An Adaptation-safe Model for Component Platforms

Audrey Occello & Anne Marie Dery PinnaRAINBOW Team

http://www.rainbow.essi.fr

IASSE 2004 - Nice - 1/20

Few Words about Safety ...

Definition :The quality of making safe or secureFreedom from liability to cause danger, hazard, harm, injury or loss

Synonym : reliabilityProperty of any system that consistently produces the same results, preferably meeting or exceeding its specifications

The behavior of an application execution must remain predictable with no loss of data when it is adapted

IASSE 2004 - Nice - 2/20

A Model Driven Approach to Adaptation Safety

General problematic but specific solutions Only partial and informal solutions Case by case solutions

Our approach: From specific ad-hoc-implemented solutions to a more general solution Time gain Global formalization

Abstraction of the adaptation concept to manage platform independence

IASSE 2004 - Nice - 3/20

Component Platforms & Adaptations

Explicitfunctionalityset evolution

Explicitfunctionalitymodification

Explicitassemblyalteration

CCM x

Fractal/Julia x

Sofa x

Noah/EJB x x

JAC x x

Molène x

IASSE 2004 - Nice - 4/20

From Types ...

CCM TypesFractal Types

IDL for provided & required features

Java interfaces forprovided & required

features

EJB Types

Java interfaces

UML Types

Automata

Sofa Types

Behavioral protocols

.Net Types

Contracts(pre/post conditions)

IASSE 2004 - Nice - 5/20

… to Roles and ...

Provided port = functionality supplied by a component

Emitted port = functionality required by a component by adaptation

Adaptation Port = functionality supplied or required that has been adapted

*

Role

*

ProvidedPort EmittedPort AdaptationPort*

IASSE 2004 - Nice - 6/20

BasicDiaryaddRDV(Rdv)removeRDV(Rdv)getRDVs()isFree(Rdv)

Component*

… Adaptation Pattern

Description of the adaptations via declarative rules

Components are adapted by applying adaptation patterns

Adaptations can be undone

Adaptationpattern

Adaptationrule

*

Role

*parameters

rules

IASSE 2004 - Nice - 7/20

Component structure modificationsComponent behavior modificationsComponent assemblies modifications

Adaptation Pattern Examples

AdaptationPattern errorManagement(Any aComponent) { newPort aComponent.printError(Str s) -> ...}

Pattern rules

AdaptationPattern notification(NotifyingDiary a1, NotifiedDiary a2) {control a1.addRdv(Rdv r) -> if (a2.isFree(r)) then a1.addRdv(r) // a2.addRdv(r) else a1.addRdv(r); a2.printError(«diary not synchronized») endif }

IASSE 2004 - Nice - 8/20

Pattern parameters

Adaptation Pattern Instantiation

Component

RoleAdaptationpattern

Adaptationinstance

instantiate

*

*

*parameters

participants

IASSE 2004 - Nice - 9/20

NotifyingDiary

addRDV(Rdv)

NotifiedDiary

addRDV(Rdv)isFree(Rdv)printError(Str)

notification

lizDiary johnDiary

Notification instance

Safety Properties

Conditions that adaptations must ensure

Assembly consistencyport addition/withdraw, component replacement

Composition coherenceport behavior modification

Cycle awareness

port addition, port behavior modification ...

IASSE 2004 - Nice - 10/20

Application Debugging: Adding a Port

BasicDiary

addRDV(Rdv)removeRDV(Rdv)getRDVs()isFree(Rdv)

lizDiary

apply

Any

addRDV(Rdv)removeRDV(Rdv)getRDVs()isFree(Rdv)printError(Str)

BasicDiary+

Pattern errorManagement(Any aComponent) { newPort aComponent.printError(Str s) -> ...}

IASSE 2004 - Nice - 11/20

Collaboration: Changing Port Behavior

BasicDiary

addRDV(Rdv)removeRDV(Rdv)getRDVs()isFree(Rdv)printError(Str)

johnDiaryaddRDV(Rdv)removeRDV(Rdv)getRDVs()isFree(Rdv)

lizDiary

BasicDiary+

Pattern notification(NotifyingDiary a1, NotifiedDiary a2) {a1.addRdv(Rdv r) -> if (a2.isFree(r)) then a1.addRdv(r) // a2.addRdv(r) else a1.addRdv(r); a2.printError(«diary not synchronized») endif }

apply

NotifyingDiary

addRDV(Rdv)

