Scoop eiffel concurrency
Download
1 / 138

SCOOP – Eiffel Concurrency - PowerPoint PPT Presentation


  • 120 Views
  • Uploaded on

SCOOP – Eiffel Concurrency. Slides adapted from Bertrand Meyer, ETH. Lecture 21: Concurrency and real-time systems. Overview. Goal Basics of the SCOOP model Architecture and implementation of SCOOP Examples Basics of the real-time systems Timing and real-time extensions

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' SCOOP – Eiffel Concurrency' - egan


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Scoop eiffel concurrency

SCOOP – Eiffel Concurrency

Slides adapted from Bertrand Meyer, ETH

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM0


Lecture 21 concurrency and real time systems

Lecture 21: Concurrency and real-time systems

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM1


Overview
Overview

  • Goal

  • Basics of the SCOOP model

  • Architecture and implementation of SCOOP

  • Examples

  • Basics of the real-time systems

  • Timing and real-time extensions

  • Conclusion and future work

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM2


Goal

Extend a pure, strongly typed, object-oriented language (Eiffel, …) with

  • a simple, general and powerful concurrency and distribution model ( SCOOP)

  • and extend SCOOP to support real-time programming

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM3


The scoop model
The SCOOP model

  • Simple Concurrent Object-Oriented Programming

  • High-level concurrency mechanism

  • Full use of inheritance and other object-oriented techniques

  • Applicable to many physical setups: multiprocessing, multithreading, distributed execution, etc.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM4


Object oriented computation
Object-oriented computation

To perform a computation is

  • to use certain processors

  • to apply certain actions

  • to certain objects.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM5


What makes an application concurrent
What makes an application concurrent?

Processor:autonomous thread of control supporting sequential execution of instructions on one or more objects

Can be implemented as:

  • Computer CPU

  • Process

  • Thread

  • AppDomain (.NET) …

    Mapping of processors to computational resources

    through Concurrency Control File (CCF)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM6


Feature call synchronous call
Feature call (synchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:CLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM7


Feature call synchronous call1
Feature call (synchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:CLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM8


Feature call synchronous call2
Feature call (synchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:CLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM9


Feature call synchronous call3
Feature call (synchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:CLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM10


Feature call synchronous call4
Feature call (synchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:CLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM11


Separate feature call asynchronous call
Separate feature call (asynchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:separateCLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM12


Feature call synchronous call5
Feature call (synchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:CLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM13


Separate feature call asynchronous call1
Separate feature call (asynchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:separateCLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM14


Access control policy
Access control policy

  • Target of a separate call must be formal argument of enclosing routine:

    store (b:separate BUFFER [G]; value: G)is

    -- Store value into b.

    do

    b.put (value)

    end

  • To obtain exclusive access to a separate object, use it as argument of call:

    my_buffer:separate BUFFER [INTEGER]

    createmy_buffer

    store (my_buffer, 10)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM15


From preconditions to wait conditions
From preconditions to wait-conditions

Contracts in Eiffel

store (b: BUFFER [G]; value: G)is

-- Store value into b.

require

not b.is_full

value /= Void

do

b.put (value)

ensure

not b.is_empty

end

...

store (my_buffer, 10)

  • If b is separate, precondition becomes wait condition (instead of correctness condition)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM16


From preconditions to wait conditions1
From preconditions to wait-conditions

Contracts in Eiffel

store (b:separate BUFFER [G]; value: G)is

-- Store value into b.

require

not b.is_full

value /= Void

do

b.put (value)

ensure

not b.is_empty

end

...

store (my_buffer, 10)

  • If b is separate, precondition becomes wait condition (instead of correctness condition)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM17


Synchronization
Synchronization

  • No special mechanism needed for client to resynchronize with supplier after separate call.

  • The client will wait only when it needs to:

    x.f

    x.g (a)

    y.f

    value := x.some_query

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM18


Synchronization1
Synchronization

  • No special mechanism needed for client to resynchronize with supplier after separate call.

  • The client will wait only when it needs to:

    x.f

    x.g (a)

    y.f

    value := x.some_query

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM19


Synchronization2
Synchronization

  • No special mechanism needed for client to resynchronize with supplier after separate call.

  • The client will wait only when it needs to:

    x.f

    x.g (a)

    y.f

    value := x.some_query

    if value > 10then…end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM20


Synchronization3
Synchronization

  • No special mechanism needed for client to resynchronize with supplier after separate call.

