SAVCBS 2004 Specification and Verification of Component-Based Systems: Workshop Proceedings

This is the proceedings of the 2004 SAVCBS workshop. The workshop is concerned with how formal (i.e., mathematical) techniques can be or should be used to establish a suitable foundation for the specification and verification of component-based systems. Component-based systems are a growing concern for the software engineering community. Specification and reasoning techniques are urgently needed to permit composition of systems from components. Component-based specification and verification is also vital for scaling advanced verification techniques such as extended static analysis and model checking to the size of real systems. The workshop considers formalization of both functional and non-functional behavior, such as performance or reliability

Aspects of Availability Enforcing timed properties to prevent denial of service

We propose a domain-specific aspect language to prevent denial of service caused by resource management. Our aspects specify availability policies by enforcing time limits in the allocation of resources. In our language, aspects can be seen as formal timed properties on execution traces. Programs and aspects are specified as timed automata and the weaving process as an automata product. The benefit of this formal approach is two-fold: the user keeps the semantic impact of weaving under control and (s)he can use a model-checker to optimize the woven program and verify availability properties

Combining Monitoring with Run-time Assertion Checking

We develop a new technique for Run-time Checking for two object-oriented languages: Java and the Abstract Behavioral Specification language ABS. In object-oriented languages, objects communicate by sending each other messages. Assuming encapsulation, the behavior of objects is completely determined by the order of the messages, and their content. Traditional methods for Run-time Checking focus either exclusively on the description and testing of the order of the messages (Monitoring), or they focus on specifying and testing the content of those messages (Run-time Assertion Checking). Our method combines Monitoring with Run-time Assertion Checking.The basic idea behind our technique is that the behavior of objects can be described formally by means of an attribute grammar extended with assertions. The underlying (context-free) grammar specifies the valid orderings of the messages, the attributes define properties of the contents of the messages, and assertions specify the desired values of those properties. We develop a new Run-time Checker for attribute grammars in the form of a meta-program in the language Rascal and applied the Run-time Checker to an industrial case of the e-commerce company Fredhopper. We also investigated the efficiency of the run-time checker, and successfully discovered and solved several bugs in the Fredhopper software.Algorithms and the Foundations of Software technolog

Performance Benchmarking of Application Monitoring Frameworks

Application-level monitoring of continuously operating software systems provides insights into their dynamic behavior, helping to maintain their performance and availability during runtime. Such monitoring may cause a significant runtime overhead to the monitored system, depending on the number and location of used instrumentation probes. In order to improve a system’s instrumentation and to reduce the caused monitoring overhead, it is necessary to know the performance impact of each probe. While many monitoring frameworks are claiming to have minimal impact on the performance, these claims are often not backed up with a detailed performance evaluation determining the actual cost of monitoring. Benchmarks can be used as an effective and affordable way for these evaluations. However, no benchmark specifically targeting the overhead of monitoring itself exists. Furthermore, no established benchmark engineering methodology exists that provides guidelines for the design, execution, and analysis of benchmarks. This thesis introduces a benchmark approach to measure the performance overhead of application-level monitoring frameworks. The core contributions of this approach are 1) a definition of common causes of monitoring overhead, 2) a general benchmark engineering methodology, 3) the MooBench micro-benchmark to measure and quantify causes of monitoring overhead, and 4) detailed performance evaluations of three different application-level monitoring frameworks. Extensive experiments demonstrate the feasibility and practicality of the approach and validate the benchmark results. The developed benchmark is available as open source software and the results of all experiments are available for download to facilitate further validation and replication of the results

Impact-Analyse für AspectJ - Eine kritische Analyse mit werkzeuggestütztem Ansatz

Aspect-Oriented Programming (AOP) has been promoted as a solution for modularization problems known as the tyranny of the dominant decomposition in literature. However, when analyzing AOP languages it can be doubted that uncontrolled AOP is indeed a silver bullet. The contributions of the work presented in this thesis are twofold. First, we critically analyze AOP language constructs and their effects on program semantics to sensitize programmers and researchers to resulting problems. We further demonstrate that AOP—as available in AspectJ and similar languages—can easily result in less understandable, less evolvable, and thus error prone code—quite opposite to its claims. Second, we examine how tools relying on both static and dynamic program analysis can help to detect problematical usage of aspect-oriented constructs. We propose to use change impact analysis techniques to both automatically determine the impact of aspects and to deal with AOP system evolution. We further introduce an analysis technique to detect potential semantical issues related to undefined advice precedence. The thesis concludes with an overview of available open source AspectJ systems and an assessment of aspect-oriented programming considering both fundamentals of software engineering and the contents of this thesis

