This research is funded in part by grant CCR-0113181 from the U. S. National Science Foundation.
Profiles: A Compositional Mechanism for Performance Specification
Joan Krone, Denison UniversityWilliam F. Ogden, Ohio State UniversityMurali Sitaraman, Clemson University
E-mail: [email protected]://www.cs.clemson.edu/~resolve
RESOLVE Research Objectives
Predictable Behavior
• Need to be able to specify precisely the behavior we want
• Need to be able to reason that a component is correct, i.e., it does what it is supposed to do
Predictable Performance and Efficiency
• Predictable performance• Need to be able to specify the performance we
want (time & space constraints)• Need to be able to reason that a component
performs as specified
• Efficiency• Components should be efficient• Alternative components should allow efficiency
tradeoffs
Scalability
• How can specifications scale?• Abstraction in specification
• How can reasoning scale?• Modularity in reasoning, i.e., ability to reason
about one component at a time, using only specifications of reused components
Modular Reasoning
uses
implements
implements
uses
implements
uses
RESOLVE Research Effort
• To achieve predictability in behavior and performance, RESOLVE research has entailed:• Language design & development• Software design & development• System design & development
• Multi-institution effort (Clemson, Denison, Ohio State, Virginia Tech., others)
This Talk
Profiles for Compositional Specification of Performance
Specification Outline
Concept Stack_Template (type Entry; eval Max_Depth: Integer);
Type_Family Stack …
Operation Push …Operation Pop …Operation Depth_of …Operation Clear …...
end Stack_Template;
Mathematical Modeling
Concept Stack_Template (type Entry; eval Max_Depth: Integer);
uses String_Theory;requires Max_Depth > 0;
Type_Family Stack Str(Entry);exemplar S;constraints S Max_Depth;initialization ensures S = ;
Operation Push …Operation Pop …...
end Stack_Template;
Specification of Operations
Operation Push (alters E: Entry; updates S: Stack);
requires S Max_Depth;ensures S = #E #S;
Operation Pop (replaces R: Entry; updates S: Stack);
requires S 0;ensures #S = R ° S;
Operation Clear (clears S: Stack);...
Exmple Use
...Facility Tree_Stk_Fac is Stack_Template(Tree_Info, 300) realized_by Clean_Array_Realiz;...Var T1, T2: Tree_Info;Var S1, S2: Stack;...Pop(T1, S1);Push(T1, S1);Push(T2, S1);...
Performance Profile Outline
Profile SSC short_for Space_Conscious for Stack_Template;
Type_Family Stack;Displacement …
Initialization;duration …manip_disp …
Operation Push …duration …manip_disp …
...end SSC;
The Object Displacement Clause
• Assume the following representation:
Type Stack = RecordContents: Array (1..Max_Depth) of Entry;Top: Integer;
end;
• Space-conscious implementation(s) maintain this convention:
all unused array locations (i.e., from index Top +1 to Max_Depth) always contain initial entries
The Object Displacement Clause
Profile SSC short_for Space_Conscious for Stack_Template;
Defines SSCD: ℕ;...Type_Family Stack;
Defn Cnts_Disp( : Str(Entry) ): ℕ =( );
Displacement SSCD + Cnts_Disp( S ) + (Max_Depth |S|)·Entry.I_Disp;
...end SSC;
EntryE:
)E(.Entryα)E,Occurs_Ct( Disp
Initialization Performance Specification
Profile SSC short_for Space_Conscious for Stack_Template;
...Defines SSCI, SSCI1 : ℝ0; Defines SSCMI: ℕ;Type_Family Stack;Displacement ...Initialization;
duration SSCI + (SSCI1 + Entry.I_Dur)Max_Depth;
