a model driven methodology for generating and verifying
play

A Model-driven Methodology for Generating and Verifying CSP-based - PowerPoint PPT Presentation

Feb 02, 2023 •291 likes •758 views

A Model-driven Methodology for Generating and Verifying CSP-based Java Code no 1 ul N.N. Alborodo 2 Julio Mari Ra 1 Universidad Polit 2 IMDEA Software Institute ecnica de Madrid Babel research group raul.alborodo@imdea.org

  1. A Model-driven Methodology for Generating and Verifying CSP-based Java Code no 1 ul N.N. Alborodo 2 Julio Mari ˜ Ra´ 1 Universidad Polit´ 2 IMDEA Software Institute ecnica de Madrid Babel research group raul.alborodo@imdea.org julio.marino@upm.es Communicating Process Architectures CPA2015 Canterbury, August 24 2015

  2. summary the paper in a nutshell this paper is about: model-driven development of concurrent software specifying process interaction with formal models generating code from these models (semi-automatically), and verifying the resulting code our contributions: a textual syntax for specifying process interaction models (that we call shared resources ) as JML-annotated Java interfaces a couple of generic templates for translating these models into Java classes using the JCSP (CSP for Java) library an strategy for verification of the code generated according to these templates, and some experimental results on the mechanical verification using the KeY tool (initial) motivation: teaching trying to teach concurrency to undergrad students for more than 15 years J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 2 / 31

  3. model-driven software development work fl ows J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 3 / 31

  4. benefits of model-driven software development why adding may be necessary for simplifying things 1 Formalizing (part of) the requirements reduces ambiguity in the problem statement. 2 Formal models can be the subject of experiments aimed at early requirement validation . That is, a mathematical model can be formally verified for detecting inconsistencies or other fl aws. 3 Code is not written from scratch but generated or distilled (semiautomatically) from the model. This brings several bene fi ts. One of them is portability . This is specially relevant for concurrent software production, given the volatility of certain languages. A second bene fi t is robustness against changes in the requirements – modifying concurrent code by hand may introduce more errors than re-generating it. Finally, the generative approach may reduce production costs at this stage. 4 Models can help in the validation, veri fi cation and test case generation of the code obtained from the previous phases. J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 4 / 31

  5. shared resources what is so relevant that deserves to be modeled key abstractions concurrency = simultaneous execution + nondeterminism + interaction interaction = communication + synchronization synchronization = mutual exclusion serializability + condition synchronization P 1 P 4 R 1 R 2 P 7 P 2 Op 1 Op 2 P 5 Op 1 Op 2 P 3 P 6 J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 5 / 31

  6. shared resources by example readers & writers wrt 1 rdr 1 rdrs/wrts BR BW wrt 2 rdr 2 AR AW r w wrt 3 rdr 3 communication: takes place via change of the resource’s internal state, after applying a sequence of (serial) operations: w = 1 w = 0 w = 1 w = 0 AW BR BR r = 0 r = 0 r = 1 r = 2 ❀ ❀ ❀ synchronization: consists in restricting the set of valid sequences of operations (internal language of the shared resource): valid traces: BR; AR; BW; AW; BR; BR; AR; AR; BW; AW; . . . invalid traces: BR; BW; AW; BR; BR; AR; AR; BW; AW; AR; . . . J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 6 / 31

  7. formal specification of a shared resource readers & writers CADT ReadersWriters OPERATIONS ACTION BeforeRead;AfterRead;BeforeWrite;AfterWrite: preconditions ( PRE s) are often SEMANTICS independent from the resource’s DOMAIN: STATE: ( readers : N × writers : N ) state INVT: ( readers > 0 ⇒ writers = 0 ) ∧ The invariant ( INVARIANT ) maps ( writers > 0 ⇒ readers = 0 ∧ writers = 1 ) INITIAL: writers = 0 ∧ readers = 0 to the loop invariant within the CPRE: writers = 0 ∧ readers = 0 server code. BeforeWrite The concurrent or POST: writers = 1 synchronization pre-condition PRE: writers = 1 ( CPRE ) must hold right before CPRE: true entering the code for each AfterWrite POST: writers = 0 operation (might block CPRE: writers = 0 execution) BeforeRead POST: readers = 1 + readers in The post-condition (POST) must PRE: readers > 0 hold on exit of the code of each CPRE: true operation AfterRead POST: readers = readers in − 1 J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 7 / 31

