Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

OpenComRtos 1.4_tutorial_1o4_presentation

283 views

Published on

OpenComRtos 1.4_tutorial_1

Published in: Technology
  • Be the first to comment

OpenComRtos 1.4_tutorial_1o4_presentation

  1. 1. Session #1.1: The Theoretical foundations of OpenComRTOS Bernhard Sputh bernhard.sputh@altreonic.com Altreonic NV Gemeentestraat 61 Bus 1 3210 Linden Belgium January 12, 2012Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 1 / 71
  2. 2. Who am I Name: Bernhard Sputh Highest Degree: PhD in Electronics from the University of Aberdeen (Scotland) Current Occupation: Software Engineering Researcher Altreonic N.V. (Belgium) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 2 / 71
  3. 3. Outline of this Workshop Session #1.1: The Theoretical foundations of OpenComRTOS. Session #1.2: Introduction to OpenComRTOS and the OpenComRTOS Designer Suite Session #1.3: OpenComRTOS Internals Session #1.4: Hands on with the OpenComRTOS Designer Suite Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 3 / 71
  4. 4. 1 Introduction Examples of Distributed Heterogeneous Systems Advantages of Distributed Heterogeneous Systems Problems to take into account2 Communicating Sequential Processes Term Definitions Sequential Processes Parallel Composition Compound Events3 Applying CSP to Real World Problems Modelling a Counter with CSP Checking the model for a deadlock Hiding Internal Events Refinement Checks4 Paradigms of OpenComRTOS5 Summary Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 4 / 71
  5. 5. Outline1 Introduction Examples of Distributed Heterogeneous Systems Advantages of Distributed Heterogeneous Systems Problems to take into account2 Communicating Sequential Processes Term Definitions Sequential Processes Parallel Composition Compound Events3 Applying CSP to Real World Problems Modelling a Counter with CSP Checking the model for a deadlock Hiding Internal Events Refinement Checks4 Paradigms of OpenComRTOS5 Summary
  6. 6. Examples of Distributed Heterogeneous Systems System on Chip (SoC) Network on Chip (NoC) Distributed Computing Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 6 / 71
  7. 7. System on Chip
  8. 8. Network on Chip TI 8 Core DSP Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 8 / 71
  9. 9. Distributed Computing High Performance Computing Rendering farms Grid Computing Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 9 / 71
  10. 10. Advantages of Distributed Heterogeneous Systems Ability to use the processing entity that fits best for the task. Lower power consumption. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 10 / 71
  11. 11. Separate Memories Data needs to be copied from one entity / node A mechanism that allows this securely is necessary. Increased latency due to copying of data. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 11 / 71
  12. 12. Communication between Entities Bandwidth Latency Byte Order Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 12 / 71
  13. 13. Parallelism Problems Deadlocks LivelocksFinding and resolving problems cause by parallelism is a complex task andrequires very often the help of formal methods. In the remaining part ofthis lecture I’ll give an introduction to Communicating SequentialProcesses (CSP) a formal method and a mind set that helps to find suchproblems and also to prove the absence of them using model checkers. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 13 / 71
  14. 14. Outline1 Introduction Examples of Distributed Heterogeneous Systems Advantages of Distributed Heterogeneous Systems Problems to take into account2 Communicating Sequential Processes Term Definitions Sequential Processes Parallel Composition Compound Events3 Applying CSP to Real World Problems Modelling a Counter with CSP Checking the model for a deadlock Hiding Internal Events Refinement Checks4 Paradigms of OpenComRTOS5 Summary
  15. 15. Communicating Sequential Processes (CSP) Formal Method developed by C.A.R Hoare [1]; Allows to reason over concurrent / parallel systems, and allows to identify whether systems: Deadlock Livelock Applies both to hardware and software systems. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 15 / 71
  16. 16. Sequential SystemA sequential system, has one thread of execution, one instruction ishandled after the other. A typical example of a sequential system is acounter. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 16 / 71
