John Penix and Perry Alexander
Knowledge-Based Software Engineering Lab
Department of Electrical & Computer Engineering and Computer Science
University of Cincinnati, Cincinnati, Ohio 45221-0030
Tel: (513) 556-0267,(513) 556-4762
Email:
jpenix@ececs.uc.edu
alex@ececs.uc.edu
We have been exploring the use of formal specifications to support two reuse related activities of design at the specification level: 1) identification and retrieval of library components, and 2) identification of structures (or architectures) available for adapting or composing these components.
Specification matching to determine component reusability can be carried out using an automated theorem prover. However, attempting specification matching over a large library of components is not a practical retrieval mechanism. Therefore, matching must be restricted to a small subset of the database. We have developed a heuristic for approximating specification matches that indicate component reusability that is based on the semantics of the specifications.
Support for component adaptation and composition can be provided by the use of architecture theories. Architecture theories abstract away implementation details of an architecture and focus on the relationship between the behavior of a system and the behavior of its subcomponents. This relationship is captured via a collection of axioms which constrain the system in terms of the component specifications. Architecture theories can be used to support both top-down and bottom-up design. Automated support is being developed by integrating existing specification and theorem proving tools.
Keywords: Formal specifications, specification-based component retrieval, formal architecture representations.
Workshop Goals: Share ideas; Expand connections in the reuse community.
Working Groups: Rigorous Behavioral Specification as an Aid to Reuse; Domain Engineering Tools; Reuse of the Earliest Life-Cycle Artifacts;
For the past four years, we have been exploring the use of formal specifications for assisting high-level hardware/software system design. As part of a this effort, we have been developing tools to support two reuse related activities of design at the specification level: 1) identification and retrieval of library components pertinent to the problem at hand, and 2) identification of structures (or architectures) available for adapting or composing these components. We currently have a prototype component classification/retrieval system, REBOUND [1, 2]. REBOUND classifies components based on their formal specifications. The classification method ensures that components likely to match for reuse are classified similarly. We are currently extending the system with a formal model of architecture to support component adaptation and composition. These activities are the first author's ongoing Ph.D. studies.
Formal specification and component reuse are two methodologies that show high potential impact on design productivity and reliability. Furthermore, the two are mutually beneficial. Reuse has a larger potential impact at early stages in the design process while formal specifications allow increased automation of the reuse process. Adoption of these technologies requires significant investment in building libraries, educating designers and constructing domain models. Therefore, to make this investment economically attractive, there is a need for methodologies and automated tools to support design activities, especially reuse, at the specification level to make this investment economically attractive.
Formal interface specifications describe the functionality that is encapsulated by a component. By matching this description against a requirements specification, we can determine whether a component provides the correct functionality to be used within a system. This is an instance of specification matching [3, 4], applying formal reasoning to verify that a logical relationship holds between two specifications. Specification matching can be applied to determine component reusability using an automated theorem prover. However, attempting specification matching over a large library of components is not a practical retrieval mechanism [3]. Therefore, specification matching must be restricted to a small subset of the database.
We have developed a heuristic for approximating specification matches related to reusability, thereby identifying a subset of the library to undergo more detailed evaluation. A feature-based indexing scheme is used to classify components and allow efficient retrieval. Classification is automated by using formal descriptions that define the possible features that can describe a component. These definitions control the classification scheme in place of a human domain expert. A feature is assigned to a component if a corresponding predicate is logically implied by the component specification. This method of assigning features ensures that components more likely to match reuse criteria will have similar feature sets. Full scale specification matching, using automated theorem proving, can be applied to the retrieved components to precisely evaluate their reusability.
Our insight into the problem of automating component retrieval was gained by viewing software reuse as a case-based reasoning activity. The indexing schemes of case-based reasoning resemble the faceted classification schemes used for software library classification. However, case-based systems go one step further by allowing automation of the classification scheme. Our methodology integrates this level of automation into the formal framework provided by the component specifications. The result is a unique method for reasoning about component functionality and component classification using a common formal representation.
A prototype implementation of feature-based retrieval, REBOUND, has been implemented to demonstrate the possibility of efficient specification-based retrieval[1]. The prototype is implemented in REFINE [5] and includes a forward chaining system that provides the inference necessary for component classification. Tight integration with the automated reasoning system provided added efficiency by combining the automated proofs required for classification into a single proof. We are currently investigating ways to integrate REBOUND with an existing automated theorem prover to increase the tool's deductive power. Future experiments will evaluate REBOUND's potential for supporting efficient reuse among multiple domain theories and the effects of different classification schemes on retrieval performance.
It is naive to assume that component retrieval will always result in a component that satisfies a problem specification. It is most likely that the component will require adaptation, or that multiple components will be combined to solve the problem. An architecture provides a mechanism for implementing the function of a component in terms of other components. Therefore, architectures can be used to adapt components in two ways. The first is by placing the component into an architecture that adds functionality provided by other components. Alternatively, if a component is a system implemented by an architecture, one of its subcomponents can be modified or replaced, thereby changing the behavior of the entire system.
