Structured Communication-Centered Programming for Web Services

This article relates two different paradigms of descriptions of communication behavior, one focusing on global message flows and another on end-point behaviors, using formal calculi based on session types. The global calculus, which originates from a Web service description language (W3C WS-CDL), describes an interaction scenario from a vantage viewpoint; the end-point calculus, an applied typed π -calculus, precisely identifies a local behavior of each participant. We explore a theory of end-point projection, by which we can map a global description to its end-point counterparts preserving types and dynamics. Three principles of well-structured description and the type structures play a fundamental role in the theory. </jats:p

Specification and refinement of software connectors

Tese de doutoramento em Informática (área de conhecimento de Fundamentos da Computação)Modern computer based systems are essentially based on the cooperation of distributed, heterogeneous component organized into open software architectures that, moreover, can survive in loosely-coupled environments and be easily adapted to changing application requirements. Such is the case, for example, of applications designed to take advantage of the increased computational power provided by massively parallel systems or of the whole business of Internet-based software development. In order to develop such systems in a systematic way, the focus in development method has switched, along the last decade, from functional to structural issues: both data and processes are encapsulated into software units which are connected into large systems resorting, to a number of techniques intended to support reusability and modifiability. Actually, the complexity and ubiquity achieved by software in present times makes it imperative, more than ever, the availability of both technologies and sound methods to drive its development. Programming ‘in–the–large’, component–based programming and software architecture become popular expressions which embody this sort of concerns and correspond to driving forces in current software engineering. In such a context this thesis aims at introducing formal models for software connectors as well as the corresponding notions of equivalence and refinement upon which calculation principles for reasoning and transforming connector-based software architectures can be developed. This research adopts an exogenous coordination point of view in order to deal with components’ temporal and spatial decoupling and, therefore, to provide support for looser levels of inter-component dependency. The thesis also characterises a notion of behavioural interface for components and services. Interfaces and connectors are put together to form configurations, an abstraction for representing software architectures. A prototype implementation of a subset of the proposed models is provided, in the form of a HASKELL library, as a proof of concept. Furthermore, the thesis reports on a case study in which exogenous coordination is applied to the specification of interactive systems.Um número crescente de sistemas computacionais é baseado na cooperação de componentes interdependentes e heterogêneas, organizadas em arquiteturas abertas capazes de sobreviverem em ambientes altamente distribuídos e facilmente adaptáveis a alterações nos requisitos das aplicações que os suportam. Tal é o caso, por exemplo, de aplicações que exploram o poder computacional de sistemas massivamente paralelos ou de sistemas desenvolvidos sobre a Internet. Para desenvolver este tipo de sistemas de forma sistemática, o foco nos métodos de desenvolvimento alterou-se, ao longo da última década, dos aspectos funcionais para os aspectos estruturais dos sistemas: ambos, estruturas de dados e processos são encapsulados em unidades computacionais que são conectadas em grandes sistemas utilizando-se de diversas técnicas que se pretendem capazes de suportar a reutilização e a adaptabilidade do software. Na realidade, a complexidade e ubiqüidade atingidas pelo software nos dias correntes tornam imperativo, mais do que nunca, a disponibilidade de tecnologias e sólidos métodos para conduzir este processo de desenvolvimento. Programação ’em-grande-escala’, programação baseada em componentes e arquiteturas de software são expressões populares que englobam esta preocupação e correspondem aos esforços direcionados pela engenharia de software. Em tal contexto, esta tese tem por objetivo introduzir modelos formais para conectores de software bem como as correspondentes noções de equivalência e refinamento que suportem cálculos para raciocinar e transformar arquiteturas de software baseada em conectores. Esta pesquisa adota um ponto de vista de coordenação exógena para lidar com a separação espacial e temporal das componentes e suportar níveis elevados de independência entre componentes. A tese caracteriza, ainda, uma noção de interface comportamental para componentes e serviços. Interfaces e conectores agregam-se para formar configurações, uma abstração introduzida para representar arquiteturas de software. A implementação, em protótipo, de parte dos modelos propostos, sob a forma de uma biblioteca em HASKELL, é fornecida como prova de conceito. Finalmente, a tese percorre um estudo de caso em que coordenação exôgena é utilizada na especificação de sistemas interactivos.Fundação para a Ciência e a Tecnologia (FCT), SFRH/BD/11083/200

Formal Methods Specification and Analysis Guidebook for the Verification of Software and Computer Systems