  • The client will wait only when it needs to:

    x.f

    x.g (a)

    y.f

    value := x.some_query

    if value > 10then…end

  • This mechanism is called wait by necessity.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM21


Ccf mapping of processors to physical resources
CCF – Mapping of processors to physical resources

  • Location of processors need not be specified at compile time

  • On the fly specification with Concurrency Control File (CCF)

    creation

    system

    "goethe" (4): "c:\prog\appl1\appl1.exe"

    "beethoven" (2): "c:\prog\appl2\appl2.dll"

    "Current" (5): "c:\prog\appl3\appl3.dll"

    end

    external

    Database_handler: "daimler_benz" port 9000

    ATM_handler: "duerer" port 8001

    end

    default

    port: 8001; instance: 10

    end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM22


Ccf mapping of processors to physical resources1
CCF – Mapping of processors to physical resources

  • Location of processors need not be specified at compile time

  • On the fly specification with Concurrency Control File (CCF)

    creation

    system

    "Current": "c:\prog\appl1\appl1.exe"

    end

    end

    end

    external

    Database_handler: "daimler_benz" port 9000

    ATM_handler: "duerer" port 8001

    end

    default

    port: 8001; instance: 10

    end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM23


Two level architecture of scoop

SCOOP

platform-independent

.NET

Compact

Framework

.NET

POSIXThreads

Two-level architecture of SCOOP

  • SCOOP can be implemented in several environments

  • Microsoft .NET is our current platform

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM24


Implementation
Implementation

  • SCOOPLI for .NET and others

    • Library implementation of SCOOP in its original version

    • Uses Remoting and Threading capabilities of .NET

    • Uses Threading capabilities of the .NET CF on the RTOS Windows CE .NET (and/or other RTOS: VxWorks, etc.)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM25


Example bounded buffers
Example: Bounded buffers

separate class BOUNDED_BUFFER [G]

inherit

BOUNDED_QUEUE[G]

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM26


Example bounded buffers1
Example: Bounded buffers

indexing

description: "Encapsulation of access to bounded buffers"

class BUFFER_ACCESS [G]

feature

put (q: BOUNDED_BUFFER [G]; x: G)is

-- Insert x into q, waiting if necessary until there is room.

require

not q.full

do

q.put (x)

ensure

not q.empty

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM27


Example bounded buffers2
Example: Bounded buffers

remove (q: BOUNDED_BUFFER [G])is

-- Remove an element from q, waiting if necessary

-- until there is such an element

require

not q.empty

do

q.remove

ensure

not q.full

end

item (q: BOUNDED_BUFFER [G]): G is

-- Oldest element not yet consumed

require

not q.empty

do

Result := q.remove

end

end -- classBUFFER_ACCESS [G]

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM28


Example bounded buffers3
Example: Bounded buffers

Usage of bounded buffers

my_buffer_access: BUFFER_ACCESS [INTEGER]

my_bounded_buffer: BOUNDED_BUFFER [INTEGER]

createmy_buffer_access

createmy_bounded_buffer

my_buffer_access.put (my_bounded_buffer, 25)

my_buffer_access.put (my_bounded_buffer, 50)

my_result := my_buffer_acces.item (my_bounded_buffer)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM29


Example dining philosophers
Example: Dining philosophers

separate class PHILOSOPHER

inherit

GENERAL_PHILOSOPHER

PROCESS

rename

setup as getup

undefine

getup

end

feature {BUTLER}

step is

-- Perform a philosopher’s tasks.

do

think

eat (left, right)

end

eat (l, r: separate FORK) is

-- Eat, having grabbed l and r.

do

end

end -- class PHILOSOPHER

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM30


Class process
Class PROCESS

indexing

description: "The most general notion of process"

deferred classPROCESS

feature -- Status report

over: BOOLEANis

-- Must execution terminate now?

deferred end

feature -- Basic operations

setupis

-- Prepare to execute process operations (default: nothing).

do end

stepis

-- Execute basic process operations.

deferred end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM31


Class process cont
Class PROCESS (cont.)

wrapupis

-- Execute termination operations (default: nothing).

do end

feature -- Process behavior

liveis

-- Perform process lifecycle.

do

fromsetupuntiloverloop

step

end

wrapup

end

end -- classPROCESS

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM32


Class general philosopher
Class GENERAL_PHILOSOPHER

class

GENERAL_PHILOSOPHER

create

make

feature-- Initialization

make (l, r:separate FORK)is

-- Define l as left and r as right forks.

do

left := l

right := r

end

feature{NONE}-- Implementation

left:separate FORK

right:separate FORK

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM33


Class general philosopher cont
Class GENERAL_PHILOSOPHER (cont.)

getup is

-- Take any necessary initialization action.

do

end

think is

-- Any appropriate action or lack thereof

do

end

end -- class GENERAL_PHILOSOPHER

class

FORK

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM34


Class butler
Class BUTLER

class

BUTLER

create

make

feature

count: INTEGER

-- The number of both philosophers and forks

launch is

-- Start a full session.

local

i: INTEGER

do

from

i := 1

until

i > count

loop

launch_one (participants @ i)

i := i + 1

end

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM35


Class butler cont
Class BUTLER (cont.)

feature --{NONE}

launch_one (p: PHILOSOPHER)is

-- Let one philosopher start his actual life.

