Synthesizing Partial Component-Level Behavior

Models

Ivo Krka

Outline

1. Motivation and Background

2. The Synthesis Algorithm

3. Discovery of Discrepancies

4. Conclusions

Motivation

• Early in a software system’s life cycle• Uncertainty• Incomplete (partial) information

• Utilized behavior specifications• Intuitive and straightforward• Focused and partial• System-level

• Our work leverages• Properties (OCL constraints)• Scenarios (UML sequence diagrams)

Web Cache Scenario

Client Cache Server

requestCache

requestServer

responseServer

responseCache

requestCache

responseCache

Web Cache Constraints

cached: true if the data is cached and false otherwise

pending: true if there is a pending client request for data, and false otherwise

System domain variables

Synthesis of Behavioral Models

• Behavioral models proven useful• Validation, analysis, etc.

• Complete component-level models• E.g., Whittle [1], Mäkinen [2], Damas [3]• Overlook the partiality of specs (Uchitel [4])

Abstracting the Problem

Modal Transition Systems (MTS)

• Two types of transitions• Required and maybe (marked with ?)

S1 S2 S3a b?

MTS M

The Proposed Algorithm

• Partial-behavior models• Behavior required by scenarios• Behavior prohibited by constraints• Behavior neither required nor prohibited

• Component-level models• Better scaling with system size• Discovery of specification discrepancies

Algorithm Overview

OCL, SDs

Component

Constraint Generatio

n

Initial MTS Generatio

n

Sequence Diagram

Annotation

Final MTS Generatio

n

Comp. MTSs

1 2

3 4

Phase 1: Component Constraint Generation Initial MTS

Generation

Sequence Diagram

AnnotationFinal MTS

Generation

Component

Constraint

Generation

pending: significant variable from Client’s perspective

cached: does not directly affect Client’s behavior

Client component• Not all variables affect

each component

• Reduction in state space size

Phase 2: Initial MTS Generation

Sequence Diagram

AnnotationFinal MTS

Generation

Component Constraint Generation

Initial MTS

Generation

S1 (F,F)

S2 (F,T)

S3 (T,F)

respServ?

MTS Cache (p,c)

reqCache?

respServ?

S4 (T,T)

reqCache?

reqServ?

respCache?

respServ?

respServ?

