Table Of Contentt Elena Giachino
r
A
- Reiner Hähnle
e
h Frank S. de Boer
t
-
f Marcello M. Bonsangue (Eds.)
o
y
-e
e
v
t
ar
u
t
SS
Formal Methods
6
6 for Components
8
7
S
C and Objects
N
L
11th International Symposium, FMCO 2012
Bertinoro, Italy, September 2012
Revised Lectures
123
Lecture Notes in Computer Science 7866
CommencedPublicationin1973
FoundingandFormerSeriesEditors:
GerhardGoos,JurisHartmanis,andJanvanLeeuwen
EditorialBoard
DavidHutchison
LancasterUniversity,UK
TakeoKanade
CarnegieMellonUniversity,Pittsburgh,PA,USA
JosefKittler
UniversityofSurrey,Guildford,UK
JonM.Kleinberg
CornellUniversity,Ithaca,NY,USA
AlfredKobsa
UniversityofCalifornia,Irvine,CA,USA
FriedemannMattern
ETHZurich,Switzerland
JohnC.Mitchell
StanfordUniversity,CA,USA
MoniNaor
WeizmannInstituteofScience,Rehovot,Israel
OscarNierstrasz
UniversityofBern,Switzerland
C.PanduRangan
IndianInstituteofTechnology,Madras,India
BernhardSteffen
TUDortmundUniversity,Germany
MadhuSudan
MicrosoftResearch,Cambridge,MA,USA
DemetriTerzopoulos
UniversityofCalifornia,LosAngeles,CA,USA
DougTygar
UniversityofCalifornia,Berkeley,CA,USA
GerhardWeikum
MaxPlanckInstituteforInformatics,Saarbruecken,Germany
Elena Giachino Reiner Hähnle
FrankS.deBoer MarcelloM.Bonsangue(Eds.)
Formal Methods
for Components
and Objects
11th International Symposium, FMCO 2012
Bertinoro, Italy, September 24-28, 2012
Revised Lectures
1 3
VolumeEditors
ElenaGiachino
UniversityofBologna,Dept.ofComputerScience
MuraAnteoZamboni,7,40127Bologna,Italy
E-mail:[email protected]
ReinerHähnle
TechnicalUniversityofDarmstadt,Dept.ofComputerScience
Hochschulstr.10,64289Darmstadt,Germany
E-mail:[email protected]
FrankS.deBoer
CentreforMathematicsandComputerScience,CWI
SciencePark123,1098XGAmsterdam,TheNetherlands
E-mail:[email protected]
MarcelloM.Bonsangue
LeidenUniversity,LeidenInstituteofAdvancedComputerScience(LIACS)
P.O.Box9512,2300RALeiden,TheNetherlands
E-mail:[email protected]
ISSN0302-9743 e-ISSN1611-3349
ISBN978-3-642-40614-0 e-ISBN978-3-642-40615-7
DOI10.1007/978-3-642-40615-7
SpringerHeidelbergNewYorkDordrechtLondon
LibraryofCongressControlNumber:2013946244
CRSubjectClassification(1998):D.2.4,D.2,F.3,F.4,D.3,D.1
LNCSSublibrary:SL2–ProgrammingandSoftwareEngineering
©Springer-VerlagBerlinHeidelberg2013
Thisworkissubjecttocopyright.AllrightsarereservedbythePublisher,whetherthewholeorpartof
thematerialisconcerned,specificallytherightsoftranslation,reprinting,reuseofillustrations,recitation,
broadcasting,reproductiononmicrofilmsorinanyotherphysicalway,andtransmissionorinformation
storageandretrieval,electronicadaptation,computersoftware,orbysimilarordissimilarmethodology
nowknownorhereafterdeveloped.Exemptedfromthislegalreservationarebriefexcerptsinconnection
withreviewsorscholarlyanalysisormaterialsuppliedspecificallyforthepurposeofbeingenteredand
executedonacomputersystem,forexclusiveusebythepurchaserofthework.Duplicationofthispublication
orpartsthereofispermittedonlyundertheprovisionsoftheCopyrightLawofthePublisher’slocation,
initscurrentversion,andpermissionforusemustalwaysbeobtainedfromSpringer.Permissionsforuse
maybeobtainedthroughRightsLinkattheCopyrightClearanceCenter.Violationsareliabletoprosecution
undertherespectiveCopyrightLaw.
