Scoop eiffel concurrency
This presentation is the property of its rightful owner.
Sponsored Links
1 / 138

SCOOP – Eiffel Concurrency PowerPoint PPT Presentation


  • 95 Views
  • Uploaded on
  • Presentation posted in: General

SCOOP – Eiffel Concurrency. Slides adapted from Bertrand Meyer, ETH. Lecture 21: Concurrency and real-time systems. Overview. Goal Basics of the SCOOP model Architecture and implementation of SCOOP Examples Basics of the real-time systems Timing and real-time extensions

Download Presentation

SCOOP – Eiffel Concurrency

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Scoop eiffel concurrency

SCOOP – Eiffel Concurrency

Slides adapted from Bertrand Meyer, ETH

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM0


Lecture 21 concurrency and real time systems

Lecture 21: Concurrency and real-time systems

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM1


Overview

Overview

  • Goal

  • Basics of the SCOOP model

  • Architecture and implementation of SCOOP

  • Examples

  • Basics of the real-time systems

  • Timing and real-time extensions

  • Conclusion and future work

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM2


Scoop eiffel concurrency

Goal

Extend a pure, strongly typed, object-oriented language (Eiffel, …) with

  • a simple, general and powerful concurrency and distribution model ( SCOOP)

  • and extend SCOOP to support real-time programming

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM3


The scoop model

The SCOOP model

  • Simple Concurrent Object-Oriented Programming

  • High-level concurrency mechanism

  • Full use of inheritance and other object-oriented techniques

  • Applicable to many physical setups: multiprocessing, multithreading, distributed execution, etc.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM4


Object oriented computation

Object-oriented computation

To perform a computation is

  • to use certain processors

  • to apply certain actions

  • to certain objects.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM5


What makes an application concurrent

What makes an application concurrent?

Processor:autonomous thread of control supporting sequential execution of instructions on one or more objects

Can be implemented as:

  • Computer CPU

  • Process

  • Thread

  • AppDomain (.NET) …

    Mapping of processors to computational resources

    through Concurrency Control File (CCF)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM6


Feature call synchronous call

Feature call (synchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:CLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM7


Feature call synchronous call1

Feature call (synchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:CLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM8


Feature call synchronous call2

Feature call (synchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:CLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM9


Feature call synchronous call3

Feature call (synchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:CLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM10


Feature call synchronous call4

Feature call (synchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:CLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM11


Separate feature call asynchronous call

Separate feature call (asynchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:separateCLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM12


Feature call synchronous call5

Feature call (synchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:CLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM13


Separate feature call asynchronous call1

Separate feature call (asynchronous call)

  • Fundamental scheme of O-O computation: feature call x.f (a)

  • x:separateCLASS_X

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM14


Access control policy

Access control policy

  • Target of a separate call must be formal argument of enclosing routine:

    store (b:separate BUFFER [G]; value: G)is

    -- Store value into b.

    do

    b.put (value)

    end

  • To obtain exclusive access to a separate object, use it as argument of call:

    my_buffer:separate BUFFER [INTEGER]

    createmy_buffer

    store (my_buffer, 10)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM15


From preconditions to wait conditions

From preconditions to wait-conditions

Contracts in Eiffel

store (b: BUFFER [G]; value: G)is

-- Store value into b.

require

not b.is_full

value /= Void

do

b.put (value)

ensure

not b.is_empty

end

...

store (my_buffer, 10)

  • If b is separate, precondition becomes wait condition (instead of correctness condition)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM16


From preconditions to wait conditions1

From preconditions to wait-conditions

Contracts in Eiffel

store (b:separate BUFFER [G]; value: G)is

-- Store value into b.

require

not b.is_full

value /= Void

do

b.put (value)

ensure

not b.is_empty

end

...

store (my_buffer, 10)

  • If b is separate, precondition becomes wait condition (instead of correctness condition)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM17


Synchronization

Synchronization

  • No special mechanism needed for client to resynchronize with supplier after separate call.

  • The client will wait only when it needs to:

    x.f

    x.g (a)

    y.f

    value := x.some_query

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM18


Synchronization1

Synchronization

  • No special mechanism needed for client to resynchronize with supplier after separate call.

  • The client will wait only when it needs to:

    x.f

    x.g (a)

    y.f

    value := x.some_query

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM19


Synchronization2

Synchronization

  • No special mechanism needed for client to resynchronize with supplier after separate call.

  • The client will wait only when it needs to:

    x.f

    x.g (a)

    y.f

    value := x.some_query

    if value > 10then…end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM20


Synchronization3

Synchronization

  • No special mechanism needed for client to resynchronize with supplier after separate call.

