• Home

  • Documents

  • Rich Interface Theories for Component-based Design Dirk Beyer ┼, Arindam Chakrabarti *, Luca de...
1
Rich Interface Theories for Component- based Design Dirk Beyer , Arindam Chakrabarti *, Luca de Alfaro **, Thomas A Henzinger * , Marcin Jurdziński *, Freddy Mang ***, Mariëlle Stoelinga ** EPFL Lausanne *UC Berkeley **UC Santa Cruz ***Synopsys November 18, 2004 Method availability constraints msg? send ! send ! nack ? nack ? fail ! ok! ack? ack nack send msg fail ok ack? msg! ok? msg ok fail Download Chic 1.1 today !! http://www.eecs.berkeley.edu/~tah/C Chic 1.1 is available as a plug-in for Ptolemy* and JBuilder (* Thanks to Eleftherios Matsikoudis) Composing is a game A winning environment strategy exists if the system is usable in some context. The winning strategy gives the behavior required of the context: Do not provide inputs a,b after outputs x, y respectively. x y a a b b 2 3 1 a? x,y? 1 a,b? 5 3 2 8 7 a? b? 2 7 8 a? b? a? x! y! Node limit = 8 a b interface Abstract data, Local Methods, External Methods, Call assumptions, Abstract local method bodies, Availability constraints Data, method implementations module Methods implemented in this module Methods implemented by the environment Local methods not called transitively Interface states in which a local method is available Software Module Interfaces Resource consumption constraints + a! b? 4 6 + Node limit = 9 4 + 6 = 10 > 9 3 -6 8 5 8 2 1 1 Path limit = 20 5+3=8 8+8+1=17 17+2-6=13 13+1+8=22 22>20 (Path limit) Resource Interfaces and Applications Two Synthesis Questions for each class of Resource Interfaces: Strategy Synthesis (e.g. resource scheduler, sensornet routing algorithm): Given a resource bound, how can player Input achieve her objective ? Resource Synthesis (e.g. necessary buffer size, battery capacity): What is the minimum resource requirement so that player Input can achieve her objective ? Game algorithms implemented in Chic can answer both. Two classes of resource interfaces Node Limit Resource Interfaces (e.g. mutex, limited buffer size, limited peak power): Player Input must forever avoid states that exceed the Node Limit. Path Limit Resource Interfaces (e.g. limited battery capacity): Player Input must forever avoid paths that exceed the Path Limit. Motor driver in lego robot 0 stop slow fast 1 2 fast? slow? stop? slow? fast? stop? stop? slow? fast? -10 99 5 9 -9 15 19 59 A B C D E F G H Value = -9 Resource Synthesis for a Path Limit Game GUI void GUI.paint(G g) not call { GUI.paint } { … } paint calls BUTTON paint void BUTTON.paint(G g) not call { GUI.paint } { … } Call graph constraints Composing is a game msg send ! send ! nack ? nack ? fail ! ok ack? ack nack send ack? Winning environment strategy exists if the system is usable in some context. The winning strategy gives the behavior required of the context: Do not give two nack’s in a row. RadioByte Bug char TOS_COMMAND(RADIO_BYTE_PWR)(char mode){ if(mode == 0){ TOS_CALL_COMMAND(RADIO_SUB_PWR)(0); VAR(state) = 0xff; }else{ TOS_CALL_COMMAND(RADIO_SUB_RX_MODE)(); TOS_CALL_COMMAND(RADIO_SUB_SET_BIT_RATE)(0); VAR(state) = 0; } return 1; } Forgotten call to RADIO_SUB_PWR(1) !! RFM Radio byte Radio Packet UART Serial Packet ADC Temp photo Active Messages clocks bit byte packet Route map router sensor appln application HW SW Culler et al, ASPLOS 2000 Example: TinyOS Warehouse Transport Service Retail Store Payment Service Customer Vendor Vendor Vendor Vendor Warehouse Warehouse Warehouse Vendor Vendor Vendor Customer Customer Customer Customer Web Service Interfaces and Applications We assume hardware and software platforms never fail, and focus only on problems resulting from service interaction protocol errors. The services are designed and implemented separately, possibly by different companies. However, a system using a set of services has correctness requirements global to the set. E.g. In a web store, Customer must be charged if and only if item is shipped. Any reserved item is eventually released or requested. Specifications can be written in a temporal logic: ((Payment,FAILURE) (ShipItem,*)) ( (Payment,SUCCESS)) (ShipItem,SUCCESS)) Our system checks whether a set of services together satisfies a set of correctness requirements.