do

p.live

end

participants: ARRAY [PHILOSOPHER]

cutlery: ARRAY [FORK]

feature{NONE}-- Initialization

make (n: INTEGER)is

-- Initialize a session with n philosophers.

require

n >= 0

do

count := n

create participants.make (1, count)

create cutlery.make (1, count)

make_philosophers

launch

ensure

count = n

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM36


Class butler cont1
Class BUTLER (cont.)

make_philosophers is

-- Set up philosophers.

local

i: INTEGER

p: PHILOSOPHER

left, right:separate FORK

do

from

i := 1

until

i > count

loop

left := cutlery @ i

right := cutlery @((i \\ count) + 1)

create p.make (left, right)

participants.put (p, i)

i := i + 1

end

end

invariant

count >= 0

participants.count = count

cutlery.count = count

end-- class BUTLER

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM37


Definition real time system
Definition: Real-time system

Real-time system (Young, 1982):

Any information processing activity or system which has to respond to externally generated input stimuli within a finite and specified period.

  • The correctness of a real-time system depends not only on the logical result of the computation, but also on the timeat which the results are produced ...

     a correct but a late response is as bad as awrong response ...

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM38


Hard and soft real time systems
Hard and soft real-time systems

  • Hard real-time

    Systems where it is absolutely imperative that responses occur within the required deadline. E.g. flight control systems, …

  • Soft real-time

    Systems where deadlines are important but which will still function correctly if deadlines are occasionally missed.E.g. data acquisition system, …

    A single real-time system may have both hard and soft real-time subsystems

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM39


Definition embedded system
Definition: Embedded system

Embedded system:

The computer is an information processing component within (embedded in) a larger engineering system.

(e.g. washing machine, process control computer, ABS ― Anti Blocking System in vehicles, ...)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM40


Characteristics of real time systems
Characteristics of real-time systems

  • Large and complex

    (up to 20 million lines of code estimated for the Space Station Freedom)

  • Concurrent control of separate system components

  • Facilities to interact with special purpose hardware

  • Extreme reliable and safe

  • Guaranteed response times

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM41


Components of a real time system
Components of a real-time system

  • Hardware (CPU, sensors, ADC, DAC, …)

  • Real-time OS (e.g VxWorks, QNX, Windows CE .NET, …)

  • Real-time application and real-time runtime system (e.g. Ada, Real-Time Java, C with Real-Time Posix and hopefully soon Real-Time SCOOP )

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM42


A simple embedded and real time example
A simple embedded and real-time example

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM43


A simple embedded and real time example1
A simple embedded and real-time example

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM44


Real time facilities
Real-Time Facilities

  • Notion of time

  • Clocks

  • Delays

  • Timeouts

  • Temporal scopes

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM45


Notion of time
Notion of time

  • Linearity:

  • Transitivity:

  • Irreflexibility:

  • Density:

 The passage of time is equated with a real line.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM46


Access to a clock
Access to a Clock

  • Direct access to the environment's time frame(e.g. transmitters for UTC = Universal Time Coordinated, UTC service of GPS)

  • Using an internal hardware clock that gives an adequate approximation to the passage of time in the environment

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM47


Clocks in real time java
Clocks in Real-Time Java

  • java.lang.System.currentTimeMillis returns the number of milliseconds since 1/1/1970 GMT and is used by java.util.Date

  • Real-time Java adds real-time clocks with high resolution time types

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM48


Rt java time types 1
RT Java Time Types (1)

public abstract class HighResolutionTime implements

java.lang.Comparable

{

public abstract AbsoluteTime absolute(Clock clock,

AbsoluteTime destination);

...

public boolean equals(HighResolutionTime time);

public final long getMilliseconds();

public final int getNanoseconds();

public void set(HighResolutionTime time);

public void set(long millis);

public void set(long millis, int nanos);

}

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM49


Rt java time types 2
RT Java Time Types (2)

public class AbsoluteTime extends HighResolutionTime

{

// various constructor methods including

public AbsoluteTime(AbsoluteTime T);

public AbsoluteTime(long millis, int nanos);

public AbsoluteTime absolute(Clock clock, AbsoluteTime dest);

public AbsoluteTime add(long millis, int nanos);

public final AbsoluteTime add(RelativeTime time);

...

public final RelativeTime subtract(AbsoluteTime time);

public final AbsoluteTime subtract(RelativeTime time);

}

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM50


Rt java time types 3
RT Java Time Types (3)

public class RelativeTime extends HighResolutionTime

{

// various constructor methods including

public RelativeTime(long millis, int nanos);

public RelativeTime(RelativeTime time);

public AbsoluteTime absolute(Clock clock,

AbsoluteTime destination);

public RelativeTime add(long millis, int nanos);

public final RelativeTime add(RelativeTime time);

public void addInterarrivalTo(AbsoluteTime destination);

public final RelativeTime subtract(RelativeTime time);

...