Theuseofgeneraldescriptivenames,registerednames,trademarks,servicemarks,etc.inthispublication
doesnotimply,evenintheabsenceofaspecificstatement,thatsuchnamesareexemptfromtherelevant
protectivelawsandregulationsandthereforefreeforgeneraluse.
Whiletheadviceandinformationinthisbookarebelievedtobetrueandaccurateatthedateofpublication,
neithertheauthorsnortheeditorsnorthepublishercanacceptanylegalresponsibilityforanyerrorsor
omissionsthatmaybemade.Thepublishermakesnowarranty,expressorimplied,withrespecttothe
materialcontainedherein.
Typesetting:Camera-readybyauthor,dataconversionbyScientificPublishingServices,Chennai,India
Printedonacid-freepaper
SpringerispartofSpringerScience+BusinessMedia(www.springer.com)
Preface
Modern software systems are complex and often structured as a composition of
a high number of components or objects. In order to construct such complex
systems in a systematic manner, the focus in development methodologies is on
structural issues: Both data and functions are encapsulated into software units
thatareintegratedintolargesystemsbymeansofvarioustechniquessupporting
reusabilityandmodifiability.Thisencapsulationprincipleisessentialtoboththe
object-oriented and the component-based software engineering paradigms.
Formal methods for component- and object-oriented systems are needed to
ensure behavioral and security guarantees, with special emphasis on specifica-
tion, modeling and validation techniques supporting the concepts of reusability,
adaptability and evolvability of the systems, with which the systems can cope
withchangesintheenvironmentaswellaswithmodifiedandnewrequirements.
The 11th Symposium on Formal Methods for Components and Objects
(FMCO2012)washeldduringSeptember24–28,2012,asaninternationalschool
atCentroResidenzialeUniversitario(CRU)oftheUniversityofBologna,located
in Bertinoro, a small medieval hilltop town in Italy. FMCO 2012 was organized
by the European project HATS (Highly Adaptable and Trustworthy Software
using Formal Models), a European Integrated Project within the FET Forever
Yours programme, in agreement with the EternalS Coordination Action (CA)
thatcoordinatesresearchamongthefourprojectsoftheForeverYours initiative:
LivingKnowledge, HATS, Connect, and SecureChange.
FMCO2012featuredlecturesbyworld-renownedexpertsintheareaofformal
models for objects and components. This volume contains the revised papers
submitted by the lecturers. The proceedings of the previous editions of FMCO
have been published as volumes 2852, 3188, 3657, 4111, 4709, 5382, 5751, 6286,
6957,and7542ofSpringer’sLectureNotesinComputerScience.Webelievethat
this volume and all previous proceedings provide a unique combination of ideas
on software engineering and formal methods that reflect the expanding body of
knowledge on modern software systems.
Finally, we thank all authors for the high quality of their contributions, and
the reviewers for their help in improving the papers in this volume.
June 2013 Frank de Boer
Marcello Bonsangue
Elena Giachino
Reiner H¨ahnle
Organization
FMCO 2012 was organized by the University of Bologna, Italy, in close col-
laboration with the Technical University of Darmstadt, Germany, the Centrum
voor Wiskunde en Informatica (CWI), Amsterdam, and Leiden University, The
Netherlands.