  • The client will wait only when it needs to:

    x.f

    x.g (a)

    y.f

    value := x.some_query

    if value > 10then…end

  • This mechanism is called wait by necessity.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM21


Ccf mapping of processors to physical resources

CCF – Mapping of processors to physical resources

  • Location of processors need not be specified at compile time

  • On the fly specification with Concurrency Control File (CCF)

    creation

    system

    "goethe" (4): "c:\prog\appl1\appl1.exe"

    "beethoven" (2): "c:\prog\appl2\appl2.dll"

    "Current" (5): "c:\prog\appl3\appl3.dll"

    end

    external

    Database_handler: "daimler_benz" port 9000

    ATM_handler: "duerer" port 8001

    end

    default

    port: 8001; instance: 10

    end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM22


Ccf mapping of processors to physical resources1

CCF – Mapping of processors to physical resources

  • Location of processors need not be specified at compile time

  • On the fly specification with Concurrency Control File (CCF)

    creation

    system

    "Current": "c:\prog\appl1\appl1.exe"

    end

    end

    end

    external

    Database_handler: "daimler_benz" port 9000

    ATM_handler: "duerer" port 8001

    end

    default

    port: 8001; instance: 10

    end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM23


Two level architecture of scoop

SCOOP

platform-independent

.NET

Compact

Framework

.NET

POSIXThreads

Two-level architecture of SCOOP

  • SCOOP can be implemented in several environments

  • Microsoft .NET is our current platform

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM24


Implementation

Implementation

  • SCOOPLI for .NET and others

    • Library implementation of SCOOP in its original version

    • Uses Remoting and Threading capabilities of .NET

    • Uses Threading capabilities of the .NET CF on the RTOS Windows CE .NET (and/or other RTOS: VxWorks, etc.)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM25


Example bounded buffers

Example: Bounded buffers

separate class BOUNDED_BUFFER [G]

inherit

BOUNDED_QUEUE[G]

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM26


Example bounded buffers1

Example: Bounded buffers

indexing

description: "Encapsulation of access to bounded buffers"

class BUFFER_ACCESS [G]

feature

put (q: BOUNDED_BUFFER [G]; x: G)is

-- Insert x into q, waiting if necessary until there is room.

require

not q.full

do

q.put (x)

ensure

not q.empty

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM27


Example bounded buffers2

Example: Bounded buffers

remove (q: BOUNDED_BUFFER [G])is

-- Remove an element from q, waiting if necessary

-- until there is such an element

require

not q.empty

do

q.remove

ensure

not q.full

end

item (q: BOUNDED_BUFFER [G]): G is

-- Oldest element not yet consumed

require

not q.empty

do

Result := q.remove

end

end -- classBUFFER_ACCESS [G]

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM28


Example bounded buffers3

Example: Bounded buffers

Usage of bounded buffers

my_buffer_access: BUFFER_ACCESS [INTEGER]

my_bounded_buffer: BOUNDED_BUFFER [INTEGER]

createmy_buffer_access

createmy_bounded_buffer

my_buffer_access.put (my_bounded_buffer, 25)

my_buffer_access.put (my_bounded_buffer, 50)

my_result := my_buffer_acces.item (my_bounded_buffer)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM29


Example dining philosophers

Example: Dining philosophers

separate class PHILOSOPHER

inherit

GENERAL_PHILOSOPHER

PROCESS

rename

setup as getup

undefine

getup

end

feature {BUTLER}

step is

-- Perform a philosopher’s tasks.

do

think

eat (left, right)

end

eat (l, r: separate FORK) is

-- Eat, having grabbed l and r.

do

end

end -- class PHILOSOPHER

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM30


Class process

Class PROCESS

indexing

description: "The most general notion of process"

deferred classPROCESS

feature -- Status report

over: BOOLEANis

-- Must execution terminate now?

deferred end

feature -- Basic operations

setupis

-- Prepare to execute process operations (default: nothing).

do end

stepis

-- Execute basic process operations.

deferred end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM31


Class process cont

Class PROCESS (cont.)

wrapupis

-- Execute termination operations (default: nothing).

do end

feature -- Process behavior

liveis

-- Perform process lifecycle.

do

fromsetupuntiloverloop

step

end

wrapup

end

end -- classPROCESS

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM32


Class general philosopher

Class GENERAL_PHILOSOPHER

class

GENERAL_PHILOSOPHER

create

make

feature-- Initialization

make (l, r:separate FORK)is

-- Define l as left and r as right forks.

do

left := l

right := r

end

feature{NONE}-- Implementation

left:separate FORK

right:separate FORK

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM33


Class general philosopher cont

Class GENERAL_PHILOSOPHER (cont.)

getup is

-- Take any necessary initialization action.

do

end

think is

-- Any appropriate action or lack thereof

do

end

end -- class GENERAL_PHILOSOPHER

class

FORK

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM34


Class butler

Class BUTLER

class

BUTLER

create

make

feature

count: INTEGER

-- The number of both philosophers and forks

launch is

-- Start a full session.

local

i: INTEGER

do

from

i := 1

until

i > count

loop

launch_one (participants @ i)

i := i + 1

end

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM35


Class butler cont

Class BUTLER (cont.)

feature --{NONE}

launch_one (p: PHILOSOPHER)is

-- Let one philosopher start his actual life.

