Rewriting Logic Model of Compositional Abstraction of Aspect-Oriented Software FOAL '10Mar. 15, 2010 Yasuyuki Tahara, Akihiko Ohsuga The University of Electro-Communications, Tokyo, Japan Shinichi Honiden National Institute of Informatics and The University of Tokyo, Japan

Contents  Backgrounds: Compositionality for AO software  Research aim: Compositional abstraction of AO software  Our approach ◦ Based on equational abstraction in rewriting logic ◦ Consistent with an existing state machine model  Related work  Conclutions and future work

Backgrounds  Compositionality is a useful feature of software specification approaches ◦ Analysis and reasoning of the entire system can be reduced to those of the components  Potential reduction of computational costs  Reuse of results of analysis and reasoning ◦ Also considered important to aspect-oriented (AO) software specifications

Compositionality for AO Software Base System Aspec t Entire System Information about Base System Information about Aspect Information about Entire System Weavin g Compos e Analysis/ Reasonin g Both paths lead to the same information

Examples of Compositionality for AO Software  [Jagadeesan et al. '07]: Compositional bisimilarity relation for a process calculus model of AO software Base System 1 Aspect 1 Entire System 1 Weavin g Base System 2 Aspect 2 Entire System 2 Weavin g Bisimila r

Examples of Compositionality for AO Software  [Goldman & Katz '07], [Katz & Katz '09]: Modular model checking of state machine models of AO software Base System Aspec t Entire System Weavin g tru e Assume- Guarante e Reasonin g Model Checkin g implie s and

Aim of Our Research  Abstraction of AO software in a compositional way  Abstraction: Building a system model (abstract model) consisting of abstract constituents obtained from the original system model (concrete model)  Analysis and reasoning about the abstract model provide useful information about the concrete model efficiently

Compositional Abstraction of AO Software Base System Aspec t Entire System Abstract Base System Abstract Aspect Abstract Entire System Weavin g Abstractio n Both paths lead to the same model Abstractio n

Our Approach  Try to use the model of [Katz & Katz '09] ◦ Reason: We have a simple abstraction theory for state machine models  Problem: Difficult (or perhaps impossible) to show the compositionality of abstraction

Our Approach  Solution: Use the equational abstraction theory [Meseguer et al. '08] ◦ Based on an algebraic specification framework called rewriting logic  Easy to build compositional models ◦ Extension of state machine abstraction

Our Approach Step 1: Build a rewriting logic model extending the state machine model of aspects ◦ In fact, this model is more generic than state machine ◦ For example, it can represent operational semantics of programming languages in detail Step 2: Show compositionality of equational abstraction of the model built in Step 1

Our Approach State machine model Abstractio n Propert y Aspect model + Aspects Mappin g Rewriting logic Propert y Equational abstraction Mappin g (Our original contributions)

Our Approach State machine model Abstractio n Aspect model Rewriting logic Equational abstraction Propert y + Aspects Mappin g Propert y Mappin g (Our original contributions)

State Machine Model  A (finite) state machine M is a tuple (S M, S 0 M,  → M, L M ) where ◦ S M is the finite set of states ◦ S 0 M (⊆ S M ) is the set of initial states ◦ → M (⊆ S M × S M ) is the transition relation  This needs to be total, i. e. there is at least one transition from each state

State Machine Model  (Continued from the definition of the state machine M ) ◦ L M : S M → 2 AP is the labeling function on the finite set of atomic propositions AP  “p ∈ L M (s )” means that the proposition p holds at the state s  For a temporal logic (such as CTL*) proposition Φ, the satisfaction relation “M |=Φ ” is defined

Example of State Machine (Taken from [Goldman & Katz '07])  ({ s 1, s 2 }, { s 1 }, {( s 1, s 1 ), ( s 1, s 2 ), ( s 2, s 2 ), ( s 2, s 1 )}, L ) ◦ L( s 1 ) = {a }, L( s 2 ) = {b } s1s1 s2s2 {a}{a} {b}{b} a holds at s 1 and b does not b holds at s 2 and a does not