  17. 17. Concurrent SystemsA concurrent system has multiple threads of execution, so it can performmultiple tasks at the same time. For instance, a system could wait fordata to arrive, while processing previously received data. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 17 / 71
  18. 18. Processes as Finite State Machines con1 con2 START INTER STOP Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 18 / 71
  19. 19. Naming ProcessesSimilar to a Finite State Machine (FSM) Processes can be named. Theconvention here is that a process name always consists of all upper caseletters. To separate the words of multi word names the underscore ( ) isused. Equation 1 is an example for a named process. START =con1 → INTER (1) INTER =con2 → STOPSTOP means that the process does not engage in any event any more. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 19 / 71
  20. 20. AlphabetsAll events a process shares with its environment are part of its alphabet.Events a process does not want to share with the environment are omittedfrom the alphabet. The name of an alphabet consists of the Greek letteralpha α followed by the name of the process which alphabet it is: αSTART = {con1 , con2 } (2) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 20 / 71
  21. 21. Examples for Alphabets 1 A web server, represented by process WS, can accept requests and then service them. The alphabet of a web server (αWS) can be: αWS = {request, serve} (3) 2 A computer mouse (process MOUSE ) has three buttons (b1, b2, and b3), one scroll wheel (sw up and sw down), and can move in two dimensions (left, right, up, and down). The alphabet of the mouse (αMOUSE ) is therefore: αMOUSE = {b1, b2, b3, sw up, sw down, left, right, up, down} (4) This set precisely describes how the mouse interacts with its environment, or its user. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 21 / 71
  22. 22. Examples for Alphabets 1 A web server, represented by process WS, can accept requests and then service them. The alphabet of a web server (αWS) can be: αWS = {request, serve} (3) 2 A computer mouse (process MOUSE ) has three buttons (b1, b2, and b3), one scroll wheel (sw up and sw down), and can move in two dimensions (left, right, up, and down). The alphabet of the mouse (αMOUSE ) is therefore: αMOUSE = {b1, b2, b3, sw up, sw down, left, right, up, down} (4) This set precisely describes how the mouse interacts with its environment, or its user. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 21 / 71
  23. 23. Performing Events con −1 (con1 → INTER) − → INTER (5) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 22 / 71
  24. 24. Signalling the end of ExecutionWhen a process does not want to engage in any more events, it transits tothe process ‘STOP’. The process STOP does not engage in any events.One can think of the process STOP as behaving like a turned off webserver, which will neither accept nor service any requests.Utilising the STOP process it is possible to define a one-shotimplementation of the web server (Equation 6): WS = request → serve → STOP (6)Equation 7 defines the alphabet for the process WS. αWS = {request, serve} (7)The corresponding FSM is given in the following figure. request serve WS (serve → STOP) STOP Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 23 / 71
  25. 25. Recording what happened using TracesTo analyse whether or not a system behaves as expected it is useful tohave a recording of all events it presented to the environment. In CSP thislist is part of the language and is called a trace. A trace only records theevents a process explicitly exposes to its environment!Example: Equation 8 gives one possible trace of the process WS(Equation 6). request, serve (8) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 24 / 71
  26. 26. Obtaining all Traces a Process can produceThe function traces(P) returns a set containing all possible traces ofprocess P. Every process can create the so called empty trace: ‘ ’, whichindicates that the process has not engaged in any event!The process STOP produces an empty trace ( ) as it does not engage inany events: traces(STOP) = (9)Example: Equation 10 gives a set containing all possible the traces of theprocess WS (Equation 6). traces(WS) = { , request , request, serve } (10)Example: The traces of the process START are: traces(START ) = { , con1 , con1 , con2 } (11) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 25 / 71
