A formal support to business and architectural design for service-oriented systems

Architectural Design Rewriting (ADR) is an approach for the design of software architectures developed within Sensoria by reconciling graph transformation and process calculi techniques. The key feature that makes ADR a suitable and expressive framework is the algebraic handling of structured graphs, which improves the support for specification, analysis and verification of service-oriented architectures and applications. We show how ADR is used as a formal ground for high-level modelling languages and approaches developed within Sensoria

KM-SORE: Knowledge Management for Service Oriented Requirements Engineering

Service-oriented Software Engineering is a new style for creating software using reusable services which are available over the web. The biggest challenge in this process is to discover and select the appropriate services that match system requirements. Currently, none of the proposed approach has been accepted by research community as a standard. There is very little empirical work available that addresses requirements engineering in service oriented paradigm. The aim of this study is to propose a framework for requirements engineering in SOSE. The framework is based on a new idea, that integrating Knowledge Management in Service Oriented development would improve requirement engineering phase as it does for traditional software engineering. The framework is developed in the light of the issues and challenges identified by published literature and the feedback of practitioners and researchers working on service oriented projects

Design and Optimisation of the FlyFast Front-end for Attribute-based Coordination

Collective Adaptive Systems (CAS) consist of a large number of interacting objects. The design of such systems requires scalable analysis tools and methods, which have necessarily to rely on some form of approximation of the system's actual behaviour. Promising techniques are those based on mean-field approximation. The FlyFast model-checker uses an on-the-fly algorithm for bounded PCTL model-checking of selected individual(s) in the context of very large populations whose global behaviour is approximated using deterministic limit mean-field techniques. Recently, a front-end for FlyFast has been proposed which provides a modelling language, PiFF in the sequel, for the Predicate-based Interaction for FlyFast. In this paper we present details of PiFF design and an approach to state-space reduction based on probabilistic bisimulation for inhomogeneous DTMCs.Comment: In Proceedings QAPL 2017, arXiv:1707.0366

An Experience on Formal Analysis of a high-level graphical SOA Design

Abstract: In this paper, we present the experience gained with the participation in a case study in which a novel high-level design language (UML4SOA) was used to produce a service-oriented system design, to be model checked with respect to the intended requirements and automatically translated into executable BPEL code. This experience, beyond revealing several uncertainties in the language definition, and several flaws in the designed model, has been useful to better understand the hidden risks of apparently intuitive graphical designs, when these are not backed up by a precise and rigorous semantics. The adoption of a rigorous or formal semantics for these notations, and the adoption of formal verification methods allow the full exploration of designs which otherwise risk to become simple to draw and update, but difficult to really understand in all their hidden ramifications. Automatic formal model generation from high level graphical designs is not only desirable but also pragmatically feasible e.g. using appropriate model transformation techniques. This is particularly valuable in the context of agile development approaches which are based on rapid and continuous updates of the system designs

Using FMC for family-based analysis of software product lines

We show how the FMC model checker can successfully be used to model and analyze behavioural variability in Soft-ware Product Lines. FMC accepts parameterized specifi-cations in a process-algebraic input language and allows the verification of properties of such models by means of efficient on-the-fly model checking. The properties can be expressed in a logic that allows to correlate the parameters of different actions within the same formula. We show how this feature can be used to tailor formulas to the verification of only a specific subset of products of a Software Product Line, thus allowing for scalable family-based analyses with FMC. We present a proof-of-concept that shows the application of FMC to an illustrative Featured Transition System from the literature. CCS Concepts •General and reference → Verification; •Theory of computation→Verification by model checking; Modal and temporal logics; Process calculi; Operational semantics; •Software and its engineering → Model checking; Software product lines; Model-driven software engineer-ing