}

public class RationalTime extends RelativeTime

{ . . .}

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM51


Rt java clock class
RT Java: Clock Class

public abstract class Clock

{

public Clock();

public static Clock getRealtimeClock();

public abstract RelativeTime getResolution();

public AbsoluteTime getTime();

public abstract void getTime(AbsoluteTime time);

public abstract void setResolution(RelativeTime resolution);

}

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM52


Rt java measuring time
RT Java: Measuring Time

{

AbsoluteTime oldTime, newTime;

RelativeTime interval;

Clock clock = Clock.getRealtimeClock();

oldTime = clock.getTime();

// other computations

newTime = clock.getTime();

interval = newTime.subtract(oldTime);

}

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM53


Delaying a process thread
Delaying a Process (Thread)

  • The execution of a process (thread) must be sometimes delayed either for a relative period of time or until some time in the future

  • Relative delays

    Start := Clock; -- from calendar

    loop

    exit when (Clock - Start) > 10.0;

    end loop;

  • Busy-waits are not efficient, therefore most languages and operating systems provide some form of delay primitive

  • In Ada, this is a delay statement

    delay 10.0;

  • In POSIX: sleep and nanosleep

  • Java: sleep; RT Java provides a high resolution sleep

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM54


Delays
Delays

Granularity difference between clock and delay

Time specified by program

Process executing

Process runnable here but not executable

Interrupts disabled

Time

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM55


Absolute delays
Absolute Delays

  • In Ada

    Start := Clock;

    First_action;

    delay 10.0 - (Clock - Start);

    Second_action;

  • Unfortunately, this might not achieve the desired result, therefore we use:

    Start := Clock;

    First_action;

    delay until Start + 10.0;

    Second_action;

  • As with delay, delay until is accurate only in its lower bound

  • RT Java - sleep can be relative or absolute

  • POSIX requires use of an absolute timer and signal

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM56


Drifts
Drifts

  • The time overrun associated with both relative and absolute delays is called the local drift and it cannot be eliminated

  • It is possible, however, to eliminate the cumulative drift that could arise if local drifts were allowed to superimpose

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM57


Periodic activity
Periodic Activity

task body T is Interval : constant Duration := 5.0; Next_Time : Time;begin Next_Time := Clock + Interval;loop Action;delay until Next_Time; Next_Time := Next_Time + Interval;end loop;end T;

Will run on average

every 5 seconds

local drift only

If Action takes 6 seconds, the delay

statement will have no effect

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM58


Control example in ada 1
Control Example in Ada (1)

with Ada.Real_Time; use Ada.Real_Time;

with Data_Types; use Data_Types;

with IO; use IO;

with Control_Procedures;

use Control_Procedures;

procedure Controller is

task Temp_Controller;

task Pressure_Controller;

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM59


Control example in ada 2
Control Example in Ada (2)

task body Temp_Controller is TR : Temp_Reading; HS : Heater_Setting; Next : Time; Interval : Time_Span := Milliseconds(200);begin Next := Clock; -- start timeloop Read(TR); Temp_Convert(TR,HS); Write(HS); Next := Next + Interval;delay until Next;end loop;end Temp_Controller;

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM60


Control example in ada 3
Control Example in Ada (3)

task body Pressure_Controller is PR : Pressure_Reading; PS : Pressure_Setting; Next : Time; Interval : Time_Span := Milliseconds(150);begin Next := Clock; -- start timeloop Read(PR); Pressure_Convert(PR,PS); Write(PS); Next := Next + Interval;delay until Next;end loop;end Pressure_Controller;begin null;end Controller;

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM61


Timeouts on actions
Timeouts on Actions

select

delay 0.1;

then abort

-- action

end select;

  • If the action takes too long (more than 100 ms), the action will be aborted

  • Java supports timeouts through the class Timed.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM62


Temporal scopes 1
Temporal Scopes (1)

  • Temporal scope:

    Collection of statements with an associated timing constraint

  • Deadline — the time by which the execution of a TS must be finished

  • Minimum delay — the minimum amount of time that must elapse before the start of execution of a TS

  • Maximum delay — the maximum amount of time that can elapse before the start of execution of a TS

  • Maximum execution time — of a TS

  • Maximum elapse time — of a TS

    Temporal scopes with combinations of these attributes are also possible

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM63


Temporal scopes 2
Temporal Scopes (2)

Now

Minimum delay

Maximum delay

a

Time

Maximum elapse time

b

c

Units of execution

Maximum execution time = a + b +c

Deadline

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM64


Specifying processes and ts
Specifying Processes and TS

process periodic_P;

...

begin

loop

IDLE

start of temporal scope

...

end of temporal scope

end;

end;

Time constraints:

  • maximum and/or minimum times for IDLE

  • At the end of the temporal scope a deadline must be met

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM65


Deadline
Deadline

The deadline can itself be expressed in terms ofeither

  • absolute time

  • execution time since the start of the temporal scope, or

  • elapsed time since the start of the temporal scope.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM66


