rewriting logic model of compositional abstraction of aspect-oriented software
DESCRIPTION
Rewriting Logic Model of Compositional Abstraction of Aspect-Oriented Software. Yasuyuki Tahara, Akihiko Ohsuga The University of Electro-Communications, Tokyo, Japan Shinichi Honiden National Institute of Informatics and The University of Tokyo, Japan. FOAL '10Mar. 15, 2010. Contents. - PowerPoint PPT PresentationTRANSCRIPT
Rewriting Logic Model of Compositional Abstraction of Aspect-Oriented Software
FOAL '10 Mar. 15, 2010
Yasuyuki Tahara, Akihiko OhsugaThe University of Electro-Communications, Tokyo, Japan
Shinichi HonidenNational Institute of Informatics and The University of Tokyo, Japan
Contents Backgrounds: Compositionality for AO
software Research aim: Compositional abstraction of
AO software Our approach
◦ Based on equational abstraction in rewriting logic◦ Consistent with an existing state machine model
Related work Conclutions and future work
Backgrounds Compositionality is a useful feature of
software specification approaches
◦ Analysis and reasoning of the entire system can be reduced to those of the components
Potential reduction of computational costs
Reuse of results of analysis and reasoning
◦ Also considered important to aspect-oriented (AO) software specifications
Compositionality for AO Software
Base System
Aspect
Entire System
Information aboutBase System
Informationabout Aspect
Information aboutEntire System
Weaving
Compose
Analysis/Reasoning
Both paths lead to the same information
Examples of Compositionality for AO Software [Jagadeesan et al. '07]: Compositional
bisimilarity relation for a process calculus model of AO software
Base System 1
Aspect 1
Entire System 1
Weaving
Base System 2
Aspect 2
Entire System 2
Weaving
Bisimilar
Bisimilar
Examples of Compositionality for AO Software [Goldman & Katz '07], [Katz & Katz '09]:
Modular model checking of state machine models of AO software
Base System
Aspect
Entire System
Weaving
true
true
true
Assume-GuaranteeReasoning
ModelChecking
impliesand
Aim of Our Research Abstraction of AO software in a compositional
way
Abstraction: Building a system model (abstract model) consisting of abstract constituents obtained from the original system model (concrete model)
Analysis and reasoning about the abstract model provide useful information about the concrete model efficiently
Compositional Abstraction of AO Software
Base System
Aspect
Entire System
Abstract Base System
Abstract Aspect
Abstract Entire System
Weaving
Weaving
Abstraction
Both paths lead to the same model
Abstraction
Our Approach Try to use the model of [Katz & Katz '09]
◦ Reason: We have a simple abstraction theory for state machine models
Problem: Difficult (or perhaps impossible) to show the compositionality of abstraction
Our Approach Solution: Use the equational abstraction
theory [Meseguer et al. '08]
◦ Based on an algebraic specification framework called rewriting logic
Easy to build compositional models
◦ Extension of state machine abstraction
Our ApproachStep 1: Build a rewriting logic model
extending the state machine model of aspects
◦ In fact, this model is more generic than state machine
◦ For example, it can represent operational semantics of programming languages in detail
Step 2: Show compositionality of equational abstraction of the model built in Step 1
Our Approach
State machine model
Abstraction
Property
Aspect model
+ Aspects Mappin
g
Rewriting logic
Property Equational
abstraction
Mapping
(Our original contributions)
Our Approach
State machine model
Abstraction
Aspect model
Rewriting logic
Equational abstraction
Property
+ Aspects Mappin
g
Property
Mapping
(Our original contributions)
