1 / 42

Dataflow Networks

Dataflow Networks. László Gönczy gonczy@mit.bme.hu BME Méréstechnika és Információs Rendszerek Tanszék Based on slides of Dr. András Pataricza and Dr. Tamás Bartha. Dataflow modeling. Nondeterministic DFN formalism [Jonsson, Cannata] Structure Dataflow Graph (DFG) Nodes (units)

mason
Télécharger la présentation

Dataflow Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dataflow Networks László Gönczygonczy@mit.bme.hu BME Méréstechnika és Információs Rendszerek Tanszék Based on slides of Dr. András Pataricza and Dr. Tamás Bartha Formal methods

  2. Dataflow modeling Nondeterministic DFN formalism • [Jonsson, Cannata] • Structure • Dataflow Graph (DFG) • Nodes (units) • Directed arcs (FIFO channels) • Behavior • Firing rules: <0; in=0; 1; out=2,  > • Data • Tokens Formal methods

  3. Benefits of the method Formal methods

  4. Formal description • Dataflow network: tuple (N, C, S) • N: set of nodes • C: set of channels • I: incoming channels • O: outgoing channels • IN: internal channels (between nodes) • S: set of states • Dataflow channel: • FIFO channel of infinite capacity • between two nodes • state: Sc = Mc sequence of tokens kapcsolat a külvilággal Formal methods

  5. Formal description of nodes Dataflow node:n = (In,On,Sn,sn0,Rn,Mn), where In – set of incoming channels On – set of outoging channels Sn – set of node states sn0 – initial state of the node,sn0  Sn Mn – set of tokens Rn – set of firing fules, rn  Rn is a tuple (sn, Xin, s’n, Xout, ) sn – states before and after firing, s’n  S Xin – mapping of incoming channels, Xin : In  Mn Xout – mapping of outgoing channels, Xout : On  Mn – priority,   N Formal methods

  6. Example • Channels with capacity of 1 • Network: • DFN = ({n}, {in, out}, • {(s,0,0), (s,ok,0), (s,0,ok), (s,ok,ok)}) • Nodes: • n = ({in}, {out}, {s}, s, {ok,0}, {r1}) • Firings: • r1=<s; in=ok; s; out=ok; 0> in out n Formal methods

  7. DFN example (Eclipse plugin) Formal methods

  8. Evaluation of DFN + Interactive simulation • Validation, proof of correctness (direct/indirect) • Dinamyc properties: reachability, no deadlocks + Time analysis (indirect) • Firing rules etxended with a probabilistic variable + Fault simulation (direct, discrete events) • Extension of the operational model with a fault model + Test design (indirect) • Test generation, analysis of testability, optimization of test set • Analysis of faults (indirect) • FMEA: Fault Mode and Effect Analysis, fault tree and event tree • (Dependability analysis) (indirect) • Measures: reliability, availability, Mean Time Between Failures, … Formal methods

  9. Example: reference signal generator Basic functionality: r0 = <s0; power_in=OK; s0; ref_out=OK> Analogous operation can also be modeled power_in ref_out Formal methods

  10. Example: reference signal generator Fault model: OK – nominal value FTY – any other value (range) UNC – uncertain value Extended operations (normal + erroneous + uncertainity): r0 = <s0; power_in=OK; s0; ref_out=OK> r1 = <s0; power_in=FTY; s1; ref_out=UNC> r2 = <s1; power_in=OK; s1; ref_out=FTY> r3 = <s1; power_in=FTY; s1; ref_out=FTY> Formal methods

  11. Vending machine coin_in select_candy change select coin_in/out to_coin_in/out from_select from_coin_in/out controller to_candies_out from_candies_out candies_out out Formal methods

  12. Model refinement for DFN • Black box view • Only the relationship with the enviroment • Syntactic interface: in-out channels, message types • Semantic interface: in-out messages (behaviour) • White box view • Communication refinement • Changing the syntactic interface of a component • In-out channels and message types may change • State space refinement • State of nodes may change • Structural refinement • decomposition Formal methods

