430 likes | 582 Vues
System Level Modelling in POOSL. J. Voeten, P. van der Putten, M. Geilen, L. van Bokhoven and M. Stevens Information and Communication Systems Eindhoven University of Technology The Netherlands. >. Contents. Introduction: System Modelling The POOSL Language Formal Semantics
E N D
System Level Modelling in POOSL J. Voeten, P. van der Putten, M. Geilen, L. van Bokhoven and M. Stevens Information and Communication Systems Eindhoven University of Technology The Netherlands Jeroen Voeten, email: voeten@ics.ele.tue.nl Information and Communication Systems Group >
Contents • Introduction: System Modelling • The POOSL Language • Formal Semantics • Model Analysis • Demonstration System Level Modelling in POOSL Information and Communication Systems Group >
Introduction: System Modelling System Level Modelling in POOSL Information and Communication Systems Group >
Design Decisions and Properties • Design involves the investigation of design alternatives to obtain a satisfying realisation. • Design decisions are based on the values of certain properties of alternative design realisations. • Realising design alternatives to determine the values of these properties is too costly and time-consuming. • Values of properties must be determined from models. • A property is a function on designs, realisations or models. If the range is Boolean the property is called qualitative (e.g. absence of deadlock), otherwise it is called quantitative (e.g. throughput). System Level Modelling in POOSL Information and Communication Systems Group >
Models and Adequacy • A model is an abstract representation of some design realisation. • A model must be adequate (to a certain degree of accuracy) for the properties that are relevant for making a design decision. • A model is adequate (to a certain degree of accuracy) for a property if the difference between the property value of the model and that of the design realisation is within the accuracy bound. Vice versa, the design realisation is said to satisfy the model. System Level Modelling in POOSL Information and Communication Systems Group >
Models and Abstraction • If a model is more abstract • it will in general be adequate for less properties with less accuracy; • it has a larger realisation space (collection of realisations that satisfy the model) and will be more difficult to realise; • it will be more compact; • it will take less time to develop it; • it will be cheaper to deduce property values. • Design decisions taken early in the design process (based on abstract models) have a large impact on property values. System Level Modelling in POOSL Information and Communication Systems Group >
System Communicating (sub)systems Behaviour Object-Oriented Functions, Data Objects Less adequate and accurate More difficult to realise Design decisions have large impact More compact Less time to develop Cheaper to deduce property values High RT Increasing Expressive Power Abstraction Encapsulation Registers, FSMs Functions, Data Logic Assembly Gates Assembly Code Transistor Machine Transistors Machine Code Towards System Models Hardware Software System Level Modelling in POOSL Information and Communication Systems Group >
Example: Switch Fabrics • Design Issues • Queues • Priorities • Backpressure • Scheduling • Decision Properties • Throughput • Average Delay • Jitter • Quality of Service • Modelling Concepts • Modelling Entities • Concurrency • Communication/Synchronisation • Time/Stochasticity For different traffic types (CBR,VBR,ABR,UBR) System Level Modelling in POOSL Information and Communication Systems Group >
Language Design Considerations/Alternatives • Modelling Entities • Separate Data & Control Autonomous Objects • Structural Behavioural • ... • Concurrency • Synchronous Asynchronous • Inherent to Modelling Entities Orthogonality • Communication/synchronisation • Synchronous Asynchronous • Buffered Unbuffered • ... • Time/stochasticity • Real-time Discrete-time Synchrony Hypothesis • Stochastic Probabilistic Non-determinism • ... POOSL Small Expressive Collection of Blending Language Primitives Selection Conflicts Orthogonality Mathematical semantics System Level Modelling in POOSL Information and Communication Systems Group >
The POOSL Language System Level Modelling in POOSL Information and Communication Systems Group >
Overview of POOSL • POOSL (Parallel Object-Oriented Specification Language) is a formal specification language based on a timed version of process algebra CCS and on the basic concepts of traditional object-oriented programming languages (Smalltalk, Java, C++). • A POOSL specification consists of • A Top-Level Cluster; • Clusters & Cluster Classes; • Process Objects & Process Classes; • Data Objects & Data Classes. System Level Modelling in POOSL Information and Communication Systems Group >
Example: Switch Fabric System Level Modelling in POOSL Information and Communication Systems Group >
