ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Advanced Topics in Object Technology
Bertrand Meyer
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Lecture 21:
Concurrency and real-time systems
By Volkan Arslan (Piotr Nienaltowski)
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Overview
Goal
Basics of the SCOOP model
Architecture and implementation of SCOOP
Examples
Basics of the real-time systems
Timing and real-time extensions
Conclusion and future work
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Goal
Extend a pure, strongly typed, object-oriented language (Eiffel, …) with
a simple, general and powerful concurrency and distribution model ( SCOOP)
and extend SCOOP to support real-time programming
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
The SCOOP model
Simple Concurrent Object-Oriented Programming
High-level concurrency mechanism
Full use of inheritance and other object-oriented techniques
Applicable to many physical setups: multiprocessing, multithreading, distributed execution, etc.
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Object-oriented computation
Object
Processor
Action
To perform a computation is to use certain processors to apply certain actions to certain objects.
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
What makes an application concurrent?
Processor:autonomous thread of control supporting sequential execution of instructions on one or more objects
Can be implemented as: Computer CPU Process Thread AppDomain (.NET) …
Mapping of processors to computational resourcesthrough Concurrency Control File (CCF)
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Feature call (synchronous call)
Fundamental scheme of O-O computation: feature call x.f (a)
x: CLASS_X
Object 1 Object 2
(CLASS_T) (CLASS_X)
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Feature call (synchronous call)
Fundamental scheme of O-O computation: feature call x.f (a)
x: CLASS_X
Object 1 Object 2
(CLASS_T) (CLASS_X)
previous_instruction
x.f (a)
next_instruction
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Feature call (synchronous call)
Fundamental scheme of O-O computation: feature call x.f (a)
x: CLASS_X
Object 1 Object 2
(CLASS_T) (CLASS_X)
previous_instruction
x.f (a)
next_instruction
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Feature call (synchronous call)
Fundamental scheme of O-O computation: feature call x.f (a)
x: CLASS_X
f (a: A) is require a /= Void ensure not a.is_empty end
Object 1 Object 2
(CLASS_T) (CLASS_X)
previous_instruction
x.f (a)
next_instruction
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Feature call (synchronous call)
Fundamental scheme of O-O computation: feature call x.f (a)
x: CLASS_X
f (a: A) is require a /= Void ensure not a.is_empty end
Object 1 Object 2
(CLASS_T) (CLASS_X)
previous_instruction
x.f (a)
next_instruction
Processor
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Separate feature call (asynchronous call)
Fundamental scheme of O-O computation: feature call x.f (a)
x: separate CLASS_X
f (a: A) is require a /= Void ensure not a.is_empty end
Object 1 Object 2
(CLASS_T) (CLASS_X)
previous_instruction
x.f (a)
next_instruction
Processor 1 Processor 2
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Feature call (synchronous call)
Fundamental scheme of O-O computation: feature call x.f (a)
x: CLASS_X
f (a: A) is require a /= Void ensure not a.is_empty end
Object 1 Object 2
(CLASS_T) (CLASS_X)
previous_instruction
x.f (a)
next_instruction
Processor
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Separate feature call (asynchronous call)
Fundamental scheme of O-O computation: feature call x.f (a)
x: separate CLASS_X
f (a: A) is require a /= Void ensure not a.is_empty end
Object 1 Object 2
(CLASS_T) (CLASS_X)
previous_instruction
x.f (a)
next_instruction
Processor 1 Processor 2
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Access control policy
Target of a separate call must be formal argument of enclosing routine:
store (b: separate BUFFER [G]; value: G) is
-- Store value into b.do
b.put (value) end
To obtain exclusive access to a separate object, use it as argument of call:
my_buffer: separate BUFFER [INTEGER]
create my_buffer
store (my_buffer, 10)
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
From preconditions to wait-conditions
Contracts in Eiffelstore (b: BUFFER [G]; value: G) is
-- Store value into b. require
not b.is_fullvalue /= Void
dob.put (value)
ensurenot b.is_empty
end...store (my_buffer, 10)
If b is separate, precondition becomes wait condition (instead of correctness condition)
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
From preconditions to wait-conditions
Contracts in Eiffelstore (b: separate BUFFER [G]; value: G) is
-- Store value into b. require
not b.is_fullvalue /= Void
dob.put (value)
ensurenot b.is_empty
end...store (my_buffer, 10)
If b is separate, precondition becomes wait condition (instead of correctness condition)
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Synchronization
No special mechanism needed for client to resynchronize with supplier after separate call.
