1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems...
-
Upload
elfreda-lloyd -
Category
Documents
-
view
214 -
download
0
Transcript of 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems...
![Page 1: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/1.jpg)
1
Qualitative Reasoning of Qualitative Reasoning of Distributed Object DesignDistributed Object Design
Nima Kaveh & Wolfgang EmmerichSoftware Systems Engineering
Dept. Computer ScienceUniversity College London
![Page 2: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/2.jpg)
2
Talk OutlineTalk Outline
Intro – Distributed Systems Motivations & Challenges Example Scenario Our Approach Safety & Liveness properties Summary
![Page 3: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/3.jpg)
3
oo-Distributed Systemsoo-Distributed Systems
Composed of objects/components
Objects are distributed across multiple machines executing in parallel
Communication is done via object requests
Client/Server interaction, via request invocations, form the synchronization behaviour of a distributed application
![Page 4: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/4.jpg)
4
oo-Distributed Systems oo-Distributed Systems DesignDesign
Design of distributed objects is complex Non-deterministic behaviour of dynamic
component interactions Different synchronization primitives Subtle differences to local-based
counterparts (Deadlock by recursion)
Lack of design and analysis support Main focus on static characteristics Large number of potential test cases
![Page 5: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/5.jpg)
5
Motivating ScenarioMotivating Scenario
![Page 6: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/6.jpg)
6
Motivations & ChallengesMotivations & Challenges
Confront complexities by offering developers with design aid
Complement existing Software Engineering validation and verification techniques
Only expose designers to the popular UML notation
Solution not dependent on any specific semantic notation
Build on existing tools and notations
![Page 7: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/7.jpg)
7
Our ApproachOur Approach
Assume distributed systems are built using middleware
Exploit the fact that there are only few middleware primitives for synchronization of distributed objects
Representation of these primitives as stereotypes in UML models
Formal specification of stereotype semantics
Model checking of UML models against given safety and liveness properties
![Page 8: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/8.jpg)
8
Approach OverviewApproach Overview
Stereotype UML Class &
Statechart diagrams +
props.
Process Algebra Generation
Model CheckingResults – UML
Sequence diagrams
Design Domain Verification Domain
![Page 9: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/9.jpg)
9
Communication PrimitivesCommunication Primitives
Distributed objects communicate by object requests
Middleware synchronization primitives define how a client object: Invokes a method request Operates during invocation processing Obtains results of method invocation
Middleware threading policies define how a server object: Receives method requests Handles concurrent requests
![Page 10: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/10.jpg)
10
Policies & PrimitivesPolicies & Primitives
Mainstream object middleware provides few primitives and policies
Synchronization Primitives (Client-side): Synchronous Requests Deferred Synchronous Requests One-way Requests Asynchronous Requests
Threading Policies (Server-side): Single Threaded Multi Threaded
![Page 11: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/11.jpg)
11
Stereotype UML Class &
Statechart diagrams +
props
Approach OverviewApproach Overview
Process Algebra Generation
Model CheckingResults – UML
Sequence diagrams
Developer Domain
Verification Domain
![Page 12: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/12.jpg)
12
Trading Class DiagramTrading Class Diagram
Trader
receiveServerUpdates()
<<singleThreaded>>NotificationServer
receiveEquityData()
addTrader()
removeTrader()
<<singleThreaded>>
EquityServer
receiveTraderUpdate()
<<singleThreaded>>
notifier
controllermyEquityServer
traders
myUpdateServer
traders
![Page 13: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/13.jpg)
13
Notification Server Notification Server StatechartStatechart
idle
sending
addTraderremoveTrader
preparing data
receiveEquityData
reply
traders.receiveServerUpdates()<<synchronous>>
finishedsendout
![Page 14: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/14.jpg)
14
Equity Server StatechartEquity Server Statechart
idle
update
updates completed
notifier.receiveEquityData()<<synchronous>>
receiveTraderUpdate
reply
![Page 15: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/15.jpg)
15
Object DiagramObject Diagram
equityServer1:EquityServer
trader1:Trader
trader2:Trader
notifier1:NotificationServer
trader3:Trader
Used to depict run-time configuration of the system
![Page 16: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/16.jpg)
16
User defined propertiesUser defined properties
Designers must specify properties that the modelled system must adhere to
Enforce restriction on parallel execution of state diagram models
Safety Nothing bad happens during execution Deadlock, event ordering
Liveness Something good eventually happens Eventual termination
![Page 17: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/17.jpg)
17
Safety PropertySafety Property
1
2
NotificationServer.receiveEquityData
0
EquityServer.receiveTraderUpdate
Specifies action ordering across the three state diagrams
Trader.receiveServerUpdates
![Page 18: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/18.jpg)
19
Liveness PropertyLiveness Property
Trader
<<progress>> receiveServerUpdates()
<<singleThreaded>>NotificationServer
<<progress>> receiveEquityData()addTrader()removeTrader()
<<singleThreaded>>
EquityServer
<<progress>> receiveTraderUpdate()
<<singleThreaded>>
notifier
controllermyEquityServer
traders
myUpdateServer
traders
Progress evaluates to the temporal logic property of “always eventually”
![Page 19: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/19.jpg)
20
Process Algebra Generation
Stereotype UML Class &
Statechart diagrams +
props
Approach OverviewApproach Overview
Model CheckingResults – UML
Sequence diagrams
Developer Domain
Verification Domain
![Page 20: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/20.jpg)
21
Process Algebra Process Algebra GenerationGeneration
Use Finite State Process algebra (Magee & Kramer 99) to model object synchronisation
Finite number of synchronization primitives and activation policies Define FSP fragments for all primitive/policy combinations
Compose FSP fragments along the combination of client/server primitives and the object diagram
![Page 21: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/21.jpg)
22
<<singleThreaded>>
Process Algebra Process Algebra GenerationGeneration
Equity Server StatechartTrading Class Diagram
idle
update
updates completed
notifier.receiveEquityData()
<<synchronous>>
receiveTraderUpdate
reply
NotificationServer
EquityServer<<singleThreaded>>
notifier
controller
Combination of single threaded server and synchronous invocation detected
![Page 22: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/22.jpg)
23
Application FSP Application FSP SpecificationSpecification
EQUITYSERVER=(startserver->Idle),
Idle=(receivetraderupdate->Update),
Update=(notifier.receiveequitydata->receiveInvocationReply ->Updatescompleted),
Updatescompleted=(reply->Idle).
