design by contract for reusable components realizable
play

Design-by-Contract for Reusable Components & Realizable - PowerPoint PPT Presentation

Jun 06, 2023 •324 likes •621 views

X CD Design-by-Contract for Reusable Components & Realizable Architectures Mert Ozkaya & Christos Kloukinas http://staff.city.ac.uk/c.kloukinas/Xcd - p. 1 Software Architecture: Beginnings Problem Two main approaches: Beginnings

  1. X CD Design-by-Contract for Reusable Components & Realizable Architectures Mert Ozkaya & Christos Kloukinas http://staff.city.ac.uk/c.kloukinas/Xcd - p. 1

  2. Software Architecture: Beginnings Problem Two main approaches: Beginnings State Issues ■ Components & Connections No Connectors? Connectors ◆ Darwin 1996 Realizability Unrealizable Architecture Unrealizable Wright Connector Req vs Arch ■ Components & Connectors Realizable Plant ◆ Wright 1997 X CD Conclusions Extras http://staff.city.ac.uk/c.kloukinas/Xcd - p. 2

  3. Current State Problem ■ Malavolta et al., IEEE TSE Beginnings v. 39, n. 6 “What Industry State Issues Needs from Architectural No Connectors? Connectors Languages: A Survey” Realizability Unrealizable Architecture (“needs” or “asks for”?) Unrealizable Wright Connector Req vs Arch ■ No “steep learning curve” Realizable Plant (UML), performance, X CD reliability, . . . Conclusions Extras http://staff.city.ac.uk/c.kloukinas/Xcd - p. 3

  4. Issues ■ Formal process algebras not practitioners’ cup of tea. . . Problem Beginnings ◆ Practitioners care about Performance/Reliability/etc. State Issues No Connectors? ? But Performance/Reliability @ Deadlocked States = ? Connectors Realizability Unrealizable Architecture Unrealizable Wright Connector ■ Components + Connections Req vs Arch ◆ No Connectors Realizable Plant ◆ Components must describe the protocols they’ll be used with X CD Conclusions ? Modularity, Reusability, Architectural Exploration? Extras ? Architectural Mismatch? http://staff.city.ac.uk/c.kloukinas/Xcd - p. 4

  5. No Connectors? ■ “All systems can be specified without connectors, therefore connectors are not needed” Alice (Monday): � √ x Bob (Friday): � x 2 Problem Beginnings State √ x Issues x 2 No Connectors? Connectors × + Realizability √ x Unrealizable Architecture x 2 Unrealizable Wright Connector + × Req vs Arch Realizable Plant √ x x 2 X CD � √ x × + Conclusions √ x + x 2 Extras × √ x x 2 � x 2 + × √ x x 2 ■ Yes, but what about map-reduce? (reduce R (map M x)) ■ Why re-invent the wheel each time? ◆ We’ll not get it right each time ■ Define it once and Reuse-by-Calling it not Reuse-by-Copying it http://staff.city.ac.uk/c.kloukinas/Xcd - p. 5

  6. Connectors ■ Specify protocols once, reuse them by calling them Problem Beginnings ■ Components become protocol-independent State Issues No Connectors? ■ Components are more modular, easier to specify Connectors ◆ Less work � more specs � architectural mismatch less likely Realizability Unrealizable Architecture Unrealizable Wright Connector ■ Increase reusability of components & connectors Req vs Arch Realizable Plant (vector + bubble/quick/merge/. . . sort) X CD ■ Easier to verify each independently Conclusions ■ Easier to understand the system structure Extras ■ Easier to explore alternatives http://staff.city.ac.uk/c.kloukinas/Xcd - p. 6

  7. Connector Realizability – Their Achilles’ Heel. . . ■ Wright defined the base notions: Roles + Glue Problem Beginnings ■ Components implement Roles State Issues No Connectors? ■ System = Components � Glue Connectors Realizability ■ All ADLs supporting connectors follow Wright but . . . Unrealizable Architecture Unrealizable Wright Connector ■ Glue adds global constraints Req vs Arch Realizable Plant ⇒ Unrealizable in general X CD ◆ If we want to preserve “communication integrity” Conclusions ◆ And we do – most analyses depend on it Extras http://staff.city.ac.uk/c.kloukinas/Xcd - p. 7