The client will wait only when it needs to:x.fx.g (a)y.f…value := x.some_query
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Synchronization
No special mechanism needed for client to resynchronize with supplier after separate call.
The client will wait only when it needs to:x.fx.g (a)y.f…value := x.some_query Wait here
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Synchronization
No special mechanism needed for client to resynchronize with supplier after separate call.
The client will wait only when it needs to:x.fx.g (a)y.f…value := x.some_query
… if value > 10 then … end
Wait here
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Synchronization
No special mechanism needed for client to resynchronize with supplier after separate call.
The client will wait only when it needs to:x.fx.g (a)y.f…value := x.some_query
… if value > 10 then … end
This mechanism is called wait by necessity.
Wait here
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
CCF – Mapping of processors to physical resources
Location of processors need not be specified at compile time
On the fly specification with Concurrency Control File (CCF)creation system "goethe" (4): "c:\prog\appl1\appl1.exe"
"beethoven" (2): "c:\prog\appl2\appl2.dll" "Current" (5): "c:\prog\appl3\appl3.dll" endexternal Database_handler: "daimler_benz" port 9000 ATM_handler: "duerer" port 8001enddefault port: 8001; instance: 10end
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
CCF – Mapping of processors to physical resources
Location of processors need not be specified at compile time
On the fly specification with Concurrency Control File (CCF)creation system "Current": "c:\prog\appl1\appl1.exe" end
end endexternal Database_handler: "daimler_benz" port 9000 ATM_handler: "duerer" port 8001enddefault port: 8001; instance: 10end
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Two-level architecture of SCOOP
SCOOP can be implemented in several environments
Microsoft .NET is our current platform
SCOOPplatform-independent
.NET.NET
CompactFramework
POSIXThreads
…
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Implementation
SCOOPLI for .NET and others Library implementation of SCOOP in its original
version Uses Remoting and Threading capabilities
of .NET Uses Threading capabilities of the .NET CF on
the RTOS Windows CE .NET (and/or other RTOS: VxWorks, etc.)
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Example: Bounded buffers
separate class BOUNDED_BUFFER [G]inherit
BOUNDED_QUEUE [G]end
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Example: Bounded buffers
indexingdescription: "Encapsulation of access to bounded buffers"
class BUFFER_ACCESS [G]
feature
put (q: BOUNDED_BUFFER [G]; x: G) is -- Insert x into q, waiting if necessary until there is room.require not q.fulldo q.put (x)ensure not q.emptyend
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Example: Bounded buffers
remove (q: BOUNDED_BUFFER [G]) is -- Remove an element from q, waiting if necessary -- until there is such an elementrequire not q.emptydo q.removeensure not q.fullend
item (q: BOUNDED_BUFFER [G]): G is -- Oldest element not yet consumedrequire not q.emptydo Result := q.removeend
end -- class BUFFER_ACCESS [G]
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Example: Bounded buffers
Usage of bounded buffers
my_buffer_access: BUFFER_ACCESS [INTEGER]my_bounded_buffer: BOUNDED_BUFFER [INTEGER]
create my_buffer_accesscreate my_bounded_buffer
my_buffer_access.put (my_bounded_buffer, 25)
my_buffer_access.put (my_bounded_buffer, 50)
my_result := my_buffer_acces.item (my_bounded_buffer)
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Example: Dining philosophers
separate class PHILOSOPHER
inheritGENERAL_PHILOSOPHERPROCESS rename setup as getup undefine getup end
feature {BUTLER}
step is -- Perform a philosopher’s tasks.
