The Stanford Rapide Project |
Rapide publications available on-line are arranged below by the following categories:
For a more complete listing of publications on Rapide, see the Rapide Bibliography.A brief overview of the Rapide project is given in Rapide overview. A high-level tutorial is provided in Rapide tutorial. A more detailed introduction of Rapide is available in the Guide to the Rapide 1.0 Language Reference Manuals. Our definition of architecture is defined more fully in the paper Three Concepts of System Architecture.
Abstract: This paper is a simple introduction to the Rapide concepts of system architecture, causal event simulation, and some of the tools for viewing and analysis of causal event simulations. Illustration of the language and tools is given by a Rapide model of the well-known example, the Dining Philosophers.
Abstract: This dissertation presents formal models of distributed transaction processing (DTP) that are executable and testable. These models apply a new technology, Rapide, an object-oriented executable architecture description language designed for specifying and prototyping distributed, time-sensitive systems. Rapide's execution model is based upon partially ordered sets of events (posets) and can represent true concurrency. This dissertation shows how the Rapide technology can be applied to specify, prototype, and test DTP models.
In particular, this dissertation specifies a reference architecture for the X/Open DTP industry standard. The standard describes several components and their interfaces, a few instances of a software architecture, as well as several protocols -- including the two--phase commit protocol. The reference architecture, written in Rapide, defines architectures and behaviors of systems that comply with the X/Open standard. It contains machine processable definitions of the component interfaces, their behaviors, and how the components may be connected together into architectures. It also includes formal, checkable constraints on the individual component behaviors and on the communication protocols between the components.
An extension to the X/Open standard is also presented. We add to the standard's constraints and behaviors associated with the two--phase commit protocol for the property atomicity, the constraints and behaviors for the property isolation via the two--phase locking protocol. These DTP properties, protocols, and system architecture are interpreted in views that leaves a family of models (or framework) for testing DTP standards. Each view is a reference architecture that is formally defined and may be simulated, animated, and related to other views.
This dissertation also applies a technique developed previously by Gennart and Luckham for testing applications for conformance with reference architectures. This technique is based upon pattern mappings. Pattern mappings specify relationships between architectures, and they permit an application's execution to be automatically runtime tested for conformance with the constraints of a reference architecture. As an example of this technique, an executable application system is described, and it's executions are shown to violate the published X/Open DTP standard.
We expect the technology described in this dissertation to demonstrate to X/Open (and other standards organizations) that formal and poset--based specification of standards can contribute significantly to automated conformance testing. Checking conformance of products is of practical importance to companies like X/Open who promote ``open'' standards. Currently, X/Open uses test suites that are very costly in time and effort to produce and maintain. Improvements in the testing process based upon Rapide should reduce this cost and aid early detection of defects, assure quality, and minimising time--to--market. Furthermore, we are in process (collaboratively) with SRI International to extend the present X/Open DTP reference architecture with security properties and to demonstrate conformance testing of an actual system developed by SRI. Thus, the Rapide technology is poised revolutionize the development and the automated conformance checking of industry standards.
Abstract: An architecture is a specification of the components of a system and the communication between them. Systems are constrained to conform to an architecture. An architecture should guarantee certain behavioral properties of a conforming system, i.e., one whose components are configured according to the architecture. An architecture should also be useful in various ways during the process of building a system.
This paper presents three alternative concepts of architecture: object connection architecture, interface connection architecture, and plug and socket architecture. We describe different concepts of interface and connection that are needed for each of the three kinds of architecture, and different conformance requirements of each kind. Simple examples are used to compare the usefulness of each kind of architecture in guaranteeing properties of conforming systems, and in correctly modifying a conforming system.
Abstract: This paper discusses general requirements for architecture definition languages, and describes the syntax and semantics of the subset of the Rapide language that is designed to satisfy these requirements. Rapide is a concurrent event-based simulation language for defining and simulating the behavior of system architectures. Rapide is intended for modelling the architectures of concurrent and distributed systems, both hardware and software. In order to represent the behavior of distributed systems in as much detail as possible, Rapide is designed to make the greatest posible use of event-based modelling by producing causal event simulations. When a Rapide model is executed it produces a simulation that shows not only the events that make up the model's behavior, and their timestamps, but also which events caused other events, and which events happened independently.