Aperiodic processes
Aperiodic Processes

process aperiodic_P;

...

begin

loop

wait for interrupt

start of temporal scope

...

end of temporal scope

end;

end;

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM67


Scoop for real time systems
SCOOP for real-time systems

  • Timing assertions

    • Maximal (and minimal) execution time

    • Timeouts on actions

    • Periodic and aperiodic activities

  • Possibility to execute the request of a VIP client while stopping the execution of the current client

    • Duels

    • Priorities

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM68


Timing in sequential programming
Timing in sequential programming

In library class TIMING_ASSERTION:

time_now: TIME

-- The current time now.

min_time_duration: TIME_DURATION

-- Minimal time duration of a feature

max_time_duration: TIME_DURATION

-- Maximal time duration of a feature

In application class SUPPLIER (inherits TIMING_ASSERTION):

createmin_time_duration.make_by_fine_seconds (1.0)

create max_time_duration.make_by_fine_seconds (3.0)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM69


Timing in sequential programming cont
Timing in sequential programming (cont.)

f (a_time_started: TIME; an_i: INTEGER): INTEGERis

require

a_time_started_not_void: a_time_started /= Void

local

i: INTEGER

do

from

i := 0

until

i = an_i

loop

Result := Result + i

i := i + 1

end

createtime_now.make_now

ensure

minimal_execution_time: (time_now - a_time_started).duration > min_time_duration

maximal_execution_time:(time_now - a_time_started).duration < max_time_duration

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM70


Timing in sequential programming cont1
Timing in sequential programming (cont.)

In client class CLIENT:

s: SUPPLIER

time_now: TIMEres: INTEGER

creates

createtime_now.make_now

res := s.f (time_now, 1000000)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM71


Timing in sequential programming cont2
Timing in sequential programming (cont.)

f (a_time_started: TIME; an_i: INTEGER): INTEGERis

require

a_time_started_not_void: a_time_started /= Void

local

i: INTEGER

do

from

i := 0

until

i = an_i

loop

Result := Result + i

i := i + 1

end

createtime_now.make_now

ensure

minimal_execution_time: (time_now - a_time_started).duration > min_time_duration

maximal_execution_time:(time_now - a_time_started).duration < max_time_duration

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM72


Timing assertions
Timing assertions

Specifying temporal scopes with the assertion mechanism of

Eiffel (has consequences to the scheduling mechanism)

  • Maximal (and minimal?) execution time of a feature call x.f (a, b)

  • f (a: A, b:separate B)isrequire

    a/=Void

    notb.empty

    ensure-- maximal execution time of f is 100 ms

    maximal_execution_time (100)

    -- minimal execution time of f is 50 ms

    minimal_execution_time (50)

    end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM73


Timing assertions1
Timing assertions

Timeout on actions

  • f (a: A, b:separate B)isrequire

    a/=Void

    notb.empty

    do

    -- action b.g (h) must not take longer than 20 mscheck timeout: timeout (20)

    b.g (h)

    end

    ensure-- maximal execution time of f is 100 ms

    maximum_execution_time (100)

    -- minimal execution time of f is 50 ms

    minimum_execution_time (50)

    end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM74


Timing assertions2
Timing assertions

Specification of periodic (and aperiodic) activities

  • f (a: A, b:separate B)isrequire

    a/=Void

    notb.empty

    -- activated at absolute time between 4000 and 4500

    activation_time > 4000 and activation_time < 4500

    ensure

    -- periodicity is 500 ms

    periodicity (500)

    end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM75


Duels
Duels

Can we snatch a shared object from its current holder?

  • holder executesholder.r (b) where bis separate

  • Then another object challenger executes

    challenger.s (c) where c, also separate, is attached to the same object as the holder‘s b

  • Normally, the challenger will wait until the call to ris over.

  • What if the challenger is impatient?

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM76


Duels1
Duels

Use library features from classCONCURRENCY:

  • Request immediate service:immediate_service

  • Accept immediate service:yield

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM77


Extending duels with priorities
Extending duels with priorities

Tuning the duel mechanism:

  • holder.set_priority (50)

  • challenger.set_priority (100)

  • holder.yield

  • challenger.immediate_service

    If the priority of the challenger is bigger than the priority of the

    holder(challenger.priority >holder.priority):

    • holder will get an exception

    • challenger will be served.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM78


Conclusion
Conclusion

SCOOP model is simple yet powerful

  • Full concurrency

  • Full use of object-oriented techniques

  • One keywordseparate

  • Based on Design by Contract™

  • Several platforms and architectures (multiprocessing, multithreading, distributed execution, etc).

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM79


Future work
Future work

  • Extension of access control policy

    • multiple locking of separate objects based on the concept of pure functions

  • Instruction-level parallelism

  • Deadlock prevention

  • Extending SCOOP for real-time systems

    • adding priorities to the duel mechanism

    • specifying temporal scopes with the assertion mechanism

  • SCOOP can be used for persistence

    • with the STORABLE class mechanism and separate DATABASE

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM80


References
References

  • http://se.inf.ethz.ch/people/nienaltowski

  • http://se.inf.ethz.ch/people/arslan

  • http://se.inf.ethz.ch/projects (Concurrency, distribution, ...)