State Machine Model A (finite) state machine M is a tuple (SM , S0
M, →M , LM ) where
◦ SM is the finite set of states
◦ S0M (⊆ SM ) is the set of initial states
◦ →M (⊆ SM × SM ) is the transition relation
This needs to be total, i. e. there is at least one transition from each state
State Machine Model (Continued from the definition of the state
machine M )
◦ LM : SM → 2AP is the labeling function on the finite set of atomic propositions AP
“p ∈ LM (s )” means that the proposition p holds at the state s
For a temporal logic (such as CTL*) proposition Φ, the satisfaction relation “M |=Φ ” is defined
Example of State Machine(Taken from [Goldman & Katz '07])
({s1, s2}, {s1}, {(s1, s1), (s1, s2), (s2, s2), (s2, s1)}, L )
◦ L(s1) = {a }, L(s2) = {b }
s1 s2
{a }
{b }
a holds at s1 and b does notb holds at s2 and a does not
Abstraction of State Machines A state machine M ' is an abstraction of M if
and only if we have a surjective mapping (called an abstraction mapping) SM ' → SM consistent with the other constructs
Theorem: For any proposition Φ of a temporal logic system called ACTL, M |= Φ implies
M ' |= Φ
Our Approach
State machine model
Abstraction
Rewriting logic
Property
Aspect model
+ Aspects
Equational abstraction
Property
Mapping
Mapping
(Our original contributions)
State Machine Model of Aspects An aspect machine A is a tuple (SA , S0
A, →A , LA ) defined similarly as state machines except →A needs not to be total
◦ The set of states without outgoing transitions is written as Sret
A (⊆ SA ) and its elements are called return states
Example of Aspect Machine(Taken from [Goldman & Katz '07] and
modified)
({s3, s4, s5}, {s3}, {(s3, s4), (s4, s5)}, L )
◦ L(s3) = {a, b }, L(s4) = {}, L(s5) = {b }
s3 s4
{a }
{}
s5
{b }
State Machine Model of Aspects A label is a subset of AP
The label of a path s1... sn of M (i. e. si →M si+1 for each i = 1, ..., n -1) is the sequence of labels LM (s1)... LM (sn ) written as label (s1... sn
)
s1 s2
{a }
{b }
label (s1s2s1) = {a}{b}{a}label (s1s2s2s1) = {a}{b}{b}{a}
State Machine Model of Aspects A pointcut descriptor ρ over AP is a
predicate on a finite sequence of labels
◦ ρ : (2AP )* → {true, false}
where X * represents the set of finite sequences of elements of X
State Machine Model of Aspects Pointcut-ready machine for a state machine
B and a pointcut descriptor ρ is a state machine B ρ satisfying the following conditions
◦ SB ⊆ SB ρ
◦ A new atomic proposition pointcut holds at a state s ∈ SB ρ if and only if there is a path s1... sn where s1 ∈ S0
B ρ, sn = s, and ρ (label (s1... sn )) is true
“New” means that ¬ (pointcut ∈ AP )
State Machine Model of Aspects (Continued from the definition of the
pointcut-ready machine B ρ )
◦ Each infinite path of B or B ρ have its counterpart in the other machine that is mapped by the function “label ” to the same label except pointcut
B and B ρ are trace equivalent w. r. t. their labeling functions
Example of Pointcut-Ready Machine(Taken from [Goldman & Katz '07])
s1 s2
{a }
{b }
B ρ (l ) is true if and only ifl ends with three labelsincluding “b ”, “b ”, and “a ”respectivelyB
ρ
s1 s2
{a }
{b }
s6 s7
{a, pointcut }
{a }{b }{b }{a }
State Machine Model of Aspects The augmented machine B obtained from a
pointcut-ready machine B ρ and an aspect machine A is created as follows
◦ The state set and the labeling function of B are the unions of B ρ and A
◦ The initial states of B are the initial states of B ρ
~
~
~
State Machine Model of Aspects (Continued from the definition of the
augmented machine B )
◦ The transitions of B consist of the following
Most of the transitions of B ρ and A
New transitions connecting B ρ and A
The details are shown in the next slide
~
~
