Component composition errors and update atomicity: static analysis

Authors

  • J. Adamek,

    Corresponding author
    1. Department of Software Engineering, Faculty of Mathematics and Physics, Charles University, Malostranské námesti 25, 118 00 Prague, Czech Republic
    • Department of Software Engineering, Faculty of Mathematics and Physics, Charles University, Malostranské námesti 25, 118 00 Prague, Czech Republic
    Search for more papers by this author
  • F. Plasil

    1. Department of Software Engineering, Faculty of Mathematics and Physics, Charles University, Malostranské námesti 25, 118 00 Prague, Czech Republic
    2. Academy of Sciences of the Czech Republic, Institute of Computer Science, Prague, Czech Republic
    Search for more papers by this author

Abstract

Dynamic evolution inherently involves dynamic update and the issue of its atomicity. We show how this issue can be addressed in a similar manner to a communication failure via an extension to behavior protocols. First, we discuss the problem of defining a composition operator for behavior protocols so as to be able to reflect communication failures. Classical architecture description languages (ADLs) supporting behavior description, such as Wright and TRACTA, use a CSP-like parallel composition, which inherently yields only ‘successful traces’ ignoring non-accepted communication attempts. We show that component composition can produce several different types of behavior errors: bad activity, no activity, and divergence. The key idea behind bad activity is that real programs typically have an asymmetry of roles during event exchange: the caller is considered to be the initiator of the call while the callee has only a passive role. This contrasts with most formal systems, which treat communication symmetrically. We propose a new composition operator, ‘consent’, which reflects these types of errors by producing erroneous traces. By using the consent operator it can be statically determined whether the atomicity of a dynamic update of a component is implicitly guaranteed by the behavior of its current environment. Copyright © 2005 John Wiley & Sons, Ltd.

Ancillary