Presentation is loading. Please wait.

Presentation is loading. Please wait.

ArchJava Connecting Software Architecture to Implementation Jonathan Aldrich Craig Chambers David Notkin University of Washington ICSE ‘02, May 22, 2002.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "ArchJava Connecting Software Architecture to Implementation Jonathan Aldrich Craig Chambers David Notkin University of Washington ICSE ‘02, May 22, 2002."— Presentation transcript:

1 ArchJava Connecting Software Architecture to Implementation Jonathan Aldrich Craig Chambers David Notkin University of Washington ICSE ‘02, May 22, 2002

2 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava2 Software Architecture High-level system structure –Components and connections Automated analysis Support program evolution –Source of defect –Effect of change –Invariants to preserve

3 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava3 Architecture and Implementation Inconsistency caused by evolution –Architecture documentation becomes obsolete Problems –Suprises –Misunderstandings lead to defects –Untrusted architecture won’t be used

4 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava4 Architecture and Implementation Does code conform to architecture? Communication integrity [LV95,MQR95] –All communication is documented Interfaces and connectivity –Enables effective architectural reasoning Quickly learn how components fit together Local information is sufficient

5 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava5 Architectural Approaches: Checking vs. Flexibility Partial Dynamic Static General PurposeRestricted Language Communication Integrity None Flexibility Note: only two dimensions of the design space

6 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava6 Architectural Approaches: Checking vs. Flexibility Partial Dynamic Static Knit, A COEL, ML, Rose RealTime General PurposeRestricted Language Rapide Communication Integrity None SDL Wright, SADL Flexibility

7 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava7 Architectural Approaches: Checking vs. Flexibility Partial Dynamic Static Knit, A COEL, ML, Rose RealTime General PurposeRestricted Language Rapide Communication Integrity None SDL Wright, SADL Flexibility ArchJava

8 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava8 ArchJava Approach: add architecture to language –Control-flow communication integrity Enforced by type system –Architecture updated as code evolves –Flexible Dynamically changing architectures Common implementation techniques Case study: is it practical and useful?

9 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava9 A Parser Component public component class Parser { Component class Defines architectural object Must obey architectural constraints

10 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava10 A Parser Component public component class Parser { public port in { requires Token nextToken(); } public port out { provides AST parse(); } Components communicate through Ports A two-way interface Define provided and required methods

11 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava11 A Parser Component public component class Parser { public port in { requires Token nextToken(); } public port out { provides AST parse(); } Ordinary (non-component) objects Passed between components Sharing is permitted Can use just as in Java

12 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava12 A Parser Component public component class Parser { public port in { requires Token nextToken(); } public port out { provides AST parse(); } AST parse() { Token tok=in.nextToken(); return parseExpr(tok); } AST parseExpr(Token tok) {... }... } Can fill in architecture with ordinary Java code

13 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava13 Hierarchical Composition public component class Compiler { private final Scanner scanner = new Scanner(); private final Parser parser = new Parser(); private final CodeGen codegen = new CodeGen(); Subcomponents –Component instances inside another component –Communicate through connected ports

14 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava14 Hierarchical Composition public component class Compiler { private final Scanner scanner = new Scanner(); private final Parser parser = new Parser(); private final CodeGen codegen = new CodeGen(); connect scanner.out, parser.in; connect parser.out, codegen.in; Connections –Bind required methods to provided methods

15 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava15 Evaluation Questions Does ArchJava guarantee communication integrity? Is ArchJava expressive enough for real systems? Can ArchJava aid software evolution tasks?