This guidebook, the second of a two-volume series, is intended to facilitate the transfer of formal methods to the avionics and aerospace community. The 1st volume concentrates on administrative and planning issues [NASA-95a], and the second volume focuses on the technical issues involved in applying formal methods to avionics and aerospace software systems. Hereafter, the term "guidebook" refers exclusively to the second volume of the series. The title of this second volume, A Practitioner's Companion, conveys its intent. The guidebook is written primarily for the nonexpert and requires little or no prior experience with formal methods techniques and tools. However, it does attempt to distill some of the more subtle ingredients in the productive application of formal methods. To the extent that it succeeds, those conversant with formal methods will also nd the guidebook useful. The discussion is illustrated through the development of a realistic example, relevant fragments of which appear in each chapter. The guidebook focuses primarily on the use of formal methods for analysis of requirements and high-level design, the stages at which formal methods have been most productively applied. Although much of the discussion applies to low-level design and implementation, the guidebook does not discuss issues involved in the later life cycle application of formal methods

Foundations and techniques for software reconfigurability

Programa de doutoramento em Informática das Universidades do Minho, de Aveiro e do PortoThe qualifier reconfigurable is used for software systems which behave differently in different modes of operation (often called configurations) and commute between them along their lifetime. Such systems, which evolve in response to external or internal stimulus, are everywhere: from e-Health or e-Government integrated services to sensor networks, from domestic appliances to complex systems distributed and collaborating over the web, from safety or mission-critical applications to massive parallel software. There are two basic approaches to formally capture requirements of this sort of systems: one emphasizes behaviour and its evolution; the other focus on data and their transformations. Within the first paradigm, reconfigurable systems are regarded as (some variant of) state-machines whose states correspond to the different configurations they may assume. On the other hand, in data-oriented approaches the system’s functionality is specified in terms of input-output relations modelling operations on data. A specification presents a theory in a suitable logic, expressed over a signature which captures its syntactic interface. Its semantics is a class of concrete algebras or relational structures, acting as models for the specified theory. The observation that whatever services a reconfigurable system may offer, at each moment, may depend on the stage of its evolution, suggests that both dimensions (data and behaviour) are interconnected and should be combined. In particular, each node in the transition system which describes a reconfiguration space, may be endowed with a local structure modelling the functionality of the respective configuration. This is the basic insight of a configurations-as-local-models specification style. These specifications are modeled by structured state-machines, states denoting complex structures, rather than sets. A specification for this sort of system should be able to make assertions both about the transition dynamics and, locally, about each particular configuration. This leads to the adoption of hybrid logic, which adds to the modal description of transition structures the ability to refer to specific states, as the lingua franca for a suitable specification method. On the other hand, specific applications may require specific logics to describe their configurations. For example, requirements expressed equationally lead to a configurations-as-algebras perspective. But depending on their nature one could also naturally end up in configurations-as-relational-structutres, or probabilistic spaces or even in configurations-as-Kripke-structutres, if first-order, fuzzy or modal logic is locally used. The aim of this thesis is to develop the foundations for a specification method based on these principles. To subsume all the possibilities above our approach builds on very general grounds. Therefore, instead of committing to a particular version of hybrid logic, we start by choosing a specific logic for expressing requirements at the configuration (static) level. This is later taken as the base logic on top of which the characteristic features of hybrid logic, both at the level of syntax (i.e. modalities, nominals, etc.) and of the semantics (i.e. possible worlds), are developed. This process is called hybridisation and is one of the main technical contributions of this thesis. To be completely general, it is framed in the context of the theory of institutions of J. Goguen and R. Burstall, each logic (base and hybridised) being treated abstractly as an institution. In this setting the thesis’ contributions are the following: A method to hybridise arbitrary institutions; this can be understood as a source of logics to support arbitrary configurations-as-local-models specifications. A method to lift encodings (technically, comorphisms) from an institution to a presentation in first-order logic, into encodings from its hybridisation to a presentation in first-order logic; this result paves the way to the introduction of suitable automatised proof support for a wide range of hybridised logics. Suitable characterisations of bisimulation and