do

p.live

end

participants: ARRAY [PHILOSOPHER]

cutlery: ARRAY [FORK]

feature{NONE}-- Initialization

make (n: INTEGER)is

-- Initialize a session with n philosophers.

require

n >= 0

do

count := n

create participants.make (1, count)

create cutlery.make (1, count)

make_philosophers

launch

ensure

count = n

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM36


Class butler cont1

Class BUTLER (cont.)

make_philosophers is

-- Set up philosophers.

local

i: INTEGER

p: PHILOSOPHER

left, right:separate FORK

do

from

i := 1

until

i > count

loop

left := cutlery @ i

right := cutlery @((i \\ count) + 1)

create p.make (left, right)

participants.put (p, i)

i := i + 1

end

end

invariant

count >= 0

participants.count = count

cutlery.count = count

end-- class BUTLER

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM37


Definition real time system

Definition: Real-time system

Real-time system (Young, 1982):

Any information processing activity or system which has to respond to externally generated input stimuli within a finite and specified period.

  • The correctness of a real-time system depends not only on the logical result of the computation, but also on the timeat which the results are produced ...

     a correct but a late response is as bad as awrong response ...

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM38


Hard and soft real time systems

Hard and soft real-time systems

  • Hard real-time

    Systems where it is absolutely imperative that responses occur within the required deadline. E.g. flight control systems, …

  • Soft real-time

    Systems where deadlines are important but which will still function correctly if deadlines are occasionally missed.E.g. data acquisition system, …

    A single real-time system may have both hard and soft real-time subsystems

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM39


Definition embedded system

Definition: Embedded system

Embedded system:

The computer is an information processing component within (embedded in) a larger engineering system.

(e.g. washing machine, process control computer, ABS ― Anti Blocking System in vehicles, ...)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM40


Characteristics of real time systems

Characteristics of real-time systems

  • Large and complex

    (up to 20 million lines of code estimated for the Space Station Freedom)

  • Concurrent control of separate system components

  • Facilities to interact with special purpose hardware

  • Extreme reliable and safe

  • Guaranteed response times

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM41


Components of a real time system

Components of a real-time system

  • Hardware (CPU, sensors, ADC, DAC, …)

  • Real-time OS (e.g VxWorks, QNX, Windows CE .NET, …)

  • Real-time application and real-time runtime system (e.g. Ada, Real-Time Java, C with Real-Time Posix and hopefully soon Real-Time SCOOP )

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM42


A simple embedded and real time example

A simple embedded and real-time example

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM43


A simple embedded and real time example1

A simple embedded and real-time example

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM44


Real time facilities

Real-Time Facilities

  • Notion of time

  • Clocks

  • Delays

  • Timeouts

  • Temporal scopes

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM45


Notion of time

Notion of time

  • Linearity:

  • Transitivity:

  • Irreflexibility:

  • Density:

 The passage of time is equated with a real line.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM46


Access to a clock

Access to a Clock

  • Direct access to the environment's time frame(e.g. transmitters for UTC = Universal Time Coordinated, UTC service of GPS)

  • Using an internal hardware clock that gives an adequate approximation to the passage of time in the environment

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM47


Clocks in real time java

Clocks in Real-Time Java

  • java.lang.System.currentTimeMillis returns the number of milliseconds since 1/1/1970 GMT and is used by java.util.Date

  • Real-time Java adds real-time clocks with high resolution time types

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM48


Rt java time types 1

RT Java Time Types (1)

public abstract class HighResolutionTime implements

java.lang.Comparable

{

public abstract AbsoluteTime absolute(Clock clock,

AbsoluteTime destination);

...

public boolean equals(HighResolutionTime time);

public final long getMilliseconds();

public final int getNanoseconds();

public void set(HighResolutionTime time);

public void set(long millis);

public void set(long millis, int nanos);

}

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM49


Rt java time types 2

RT Java Time Types (2)

public class AbsoluteTime extends HighResolutionTime

{

// various constructor methods including

public AbsoluteTime(AbsoluteTime T);

public AbsoluteTime(long millis, int nanos);

public AbsoluteTime absolute(Clock clock, AbsoluteTime dest);

public AbsoluteTime add(long millis, int nanos);

public final AbsoluteTime add(RelativeTime time);

...

public final RelativeTime subtract(AbsoluteTime time);

public final AbsoluteTime subtract(RelativeTime time);

}

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM50


Rt java time types 3

RT Java Time Types (3)

public class RelativeTime extends HighResolutionTime

{

// various constructor methods including

public RelativeTime(long millis, int nanos);

public RelativeTime(RelativeTime time);

public AbsoluteTime absolute(Clock clock,

AbsoluteTime destination);

public RelativeTime add(long millis, int nanos);

public final RelativeTime add(RelativeTime time);

public void addInterarrivalTo(AbsoluteTime destination);

public final RelativeTime subtract(RelativeTime time);

...