16 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava16 A component may only communicate with the components it is connected to in the architecture ArchJava enforces integrity for control flow No method calls permitted from one component to another except –From a parent to its nested subcomponents –Through connections in the architecture Communication Integrity

17 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava17 A component may only communicate with the components it is connected to in the architecture ArchJava enforces integrity for control flow No method calls permitted from one component to another except –From a parent to its immediate subcomponents –Through connections in the architecture Communication Integrity

18 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava18 A component may only communicate with the components it is connected to in the architecture ArchJava enforces integrity for control flow Other communication paths –Shared data (current work) –Run-time system Communication Integrity

19 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava19 Architecture allows –Calls between connected components Control Communication Integrity

20 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava20 Architecture allows –Calls between connected components –Calls from a parent to its immediate subcomponents Control Communication Integrity

21 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava21 Architecture allows –Calls between connected components –Calls from a parent to its immediate subcomponents –Calls to shared objects Control Communication Integrity

22 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava22 Architecture allows –Calls between connected components –Calls from a parent to its immediate subcomponents –Calls to shared objects Architecture forbids –External calls to subcomponents Control Communication Integrity

23 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava23 Architecture allows –Calls between connected components –Calls from a parent to its immediate subcomponents –Calls to shared objects Architecture forbids –External calls to subcomponents –Calls between unconnected subcomponents Control Communication Integrity

24 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava24 Architecture allows –Calls between connected components –Calls from a parent to its immediate subcomponents –Calls to shared objects Architecture forbids –External calls to subcomponents –Calls between unconnected subcomponents –Calls through shared objects Control Communication Integrity

25 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava25 Architecture allows –Calls between connected components –Calls from a parent to its immediate subcomponents –Calls to shared objects Architecture forbids –External calls to subcomponents –Calls between unconnected subcomponents –Calls through shared objects Benefit: local reasoning about control flow Control Communication Integrity

26 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava26 Enforcing Control-flow Integrity Type system invariant –Components can only get a typed reference to subcomponents and connected components –Prohibits illegal calls Informal description in ICSE paper –Formalization and proof to appear in ECOOP ‘02

27 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava27 Evaluation Questions Does ArchJava guarantee control communication integrity? –Yes, using the type system Is ArchJava expressive enough for real systems? Can ArchJava aid software evolution tasks? Two case studies –12,000 lines of Java code each –Asked developer to draw architecture –Tried to specify architecture in ArchJava

28 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava28 Evaluation Questions Does ArchJava guarantee control communication integrity? –Yes, using the type system Is ArchJava expressive enough for real systems? Can ArchJava aid software evolution tasks? Case study: Aphyds –12,000 lines of Java code –Tried to specify architecture in ArchJava Original developer drew architecture

29 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava29 Aphyds Architecture UI above –Main window –3 secondary windows Circuit DB below –Central DB –5 comp. Modules Arrows –Data & control flow

30 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava30 Aphyds Architecture Informal drawing –Common in practice Leaves out details –What’s inside the components, connections? –CircuitViewer has internal structure Some surprises –Missing paths –Component lifetimes Hypothesis: Developers have a conceptual model of their architecture that is mostly accurate, but this model may be a simplification of reality, and it is often not explicit in the code.

31 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava31 Aphyds Architecture Informal drawing –Common in practice Leaves out details –What’s inside the components, connections? –CircuitViewer has internal structure Some surprises –Missing paths –Component lifetimes Hypothesis: Developers have a conceptual model of their architecture that is mostly accurate, but this model may be a simplification of reality, and it is often not explicit in the code.

32 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava32 Architectural Comparison Automatically Generated Architectural Visualization

33 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava33 Advantages of ArchJava Complete –Can “zoom in” on details Consistency checking –Original architecture had minor flaws Evolves with program Low cost –30 hours, or 2.5 hours/KLOC –Includes substantial refactoring –12.1 KLOC => 12.6 KLOC Hypothesis: Applications can be translated into ArchJava with a reasonable amount of effort, and without excessive code bloat.

34 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava34 Advantages of ArchJava Complete –Can “zoom in” on details Consistency checking –Original architecture had minor flaws Evolves with program Low cost –30 hours, or 2.5 hours/KLOC –Includes substantial refactoring –12.1 KLOC => 12.6 KLOC Hypothesis: Applications can be translated into ArchJava without excessive effort or code bloat.

