Title: Component Composition for Embedded Systems Using Semantic AspectOriented Programming
1Component Composition for Embedded Systems Using
Semantic Aspect-Oriented Programming
- Martin Rinard
- Laboratory for Computer Science
- Massachusetts Institute of Technology
- F33615-00-C-1692
2Problem Description
- How can we improve flexibility, reliability, and
predictability of software for embedded and
real-time systems? - Need for better support for distributed
computations - Need to easily compose components on different
platforms - Need for implementations that survive partial
failures - Need for better understanding of distributed
implementations - Understand communication patterns and their
implications - Support for fault propagation analysis
- Exploit information to transform software
- Lack of real-time support in standard languages
and systems - Lack of real-time memory management support in
Java - Lack of real-time scheduling support in Java
3Objective
Technical Approach
- Role Analysis
- Capture changing roles objects play in
computation - Points-to relationships determine roles
- Role Specifications
- Programmer supplied
- Dynamically discovered
- Statically verified
- Transformations
- Specialized communication
- Point-to-point
- Targeted multicast
- Request/response
- Preemptively move or replicate objects to close
windows of vulnerability
- Interaction Analysis
- Match role changes with component movements
- Match publishers and subscribers
- Compute failure propagation information
Support for Distributed Real-Time Systems
- Shared Object Communication
- Shared reference system
- Thread-based failure model
Distributed Interaction System
- Event Notification
- Publish/Subscribe Primitives
- Predictable Memory Management
- Region-Based allocation primitives
- Pointer and escape analysis
- Validates correct region use
- Eliminates dynamic checks
- Role analysis enables safe explicit memory
deallocation
- Real-Time Scheduling
- Compiler-controlled scheduling
- Preemptive thread scheduling
- Asynchronous event dispatch
Real Time Java
4System Architecture
Shared Object Space
Shared Event Space
Subscribe
Publish
Distributed RTJ Components
5Objectives for Distributed Components
- Understand how components interact
- Event notification relationships
- Communication patterns
- Failure propagation
- Replace pub/sub with specialized mechanisms
- Point-to-point communication
- Multicast communication
- Request/response communication
- Preemptively move or replicate objects to close
windows of vulnerability to failures
6Technical Approach
- Observations
- Objects play different roles in computation
- Role is conceptually similar to type
- Capture important differences between objects
- Useful constraints associated with roles (cant
apply stop operation to stationary tank)
Stationary Tank
Moving Tank
Disabled Tank
Roles
7Technical Approach
- Observations
- Role of object may change during computation
- Even though identity stays the same
Stationary Tank
Moving Tank
Disabled Tank
Roles
Role Transitions
8Technical Approach
- Observations
- In a standard type system
- Objects type corresponds to its class
- Objects class does not change
- Type system does not capture objects roles
Tank
Class
Stationary Tank
Moving Tank
Disabled Tank
Roles
Role Transitions
9Technical Approach
- Goal
- Develop a formalism (role types) to capture
changing roles that objects play in computation - Statically verify role constraints and
transitions
Tank
Class
Stationary Tank
Moving Tank
Disabled Tank
Roles
Role Transitions
10Role Transitions
StationaryTankList
MovingTankList
DisabledTankList
11Role Transitions
StationaryTankList
MovingTankList
DisabledTankList
12Role Transitions
StationaryTankList
MovingTankList
DisabledTankList
13Role Classification
- Relative Classification
- Role determined by data structure membership
- Role changes correspond to movements between data
structures - Role depends on points-to relationships
- Content-based Classification
- Role determined by values of objects fields
- Role changes correspond to field assignments
- History-based Classification
- Role determined by operations applied to object
- Role changes correspond to method executions
14Relative Role View of Objects
- For Each Role
- Set of incoming slots
- Reference that fills each slot (role.field)
Stationary Tank List Node
Stationary Tank
String
Tank Model
next
Integer
Top Speed
item
Current Speed
