A framework for rigorous development of distributed components : formalisation and tools Oleksandra Kulankhina To cite this version: Oleksandra Kulankhina. A framework for rigorous development of distributed components : formal- isation and tools. Other [cs.OH]. Université Côte d’Azur, 2016. English. NNT : 2016AZUR4077. tel-01419298v2 HAL Id: tel-01419298 https://tel.archives-ouvertes.fr/tel-01419298v2 Submitted on 26 Jan 2017 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. UNIVERSITE´ DE NICE-SOPHIA ANTIPOLIS Ecole´ Doctorale STIC Sciences et Technologies de l’Information et de la Communication THESE` pour l’obtention du titre de Docteur en Sciences Mention Informatique pr´esent´eeet soutenue par Oleksandra Kulankhina A framework for rigorous development of distributed components: formalisation and tools Th`esedirig´eepar Eric Madelaine Soutenue le 14 Octobre 2016 Jury Rapporteurs Radu Mateescu Inria Grenoble - Rhˆone-Alpes Frantiˇsek Pla´ˇsil Charles University, Prague Examinateurs Fr´ed´eric Mallet Universit´eNice Sophia Antipolis Ludovic Henrio CNRS Simon Bliudze EPFL, Lausanne Directeur de th`ese Eric Madelaine Inria Sophia Antipolis Invit´e Rab´ea Ameur-Boulifa T´el´ecomParisTech ii iii R´esum´e Dans cette th`ese,nous proposons une approche rigoureuse pour la conception et le d´eveloppement de syst`emes`abase de composants hi´erarchiques distribu´es.L’id´eede base du travail pr´esent´eest de combiner les techniques de conception de logiciels dirig´eespar les mod`eles,bien connues des programmeurs, avec des m´ethodes de v´erification formelles puissantes, capables d’assurer les propri´et´esfonctionnelles d’un syst`emedistribu´eet de d´etecter les erreurs d`esle stade de la conception. Tout d’abord, nous introduisons un formalisme graphique bas´esur UML pour l’architecture et le comportement des composants hi´erarchiques de mod´elisation. Deuxi`emement, nous sp´ecifions formellement un ensemble de contraintes qui assurent la correction de la composition des composants, en mettant l’accent sur la s´eparation entre les aspects fonctionnels et non-fonctionnels. Troisi`emement, nous expliquons comment nos mod`elesgraphiques peuvent ˆetretraduits automatiquement dans le formalisme d’entr´eed’un model-checker. Nous nous concentrons ensuite sur le codage des fonctionnalit´esavanc´eesde composants distribu´es,comme communications de 1 vers N, la reconfiguration et les communications asynchrones bas´eessur les appel de proc´edures distants. Enfin, nous mettons en œuvre cette approche dans une plateforme int´egr´eeorient´e mod`elequi comprend un ensemble d’´editeurs graphiques, un module de validation de la d´ecision correcte de l’architecture statique, un module traduisant le mod`ele conceptuel dans une entr´eepour la plateforme de v´erification CADP, et enfin un g´en´erateur de code ex´ecutable iv Abstract In this thesis we introduce an approach for rigorous design and development of distributed hierarchical component-based systems. The core idea of the presented work is to combine the well-known among the programmers techniques for model- driven software design and the powerful formal verification methods able to ensure the functional properties of a distributed system and to detect errors at the early design stage. First, we introduce a UML-based graphical formalism for modelling architecture and behaviour of hierarchical components. Second, we formally specify a set of con- straints that ensure the correct components composition with a focus on separation between the functional and non-functional aspects. Third, we explain how the graph- ical models can be automatically translated into an input for a model-checker. For this aim, we rely on a formally specified intermediate structure encoding the se- mantics of components behaviour as a network of synchronised parametrised label transition systems. We focus here on encoding the advanced features of distributed components such as one-to-many communications, reconfiguration, and asynchronous communications based on request-reply. Finally, we implement the approach in an integrated model-driven environment which comprises a set of graphical editors, an architecture static correctness validation plug-in, a plug-in translating the conceptual model into an input for a verification toolsuite CADP, and a generator of the implementation code. Acknowledgements First of all, I would like to thank my advisors Eric Madelaine and Ludovic Henrio for giving me the opportunity to do a PhD, for all the