}

public class RationalTime extends RelativeTime

{ . . .}

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM51


Rt java clock class

RT Java: Clock Class

public abstract class Clock

{

public Clock();

public static Clock getRealtimeClock();

public abstract RelativeTime getResolution();

public AbsoluteTime getTime();

public abstract void getTime(AbsoluteTime time);

public abstract void setResolution(RelativeTime resolution);

}

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM52


Rt java measuring time

RT Java: Measuring Time

{

AbsoluteTime oldTime, newTime;

RelativeTime interval;

Clock clock = Clock.getRealtimeClock();

oldTime = clock.getTime();

// other computations

newTime = clock.getTime();

interval = newTime.subtract(oldTime);

}

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM53


Delaying a process thread

Delaying a Process (Thread)

  • The execution of a process (thread) must be sometimes delayed either for a relative period of time or until some time in the future

  • Relative delays

    Start := Clock; -- from calendar

    loop

    exit when (Clock - Start) > 10.0;

    end loop;

  • Busy-waits are not efficient, therefore most languages and operating systems provide some form of delay primitive

  • In Ada, this is a delay statement

    delay 10.0;

  • In POSIX: sleep and nanosleep

  • Java: sleep; RT Java provides a high resolution sleep

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM54


Delays

Delays

Granularity difference between clock and delay

Time specified by program

Process executing

Process runnable here but not executable

Interrupts disabled

Time

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM55


Absolute delays

Absolute Delays

  • In Ada

    Start := Clock;

    First_action;

    delay 10.0 - (Clock - Start);

    Second_action;

  • Unfortunately, this might not achieve the desired result, therefore we use:

    Start := Clock;

    First_action;

    delay until Start + 10.0;

    Second_action;

  • As with delay, delay until is accurate only in its lower bound

  • RT Java - sleep can be relative or absolute

  • POSIX requires use of an absolute timer and signal

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM56


Drifts

Drifts

  • The time overrun associated with both relative and absolute delays is called the local drift and it cannot be eliminated

  • It is possible, however, to eliminate the cumulative drift that could arise if local drifts were allowed to superimpose

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM57


Periodic activity

Periodic Activity

task body T is Interval : constant Duration := 5.0; Next_Time : Time;begin Next_Time := Clock + Interval;loop Action;delay until Next_Time; Next_Time := Next_Time + Interval;end loop;end T;

Will run on average

every 5 seconds

local drift only

If Action takes 6 seconds, the delay

statement will have no effect

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM58


Control example in ada 1

Control Example in Ada (1)

with Ada.Real_Time; use Ada.Real_Time;

with Data_Types; use Data_Types;

with IO; use IO;

with Control_Procedures;

use Control_Procedures;

procedure Controller is

task Temp_Controller;

task Pressure_Controller;

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM59


Control example in ada 2

Control Example in Ada (2)

task body Temp_Controller is TR : Temp_Reading; HS : Heater_Setting; Next : Time; Interval : Time_Span := Milliseconds(200);begin Next := Clock; -- start timeloop Read(TR); Temp_Convert(TR,HS); Write(HS); Next := Next + Interval;delay until Next;end loop;end Temp_Controller;

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM60


Control example in ada 3

Control Example in Ada (3)

task body Pressure_Controller is PR : Pressure_Reading; PS : Pressure_Setting; Next : Time; Interval : Time_Span := Milliseconds(150);begin Next := Clock; -- start timeloop Read(PR); Pressure_Convert(PR,PS); Write(PS); Next := Next + Interval;delay until Next;end loop;end Pressure_Controller;begin null;end Controller;

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM61


Timeouts on actions

Timeouts on Actions

select

delay 0.1;

then abort

-- action

end select;

  • If the action takes too long (more than 100 ms), the action will be aborted

  • Java supports timeouts through the class Timed.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM62


Temporal scopes 1

Temporal Scopes (1)

  • Temporal scope:

    Collection of statements with an associated timing constraint

  • Deadline — the time by which the execution of a TS must be finished

  • Minimum delay — the minimum amount of time that must elapse before the start of execution of a TS

  • Maximum delay — the maximum amount of time that can elapse before the start of execution of a TS

  • Maximum execution time — of a TS

  • Maximum elapse time — of a TS

    Temporal scopes with combinations of these attributes are also possible

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM63


Temporal scopes 2

Temporal Scopes (2)

Now

Minimum delay

Maximum delay

a

Time

Maximum elapse time

b

c

Units of execution

Maximum execution time = a + b +c

Deadline

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM64


Specifying processes and ts

Specifying Processes and TS

process periodic_P;

...

begin

loop

IDLE

start of temporal scope

...

end of temporal scope

end;

end;

Time constraints:

  • maximum and/or minimum times for IDLE

  • At the end of the temporal scope a deadline must be met

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM65


Deadline

Deadline

The deadline can itself be expressed in terms ofeither

  • absolute time

  • execution time since the start of the temporal scope, or

  • elapsed time since the start of the temporal scope.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM66


