Rewriting Logic Model of Compositional Abstraction of Aspect-Oriented Software

Rewriting Logic Model of Compositional Abstraction of Aspect-Oriented Software

FOAL '10 Mar. 15, 2010

Yasuyuki Tahara, Akihiko OhsugaThe University of Electro-Communications, Tokyo, Japan

Shinichi HonidenNational Institute of Informatics and The University of Tokyo, Japan

Contents Backgrounds: Compositionality for AO

software Research aim: Compositional abstraction of

AO software Our approach

◦ Based on equational abstraction in rewriting logic◦ Consistent with an existing state machine model

Related work Conclutions and future work

Backgrounds Compositionality is a useful feature of

software specification approaches

◦ Analysis and reasoning of the entire system can be reduced to those of the components

Potential reduction of computational costs

Reuse of results of analysis and reasoning

◦ Also considered important to aspect-oriented (AO) software specifications

Compositionality for AO Software

Base System

Aspect

Entire System

Information aboutBase System

Informationabout Aspect

Information aboutEntire System

Weaving

Compose

Analysis/Reasoning

Both paths lead to the same information

Examples of Compositionality for AO Software [Jagadeesan et al. '07]: Compositional

bisimilarity relation for a process calculus model of AO software

Base System 1

Aspect 1

Entire System 1

Weaving

Base System 2

Aspect 2

Entire System 2

Weaving

Bisimilar

Bisimilar

Examples of Compositionality for AO Software [Goldman & Katz '07], [Katz & Katz '09]:

Modular model checking of state machine models of AO software

Base System

Aspect

Entire System

Weaving

true

true

true

Assume-GuaranteeReasoning

ModelChecking

impliesand

Aim of Our Research Abstraction of AO software in a compositional

way

Abstraction: Building a system model (abstract model) consisting of abstract constituents obtained from the original system model (concrete model)

Analysis and reasoning about the abstract model provide useful information about the concrete model efficiently

Compositional Abstraction of AO Software

Base System

Aspect

Entire System

Abstract Base System

Abstract Aspect

Abstract Entire System

Weaving

Weaving

Abstraction

Both paths lead to the same model

Abstraction

Our Approach Try to use the model of [Katz & Katz '09]

◦ Reason: We have a simple abstraction theory for state machine models

Problem: Difficult (or perhaps impossible) to show the compositionality of abstraction

Our Approach Solution: Use the equational abstraction

theory [Meseguer et al. '08]

◦ Based on an algebraic specification framework called rewriting logic

Easy to build compositional models

◦ Extension of state machine abstraction

Our ApproachStep 1: Build a rewriting logic model

extending the state machine model of aspects

◦ In fact, this model is more generic than state machine

◦ For example, it can represent operational semantics of programming languages in detail

Step 2: Show compositionality of equational abstraction of the model built in Step 1

Our Approach

State machine model

Abstraction

Property

Aspect model

+ Aspects Mappin

g

Rewriting logic

Property Equational

abstraction

Mapping

(Our original contributions)

Our Approach

State machine model

Abstraction

Aspect model

Rewriting logic

Equational abstraction

Property

+ Aspects Mappin

g

Property

Mapping


State Machine Model A (finite) state machine M is a tuple (SM , S0

M, →M , LM ) where

◦ SM is the finite set of states

◦ S0M (⊆ SM ) is the set of initial states

◦ →M (⊆ SM × SM ) is the transition relation

This needs to be total, i. e. there is at least one transition from each state

State Machine Model (Continued from the definition of the state

machine M )

◦ LM : SM → 2AP is the labeling function on the finite set of atomic propositions AP

“p ∈ LM (s )” means that the proposition p holds at the state s

For a temporal logic (such as CTL*) proposition Φ, the satisfaction relation “M |=Φ ” is defined

Example of State Machine(Taken from [Goldman & Katz '07])

({s1, s2}, {s1}, {(s1, s1), (s1, s2), (s2, s2), (s2, s1)}, L )

◦ L(s1) = {a }, L(s2) = {b }

s1 s2

{a }

{b }

a holds at s1 and b does notb holds at s2 and a does not

Abstraction of State Machines A state machine M ' is an abstraction of M if

and only if we have a surjective mapping (called an abstraction mapping) SM ' → SM consistent with the other constructs

Theorem: For any proposition Φ of a temporal logic system called ACTL, M |= Φ implies

M ' |= Φ

Our Approach

State machine model

Abstraction

Rewriting logic

Property

Aspect model

+ Aspects


Property

Mapping

Mapping


State Machine Model of Aspects An aspect machine A is a tuple (SA , S0

A, →A , LA ) defined similarly as state machines except →A needs not to be total

◦ The set of states without outgoing transitions is written as Sret

A (⊆ SA ) and its elements are called return states

Example of Aspect Machine(Taken from [Goldman & Katz '07] and

modified)

({s3, s4, s5}, {s3}, {(s3, s4), (s4, s5)}, L )

