Distributed prototyping from validated specifications

Abstract

We present vpl2cxx, a translator that automatically generates efficient, fully distributed C++ code from high-level system models specified in the mathematically well-founded VPL design language. As the Concurrency Workbench of the New Century (CWB-NC) verification tool includes a front-end for VPL, designers may use the full range of automatic verification and simulation checks provided by this tool on their VPL system designs before invoking the translator, thereby generating distributed prototypes from validated specifications. Besides being fully distributed, the code generated by vpl2cxx is highly readable and portable to a host of execution environments and real-time operating systems (RTOSes). This is achieved by encapsulating all generated code dealing with low-level interprocess communication issues in a library for synchronous communication, which in turn is built upon the adaptive communication environment (ACE) client-server network programming interface. Finally, example applications show that the performance of the generated code is very good, especially for prototyping purposes. We discuss two such examples, including the RETHER real-time Ethernet protocol for voice and video applications.

Introduction

Ideally, developers of software for embedded and reactive systems would like to be able to produce high-level designs of their software that are abstract, understandable to domain/application experts, executable, and automatically verifiable. They would then like to be able to automatically generate efficient and certified code from their designs that can run on a wide variety of execution platforms and real-time operating systems (RTOSes). Even if the code produced was not production-quality, it would at least function as a serviceable rapid system prototype that could be used to obtain useful feedback on run-time issues.

In this paper, we report on work inspired by this ideal. In particular, we present a framework in which systems are specified in VPL, an abstract system design language based on value-passing CCS, Milner’s well-known process calculus (Milner, 1989). VPL specifications can be processed using the front-end generated by the Process Algebra Compiler (PAC) (Cleaveland et al., 1995) for the Concurrency Workbench of the New Century (CWB-NC) (Cleaveland and Sims, 1996).¹ The automatic simulation and verification facilities of the CWB-NC, which include model checking, equivalence checking and refinement checking, can then be applied to VPL designs in order to check their correctness. The tool described in the current paper may be used to generate C++ prototypes automatically from the analyzed designs. We refer to this approach to system design and implementation as model-based code generation; Fig. 1 gives an overview of this idea.

Our code generator, named vpl2cxx, uses the adaptive communication environment (ACE) network programming interface (Schmidt and Huston, 2002) so that the code it produces is portable to any operating system containing an implementation of the relevant ACE libraries. vpl2cxx also implements two efficient, fully distributed algorithms for scheduling input and output statements offered by different processes in a system: a randomized algorithm for the case where no restrictions are placed on the use of input and output commands as guards in VPL nondeterministic select statements; and a deterministic algorithm for VPL specifications in which output guards are prohibited, á la the programming languages occam (Jones, 1989) and Ada 95 (Taft and Duff, 1997). The randomized algorithm places no restrictions at the VPL level regarding the use of nondeterminism, and the resulting code is a faithful implementation of the VPL description from which it is derived.

Finally, the generated C++ code is highly readable––owing largely to the fact that all generated code dealing with low-level interprocess communication issues is encapsulated in a library for synchronous communication, which is implemented as a layer on top of the ACE NPI––and bears a strong structural resemblance to the corresponding VPL specification. Readability of the generated code facilitates code maintenance and evolution, and it is also important for promoting acceptance of this technology, since engineers can inspect the resulting C++ code manually.

To assess the feasibility of the proposed approach, we have applied vpl2cxx to several examples, including the well-known dining philosophers problem and the RETHER real-time Ethernet protocol for voice and video applications (RNI01, 2001). Our performance figures indicate that code produced by vpl2cxx delivers more-than-acceptable performance for a distributed prototype.

The focus of this paper is code generation, that is, the rapid prototyping of distributed implementations from VPL designs. A closer examination of the PAC front-end generator and the Workbench’s verification and simulation capabilities can be found in Cleaveland et al. (1995) and Cleaveland and Sims (1996), respectively.

The rest of the paper develops along the following lines. Section 2 presents the VPL specification language. Section 3 discusses the library for synchronous communication utilized by the code generator to achieve maximal platform independence, and its implementation using the ACE NPI. Section 4 describes the VPL-to-C++ translator underlying the code generator. The dining philosophers and RETHER case studies are the subject of Section 6, while Section 8 offers our concluding remarks. For more details on the code-generation work described here, the reader is referred to Hansel (2000).