FM-SOA workshop 16 th Feb 2009 Formal Modelling and Analysis of Business Information Systems with Fault Tolerant Middleware Jeremy Bryans, John Fitzgerald,

Slides:

Advertisements

Similar presentations

Best Available Techniques (BAT)

Advertisements

2009: J Paul GibsonT&MSP-CSC 4504 : Langages formels et applications Event-B/Purse.1 CSC 4504 : Langages formels et applications (La méthode Event-B) J.

PDHPE K-6 Using the syllabus for consistency of moderation © 2006 Curriculum K-12 Directorate, NSW Department of Education and Training.

25 February 2009Instructor: Tasneem Darwish1 University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department.

Pontus Boström and Marina Waldén Åbo Akademi University/ TUCS Development of Fault Tolerant Grid Applications Using Distributed B.

Towards the Formal Verification of a Java Processor in Event-B Neil Evans and Neil Grant AWE, Aldermaston.

Developing consistency of teacher judgment Module 2.

Requirement Analysis and Specification Mr. Manoj Kumar Kar.

BUSINESS DOCUMENTS. Stages of Financial Recording Calculate Net Profit and Capital Employed Prepare Final Accounts and Balance Sheet Balance ledger accounts.

Type your name in Footer Type file name in Footer Annotating Course Work – A PowerPoint Application Year 8, Unit 5 Use this set of PowerPoint slides to.

Product Design L5- Ch4: Product Specifications Dr. Husam Arman 1.

Formal Methods in Software Engineering Credit Hours: 3+0 By: Qaisar Javaid Assistant Professor Formal Methods in Software Engineering1.

Consistency of Assessment

Introduction to Decision Analysis

1 Evaluation of OCL for Large-Scale Modelling A Different View of the Mondex Smart Card Application Emine G. Aydal, Richard F. Paige, Jim Woodcock University.

Fundamentals of Information Systems, Second Edition

Kmi.open.ac.uk Semantic Execution Environments Service Engineering and Execution Barry Norton and Mick Kerrigan.

Main task -write me a program

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

SE 555 Software Requirements & Specification 1 SE 555 Software Requirements & Specification Prototyping.

1 Scenario-based Analysis of UML Design Class Models Lijun Yu October 4th, 2010 Oslo, Norway.

Filename\location Agent Mediated Electronic Commerce Dr. Chris Preist HP Labs.

Copyright © 2004 by South-Western, a division of Thomson Learning, Inc. All rights reserved. Developed by Cool Pictures and MultiMedia Presentations Copyright.

CHAPTER FOUR Negotiation: Strategy and Planning McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved.

Principles of Education and Training

Mentorship Preparation Programme Week 6 Clinical Assessment processes Queen’s University Belfast Open University University of Ulster.

E-Science Meeting April Trusted Coordination in Dynamic Virtual Organisations Santosh Shrivastava School of Computing Science Newcastle University,

MSF Requirements Envisioning Phase Planning Phase.

Qualifications Update: Environmental Science Qualifications Update: Environmental Science.

New Product Development Management NPDM 4 Mohsen SADEGHI Department of Graduate School of Management and Economics Sharif University of Technology.

Chapter 14 Information System Development

Interaction Modeling Interaction model describes how objects interact to produce useful results. Interactions can be modeled at different levels of abstraction:

A Framework For User Feedback Based Cloud Service Monitoring

Composing Adaptive Software Authors Philip K. McKinley, Seyed Masoud Sadjadi, Eric P. Kasten, Betty H.C. Cheng Presented by Ana Rodriguez June 21, 2006.

To achieve a level 3 your work must show that: With some help you can gather information to help with designing your project You can draw suitable ideas.

WSMX Execution Semantics Executable Software Specification Eyal Oren DERI

Knowing your academic level An exploration of the different levels of learning in the UK.

VDM++ Tutorial Model Quality. Overview Introduction Assessing internal consistency Assessing external consistency.

Lyra – A service-oriented and component-based method for the development of communicating systems (by Sari Leppänen, Nokia/NRC) Traditionally, the design,

© Gudmund Grov & Andrew Ireland Dependable Systems Group Planning for System Development Gudmund Grov & Andrew Ireland Dependable Systems Group School.

Green Partnerships Kick-off meeting Expenditure reporting procedure in PRESAGE- CTE JTS MED Programme cofinancé par le Fonds Européen de Développement.

