alloy based lightweight verification for aspect oriented architecture n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Alloy-based Lightweight Verification for Aspect-oriented Architecture PowerPoint Presentation
Download Presentation
Alloy-based Lightweight Verification for Aspect-oriented Architecture

Loading in 2 Seconds...

play fullscreen
1 / 27

Alloy-based Lightweight Verification for Aspect-oriented Architecture - PowerPoint PPT Presentation


  • 86 Views
  • Uploaded on

SERA 2008. Alloy-based Lightweight Verification for Aspect-oriented Architecture. Naoyasu Ubayashi (Kyushu Institute of Technology) Yuki Sato (Kyushu Institute of Technology) Akihiro Sakai (Kyushu University) Tetsuo Tamai (University of Tokyo) August 20, 2007. Aspect-oriented Programming.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Alloy-based Lightweight Verification for Aspect-oriented Architecture' - kaili


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
alloy based lightweight verification for aspect oriented architecture

SERA 2008

Alloy-based Lightweight Verificationfor Aspect-oriented Architecture

Naoyasu Ubayashi (Kyushu Institute of Technology)

Yuki Sato (Kyushu Institute of Technology)

Akihiro Sakai (Kyushu University)

Tetsuo Tamai (University of Tokyo)

August 20, 2007

aspect oriented programming
Aspect-oriented Programming

Problem

A concern considered crosscutting in one situation might be primary in others. It is not desirable to fix a certain concern as either primary or crosscutting.

It is not easy to understand the overall behavior of a woven program.

AOP is a programming paradigm in which crosscutting concerns are modularized as aspects.

Display updating

pointcut

after (FigureElement fe):

(call(void set*(..)) && target(fe) {

fe.display.update(fe); }

AspectJ

advice

our previous work ase 07
Our previous work [ASE’07]
  • A new interface mechanism called Weaving-interface
  • A new AOP language called ccJava
  • Weaving-interface can be regarded as an ADL (Architecture Description Language)
  • All concerns are described as class components.
  • This ADL can describe how to compose (weave) these components.
  • But, programming-level idea …

Display

Point

Line

today s talk verifiable ao mdd
Today’s Talk: Verifiable AO MDD

Architectural Design

  • Not only programming-level but also design-level notion
  • ADL for bridging the gaps between architectural design and implementation

Designs and verifies an architecture represented by a set of weaving-interfaces

(Alloy-based architecture verification)

Weaving-interface

Implements verified weaving interfaces

Java

outline
Outline
  • Motivation
  • AO verifiable MDD
  • Architecture verification based on Alloy
  • Related work
  • Conclusion
example figure editor
Example --- Figure editor

Component

interface Shape {

public void moveBy(int dx, int dy);

}

class Point implements Shape {

int x, y;

public int getX() { return x; }

public int getY() { return y; }

public void setX(int x) { this.x = x; }

public void setY(int y) { this.y = y; }

public void moveBy(int dx, int dy) {

x += dx; y += dy;

}

}

class Line implements Shape {

Point p1, p2;

public Point getP1() { return p1; }

public Point getP2() { return p2; }

public void setP1(Point p1) { this.p1 = p1; }

public void setP2(Point p2){ this.p2 = p2; }

public void moveBy(int dx, int dy) {

p1.x += dx; p1.y += dy;

p2.x += dx; p2.y += dy;

}

}

class Display {

public static void update() {

/* the detail is ommited */ }

}

Component

Three concern components are woven together by component and connector architecture based on weaving-interface.

Component

ao weaving based on component connector architecture
AO weaving based oncomponent-connector architecture

Weaving-interface

wDisplay

wPoint

wLine

redraw

class

Display

class

Point

class

Line

change

Component

redraw + change

Connector

class Pointimplements Shape {

int x, y;

public int getX() { return x; }

public int getY() { return y; }

public void setX(int x) { this.x = x; }

public void setY(int y) { this.y = y; }

public void moveBy(int dx, int dy) {

x += dx; y += dy;

}

}

class Display {

public static void update() { }

}

wLogging

class

Logging

ccjava aop language for supporting weaving interface
ccJava – AOP language for supporting Weaving-interface

Weaving-interface

public w_interfacewPoint{

pointcut change():

execution(void setX(int)) ||

execution(void setY(int)) ||

execution(void moveBy(int, int));

import before(), after() returning, around() : change();

}

public w_interfacewLine{

pointcut change():

execution(void setP1(Point)) ||

execution(void setP2(Point)) ||

execution(void moveBy(int, int));

import before(), after() returning, around() : change();

}

public w_interfacewDisplay{

pointcut redraw(): execution(void update());

import before(), after() returning : redraw();

export redraw();

}

Weaving-interface+Connector

is a kind of

ADL

Port Definition

Connector descriptions depend on only weaving-interfaces.

Architecture can be represented by

Weaving-interface + connector.

Coordination Type

Before

After

Around

introduce

Connector

weave {

class Point implements wPoint;

class Line implements wLine;

class Display implements wDisplay;

connect(port1:wDisplay.redraw,

port2:{wPoint || wLine}.change) {

after() returning : port2 { port1.proceed(); }

}

Port Connection

Coordination

Code

problems
Problems
  • Although Weaving-interface enables a programmer to describe AO architecture, there is a gap between architecture design and implementation.

Verifiable AO MDD

ccmodeler ccjava
ccModeler & ccJava

ccModeler

Architectural Design

Architecture

Design & verification

Designs and verifies an architecture represented by a set of weaving-interfaces

ccJava

Weaving-interface

Refinement

Implements verified weaving interfaces

Java

alloy
Alloy
  • Alloy is a simple structural modeling language based on relational logic.
  • The Alloy analyzer, a tool for Alloy, can automatically generate instances of invariants, simulate the execution of operations, and check user-specified properties of a model.

