Automated Cost-Of-Automated Cost-Of-Service Tracking using Service Tracking using

the Abstract State the Abstract State Machine Language Machine Language

(AsmL)(AsmL)

Joel RivendellJoel Rivendell

Supervisor: Heinz SchmidtSupervisor: Heinz Schmidt

Abstract State Machine Abstract State Machine Computation Computation

Originated with Finite State Machine Originated with Finite State Machine Computation work by Yuri GurevichComputation work by Yuri Gurevich

Gurevich came to generalise Turing’s Gurevich came to generalise Turing’s thesis and build upon Dijkstras thesis and build upon Dijkstras algorithms to formulate “evolving algorithms to formulate “evolving algebras”algebras”

Gurevich claimed for every sequential Gurevich claimed for every sequential algorithm that exists, regardless of the algorithm that exists, regardless of the abstraction level, there exists a abstraction level, there exists a sequential abstract state machine sequential abstract state machine (Gurevich, 1999)(Gurevich, 1999)

Abstract State Machine Abstract State Machine Language (AsmL)Language (AsmL)

Microsoft Research - Foundations of Microsoft Research - Foundations of Software Engineering (FSE)Software Engineering (FSE)

Features – Features – – Executable Specifications Executable Specifications – Runtime Conformance Testing Runtime Conformance Testing – Design by Contract Design by Contract – Non-Deterministic computation (i.e. Sets)Non-Deterministic computation (i.e. Sets)– Parallel update (State to State)Parallel update (State to State)– Built on .NETBuilt on .NET

Abstract State Machine Abstract State Machine Language (AsmL) ProblemsLanguage (AsmL) Problems

AsmL is predominantly a functionally AsmL is predominantly a functionally oriented formal contract languageoriented formal contract language

Extra-functional or Cost-of-Service Extra-functional or Cost-of-Service characteristics such as performance, characteristics such as performance, reliability, etc are not naturally reliability, etc are not naturally catered for in AsmL constructscatered for in AsmL constructs

In 2003 Rupak Das looked at ways to In 2003 Rupak Das looked at ways to address this problem and came up address this problem and came up with a Counter constructwith a Counter construct

Research GapResearch Gap

A preprocessor was suggested as A preprocessor was suggested as future workfuture work

There was also need to be able to There was also need to be able to easily specify time and space easily specify time and space complexity constraints via AsmL complexity constraints via AsmL constructs for performance constructs for performance measurement and constraintmeasurement and constraint

Aspect-Oriented Programming Aspect-Oriented Programming (AOP) in AsmL(AOP) in AsmL

AsmL Runtime Verification uses a runtime AsmL Runtime Verification uses a runtime “observer” construct that matches a “observer” construct that matches a model to an implementation and enforces model to an implementation and enforces conformance.conformance.

The “observer” is inserted in the method The “observer” is inserted in the method and matches signatures and return values and matches signatures and return values

The “observer” is as such an aspect-The “observer” is as such an aspect-oriented programming construct that oriented programming construct that monitors behaviour and throws an monitors behaviour and throws an exception if verification failsexception if verification fails

AimsAims

This honours thesis looked at a number of This honours thesis looked at a number of elements and tried to synthesize themelements and tried to synthesize them– An automated and time-saving way to An automated and time-saving way to

implement CoS specifications via a GUI proof of implement CoS specifications via a GUI proof of concept for ease of useconcept for ease of use

– A performance construct based on temporal A performance construct based on temporal contracts in addition to Rupaks Counter contracts in addition to Rupaks Counter construct which can be used for space construct which can be used for space complexity assessmentcomplexity assessment

– A intermediate language syntax that satisfied A intermediate language syntax that satisfied the above two criteria the above two criteria

MethodMethod

Cost Assertion Language (CAL) Cost Assertion Language (CAL) intermediate language is minimalistic and intermediate language is minimalistic and increases productivity for a developerincreases productivity for a developer

