SDPDelhi

CSE Dept, MNNIT
Jan 13, 2012
Formalization of Software Architecture Outline

Software Architecture and Patterns Model Checking Why Model-check Architectural patterns Calculus of Communicating Systems(CCS) Modeling a System using CCS Mu-Calculus Specifying properties using Mu-Calculus Modeling and verication of an example pattern Component Adaptation and Future Directions
Formalization of Software Architecture : Dharmendra 1
CSE Dept, MNNIT
Jan 13, 2012
Our Model of Software Architecture
The software architecture of a program or computing system is the structure (or structures) of the system The structures comprise: Software components Externally visible properties of the components Relationships between the components
Formalization of Software Architecture : Dharmendra
CSE Dept, MNNIT
Jan 13, 2012
Architectural Patterns
Same system may have different structures i.e different architectures However, there are some structures and related constrains which appear in many systems These are general structures which are useful for architectures of a class of problem These are known as Architectural Patterns
CSE Dept, MNNIT
Jan 13, 2012
Why is Software Architecture Important?
Communication among stakeholders Early design decisions Transferable abstractions of a system
CSE Dept, MNNIT
Jan 13, 2012
Model Checking
Model checking is an automatic technique for verifying nite state concurrent systems It comprises of three parts A framework for modeling systems, description language of some sort typically a
A specication language for describing the properties to be veried A Verication method to establish whether description of a system satises the specication
CSE Dept, MNNIT
Jan 13, 2012
Model Checking (Cont...)

False:Error trace
Model of Architectural Design
Model Checker CWB-NC Specication of Property
True:Satises formula
Figure 1: Model Checking Methodology
CSE Dept, MNNIT
Jan 13, 2012
Why model-check Software Architecture?
Software architecture are essential engineering artifacts used in the design process of complex software system They specify at a high abstraction level various aspects of the system Advantage of model checking is the early analysis or verication of software architecture Software architect will be able to correct the errors early in design
CSE Dept, MNNIT
Jan 13, 2012
Calculus of Communicating Systems(CCS)
CCS is a process algebra developed for analytical modeling of concurrent communicating systems CCS considers a system as a network of component which behave according to their specication Each part is an agent Agents communicate with each other via ports CCS provides similar kind of abstractions, as in Component and connector view of Software architecture
CSE Dept, MNNIT
Jan 13, 2012
Syntax of CCS E is the set of agent expressions which includes X set of agent variables and K set of agent constants and formed as following : 1. .E, a P ref ix ( Act) 2. iI Ei, a Summation (I an indexing set) 3. E1|E2, a Composition 4. E\L, a Restriction(L L) 5. E[f ], a Relabeling (f a relabeling function)
CSE Dept, MNNIT
Jan 13, 2012
The semantics of CCS For assigning meaning general notion of labeled transition system will be used (S, T, {: t T }) It consists of a set S of states, a set T of transition labels, t and a transition relation S S for each t T S is E, the agent expression, and T is Act, the actions The semantics for E consists in the denition of each transition over E Transitions of each composite agent will be dened in terms of the transitions of its component agent or agents
CSE Dept, MNNIT
Jan 13, 2012
The semantics of CCS (Cont..) Act Sumj P

Ej Ej iI Ei Ej
.E E
(j I)
E E Com1 E|F E |F
F F Com2 E|F E|F
Com3 E E F F E|F E |F
Res E E (, E\LE \L
L) /
Rel
E E E[f ] E [f ]
f ()
def P P Con (A AP
P )
11
CSE Dept, MNNIT
Jan 13, 2012
An example: Vending Machine A big chocolate costs 2p, a little one costs 1p Only 2p and 1p coins can be used in the machine
big little
2p
1p
collect
Machine V can be dened in terms of interaction with the environment at its ports V = 2p.big.collect.V + 1p.little.collect.V
def
CSE Dept, MNNIT
Jan 13, 2012
Modal Mu-Calculus
Expressive logic that can be used to encode a variety of temporal logics The Syntax of Modal Mu-calculus: Formula variables X1,X2,... Atomic propositions p1,p2,..... Negation, conjunction and disjunction of formulae Existential modality: a f Universal modality: [a]f Least xed point: X.f (X) Greatest xed point: X.f (X)
13
CSE Dept, MNNIT
Jan 13, 2012
Specifying properties using Mu-Calculus

