compiler support for distributed systems martin c. rinard university of california, santa barbara
TRANSCRIPT
![Page 1: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/1.jpg)
Compiler Support for Distributed Systems
Martin C. RinardUniversity of California, Santa Barbara
![Page 2: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/2.jpg)
Goal
Provide Software Tools That Support Development of Components of Distributed Systems
• Problems
• Interoperability
• Distributed Component Development
• Components Developed At Different Times
• Components Developed By Different Organizations
• Interaction With People
• Our Approach
• Formal Interface Definitions Using Finite State Machines
• Automated Interface Extraction, Verification and Testing
• Novel Constructs for Building Robust User Interfaces
![Page 3: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/3.jpg)
Model of Computation
• Distributed Systems Built Out Of Components
• Processes
• Agents
• Objects
• Components Communicate Via Message Passing
• Asynchronous Sends, In Order Delivery
• send(component, message type, parameters)
• Blocking Receives
• recv(component?, message type, parameters?)
• Selection Construct
![Page 4: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/4.jpg)
Example
Please Deposit $5,000,000.00
147
2580
369.
Customer ATM Machine Bank
![Page 5: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/5.jpg)
Scenario
• Existing ATM System
• Bank Contracts For New Kind of ATM
• New ATM Must Interoperate With Existing Bank Software
• ATM Developer Must Know Bank Interface
• Bank Unwilling to Release Source Code
![Page 6: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/6.jpg)
Bank Implementation
loop { select {
recv(atm?, DEPOSIT,account?,amount?) -> {
account.balance += amount;
send(atm, OK);
}
recv(atm?,WITHDRAW,account?,amount?) -> {
if (amount < account.balance) {
account.balance -= amount;
send(atm, OK);
} else {
send(atm, FAILED);
}
}
}}
![Page 7: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/7.jpg)
Bank Interface
• Message Type Information• recv(component?, DEPOSIT, int?, int?)
• recv(component?,WITHDRAW, int, int)
• send(component, OK);
• send(component, FAILED);
• Message Sequencing Information
recv(atm?,DEPOSIT) recv(atm?,WITHDRAW)
send(atm,OK)send(atm,FAILED)send(atm,OK)
![Page 8: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/8.jpg)
Conformance of Components and Interfaces
• Context
• Have A Component (Bank Component)
• Have An Interface (Bank Interface)
• Does Component Correctly Implement Interface?
• Analyze Program To Automatically Extract New Interface
• Abstract Away From Computation
• Translate Communication and Relevant Flow of Control Constructs Into Parts Of Finite State Machine
• Does Extracted Interface Conform to Original Interface?
![Page 9: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/9.jpg)
• Individual Programming Constructs• if (exp) {
send(c,OK);
} else {
send(c,FAILED);
}
• select {
recv(c?, OK) -> {}
recv(c?, FAILED) ->{}
}
• Interprocedural Interface Extraction
Automatic Interface Extraction
send(c,OK); send(c,FAILED);
recv(c?,OK) recv(c?,FAILED)
Internal Choice
External Choice
![Page 10: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/10.jpg)
Basic Conformance Concepts
• Concept Of Conformance• An Interface I Extracted From a Component• An Interface J That System Is Designed to Use• If I Conforms to J, Can Safely Use Component In System
• If Every Message Sent Is Received With J, Every Message Sent Will Be Received With Component