  27. 27. Appending a Trace to another TraceTo append tr2 to the trace tr1 , the concatenation operator ( ) is used: tr1 = e1 , e2 (12) tr2 = e3 , e4 tr3 =tr1 tr2 (13) = e1 , e2 , e3 , e4 Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 26 / 71
  28. 28. Sequential Composition: The SKIP ProcessSo far all our processes transited to the process STOP once they finishedtheir execution. However, when a process transits to the STOP process itsexecution stops, instead of returning control to the process that called it.So a signalling mechanism is required that allows a process to signalsuccessful termination. CSP provides the process SKIP for signalling thesuccessful termination to its calling process. The SKIP process engages inthe successful termination event ‘ ’, before transiting to STOP. Equation14 gives the definition of the SKIP process. SKIP = → STOP (14) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 27 / 71
  29. 29. The Sequential Composition OperatorFor a process to wait for the successful termination of a process it justcalled, the sequential composition operator ‘;’ is used instead of the thenoperator ‘→’.Example: Equation 15 shows process A which is a sequential compositionof the processes B (Equation 16), C (Equation 17), and STOP. A = B; C ; STOP (15) B = e1 → e2 → SKIP (16) C = e3 → e4 → SKIP (17) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 28 / 71
  30. 30. Traces for Sequential CompositionTo determine the traces a sequential composition such as: P1 ; P2 (18) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 29 / 71
  31. 31. It is necessary to first determine all traces of process P1 (traces(P1 )).However the successful termination event ( ) must not be present, andmust therefore to be filtered out. To perform the filtering the tracetr ∈ traces(P1 ) is converted to an unordered set (σ(tr )) and it checkedthat the successful termination event ( ) is not part of it ∈ σ(tr )Equation 19 gives the complete expression to obtain this set. {tr | tr ∈ traces(P1 ) ∧ ∈ σ(tr )} (19) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 30 / 71
  32. 32. Then all traces of process P2 have to be preceded by a trace, where P1 hasterminated successfully but without the successful termination event(tr1 ∈ traces(P1 )).By appending the to the trace tr1 and checking whether this trace is inthe traces of P1 (tr1 ∈ traces(P1 )), we only get the traces where P1terminated successfully but without the successful termination event .The complete set is given in the following equation: {tr1 tr2 | tr1 ∈ traces(P1 ) ∧ tr2 ∈ traces(P2 )} (20) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 31 / 71
  33. 33. To combine two sets, the union operator (∪) is used. This operatorfurthermore eliminates any double entries.Equation 21 gives the complete formula to construct all traces of asequential composition.traces(P1 ; P2 ) ={tr | tr ∈ traces(P1 ) ∧ ∈ σ(tr )} ∪ {tr1 tr2 | tr1 ∈ traces(P1 ) ∧ tr2 ∈ traces(P2 )} (21) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 32 / 71
  34. 34. Example: Determining the Traces of Process AProcess A (Equation 15) is a sequential composition of the processes B(Equation 16) and C (Equation 17) The following enumeration is a stepby step guide on how to obtain the traces of process A (traces(A)): Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 33 / 71
  35. 35. First we need to determine the traces of B where B but omitting thesuccessful termination event! {tr | tr ∈ traces(B) ∧ ∈ σ(tr )} (22) = { , e1 , e1 , e2 } Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 34 / 71
  36. 36. Then we need to determine all traces of B where B terminates successfullybut again filtering out the successful termination event ( ) {tr1 ∈ traces(B) • tr1 }1 (23) = { e1 , e2 } 1 Remember ∀ x • S means: for all x S holds Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 35 / 71
  37. 37. Now it is necessary to determine the traces of process C , this timeincluding the successful termination event ( ). {tr2 ∈ traces(C ) • tr2 } (24) = { , e3 , e3 , e4 , e3 , e4 , } Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 36 / 71
  38. 38. In the next step we append every trace of process C to every trace whereprocess B terminated successfully: {tr1 tr2 | tr1 ∈ traces(B) ∧ tr2 ∈ traces(C )} (25) = { e1 , e2 , e1 , e2 , e3 , e1 , e2 , e3 , e4 , e1 , e2 , e3 , e4 , } Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 37 / 71
