OCL - The Bigger Picture


Published on

Keynote at BigMDE 2013

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

OCL - The Bigger Picture

  1. 1. Made available under EPL 1.0OCL - The Bigger PictureEdward Willink, Willink Transformations LtdEclipse Projects: OCL, MMT, QVTd, QVTo, UMLXOMG RTFs (representing Nomos): OCL, QVT, UMLBigMDE 2013, Budapest17th June 2013
  2. 2. 17-June-2013 OCL - The Bigger Picture 2Made available under EPL 1.0OverviewBig MDEbig problemsdisproportionately big problemsSmall MDEsmall problemsinsignificant in the smallsignificant in the largeBig MDEdisproportionately small problems
  3. 3. 17-June-2013 OCL - The Bigger Picture 3Made available under EPL 1.0BackgroundElectronic/Systems Engineeringpoor quality toolsmake things bettermake things reuseablemake things rightspecification not implementation
  4. 4. 17-June-2013 OCL - The Bigger Picture 4Made available under EPL 1.0OCL utilityexecutable specification languagerightuseablereuseableunuseableside effect freenothing can changeneeds objectsonly useful within a larger contexttransformation languages
  5. 5. 17-June-2013 OCL - The Bigger Picture 5Made available under EPL 1.0Systems
  6. 6. 17-June-2013 OCL - The Bigger Picture 6Made available under EPL 1.0Block Diagrams●Low, medium or high level●Friendly Convey an apparently simple meaning Open to review●Each element Independent continuously operating
  7. 7. 17-June-2013 OCL - The Bigger Picture 7Made available under EPL 1.0SubsystemsSystems too complicatedbreak down in to subsystems/subsubsystems/...Subsystems availableadd value to create a SystemWhat does it actually mean to composesubsystems ?compatible interface .... communication
  8. 8. 17-June-2013 OCL - The Bigger Picture 8Made available under EPL 1.0Subsystem Interface CompatibilityContent compatibilityfeet/pounds or metres/kilograms ?model conforming to structural metamodeltypes conforming to semantic metamodelCommunication compatibilityproducer/consumerclient/server...
  9. 9. 17-June-2013 OCL - The Bigger Picture 9Made available under EPL 1.0Communication Link is two endedBoth ends must co-operateAll links must co-operateshare bandwidthavoid deadlocksreduce latenciesprovide securityprovide reliability....
  10. 10. 17-June-2013 OCL - The Bigger Picture 10Made available under EPL 1.0Component Oriented Communicationsprovide a sink/sourceloop foreverwait till inputs availableget inputscompute outputs and update stateput outputsBlockinputs outputsstate
  11. 11. 17-June-2013 OCL - The Bigger Picture 11Made available under EPL 1.0Trivial DeadlockOopsboth waiting for inputsneither generating outputDeadlock (with just 2 components!)BlockAinputs outputsstateBlockBinputs outputsstate
  12. 12. 17-June-2013 OCL - The Bigger Picture 12Made available under EPL 1.0Eclipse System PerformanceEclipse 3.0 to 3.4 steadily fasterincremental editor/compilerincremental builderEclipse 3.5 to 3.9/4.3 steadily slowerinnovative new projectsindisciplined use of component-level APIs(e4 is far from being the major culprit)
  13. 13. 17-June-2013 OCL - The Bigger Picture 13Made available under EPL 1.0Stupid Livelock Example1: Every source file shall be reviewed after any change2: Every source file shall contain a review recordOops:real change =>review =>review record change =>review =>review record change =>
  14. 14. 17-June-2013 OCL - The Bigger Picture 14Made available under EPL 1.0Real Example1: The Model Index shall contain a summary of all models2: The Model Index shall be updated when a model changes3a: The Model Index shall be accessible as a model3b: A model shall be autogenerated from ...3c: Another Model Index shall contain a summary of all models3d: A Configuration Management State ....In practice the infinite loop is only stabilized by:an unmodified output file shall not be written
  15. 15. 17-June-2013 OCL - The Bigger Picture 15Made available under EPL 1.0Communication DesignRequirements of the system=> partitioning of computations=> distribution over processes/processors=> requirements on the communicationscan be fundamentally relibaleBottom up subsystem reuse=> communication anarchyComponents must suit the system
  16. 16. 17-June-2013 OCL - The Bigger Picture 16Made available under EPL 1.0Mutable ComponentsImplementationsnumerous configuration options(very) bloated interfacescompromised performanceSpecificationsauto-generated implementationnumerous configuration optionsunwanted functionality gets optimized awayDead Specification Elimination
  17. 17. 17-June-2013 OCL - The Bigger Picture 17Made available under EPL 1.0Requirements SpecificationImplementation
  18. 18. 17-June-2013 OCL - The Bigger Picture 18Made available under EPL 1.0The basic software production problemSimpleProblemtoo hardprogressionsdistractionsmodelsSpecificationCodeAssemblerCCIMPIMPSMModelsMacroAssemblerC++, Java, ..Aspect ...