Example of Augmented Machine
s3 s4
{a }
{}
s5
{b }
s1 s2
{a }
{b }
s6 s7
{a, pointcut }
A
B
ρ
No outgoing transitions
Example of Augmented Machine
s3 s4
{a }
{}
s5
{b }
s1 s2
{a }
{b }
s6 s7
{a, pointcut }
A
B
ρ
The same label exceptpointcut
Example of Augmented Machine
s3 s4
{a }
{}
s5
{b }
s1 s2
{a }
{b }
s6 s7
{a, pointcut }
A
B
ρ
Example of Augmented Machine
s3 s4
{a }
{}
s5
{b }
s1 s2
{a }
{b }
s6 s7
{a, pointcut }
A
B
ρ
The same labelwith the return states
Example of Augmented Machine
s3 s4
{a }
{}
s5
{b }
s1 s2
{a }
{b }
s6 s7
{a, pointcut }
A
B
ρ
Our Approach
State machine model
Abstraction
Rewriting logic
Property
Aspect model
+ Aspects
Equational abstraction
Property
Mapping
Mapping
(Our original contributions)
Rewriting Logic Extension of equational logic
Equational logic
◦ A formula is an equality of terms
◦ A term is composed by constant, variable, and operator symbols
◦ Equalities are derived from axioms (equations) and inference rules
Examples in Equational Logic f(x, a), pop(push(a, push(b, empty))):
examples of terms
◦ a, b, empty: constant symbols
◦ x: a variable symbol
◦ f, pop, push: operator symbols
The word “symbol(s)” will be omitted hereafter
Examples in Equational Logic Replacement inference rule
◦ For terms s1 and s2 that may contain variables x1, ..., xn, and terms t1, ..., tn,
◦ s1 = s2 implies◦ s1([t1/x1], ..., [tn /xn ] ) = s2([t1/x1], ..., [tn /xn ] )
◦ where ([t1/x1], ..., [tn /xn ] ) represents simultaneous substitutions of x1, ..., xn to t1, ..., tn
Examples in Equational Logic Equation “pop(push(x, s)) = s” derives an
equality
pop(push(a, push(b, empty))) = push(b, empty)
by the Replacement inference rule
Rewriting Logic Equational logic + rewriting relation
◦ Represented by an arrow: s → t
Rewrite rules: axioms for the rewriting relation
Inference rules similar as equational logic
◦ Except the Symmetry rule (x = y implies y = x )
Our Approach
State machine model
Abstraction
Rewriting logic
Property
Aspect model
+ Aspects
Equational abstraction
Property
Mapping
Mapping
(Our original contributions)
Mapping State Machines to Rewriting Logic States, atomic propositions → Constants
Transitions → Rewrite rules for states
Labeling function → Operators
◦ Mapping a pair (state, atomic proposition) to a boolean value
Mapping State Machines to Rewriting Logic An example
◦ Constants: s1, s2, a, b
◦ operators: init, _|=_
_|=_(s, p) is also written as (s |= p )
◦ Rewrite rules: s1 → s1, s1 → s2, s2 → s2, s2 → s1
◦ Equations: init(s1) = true, (s2 |= a) = false, etc.
s1 s2
{a }
{b }
Mapping Rewriting Logic to State Machines Equivalence classes of terms → States
One-step rewriting relations → Transitions
◦ “One-step”: Not using the Transitivity inference rule(s → t and t → u implies s → u )
(Other constructs are given in advance)
Our Approach
State machine model
Abstraction
Rewriting logic
Property
Aspect model
+ Aspects
Equational abstraction
Property
Mapping
Mapping
(Our original contributions)
Equational Abstraction For an axiomatic system of rewriting logic
(called a rewrite theory) R, K (R ) represents the state machine created from R
Theorem: If E is a set of equations for the terms of R above satisfying some properties, K (R ∪ E ) is an abstraction of K (R )
◦ Abstraction mapping: [t ]R is mapped to [t ]R ∪ E where [t ]... represents the equivalence class
Our Approach
State machine model
Abstraction
Rewriting logic
Property
Aspect model
+ Aspects
Equational abstraction
Property
Mapping
Mapping
(Our original contributions)
Aspectual Rewrite Theory (ART) An ART is a rewrite theory in which
◦ States and transitions of all of the base system and the aspects are treated as constants and rewrite rules resp.
