Constraints bliudze-slides-sc2011
-
Upload
simon-bliudze -
Category
Technology
-
view
468 -
download
1
Transcript of Constraints bliudze-slides-sc2011
![Page 1: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/1.jpg)
Synthesizing Glue Operators from GlueConstraints for the Construction of
Component-Based Systems
Simon Bliudze and Joseph Sifakis
Zurich, June 30th, 2011
![Page 2: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/2.jpg)
Outline
Motivation
BIP and the Glue
Synthesizing glue operators
Design flow
Quite some liberties taken w.r.t. the paper for the sake of the pre-sentation clarity!
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 2 / 29
![Page 3: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/3.jpg)
Outline
Motivation
BIP and the Glue
Synthesizing glue operators
Design flow
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 3 / 29
![Page 4: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/4.jpg)
At the TOOLS keynote on Tuesday...
...Oscar Nierstrasz spoke of the necessity of
Manipulating the models
Bridging the gap between high-level modelsand run-time code
Questions:
Recently, did we get any closer to theseobjectives? If not, what is the way there?
Does not raising the abstraction level ratherincrease the gap?
Answer:
We should build solid and light-weight bridges!
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 4 / 29
![Page 5: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/5.jpg)
Solid and light-weight bridges
A unified modelling formalism
Solid:
Clearly established formal semantics
Heterogeneity
computation, execution, implementation
Certifying code generation
Light-weight:
Clear, accessible formal semantics
Minimal set of primitives
Separation of concerns
coordination is a first-class citizen
Efficient implementation for popular platforms
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 5 / 29
![Page 6: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/6.jpg)
More specifically
Context: Component-based modelling, design and validation ofembedded (safety-critical) systems.
Presently:
A number of coordination mechanisms for concurrent systemsshared variables, semaphores, message passing, etc.
Ad-hoc use and analysis methodologies.
Our goal: Unified framework for component-based modelling anddesign
Incremental description
Correctness by construction
Heterogeneitysynchronous and asynchronous executionevent- and data-driven computationcentralised and distributed implementation
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 6 / 29
![Page 7: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/7.jpg)
Outline
Motivation
BIP and the Glue
Synthesizing glue operators
Design flow
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 7 / 29
![Page 8: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/8.jpg)
Component design by refinement
Three layers:
1 Componentbehaviour
2 Coordination
3 Data transfer
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 8 / 29
![Page 9: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/9.jpg)
Component design by refinement
Three layers:
1 Componentbehaviour
2 Coordination
3 Data transfer
A
b1 r1
p1
f1
Bf2
b2
C
p3 f3
r3
b3
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 9 / 29
![Page 10: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/10.jpg)
Component design by refinement
Three layers:
1 Componentbehaviour
2 Coordination
3 Data transfer
A
b1 r1
p1
f1
Bf2
b2
C
p3 f3
r3
b3
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 10 / 29
![Page 11: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/11.jpg)
Component design by refinement
Three layers:
1 Componentbehaviour
2 Coordination
3 Data transfer
A
b1 r1
p1
f1
Bf2
b2
C
p3 f3
r3
b3
A.x :=max(B.y ,C .z)
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 11 / 29
![Page 12: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/12.jpg)
Unbuffered synchronous communication
(Not to confuse with synchronous execution!)
A
send
B
receive
Channelcollect deliver
����
@@
@@
Channel .buf :=A.m B.m:=Channel .buf
A sends a message m to B:
Two synchronisations with the channel
Each synchronisation allows a data transfer
An explicit model of the channel behaviour
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 12 / 29
![Page 13: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/13.jpg)
Scope of the basic BIP model
A
b1 r1
p1
f1
Bf2
b2
C
p3 f3
r3
b3
Three layers:
1 Component behaviour
2 Coordination
3 Data transfer
Interesting results already at this level, e.g.