Clusters • Hierarchical structural entities; • Statically interconnected in a topology of channels; • Connect to the channels through private ports; • Consist of process objects and other clusters; • Behave asynchronous concurrent; • Communicate by synchronous message passing; • Organised in cluster classes. System Level Modelling in POOSL Information and Communication Systems Group >
Example: Multistage Switch System Level Modelling in POOSL Information and Communication Systems Group >
Process objects • Behavioural asynchronous concurrent entities; • Statically interconnected in a topology of channels; • Connect to the channels through private ports; • Communicate by synchronous message passing; • Contain data objects; • Compositional behaviour descriptions • Primitive statements: data,time,communication • Constructors: Parallel composition, interrupts, … • Behavioural abstraction: methods; • Are organised in process classes. System Level Modelling in POOSL Information and Communication Systems Group >
Example: Switch System Level Modelling in POOSL Information and Communication Systems Group >
PS ::= ch?m(p1,…,pn | DE) message reception | ch!m(DE1,…,DEn) synchronous send | delay(DE) delay statement | timestamp x read model time | while E do PS od repetition | if E then PS1 else PS2 fi selection | DS data statement | PS1;PS2 sequential composition | sel PS1or … or PSn les choice statement | par PS1 and … and PSn rap parallel composition | PS1 interrupt PS2 interrupt statement | PS1 abort PS2 abort statement | [DE]PS guarded command | m(DE1,…,DEn)(p1,…,pn) method call Process Statements A method body consists of a process statement PS: The execution of PS can result in Action Performance & Time Passage System Level Modelling in POOSL Information and Communication Systems Group
copy (10,12) 3.14 position( ) givePosition Example 1: Intuitive Semantics (10,12) Time: 0 instance variable point instance variable point initialize()() ch!givePosition; delay(3.14); ch?position(point). initialize()() ch?givePosition; ch!position(point). ch System Level Modelling in POOSL Information and Communication Systems Group >
startUp()() outputBufferArray:=new(Array) size(2); outputBufferArray put(1,new(BoundedFIFOBuffer) size(bufferSize)); outputBufferArray put(2,new(BoundedFIFOBuffer) size(bufferSize)); par handleInput1()() and handleInput2()() and handleOutput1()() and handleOutput2()() rap. Example 2: initial method startUp of Switch System Level Modelling in POOSL Information and Communication Systems Group >
Example 3: method handleInput1 of Switch handleInput1()() | cell:Cell | i1?cell(cell | outputBufferArray at(cell destinationPort) isNotFull) {outputBufferArray at(cell destinationPort) put(cell); cell nextDestinationPort}; delay(cellTime); handleInput1()(). System Level Modelling in POOSL Information and Communication Systems Group >
Example 4: method handleOutput1 of Switch handleOutput1()() [outputBufferArray at(1) isNotEmpty] o1!cell(outputBufferArray at(1) firstElement) {outputBufferArray at(1) removeFirstElement}; delay(cellTime); handleOutput1()(). System Level Modelling in POOSL Information and Communication Systems Group >
Example 5: Process Class Source System Level Modelling in POOSL Information and Communication Systems Group >
Example 6: method of a TransmissionChannel transfer()() | p:Packet | in?packet(p); par delay(normal nextSample); out!packet(p) and transfer()() rap. Receive a new packet p from port in Wait for some stochastically determined amount of time before p is being delivered synchronously to port out Be simultaneously prepared to receive another packet System Level Modelling in POOSL Information and Communication Systems Group >
waitForInput()(value,status:String) ch!inputRequest; sel ch?input(value);status:=‘ok’ or delay 20;status:=‘timeout’ les Wait for input on port ch. Return from the method call if an input is not received within 20 time units timeCriticalComputation()() doComputation()() abort (delay deadline; errorHandling()()). Call method doComputation()(). If the method has not terminated within a deadline amount of time, abort it and start an errorHandling routine. Example 7: timeouts and watchdogs System Level Modelling in POOSL Information and Communication Systems Group >
Data objects • Behavioural sequential entities; • Can be created dynamically; • Communicate by message passing; • Invoke methods upon message reception; • Return results of method invocations to sender; • Are organised in data classes. System Level Modelling in POOSL Information and Communication Systems Group >
Example: Data class Exponential System Level Modelling in POOSL Information and Communication Systems Group >
Data Statements and Expressions • A method body consist of a data statement DS : DS ::= x:=DE | DS1;DS2 | while DE do DS | if E then DS1 else DS2 fi | DE assignment to variable or parameter sequential composition repetition selection data expression • DE is a data expression, always evaluating to a data object: DE ::= x | new(C) | self | DE m (DE1,…,DEn) | -1,0,’a’,’b’,3.14,true,false | nil data object referenced by x newly created data object of data class C data object evaluating this expression method call constants of primitive classes constants undefined data object System Level Modelling in POOSL Information and Communication Systems Group > >