Moving Tank List Node
Moving Tank
String
- Stationary Tank Role
- One incoming slot
- Filled by Stationary Tank List Node.item Reference
Tank Model
next
Integer
Top Speed
item
Current Speed
Integer
- Moving Tank Role
- One incoming slot
- Filled by Moving Tank List Node.item Reference
15Role Analysis
- Role information at method boundaries
- Programmer provided or
- Dynamically discovered
- Statically verified using generalized
interprocedural shape analysis
16Applications of Roles
- Roles provide object referencing relationships
- Object referencing determines interaction
patterns - Interaction analysis leverages roles to
statically extract interaction patterns - Match publishers with subscribers
- Match role changes with movements of objects
between components - Compute failure propagation information
- Move or replicate objects to eliminate windows of
failure vulnerability
17More Benefits of Roles
- Software Engineering Benefits
- Enhanced implementation transparency
- Role constraints safety checks that take
application semantics into account - Safe explicit memory deallocation
18Real-Time Java
19Real-Time Java Memory Management
- Scoped Memories for Real-Time Memory Management
- Implementation in MIT Flex System
- Pointer and Escape Analysis
- Verifies correct use of scoped memories
- Eliminates dynamic scoped memory checks
- Analysis of Multithreaded Programs (PPoPP 01)
- Computes interactions between threads
- Capture objects accessed by multiple threads
- Incrementalized Analysis (PLDI 01)
20Real-Time Java Scheduling
- Compiler-controlled scheduling
- Start with lightweight user-level threads package
- Compile scheduling checks into generated code
- Check for
- Asynchronous event dispatch
- Preemptive thread switch
- Result
- Scheduler part of Java Run-Time (at user level)
- Can be partially generated by compiler
- Minimal demands on OS
- Maximum flexibility in implementation
21Contribution to PCES Goals
- What we provide Automated understanding of
distributed, embedded, and real-time software - Analyses
- Pointer and escape analysis
- Role analysis
- Interaction analysis
- Some envisioned uses
- Safe memory management alternatives for Real-Time
Java - Verification of safe use of region-based
allocation - Roles enable explicit deallocation instead of
garbage collection - Interaction analysis
- Understanding and validation of synchronization
interactions - Understanding of communication patterns
- Understanding of how failures propagate
- Validations of ABSENCE of interactions
- Transformations
- Specialized, efficient communication
implementations - Close windows of failure vulnerability
22Contribution to Military Applications
- Basic Contribution More Flexible, Reliable,
Predictable Real-Time, Distributed, and Embedded
Systems - Implementation technology to enable use of
standard, widely used language (Java) in military
applications - Compiler-controlled event and thread management
- Memory management algorithms for real-time
systems - Analyses and transformations for understanding
and improving military software systems - Potential application areas
- Real-time monitoring and control
- Information collection and presentation
- Integrating (distributed) systems of systems
23Project Tasks and Schedule
- Real-Time Java Implementation
- Scoped Memories (Year 1)
- Thread and Event Scheduling (Year 3)
- Publish/Subscribe Implementation
- Initial prototype (Year 2)
- Final version (Year 4)
- Pointer and Escape Analysis (Year 1)
- Role Analysis
- Initial design and implementation (Year 2.5)
- Final design and implementation (Year 4)
- Interaction Analysis and Transformations
- Failure propagation analysis (Year 3)
- Transformations to close windows of failure
vulnerability (Year 4)
24Technical Progress/Accomplishments
- Implementation of Real-Time Java Scoped Memories
- Scoped memory allocation primitives
- Pointer and escape analysis for multithreaded
programs (PPoPP 01) - Verify correct use of scoped allocation
- Eliminate dynamic checks
- Incrementalized pointer and escape analysis (PLDI
01) - Initial phases of distributed surveillance
application - Initial JavaCar prototype 1/6 scale car with
- 233 MHz StrongARM, 32 Mbytes, running Java on
Linux - Camera, wireless ethernet, USB, various sensors
- Speed and steering control
- Initial role design, specification language,
analysis
25Next Milestones
- Progress in Following Areas
- Publish/Subscribe Design and Implementation