  • Nienaltowski P., Arslan V., Meyer B.: SCOOP: Concurrent Programming Made Easy, in process of submission

  • Simon D., An Embedded Software Primer, 3rd printing, Addison-Wesley, 2000

  • Burns A., Wellings A., Real-Time Systems and Programming Languages, 3rd edition, Addison-Wesley, 2001

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM81


End of lecture 21

End of lecture 21

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM82


Lecture 25 concurrent o o principles

Lecture 25: Concurrent O-O principles

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM83


The goal
The goal

  • Provide a practical and general foundation for concurrent and distributed programming, ensuring reliability, reusability availability and extendibility.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM84


The issue
The issue

  • Everyone wants to benefit from concurrency and distribution

    • Physical (networks, multiprocessors)

    • Logical (processors, threads)

  • but applications remain extremely difficult to build, especially to build right.

  • SCOOP provides:

    • Generality

    • Ease of programming

    • Robustness (including liveness, ...)

    • Availability

    • Extendibility, reusability

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM85


Generality
Generality

  • Provide a simple, general, easy to use concurrency and distribution mechanism for programming concurrent applications:

    • Internet and Web programming.

    • Web services, peer-to-peer...

    • Client-server applications.

    • Distributed processing.

    • Multi-threading.

    • Multiple processes (Unix, Windows 95, Windows NT).

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM86


An example multithreading
An example: Multithreading

  • Increasingly popular

  • Notoriously hard to get right; major mistakes remain in released applications; theoretical pitfalls

  • Impedance mismatch with O-O programming concepts

  • Synchronization often achieved by low-level mechanisms

O1

name

“Almaviva”

landlord

loved_one

O3

O2

“Figaro”

“Susanna”

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM87


Concurrency and objects
Concurrency and objects

“I can’t understand why objects [of O-O languages]

are not concurrent in the first place”.

Robin Milner, 1991

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM88


Formulating the question
Formulating the question

  • What is the simplest extension of object technology that will support all forms of concurrent computation — in an elegant, general and efficient way?

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM89


Basic o o mechanism
Basic O-O mechanism

  • Feature call (message passing):

    x.f (a)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM90


Concurrent o o should be easy
Concurrent O-O should be easy!

(But: it’s not!)

  • Analogies between objects/classes and processes/process-types:

    • General decentralized structure, independent modules.

    • Encapsulated behavior (a single cycle for a process; any number of routines for a class).

    • Local variables (attributes of a class, variables of a process or process type).

    • Persistent data, keeping its value between successive activations.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM91


But the analogy breaks down quickly
But the analogy breaks down quickly…

  • ... and leaves room to apparent incompatibilities:

    • Classes are repositories of services; it is fundamental that they should be able to support more than one.

    • How will processes serve each other’s requests?

    • The "inheritance anomaly"

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM92


Capturing common behaviors
Capturing common behaviors

deferred classPROCESS

feature

liveis

-- General structure with variants.

do

from

setup

until

over

loop

step

end

finalize

end

feature {NONE}

setupis deferred end

over: BOOLEANis deferred end

stepis deferred end

finalizeis deferred end

end

Why limit ourselves to just one behavior when we can have as many as we want?

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM93


A printer mechanism
A printer mechanism

classPRINTER

inherit

PROCESS

rename

overasoff_line,

finalizeasstop

end

feature

stopis

-- Go off-line.

do

off_line := True

end

stepis

-- Execute individual actions of an iteration step.

do

start_job

process_job

finish_job

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM94


A printer mechanism cont d
A printer mechanism (cont’d)

feature {NONE}

setupis

do

end

start_jobis

do

end

process_jobis

do

end

finish_jobis

do

end

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM95


Other possible features
Other possible features

print_diagnostics

prepare_for_maintenance

restart_job

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM96


The basic triangle of computation
The basic triangle of computation

  • Computing consists of applying operations to objects; to do so requires the appropriate mechanisms – processors.

Action

Object

Processor

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM97


Separate entities
Separate entities

  • A call of the form x.f (a) has different semantics when handled by the same or different processors.

  • Need to declare whether client processor is the same as supplier processor or another.

    x: separateA

  • Contrast with the usual

    x: A

  • which guarantees handling by same processor.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM98


Consistency rule
Consistency rule

  • In assignment

    x := y

  • If the source y is separate, the target x must be separate too.

  • Same rule for argument passing.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM99


Separate entities and classes
Separate entities and classes

b: separateBOUNDED_QUEUE [SOME_TYPE]

or:

separate classBOUNDED_BUFFER [G]

inherit

BOUNDED_QUEUE [G]

end

x: BOUNDED_BUFFER [SOME_TYPE]

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM100


Creation
Creation

  • If xis separate, then the creation instruction

    createx

  • grabs a new processor, physical or virtual, and assigns it to handle the object.

