No full-text available
To read the full-text of this research,
you can request a copy directly from the authors.
A tool-suite for reachability analysis of concurrentobject-oriented programs
Abstract
The object-oriented paradigm provides support for modular and reusable design and is attractive for the construction of large and complex concurrent systems. Reachability analysis is an important and well-known tool for static (pre-run-time) analysis of concurrent programs. However its direct application to concurrent object-oriented programs has many problems, such as incomplete analysis for reusable classes and increased computational complexity. It also seems impossible to arrive at a single general-purpose strategy that is both safe and effective for all programs. The authors propose a tool-suite based approach for the reachability analysis of concurrent object-oriented-programs. This approach enables choice of an appropriate `ideal' tool, for the given program and also provides the flexibility for incorporation of additional tools. They have also proposed a novel abstraction-based partitioning methodology for effective reachability analysis of concurrent object-oriented programs. Using this methodology, they have developed a variety of tools, having different degrees of safety, effectiveness and efficiency, for incorporation into the tool-suite. They have formally shown the safety of these tools for appropriate classes of programs and have evaluated their effectiveness and efficiency
The object-oriented paradigm in software engineering provides support for the construction of modular and reusable program components and is attractive for the design of large and complex distributed systems. Reachability analysis is an important and well-known tool for static analysis of critical properties in concurrent programs, such as deadlock freedom. It involves the systematic enumeration of all possible global states of program execution and provides the same level of assurance for properties of the synchronization structure in concurrent programs, such as formal verification. However, direct application of traditional reachability analysis to concurrent object-oriented programs has many problems, such as incomplete analysis for reusable classes (not safe) and increased computational complexity (not efficient). We propose a novel technique called apportioning, for safe and efficient reachability analysis of concurrent object-oriented programs, that is based upon a simple but powerful idea of classification of program analysis points as local (having influence within a class) and global (having possible influence outside a class). We have developed a number of apportioning-based algorithms, having different degrees of safety and efficiency. We present the details of one of these algorithms, formally show its safety for an appropriate class of programs, and present experimental results to demonstrate its efficiency for various examples
Reachability analysis is a wellknown static analysis tool for the verification of critical properties in concurrent programs and it involves the systematic enumeration of all possible global states of program execution. However, it suffers from the problems of exponential space and time complexities. The state explosion problem, i.e. the number of states generated for analysis increases exponentially with the number of concurrent threads of execution, has been tackled effectively by the apportioning technique in the context of concurrent object-oriented programs [4]. Apportioning reduces the problem of analysing a whole program into a number of smaller problems of individual and independent analysis of portions of the original program. This partitioning is not merely syntactic, but is also an abstraction of the program. However the time complexity of the analysis still remains exponential. In this paper, a new technique is described that tackles the exponential time complexity of rea...
Developing middleware to support programming models has, until recently, been a time consuming and complex task. However, with the availability of micro-kernel architectures such as Chorus[3], Amoeba[1]
and Mach[2] which provide a basic set of abstractions designed to allow developers to build operating systems, it is now possible to explore how operating systems can better support programming models.
Our goal within the COOL project has been threefold:
�- to provide a set of generic services that reduce the mismatch between system abstractions and language abstractions.
�- to provide these services at the operating system level so that we are not hampered by the inefficiencies of building above the existing operating system.
�- to provide these services in a way that they co-exist with existing traditional operating systems; in our case UNIX.
This paper is structured as follows; we �first introduce the COOL v2 architecture, discussing its functionality and usage. We then outline details of its implementation and its performance.
After this we introduce the CIDRE distributed document application that has been built using the COOL system, and explain both its functionality and its use of COOL. We use CIDRE to justify some of the design decisions and as a proof of concept for our research. In the �final
sections we discuss our experiences and outline future directions.
Compositional Reachability Analysis is a popular technique for studying behaviour of finite-state distributed systems. The technique is applied by a repetition oflocal analyses, the basic steps of which are to construct and examine the behaviour of subsystems. In most cases, behaviour of the subsystem is constrained by its environment (calledcontext) formed by neighbouring components. These behaviour constraints are normally not considered when using local analysis in conventional techniques of compositional reachability analysis. As a result, many execution paths derived in the local analysis may not be actually traversed by the subsystem. These paths are made impossible to traverse by the constraints. The paths are unnecessary for understanding the subsystem behaviour and their removal greatly simplifies the local analysis.
In this paper, we describe an elegant technique, calledcontextual local analysis, to include these behaviour constraints in conventional local analysis. The technique can alleviate dramatically the state explosion problem encountered in local analysis. It also facilitates early detection of anomalous behaviour of a distributed system at its design stage. The technique works by composing an interface process with the subsystem being examined. That interface process is so chosen that it captures behaviour constraints enforced by the environment while its composition with the subsystem does not affect the global system behaviour. This interface process can be automatically derived using a simple algorithm. The contextual local analysis technique results in a simplified labelled transition system which can be used as a substitute for the original subsystem in the construction of the global system behaviour. The contextual local analysis technique is illustrated with a clients/server example implementing a round-robin protocol.