TOOL-ASSISTED VALIDATION AND VERIFICATION TECHNIQUES FOR STATE-BASED FORMAL METHODS

To tackle the growing complexity of developing modern software systems that usually have embedded and distributed nature, and more and more involve safety critical aspects, formal methods (FMs) have been affirmed as an efficient approach to ensure the quality and correctness of the design, that permits to discover errors yet at the early stages of the system development. Among the several FMs available, some of them can be described as state-based, since they describe systems by using the notions of state and transitions between states. State-based FMs are sometimes preferred since they produce specifications that are more intuitive, being the notions of state and transition close to the notions of program state and program execution that are familiar to any developer. Moreover, state-based FMs are usually executable and permit to be simulated, so having an abstraction of the execution of the system under development. The aim of the thesis is to provide tool-assisted techniques that help the adoption of state-based FMs. In particular we address four main goals: 1) identifying a process for the development of an integrated framework around a formal method. The adoption of a formal method is often prevented by the lack of tools to support the user in the different development activities, as model editing, validation, verification, etc. Moreover, also when tools are available, they have usually been developed to target only one aspect of the system development process. So, having a well-engineered process that helps in the development of concrete notations and tools for a FM can make FMs of practical application. 2) promoting the integration of different FMs. Indeed, having only one formal notation, for doing different formal activities during the development of the system, is preferable than having a different notation for each formal activity. Moreover such notation should be high-level: working with high level notations is definitely easier than working with low-level ones, and the produced specifications are usually more readable. This goal can be seen as a sub-goal of the first goal; indeed, in a framework around a formal method, it should also be possible to integrate other formal methods that better address some particular formal activities. 3) helping the user in writing correct specifications. The basic assumption of any formal technique is that the specification, representing the desired properties of the system or the model of the system, is correct. However, in case the specification is not correct, all the verification activities based on the specification produce results that are meaningless. So, validation techniques should assure that the specification reflects the intended requirements; besides traditional simulation (user-guided or scenario-based), also model review techniques, checking for common quality attributes that any specification should have, are a viable solution. 4) reducing the distance between the formal specification and the actual implementation of the system. Several FMs work on a formal description of the system which is assumed to reflect the actual implementation; however, in practice, the formal specification and the actual implementation could be not conformant. A solution is to obtain the implementation, through refinements steps, from the formal specification, and proving that the refinements steps are correct. A different viable solution is to link the implementation with its formal specification and check, during the program execution, if they are conformant

On Language Processors and Software Maintenance

This work investigates declarative transformation tools in the context of software maintenance. Besides maintenance of the language specification, evolution of a software language requires the adaptation of the software written in that language as well as the adaptation of the software that transforms software written in the evolving language. This co-evolution is studied to derive automatic adaptations of artefacts from adaptations of the language specification. Furthermore, AOP for Prolog is introduced to improve maintainability of language specifications and derived tools.Die Arbeit unterstützt deklarative Transformationswerkzeuge im Kontext der Softwarewartung. Neben der Wartung der Sprachbeschreibung erfordert die Evolution einer Sprache sowohl die Anpassung der Software, die in dieser Sprache geschrieben ist als auch die Anpassung der Software, die diese Software transformiert. Diese Koevolution wird untersucht, um automatische Anpassungen von Artefakten von Anpassungen der Sprachbeschreibungen abzuleiten. Weiterhin wird AOP für Prolog eingeführt, um die Wartbarkeit von Sprachbeschreibungen und den daraus abgeleiteten Werkzeugen zu erhöhen