CAL allows CoS tracking to be abstracted CAL allows CoS tracking to be abstracted from the main AsmL specification so that from the main AsmL specification so that the user can more easily differentiate the user can more easily differentiate functional from non-functional functional from non-functional specificationsspecifications

The Time construct created allows a The Time construct created allows a programmer to measure time complexity programmer to measure time complexity in terms of a contract languagein terms of a contract language

Technology and Tools UsedTechnology and Tools Used

.NET.NET– Common Language Runtime (CLR)Common Language Runtime (CLR)– Common Library Specification (CLS)Common Library Specification (CLS)– Common Type System (CTS)Common Type System (CTS)– Common Intermediate Language (CIL)Common Intermediate Language (CIL)– Just in Time (JIT) compilerJust in Time (JIT) compiler– InteroperableInteroperable– AsmL models can be conformance tested with AsmL models can be conformance tested with

any .NET derived Dynamic Link Library (*.dll) any .NET derived Dynamic Link Library (*.dll) from over 30 languages (some are more from over 30 languages (some are more optimized than others) optimized than others)

Technology and ToolsTechnology and Tools

ANTLRANTLR– Compiler constructor for parsing the Compiler constructor for parsing the

intermediate language (Cost Assertion intermediate language (Cost Assertion Language(*.cal)) and inserting the constructs Language(*.cal)) and inserting the constructs into the source AsmL fileinto the source AsmL file

C#C#– Used to create the proof of concept GUI Used to create the proof of concept GUI

implementation and handle inputimplementation and handle input– This language was perfect for GUI construction This language was perfect for GUI construction

because of Windows Forms libraries because of Windows Forms libraries

How they work togetherHow they work together

GUICAL

AsmL Output

AsmL Source

ANTLR Parser

CAL Tool GUICAL Tool GUI

Does most of the work for you by declaring Does most of the work for you by declaring everythingeverything

Enters the details needed to insert Cost Enters the details needed to insert Cost assertions (i.e. Counter and/or Time Construct) assertions (i.e. Counter and/or Time Construct)

Update variable (counters) insertion, Update variable (counters) insertion, increment, decrement, equations, guards, increment, decrement, equations, guards, return, methods all in an easy to use and return, methods all in an easy to use and minimalistic interface to maximize productivity minimalistic interface to maximize productivity and abstraction of Cost and abstraction of Cost

Design by contract by local and global Design by contract by local and global assertionsassertions

CAL Tool GUICAL Tool GUI

CAL Tool GUICAL Tool GUI

CALCAL

Cost Assertion LanguageCost Assertion Language– Not fully formulated as an independent Not fully formulated as an independent

syntaxsyntax– You can use the tool to directly input You can use the tool to directly input

from the .cal file instead of using the from the .cal file instead of using the GUI input if required making it quasi-text GUI input if required making it quasi-text based as well based as well

ExampleExample namespace ReaderWriterDrivernamespace ReaderWriterDriver

[EntryPoint][EntryPoint] public class Readerpublic class Reader var numberOfReaders as Integer = 0var numberOfReaders as Integer = 0

[EntryPoint][EntryPoint] BegRead()BegRead() UpdateReaders()UpdateReaders()

[EntryPoint][EntryPoint] Read()Read() BegRead()BegRead() WriteLine("Reading ...")WriteLine("Reading ...") EndRead()EndRead() [EntryPoint][EntryPoint] EndRead()EndRead() UpdateReaders()UpdateReaders()

[EntryPoint][EntryPoint] UpdateReaders()UpdateReaders()

[EntryPoint][EntryPoint] Readers() as IntegerReaders() as Integer stepstep return numberOfReadersreturn numberOfReaders

