Visualization design and verification of Ada tasking using timing diagrams by Szulewski, P. A. et al.
ABSTRACT 
Visual izat ion,  Daeign, and V e r i f i c a t i o n  of Ada@ T a s k i n g  
U d n g  Timing Diagrams 
RIP. Vidala*, P.A. Stulewaki**,  and J . B .  Weies** 
T h i s  paper recommends the u s e  of t iming  d iagrams i n  t h e  d e s i g n  and 
t e s t i n g  of m u l t i - t a s k  Ada programs. By d i s p l a y i n g  t h e  t a s k  s t a t e s  v s .  
time, t i m i n g  d iagrams can p o r t r a y  the simultaneous t h r e a d s  of d a t a  f low 
and control which c h a r a c t e r i z e  t a s k i n g  programs. T h i s  d e s c r i p t i o n  of t h e  
s y s t e m ' s  dynamic b e h a v i o r  from c o n c e p t i o n  t o  t e s t i n g  is a n e c e s s a r y  
. adjunct  to o t h e r  g r a p h i c a l  t e c h n i q u e s ,  such  as structure c h a r t s ,  which 
e s s e n t i a l l y  g i v e  d s ta t ic  view of t h e  system. A series of s t e p s  i s  
recommended which i n c o r p o r a t e s  t iming  d iagrams i n t o  t h e  d e s i g n  p r o c e s s .  
F i n a l l y ,  a description is provided  of a p r o t o t y p e  Ada M e c u t i o n  Analyzer  
(Am) which automates t h e  p r o d u c t i o n  of t i m i n g  d iagrams from VAX/Ada 
debugger  o u t p u t .  
1 .O I n t r o d u c t i o n  
C o n c u r r e n t  programming b r i n g s  a n o t h e r  d imens ion  of c o m p l e x i t y  t o  
t h e  problem of s o f t w a r e  d e s i g n  and t e s t i n g .  Unlike s e q u e n t i a l  p r o g r a n -  
ming, where f u n c t i o n a l  decomposi t ion  allows the d e s i g n e r  to concentrate on 
one module a t  a time, c o n c u r r e n t  programming i n  Ada r e q u i r e s  t h e  coordin...,- 
t i o n  of many modules ( t a s k s )  e x e c u t i n g  i n  paral le l .  The r e q u i r e m e n t s  f o r  
task sequencing  must be e s t a b l i s h e d  e a r l y  in t h e  d e s i g n ,  and c a r r i e d  
through i n t o  t h e  t r a d i t i o n a l  domain of  d e t a i l e d  d e s i g n .  An i n c o m p l e t e  
u n d e r s t a n d i n g  of t h e  t a s k  sequencing  r e q u i r e m e n t s  or t h e i r  erroneous 
i m p l e m e n t a t i o n  is an i n v i t a t i o n  to  d i s a s t e r .  
Doston U n i v e r s i t y ,  Boston, MA 
*'The C h a r l e x  S ta rk  Draper L a b o r a t o r y ,  Inc . ,  Cambridge, 
@ Ada is a r e g i s t e r e d  t rademark of t h e  U.S. COverrImerlt, M a  Joitlt PrOtJram 
O f f  ice. 
C#IIOINAL PAGL IS 
Of POOR QUALIM 
https://ntrs.nasa.gov/search.jsp?R=19890006950 2020-03-20T03:44:00+00:00Z
Most available s o f t w a r e  development tools and t e c h n i q u e s ,  based  on 
func t iona l  decomporition, do not  adequately p o r t r a y  time dependency and 
t h u s  do n o t  help the developer visualize,  d e s i g n ,  and v e r i f y  task sequenc- 
i W *  Tasking ,  an a programming t e c h n i q u e ,  p r e e e n t a  o p p o r t u n i t i e s  to i m -  
Prove Product iv i ty ,  m a i n t a i n a b i l i t y  and p o r t a b i l i t y ,  b u t  also i n t r o d u c e s  
the possibility of programming errors unique  to t a s k i n g .  Incorrect d e s i g n  
O r  i m p l e m e n t a t i o n  o f  t a s k i n g  w i l l  produce unin tended  t a s k  sequencing  which 
a t  best d e g r a d e s  sys tem performance,  a t  worst r e s u l t s  i n  d e a d l o c k ,  
d e a d n e s s ,  or s t a r v a t i o n .  
W i t h i n  t h e  past t h r e e  y e a r s ,  a number of o b j e c t - o r i e n t e d  d e s i g n  
methods have been proposed s p e c i f i c a l l y  f o r  Ada. See Booch 1BOOC831, Buhr 
(BUHR841, and C h e r r y  [CHER85] ,  f o r  example. These methods a l l  u s e  t h e  
s t r u c t u r e - c h a r t  t y p e  of diagram to  d e s c r i b e  t h e  a r c h i t e c t u r e  of  an Ada 
program. With t h e  e x c e p t i o n  of  Buhr, whose d iagrams i n c l u d e  some tempora l  
n o t a t i o n s ,  t h e s e  r e p r e s e n t a t i o n s  are e s s e n t i a l l y  s t a t i c ,  and as such  a r e  
o f  l i m i t e d  u s e  i n  v i s u a l i z i n g  t h e  o v e r a l l  sequencing  of t a s k  i n t e r a c t i o n s  
i n t e n d e d  for a d e s i g n .  Buhr d o e s  make l i m i t e d  use  of t i m i n g  d iagrams i n  
h i s  book (BUHRBQ] to i l l u s t r a t e  the rendezvous,  b u t  d o e s  not: i n c l u d e  them 
i n  t h e  d e s i g n  p r o c e s s .  