refinement for models of (generic) hybridisations, which provide canonical, satisfaction preserving relations to identify and relate models. A two-stage specification method for reconfigurable systems based on a global transition structure to capture the system’s reconfiguration space, and a local specification of configurations in whatever logic is found expressive enough for the requirements at hands. A set of additional technics to assist the process of specifying and verifying requirements for reconfigurable systems, with partial tool support.O termo reconfigurável é usado para sistemas de software que se comportam de forma diferente em diferentes modos de operação (frequentemente chamados de configurações) comutando entre eles, ao longo do seu ciclo de vida. Estes sistemas, que evoluem em resposta a estímulos externos e internos, estão por toda a parte, desde sistemas de e-Health ou sistemas integrados de e-Governement, às redes de sensores, das aplicações domésticas aos complexos sistemas distribuidos, dos sistemas críticos de missão ao software de computação paralela. Existem duas abordagens formais para captar requisitos deste tipo de sistemas: uma focada no comportamento e evolução; e outra focada nos dados e respectivas transformações. Segundo o primeiro paradigma, os sistemas reconfiguráveis são abordados por (alguma variante) de máquinas-de-estados, correspondendo, cada um dos seus estados, a uma configuração que o sistema possa assumir. A outra abordagem, orientada aos dados, especifica as funcionalidades do sistema em função de relações de input-output, que modelam operações nos dados. Uma especificação apresenta uma teoria numa lógica adequada, expressa sobre uma assinatura que capta a sua interface sintática. A sua semântica consiste na classe de álgebras, ou estruturas de primeira ordem, que modelam a teoria especificada. A observação de que, a cada momento, os serviços oferecidos por um sistema reconfigurável possam depender do estado da sua evolução, sugere-nos que ambas as dimensões (dados e comportamento) estejam interligados e devam ser combinados. Em particular, cada nó do sistema de transição, que descreve o espaço de reconfigurabilidade, pode ser dotado de uma estrutura local onde as funcionalidades do sistema, na respectiva configuração, são modeladas. Esta é a ideia base da especificação configurações-como-modeloslocais. Tecnicamente, as especificações são modeladas por máquinas de estados estruturadas, onde cada estado denota uma estrutura complexa, ao invés de um conjunto. Uma especificação para este tipo de sistemas deve ser adequada à expressão de asserções acerca da dinâmica de transições, assim como, ao nível local de cada configuração particular. Isto leva-nos à adopção de lógica híbrida, que adiciona, mecanismos para referir estados específicos à expressividade modal dos sistemas de transição, como lingua franca para um método adequado de especificação. Por outro lado, aplicações podem requerer lógicas específicas para descrever as suas configurações. Por exemplo, requisitos expressos por equações devem ser modelados numa perspectiva configurações-como-álgebras. Dependendo da sua natureza, podemos considerar configurações-como-estruturas de primeira ordem, ou configurações-como-espaços probabilísticos ou mesmo configurações-como-estruturas de Kripke quando usadas, localmente, lógica de primeira ordem, lógica fuzzy, ou lógica modal respectivamente. O objectivo da tese é desenvolver os fundamentos para um método de especificação baseado nestes princípios. Por forma a acomodar todas estas possibilidades, a abordagem é desenvolvida sob fundamentos muito genéricos. Ao invés de comprometer a abordagem com uma lógica híbrida particular, partimos da escolha da lógica específica para especificar requisitos ao nível (estáctico) local. Esta lógica é então tomada como lógica de base, sobre a qual os mecanismos da lógica híbrida, tanto ao nível sintáctico (i.e., modalidades, nominais, etc.) como ao semântico (i.e., mundos possíveis), são desenvolvidos. Este processo, que chamamos de hibridização, é uma das principais contribuições técnicas da tese. A generalidade do método resulta do seu desenvolvimento no contexto da teoria das instituições de J. Goguen e R. Burstall. As peincipais contribuições da tese são: • um método para hibridizar instituições arbitrárias; o que pode ser entendido como uma fonte de lógicas para suportar especificações configurações- como-modelos-locais arbitrárias • um método para transportar codificações de uma instituição nas apresentações de primeira ordem (tecnicamente comorfismos), em codificações da sua hibridização em apresentações em primeira ordem; este resultado abre o caminho para a introdução do suporte de prova automático para uma ampla classe de lógicas híbridas; • caracterização de relações de bissimulação e de refinamento para modelos de hibridizações genéricas. Isto oferece relações canónicas, que preservam satisfação, para identificar e relacionar modelos; • um método de especificação para sistemas reconfiguráveis com dois estágios, baseado numa estrutura de transição global, onde o espaço de reconfigurações do sistema é modelado; e numa especificação local das configurações expressa numa lógica escolhida como adequada, aos requisitos a tratar; • um conjunto de técnicas adicionais para assistir o processo de especificação e de verificação de requisitos de sistemas reconfiguráveis com suporte parcial de ferramentas.Fundação para a Ciência e Tecnologia (FCT) and Critical Software S.A., under BDE grant under the contract SFRH/BDE/33650/2009 and by the MONDRIAN Project (FCT) under the contract PTDC/EIA-CCO/108302/2008