ExampleExampleASML Source FileASML Source File

namespace ReaderWriterDrivernamespace ReaderWriterDriver

interface ICounterinterface ICounter CounterValue() as IntegerCounterValue() as Integer Increment()Increment() Decrement()Decrement()

class Counter implements ICounterclass Counter implements ICounter var counter as Integer = 0var counter as Integer = 0 CounterValue() as IntegerCounterValue() as Integer stepstep return counterreturn counter Increment()Increment() stepstep counter := counter + 1counter := counter + 1 Decrement()Decrement() stepstep counter := counter - 1counter := counter - 1

[EntryPoint][EntryPoint] public class Readerpublic class Reader var numberOfReaders as Integer = 0var numberOfReaders as Integer = 0 var NReq_Reader = new Counter()var NReq_Reader = new Counter() var NBeg_Reader = new Counter()var NBeg_Reader = new Counter() var NEnd_Reader = new Counter()var NEnd_Reader = new Counter()

Cost Assertion Language (CAL)Cost Assertion Language (CAL)

cn {1} @ReaderWriterDriver.Readercn {1} @ReaderWriterDriver.Reader

ExampleExample [EntryPoint][EntryPoint] BegRead()BegRead() step step NReq_Reader.Increment()NReq_Reader.Increment() step step NBeg_Reader.Decrement()NBeg_Reader.Decrement()

UpdateReaders()UpdateReaders() [EntryPoint][EntryPoint] Read()Read() BegRead()BegRead() WriteLine("Reading ...")WriteLine("Reading ...") EndRead()EndRead() stepstep if (numberOfReaders >= 0) then if (numberOfReaders >= 0) then return NReq_Reader.Increment()return NReq_Reader.Increment() [EntryPoint][EntryPoint] EndRead()EndRead() UpdateReaders()UpdateReaders()

[EntryPoint][EntryPoint] UpdateReaders()UpdateReaders() step numberOfReaders := step numberOfReaders := NBeg_Reader.CounterValue() –NBeg_Reader.CounterValue() – NEnd_Reader.CounterValue()NEnd_Reader.CounterValue()

[EntryPoint][EntryPoint] Readers() as IntegerReaders() as Integer stepstep return numberOfReadersreturn numberOfReaders

[EntryPoint][EntryPoint] TotalReaders() as IntegerTotalReaders() as Integer stepstep return NEnd_Reader.CounterValue()return NEnd_Reader.CounterValue()

upd {1} ++Reader.R @Reader.BegRead()upd {1} ++Reader.R @Reader.BegRead() Upd {2} --Reader.B @Reader.BegRead()Upd {2} --Reader.B @Reader.BegRead()

upd {3} ++Reader.R $Reader.Read() if (numberOfReaders >= 0) upd {3} ++Reader.R $Reader.Read() if (numberOfReaders >= 0) returnreturn

upd {4} #Reader @Reader.UpdateReaders() := numberOfReadersupd {4} #Reader @Reader.UpdateReaders() := numberOfReaders

mr {1} @ReaderWriterDriver.Reader.TotalReadersmr {1} @ReaderWriterDriver.Reader.TotalReaders

Time ConstructTime Construct namespace ReaderWriterDrivernamespace ReaderWriterDriver

interface ITimeCounterinterface ITimeCounter TimeValue() as DoubleTimeValue() as Double AccTimeValue() as DoubleAccTimeValue() as Double Start()Start() Stop()Stop()

class TimeCounter implements ITimeCounterclass TimeCounter implements ITimeCounter var time as Double = 0var time as Double = 0 var totalTime as Double = 0var totalTime as Double = 0 var t1 as Double = 0var t1 as Double = 0 var t2 as Double = 0var t2 as Double = 0 TimeValue() as DoubleTimeValue() as Double stepstep return timereturn time AccTimeValue() as DoubleAccTimeValue() as Double stepstep return totalTimereturn totalTime Start()Start() stepstep t1 := System.DateTime.Now.Ticks as Doublet1 := System.DateTime.Now.Ticks as Double Stop()Stop() step t2 := System.DateTime.Now.Ticks as Doublestep t2 := System.DateTime.Now.Ticks as Double step time := ((t2 - t1)/10000000)step time := ((t2 - t1)/10000000) step totalTime := ((t2 - t1)/10000000) + totalTimestep totalTime := ((t2 - t1)/10000000) + totalTime

public class Readerpublic class Reader var T_Reader = new TimeCountervar T_Reader = new TimeCounter

