Verifying the correct composition of distributed components: Formalisation and Tool

VERIFYING THE CORRECT COMPOSITION OF DISTRIBUTED COMPONENTS:FORMALISATION AND TOOL

Ludovic Henrio1, Oleksandra Kulankhina1,2, Dongqian Liu3, Eric Madelaine1,2

1: Univ. of Nice Sophia Antipolis, CNRS, France

2: INRIA – Sophia Antipolis, SCALE team, France

3: East China Normal University, China

FOCLASA , 06/09/2014, Rome

2

Context

• Grid Component Model: hierarchical components for distributed systems

• Design and execution environment for GCM:

VerCors: design

application

ADL files

Component Factory:

Generate components

GCM Compo-

nents

ProActive: deploy and

run components

Global objective: ensure correct execution of large-scale distributed applications

3

Challenges

• No formal model for GCM architecture

• No notion of well-formed components in GCM

• No communication between business logic and control part

• VerCors tool was not completely implemented

4

Contribution• formalisation of GCM component architecture

• validation constraints that ensure static properties for GCM component assemblies

• formalisation of the notion of interceptors in GCM

• implementation of a graphical modeling environment for GCM

• implementation of architecture validity checks with respect to the proposed formalisation

5

Agenda

• Motivation and goal• Background• Formalisation

• Separation of concerns in GCM architecture• Interceptors• Constraints and properties

• Implementation• Tool: VerCors

• Application to the other component models• Conclusion and future work

6

Background: Grid Component Model (GCM)

Primitive: encapsulates code

Composite: contains other components

Client interfaces: invoke methods, receive results

Server interfaces: serve methods, send resultsBindings

Hierarchical Distributed Asynchronous

7

Agenda





8

Separation of concerns in GCM architecture

• Content: responsible for business logic

• Membrane: responsible for control part

• Functional and non-functional interfaces

• Business logic and control part can be designed separately

9

Interceptors: what they are used for?• Example: Monitoring and reconfiguration

10

How do we recognize interceptors chains?

• all the components are nested inside the membrane

• all the components have exactly one functional server and one functional client interface

• The interceptors form a chain

• the first and the last components of the chain are connected to the composing component

11

Formalization• Architecture • Validation Contraints

• Wellformness

• Interceptors

12

Static properties and validation rules (1)

Component encapsulation

Bindings do not cross the boundaries of the components

Correct typing

Interfaces connected by bindings have compatible roles

Interfaces connected by bindings have compatible methods

13


Deterministic communications

Each client interface is connected to at most one server interface

Unique naming

Interfaces have unique names inside a container

Components have unique names inside a container

14


Separation of concerns

The interfaces connected by a binding should have compatible control levels

• CL of a functional interface = 1• CL of a non-functional interface = 2• CL is increased by 1 for interfaces of controllers

• Compatible CLs: either both = 1, or both >1

15


• CL of a functional interface = 1

• CL of a non-functional interface = 2

• CL is increased by 1 for interfaces of controllers

• Compatible CL: either = 1, or >1 1

1 1

1

12

22

2

21

16

Agenda





17

Tool: VerCors• Based on Obeo

Designer

• Graphical environment for GCM Components and UML Diagrams

Produces ADL files, Java classes and Java interfaces

Distributed as Eclipse plugins

18

Static validation in VerCors

• Check all the constraints specified in the paper

• Use Acceleo, OCL and Java Services

• Inform user about the violation of constraints

19

Agenda

• Motivation and goal• Background• Formlisation




20

Application to the other component models

• Fractal: would reuse everything except non-functional aspect and interceptors

• AOKell: would reuse non-functional part and componentized membrane

• SOFA: hierarchical structure, componentized membrane, “delegation chains” that act like interceptors; would reuse most of our constraints

• SCA: hierarchical model, would reuse a lot of notions

21

Agenda

• Motivation and goal• Background• Formlisation




22

Conclusion

• A formal model for GCM architecture

• The well-formness properties of GCM components

• Formalization of interceptors in GCM

• A graphical specification environment for GCM components modeling and static validation

• Application to other component models

23

Future work

• Tool evolution: Produce behavioral models and model-check them Generate Java code for UML State Machines

• Validate other static properties as a prerequesite for the generation of behavior models• check compatibility between the State Machines and

UML Interfaces

24

Thank you for your attention!

Verifying the correct composition of distributed components:

Formalisation and Tool Ludovic Henrio, Oleksandra Kulankhina, Dongqian Liu, Eric Madelaine

References:• Vercors: https://team.inria.fr/scale/software/vercors/• GCM: F. Baude, D. Caromel, C. Dalmasso, M. Danelutto, V. Getov, L. Henrio,

C. Perez: GCM: A Grid Extension to Fractal for Autonomous Distributed Components, in Annals of Telecommunications, Vol. 64, no1, jan 2009.

• Francoise Baude, Ludovic Henrio & Cristian Ruz (2014): Programming distributed and adapt- able autonomous components-the GCM/ProActive framework. Software: Practice and Experience, doi:10.1002/spe.2270. Available at http://dx.doi.org/10.1002/spe.2270.

25

Group communications

1xN communications: multicast Nx1 communications: gathercast

Verifying the correct composition of distributed components: Formalisation and Tool

Documents

Transcript of Verifying the correct composition of distributed components: Formalisation and Tool