  39. 39. In the last step the traces where process B does not successfullyterminates, and the traces obtained in the previous step are combined: traces(A) ={ , e1 , e1 , e2 } ∪ { e1 , e2 , e1 , e2 , e3 , e1 , e2 , e3 , e4 , e1 , e2 , e3 , e4 , } ={ , e1 , e1 , e2 , e1 , e2 , e3 , e1 , e2 , e3 , e4 , e1 , e2 , e3 , e4 , } (26) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 38 / 71
  40. 40. Parallel CompositionUntil now we only discussed sequential processes, i.e. sequential systems.A system consisting of two or more processes is concurrent. CSP uses theparallel operator to define a parallel composition of processes.Furthermore, the parallel operator ( ) also defines how concurrentprocesses communicate with each other.The parallel operator allows to specify the alphabets each process wants toshare with the environment, or synchronise on: |[ αP1 | αP2 ]| . To evaluatewhich events are shared between both processes, the parallel operatordetermines the intersection of the two alphabets, Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 39 / 71
  41. 41. Parallel OperatorEquation 27, shows the parallel composition of the processes P1 and P2 . P3 = P1 |[ αP1 | αP2 ]| P2 (27)The alphabet of a parallel composition ( ) is the union (∪) of theprocesses involved in the composition: αP3 = αP1 ∪ αP2 (28) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 40 / 71
  42. 42. Example for Parallel CompositionEquation 29 defines process C as parallel composition of processes A(Equation 31) and B (Equation 33). Lets evaluate the traces of process C : C = A |[ αA | αB ]| B (29) αC = αA ∪ αB (30) A = a → sh1 → SKIP (31) αA = {a, sh1 } (32) B = sh1 → b → SKIP (33) αB = {sh1 , b} (34) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 41 / 71
  43. 43. Determining the Shared Events between A and BThe processes A and B synchronise on the intersection (∩) of thealphabets αA and αB: αA ∩ αB ={a, sh1 } ∩ {sh1 , b} (35) ={sh1 } Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 42 / 71
  44. 44. Traces of Process CSynchronisation here means that if process A is ready to engage in theshared event sh1 it waits until process B is ready to engage in event sh1 aswell. Therefore, the traces for process C are: traces(C ) = { , a , a, sh1 , a, sh1 , b , a, sh1 , b, } (36) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 43 / 71
  45. 45. Compound EventsEvents are considered to be atomic2 and indivisible in their occurrence.However, an event can contain various pieces of information. Thus eventscan have a structure. Examples for structured events are events thatconsist of multiple parts separated by a dot: ‘.’.Example: The process S E (Equation 37), engages in three events (e.1,e.2, and e.3) before terminating. S E = e.1 → e.2 → e.3 → SKIP (37)The alphabet of process S E is: αS E = {e.1, e.2, e.3} (38)Alternatively this alphabet could also be written as: αS E = {e.x | x ∈ {1, 2, 3}} (39) 2 An atomic operation can not be interrupted, it either happens or not. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 44 / 71
  46. 46. ChannelsAnother version of a structured event is a communication channel carryingmessages. To model values v begin transferred over a channel c eachpossible communication is described as a separate event c.v . A process Pwith a channel c that can carry the messages 1, 2, and 3 will have theevents: c.1, c.2, and c.3 in its alphabet. The event c.1 describes theappearance of the message 1 on channel c.Channels in CSP are unidirectional. Unidirectional means that a messageis transferred from a writer to a reader. A process writing a message to achannel waits until another process has read the message. Vice versa, aprocess trying to read from a channel waits until another process haswritten a message to this channel. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 45 / 71
  47. 47. Writing to a ChannelTo write a message m of type T (m : T ) to a channel c which can carry amessage of type T (c : T ) the channel output operator ‘!’ is used: c!m (40) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 46 / 71
  48. 48. Example: The process P1 writes the integer values 1, 2, and 35 over thechannel c: A = c!1 → c!2 → c!35 → STOP (41)The alphabet of process A is: αA ={c.1, c.2, c.35} (42) = {c.x | x ∈ {1, 2, 35}} Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 47 / 71
  49. 49. Reading from a ChannelTo read a message from a channel c of type T , the channel read operator‘?’ is used. The message must be stored in a variable (x) and this variablemust be of type T as well (x : T ). c?x : T (43) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 48 / 71