1 Software Requirements l Specifying system functionality and constraints l Chapters 5 and 6 ++

Qualifications Update: Human Biology Qualifications Update: Human Biology.

An Experiment in Applying Event-B and Rodin to a Flash Filestore By Kriangsak Damchoom Michael Butler Rodin User and Developer Workshop Southampton.

1 CSCD 326 Data Structures I Software Design. 2 The Software Life Cycle 1. Specification 2. Design 3. Risk Analysis 4. Verification 5. Coding 6. Testing.

ECSE Software Engineering 1I HO 4 © HY 2012 Lecture 4 Formal Methods A Library System Specification (Continued) From Specification to Design.

BPEL Business Process Engineering Language A technology used to build programs in SOA architecture.

Formal Specification: a Roadmap Axel van Lamsweerde published on ICSE (International Conference on Software Engineering) Jing Ai 10/28/2003.

National Curriculum Assessment Examples of children’s work from KS1 and KS2 (NC Levels 1 – 5) ngfl northern grid.

Interest-Based Bargaining.  Interest-based bargaining involves parties in a collaborative effort to jointly meet each other’s needs and satisfy mutual.

Qualifications Update: Music Technology (Higher) Qualifications Update: Music Technology (Higher)

Alternatives Analysis. Overview of the Feasibility Study A preliminary study that determines whether the project being considered is technically, financially,

Chief Examiner’s Checklist IDEAS You need to find different ideas that suit your specification. Photos or sketches or a combination of both. Annotate.

Artificial Intelligence: Research and Collaborative Possibilities a presentation by: Dr. Ernest L. McDuffie, Assistant Professor Department of Computer.

Fault tolerance and related issues in distributed computing Shmuel Zaks GSSI - Feb

13-1 McGraw-Hill/Irwin ©2006 The McGraw-Hill Companies, Inc., All Rights Reserved CHAPTER THIRTEEN Multiple Parties and Teams.

Danish Institute for Quality and Accreditation in Healthcare; februar 2016 The Danish Healthcare Quality Programme.

Hardware/Software Co-Design of Complex Embedded System NIKOLAOS S. VOROS, LUIS SANCHES, ALEJANDRO ALONSO, ALEXIOS N. BIRBAS, MICHAEL BIRBAS, AHMED JERRAYA.

IID Risk IID Risk A New Force in Risk Management Client focus Being passionately client focused in dealings with stakeholders Technical excellence Demonstrates.

Prepared by Amira Selim 31 st October 2009 Revised by Dahlia Biazid Requirements Analysis.

Eurostat Sharing data validation services Item 5.1 of the agenda.

Investigate Plan Design Create Evaluate (Test it to objective evaluation at each stage of the design cycle) state – describe - explain the problem some.

How to Guide: Performance Feedbacks Learn how to complete, upload and publish Performance Feedback forms.

Software Testing. SE, Testing, Hans van Vliet, © Nasty question  Suppose you are being asked to lead the team to test the software that controls.

October, 2008 DEPLOY Integrated Project Deployment of advances engineering methods for high productivity and dependability in European industry Alexander.

Iterative design and prototyping

Why bother – is this not the English Department’s job?

این دوره شامل: تعریف مذاکره کلمات کلیدی ورودی ها انواع مذاکره

Negotiations of Multi- party and Phased Nature

Presentation transcript:

FM-SOA workshop 16 th Feb 2009 Formal Modelling and Analysis of Business Information Systems with Fault Tolerant Middleware Jeremy Bryans, John Fitzgerald, Sascha Romanovsky and Andreas Roth thanks to Son Hoang, Renato Silva and Vitaly Kozura

2 /13 Roadmap of talk Current industrial picture and research question Event-B and Rodin Envisaged toolchain Feasibility study Conclusions

3 /13 Current industrial picture and research question Business protocol design at SAP  Define the services that business objects can provide Range of available middlewares offering various guarantees Important decision at early stage in design  Will my protocol work with this middleware? Can formal methods help in making this decision?