35 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava35 Evaluation Questions Does ArchJava guarantee control communication integrity? –Yes Is ArchJava expressive enough for real systems? –Yes (validated by 2 other case studies) Three experiments –Understanding Aphyds communication –Refactoring Aphdys –Reparing a defect

36 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava36 Evaluation Questions Does ArchJava guarantee control communication integrity? –Yes Is ArchJava expressive enough for real systems? –Yes (validated by 2 other case studies) Can ArchJava aid software evolution tasks? Three experiments –Understanding Aphyds communication –Reengineering Aphyds’ architecture –Repairing a defect

37 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava37 Program Understanding Communication between the main structures is awkward, especially the change propagation messages – Aphyds developer, initial interview Communication analysis aided by ArchJava –Ports group related methods provided and required interfaces –Connections show relationships Discovered refactoring opportunities Hypothesis: Expressing software architecture in ArchJava highlights refactoring opportunities by making communication protocols explicit.

38 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava38 Program Understanding Communication between the main structures is awkward, especially the change propagation messages – Aphyds developer, initial interview Communication analysis aided by ArchJava –Ports group related methods provided and required interfaces –Connections show relationships Discovered refactoring opportunities Hypothesis: Expressing software architecture in ArchJava highlights refactoring opportunities by making communication protocols explicit.

39 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava39 Reengineering Aphyds getDisplayer().getViewer().ChannelRouterMenuItem.setEnabled(b); Highly coupled code –Depends on every link in chain –Programs are fragile, change is difficult Law of Demeter [Lieberherr et al.] –Design guideline –“Only talk with your neighbors” RouterDialogCircuitDisplayerCircuitViewerMenuItem

40 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava40 Reengineering Aphyds getDisplayer().getViewer().ChannelRouterMenuItem.setEnabled(b); Control communication integrity –Components only talk with connected components Compile-time error in ArchJava –RouterDialog can only reference local connections –Instead, call a method through a new port Hypothesis: Enforcing communication integrity helps to reduce system coupling CircuitViewer MenuItem RouterDialog CircuitDisplayer

41 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava41 Reengineering Aphyds getDisplayer().getViewer().ChannelRouterMenuItem.setEnabled(b); Control communication integrity –Components only talk with connected components Compile-time error in ArchJava –RouterDialog can only reference local connections –Call through architecture, reducing coupling Hypothesis: Enforcing communication integrity helps to reduce system coupling CircuitViewer MenuItem RouterDialog CircuitDisplayer

42 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava42 Reengineering Aphyds getDisplayer().getViewer().ChannelRouterMenuItem.setEnabled(b); Control communication integrity –Components only talk with connected components Compile-time error in ArchJava –RouterDialog can only reference local connections –Call through architecture, reducing dependencies Hypothesis: Enforcing communication integrity helps to reduce system coupling CircuitViewer MenuItem RouterDialog CircuitDisplayer

43 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava43 Reengineering Aphyds getDisplayer().getViewer().ChannelRouterMenuItem.setEnabled(b); Control communication integrity –Components only talk with connected components Compile-time error in ArchJava –RouterDialog can only reference local connections –Call through architecture, reducing coupling Hypothesis: Enforcing communication integrity helps to reduce system coupling CircuitViewer MenuItem RouterDialog CircuitDisplayer

44 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava44 Defect Repair Fix same Aphyds bug –First in ArchJava, then Java ArchJava version required more coding –Had to add new ports & connections Java took longer –Difficult to find object involved in fix –Even though I’d already fixed the bug in ArchJava! getDisplayer().placeroutedialog1.placeRouteDisplayer1.getCircuitGlobalRouter().doGlobalRouting(); Hypothesis: An explicit software architecture makes it easier to identify and evolve the components involved in a change.

45 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava45 Defect Repair Fix same Aphyds bug –First in ArchJava, then Java ArchJava version required more coding –Had to add new ports & connections Java version took longer –Difficult to find object involved in fix Had to traverse a sequence of hard-to-find field links –Even though we had already fixed the bug in ArchJava Hypothesis: An explicit software architecture makes it easier to identify and evolve the components involved in a change.

