Transcript [Slides (PPT)]

Rewriting Logic Model of
Compositional Abstraction of
Aspect-Oriented Software
Yasuyuki Tahara, Akihiko Ohsuga
The University of Electro-Communications, Tokyo, Japan
Shinichi Honiden
National Institute of Informatics and The University of Tokyo, Japan
FOAL '10
Mar. 15, 2010
Contents



Backgrounds: Compositionality for AO
software
Research aim: Compositional abstraction of
AO software
Our approach
◦ Based on equational abstraction in rewriting logic
◦ Consistent with an existing state machine model


Related work
Conclutions and future work
Backgrounds

Compositionality is a useful feature of
software specification approaches
◦ Analysis and reasoning of the entire system can be
reduced to those of the components
 Potential reduction of computational costs
 Reuse of results of analysis and reasoning
◦ Also considered important to aspect-oriented (AO)
software specifications
Compositionality for AO
Software
Aspec
t
Base
System
Weavin
g
Information
about
Aspect
Information
about
Base System
Entire
System
Analysis/
Reasonin
g
Compos
e
Information
about
Entire System
Both paths lead to the same information
Examples of Compositionality
for AO Software

[Jagadeesan et al. '07]: Compositional
bisimilarity relation for a process calculus
model of AO software
Aspect
1
Base System
1
Bisimila
r
Aspect
2
Base System
2
Weavin
g
Entire System
1
Bisimila
r
Weavin
g
Entire System
2
Examples of Compositionality
for AO Software

[Goldman & Katz '07], [Katz & Katz '09]:
Modular model checking of state machine
models of AO software
Aspec
t
Weavin
g
Base
System
AssumeGuarante
e
Reasonin
g
tru
e
tru
e
Entire
System
Model
Checkin
g
implie
tru
and s
e
Aim of Our Research



Abstraction of AO software in a compositional
way
Abstraction: Building a system model (abstract
model) consisting of abstract constituents
obtained from the original system model
(concrete model)
Analysis and reasoning about the abstract
model provide useful information about the
concrete model efficiently
Compositional Abstraction of
AO Software
Aspec
t
Base
System
Weavin
g
Abstractio
n
Abstractio
n
Abstract
Aspect
Abstract Base
System
Entire
System
Weavin
g
Abstract Entire
System
Both paths lead to the same model
Our Approach

Try to use the model of [Katz & Katz '09]
◦ Reason: We have a simple abstraction theory for
state machine models

Problem: Difficult (or perhaps impossible) to
show the compositionality of abstraction
Our Approach

Solution: Use the equational abstraction
theory [Meseguer et al. '08]
◦ Based on an algebraic specification framework
called rewriting logic
 Easy to build compositional models
◦ Extension of state machine abstraction
Our Approach
Step 1: Build a rewriting logic model extending
the state machine model of aspects
◦ In fact, this model is more generic than state
machine
◦ For example, it can represent operational semantics
of programming languages in detail
Step 2: Show compositionality of equational
abstraction of the model built in Step 1
Our Approach
State machine
model
Aspect
model
+
Aspects
Mappin
g
Rewriting
logic
Propert
y
Abstractio
n
Mappin
g
Propert
y
Equational
abstraction
(Our original
contributions)
Our Approach
State machine
model
Aspect
model
+
Aspects
Mappin
g
Rewriting
logic
Propert
y
Abstractio
n
Mappin
g
Propert
y
Equational
abstraction
(Our original
contributions)
State Machine Model


A (finite) state machine M is a tuple (SM , S0M,
→M , LM ) where
◦ SM is the finite set of states
◦ S0M (⊆ SM ) is the set of initial states
◦ →M (⊆ SM × SM ) is the transition relation
 This needs to be total, i. e. there is at least one transition
from each state
State Machine Model

(Continued from the definition of the state
machine M )
◦ LM : SM → 2AP is the labeling function on the finite set
of atomic propositions AP
 “p ∈ LM (s )” means that the proposition p holds at the
state s

For a temporal logic (such as CTL*) proposition
Φ, the satisfaction relation “M |=Φ ” is defined
Example of State Machine
(Taken from [Goldman & Katz '07])

