System Programming Lec - 03.ppt

technische universität
dortmund
fakultät für informatik
informatik 12
Models of computation
Peter Marwedel
TU Dortmund
Informatik 12
2012 年 10 月 23 日
These slides use Microsoft clip arts.
Microsoft copyright restrictions apply.
©
Springer,
2010

- 2 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Models of computation
What does it mean, “to compute”?
Models of computation define:
 Components and an execution model for
computations for each component
 Communication model for exchange of
information between components.
C-1
C-2

- 3 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Why not use von-Neumann (thread-based)
computing (C, C++, Java, …) ?
Potential race conditions (inconsistent results possible)
 Critical sections = sections at which exclusive access to
resource r (e.g. shared memory) must be guaranteed.
thread a {
..
P(S) //obtain lock
.. // critical section
V(S) //release lock
}
thread b {
..
P(S) //obtain lock
.. // critical section
V(S) //release lock
}
Race-free access
to shared memory
protected by S
possible
This model may be supported by:
mutual exclusion for critical sections
special memory properties

- 4 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Why not just use von-Neumann computing (C,
Java, …) (2)?
Problems with von-Neumann Computing
 Thread-based multiprocessing may access global variables
 We know from the theory of operating systems that
• access to global variables might lead to race conditions,
• to avoid these, we need to use mutual exclusion,
• mutual exclusion may lead to deadlocks,
• avoiding deadlocks is possible only if we accept
performance penalties.
 Other problems (need to specify total orders, …)

- 5 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Consider a Simple Example
“The Observer pattern defines a one-to-many dependency
between a subject object and
any number of observer objects
so that when the subject object changes state,
all its observer objects are notified and updated automatically.”
Erich Gamma, Richard Helm, Ralph Johnson, John Vlissides: Design Patterns, Addision-
Wesley, 1995
© Edward Lee, Berkeley, Artemis
Conference, Graz, 2007

- 6 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Why are deadlocks possible?
We know from the theory of operating systems, that deadlocks
are possible in a multi-threaded system if we have
 Mutual exclusion
 Holding resources while waiting for more
 No preemption
 Circular wait
Conditions are met for our example

- 7 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
A stake in the ground …
Nontrivial software written with threads,
semaphores, and mutexes is
incomprehensible to humans.
© Edward Lee, Berkeley, Artemis
Conference, Graz, 2007
“… threads as a concurrency model are a
poor match for embedded systems. … they
work well only … where best-effort scheduling
policies are sufficient.”
Edward Lee: Absolutely Positively on Time, IEEE Computer, July, 2005

- 8 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Ways out of this problem
 Looking for other options (“model-based design”)
 No model that meets all modeling requirements
  using compromises

dortmund
informatik 12
Early design phases
Peter Marwedel
TU Dortmund,
Informatik 12
2012 年 10 月 23 日
©
Springer,
2010

- 10 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Capturing the requirements as text
 In the very early phases of some design
project, only descriptions of the system
under design (SUD) in a natural
language such as English or Japanese
exist.
 Expectations for tools:
• Machine-readable
• Version management
• Dependency analysis
• Example: DOORS® [Telelogic/IBM]

- 11 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Use cases
 Use cases describe possible applications of
the SUD
 Included in UML (Unified Modeling Language)
 Example: Answering machine
 Neither a precisely specified model of the computations nor
a precisely specified model of the communication

- 12 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
(Message) Sequence charts
 Explicitly indicate exchange of information
 One dimension (usually vertical dimension) reflects time
 The other reflects distribution in space
Example:  Included in
UML
 Earlier
called
Message
Sequence
Charts, now
mostly
called
Sequence
Charts

- 13 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Example (2)
www.ist-more.org, deliverable 2.1

- 14 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
NAV RAD
MMI
DB
Communication
Use case 1: Change Audio Volume
< 200 ms
<
5
0
m
s
© Thiele, ETHZ

- 15 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Use case 1: Change Audio Volume
© Thiele, ETHZ
Communication
Resource
Demand

- 16 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
NAV RAD
MMI
DB
Communication
< 200 ms
Use case 2: Lookup Destination Address
© Thiele, ETHZ

- 17 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Use case 2: Lookup Destination Address
© Thiele, ETHZ

- 18 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
NAV RAD
MMI
DB
Communication
Use case 3: Receive TMC Messages
<
1000
m
s
© Thiele, ETHZ

- 19 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Use case 3: Receive TMC Messages
© Thiele, ETHZ

- 20 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
(Message) Sequence Charts (MSC)
No distinction between accidental overlap and synchronization

- 21 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Time/distance diagrams as a special case
©
www.opentrack.ch
Levi-TDD

- 22 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
UML: Timing diagrams
Can be
used to
show the
change of
the state
of an
object
over time.
Based on Scott Ambler,
Agile Modeling,
//www.agilemodeling.com,
2003
Mo Thu Mo
Professor
Recording
assistant
teaching
preparation
Other duty
Other duty
recording
editing
Thu
Approximately ..

