Leveraging Software Architectures to Guide and Verify the Development of Sense/Compute/Control Applications Damien Cassou 1,2 , Emilie Balland 1 , Charles Consel 1 , Julia Lawall 3 1 Phoenix, INRIA, France 2 Software Architecture Group, HPI, Germany 3 APL, DIKU, Denmark
Leveraging Software Architectures to Guide and Verify the Development of Sense/Compute/Control Applications
Jan 28, 2015
Slides of the presentation I gave at ICSE'11 in Hawaii. The paper is available on my website: http://damiencassou.seasidehosting.st/
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Leveraging Software Architecturesto Guide and Verify the Development of
Sense/Compute/Control Applications
Damien Cassou1,2, Emilie Balland1, Charles Consel1, Julia Lawall3
1Phoenix, INRIA, France2Software Architecture Group, HPI, Germany
3APL, DIKU, Denmark
2
Contributions
• A design language to specify a software system
• A compiler to process such specification for– the verification of safety properties– the guidance of the implementation– the conformance
Context: Sense/Compute/Co
ntrol software systems
3
Sense
Compute
Sense/Compute/Control (SCC)Software System
Environment
Control
4
GPS, flight plan
direction
aileron, engine
Sense
Compute
Control
Sense/Compute/Control (SCC)Software System
5
Environment
motion detection
intrusion?
alarm triggering
Sense
Compute
Control
Sense/Compute/Control (SCC)Software System
6
Found in various domains• avionics• home automation• tier-system monitoring• robotics• …
Environment
Sense/Compute/Control (SCC)Software Systems
[Taylor et al., Software Architecture: Foundations, Theory, and Practice, 2009]
contextoperators
sensorssources
actuatorsactions
Environment
The SCC Architectural Style
controloperators
raw data
refined information
orders
7[Edwards et al., Architecture-driven self-adaptation and self-management in robotics, SEAMS’09][Chen et al., Context aggregation and dissemination in ubiquitous computing, WMCSA’02]
8
The SCC Architectural Style
actuatorsactions
sensorssources
contextoperators
controloperators
Compute
Environment
raw data
refined information
orders
Sense
Control
9
actuatorsactions
sensorssources
contextoperators
controloperators
Environment
Application Logic
EnvironmentInterface
10
contextoperators
controloperators Information use
Information refinement
The SCC Architectural Style
11
Going Beyond the SCC Style
Objectives– to verify safety properties– to guide implementation– to ensure conformance
Our approach
– a design language– a compiler
DesignLanguage
abstract
concrete
Design
Design
Compiling a Design
12
Design
Design
Compiling a Design
Compiler Software systemgenerated
defeats guidance and verification
13
DesignLanguage
abstract
concrete
Design
Design
Compiling a Design
Compiler Software system
Compiler Software System
generated
mixes design and
implementation
generated
14
DesignLanguage
abstract
concrete
Compiling a Design
Design Compiler Software System
generated
Design Compiler Software systemgenerated
Design Compiler Software System
generated
15
DesignLanguage
abstract
concrete
Our Approach
Design Compiler
16
programmingframework
developer’s code GPL
Design language
GPL
Our Approach
Design Compiler
17
verification
Programmingframework
Developer’s code
Our Approach
Design Compiler Programmingframework
18
verification
Developer’s code
Our Approach
Design Compiler
19
verification
by
construction
Programmingframework
Developer’s code
20
Environment
motiondetection
intrusion?
alarmtriggering
Diving Into the Design Language
actuatorsactions
contextoperators
controloperators
sensorssources
21
controloperators
actuatorsactions
contextoperators
sensorssources
22
actuatorsactions
contextoperators
controloperators
sensorssources
actuators
sensors
controloperators
contextoperators
23
actuators
sensors
controloperators
contextoperators
Intrusion
Boolean
PresenceBuildingLocked
BooleanBoolean
context Intrusion as Boolean { context BuildingLocked; context Presence;}
design language dedicated to SCC
24
actuators
sensors
controloperators
contextoperators
Intrusion
Boolean
PresenceBuildingLocked
BooleanBoolean
Keypadkeycode
MotionSensormotion
Integer Boolean
25
actuators
sensors
controloperators
Intrusion
PresenceBuildingLocked
BooleanBoolean
Keypadkeycode
MotionSensormotion
Integer Boolean
IntrusionManager
AlarmOnOff
controller IntrusionManager { context Intrusion; action OnOff on Alarm;}
26
actuators
sensors
controloperators
contextoperators
SecurityManager
PresenceBuildingLocked
SceneImage
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
KeypadUpdateSt
Keypadkeycode
MotionSensormotion
Cameraimage
Boolean
BooleanBoolean
Integer Boolean File
File
27
actuators
controloperators
contextoperators
sensors
PresenceBuildingLocked
Intrusion
28Presence
BuildingLocked
Intrusion
PresenceBuildingLocked
Intrusion
multipleinterpretations
PresenceBuildingLocked
Intrusion
Interaction Description
request
event
eventrequest
event
request
request
request
event
1
1
2
2
2
2
1
3
3
PresenceBuildingLocked
Intrusion
29
too abstract!