• A State S is Stable If It Is Not An Internal Choice Point• A State S is Receptive If It Can Only Receive Messages• Given Two Interfaces, Sets Of Corresponding States
• Maximal Sets Of States Accessible Via Same Sequence of Sends and/or Receives
![Page 11: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/11.jpg)
Original Interface
recv(atm?,DEPOSIT) recv(atm?,WITHDRAW)
send(atm,OK)send(atm,FAILED)send(atm,OK)
recv(atm?,DEPOSIT) recv(atm?,WITHDRAW)
send(atm,OK)send(atm,FAILED)
send(atm,OK)
Extracted Interface
Corresponding Sets In Example
![Page 12: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/12.jpg)
First Conformance Condition
For Each Corresponding Set Of States
Messages Sent From States In Extracted Interface Must Be A Subset of Messages Sent From States In Original Interface
send(c,OK)send(c,FAILED)send(c,OK)
Extracted Interface Original Interface
![Page 13: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/13.jpg)
Second Conformance Condition
For Each Corresponding Set Of States
Messages Received In States In Extracted Interface Must Be A Subset of Messages Received In States In Original Interface
recv(c?,OK)
Original Interface
recv(c?,OK)
Extracted Interface
recv(c?,FAILED)
![Page 14: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/14.jpg)
Third Conformance Condition
For Each Corresponding Set Of States
If Receptive States Of Original Interface Must Receive One Of A Set Of Messages, Receptive States Of The Extracted
Interface Must Also Receive One Of That Set Of Messages
recv(c?,OK)
Original Interface
recv(c?,OK)recv(c?,MSG)recv(c?,OK)
Extracted Interface
![Page 15: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/15.jpg)
Final Conformance Conditions
For Each Corresponding Set Of States
• If Original Interface Always Sends A Message
• Extracted Interface Must Always Send A Message
• If Original Interface Always Reaches A Receptive State
• Extracted Interface Must Always Reach A Receptive State
• If Original Interface Always Reaches A Stable State
• Extracted Interface Must Always Reach A Stable State
![Page 16: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/16.jpg)
Original Interface
recv(atm?,DEPOSIT) recv(atm?,WITHDRAW)
send(atm,OK)send(atm,FAILED)send(atm,OK)
recv(atm?,DEPOSIT) recv(atm?,WITHDRAW)
send(atm,OK)send(atm,FAILED)
send(atm,OK)
Extracted Interface
Does Extracted Interface Conform To Original Interface?
![Page 17: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/17.jpg)
Implementing ATM
• Interface Between Customer and Bank
• Model Customer As Simply Another Component
• Customer Actions Modeled As Message Sends
• Physical Actions Translate Directly Into Message Sends
• Example
• Customer Pushes the Deposit Button
• System Internally Generates
send(atm, DEPOSIT)
• Customer Hits 8 Digit On Keypad
• System Internally Generates
send(atm, DIGIT, 8)
![Page 18: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/18.jpg)
ATM Primitives
void get_amount(int * amount) {
*amount = 0;
loop {
select {
recv(DIGIT,&d) -> {
*amount = (*amount * 10) + d;
}
recv(DONE) -> break;
}
}
}
![Page 19: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/19.jpg)
ATM Implementationloop { get_account(&account);
select {
recv(DEPOSIT) -> { get_amount(&amount);
send(bank,DEPOSIT, account, amount);
recv(bank?, OK)-> { Confirm Deposit }
}
recv(WITHDRAW) -> { get_amount(&amount);
send(bank, WITHDRAW, account, amount);
select {
recv(bank?,OK) -> { Dispense Cash }
recv(bank?, FAILED) -> { Generate Error Message }
}
}
}}
![Page 20: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/20.jpg)
ATM Message Type Information
• User Actions
• recv(DEPOSIT)
• recv(WITHDRAW)
• recv(DIGIT, int?)