  50. 50. Example: Process B is the counter part to process A and reads threemessages from channel c of type N, into the variable v : N: B = c?v : N → c?v : N → c?v : N → STOP (44)The alphabet must contain all possible events, as messages of type N areread from the channel c the alphabet of process B is: αB = {c.x | x ∈ N} (45) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 49 / 71
  51. 51. Channels and TracesChannel transactions are only structured events, thus in traces they appearas a structured event.Example: Process C is the parallel composition of the processes A and B.Both processes communicate using the channel c: C = A |[ αA | αB ]| B (46)The shared events between processes A and B are: αA ∩ αB = {c.1, c.2, c.35} (47)The traces of process C are: traces(C ) = { , c.1 , c.1, c.2 , c.1, c.2, c.35 } (48) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 50 / 71
  52. 52. Outline1 Introduction Examples of Distributed Heterogeneous Systems Advantages of Distributed Heterogeneous Systems Problems to take into account2 Communicating Sequential Processes Term Definitions Sequential Processes Parallel Composition Compound Events3 Applying CSP to Real World Problems Modelling a Counter with CSP Checking the model for a deadlock Hiding Internal Events Refinement Checks4 Paradigms of OpenComRTOS5 Summary
  53. 53. Modelling a Counter with CSPLets model a simple counter counting from 1 to ∞. We can do this byconnecting the input of an incrementer with its output. To observe countvalues we need to tap into the feedback line using a process that receives amessage from one channel, copies it and sends it out over two channels,this process is called a ∆-process.Equation 49 gives the specification of the desired functionality.COUNTER SPEC (out, i) = out.(i + 1) → COUNTER SPEC (out, (i + 1)) (49) αCOUNTER SPEC (out, i) = {out.x | x ∈ N} (50) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 52 / 71
  54. 54. Modelling the Increment ProcessFirst lets model a recursive incrementing process INC (in : N, out : N).This process reads a natural number from the channel in : N, increments itby one and sends the result over the channel out : N and then recurses.Equation 51 gives the process definition, while Equation 52 gives thealphabet INC (in, out) = in?m : N → out!(m + 1) → INC (in, out) (51) αINC (in, out) = {in.x, out.x | x ∈ N} (52) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 53 / 71
  55. 55. Model of the Delta-ProcessThe process DELTA(in, out1 , out2 ) reads data from the channel in andsends it over the two channels out1 and out2 concurrently. DELTA(in, out1 , out2 ) = (53) in?m : N → SEND(m, out1 , out2 ); DELTA(in, out1 , out2 )Please note, that this process offers the message concurrently to bothchannels (out1 and out2 )! SEND(m : N, out1 , out2 ) = (54) (out1 !m → SKIP) |[ {out1 !m} | {out2 !m} ]| (out2 !m → SKIP) αDELTA(in, out1 , out2 ) = {in.x, out1 .x, out2 .x | x ∈ N} (55) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 54 / 71
  56. 56. Counter Version OneUsing the INC (in, out) and DELTA(in, out1 , out2 ) process it seems to bepossible to construct a counter.COUNTER(out) = INC (a, b) |[ αINC (a, b) | αDELTA(b, a, out) ]| DELTA(b, a (56) αCOUNTER(out) = αINC (a, b) ∪ αDELTA(b, a, out) (57)The following graphic shows the structure of the process COUNTER(out). out b INC (a, b) DELTA(b, a, out) a Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 55 / 71
  57. 57. Checking the model for a deadlockWe can employ a model checker to determine whether or not a systemdeadlocks. A commonly used model checker for CSP isFailures-Divergence Refinement (FDR) [2].Figure 1 shows the result of a deadlock check using FDR. However, FDRis not only able to determine whether or not a system deadlocks, it canalso show the trace which resulted in the deadlock state. Figure 2, showsthis information. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 56 / 71
  58. 58. Figure: Checking for Absence of Deadlocks of Process COUNTER(out)Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 57 / 71
  59. 59. Figure: Trace that lead to the Deadlock of Process COUNTER(out)Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 58 / 71
