Event composition model: achieving naturalness in runtime enforcement

Runtime enforcement techniques are introduced in the literature to cope with the failures that occur while software is being executed in its target environment. Runtime enforcement techniques contain various concepts that are composed with each other so that the overall functionality of the techniques is achieved. By the term concept we mean a fundamental abstraction or definition that exists in most runtime enforcement techniques. Since the development of runtime enforcement techniques can be complex, runtime enforcement frameworks are proposed to ease the development process. These frameworks offer specification languages to represent the concepts of interest.\ud To facilitate a natural representation of the concepts, this thesis introduces a computation model termed as Event Composition Model, which offers a set of novel linguistic abstractions, called events, event modules, reactors, reactor chains, event composition language and event constraint language. Events represent changes in the states of interest. Event modules are means to group events, have input-output interfaces, and implementations. Reactors are the implementations of event modules. Reactor chains are groups of related reactors that process events in a sequence. The event composition language facilitates selecting the events of interest; and the event constraint language facilitates defining constraints among reactors or event modules.\ud The thesis introduces the EventReactor language as an implementation of Event Composition Model. The language is open-ended for new sorts of events and reactor types. This helps to specify new sorts of concepts. It makes use of the Prolog language as its event composition language. Reactors and reactor chains are parameterizable, and are defined separately from event modules. This increases the reusability of event modules and their implementations. In the EventReactor language, the concepts of interest are represented independently from any programming language, and the compiler of EventReactor supports software developed in Java, C and .Net languages. For distributed software that makes use of Java-RMI as the middleware, the EventReactor language supports distribution-transparent representations of the concepts.\ud There are two basic ways in utilizing the EventReactor language: a) as an underlying language for the specification languages of runtime enforcement frameworks; b) as an implementation language for runtime enforcement techniques.\u

ACTRESS: Domain-Specific Modeling of Self-Adaptive Software Architectures

International audienceA common approach for engineering self-adaptive software systems is to use Feedback Control Loops (FCLs). Advances have led to more explicit and safer design of some control architectures, however, there is a need for more integrated and systematic approaches that support end-to-end integration of FCLs into software systems. In this paper, we propose a tooled approach that enables researchers and engineers to design and integrate adaptation mechanisms into software systems through FCLs. It consists of a domain-specific modeling language that raises the level of abstraction on which FCLs are defined, making them amenable to automated analysis and implementation code synthesis. The language supports composition, distribution and reflection, thereby enabling coordination and composition of multiple distributed FCLs. Its use is facilitated by a modeling environment, ACTRESS, that provides support for modeling, verification and complete code generation. We report on its application to a concrete adaptation case study and also discuss resulting properties

Well-Formed and Scalable Invasive Software Composition

Software components provide essential means to structure and organize software effectively. However, frequently, required component abstractions are not available in a programming language or system, or are not adequately combinable with each other. Invasive software composition (ISC) is a general approach to software composition that unifies component-like abstractions such as templates, aspects and macros. ISC is based on fragment composition, and composes programs and other software artifacts at the level of syntax trees. Therefore, a unifying fragment component model is related to the context-free grammar of a language to identify extension and variation points in syntax trees as well as valid component types. By doing so, fragment components can be composed by transformations at respective extension and variation points so that always valid composition results regarding the underlying context-free grammar are yielded. However, given a language’s context-free grammar, the composition result may still be incorrect. Context-sensitive constraints such as type constraints may be violated so that the program cannot be compiled and/or interpreted correctly. While a compiler can detect such errors after composition, it is difficult to relate them back to the original transformation step in the composition system, especially in the case of complex compositions with several hundreds of such steps. To tackle this problem, this thesis proposes well-formed ISC—an extension to ISC that uses reference attribute grammars (RAGs) to specify fragment component models and fragment contracts to guard compositions with context-sensitive constraints. Additionally, well-formed ISC provides composition strategies as a means to configure composition algorithms and handle interferences between composition steps. Developing ISC systems for complex languages such as programming languages is a complex undertaking. Composition-system developers need to supply or develop adequate language and parser specifications that can be processed by an ISC composition engine. Moreover, the specifications may need to be extended with rules for the intended composition abstractions. Current approaches to ISC require complete grammars to be able to compose fragments in the respective languages. Hence, the specifications need to be developed exhaustively before any component model can be supplied. To tackle this problem, this thesis introduces scalable ISC—a variant of ISC that uses island component models as a means to define component models for partially specified languages while still the whole language is supported. Additionally, a scalable workflow for agile composition-system development is proposed which supports a development of ISC systems in small increments using modular extensions. All theoretical concepts introduced in this thesis are implemented in the Skeletons and Application Templates framework SkAT. It supports “classic”, well-formed and scalable ISC by leveraging RAGs as its main specification and implementation language. Moreover, several composition systems based on SkAT are discussed, e.g., a well-formed composition system for Java and a C preprocessor-like macro language. In turn, those composition systems are used as composers in several example applications such as a library of parallel algorithmic skeletons

