software architecture
DESCRIPTION
Software Architecture. Bertrand Meyer ETH Zurich, March-May 2009. Lecture 15: Designing for concurrency & real-time. The world is increasingly concurrent. Processes Networking, the Internet, the Web Multithreading Multicore computing. Moore ’s law (source: M. Herlihy ). - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/1.jpg)
1
Software ArchitectureBertrand Meyer
ETH Zurich, March-May 2009
Lecture 15: Designing for concurrency& real-time
![Page 2: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/2.jpg)
The world is increasingly concurrent
ProcessesNetworking, the Internet, the WebMultithreadingMulticore computing
![Page 3: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/3.jpg)
Clock speed
flattening sharply
Transistor count still
rising
Moore’s law (source: M. Herlihy)
![Page 4: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/4.jpg)
Statements about concurrencyIntel: “Multi-core processing is taking the industry on a fast-moving and exciting ride into profoundly new territory. The defining paradigm in computing performance has shifted inexorably from raw clock speed to parallel operations and energy efficiency”.
• Rick Rashid, head of Microsoft Research “Multicore processors represent one of the largest technology transitions in the computing industry today, with deep implications for how we develop software.”
• Bill Gates: “Multicore: This is the one which will have the biggest impact on us. We have never had a problem to solve like this. A breakthrough is needed in how applications are done on multicore devices.”
See John Markoff, Faster Chips Are Leaving Programmers in Their Dust, New York Times, 17 Dec. 2007
![Page 5: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/5.jpg)
Why is concurrency hard?
Ordinary modes of reasoning are sequentialRisks:
Data race
Deadlock
Starvation
Testing and debugging are harder (some say impossible)
Plus, for “hard-real-time” systems, the difficulty of guaranteeing response times and memory occupation
![Page 6: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/6.jpg)
Example
{x = 0, y = 0} x := x + 1y := x + y + 1{x = 1, y = 2}
{x = 0, y = 0} x := x + 1y := x + y + 1{x = 1, y = 2}
{x = ?, y = ?}
![Page 7: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/7.jpg)
77
store (b : [G ] ; v : G )
-- Store v into b. require
not b.is_full do
… ensure
not b.is_empty end
QUEUE BUFFER
my_queue : [T ]…
if not my_queue.is_full then
store (my_queue, t )end
BUFFER QUEUE
put
item, remove
![Page 8: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/8.jpg)
Architectural models
Three general styles:
Shared memory
Message passing
Event-driven
![Page 9: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/9.jpg)
Three kinds of desirable propertiesSafety: no undesiredsituation will arise
“No two lights will begreen at the same time”
Liveness: there will alwaysbe an applicable event
“Some light will turngreen”
Fairness: every applicable event will happen after finite time
“If there is at least one car waiting, the light will turn green”
![Page 10: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/10.jpg)
Concurrency frameworks
1. Low-level mechanisms, e.g. threading libraries
2. Graphical models
3. Concurrent extensions to modern programming languages, e.g. SCOOP
4. Process calculi
![Page 11: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/11.jpg)
Statecharts (UML)
Finite-state machine for describing behavior of reactive systems Events cause transitions between states. They can have:
Parameters Guards Actions Time values
Kinds of events: SignalEvent: asynchronous, queued CallEvent: synchronous, blocks sender ChangeEvent: occurs when state value changes TimeEvent: associated with timeout
![Page 12: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/12.jpg)
Statechart exampleSource: B. Powel-Douglass
![Page 13: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/13.jpg)
Temporal logic
Logic plus new operators:
□ f f holds now and rest of execution
◊ f f holds sometime from now on
f f holds at the next state f U g f holds until when and if g holds
![Page 14: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/14.jpg)
Example temporal logic specification
(x = 0) (y = 0) □ (
( ((x = xold + 1) (y = yold))) ( ((Y = Yold + 1) (x = xold)))
)
Possible implementationx := 0 ; y := 0parallel
forever x := x + 1 end ||forever y := y + 1 end
end
From an example by Lamport
![Page 15: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/15.jpg)
Three kinds of real-time propertiesSafety: no undesiredsituation will arise
“No two lights will begreen at the same time”
Liveness: there will alwaysbe an applicable event
“Some light will turngreen”
Fairness: every applicable event will happen after finite time
“If there is at least one car waiting, the light will turn green”
![Page 16: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/16.jpg)
Three kinds of real-time propertiesSafety: no undesiredsituation will arise
“No two lights will begreen at the same time”
Liveness: there will alwaysbe an applicable event
“Some light will turn green”
Fairness: every applicable event will happen after finite time
“If there is at least one car waiting, the light will turn green”
□ ( green1 + green2 + green3 <= 1)
◊ ( green1 + green2 + green3 = 1)
car1 ◊ green1
car2 ◊ green2 car3 ◊ green3
![Page 17: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/17.jpg)
The SCOOP model
Aim: smallest possible extension of sequential object-oriented model, preserving classical modes of reasoning
![Page 18: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/18.jpg)
1818
store (b : [G ] ; v : G )
-- Store v into b. require
not b.is_full do
… ensure
not b.is_empty end
QUEUE BUFFER
my_queue : [T ]…
if not my_queue.is_full then
store (my_queue, t )end
BUFFER QUEUE
put
item, remove
![Page 19: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/19.jpg)
SCOOP principles
Each object is handled by a “processor”
Object handled by different processor is specially declared:
x: separate T
Passing separate values as arguments locks them:p (sep_x, sep_y)
Preconditions serve as wait conditions:p (x, y: separate T)
requirenot x is_full
do … end
![Page 20: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/20.jpg)
20
Dining philosophers
class PHILOSOPHER inheritPROCESS
rename setup as getupredefine step end
feature {BUTLER}step
do think ; eat (left, right)
end
eat (l, r : separate FORK) -- Eat, having grabbed l and r.