Rich Interface Theories for Component-based Design Dirk Beyer ┼, Arindam Chakrabarti *, Luca de Alfaro **, Thomas A Henzinger * ┼, Marcin Jurdziński *,

  • View
    213

  • Download
    0

Tags:

Embed Size (px)

Citation preview

Page 1: Rich Interface Theories for Component-based Design Dirk Beyer ┼, Arindam Chakrabarti *, Luca de Alfaro **, Thomas A Henzinger * ┼, Marcin Jurdziński *,

Rich Interface Theories for Component-based DesignDirk Beyer┼, Arindam Chakrabarti *, Luca de Alfaro **, Thomas A Henzinger *┼, Marcin Jurdziński *,

Freddy Mang ***, Mariëlle Stoelinga ** ┼EPFL Lausanne *UC Berkeley **UC Santa Cruz ***Synopsys

November 18, 2004

Method availability constraints

msg?

send!

send!

nack?

nack?

fail!

ok! ack?

ack nacksend

msg failok

ack?

msg!

ok?

msg ok fail

Download Chic 1.1 today !! http://www.eecs.berkeley.edu/~tah/Chic/

Chic 1.1 is available as a plug-in for Ptolemy* and JBuilder (* Thanks to Eleftherios Matsikoudis)

Composing is a game

A winning environment strategy exists if the system is usable in some context. The winning strategy gives the behavior required of thecontext: Do not provide inputs a,b after outputs x, y respectively.

x

y

a ab b

2

3

1

a?

x,y?

1a,b?

5

3

2

8 7a? b?

2

7 8a? b?

a?

x! y!

Node limit = 8

a b

interface

Abstract data,Local Methods,

External Methods,Call assumptions,

Abstract local methodbodies,

Availability constraints

Data, methodimplementations

module

Methods implemented in this moduleMethods implemented by the

environmentLocal methods not called

transitively

Interface states in which a local method is available

Software Module Interfaces

Resource consumption constraints

+

a! b?

4 6+

Node limit = 9

4 + 6 = 10 > 9

3

-6

8

5

8

2

1

1

Path limit = 20

5+3=8

8+8+1=17

17+2-6=13

13+1+8=2222>20 (Path limit)

Resource Interfaces and Applications

Two Synthesis Questions for each class of Resource Interfaces:

Strategy Synthesis (e.g. resource scheduler, sensornet routing algorithm): Given a resource bound, how can player Input achieve her objective ?

Resource Synthesis (e.g. necessary buffer size, battery capacity): What is the minimum resource requirement so that player Input can achieve her objective ?

Game algorithms implemented in Chic can answer both.

Two classes of resource interfaces

Node Limit Resource Interfaces (e.g. mutex, limited buffer size, limited peak power): Player Input must forever avoid states that exceed the Node Limit.

Path Limit Resource Interfaces (e.g. limited battery capacity): Player Input must forever avoid paths that exceed the Path Limit.

Motor driver in lego robot

0

stop slow fast

1 2

fast?

slow?stop?

slow?

fast?

stop?

stop? slow?

fast?

-10

99

5

9 -9

15 19

59

A

B

C

D

E F

G H

Value = -9

Resource Synthesis for a Path Limit Game

GUI

void GUI.paint(G g) not call { GUI.paint } { … }

paint

calls

BUTTONpaint

void BUTTON.paint(G g) not call { GUI.paint } { … }

Call graph constraints

Composing is a game

msg send!

send!

nack?

nack?

fail!

ok ack?

ack nacksend

ack?

Winning environment strategy exists if the system is usable in some context. The winning strategy gives the behavior required of thecontext: Do not give two nack’s in a row.

RadioByte Bugchar TOS_COMMAND(RADIO_BYTE_PWR)(char mode){ if(mode == 0){ TOS_CALL_COMMAND(RADIO_SUB_PWR)(0); VAR(state) = 0xff; }else{ TOS_CALL_COMMAND(RADIO_SUB_RX_MODE)(); TOS_CALL_COMMAND(RADIO_SUB_SET_BIT_RATE)(0); VAR(state) = 0; } return 1;}

Forgotten call to RADIO_SUB_PWR(1) !!RFM

Radio byte

Radio Packet

UART

Serial Packet

ADC

Temp photo

Active Messages

clocks

bit

by

tep

ac

ke

t

Route map router sensor appln

ap

pli

ca

tio

n

HW

SW

Culler et al, ASPLOS 2000

Example: TinyOS

Warehouse

TransportService

RetailStore

PaymentService

Customer

Vendor

Vendor

Vendor

Vendor

Warehouse

Warehouse

Warehouse

Vendor

Vendor

Vendor

Customer

Customer

Customer

Customer

Web Service Interfaces and Applications

We assume hardware and software platforms never fail, and focus only on problems resulting from service interaction protocol errors. The services are designed and implemented separately, possibly by different companies. However, a system using a set of services has correctness requirements global to the set. E.g. In a web store, Customer must be charged if and only if item is shipped. Any reserved item is eventually released or requested. Specifications can be written in a temporal logic: ((Payment,FAILURE) (ShipItem,*))( (Payment,SUCCESS)) (ShipItem,SUCCESS))Our system checks whether a set of services together satisfies a set of correctness requirements.

