1 / 27

Alloy-based Lightweight Verification for Aspect-oriented Architecture

SERA 2008. Alloy-based Lightweight Verification for Aspect-oriented Architecture. Naoyasu Ubayashi (Kyushu Institute of Technology) Yuki Sato (Kyushu Institute of Technology) Akihiro Sakai (Kyushu University) Tetsuo Tamai (University of Tokyo) August 20, 2007. Aspect-oriented Programming.

kaili
Download Presentation

Alloy-based Lightweight Verification for Aspect-oriented Architecture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SERA 2008 Alloy-based Lightweight Verificationfor Aspect-oriented Architecture Naoyasu Ubayashi (Kyushu Institute of Technology) Yuki Sato (Kyushu Institute of Technology) Akihiro Sakai (Kyushu University) Tetsuo Tamai (University of Tokyo) August 20, 2007

  2. Aspect-oriented Programming Problem A concern considered crosscutting in one situation might be primary in others. It is not desirable to fix a certain concern as either primary or crosscutting. It is not easy to understand the overall behavior of a woven program. AOP is a programming paradigm in which crosscutting concerns are modularized as aspects. Display updating pointcut after (FigureElement fe): (call(void set*(..)) && target(fe) { fe.display.update(fe); } AspectJ advice

  3. Our previous work [ASE’07] • A new interface mechanism called Weaving-interface • A new AOP language called ccJava • Weaving-interface can be regarded as an ADL (Architecture Description Language) • All concerns are described as class components. • This ADL can describe how to compose (weave) these components. • But, programming-level idea … Display Point Line

  4. Today’s Talk: Verifiable AO MDD Architectural Design • Not only programming-level but also design-level notion • ADL for bridging the gaps between architectural design and implementation Designs and verifies an architecture represented by a set of weaving-interfaces (Alloy-based architecture verification) Weaving-interface Implements verified weaving interfaces Java

  5. Outline • Motivation • AO verifiable MDD • Architecture verification based on Alloy • Related work • Conclusion

  6. 1. Motivation

  7. Example --- Figure editor Component interface Shape { public void moveBy(int dx, int dy); } class Point implements Shape { int x, y; public int getX() { return x; } public int getY() { return y; } public void setX(int x) { this.x = x; } public void setY(int y) { this.y = y; } public void moveBy(int dx, int dy) { x += dx; y += dy; } } class Line implements Shape { Point p1, p2; public Point getP1() { return p1; } public Point getP2() { return p2; } public void setP1(Point p1) { this.p1 = p1; } public void setP2(Point p2){ this.p2 = p2; } public void moveBy(int dx, int dy) { p1.x += dx; p1.y += dy; p2.x += dx; p2.y += dy; } } class Display { public static void update() { /* the detail is ommited */ } } Component Three concern components are woven together by component and connector architecture based on weaving-interface. Component

  8. AO weaving based oncomponent-connector architecture Weaving-interface wDisplay wPoint wLine redraw class Display class Point class Line change Component redraw + change Connector class Pointimplements Shape { int x, y; public int getX() { return x; } public int getY() { return y; } public void setX(int x) { this.x = x; } public void setY(int y) { this.y = y; } public void moveBy(int dx, int dy) { x += dx; y += dy; } } class Display { public static void update() { } } wLogging class Logging

  9. ccJava – AOP language for supporting Weaving-interface Weaving-interface public w_interfacewPoint{ pointcut change(): execution(void setX(int)) || execution(void setY(int)) || execution(void moveBy(int, int)); import before(), after() returning, around() : change(); } public w_interfacewLine{ pointcut change(): execution(void setP1(Point)) || execution(void setP2(Point)) || execution(void moveBy(int, int)); import before(), after() returning, around() : change(); } public w_interfacewDisplay{ pointcut redraw(): execution(void update()); import before(), after() returning : redraw(); export redraw(); } Weaving-interface+Connector is a kind of ADL Port Definition Connector descriptions depend on only weaving-interfaces. Architecture can be represented by Weaving-interface + connector. Coordination Type Before After Around introduce Connector weave { class Point implements wPoint; class Line implements wLine; class Display implements wDisplay; connect(port1:wDisplay.redraw, port2:{wPoint || wLine}.change) { after() returning : port2 { port1.proceed(); } } Port Connection Coordination Code

  10. Problems • Although Weaving-interface enables a programmer to describe AO architecture, there is a gap between architecture design and implementation. Verifiable AO MDD

  11. 2. Verifiable AO MDD

  12. ccModeler & ccJava ccModeler Architectural Design Architecture Design & verification Designs and verifies an architecture represented by a set of weaving-interfaces ccJava Weaving-interface Refinement Implements verified weaving interfaces Java

  13. 3. Architecture verification based on Alloy

  14. Alloy • Alloy is a simple structural modeling language based on relational logic. • The Alloy analyzer, a tool for Alloy, can automatically generate instances of invariants, simulate the execution of operations, and check user-specified properties of a model. Lightweight Formal Methods Although neither soundness nor completeness is guaranteed, it makes more sense to sacrifice the capability of finding proofs for the capability of reliably detecting errors. We use Alloy as a design debugger !

