the metric value, confidences and errors using the strong law of
large numbers and the central limit theorem for Markov chains• Uncertain results but applicable in case of large and even infinite-state
systems.
>
System Level Modelling in POOSL
Information and Communication Systems Group40
Synthesis
• To analyse large systems, it is important to be able to generate the model’s transition graph or a trace thereof rapidly.
• Automatic mapping from POOSL to C++ using Process Execution Trees:
–Self-modifying data-structure representing the state of the model;
–Compositional mapping of all language constructs;–Offering facilities for model debugging;–No use of (real-time) operating system;–Slave-like C++ module facilitating the interfacing with other
tools;–Automatic storage reclamation.
>
System Level Modelling in POOSL
Information and Communication Systems Group41
Process Execution Trees
root
;
sel
granted
c?mc!m
finished kill
finished
root root
;
sel
c?mc!m
startUp
startUp
startUpgranted
startUp
Staten Staten+1 Staten+2
talk()()
talk()()
talk()() talk()()
talk()()
talk()()
sel c!m or c?mles;talk()()
System Level Modelling in POOSL
Information and Communication Systems Group42
Demonstration
>
System Level Modelling in POOSL
Information and Communication Systems Group43
The Validation Tool SHESim
• Tool Demonstration• Example of a simple datalink protocol• Download tool via ftp at: ftp.ics.ele.tue.nl/pub/projects/she_sim/prac9900
>