Lightweight Formal Methods

Although neither soundness nor completeness is guaranteed, it makes more sense to sacrifice the capability of finding proofs for the capability of reliably detecting errors.

We use Alloy as a design debugger !

weaving interface meta model described in alloy
Weaving-Interface meta modeldescribed in Alloy

weaving I/F

weaving I/F

Concern

Component

(class)

Concern

Component

(class)

connector

abstract sig Implement {

class : set Class,

weavingInterface : set WeavingInterface

}

abstract sig Connect {

port1 : set WeavingInterface,

port2 : set WeavingInterface,

connectionType : Advice

}

abstract sig WeavingInterface {

importType: set Advice,

import : set Pointcut,

export : set Pointcut

}

abstract sig Advice {}

one sig Before, After, Around

extends Advice {}

abstract sig Pointcut {}

translation from weaving interface into alloy 1
Translationfrom weaving-interface into Alloy (1)

Weaving-interface

Alloy

public w_interfacewPoint{

pointcutchange():

execution(voidsetX(int)) ||

execution(voidsetY(int)) ||

execution(voidmoveBy(int, int));

import before(), after() returning, around() :

change();

}

public w_interfacewDisplay{

pointcutredraw(): execution(void update());

importbefore(), after() returning : redraw();

export redraw();

}

one sig noPct, setX, setY, moveBy

extends Pointcut {}

one sig WPoint extends WeavingInterface {}

fact{

WPoint.importType=

{ Before } + { After } + { Around }

WPoint.import=

{ setX } + { setY } + { moveBy }

WPoint.export=

{ noPct }

}

one sig update extends Pointcut {}

one sig WDisplay extends WeavingInterface {}

fact{

WDisplay.importType= { Before } + { After }

WDisplay.import= { update }

WDisplay.export= { update }

}

Alloy

translation from weaving interface into alloy 2
Translationfrom weaving-interface into Alloy (2)

weave {

class Point implements wPoint;

class Display implements wDisplay;

Connect(

port1:wDisplay.redraw,

port2:{wPoint || wLine}.change) {

after() returning : port2

{ port1.proceed(); }

}

one sig Weave {

implement : set Implement,

connect : set Connect

}

fact {

Weave.implement= { PointImplementsWPoint } +

{ DisplayImplementsWDisplay }

Weave.connect= { WDisplayToWPoint }

}

one sig PointImplementsWPoint extends Implement {}

one sig Point extends Class {}

fact{

PointImplementsWPoint.class= { Point }

PointImplementsWPoint.weavingInterface= { WPoint }

}

one sig DisplayImplementsWDisplay extends Implement {}

one sig Display extends Class {}

fact{

DisplayImplementsWDisplay.class= { Display }

DisplayImplementsWDisplay.weavingInterface= { WDisplay }

}

one sig WDisplayToWPoint extends Connect {}

fact{

WDisplayToWPoint.port1 = { WDisplay }

WDisplayToWPoint.port2 = { WPoint }

WDisplayToWPoint.connectionType= { After }

}

Weaving-interface

Alloy

architecture verification
Architecture verification
  • Consistency of architecture design
  • Intention of Modeler
architecture verification 1 consistency of architecture design
[Architecture verification 1]Consistency of architecture design

Checking the consistency between permitted advice-types declared in wPoint and real advice specified in a connect statement

WPoint.importType = { Before } + { Around }

WPoint.importType = { Before } + { After } + {Around }

assert checkConnectionType {

all t : WDisplayToWPoint.connectionType |

t in WDisplayToWPoint.port2.importType

}

The Alloy analyzer generates counterexamples.

The Alloy analyzer terminates normally.

generated counterexample
Generated counterexample

after advice specified in a connect

statement is not included in the available advice-types declared in wPoint.

architecture verification 2 intention of modeler
[Architecture verification 2]Intention of modeler

wDisplay

wPoint

wLine

redraw

class

Display

class

Point

class

Line

change

redraw + change

assert checkImportedMethod {

login WDisplayToWPoint.port1.export

}

assert checkImportedMethod {

update in WDisplayToWPoint.port1.export

}

wLogging

class

Logging

Error

OK

21

architecture verification refinement
Architecture verification &Refinement

Architectural Design

Architecture verification

Designs and verifies an architecture represented by a set of weaving-interfaces

Refinement

Weaving-interface

Implements verified weaving interfaces

Java

related work 1
Related work (1)
  • AAIF: Aspect-aware interface [Kiczales 2005]
  • Open modules [Aldrich 2005]
  • Crosscutting programming interface (XPI) [Sullivan 2005]

An interface is determined only once the

complete system is known

Point implements FigureElement

void setX(int): DisplayUpdating

- after returning DisplayUpdating.change();

Aspects can be woven to only exposed program points.

Open modules support crosscutting within only one class.

Our Approach

Software Architecture !!

An interface for specifying rules for designing aspects and classes

public aspect XPointChange {

/* The purpose of … */

pointcut change(): execution(void Point.setX(int)) || …

}

related work 2
Related work (2)
  • ArchJava [Aldrich, 2002]
    • an extension to Java that seamlessly unifies software architecture with implementation.

Our Approach

Interface mechanism shared by both architectural design and implementation

conclusion
Conclusion
  • Alloy-based lightweight approach for checking whether the weaving based on the component-and-connector architecture is correct.
  • By enforcing the architecture verified by Alloy to the class implementation, we can construct a reliable system.