  19. 19. 17-June-2013 OCL - The Bigger Picture 19Made available under EPL 1.0MDA YPlatformIndependentModelPlatformSpecificModelPlatformModelPIMwhat needsto be doneprogram/applicationmodelswhat resourcesare availableprogram/algorithm/applicationlibrarieshardware/operating systemdefinition modelsPSMwhat actually getsdone -- the code
  20. 20. 17-June-2013 OCL - The Bigger Picture 20Made available under EPL 1.0Better MDA YSpecification + Hints + Reality => SolutionPlatformIndependentModelPlatformSpecificModelPlatformModelMark ModelMM - the manualintervention● do the JPEG on thegraphics processor● use a non-reentrantQuickSort algorithm for ...● use TCP to satisfytransmission guaranteesPSM - the 100%autogenerated solution
  21. 21. 17-June-2013 OCL - The Bigger Picture 21Made available under EPL 1.0Aspect Oriented MDAToo many problems to solveat oncedivide and conquersolve one concern at a timeprecisionschedulingpartitioninglatencyintegritymiddlewarecode generationConcern ACodeModelsConcern BConcern CSpecificationConcern ZPlatform Hints
  22. 22. 17-June-2013 OCL - The Bigger Picture 22Made available under EPL 1.0MetaModel Typed MDAAll models conform to their meta-modelsM Ain ≺ MM AinM Aout ≺ MM AoutIn practice not all of meta-model is usedM Ain ≺ MM Ain ∈ MM AinM Aout ≺ MM Aout ∈ MM AoutM Bin ≺ MM Bin ∈ MM BinM Bout ≺ MM Bout ∈ MM BoutCompatibilityM Aout ≡ M BinMM Aout ∈ MM Bin[MM Aout ∈ MM Bin too strong]Concern ACodeMM AinModelsConcern BConcern CSpecificationConcern ZMM BinMM BoutMM AoutMM CinMM CoutMM ZinMM Zout
  23. 23. 17-June-2013 OCL - The Bigger Picture 23Made available under EPL 1.0Traditional ModelingUML Analysis Diagramspoor quality toolsmajor analysis/design disconnectUML Design Diagramsdifficult to capture behaviouropaque code generation templatestroublesome reverse engineering cyclesVery productive in well-suited narrow domainsstate/protocol machinesCounter productive in more general applications
  24. 24. 17-June-2013 OCL - The Bigger Picture 24Made available under EPL 1.0The Action ProblemAction code does not model wellAny systemhas a statecomprising many variablescan be represented as an instance of a meta-modelevent occurssometimes comprising a messagecan be represented as an instance of a meta-modelhas an updated statecomprising many variablescan be represented as an instance of a meta-model
  25. 25. 17-June-2013 OCL - The Bigger Picture 25Made available under EPL 1.0State change as model transformationAny state changecan be treated as an atomic model transformationfromold stateinput messagetonew stateoutput messagesModelTransformationInputMessageOutputMessage(s)
  26. 26. 17-June-2013 OCL - The Bigger Picture 26Made available under EPL 1.0In-place transformationsEmbedded systemsin-place transformation (human)old state can be accidentally corrupted while computing new statehybrid old/new state can be inadvertently accessedin-place transformation (declarative)tooling must sequence old reads, temp stores, new writestooling must hide access during finite duration atomic changeModelTransformationAInputMessageOutputMessage(s)ModelTransformationBInputMessageOutputMessage(s)
  27. 27. 17-June-2013 OCL - The Bigger Picture 27Made available under EPL 1.0Declarative model transformationRelationship between Input(s) and Output(s)no internal side effectsvery disciplined form of model mutationcan be expressed in OCLModelTransformationInputMessageOutputMessage(s)
  28. 28. 17-June-2013 OCL - The Bigger Picture 28Made available under EPL 1.0Model transformation as OCLself organizing (small changes)every node notifies changesevery node listens for relevant changesOCL analysis configures the listenerschange just ripples through affected graph nodesstrategic (large changes)transformation directly pokes the affected nodesOCL EquationsDirected GraphInput Objectsand MessagesOutput Objectsand Messages