Interaction Description
multipleinterpretations
PresenceBuildingLocked
Intrusion
PresenceBuildingLocked
Intrusion
PresenceBuildingLocked
Intrusionrequest
event
eventrequest
event
request
request
request
event
1
1
2
2
2
2
1
3
3
Main
Interaction Contracts
1 Activation condition
30
1request
Main
Interaction Contracts
3 Emission
2 Data requirement
1 Activation condition
ContextOperator3
2 request
Sensor
source
2request
3 event
1
event
ContextOperator2
31
Interaction Contracts
1 Activation condition
2 Data requirement
PresenceBuildingLocked
Intrusion
12
32
3 Emission3
context Intrusion as Boolean { context Presence; context BuildingLocked; interaction { when provided Presence get BuildingLocked maybe publish }}
123
33
Compiling a Design
Design Compiler Programmingframework
Developer’s code
Programming Framework
The compiler maps• each component description to an abstract class
implementing the run-time support
• each interaction contract to an abstract method constrained with type declarations
34
Programming Framework
35
1 Activation condition
2 Data requirement
3 Emission
Interaction contract Abstract method• name• parameters• return type
1
1 2 3
3
Design Compiler Programmingframework
36
Code Generation
abstract class AbstractIntrusionManager {
abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);
protected final class Actions { … } protected final class Select { … } protected final class SceneImage { … } }
generated framework
code
controller IntrusionManager { context Intrusion; context SceneImage; interaction { when provided Intrusion get SceneImage do OnOff on Alarm, Send on Mailer }}
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
37
Code Generation
generated framework
code
controller IntrusionManager { context Intrusion; context SceneImage; interaction { when provided Intrusion get SceneImage do OnOff on Alarm, Send on Mailer }}
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
abstract class AbstractIntrusionManager {
abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);
protected final class Actions { … } protected final class Select { … } protected final class SceneImage { … } }
38
Code Generation
generated framework
code
controller IntrusionManager { context Intrusion; context SceneImage; interaction { when provided Intrusion get SceneImage do OnOff on Alarm, Send on Mailer }}
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
abstract class AbstractIntrusionManager {
abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);
protected final class Actions { … } protected final class Select { … } protected final class SceneImage { … } }
39
Code Generation
generated framework
code
controller IntrusionManager { context Intrusion; context SceneImage; interaction { when provided Intrusion get SceneImage do OnOff on Alarm, Send on Mailer }}
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
abstract class AbstractIntrusionManager {
abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);
protected final class Actions { … } protected final class Select { … } protected final class SceneImage { … } }
40
Code Generation
generated framework
code
controller IntrusionManager { context Intrusion; context SceneImage; interaction { when provided Intrusion get SceneImage do OnOff on Alarm, Send on Mailer }}
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
abstract class AbstractIntrusionManager {
abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);
protected final class Actions { … } protected final class Select { … } protected final class SceneImage { … } }
41
Code Generation
generated framework
code
controller IntrusionManager { context Intrusion; context SceneImage; interaction { when provided Intrusion get SceneImage do OnOff on Alarm, Send on Mailer }}
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
abstract class AbstractIntrusionManager {
abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);
protected final class Actions { … } protected final class Select { … } protected final class SceneImage { … } }
42
abstract class AbstractIntrusionManager {
abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);
protected final class Actions { … } protected final class Select { … } protected final class SceneImage { … } }
Code Generation
generated framework
code
controller IntrusionManager { context Intrusion; context SceneImage; interaction { when provided Intrusion get SceneImage do OnOff on Alarm, Send on Mailer }}
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
43
abstract class AbstractIntrusionManager {
abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);
protected final class Actions { … } protected final class Select { … } protected final class SceneImage { … } }
Code Generation
generated framework
code
controller IntrusionManager { context Intrusion; context SceneImage; interaction { when provided Intrusion get SceneImage do OnOff on Alarm, Send on Mailer }}
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
44
abstract class AbstractIntrusionManager {
abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);
protected final class Actions { … } protected final class Select { … } protected final class SceneImage { … } }
Code Generation
generated framework
code
controller IntrusionManager { context Intrusion; context SceneImage; interaction { when provided Intrusion get SceneImage do OnOff on Alarm, Send on Mailer }}
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
45
abstract class AbstractIntrusionManager {
abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);
protected final class Actions { … } protected final class Select { … } protected final class SceneImage { … } }
Code Generation
generated framework
code
controller IntrusionManager { context Intrusion; context SceneImage; interaction { when provided Intrusion get SceneImage do OnOff on Alarm, Send on Mailer }}
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
46
abstract class AbstractIntrusionManager {
abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);
protected final class Actions { … } protected final class Select { … } protected final class SceneImage { … } }
Code Generation
generated framework
code