Abstraction of State Machines  A state machine M ' is an abstraction of M if and only if we have a surjective mapping (called an abstraction mapping) S M ' → S M consistent with the other constructs  Theorem: For any proposition Φ of a temporal logic system called ACTL, M |= Φ implies  M ' |= Φ

Our Approach State machine model Abstractio n Rewriting logic Propert y Aspect model + Aspects Equational abstraction Propert y Mappin g (Our original contributions)

State Machine Model of Aspects  An aspect machine A is a tuple ( S A, S 0 A, → A, L A ) defined similarly as state machines except → A needs not to be total ◦ The set of states without outgoing transitions is written as S ret A (⊆ S A ) and its elements are called return states

Example of Aspect Machine (Taken from [Goldman & Katz '07] and modified)  ({ s 3, s 4, s 5 }, { s 3 }, {( s 3, s 4 ), ( s 4, s 5 )}, L ) ◦ L( s 3 ) = {a, b }, L( s 4 ) = {}, L( s 5 ) = {b } s3s3 s4s4 {a}{a} {} s5s5 {b}{b}

State Machine Model of Aspects  A label is a subset of AP  The label of a path s 1... s n of M (i. e. s i → M s i+1 for each i = 1,..., n -1) is the sequence of labels L M (s 1 )... L M (s n ) written as label (s 1... s n ) s1s1 s2s2 {a}{a} {b}{b} label (s 1 s 2 s 1 ) = {a}{b}{a} label (s 1 s 2 s 2 s 1 ) = {a}{b}{b}{a}

State Machine Model of Aspects  A pointcut descriptor ρ over AP is a predicate on a finite sequence of labels ◦ ρ : (2 AP ) * → {true, false} where X * represents the set of finite sequences of elements of X

State Machine Model of Aspects  Pointcut-ready machine for a state machine B and a pointcut descriptor ρ is a state machine B ρ satisfying the following conditions ◦ S B ⊆ S B ρ ◦ A new atomic proposition pointcut holds at a state s ∈ S B ρ if and only if there is a path s 1... s n where s 1 ∈ S 0 B ρ, s n = s, and ρ (label (s 1... s n )) is true  “New” means that ￢ (pointcut ∈ AP )

State Machine Model of Aspects  (Continued from the definition of the pointcut-ready machine B ρ ) ◦ Each infinite path of B or B ρ have its counterpart in the other machine that is mapped by the function “label ” to the same label except pointcut  B and B ρ are trace equivalent w. r. t. their labeling functions

Example of Pointcut-Ready Machine (Taken from [Goldman & Katz '07]) s1s1 s2s2 {a}{a} {b}{b} B ρ (l ) is true if and only if l ends with three labels including “b ”, “b ”, and “a ” respectively BρBρ s1s1 s2s2 {a}{a} {b}{b} s6s6 s7s7 {a, pointcut } {a }{b }{b }{a }

State Machine Model of Aspects  The augmented machine B obtained from a pointcut-ready machine B ρ and an aspect machine A is created as follows ◦ The state set and the labeling function of B are the unions of B ρ and A ◦ The initial states of B are the initial states of B ρ ~ ~ ~

State Machine Model of Aspects  (Continued from the definition of the augmented machine B ) ◦ The transitions of B consist of the following  Most of the transitions of B ρ and A  New transitions connecting B ρ and A  The details are shown in the next slide ~ ~

Example of Augmented Machine s3s3 s4s4 {a}{a} {} s5s5 {b}{b} s1s1 s2s2 {a}{a} {b}{b} s6s6 s7s7 {a, pointcut } A BρBρ No outgoing transitions

Example of Augmented Machine s3s3 s4s4 {a}{a} {} s5s5 {b}{b} s1s1 s2s2 {a}{a} {b}{b} s6s6 s7s7 {a, pointcut } A BρBρ The same label except pointcut

Example of Augmented Machine s3s3 s4s4 {a}{a} {} s5s5 {b}{b} s1s1 s2s2 {a}{a} {b}{b} s6s6 s7s7 {a, pointcut } A BρBρ