The architecture definition features of Rapide are described here: event patterns, interfaces, architectures and event pattern mappings. The use of these features to build causal event models of both static and dynamic architectures is illustrated by a series of simple examples from both software and hardware. Also we give a detailed example of the use of event pattern mappings to define the relationship between two architectures at different levels of abstraction. Finally, we discuss briefly how Rapide is related to other event-based languages.
Rapide is an event-based concurrent, object-oriented language specifically designed for prototyping system architectures. Two principle design goals are (1) to provide constructs for defining executable prototypes of architectures, and (2) to adopt an execution model in which the concurrency, synchronization, dataflow, and timing properties of a prototype are explicitly represented. This paper describes the partially ordered event set (poset) execution model and outlines some of the event-based features for defining communication architectures and relationships between architectures. Some features, such as the object-oriented type system for defining component interfaces, and declarative constraints on posets, are discussed only briefly here due to space limits. Various features of Rapide are illustrated by excerpts from a prototype of the X/Open distributed transaction processing reference architecture.
keywords: Rapide, partial orders, prototyping, concurrency, real-time, architecture, formal constraints, event patterns, programming languages.
Abstract: Rapide is a programming language framework designed for the development of large, concurrent, real-time systems by prototyping. The framework consists of a type language and default executable, specification and architecture languages, along with associated programming tools. We describe the main features of the type language, its intended use in a prototyping environment, and rationale for selected design decisions.
Abstract: Rapide is a concurrent, object-oriented language specifically designed for prototyping large concurrent systems. One of the principle design goals has been to adopt a computation model in which the synchronization, concurrency, dataflow, and timing aspects of a prototype are explicitly represented and easily accessible both to the prototype itself and to the prototyper. This paper describes the partially ordered event set (poset) computation model, and the features of Rapide for using posets in reactive prototypes and for automatically checking posets. An example prototyping scenario illustrates uses of the poset computation model, with and without timing.
Keywords: Rapide, partial orders, prototyping, concurrency, real-time, architecture, programming languages.
Abstract: A new technique for testing applications for conformance with reference architectures is presented. We demonstrate this technique using a reference architecture derived from the X/Open standard for distributed transaction processing documents. These documents informally describe the interfaces, communication protocols, and properties of its software components. However, the reference architecture presented in this paper is an improvement over the documents, because it is both a formal definition of the standard and a Rapide prototype that may be executed and tested.
Another executable Rapide prototype, which models a health care information processing system, is then related to the reference architecture by pattern mappings. Pattern mappings formally specify the architectural relationships between an application and a reference architecture, and they permit an application's executions to be automatically tested for conformance with the protocols and global design constraints of the reference architecture.
keywords: transaction processing, software architecture, specification and validation.
Abstract: Definitions are given of basic concepts for describing architectures of systems whose behavior (or executions) can be modelled as a set of events which bear certain causal and timing relationships to one another. These relations between events are partial orderings, and the model of system behavior is called the poset (partially ordered event set) model. We define three fundamental concepts: (i) system component, (ii) architecture, and (iii) refinement mapping between architectures. The concept definitions use elementary mathematics of sets and functions, and are independent of any computer language for architectures. To illustrate the concepts, an executable architecture definition language is described and used to give examples of system components, architectures, and related architectures. A key feature of the language is event pattern which provides the expressive power needed to specify many different kinds of distributed and realtime systems, including systems with asynchronous communication and systems whose architectures may vary during execution.
keywords: architecture, distributed systems, event-based modelling, partial order models, prototyping, formal specification, comparative simulation.
Abstract: The architecture of a system expresses the structural aspects of the system: the modules, the control structure, communication patterns, sharing of data and composition of modules. The architecture of a complex software system is a significant issue in the proper design, analysis and possibility of reuse of the software sytstem.
This paper describes how the architecture of an Ada program may be automatically extracted at run time and tested for conformance against a reference architecture in a language called Rapide. The extraction of Ada program architecture facilitates design, analysis and reuse of Ada programs since architecture based design, analysis and reuse techniques can now be applied to the program.