  60. 60. Overcoming the DeadlockTo overcome the deadlock it is necessary to inject a message into thesystem to start the system. For this purpose we define the processPREFIX (init : N, in, out), which send the value given in the parameter initover its output channel out, and then transits to the processRELAY (in, out). The process RELAY (in, out), fetches a message from thechannel in and sends it out over channel out.Equation 58 gives the definition of process PREFIX (init : N, in, out). PREFIX (init : N, in, out) = out!init → RELAY (in, out) (58) RELAY (in, out) = in?m : N → out!m → RELAY (in, out) (59) αPREFIX (init : N, in, out) = {out.init, in.x, out.x | x ∈ N} (60) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 59 / 71
  61. 61. Figure: Checking for Absence of Deadlocks of Process COUNTER2(out)Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 60 / 71
  62. 62. Hiding Internal EventsThe process COUNTER2(out) consists of three processes communicatingover three channels (a, b, and c). The messages passed over these threechannels are only relevant to the three processes INC (a, b),DELTA(b, c, out), and PREFIX (0, c, a). However, by default all events areexposed to the environment. This can have undesired side effects, such astwo processes synchronise unintentionally on the same events. To avoidthis it is necessary to hide the events from the environment. This is doneby using the hiding operator: together with the set of events that shouldbe hidden. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 61 / 71
  63. 63. In our counter example, all transactions on the channel a, b, and c areinternal and therefore should be hidden. Equation 61 shows processCOUNTER3(out) which hides the internal events. COUNTER3(out) = COUNTER2(out) {a.x, b.x, c.x | x ∈ N} (61)The alphabet of process COUNTER3(out) (Equation 62) only containsthe events of the outgoing channel out. αCOUNTER3(out) = {out.x | x ∈ N} (62) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 62 / 71
  64. 64. Using FDR for Refinement ChecksTo determine whether or not the process COUNTER3(out) satisfies thespecification given with process COUNTER SPEC (out) (Equation 49) wehave to perform a refinement check: COUNTER3(d) COUNTER SPEC (d) (63) Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 63 / 71
  65. 65. Figure: Does Process COUNTER3(out) fulfill the specification?Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 64 / 71
  66. 66. Outline1 Introduction Examples of Distributed Heterogeneous Systems Advantages of Distributed Heterogeneous Systems Problems to take into account2 Communicating Sequential Processes Term Definitions Sequential Processes Parallel Composition Compound Events3 Applying CSP to Real World Problems Modelling a Counter with CSP Checking the model for a deadlock Hiding Internal Events Refinement Checks4 Paradigms of OpenComRTOS5 Summary
  67. 67. Paradigms of OpenComRTOS Interacting Entities Virtual Single Processor (VSP) Programming Model. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 66 / 71
  68. 68. Interacting Entities Entities: Tasks (Active Entities) Hubs (Passive Entities): Event Semaphore Port FIFO MemoryPool Resource Interactions Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 67 / 71
  69. 69. Virtual Single Processor (VSP) Programming Model. Entities can be distributed in any form over the system, OpenComRTOS ensures that the logical behaviour is preserved. Separates Hardware from Software. Both can be changed almost independently. Interactions take place independent of placement. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 68 / 71
  70. 70. Outline1 Introduction Examples of Distributed Heterogeneous Systems Advantages of Distributed Heterogeneous Systems Problems to take into account2 Communicating Sequential Processes Term Definitions Sequential Processes Parallel Composition Compound Events3 Applying CSP to Real World Problems Modelling a Counter with CSP Checking the model for a deadlock Hiding Internal Events Refinement Checks4 Paradigms of OpenComRTOS5 Summary
  71. 71. Summary Introduction to Distributed Heterogeneous Systems. The basic theory of CSP; Applying CSP to build a distributed system; Using CSP to check whether or not a system deadlocks. Using CSP to determine whether or not a system complies to its specification. Paradigms of OpenComRTOS. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 70 / 71
  72. 72. References C.A.R. Hoare. Communicating sequential processes. Communications of the ACM, 21(8):666–677, August 1978. Formal Systems (Europe) Ltd. FDR2 User Manual, sixth edition, May 2003. Bernhard Sputh (Altreonic) Session #1.1 January 12, 2012 71 / 71

×