Architectural notes: a framework for distributed systems development

This thesis develops a framework of methods and techniques for distributed systems development. This framework consists of two related domains in which design concepts for distributed systems are defined: the entity domain and the behaviour domain. In the entity domain we consider structures of functional entities and their interconnection, while in the behaviour domain we consider behaviour definition and structuring. An interaction in which we abstract from the particular responsibilities of the participating functional entities is considered as an action. Behaviours consist of actions, interactions and their relationships. Relationships between actions and interactions are defined in terms of causality relations. In each causality relation the conditions and constraints for an action or interaction to occur are defined. Two important behaviour structuring techniques have been identified from the possible ways causality relations can be distributed: causality-oriented behaviour composition and constraint-oriented behaviour composition. Causality-oriented behaviour composition consists of placing some conditions of an action and the action itself in different sub-behaviours. Constraint-oriented behaviour composition consists of placing parts of the conditions and constraints of an action in different sub-behaviours, such that this action is shared by these sub-behaviours. This thesis identifies milestones in the design process of distributed systems, as well as the design steps to move from one milestone to another. These design steps are characterized using the concepts of the entity and the behaviour domain. We identified two crucial design operations of the behaviour domain that support these design steps: behaviour refinement and action refinement. Behaviour refinement consists of introducing (internal) structure in the causality relations of reference actions of an abstract behaviour, but preserving their causality and exclusion relationships and their attribute values. Action refinement consists of replacing abstract actions by activities, such that the completion of these activities correspond to the occurrence of the abstract actions. One important characteristic of action refinement is the possibility of distributing attribute values of the abstract actions over actions of the activities that replace them in the concrete behaviours. The area of research, scope and objectives of this thesis are discussed in Chapter 1. The concept of design culture and its elements is introduced in this chapter in order to provide an overview of the important aspects of the design process. Entity domain, behaviour domain, and design milestones are introduced and discussed in Chapter 2. This chapter also discusses the global objectives of design steps, and the abstraction obtained by considering interactions between cooperating functional entities as actions of the interaction system between these entities. Action, action attributes, causality and exclusion are discussed in Chapter 3. This chapter shows how a behaviour can be defined in terms of the causality relations of its actions in a monolithic form. Causality-oriented behaviour composition is discussed in Chapter 4. Entries and exits of a behaviour are the mechanisms that make it possible to assign parts of a condition of an action and the action itself to different sub-behaviours. Constraint-oriented behaviour composition is discussed in Chapter 5. Decomposition possibilities of monolithic behaviours are systematically studied in this chapter. Behaviour refinement is discussed in Chapter 6. This chapter defines a method to obtain an abstraction of a concrete behaviour. This method can be used to check whether the concrete behaviour corresponds to a certain abstract behaviour. Action refinement is discussed in Chapter 7. This chapter identifies some activity forms, and define the rules for considering these activities as implementations of an abstract action. These rules are used in a method to derive an abstraction of a concrete behaviour in which the abstract actions are implemented as activities. This method can be used to check whether the concrete behaviour corresponds to a certain abstract behaviour. Chapter 8 discusses a design example that is meant to illustrate the use of our design concepts. The example is an interaction server, which is a component that supports the interaction between multiple functional entities. Chapter 9 draws some conclusions and revisits the design milestones of Chapter 2, showing alternatives for the design trajectory which have been created with the use of actions and interactions in a single framework

Génération automatique d'implémentation distribuée à partir de modèles formels de processus concurrents asynchrones