The paper first gives rules for testing conformance of Ada programs to Rapide architectures. The paper then defines a language called Rapide-Ada that instruments Ada programs to produce events at run time. The events are tested for conformance against a Rapide reference architecture by application of the rules for testing conformance.
keywords: Software architecture, Ada 95, program instrumentation, run time monitoring.
Position statement: In modeling a system of objects, four aspects of the system are of concern: (1) the interfaces of the objects, (2) the behavior of individual objects, (3) the communication between objects, and (4) constraints on inter-object, or aggregate, behavior. Each of these should be explicit and distinct. For example, one can understand a good deal about an accounting department by specifying its interface while ignorings its internal workings; or, a procurement department's behavior can be given without worrying about where its customers reside.
There are a number of reasons for separating these concerns. One is that, within many organizations, different people with different backgrounds address each concern. Separating the concerns allows domain experts to stick to their own domain.
Another reason for separating them is simply to emphasize their importance to the overall model. When the last two concerns, inter-object communication and behavior, are not isolated, they often become unplanned ramifications of aggregates of individual object behaviors. Inter-object behavior can be difficult to define and understand in such cases.
Lastly, we feel that the models we build should make it clear how these four major concerns are addressed. When trying to understand a model, it should be clear which parts define interfaces, which parts define individual object behavior, which parts define inter-object communication, and which define aggregate behavior. To put it simply, interfaces, behavior, communication and aggregate behavior should each be explicit.
This document proposes a four level abstraction hierarchy for CAETI systems architectures. Some possible applications are described briefly.
This report discusses the definition and modeling of reference architectures that specify the security aspects of distributed systems. NSA's MISSI (Multilevel Information System Security Initiative) security architecture is used as an illustrative example. We show how one would define such a reference architecture, and how one could use such a definition to model as well as check implementations for compliance with the reference.
This report presents an approach to creating an executable standard for the SPARC-V9 instruction set architecture using Rapide-1.0, a language for modeling and prototyping distributed systems. It describes the desired characteristics of a formal specification of the architecture and shows how Rapide can be used to build a model with these characteristics. This is followed by the description of a simple prototype of the proposed model, and a discussion of the issues involved in building and testing the complete specification (with emphasis on some Rapide-specific features such as constraints, causality and mapping). The report concludes with a brief evaluation of the proposed model and suggestions on future areas of research.
Discussion of the demonstration of Rapide in modeling the HLA interface definition.
A brief description and Rapide sources for the Level 2 HLA simulation.
Abstract: We have used the Rapide prototyping-languages, developed by Stanford and TRW under the ARPA ProtoTech Program, in a series of exercises to model an early version of IBM's ADAGE software architecture for helicopter avionics systems. These exercises, conducted under the ARPA Domain Specific Software Architectures (DSSA) Program, also assisted the evolution of the Rapide languages. The resulting Rapide-1.0 model of the ADAGE architecture in this paper is substantially more succinct and illuminating than the original models, developed in Rapide-0.2 and Preliminary Rapide-1.0. All Rapide versions include these key features: interfaces, by which types of components and their possible interactions with other components are defined; actions, by which the events that can be observed or generated by such components are defined; and pattern-based constraints, which define properties of the computation of interacting components in terms of partially ordered sets of events. Key features of Rapide-1.0 include services, which abstract whole communication patterns between components; behavior rules, which provide a state-transition oriented specification of component behavior and from which computation component instances can be synthesized; and architectures, which describe implementations of components with a particular interface, by showing a composition of subordinate components and their interconnections. The Rapide-1.0 model is illustrated with corresponding diagrammatic representations.
keywords: formal specification, Rapide, avionics, architectural description
Abstract: Rapide is a concurrent object-oriented language designed for prototyping distributed systems. This paper describes the creation of such a prototype, more specifically a shared memory multiprocessor system. The design is presented in an evolutionary manner, starting with a simple CPU + memory model. The paper also presents some simulation results and shows how the partially ordered event sets that Rapide produces can be used both for performance analysis and for an in-depth understanding of the model's behavior.