Aperiodic processes

Aperiodic Processes

process aperiodic_P;

...

begin

loop

wait for interrupt

start of temporal scope

...

end of temporal scope

end;

end;

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM67


Scoop for real time systems

SCOOP for real-time systems

  • Timing assertions

    • Maximal (and minimal) execution time

    • Timeouts on actions

    • Periodic and aperiodic activities

  • Possibility to execute the request of a VIP client while stopping the execution of the current client

    • Duels

    • Priorities

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM68


Timing in sequential programming

Timing in sequential programming

In library class TIMING_ASSERTION:

time_now: TIME

-- The current time now.

min_time_duration: TIME_DURATION

-- Minimal time duration of a feature

max_time_duration: TIME_DURATION

-- Maximal time duration of a feature

In application class SUPPLIER (inherits TIMING_ASSERTION):

createmin_time_duration.make_by_fine_seconds (1.0)

create max_time_duration.make_by_fine_seconds (3.0)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM69


Timing in sequential programming cont

Timing in sequential programming (cont.)

f (a_time_started: TIME; an_i: INTEGER): INTEGERis

require

a_time_started_not_void: a_time_started /= Void

local

i: INTEGER

do

from

i := 0

until

i = an_i

loop

Result := Result + i

i := i + 1

end

createtime_now.make_now

ensure

minimal_execution_time: (time_now - a_time_started).duration > min_time_duration

maximal_execution_time:(time_now - a_time_started).duration < max_time_duration

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM70


Timing in sequential programming cont1

Timing in sequential programming (cont.)

In client class CLIENT:

s: SUPPLIER

time_now: TIMEres: INTEGER

creates

createtime_now.make_now

res := s.f (time_now, 1000000)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM71


Timing in sequential programming cont2

Timing in sequential programming (cont.)

f (a_time_started: TIME; an_i: INTEGER): INTEGERis

require

a_time_started_not_void: a_time_started /= Void

local

i: INTEGER

do

from

i := 0

until

i = an_i

loop

Result := Result + i

i := i + 1

end

createtime_now.make_now

ensure

minimal_execution_time: (time_now - a_time_started).duration > min_time_duration

maximal_execution_time:(time_now - a_time_started).duration < max_time_duration

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM72


Timing assertions

Timing assertions

Specifying temporal scopes with the assertion mechanism of

Eiffel (has consequences to the scheduling mechanism)

  • Maximal (and minimal?) execution time of a feature call x.f (a, b)

  • f (a: A, b:separate B)isrequire

    a/=Void

    notb.empty

    ensure-- maximal execution time of f is 100 ms

    maximal_execution_time (100)

    -- minimal execution time of f is 50 ms

    minimal_execution_time (50)

    end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM73


Timing assertions1

Timing assertions

Timeout on actions

  • f (a: A, b:separate B)isrequire

    a/=Void

    notb.empty

    do

    -- action b.g (h) must not take longer than 20 mscheck timeout: timeout (20)

    b.g (h)

    end

    ensure-- maximal execution time of f is 100 ms

    maximum_execution_time (100)

    -- minimal execution time of f is 50 ms

    minimum_execution_time (50)

    end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM74


Timing assertions2

Timing assertions

Specification of periodic (and aperiodic) activities

  • f (a: A, b:separate B)isrequire

    a/=Void

    notb.empty

    -- activated at absolute time between 4000 and 4500

    activation_time > 4000 and activation_time < 4500

    ensure

    -- periodicity is 500 ms

    periodicity (500)

    end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM75


Duels

Duels

Can we snatch a shared object from its current holder?

  • holder executesholder.r (b)where bis separate

  • Then another object challenger executes

    challenger.s (c) where c, also separate, is attached to the same object as the holder‘s b

  • Normally, the challenger will wait until the call to ris over.

  • What if the challenger is impatient?

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM76


Duels1

Duels

Use library features from classCONCURRENCY:

  • Request immediate service:immediate_service

  • Accept immediate service:yield

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM77


Extending duels with priorities

Extending duels with priorities

Tuning the duel mechanism:

  • holder.set_priority (50)

  • challenger.set_priority (100)

  • holder.yield

  • challenger.immediate_service

    If the priority of the challenger is bigger than the priority of the

    holder(challenger.priority >holder.priority):

    • holder will get an exception

    • challenger will be served.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM78


Conclusion

Conclusion

SCOOP model is simple yet powerful

  • Full concurrency

  • Full use of object-oriented techniques

  • One keywordseparate

  • Based on Design by Contract™

  • Several platforms and architectures (multiprocessing, multithreading, distributed execution, etc).

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM79


Future work

Future work

  • Extension of access control policy

    • multiple locking of separate objects based on the concept of pure functions

  • Instruction-level parallelism

  • Deadlock prevention

  • Extending SCOOP for real-time systems

    • adding priorities to the duel mechanism

    • specifying temporal scopes with the assertion mechanism

  • SCOOP can be used for persistence

    • with the STORABLE class mechanism and separate DATABASE

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM80


References

References

  • http://se.inf.ethz.ch/people/nienaltowski

  • http://se.inf.ethz.ch/people/arslan

  • http://se.inf.ethz.ch/projects (Concurrency, distribution, ...)