do think eat (left, right)
end
eat (l, r: separate FORK) is -- Eat, having grabbed l and r.
do …
endend -- class PHILOSOPHER
The synchronization
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Class PROCESS
indexingdescription: "The most general notion of process"
deferred class PROCESS
feature -- Status report
over: BOOLEAN is -- Must execution terminate now?
deferred end
feature -- Basic operations
setup is -- Prepare to execute process operations (default: nothing).
do end
step is -- Execute basic process operations.
deferred end
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Class PROCESS (cont.)
wrapup is -- Execute termination operations (default: nothing).
do end
feature -- Process behavior
live is -- Perform process lifecycle.
do from setup until over loop step end wrapup
end
end -- class PROCESS
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Class GENERAL_PHILOSOPHER
classGENERAL_PHILOSOPHER
createmake
feature -- Initialization
make (l, r: separate FORK) is-- Define l as left and r as right forks.
doleft := lright := r
end
feature {NONE} -- Implementation
left: separate FORK
right: separate FORK
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Class GENERAL_PHILOSOPHER (cont.)
getup is -- Take any necessary initialization action.
do end
think is -- Any appropriate action or lack thereof
do end
end -- class GENERAL_PHILOSOPHER
classFORK
end
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Class BUTLER
classBUTLER
createmake
featurecount: INTEGER
-- The number of both philosophers and forks
launch is-- Start a full session.
local i: INTEGER
do from
i := 1 until
i > count loop launch_one (participants @ i)
i := i + 1end
end
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Class BUTLER (cont.)
feature -- {NONE}
launch_one (p: PHILOSOPHER) is-- Let one philosopher start his actual life.
dop.live
end
participants: ARRAY [PHILOSOPHER]
cutlery: ARRAY [FORK]
feature {NONE} -- Initialization
make (n: INTEGER) is-- Initialize a session with n philosophers.
requiren >= 0
docount := ncreate participants.make (1, count)create cutlery.make (1, count)make_philosopherslaunch
ensurecount = n
end
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Class BUTLER (cont.)
make_philosophers is-- Set up philosophers.
locali: INTEGERp: PHILOSOPHERleft, right: separate FORK
dofrom i := 1until i > countloop left := cutlery @ i right := cutlery @ ((i \\ count) + 1) create p.make (left, right)
participants.put (p, i) i := i + 1end
end
invariantcount >= 0participants.count = countcutlery.count = count
end -- class BUTLER
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Definition: Real-time system
Real-time system (Young, 1982):
Any information processing activity or system which has to respond to externally generated input stimuli within a finite and specified period.
The correctness of a real-time system depends not only on the logical result of the computation, but also on the time at which the results are produced ...
a correct but a late response is as bad as a wrong response ...
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Hard and soft real-time systems
Hard real-time Systems where it is absolutely imperative that responses occur within the required deadline. E.g. flight control systems, …
Soft real-time Systems where deadlines are important but which will still function correctly if deadlines are occasionally missed.E.g. data acquisition system, …
A single real-time system may have both hard and soft real-time subsystems
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Definition: Embedded system
Embedded system:
The computer is an information processing component within (embedded in) a larger engineering system.
(e.g. washing machine, process control computer, ABS ― Anti Blocking System in vehicles, ...)