  29. 29. 17-June-2013 OCL - The Bigger Picture 29Made available under EPL 1.0Models of CompuationHow, When, Why computations happenfundamental to Digital Signal Processinginsufficiently known more generallyLee, E.A., Messerschmitt, D.G.: Synchronous data flow.Proceedings of the IEEE 75(9), 1235–1245 (1987)
  30. 30. 17-June-2013 OCL - The Bigger Picture 30Made available under EPL 1.0Java Model of Computationdouble f(double x, double y)double p,q,r;p = x + 1;q = y - 1;r = p + q;return r;}When f is invoked (unknown mechanism)execution proceeds statement by statementResult is returned (unknown mechanism)Validity of variables is assumed to be okcommunication exists as a side effect
  31. 31. 17-June-2013 OCL - The Bigger Picture 31Made available under EPL 1.0Java Model of Computation - Oopsdouble f(double x, double y)double p,q,r;r = p + q;p = x + 1;q = y - 1;r = p + q;return r;}Validity of variables is no longer okcommunication failsmay get uninitialized variable warningin general, just get a malfunction
  32. 32. 17-June-2013 OCL - The Bigger Picture 32Made available under EPL 1.0System/subsystem viewData dependencies are now clearcannot misscheduleWhat happens when?no one right answer+
  33. 33. 17-June-2013 OCL - The Bigger Picture 33Made available under EPL 1.0Continuous Time MoCExecuting on analogue hardwareeach partial computation has its own hardwareoccurs continuouslypropagation delay from input to output
  34. 34. 17-June-2013 OCL - The Bigger Picture 34Made available under EPL 1.0SimulationDedicated hardware per computationimpracticalinaccurate/unstableunnecessarily redundantSimulationfast enough to give comparable resultsshare hardware
  35. 35. 17-June-2013 OCL - The Bigger Picture 35Made available under EPL 1.0Data Flow MoCEach node processes when readyabsorbs a token from each inputproduces a token at each outputpropagation delay from input to output
  36. 36. 17-June-2013 OCL - The Bigger Picture 36Made available under EPL 1.0Synchronous Data Flow MoCAll input tokens appear at onceno need for physical tokenssynthesize a legal schedulep = x+1; q = y-1; r = p+q;q = y-1; p = x+1; r = p+q;
  37. 37. 17-June-2013 OCL - The Bigger Picture 37Made available under EPL 1.0Discrete Event MoCInputs may change one at a timevariables have persistent statex changes:p = x+1; r = p+q;y changes:q = y-1; r = p+q;
  38. 38. 17-June-2013 OCL - The Bigger Picture 38Made available under EPL 1.0Practical ConsequencesIncremental editorediting 10 line file has cost Tediting a 10,000 line can be << 1000Tincremental code too hard to write manuallyEclipse JDT, builder sometimes malfunction (rebuild all)Xtext does not attempt many incremental updatesincremental code can be correct automaticallyOCL is a side effect free specification languagevery hard to do the same with arbitrary Java code
  39. 39. 17-June-2013 OCL - The Bigger Picture 39Made available under EPL 1.0Model Transformation Performancelarge random trees using EMF1.0 * C = time to create a tree in memory1.6 * C = time to copy a tree in memory1.7 * C = time to save a tree as XMI on disk4.0 * C = time to load a tree from XMI on disk36 * C = time to transform a tree in memoryEclipse QVTo (interpreted)2.0 * C = time to transform a tree in memoryEclipse QVTi (code generated)
  40. 40. 17-June-2013 OCL - The Bigger Picture 40Made available under EPL 1.0System PerformanceComplex systems require transformation cascadesmany intermediate modelsN * (save + load + save)N *(4.0 + 36 + 1.7) extra models ~15%N *(4.0 + 2 + 1.7) extra models ~300%Compositionmerge multiple transformationsexploit close relationships with graph transformation