  • Nienaltowski P., Arslan V., Meyer B.: SCOOP: Concurrent Programming Made Easy, in process of submission

  • Simon D., An Embedded Software Primer, 3rd printing, Addison-Wesley, 2000

  • Burns A., Wellings A., Real-Time Systems and Programming Languages, 3rd edition, Addison-Wesley, 2001

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM81


End of lecture 21

End of lecture 21

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM82


Lecture 25 concurrent o o principles

Lecture 25: Concurrent O-O principles

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM83


The goal

The goal

  • Provide a practical and general foundation for concurrent and distributed programming, ensuring reliability, reusability availability and extendibility.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM84


The issue

The issue

  • Everyone wants to benefit from concurrency and distribution

    • Physical (networks, multiprocessors)

    • Logical (processors, threads)

  • but applications remain extremely difficult to build, especially to build right.

  • SCOOP provides:

    • Generality

    • Ease of programming

    • Robustness (including liveness, ...)

    • Availability

    • Extendibility, reusability

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM85


Generality

Generality

  • Provide a simple, general, easy to use concurrency and distribution mechanism for programming concurrent applications:

    • Internet and Web programming.

    • Web services, peer-to-peer...

    • Client-server applications.

    • Distributed processing.

    • Multi-threading.

    • Multiple processes (Unix, Windows 95, Windows NT).

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM86


An example multithreading

An example: Multithreading

  • Increasingly popular

  • Notoriously hard to get right; major mistakes remain in released applications; theoretical pitfalls

  • Impedance mismatch with O-O programming concepts

  • Synchronization often achieved by low-level mechanisms

O1

name

“Almaviva”

landlord

loved_one

O3

O2

“Figaro”

“Susanna”

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM87


Concurrency and objects

Concurrency and objects

“I can’t understand why objects [of O-O languages]

are not concurrent in the first place”.

Robin Milner, 1991

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM88


Formulating the question

Formulating the question

  • What is the simplest extension of object technology that will support all forms of concurrent computation — in an elegant, general and efficient way?

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM89


Basic o o mechanism

Basic O-O mechanism

  • Feature call (message passing):

    x.f (a)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM90


Concurrent o o should be easy

Concurrent O-O should be easy!

(But: it’s not!)

  • Analogies between objects/classes and processes/process-types:

    • General decentralized structure, independent modules.

    • Encapsulated behavior (a single cycle for a process; any number of routines for a class).

    • Local variables (attributes of a class, variables of a process or process type).

    • Persistent data, keeping its value between successive activations.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM91


But the analogy breaks down quickly

But the analogy breaks down quickly…

  • ... and leaves room to apparent incompatibilities:

    • Classes are repositories of services; it is fundamental that they should be able to support more than one.

    • How will processes serve each other’s requests?

    • The "inheritance anomaly"

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM92


Capturing common behaviors

Capturing common behaviors

deferred classPROCESS

feature

liveis

-- General structure with variants.

do

from

setup

until

over

loop

step

end

finalize

end

feature {NONE}

setupis deferred end

over: BOOLEANis deferred end

stepis deferred end

finalizeis deferred end

end

Why limit ourselves to just one behavior when we can have as many as we want?

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM93


A printer mechanism

A printer mechanism

classPRINTER

inherit

PROCESS

rename

overasoff_line,

finalizeasstop

end

feature

stopis

-- Go off-line.

do

off_line := True

end

stepis

-- Execute individual actions of an iteration step.

do

start_job

process_job

finish_job

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM94


A printer mechanism cont d

A printer mechanism (cont’d)

feature {NONE}

setupis

do

end

start_jobis

do

end

process_jobis

do

end

finish_jobis

do

end

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM95


Other possible features

Other possible features

print_diagnostics

prepare_for_maintenance

restart_job

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM96


The basic triangle of computation

The basic triangle of computation

  • Computing consists of applying operations to objects; to do so requires the appropriate mechanisms – processors.

Action

Object

Processor

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM97


Separate entities

Separate entities

  • A call of the form x.f (a) has different semantics when handled by the same or different processors.

  • Need to declare whether client processor is the same as supplier processor or another.

    x: separateA

  • Contrast with the usual

    x: A

  • which guarantees handling by same processor.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM98


Consistency rule

Consistency rule

  • In assignment

    x := y

  • If the source y is separate, the target x must be separate too.

  • Same rule for argument passing.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM99


Separate entities and classes

Separate entities and classes

b: separateBOUNDED_QUEUE [SOME_TYPE]

or:

separate classBOUNDED_BUFFER [G]

inherit

BOUNDED_QUEUE [G]

end

x: BOUNDED_BUFFER [SOME_TYPE]

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM100


Creation

Creation

  • If xis separate, then the creation instruction

    createx

  • grabs a new processor, physical or virtual, and assigns it to handle the object.

