monitoring design pattern contracts jason o. hallstrom clemson university savcbs 04 workshop at acm...
TRANSCRIPT
Monitoring Design Monitoring Design Pattern ContractsPattern Contracts
Jason O. Jason O. HallstromHallstrom
Clemson UniversityClemson University
SAVCBS ’04 Workshop at ACM SIGSOFT 2004/FSE-SAVCBS ’04 Workshop at ACM SIGSOFT 2004/FSE-1212
Benjamin Tyler Benjamin Tyler (Presenter)(Presenter)
Ohio State UniversityOhio State University
Neelam Neelam SoundarajanSoundarajan
Ohio State UniversityOhio State University
Design Patterns and Design Patterns and MonitoringMonitoring Patterns capture key system Patterns capture key system
behaviorsbehaviors– Behaviors often cross-cuttingBehaviors often cross-cutting– Usually, specified informallyUsually, specified informally
To monitor and test behaviors, To monitor and test behaviors, informal specs are not enoughinformal specs are not enough
Our ApproachOur Approach
AOP aspectAOP aspect – Language construct, – Language construct, similar to a class, that implements similar to a class, that implements cross-cutting behaviors for classes cross-cutting behaviors for classes in an applicationin an application
Aspects can be used to capture Aspects can be used to capture design pattern contractsdesign pattern contracts
These aspects can be used to These aspects can be used to monitor system behavior to see if monitor system behavior to see if these contracts are respectedthese contracts are respected
Methodology OverviewMethodology Overview
Contract Aspectfor P
(abstract)
TheThe contract aspect contract aspect contains the contains the main checking logic for a patternmain checking logic for a pattern
Methodology OverviewMethodology Overview
System CodePurportedly uses
pattern P
Contract Aspectfor P
(abstract)
TheThe contract aspect contract aspect contains the contains the main checking logic for a patternmain checking logic for a pattern
Methodology OverviewMethodology Overview
System CodePurportedly uses
pattern P
Contract Aspectfor P
(abstract)
Subcontract Aspect
Specific to System
The The subcontract aspectsubcontract aspect contains contains definitions specific to the applicationdefinitions specific to the application
Methodology OverviewMethodology Overview
System CodePurportedly uses
pattern P
Contract Aspectfor P
(abstract)
Subcontract Aspect
Specific to System
Compiled System
Monitors P
Compile/Compile/WeaveWeave
Methodology OverviewMethodology Overview
Another System
Also uses P
Contract Aspectfor P
(abstract)
Subcontract Aspect
Specific to System
Methodology OverviewMethodology Overview
Another System
Also uses P
Contract Aspectfor P
(abstract)
Another Subct. Aspect
Specific to System
Methodology OverviewMethodology Overview
Another System
Also uses P
Contract Aspectfor P
(abstract)
Another Subct. Aspect
Specific to System
Compiled System
Also monitors P
Compile/Compile/WeaveWeave
Benefits of Our Benefits of Our ApproachApproach No instrumentation of source codeNo instrumentation of source code Monitoring code separate from Monitoring code separate from
application codeapplication code Contract aspect needs to be created Contract aspect needs to be created
only once for a given design patternonly once for a given design pattern– Only need to create new subcontract Only need to create new subcontract
aspects for each system to be aspects for each system to be monitoredmonitored
Aspect TerminologyAspect Terminology
PointcutPointcut – A set of places in the – A set of places in the class code where an aspect can class code where an aspect can insert new behaviorinsert new behavior
AdviceAdvice – Code associated with a – Code associated with a pointcut that implements this pointcut that implements this new behaviornew behavior
Monitoring with Monitoring with AspectsAspects
before(Calc c): SqPc(c) {
}after(Calc c): SqPc(c) {
}
aspect CalcMonitor { int st_old;
pointcut SqPc(Calc c): exec(Sqrt()) && targ(c);
assert(c.st >= 0); st_old = c.st;
assert(c.st^2 <= st_old && st_old <(c.st+1)^2);
}
class Calc { int st;
void Sqrt() { int i = 1; while(i*i<=st) i++; st = i-1; }}
Pattern Example: Pattern Example: ObserverObserver
Subject
+Attach(in Observer)+Notify()+Detach(in Observer)
ConcreteSubject
- subjectState
Observer
+ Update()
ConcreteObserver
+ Update()
- observerState
observers
subject
1 *
1 *
for all o in observers o.Update()
The Contract AspectThe Contract Aspect
Formalizes the behavior intended Formalizes the behavior intended by the patternby the pattern
Advice provides the main Advice provides the main monitoring code for the patternmonitoring code for the pattern
However, method names/signatures However, method names/signatures and concrete definitions for and concrete definitions for relations vary from application to relations vary from application to applicationapplication
Use Use abstractabstract pointcuts and methods pointcuts and methods for these in the contract aspectfor these in the contract aspect