  8. shared resources as abstract state machines readers & writers BW BR BR BR . . . 0/1 0/0 1/0 2/0 3/0 AW AR AR AR J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 8 / 31

  9. model-driven engineering revisited applying all of this to developing concurrent Java SW .tla .java .adb JML-annotated Java classfiles SR CC (JML interface) SR(s) .java .erl testing SPECS KeY code J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 9 / 31

  10. shared resource specifications as JML-annotated Java interfaces a textual, convenient and ready-to-compile representation package es.upm.babel.ccjml.samples.readerswriters.java; 1 2 public interface /*@ shared_resource @*/ ReadersWriters { 3 //@ public model instance int readers; 4 //@ public model instance int writers; 5 6 /*@ public instance invariant 7 @ readers >= 0 && writers >= 0 && 8 @ (readers > 0 ==> writers == 0) && 9 @ (writers > 0 ==> readers == 0 && writers == 1); 10 @*/ 11 12 //@ public initially readers == 0 && writers == 0; 13 14 /*@ public normal_behaviour 15 @ cond_sync writers == 0 && readers == 0; 16 @ assignable writers; 17 @ ensures writers == 1; 18 @*/ 19 public void beforeWrite(); 20 J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 10 / 31

  11. shared resource specifications as JML-annotated Java interfaces (cont’d.) a textual, convenient and ready-to-compile representation @ requires writers == 1; 1 @ assignable writers; 2 @ ensures writers == 0; 3 @*/ 4 public void afterWrite(); 5 6 /*@ public normal_behaviour 7 @ cond_sync writers == 0; 8 @ assignable readers; 9 @ ensures readers == \old(readers) + 1; 10 @*/ 11 public void beforeRead(); 12 13 /*@ public normal_behaviour 14 @ requires readers > 0; 15 @ assignable readers; 16 @ ensures readers == \old(readers) - 1; 17 @*/ 18 public void afterRead(); 19 } 20 J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 11 / 31

  12. implementing shared resources using JCSP client-server + RPC + . . . a view from the clients’ side: SHARED RESOURCE P 2 Wrapper OP 1 OP 2 Server Code P 3 P 1 Wrapper Receiving method invocations and propagating them as messages to the server through CSP channels; J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 12 / 31

  13. implementing shared resources using JCSP client-server + RPC + . . . server side: SHARED RESOURCE P 2 Wrapper OP 1 OP 2 Server Code P 3 P 1 Server Processing the requests received from the wrapper methods and modifying the shared resource inner state J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 13 / 31

  14. implementing the server the devil is in the CPRE s When shared resource operations take no arguments or the operation’s CPRE does not depend on them, one channel per operation and channel enabled when CPRE holds (see, for instance, readers & writers). When CPRE s may vary depending on the actual parameters operations can take there are two basic approaches: ◮ channel replication: Instantiate CPRE s with all their possible values, take classes modulo logical equivalence, then assign a channel to each class. Enable channels according to each CPRE . ◮ deferred requests: one (always open) channel per operation, requests are stored in the server until CPRE holds. J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 14 / 31

  15. CPRE s depending on their parameters multibuffer CADT Multibuffer OPERATIONS ACTION Put: Sequence ( ANY )[ i ] ACTION Get: N [ i ] × Sequence ( ANY )[ o ] SEMANTICS DOMAIN: STATE: self = Sequence ( ANY ) INVT: Length (self) ≤ MAX INITIAL: Length (self) = 0 PRE: 1 ≤ Length ( r ) ≤ ⌊ MAX / 2 ⌋ CPRE: 1 ≤ Length ( r ) ≤ MAX − Length (self) Put(r) POST: self = self in + r PRE: 1 ≤ n ≤ ⌊ MAX / 2 ⌋ CPRE: 1 ≤ n ≤ Length (self) Get(n, s) POST: self in = self + s J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 15 / 31

