skip to main content
10.1145/1007512.1007535acmconferencesArticle/Chapter ViewAbstractPublication PagesisstaConference Proceedingsconference-collections
Article

Automating commutativity analysis at the design level

Published: 01 July 2004 Publication History

Abstract

Two operations commute if executing them serially in either order results in the same change of state. In a system in which commands may be issued simultaneously by different users, lack of commutativity can result in unpredictable behaviour, even if the commands are serialized, because one user's command may be preempted by another's, and thus executed in an unanticipated state. This paper describes an automated approach to analyzing commutativity. The operations are expressed as constraints in a declarative modelling language such as Alloy, and a constraint solver is used to find violating scenarios. A case study application to the beam scheduling component of a proton therapy machine (originally specified in OCL) revealed several violations of commutativity in which requests from medical technicians in treatment rooms could conflict with the actions of a beam operator in a master control room. Some of the issues involved in automating the analysis for OCL itself are also discussed.

References

[1]
BRAT, G., HAVELUND, K., PARK, S., AND VISSER, W. Java PathFinder - A second generation of a Java modelchecker. In Workshop on Advances in Verification (July 2000).
[2]
CLARK, T., AND WARMER, J., Eds. Object Modeling with the OCL: The Rationale behind the Object Constraint Language. No. 2263 in LNCS. Springer-Verlag, 2002.
[3]
FEKETE, A., LYNCH, N., MERRITT, M., AND WEIHL, W. Commutativity-based locking for nested transactions. Journal of Computer and System Sciences 41, 1 (Aug. 1990), 65--156.
[4]
FOOD AND DRUG ADMININSTRATION. FDA Statement on Radiation Overexposures in Panama. http://www.fda.gov/cdrh/ocd/panamaradexp.html.
[5]
HOLZMANN, G. J. The Model Checker SPIN. IEEE Transactions on Software Engineering 23, 5 (May 1997), 279--295.
[6]
HUSSMANN, H., DEMUTH, B., AND FINGER, F. Modular Architecture for a Toolset Supporting OCL. In Proceedings of UML 2000: Advancing the Standard (York, UK, Oct. 2000), A. Evans, S. Kent, and B. Selic, Eds., no. 1939 in LNCS.
[7]
JACKSON, D. Automating First-Order Relational Logic. In Proc. ACM SIGSOFT Conf. Foundations of Software Engineering (FSE) (Nov. 2000).
[8]
JACKSON, D., SHLYAKHTER, I., AND SRIDHARAN, M. A micromodularity mechanism. In ACM SIGSOFT Conference on Foundations of Software Engineering / European Software Engineering Conference (Vienna, Sept. 2001).
[9]
J.R. BURCH, E.M. CLARKE, K.L. MCMILLAN, D.L. DILL, AND L.J. HWANG. Symbolic Model Checking: 1020 States and Beyond. In Proceedings of the Fifth Annual IEEE Symposium on Logic in Computer Science (Washington, D.C., 1990), IEEE Computer Society Press, pp. 1--33.
[10]
LEVESON, N. G., AND TURNER, C. An investigation of the Therac-25 accidents. IEEE Computer 7, 26 (1993), 18--41.
[11]
MCMILLAN, K. L. Symbolic Model Checking. Kluwer Academic Publishers, 1993. http://www.cs.cmu.edu/~modelcheck/smv.html.
[12]
MIT SOFTWARE DESIGN GROUP. The Alloy Analyzer. http://alloy.mit.edu.
[13]
QUEILLE, J.-P., AND SIFAKIS, J. Specification and Verification of Concurrent Systems in CESAR. LNCS 137 (1982), 337--351.
[14]
RICHTERS, M., AND GOGOLLA, M. OCL: Syntax, Semantics, and Tools. In Clark and Warmer {2}, pp. 42--68.
[15]
RICKS, R. C., BERGER, M. E., HOLLOWAY, E. C., AND GOANS, R. E. REACTS Radiation Accident Registry: Update of Accidents in the United States. International Radiation Protection Association, 2000.
[16]
RINARD, M. C., AND DINIZ, P. C. Commutativity analysis: A new analysis technique for parallelizing compilers. ACM Transactions on Programming Languages and Systems 19, 6 (1997), 942--991.
[17]
WARMER, J., Ed. Response to the UML 2.0 OCL RfP (ad/2000-09-03). Object Management Group, Jan. 2003. Revised submission, version 1.6. OMG Document ad/2003-01-07.
[18]
WARMER, J., AND KLEPPE, A. The Object Constraint Language: Getting your models ready for MDA, 2nd ed. Addison-Wesley, Aug. 2003.
[19]
WEIHL, W. E. Commutativity-based concurrency control for abstract data types. IEEE Transactions on Computers 37, 12 (1988), 1488--1505.
[20]
WU, P., AND FEKETE, A. An empirical study of commutativity in application code. In Proceedings of International Database Engineering and Applications Symposium (Hong Kong, July 2003).