Robust Contract Evolution in a TypeSafe MicroServices Architecture

Microservices architectures allow for short deployment cycles and immediate effects but offer no safety mechanisms when service contracts need to be changed. Maintaining the soundness of microservice architectures is an error-prone task that is only accessible to the most disciplined development teams. We present a microservice management system that statically verifies service interfaces and supports the seamless evolution of compatible interfaces. We define a compatibility relation that captures real evolution patterns and embodies known good practices on the evolution of interfaces. Namely, we allow for the addition, removal, and renaming of data fields of a producer module without breaking or needing to upgrade consumer services. The evolution of interfaces is supported by runtime generated proxy components that dynamically adapt data exchanged between services to match with the statically checked service code.The model was instantiated in a core language whose semantics is defined by a labeled transition system and a type system that prevents breaking changes from being deployed. Standard soundness results for the core language entail the existence of adapters, hence the absence of adaptation errors and the correctness of the management model. This adaptive approach allows for gradual deployment of modules, without halting the whole system and avoiding losing or misinterpreting data exchanged between system nodes. Experimental data shows that an average of 69% of deployments that would require adaptation and recompilation are safe under our approach

CaSPiS: A Calculus of Sessions, Pipelines and Services

Service-oriented computing is calling for novel computational models and languages with well disciplined primitives for client-server interaction, structured orchestration and unexpected events handling. We present CaSPiS, a process calculus where the conceptual abstractions of sessioning and pipelining play a central role for modelling service-oriented systems. CaSPiS sessions are two-sided, uniquely named and can be nested. CaSPiS pipelines permit orchestrating the flow of data produced by different sessions. The calculus is also equipped with operators for handling (unexpected) termination of the partner’s side of a session. Several examples are presented to provide evidence of the flexibility of the chosen set of primitives. One key contribution is a fully abstract encoding of Misra et al.’s orchestration language Orc. Another main result shows that in CaSPiS it is possible to program a “graceful termination” of nested sessions, which guarantees that no session is forced to hang forever after the loss of its partner

Model checking usage policies

We study usage automata, a formal model for specifying policies on the usage of resources. Usage automata extend finite state automata with some additional features, parameters and guards, that improve their expressivity. We show that usage automata are expressive enough to model policies of real-world applications. We discuss their expressive power, and we prove that the problem of telling whether a computation complies with a usage policy is decidable. The main contribution of this paper is a model checking technique for usage automata. The model is that of usages, i.e. basic processes that describe the possible patterns of resource access and creation. In spite of the model having infinite states, because of recursion and resource creation, we devise a polynomial-time model checking technique for deciding when a usage complies with a usage policy

Vom SOM-Geschäftsprozessmodell zum Softwareartefakt - modellgetriebene Systementwicklung mit dem Eclipse Modeling Framework

Zur Überbrückung der semantischen Lücke zwischen der fachlichen und der softwaretechnischen Ebene in der Systementwicklung schlägt diese Arbeit einen modellgetriebenen Ansatz ausgehend von Geschäftsprozessen hin zur Generierung von Quellcode für eine service-orientierte JavaEE-Architektur vor. Der Ansatz und ein implementiertes Software-Werkzeug nutzen das Eclipse Modeling Framework (EMF) anhand von Ecore-Modellen und QVTo-basierten Modelltransformationen. Service-orientierte Anwendungssysteme werden anhand einer Xtext- und ANTLR-basierten Grammatik beschrieben, die eine auf konzeptuellen Objekttypen und Vorgangsobjekttypen (KOS und VOS der SOM-Methodik) aufbauende Syntax vorschlägt. Resultierende Ecore-Modelle sind anhand von QVTo in ein komponentenorientiertes Softwaremodell auf Basis von JavaEE überführbar. Die Transformation dieses Modells in Quellcode erzeugt ein auf einer Referenz-Architektur basierendes verteiltes Software-System bestehend aus Entitäts- und Vorgangs-Services, einschließlich JPA-Entities, SessionBeans, MessageDrivenBeans mit Message Queues und EJB-Module-Konfigurationen