Distribution of a simple shared dataspace architecture

We study a simple software architecture, in which components are coordinated by writing into and reading from a global set. This simple architecture is inspired by the industrial software architecture Splice. We present two results. First, a distributed implementation of the architecture is given and proved correct formally. In the implementation, local sets are maintained and data items are exchanged between these local sets. Next we show that the architecture is sufficiently expressive in principle. In particular, every global specification of a system's behaviour can be divided into components, which coordinate by read and write primitives on a global set only. We heavily rely on recent concepts and proof methods from process algebra.     

An ACL for a Dynamic System of Agents

In this article we present the design of an ACL for a dynamic system of agents. The ACL includes a set of conversation performatives extended with operations to register, create, and terminate agents. The main design goal at the agent–level is to provide only knowledge–level primitives that are well integrated with the dynamic nature of the system. This goal has been achieved by defining an anonymous interaction protocol which enables agents to request and supply knowledge without considering symbol–level issues concerning management of agent names, routing, and agent reachability. This anonymous interaction protocol exploits a distributed facilitator schema which is hidden at the agent–level and provides mechanisms for registering capabilities of agents and delivering requests according to the competence of agents. We present a formal specification of the ACL and of the underlying architecture, exploiting an algebra of actors, and illustrate it with the help of a graphical notation. This approach provides the basis for discussing dynamic primitives in ACL and for studying properties of dynamic multi agent systems, for example concerning the behavior of agents and the correctness of their conversation policies.     

软件体系结构性能评价研究

1 引言随着软件规模和复杂程度不断地扩大和增加,软件开发的成败已不再完全取决于数据结构和软件算法的选择,而是在很大程度上取决于软件系统体系结构(Software Architecture)的设计。软件体系结构已经成为一个新兴的计算机学科。所谓的软件体系结构是问题解决方案的逻辑框架,它包括系统中各计算单元(组件)的功能分配、各单元间的高层交     

Design of Ada Systems Yielding Reusable Components: An Approach Using Structured Algebraic Specification

Our experience with design of Ada¹ software has indicated that a methodology, based on formal algebra, can be developed which integrates the design and management of reusable components with Ada systems design. The methodology requires the use of a specification language, also based on formal algebra, to extend Ada's expressive power for this purpose. We show that certain requirements for the use of Ada packages which cannot be expressed in Ada can be expressed in algebraic specification languages, and that such specifications can then be implemented in Ada.     

基于进程代数的安全软件体系结构建模

分析了基于进程代数的软件体系结构模型的安全性,将相容性检查和互操作性检查从单个软件体系结构推广到不同风格的体系结构风格,扩展基于进程代数的软件体系结构描述语言,通过顺序进程代数项族和预定义的体系结构类型调用对软件体系结构安全建模。通过一个例子介绍了这种建模方法。     

Adaptive socio-technical systems: a requirements-based approach

A socio-technical system (STS) consists of an interplay of humans, organizations, and technical systems. STSs are heterogeneous, dynamic, unpredictable, and weakly controllable. Their operational environment changes unexpectedly, actors join and leave the system at will, actors fail to meet their objectives and under-perform, and dependencies on other actors are violated. To deal with such situations, we propose an architecture for STSs that makes an STS self-reconfigurable, i.e., capable of switching autonomously from one configuration to a better one. Our architecture performs a Monitor-Diagnose-Reconcile-Compensate cycle: it monitors actor behaviors and context changes, diagnoses failures and under-performance by checking whether monitored behavior is compliant with actors goals, finds a possible way to address the problem, and enacts compensation actions to reconcile actual and desired behavior. Compensation actions take into account the autonomy of participants in an STS, which cannot be controlled. Our architecture is requirements driven: we use extended Tropos goal models to diagnose failures as well as to identify alternative strategies to meet requirements. After presenting our conceptual architecture and the algorithms, it is founded upon; we describe a prototype implementation applied to a case study concerning smart-homes. We also provide experimental results that suggest that our architecture scales well as the size of the STS grows.     

