Verifying the correct composition of distributed components: Formalisation and Tool
description
Transcript of Verifying the correct composition of distributed components: Formalisation and Tool
![Page 1: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/1.jpg)
VERIFYING THE CORRECT COMPOSITION OF DISTRIBUTED COMPONENTS:FORMALISATION AND TOOL
Ludovic Henrio1, Oleksandra Kulankhina1,2, Dongqian Liu3, Eric Madelaine1,2
1: Univ. of Nice Sophia Antipolis, CNRS, France
2: INRIA – Sophia Antipolis, SCALE team, France
3: East China Normal University, China
FOCLASA , 06/09/2014, Rome
![Page 2: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/2.jpg)
2
Context
• Grid Component Model: hierarchical components for distributed systems
• Design and execution environment for GCM:
VerCors: design
application
ADL files
Component Factory:
Generate components
GCM Compo-
nents
ProActive: deploy and
run components
Global objective: ensure correct execution of large-scale distributed applications
![Page 3: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/3.jpg)
3
Challenges
• No formal model for GCM architecture
• No notion of well-formed components in GCM
• No communication between business logic and control part
• VerCors tool was not completely implemented
![Page 4: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/4.jpg)
4
Contribution• formalisation of GCM component architecture
• validation constraints that ensure static properties for GCM component assemblies
• formalisation of the notion of interceptors in GCM
• implementation of a graphical modeling environment for GCM
• implementation of architecture validity checks with respect to the proposed formalisation
![Page 5: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/5.jpg)
5
Agenda
• Motivation and goal• Background• Formalisation
• Separation of concerns in GCM architecture• Interceptors• Constraints and properties
• Implementation• Tool: VerCors
• Application to the other component models• Conclusion and future work
![Page 6: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/6.jpg)
6
Background: Grid Component Model (GCM)
Primitive: encapsulates code
Composite: contains other components
Client interfaces: invoke methods, receive results
Server interfaces: serve methods, send resultsBindings
Hierarchical Distributed Asynchronous
![Page 7: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/7.jpg)
7
Agenda
• Motivation and goal• Background• Formalisation
• Separation of concerns in GCM architecture• Interceptors• Constraints and properties
• Implementation• Tool: VerCors
• Application to the other component models• Conclusion and future work
![Page 8: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/8.jpg)
8
Separation of concerns in GCM architecture
• Content: responsible for business logic
• Membrane: responsible for control part
• Functional and non-functional interfaces
• Business logic and control part can be designed separately
![Page 9: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/9.jpg)
9
Interceptors: what they are used for?• Example: Monitoring and reconfiguration
![Page 10: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/10.jpg)
10
How do we recognize interceptors chains?
• all the components are nested inside the membrane
• all the components have exactly one functional server and one functional client interface
• The interceptors form a chain
• the first and the last components of the chain are connected to the composing component
![Page 11: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/11.jpg)
11
Formalization• Architecture • Validation Contraints
• Wellformness
• Interceptors
![Page 12: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/12.jpg)
12
Static properties and validation rules (1)
Component encapsulation
Bindings do not cross the boundaries of the components
Correct typing
Interfaces connected by bindings have compatible roles
Interfaces connected by bindings have compatible methods
![Page 13: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/13.jpg)
13
Static properties and validation rules (2)
Deterministic communications
Each client interface is connected to at most one server interface
Unique naming
Interfaces have unique names inside a container
Components have unique names inside a container
![Page 14: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/14.jpg)
14
Static properties and validation rules (3)
Separation of concerns
The interfaces connected by a binding should have compatible control levels
• CL of a functional interface = 1• CL of a non-functional interface = 2• CL is increased by 1 for interfaces of controllers
• Compatible CLs: either both = 1, or both >1
![Page 15: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/15.jpg)
15
Static properties and validation rules (4)
• CL of a functional interface = 1
• CL of a non-functional interface = 2
• CL is increased by 1 for interfaces of controllers
• Compatible CL: either = 1, or >1 1
1 1
1
12
22
2
21
![Page 16: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/16.jpg)
16
Agenda
• Motivation and goal• Background• Formalisation
• Separation of concerns in GCM architecture• Interceptors• Constraints and properties
• Implementation• Tool: VerCors
• Application to the other component models• Conclusion and future work
![Page 17: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/17.jpg)
17
Tool: VerCors• Based on Obeo
Designer
• Graphical environment for GCM Components and UML Diagrams
Produces ADL files, Java classes and Java interfaces
Distributed as Eclipse plugins
![Page 18: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/18.jpg)
18
Static validation in VerCors
• Check all the constraints specified in the paper
• Use Acceleo, OCL and Java Services
• Inform user about the violation of constraints
![Page 19: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/19.jpg)
19
Agenda
• Motivation and goal• Background• Formlisation
• Separation of concerns in GCM architecture• Interceptors• Constraints and properties
• Implementation• Tool: VerCors
• Application to the other component models• Conclusion and future work
![Page 20: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/20.jpg)
20
Application to the other component models
• Fractal: would reuse everything except non-functional aspect and interceptors
• AOKell: would reuse non-functional part and componentized membrane
• SOFA: hierarchical structure, componentized membrane, “delegation chains” that act like interceptors; would reuse most of our constraints
• SCA: hierarchical model, would reuse a lot of notions
![Page 21: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/21.jpg)
21
Agenda
• Motivation and goal• Background• Formlisation
• Separation of concerns in GCM architecture• Interceptors• Constraints and properties
• Implementation• Tool: VerCors
• Application to the other component models• Conclusion and future work
![Page 22: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/22.jpg)
22
Conclusion
• A formal model for GCM architecture
• The well-formness properties of GCM components
• Formalization of interceptors in GCM
• A graphical specification environment for GCM components modeling and static validation
• Application to other component models
![Page 23: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/23.jpg)
23
Future work
• Tool evolution: Produce behavioral models and model-check them Generate Java code for UML State Machines
• Validate other static properties as a prerequesite for the generation of behavior models• check compatibility between the State Machines and
UML Interfaces
![Page 24: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/24.jpg)
24
Thank you for your attention!
Verifying the correct composition of distributed components:
Formalisation and Tool Ludovic Henrio, Oleksandra Kulankhina, Dongqian Liu, Eric Madelaine
References:• Vercors: https://team.inria.fr/scale/software/vercors/• GCM: F. Baude, D. Caromel, C. Dalmasso, M. Danelutto, V. Getov, L. Henrio,
C. Perez: GCM: A Grid Extension to Fractal for Autonomous Distributed Components, in Annals of Telecommunications, Vol. 64, no1, jan 2009.
• Francoise Baude, Ludovic Henrio & Cristian Ruz (2014): Programming distributed and adapt- able autonomous components-the GCM/ProActive framework. Software: Practice and Experience, doi:10.1002/spe.2270. Available at http://dx.doi.org/10.1002/spe.2270.
![Page 25: Verifying the correct composition of distributed components: Formalisation and Tool](https://reader035.fdocuments.net/reader035/viewer/2022062221/56813b69550346895da46cd3/html5/thumbnails/25.jpg)
25
Group communications
1xN communications: multicast Nx1 communications: gathercast