  16. � channel replication multibuffer Considering Multibuffer example with MAX = 4 MULTIBUFFER PUT GET CPRE put (2) CPRE get (1) Server Code CPRE put (1) CPRE get (2) pe i : E i → N px i : D x → E i pe put ([ a 1 , . . . , a n ]) = n px put ([ a 1 , . . . , a k ]) = [ 0 1 , . . . , 0 k ] pe get ( n ) = MAX / 2 + n px get ( n ) = n J.Mari ˜ no & R.Alborodo (UPM & IMDEA) Model-based Code Generation Using JCSP CPA2015 16 / 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Neutrino-driven explosions of ultra-stripped type Ic supernovae generating binary neutron stars

Neutrino-driven explosions of ultra-stripped type Ic supernovae generating binary neutron stars

Neutrino-driven explosions of ultra-stripped type Ic supernovae generating binary neutron stars Yudai Suwa 1, 2 1 Yukawa Institute for Theoretical Physics, Kyoto U. 2 Max Planck Institute for Astrophysics, Garching Collaboration with: T. Yoshida,

199 views • 18 slides
Message Driven Programming with S-Net Methodology and Performance Frank Penczek S.A.

Message Driven Programming with S-Net Methodology and Performance Frank Penczek S.A.

Message Driven Programming with S-Net Methodology and Performance Frank Penczek S.A. Herhut, S.-B. Scholz, A. Shafarenko, J. Yang, C.Y. Chen, N. Bagherzadeh, C. Grelck What is

515 views • 37 slides
Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter

Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter

Verifying Timed Reachability Properties Lecture #17 of Advanced Model Checking Joost-Pieter Katoen Lehrstuhl 2: Software Modeling & Verification E-mail: katoen@cs.rwth-aachen.de June 30, 2014 c JPK Advanced model checking Timelock,

720 views • 31 slides
Model Driven Security Foundations, Tools, and Practice David Basin, Manuel Clavel, Marina Egea

Model Driven Security Foundations, Tools, and Practice David Basin, Manuel Clavel, Marina Egea

Model Driven Security Foundations, Tools, and Practice David Basin, Manuel Clavel, Marina Egea ETH Zurich and IMDEA Software David Basin 1 Module Objectives Present a methodology and tools for automatically building secure, complex,

1.37k views • 102 slides
Next Generation ACO Model Review of Alignment / Benchmarking Methodology February 28, 2017 For

Next Generation ACO Model Review of Alignment / Benchmarking Methodology February 28, 2017 For

Next Generation ACO Model Review of Alignment / Benchmarking Methodology February 28, 2017 For Discussion Purposes Only: Actual methodology is specified in methodology paper Agenda Alignment Overview of cross-sectional approach

836 views • 44 slides
On Bringing Object-Oriented Software Metrics into the Model-Based World Verifying ISO 26262

On Bringing Object-Oriented Software Metrics into the Model-Based World Verifying ISO 26262

On Bringing Object-Oriented Software Metrics into the Model-Based World Verifying ISO 26262 Compliance in Simulink Lukas Murer, Torben Stolte Tanja Hebecker, Michael Lipaczewski Uwe Mhrstdt, Frank Ortmeier Motivation Functional safety

589 views • 21 slides
2016 Constituent Driven Process Not to, not for, but WITH Planning Model ~ Top Down Board

2016 Constituent Driven Process Not to, not for, but WITH Planning Model ~ Top Down Board

2016 Constituent Driven Process Not to, not for, but WITH Planning Model ~ Top Down Board driven Data-driven (data first) Aspirational Static Limited relevance over time Process: Review of state, national plans, other guiding documents