@T@ReaderWriterDriver.Reader

Case Study – Reader/WriterCase Study – Reader/Writer

Multiple Reader Writer ProblemMultiple Reader Writer Problem– SynchronisationSynchronisation– Counting Readers, Writers and Writers Counting Readers, Writers and Writers

Waiting and using the Cost assertions to Waiting and using the Cost assertions to tracktrack

– Fair implementation using Alternating Fair implementation using Alternating Reader Writer algorithmReader Writer algorithm

– Similar to Rupak Das example except Similar to Rupak Das example except the COST code is generated by the CALthe COST code is generated by the CAL

Case Study - KD-TreeCase Study - KD-Tree K-D TreesK-D Trees

– Computationally intensiveComputationally intensive– Good for performance measurementGood for performance measurement

K-dimensional binary branched data K-dimensional binary branched data structure used for orthogonal range structure used for orthogonal range searching and other spatial applicationssearching and other spatial applications

Given a KD-Tree of the points in a range Given a KD-Tree of the points in a range search it is possible to find the resulting search it is possible to find the resulting points in O(sqrt(points in O(sqrt(nn)+)+kk) time where ) time where nn is the is the number of points and number of points and kk is the number of is the number of points in the resultpoints in the result

Live example… Live example…

The Road Less Travelled…The Road Less Travelled…

The “Observer” (mediator.dll) construct in The “Observer” (mediator.dll) construct in AsmL I originally planned to manipulate via AsmL I originally planned to manipulate via adding the time construct to it that would go adding the time construct to it that would go with the observer to additionally perform with the observer to additionally perform runtime verification for specially designed runtime verification for specially designed CAL temporal assertions. Unfortunately CAL temporal assertions. Unfortunately after extensive correspondence with Mike after extensive correspondence with Mike Barnett from FSE, the information I needed Barnett from FSE, the information I needed came too late to incorporate.came too late to incorporate.

Temporal logic contract extensionsTemporal logic contract extensions

Difficulties and RealitiesDifficulties and Realities

IllnessIllness Microsoft proprietary policyMicrosoft proprietary policy Time constraints and other Time constraints and other

commitmentscommitments The CAL Tool still contains many The CAL Tool still contains many

bugs as it is just a proof of concept bugs as it is just a proof of concept prototypeprototype

ConclusionsConclusions

The Time Construct appears to be a new The Time Construct appears to be a new concept in terms of contract languages concept in terms of contract languages like AsmLlike AsmL

ProductivityProductivity UsabilityUsability Allows the CoS contract aspect to be Allows the CoS contract aspect to be

abstracted from the functional abstracted from the functional specification aspectspecification aspect

CAL is interoperable and as an extension CAL is interoperable and as an extension of AsmL enjoys many of the features this of AsmL enjoys many of the features this evolving language possessesevolving language possesses

Future DirectionsFuture Directions

CAL could be extremely useful if CAL could be extremely useful if developed further for a contract developed further for a contract language such as AsmL.language such as AsmL.

Extrapolate the time construct idea Extrapolate the time construct idea further to temporal logic assertions further to temporal logic assertions and runtime verification with and runtime verification with enforced performance constraints. enforced performance constraints.

AcknowledgementsAcknowledgements

Like to thank –Like to thank –– Hienz Schmidt, SupervisorHienz Schmidt, Supervisor– Rupak DasRupak Das– Mike Barnett, Microsoft FSEMike Barnett, Microsoft FSE– CSSE peersCSSE peers

Thank YouThank You

Questions?Questions?