◦ Constructs for state sequences are included
ts denotes a sequence where “s ” is the last state succeeding the sequence “t ”
Treated as execution traces
Aspectual Rewrite Theory (ART) (Continued from the definition of ARTs)
◦ For a base system state sb and an aspect state sa
as(tsb , sa ) = true if and only if sa can be the next state of sb when the pointcut of the aspect matches the trace tsb
rstrt(sa , sb) = true if and only if sa is a terminal state of its aspect and sb can be its next state
“as” and “rstrt” stands for “aspect selection” and “restart” respectively
Example of ART
s3 s4
{a }
{}
s5
{b }
s1 s2
{a }
{b }
Consider the rewrite theory created from these state and aspect machines
as(s1s2s2s1, s3) = true
rstrt(s1, s3) = true
Creating an Augmented ART An augmented ART (AART) R+ is obtained
from an ART R as follows
◦ Transformation:◦ A rewrite rule for the state terms of R s → s'◦ → A rewrite rule for the state sequences in R+
◦ ts →tss'
◦ Add ts →tss' if as(s, s') = true or rstrt(s, s') = truets s
t
tss' s s
'
Example of AART
s3 s4
{a }
{}
s5
{b }
s1 s2
{a }
{b }
Consider the rewrite theory created from these state and aspect machines
as(s1s2s2s1, s3) = true
Example of AART
s3 s4
{a }
{}
s5
{b }
s1 s2
{a }
{b }
Consider the rewrite theory created from these state and aspect machines
Example of AART
s3 s4
{a }
{}
s5
{b }
s1 s2
{a }
{b }
Consider the rewrite theory created from these state and aspect machines
rstrt(s1, s3) = true
Example of AART
s3 s4
{a }
{}
s5
{b }
s1 s2
{a }
{b }
Consider the rewrite theory created from these state and aspect machines
Relation with State Machine Model Theorem: Suppose that
◦ A base state machine, an aspect machine, and a pointcut descriptor are given
◦ R be the ART created from them in the same way as Slide 48
◦ M be the augmented machine created from them
Relation with State Machine Model (Continued from the Theorem)
Then, each infinite path of K (R+ ) or M has its counterpart in the other machine with the same label
◦Trace equivalence w. r. t. labeling
Corollary: K (R+ ) and M satisfy the same propositions of ACTL
Relation with State Machine Model
State machine model
Abstraction
Rewriting logic
Property
Aspect model
+ Aspects
Equational abstraction
Property
Mapping
Mapping
(Our original contributions)
Outline of Proof Split the path or the rewriting history into
fragments alternating between:
◦ Base system execution, and
◦ Advice execution
Find the counterpart of each fragment and connect the counterparts
Our Approach
State machine model
Abstraction
Rewriting logic
Property
Aspect model
+ Aspects
Equational abstraction
Property
Mapping
Mapping
(Our original contributions)
Compositionality of Equational Abstraction on AART Theorem: For an ART R and a set of
equations E satisfying some properties,
R+ ∪ E and (R ∪ E )+ coincidesEquationalabstractionwith EAbstraction
after weavingWeaving after abstraction Corollary:
A similar fact about trace equivalence w. r. t. labeling holds for the state machine model
Related Work [Jagadeesan et al. '07]
◦ Compositionality of bisimulation
◦ Difficult to check the relation automatically
◦ Abstraction
Automatically computable
Implies one-way simulation
Related Work [Braga '08]
◦ Constructive approach to structural operational semantics
Enhance semantics of AO constructs to existing semantics in a compositional way
Currently only for the “call” pointcut descritor
Potential to make our approach much simpler
Conclusions Compositional abstraction of AO software
based on
◦ State machine model of AO software and
◦ Equational abstraction in rewriting logic
Applied to the state machine model
Future Work Restructuring based on Braga's work
Treatment of aspect compositions
◦ Current model can handle only one aspect at the same time
Evaluations using examples
◦ Effects to state space reduction in model checking
Future Work Extensions to operational semantics of
programming languages
Extensions to other compositional analysis and reasoning of AO software
◦ Model transformation
Thank you very much for your attention!
Questions and comments?