({s1, s2}, {s1}, {(s1, s1), (s1, s2), (s2, s2), (s2, s1)}, L )
◦ L(s1) = {a }, L(s2) = {b }
s1
s2
{a
}
{b
}
a holds at s1 and b does
not
b holds at s2 and a does
Abstraction of State Machines



A state machine M ' is an abstraction of M if
and only if we have a surjective mapping
(called an abstraction mapping) SM ' → SM
consistent with the other constructs
Theorem: For any proposition Φ of a
temporal logic system called ACTL, M |= Φ
implies
M ' |= Φ
Our Approach
State machine
model
Aspect
model
+
Aspects
Mappin
g
Rewriting
logic
Propert
y
Abstractio
n
Mappin
g
Propert
y
Equational
abstraction
(Our original
contributions)
State Machine Model of Aspects

An aspect machine A is a tuple (SA , S0A, →A ,
LA ) defined similarly as state machines except
→A needs not to be total
◦ The set of states without outgoing transitions is
written as SretA (⊆ SA ) and its elements are called
return states
Example of Aspect Machine
(Taken from [Goldman & Katz '07] and
modified)

({s3, s4, s5}, {s3}, {(s3, s4), (s4, s5)}, L )
◦ L(s3) = {a, b }, L(s4) = {}, L(s5) = {b }
s3
s4
{a
}
{}
s5
{b
}
State Machine Model of Aspects


A label is a subset of AP
The label of a path s1... sn of M (i. e. si →M si+1
for each i = 1, ..., n -1) is the sequence of
labels LM (s1)... LM (sn ) written as label (s1... sn )
label (s1s2s1) =
s1
s2
{a
}
{b
}
{a}{b}{a}
label (s1s2s2s1) =
{a}{b}{b}{a}
State Machine Model of Aspects

A pointcut descriptor ρ over AP is a predicate
on a finite sequence of labels
◦ ρ : (2AP )* → {true, false}
where X * represents the set of finite sequences of
elements of X
State Machine Model of Aspects

Pointcut-ready machine for a state machine B
and a pointcut descriptor ρ is a state machine
B ρ satisfying the following conditions
◦ SB ⊆ SB ρ
◦ A new atomic proposition pointcut holds at a state s
∈ SB ρ if and only if there is a path s1... sn where s1 ∈
S0B ρ, sn = s, and ρ (label (s1... sn )) is true
 “New” means that ￢(pointcut ∈ AP )
State Machine Model of Aspects

(Continued from the definition of the
pointcut-ready machine B ρ )
◦ Each infinite path of B or B ρ have its counterpart in
the other machine that is mapped by the function
“label ” to the same label except pointcut
 B and B ρ are trace equivalent w. r. t. their labeling
functions
Example of Pointcut-Ready
Machine
(Taken from [Goldman & Katz '07])
ρ (l ) is true if and only
B
s1
s2
{a
}
{b
}
B
{a }{b }{b }{a
}
ρ
if
l ends with three labels
including “b ”, “b ”, and
“a ”
respectively
s1
s2
{a
}
{a, pointcut
}
s6
{b
}
s7
State Machine Model of Aspects

~
The augmented machine B obtained from a
pointcut-ready machine B ρ and an aspect
machine A is created as follows
◦ The state set and the labeling function~of B are the
unions of B ρ and A
~
◦ The initial states of B are the initial states of B ρ
State Machine Model of Aspects

(Continued from the definition of the
~
augmented machine B )
~
◦ The transitions of B consist of the following
 Most of the transitions of B ρ and A
 New transitions connecting B ρ and A
 The details are shown in the next slide
Example of Augmented
Machine
B
ρ
s1
s2
{a
}
{a, pointcut
}
{b
}
s6
s7
s3
No outgoing transitions
A
s4
{a
}
{}
s5
{b
}
Example of Augmented
Machine
B
ρ
s1
s2
{a
}
{a, pointcut
}
{b
}
s6
s7
s3
The same label except
pointcut
A
s4
{a
}
{}
s5
{b
}
Example of Augmented
Machine
B
ρ
s1
s2
{a
}
{a, pointcut
}
{b
}
s6
s7
s3
A
s4
{a
}
{}
s5
{b
}
Example of Augmented
Machine
B
ρ
s1
s2
{a
}
{a, pointcut
}
{b
}
s6
s7
s3
The same label
with the return states
A
s4
{a
}
{}
s5
{b
}
Example of Augmented
Machine
B
ρ
s1
s2
{a
}
{a, pointcut
}
{b
}
s6
s7
s3
A
s4
{a
}
{}
s5
{b
}
Our Approach
State machine
model
Aspect
model
+
Aspects
Mappin
g
Rewriting
logic
Propert
y
Abstractio
n
Mappin
g
Propert
y
Equational
abstraction
(Our original
contributions)
Rewriting Logic