Vending machines behaviour could be captured through properties 1. V 2. V 3. V 4. V 5. V [2p] big tt [2p] big collect tt [1p] little tt [1p] little collect tt [2p] little collect tt
14
CSE Dept, MNNIT
Jan 13, 2012
Modeling of architectural Pattern using CCS
We Model Web Proxy Pattern using CCS We write interesting properties of the web proxy pattern We verify using CWB-NC that model satises the property
15
CSE Dept, MNNIT
Jan 13, 2012
Modeling of Proxy Architectural Pattern using CCS
We Model Proxy Pattern using CCS We write interaction properties of Proxy Pattern We verify using CWB-NC that interaction properties hold over model
16
CSE Dept, MNNIT
Jan 13, 2012
Modeling of Proxy Pattern

ans CLIENT req req ans PROXY reqest reqest SERVER
reply
reply
Figure 2: Proxy Web Server
CLIENT = req.ans.CLIENT PROXY = req.ans.PROXY + req.request.reply.ans.PROXY SERVER = request.reply.SERVER ARCHITECTURE = CLIENT | PROXY|SERVER
17
CSE Dept, MNNIT
Jan 13, 2012
Specication Properties for Proxy Pattern

Whenever a client makes a request, eventually there will always be an answer to the client (P1) Whenever there is an answer to the client, there is a prior request from the client (P2) Immediately after a request, either an answer or a further request will be generated from the proxy component (P3)
18
CSE Dept, MNNIT
Jan 13, 2012
Specication Properties for Proxy Pattern (Cont..)

There is a possibility of a request from client, followed by request generated from the proxy, followed by a reply from the server and nally an answer from the proxy. This sequence of actions may repeat innitely(P4). There is a possibility of a request from client, followed by an answer from the proxy. This sequence of actions may also repeat innitely(P5)
19
CSE Dept, MNNIT
Jan 13, 2012
Formally Specifying Properties for Proxy Pattern

prop P1 = AG(not treq tt) AF ( tans tt) prop P2 = A(not( tans tt)W treq tt) prop P3 = AG(not( treq tt) AF ( tans tt trequest tt)) prop p4 = max X = t treq t trequest t treply t tans X prop p5 = max Y = t treq t tans Y
20
CSE Dept, MNNIT
Jan 13, 2012
Verication of Proxy Pattern