367 views • 10 slides
Model-Driven Software Engineering Foundations of Model-Driven Software Engineering Dr. Jochen

Model-Driven Software Engineering Foundations of Model-Driven Software Engineering Dr. Jochen

IBM Research Zurich Model-Driven Software Engineering Foundations of Model-Driven Software Engineering Dr. Jochen Kster ( jku@zurich.ibm.com) IBM Research Zurich Contents Introduction to Models and Modeling Concepts of

612 views • 43 slides
GENERATING 3D FRUIT MAPS FOR MODEL-BASED ASSESSMENT OF

GENERATING 3D FRUIT MAPS FOR MODEL-BASED ASSESSMENT OF

GENERATING 3D FRUIT MAPS FOR MODEL-BASED ASSESSMENT OF ROBOTIC FRUIT HARVESTING EFFICIENCY Stavros G. Vougioukas May 21, 2014 Motivation 3 Question No. 1 4 Can we build

671 views • 39 slides
Verifying social expectations by model checking truncated paths Stephen Cranefield Department of

Verifying social expectations by model checking truncated paths Stephen Cranefield Department of

Verifying social expectations by model checking truncated paths Stephen Cranefield Department of Information Science University of Otago, Dunedin, New Zealand and Michael Winikoff School of CS & IT, RMIT University, Melbourne, Australia

810 views • 34 slides
Recursive Definitions Generating Functions Lecture 18 Generating Functions A generating

Recursive Definitions Generating Functions Lecture 18 Generating Functions A generating

Recursive Definitions Generating Functions Lecture 18 Generating Functions A generating function is an alternate representation of an infinite sequence, which allows making useful deductions about the sequence (including, possibly, a closed

865 views • 17 slides
Revenue Forecast JCA Presentation February 12, 2020 Methodology: Model 1 Holt-Winters Model

Revenue Forecast JCA Presentation February 12, 2020 Methodology: Model 1 Holt-Winters Model

Revenue Forecast JCA Presentation February 12, 2020 Methodology: Model 1 Holt-Winters Model A triple exponential smoothing model, known as the Holt-Winters model, is a statistical forecasting model the Legislative Research Council (LRC)

656 views • 17 slides
30 Transformational Design with Essential Aspect Decomposition: Model-Driven Architecture (MDA)

30 Transformational Design with Essential Aspect Decomposition: Model-Driven Architecture (MDA)

Fakultt Informatik, Institut fr Software- und Multimediatechnik, Lehrstuhl fr Softwaretechnologie 30 Transformational Design with Essential Aspect Decomposition: Model-Driven Architecture (MDA) 1. Model-Driven Architecture Prof. Dr. U.

671 views • 34 slides
An Integrated Formal Methods Tool-Chain and its Application to Verifying a File System Model From

An Integrated Formal Methods Tool-Chain and its Application to Verifying a File System Model From

An Integrated Formal Methods Tool-Chain and its Application to Verifying a File System Model From Miguel A. Ferreira and Jos e N. Oliveira Thematic Seminar - Paper Recitation July 21, 2012 Skeleton Brief Introduction Tool-chain

272 views • 9 slides
WMSBF Event Business Solutions 1 Employer-Focused, Demand-Driven Demand Driven model was

WMSBF Event Business Solutions 1 Employer-Focused, Demand-Driven Demand Driven model was

WMSBF Event Business Solutions 1 Employer-Focused, Demand-Driven Demand Driven model was promoted by Workforce Investment Act of 1998 This approach is unique to Michigan and has been supported by the MEDC since 2006 Address

652 views • 14 slides
Testing Model Transformations in Model Driven Engineering Benoit Baudry INRIA IRISA

Testing Model Transformations in Model Driven Engineering Benoit Baudry INRIA IRISA

Testing Model Transformations in Model Driven Engineering Benoit Baudry INRIA IRISA (currently visiting CSU) Outline What about model transformation testing? Triskells contributions Coverage criteria Model synthesis