Program Organizers
Einar Broch Johnsen University of Oslo, Norway
Reiner H¨ahnle Technical University of Darmstadt, Germany
Arnd Poetzsch-Heffter Technical University of Kaiserslautern,
Germany
German Puebla Universidad Politecnica de Madrid, Spain
Davide Sangiorgi University of Bologna, Italy
Local Organizers
Mario Bravetti University of Bologna, Italy
Elena Giachino University of Bologna, Italy
Davide Sangiorgi University of Bologna, Italy
Sponsoring Institutions
European project HATS (FP7-231620)
European Coordination Action EternalS
Table of Contents
The Abstract Behavioral Specification Language: A Tutorial
Introduction..................................................... 1
Reiner H¨ahnle
Subobject-Oriented Programming.................................. 38
Marko van Dooren, Dave Clarke, and Bart Jacobs
Verification of Open Concurrent Object Systems ..................... 83
Ilham W. Kurnia and Arnd Poetzsch-Heffter
Automatic Inference of Bounds on Resource Consumption............. 119
Elvira Albert, Diego Esteban Alonso-Blas, Puri Arenas,
Jesu´s Correas, Antonio Flores-Montoya, Samir Genaim,
Miguel Go´mez-Zamalloa, Abu Naser Masud, German Puebla,
Jos´e Miguel Rojas, Guillermo Roma´n-D´ıez, and Damiano Zanardini
Separating Cost and Capacity for Load Balancing in ABS Deployment
Models ......................................................... 145
Einar Broch Johnsen
Composing Distributed Systems: Overcoming the Interoperability
Challenge ....................................................... 168
Val´erie Issarny and Amel Bennaceur
Controlling Application Interactions on the Novel Smart Cards
with Security-by-Contract......................................... 197
Olga Gadyatskaya and Fabio Massacci
Formal Aspects of Free and Open Source Software Components........ 216
Roberto Di Cosmo, Ralf Treinen, and Stefano Zacchiroli
Author Index.................................................. 241
The Abstract Behavioral Specification Language:
(cid:2)
A Tutorial Introduction
Reiner Hähnle
Department of Computer Science, TechnischeUniversität Darmstadt
[email protected]
Abstract. ABS (for abstract behavioral specification) is a novel lan-
guage for modeling feature-rich, distributed, object-oriented systems at
an abstract, yet precise level. ABS has a clear and simple concurrency
modelthatpermitssynchronousaswellasactor-styleasynchronouscom-
munication. ABS abstracts away from specific datatype or I/O imple-
mentations, but is a fully executable language and has code generators
for Java, Scala, andMaude.ABS goes beyond conventionalprogram-
ming languages in two important aspects: first, it embeds architectural
concepts such as components or feature hierarchies and allows to con-
nect features with theirimplementation in termsof product families. In
contrast to standard OO languages, code reuse in ABS is feature-based
instead of inheritance-based. Second, ABS has a formal semantics and
hasbeendesigned withformal analyzability inmind.Thispapergivesa
tutorial introduction to ABS. We discuss all important design features,
explain why they are present and how theyare intendedto be used.
1 Introduction
Software used to be written for (i) a dedicated purpose to be (ii) deployed in
a specific environment and (iii) to be executed on a stand-alone machine. This
situation changed drastically: all consumer appliances of a certain complexity,
from washing machines via mobile phones to vehicles, contain large amounts of
software.Highdiversificationandrapidpaceofchangedictatedbycontemporary
market conditions require that this software is able to cope with an extreme
degree of variability and adaptability. Planned reuse is not just an option, but
a key strategy to staying competitive.
Atthesametime,modernsoftwareisnearlyalwaysconcurrentandmostlyalso
distributed.Itishardtoimaginestate-of-artbusinesssoftwarethatisnotbased
on some notion of distributed services. A more recent trend is virtualization:
as more and more software is deployed in the cloud, one consequence is that
clients loose to some extent control over the execution environment: the exact
architecture, the number of processors, the load, as well as other deployment
parameters are typically not available at the time when software is developed.
(cid:2) ResearchfundedbytheEUprojectFP7-231620HATS:HighlyAdaptableandTrust-
worthy Software using Formal Models (http://www.hats-project.eu).
E.Giachinoetal. (Eds.): FMCO2012,LNCS7866,pp. 1–37,2013.
©Springer-VerlagBerlinHeidelberg2013
2 R. Hähnle
Because of this, the trend to virtualization leads to a new potential gap in the
software development chain between developers and operators.
In a software development scenario where one has to deal with extreme vari-
ability, with complex distributed computation, and with the need to abstract
fromdeploymentissues,theavailabilityofsuitablesoftware modeling languages,
as well as powerful tools helping in automation, becomes crucial.
