A Generative Programming Framework for Adaptive Middleware

1
A Generative Programming Framework for Adaptive
Middleware
HICSS 04 AESS Mini-track January 7 2004

• Venkita Subramonian and Christopher Gill
• venkita,cdgill_at_cse.wustl.edu
• Center for Distributed Object Computing
• Department of Computer Science and Engineering
• Washington University, St. Louis

Research supported in part by the DARPA PCES
program (contract F33615-03-C-4111)
2
Developing Adaptive Middleware

• Mission-critical systems need a high degree of
  coordination among end-systems
• E.g., military command and control, distributed
  manufacturing systems, coordinated disaster
  response
• End-systems undergo Mode changes based on
  internal changes as well as interaction with
  other end-systems
• Adaptive middleware is a crucial part of these
  mission-critical systems
• Dealing with all possible combinations of
  middleware settings in all modes a priori is not
  feasible
• How do we develop correct adaptive middleware in
  this context?
• Correctness defined in two dimensions
• Functional - algorithmic correctness, type safety
• Para-functional - end-to-end timeliness,
  component deployment strategy, ORB end-system
  configuration

3
Component Middleware Helps Re-Use

• Increasingly, an effort is being made to develop
  reusable components
• Processes of developing, packaging and deployment
  made easier
• Main focus of conventional component middleware
  is on functional properties
• E.g., CORBA Component Model (CCM), J2EE, COM
• But distributed real-time embedded (DRE) systems
  need more
• E.g., real-time constraints, footprint
  limitations, fault-tolerance
• Component models must be enhanced to address
  para-functional constraints

4
Component Models with QoS

• Component Integrated ACE ORB (CIAO) project at
  WUSTL, Vanderbilt (shameless plug see HICSS 04
  DOCC mini-track paper)
• Adds capabilities to configure para-functional
  properties in CCM
• Gives a place to integrate functional and
  para-functional concerns
• However, combining functional and para-functional
  properties correctly is still tedious and error
  prone
• A fundamental problem is Interference between
  properties
• Our work on generative programming complements
  the CIAO effort
• Focuses on the logical and algebraic structure of
  interference
• Operates on low-level middleware aspect frameworks

5
Interference

• Para-functional properties can interfere with
  each other and with functional properties
• Interference between different para-functional
  properties
• E.g., number of threads in an ORB affects
  timeliness of its responses to invocations from
  another ORB
• Interference between functional and
  para-functional properties
• E.g., nested call graphs could result in
  deadlocks based on number of threads and reply
  wait strategy in the ORB endsystems
• Need to analyze and capture the structure of
  these kinds of interference in a formal way

Para-functional properties captured as aspects
A
B
Replywait strategy
Replywait strategy
ORB1
ORB2
A.foo1
B.bar1
A.foo2
Functional properties captured as an invocation
graph
6
Interference Example Illustrated (1/2)

• Wait-on-Connection
• ReplyHandler in ORB waits on socket connection
  for the reply
• Blocking call to recv()
• One less thread listening on the Reactor for new
  requests
• No interference from other requests that arrive
  when reply is pending
• However, could cause deadlocks on nested
  upcalls.

• Wait-on-Reactor
• ReplyHandler waits in reactor for the reply
• Reactor gets a chance to process other requests
  while replies are pending
• Interleaving of request reply processing, hence
  interference from other requests while reply is
  pending
• Ideal for single threaded processing

7
Interference Example Illustrated (2/2)

• Wait-on-Reactor strategy could cause interleaved
  request/reply processing
• Blocking factor could be bounded or unbounded
• Based on the upcall duration
• And number of intervening upcalls
• Blocking factors may affect real-time properties
  of other end-systems
• Call-chains can have a
  cascading blocking effect

f2
f5
f3
f6
f5 reply queued
Blocking factor for f2
f3 returns
f5 reply processed
f2 returns
8
Problem Statement
Degrees of freedom/Points of variation Component
Deployment strategy ORB Wait-on-Reply
Strategy Invocation graph Reactor thread pool size

• Given a systems functional and para-functional
  properties
• E.g., given values for the above points of
  variation
• Is the system deadlock-free with respect to the
  points of variation above and does it meet its
  deadlines?
• I.e., are the values chosen for the given points
  of variation valid?

9
Towards a Theory of Infrastructure Configuration

• Correct by composition needs design for
  composition
• Use first-order logic to formally capture
  interference between system aspects
• Configuration generators use configuration logic
  as the basis for generating appropriate
  configurations
• Weaving of multiple QoS aspects
• Use Generative programming to write configurators
• E.g., C Template Meta-programming

10
Problem Representation in terms of Call Graph

• Analysis of para-functional properties done by
  analyzing the call graph
• Each method is assigned a color corresponding to
  the host on which the servant hosting the method
  is deployed
• Deadlock exists
• If there exists gt Kc segments of color C
• Kc is number of threads in node with color C
• E.g., f3-f2-f4-f5-f2

f1
f2
f3
f4
f5
11
Temporal Nature of Call Graphs

• Possibly different call sequences in different
  modes of systems operation
• Or, functional properties may allow degrees of
  freedom to revise graph
• E.g., distributive property
• A partial order could be established statically
  based on call sequence constraints
• E.g., order in which parameters to a function are
  constructed/evaluated
• Want graphical tools capable of call graph
  manipulation

f3
f2
f5
f4
f2
f4
f5
f2
Permutable
12
WUGLE

• WUGLE Washington University Guided Logic
  Exercises
• Jacob Perkins and Dr. Robert Pless, Media and
  Machines Lab, WUSTL
• Tool to visualize and manipulate algebraic and
  logical expressions, graphs, and other abstract
  concepts
• WUGLE currently being enhanced to transform
  graphs
• Dimensions of freedom are represented as
  attributes of the graph
• Different configurations realized by assigning
  values to attributes

13
Related Work

• Extending/Exploiting type systems
• RMA schedulability analysis at compile-time
  within the C type system
• Using template meta-programming
• Compile error when utilization exceeds the RMA
  utilization bound
• Rate-Monotonic Analysis in the C Typesystem,
  Deters, Gill and Cytron, presented at RTAS 2003
  Workshop on Model-Driven Embedded Systems
• Composition Logics
• Work by John Regehr and Alastair Reid at U. Utah
• Reasoning about concurrency in component-based
  systems software
• First order logic for representing system
  knowledge
• Automated Tools
• WUGLE project at WUSTL

14
Conclusions and Future work

• Conclusion
• Apply Correctness by Composition philosophy for
  building adaptive middleware
• Formalize the composition design using logic
• Use a Generative Programming approach to
  customize families of systems and system
  properties
• Future work
• First-order logic is yet to be shown sufficient
  and tractable for managing all properties of an
  ORB or other middleware artifact
• Need to investigate other types of logic for
  sufficient representation of the infrastructure
  behavior and/or tractability
• Using transformation/visualization tools like
  WUGLE to experiment with different configurations
  statically
• Also allows partial automation of configuration
  ask a person