do … endend
![Page 21: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/21.jpg)
The calculi
CSP (Hoare)CCS, Pi-calculus (Milner)
Aim: provide a formal basis for reasoning about concurrent systems
![Page 22: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/22.jpg)
22
CSP origins
Communicating Sequential Processes: C.A.R. Hoare
1978 paper, based in part on ideas of E.W. Dijkstra (guarded commands, 1978 paper and “A Discipline of Programming” book)
Revised with help of S. D. Brooks and A.W. Roscoe
1985 book, revised 2004
![Page 23: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/23.jpg)
23
CSP purposeConcurrency formalism
Expresses many concurrent situations elegantly
Influenced design of several concurrent programming languages, in particular Occam (Transputer)
Calculus Formally specified: laws Makes it possible to prove properties of
systems
![Page 24: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/24.jpg)
24
Basic notionsProcesses engage in events
Example:
BDVM = (coin coffee coin coffee STOP)
a(BDVM) = {coin, coffee} u
![Page 25: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/25.jpg)
25
Basic CSP syntaxP ::= Stop | -- Does not engage in any events
a P | -- Accepts a, then engages in PP П P | -- Internal choiceP P | -- External choiceP || P | -- ConcurrencyP ||| P | -- InterleavingP \ H | -- Hiding (H: alphabet
symbols)mP f (P) -- Recursion
![Page 26: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/26.jpg)
26
Some examplesCLOCK = (tick CLOCK)
This is an abbreviation forCLOCK = mP (tick P)
CVM = (in1f (coffee CVM))= (in1f coffee CVM) -- Right-
associativity
CHM1 = (in1f out50rp out20rp out20rp out10rp)CHM2 = (in1f out50rp out50rp)
CHM = CHM1 П CHM2
![Page 27: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/27.jpg)
27
More examplesCOPYBIT = (in.0 out.0 COPYBIT
in.1 out.1 COPYBIT)
![Page 28: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/28.jpg)
28
More examplesVMC =
(in2f ((large VMC) (small out1f VMC))
(in1f
((small VMC) (in1f large VMC))
FOOLCUST = (in2f large FOOLCUST in1f large FOOLCUST)
FOOLCUST || VMC = mP (in2f large P in1f STOP)
![Page 29: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/29.jpg)
29
Internal non-deterministic choiceCH1F = (in1f
((out20rp out20rp out20rp out20rp out20rp CH1F)
П(out50rp out50rp CH1F)))
![Page 30: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/30.jpg)
30
Laws of concurrencyP || Q = Q || PP || (Q || R)) = ((P || Q) || R)
P || STOPaP = STOPaP
(c P) || (c Q) = (c (P || Q))(c P) || (d Q) = STOP -- If c ≠ d
(x: A P (x)) || (y: B Q (y)) = (z: (A B) (P (z) || Q (z))
![Page 31: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/31.jpg)
31
Laws of non-deterministic internal choiceP П Q = Q П PP П (Q П R) = (P П Q) П Rx (P П Q) = (x P) П (x Q)
P || (Q П R) = (P || Q) П (P || R)(P || Q) П R = (P || R) П (Q || R)
The recursion operator is not distributive; consider:
P = mX ((a X) П (b X))Q = (mX (a X)) П (mX (b X))
![Page 32: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/32.jpg)
Designing concurrent systems
The basic advice today:Keep the concurrency aspectsseparate from the other architectural
constraints
![Page 33: Software Architecture](https://reader035.vdocument.in/reader035/viewer/2022062310/56816284550346895dd2f22a/html5/thumbnails/33.jpg)
Software architecture
DesignPatternsComponentsArchitectural styles
The key is to find the right abstractions