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Characteristics of real-time systems
Large and complex(up to 20 million lines of code estimated for the Space Station Freedom)
Concurrent control of separate system components
Facilities to interact with special purpose hardware
Extreme reliable and safe
Guaranteed response times
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Components of a real-time system
Hardware (CPU, sensors, ADC, DAC, …)
Real-time OS (e.g VxWorks, QNX, Windows CE .NET, …)
Real-time application and real-time runtime system (e.g. Ada, Real-Time Java, C with Real-Time Posix and hopefully soon Real-Time SCOOP )
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
A simple embedded and real-time example
Screen
AD
C
AD
C
DA
C
Sw
itchT
S
P
Thermocouple
Heater
Pump/valve
Pressuretransducer
ADC = Analogue to digital converter
DAC = Digital to analogue converter
X separate object
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
A simple embedded and real-time example
Screen
AD
C
AD
C
DA
C
Sw
itchT
S
P
Thermocouple
Heater
Pump/valve
Pressuretransducer
ADC = Analogue to digital converter
DAC = Digital to analogue converter
X separate object
read every 200 ms
read every150 ms
response time:50 ms
response time:50 ms
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Real-Time Facilities
Notion of time
Clocks
Delays
Timeouts
Temporal scopes
ATOT - Lecture 21, 16 June 2003
47
Chair of Software Engineering
Notion of time
Linearity:
Transitivity:
Irreflexibility:
Density:
zxzyyxzyx )(:,,
)()()(:, yxxyyxyx
)(: xxnotx
)(::, yzxzyxyx
The passage of time is equated with a real line.
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Access to a Clock
Direct access to the environment's time frame(e.g. transmitters for UTC = Universal Time Coordinated, UTC service of GPS)
Using an internal hardware clock that gives an adequate approximation to the passage of time in the environment
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Clocks in Real-Time Java
java.lang.System.currentTimeMillis returns the number of milliseconds since 1/1/1970 GMT and is used by java.util.Date
Real-time Java adds real-time clocks with high resolution time types
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
RT Java Time Types (1)
public abstract class HighResolutionTime implements java.lang.Comparable{ public abstract AbsoluteTime absolute(Clock clock, AbsoluteTime destination);
...
public boolean equals(HighResolutionTime time); public final long getMilliseconds(); public final int getNanoseconds();
public void set(HighResolutionTime time); public void set(long millis); public void set(long millis, int nanos);}
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
RT Java Time Types (2)
public class AbsoluteTime extends HighResolutionTime{ // various constructor methods including public AbsoluteTime(AbsoluteTime T); public AbsoluteTime(long millis, int nanos);
public AbsoluteTime absolute(Clock clock, AbsoluteTime dest);
public AbsoluteTime add(long millis, int nanos); public final AbsoluteTime add(RelativeTime time);
...
public final RelativeTime subtract(AbsoluteTime time); public final AbsoluteTime subtract(RelativeTime time);
}
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
RT Java Time Types (3)
public class RelativeTime extends HighResolutionTime{ // various constructor methods including public RelativeTime(long millis, int nanos); public RelativeTime(RelativeTime time);
public AbsoluteTime absolute(Clock clock, AbsoluteTime destination);
public RelativeTime add(long millis, int nanos); public final RelativeTime add(RelativeTime time);
public void addInterarrivalTo(AbsoluteTime destination);
public final RelativeTime subtract(RelativeTime time); ...}public class RationalTime extends RelativeTime{ . . .}
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
RT Java: Clock Class
public abstract class Clock{ public Clock();
public static Clock getRealtimeClock();
public abstract RelativeTime getResolution();
public AbsoluteTime getTime(); public abstract void getTime(AbsoluteTime time);
public abstract void setResolution(RelativeTime resolution);
}
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
RT Java: Measuring Time
{ AbsoluteTime oldTime, newTime; RelativeTime interval; Clock clock = Clock.getRealtimeClock();
oldTime = clock.getTime(); // other computations newTime = clock.getTime();
interval = newTime.subtract(oldTime);
}
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Delaying a Process (Thread)
The execution of a process (thread) must be sometimes delayed either for a relative period of time or until some time in the future
Relative delaysStart := Clock; -- from calendarloop exit when (Clock - Start) > 10.0;end loop;
Busy-waits are not efficient, therefore most languages and operating systems provide some form of delay primitive
In Ada, this is a delay statement
delay 10.0; In POSIX: sleep and nanosleep Java: sleep; RT Java provides a high resolution sleep
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Delays
Time specified by program
Granularity difference between clock and delay
Interrupts disabled
Process runnable here but not executable
Process executing
Time