On the design of aspect-oriented composition models for software evolution

Aspect-oriented programming is an emerging approach in software development,\ud which provides new possibilities for separation of concerns. Aspectoriented\ud languages offer abstractions for the implementation of concerns\ud whose modularization cannot be achieved by using traditional programming\ud languages. Such concerns are generally termed as crosscutting concerns. It is\ud generally agreed that separating the right concerns from each other enhances\ud software quality factors such as reusability and adaptability. The separated\ud concerns in software must be composed together so that software behaves\ud according to its requirements in a coherent way. We refer to language mechanisms\ud that separate and compose concerns as 'composition mechanisms'. This\ud thesis evaluates the software composition mechanisms of current aspectoriented\ud languages from the perspective of software quality factors such as\ud evolvability, comprehensibility, predictability and adaptability. Based on this\ud study, the thesis proposes novel extensions to current aspect-oriented\ud languages so that programs written in these languages exhibit better quality.\ud A considerable number of aspect-oriented languages has been introduced for\ud modularizing crosscutting concerns. Naturally, these languages share a number\ud of common concepts and have distinctive features as well. For this reason, we\ud propose a reference model that aims to capture the common and distinctive\ud concepts of aspect-oriented languages. This reference model provides a basis\ud to understand the important characteristics of the state-of-the-art AOP\ud languages and helps us to compare the AOP languages with each other.\ud Furthermore, it exposes the issues that have to be considered when a new\ud aspect-oriented language needs to be developed.\ud In this thesis, we analyse the four main aspect-oriented concepts of the reference\ud model, namely join point, pointcut, advice and aspect, and identify problems\ud related to their use in various AOP languages. Based on this analysis, we\ud propose extensions of the existing concepts and/or design new ones to address\ud the identified problems.\ud In current aspect-oriented languages, pointcuts select join points of a program\ud based on lexical information such as explicit names of program elements.\ud However, this reduces the adaptability of software, since it involves too much\ud information that is hard-coded, and often implementation-specific. We claim\ud that this problem can be reduced by referring to program elements through their\ud semantic properties. A semantic property describes for example the behavior\ud of a program element or its intended meaning. We formulate requirements for\ud the proper application of semantic properties in aspect-oriented programming.\ud We discuss how to use semantic properties for the superimposition of aspects,\ud and how to apply superimposition to bind semantic properties to program\ud elements. To achieve this, we propose language constructs that support semantic\ud composition: the ability to compose aspects with the elements of the base\ud program that satisfy certain semantic properties.\ud The current advice-pointcut binding constructs of AOP languages maintain\ud explicit dependencies to advices and aspects. This results in weaving specifications\ud that are less evolvable and need more maintenance during the development\ud of a system. We show that this issue can be addressed by providing associative\ud access to advices and aspects instead of using explicit dependencies in\ud the weaving specification. To this aim, we propose to use a designating (query)\ud language in advice-pointcut bindings that allows for referring aspect/advices\ud through their (syntactic and semantic) properties. We also present how semantic\ud properties can be applied to provide reusable (adaptable) aspect abstractions.\ud Aspect-oriented languages provide means to superimpose aspectual behavior –\ud in terms of advices - on a given set of join points. It is possible that not just a\ud single, but several advices need to execute at the same join point. Such "shared"\ud join points may give rise to issues such as determining the exact execution\ud order and the other possible dependencies among the aspects. We present a\ud detailed analysis of the problem, and identify a set of requirements upon mechanisms\ud for composing aspects at shared join points. To address the identified\ud issues, we propose a general and declarative model for defining constraints\ud upon the possible compositions of aspects at a shared join point. By using an\ud extended notion of join points, we show how concrete aspect-oriented\ud programming languages can adopt the proposed model.\ud The thesis also presents how the proposed extensions and new constructs are\ud adopted by the aspect-oriented language Compose*. To evaluate the proposed\ud constructs, we provide qualitative analyses with respect to various software\ud engineering properties, such as evolvability, modularity, predictability and\ud adaptability