False:Error trace
Model of Architectural Pattern
Model Checker CWB-NC Interaction Properties
True:Satises formula
Figure 3: Verication Methodology
21
CSE Dept, MNNIT
Jan 13, 2012
Component Adaptation What is a component? Component Adaptation Techniques Specifying Component Specifying Adapters Derivation of Adapters Implementation of Adapter
22
CSE Dept, MNNIT
Jan 13, 2012
What is a component?
From an ontological point of view, everything that can be composed into composite is component The components characteristic properties are that it: is a unit of independent deployment is a unit of third party composition has no persistent state
23
CSE Dept, MNNIT
Jan 13, 2012
Component Adaptation
An emerging area in software is the construction of application from components
Components to interoperate properly there should not be a mismatch in interfaces and behavior Wide gap between customer requirements and developer specications of the components
24
CSE Dept, MNNIT
Jan 13, 2012
Component Adaptation (Cont..)
For the growth of Component Based Software Engineering (CBSE) the crucial issues of differences need to be resolved Component Adaptation is one solution to the issue Component adaptation is a technique of tailoring the component for the use in specic application development
25
CSE Dept, MNNIT
Jan 13, 2012
Component Adaptation Techniques
Properties of Component Adaptation Techniques Black-Box Transparent Composable Reusable Congurable
26
CSE Dept, MNNIT
Jan 13, 2012
Component Adaptation Techniques (Cont..)
Adaptation Techniques Copy Paste Inheritance Wrapping Superimposition Filter Based Adaptation
27
CSE Dept, MNNIT
Jan 13, 2012
Modeling of Component Adaptation Need to formalize Component Adaptation Deadlock Freedom and Temporal Properties Adapters What to formalize Interfaces Protocols/Behaviours How to formalize State/Transition Diagram Process Algebra
28
CSE Dept, MNNIT
Jan 13, 2012
Specication using Process Algebra Input and output actions are represented by x?(d) and x!(d) x is the link along which the actions are performed d is a tuple of parameters (either links or data) sent or received along x Non-observable actions (also called silent actions) are denoted by tau 0 represents inaction Restriction, (x)E, represents the creation of a new link name x in an expression E
CSE Dept, MNNIT
Jan 13, 2012
The matching operator [x=y]E is used for specifying conditional behaviour: [x=y]E behaves as E if x=y, otherwise as 0. Nondeterministic choice (+) and parallel || operators are dened: E+E may proceed either to E or to E, while E||E consists of expressions E and E acting in parallel.
30
CSE Dept, MNNIT
Jan 13, 2012
Specication using Process Algebra
Component interfaces consist of a set of roles Specication of role has two parts 1. Signature Interface 2. Interaction Behaviour
role role Name = { signature input and output actions behaviour interaction pattern }
31
CSE Dept, MNNIT
Jan 13, 2012
Specication using Process Algebra (Cont..)
Behaviour Description of a role consists of an interaction pattern Patterns are described by means of a subset of the polyadic pi-calculus The pi-calculus allows link names to be sent and received as values Interaction patterns are dened as follows:
E ::=0|a.E | (x)E | [x=y]E | E||E | E + E a ::= tau | x?(d) | x!(d)
32
CSE Dept, MNNIT
Jan 13, 2012
Specication using Process Algebra (Cont..)
A component may exhibit more than one role Example RW

RW= read?(x).([x!=EOF]fwrite!(x).RW + [x=EOF]fclose!( ).0) + tau.break!( ).fclose!( ).0
Role I1
I1=read?(x).0 + tau.break.0
Role I2
I2=tau.fwrite!(x).0 + tau.fclose!( ).0
33
CSE Dept, MNNIT
Jan 13, 2012
Adapter derivation Using Process Algebra Adaptation is not simply unifying link names
role P1 = { signature request!(Data url); reply ? (Data page); behaviour request!(url).reply?(page).0 } role Q1 = { signature query?(Data handle); return! behaviour query?(handle).return! } (file).0 (Data file);
= { u/request, u/query, v/reply, v/return }

M1 = { request!(url) <> query?(url); reply?(file) <> return!(file); }
CSE Dept, MNNIT
Jan 13, 2012
Using Process Algebra (Cont..)
Multiple Action correspondence

role P2 = { signature usr!(Data me); pass! (Data pwd); behaviour usr!(me).pass!(pwd).0 } role Q2 = { signature login?(Data acc, pin); behaviour login?(acc, pin).0 } M2 = {usr!(me),pass!(pwd)<> login?(me,pwd);}
35
CSE Dept, MNNIT
Jan 13, 2012
Actions without a correspondent

role P3 { signature printn?(Data doc, n); behaviour (...) } role Q3 {signature setCopies!(Data n); print!(Data doc); behaviour (...)}
M3 = { none <> setCopies!(n); printn?(doc,n)<>print!(doc);}
M3= { printn?(doc,n) <> setCopies!(n), print!(doc); }
36
CSE Dept, MNNIT
Jan 13, 2012
Non-deterministic action correspondence

role P4 = { signature data!(Data n); behaviour data!(n).0} role Q4 = { signature read?(Data m);break!( ); behaviour read?(m).0 + tau.break!(). 0}
M4 = { data!(x)<> read?(x); data!(x)<> break!( );}
37
CSE Dept, MNNIT
Jan 13, 2012
Using Process Algebra (Cont..) Name passing

