Title: Counting Interface Automata and their Application in Static Analysis of Actor Networks
1Counting Interface Automata and their
Application in Static Analysis of Actor Networks
7. September 2005 SEFM, Koblenz, Germany
E. Wandeler(1), J.W. Janneck(2), E.A. Lee(2), L.
Thiele(1)
(1)Computer Engineering and Networks
Laboratory ETH Zurich, Switzerland (2)Department
of EECS UC Berkeley, USA
2Introduction (1) Actors
- An actor is a SW/HWcomponent with
- Input Ports
- Output Ports
- Parameters
- State
- When an actor is fired, it
- consumes data-tokens on its input ports
- produces data-tokens on its output ports
- updates its state
AddAndAcc
1
0
7
3
5
3
7
3Introduction (2) Actor Models
Director ? - Control flow
What is the semantic of this model?
Receiver ? - Communication
Actor A
Actor C
Actor B
4Motivation forStatic Analysis of Actor Models
- Actor-oriented modeling is widely spread, e.g. in
embedded system design. - Compatibility-checks of the components in an
actor-model at design-time reduce modeling
errors. - Static analysis leads to formal verifiable
results.
5Analysis-Strategy
Composition ? - Component compatibility
Analysis ? - Legal firing-sequence - Buffer
overflow - Deadlock - ...
Actor Automaton
MoC Automaton
1.
2.
3.
Composition
4.
Analysis
6Counting Interface Automata
7Counting Interface Automata
States (Normal, Initial, Reset)
8Counting Interface Automata
Transitions
9Counting Interface Automata
step f! fR?
Actions (Input ?, Output !, Internal )
10Counting Interface Automata
Ports (Input, Output)
11Counting Interface Automata
Counter Variables (Persistent/Transient)
12Counting Interface Automata
Tan Tbn
cTn
Counter Declarations/Assignments
13Counting Interface Automata
Tgtn / hTT!
Guards
14Counting Interface Automata
hT!4
Action Quantities
15Counting Interface Automata
hT!4
hT?n
Action Quantity Declarations
16Composition
- Valid Compositions
- a! a?
- a!3 a?3
- a! a?1
- a!3 a?n -gt n3
- Invalid Compositions
- a! b?
- a!3 a?2
17Example
actor A () In gt Out A1action a gt a
end end
actor Src () gt Out1, Out2 A1action gt
a, end A2action gt , a end
selector (A1A2) end end
actor Snk () In1, In2 gt A1action a,
b gt end end
actor B () In gt Out A1action a gt a,
a end end
18An Actor Model Example
19Step 1 Actor Automaton
1.
20An Actor Model Example
actor B () In gt Out A1action a gt a,
a end end
21Step 1 Actor Automaton
actor B () In gt Out A1action a gt a,
a end end
22Step 2 MoC Automaton
1.
2.
23Step 2 MoC Automaton
IncTgtn / Ing?n
24Step 3 Composition
1.
2.
3.
25Step 3 Composition
MoC
Actor
26Incompatible Components
MoC
Actor
IncTgt1 false!
27Incompatible Components
MoC
Actor
empty
28Model Automaton
1.
2.
3.
29Model Automaton
- Empty, if incompatible components exist in the
actor model - Contains otherwise
- all actor-connections
- all token-exchange-rates
- state-space of the model
- firing-schedule, if existing
30Step 4 Analysis
1.
2.
3.
4.
31Token Exchange Automaton
32Token Exchange Petri Net
33Petri Net Analysis
- Transition-Invariant IT0
- ? No legal firing sequence
- Reachability tree
- SnkIn2T is unsecure, i.e. buffer-Overflow in
input In2 of Snk - no deadlock
34Conclusions
- CIA are taylored towards the use in actor
systems. - Methods exist to extract CIA from CAL actor
definitions. - Methods exist to generate CIA for SDF DDF MoC.
- Successful composition if CIA behavioral type
compatibility! - CIA of full model contains much information for
further static analysis.
35Thank you!
36Example
actor A () In gt Out A1action a gt a
end end
actor Src () gt Out1, Out2 A1action gt
a, end A2action gt , a end
selector (A1A2) end end
actor Snk () In1, In2 gt A1action a,
b gt end end
actor B () In gt Out A1action a gt a,
a end end
37Inkompatible Komponenten
MoC
Actor
IncTgt1 ist false!
38Token Exchange Automaton
39Token Exchange Petri Net
40Petri Net Analysis
- Transition-Invariant IT0
- ? No legal firing sequence
- Reachability tree
- SnkIn2T is unsecure, i.e. buffer-Overflow in
input In2 of Snk - no deadlock
41Erreichtes
- Definition von Counting Interface Automata (CIA)
- Automatische generation von Actor CIA aus der Cal
Actor Language (CAL) - Automatische generation von MoC CIA für SDF und
DDF - Automatische komposition von kompletten Actor
Modellen - Beispiele von Analyse-Möglichkeiten
42Zukünftige Arbeit
- Automaten für weitere Models of Computation
definieren - Erweiterte Analysen für den Modell Automat
entwickeln - Benutzung der vorgestellten Techniken zur
Code-Generierung - Benutzung von Counting Interface Automata für
andere Anwendugsgebiete
43An Actor Model Example