- 23 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Life Sequence Charts* (LSCs)
* W. Damm, D. Harel: LSCs: Breathing Life into Message Sequence Charts, Formal Methods in System Design, 19, 45–80, 2001
Key problems observed with standard MSCs:
During the design process, MSC are initially interpreted as
“what could happen”
(existential interpretation, still allowing other behaviors).
Later, they are frequently assumed to describe
“what must happen”
(referring to what happens in the implementation).

- 24 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Extensions for LSCs (1)
Extension 1:
Introduction of pre-
charts:
Pre-charts describe
conditions that must
hold for the main
chart to apply.
Pre-chart
Example:
Prof Mic Cam Recorder
TA
confirms
test
press

- 25 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Extensions (2)
Extension 2: Mandatory vs. provisional behavior
Level Mandatory (solid lines) Provisional (dashed
lines)
Chart All runs of the system
satisfy the chart
At least one run of the
system satisfies the
chart
Location Instance must move
beyond location/time
Instance run need not
move beyond loc/time
Message If message is sent, it will
be received
Receipt of message is
not guaranteed
Condition Condition must be met;
otherwise abort
If condition is not met,
exit subchart

- 26 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
PROs:
 Appropriate for visualizing schedules,
 Proven method for representing schedules in transportation.
 Standard defined: ITU-TS Recommendation Z.120: Message
Sequence Chart (MSC), ITU-TS, Geneva, 1996.
 Semantics also defined: ITU-TS Recommendation Z.120:
Message Sequence Chart (MSC)—Annex B: Algebraic
Semantics of Message Sequence Charts, ITU-TS, Geneva.
CONS:
 describes just one case, no timing tolerances: "What does
an MSC specification mean: does it describe all behaviors of
a system, or does it describe a set of sample behaviors of a
system?” *
* H. Ben-Abdallah and S. Leue, “Timing constraints in message sequence chart specifications,” in Proc.
10th International Conference on Formal Description Techniques FORTE/PSTV’97, Chapman and Hall, 1997.
(Message) Sequence Charts

dortmund
informatik 12
Communicating finite state machines
Peter Marwedel
TU Dortmund
Informatik 12
2012 年 10 月 23 日
©
Springer,
2010

- 28 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
StateCharts: recap of classical automata
Classical automata:
 Moore-automata:
Y =  (Z); Z+
=  (X, Z)
 Mealy-automata
Y =  (X, Z); Z+
=  (X, Z)
Internal state Z
input X output Y
Next state Z+
computed by function 
Output computed by function 
Z0 Z1
Z2
Z3
e=1
e=1
e=1
e=1
0 1
2
3
clock
Moore- + Mealy
automata=finite state
machines (FSMs)

- 29 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Timed automata
 Timed automata = automata + models of time
 The variables model the logical clocks in the system, that are initialized
with zero when the system is started, and then increase synchronously
with the same rate.
 Clock constraints i.e. guards on edges are used to restrict the behavior
of the automaton.
A transition represented by an edge can be taken when the clocks
values satisfy the guard labeled on the edge.
 Additional invariants make sure, the transition is taken.
 Clocks may be reset to zero when a transition is taken
[Bengtsson and Yi, 2004].

- 30 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Example: Answering machine
May take place, but
does not have to
Ensures that transition
takes place

- 31 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Definitions
Let C: real-valued variables C representing clocks.
Let : finite alphabet of possible inputs.
Definition: A clock constraint is a conjunctive formula of
atomic constraints of the form
x ◦ n or x−y ◦ n for x, y ∈ C, ◦ {≤,<,=,>,≥} and
∈ n ∈N
Let B(C) be the set of clock constraints.
Definition: A timed automaton A is a tuple (S, s0,E, I) where
S is a finite set of states, s0 is the initial state,
E ⊆ S×B(C)×  ×2C
×S is the set of edges,
B(C): conjunctive condition, 2C
:variables to be reset
I : S→B(C) is the set of invariants for each of the states
B(C): invariant that must hold for state S

- 32 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Definitions (2)
Let C: real-valued variables C representing clocks.
Let : finite alphabet of possible inputs.
Definition: A clock constraint is a conjunctive formula of atomic constraints of the
form x ◦ n or x−y ◦ n for x, y ∈ C, ◦ {≤,<,=,>,≥} and
∈ n ∈N
Let B(C) be the set of clock constraints.
Definition: A timed automaton A is a tuple (S, s0,E, I) where S is a finite set of
states, s0 is the initial state,
E ⊆ S×B(C)×  ×2C
×S is the set of edges, B(C): conjunctive condition, 2C
:variables
to be reset
I : S→B(C) is the set of invariants for each of the states, B(C): invariant that must
hold for state S

- 33 -
dortmund
fakultät für
informatik
 P.Marwedel,
Informatik 12, 2012
Summary
 Motivation for non-von Neumann models
 Support for early design phases
• Text
• Use cases
• (Message) sequence charts
 Automata models
• Timed automata

System Programming Lec - 03.ppt

More Related Content

Similar to System Programming Lec - 03.ppt (20)

Recently uploaded (20)

System Programming Lec - 03.ppt