Component-based software engineering: a quantitative approach

Dissertação apresentada para a obtenção do Grau de Doutor em Informática pela Universidade Nova de Lisboa, Faculdade de Ciências e TecnologiaBackground: Often, claims in Component-Based Development (CBD) are only supported by qualitative expert opinion, rather than by quantitative data. This contrasts with the normal practice in other sciences, where a sound experimental validation of claims is standard practice. Experimental Software Engineering (ESE) aims to bridge this gap. Unfortunately, it is common to find experimental validation efforts that are hard to replicate and compare, to build up the body of knowledge in CBD. Objectives: In this dissertation our goals are (i) to contribute to evolution of ESE, in what concerns the replicability and comparability of experimental work, and (ii) to apply our proposals to CBD, thus contributing to its deeper and sounder understanding. Techniques: We propose a process model for ESE, aligned with current experimental best practices, and combine this model with a measurement technique called Ontology-Driven Measurement (ODM). ODM is aimed at improving the state of practice in metrics definition and collection, by making metrics definitions formal and executable,without sacrificing their usability. ODM uses standard technologies that can be well adapted to current integrated development environments. Results: Our contributions include the definition and preliminary validation of a process model for ESE and the proposal of ODM for supporting metrics definition and collection in the context of CBD. We use both the process model and ODM to perform a series experimental works in CBD, including the cross-validation of a component metrics set for JavaBeans, a case study on the influence of practitioners expertise in a sub-process of component development (component code inspections), and an observational study on reusability patterns of pluggable components (Eclipse plug-ins). These experimental works implied proposing, adapting, or selecting adequate ontologies, as well as the formal definition of metrics upon each of those ontologies. Limitations: Although our experimental work covers a variety of component models and, orthogonally, both process and product, the plethora of opportunities for using our quantitative approach to CBD is far from exhausted. Conclusions: The main contribution of this dissertation is the illustration, through practical examples, of how we can combine our experimental process model with ODM to support the experimental validation of claims in the context of CBD, in a repeatable and comparable way. In addition, the techniques proposed in this dissertation are generic and can be applied to other software development paradigms.Departamento de Informática of the Faculdade de Ciências e Tecnologia, Universidade Nova de Lisboa (FCT/UNL); Centro de Informática e Tecnologias da Informação of the FCT/UNL; Fundação para a Ciência e Tecnologia through the STACOS project(POSI/CHS/48875/2002); The Experimental Software Engineering Network (ESERNET);Association Internationale pour les Technologies Objets (AITO); Association forComputing Machinery (ACM

Automatic synthesis of component & connector software architectures with bounded combinatory logic

Combinatory logic synthesis is a new type-based approach towards automatic synthesis of software from components in a repository. In this thesis we show how the type-based approach can naturally be used to exploit taxonomic conceptual structures in software architectures and component repositories to enable automatic composition and configuration of components, and also code generation, by associating taxonomic concepts to architectural building blocks such as, in particular, software connectors. Components of a repository are exposed for synthesis as typed combinators, where intersection types are used to represent concepts that specify intended usage and functionality of a component. An algorithm for solving the type inhabitation problem in combinatory logic - does there exist a composition of combinators with a given type? - is then used to automate the retrieval, composition, and configuration of suitable building blocks with respect to a goal specification. Since type inhabitation has high computational complexity, heuristic optimizations for the inhabitation algorithm are essential for making the approach practical. We discuss particularly important (theoretical and pragmatic) optimization strategies and evaluate them by experiments. Furthermore, we apply this synthesis approach to define a method for software connector synthesis for realistic software architectures based on a type theoretic model. We conduct experiments with a rapid prototyping tool that employs this method on complex concrete ERP- and e-Commerce-systems and discuss the results

