A Process Algebraic Approach to Software Architecture Design Alessandro Aldini (cid:129) Marco Bernardo Flavio Corradini A Process Algebraic Approach to Software Architecture Design 123 AlessandroAldini FlavioCorradini Universita`diUrbino Universita`diCamerino Ist.diScienzeeTecnologiedell’Informazione Dip.todiMatematicaeInformatica PiazzadellaRepubblica13 ViaMadonnadelleCarceri9 61029Urbino 62032Camerino Italy Italy [email protected] fl[email protected] MarcoBernardo Universita`diUrbino Ist.diScienzeeTecnologiedell’Informazione PiazzadellaRepubblica13 61029Urbino Italy [email protected] ISBN978-1-84800-222-7 e-ISBN978-1-84800-223-4 DOI10.1007/978-1-84800-223-4 SpringerLondonDordrechtHeidelbergNewYork BritishLibraryCataloguinginPublicationData AcataloguerecordforthisbookisavailablefromtheBritishLibrary LibraryofCongressControlNumber:2009931044 (cid:2)c Springer-VerlagLondonLimited2010 Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permittedundertheCopyright,DesignsandPatentsAct1988,thispublicationmayonlybereproduced, storedortransmitted,inanyformorbyanymeans,withthepriorpermissioninwritingofthepublish- ers,orinthecaseofreprographicreproductioninaccordancewiththetermsoflicensesissuedbythe CopyrightLicensingAgency.Enquiriesconcerningreproductionoutsidethosetermsshouldbesentto thepublishers. Theuseofregisterednames,trademarks,etc.,inthispublicationdoesnotimply,evenintheabsenceofa specificstatement,thatsuchnamesareexemptfromtherelevantlawsandregulationsandthereforefree forgeneraluse. Thepublishermakesnorepresentation,expressorimplied,withregardtotheaccuracyoftheinformation containedinthisbookandcannotacceptanylegalresponsibilityorliabilityforanyerrorsoromissions thatmaybemade. Coverdesign:KuenkelLopkaGmbH Printedonacid-freepaper SpringerispartofSpringerScience+BusinessMedia(www.springer.com) To Marilenaand Emma To Giuseppinaand Andrea To Monica,Alice,and Diego Preface Inthefieldofformalmethodsincomputerscience,concurrencytheoryisreceivinga constantlyincreasinginterest.Thisisespeciallytrueforprocessalgebra.Althoughit hadbeenoriginallyconceivedasameansforreasoningaboutthesemanticsofcon- current programs, process algebraic formalisms like CCS, CSP, ACP, π-calculus, andtheirextensions(see,e.g.,[154,119,112,22,155,181,30])weresoonusedalso forcomprehendingfunctionalandnonfunctionalaspectsofthebehaviorofcommu- nicatingconcurrentsystems. Thescientificimpactofprocesscalculiandbehavioralequivalencesatthebase ofprocessalgebraiswitnessednotonlybyaveryrichliterature.Itisinfactworth mentioningthestandardizationprocedurethatledtothedevelopmentoftheprocess algebraiclanguageLOTOS[49],aswellastheimplementationofseveralmodeling andanalysistoolsbasedonprocessalgebra,likeCWB[70]andCADP[93],some of which have been used in industrial case studies. Furthermore, process calculi andbehavioralequivalencesarebynowadoptedinuniversity-levelcoursestoteach the foundationsofconcurrentprogrammingaswell as the model-drivendesign of concurrent,distributed,andmobilesystems. Nevertheless, after 30 years since its introduction, process algebra is rarely adopted in the practice of software development.On the one hand, its technicali- ties often obfuscate the way in which systems are modeled. As an example, if a processtermcomprisesnumerousoccurrencesoftheparallelcompositionoperator, itishardtounderstandthecommunicationschemeamongthevarioussubterms.On the other hand, process algebra is perceived as being difficult to learn and use by practitioners, as it is not close enough to the way they think of software systems. Forinstance,processalgebrainherentlysupportscompositionalityandabstraction, butitdoesnotsupportwidespreadparadigmslikeobjectorientationandcomponent orientation.Asaconsequence,processalgebracannotcompetewithcommonlyac- ceptednotationslikeUML,althoughitismorerobustthanthem. Some years ago, we thus began to address the following problem:How to en- hancetheusabilityofprocessalgebra? We think thatan