LNT is a recent formal specification language, based on process algebras, where several concurrent asynchronous processes can interact by multiway rendezvous (i.e., involving two or more processes), with data exchange. The CADP (Construction and Analysis of Distributed Processes) toolbox offers several techniques related to state space exploration, like model checking, to formally verify an LNT specification. This thesis introduces a distributed implementation generation method, starting from an LNT formal model of a parallel composition of processes. Taking advantage of CADP, we developed the new DLC (Distributed LNT Compiler) tool, which is able to generate, from an LNT specification, a distributed implementation in C that can be deployed on several distinct machines linked by a network. In order to handle multiway rendezvous with data exchange between distant processes in a correct and efficient manner, we designed a synchronization protocol that gathers different approaches suggested in the past. We set up a verification method for this kind of protocol, which, using LNT and CADP, can detect livelocks or deadlocks due to the protocol, and also check that the protocol leads to valid interactions with respect to a given specification. This method allowed us to identify possible deadlocks in a protocol from the literature, and to verify the good behavior of our own protocol. We also designed a mechanism that enables the final user, by embedding user-defined C procedures into the implementation, to set up interactions between the generated implementation and other systems in the environment. Finally, we used the new consensus algorithm Raft as a case study, in particular to measure the performances of an implementation generated by DLC.LNT est un langage formel de spécification récent, basé sur les algèbres de processus, où plusieurs processus concurrents et asynchrones peuvent interagir par rendez-vous multiple, c'est-à-dire à deux ou plus, avec échange de données. La boite à outils CADP (Construction and Analysis of Distributed Processes) offre plusieurs techniques relatives à l'exploration d'espace d'états, comme le model checking, pour vérifier formellement une spécification LNT. Cette thèse présente une méthode de génération d'implémentation distribuée à partir d'un modèle formel LNT décrivant une composition parallèle de processus. En s'appuyant sur CADP, nous avons mis au point le nouvel outil DLC (Distributed LNT Compiler), capable de générer, à partir d'une spécification LNT, une implémentation distribuée en C qui peut ensuite être déployée sur plusieurs machines distinctes reliées par un réseau. Pour implémenter de manière correcte et efficace les rendez-vous multiples avec échange de données entre processus distants, nous avons élaboré un protocole de synchronisation qui regroupe différentes approches proposées par le passé. Nous avons mis au point une méthode de vérification de ce type de protocole qui, en utilisant LNT et CADP, permet de détecter des boucles infinies ou des interblocages dus au protocole, et de vérifier que le protocole réalise des rendez-vous cohérents par rapport à une spécification donnée. Cette méthode nous a permis d'identifier de possibles interblocages dans un protocole de la littérature, et de vérifier le bon comportement de notre propre protocole. Nous avons aussi développé un mécanisme qui permet, en embarquant au sein d'une implémentation des procédures C librement définies par l'utilisateur, de mettre en place des interactions entre une implémentation générée et d'autres systèmes de son environnement. Enfin, nous avons appliqué DLC au nouvel algorithme de consensus Raft, qui nous sert de cas d'étude, notamment pour mesurer les performances d'une implémentation générée par DLC

Génération automatique d'implémentation distribuée à partir de modèles formels de processus concurrents asynchrones

LNT is a recent formal specification language, based on process algebras, where several concurrent asynchronous processes can interact by multiway rendezvous (i.e., involving two or more processes), with data exchange. The CADP (Construction and Analysis of Distributed Processes) toolbox offers several techniques related to state space exploration, like model checking, to formally verify an LNT specification. This thesis introduces a distributed implementation generation method, starting from an LNT formal model of a parallel composition of processes. Taking advantage of CADP, we developed the new DLC (Distributed LNT Compiler) tool, which is able to generate, from an LNT specification, a distributed implementation in C that can be deployed on several distinct machines linked by a network. In order to handle multiway rendezvous with data exchange between distant processes in a correct and efficient manner, we designed a synchronization protocol that gathers different approaches suggested in the past. We set up a verification method for this kind of protocol, which, using LNT and CADP, can detect livelocks or deadlocks due to the protocol, and also check that the protocol leads to valid interactions with respect to a given specification. This method allowed us to identify possible deadlocks in a protocol from the literature, and to verify the good behavior of our own protocol. We also designed a mechanism that enables the final user, by embedding user-defined C procedures into the implementation, to set up interactions between the generated implementation and other systems in the environment. Finally, we used the new consensus algorithm Raft as a case study, in particular to measure the performances of an implementation generated by DLC.LNT est un langage formel de spécification récent, basé sur les algèbres de processus, où plusieurs processus concurrents et asynchrones peuvent interagir par rendez-vous multiple, c'est-à-dire à deux ou plus, avec échange de données. La boite à outils CADP (Construction and Analysis of Distributed Processes) offre plusieurs techniques relatives à l'exploration d'espace d'états, comme le model checking, pour vérifier formellement une spécification LNT. Cette thèse présente une méthode de génération d'implémentation distribuée à partir d'un modèle formel LNT décrivant une composition parallèle de processus. En s'appuyant sur CADP, nous avons mis au point le nouvel outil DLC (Distributed LNT Compiler), capable de générer, à partir d'une spécification LNT, une implémentation distribuée en C qui peut ensuite être déployée sur plusieurs machines distinctes reliées par un réseau. Pour implémenter de manière correcte et efficace les rendez-vous multiples avec échange de données entre processus distants, nous avons élaboré un protocole de synchronisation qui regroupe différentes approches proposées par le passé. Nous avons mis au point une méthode de vérification de ce type de protocole qui, en utilisant LNT et CADP, permet de détecter des boucles infinies ou des interblocages dus au protocole, et de vérifier que le protocole réalise des rendez-vous cohérents par rapport à une spécification donnée. Cette méthode nous a permis d'identifier de possibles interblocages dans un protocole de la littérature, et de vérifier le bon comportement de notre propre protocole. Nous avons aussi développé un mécanisme qui permet, en embarquant au sein d'une implémentation des procédures C librement définies par l'utilisateur, de mettre en place des interactions entre une implémentation générée et d'autres systèmes de son environnement. Enfin, nous avons appliqué DLC au nouvel algorithme de consensus Raft, qui nous sert de cas d'étude, notamment pour mesurer les performances d'une implémentation générée par DLC