  41. 41. 17-June-2013 OCL - The Bigger Picture 41Made available under EPL 1.0Performance SummaryMultiple transformationsoptimize by compositionLong running systemsoptimize by incremental updateonly possible for declarative transformationsexploit side effect free characteristics of OCL
  42. 42. 17-June-2013 OCL - The Bigger Picture 42Made available under EPL 1.0Shared tool chainNew transformation languageleverage interpreter/debugger/optimizers/composersBetter debuggerreuseable by many languagesVMNew Intermediate LanguagesQVT DeclarativeQVTr QVTc QVTuQVTc QVTm QVTiOCLUMLQVTi + JavaInterpreters/DebuggersOptimizers/Composers/RescuersEditors
  43. 43. 17-June-2013 OCL - The Bigger Picture 43Made available under EPL 1.0OCL Specification/ImplementationOCL specification is incompleteEBNF UML OCLQVTUMLEBNF
  44. 44. 17-June-2013 OCL - The Bigger Picture 44Made available under EPL 1.0The New Eclipse OCL using XtextXtext covers large parts of an implementationModest gaps between specification and tooling
  45. 45. 17-June-2013 OCL - The Bigger Picture 45Made available under EPL 1.0Eclipse OCL Tooling WorkOCL to Java automation of WFRsOCL-friendly Transformation Virtual MachineAutomation of Pivot ASG creation/mappingAutomation of CST to Pivot ASG mappingsRe-useable for QVT
  46. 46. 17-June-2013 OCL - The Bigger Picture 46Made available under EPL 1.0Software QualificationSpecificationwords, ambiguities, omissions and contradictionsCodehuge line count, numerous authors,finite development time and money,finite testing enthusiasmSpecificationCodeSafety CriticalEliminate all specification errorsEliminate all implementation errors
  47. 47. 17-June-2013 OCL - The Bigger Picture 47Made available under EPL 1.0Zeroth Order Software QualificationManually Check the Specificationconfidence building prototypesselective formal mathematicsManually Check the Code1000 lines possible100,000 lines hard1,000,000 lines totally unrealisticManualTransformationSpecificationCodecheckedignored
  48. 48. 17-June-2013 OCL - The Bigger Picture 48Made available under EPL 1.0First Order Software QualificationCheck the Specificationmanual check of principlesAutomatically Validate the Specificationautomated check of consistency, ambiguities, omissionsManually Check the Transformation Tool Code1,000,000 lines totally unrealisticmost errors are orthogonalAuto-generate the Production CodeAutomatedTransformationSpecificationCodeTransformationTool Code
  49. 49. 17-June-2013 OCL - The Bigger Picture 49Made available under EPL 1.0Higher Order Software QualificationCheck the Specificationsmanual check of principlesautomated check of consistency, ambiguities, omissionsmost errors are doubly orthogonaltool specifications checks are re-useableAutomatedTransformationSpecificationCodeTransformationTool CodeAutomatedTransformationTool SpecificationTransformationTool CodeAutomatedTransformation
  50. 50. 17-June-2013 OCL - The Bigger Picture 50Made available under EPL 1.0SummaryEverything is a Model Transformationefficient code generationeffective compositionautogenerated incremental updateautogenerated toolinghigher order software qualification
  51. 51. 17-June-2013 OCL - The Bigger Picture 51Made available under EPL 1.0System Oriented Communications●Component Oriented Communications (OneEnded)− system utility is not my problem− deadlocks, livelocks are your problem− difficult/intractable analysis− component is not (re-)usable●System Oriented Communications (Two Ended)− communication policy carefully chosen●suitable communication rates●suitable communication resources/bandwidths/routes●compliant sources and sinks on each end− tractable synthesis●?? cf. Service Oriented Architectures ??