answer to this questionshould take the followingthreeissues intoaccount.Firstly,itisnecessarytosupportafriendlycomponent-orientedwayof vii viii Preface modelingsystemswithprocessalgebra,sothatthesoftwaredesignercanreasonin termsofcomposablesoftwareunitswithouthavingtoworryaboutprocessalgebra technicalities.Secondly,itisnecessarytoprovideanefficientcomponent-oriented wayofanalyzingfunctionalandnonfunctionalpropertiesofsystemsmodeledwith process algebra, and to return component-oriented diagnostic information in the casethatpropertyviolationsaredetected.Thirdly,itisnecessarytointegrateprocess algebrainthesoftwaredevelopmentprocess,whichamountstosingleoutthephases inwhichitcanbeusefullyemployed. Startingfromthelastissue, we believethata goodchoiceis thatofworkingat thesoftwarearchitecturelevelofdesign.Infact,asoftwarearchitectureelucidates the elementsconstitutinga system, their interactions,and the constraintson those elements and their interactions that provide a framework in which to satisfy the requirementsandserveasabasisforthesubsequentdevelopmentphases[169,184]. Sincethefocusisnotonalgorithmsanddatastructures,butonsoftwarecomponents andconnectors,asimplicitlydemonstratedin[18]thisistherightabstractionlevel foraformaldescriptiontechniquelikeprocessalgebra. We also believe that using process algebra in the architectural design phase is beneficial for the development process. The architecture of a software system is typicallyrepresentedasadocumentexpressedinsomegraphicalmodelingnotation orarchitecturaldescriptionlanguage.Thisdocument,whichshowssystemstructure andbehavioratahighlevelofabstraction,shouldbesharedbyallthepeoplewho contributetothevariousphasesofthesoftwaredevelopmentprocess.Thankstoits precisesemanticsanditsverificationtechniques,processalgebracanplayarolein theformalizationofthisdocument.Inparticular,itopensthewaytothepossibility ofanalyzingbehavioralpropertiesintheearlystagesofsoftwaredevelopment[45], whichhasthe advantageof avoidingdelaysandcoststhatmaybeincurreddueto thelatediscoveryoferrors. Inviewofsuchanarchitecturalupgradeofprocessalgebra,ouroriginalquestion can be refinedasfollows: Howto transformprocess algebraintoan architectural descriptionlanguage?Howto drive the whole software developmentprocess with theresultingprocessalgebraicarchitecturaldescriptionlanguage? The second part of the book is devoted to answering these two questions. This is accomplishedby constructinga processalgebraic architecturaldescription language and endowing it with a number of methods dealing with component- oriented functional verification, component-oriented performance evaluation, and thearchitecture-levelintegrationofdependabilityandperformance. The second part comprises of four chapters. In Chap. 4, we provide a number of guidelinesfor transformingprocessalgebrainto a full-fledgedarchitecturalde- scription language called PADL. In Chap. 5, we illustrate MISMDET, a topologi- calreductionprocessforthedetectionofarchitecture-levelmismatches,whichre- lies on behavioral equivalences and exploits their congruence properties for effi- ciency reasons and their modallogic characterizationsfor diagnostic purposes. In Chap. 6, we present PERFSEL, a procedure for the performance-driven selection among alternative architectural designs, which is based on equipping process al- gebraic architectural descriptions with queueing network models allowing for the Preface ix assessmentofsystem-levelandcomponent-levelperformancemeasures.Finally,in Chap.7wediscussDEPPERF,amethodologyfortradingdependabilityfeaturesand performanceindicesinthearchitecturaldesignphase,whichbuildsonequivalence- checking-basednoninterferenceanalysisandstandardnumericaltechniques. The first part of the book instead provides backgroundmaterial on syntax and semantics for process calculi as well as on the bisimulation approach [168,113], the testing approach[82,111], and the trace approach[57] to the