From Specification to Development Support G. Ferda Tartanoglu A - - PowerPoint PPT Presentation

from specification to development support
SMART_READER_LITE
LIVE PREVIEW

From Specification to Development Support G. Ferda Tartanoglu A - - PowerPoint PPT Presentation

May 20, 2023 392 likes •627 views

Formalizing Dependability Mechanisms in B: From Specification to Development Support G. Ferda Tartanoglu A RLES Research Project, I NRIA Rocquencourt In collaboration with: V. Issarny (A RLES , I NRIA Rocquencourt ) N. Levy (P RISM , U.

slide-1
SLIDE 1

1

Formalizing Dependability Mechanisms in B: From Specification to Development Support

  • G. Ferda Tartanoglu

ARLES Research Project, INRIA Rocquencourt

In collaboration with:

  • V. Issarny (ARLES, INRIA Rocquencourt)
  • N. Levy (PRISM, U. Versailles Saint-Quentin-en-Yvelines)
  • A. Romanovsky (U. Newcastle upon Tyne)
slide-2
SLIDE 2

2

Introduction

We formalize the notion of Coordinated

Atomic Actions using the B method

Validate dependability mechanisms

Transactional access to external objects Coordinated Exception Handling Atomicity

Provide an XML-based declarative language for

building dependable systems

The B formal specification is refined to obtain an

implementation of the associated runtime support

slide-3
SLIDE 3

3

Architecting Dependable Systems with Coordinated Atomic Actions

slide-4
SLIDE 4

4

Coordinated Atomic Actions

Coordinated Atomic Actions (J. Xu, B. Randell, A.

Romanovsky et al., 1995)

Structuring mechanism for developing dependable

concurrent systems

Atomic actions : for controlling cooperative concurrency

Coordinated error recovery using exception handling

Transactions : coherency of shared external resources

slide-5
SLIDE 5

5

CA Actions Composition

  • Allows the design of distributed systems built out of several CA

actions [Tartanoglu et al., ICSE-WADS 2002]

slide-6
SLIDE 6

6

Specifying CA Actions in B

Offer a general framework that can be

instantiated to describe the implementation of a specific system that is developed using CA actions

Dependability properties associated with CA

actions will be enforced for any system based on them

slide-7
SLIDE 7

7

The B Method

A model-based (state-based) method built

  • n set theory and predicate logic and

extended by generalized substitutions

Specifications are represented by abstract

machines

A machine encapsulates operations and

states

Set of variables

slide-8
SLIDE 8

8

Refinement in B

Machine Refinement 1 Refinement 2 Implemen- tation Refinement step 1 Refinement step 2 Refinement step 3

Abstract specification Implementation

slide-9
SLIDE 9

9

Proofs

In B, we prove that

All operations preserve the invariants of

the machine

Implementations and refinements

preserve the invariant and the behavior

  • f the initial abstract machine
slide-10
SLIDE 10

10

B Tools

Atelier B (ClearSy, France) B-Toolkit (B-Core, UK) Both tools include

type checker animator proof obligation generator theorem prover code translators documentation facilities

slide-11
SLIDE 11

11

Modelling CA Actions

Structure of the B specification

CONSTANTS OBJECTS PARTICIPANTS CAACTIONS

with composition

SEES EXTENDS http://www-rocq.inria.fr/~tartanog/dsos/

slide-12
SLIDE 12

12

States and Operations

  • CAACTIONS abstract machine attributes

CAACTION_STATE={caa_normal,caa_exceptional} caaction_state ∈ caaction → CAACTION_STATE participant_of_caaction ∈ caaction → P(participant) caaction_of_participant ∈ participant → seq(caaction) caaction_ext_objects ∈ caaction ↔ objects

  • Pre-conditioned operations

create_{main,nested,composed}_caaction {send,recv}_message {read,write}_object(participant,participant,message) raise_exception(participant,exception) propagate_exception(participant) abort_{main,nested,composed} (caaction) terminate_{main,nested,composed} (caaction)

slide-13
SLIDE 13

13

Formalizing Dependability Mechanisms

Transactions on external objects Atomicity of CA Actions Coordinated exception handling

slide-14
SLIDE 14

14

Transactions on External Objects

Participants setpar of nested CA action

caa1 can only access subset setobj of external objects associated to containing CA action caa2

∀obj.(obj ∈ setobj ⇒ obj ∈ caaction_ext_objects[{caa2}])

slide-15
SLIDE 15

15

Atomicity of CA Actions

  • Participants of nested CA action caa1 are also participants of

containing action caa2

∀ (caa1,caa2).((caa1 ∈ caaction Λ caa2 ∈ caaction Λ

(caa1,caa2) ∈ is_nested ) ⇒ participants_of_caaction(caa1) ⊆ participants_of_caaaction(caa2))

  • A participant can only enter one sibling nested CA action at a

time

card(ran({p,c | p ∈ setpar Λ c ∈ CAACTION Λ

c=last(caaction_of_participants(p))})) = 1

slide-16
SLIDE 16

16

Coordinated Exception Handling

A CA action is set to an exceptional state if all of its

participants are in the exceptional state

∀ (caa). (caa ∈ caaction Λ

caaction_state(caa)=caa_exceptional ⇒ ∀ (p).(p ∈ participant_of_caaction(caa) ⇒ (last(participant_state(p)) ∈ EXCEPTIONAL_STATE)))

slide-17
SLIDE 17

17

From the B Specification to the Development Support

slide-18
SLIDE 18

18

Refinement

In order to have an implementation of the CA

action’s runtime support, the abstract machines are refined

B operations offered as a programming library

Existing libraries are used

To be able to prove the correctness of the

implementation

Formal specification of the behavior of these

methods

Prove that the refinement of the machines that

use these methods are correct

slide-19
SLIDE 19

19

Declarative Language

XML-based declarative language for building CA

action-based systems

<caaction name=“nmtoken”? > <composedActions> ? <action name=“qname” /> * </composedActions> <nestedActions> ? <nested name=“nmtoken” /> * </nestedActions> <external> ? <object name=“nmtoken” /> * </external>

slide-20
SLIDE 20

20

Participant Behavior

<participants> <participant name=“nmtoken”> + <var> <element name=“nmtoken” type=“qname”/> * </var> <behavior> <normal> statements … </normal> <exceptional handle=“qname”> * statements … </exceptional> </behavior> </participant> </participants>

slide-21
SLIDE 21

21

Statements

<invoke action=“qname” input=“qname”? output=“qname”?/> create_composed <send rcpt=“qname” input=“qname”/> send_message <recv from=“qname” output=“qname”/> recv_message <call rcpt=“qname” input=“qname” output=“qname” /> {read,write}_object <assign element=“qname” value=“xpath”/> set_value <raise exception=“qname” message=“qname”? /> raise_exception <nest nestedaction=“qname”? > behavior … </nest> create_nested

slide-22
SLIDE 22

22

Future Work

Development support

Implementation of a compiler/code

generator for the declarative language

Extend the base CA Action model using

the formal model

Already used to introduce CA Action

composition

Relax atomicity properties

slide-23
SLIDE 23

23

Web Services Composition Actions

Relaxes the transactional requirements over external

interactions

Relaxed atomicity Compensations when available : semantic atomicity