I t  is t h e  o p i n i o n  of tho  a u t h o r s  t h a t  t iming  d iagrams are a neces-  
s a r y  a d j u n c t  to s t ructure  c h a r t s  and should  be used i n  c o n j u n c t i o n  w i t h  
them f i r s t  to d e s i g n  an Ada t a s k i n g  program, then  l a t e r  to v e r i f y  t h a t  i t  
is behaving  as e x p e c t e d .  Ta i  (TAIK861 h a s  a lso recognized  t h e  v a l u e  of 
t i m i n g  diagrams ( rendezvous  qraphs, i n  his t e rminology)  for debugging Ada 
t a s k i n g  programs but does n o t  a d v o c a t e  t h e i r  use  i n  t h e  d e s i g n  p r o c e s s .  
2.0 Timing Diaqramfl i n  Program Development 
Timing d iagrams a r e  u s e f u l  to Ada progrdm d e v e l o p e r s  a t  s e v e r a l  
phases i n  t h e  l i f e  cycle. D a m  € l o w  sequencing  m u s t  he c o n s i d e r e d  d u r i n t ~  
t h e  r e q u i r e m e n t s  a n a l y s i s ,  p r e l i m i n a r y  d e s i g n ,  d o t a i l e d  d e s i q n ,  dcbuqqincJ,  
and t a s t i n q .  W i t h  taskir iq  t h c  p r o p o r t i o n  of time devoted  to d e s i q n ,  i n  
r e l a t i o n  to implement t i t ion ,  i s  much y r e a t e r  than  f o r  s e q u e n t i a l  programs. 
wc p r o p s e  t h e  f o l l o w i n q  s t e p s  for  m u l t i - t a s k  Ada program development  f o r  
c ja ininq c o n f i d e n c e  i n  the d c a i q n  b e f o r e  and a f t e r  implemonta t ion .  
f 
! 
t .  1. Vimualize objeotr and d a t a  flows using *cloud diagrams” t o  
reprerent ob jec t s  i n  the problem domain. Single  threads of 
d a t a  flow can be shown by numbering them i n  sequence, b u t  
mult iple ,  i n t e r a c t i n g  threads a r e  d i f f i c u l t  to show. 
2. Use preliminary timing diagrams, which do not show d i r e c t i o n s  
of c a l l a ,  t o  ahow scenarios of required task i n t e r a c  t ion.  
Steps 1 and 2 a r e  problem-domain r ep resen ta t ions ,  
3. Define Ada da ta  structures and code and compile g loba l  d a t a  
t y p e s  
4. Transform the problem-domain o b j e c t s  i n t o  Ada program u n i t s  and 
portray these with s t ructure  graphs showing c a l l e r - c a l l e e  
r e l a t ionsh ips .  Refine the preliminary timing diagrams t o  show 
c a l l e r - c a l l e e  r e l a t i o n s h i p s  with t a s k  ready/blocked s t a t e  
ir‘ormation. 
5.  Code the s t r u c t u r e  graphs i n  Ada as program u n i t  trpecifica- 
t ions.  
6. Code c o n t r o l  skeletons i n  the program u n i t  bodies to  implement 
the task i n t e r a c t i o n s  v i sua l i zed  i n  the timing diagrams and 
annotated s t r u c t u r e  graphs. 
7. Execute the code skeletons and generate  a timing diagram. 
8 .  Compare timing diagrams aga ins t  des i r ed  behavior.  
9. Revi se  d e s i g n  a s  necessary. 
10. Complete Detailed Design of program u n i t  bodies.  
I I .  Generate timing diagrams t o  ve r i fy .  
3.0 Automated Timing Diagram Generation 
Automatod s u p p o r t  for  the timing diagrams described i n  the precccd- 
ing sec t ion  is not ,  t o  these authors’  knowledge, p u b l i c a l l y  a v a i l a b l e ,  b u t  
would r equ i r e  two forms: p red ic t ive  and a c t u a l .  
The preliminary timing diagrams would be predict ive of the 
ptOgr(M'B behavior. Thaae diagram8 would be drawn before any code is 
writ ten to  guide the developer i n  cons t ruc t ing  t h e  f i r s t  level  of t a s k  
interact ion.  Successive, nc tua l  timing diagrams would be derived by 
sirnulatin9 or executing program units and automatically extract ing task 
trace infomat ion ,  
To date ,  no work has been done to develop automated support for the 
predict ive diagrams, which is still e manual procesu. I t  is, however, 
feas ib le  tha t  a system, using formal specif icat ion And an asser t ion  
checker, could be developed to  support t h i s  ac t iv i ty ,  There has, howover 
been some work done by the authors of t h i s  paper i n  the development of a 
too l  f o r  generating actual  t i m i n g  diagrams of multi-taak Ada proqrams. 
4 . 0  The Ada Execution Analyzer Prototype 
The Ada Execution Analyzer (Am) Prorotyw has bcan developed at. 
The Charles Stark Draper Laboratory, Inc. (CSDL), to exp l i c i t l y  show the 
r e l i t i c n s h i p  of time, concurrent oper..tions, and task communication u s i n g  
the timing diagram format for multi-task VAX/VMS Ada programs. The AFA 
provides the capabi l i ty  t o  visual ly  monitor the runtime execution of 