Architectures can be very complex structures. There are various aspects which distinguish an architecture, such as the level at which the components are implemented (function, object, package, process, etc..) and the organization of the interconnections (client/server, pipeline, blackboard, etc.). At the specification level we believe the distinguishing aspect of an architecture is the relationship between the function of the components and the function of the system. At this level, the manner in which component interaction is implemented is not important. For example, we would like to specify the precise component behavior that is required to guarantee correct system-level behavior. In addition, there should be some traceablity between the system and component level functionality. Therefore, high level architecture specifications should focus on capturing this relationship.
With this in mind, we have extended Smith and Lowry's work on using algorithm theories to specify the structure of algorithms [6, 7, 8] to specify the structure of architectures. An architecture theory constrains the behavior of a system in terms of the behavior of its subcomponents via a collection of axioms. These axiomatic constraints can be used in both a top-down and a bottom-up manner. Given a system specification, an architecture theory, and a subset of the required components, we can determine the functionality required in the missing components. Conversely, given a collection of components and an architecture theory, we can determine the functionality of the system constructed by plugging the components into the architecture. Given this flexibility, we believe that support for component adaptation and composition can be provided by the use of architecture theories. We are currently testing this hypothesis by integrating these ideas into the REBOUND system. Automated tool support is being provided by integrating existing specification and theorem proving tools.
The related work can be broken into two different groups. The first focuses on specification-based component retrieval. The second involves formal representation of architectures and automated support for component composition.
There is a large body of work dedicated to using formal specifications to aid component retrieval and reuse. Most of the approaches provide a mechanism limit the application of specification matching by arranging the library in a hierarchy [9, 10] or a lattice [11, 12] based on specification generality. However, the foremost concern in these systems remains the effect of the theorem proving on the scalability of retrieval [12].
The VDM-based Component Retrieval tool, VCR [13] is an exception. VCR uses a series of filters to identify reusable components. This tool is novel in its use of model checking as one of the search filters. Before running the theorem prover to check the reuse match conditions, they are first checked by searching for a model in a small part of the specification theory. Since it is necessary for such a model to exist for the conditions to hold, only those components that pass the model checking stage need to be checked in the entire theory. To reduce the search space during specification matching, the matching conditions are broken up and linked with an appropriate set of axioms. The prototype VCR implementation confirms that specification matching can be made more efficient. However, the recall (retrieved components/useful components) of the prototype was limited by signature matching. A specification-based classification scheme could replace signature matching and widen the search to increase recall.
The Inquire retrieval mechanism [14] within the Inscape environment supports retrieval based on specification predicates. Due to its use of predicates, Inquire is superficially similar to REBOUND . In Inscape, preconditions and postconditions for components are formulated in terms of a given set of formally defined logical predicates. An inference mechanism is used during the retrieval process to retrieve components that provide the various predicates. The formal predicate definitions are useful as unambiguous descriptions of the predicate vocabulary. The prototype implementation was reported to work very well, but with a restricted specification language. The restricted language reduces the inference power necessary for component retrieval. The REBOUND system described here, uses a reversed approach from Inscape. Interface specifications are defined in full first-order logic. The formally defined features (predicates) are then assigned to the specifications if they are logically implied by the specification. In REBOUND the predicates are not the complete specification of the component, but represent various aspects of the component's function. Because classification predicates do not have to be useful as specification predicates, they can be more abstract, allowing flexibility in the types of similarity that can be represented. In addition, using a more expressive specification language allows precise evaluation of reusability.
Formalisms have recently been introduced to make software architecture a more rigorous activity [15, 16, 17]. Component interfaces and interconnections can be defined and augmented with formal specifications. Formal languages, such as process algebras, can be used to formally specify component interactions. This provides a formal basis for a design activity that has been historically informal.
The existing formal models of software architecture are relatively new and not yet general. Most efforts in formalizing architecture are targeted at specific architectural styles (pipe-filer, client-server, etc), and not with the problem decomposition aspects of architecture. We required a representation for architectures that relates the operation of the system to the operation of the subcomponents independent of the style in which the architecture is implemented. For this reason, we decided to extended Smith and Lowry's work on specifying the structure of algorithms [6, 7, 8] to specify the structure of architectures. Formal models of architectural style will provide a formal link between an architecture theory and an architecture schema which implements the theory.
John Penix is a Ph.D. Candidate in the Department of Electrical and Computer Engineering and Computer Science at the University of Cincinnati. He received a B.S. in Electrical Engineering from the University of Cincinnati in 1993. His dissertation work is focusing on the use of formal specifications to assist component reuse and the application of software architectures. His research interests include formal specification tools and environments, software reuse, and automated software engineering. John is a student member of IEEE and ACM.
Perry Alexander is an assistant professor of Electrical and Computer Engineering and Computer Science and director of the Knowledge-Based Software Engineering Laboratory at the University of Cincinnati. He received the Ph.D. in Electrical and Computer Engineering, the MSEE, BSEE and BSCS from the University of Kansas, Lawrence, Kansas. His research interests include design theory, software synthesis, formal specification, formal verification and case-based reasoning. Prior to joining the faculty at UC, he was a staff software engineer for the Center for Excellence in computer Aided Systems Engineering. Perry is a member of IEEE, ACM, Sigma Xi and is currently chair of the Systems Evaluation working group of the IEEE Engineering of Computer Based Systems Engineering Technical Committee.