definitionof be- havioralequivalences.Thisisusefulforadeeperunderstandingofthesecondpart, asitreportsonmanyconceptsandresultsofprocessalgebratheoryinaquickand comparativeway. Thefirstpartcomprisesofthreechapters.InChap.1,weintroduceaprocesscal- culusinwhichnonotionoftime,probability,orpriorityisassociatedwithactions. Inordertorepresentreal-timesystems,inChap.2wediscusstwodeterministically timed extensions of the original process calculus. The first one allows for delays betweenthe executionofconsecutiveactions,whereasthesecondoneassignsdu- rationsto actions,with bothdelaysanddurationsbeingexpressedthroughnatural numbers.In orderto representshared-resourcesystems, in Chap. 3 we illustrate a stochasticallytimedextensionoftheoriginalprocesscalculus,inwhichactionsare durational.Sincedurationsarequantifiedthroughexponentiallydistributedrandom variables,thestochasticprocessgoverningthesystemevolutionovertimeturnsout tobeacontinuous-timeMarkovchain. InChaps.1and3,wealsoshowcongruenceproperties,soundandcompleteax- iomatizations,modallogiccharacterizations,andverificationalgorithmsfornonde- terministicandMarkovianversionsofbisimulation,testing,andtraceequivalences. Moreover,following and extending[98], both in the nondeterministiccase and in theMarkoviancasewecomparethediscriminatingpoweroftheconsideredbehav- ioralequivalencesandsomeoftheirvariants.Incontrast,inChap.2weconcentrate onlyonthepropertiesofthebisimulationapproach.Then,weexaminedifferentop- tions related to the representation of time and time passing – durationless actions versusdurationalactions,relativetimeversusabsolutetime,globalclockversuslo- cal clocks– as well as eager,lazy,and maximalprogressinterpretationsof action execution,inordertostudytheirexpressiveness. Thisbookisintendedforgraduatestudentsandsoftwareprofessionals.Itcovers differenttopicssuchasconcurrencytheory,softwarearchitecture,systemmodeling and verification,and dependabilityand performanceevaluation.These topicsmay seemunrelated,butinrealitytheyaredeeplyintertwinedandshouldallbepartof an integrated view in order to manage successfully the increasing complexity of recentsoftwaresystems.Althoughitcanbeusedinacourseonformalmethodsin computerscience,thebookdoesnotfocusonlyontheoreticalaspects.Infact,italso addresses methodological issues and contains application examples. Moreover, it givesthesameimportancetofunctionalandnonfunctionalaspectsofsystems,inan attemptto overcomethe drawbacksarisingfromtheirseparateconsideration[88]. The book can thus be used also in a course on model-driven design of software architectures,inwhichcaseonlyitssecondpartmaybepresented,withconceptsof itsfirstpartbeingrecalledwhenevernecessary. x Preface WewishtothankourcolleaguesattheUniversitiesofUrbinoandCamerino,as wellasourformercolleaguesattheUniversitiesofBologna,L’Aquila,andTorino, formanyfruitfuldiscussionsovertheyears. We are gratefulto all the peoplewith whomwe have collaboratedin the fields of process algebra and software architecture, in particular: Simonetta Balsamo, Antonia Bertolino, Edoardo Bonta`, Mario Bravetti, Nadia Busi, Diletta Romana Cacciagrano, Paolo Ciancarini, Rance Cleaveland, Rocco De Nicola, Maria Rita DiBerardini,AlessandraDiPierro,LorenzoDonatiello,FrancescoFranze`,Roberto Gorrieri,PaolaInverardi,JeffKramer,JeffMagee,HenryMuccini,MarcoPistore, Marina Ribaudo, Marco Roccetti, Marta Simeoni, Angelo Troina, Walter Vogler, andAlexWolf. ManythanksalsotoErikdeVink,DiegoLatella,MicheleLoreti,MiekeMassink, Henry Muccini, and Jeremy Sproston for their kind willingness to review early drafts of the book, and to Vittorio Cortellessa for having given on several occa- sionstheopportunitytothesecondauthorofpresentingthesecondpartofthebook asalectureseriesattheUniversityofL’Aquila. Finally,wewouldliketothankourfamiliesfortheirpatienceandtolerancedur- ingthewritingofthisbook. Urbino,Italy AlessandroAldini Urbino,Italy MarcoBernardo Camerino,Italy FlavioCorradini