◦ L(s3) = {a, b }, L(s4) = {}, L(s5) = {b }

s3 s4

{a }

{}

s5

{b }

State Machine Model of Aspects A label is a subset of AP

The label of a path s1... sn of M (i. e. si →M si+1 for each i = 1, ..., n -1) is the sequence of labels LM (s1)... LM (sn ) written as label (s1... sn

)

s1 s2

{a }

{b }

label (s1s2s1) = {a}{b}{a}label (s1s2s2s1) = {a}{b}{b}{a}

State Machine Model of Aspects A pointcut descriptor ρ over AP is a

predicate on a finite sequence of labels

◦ ρ : (2AP )* → {true, false}

where X * represents the set of finite sequences of elements of X

State Machine Model of Aspects Pointcut-ready machine for a state machine

B and a pointcut descriptor ρ is a state machine B ρ satisfying the following conditions

◦ SB ⊆ SB ρ

◦ A new atomic proposition pointcut holds at a state s ∈ SB ρ if and only if there is a path s1... sn where s1 ∈ S0

B ρ, sn = s, and ρ (label (s1... sn )) is true

“New” means that ￢ (pointcut ∈ AP )

State Machine Model of Aspects (Continued from the definition of the

pointcut-ready machine B ρ )

◦ Each infinite path of B or B ρ have its counterpart in the other machine that is mapped by the function “label ” to the same label except pointcut

B and B ρ are trace equivalent w. r. t. their labeling functions

Example of Pointcut-Ready Machine(Taken from [Goldman & Katz '07])

s1 s2

{a }

{b }

B ρ (l ) is true if and only ifl ends with three labelsincluding “b ”, “b ”, and “a ”respectivelyB

ρ

s1 s2

{a }

{b }

s6 s7

{a, pointcut }

{a }{b }{b }{a }

State Machine Model of Aspects The augmented machine B obtained from a

pointcut-ready machine B ρ and an aspect machine A is created as follows

◦ The state set and the labeling function of B are the unions of B ρ and A

◦ The initial states of B are the initial states of B ρ

~

~

~

State Machine Model of Aspects (Continued from the definition of the

augmented machine B )

◦ The transitions of B consist of the following

Most of the transitions of B ρ and A

New transitions connecting B ρ and A

The details are shown in the next slide

~

~

Example of Augmented Machine

s3 s4

{a }

{}

s5

{b }

s1 s2

{a }

{b }

s6 s7

{a, pointcut }

A

B

ρ

No outgoing transitions


s3 s4

{a }

{}

s5

{b }

s1 s2

{a }

{b }

s6 s7

{a, pointcut }

A

B

ρ

The same label exceptpointcut


s3 s4

{a }

{}

s5

{b }

s1 s2

{a }

{b }

s6 s7

{a, pointcut }

A

B

ρ


s3 s4

{a }

{}

s5

{b }

s1 s2

{a }

{b }

s6 s7

{a, pointcut }

A

B

ρ

The same labelwith the return states


s3 s4

{a }

{}

s5

{b }

s1 s2

{a }

{b }

s6 s7

{a, pointcut }

A

B

ρ

Our Approach

State machine model

Abstraction

Rewriting logic

Property

Aspect model

+ Aspects


Property

Mapping

Mapping


Rewriting Logic Extension of equational logic

Equational logic

◦ A formula is an equality of terms

◦ A term is composed by constant, variable, and operator symbols

◦ Equalities are derived from axioms (equations) and inference rules

Examples in Equational Logic f(x, a), pop(push(a, push(b, empty))):

examples of terms

◦ a, b, empty: constant symbols

◦ x: a variable symbol

◦ f, pop, push: operator symbols

The word “symbol(s)” will be omitted hereafter

Examples in Equational Logic Replacement inference rule

◦ For terms s1 and s2 that may contain variables x1, ..., xn, and terms t1, ..., tn,

◦ s1 = s2 implies◦ s1([t1/x1], ..., [tn /xn ] ) = s2([t1/x1], ..., [tn /xn ] )

◦ where ([t1/x1], ..., [tn /xn ] ) represents simultaneous substitutions of x1, ..., xn to t1, ..., tn

Examples in Equational Logic Equation “pop(push(x, s)) = s” derives an

equality

pop(push(a, push(b, empty))) = push(b, empty)

by the Replacement inference rule

Rewriting Logic Equational logic + rewriting relation

◦ Represented by an arrow: s → t

Rewrite rules: axioms for the rewriting relation

Inference rules similar as equational logic

◦ Except the Symmetry rule (x = y implies y = x )

Our Approach

State machine model

Abstraction

Rewriting logic

Property

Aspect model

+ Aspects


Property

Mapping

Mapping


Mapping State Machines to Rewriting Logic States, atomic propositions → Constants

Transitions → Rewrite rules for states

Labeling function → Operators

◦ Mapping a pair (state, atomic proposition) to a boolean value

Mapping State Machines to Rewriting Logic An example

◦ Constants: s1, s2, a, b

◦ operators: init, _|=_

_|=_(s, p) is also written as (s |= p )

◦ Rewrite rules: s1 → s1, s1 → s2, s2 → s2, s2 → s1

◦ Equations: init(s1) = true, (s2 |= a) = false, etc.