Cats (Concurrency Analysis Tool Suite) is designed to satisfy several criteria: it must analyze implementation-level Ada source code and check user-specified conditions associated with program source code; it must be modularized in a fashion that supports flexible composition with other tool components, including integration with a variety of testing and analysis techniques; and its performance and capacity must be sufficient for analysis of real application programs. Meeting these objectives together is significantly more difficult than meeting any of them alone. We describe the design and rationale of Cats and report experience with an implementation. The issues addressed here are primarily practical concerns for modularizing and integrating tools for analysis of actual source programs. We also report successful application of Cats to major subsystems of a (nontoy) highly concurrent user interface system.
The design of large and complex distributed systems requires a modular approach to support reuse and verification. We propose an object-oriented programming model based on concurrently executing communicating agents (concurrent objects) and an associated proof methodology that exploits the class hierarchy to allow for modular verification.
We propose to separate protocol from functionality in class definitions, and advocate separate hierarchies of protocol classes as a way to overcome the inheritance anomaly of concurrent object-oriented programming.
We formalize an agent in Lamport's Temporal Logic of Actions. Modular verification is achieved by restricting inheritance in a way that ensures that subclasses refine superclasses. Interesting properties can thus be verified at an abstract level, ignoring unnecessary implementation detail.
One of the most intriguing—and at the same time most problematic—notions in object-oriented programing is inheritance. Inheritance is commonly regarded as the feature that distinguishes object-oriented programming from other modern programming paradigms, but researchers rarely agree on its meaning and usage. Yet inheritance of often hailed as a solution to many problems hampering software development, and many of the alleged benefits of object-oriented programming, such as improved conceptual modeling and reusability, are largely credited to it. This article aims at a comprehensive understanding of inheritance, examining its usage, surveying its varieties, and presenting a simple taxonomy of mechanisms that can be seen as underlying different inheritance models.
Developing and verifying concurrent programs presents several problems. A static analysis algorithm is presented here that addresses the following problems: how processes are synchronized, what determines when programs are run in parallel, and how errors are detected in the synchronization structure. Though the research focuses on Ada, the results can be applied to other concurrent programming languages such as CSP.
We address the following questions for object-oriented programming:What is it?What are its goals?What are its origins?What are its paradigms?What are its design alternatives?What are its models of concurrency?What are its formal computational models?What comes after object-oriented programming?Starting from software engineering goals, we examine the origins and paradigms of object-oriented programming, explore its language design alternatives, consider its models of concurrency, and review its mathematical models to make them accessible to nonmathematical readers. Finally, we briefly speculate on what may come after object-oriented programming and conclude that it is a robust component-based modeling paradigm that is both effective and fundamental. This paper expands on the OOPSLA 89 keynote talk.
One approach to analyzing the behavior of a concurrent program requires determining the reachable program states. A program state consists of a set of task states, the values of shared variables used for synchronization, and local variables that derive the values directly from synchronization operations. However, the number of reachable states rises exponentially with the number of tasks and becomes intractable for many concurrent programs. A variation of this approach merges a set of related states into a single virtual state. Using this approach, the analysis of concurrent programs becomes feasible as the number of virtual states is often orders of magnitude less than the number of reachable states. This paper presents a method for determining the virtual states that describe the reachable program states, and the reduction in the number of states is analyzed. The algorithms given have been implemented in a static program analyzer for multitasking Fortran, and the results obtained are discussed.
A description is given of the Amoeba distributed operating system, which appears to users as a centralized system but has the speed, fault tolerance, security safeguards, and flexibility required for the 1990s. The Amoeba software is based on objects. Objects are managed by server processes and named using capabilities chosen randomly from a sparse name space. Amoeba has a unique, fast file system split into two parts: the bullet service stores immutable files contiguously on the disk; the directory service gives capabilities symbolic names and handles replication and atomicity, eliminating the need for a separate transaction management system. To bridge the gap with existing systems, Amoeba has a Unix emulation facility consisting of a library of Unix system call routines that make calls to the various Amoeba server processes
Modular description and verification of concurrent objects. Inproceedings of Workshop on Object-Based Parallel and Distributed Computation
- J P Bahsoun
- S Merz
- C Servieres
J. P. Bahsoun, S. Merz, and C. Servieres. Modular description and verification of concurrent objects. Inproceedings of Workshop on Object-Based Parallel and
Distributed Computation, pp. 168-186, LNCS 1107,
Springer, June 1995.
A concurrency analysis tool suite for Ada programs
- I M Young
- R N Taylor
- D L Levine
- K A Nies
- D Broadbeck
I] M. Young, R. N. Taylor, D. L. Levine, K. A. Nies and
D. Broadbeck. A concurrency analysis tool suite for
Ada programs. A CM Transactions on SofnYare Engineering and Methodology, 4( 1):65-106, Jan 1995.