role P5 = { signature request!(Data url, Link reply)> reply?(Data page); behaviour (reply) request!(url,reply). reply?(page).0} role Q5={ signature query?(Data handle, Link ret)> ret!(Data file); behaviour query?(handle,ret).ret! (file).0 }
M5 ={ request!(url,reply) <> query?(url,reply); reply?(file) <> reply!(file); }
38
CSE Dept, MNNIT
Jan 13, 2012
Synthesis of Adapters using Process Algebra
Given a mapping M, and the interaction patterns P and Q of two components, concrete adapter (if any) is generated by means of a fully automated procedure. This adapter A is the component-in-the-middle such that: The parallel composition P|A|Q do not deadlock, and A will satisfy all the action correspondences and data dependencies specied by M.
39
CSE Dept, MNNIT
Jan 13, 2012
Future Directions
Adapters can be specied using process Algebra method and could be automatically synthesized Only Interface Adaptation is provided till now Most of the current works on the component adaptation deal with adapting behaviour Functionality which is the actual semantics of the computations associated to these interactions is still a major challenge
40
CSE Dept, MNNIT
Jan 13, 2012
Thank you
41
CSE Dept, MNNIT
Jan 13, 2012
Now onwards Back up Slides
42
CSE Dept, MNNIT
Jan 13, 2012
The syntax of the Milners Calculus A is the set of names. a, b, c... ranges over it A is the set of co-names.a, b, c, ... ranges over it L = A A is the set of labels. l, l ranges over it is perf ect or silent action Act = L is the set of actions. , ... ranges over it K, and L are subsets of L L is the set of complements of labels in L A relabeling f unction f is a function from L to L such that f (l) = f (l),
CSE Dept, MNNIT
Jan 13, 2012
The syntax of the Milners Calculus (Cont..)
f is extended to Act by decreeing that f ( ) = . X is a set of agent variables, and X, Y, ... range over X K is a set of agent constants, and A, B, ... range over K I or J are an indexing set, family of expressions indexed by I can be denoted by Ei : i I E is the set of agent expression, E, F, ... range over E.
44
CSE Dept, MNNIT
Jan 13, 2012
The syntax of the Milners Calculus (Cont..)
E is the smallest set which includes X and K and contains the following expression, where E, Ei are already in E: 1. .E, a P ref ix ( Act) 2.
iI
Ei, a Summation (I an indexing set)
3. E1|E2, a Composition 4. E\L, a Restriction(L L) 5. E[f ], a Relabeling (f a relabeling function)
45
CSE Dept, MNNIT
Jan 13, 2012
The syntax of the Milners Calculus ( P ref ix operator) . P ref ix operator prexes an action to a single agent expression Prex is the only method of sequencing to dene the sequential composition An agent C is a cell which may hold a single data item
in C out
The cell has two ports, C may accept an item or value at the left-hand port, labeled in When holding a value, it may deliver it at the right-hand port, labeled out
CSE Dept, MNNIT
Jan 13, 2012
The syntax of the Milners Calculus ( P ref ix operator) (Cont..) We express the behavior of C as follows: C C (x)
def
in(x).C (x) out(x).C
def
The Prex in(x). stands for a handshake in which a value is received at port in and becomes the value of variable x in(x).C (x) is an agent expression; its behavior is to perform the described handshake and then proceed according to the denition of C out(x).C is an agent expression, its behavior is to output the value of x at port out and then proceed according to the denition of C
CSE Dept, MNNIT
Jan 13, 2012
The syntax of the Milners Calculus ( Summation operator)
Summation operator is the sum of all expressions Ei as i ranges over I
It can can be denoted as Ei : i I, or abbreviated to i Ei when I is understood
Special cases for the summation operator are: 1. when I = {1, 2} then it turns out to be binary summation E1 + E2
CSE Dept, MNNIT
Jan 13, 2012
2. When I = then it gives us the inactive agent, capable of no action whatsoever. def The agent is given special name 0, and dened as 0 = i Ei .
49
CSE Dept, MNNIT
Jan 13, 2012
The syntax of the Milners Calculus ( Composition operator) Composition is transitions possible for a composite agent P |Q in terms of the transitions possible for P and Q separately Let Aand B as follows, where a, b, c are distinct names:
a A c
def
A = a.A A = c.A
def
B = c..B B = b.B
def
def
The composite agent A|B will follow the following transition rule for the composition:
CSE Dept, MNNIT
Jan 13, 2012
The syntax of Milners Calculus ( Composition operator Cont..)

