Modular reasoning in the presence of event subtyping
Modular reasoning in the presence of event subtyping Mehdi Bagherzadeh Robert Dyer Rex D. Fernando Jose Sanchez Hridesh Rajan 14 th international conference on Modularity 1
Event types: separation of crosscutting concerns subject (base) event type announce observer (crosscutting) observer invoke • a subject announces an event (using announce expression) • observers (zero or more) register for the event • observers run in a chain, when the event is announced, and can invoke each other (using invoke expressions)
Modular reasoning about behavior subject (announce ev) ev ob announce ev ev observer (invoke) observer • Modular subject reasoning : {P} announce ev {? } using only subject implementation and event ev • Modular observer reasoning : {P} invoke {? } using only observer implementation and event ev
Event specification, previous work ob 1 announce ev ev P P invoke Q P ob 2 observer Q spec (P, Q) specify • Modular subject reasoning : {P} announce ev {Q} • Modular observer reasoning : {P} invoke {Q} Q
Event subtyping ev’ observer subtype announce ev ev observer For observer reuse, announcement of ev runs not only its observers but also all observers of its superevents.
Subject modular reasoning & event subtping ev’ (P’, Q’) announce ev ev (P, Q) Can we still say {P} announce ev {Q} ? NO
Observer modular reasoning & event subtyping ev’ (P’, Q’) ob invoke ev (P, Q) Can we still say {P} invoke {Q} ? NO
Problems of modular reasoning in presence of event subtyping 1. Combinatorial reasoning 2. Behavioral invariance
Combinatorial reasoning problem ev’ (P’, Q’) announce ev ev (P, Q) {P} announce ev {? }
Combinatorial reasoning 1 ev’ (P’, Q’) ob announce ev ev P Q (P, Q) {P} announce ev {Q} ob’ P’ Q’
Combinatorial reasoning 2 ev’ (P’, Q’) announce ev ob’ ev Q’ (P, Q) {P} announce ev {Q’} if P => P’ P’ ob P Q
Combinatorial reasoning ev’ (P’, Q’) announce ev ev (P, Q) {P} announce ev {Q or Q’ or Q ∞ Q’} – all execution orders of observers must be considered. – caused by arbitrary execution orders of observers
Behavioral invariance problem ob’ invoke ev’ (P’, Q’) ob invoke ev (P, Q) ob: {P} invoke {? } ob’: {P’} invoke {? }
Behavioral invariance 1 ev’ (P’, Q’) ob ev P P invoke Q Q (P, Q) ob: {P} invoke {Q} requires (P => P’ and Q’ => Q) ob’ P’ Q’
Behavioral invariance 2 ev’ (P’, Q’) ob’ ev P’ P’ invoke Q’ Q’ (P, Q) ob’: {P’} invoke {Q’} requires (P’ => P and Q=> Q’) ob P Q
Behavioral invariance ob ev’ (P’, Q’) (P, Q) P invoke Q ob’ ev P P’ P’ invoke Q’ Q’ P’ Q’ ob P Q ob runs before ob’ P => P’ and Q’ => Q ob’ runs before ob P’ => P and Q => Q’ arbitrary execution order P = P’ and Q = Q’
Solution 1. Non-decreasing relation on execution orders of observers of an event and its superevents Problem: arbitrary execution orders of observers 2. Refining relation among event specifications of an event and its superevents. Problem: unrelated behaviors of observers
Non-decreasing order ob’ observer ev’ non-decreasing ob ev observer An observer ob of ev run before any observer ob’ of ev’. – Backward compatible: observers of ev run according to their dynamic registration order.
Refining relation, behavior P’ ev’ (P’, A’, Q’) strengthen Q’ refines P ev weaken (P, A, Q) Q 1. Behavior of an event refines the behavior of its superevent. – P => P’ && Q’ => Q (P strengthens P’ and Q weakens Q’) – inverse of blackbox behavioral subtyping
Refining relation, control pe’ (R’, S’) ev’ (P’, A’, Q’) A’ refines ev (P, A, Q) A pe (R, S) 2. Control effects of an event refines control effects of its superevents – Behavior (R, S) refines its corresponding (R’, S’) as shown previously – program expression pe textually refines corresponding pe’. – Blackbox behavioral subtyping does not control effect refinement.
Combinatorial reasoning solved ob ev’ (P’, Q’) announce ev ev ob’ Q ob’ (P, Q) P P’ Q’ ob P Q {P} announce ev {Q} Non-decreasing relation: observer ob’ cannot run before ob.
Behavioral invariance solved P’ ob’ ev’ (P’, Q’) ev P P invoke Q P Q Q’ ob (P, Q) ob ob’ Q {P} invoke {Q} Refining relation: P => P’ && Q => Q’ P’ Q’
Non-decreasing alone ob ev’ (P’, A’, Q’ ) P invoke Q ob’ ev P P’ P’ invoke Q’ Q’ P’ Q’ ob P Q Non-decreasing alone: does not allow ob’ to run before ob, but does not guarantee (P => P’ and Q => Q’ ).
Refining alone ob ev’ (P’, A’, Q’ ) P invoke Q ob’ ev P P’ P’ invoke Q’ Q’ P’ Q’ ob P Q Refining alone: guarantees (P = >P’ and Q => Q’ ) but does not guarantee that ob’ does not run before ob.
Modular reasoning is enabled ob’ invoke ev’ 1 non-decreasing (P’, A’, Q’) announce ev ev 2 refining ob invoke (P, A, Q) {P} announce ev {Q} ? Yes ob: {P} invoke {Q} ? Yes ob’: {P’} invoke {Q’} ? Yes
Control effect reasoning Our technique enables modular reasoning about control effects in addition to reasoning about behaviors.
Applicability Applicable to other event-based systems including: • joint point types • Joint point interfaces
Summary Problems in modular reasoning in the presence of event subtyping: 1. Combinatorial reasoning 2. Behavioral invariance Solution: 1. Non-decreasing relation for observers’ execution order 2. Refining relation for event specifications
Thank you & Questions 29
- Slides: 30