Más contenido relacionado Similar a Leveraging Software Architectures to Guide and Verify the Development of Sense/Compute/Control Applications (20) Leveraging Software Architectures to Guide and Verify the Development of Sense/Compute/Control Applications1. Leveraging Software Architecturesto Guide and Verify the Development of Sense/Compute/Control Applications Damien Cassou1,2, Emilie Balland1, Charles Consel1, Julia Lawall3 1Phoenix, INRIA, France 2Software Architecture Group, HPI, Germany 3APL, DIKU, Denmark 2. Contributions A design language to specify a software system A compiler to process such specification for the verification of safety properties the guidance of the implementation the conformance 2 Context: Sense/Compute/Control software systems 11. The SCC Architectural Style sources sensors actuators actions orders control operators Environment refined information context operators raw data 7 [Chen et al., Context aggregation and dissemination in ubiquitous computing, WMCSA’02] [Edwards et al., Architecture-driven self-adaptation and self-management in robotics, SEAMS’09] 12. The SCC Architectural Style 8 sources actuators sensors actions Control orders control operators Sense Environment Compute refined information context operators raw data 13. 9 Environment Interface Application Logic sources actuators sensors actions control operators Environment context operators 14. 10 The SCC Architectural Style control operators Information use Information refinement context operators 16. a compiler Objectives to verify safety properties to guide implementation to ensure conformance 18. Compiling a Design Design Language abstract generated Design Compiler Software system defeats guidance and verification concrete Design 13 19. Compiling a Design Design Language abstract generated Design Compiler Software system mixes design and implementation generated concrete Software System Design Compiler 14 20. Compiling a Design Design Language abstract generated Software system Design Compiler generated Compiler Software System Design generated concrete Software System Design Compiler 15 21. Our Approach Design language GPL Compiler Design GPL programming framework developer’s code 16 25. 20 Diving Into the Design Language sources actuators sensors actions alarm triggering control operators Environment intrusion? context operators motion detection 27. 22 sources actuators sensors actuators actions control operators control operators context operators context operators sensors 28. design language dedicated to SCC actuators context Intrusion as Boolean { context BuildingLocked; context Presence; } control operators 23 Boolean Intrusion context operators Boolean Boolean Presence Building Locked sensors 29. 24 keycode motion Keypad MotionSensor actuators control operators Boolean Intrusion context operators Boolean Boolean Presence Building Locked Boolean Integer sensors 30. 25 keycode motion Keypad MotionSensor Alarm actuators OnOff control operators IntrusionManager controller IntrusionManager{ context Intrusion; action OnOff on Alarm; } Intrusion Boolean Boolean Presence Building Locked Boolean Integer sensors 31. keycode motion image Alarm Mailer Keypad Keypad MotionSensor Camera actuators OnOff Send UpdateSt control operators IntrusionManager SecurityManager Boolean Intrusion File context operators Boolean Boolean Scene Image Presence Building Locked 26 File Boolean Integer sensors 33. 28 Interaction Description event 3 Intrusion Intrusion request event 2 Presence Building Locked 1 Building Locked Presence multiple interpretations event 1 request 3 Intrusion Intrusion request event 2 request request 1 2 Building Locked Building Locked 2 Presence Presence 34. 