How To Touch a Running System

The increasing importance of distributed and decentralized software architectures entails more and more attention for adaptive software. Obtaining adaptiveness, however, is a difficult task as the software design needs to foresee and cope with a variety of situations. Using reconfiguration of components facilitates this task, as the adaptivity is conducted on an architecture level instead of directly in the code. This results in a separation of concerns; the appropriate reconfiguration can be devised on a coarse level, while the implementation of the components can remain largely unaware of reconfiguration scenarios. We study reconfiguration in component frameworks based on formal theory. We first discuss programming with components, exemplified with the development of the cmc model checker. This highly efficient model checker is made of C++ components and serves as an example for component-based software development practice in general, and also provides insights into the principles of adaptivity. However, the component model focuses on high performance and is not geared towards using the structuring principle of components for controlled reconfiguration. We thus complement this highly optimized model by a message passing-based component model which takes reconfigurability to be its central principle. Supporting reconfiguration in a framework is about alleviating the programmer from caring about the peculiarities as much as possible. We utilize the formal description of the component model to provide an algorithm for reconfiguration that retains as much flexibility as possible, while avoiding most problems that arise due to concurrency. This algorithm is embedded in a general four-stage adaptivity model inspired by physical control loops. The reconfiguration is devised to work with stateful components, retaining their data and unprocessed messages. Reconfiguration plans, which are provided with a formal semantics, form the input of the reconfiguration algorithm. We show that the algorithm achieves perceived atomicity of the reconfiguration process for an important class of plans, i.e., the whole process of reconfiguration is perceived as one atomic step, while minimizing the use of blocking of components. We illustrate the applicability of our approach to reconfiguration by providing several examples like fault-tolerance and automated resource control

Dynamische Modelle für Reaktive Systeme mit Daten

Reaktive Systeme sind Systeme, die waehrend Ihrer Laufzeit fortlaufend mit ihrer Umgebung interagieren und auf externe Ereignisse reagieren. Aufgrund ihrer hohen Komplexitaet wurden Spezifikationssprachen zur formalen Beschreibung reaktiver Systeme entwickelt. Diese Formalismen beschreiben sowohl Struktur und Verhalten von Systemen, abstrahieren aber i. allg. von der Beschreibung der Daten und den auf ihnen durchgefuehrten Datentransformationen. In dieser Arbeit werden zwei Spezifikationssprachen zur Beschreibung reaktiver Systeme vorgestellt, die eine funktionale Spezifikation der Daten beinhalten. Der erste Formalismus basiert auf der Theorie der Prozessalgebren, der zweite ist eine Variante von Interaktionsdiagrammen. Beide Formalismen erlauben die Integration beliebiger funktionaler Sprachen zur Datenbeschreibung und werden jeweils durch eine formale Semantik definiert, die sowohl die Verhaltens- als auch die Datenaspekte beinhaltet. Beide Formalismen erlauben zudem die Beschreibung dynamischer Systeme, in denen sich die Struktur zur Laufzeit aendern kann.Reactive systems are systems which interact continuously with their environment and which react on external events. Due to the high complexity of these systems, specification languages for a formal description of reactive systems have been developed. These formalisms describe both structure and behaviour of systems, but usually they abstract from the specification of data and the corresponding data transformations. In this thesis, we introduce two specification languages for modelling reactive systems which include a functional description of data. The first formalism is based on the theory of process algebras, the second is a type of interaction diagrams. Both formalisms allow for the integration of arbitrary functional languages for data description. Moreover, both languages are defined via a formal semantics, which defines both behaviour and data aspects. Furthermore, both languages allow for the description of dynamic systems, in which the system structure may change during runtime

Deductive Verification of Concurrent Programs and its Application to Secure Information Flow for Java

Formal verification of concurrent programs still poses a major challenge in computer science. Our approach is an adaptation of the modular rely/guarantee methodology in dynamic logic. Besides functional properties, we investigate language-based security. Our verification approach extends naturally to multi-threaded Java and we present an implementation in the KeY verification system. We propose natural extensions to JML regarding both confidentiality properties and multi-threaded programs

Domain-specific languages for modeling and simulation

Simulation models and simulation experiments are increasingly complex. One way to handle this complexity is developing software languages tailored to specific application domains, so-called domain-specific languages (DSLs). This thesis explores the potential of employing DSLs in modeling and simulation. We study different DSL design and implementation techniques and illustrate their benefits for expressing simulation models as well as simulation experiments with several examples.Simulationsmodelle und -experimente werden immer komplexer. Eine Möglichkeit, dieser Komplexität zu begegnen, ist, auf bestimmte Anwendungsgebiete spezialisierte Softwaresprachen, sogenannte domänenspezifische Sprachen (\emph{DSLs, domain-specific languages}), zu entwickeln. Die vorliegende Arbeit untersucht, wie DSLs in der Modellierung und Simulation eingesetzt werden können. Wir betrachten verschiedene Techniken für Entwicklung und Implementierung von DSLs und illustrieren ihren Nutzen für das Ausdrücken von Simulationsmodellen und -experimenten anhand einiger Beispiele