4 /13 Event-B and the Rodin toolset a model-oriented formalism  chain of machines linked with a refinement relation  variables  invariants define datatypes define relationships between variables  events guarded actions modify variables must respect invariants Rodin toolset  generates proof obligations  automatically or manually discharged VARIABLES a b INVARIANTS inv1 a N inv2 b inv3 a b EVENTS Event initialisation = … Event change = any x where x 1..5 then a := a + x b := b + x end  

5 /13 Envisaged toolchain Event-B specification of protocol Event-B specifications Middleware 1 Middleware 2 Correctness criterion for protocol+middleware Combined specification feedback to protocol designer Combined specification fails to meet correctness criterion SAP diagrammatic protocol design language Push-button technology Rodin toolset

6 /13 Envisaged toolchain Event-B specification of protocol Event-B specifications Middleware 1 Middleware 2 Correctness criterion for protocol+middleware Combined specification Combined specification meets correctness criterion Diagrammatic protocol design language Push-button technology Rodin toolset

7 /13 Feasibility study Example protocol: Buyer/Seller negotiation  Two parties  Exchange messages in order to negotiate price of some good or service  P1 signals agreement to P2’s offer by returning the offer to P1  Ends with both parties in agreement on price, or cancellation of protocol SAP middlewares  EO – Exactly Once  EOIO – Exactly Once In Order

8 /13 Event-B modelling Develop Event-B model of Buyer-Seller protocol  with no reference to middleware Develop Event-B model of EO and EOIO middlewares Add middleware machines (separately) to Buyer-Seller machine  BuyerSeller+EO and BuyerSeller+EOIO Formalise key correctness criterion  and attempt to prove it for BuyerSeller+EO, BuyerSeller+EOIO

9 /13 A failed proof attempt Attempts to prove this failed because… current buyer offer current seller offer BuyerAgStatus = Agreement BuyerSeller p2 p1 p2 SellerAgStatus = Agreement initial (partial) statement of correctness criterion:  “when Buyer and Seller both believe they have agreed, they are agreeing on the same value.”

10 /13 Restatement of Correctness Criterion Taking middleware into account Proved with EOIO (Exactly Once In Order) middleware middleware is empty

11 /13 Exactly Once middleware BuyerSeller Agree p1 p2 Failed to prove this with EO middleware This sequence can be demonstrated with an animator plugin for Rodin

12 /13 Further feasibility studies Using protocols models developed by others Using automatically generated protocols Using different refinement techniques Resulted in developing some guidelines for protocol developers wishing to use Rodin

13 /13 Conclusion and Open Issues Technical approach is feasible Interfacing with the designer will be the hard part!  Not all proof obligations are automatically discharged hard to achieve the same level of proof automation as hand-crafted models How to feed back failed proof information to the protocol designer?  How will designer describe correctness criterion? Available as Newcastle University Technical Report No 1131 Formal Modelling and Analysis of Business Information Applications with Fault Tolerant Middleware Bryans, J., Fitzgerald, J., Romanovsky, A., Roth, A.

14 /13 SAP background & requirements Business Information Systems Component development Choreography (protocol) development Choice of pre-built middlewares available, with cost/benefit tradeoff  Exactly Once (EO)  Exactly Once In Order (EOIO) Aim to give the developer the ability to explore the consequences of different middleware choices

15 /13 Objective and Approach Stage one: (completed)  Demonstrate the feasibility of replacing middleware models in protocol development, using an in-house model of B2B protocol Stage two: (completed)  Combine an independently created protocol model with middleware  Outcome: An initial guideline document for developing protocols to be combined with middleware Stage three: (ongoing)  Combine an automatically generated protocol with middleware  Purpose: improve guidelines document Stage four: (future)  Develop a range of middleware models capturing various fault profiles  Purpose: To check protocols against a range of fault assumptions. Objective: An automated method to allow a developer to assess the consequences of choosing from a set of alternative middlewares Approach:

16 /13 Synchronising events in Event-B v e1e1 w e2e2 v w e 12 ANY x WHERE G(x,v) THEN S(x,v) END e 1 =ANY x WHERE H(x,w) THEN T(x,w) END e 2 =ANY x WHERE G(x,v) & H(x,w) THEN S(x,v) || T(x,w) END e 12 = M1 M2

17 /13 Buyer-Seller variables

18 /13 Final middleware machine (EOIO) - two arrays p4p3p2p1 mware_to_seller s_rpos b_wpos b_wpos: The last position at which the buyer wrote s_rpos: The last position at which the seller read No deletion of messages

19 /13 Variables in the combined machine

20 /13 buyer_send_proposal event

21 /13 The “corresponding” middleware event

22 /13 buyer_send_proposal event in combined machine

23 /13 A failed proof attempt BuyerAgStatus = Agreement BuyerSeller p2 p1 p2 SellerAgStatus = Agreement initial (partial) statement of correctness criterion:  “when Buyer and Seller both believe they have agreed, they are agreeing on the same value.