  • Also: it is possible to obtain a separate object as the result of a function. So processors can be allocated outside of Eiffel text proper.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM101


Generality1

Generality

  • “Separate” declaration does not specify the processor.

  • Semantic difference between sequential and concurrent computation narrowed down to difference for separate calls:

    • Precondition semantics

    • Argument passing semantics

    • Creation semantics.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM102


Two level architecture

Two-level architecture

  • General-purpose top layer (SCOOP).

  • Several architecture-specific variants at the bottom layer (SCOOP handles).

  • Initial handles: .NET remoting; POSIX threads;

SCOOP

HANDLE 1

HANDLE 2

HANDLE n

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM103


Two level architecture1

Two-level architecture

SCOOP

.NET

THREADS

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM104


Predefined constructs and libraries

Predefined constructs and libraries

  • Define specific details (how many processors...) and scheduling policies through libraries.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM105


Processor assignment

Processor assignment

  • The assignment of actual physical resources to (virtual) processors) is entirely dynamic and external to the software text.

  • Simple notation: Concurrency Control File (CCF)

    creation

    proc1: sales.microsoft.com (2),coffees.whitehouse.gov (5), ...

    proc2: 89.9.200.151 (1), ...

  • Physical resources may be Internet nodes, threads, Unix or Windows processes, etc.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM106


End of lecture 25

End of lecture 25

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM107


Lecture 26 concurrent o o principles

Lecture 26: Concurrent O-O principles

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM108


Design by contract

Design by Contract

classBOUNDED_QUEUE [G]

feature

put (x: G) is

-- Add x to queue.

require

notis_full

do

ensure

notis_empty

end

remove: Gis

-- Delete oldest element from queue.

require

notis_empty

do

ensure

notis_full

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM109


The contract model cont d

The contract model (cont’d)

invariant

maxcount = capacity – 1

0 <= oldest

oldest <= capacity

0 <= next

next <= capacity

abs (next – oldest) < capacity

end

oldest

1

capacity

maxcount

next

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM110


The contract of a feature

The contract of a feature

Obligations

Benefits

(Satisfy precondition:)

Make sure queue not full.

(From postcondition:)

Make queue not empty, x added.

Client

(Satisfy postcondition:)

Insert x, making sure queue is not empty.

(From precondition:)

Simpler processing thanks to assumption that queue not full.

Supplier

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM111


The correctness of a class

The correctness of a class

createa.make (…)

  • (1-n) For every exported routine r: {INV and prer} dor {INV and postr}

  • (1-m) For every creation procedure cp: {precp} docp {postcp and INV}

S1

a.f (…)

S2

a.g (…)

S3

a.f (…)

S4

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM112


Express messages

Express messages?

  • An express message is a message that must be treated right away, interrupting any current routine call.

    • But: how do we preserve the consistency of objects (invariants)?

  • The model will support a restricted form of express messages, which does not conflict with provability.

  • Unit of granularity for mutual exclusion is routine call.

  • But: can be interrupted, causing an exception.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM113


Provability

Provability

  • Proof rule for routines:

    { INV  p }  Body (r)  { INV  q }

    p  Pre (r) q Post (r)

    {p’ }  Call (r)  { q’ }

    p  Pre (r) q Post (r)

  • In other words: to prove the validity of all calls, it suffices to prove (once!) the correctness of the body.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM114


What becomes of the contract model

What becomes of the contract model?

q: BOUNDED_QUEUE [X]

a: X...if notq.is_fullthenq.put (a)end

Or: q.removeq.put (x)

  • But: this does not work for separate threads of control!

  • What do preconditions now mean?

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM115


Reserving an object

Reserving an object

q: separateBOUNDED_QUEUE [X]

a: X...a := q.item... Other instructions (not calling remove) ...q.remove

  • How do we guarantee that item and remove apply to the same buffer element?

  • Proposed answer: Just use encapsulation. Argument passing serves as reservation. If object busy (processor not available), block object; processor will service other object if possible.

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM116


Reserving an object cont d

Reserving an object (cont’d)

classBUFFER_ACCESS [X]

featureput (q: separateBOUNDED_QUEUE [G]; x: G) is-- Insert x into q, waiting if necessary

-- until there is room.requirenotq.is_fulldoq.put (x)ensurenotq.is_emptyend

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM117


Reserving an object cont d1

Reserving an object (cont’d)

remove (q: separateBOUNDED_QUEUE [G]) is-- Remove an element from q, waiting if -- necessary until there is such an element.requirenotq.is_emptydoq.removeensurenotq.is_fullenditem (q: separateBOUNDED_QUEUE [G]): Gis-- Oldest element not yet consumed... Left to reader ...

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM118


Semantic rules

Semantic rules

  • With the class as shown on the previous pages, the call

    put (q)

  • will block until:

    • q is available.