Rupa Chakrabarti - econstor.eu

Rupa Chakrabarti - econstor.eu

Documents
Chakrabarti 2000, Puranas and Bengal

Chakrabarti 2000, Puranas and Bengal

Documents
Tin3 arindam

Tin3 arindam

Documents
A Framework for Compositional Design and Analysis of Systems · 2007-12-20 · A Framework for Compositional Design and Analysis of Systems by Arindam Chakrabarti B. Tech. (Indian

A Framework for Compositional Design and Analysis of Systems · 2007-12-20 · A Framework for Compositional Design and Analysis of Systems by Arindam Chakrabarti B. Tech. (Indian

Documents
UJAAN 2ND NATIONAL DIGITAL SALONujaanclub.in/files/Result_2020.pdf · arindam das india annokut open monochrome arindam das india basket making in village life open colour arindam

UJAAN 2ND NATIONAL DIGITAL SALONujaanclub.in/files/Result_2020.pdf · arindam das india annokut open monochrome arindam das india basket making in village life open colour arindam

Documents
Jaya Chakrabarti - Pesuasive Digital Experiences

Jaya Chakrabarti - Pesuasive Digital Experiences

Art & Photos
Quantitative Verification Arindam Chakrabarti * Krishnendu Chatterjee * Thomas A. Henzinger * Orna Kupferman ** Rupak Majumdar *** * UC Berkeley ** Hebrew

Quantitative Verification Arindam Chakrabarti * Krishnendu Chatterjee * Thomas A. Henzinger * Orna Kupferman ** Rupak Majumdar *** * UC Berkeley ** Hebrew

Documents
Arindam Project

Arindam Project

Documents
Arindam batabyal literature reviewpresentation

Arindam batabyal literature reviewpresentation

Design
Chakrabarti upcea 2011_rev_2_ (2)

Chakrabarti upcea 2011_rev_2_ (2)

Technology
From Graph Models to Game Models Tom Henzinger EPFL

From Graph Models to Game Models Tom Henzinger EPFL

Documents
Basic Electrical Engineering by Chakrabarti

Basic Electrical Engineering by Chakrabarti

Documents
CV Arindam Chowdhury March 2020ether.chem.iitb.ac.in/~arindam/pdf/CV_Arindam_Chowdhury...Arindam Chowdhury, PhD Indian Institute of Technology Bombay, 2020 1 Curriculum Vitae Personal

CV Arindam Chowdhury March 2020ether.chem.iitb.ac.in/~arindam/pdf/CV_Arindam_Chowdhury...Arindam Chowdhury, PhD Indian Institute of Technology Bombay, 2020 1 Curriculum Vitae Personal

Documents
Enterprenuer By Arindam Talukdar

Enterprenuer By Arindam Talukdar

Business
Azure deployment techniques By Arindam

Azure deployment techniques By Arindam

Technology
APA Newsletters...Bimal Krishna Matilal and Arindam Chakrabarti, Eds.: Knowing from Words: Western and Indian Philosophical Analysis of Understanding and Testimony. Vol. 230, Synthese

APA Newsletters...Bimal Krishna Matilal and Arindam Chakrabarti, Eds.: Knowing from Words: Western and Indian Philosophical Analysis of Understanding and Testimony. Vol. 230, Synthese

Documents
Knowledge Extraction from the Web Monika Henzinger Steve Lawrence

Knowledge Extraction from the Web Monika Henzinger Steve Lawrence

Documents
Chakrabarti Palki - Jini Network Technology

Chakrabarti Palki - Jini Network Technology

Documents
Chakrabarti Group

Chakrabarti Group

Documents
EECS 20 Lecture 14 (February 16, 2001) Tom Henzinger

EECS 20 Lecture 14 (February 16, 2001) Tom Henzinger

Documents
CURRICULUM VITAE: Arindam Chakrabarti 2019...“Arguing from Synthesis to the Self: Utpala and Abhinavagupta Respond to Buddhist No-Selfism”, in Self Versus No-Self, Jonardon Ganeri

CURRICULUM VITAE: Arindam Chakrabarti 2019...“Arguing from Synthesis to the Self: Utpala and Abhinavagupta Respond to Buddhist No-Selfism”, in Self Versus No-Self, Jonardon Ganeri

Documents
Telecom Analytics – by Arindam Guptaray

Telecom Analytics – by Arindam Guptaray

Documents
Chakrabarti 1993 Reactive-Polymers

Chakrabarti 1993 Reactive-Polymers

Documents
Commonwealth Secretariat - Arindam Roy

Commonwealth Secretariat - Arindam Roy

Documents
Communication Protocol - Arindam Samanta

Communication Protocol - Arindam Samanta

Technology
Vishaan chakrabarti

Vishaan chakrabarti

Documents
From Boolean to Quantitative System Specifications Tom Henzinger EPFL

From Boolean to Quantitative System Specifications Tom Henzinger EPFL

Documents
Model Checking Lecture 2 Tom Henzinger

Model Checking Lecture 2 Tom Henzinger

Documents
PETER STRAWSON Gillman and Soame, Oxford · Strawson famously gained a second in finals, the reason being that by 222 Paul Snowdon 1 P. F. Strawson and Arindam Chakrabarti (eds.),Universals,

PETER STRAWSON Gillman and Soame, Oxford · Strawson famously gained a second in finals, the reason being that by 222 Paul Snowdon 1 P. F. Strawson and Arindam Chakrabarti (eds.),Universals,

Documents
ARPE Chakrabarti Publication

ARPE Chakrabarti Publication

Documents