Choosy and Picky: Configuration of Language Product Lines

Although most programming languages naturally share several language features, they are typically implemented as a monolithic product. Language features cannot be plugged and unplugged from a language and reused in another language. Some modular approaches to language construction do exist but composing language features requires a deep understanding of its implementation hampering their use. The choose and pick approach from software product lines provides an easy way to compose a language out of a set of language features. However, current approaches to language product lines are not sufficient enough to cope with the complexity and evolution of real world programming languages. In this work, we propose a general light-weight bottom-up approach to automatically extract a feature model from a set of tagged language components. We applied this approach to the Neverlang language development framework and developed the AiDE tool to guide language developers towards a valid language composition. The approach has been evaluated on a decomposed version of Javascript to highlight the benefits of such a language product line

Automatic conflict detection on contracts

Partially supported by the Nordunet3 project COSoDIS: “Contract-Oriented Software Development for Internet Services”.Many software applications are based on collaborating, yet competing, agents or virtual organisations exchanging services. Contracts, expressing obligations, permissions and prohibitions of the different actors, can be used to protect the interests of the organisations engaged in such service exchange. However, the potentially dynamic composition of services with different contracts, and the combination of service contracts with local contracts can give rise to unexpected conflicts, exposing the need for automatic techniques for contract analysis. In this paper we look at automatic analysis techniques for contracts written in the contract language CL. We present a trace semantics of CL suitable for conflict analysis, and a decision procedure for detecting conflicts (together with its proof of soundness, completeness and termination). We also discuss its implementation and look into the applications of the contract analysis approach we present. These techniques are applied to a small case study of an airline check-in desk.peer-reviewe

A Compositional Approach to Verifying Modular Robotic Systems

Robotic systems used in safety-critical industrial situations often rely on modular software architectures, and increasingly include autonomous components. Verifying that these modular robotic systems behave as expected requires approaches that can cope with, and preferably take advantage of, this inherent modularity. This paper describes a compositional approach to specifying the nodes in robotic systems built using the Robotic Operating System (ROS), where each node is specified using First-Order Logic (FOL) assume-guarantee contracts that link the specification to the ROS implementation. We introduce inference rules that facilitate the composition of these node-level contracts to derive system-level properties. We also present a novel Domain-Specific Language, the ROS Contract Language, which captures a node's FOL specification and links this contract to its implementation. RCL contracts can be automatically translated, by our tool Vanda, into executable monitors; which we use to verify the contracts at runtime. We illustrate our approach through the specification and verification of an autonomous rover engaged in the remote inspection of a nuclear site, and finish with smaller examples that illustrate other useful features of our framework.Comment: Version submitted to RA

A channel-based coordination model for components

In this paper we present a coordination model for component-based software systems based on the notion of mobile channels, and describe its implementation in the Java language. Channels allow anonymous, and point-to-point communication among components, while mobility allows dynamic reconfiguration of channel connections in a system. This model supports dynamic distributed systems where components can be mobile. It provides an efficient way of interaction among components. Furthermore, our model provides a clear separation between the computational part and the coordination part of a system, allowing the development and description of the coordination structure of a system to be done in a transparent way. Our description of the Java implementation of this coordination model demonstrates that it is self-contained enough for developing component-based systems. However, if desired, our model can be used as a basis to extend other models that focus on other aspects of components that are less related to composition and coordination concerns