Design-orientedandarchitecturallanguages,notablytheUMLfamilyofnota-
tions, cannot fulfill this role, because they lack executability and mathematical
rigor. Executable formalisms for specifying concurrent behavior, such as state
charts[28],processcalculi[38],abstractstatemachines[7],orPetrinets[24],are
simply too minimalist to describe industrial systems. In addition, they are not
integratedwitharchitecturalnotationsorwithfeaturedescriptionlanguages[45]
thatmodelvariability.Thelatter,however,donotprovideaconnectionbetween
features and their realization. Refinement-based approaches, such as Event-
B [1] require too much rigor in their application for being feasible outside ex-
tremelysafety-criticalapplications.Theyalsodonotaddressvariability.Finally,
implementation-orientedspecificationlanguages,suchasJML[34](forJava)or
SPEC#[6](forC#)inheritallthecomplicationsandidiosyncrasiesoftheirhost
languages and are not very good at specifying concurrent behavior.
Our brief analysis exhibits a gap in the landscape of software specification
and modeling languages. The European FP7 Integrated Project HATS (Highly
Adaptable&TrustworthySoftwareUsingFormalModels)developedtheAbstract
Behavioral Specification (ABS) language in order to address this issue. ABS is
a software modeling language that is situated between architectural, design-
oriented, foundational, and implementation-oriented languages,see Fig. 1.
1.1 Structure of This Chapter
Inthischapterwegiveatutorialintroductionintothedesignprinciples,language
elements, and usage of the ABS language. We discuss the design considerations
behind ABS in Sect. 2 and give an architectural overview in Sect. 3. Then we
present different language layers, starting with the functional layer in Sect. 4,
followedbythe OO-imperativelayerinSect.5,the concurrencylayersinSect.6
and language extensions based on pluggable type systems as well as a foreign
language interface (Sect. 7). On top of these layers are language concepts for
modeling of software product lines. These are discussed in Sect. 8. We close
the tutorial with some general considerations on modeling and a discussion of
current limitations of ABS in Sect. 9.
1.2 Further Reading
This paper is a tutorial on ABS and not a language specification nor a formal
definition.AmoretechnicalandmoredetaileddescriptionofABSanditstoolset
iscontainedinthepapertrio[9,25,31].ThemostdetaileddocumentaboutABS
thatalsocontainsaformalsemanticsis[17].TheofficialABSLanguageSpecifica-
tion is [2]. The main web resourcesfor ABS are http://www.hats-project.eu
The Abstract Behavioral Specification Language: A Tutorial Introduction 3
Design-oriented, architectural, structural
UML, FDL, etc.
+ executability
Abstract Behavioral
Realistic Specification Abstract
ABS
+ verifiability
+ usability
Implementation level Minimalist foundational
Java/JML, C#/SPEC#, etc. π-calculus, ambient c., etc.
Fig.1. The gap in thelandscape of software modeling languages
and www.abs-models.org. Finally, for several case studies done with ABS, one
can have a look at the public HATS Deliverable D5.3 [19].
ItisstressedatseveralplacesinthistutorialthatABShasbeendesignedwith
the goal of permitting automatic static analyses of various kinds. This tutorial
concentrates on the ABS language and its development environment. In the
paper by Albert et al. in this volume [4] automated resource analysis for ABS
is explained in detail. Information on deadlock analysis and formal verification
of ABS can be found in [18]. The chapter by Kurnia & Poetzsch-Heffter in
this volume [33] contains a general discussion of verification of concurrent open
systems such as ABS models.
1.3 Installation of the ABS Eclipse Plugin
For trying out the examples provided in this tutorial you will need the ABS
Eclipse plugin. To install it, follow the simple instructions at http://tools.
hats-project.eu/eclipseplugin/installation.html.You willneed atleast
Eclipse version 3.6.2 and it is recommended to work with a clean installation.
Theexampleprojectusedthroughoutthistutorialisavailableasanarchivefrom
http://www.hats-project.eu/sites/default/files/TutorialExample.zip.
Toinstall,unzipthearchivefileintoadirectory/mypath/Account.Thencreatea
new ABS Project in Eclipse and import the directory file contents into the
workspaceintheusualway.ThisopensautomaticallytheABSModelingPerspec-
tive.Afteropeningafewfilesintheeditoryoushouldseeascreensimilartothe
oneinFig.2.