• Initial MTS captures all legal behavior

Phase 3: Sequence Diagram Annotation Initial MTS

Generation

Final MTS Generation

Component Constraint Generation

Sequence Diagram

Annotation

CachereqCache

reqServ

respServ

respCache

reqCache

respCache

annotations: <pending,cached>

<F,?>

<T,F>

<T,F><T,?>

<?,T>

<?,?>

<T,T>

<F,T>

<F,?>

<T,?>

<T,T>

<F,T>

Phase 3: Sequence Diagram Annotation Initial MTS

Generation

Final MTS Generation

Component Constraint Generation

Sequence Diagram

Annotation

CachereqCache

reqServ

respServ

respCache

reqCache

respCache

annotations: <pending,cached>

<F,?>

<T,F>

<T,F>

<T,?>

<?,T>

<?,?>

<T,T>

<F,T>

<F,?>

<T,?>

<T,T>

<F,T>

Phase 3: Sequence Diagram Annotation Initial MTS

Generation

Final MTS Generation

Component Constraint Generation

Sequence Diagram

Annotation

CachereqCache

reqServ

respServ

respCache

reqCache

respCache

annotations: <pending,cached>

<F,?>

<T,F>

<T,F>

<T,F>

<?,T>

<?,?>

<T,T>

<F,T>

<F,?>

<T,?>

<T,T>

<F,T>

Phase 3: Sequence Diagram Annotation Initial MTS

Generation

Final MTS Generation

Component Constraint Generation

Sequence Diagram

Annotation

CachereqCache

reqServ

respServ

respCache

reqCache

respCache

annotations: <pending,cached>

<F,F>

<T,F>

<T,F><T,F>

<T,T>

<T,F>

<T,T>

<F,T>

<F,T>

<T,T>

<T,T>

<F,T>

Phase 3: Sequence Diagram Annotation Initial MTS

Generation

Final MTS Generation

Component Constraint Generation

Sequence Diagram

Annotation

CachereqCache

reqServ

respServ

respCache

reqCache

respCache

<F,F>

<T,F>

<T,F><T,F>

<T,T>

<T,F>

<T,T>

<F,T>

<F,T>

<T,T>

<T,T>

<F,T>

• We know the traversed execution states

Phase 4: Final MTS Generation Initial MTS Generation

Component Constraint Generation

Sequence Diagram

Annotation

Final MTS Generatio

n

S1 (F,F)

S2 (F,T)

S3 (T,F)

respServ?

MTS Cache

reqCache?

respServ?

S4 (T,T)

reqCache?

reqServ?

respCache?

respServ?

respServ?

reqCache<F,F>

<T,F>

Current invocation

Phase 4: Final MTS Generation Initial MTS Generation

Component Constraint Generation

Sequence Diagram

Annotation

Final MTS Generatio

n

S1 (F,F)

S2 (F,T)

S3 (T,F)

respServ?

MTS Cache

reqCache

respServ?

S4 (T,T)

reqCache?

reqServ?

respCache?

respServ?

respServ?

reqServ<T,F>

<T,F>

Current invocation

reqCacherespCache

Phase 4: Final MTS Generation Initial MTS Generation

Component Constraint Generation

Sequence Diagram

Annotation

Final MTS Generatio

n

S1 (F,F)

S2 (F,T)

S3 (T,F)

respServ?

MTS CacherespServ?

S4 (T,T)

reqCache

reqServ?

respServ

respServ?

S3’ (T,F)

reqServ S4’ (T,T)

S2’ (F,T)

respServ?

respServ?

respCache

Phase 4: Final MTS Generation Initial MTS Generation

Component Constraint Generation

Sequence Diagram

Annotation

Final MTS Generatio

n

respCachereqCache

S1 (F,F)

S2 (F,T)

S3 (T,F)

respServ?

MTS CacherespServ?

S4 (T,T)

reqCache

reqServ?

respServ

respServ?

S3’ (T,F)

reqServS4’

(T,T)

S2’ (F,T)

respServ?

respServ?

respCache

• All legal behavior

• Required behavior

Implementation

• Prototype MTSGen tool• Warns about discrepancies• Results can be visualized in MTSA

• Performance evaluation• The algorithm is exponential in the worst case• Used specifications

• 50 components• 300 distinct operations• 200 domain variables• 200 scenarios

• Average running time 36 seconds• Models of approx. 60 states

Scenario Cannot Execute As Specified

Client Cache Server Admin

requestCache

responseCache

requestCache

requestServer

dataUpdate

responseServer

responseCache

<T,F><T,T>dataChanged

System and Component Views Differ

Client Cache Server Admin

requestCache

removePermission

responseCache

requestCache

requestServer

responseServer

responseCache

System viewpoint:

permission = false

Cache viewpoint:

permission = true

Conclusions

• Novel synthesis algorithm• Inputs: constraints and scenarios• Outputs: component-level MTSs• Discovery of specification discrepancies• Prototype implementation

• Future work• Support for requirements elicitation• Support in OTS component selection

References

1. Whittle and Schumann, ICSE 2000.

2. Mäkinen and Systä, ICSE 2001.

3. Damas et al., FSE 2006.

4. Uchitel et al., ESEC/FSE 2003.

• Authors• Ivo Krka (krka@usc.edu)• Yuriy Brun (ybrun@usc.edu)• George Edwards (gedwards@usc.edu)• Nenad Medvidovic (neno@usc.edu)

• Tool download• http://www-scf.usc.edu/~krka/MTSGen.zip

Initial MTS Generation

Component Constraint Generation

Sequence Diagram

AnnotationFinal MTS

Generation