389 views • 35 slides
Search Strategy - I Dr. V. V. Subrahmanyam Associate Professor, SOCIS, IGNOU Search and Search

Search Strategy - I Dr. V. V. Subrahmanyam Associate Professor, SOCIS, IGNOU Search and Search

Search Strategy - I Dr. V. V. Subrahmanyam Associate Professor, SOCIS, IGNOU Search and Search Strategy Search: A search is performed to obtain exact or related information about a topic / keyword / subject area etc., from a repository of

727 views • 25 slides
Programming a Calculator -Ashley Kling (ask2203), Joseph Thompson (jot2102), Phillip Godzin

Programming a Calculator -Ashley Kling (ask2203), Joseph Thompson (jot2102), Phillip Godzin

Programming a Calculator -Ashley Kling (ask2203), Joseph Thompson (jot2102), Phillip Godzin (pgg2105) The HP 20b Originally 2 line display User is able to toggle RPN on and off Calculator is often repurposed and reprogrammed due

388 views • 20 slides
GPGPU: General-Purpose Computation on GPUs Prekshu Ajmera 03d05006 Overview 1. Motivation: Why

GPGPU: General-Purpose Computation on GPUs Prekshu Ajmera 03d05006 Overview 1. Motivation: Why

GPGPU: General-Purpose Computation on GPUs Prekshu Ajmera 03d05006 Overview 1. Motivation: Why GPGPU ? 2. CPU-GPU Analogies 3. GPU Resources The Graphics Pipeline Textures Programmable Vertex Processor Fixed Function Rasterizer

604 views • 48 slides
Introduction to Scilab Aditya Sengupta and Deepak Patil National Mission on Education through ICT

Introduction to Scilab Aditya Sengupta and Deepak Patil National Mission on Education through ICT

Introduction to Scilab Aditya Sengupta and Deepak Patil National Mission on Education through ICT Indian Institute of Technology Bombay E mail: sengupta@ee.iitb.ac.in deepakp@ee.iitb.ac.in Outline Introduction Scilab Objects: Matrices and

985 views • 27 slides
1 E. Boros, G.Felici Boolean Seminar, Liblice, April 2013 Supervised Learning and Data Mining

1 E. Boros, G.Felici Boolean Seminar, Liblice, April 2013 Supervised Learning and Data Mining

E. Boros, G.Felici Boolean Seminar, Liblice, April 2013 Some Results on Threshold Separability of Boolean Functions Endre Boros Giovanni Felici RUTCOR Istituto di Analisi dei Sistemi ed Informatica Rutgers University Consiglio Nazionale

821 views • 23 slides
Chapter 7 Utilities for High-Level Descriptions 1 Type Declarations and Usage Enumeration

Chapter 7 Utilities for High-Level Descriptions 1 Type Declarations and Usage Enumeration

Chapter 7 Utilities for High-Level Descriptions 1 Type Declarations and Usage Enumeration types Physical types Array types Record types 2 Enumeration Types Enumeration is basic scalar type Enumeration is defined

522 views • 39 slides
Introduction to Temporal Logic Sanjit A. Seshia EECS, UC Berkeley Plan for Todays Lecture

Introduction to Temporal Logic Sanjit A. Seshia EECS, UC Berkeley Plan for Todays Lecture

EECS 294-98: Introduction to Temporal Logic Sanjit A. Seshia EECS, UC Berkeley Plan for Todays Lecture Linear Temporal Logic Signal Temporal Logic (by Alex Donze) S. A. Seshia 2 Behavior, Run, Computation Path Define in

767 views • 28 slides
Concordia Libraries and Library Resources Sean McLaughlin Journalism, Communication Studies,

Concordia Libraries and Library Resources Sean McLaughlin Journalism, Communication Studies,

An Introduction to Concordia Libraries and Library Resources Sean McLaughlin Journalism, Communication Studies, and Psychology Subject Librarian Outline Types of resources and their uses Where & how to look for resources

876 views • 29 slides

More recommend