29 Interaction Description event 3 Intrusion request too abstract! event 2 1 Building Locked Presence multiple interpretations event 1 request 3 Intrusion Intrusion request event 2 request request 1 2 Building Locked Building Locked 2 Presence Presence 36. Interaction Contracts source Sensor 3 event Main 1 Activation condition event 2 Data requirement 1 request 2 3 Emission 2 request Context Operator3 Context Operator2 31 37. Interaction Contracts 3 Intrusion 1 Activation condition context Intrusion asBoolean { context Presence; context BuildingLocked; interaction { whenprovided Presence get BuildingLocked maybepublish } } 2 Data requirement 2 1 32 3 Emission Building Locked Presence 1 2 3 44. Code Generation 36 Alarm Mailer controller IntrusionManager{ context Intrusion; contextSceneImage; interaction { whenprovided Intrusion getSceneImage do OnOff on Alarm,Send on Mailer } } OnOff Send IntrusionManager Boolean File Intrusion Scene Image abstractclassAbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImagesceneImage, Select select); protectedfinalclass Actions { … } protectedfinalclass Select { … } protectedfinalclassSceneImage { … } } generated framework code 45. Code Generation 37 Alarm Mailer controller IntrusionManager{ context Intrusion; contextSceneImage; interaction { whenprovided Intrusion getSceneImage do OnOff on Alarm,Send on Mailer } } OnOff Send IntrusionManager Boolean File Intrusion Scene Image abstractclassAbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImagesceneImage, Select select); protectedfinalclass Actions { … } protectedfinalclass Select { … } protectedfinalclassSceneImage { … } } generated framework code 46. Code Generation 38 Alarm Mailer controller IntrusionManager{ context Intrusion; contextSceneImage; interaction { whenprovided Intrusion getSceneImage do OnOff on Alarm,Send on Mailer } } OnOff Send IntrusionManager Boolean File Intrusion Scene Image abstractclassAbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImagesceneImage, Select select); protectedfinalclass Actions { … } protectedfinalclass Select { … } protectedfinalclassSceneImage { … } } generated framework code 47. Code Generation 39 Alarm Mailer controller IntrusionManager{ context Intrusion; contextSceneImage; interaction { whenprovided Intrusion getSceneImage do OnOff on Alarm,Send on Mailer } } OnOff Send IntrusionManager Boolean File Intrusion Scene Image abstractclassAbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImagesceneImage, Select select); protectedfinalclass Actions { … } protectedfinalclass Select { … } protectedfinalclassSceneImage { … } } generated framework code 48. Code Generation 40 Alarm Mailer controller IntrusionManager{ context Intrusion; contextSceneImage; interaction { whenprovided Intrusion getSceneImage do OnOff on Alarm,Send on Mailer } } OnOff Send IntrusionManager Boolean File Intrusion Scene Image abstractclassAbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImagesceneImage, Select select); protectedfinalclass Actions { … } protectedfinalclass Select { … } protectedfinalclassSceneImage { … } } generated framework code 49. Code Generation 41 Alarm Mailer controller IntrusionManager{ context Intrusion; contextSceneImage; interaction { whenprovided Intrusion getSceneImage do OnOff on Alarm,Send on Mailer } } OnOff Send IntrusionManager Boolean File Intrusion Scene Image abstractclassAbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImagesceneImage, Select select); protectedfinalclass Actions { … } protectedfinalclass Select { … } protectedfinalclassSceneImage { … } } generated framework code 50. Code Generation 42 Alarm Mailer controller IntrusionManager{ context Intrusion; contextSceneImage; interaction { whenprovided Intrusion getSceneImage do OnOff on Alarm,Send on Mailer } } OnOff Send IntrusionManager Boolean File Intrusion Scene Image abstractclassAbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImagesceneImage, Select select); protectedfinalclass Actions { … } protectedfinalclass Select { … } protectedfinalclassSceneImage { … } } generated framework code 51. Code Generation 43 Alarm Mailer controller IntrusionManager{ context Intrusion; contextSceneImage; interaction { whenprovided Intrusion getSceneImage do OnOff on Alarm,Send on Mailer } } OnOff Send IntrusionManager Boolean File Intrusion Scene Image abstractclassAbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImagesceneImage, Select select); protectedfinalclass Actions { … } protectedfinalclass Select { … } protectedfinalclassSceneImage { … } } generated framework code 52. Code Generation 44 Alarm Mailer controller IntrusionManager{ context Intrusion; contextSceneImage; interaction { whenprovided Intrusion getSceneImage do OnOff on Alarm,Send on Mailer } } OnOff Send IntrusionManager Boolean File Intrusion Scene Image abstractclassAbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImagesceneImage, Select select); protectedfinalclass Actions { … } protectedfinalclass Select { … } protectedfinalclassSceneImage { … } } generated framework code 53. Code Generation 45 Alarm Mailer controller IntrusionManager{ context Intrusion; contextSceneImage; interaction { whenprovided Intrusion getSceneImage do OnOff on Alarm,Send on Mailer } } OnOff Send IntrusionManager Boolean File Intrusion Scene Image abstractclassAbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImagesceneImage, Select select); protectedfinalclass Actions { … } protectedfinalclass Select { … } protectedfinalclassSceneImage { … } } generated framework code 54. Code Generation 46 Alarm Mailer controller IntrusionManager{ context Intrusion; contextSceneImage; interaction { whenprovided Intrusion getSceneImage do OnOff on Alarm,Send on Mailer } } OnOff Send IntrusionManager Boolean File Intrusion Scene Image abstractclassAbstractIntrusionManager { abstract Actions onIntrusion( boolean intrusion, SceneImagesceneImage, Select select); protectedfinalclass Actions { … } protectedfinalclass Select { … } protectedfinalclassSceneImage { … } } generated framework code 55. Implementation abstractclassAbstractIntrusionManager { abstract ActionsonIntrusion( boolean intrusion, SceneImagesceneImage, Select select); } 47 Alarm Mailer OnOff Send IntrusionManager generated framework code Boolean File Intrusion Scene Image classIntrusionManagerextendsAbstractIntrusionManager { ActionsonIntrusion(boolean intrusion, SceneImagesceneImage, Select select){ if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; } } developer code 56. Implementation 48 Alarm Mailer abstractclassAbstractIntrusionManager { abstract ActionsonIntrusion( boolean intrusion, SceneImagesceneImage, Select select); } OnOff Send IntrusionManager generated framework code Boolean File Intrusion Scene Image classIntrusionManagerextendsAbstractIntrusionManager { ActionsonIntrusion(boolean intrusion, SceneImagesceneImage, Select select){ if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; } } developer code 57. Implementation 49 Alarm Mailer abstractclassAbstractIntrusionManager { abstract ActionsonIntrusion( boolean intrusion, SceneImagesceneImage, Select select); } OnOff Send IntrusionManager generated framework code Boolean File Intrusion Scene Image classIntrusionManagerextendsAbstractIntrusionManager { ActionsonIntrusion(boolean intrusion, SceneImagesceneImage, Select select){ if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; } } developer code 58. Implementation 50 Alarm Mailer abstractclassAbstractIntrusionManager { abstract ActionsonIntrusion( boolean intrusion, SceneImagesceneImage, Select select); } OnOff Send IntrusionManager generated framework code Boolean File Intrusion Scene Image classIntrusionManagerextendsAbstractIntrusionManager { ActionsonIntrusion(boolean intrusion, SceneImagesceneImage, Select select){ if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; } } developer code 59. Implementation 51 Alarm Mailer abstractclassAbstractIntrusionManager { abstract ActionsonIntrusion( boolean intrusion, SceneImagesceneImage, Select select); } OnOff Send IntrusionManager generated framework code Boolean File Intrusion Scene Image classIntrusionManagerextendsAbstractIntrusionManager { ActionsonIntrusion(boolean intrusion, SceneImagesceneImage, Select select){ if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; } } developer code 60. Implementation 52 Alarm Mailer abstractclassAbstractIntrusionManager { abstract ActionsonIntrusion( boolean intrusion, SceneImagesceneImage, Select select); } OnOff Send IntrusionManager generated framework code Boolean File Intrusion Scene Image classIntrusionManagerextendsAbstractIntrusionManager { ActionsonIntrusion(boolean intrusion, SceneImagesceneImage, Select select){ if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; } } developer code 61. Implementation 53 Alarm Mailer abstractclassAbstractIntrusionManager { abstract ActionsonIntrusion( boolean intrusion, SceneImagesceneImage, Select select); } OnOff Send IntrusionManager generated framework code Boolean File Intrusion Scene Image classIntrusionManagerextendsAbstractIntrusionManager { ActionsonIntrusion(boolean