Example of Augmented Machine s3s3 s4s4 {a}{a} {} s5s5 {b}{b} s1s1 s2s2 {a}{a} {b}{b} s6s6 s7s7 {a, pointcut } A BρBρ The same label with the return states

Example of Augmented Machine s3s3 s4s4 {a}{a} {} s5s5 {b}{b} s1s1 s2s2 {a}{a} {b}{b} s6s6 s7s7 {a, pointcut } A BρBρ

Our Approach State machine model Abstractio n Rewriting logic Propert y Aspect model + Aspects Equational abstraction Propert y Mappin g (Our original contributions)

Rewriting Logic  Extension of equational logic  Equational logic ◦ A formula is an equality of terms ◦ A term is composed by constant, variable, and operator symbols ◦ Equalities are derived from axioms (equations) and inference rules

Examples in Equational Logic  f(x, a), pop(push(a, push(b, empty))): examples of terms ◦ a, b, empty: constant symbols ◦ x: a variable symbol ◦ f, pop, push: operator symbols  The word “symbol(s)” will be omitted hereafter

Examples in Equational Logic  Replacement inference rule ◦ For terms s 1 and s 2 that may contain variables x 1,..., x n, and terms t 1,..., t n, ◦ s 1 = s 2 implies ◦ s 1 ([t 1 /x 1 ],..., [t n /x n ] ) = s 2 ([t 1 /x 1 ],..., [t n /x n ] ) ◦ where ([t 1 /x 1 ],..., [t n /x n ] ) represents simultaneous substitutions of x 1,..., x n to t 1,..., t n

Examples in Equational Logic  Equation “pop(push(x, s)) = s” derives an equality  pop(push(a, push(b, empty)))  = push(b, empty)  by the Replacement inference rule

Rewriting Logic  Equational logic + rewriting relation ◦ Represented by an arrow: s → t  Rewrite rules: axioms for the rewriting relation  Inference rules similar as equational logic ◦ Except the Symmetry rule (x = y implies y = x )

Our Approach State machine model Abstractio n Rewriting logic Propert y Aspect model + Aspects Equational abstraction Propert y Mappin g (Our original contributions)

Mapping State Machines to Rewriting Logic  States, atomic propositions → Constants  Transitions → Rewrite rules for states  Labeling function → Operators ◦ Mapping a pair (state, atomic proposition) to a boolean value

Mapping State Machines to Rewriting Logic  An example ◦ Constants: s1, s2, a, b ◦ operators: init, _|=_  _|=_(s, p) is also written as (s |= p ) ◦ Rewrite rules: s1 → s1, s1 → s2, s2 → s2, s2 → s1 ◦ Equations: init(s1) = true, (s2 |= a) = false, etc. s1s1 s2s2 {a}{a} {b}{b}

Mapping Rewriting Logic to State Machines  Equivalence classes of terms → States  One-step rewriting relations → Transitions ◦ “One-step”: Not using the Transitivity inference rule (s → t and t → u implies s → u )  (Other constructs are given in advance)

Our Approach State machine model Abstractio n Rewriting logic Propert y Aspect model + Aspects Equational abstraction Propert y Mappin g (Our original contributions)

Equational Abstraction  For an axiomatic system of rewriting logic (called a rewrite theory) R, K (R ) represents the state machine created from R  Theorem: If E is a set of equations for the terms of R above satisfying some properties, K (R ∪ E ) is an abstraction of K (R ) ◦ Abstraction mapping: [t ] R is mapped to [t ] R ∪ E where [t ]... represents the equivalence class

Our Approach State machine model Abstractio n Rewriting logic Propert y Aspect model + Aspects Equational abstraction Propert y Mappin g (Our original contributions)

Aspectual Rewrite Theory (ART)  An ART is a rewrite theory in which ◦ States and transitions of all of the base system and the aspects are treated as constants and rewrite rules resp. ◦ Constructs for state sequences are included  ts denotes a sequence where “s ” is the last state succeeding the sequence “t ”  Treated as execution traces