Analysis of synchronisation deadlocks
S. Bensalem, M.Bozga, J. Sifakis, T.-H.Nguyen. D-Finder: A Tool for Compositional
Deadlock Detection and Verification. [CAV’09]
Synthesis of glue for safety properties
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 13 / 29
![Page 14: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/14.jpg)
Basic model of BIP
Priorities (conflict resolution)
Interactions (collaboration)
B E H A V I O U R
Layered component model
Behaviour — labelled transition systems with disjoint sets ofports
Interaction — set of interactions (interaction = set of ports)
Priorities — strict partial order on interactions
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 14 / 29
![Page 15: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/15.jpg)
BIP examples
Modulo-8 counter:
ii�
� ii�
� ii�
�p
pq
r
rs
t
tup q r s t u
Interactions: {p, pqr , pqrst, pqrstu}.
Mutual exclusion:
iiw� � i
iw� �f1
b1
f2
b2b1 f1 b2 f2
Interactions: {b1, f1, b2, f2}Priority: b1 ≺ f2, b2 ≺ f1.
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 15 / 29
![Page 16: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/16.jpg)
Glue semantics in BIP: Solid
Bi = (Qi ,Pi ,→i ,↑ i ): Pi pairwise disjoint, P =⋃
i Pi
→ ⊆ Q × 2P × Q
↑ ⊆ Q × P such that (∃a ∈ 2P : p ∈ a ∧ qa→)⇒ q ↑p
Interaction model: γ ⊆ 2P — set of allowed interactions{qi
a∩Pi−→ q′i
∣∣∣ i ∈ [1, n], a ∩ Pi 6= ∅}
q1 . . . qna→ q1 . . . qn
for each a ∈ γ ,
where qi denotes q′i if a ∩ Pi 6= ∅, and qi otherwise.
Priority model: ≺ ⊆ 2P × 2P — strict partial order
qa→ q′ {q 6 ↑a′ | a ≺ a′}
qa→≺ q′
for each a ∈ 2P
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 16 / 29
![Page 17: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/17.jpg)
Outline
Motivation
BIP and the Glue
Synthesizing glue operators
Design flow
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 17 / 29
![Page 18: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/18.jpg)
Connector synthesis
ii
iw6f ?b-p
�r
b f
r
pMutual preemption:
1 A running task is preempted, when theother one begins computation.
2 A preempted task resumes computation,when the other one finishes.
true ⇒ b1 ∨ f1 ∨ b2 ∨ f2
p1 ⇒ b2 p2 ⇒ b1
r1 ⇒ f2 r2 ⇒ f1
Mutual exclusion?..
T1
b1 f1
r1
p1T2
r2 p2
f2
b2
Ju JuN uN u
{b1, b2, b1p2, b2p1,f1, f2, f1r2, f2r1}
S. Bliudze, J. Sifakis. Causal semantics for the algebra of connectors. In Formal Methods in System Design, 2010.
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 18 / 29
![Page 19: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/19.jpg)
Mutual exclusion (design front-end)
iiw� � i
iw� �f1
b1
f2
b2b1 f1 b2 f2
1 B1 can enter the critical state if B2 is in the non-critical oneor leaves the critical state simultaneously
fire(b1)⇒ ¬active(f2) ∨ fire(f2)
2 Idem for B2:
fire(b2)⇒ ¬active(f1) ∨ fire(f1)
3 B1 and B2 cannot enter the critical state simultaneously
¬(
fire(b1) ∧ fire(b2))
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 19 / 29
![Page 20: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/20.jpg)
Mutual exclusion (semantic back-end)
Notation: For a port p ∈ P, let p and p — boolean activationand firing variables
Constraints:(b1 ⇒ f2 ∨ f2
)∧(
b2 ⇒ f1 ∨ f1)∧ b1b2 — Mutual exclusion
∧(
b1 ∨ f1 ∨ b2 ∨ f2)
— Progress
∧ f1f2 ∧(
f1 ∨ f2 ⇒ b1 b2
)— “Internality” of finish
= b1 b2 f1 f2 ∨ b1 b2 f1 f2 ∨ b1 b2 f1 f2 f2 ∨ b1 b2 f1 f2 f1
q1f1→ q′1
q1q2f1→ q′1q2
,q2
f2→ q′2
q1q2f2→ q1q′2
,q1
b1→ q′1 q2 6 ↑ f2
q1q2b1→ q′1q2
,q1 6 ↑ f1 q2
b2→ q′2
q1q2b2→ q1q′2︸ ︷︷ ︸
Priorities: b1≺f2, b2≺f1
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 20 / 29
![Page 21: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/21.jpg)
Rescue robot (design front-end)