  • Also: it is possible to obtain a separate object as the result of a function. So processors can be allocated outside of Eiffel text proper.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM101


Generality1
Generality

  • “Separate” declaration does not specify the processor.

  • Semantic difference between sequential and concurrent computation narrowed down to difference for separate calls:

    • Precondition semantics

    • Argument passing semantics

    • Creation semantics.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM102


Two level architecture
Two-level architecture

  • General-purpose top layer (SCOOP).

  • Several architecture-specific variants at the bottom layer (SCOOP handles).

  • Initial handles: .NET remoting; POSIX threads;

SCOOP

HANDLE 1

HANDLE 2

HANDLE n

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM103


Two level architecture1
Two-level architecture

SCOOP

.NET

THREADS

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM104


Predefined constructs and libraries
Predefined constructs and libraries

  • Define specific details (how many processors...) and scheduling policies through libraries.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM105


Processor assignment
Processor assignment

  • The assignment of actual physical resources to (virtual) processors) is entirely dynamic and external to the software text.

  • Simple notation: Concurrency Control File (CCF)

    creation

    proc1: sales.microsoft.com (2), coffees.whitehouse.gov (5), ...

    proc2: 89.9.200.151 (1), ...

  • Physical resources may be Internet nodes, threads, Unix or Windows processes, etc.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM106


End of lecture 25

End of lecture 25

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM107


Lecture 26 concurrent o o principles

Lecture 26: Concurrent O-O principles

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM108


Design by contract
Design by Contract

classBOUNDED_QUEUE [G]

feature

put (x: G) is

-- Add x to queue.

require

notis_full

do

ensure

notis_empty

end

remove: Gis

-- Delete oldest element from queue.

require

notis_empty

do

ensure

notis_full

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM109


The contract model cont d
The contract model (cont’d)

invariant

maxcount = capacity – 1

0 <= oldest

oldest <= capacity

0 <= next

next <= capacity

abs (next – oldest) < capacity

end

oldest

1

capacity

maxcount

next

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM110


The contract of a feature
The contract of a feature

Obligations

Benefits

(Satisfy precondition:)

Make sure queue not full.

(From postcondition:)

Make queue not empty, x added.

Client

(Satisfy postcondition:)

Insert x, making sure queue is not empty.

(From precondition:)

Simpler processing thanks to assumption that queue not full.

Supplier

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM111


The correctness of a class
The correctness of a class

createa.make (…)

  • (1-n) For every exported routine r: {INV and prer} dor {INV and postr}

  • (1-m) For every creation procedure cp: {precp} docp {postcp and INV}

S1

a.f (…)

S2

a.g (…)

S3

a.f (…)

S4

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM112


Express messages
Express messages?

  • An express message is a message that must be treated right away, interrupting any current routine call.

    • But: how do we preserve the consistency of objects (invariants)?

  • The model will support a restricted form of express messages, which does not conflict with provability.

  • Unit of granularity for mutual exclusion is routine call.

  • But: can be interrupted, causing an exception.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM113


Provability
Provability

  • Proof rule for routines:

    { INV  p }  Body (r)  { INV  q }

    p  Pre (r) q Post (r)

    { p’ }  Call (r)  { q’ }

    p  Pre (r) q Post (r)

  • In other words: to prove the validity of all calls, it suffices to prove (once!) the correctness of the body.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM114


What becomes of the contract model
What becomes of the contract model?

q: BOUNDED_QUEUE [X]

a: X...if notq.is_fullthenq.put (a) end

Or: q.removeq.put (x)

  • But: this does not work for separate threads of control!

  • What do preconditions now mean?

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM115


Reserving an object
Reserving an object

q: separateBOUNDED_QUEUE [X]

a: X...a := q.item... Other instructions (not calling remove) ...q.remove

  • How do we guarantee that item and remove apply to the same buffer element?

  • Proposed answer: Just use encapsulation. Argument passing serves as reservation. If object busy (processor not available), block object; processor will service other object if possible.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM116


Reserving an object cont d
Reserving an object (cont’d)

classBUFFER_ACCESS [X]

featureput (q: separateBOUNDED_QUEUE [G]; x: G) is-- Insert x into q, waiting if necessary

-- until there is room.requirenotq.is_fulldoq.put (x)ensure notq.is_emptyend

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM117


Reserving an object cont d1
Reserving an object (cont’d)

remove (q: separateBOUNDED_QUEUE [G]) is-- Remove an element from q, waiting if -- necessary until there is such an element.requirenotq.is_emptydoq.removeensure notq.is_fullenditem (q: separateBOUNDED_QUEUE [G]): Gis-- Oldest element not yet consumed ... Left to reader ...