s1 s2

{a }

{b }

Mapping Rewriting Logic to State Machines Equivalence classes of terms → States

One-step rewriting relations → Transitions

◦ “One-step”: Not using the Transitivity inference rule(s → t and t → u implies s → u )

(Other constructs are given in advance)

Our Approach

State machine model

Abstraction

Rewriting logic

Property

Aspect model

+ Aspects


Property

Mapping

Mapping


Equational Abstraction For an axiomatic system of rewriting logic

(called a rewrite theory) R, K (R ) represents the state machine created from R

Theorem: If E is a set of equations for the terms of R above satisfying some properties, K (R ∪ E ) is an abstraction of K (R )

◦ Abstraction mapping: [t ]R is mapped to [t ]R ∪ E where [t ]... represents the equivalence class

Our Approach

State machine model

Abstraction

Rewriting logic

Property

Aspect model

+ Aspects


Property

Mapping

Mapping


Aspectual Rewrite Theory (ART) An ART is a rewrite theory in which

◦ States and transitions of all of the base system and the aspects are treated as constants and rewrite rules resp.

◦ Constructs for state sequences are included

ts denotes a sequence where “s ” is the last state succeeding the sequence “t ”

Treated as execution traces

Aspectual Rewrite Theory (ART) (Continued from the definition of ARTs)

◦ For a base system state sb and an aspect state sa

as(tsb , sa ) = true if and only if sa can be the next state of sb when the pointcut of the aspect matches the trace tsb

rstrt(sa , sb) = true if and only if sa is a terminal state of its aspect and sb can be its next state

“as” and “rstrt” stands for “aspect selection” and “restart” respectively

Example of ART

s3 s4

{a }

{}

s5

{b }

s1 s2

{a }

{b }

Consider the rewrite theory created from these state and aspect machines

as(s1s2s2s1, s3) = true

rstrt(s1, s3) = true

Creating an Augmented ART An augmented ART (AART) R+ is obtained

from an ART R as follows

◦ Transformation:◦ A rewrite rule for the state terms of R s → s'◦ → A rewrite rule for the state sequences in R+

◦ ts →tss'

◦ Add ts →tss' if as(s, s') = true or rstrt(s, s') = truets s

t

tss' s s

'

Example of AART

s3 s4

{a }

{}

s5

{b }

s1 s2

{a }

{b }


as(s1s2s2s1, s3) = true

Example of AART

s3 s4

{a }

{}

s5

{b }

s1 s2

{a }

{b }


Example of AART

s3 s4

{a }

{}

s5

{b }

s1 s2

{a }

{b }


rstrt(s1, s3) = true

Example of AART

s3 s4

{a }

{}

s5

{b }

s1 s2

{a }

{b }


Relation with State Machine Model Theorem: Suppose that

◦ A base state machine, an aspect machine, and a pointcut descriptor are given

◦ R be the ART created from them in the same way as Slide 48

◦ M be the augmented machine created from them

Relation with State Machine Model (Continued from the Theorem)

Then, each infinite path of K (R+ ) or M has its counterpart in the other machine with the same label

◦Trace equivalence w. r. t. labeling

Corollary: K (R+ ) and M satisfy the same propositions of ACTL

Relation with State Machine Model

State machine model

Abstraction

Rewriting logic

Property

Aspect model

+ Aspects


Property

Mapping

Mapping


Outline of Proof Split the path or the rewriting history into

fragments alternating between:

◦ Base system execution, and

◦ Advice execution

Find the counterpart of each fragment and connect the counterparts

Our Approach

State machine model

Abstraction

Rewriting logic

Property

Aspect model

+ Aspects


Property

Mapping

Mapping


Compositionality of Equational Abstraction on AART Theorem: For an ART R and a set of

equations E satisfying some properties,

R+ ∪ E and (R ∪ E )+ coincidesEquationalabstractionwith EAbstraction

after weavingWeaving after abstraction Corollary:

A similar fact about trace equivalence w. r. t. labeling holds for the state machine model

Related Work [Jagadeesan et al. '07]

◦ Compositionality of bisimulation

◦ Difficult to check the relation automatically

◦ Abstraction

Automatically computable

Implies one-way simulation

Related Work [Braga '08]

◦ Constructive approach to structural operational semantics

Enhance semantics of AO constructs to existing semantics in a compositional way

Currently only for the “call” pointcut descritor

Potential to make our approach much simpler

Conclusions Compositional abstraction of AO software

based on

◦ State machine model of AO software and

◦ Equational abstraction in rewriting logic

Applied to the state machine model

Future Work Restructuring based on Braga's work

Treatment of aspect compositions

◦ Current model can handle only one aspect at the same time

Evaluations using examples

◦ Effects to state space reduction in model checking

Future Work Extensions to operational semantics of

programming languages

Extensions to other compositional analysis and reasoning of AO software

◦ Model transformation

Thank you very much for your attention!

Questions and comments?

Documents

Rewriting Logic Model of Compositional Abstraction of Aspect-Oriented Software