Parallel-architecture-directed program transformation

The widespread use of parallel machines has been hampered by the difficulty of mapping applications onto them effectively. The difficulty arises because current programming languages require the programmer to specify a problem to be solved at a low level of abstraction in an imperative form. Thus the programmer must immediately encode an architecture-specific algorithm detailing every communication and calculation. This process is prone to error and complicates the reuse of software.

An alternative approach is to specify the problem to be solved at a high-level in a functional language. Meaning-preserving program transformations can then be used to derive a parallel algorithm. Such algorithms can be run on parallel graph-reduction or dataflow machines which automatically exploit the implicit parallelism in a functional language program. Such automatic decomposition techniques, however, are not yet capable of fully yielding the extra performance offered by the parallel hardware.

We show how, by including an architecture specification with the problem specification, and extending the amount of transformation performed, it is possible to produce functional language code that explicity expresses the calculations and communications to be performed by the processors. This simplifies compilation, yields faster programs and enables parallel software to be developed for a wide variety of parallel computer architectures.

A goal-seeking transformation methodology has been developed which enables a high-level functional specification of the problem and a high-level functional abstraction of the target computer architecture to be systematically manipulated to produce an efficient parallel algorithm tailored to the target architecture. As the transformations start from very high-level specifications, the discovery of new algorithms is facilitated.

A case study is used to demonstrate the effectiveness of the technique. We show how a high level specification for sort can be transformed with a pipeline architecture specification to give a mergesort and how the same specification with a dynamic-message-passing architecture specification can be transformed to a novel parallel quicksort.     

Specification of communicating processes: temporal logic versus refusals-based refinement

In this paper we consider the relationship between refinement-oriented specification and specifications using a temporal logic. We investigate the extent to which one can check whether a program in a process algebra, such as Communicating Sequential Processes (CSP), satisfies a temporal logic specification using a refinement-based model checker, such as FDR. We consider what atomic formulae are appropriate in a temporal logic for specifying communicating processes, in particular where one wants to talk about the availability of events. We then show that, perhaps surprisingly, the standard stable failures model is not adequate for capturing specifications in such a logic: instead the refusal traces model must be used. We formalise the logic by giving it a semantics in this model. We show that the temporal operators eventually and until, and negation, cannot, in general, be tested for via simple refinement checks. For the remaining fragment of the logic, we present a translation into simple refinement checks. Finally, we show that refusal traces equivalence is characterised by a slightly augmented version of that fragment. M. J. Butler     

A group membership algorithm with a practical specification

Presents a solvable specification and gives an algorithm for the group membership problem in asynchronous systems with crash failures. Our specification requires processes to maintain a consistent history in their sequences of views. This allows processes to order failures and recoveries in time and simplifies the programming of high level applications. Previous work has proven that the group membership problem cannot be solved in asynchronous systems with crash failures. We circumvent this impossibility result building a weaker, yet nontrivial specification. We show that our solution is an improvement upon previous attempts to solve this problem using a weaker specification. We also relate our solution to other methods and give a classification of progress properties that can be achieved under different models     

基于组件应用服务器的对象容错服务

组件应用服务器框架是一种特定形式的分布式对象系统平台,要求成为高可靠性的系统.这里指的可靠性主要是指错误容忍和错误恢复两个特性.本文的主要目标是建立基于分布式对象的组件应用服务器的软件容错服务框架.我们采用一种名叫对象容错服务(OFS)的办法解决对象容错,我们解决的问题包括:对象失效、节点错误、网络隔离和不可预知的通信延迟等.本文介绍了OFS的服务规范,并给出了一个OFS实现的系统结构.     

