Multilevel Contracts for Trusted Components

This article contributes to the design and the verification of trusted components and services. The contracts are declined at several levels to cover then different facets, such as component consistency, compatibility or correctness. The article introduces multilevel contracts and a design+verification process for handling and analysing these contracts in component models. The approach is implemented with the COSTO platform that supports the Kmelia component model. A case study illustrates the overall approach.Comment: In Proceedings WCSI 2010, arXiv:1010.233

Consistency in UML and B multi-view specifications

20We present the notion of {\\it consistency relation} in UML and B multi-view specifications. It is defined as a semantic relation between both views. It provides us with a sound basis to define the notion of development operator. An operator models a development step; it separates the design decisions from their expression in the specification formalisms. Operator correctness is defined as a property which guarantees that the application of an operator on a consistent specification state yields a consistent new state. An operator can be proven once and for all to be correct. A classical case-study, the Generalized Railroad Crossing (GRC), demonstrates how the different notions can be put in practice to provide specifiers with a realistic development model

The composition of Event-B models

The transition from classical B [2] to the Event-B language and method [3] has seen the removal of some forms of model structuring and composition, with the intention of reinventing them in future. This work contributes to thatreinvention. Inspired by a proposed method for state-based decomposition and refinement [5] of an Event-B model, we propose a familiar parallel event composition (over disjoint state variable lists), and the less familiar event fusion (over intersecting state variable lists). A brief motivation is provided for these and other forms of composition of models, in terms of feature-based modelling. We show that model consistency is preserved under such compositions. More significantly we show that model composition preserves refinement

Shuffle–based verification of component compatibility

An extension of earlier work on component compatibility is described in this paper. Similarly as before, the behavior of components is specified by component interface languages, and the shuffle operation is introduced to represent possible interleavings of service requests that originate at several concurrent components. The paper shows that the verification of component compatibility is possible without the exhaustive analysis of the state space of interacting components. Exhaustive analysis of state spaces was the basis of earlier approaches to compatibility verification

Model Fusion for the Compatibility Verification of Software Components

Similarly as in earlier work on component compatibility, the behavior of components is specified by component interface languages, defined by labeled Petri nets. In the case of composition of concurrent components, the requests from different components can be interleaved, and - as shown earlier - such interleaving can result in deadlocks in the composed system even if each pair of interacting components is deadlock–free. Therefore the elements of a component–based system are considered compatible only if the composition is deadlock–free. This paper formally defines model fusion, which is a composition of net models of individual components that represents the interleaving of interface languages of interacting components. It also shows that the verification of component compatibility can avoid the exhaustive analysis of the composed state space

Service Renaming in Component Composition

In component-based systems, the behavior of components is usually described at component interfaces and the components are characterized as requester (active) and provider (reactive) components. Two interacting components are considered compatible if all possible sequences of services requested by one component can be provided by the other component. This concept of component compatibility can be extended to sets of interacting components, however, in the case of several requester components interacting with one or more provider components, as is typically the case of cleint-server applications, the requests from different components can be interleaved and then verifying component compatibility must take into account all possible interleavings of requests. Such interleaving of requests can lead to unexpected behavior of the composed system, e.g. a deadlock can occur. Service renaming is proposed as a method of systematic eliminating of such unexpected effects and streamlining component compositions

Workshop Proceedings Proceedings Editors

Workshop on Property Verification for Software Components and Services lina.atlanstic.net/provecs This series of workshops aims at sharing experiments and research efforts on verification techniques and tools that are dedicated to software components and services; the hope and the common interest are the emergence during the forthcoming years, of common practices and standards for properties, techniques and tools for researchers and developers both in academia and industry. Aims Component-based software engineering and service-oriented architecture are intensively researched from various points of view: description languages, semantic models, implementation frameworks, property verification techniques, etc An ongoing challenge is the quality assessment of components and services by stating and verifying their properties. Appropriate techniques and tools are needed for this purpose. Moreover, the tools must scale up and be interoperable since components and services may come from different models and frameworks