Extension of equational logic

Equational logic
◦ A formula is an equality of terms
◦ A term is composed by constant, variable, and
operator symbols
◦ Equalities are derived from axioms (equations) and
inference rules
Examples in Equational Logic

f(x, a), pop(push(a, push(b, empty))):
examples of terms
◦ a, b, empty: constant symbols
◦ x: a variable symbol
◦ f, pop, push: operator symbols
 The word “symbol(s)” will be omitted hereafter
Examples in Equational Logic

Replacement inference rule
◦ For terms s1 and s2 that may contain variables x1,
..., xn, and terms t1, ..., tn,
◦ s1 = s2 implies
◦ s1([t1/x1], ..., [tn /xn ] ) = s2([t1/x1], ..., [tn /xn ] )
◦ where ([t1/x1], ..., [tn /xn ] ) represents simultaneous
substitutions of x1, ..., xn to t1, ..., tn
Examples in Equational Logic

Equation “pop(push(x, s)) = s” derives an
equality

pop(push(a, push(b, empty)))
= push(b, empty)

by the Replacement inference rule

Rewriting Logic

Equational logic + rewriting relation
◦ Represented by an arrow: s → t


Rewrite rules: axioms for the rewriting
relation
Inference rules similar as equational logic
◦ Except the Symmetry rule (x = y implies y = x )
Our Approach
State machine
model
Aspect
model
+
Aspects
Mappin
g
Rewriting
logic
Propert
y
Abstractio
n
Mappin
g
Propert
y
Equational
abstraction
(Our original
contributions)
Mapping State Machines to
Rewriting Logic

States, atomic propositions → Constants

Transitions → Rewrite rules for states

Labeling function → Operators
◦ Mapping a pair (state, atomic proposition) to a
boolean value
Mapping State Machines to
Rewriting Logic

An example
◦ Constants: s1, s2, a, b
s1
◦ operators: init, _|=_
s2
{a
}
 _|=_(s, p) is also written as (s |= p )
◦ Rewrite rules: s1 → s1, s1 → s2, s2 → s2, s2 → s1
◦ Equations: init(s1) = true, (s2 |= a) = false, etc.
{b
}
Mapping Rewriting Logic to
State Machines

Equivalence classes of terms → States

One-step rewriting relations → Transitions
◦ “One-step”: Not using the Transitivity inference rule
(s → t and t → u implies s → u )

(Other constructs are given in advance)
Our Approach
State machine
model
Aspect
model
+
Aspects
Mappin
g
Rewriting
logic
Propert
y
Abstractio
n
Mappin
g
Propert
y
Equational abstraction
(Our original
contributions)
Equational Abstraction


For an axiomatic system of rewriting logic
(called a rewrite theory) R, K (R ) represents
the state machine created from R
Theorem: If E is a set of equations for the
terms of R above satisfying some properties,
K (R ∪ E ) is an abstraction of K (R )
◦ Abstraction mapping: [t ]R is mapped to [t ]R ∪ E
where [t ]... represents the equivalence class
Our Approach
State machine
model
Aspect
model
+
Aspects
Mappin
g
Rewriting
logic
Propert
y
Abstractio
n
Mappin
g
Propert
y
Equational
abstraction
(Our original
contributions)
Aspectual Rewrite Theory (ART)

An ART is a rewrite theory in which
◦ States and transitions of all of the base system and
the aspects are treated as constants and rewrite rules
resp.
◦ Constructs for state sequences are included
 ts denotes a sequence where “s ” is the last state
succeeding the sequence “t ”
 Treated as execution traces
Aspectual Rewrite Theory (ART)