  8. Unrealizable Architecture – A Nuclear Plant [AEY03] R. Alur, K. Etessami, P1 P2 and M. Yannakakis. Inference of Problem Beginnings message sequence charts. IEEE State Issues TSE, 29(7):623-633, 2003 No Connectors? Connectors Realizability UR NA Unrealizable Architecture Unrealizable Wright Connector Req vs Arch Realizable Plant (a) A decentralized architecture � X CD P1 UR NA P2 P1 UR NA P2 P1 UR NA P2 Conclusions inc double inc Extras inc double double double double inc double inc inc MSC1 MSC2 (b) The plant’s (unrealizable) MSCs (c) An unavoidable bad behaviour http://staff.city.ac.uk/c.kloukinas/Xcd - p. 8

  9. Unrealizable Wright Connector connector Plant_Connector = role P1 = ur → na → P1. // increase both Problem role P2 = ur → na → P2. // double both Beginnings role UR = inc → UR � double → UR. State Issues role NA = inc → NA � double → NA. No Connectors? Connectors glue G = P1.ur → UR.inc → P1.na → NA.inc Realizability → P2.ur → UR.double → P2.na → NA.double Unrealizable Architecture Unrealizable Wright Connector → G Req vs Arch ⊓ P2.ur → UR.double → P2.na → NA.double Realizable Plant → P1.ur → UR.inc → P1.na → NA.inc X CD → G. // → link, → global constraint Conclusions SYSTEM = (P1:P1 � P2:P2 � UR:UR � NA:NA � G). Extras Wright’s (unrealizable) connector for the nuclear plant ■ Property is verified! ■ But no way to realize it while preserving comm. integrity . . . :-( ■ Architect needs to be told requirement isn’t satisfied ⇒ Global constraints are requirements ■ Architecture shouldn’t simply repeat the requirements http://staff.city.ac.uk/c.kloukinas/Xcd - p. 9

  10. Requirements vs Architecture Requirement “I want infinite stairs” Architecture Problem Beginnings State Issues No Connectors? Connectors Realizability Unrealizable Architecture Unrealizable Wright Connector Req vs Arch Realizable Plant X CD Conclusions Extras M. C. Escher (1898 - 1972) ■ Architecture needs to be realizable In a way that respects communication integrity ■ Otherwise, performance/reliability/etc analyses are invalid http://staff.city.ac.uk/c.kloukinas/Xcd - p. 10

  11. Realizable Plant connector Realizable_Plant_Connector = role P1 = ur → na → P1. // same role P2 = ur → na → P2. // same Problem Beginnings role UR = inc → UR � double → UR. // same State role NA = inc → NA � double → NA. // same Issues No Connectors? glue G = (G1 � G2 � G3 � G4). // Real glue Connectors Realizability // where Gi’s are simple links: Unrealizable Architecture G1= P1.ur → UR.inc → G1. Unrealizable Wright Connector Req vs Arch G2= P1.na → NA.inc → G2. Realizable Plant G3= P2.ur → UR.double → G3. X CD G4= P2.na → NA.double → G4. Conclusions SYSTEM = (P1:P1 � P2:P2 � UR:UR � NA:NA � G). Extras GlueProperty = UR.inc → NA.inc → UR.double → NA.double → GlueProperty UR.double → NA.double � → UR.inc → NA.inc → GlueProperty. ■ Of course, GlueProperty is no longer satisfied. . . ■ At least now we know that it doesn’t work! ■ And so do the designers/developers/clients . . . http://staff.city.ac.uk/c.kloukinas/Xcd - p. 11