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Absolute Delays
In AdaStart := Clock;First_action;delay 10.0 - (Clock - Start);Second_action;
Unfortunately, this might not achieve the desired result, therefore we use:Start := Clock;First_action;delay until Start + 10.0;Second_action;
As with delay, delay until is accurate only in its lower bound
RT Java - sleep can be relative or absolute POSIX requires use of an absolute timer and signal
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Drifts
The time overrun associated with both relative and absolute delays is called the local drift and it cannot be eliminated
It is possible, however, to eliminate the cumulative drift that could arise if local drifts were allowed to superimpose
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Periodic Activity
task body T is Interval : constant Duration := 5.0; Next_Time : Time;begin Next_Time := Clock + Interval; loop Action; delay until Next_Time; Next_Time := Next_Time + Interval; end loop;end T; Will run on average
every 5 seconds
local drift onlyIf Action takes 6 seconds, the delaystatement will have no effect
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Control Example in Ada (1)
with Ada.Real_Time; use Ada.Real_Time;with Data_Types; use Data_Types;with IO; use IO;with Control_Procedures;use Control_Procedures;procedure Controller is
task Temp_Controller;
task Pressure_Controller;
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Control Example in Ada (2)
task body Temp_Controller is TR : Temp_Reading; HS : Heater_Setting; Next : Time; Interval : Time_Span := Milliseconds(200); begin Next := Clock; -- start time loop Read(TR); Temp_Convert(TR,HS); Write(HS); Next := Next + Interval; delay until Next; end loop; end Temp_Controller;
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Control Example in Ada (3)
task body Pressure_Controller is PR : Pressure_Reading; PS : Pressure_Setting; Next : Time; Interval : Time_Span := Milliseconds(150); begin Next := Clock; -- start time loop Read(PR); Pressure_Convert(PR,PS); Write(PS); Next := Next + Interval; delay until Next; end loop; end Pressure_Controller;begin null;end Controller;
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Timeouts on Actions
select
delay 0.1;
then abort
-- action
end select;
If the action takes too long (more than 100 ms), the action will be aborted
Java supports timeouts through the class Timed.
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Temporal Scopes (1)
Temporal scope: Collection of statements with an associated timing constraint
Deadline — the time by which the execution of a TS must be finished
Minimum delay — the minimum amount of time that must elapse before the start of execution of a TS
Maximum delay — the maximum amount of time that can elapse before the start of execution of a TS
Maximum execution time — of a TS Maximum elapse time — of a TS
Temporal scopes with combinations of these attributes are also possible
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Temporal Scopes (2)Now
Time
Deadline
a
b
c
Minimum delayMaximum delay
Maximum elapse time
Units of executionMaximum execution time = a + b +c
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Specifying Processes and TS
process periodic_P; ...begin loop IDLE start of temporal scope ... end of temporal scope end;end;
Time constraints: maximum and/or minimum times for IDLE At the end of the temporal scope a deadline must be met
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Deadline
The deadline can itself be expressed in terms ofeither
absolute time
execution time since the start of the temporal scope, or
elapsed time since the start of the temporal scope.
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Aperiodic Processes
process aperiodic_P; ...begin loop wait for interrupt start of temporal scope ... end of temporal scope end;end;
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
SCOOP for real-time systems
Timing assertions Maximal (and minimal) execution time Timeouts on actions Periodic and aperiodic activities
Possibility to execute the request of a VIP client while stopping the execution of the current client Duels Priorities
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Timing in sequential programming
In library class TIMING_ASSERTION:
time_now: TIME-- The current time now.
min_time_duration: TIME_DURATION-- Minimal time duration of a feature
max_time_duration: TIME_DURATION-- Maximal time duration of a feature
In application class SUPPLIER (inherits TIMING_ASSERTION):
create min_time_duration.make_by_fine_seconds (1.0)create max_time_duration.make_by_fine_seconds (3.0)
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Timing in sequential programming (cont.)
f (a_time_started: TIME; an_i: INTEGER): INTEGER isrequire
a_time_started_not_void: a_time_started /= Voidlocal
i: INTEGERdo
fromi := 0
untili = an_i
loopResult := Result + ii := i + 1
endcreate time_now.make_now
ensureminimal_execution_time: (time_now - a_time_started).duration >
min_time_duration
maximal_execution_time: (time_now - a_time_started).duration < max_time_duration
end
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Timing in sequential programming (cont.)