  13. Model refinement for DFN Model refinement: • Multilevel modeling • Preserving concistency of state and behavior Formal methods

  14. Model refinement for DFN Generalization of black box and white box principles for dataflow networks: • Domain refinement • Set of tokens • Set of states • Structural refinement • Nodes replaced with networks Formal methods

  15. Set refinement Relation between elements and disjoint subsets ai,  A,R(ai)  B so that R(ai)  R(aj)=0 i, j B a 1 1 a a 2 B 3 2 B 3 Formal methods

  16. Domain refinement • Refinement of token set: M’n is a refinement of Mn • In-and out channels are unchanged • Refinement of state set: S’n is a refinement of Sn-nek • Firing rules must be changed! Formal methods

  17. Token set refinement: example • r1 = <on; in=a; off; out=a> • r2 = <off; in=b; on; out=b> • r11 = <on; in=aa; off; out=aa> • r12 = <on; in=ab; off; out=ab> • r21 = <off; in=ba; on; out=ba> • r22 = <off; in=bb; on; out=bb> Formal methods

  18. Domain refinement: tokens Formal methods

  19. State set refinement: example • r1 = <good; in=a; good; out=a> • r2 = <good; in=b; fty; out=b> • r3 = <fty; in=a; fty; out=c> • r11 = <good; in=a; good; out=a> • r21 = <good; in=b; cold; out=b> • r22 = <good; in=b; hot; out=b> • r31 = <cold; in=a; cold; out=c> • r32 = <hot; in=a; hot; out=c> Formal methods

  20. Domain refinement: example Formal methods

  21. Example: Reference signal generator • Fault model: OK – nominal voltage FTY – any other value • Operation: r0 = <s0; power_in=OK; s0; ref_out=OK> r1 = <s0; power_in=FTY; s0; ref_out=OK> r2 = <s0; power_in=FTY; s1; ref_out=FTY> r3 = <s1; power_in=OK; s1; ref_out=FTY> r4 = <s1; power_in=FTY; s1; ref_out=FTY> power_in ref_out Formal methods

  22. Example: refined operation • State space refinement: s1 s1a, s1b r0=<s0; power_in=OK; s0; ref_out=OK> r1=<s0; power_in=FTY; s0; ref_out=OK> r21=<s0; power_in=FTY; s1a; ref_out=FTY> r31=<s1a; power_in=OK; s1a; ref_out=FTY> r32=<s1b; power_in=OK; s1b; ref_out=FTY> r41=<s1a; power_in=FTY; s1b; ref_out=FTY> r42=<s1b; power_in=FTY; s1b; ref_out=FTY> • Token set refinement: FTY  LOW, HIGH (state s0), • Token set refinement: FTY  LOW, HIGH (state s1) Formal methods

  23. Example: refined operation • State space refinement: s1 s1a, s1b • Token set refinement: FTY  LOW, HIGH (state s0) r0=<s0; power_in=OK; s0; ref_out=OK> r11=<s0; power_in=LOW; s0; ref_out=OK> r21=<s0; power_in=HIGH; s1a; ref_out=HIGH> r31=<s1a; power_in=OK; s1a; ref_out=FTY> r32=<s1b; power_in=OK; s1b; ref_out=FTY> r41=<s1a; power_in=FTY; s1b; ref_out=FTY> r42=<s1b; power_in=FTY; s1b; ref_out=FTY> 3. Token set refinement: FTY  LOW, HIGH (state s1) Formal methods

  24. Example: refined operation • State space refinement : s1  s1a, s1b • Token set refinement: FTY  LOW, HIGH (state s0) • Token set refinement: FTY  LOW, HIGH (state s1) r0=<s0; power_in=OK; s0; ref_out=OK> r11=<s0; power_in=LOW; s0; ref_out=OK> r21=<s0; power_in=HIGH; s1a; ref_out=HIGH> r311=<s1a; power_in=OK; s1a; ref_out=LOW> r321=<s1b; power_in=OK; s1b; ref_out=HIGH> r411=<s1a; power_in=LOW; s1b; ref_out=LOW> r412=<s1a; power_in=HIGH; s1b; ref_out=HIGH> r421=<s1b; power_in=LOW; s1b; ref_out=HIGH> r422=<s1b; power_in=HIGH; s1b; ref_out=HIGH> No uncertainity Formal methods