Part of the Contract Part of the Contract Aspect for ObserverAspect for Observer Property: After call to Update(), Property: After call to Update(),
the Observer should be the Observer should be “consistent” with its subject“consistent” with its subject
after(Subj s, Obs o): UpdatePc(s, o) { assert(Consistent(s, o)); }
abstract pointcut UpdatePc(Subj s, Obs o) ;
abstract boolean Consistent(Subj s, Obs o) ;
Part of the Contract Part of the Contract Aspect for ObserverAspect for Observer Another property: If a call to a Subject Another property: If a call to a Subject
method results in a change in state, method results in a change in state, Notify() should have been calledNotify() should have been called
after(Subj s): SubjMethPc(s) { assert(! Modified(s_old, s)); }
before(Subj s): NotifyPc(s) { s_old = copyObject(s); … }
abstract pointcut SubjMethPc(Subj s) ;abstract pointcut NotifyPc(Subj s) ;abstract boolean Modified(Subj s1, Subj s2) ;
In the Subcontract In the Subcontract Aspect…Aspect… Associate concrete classes with Associate concrete classes with
pattern rolespattern roles– Insert dummy interfaces in the class Insert dummy interfaces in the class
hierarchy (AspectJ feature)hierarchy (AspectJ feature) Pointcut definitions that associate Pointcut definitions that associate
role methods with actual methods role methods with actual methods in the applicationin the application
Definitions for relations specific to Definitions for relations specific to the given application the given application
Hospital ExampleHospital Example
Patients play the Subject rolePatients play the Subject role– State includes temp and heart rateState includes temp and heart rate
Nurses observe Patients Nurses observe Patients – Keep track if Patients have a fever or notKeep track if Patients have a fever or not– Updates done with Updates done with Nrs.TempUpd(Pat)
Doctors also observe PatientsDoctors also observe Patients– Record whether or not patients are in Record whether or not patients are in
stable conditionstable condition– Updates done with Updates done with Doc.CondUpd(Pat)
Pointcuts in the Pointcuts in the Subcontract AspectSubcontract Aspect In the subcontract aspect, we give In the subcontract aspect, we give
definitions for the abstract pointcuts definitions for the abstract pointcuts mentioned in the contract aspectmentioned in the contract aspect
Examples:Examples:pointcut UpdatePc(Subj subj, Obs obs) : ( exec(Nrs.TempUpd(Pat)) || exec(Doc.CondUpd(Pat)) ) && targ(obs) && arg(subj) ;
pointcut SubjMethPc(Subj subj) : exec(Pat.*(..)) && targ(subj) ;
Defining RelationsDefining Relations
Need to provide definitions of Need to provide definitions of application-specific relations in application-specific relations in the subcontract aspectthe subcontract aspect
Example: ModifiedExample: Modified
boolean Modified(Subj s1, Subj s2) {
return s1.temp != s2.temp || s1.hrtRate !=
s2.hrtRate;}
Defining RelationsDefining Relations
Another example: ConsistentAnother example: Consistent
boolean Consistent(Subj subj, Obs obs) { if (obs instanceOf Nrs) { return subj.temp > 104 == obs.isFeverish(subj); } else if (obs instanceOf Doc) { return (55 < subj.hrtRate < 100 && 92 < subj.temp < 105) == obs.isStable(subj); } else { /* Error! */} }
DiscussionDiscussion
Contract aspects generally harder to Contract aspects generally harder to write than the subcontract aspectswrite than the subcontract aspects– Only have to write them once!Only have to write them once!
Information such as method call Information such as method call sequences can be tracked using sequences can be tracked using auxiliary variables in the aspectauxiliary variables in the aspect
Pointcuts can encompass more than just Pointcuts can encompass more than just method callsmethod calls
Current and future workCurrent and future work– MonGen MonGen and and PCLPCL
Presented Presented MethodologyMethodology
System CodePurportedly uses
pattern P
Contract Aspectfor P
(abstract)
Subcontract Aspect
Specific to System
Compiled System
Monitors P
Compile/Compile/WeaveWeave
Monitoring Monitoring CodeCode
MonGen MethodologyMonGen Methodology
Contract Specfor P
Subcontract Spec
Specific to System
Specs writtenSpecs writtenin PCLin PCL
MonGeMonGenn
System CodePurportedly uses
pattern P
MonitoringAspect for
System
Compiled System
Monitors P
Compile/Compile/WeaveWeave
ConclusionConclusion
Design patterns often describe Design patterns often describe behaviors that encompass multiple behaviors that encompass multiple classesclasses
Aspects are a natural way to Aspects are a natural way to monitor such behaviorsmonitor such behaviors
Separating the essence of the Separating the essence of the pattern from the details of the pattern from the details of the application saves time and effortapplication saves time and effort
Questions?Questions?
e-maile-mail– [email protected]@cse.ohio-state.edu
MonGen Web page:MonGen Web page:– www.cse.ohio-state.edu/~tyler/www.cse.ohio-state.edu/~tyler/
MonGenMonGen