Dataflow Networks

Click here to load reader

download Dataflow Networks

of 42

  • date post

    04-Feb-2016
  • Category

    Documents

  • view

    50
  • download

    0

Embed Size (px)

description

Dataflow Networks. László Gönczy gonczy@mit.bme.hu BME Méréstechnika és Információs Rendszerek Tanszék Based on slides of Dr. András Pataricza and Dr. Tamás Bartha. Dataflow modeling. Nondeterministic DFN formalism [Jonsson, Cannata] Structure Dataflow Graph (DFG) Nodes (units) - PowerPoint PPT Presentation

Transcript of Dataflow Networks

  • Dataflow NetworksLszl Gnczy gonczy@mit.bme.hu

    BME Mrstechnika s Informcis Rendszerek TanszkBased on slides of Dr. Andrs Pataricza and Dr. Tams Bartha

    Formal methods

  • Dataflow modelingNondeterministic DFN formalism[Jonsson, Cannata]StructureDataflow Graph (DFG)Nodes (units)Directed arcs (FIFO channels)BehaviorFiring rules: DataTokens

    Formal methods

  • Benefits of the method

    Formal methods

  • Formal descriptionDataflow network: tuple (N, C, S )N : set of nodesC : set of channelsI: incoming channelsO: outgoing channelsIN: internal channels (between nodes)S : set of statesDataflow channel:FIFO channel of infinite capacitybetween two nodesstate: Sc = Mc sequence of tokenskapcsolat a klvilggal

    Formal methods

  • Formal description of nodesDataflow node: n = (In,On,Sn,sn0,Rn,Mn), whereIn set of incoming channelsOn set of outoging channelsSn set of node statessn0 initial state of the node, sn0 Sn Mn set of tokensRn set of firing fules, rn Rn is a tuple (sn, Xin, sn, Xout, )sn states before and after firing, sn S Xin mapping of incoming channels, Xin : In MnXout mapping of outgoing channels, Xout : On Mn priority, N

    Formal methods

  • ExampleChannels with capacity of 1Network:DFN = ({n}, {in, out},{(s,0,0), (s,ok,0), (s,0,ok), (s,ok,ok)})Nodes:n = ({in}, {out}, {s}, s, {ok,0}, {r1})Firings:r1=ninout

    Formal methods

  • DFN example (Eclipse plugin)

    Formal methods

  • Evaluation of DFN+Interactive simulationValidation, proof of correctness (direct/indirect)Dinamyc properties: reachability, no deadlocks+Time analysis (indirect)Firing rules etxended with a probabilistic variable+Fault simulation (direct, discrete events)Extension of the operational model with a fault model+Test design (indirect)Test generation, analysis of testability, optimization of test setAnalysis of faults (indirect)FMEA: Fault Mode and Effect Analysis, fault tree and event tree(Dependability analysis) (indirect)Measures: reliability, availability, Mean Time Between Failures,

    Formal methods

  • Example: reference signal generatorBasic functionality:r0 = power_in ref_outAnalogous operation can also be modeled

    Formal methods

  • Example: reference signal generatorFault model:OK nominal valueFTY any other value (range)UNC uncertain valueExtended operations (normal + erroneous + uncertainity):r0 = r1 = r2 = r3 =

    Formal methods

  • Vending machinecoin_in/outselectcontrollercandies_outcoin_inchangeselect_candyfrom_coin_in/outto_coin_in/outfrom_selectto_candies_outfrom_candies_outout

    Formal methods

  • Model refinement for DFNBlack box viewOnly the relationship with the enviroment Syntactic interface: in-out channels, message typesSemantic interface: in-out messages (behaviour)White box viewCommunication refinementChanging the syntactic interface of a componentIn-out channels and message types may changeState space refinementState of nodes may changeStructural refinementdecomposition

    Formal methods

  • Model refinement for DFNModel refinement:Multilevel modelingPreserving concistency of state and behavior

    Formal methods

  • Model refinement for DFNGeneralization of black box and white box principles for dataflow networks:Domain refinementSet of tokensSet of statesStructural refinementNodes replaced with networks

    Formal methods

  • Set refinementRelation between elements and disjoint subsets

    ai, A, R(ai) B so that R(ai) R(aj)=0 i, jB1B3B2a1a2a3

    Formal methods

  • Domain refinementRefinement of token set: Mn is a refinement of MnIn-and out channels are unchangedRefinement of state set: Sn is a refinement of Sn-nekFiring rules must be changed!