Cited By

View all
  • (2024)Automatic Specification and Analysis of Software Reliability Using Alloy: Selecting the Best Use Case Scenario in Terms of ReliabilityInternational Journal of Reliability, Quality and Safety Engineering10.1142/S021853932450016531:04Online publication date: 27-Jun-2024
  • (2020)Consolidation: a technique for improving permissiveness of human-machine interfacesCompanion Proceedings of the 2020 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity10.1145/3426430.3428133(22-24)Online publication date: 15-Nov-2020
  • (2015)Toward tool support for interactive synthesis2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!)10.1145/2814228.2814235(121-136)Online publication date: 21-Oct-2015
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ISSTA '04: Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis
July 2004
294 pages
ISBN:1581138202
DOI:10.1145/1007512
  • cover image ACM SIGSOFT Software Engineering Notes
    ACM SIGSOFT Software Engineering Notes  Volume 29, Issue 4
    July 2004
    284 pages
    ISSN:0163-5948
    DOI:10.1145/1013886
    Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2004

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. OCL
  2. alloy
  3. case study
  4. commutativity
  5. concurrency
  6. critical systems
  7. formal specification
  8. lightweight formal methods
  9. model checking
  10. proton therapy
  11. radiation therapy
  12. testing

Qualifiers

  • Article

Conference

ISSTA04
Sponsor:

Acceptance Rates

Overall Acceptance Rate 58 of 213 submissions, 27%

Upcoming Conference

ISSTA '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)2
  • Downloads (Last 6 weeks)0
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Automatic Specification and Analysis of Software Reliability Using Alloy: Selecting the Best Use Case Scenario in Terms of ReliabilityInternational Journal of Reliability, Quality and Safety Engineering10.1142/S021853932450016531:04Online publication date: 27-Jun-2024
  • (2020)Consolidation: a technique for improving permissiveness of human-machine interfacesCompanion Proceedings of the 2020 ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity10.1145/3426430.3428133(22-24)Online publication date: 15-Nov-2020
  • (2015)Toward tool support for interactive synthesis2015 ACM International Symposium on New Ideas, New Paradigms, and Reflections on Programming and Software (Onward!)10.1145/2814228.2814235(121-136)Online publication date: 21-Oct-2015
  • (2013)Applications and extensions of Alloy: past, present and futureMathematical Structures in Computer Science10.1017/S096012951200029123:4(915-933)Online publication date: 8-Jul-2013
  • (2012)Modelling of Secure Data Transmission over a Multichannel Wireless Network in AlloyProceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications10.1109/TrustCom.2012.207(785-792)Online publication date: 25-Jun-2012
  • (2012)On a chain of transformations for generating alloy from NL constraintsSeventh International Conference on Digital Information Management (ICDIM 2012)10.1109/ICDIM.2012.6360153(93-98)Online publication date: Aug-2012
  • (2012)Specifying stateful asynchronous properties for distributed programsProceedings of the 23rd international conference on Concurrency Theory10.1007/978-3-642-32940-1_16(209-224)Online publication date: 4-Sep-2012
  • (2011)Verification of i* Models Using AlloyInformation Systems Development10.1007/978-1-4419-9790-6_5(63-74)Online publication date: 1-Sep-2011
  • (2009)From UML to Alloy and back againProceedings of the 6th International Workshop on Model-Driven Engineering, Verification and Validation10.1145/1656485.1656489(1-10)Online publication date: 5-Oct-2009
  • (2009)From UML to alloy and back againProceedings of the 2009 international conference on Models in Software Engineering10.1007/978-3-642-12261-3_16(158-171)Online publication date: 4-Oct-2009
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media