constraints, described in 7] that make the semantics very tricky. Our formal semantics has been proved to satisfy each one of these constraints ( 4]). In the phase ...
From Formal Design Speci cations to Implementation: a Java Targeted Development Method Report on the work progress Eva Coscia
Advisor: Prof. Gianna Reggio
Dottorato in Informatica Dipartimento di Informatica e Scienze dell'Informazione Universit�a degli Studi di Genova, Italy
Contents 1 Introduction 2 Current Status of Research 3 Modi cations with regard to the Thesis Proposal 4 Work Plan 5 Structure of the Thesis
1
2 2 4 5 7
1 Introduction We brie y summarize the main objectives of the thesis, as described in [3]. The aim of the thesis is to provide a formal speci cation method for reactive and concurrent systems that covers the designing phase in the development of a system. We aim to give tools and a method to develop the speci cation, until reaching an implementation into the Java language. The work for the thesis has been reorganized w.r.t. to [3], in order to cover only some phases of the development process. In particular, the new structure of the thesis focuses on the following topics: � analysis of the Java language and de nition of its formal semantics; � de nition of a formal graphic language for design speci cations with a method to use it; � a method for the implementation of the design speci cations into Java.
2 Current Status of Research In this section we describe how the work has proceeded w.r.t. the directions described in the thesis proposal.
Java Analysis and Semantics The Java analysis has been completed.
We have considered which features of the language we need in order to implement the most common features of reactive-concurrent systems. We have mainly investigated which are the Java mechanisms for communication among entities within a program as well as among Java processes on a distributed architecture. Moreover, we have analysed the mechanisms for concurrent programming in Java. A formal operational semantics of Java is nearly completed as well as an associated equivalence notion. We tried to give a semantics presentation that is, at the same time, formal (to be used in proving, for example, equivalence among Java programs), and simple (to give a clear idea of the behaviour of a program). Moreover, the language is continuously evolving and, even if we found a useful reference for the informal semantics of the core language in [7], some mechanisms of the language (related to I-O, for example) are not covered in that book. This made the phase of language analysis more time-expensive. A hard point in the semantics of Java is the interaction among concurrent components (each one equipped with a private working memory), and 2
the global main memory of the program. Such interaction is ruled by some constraints, described in [7] that make the semantics very tricky. Our formal semantics has been proved to satisfy each one of these constraints ([4]). In the phase of analysis of such constraints, we discovered some peculiarities of the language, that have been designed to give a high degree of freedom to the implementations of the access to the shared memory by the concurrent components of a program. As a counterpart, the behaviour of these components becomes hardly predictable. From our point of view, it is possible to restrict the way shared memory can be accessed, by considering just a subclass of Java program ([5]). Such subclass is wide enough to contain the implementations of the systems developed by our method and it also allows the use of a simple, alternative presentation of the semantics. We have formally characterized the subset of Java programs and we have formally given the alternative, more simple, semantics for such subset([6]).
A graphic formalism for design speci cations As we stress in [3], the
thesis is based on some pre-existing works over formal methods for developing concurrent-distribute-reactive systems [9],[1]. These works put particular emphasis on the importance of having a method that combines formal and informal tools for a top-down approach in the analysis and development of a system. Our work starts from a pre-existing formalism for design speci cation having a graphic presentation too ([9]). We aim to make such formalism less general, since we need a formalism that is Java-targeted and so that incorporates concepts from the O.O. world. We also stress that our speci cation language is entirely graphic: a speci cation is given by means of diagrams. On some aspects, it is similar to pre-existing O.O. development methods ([2], [8], [13, 14]), that focus on the importance of supporting multiple, interrelated views of a system under development, given with a graphic notation. Obviously, we aim to give a formal charectarization of each view and of the relationships among di�erent views. For example, we use a kind of sequence diagrams in order to enlight how the system behaves in certain circumstances: these diagrams do not add any new information, as we give these diagrams after the architecture of the whole system and the behaviour of each component has been already speci ed. We describe the formal relation between a speci cation and a sequence diagram, that can be used to prove if a sequence is in accordance with a given speci cation. 3
The speci cation language we are currently working on, allows to describe the system at an abstract level. For example, the architecture of the system is xed but the methods are described by using pre-post conditions; the use of abstraction allows to deal with the complexity of the system but do not lead to an univocal implementation in Java. So we need a more concrete graphic formalism that is enough detailed to be translated, into a Java program. At this more concrete level of description, even if the structure of the system is not changed, the internal components can be structured into subcomponents; moreover, the description of the methods is given by pseudo-code, for example. As a consequence, we need two methods: one that guides the user in producing the more abstract speci cation and the other that describe how to re ne such speci cation to produce a speci cation that is concrete enough to correspond to one Java program.
A translation into Java We want to precisely describe a way to produce
a Java program starting from a concrete design speci cation. We also need to give a proof or, at least, reasonable arguments about the correctness of such translation. It is obvious that this phase of the work is tightly connected with the previous one. Along every step of the development of the speci cation formalism, we have to gure out what is the natural translation of our language choices into Java. From the phase of analysis of Java, we have discovered the main features (mechanisms for concurrency control, communication among components of a program or with external entities and so on) and the main limitations of the language; from such analysis we achieved enough familiarity with the language to have a precise idea about how to de ne the translation function and check its correctness.