manip_disp SSCMI + (Max_Depth – 1)Entry.I_Disp +
Entry.IM_Disp;end SSC;
Performance Specification of Pop
Profile SSC short_for Space_Conscious for Stack_Template;
Defines SSCPo: ℝ0; Type_Family Stack;
... Oper Pop( replaces R: Entry; updates S: Stack );duration SSCPo + Entry.I_Dur + Entry.F_Dur(#R);manip_disp SSCMPo +
Max(Entry.IM_Disp, Entry.FM_Disp(#R)); ...end SSC;
Code for Pop
Realization Clean_Array_Realiz for Stack_Templatewith_profile SSC;
Definition SSCPo: ℝ0 = DurCall(2) + 2·Array.Dur:=:
+ 6·Record.Dur. + Int:= + Int-;
Type Stack = Record …
Procedure Pop( replaces R: Entry; updates S: Stack );
Var Fresh_Val: Entry;
R :: S.Contents(S.Top);S.Contents(S.Top) :: Fresh_Val;S.Top : S.Top 1;
end Pop; ...end Clean_Array_Realiz;
Performance Specification of Operations
Profile SSC short_for Space_Conscious for Stack_Template;
Defines ... Type_Family Stack; ... Oper Pop( replaces R: Entry; updates S: Stack );duration SSCPo + Entry.I_Dur + Entry.F_Dur(#R);manip_disp SSCMPo +
Max(Entry.IM_Disp, Entry.FM_Disp(#R));
Oper Push( clears E: Entry; updates S: Stack );duration …manip_disp …
...end SSC;
Performance Profile for Faster Implementations
Profile SFC short_for Fast_Clear for Stack_Template;
Type_Family Stack;Displacement …
Initialization;duration …manip_disp …
Operation Push …duration …manip_disp …
...end SFC;
Efficient Implementations of Clear and Pop
Realization Faster_Array_Realiz for Stack_Templatewith_profile SFC;
Type Stack = Record ... Procedure Pop( replaces R: Entry; updates S:
Stack );R :: S.Contents(S.Top);S.Top : S.Top 1;
end Pop;
Procedure Clear( updates S: Stack );S.Top : 0;
end Clear;...
end Faster_Array_Realiz;
Need for Supplementary Models in Profiles
•Consider this code:Var S1, S2: Stack;…Push(…, S2);Push (…, S2);Clear(S2);
•At the end of the above code, S1 = S2 = , but occupied space may not be the same
•How would we express the storage usage for a Stack object based on its abstract value?
The Object Displacement Clause
Profile SFC short_for Fast_Clear for Stack_Template;
Type_Family Stack;Supplement SFC with Resid: Str(Entry);constraint |S.ipso| + |S.Resid| = Max_Depth;
Defn Cnts_Disp( : Str(Entry) ): ℕ = …
Displacement SFCD + Cnts_Disp( S.Resid◦S.ipso );
...end SFC;
Profile of Operations
Profile SFC short_for Fast_Clear for Stack_Template;
Type_Family Stack;Supplement SFC with Resid: Str(Entry);
... Oper Pop( replaces R: Entry; updates S: Stack );
ensures S.Resid = #R◦#S.Resid;duration … ; manip_disp …;
Oper Push( alters E: Entry; updates S: Stack );ensures #S.Resid = E◦S.Resid;...
Oper Clear( clears S: Stack );ensures S.Resid = #S.Resid◦#S.ipso;...
end SFC;
Profile Composition Exercise
Operation Flip( updates S: Stack );ensures S = #SRev;
Procedure Flip( updates S: Stack ); Var Next_Entry: Entry; Var S_Flipped: Stack;
While ( Depth_of( S ) 0 ) doPop( Next_Entry, S );Push( Next_Entry, S_Flipped );
end; S :: S_Flipped;end;
Performance Profile of Flip Using SSC for Stack_Template
Operation Flip( updates S: Stack );
duration (SFFF1+ Entry.I_Dur + Entry.Fin_IV_Dur +
Stack.I_Dur + Stack.Fin_IV_Dur +(SFFF2+ Entry.I_Dur + Entry.Fin_IV_Dur)·|#S|;
manip_disp (SFFFMC1 + Entry.I_Disp + Stack.I_Disp +
Max (SFFFMC2, Entry.IM_Disp,Entry.FM_Disp));
How do you prove?
•Topic for another talk
•Modular Verification of Performance Constraints, Technical Report RSRG-03-04, Department of Computer Science, Clemson University, Clemson, SC 29634-0974, May 2003, 25 pages.
•Available at: www.clemson.edu/~resolve