Monitoring Design Monitoring Design Pattern ContractsPattern Contracts

Jason O. Jason O. HallstromHallstrom

Clemson UniversityClemson University

SAVCBS ’04 Workshop at ACM SIGSOFT 2004/FSE-SAVCBS ’04 Workshop at ACM SIGSOFT 2004/FSE-1212

Benjamin Tyler Benjamin Tyler (Presenter)(Presenter)

Ohio State UniversityOhio State University

Neelam Neelam SoundarajanSoundarajan

Ohio State UniversityOhio State University

Design Patterns and Design Patterns and MonitoringMonitoring Patterns capture key system Patterns capture key system

behaviorsbehaviors– Behaviors often cross-cuttingBehaviors often cross-cutting– Usually, specified informallyUsually, specified informally

To monitor and test behaviors, To monitor and test behaviors, informal specs are not enoughinformal specs are not enough

Our ApproachOur Approach

AOP aspectAOP aspect – Language construct, – Language construct, similar to a class, that implements similar to a class, that implements cross-cutting behaviors for classes cross-cutting behaviors for classes in an applicationin an application

Aspects can be used to capture Aspects can be used to capture design pattern contractsdesign pattern contracts

These aspects can be used to These aspects can be used to monitor system behavior to see if monitor system behavior to see if these contracts are respectedthese contracts are respected

Methodology OverviewMethodology Overview

Contract Aspectfor P

(abstract)

TheThe contract aspect contract aspect contains the contains the main checking logic for a patternmain checking logic for a pattern

Methodology OverviewMethodology Overview

System CodePurportedly uses

pattern P

Contract Aspectfor P

(abstract)

TheThe contract aspect contract aspect contains the contains the main checking logic for a patternmain checking logic for a pattern

Methodology OverviewMethodology Overview

System CodePurportedly uses

pattern P

Contract Aspectfor P

(abstract)

Subcontract Aspect

Specific to System

The The subcontract aspectsubcontract aspect contains contains definitions specific to the applicationdefinitions specific to the application

Methodology OverviewMethodology Overview

System CodePurportedly uses

pattern P

Contract Aspectfor P

(abstract)

Subcontract Aspect

Specific to System

Compiled System

Monitors P

Compile/Compile/WeaveWeave

Methodology OverviewMethodology Overview

Another System

Also uses P

Contract Aspectfor P

(abstract)

Subcontract Aspect

Specific to System

Methodology OverviewMethodology Overview

Another System

Also uses P

Contract Aspectfor P

(abstract)

Another Subct. Aspect

Specific to System

Methodology OverviewMethodology Overview

Another System

Also uses P

Contract Aspectfor P

(abstract)

Another Subct. Aspect

Specific to System

Compiled System

Also monitors P

Compile/Compile/WeaveWeave

Benefits of Our Benefits of Our ApproachApproach No instrumentation of source codeNo instrumentation of source code Monitoring code separate from Monitoring code separate from

application codeapplication code Contract aspect needs to be created Contract aspect needs to be created

only once for a given design patternonly once for a given design pattern– Only need to create new subcontract Only need to create new subcontract

aspects for each system to be aspects for each system to be monitoredmonitored

Aspect TerminologyAspect Terminology

PointcutPointcut – A set of places in the – A set of places in the class code where an aspect can class code where an aspect can insert new behaviorinsert new behavior

AdviceAdvice – Code associated with a – Code associated with a pointcut that implements this pointcut that implements this new behaviornew behavior

Monitoring with Monitoring with AspectsAspects

before(Calc c): SqPc(c) {

}after(Calc c): SqPc(c) {

}

aspect CalcMonitor { int st_old;

pointcut SqPc(Calc c): exec(Sqrt()) && targ(c);

assert(c.st >= 0); st_old = c.st;

assert(c.st^2 <= st_old && st_old <(c.st+1)^2);

}

class Calc { int st;

void Sqrt() { int i = 1; while(i*i<=st) i++; st = i-1; }}

Pattern Example: Pattern Example: ObserverObserver

Subject

+Attach(in Observer)+Notify()+Detach(in Observer)

ConcreteSubject

- subjectState

Observer

+ Update()

ConcreteObserver

+ Update()

- observerState

observers

subject

1 *

1 *

for all o in observers o.Update()

The Contract AspectThe Contract Aspect

Formalizes the behavior intended Formalizes the behavior intended by the patternby the pattern

Advice provides the main Advice provides the main monitoring code for the patternmonitoring code for the pattern

However, method names/signatures However, method names/signatures and concrete definitions for and concrete definitions for relations vary from application to relations vary from application to applicationapplication

Use Use abstractabstract pointcuts and methods pointcuts and methods for these in the contract aspectfor these in the contract aspect