  12. X CD : Main Ideas ■ Support arbitrary connectors Problem ⇒ Modular specifications X CD Simpler component specifications X CD : Main Ideas ⇒ Reusable components & reusable connectors Interaction Constraints Java Thread in X CD Software Components & DbC ■ Only local constraints can be imposed Some Choices Structure & Roles ⇒ Realizable architectures + communication integrity X CD 2 ProMeLa Component ProMeLa Structure ■ Programming language-like syntax Centralized Plant Evaluation ⇒ Not (too) scary (?) Conclusions ■ Formal (extended Design-by-Contract approach – JML-inspired) Extras ⇒ Can verify (with SPIN): 1. Are provided services (local) interaction constraints satisfied? 2. Are provided services functional pre-conditions complete? 3. Are there race-conditions? 4. Do event buffer sizes suffice? and 5. Are there (global) deadlocks? Plus, general LTL properties (new) http://staff.city.ac.uk/c.kloukinas/Xcd - p. 12

  13. Component Interaction Constraints Cleanliness is next to Godliness. . . Machine A Machine B Problem X CD X CD : Main Ideas Interaction Constraints Java Thread in X CD Software Components & DbC Some Choices Structure & Roles X CD 2 ProMeLa Component ProMeLa Structure Centralized Plant Evaluation Conclusions Same interfaces but. . . Extras @interaction { @interaction { 1 1 accepts: ! washing; } waits: ! washing; } 2 2 3 void open_door(); 3 void open_door(); A blocks my call till it’s safe B may reject it with undefined behaviour (might electrocute me!) http://staff.city.ac.uk/c.kloukinas/Xcd - p. 13

  14. Java Thread as an X CD Component 1 component Thread { bool started := false ; // component data. 2 Problem bool died := false ; 3 X CD 4 X CD : Main Ideas aliveP() {return started && !died;} // helper function Interaction Constraints 5 Java Thread in X CD Software Components & DbC 6 provided p { Some Choices 7 Structure & Roles { ensures : \ result := aliveP();} X CD 2 ProMeLa @functional 8 Component ProMeLa Structure bool isAlive(); Centralized Plant 9 Evaluation 10 @interaction { waits : !aliveP();} Conclusions 11 void join(); Extras 12 13 @interaction { accepts : ! started;} 14 { ensures : started := true ;} @functional 15 void start(); 16 ? // ... other methods 17 }; 18 19 }; ■ Constraints are more modular (JML allows but doesn’t enforce it) ■ Functional constraints must be complete! Call already accepted!!! http://staff.city.ac.uk/c.kloukinas/Xcd - p. 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Outline Introduction Core (IP)-Based Design Challenges Reusable Components

Outline Introduction Core (IP)-Based Design Challenges Reusable Components

Outline Introduction Core (IP)-Based Design Challenges Reusable Components Communication-Based Design Processors and Architectures for Platform-Based Design Embedded Systems Networks On-Chip Tomas Henriksson Tomas

547 views • 8 slides
Design with Reuse Building software from reusable components 2 Software reuse In most

Design with Reuse Building software from reusable components 2 Software reuse In most

1 Design with Reuse Building software from reusable components 2 Software reuse In most engineering disciplines, systems are designed by composing existing components that have been used in other systems Software engineering

649 views • 17 slides
Design by Contract 1 Design by Contract Softw are Engineering Design by Contract Every

Design by Contract 1 Design by Contract Softw are Engineering Design by Contract Every

Design by Contract 1 Design by Contract Softw are Engineering Design by Contract Every software element is intended to satisfy a certain goal, for the benefit of other software elements (and ultimately of human users). This goal is the

449 views • 19 slides
Formal, Executable and Reusable Components for Syntax Specification L. Thomas van Binsbergen

Formal, Executable and Reusable Components for Syntax Specification L. Thomas van Binsbergen

Formal, Executable and Reusable Components for Syntax Specification L. Thomas van Binsbergen ltvanbinsbergen@acm.org http://hackage.haskell.org/package/gll Royal Holloway, University of London 25 May, 2018 Observation 1 Semantically different

442 views • 29 slides
From Eiffel and Design by Contract to Trusted Components Bertrand Meyer ETH Zrich / Eiffel

From Eiffel and Design by Contract to Trusted Components Bertrand Meyer ETH Zrich / Eiffel