m u l t i t a s k  Ada programs developed i n  the DEC VAX/VMS Ada Develnyinent 
mvironment. The AEA is r u n  as  an extension to  the VAX/VMS Symbolic 
Debugger, and t h u s  provides a l l  the capabi l i t i es  of tha t  debugger plcs a 
graphic display of task execution. 'Ihe AEA produce8 both an overview 
timing diagram whlch shows up to  20 Ada tasks,  and a d e t a i l e d  tirni:rg 
diagram which shows up to 5 selected tasks. An oxample Ovarview Timinq 
Diaqram is shown i n  Figure 1 and an example Detailed Timing Diac~ram is 
qhown i n  Figure 2. The symboloqy uaed i n  both diacjrams is defined i n  
T i i h l c s  1 and 2.  
I 
c 
OCYGJNAC PAGE tS 
OF cooc3 QUALITY 
I 
The AEA provides g r a p h i o  t iming dibgrAm8 on demand from a program 
run, s c g n i f i c a n t l y  r e d u c i n g  t h o  debugging timo for  mu1ti tar .k  programs . 
Tho a v a i l a b i l i t y  of euch a tool make practical the method o u t l i n e d  i n  
Section 2.0. 
The Am P r o t o t y p e  i o  writ ten  i n  VAX/Ada and wila r e l o a s e d  for  
icrternal use a t  CSDL in mcamber 1985. As a r a p i d - p r o t o t y p e ,  t h e  AEA was 
produced q u i c k l y  i n  order to allow u a e r b  erne f u n c t i o n a l i t y  and t h e  oppor- 
t u n i t y  to s u g g e s t  enhancements.  'Lb date, the AEA h a s  been  used to debug 
some small t a s k i n g  programs f o r  both real projects and in-house Ada t r a i n -  
Jng problems. User crcceptanco of  the tool h a s  been g e n e r a l l y  f a v o r a b l e  
and the tool w i l l  l i k a l y  be m a i n t a i n e d  as a corporate r e s o u r c e .  
5.0 F u t u r e  E x t e n s i o n s  
m t e n s i o n s  to t h e  AEA f a l l  i n t o  t h r e e  c a t e g o r i e s :  short-term, 
medium-term, and long-term. Short-term e x t e n s i o n s  ( w i t h i n  6 months) will 
f o c u s  o n  making the c u r r e n t  AEA implementa t ion  more u s e r  f r i e n d l y  and 
i n c l u d i n g  some o p t i o n s  t o  reduce  c l u t t e r  i n  the diagram8 by s e l e c t i v e l y  
b l a n k i n g  t a s k s  fraa the diagram. 
Medium-term e x t e n s i o n s  ( w i t h i n  18 months) w i l l  f o c u s  on t r a n s p o r t -  
i n g  the AVA t o  a n  embedded microprocessor development  envi ronment  i n  order 
to e x t r a c t  t iming  d iagrams f t a a  a target  p r o c e s s o r .  
Long-term e x t e n s i o n s  (beyond 18 months) might i n c l u d e  a u t o m a t i c  
t a s k  sequence  c h e c k i n g  and a u t o m a t i c  g e n e r a t i o n  of program u n i t  body con- 
t ro l  s k e l e t o n s .  These e x t e n s i o n s  r e q u i r e  t h e  u s e  of a formal s p e c i f i c a -  
t i o n  t e c h n i q u e  l i k e  t h e  Task Sequencing Language (TSL) [HmM851 d u r i n g  
development .  
6.0 C o n c l u s i o n s  
Ada t a s k i n g  adds a new dimens ion  of c o m p l e x i t y  which is hard  t o  
v i s u a l i z e  u s i n g  e s t ah l i shed  g r a p h i c a l  d e s i g n  methods. With t h i s  added 
c o m p l e x i t y ,  it is e s s e n t i a l  to work o u t  t h e  r e q u i r e d  task  s e q u e n c i n g  e a r l y  
i n  t h e  d e s i g n  and have a means for v e r i f y i n g  t a s k  s e q u e n c i n g  b e h a v i o r  
d u r  inlj  tes t i n q .  
D.3.2 .5  
Timing d i a g r a m s  are a natural ,  e a s i l y  u n d e r s t o o d  means of v i s u a l i z -  
ing task sequencing i n  t h e  conceptual and t e d t i n g  p h a s e s  of c o n c u r r e n t  
program development .  Timing diagrams can e v o l v e  w i t h  t h e  d a t a - f  low 
picture of a system. They c a n  show time e x p l i c i t l y  and c a n  i l l u s t r a t e  
multiple threads of c o n t r o l  i n c l u d i n g  t h e  e f f e c t e  o f  time s l i c i n g .  I n  
t h i s  manner t h e y  can be used to i d e n t i f y  s e r i o u s  t a s k i n g  errors l i k e  
d e a d l o c k ,  race c o n d i t i o n s ,  and s t a r v a t i o n .  
A p r o t o t y p e  Ada Execution Analyzer  , which produces  t i m i n g  d iagrams 
from VAX/Ada debugger  o u t p u t ,  h a s  d e m o n s t r a t e d  t h e  v a l u e  o f  t i m i n g  d i a -  
grams i n  u n d e r s t a n d i n g  t h e  b e h a v i o r  of  a n  Ada program w i t h  m u l t i - t a s k i n g .  
The a u t h o r s  b e l i e v e  t h a t  t h e  expanded role for t i m i n g  diagrams s u g g e s t e d  
i n  t h i s  paper w i l l  r e s u l t  i n  fewer d e s i g n  errors i n  m u l t i - t a s k i n g  