    Formal methods

  • Token set refinement: exampler1 = r2 = r11 = r12 = r21 = r22 =

    n1Stateson{on}off{off}Tokensa{aa, ab}b{ba, bb}Firing rulesr1{r11, r12}r2{r21, r22}

    Formal methods

  • Domain refinement: tokens

    Formal methods

  • State set refinement: exampler1 = r2 = r3 = r11 = r21 = r22 = r31 = r32 =

    n1Statesgood{good}fty{hot, cold}Tokensa{a}b{b}c{c}Firing rulesr1{r11}r2{r21, r22}r3{r31, r32}

    Formal methods

  • Domain refinement: example

    Formal methods

  • Example: Reference signal generatorFault model:OK nominal voltageFTY any other valueOperation: r0 = r1 = r2 = r3 = r4 = power_in ref_out

    Formal methods

  • Example: refined operationState space refinement: s1 s1a, s1br0=r1=r21=r31=r32=r41=r42=Token set refinement: FTY LOW, HIGH (state s0),Token set refinement: FTY LOW, HIGH (state s1)

    Formal methods

  • Example: refined operationState space refinement: s1 s1a, s1bToken set refinement: FTY LOW, HIGH (state s0) r0=r11=r21=r31=r32=r41=r42=3. Token set refinement: FTY LOW, HIGH (state s1)

    Formal methods

  • Example: refined operationState space refinement : s1 s1a, s1bToken set refinement: FTY LOW, HIGH (state s0)Token set refinement: FTY LOW, HIGH (state s1)r0=r11=r21=r311=r321=r411=r412=r421=r422=No uncertainity

    Formal methods

  • Structure refinementModification of structureIn-out channels unchangedNew internal channels and nodesState mapping: node subnetToken set unchangedFirings -> sequences of firings

    Formal methods

  • Example: structure refinementoutn1n2intinninout

    Formal methods

  • Example: structure refinementrn1 = rn2 = rn11 = rn12 = rn21 = rn22 = rn23 = rn24 =

    n1Statesgood{{good, good, X},{good, fty, X}}fty{{fty, good, X},{fty, fty, X}}Tokensa{a}b{b}Firing rulesr1{rn11; rn21;rn11; rn23}r2{rn12; rn22;rn12; rn24}

    Formal methods

  • Example: Vending machinecoin_in/outselectcontrollercandies_outcoin_inchangeselect_candyfrom_coin_in/outto_coin_in/outfrom_selectto_candies_outfrom_candies_outout

    Formal methods

  • Refinementcandies_outcoin_in/outselectcontrollercoin_inchangeselect_candyfrom_coin_in/outto_coin_in/outfrom_selectto_candies_outfrom_candies_outouthw_logicmechanicsto_mechanics

    Formal methods

  • Verification of refinementRule-based design toolApplicaiton of definitions (by hand)By using Finite State Machines (FSM)Structural checkTransformation of node-node and node-subnet pairs NDFSTBisimulation of automaton pairs

    Formal methods

  • Model extensionMechanisms to be modeled:FaultsImpact of faultsError propagation

    Extension of the basic model (based on the fault model).

    Formal methods

  • Model extensionPhysical model (low level)Faults are physical defectsLogical model (higher level)Model perturbationModel extended with erroneous operation systematicallyif-then-else or switch-case descriptionE.g. wrong evaluation of a conditionList of perturbations is the fault modelGraph modelsNodes are system componentsEach containging its own fault modelWrong components propagate the error

    Formal methods

  • Fault modelingTokens and states of nodes have to be extended New firing rulesNon-interpreted (quailitative) modeling:Token can be good or faulty (coloring)Detailed fault model multiple levels Severity of faults: correct incorrect bad catastrophicE.g. result of a floating point operation: correct appr. correct too small too big

    Formal methods

  • Aspects of Fault Toleranceerror-free operation erroneous operation internal fault external fault repairerror correction error masking error propagation

    Formal methods

  • Application of DFN principlesWorkflow ModelingAim: high level modeling of the systemAnalysisOptimizationCode generation (for control flow)ElementsProcessesActivitiesData flowControl flowSequenceLoopsParallelismSwitchEtc.

    Formal methods

  • A Workflow ExampleRecordingEstablishtypePolicyPremiumRejectBasic activityBeginning of parallel executionEnd of parallel executionPayControl flowSelection

    Formal methods

  • Verification of Workflows

    Formal methods

    Workflow (BPEL)

    Formal model (dataflow network)

    Analysis model (Promela)

    Model checker(SPIN )

    Requirement (LTL expression)

    Positive result

    Negative result + counterexample

    Simulation

  • Verification of WorkflowsIBM WebSphereIntegration Developer

    Formal methods

    Workflow (BPEL)

    Formal model (dataflow network)

    Analysis model (Promela)

    SPIN modelchecker

    Requirement (LTL expression)

    Positive result

    Negative result + counterexample

    Simulation

  • Verification of WorkflowsDataflow Network (generated) Abstract data Hierarchic modeling Model refinementRepresentation in the VIATRA2 framework Dataflow Network generated from parsed BPEL model

    Formal methods

    Workflow (BPEL)

    Formal model (dataflow network)

    Analysis model (Promela)

    SPIN modelchecker

    Requirement (LTL expression)

    Positive result

    Negative result + counterexample

    Simulation

  • Verification of WorkflowsRequirements LTL: linear temporal logical expressionTarget requirementBusiness level: no unauthorized business transaction Implementation level: each variable should be initialized prior to a read access

    Formal methods

    Workflow (BPEL)

    Formal model (dataflow network)

    Analysis model (Promela)

    SPIN modelchecker

    Requirement (LTL expression)

    Positive result

    Negative result + counterexample

    Simulation

  • Verification of WorkflowsModel checker Evaluation of LTL expressions Exhaustive state space traversal

    Formal methods

    Workflow (BPEL)

    Formal model (dataflow network)

    Analysis model (Promela)

    SPIN modelchecker

    Requirem