NOTIFICATIONSERVER=(startnotificationserver->Idle),
Idle=(receiveequitydata->Preparingdata | addtrader->Idle | removetrader->Idle),
Preparingdata=(reply->Sending),
Sending=(traders.receiveserverupdates->receiveInvocationReply ->Sending | finishedsendout->Idle).
||TRADING_SYSTEM = (notifier1:NOTIFICATIONSERVER || equityserver1:EQUITYSERVER
|| notificationserverOA:NOTIFIER_OA ) /{
equityserver1.notifier.receiveequitydata / notificationserverOA.receiveRequest,
equityserver1.receiveInvocationReply / notificationserverOA.relayReply,
notifier1.receiveequitydata / notificationserverOA.relayRequest,
notifier1.reply / notificationserverOA.receiveReply }.
NOTIFIER_OA =(receiveRequest->relayRequest->receiveReply->relayReply->NOTIFIER_OA).
![Page 23: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/23.jpg)
24
User-defined Property FSP User-defined Property FSP SpecificationSpecification
Safety:property SFY_1= ({trader1,trader2}.equityServer1.receivetraderupdate->S1),S1= ({equityServer1}.notifier1.receiveequitydata->S2),S2= ( {notifier1}.trader1.receiveserverupdates->SFY_1 | {notifier1}.trader2.receiveserverupdates->SFY_1).
Liveness:progress EQUITYSERVER_PRG={ trader1.equityServer1.receivetraderupdate,trader2.equityServer1.receivetraderupdate}
progress NOTIFICSERVER_PRG ={equityServer1.notifier1.receiveequitydata }
progress TRADER_PRG = {notifier1.trader1.receiveserverupdates,notifier1.trader2.receiveserverupdates }
![Page 24: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/24.jpg)
25
Process Algebra Generation
Stereotype UML Class &
Statechart diagrams +
props
Approach OverviewApproach Overview
Model CheckingGenerate UML
Sequence diagrams for
results
Developer Domain
Verification Domain
![Page 25: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/25.jpg)
26
Model CheckingModel Checking
Generate a Labelled Transition System from the input process algebra
Carry out an exhaustive search in state space of the underlying LTS for action traces leading to property violations
In case of violation, produce an action trace
Trace is used to construct a UML sequence diagram to show scenario leading to the property violation
For liveness violations the sequence diagram depicts the trace to the terminal set
![Page 26: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/26.jpg)
27
Context aware Context aware minimizationminimization
Model checking suffers from the state explosion problem
Optimisation is achieved by: Only modelling the synchronization
behaviour of a middleware application Building a state space of transitions in
state diagrams that only correspond to remote requests
TraderOATrader
![Page 27: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/27.jpg)
28
Process Algebra Generation
Stereotyped UML Class &
Statechart diagrams +
props
Approach OverviewApproach Overview
Model CheckingResults – UML
Sequence diagrams
Developer Domain
Verification Domain
![Page 28: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/28.jpg)
29
Relating ResultsRelating Results
Scenario demonstrating method invocations leading to deadlock
trader1: Trader
equityServer1: EquityServer
notifier1 : NotificationServer
receiveTraderUpdatereceiveEquityData
receiveServerUpdates
receiveTraderUpdate
receiveServerUpdates
receiveEquityData
![Page 29: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/29.jpg)
30
SummarySummary
Tackle non-deterministic synchronisation problems in oo-middleware systems at design
Defined semantics for client/server communication primitives
Used the powers of the model checking to detect potential execution traces that leading to property violations
Confine designers to a pure UML interaction only
Introduced no new notations
![Page 30: 1 Qualitative Reasoning of Distributed Object Design Nima Kaveh & Wolfgang Emmerich Software Systems Engineering Dept. Computer Science University College.](https://reader036.fdocuments.us/reader036/viewer/2022081519/56649f155503460f94c2b573/html5/thumbnails/30.jpg)
31
Future WorkFuture Work
Investigate heuristic approaches such as pattern detection in the UML design diagrams
Carry out an industrial case study to analyse the scalability and feasibility of our approach
Provide semantic mapping to the Promela (SPIN), to demonstrate the general applicability of our concepts