Booch, G.,  5 
Benj amin/Cumm: 
ftware Engineer ing  w i  h 
igs  P u b l i s h i n g  Company, 19E - ia ,  - Menlo Park ,  CA, 
Buhr, R. J . A . ,  System Design w i t h  Ada, P r e n t i c e - H a l l ,  
n g l e w o o d  C l i f f s ,  N J ,  1984. 
C h e r r y ,  G., and B. Crawford, “The PAMELA Methodology,” Thought  
Tools, InC., Res ton ,  VA, November 1985. 
T a i ,  K.C., “ A  Graphical N o t a t i o n  for  D e s c r i b i n g  m e c u t i o n s  of 
C o n c u r r e n t  Ada Programs,” ACM Ada Letters, V o l .  V I ,  N o .  1 ,  
J a n . ,  Peb. 1986. 
Helmbold, D., and D. Luckham, “TSL: Task Sequencing Language,“  















































1 1  12 13 I4 IS 16 T7 11 10 110 I11 112 113 114  l t 8  1 f 6  1 1 7  7 0  119 120 





















Y A I N . C U S T O M E R ( ~ )  
UAZN.CUSTOUER(~O) 
MAZN.CUSTOMLR(11) 
M A  ZN. CUSTOMER( 12 1 
R Z  
I 
i * .  
<c . . .  . .  
. .  
. .  
. .  
. .  
. .  
. .  
. .  
. < I  
I 
-- 
Figure 1. A E A  Overview Diagram 
D . 3 . 2 . 7  
w + , T p , . . . - r  . .  , .., . 
TASK 1 (7  ) 
BANK, 
TELLER( 1)  
TASK 7 ( 7  TASK 8 (7 ) 
BANK. BANK, 
TLLLER(6)  D ISPATCHER 
I (CALL 
(ACCEPT 
TASK 9 ( 7  ) TASK 20 ( 7  ) 
M A I N .  M A I N .  
CUSTOMER( t )  CUSTDMER( 1 2 )  
ACCEPT TASK 8 
A S S I G N  
I 