Refactorings to evolve object-oriented systems with aspect-oriented concepts

Tese de doutoramento em Informática.Software engineering tools should support complete separation of concerns, by enabling the deployment of each different concern in its own unit of modularity. Unfortunately, current tools and languages – including those supporting the object-oriented programming paradigm – fail to provide a complete and effective support for the separation of all concerns. Undesirable phenomena such as code scattering and code tangling ensue. Aspect-Oriented Programming is a new programming paradigm capable of modularising crosscutting concerns. Aspect-oriented programming complements existing programming paradigms, including object-oriented programming, with constructs that provide a fuller separation of concerns. Refactoring is a technique to restructure program source code in order to improve its underlying design and style while preserving the externally observable behaviour. “Code smells” help to detect inadequate structures and designs, which are then gradually removed through refactoring processes. There is a prospect of aspect-oriented programming becoming a mainstream technology in the near future. This begs the question of how to deal with a large base of object-oriented legacy code when aspect-orientation becomes standard practice. AspectJ's backward compatibility with Java opens the way for refactoring existing Java applications to leverage the concepts and mechanisms of aspects. This requires a prior idea of good style for aspect-oriented source code, something yet to be developed and matured. This thesis contributes to the definition of a new style appropriate to aspect orientation. To this effect, this thesis documents a collection of novel refactorings enabling the extraction of crosscutting concerns from object-oriented legacy source code and the subsequent restructuring of the aspects thus obtained. In addition, this thesis presents a review of traditional object-oriented code smells so they can be used as indicators of latent aspects in object-oriented source code. Finally, this thesis proposes several novel aspect-oriented code smells. We validate the refactorings through an illustrative refactoring process.Idealmente, as ferramentas de engenharia de programas suportariam uma estrita separação de facetas, possibilitando a colocação de cada faceta na sua própria unidade modular. Infelizmente, as actuais ferramentas e linguagens – incluindo as que suportam o paradigma da orientação ao objecto – não conseguem obter uma completa e efectiva separação de todas as facetas. Daí resultam fenómenos indesejáveis tais como a dispersão e emaranhado de texto fonte. A programação orientada ao aspecto é um novo paradigma da programação capaz de modularizar facetas transversais. A orientação ao aspecto complementa os paradigmas existentes, incluindo a orientação ao objecto, com mecanismos que providenciam uma separação de facetas mais completa. A refabricação de programas é uma técnica para reestruturar o texto fonte de um programa no sentido de melhorar a concepção e estilo subjacentes, mantendo o seu comportamento externamente observável. “Maus cheiros” no texto fonte ajudam a detectar estruturas e concepções inadequadas, que são então gradualmente removidos através de processos de refabricação. Existe a perspectiva da orientação ao aspecto ter uma aceitação generalizada no futuro próximo. Coloca-se a questão de como lidar com uma grande base instalada de texto fonte orientado ao objecto legado quando tal acontecer. A compatibilidade retroactiva de AspectJ em relação a Java possibilita a refabricação das aplicações Java existentes de modo a tomarem partido dos conceitos e mecanismos dos aspectos. Porém, isto tem como pressuposto uma ideia clara de bom estilo para o texto fonte orientado ao aspecto, algo que actualmente não existe duma maneira desenvolvida e matura. Esta tese contribui para a caracterização de um novo estilo, apropriado à orientação ao aspecto. Para esse efeito, esta tese documenta uma colecção de refabricações originais através das quais facetas transversais existentes em texto legado orientado ao objecto são extraídas para aspectos, e a posterior reestruturação dos aspectos assim obtidos pode ser realizada. Esta tese apresenta também uma reapreciação dos maus cheiros orientados ao objecto tradicionais no sentido de poderem ser usados na detecção de aspectos latentes no texto fonte orientado ao objecto. Por fim, esta tese propõe diversos maus cheiros originais, orientados ao aspecto. As refabricações são validadas por meio de um processo de refabricação ilustrativo.Programa de Desenvolvimento Educativo para Portugal III (PRODEP III) - (Medida 5 - Acção 5.3 - Eixo 3 - Formação Avançada de Docentes do Ensino Superior).Portable Parallel Computing based on Virtual Machines (PPC-VM) - (PO-SI/CHS/47158/2002).Fundação Luso Americana para o Desenvolvimento (FLAD)