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM118


Semantic rules
Semantic rules

  • With the class as shown on the previous pages, the call

    put (q)

  • will block until:

    • q is available.

    • The precondition notq.is_full is true.

  • The new rule only affects:

    • Separate arguments.

    • Precondition clauses which include calls on separate targets (i.e. x.f withxseparate).

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM119


The original proof rule
The original proof rule

{ INV  p }  Body (r)  { INV  q }

p  Pre (r) q Post (r)

{ p’ }  Call (r)  { q’ }

p  Pre (r) q Post (r)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM120


The new proof rule
The new proof rule

{ INV  p } Body (r) { INV  q }

p  Nonsep_Pre (r) q Nonsep_Post (r)

{ p’ }  Call (r)  { q’ }

p  Nonsep_Pre (r) q Nonsep_Post (r)

  • Nonsep_pre (r): set of clauses in r’s precondition which do not involve any separate calls.

  • Similarly for Nonsep_post (r).

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM121


Wait by necessity
Wait by necessity

r (...; t: separateSOME_TYPE; ...) isdo ...t.f (...)other_instructionsend

  • When do we wait?

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM122


Wait by necessity cont d
Wait by necessity (cont’d)

  • For example:

    r (...; t: separateSOME_TYPE; ...) isdo ...t.p (...)other_instruction_1

    ...

    other_instruction_n

    k:=t.some_valueend

  • Wait on queries (calls to attributes and functions), not procedure calls.

WAIT HERE

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM123


Blocking semantics is not always appropriate
Blocking semantics is not always appropriate

f: FILE

...

iff /= Voidand thenf.readablethenf.some_input_routine

--some_input_routineis any routine

-- that reads data from the file;

-- its precondition is readable.end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM124


Duels2
Duels

  • Request immediate service: immediate_service

  • Accept immediate service: yield

Challenger

Holder

normal_service

immediate_service

insist

Challenger waits

Exception in challenger

Exception in holder; serve challenger.

yield

Challenger waits

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM125


Dining philosophers
Dining philosophers

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM126


Dining philosophers cont d
Dining philosophers (cont’d)

separate classPHILOSOPHER

inheritPROCESSrename

setupasgetup

end

create

make

feature {BUTLER}stepis dothink

eat (left, right)

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM127


Dining philosophers cont d1
Dining philosophers (cont’d)

feature {NONE}left, right: separateFORK

-- The two required forks

getupis-- Take any necessary initialization action.do

...

endthinkis-- Any appropriate action.do

...

endeat (l, r: separateFORK) is-- Eat, having grabbed l and r.do

...

end

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM128


A binary tree class non parallel
A binary tree class, non-parallel

classBINARY_TREE [G]

feature

left, right: BINARY_TREE [G]

nodes: INTEGERis

-- Number of nodes in this tree

do

Result := node_count (left) + node_count (right) + 1

end

feature {NONE}

node_count (b: BINARY_TREE [G]): INTEGERis

-- Number of nodes in b

do

ifb /= Voidthen

Result := b.nodes

end

end

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM129


A binary tree class parallel version
A binary tree class: Parallel version

separate classBINARY_TREE [G]

feature

left, right: BINARY_TREE [G]

… Other features …

nodes: INTEGER

update_nodesis

-- Update nodes to reflect number of nodes in this

-- tree.

do

nodes := 1

compute_nodes (left)

compute_nodes (right)

adjust_nodes (left)

adjust_nodes (right)

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM130


Parallel version cont d
Parallel version (cont’d)

feature {NONE}

compute_nodes (b: BINARY_TREE [G]) is

-- Update information about the number of nodes in b.

do

ifb /= Voidthen

b.update_nodes

end

end

adjust_nodes (b: BINARY_TREE [G]) is

-- Adjust number of nodes from those in b.

do

ifb /= Voidthen

nodes := nodes + b.nodes

end

end

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM131


Other examples in oosc 2
Other examples in OOSC-2

  • Coroutines

  • Locking a resource — semaphores

  • An elevator control system

  • A watchdog mechanism (execute an action, but take control back if not done after t seconds)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM132


Two level architecture2
Two-level architecture

SCOOP

.NET

THREADS

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM133


Net remoting library
.NET remoting library

  • Provides a good basis for SCOOP:

    • AppDomains: Partition object set

    • Marshal by Value, Marshal by Reference

    • All types are potentially remotable

    • Threading library

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM134


Appdomains
AppDomains

Process

AppDomain

AppDomain

O1

name

“Almaviva”

Context

landlord

loved_one

O3

O2

“Figaro”

“Susanna”

Context

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM135


Challenges
Challenges

  • Conceptual:

    • Systematic approach to deadlock prevention

    • Precise fairness policies

    • Proof rules, actual proofs.

  • Organizational:

    • Language & compiler integrationBut also an opportunity

    • Building industrial-grade software in a universityBut: ETH CS tradition; Dept and university support

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM136


End of lecture 26

End of lecture 26

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM137


ad