Aspectual Rewrite Theory (ART)  (Continued from the definition of ARTs) ◦ For a base system state s b and an aspect state s a  as(ts b, s a ) = true if and only if s a can be the next state of s b when the pointcut of the aspect matches the trace ts b  rstrt(s a, s b ) = true if and only if s a is a terminal state of its aspect and s b can be its next state  “as” and “rstrt” stands for “aspect selection” and “restart” respectively

Example of ART s3s3 s4s4 {a}{a} {} s5s5 {b}{b} s1s1 s2s2 {a}{a} {b}{b} Consider the rewrite theory created from these state and aspect machines as(s 1 s 2 s 2 s 1, s 3 ) = true rstrt(s 1, s 3 ) = true

Creating an Augmented ART  An augmented ART (AART) R + is obtained from an ART R as follows ◦ Transformation: ◦ A rewrite rule for the state terms of R s → s' ◦ → A rewrite rule for the state sequences in R + ◦ ts →tss' ◦ Add ts →tss' if as(s, s') = true or rstrt(s, s') = true tsts s t tss ' ss's'

Example of AART s3s3 s4s4 {a}{a} {} s5s5 {b}{b} s1s1 s2s2 {a}{a} {b}{b} Consider the rewrite theory created from these state and aspect machines as(s 1 s 2 s 2 s 1, s 3 ) = true

Example of AART s3s3 s4s4 {a}{a} {} s5s5 {b}{b} s1s1 s2s2 {a}{a} {b}{b} Consider the rewrite theory created from these state and aspect machines

Example of AART s3s3 s4s4 {a}{a} {} s5s5 {b}{b} s1s1 s2s2 {a}{a} {b}{b} Consider the rewrite theory created from these state and aspect machines rstrt(s 1, s 3 ) = true

Example of AART s3s3 s4s4 {a}{a} {} s5s5 {b}{b} s1s1 s2s2 {a}{a} {b}{b} Consider the rewrite theory created from these state and aspect machines

Relation with State Machine Model  Theorem: Suppose that ◦ A base state machine, an aspect machine, and a pointcut descriptor are given ◦ R be the ART created from them in the same way as Slide 48 ◦ M be the augmented machine created from them

Relation with State Machine Model  (Continued from the Theorem)  Then, each infinite path of K (R + ) or M has its counterpart in the other machine with the same label ◦ Trace equivalence w. r. t. labeling  Corollary: K (R + ) and M satisfy the same propositions of ACTL

Relation with State Machine Model State machine model Abstractio n Rewriting logic Propert y Aspect model + Aspects Equational abstraction Propert y Mappin g (Our original contributions)

Outline of Proof  Split the path or the rewriting history into fragments alternating between: ◦ Base system execution, and ◦ Advice execution  Find the counterpart of each fragment and connect the counterparts

Our Approach State machine model Abstractio n Rewriting logic Propert y Aspect model + Aspects Equational abstraction Propert y Mappin g (Our original contributions)

Compositionality of Equational Abstraction on AART  Theorem: For an ART R and a set of equations E satisfying some properties,  R + ∪ E and (R ∪ E ) + coincides Equationa l abstractio n with E Abstraction after weaving Weaving after abstraction Corollary: A similar fact about trace equivalence w. r. t. labeling holds for the state machine model

Related Work  [Jagadeesan et al. '07] ◦ Compositionality of bisimulation ◦ Difficult to check the relation automatically ◦ Abstraction  Automatically computable  Implies one-way simulation

Related Work  [Braga '08] ◦ Constructive approach to structural operational semantics  Enhance semantics of AO constructs to existing semantics in a compositional way  Currently only for the “call” pointcut descritor  Potential to make our approach much simpler

Conclusions  Compositional abstraction of AO software based on ◦ State machine model of AO software and ◦ Equational abstraction in rewriting logic  Applied to the state machine model

Future Work  Restructuring based on Braga's work  Treatment of aspect compositions ◦ Current model can handle only one aspect at the same time  Evaluations using examples ◦ Effects to state space reduction in model checking

Future Work  Extensions to operational semantics of programming languages  Extensions to other compositional analysis and reasoning of AO software ◦ Model transformation

Thank you very much for your attention! Questions and comments?