c c b
a A
1. If A can do an action alone, then it can also do the action in context A|B, leaving B undisturbed and vice versa. Thus:
Since A A ,
a
we infer A|B A |B
2. IF the c port of A is linked to the c port of B, the rule dictates:

Since A A,
c
we infer A |B A|B
3. Rule which can dictate the following transition:

Since A A, and B B ,
we infer A |B A|B
51
CSE Dept, MNNIT
Jan 13, 2012
? will be replaced by a completed or perf ect denoted by
action
52
CSE Dept, MNNIT
Jan 13, 2012
The syntax of the Milners Calculus ( Restriction operator) \ restriction operator is a unary postxed operator It internalizes the ports of the agents restricting for further composition If P P then infer P \L P \L provided that , L /

53
CSE Dept, MNNIT
Jan 13, 2012
The syntax of the Milners Calculus ( Relabeling operator) A function f from labels to labels is a relabeling f unction if it respects complements, For each relabeling function f, the Relabeling combinator [f ], postxed to an agent, has the effect of relabeling the ports of the agent as dictated by f
The expression l1/l1, ..., ln/ln is for the relabeling function f for which f (li) = li and f (li) = li for i = 1, ..., n and otherwise f (l) = l
54
CSE Dept, MNNIT
Jan 13, 2012
The syntax of the Milners Calculus (Relabeling operator)(Cont..) A simple semaphore can be dened as follows:
get Sem put
Hammer
def
get.put.Sem
A semaphore is just a resource which may be acquired and released alternatively, and we can dene the Hammer and M allet by Hammer M allet
def
Sem[geth/get, puth/put] Sem[getm/get, putm/put]

55
def

SDPDelhi

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SDPDelhi

Uploaded by

Copyright:

Available Formats

CSE Dept, MNNIT

Jan 13, 2012

Formalization of Software Architecture Outline

CSE Dept, MNNIT

Jan 13, 2012

Our Model of Software Architecture

Formalization of Software Architecture : Dharmendra

CSE Dept, MNNIT

Jan 13, 2012

Formalization of Software Architecture : Dharmendra

CSE Dept, MNNIT

Jan 13, 2012

Why is Software Architecture Important?

Communication among stakeholders Early design decisions Transferable abstractions of a system

Formalization of Software Architecture : Dharmendra

CSE Dept, MNNIT

Jan 13, 2012

Formalization of Software Architecture : Dharmendra

CSE Dept, MNNIT

Jan 13, 2012

Model Checking (Cont...)

Model of Architectural Design

Model Checker CWB-NC Specication of Property

Figure 1: Model Checking Methodology

Formalization of Software Architecture : Dharmendra

CSE Dept, MNNIT

Jan 13, 2012

Why model-check Software Architecture?

Formalization of Software Architecture : Dharmendra

CSE Dept, MNNIT

Jan 13, 2012

Calculus of Communicating Systems(CCS)

CSE Dept, MNNIT

Jan 13, 2012

CSE Dept, MNNIT

Jan 13, 2012

CSE Dept, MNNIT

Jan 13, 2012

The semantics of CCS (Cont..) Act Sumj P

F F Com2 E|F E|F

Formalization of Software Architecture : Dharmendra

CSE Dept, MNNIT

Jan 13, 2012

CSE Dept, MNNIT

Jan 13, 2012

Formalization of Software Architecture : Dharmendra

CSE Dept, MNNIT

Jan 13, 2012

Specifying properties using Mu-Calculus

Formalization of Software Architecture : Dharmendra

CSE Dept, MNNIT

Jan 13, 2012

Modeling of architectural Pattern using CCS

Formalization of Software Architecture : Dharmendra

CSE Dept, MNNIT

Jan 13, 2012

Modeling of Proxy Architectural Pattern using CCS

Formalization of Software Architecture : Dharmendra

CSE Dept, MNNIT

Jan 13, 2012

Modeling of Proxy Pattern

Figure 2: Proxy Web Server

Formalization of Software Architecture : Dharmendra