RNDZV TASK 2 




ACCEPT TASK 3 




RNDZV TASK 2 
ASK 
I 
Figure 2. A E A  Detailed Timing Diagram 
D . 3 . 2 . 8  
Y 




SYMBOLS SYMBOLS MEANING 




Logicdl name of program 
u n i t  t h a t  d e c l a r e s  TASK. 
NA ME - 
POINTS O F  RENDEZVOUS: 
ZNDZV TASK I R# Task has  rendezvoused w i t h  
task # 
Task $.ENTRY NAME - CNTRY-NAME 
LCCEPT TASK # A# Task has a c c e p t e d  c a l l  from 
t a s k  r) 
A c c e p t  ENTRY NAME W I R Y  - NAME .- 
TASK STATES: c 
c 
c 
Task i s  running  
Task is ready  to  run 
0 Task is suspended  
I I 
TERM <T Task has  t e r m i n a t e d  
.,,._ . ._ . 




SYMBOLS SYMBOLS TASK SUBSTATE MERNIUG 
CCompleted[ab 
:Comple t e d  1 ex 
:Completed 
 de l a y  
:Dependents 








Task h a s  been aborted. 
Task is wai t ing  a t  an a c c e p t  
statement t h a t  is no t  i n s i d e  
a select statement. 
Task is completed due to an 
a b o r t  s ta tement ,  b u t  is n o t  
y e t  terminated.  I n  Ma,  a 
t a s k  awa i t ing  dependent  
t a s k s  a t  i t s  "end" is c a l l e d  
"completed" . A f  ter the  
dependent  t a s k s  are termin- 
a t e d  the  s t a t e  changes to 
t e rmina ted  . 
Task is completed due to an 
unhandled except ion ,  b u t  i s  
n o t  y e t  terminated.  In  Ada, 
a t a sk  awai t ing  dependent 
t a s k s  a t  i ts  "end" is c a l l q d  
"completed". Af te r  t he  de- 
pendent  t a s k s  are termin- 
ated, the  s t a t e  changes to  
te rmina ted  . 
Task is corcpleted. NL sbort 
s t a t emen t  w a s  i s sued ,  and no 
unhandled except ion  occured. 
Task is wa i t ing  a t  a de lay  
s t a  tement. 
Task is wa i t ing  f o r  depen- 
d e n t  t a s k s  t o  te rmina te .  
D. 3.2.10 
Table 2. AEA Overview rnd Detailed Diagram Substates (Part 2 of 2) 
TI M I  NG OVERVIEW 
DIAGRAM DIAGRAM 




( Inva l id  S t a t e  
<I/O or AST 
(Se lec t  or  d e l  
<Se lec t  o r  Ter 
<SELECT 
<Shared resour 
<Terminated [ a  
<Te rmf nated [ e  
< Termi nated 














Entry ca l l  
Inva l id  s t a t e  
I / O  O r  AST 
S e l e c t  or  de l ay  
S e l e c t  or term, 
Se lec t  
Shared resource 
Terminated [abnl 
Terminated [exc ] 
Te rm i na t ed 
Timed entry c a l l  
Task is wait ing f o r  
dependent tasks  to allow an 
unhandled exception t o  
p ropdga te . 
Task is wait ing f o r  i t s  
en t ry  c a l l  t o  be accepted. 
There is a bug i n  the VAX 
Ada run- time l i b r a r y .  
Task is waiting f o r  1/0 
completion or  some AST. 
(Asynchronous sys tem t rue  1 .  
Task is wait ing a t  a s e l e c t  
staternent with a delzy 
a1  t e  rna ti ve . 
Task is waiting a t  a s e l e c t  
statement with a terminate 
a1 t e r n a t i v e ,  
Task is waiting a t  a s e l e c t  
s ta tement  with n e i t h e r  an 
e l s e ,  delay,  or  terminate 
a l t e r n a t i v e .  
Task is waiting f o r  an i n -  
t e r n a l  shared resource. 
Task was terminated by an 
abort .  
Task was terminated because 
of an uhandled exception. 
Task t ermina tcd norma 11 y . 
Task is waiting i n  a timed 
en t ry  c a l l .  
D. 3.2.11 
m N A C  PAGE Is 
