Behavior Protocols for Software Components (2002)

by F Plasil, S Visnovsky
Venue:IEEE Transactions on Software Engineering
Add To MetaCart
Results 1 - 10 of 207

F.: SOFA 2.0: Balancing Advanced Features in a Hierarchical Component Model

by Tomáš Bureš, Petr Hnětynka, František Plášil - Proc. of SERA 2006 , 2006
"... Component-based software engineering is a powerful paradigm for building large applications. However, our experience with building application of components is that the existing advanced component models (such as those offering component nesting, behavior specification and checking, dynamic reconfig ..."
Abstract - Cited by 83 (7 self) - Add to MetaCart
Component-based software engineering is a powerful paradigm for building large applications. However, our experience with building application of components is that the existing advanced component models (such as those offering component nesting, behavior specification and checking, dynamic reconfiguration to some extent, etc.) are subject to a lot of limitations and issues which prevent them from being accepted more widely (by industry in particular). We claim that these issues are specifically related to (a) the lack of support for dynamic reconfigurations of hierarchical architectures, (b) poor support for modeling and extendibility of the control part of a component, and (c) the lack of support for different communication styles applied in inter-component communication. In this paper, we show how these problems can be addressed and present an advanced component system SOFA 2.0 as a proof of the concept. This system is based on its predecessor SOFA, but it incorporates a number of enhancements and improvements. 1.
(Show Context)

Component Composition Errors and Update Atomicity: Static Analysis

by Jiri Adamek, Frantisek Plasil - JOURNAL OF SOFTWARE MAINTENANCE AND EVOLUTION: RESEARCH AND PRACTICE , 2005
"... We discuss the problem of defining a composition operator in behavior protocols in a way which would reflect false communication of the software components being composed. Here the issue is that the classical way in the ADLs supporting behavior description, such as Wright and TRACTA, is to emplo ..."
Abstract - Cited by 46 (15 self) - Add to MetaCart
We discuss the problem of defining a composition operator in behavior protocols in a way which would reflect false communication of the software components being composed. Here the issue is that the classical way in the ADLs supporting behavior description, such as Wright and TRACTA, is to employ a CSP-like parallel composition which inherently yields only "successful traces", ignoring non-accepted attempts for communication. We show that

Component Reliability Extensions for Fractal Component Model

by Jiri Adamek, Tomas Bures, Pavel Jezek, Vladimir Mencl, Pavel Parizek, Frantisek Plasil , 2008
"... � Component Reliability Extensions for Fractal component model: Architecture/Design manual and User manual ..."
Abstract - Cited by 28 (11 self) - Add to MetaCart
� Component Reliability Extensions for Fractal component model: Architecture/Design manual and User manual
(Show Context)

Model checking of Software Components: Combining Java PathFinder and Behavior Protocol Model Checker

by Pavel Parizek, Frantisek Plasil, Jan Kofron - PathFinder and Behavior Protocol Model Checker, Proceedings of SEW’06, IEEE CS , 2007
"... Although there exist several software model checkers that check the code against properties specified e.g. via a temporal logic and assertions, or just verifying low-level properties (like unhandled exceptions), none of them supports checking of software components against a highlevel behavior speci ..."
Abstract - Cited by 27 (9 self) - Add to MetaCart
Although there exist several software model checkers that check the code against properties specified e.g. via a temporal logic and assertions, or just verifying low-level properties (like unhandled exceptions), none of them supports checking of software components against a highlevel behavior specification. We present our approach to model checking of software components implemented in Java against a high-level specification of their behavior defined via behavior protocols [1], which employs the Java PathFinder model checker and the protocol checker. The property checked by the Java PathFinder (JPF) tool (correctness of particular method call sequences) is validated via its cooperation with the protocol checker. We show that just the publisher/listener pattern claimed to be the key flexibility support of JPF (even though proved very useful for our purpose) was not enough to achieve this kind of checking.
(Show Context)

Behavioural Models for Hierarchical Components

by Tomás Barros, Ludovic Henrio, Eric Madelaine - In Proceedings of the International SPIN Workshop on Model Checking of Software. Spinger , 2005
"... Abstract. We describe a method for the specification and verification of the dynamic behaviour of component systems. Building applications using a component framework allows the developers to specify the architecture, the deployment, the life-cycle of the system with well-defined formalisms, and to ..."
Abstract - Cited by 22 (7 self) - Add to MetaCart
Abstract. We describe a method for the specification and verification of the dynamic behaviour of component systems. Building applications using a component framework allows the developers to specify the architecture, the deployment, the life-cycle of the system with well-defined formalisms, and to gain productivity by reusing existing components. But then one wants to make sure that the application built from existing components is safe, in the sense that its parts fit together appropriately and behave together smoothly. Each component must be adequate to its assigned role within the system, and the update or replacement of a component should not cause deadlock or failure of the rest of the system. The usual notion of type compatibility of interfaces is not sufficient; we need to capture the dynamic interaction between components, and typically to avoid deadlocks or unexpected behaviours in the system. In this work, we focus on hierarchical component systems. We describe both the functional behaviour and the non-functional features (life-cycle management) of components in terms of synchronised transition systems; we define a notion of correct component composition; then we show how we can prove, using (compositional) model-checking techniques, temporal properties of a component system. Transformations of a system, for example replacement of a sub-component, are expressed as transformations of its behavioural semantics, allowing to prove preservation of some properties, or the validity of new properties after transformation. 1
(Show Context)