intrusion, SceneImagesceneImage, Select select){ if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; } } developer code 62. Implementation 54 Alarm Mailer abstractclassAbstractIntrusionManager { abstract ActionsonIntrusion( boolean intrusion, SceneImagesceneImage, Select select); } OnOff Send IntrusionManager generated framework code Boolean File Intrusion Scene Image classIntrusionManagerextendsAbstractIntrusionManager { ActionsonIntrusion(boolean intrusion, SceneImagesceneImage, Select select){ if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; } } developer code 63. Implementation 55 Alarm Mailer abstractclassAbstractIntrusionManager { abstract ActionsonIntrusion( boolean intrusion, SceneImagesceneImage, Select select); } OnOff Send IntrusionManager generated framework code Boolean File Intrusion Scene Image classIntrusionManagerextendsAbstractIntrusionManager { ActionsonIntrusion(boolean intrusion, SceneImagesceneImage, Select select){ if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; } } developer code 65. leverage code completionclassIntrusionManagerextendsAbstractIntrusionManager { ActionsonIntrusion(boolean intrusion, SceneImagesceneImage, Select select){ if (intrusion) { Actions actions; actions = select.alarms().all().on(); Mailer mailer = select.mailers().anyOne(); File image = sceneImage.get(); actions.add(mailer.send(“Intrusion !”, “admin”, image)); return actions; } } developer code 66. Summary A design language dedicated to specifying SCC software systems A compiler to process such specification for the guidance of the implementation the conformance 57 67. Status Report Implementation using standard language tools Java, ANTLR, StringTemplate Safety property verification generation of Promela specifications e.g., interaction invariants Several application domains avionics: simulated auto-pilot and AR drone building automation: light, fire, security, newscast, etc. misc.: web-server monitoring, home messenger, etc. Ongoing empirical evaluation with both students and professional software engineers http://diasuite.inria.fr Damien Cassou, Emilie Balland, Charles Consel, Julia Lawall 71. Code Generation 3 boolean motion MotionSensor Presence 1 2 3 <⇑MotionSensor.motion; ⇓MotionSensor.motion; ⇑ self > boolean 1 2 abstractclassAbstractPresence { abstractbooleanonMotionFromMotionSensor( boolean motion, Select select); } 62 1 2 3 1 generated framework code 72. Implementation 3 boolean motion MotionSensor Presence 2 boolean 1 abstractclassAbstractPresence { abstractbooleanonNewMotionFromMotionSensor( boolean motion, Select select); } generated framework code class Presence extendsAbstractPresence { booleanonMotionFromMotionSensor(boolean motion, Select select) { if (motion) return true; MotionSensors sensors = select.motionSensors().all(); for (MotionSensor sensor : sensors) if (sensor.getMotion()) return true; return false; } } developer code 63 73. A Research Vehicle This work is part of a larger research project with 7 PhDs leveraging the frameworks QoS (FASE’11) security (ICPS’09, DAIS’11) error-handling (OOPSLA’10) virtual testing (Mobiquitous’10 and ‘09) SIP (ICC’10, ICIN’09, IPTComm’08) end-user programming (DSLWC’09) 64 74. Limitations Applies only to new projects Applies only to Sense/Compute/Control Requires architects to learn a new language Imposes small run-time overhead 65 Notas del editor Software architectures have long been used as a way to make software design explicit. However, these architectures are barely leveraged to guide subsequent phases of a software development cycle. In this work, we propose to leverage software architectures for the implementation and verification phases SCC applications are applications that interact with an external environment In this pattern, sensors…Interactions between these components are restricted.Explain that it separates the logic and the environment handling In this style, sensors…Interactions between these components are restricted In this style, sensors…Interactions between these components are restricted In this style, sensors…Interactions between these components are restricted The pattern guides the architect in describing his application. We want to go further and use this description to guide… REQUEST + EVENT CONFORMANCE