46 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava46 Defect Repair Fix same Aphyds bug –First in ArchJava, then Java ArchJava version required more coding –Had to add new ports & connections Java version took longer –Difficult to find object involved in fix Had to traverse a sequence of hard-to-find field links –Even though we had already fixed the bug in ArchJava Hypothesis: An explicit software architecture makes it easier to identify and evolve the components involved in a change.

47 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava47 Evaluation Questions Does ArchJava guarantee control communication integrity? –Yes Is ArchJava expressive enough for real systems? –Yes Can ArchJava aid software evolution tasks? –Preliminary experience suggests: ArchJava highlights refactoring opportunities ArchJava encourages loose coupling ArchJava may aid defect repair

48 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava48 Current & Future Work ECOOP ’02 –Formalization of language & properties –Case study : dynamically changing architecture OOPSLA ’02 –Specification of data sharing ownership type system [Clarke et al.] Further evaluate and refine language –More design and evolution experience –Distributed architectures –Flexible connections

49 May 22, 2002Jonathan Aldrich - ICSE '02 - ArchJava49 Conclusion ArchJava integrates architecture with Java code Control communication integrity –Keeps architecture and code synchronized Initial experience –ArchJava can express real program architectures –ArchJava may aid in software evolution tasks Download the ArchJava compiler and tools http://www.archjava.org/

Download ppt "ArchJava Connecting Software Architecture to Implementation Jonathan Aldrich Craig Chambers David Notkin University of Washington ICSE ‘02, May 22, 2002."

Similar presentations

A Method for Validating Software Security Constraints Filaret Ilas Matt Henry CS 527 Dr. O.J. Pilskalns.

A Method for Validating Software Security Constraints Filaret Ilas Matt Henry CS 527 Dr. O.J. Pilskalns.
© 2005 by Prentice Hall Chapter 13 Finalizing Design Specifications Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F. George.

© 2005 by Prentice Hall Chapter 13 Finalizing Design Specifications Modern Systems Analysis and Design Fourth Edition Jeffrey A. Hoffer Joey F. George.
Design by Contract.

Design by Contract.
Verification and Validation

Verification and Validation
Alternate Software Development Methodologies

Alternate Software Development Methodologies
Introduction to Databases

Introduction to Databases
Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.

Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Software Quality Assurance Inspection by Ross Simmerman Software developers follow a method of software quality assurance and try to eliminate bugs prior.

Software Quality Assurance Inspection by Ross Simmerman Software developers follow a method of software quality assurance and try to eliminate bugs prior.
Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.
Software Engineering COMP 201

Software Engineering COMP 201
Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.

Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.
Architectural Reasoning in ArchJava Jonathan Aldrich Craig Chambers David Notkin University of Washington ECOOP ‘02, 13 June 2002.

Architectural Reasoning in ArchJava Jonathan Aldrich Craig Chambers David Notkin University of Washington ECOOP ‘02, 13 June 2002.
Alias Annotations for Program Understanding Jonathan Aldrich Valentin Kostadinov Craig Chambers University of Washington.

Alias Annotations for Program Understanding Jonathan Aldrich Valentin Kostadinov Craig Chambers University of Washington.
21-February-2003cse403-14-Architecture © 2003 University of Washington1 Architecture CSE 403, Winter 2003 Software Engineering

21-February-2003cse Architecture © 2003 University of Washington1 Architecture CSE 403, Winter 2003 Software Engineering
ArchJava A software architecture tool –components –connections –constraints on how components interact Implementation must conform to architecture.

ArchJava A software architecture tool –components –connections –constraints on how components interact Implementation must conform to architecture.
End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI 48019-2122.

End-to-End Design of Embedded Real-Time Systems Kang G. Shin Real-Time Computing Laboratory EECS Department The University of Michigan Ann Arbor, MI
An Introduction to Rational Rose Real-Time

An Introduction to Rational Rose Real-Time
Chapter 9 – Software Evolution and Maintenance

Chapter 9 – Software Evolution and Maintenance

Similar presentations

Ads by Google