(Continued from the definition of ARTs)
◦ For a base system state sb and an aspect state sa
 as(tsb , sa ) = true if and only if sa can be the next state of
sb when the pointcut of the aspect matches the trace tsb
 rstrt(sa , sb) = true if and only if sa is a terminal state of
its aspect and sb can be its next state
 “as” and “rstrt” stands for “aspect selection” and
“restart” respectively
Example of ART
Consider the rewrite theory created from these
state and aspect machines
s1
s2
{a
}
as(s1s2s2s1, s3) =
true
{b
}
rstrt(s1, s3) =
true
s3
s4
{a
}
{}
s5
{b
}
Creating an Augmented ART

An augmented ART (AART) R+ is obtained
from an ART R as follows
◦ Transformation:
◦ A rewrite rule for the state terms of R s → s'
◦ → A rewrite rule for the state sequences in R+
◦
ts →tss'
◦ Add ts →tss' if as(s, s') = true or rstrt(s, s') = true
t
tss
s
'
s
s
s
'
t
Example of AART
Consider the rewrite theory created from these
state and aspect machines
s1
s2
{a
}
as(s1s2s2s1, s3) =
true
{b
}
s3
s4
{a
}
{}
s5
{b
}
Example of AART
Consider the rewrite theory created from these
state and aspect machines
s1
s2
{a
}
{b
}
s3
s4
{a
}
{}
s5
{b
}
Example of AART
Consider the rewrite theory created from these
state and aspect machines
s1
s2
{a
}
{b
}
rstrt(s1, s3) =
true
s3
s4
{a
}
{}
s5
{b
}
Example of AART
Consider the rewrite theory created from these
state and aspect machines
s1
s2
{a
}
{b
}
s3
s4
{a
}
{}
s5
{b
}
Relation with State Machine
Model

Theorem: Suppose that
◦ A base state machine, an aspect machine, and a
pointcut descriptor are given
◦ R be the ART created from them in the same way
as Slide 48
◦ M be the augmented machine created from them
Relation with State Machine
Model


(Continued from the Theorem)
Then, each infinite path of K (R+ ) or M has
its counterpart in the other machine with
the same label
◦ Trace equivalence w. r. t. labeling

Corollary: K (R+ ) and M satisfy the same
propositions of ACTL
Relation with State Machine
Model
State machine
model
Aspect
model
+
Aspects
Mappin
g
Rewriting
logic
Propert
y
Abstractio
n
Mappin
g
Propert
y
Equational
abstraction
(Our original
contributions)
Outline of Proof

Split the path or the rewriting history into
fragments alternating between:
◦ Base system execution, and
◦ Advice execution

Find the counterpart of each fragment and
connect the counterparts
Our Approach
State machine
model
Aspect
model
+
Aspects
Mappin
g
Rewriting
logic
Propert
y
Abstractio
n
Mappin
g
Propert
y
Equational
abstraction
(Our original
contributions)
Compositionality of Equational
Abstraction on AART


Theorem: For an ART R and a set of equations
E satisfying some properties,
R+ ∪ E and (R ∪ E )+ coincides
Abstraction
after weaving
Equationa
l
abstractio
n
Weaving after
with E
abstraction Corollary:
A similar fact about trace
equivalence w. r. t. labeling
holds for the state machine
Related Work

[Jagadeesan et al. '07]
◦ Compositionality of bisimulation
◦ Difficult to check the relation automatically
◦ Abstraction
 Automatically computable
 Implies one-way simulation
Related Work

[Braga '08]
◦ Constructive approach to structural operational
semantics
 Enhance semantics of AO constructs to existing
semantics in a compositional way
 Currently only for the “call” pointcut descritor
 Potential to make our approach much simpler
Conclusions

Compositional abstraction of AO software
based on
◦ State machine model of AO software and
◦ Equational abstraction in rewriting logic

Applied to the state machine model
Future Work

Restructuring based on Braga's work

Treatment of aspect compositions
◦ Current model can handle only one aspect at the
same time

Evaluations using examples
◦ Effects to state space reduction in model checking
Future Work


Extensions to operational semantics of
programming languages
Extensions to other compositional analysis
and reasoning of AO software
◦ Model transformation
Thank you very much for your attention!
Questions and comments?