基于组合连接器的潜在无限动态结构的规范

动态软件体系结构的建模与分析是复杂软件系统设计的一个重要问题。基于体系结构描述语言Wright,提出了一种规范潜在无限动态结构的形式化方法。为了便于使用递归机制,引入了组合连接器和动态角色的概念,从而实现了动态体系结构的逐层展开。实例说明,该方法能为动态体系结构的设计提供一种增量式的开发方式,适用于连接器重用的目的。     

以体系结构为中心的模型转换的语义描述框架

在对类型范畴理论进行扩展的基础上,将其与进程代数相结合,为软件体系结构模型及其间的转换关系提供了一种统一的语义描述框架.模型的结构语义由类型范畴图表来指代,其行为语义则由范畴附带的进程行为迹来表示,模型间的映射关系用范畴理论中的态射和函子来形式化描述.该描述框架可用于模型转换中特性保持问题的描述、分析和判定,从而为模型驱动的软件开发提供有力的支持.     

Abstract data types for the logical modeling of complex data

In this paper we propose a logical data model for complex data. Our proposal extends the relational model by using abstract data types for domains specification and an extended relational algebra is also introduced. The introduction of the parameterized type Geometry(S), where S is a ground set of elements, allows the representation of complex aggregated data. As an example, we discuss how our model supports the definition of geographical DBMSs. Moreover, to show the generality of our approach, we sketch how the model can be used in the framework of statistical applications.     

Declarative specification of the architecture of a software development environment

There is an increasing interest in the study of software architectures; however, it still unclear which kind of formalisms and techniques should be used in their design. We study the suitability of a rule-based, parallel logic language in the specification of the architecture of a complex software system, i.e. a software development environment. We have used as a case study SMILE, an environment for programming-in-the-large. Because of the declarative, concurrent and object-oriented features of parallel logic programming, we have been able to design a software architecture that emphasizes the dynamics of co-ordination inside the software development environment. The result of this experience shows the usefulness and some weaknesses of logic languages for specifying and prototyping the software architecture of a distributed interactive system.     

支持设计时重用软件的反射式软件体系结构及PMB协议研究

给出了支持软件体系结构设计时重用的反射式软件体系结构,描述了反射式软件体系结构的元级软件体系结构和基级软件体系结构之间进行交互和互操作的协议PMB,基于软件规格语言Object-Z对PMB协议进行了形式化描述。     

嵌入式系统软硬件协同验证中软件验证方法

随着集成电路及计算机技术的发展,嵌入式系统设计变得越来越复杂．复杂的嵌入式系统设计,通常采用验证的手段检验系统设计的正确性,硬件验证通常是在硬件设计描述的基础上建立用于模拟硬件功能的硬件模拟器;软件验证常用的方法是建立处理器功能模型(指令集模拟器ISS),逐条解释嵌入式软件在目标机器上的执行过程,产生模拟输出,驱动外围电路(即硬件设计)．指令集模拟器从底层时序关系模拟嵌入式软件在目标CPU上运行过程．对于复杂嵌入式系统设计,ISS模拟速度通常成为协同模拟瓶颈．基于RTOS的嵌入式软件快速验证方法可以有效地提高软件模拟速度,扩展RTOS功能,适应协同模拟需要,建立硬件模拟驱动,实现软件和硬件模拟器通信连接和协同模拟同步控制．基于RTOS的嵌入式软件验证方法以编译代码模型为基础,从系统行为级验证嵌入式软件功能,验证速度快．在实际应用中,该方法和ISS验证相结合,能够实现更有效、更快速的嵌入式系统协同验证．最后以几个典型硬件设计为基础,编写相应的控制软件,进行软硬件协同验证实验,实验结果数据说明该验证方法实用、有效、快速．     

用Z语言形式化扩展事件踪迹图

软件体系结构被看成是现代软件技术的重要因素之一 ,而一个软件系统结构的关键就是它可以分解成组件和组件交互的规格说明。扩展事件踪迹图 (ExtendedEventsTraces ,EETs)是一种用来描述组件交互的图形技术 ,它允许我们用图来定义结构中经常发生的交互模型 ,并且在多种上下文中可实例化 ,因而可以重用。虽然EETs的图形表示很直观 ,但是语义不够精确 ,因此 ,在本文中将使用形式规格说明语言Z来形式化EETs。并且 ,给出了形式描述EETs的几个应用例子