In client class CLIENT:
s: SUPPLIER time_now: TIME
res: INTEGER
create s create time_now.make_now res := s.f (time_now, 1000000)
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Timing in sequential programming (cont.)
f (a_time_started: TIME; an_i: INTEGER): INTEGER isrequire
a_time_started_not_void: a_time_started /= Voidlocal
i: INTEGERdo
fromi := 0
untili = an_i
loopResult := Result + ii := i + 1
endcreate time_now.make_now
ensureminimal_execution_time: (time_now - a_time_started).duration >
min_time_duration
maximal_execution_time: (time_now - a_time_started).duration < max_time_duration
end
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Timing assertions
Specifying temporal scopes with the assertion mechanism ofEiffel (has consequences to the scheduling mechanism)
Maximal (and minimal?) execution time of a feature call x.f (a, b)
f (a: A, b: separate B) is require a /= Void not b.empty ensure
-- maximal execution time of f is 100 ms maximal_execution_time (100)
-- minimal execution time of f is 50 ms minimal_execution_time (50) end
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Timing assertions
Timeout on actions
f (a: A, b: separate B) is require a /= Void not b.empty do
-- action b.g (h) must not take longer than 20 ms check timeout: timeout (20) b.g (h) end ensure
-- maximal execution time of f is 100 ms maximum_execution_time (100)
-- minimal execution time of f is 50 ms minimum_execution_time (50) end
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Timing assertions
Specification of periodic (and aperiodic) activities
f (a: A, b: separate B) is require a /= Void not b.empty
-- activated at absolute time between 4000 and 4500 activation_time > 4000 and activation_time < 4500 ensure -- periodicity is 500 ms periodicity (500)
end
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Duels
Can we snatch a shared object from its current holder?
holder executesholder.r (b) where b is separate
Then another object challenger executeschallenger.s (c) where c, also separate, is
attached to the same object as the holder‘s b
Normally, the challenger will wait until the call to r is over.
What if the challenger is impatient?
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Duels
Use library features from class CONCURRENCY: Request immediate service: immediate_service Accept immediate service: yield
Challenger → ↓ Holder
normal_service immediate_service
retain Challenger waits Exception in challenger
yield Challenger waits Exception in holder; serve challenger
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Extending duels with priorities
Tuning the duel mechanism:
holder.set_priority (50)
challenger.set_priority (100)
holder.yield
challenger.immediate_service
If the priority of the challenger is bigger than the priority of theholder (challenger.priority > holder.priority):
holder will get an exception challenger will be served.
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Conclusion
SCOOP model is simple yet powerful Full concurrency Full use of object-oriented techniques One keyword separate Based on Design by Contract™ Several platforms and architectures
(multiprocessing, multithreading, distributed execution, etc).
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
Future work
Extension of access control policy multiple locking of separate objects based on
the concept of pure functions Instruction-level parallelism Deadlock prevention Extending SCOOP for real-time systems
adding priorities to the duel mechanism specifying temporal scopes with the assertion
mechanism SCOOP can be used for persistence
with the STORABLE class mechanism and separate DATABASE
ATOT - Lecture 21, 16 June 2003Chair of Software Engineering
References
http://se.inf.ethz.ch/people/nienaltowski
http://se.inf.ethz.ch/people/arslan
http://se.inf.ethz.ch/projects (Concurrency, distribution, ...)
Nienaltowski P., Arslan V., Meyer B.: SCOOP: Concurrent Programming Made Easy, in process of submission
Simon D., An Embedded Software Primer, 3rd printing, Addison-Wesley, 2000
Burns A., Wellings A., Real-Time Systems and Programming Languages, 3rd edition, Addison-Wesley, 2001