    • The precondition notq.is_full is true.

  • The new rule only affects:

    • Separate arguments.

    • Precondition clauses which include calls on separate targets (i.e. x.f withxseparate).

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM119


The original proof rule

The original proof rule

{ INV  p }  Body (r)  { INV  q }

p  Pre (r) q Post (r)

{p’ }  Call (r)  { q’ }

p  Pre (r) q Post (r)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM120


The new proof rule

The new proof rule

{ INV  p } Body (r) { INV  q }

p  Nonsep_Pre (r)q Nonsep_Post (r)

{ p’ }  Call (r)  { q’ }

p  Nonsep_Pre (r) q Nonsep_Post (r)

  • Nonsep_pre (r): set of clauses in r’s precondition which do not involve any separate calls.

  • Similarly for Nonsep_post (r).

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM121


Wait by necessity

Wait by necessity

r (...; t: separateSOME_TYPE; ...) isdo...t.f (...)other_instructionsend

  • When do we wait?

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM122


Wait by necessity cont d

Wait by necessity (cont’d)

  • For example:

    r (...; t: separateSOME_TYPE; ...) isdo...t.p (...)other_instruction_1

    ...

    other_instruction_n

    k:=t.some_valueend

  • Wait on queries (calls to attributes and functions), not procedure calls.

WAIT HERE

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM123


Blocking semantics is not always appropriate

Blocking semantics is not always appropriate

f: FILE

...

iff /= Voidand thenf.readablethenf.some_input_routine

--some_input_routineis any routine

-- that reads data from the file;

-- its precondition is readable.end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM124


Duels2

Duels

  • Request immediate service: immediate_service

  • Accept immediate service: yield

Challenger

Holder

normal_service

immediate_service

insist

Challenger waits

Exception in challenger

Exception in holder; serve challenger.

yield

Challenger waits

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM125


Dining philosophers

Dining philosophers

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM126


Dining philosophers cont d

Dining philosophers (cont’d)

separate classPHILOSOPHER

inheritPROCESSrename

setupasgetup

end

create

make

feature {BUTLER}stepisdothink

eat (left, right)

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM127


Dining philosophers cont d1

Dining philosophers (cont’d)

feature {NONE}left, right: separateFORK

-- The two required forks

getupis-- Take any necessary initialization action.do

...

endthinkis-- Any appropriate action.do

...

endeat (l, r: separateFORK) is-- Eat, having grabbed l and r.do

...

end

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM128


A binary tree class non parallel

A binary tree class, non-parallel

classBINARY_TREE [G]

feature

left, right: BINARY_TREE [G]

nodes: INTEGERis

-- Number of nodes in this tree

do

Result := node_count (left) + node_count (right) + 1

end

feature {NONE}

node_count (b: BINARY_TREE [G]): INTEGERis

-- Number of nodes in b

do

ifb /= Voidthen

Result := b.nodes

end

end

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM129


A binary tree class parallel version

A binary tree class: Parallel version

separate classBINARY_TREE [G]

feature

left, right: BINARY_TREE [G]

… Other features …

nodes: INTEGER

update_nodesis

-- Update nodes to reflect number of nodes in this

-- tree.

do

nodes := 1

compute_nodes (left)

compute_nodes (right)

adjust_nodes (left)

adjust_nodes (right)

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM130


Parallel version cont d

Parallel version (cont’d)

feature {NONE}

compute_nodes (b: BINARY_TREE [G]) is

-- Update information about the number of nodes in b.

do

ifb /= Voidthen

b.update_nodes

end

end

adjust_nodes (b: BINARY_TREE [G]) is

-- Adjust number of nodes from those in b.

do

ifb /= Voidthen

nodes := nodes + b.nodes

end

end

end

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM131


Other examples in oosc 2

Other examples in OOSC-2

  • Coroutines

  • Locking a resource — semaphores

  • An elevator control system

  • A watchdog mechanism (execute an action, but take control back if not done after t seconds)

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM132


Two level architecture2

Two-level architecture

SCOOP

.NET

THREADS

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM133


Net remoting library

.NET remoting library

  • Provides a good basis for SCOOP:

    • AppDomains: Partition object set

    • Marshal by Value, Marshal by Reference

    • All types are potentially remotable

    • Threading library

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM134


Appdomains

AppDomains

Process

AppDomain

AppDomain

O1

name

“Almaviva”

Context

landlord

loved_one

O3

O2

“Figaro”

“Susanna”

Context

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM135


Challenges

Challenges

  • Conceptual:

    • Systematic approach to deadlock prevention

    • Precise fairness policies

    • Proof rules, actual proofs.

  • Organizational:

    • Language & compiler integrationBut also an opportunity

    • Building industrial-grade software in a universityBut: ETH CS tradition; Dept and university support

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM136


End of lecture 26

End of lecture 26

Slides based on Object Oriented Software Construction 2014-09-23 6:27 PM137


  • Login