NotifiedDiary

addRDV(Rdv)isFree(Rdv)printError(Str)

apply

addRDV(Rdv)removeRDV(Rdv)getRDVs()isFree(Rdv)

BasicDiary

(NotifiedDiary,printError(Str))(NotifiedDiary,isFree(RDV))(NotifiedDiary,addRDV(RDV))

IASSE 2004 - Nice - 12/20

No more Debugging: Removing a Port

BasicDiary johnDiary

lizDiary

(NotifiedDiary,addRDV(Rdv))(NotifiedDiary,isFree(RDV))(NotifiedDiary,printError(Str))

addRDV(Rdv)removeRDV(Rdv)getRDVs()isFree(Rdv)

addRDV(Rdv)

isFree(Rdv)

printError(Str)

...

BasicDiary+

unapply errorManagement

IASSE 2004 - Nice - 13/20

addRDV(Rdv)

isFree(Rdv)

printError(Str)

...

!printError is required

by johnDiary

(NotifiedDiary,addRDV(Rdv))(NotifiedDiary,isFree(RDV))(NotifiedDiary,printError(Str))

Ensuring the Safety Property over the Metamodel

Using OCL constraints :– Method preconditions– Class invariants

context AdaptationPattern::instantiate( components:Sequence(Component)) :

AdaptationInstancepre A7: Sequence{1..components->size}->forAll( index : Integer | self.parameters->at(index). isSuperRoleOf ( components->at(index).roles->asSequence()))

IASSE 2004 - Nice - 14/20

A Way to Achieve Projection: A Safety Service

server.createPattern(« errorManagement.txt »); server.createPattern(« notification.txt »);

Safetyservice

server

Patternrepository

1

2

IASSE 2004 - Nice - 15/20

OK

client

Diary application A

johnDiary

lizDiary

db

A component platform

A Way to Achieve Projection: A Safety Service

IASSE 2004 - Nice - 15/20

client

Safetyservice

server

Patternrepository

Diary application A

johnDiary

lizDiary

db

IASSE 2004 - Nice - 15/20

A component platform

A Way to Achieve Projection: A Safety Service

client

A component platform

server.instantiatePattern(« ErrorManagement », « lizDiary »);

Safetyservice

server

Meta-representation of the adapted part of A Pattern

repository

4

Diary application A

johnDiary

lizDiary

db

IASSE 2004 - Nice - 16/20

OK1

2

3

lizDiary

BasicDiary...

BasicDiary+

A Way to Achieve Projection: A Safety Service

IASSE 2004 - Nice - 16/20

client

Safetyservice

server

Patternrepository

Diary application A

johnDiary

lizDiary

db

A component platform

Meta-representation of the adapted part of AlizDiary

BasicDiary+...

A Way to Achieve Projection: A Safety Service

Safetyservice

server

client

lizDiary

BasicDiary+...

server.instantiatePattern(« notification », « johnDiary », « lizDiary »);

Patternrepository

4johnDiary

lizDiary

db

1

2

3BasicDiary

...

johnDiary

BasicDiary*

IASSE 2004 - Nice - 17/20

A component platform

OK

Diary application A

Meta-representation of the adapted part of A

A Way to Achieve Projection: A Safety Service

IASSE 2004 - Nice - 17/20

client

Safetyservice

server

Patternrepository

johnDiary

lizDiary

db

A component platform

BasicDiary...

johnDiary

BasicDiary*

lizDiary

BasicDiary+...

Diary application A

Meta-representation of the adapted part of A

A Way to Achieve Projection: A Safety Service

Safetyservice

server

client

lizDiary

BasicDiary+...

BasicDiary...

johnDiary

server.removeAdaptationInstance(« errorManagement$1 »);

Patternrepository

BasicDiary*

1

2

3

johnDiary

lizDiary

db

IASSE 2004 - Nice - 18/20

A component platform

!

Diary application A

Meta-representation of the adapted part of A

Conclusion and Future work

A methodology more than a modeling Adaptations described in UML Safety properties formalized in OCL and proved

with B

Refine the modeling Manage communication mode switching

Improve the safety service Inject constraints into platforms directly Take into account non Java platforms Enable heterogeneous communication between

platforms

IASSE 2004 - Nice - 19/20

Thank you for listening

Questions ?

IASSE 2004 - Nice - 20/20