  25. Structure refinement • Modification of structure • In-out channels unchanged • New internal channels and nodes • State mapping: node  subnet • Token set unchanged • Firings -> sequences of firings Formal methods

  26. Example: structure refinement in out n in int n1 n2 out Formal methods

  27. Example: structure refinement • rn1 = <good; in=a; good; out=a> • rn2 = <good; in=b; fty; out=b> • rn11 = <good; in=a; good; int=a> • rn12 = <good; in=b; fty; int=b> • rn21 = <good; in=a; good; out=a> • rn22 = <good; in=b; good; out=b> • rn23 = <fty; in=a; fty; out=a> • rn24 = <fty; in=b; fty; out=b> Formal methods

  28. Example: Vending machine coin_in select_candy change select coin_in/out to_coin_in/out from_select from_coin_in/out controller to_candies_out from_candies_out candies_out out Formal methods

  29. Refinement coin_in select_candy change select coin_in/out to_coin_in/out from_select from_coin_in/out controller to_candies_out from_candies_out candies_out to_mechanics hw_logic mechanics out Formal methods

  30. Verification of refinement • Rule-based design tool • Applicaiton of definitions (by hand) • By using Finite State Machines (FSM) • Structural check • Transformation of node-node and node-subnet pairs  NDFST • Bisimulation of automaton pairs Formal methods

  31. Model extension Mechanisms to be modeled: • Faults • Impact of faults • Error propagation Extension of the basic model (based on the fault model). Formal methods

  32. Model extension • Physical model (low level) • Faults are physical defects • Logical model (higher level) • Model perturbation • Model extended with erroneous operation systematically • „if-then-else” or „switch-case” description • E.g. wrong evaluation of a condition • List of perturbations is the fault model • Graph models • Nodes are system components • Each containging its own fault model • Wrong components propagate the error Formal methods

  33. Fault modeling Tokens and states of nodes have to be extended  New firing rules Non-interpreted (quailitative) modeling: • Token can be good or faulty (coloring) • Detailed fault model  multiple levels • E.g. result of a floating point operation: • correct • appr. correct • too small • too big • Severity of faults: • correct • incorrect • bad • catastrophic Formal methods

  34. Aspects of Fault Tolerance error-free operation <ok; in=ok; ok; out=ok; 0> erroneous operation<fty; in=ok; fty; out=fty; 0> internal fault <ok; ; fty; ; 0> external fault <ok; in=fty; fty; out=fty; 0> repair <fty; in=ok; ok; out=ok; 0> error correction <ok; in=fty; ok; out=ok; 0> error masking <fty; in=fty; fty; out=ok; 0> error propagation <ok; in=fty; ok; out=fty; 0> Formal methods

  35. Application of DFN principles • Workflow Modeling • Aim: high level modeling of the system • Analysis • Optimization • Code generation (for control flow) • Elements • Processes • Activities • Data flow • Control flow • Sequence • Loops • Parallelism • Switch • Etc. Formal methods

  36. A Workflow Example Beginning of parallel execution Selection Basic activity Reject Policy Recording Establish type Premium Pay Control flow End of parallel execution Formal methods

  37. Verification of Workflows Formal methods

  38. Verification of Workflows IBM WebSphere Integration Developer Formal methods

  39. Verification of Workflows • Dataflow Network (generated) • Abstract data • Hierarchic modeling • Model refinement • Representation in the VIATRA2 framework • Dataflow Network generated from parsed BPEL model Formal methods

  40. Verification of Workflows • Target requirement • Business level:„no unauthorized business transaction” • Implementation level:„each variable should be initialized prior to a read access” • Requirements • LTL: linear temporal logical expression Formal methods

  41. Verification of Workflows • Model checker • Evaluation of LTL expressions • Exhaustive state space traversal Formal methods

  42. Modelltranszformáció Model transformation VIATRA2 framework Verification of Workflows Formal methods

More Related