Part of the Contract Part of the Contract Aspect for ObserverAspect for Observer Property: After call to Update(), Property: After call to Update(),

the Observer should be the Observer should be “consistent” with its subject“consistent” with its subject

after(Subj s, Obs o): UpdatePc(s, o) { assert(Consistent(s, o)); }

abstract pointcut UpdatePc(Subj s, Obs o) ;

abstract boolean Consistent(Subj s, Obs o) ;

Part of the Contract Part of the Contract Aspect for ObserverAspect for Observer Another property: If a call to a Subject Another property: If a call to a Subject

method results in a change in state, method results in a change in state, Notify() should have been calledNotify() should have been called

after(Subj s): SubjMethPc(s) { assert(! Modified(s_old, s)); }

before(Subj s): NotifyPc(s) { s_old = copyObject(s); … }

abstract pointcut SubjMethPc(Subj s) ;abstract pointcut NotifyPc(Subj s) ;abstract boolean Modified(Subj s1, Subj s2) ;

In the Subcontract In the Subcontract Aspect…Aspect… Associate concrete classes with Associate concrete classes with

pattern rolespattern roles– Insert dummy interfaces in the class Insert dummy interfaces in the class

hierarchy (AspectJ feature)hierarchy (AspectJ feature) Pointcut definitions that associate Pointcut definitions that associate

role methods with actual methods role methods with actual methods in the applicationin the application

Definitions for relations specific to Definitions for relations specific to the given application the given application

Hospital ExampleHospital Example

Patients play the Subject rolePatients play the Subject role– State includes temp and heart rateState includes temp and heart rate

Nurses observe Patients Nurses observe Patients – Keep track if Patients have a fever or notKeep track if Patients have a fever or not– Updates done with Updates done with Nrs.TempUpd(Pat)

Doctors also observe PatientsDoctors also observe Patients– Record whether or not patients are in Record whether or not patients are in

stable conditionstable condition– Updates done with Updates done with Doc.CondUpd(Pat)

Pointcuts in the Pointcuts in the Subcontract AspectSubcontract Aspect In the subcontract aspect, we give In the subcontract aspect, we give

definitions for the abstract pointcuts definitions for the abstract pointcuts mentioned in the contract aspectmentioned in the contract aspect

Examples:Examples:pointcut UpdatePc(Subj subj, Obs obs) : ( exec(Nrs.TempUpd(Pat)) || exec(Doc.CondUpd(Pat)) ) && targ(obs) && arg(subj) ;

pointcut SubjMethPc(Subj subj) : exec(Pat.*(..)) && targ(subj) ;

Defining RelationsDefining Relations

Need to provide definitions of Need to provide definitions of application-specific relations in application-specific relations in the subcontract aspectthe subcontract aspect

Example: ModifiedExample: Modified

boolean Modified(Subj s1, Subj s2) {

return s1.temp != s2.temp || s1.hrtRate !=

s2.hrtRate;}

Defining RelationsDefining Relations

Another example: ConsistentAnother example: Consistent

boolean Consistent(Subj subj, Obs obs) { if (obs instanceOf Nrs) { return subj.temp > 104 == obs.isFeverish(subj); } else if (obs instanceOf Doc) { return (55 < subj.hrtRate < 100 && 92 < subj.temp < 105) == obs.isStable(subj); } else { /* Error! */} }

DiscussionDiscussion

Contract aspects generally harder to Contract aspects generally harder to write than the subcontract aspectswrite than the subcontract aspects– Only have to write them once!Only have to write them once!

Information such as method call Information such as method call sequences can be tracked using sequences can be tracked using auxiliary variables in the aspectauxiliary variables in the aspect

Pointcuts can encompass more than just Pointcuts can encompass more than just method callsmethod calls

Current and future workCurrent and future work– MonGen MonGen and and PCLPCL

Presented Presented MethodologyMethodology

System CodePurportedly uses

pattern P

Contract Aspectfor P

(abstract)

Subcontract Aspect

Specific to System

Compiled System

Monitors P

Compile/Compile/WeaveWeave

Monitoring Monitoring CodeCode

MonGen MethodologyMonGen Methodology

Contract Specfor P

Subcontract Spec

Specific to System

Specs writtenSpecs writtenin PCLin PCL

MonGeMonGenn

System CodePurportedly uses

pattern P

MonitoringAspect for

System

Compiled System

Monitors P

Compile/Compile/WeaveWeave

ConclusionConclusion

Design patterns often describe Design patterns often describe behaviors that encompass multiple behaviors that encompass multiple classesclasses

Aspects are a natural way to Aspects are a natural way to monitor such behaviorsmonitor such behaviors

Separating the essence of the Separating the essence of the pattern from the details of the pattern from the details of the application saves time and effortapplication saves time and effort

Questions?Questions?

e-maile-mail– tyler@cse.ohio-state.edutyler@cse.ohio-state.edu

MonGen Web page:MonGen Web page:– www.cse.ohio-state.edu/~tyler/www.cse.ohio-state.edu/~tyler/

MonGenMonGen