3 Modi cations with regard to the Thesis Proposal For the above reasons, the phase of Java analysis required more time then what we estimated in the thesis proposal. This phase required to give a description of the formal semantics, the formal proof of the constraints on memory management and the de nition of an equivalence notion among programs. In this phase we pointed out the necessity to put more restrictions in the way the shared memory is accessed by concurrent components of a Java 4
program; so we have restricted the class of Java programs that gives an implementation to the systems developed by our method. So we need to formally characterize a class of safe Java programs and give simpler but equivalent semantics for such class. This has an impact not only in the translation phase but also in the design speci cation formalism.
4 Work Plan Below we graphically illustrate how we want to precede in the investigation of the main topics to complete the thesis work. It is very hard to put in sequence the development of such topics, since, presumably, they need to be overlapped. A description of the di�erent phases in g.1 is: Phase 1 : production of the complete documentation related to the operational semantics of Java, of the alternative, simpler presentation and of the equivalence notion among programs. It is nearly complete but will require a month's work more; Phase 2 : production of a reference document for the graphic language for abstract design speci cations. It would be produced by the end of September; Phase 3 : development of a method for abstract design speci cations; Phase 4 : development of a graphic language for more concrete design speci cations; Phase 5 : development of a method for the re nement of an abstract design speci cation into a more concrete one; Phase 6 : use of the speci cation languages and of the translation on an interesting case study. This phase will be overlapped with phases [3-45]; Phase 7 : description of the translation of the concrete design speci cation into Java and check of its correctness. As said above, in this phase we assume to have already investigated how to make the translation, that only need to be given in a formal way.
5
PHASE 1 Java analysis and semantics
PHASE 4
PHASE 2
Development of a graphic
Presentation of a graphic specification language for abstract design spec.
spec. language for more concrete design spec
PHASE 3
PHASE 5 Development of a method for the refinement from
Development of a method
abstract to concrete spec. PHASE 6 Use on case studies Use on case studies Use on case studies
PHASE 7 Definition of the translation and correctness check
Figure 1: The main phases of the future work
6
5 Structure of the Thesis The thesis could be structured as follows:
Introduction Java Semantics introducing: the operational semantics of Java; � the problems related with this semantics and the characterization of a safe class of Java programs; � an alternative simpler presentation for the semantics of the safe programs; the proof of the equivalence between the two semantics; � the relations with other works on the Java semantics ([11],[10], [12]). Abstract Design Speci cations introducing the graphic speci cation language for abstract design speci cations; Method for Abstract Speci cations introducing the method for using the abstract speci cation language and proposing some small examples; Concrete Design Speci cations introducing the graphic language for concrete design speci cations; Method for Concrete Speci cations introducing the method for the re nement from the abstract to the concrete design speci cation and proposing some small examples; Translation into Java introducing a correct-checked translation into Java of the concrete design speci cations; again, some examples are given; A case study presenting a relevant, not trivial, case study to show how our method can be applied to a realistic case to generate a Java implementation. �
References [1] E. Astesiano and G. Reggio. Formalism and Method. In M. Bidoit and M. Duchet, editors, Proc. TAPSOFT'97, pages 93{114, Berlin, 1997. Springer Verlag. 7
[2] Grady Booch. Object-Oriented Analysis and Design with Applications (second edition). Benjamin-Cummings Publishing Company, second edition, 1994. [3] E. Coscia. From Formal Requirements to Implementation: a Java Targeted Development System. thesis proposal. A proposal for the PhD thesis work, December 1997. [4] E.Coscia and G.Reggio. An Operational Semantics for Java. Technical report, DISI, July 1998. [5] E.Coscia and G.Reggio. A Proposal for an Abstract Semantics of Shared Objects in Multi-threaded Java. 1998. submitted to the OOPSLA Formal Underpinnings of Java workshop. [6] E.Coscia and G. Reggio. An Abstract Operational Semantics for a Subset of Java Programs. Technical report, DISI, 1998. in preparation. [7] G. Steele J.Gosling, B. Joy. The Java Language Speci cation. The Java Series. Addison Wesley, 1996. [8] W. Premerlani F.Eddy J.Rambaugh, M. Blaha and W. Lorensen. Object-Oriented Modeling and Design. Prentice Hall International, Inc, 1991. [9] M. Larosa and G. Reggio. A graphic notation for formal speci cations of dynamic systems. , 1997. [10] B. Reus P.Cenciarelli, A.Knapp and M.Wirsing. An event-based structural operational semantics of multi-threaded java. In to appear in Formal Syntax and Semantics of Java. Springer, 1998. [11] B.Reus M.Wirsing P.Cenciarelli, A. Knapp. From sequential to multithreaded java: An event based operational semantics. In M.Johnson, editor, Algebraic Methodology and Software Technology. AMAST '97, Springer, July 1997. [12] S. Eisenbach S.Drossopoulou. Java is type safe- probably. 11th European Conference on Object Oriented Programming, June 1997. [13] UML Notation Guide. http://www.rational.com/uml/html/notation/, September 1997. on-line documentation. [14] UML Semantics. http://www.rational.com/uml/html/semantics/, September 1997. on-line documentation. 8