Behavior Protocols Capturing Errors and Updates

by Jiri Adamek, Frantisek Plasil - Proceedings of the 2 nd International Workshop on Unanticipated Software Evolution , 2003
"... We discuss the problem of defining a composition operator in behavior protocols in a way which would reflect false communication of the software components being composed. Here the issue is that the classical way in the ADLs supporting behavior description, such as Wright and TRACTA, is to employ a ..."
Abstract - Cited by 21 (4 self) - Add to MetaCart
We discuss the problem of defining a composition operator in behavior protocols in a way which would reflect false communication of the software components being composed. Here the issue is that the classical way in the ADLs supporting behavior description, such as Wright and TRACTA, is to employ a CSP-like parallel composition which inherently yields only "successful traces", ignoring non-accepted attempts for communication. We show that resulting from component composition, several types of behavior errors can occur: bad activity, no activity, and divergence. The key idea behind bad activity is that the asymmetry of roles during event exchange typical for real programs should be honored: the caller is considered to be the initiator of the call (callee has only a passive role). In most formal systems, this is not the case. We propose a new composition operator,"consent", reflecting these types of errors by producing an erroneous trace. In addition, by using the consent operator, it can be statically determined, whether the atomicity of a dynamic update of a component is implicitly guarantied thanks to the behavior of its current environment.
(Show Context)

On Components with Explicit Protocols Satisfying a Notion of Correctness by Construction

by Andres Farias, Mario Südholt, Département Informatique , 2002
"... Component-based programming promises to facilitate the construction of large-scale applications, it is supported by the concept of interfaces. In most current component models, interfaces essentially declare types and sets of services that components implement. However, interfaces are not express ..."
Abstract - Cited by 19 (6 self) - Add to MetaCart
Component-based programming promises to facilitate the construction of large-scale applications, it is supported by the concept of interfaces. In most current component models, interfaces essentially declare types and sets of services that components implement. However, interfaces are not expressive enough to formulate structural and behavioral properties important for component collaboration. We consider an important class of component collaboration properties: sequencing constraints, which components must obey when calling one another's services.

Model-Checking Distributed Components: The Vercors Platform

by Tomás Barros, Antonio Cansado, Eric Madelaine - In Proceedings of the 3rd International Workshop on Formal Aspects of Component Software FACS’2006 , 2006
"... This article presents a component verification platform called Vercors providing means to analyse the behaviour properties of applications built from distributed components. From the behavioural specification of primitive components, and from the architectural description of the composite components ..."
Abstract - Cited by 19 (4 self) - Add to MetaCart
This article presents a component verification platform called Vercors providing means to analyse the behaviour properties of applications built from distributed components. From the behavioural specification of primitive components, and from the architectural description of the composite components, our tools build models encoding the interactions between the components, suitable for analysis by model-checking tools. The models are hierarchical and parameterized, expressing in a compact way the system behaviour. Then we have tools for instantiating those parameterized models using finite abstractions, and producing input for state-of-the-art verification tools. Our current work also targets the generation of models that include controllers modelling the dynamic management of architectural transformation of an application, such as changes in bindings or replacement of sub-components. We describe the existing tools, give tracks for further developments and show how realistic case-studies can be model-checked using our platform.
(Show Context)

Communication Style Driven Connector Configurations

by Tomas Bures, Frantisek Plasil - LNCS3026, ISBN 3-540-21975-7, ISSN 0302-9743 , 2004
"... Connectors are used in component-based systems as first-class entities to abstract component interactions. In this paper, we propose a way to compose connectors by using fine-grained elements, each of them representing a single, well-defined function. We identify an experimentally proven set of con ..."
Abstract - Cited by 18 (4 self) - Add to MetaCart
Connectors are used in component-based systems as first-class entities to abstract component interactions. In this paper, we propose a way to compose connectors by using fine-grained elements, each of them representing a single, well-defined function. We identify an experimentally proven set of connector elements, which, composed together, model four basic component interconnection types (procedure call, messaging, streaming, blackboard), and allow for connector variants to reflect distribution, security, fault-tolerance, etc. We also discuss how to generate such a connector semi-automatically. The presented results are based on a proof-of-the-concept implementation.
(Show Context)

Getting "whole picture" Behavior in a Use Case Model

by Frantisek Plasil, Vladimir Mencl , 2003
"... Although widely used, traditional use case modeling does not provide explicit means which could be easily used for capturing and testing behavior compliance of the entities involved in a particular use case model. Specifically, a use case model (a set of use cases) related to a system under design p ..."
Abstract - Cited by 18 (4 self) - Add to MetaCart
Although widely used, traditional use case modeling does not provide explicit means which could be easily used for capturing and testing behavior compliance of the entities involved in a particular use case model. Specifically, a use case model (a set of use cases) related to a system under design provides neither an explicit abstraction to capture the "whole picture" of the behavior of the system, nor to cover the interactions of subsystems and internal actors with the parent system. With the aim to allow for reasoning on the behavior, the paper introduces a simple formal model Generic UC View which identifies important abstractions and the relations upon them which target the goal. Among them, the concept of use case expression is the base for the desired reasoning on whether the behavior of an entity (such as an agent, a subsystem or a software component) complies with the composed behavior of its sub-entities, and the behavior on the communication links of two neighboring entities is compliant.