controller IntrusionManager { context Intrusion; context SceneImage; interaction { when provided Intrusion get SceneImage do OnOff on Alarm, Send on Mailer }}
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
47
Implementationabstract class AbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);}
generated framework code
class IntrusionManager extends AbstractIntrusionManager { Actions onIntrusion(boolean intrusion, SceneImage sceneImage, Select select) {
if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; }}
developer code
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
48
Implementationabstract class AbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);}
generated framework code
class IntrusionManager extends AbstractIntrusionManager { Actions onIntrusion(boolean intrusion, SceneImage sceneImage, Select select) {
if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; }}
developer code
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
49
Implementationabstract class AbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);}
generated framework code
class IntrusionManager extends AbstractIntrusionManager { Actions onIntrusion(boolean intrusion, SceneImage sceneImage, Select select) {
if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; }}
developer code
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
50
Implementationabstract class AbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);}
generated framework code
class IntrusionManager extends AbstractIntrusionManager { Actions onIntrusion(boolean intrusion, SceneImage sceneImage, Select select) {
if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; }}
developer code
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
51
Implementationabstract class AbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);}
generated framework code
class IntrusionManager extends AbstractIntrusionManager { Actions onIntrusion(boolean intrusion, SceneImage sceneImage, Select select) {
if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; }}
developer code
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
52
Implementationabstract class AbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);}
generated framework code
class IntrusionManager extends AbstractIntrusionManager { Actions onIntrusion(boolean intrusion, SceneImage sceneImage, Select select) {
if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; }}
developer code
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
53
Implementationabstract class AbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);}
generated framework code
class IntrusionManager extends AbstractIntrusionManager { Actions onIntrusion(boolean intrusion, SceneImage sceneImage, Select select) {
if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; }}
developer code
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
54
Implementationabstract class AbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);}
generated framework code
class IntrusionManager extends AbstractIntrusionManager { Actions onIntrusion(boolean intrusion, SceneImage sceneImage, Select select) {
if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; }}
developer code
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
55
Implementationabstract class AbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImage sceneImage, Select select);}
generated framework code
class IntrusionManager extends AbstractIntrusionManager { Actions onIntrusion(boolean intrusion, SceneImage sceneImage, Select select) {
if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; }}
developer code
Intrusion
IntrusionManager
AlarmOnOff
MailerSend
SceneImage
Boolean File
56
Implementation
class IntrusionManager extends AbstractIntrusionManager { Actions onIntrusion(boolean intrusion, SceneImage sceneImage, Select select) {
if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; }}
developer code
• do not require any documentation• leverage code completion
57
Summary
• A design language dedicated to specifying SCC software systems
• A compiler to process such specification for– the guidance of the implementation– the conformance
Status Report• Implementation using standard language tools
– Java, ANTLR, StringTemplate
• Safety property verification– generation of Promela specifications– e.g., interaction invariants
• Several application domains– avionics: simulated auto-pilot and AR drone– building automation: light, fire, security, newscast, etc.– misc.: web-server monitoring, home messenger, etc.
• Ongoing empirical evaluation with both students and professional software engineers
http://diasuite.inria.frDamien Cassou, Emilie Balland, Charles Consel, Julia Lawall
59
60
Facilitating Evolution
• eases developer’s work by– showing mismatches– leveraging development tools
• ensures conformance
61
Productivity
82%
10%
8%
FrameworkImplementationSpecification
➡ 76% actually executed
62
Code Generation< MotionSensor.motion; MotionSensor.motion; self > ⇑ ⇓ ⇑
abstract class AbstractPresence {
abstract boolean onMotionFromMotionSensor( boolean motion, Select select);
}
1 2 3Presence
MotionSensor
motion
1 2
3
boolean
boolean
generated framework
code
1
1
23
63
MotionSensor
motion
ImplementationPresence
1 2
3
boolean
boolean
class Presence extends AbstractPresence { boolean onMotionFromMotionSensor(boolean motion, Select select) { if (motion) return true; MotionSensors sensors = select.motionSensors().all(); for (MotionSensor sensor : sensors) if (sensor.getMotion()) return true; return false; }}
developer code
abstract class AbstractPresence { abstract boolean onNewMotionFromMotionSensor( boolean motion, Select select);} generated
framework code
64
A Research Vehicle
This work is part of a larger research project with– 7 PhDs leveraging the frameworks
• QoS (FASE’11)• security (ICPS’09, DAIS’11)• error-handling (OOPSLA’10)• virtual testing (Mobiquitous’10 and ‘09)• SIP (ICC’10, ICIN’09, IPTComm’08)• end-user programming (DSLWC’09)
65
Limitations
• Applies only to new projects
• Applies only to Sense/Compute/Control
• Requires architects to learn a new language
• Imposes small run-time overhead
Related Documents