From Eiffel and Design by Contract to Trusted Components Bertrand Meyer ETH Zrich / Eiffel Software Budapest, December 2003 1 My background Since 1985: Founder (now Chief Architect) of Eiffel Software, in Santa Barbara. Produces

1.48k views • 98 slides
Funcons reusable components of language specifications Peter D. Mosses Swansea University

Funcons reusable components of language specifications Peter D. Mosses Swansea University

Funcons reusable components of language specifications Peter D. Mosses Swansea University (emeritus) TU Delft (visitor) LangDev Meet-Up at CWI, Amsterdam, 89 March 2018

868 views • 47 slides
Computer Science 240 Principles of Software Design Goals of Software Design Create systems

Computer Science 240 Principles of Software Design Goals of Software Design Create systems

Computer Science 240 Principles of Software Design Goals of Software Design Create systems that Work Easy as possible to understand, debug, and maintain Hold up well under changes Have reusable components Design is

470 views • 20 slides
Reusable Test Collec.ons Through Experimental Design Ben Cartere:e,

Reusable Test Collec.ons Through Experimental Design Ben Cartere:e,

Reusable Test Collec.ons Through Experimental Design Ben Cartere:e, University of Delaware Evagelos Kanoulas, University of Sheffield Virgil Pavlu, Northeastern

499 views • 32 slides
Design by Contract in C The Legal / Software Engineering Approach to Program Design Some

Design by Contract in C The Legal / Software Engineering Approach to Program Design Some

Design by Contract in C The Legal / Software Engineering Approach to Program Design Some material from Horton et al What is a contract? A contract is a binding agreement between two parties, the supplier and the client : the client buys the

639 views • 16 slides
Design-by-Contract (DbC) Readings: OOSC2 Chapters 6, 7, 8, 11 EECS3311 A & E: Software Design

Design-by-Contract (DbC) Readings: OOSC2 Chapters 6, 7, 8, 11 EECS3311 A & E: Software Design

Design-by-Contract (DbC) Readings: OOSC2 Chapters 6, 7, 8, 11 EECS3311 A & E: Software Design Fall 2020 C HEN -W EI W ANG Learning Objectives Upon completing this lecture, you are expected to understand: 1. Design by Contract ( DbC ):

1.08k views • 72 slides
Printed Circuit Board Design A Simplified Integrated Arduino Design Simplified PCB Design

Printed Circuit Board Design A Simplified Integrated Arduino Design Simplified PCB Design

Printed Circuit Board Design A Simplified Integrated Arduino Design Simplified PCB Design Schematic Design Using Standard Components Searching for Optimum Components Creating Schematics for PCB Modules / Unlisted Components

523 views • 17 slides
What This Course Is About Design-by-Contract (DbC) Focus is design Readings: OOSC2 Chapter 11

What This Course Is About Design-by-Contract (DbC) Focus is design Readings: OOSC2 Chapter 11

What This Course Is About Design-by-Contract (DbC) Focus is design Readings: OOSC2 Chapter 11 Architecture : (many) inter-related modules Specification : precise (functional) interface of each module For this course, having a

357 views • 16 slides
What This Course Is About Design-by-Contract (DbC) Focus is design Readings: OOSC2 Chapter 11

What This Course Is About Design-by-Contract (DbC) Focus is design Readings: OOSC2 Chapter 11

What This Course Is About Design-by-Contract (DbC) Focus is design Readings: OOSC2 Chapter 11 Architecture : (many) inter-related modules Specification : precise (functional) interface of each module For this course, having a

613 views • 15 slides
Selective Sampling (Realizable) Ji Xu October 2nd, 2017 Basic Settings Model: D : a

Selective Sampling (Realizable) Ji Xu October 2nd, 2017 Basic Settings Model: D : a

Selective Sampling (Realizable) Ji Xu October 2nd, 2017 Basic Settings Model: D : a distribution over X Y where X is the input space and Y = { 1 } are the possible labels. ( X , Y ) X Y be a pair of random variables with

486 views • 23 slides
3.9 GHz components design Speaker: Nikolay Solyak (from behalf of LCLS-II design team) 3.9GHz

