contractual consistency between bon static and dynamic diagrams
DESCRIPTION
Contractual Consistency Between BON Static and Dynamic Diagrams. Ali Taleghani July 30, 2004. Overview. Model-Driven Development & Models Contractual Consistency – The Problem Previous Work Current Work – Semantics of Dynamic Diagrams BON Development Tool – BDT - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/1.jpg)
1
Contractual Consistency Between BON Static and Dynamic DiagramsAli Taleghani
July 30, 2004
![Page 2: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/2.jpg)
2
Overview
Model-Driven Development & Models Contractual Consistency – The Problem Previous Work Current Work – Semantics of Dynamic
Diagrams BON Development Tool – BDT Contribution and Future Work
![Page 3: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/3.jpg)
3
MDD & Models
Model-Driven Development proposes development based on models
Several views can be used to describe system Models must be executable, and views
consistent Contributions
Automated consistency checking Symbolic model execution
![Page 4: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/4.jpg)
4
Contractual Consistency – Example
ACCOUNT
balance: INTEGER
make! balance = 0
withdraw(a: INTEGER)? balance >= a! balance = old balance - a
PERSON
Invariant
balance >= 0 PERSON ACCOUNT1, 2
Scenario 1: Bank Example
1. Create Account2. Withdraw 200
• SD contains contracts only – No implementation
• Want to create account and withdraw $200
• make sets (balance = 0), but precondition of withdraw requires (balance >= 200) Contract Violation
![Page 5: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/5.jpg)
5
Contractual Consistency
SD and DD are the two views involved SD contains contracts only – no implementation Contracts are pre, postconditions and class
invariants Views contractually consistent if messages in
DD corresponding to routines in SD can be executed without contract violations
![Page 6: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/6.jpg)
6
Previous Work
Problem of consistency with contracts not extensively discussed –informal approaches only
[Paige 2002] first to formalize problem Cites 4 criteria for checking consistency Last criteria is contractual consistency We add additional constraints for implementation
![Page 7: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/7.jpg)
7
Semantics of Dynamic Diagram
1 ir
i SSCSSC i
• Message mi in DD is mapped to a feature ri in the target class in SD
• Routine takes system from one system state constraint (SSCi) to the next (SSCi+1)
• SSC represents a constraint on the attributes in the system
• SSCi+1 constructed using SSCi and contracts of ri
![Page 8: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/8.jpg)
8
Current Contribution - 1
Check Contractual Consistency using Symbolic Model Execution
Define Symbolic Execution Step as execution of one message in DD
prerSSC ii .
FalseSSCi 1
),,( 1iii SSCrSSCStep successful iff
Precondition of routine is satisfied
SSC is not a contradiction
![Page 9: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/9.jpg)
9
Current Contribution - 2
Views contractually consistent iff
No implementation provided Require use of Theorem Prover Use Simplify from ESC/Java
Automatic and Fast Returns counter example
),,(|1 1 iii SSCrSSCStepnii
![Page 10: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/10.jpg)
10
BON Development Tool - BDT
Static Diagramming Tool
• Construct Class diagrams
• Include contracts
![Page 11: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/11.jpg)
11
BON Development Tool - BDT
Dynamic Diagramming Tool
• Draw objects and messages
• Assign messages to routines from SD
![Page 12: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/12.jpg)
12
BON Development Tool - BDT
Consistency Tool
• Specify an initial state constraint
• Contract violation results in counter example
• User can use counter example to make changes to contracts, messages
![Page 13: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/13.jpg)
13
Comparison to Tool of [Gao2004]
Gao’s Tool Test drivers and implementation required Checks one or a few execution paths Complete (for that execution)
BDT Automatic and no implementation required All execution paths starting in a state constraint are
checked Incomplete since working with a theorem prover
![Page 14: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/14.jpg)
14
Contribution
First contractual consistency tool without the need to specify implementation
Early symbolic execution of partial models Can use dynamic (collaboration) diagrams Use contracts only – higher level than MDD
State Chart Action Languages Tool is user friendly
Simplify works automatically under the hood Simplify works quickly
![Page 15: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/15.jpg)
15
Future Work
Work out theory for sub-messages in DD BDT
Add invariants and inheritanceSupport quantificationsCombine BDT with EDT for complete code
generationAdd support for program verification – using
ERC
![Page 16: Contractual Consistency Between BON Static and Dynamic Diagrams](https://reader035.vdocuments.mx/reader035/viewer/2022070405/5681402a550346895dab8b80/html5/thumbnails/16.jpg)
16
Thank You