- Realization in Java (Event class)
- Event distribution mechanism
- Shared object space mechanism
- Real-Time Java Threads and Events
- Role Design, Specification, and Analysis
- JavaCar and Surveillance Applications
26Collaborations
- Washington University
- Real-Time Java Memory Management
- Dynamic Scope Generation (Washington)
- Static Scope Verification (MIT)
- Real-Time Event Service
- Stanford, Kansas State University (Model
Extraction) - Purdue, SUNY Oswego, Maryland (RT Java)
- Utah (Analysis for Component Constraints)
- Anyone else with Real-Time Java needs
- We provide prototype open implementation
- We provide analysis prototypes
27Technology Transfer
- Illustrations of Implementation Techniques for
Real-Time Java - Implementation available under GNU GPL
- Anyone can download it, use it, improve it
- http//www.cag.lcs.mit.edu/rinard/pces
- Real-Time Java as Infection Vector
- Integrated pointer and escape analysis
- Correctness tool for region allocation
- Enables stack allocation (reduces memory
footprint) - Integrated role discovery and analysis
- Dynamic discovery leads to easy initial
experience - Roles become central abstraction for developer
- Roles publish/subscribe system easy,
effective distribution - Communication and failure propagation analysis
- Useful transformations
- Dynamic deployment
- Our system serves as prototype
- Illustrates key implementation techniques
- Helps others evaluate suitability for their
application
28Program Issues
29Objectives Technical Approach
- System Architecture
- Distributed Object-Oriented Programming
- Java shared object space
- Dynamically deployed components
- Publish/subscribe event model
- Powerful event mechanism
- Open, extensible system
- Communication via shared objects
- Object Relationship Analysis
- Goal Match Object and Computation Lifetimes
- Pointer and escape analysis for multithreaded
programs - Goal Capture and exploit changing roles objects
play - Roles change as objects move between data
structures - Points-to relationships determine roles
- Role specifications at method boundaries
- Supplied by programmer or dynamically discovered
- Statically verified by role analysis
- Program analysis system statically knows all
object references
- Real-Time Java
- Region-based object allocation
- Compiler-controlled scheduling
- Compile scheduling checks into generated code,
check for - Asynchronous event dispatch
- Preemptive thread scheduling
- Priority ceiling and inheritance for monitors
- Interaction Analysis
- Characterizes interactions between components
- Uses roles to extract detailed object usage
information - Matches role changes and movements between
components - Matches publishers and subscribers
- Matches roles with object usage patterns
(migrating, inherited, shared, private objects) - Extracts failure propagation information
- Transformations
- Replace general publish/subscribe mechanism with
- Point-to-point communication (when appropriate)
- Controlled multicast (when appropriate)
- Request/response (when appropriate)
- Preemptively move or replicate objects to close
failure vulnerability windows
30Example Roles
Stationary Tank List Node
Tank Object
String
Tank Model
next
Integer
Top Speed
item
Current Speed
31Moving Tank List Node
Tank Object
String
Tank Model
next
Integer
Top Speed
item
Current Speed
Integer
32Standard View of Object
Incoming References
Outgoing References
Tank Object
String
Tank Model
Integer
Top Speed
Current Speed
Integer
Fields
33Incrementalized Analysis
Big Program
34Incrementalized Analysis
Object Allocation Sites to Capture
35Incrementalized Analysis
Standard Approach Analyze Entire Program
36Incrementalized Analysis
Our Approach Incrementally Analyze Region
Surrounding Each Allocation Site
37Incrementalized Analysis
Our Approach Incrementally Analyze Region
Surrounding Each Allocation Site
38Incrementalized Analysis
Our Approach Incrementally Analyze Region
Surrounding Each Allocation Site
39Incrementalized Analysis
- Key Question Where to invest analysis resources?
- Obtain estimates of
- Payoff of capturing allocation site
- Likelihood of capturing site
- If can capture site, cost of the capture
- As invest resources in site, improve estimates
- Invest resources in site with (current) best
estimated return on invested resources - Results show can obtain almost all benefit of
whole-program analysis at fraction of cost (PLDI
01)