3.9 GHz components design Speaker: Nikolay Solyak (from behalf of LCLS-II design team) 3.9GHz

3.9 GHz components design Speaker: Nikolay Solyak (from behalf of LCLS-II design team) 3.9GHz Review, FNAL, May. 26, 2016 Outline 3.9 GHz system functionality Requirements Cavity design modification HOM design Coupler design

544 views • 42 slides
Know the basic components of a commercial contracts Identify these components in

Know the basic components of a commercial contracts Identify these components in

Goals for Class 6 Know the basic components of a commercial contracts Identify these components in commercial contracts Class 6 Basics of Commercial Contract Title Preamble Parties Effective Date(s) Recitals

371 views • 4 slides
Communication Issues in Collective Decision-Making Nicolas Maudet nicolas.maudet@lip6.fr

Communication Issues in Collective Decision-Making Nicolas Maudet nicolas.maudet@lip6.fr

Communication Issues in Collective Decision-Making Nicolas Maudet nicolas.maudet@lip6.fr Universit e Pierre et Marie Curie EPCL-BTC: 18th of November 2013 Recap: EPCL BTC Nicolas Maudet UPMC EPCL-BTC: 18th of November 2013 Recall

1.03k views • 66 slides
Introduction to mechanism design Lirong Xia Fall, 2016 1 Last class: game theory Strategy

Introduction to mechanism design Lirong Xia Fall, 2016 1 Last class: game theory Strategy

Introduction to mechanism design Lirong Xia Fall, 2016 1 Last class: game theory Strategy Profile D Mechanism R 1 * s 1 s 2 R 2 * Outcome R n * s n Game theory: predicting the outcome with strategic agents Games and

558 views • 35 slides
Combinatorial Auction: A Survey (Part II) Sven de Vries Rakesh V. Vohra IJOC, 15(3): 284-309,

Combinatorial Auction: A Survey (Part II) Sven de Vries Rakesh V. Vohra IJOC, 15(3): 284-309,

Sven de Vries, Rakesh V. Vohra Combinatorial Auction: A Survey (Part II) Combinatorial Auction: A Survey (Part II) Sven de Vries Rakesh V. Vohra IJOC, 15(3): 284-309, 2003 Presented by James Lee on May 15, 2006 for course Comp 670O, Spring

438 views • 32 slides
The communication complexity of the private value single item bisection auction Elena Grigorieva

The communication complexity of the private value single item bisection auction Elena Grigorieva

The communication complexity of the private value single item bisection auction Elena Grigorieva P.Jean-Jacques Herings uller Rudolf M Dries Vermeulen June 21, 2004 Abstract In this paper we present a new auction, the bisection

458 views • 13 slides
Social Infrastructure Social Infrastructure Protocols Fulfilment Expectations YES Reason

Social Infrastructure Social Infrastructure Protocols Fulfilment Expectations YES Reason

Specification and verification of agent interaction using SOCS-SI Federico Chesani Universit di Bologna Marco Gavanelli Universit di Ferrara Social Infrastructure Social Infrastructure Protocols Fulfilment Expectations YES

550 views • 32 slides
Applications (2 of 2): Applications (2 of 2): Recognition, Transduction, Discrimination,

Applications (2 of 2): Applications (2 of 2): Recognition, Transduction, Discrimination,

Applications (2 of 2): Applications (2 of 2): Recognition, Transduction, Discrimination, Segmentation Alignment etc Segmentation, Alignment, etc. Kenneth Church Kenneth.Church@jhu.edu Kenneth.Church@jhu.edu Dec 9, 2009 1 Solitaire

831 views • 68 slides
Interleaving Cryptography and Mechanism Design The Case of Online Auctions Edith Elkind and

Interleaving Cryptography and Mechanism Design The Case of Online Auctions Edith Elkind and

Interleaving Cryptography and Mechanism Design The Case of Online Auctions Edith Elkind and Helger Lipmaa Princeton University and Helsinki University of Technology FC 2004, 03.12.2003 Interleaving Cryptography and Mechanism Design,

366 views • 20 slides
t Prts t

t Prts t

tt S tt S sr tt t Prts

721 views • 34 slides

More recommend