discussions that we had, for all their ideas, and for the time they spent on working with me. I would like to thank Radu Mateescu and Frantisek Plasil who kindly agreed to review this dissertation. I would like to thank Frederic Mallet, Simon Bliudze, and Rabea Ameur-Boulifa for doing the honour to be the members of the jury for my defence. I would like to thank Justine Rochas for the enormous support and help, for keeping the great atmosphere in our office, for all those hundreds of things she has done for me. I cannot imagine this PhD and my life in France without her. I would like to thank Fabrice Huet for the constant support, for a lot of advice he gave me in any kind of situation, and for the help. I would like to thank Sophie, Christel, Vincenzo, Fabien, Francoise, and all the members of Oasis and Scale team. I would like to thank Iyad who welcomed me in the team. I would like to thank Alexandra for being so kind to me and for introducing me to the project. Also, I would like to thank all the engineers and interns with whom I worked on the VerCors platform. I would like to thank Julien De Antoni for his help with the implementation. I would like to thank the professors of Kharkiv National University of V.N. Karazin, and especially Iryna Zaretska for giving me a solid background in mathematics and informatics which allowed me to become a PhD Candidate. I would like to thank my boyfriend Hlib Mykhailenko for the enormous support and his ability to find in any situation the right words that encouraged me. I would like to thank Yurii Guznienkov for introducing me to the world of computer science, it is 100% thanks to him that I have chosen the field about which I am so passionate. I would like to thank all other members of my family and my friends for the support. Last but not least, I would like to thank my mother Iryna Didorchuk. Neither this dissertation no other achievements in my life would be possible without her love and support. v vi Table of Contents List of Figures xi List of Listings xiii List of Tables xv 1 Introduction 1 1.1 Motivation and objectives . 1 1.2 Contribution . 7 1.3 Outline . 10 2 Context 13 2.1 The Grid Component Model . 14 2.1.1 GCM overview . 14 2.1.2 GCM/ADL . 17 2.1.3 GCM/ProActive . 18 2.2 Parameterised networks of synchronised automata . 24 2.2.1 Term algebra and notations . 24 2.2.2 The pNets model . 25 2.2.3 Observation and flow of information . 27 2.2.4 Adequacy of pNets for modelling GCM components . 28 2.3 CADP . 29 2.4 The Fiacre specification language . 32 2.5 Model-Driven Engineering . 33 2.5.1 Unified Modelling Language . 34 2.5.2 Eclipse Modeling Framework . 35 2.5.3 Obeo Designer . 36 2.6 VerCors . 37 vii viii TABLE OF CONTENTS 3 An overview of the VerCors platform 41 3.1 The core functionalities of VerCors . 41 3.2 Diagrams for architecture and behaviour specification . 44 3.2.1 An illustrative example . 44 3.2.2 Architecture specification . 45 3.2.3 Behaviour specification . 48 3.3 The architecture of VerCors . 51 3.4 Discussion . 55 4 Well-formed component architecture 59 4.1 Formalisation of component structure . 60 4.2 Auxiliary functions . 61 4.3 Interceptors . 63 4.4 Well-formed component architecture . 65 4.4.1 Core . 65 4.4.2 Non-functional aspects . 68 4.4.3 Collective communications . 70 4.4.4 Additional rules . 71 4.5 Properties . 71 4.6 Architecture static analysis in VerCors . 74 4.7 Discussion and Related work . 74 5 Verification and execution of distributed components 79 5.1 From application design to pNets . 80 5.1.1 Semantics of primitive components . 81 5.1.2 Semantics of composite components . 92 5.1.3 Implementation . 100 5.2 From pNets to CADP . 108 5.2.1 Preparing the input: generating Fiacre, EXP and auxiliary scripts108 5.2.2 Model-checking with CADP . 112 5.3 Code generation and execution . 115 5.3.1 ADL generation . 116 5.3.2 Java generation . 118 5.3.3 Code execution . 123 5.4 Discussion . 124 5.4.1 On the verification . 124 5.4.2 On the executable code generation . 125 TABLE OF CONTENTS ix 6 Advanced features 127 6.1 Non-functional components and interceptors . 129 6.1.1 From application design to pNets . 129 6.1.2 Implementing pNet generation and integration with CADP . 134 6.1.3 Code generation . 134 6.2 Component attributes and attribute controllers . 135 6.2.1 Graphical specification . 136 6.2.2 From application design to pNets . 137 6.2.3 Implementing pNet generation and integration with CADP . 138 6.2.4 Code generation . 139 6.3 Reconfigurable multicast interfaces .