3 mu withParam(m:Real):Exponential mu:=m; rand:=new(RandomGenerator); return(self). some Random rand Example: Intuitive Semantics Consider the execution of the following statement: exp:=new(Exponential) withParam(3) System Level Modelling in POOSL Information and Communication Systems Group >
Formal Semantics System Level Modelling in POOSL Information and Communication Systems Group >
a,p t,p (Mod,Act,T,{ | a Act,p [0,1]},{ | t T,p [0,1]}) a,p M M’ t,p t,p1 t,1 M M’ M1 M’1 t,p2 delay(t) M2 M’2 Formal Semantics: Transition System • Plotkin-style Structural Operational Interleaving Semantics defines a probabilistic labelled transition system: Model M can perform action a with probability p and then behave as M’ Model M can delay for time t with probability p and then behave as M’ • Compositional Definition with Axioms and Inference Rules M1 || M2 M’1 ||M’2 t,p1•p2 System Level Modelling in POOSL Information and Communication Systems Group >
Action Urgency: Two-Phase Model [X.Nicollin, J.Sifakis ’91] Asynchronous Execution of Actions Synchronous Passage of Time System Level Modelling in POOSL Information and Communication Systems Group >
Example: Lossy Channel System Level Modelling in POOSL Information and Communication Systems Group >
Transition System of a Lossy Channel System Level Modelling in POOSL Information and Communication Systems Group >
Model Analysis System Level Modelling in POOSL Information and Communication Systems Group >
Analysis • Validation • Are we building the correct model • Qualitative Verification • Analyse correctness properties • Quantitative Verification • Analyse performance properties • Synthesis • for rapid model analysis • for implementation/realisation System Level Modelling in POOSL Information and Communication Systems Group >
Validation System Level Modelling in POOSL Information and Communication Systems Group >
Qualitative Verification: Equivalence Checking Abstraction to CCS Equivalent minimised protocol Minimisation System Level Modelling in POOSL Information and Communication Systems Group >
Qualitative Verification: Model Checking • Specify the property () to verify in a temporal logic (LTL). • Example: A stimulus S always results in a response R within 10 ms • Construct an automaton that accepts precisely the traces satisfying this property. • Check whether the model satisfies the property • Exhaustively • Generate complete transition system (T) of the model • Check for language inclusion L(T) L() or for empty intersection L(T) L() = • Proof of correctness but only applicable in case of relatively small finite-state systems. • Non-exhaustively • Generate one execution trace from transition system (T) • Check whether some infinite completion of this trace can be accepted by the automaton • No proof of correctness, but always applicable to detect errors. System Level Modelling in POOSL Information and Communication Systems Group >
Quantitative Verification: Performance Analysis • Specify the performance metric as a (temporal) reward. • Examples: jitter, buffer fill levels. • Determine the long-run average metric value • Analytically • Generate the complete probabilistic labelled transition system • Interpret it as a Markov chain with (temporal) reward structure • Compute performance metric by using the strong law of large numbers and the ergodic theorem for Markov chains • Certain/precise results but only applicable in case of relatively small finite-state systems. • Empirically • Generate one execution trace • Estimate the metric value, confidences and errors using the strong law of large numbers and the central limit theorem for Markov chains • Uncertain results but applicable in case of large and even infinite-state systems. System Level Modelling in POOSL Information and Communication Systems Group >
Synthesis • To analyse large systems, it is important to be able to generate the model’s transition graph or a trace thereof rapidly. • Automatic mapping from POOSL to C++ using Process Execution Trees: • Self-modifying data-structure representing the state of the model; • Compositional mapping of all language constructs; • Offering facilities for model debugging; • No use of (real-time) operating system; • Slave-like C++ module facilitating the interfacing with other tools; • Automatic storage reclamation. System Level Modelling in POOSL Information and Communication Systems Group >
Process Execution Trees State State State n n+1 n+2 root root root talk()() sel c!m or c?m les; talk()() talk()() talk()() talk()() startUp granted finished ; ; startUp sel talk()() sel talk()() finished kill startUp startUp c!m c?m c!m c?m granted System Level Modelling in POOSL Information and Communication Systems Group
Demonstration System Level Modelling in POOSL Information and Communication Systems Group >
The Validation Tool SHESim • Tool Demonstration • Example of a simple datalink protocol • Download tool via ftp at: • ftp.ics.ele.tue.nl/pub/projects/she_sim/prac9900 System Level Modelling in POOSL Information and Communication Systems Group >