  15. Weaving-Interface meta modeldescribed in Alloy weaving I/F weaving I/F Concern Component (class) Concern Component (class) connector abstract sig Implement { class : set Class, weavingInterface : set WeavingInterface } abstract sig Connect { port1 : set WeavingInterface, port2 : set WeavingInterface, connectionType : Advice } abstract sig WeavingInterface { importType: set Advice, import : set Pointcut, export : set Pointcut } abstract sig Advice {} one sig Before, After, Around extends Advice {} abstract sig Pointcut {}

  16. Translationfrom weaving-interface into Alloy (1) Weaving-interface Alloy public w_interfacewPoint{ pointcutchange(): execution(voidsetX(int)) || execution(voidsetY(int)) || execution(voidmoveBy(int, int)); import before(), after() returning, around() : change(); } public w_interfacewDisplay{ pointcutredraw(): execution(void update()); importbefore(), after() returning : redraw(); export redraw(); } one sig noPct, setX, setY, moveBy extends Pointcut {} one sig WPoint extends WeavingInterface {} fact{ WPoint.importType= { Before } + { After } + { Around } WPoint.import= { setX } + { setY } + { moveBy } WPoint.export= { noPct } } one sig update extends Pointcut {} one sig WDisplay extends WeavingInterface {} fact{ WDisplay.importType= { Before } + { After } WDisplay.import= { update } WDisplay.export= { update } } Alloy

  17. Translationfrom weaving-interface into Alloy (2) weave { class Point implements wPoint; class Display implements wDisplay; Connect( port1:wDisplay.redraw, port2:{wPoint || wLine}.change) { after() returning : port2 { port1.proceed(); } } one sig Weave { implement : set Implement, connect : set Connect } fact { Weave.implement= { PointImplementsWPoint } + { DisplayImplementsWDisplay } Weave.connect= { WDisplayToWPoint } } one sig PointImplementsWPoint extends Implement {} one sig Point extends Class {} fact{ PointImplementsWPoint.class= { Point } PointImplementsWPoint.weavingInterface= { WPoint } } one sig DisplayImplementsWDisplay extends Implement {} one sig Display extends Class {} fact{ DisplayImplementsWDisplay.class= { Display } DisplayImplementsWDisplay.weavingInterface= { WDisplay } } one sig WDisplayToWPoint extends Connect {} fact{ WDisplayToWPoint.port1 = { WDisplay } WDisplayToWPoint.port2 = { WPoint } WDisplayToWPoint.connectionType= { After } } Weaving-interface Alloy

  18. Architecture verification • Consistency of architecture design • Intention of Modeler

  19. [Architecture verification 1]Consistency of architecture design Checking the consistency between permitted advice-types declared in wPoint and real advice specified in a connect statement WPoint.importType = { Before } + { Around } WPoint.importType = { Before } + { After } + {Around } assert checkConnectionType { all t : WDisplayToWPoint.connectionType | t in WDisplayToWPoint.port2.importType } The Alloy analyzer generates counterexamples. The Alloy analyzer terminates normally.

  20. Generated counterexample after advice specified in a connect statement is not included in the available advice-types declared in wPoint.

  21. [Architecture verification 2]Intention of modeler wDisplay wPoint wLine redraw class Display class Point class Line change redraw + change assert checkImportedMethod { login WDisplayToWPoint.port1.export } assert checkImportedMethod { update in WDisplayToWPoint.port1.export } wLogging class Logging Error OK 21

  22. Architecture verification &Refinement Architectural Design Architecture verification Designs and verifies an architecture represented by a set of weaving-interfaces Refinement Weaving-interface Implements verified weaving interfaces Java

  23. 4. Related work

  24. Related work (1) • AAIF: Aspect-aware interface [Kiczales 2005] • Open modules [Aldrich 2005] • Crosscutting programming interface (XPI) [Sullivan 2005] An interface is determined only once the complete system is known Point implements FigureElement void setX(int): DisplayUpdating - after returning DisplayUpdating.change(); Aspects can be woven to only exposed program points. Open modules support crosscutting within only one class. Our Approach Software Architecture !! An interface for specifying rules for designing aspects and classes public aspect XPointChange { /* The purpose of … */ pointcut change(): execution(void Point.setX(int)) || … }

  25. Related work (2) • ArchJava [Aldrich, 2002] • an extension to Java that seamlessly unifies software architecture with implementation. Our Approach Interface mechanism shared by both architectural design and implementation

  26. 5. Conclusion

  27. Conclusion • Alloy-based lightweight approach for checking whether the weaving based on the component-and-connector architecture is correct. • By enforcing the architecture verified by Alloy to the class implementation, we can construct a reliable system.

More Related