• recv(DONE)
• Sends To and Receives From Bank
• send(bank, DEPOSIT, int, int)
• send(bank, WITHDRAW, int, int)
• recv(component?, OK)
• recv(component?, FAILED)
![Page 21: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/21.jpg)
ATM Message Sequence Information
recv(DIGIT)
recv(DONE)
recv(DEPOSIT) recv(WITHDRAW)
send(bank,DEPOSIT)
send(bank,WITHDRAW)
recv(FAILED)
recv(OK) recv(OK)
recv(DIGIT)
recv(DONE)
recv(DIGIT)
recv(DONE)
![Page 22: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/22.jpg)
Automated Testing And Verification
• Compose Interfaces
• Simulate to Derive All Possible System States
• Flag Potentially Erroneous States
• A Message Sent But Never Will Be Received
• User Messages Treated Specially
• Any Sequence of User Actions Possible
• User Actions Processed Only In Quiescent System States
![Page 23: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/23.jpg)
Simulation Reveals Potential Problem In Example
• Customer May Back Out of Transaction
• Customer Starts A Deposit
• System Expects to Input Amount to Deposit
• But Customer Hits Withdrawl Button
• System Does Not Handle Event
• Programming Mismatch
• Programmers Reason With Expected Sequences, But
• Program Must Correctly Handle Exceptional Sequences
• Standard Constructs Do Not Support Construction of Robust User Interfaces
![Page 24: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/24.jpg)
A Construct For Building Robust User Interfaces
• Goals
• Preserve Ability To Reason With Expected Sequences
• Easily Augment Program For Exceptional Sequences
• Reseting Select Construct
• Same Syntax As Select
• Same Behavior As Select For Expected Sequences
• Unselected Receive Alternatives Stay Enabled
• If Customer Generates Exceptional Action
• Implementation Resets Active Alternative
• Starts Newly Selected Alternative
• Reset Actions - Executed When Alternative is Reset
![Page 25: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/25.jpg)
Reseting Select Construct
resetSelect {
recv(DEPOSIT) -> { get_amount(&amount);
send(bank,DEPOSIT, account, amount);
recv(bank?, OK)-> { Confirm Deposit }
}
recv(WITHDRAW) -> { get_amount(&amount);
send(bank, WITHDRAW, account, amount);
select {
recv(bank?,OK) -> { Dispense Cash }
recv(bank?, FAILED) -> { Generate Error Message }
}
}
recv(DIGIT,d?) -> { Print Error Message }
recv(DONE) -> { Print Error Message }
![Page 26: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/26.jpg)
Comparison With Standard Methods
• Event Loop
• loop { wait_event(&e); process_event(e); }
• System State Encoded in Global Variables
• Demultiplexing Required To Determine Correct Action
• Difficult To Determine if All Events Handled Correctly
• Proposed Approach
• Supports Use of Standard Program Constructs
• Standard Flow of Control, Local State
• Semantically Related Code Appears Together
• Easy To Write Programs That Handle Events Correctly
• Easy To Determine if All Events Handled Correctly
![Page 27: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/27.jpg)
Conclusion
• Program Analysis Techniques Can Help Programmers Develop Robust Distributed Systems
• Include Sequencing Information in Interface
• Automatic Interface Extraction
• Automatic Verification of Interoperability
• Interaction With User
• Model User As Another Component
• Novel Construct For Robust User Interfaces
![Page 28: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/28.jpg)
Potential Scenarios
• System Developed From Scratch
• Developer of ATM Software Needs to Know
• Bank Interface
• Reasonable User Interface
• Bank Software Developer Needs to Know ATM Interface
• Bank Contracts For A New Kind of ATM
• New ATM Will Interact With Existing Bank Software
• ATM Software Developer Needs to Know Bank Interface
• Bank Unwilling Release Source Code
![Page 29: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/29.jpg)
ATM Message Sequence Information
recv(DEPOSIT) recv(WITHDRAW)
send(bank,DEPOSIT)
send(bank,WITHDRAW)
get_account
get_amount get_amountrecv(OK)
recv(FAILED)
recv(OK)
![Page 30: Compiler Support for Distributed Systems Martin C. Rinard University of California, Santa Barbara](https://reader030.vdocuments.net/reader030/viewer/2022032723/56649d0f5503460f949e5672/html5/thumbnails/30.jpg)
Interface Uses
• Documentation During Development
• To Test That Components Correctly Implement Interfaces
• Analyze Program to Automatically Extract Interface
• Test if Interfaces Are Equivalent
• To Drive Automated Testing and Verification
• Compose Components
• Simulate to Derive All Possible System States
• Flag Potentially Erroneous States
• User Messages Treated Differently
• Any Sequence of User Actions Possible
• User Actions Processed Only In Quiescent States