r
a a
ru
h
b
f
m
R
EN
S
1 Must not advance and rotate at the same time: a r ;
2 Must not leave the region: b ⇒ a ;
3 Must not drive into hot areas: h⇒ a ;
4 Must stop, when objective is found: f ⇒ a r ;
5 Must update navigation and sensor data on every move(advance or rotate): a ∨ r ⇒ u m .
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 21 / 29
![Page 22: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/22.jpg)
Rescue robot (semantic back-end)
a r ∧ (b ⇒ a) ∧ (h⇒ a) ∧ (f ⇒ a r) ∧ (a ∨ r ⇒ u m) — Safety
∧ (a ∨ r ∨ u ∨ m) ∧ h b f — Progress
=(
a r u m ∨ a r u m ∨ a r u m ∨ a r f u m ∨ a r b h f u m)∧ h b f
qnu→ q′n
qeqsqnu→ qeqsq′n
,qs
m→ q′s qnu→ q′n
qeqsqnmu−→ qeq′sq′n
,qs
m→ q′s
qeqsqnm→ qeq′sqn
,
qer→ q′e qs
m→ q′s qnu→ q′n qn 6 ↑ f
qeqsqnrmu−→ q′eq′sq′n
,
qea→ q′e qs
m→ q′s qnu→ q′n qs 6 ↑h qn 6 ↑b qn 6 ↑ f
qeqsqnamu−→ q′eq′sq′n
.
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 22 / 29
![Page 23: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/23.jpg)
General case
Constraints: B[P, P] with an axiom p ⇒ p
SOS rules:{Bi : qi
ai−→ q′i
}i∈I
{Bj : qj ↑bj
}j∈J
{Bk : qk 6 ↑cs
∣∣∣ s ∈ Lk
}k∈K
gl(B1, . . . ,Bn) : q1 . . . qna−→ q1 . . . qn
Theorem
Constraint glues and SOS glues are equivalent.
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 23 / 29
![Page 24: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/24.jpg)
Outline
Motivation
BIP and the Glue
Synthesizing glue operators
Design flow
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 24 / 29
![Page 25: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/25.jpg)
Design flow
1 Choice of the functionalities to be realized by sequentialatomic components.
2 Independent design of sequential atomic components.
3 Specification of state safety properties to be satisfied by thesystem.
4 Automatic glue operator and connector synthesis. Thisimplies that the underlying state safety properties are satisfiedby construction.
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 25 / 29
![Page 26: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/26.jpg)
Existing BIP desing flow
http://www.slideshare.net/sbliudze/bip-design-flowhttp://www-verimag.imag.fr/The-BIP-Design-Flow.html
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 26 / 29
![Page 27: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/27.jpg)
Conclusion
We haveTaken BIP one step closer to something
Solid — by improving semantics of hierarchical compositionLight-weight — by isolating designers from low-level details
Through separation of concerns, reduced a very hard problemof synthesizing controllers to a tractable one.
Given a natural boolean characterisation of glue throughconstraints ⇒ symbolic manipulation with BDDs.
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 27 / 29
![Page 28: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/28.jpg)
Thank you for your attention!
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 28 / 29
![Page 29: Constraints bliudze-slides-sc2011](https://reader034.fdocuments.us/reader034/viewer/2022042817/559f61ef1a28ab7a528b4816/html5/thumbnails/29.jpg)
SOS operator example
Glue operator g defined by the following rules{q1
a→ q′1q1q2
a→ q′1q2,
q1a→ q′1 q2
c→ q′2q1q2
ac→ q′1q′2,
q1b→ q′1 q2 6
c→q1q2
b→ q′1q2
}
Behaviours Parallel product Application of glueB1, B2 B1 ‖ B2 g(B1,B2)
a
b
c
a c
ac
ac
bc
bc
b
a
ac
a
b
SC 2011 — S. Bliudze, J. Sifakis, “Synthesizing Glue Operators...” — Zurich, June 30th , 2011 — 29 / 29