Modeling and analysis of interfaces using ComMA
The ComMA framework supports component-based development by formalizing and monitoring interface specifications. This includes time constraints and a state machine to specify the allowed sequences of client-server interactions.
Precise specification of system component interfaces enables analysis of component behavior and checking of conformance of an implementation to the interface specification. Very often component interfaces are only defined by their signature and without a formal description of the admissible behavior and timing assumptions. The Framework named ComMA (Component Modeling and Analysis) supports model-based engineering (MBE) of high-tech systems by formalizing interface specifications. ComMA provides a family of domain-specific languages that integrate existing techniques from formal behavioral and time modeling and is easily extensible. It contains tools that support different phases of the development process and can be integrated in the industrial way of working. The framework is applied in the context of the family of interventional X-ray machines developed by Philips.
The ComMA (Component Modeling and Analysis) approach is based on a hierarchy of Domain Specific Languages (DSLs). Interface specifications in ComMA consist of three main ingredients:
The interface signature, i.e., the set of commands, signals and notifications that a server offers to its clients.
State machine(s) that describe the interaction protocol between client and server, i.e., the allowed sequence of commands, signals and notifications.
Data and timing constraints on the client-server interaction, such as lower and upper bounds on response times, periodicity requirements, and constraints on parameters of subsequent events.
For such an interface, the Eclipse-based ComMA environment generates a large number of artefacts:
UML diagrams of the state machine(s) and constraints. Also a document according to a company template can be generated.
Interface proxy code that adheres to a company standard for transparent component deployment.
Simulation models that can be used to experiment with the interface in the phase of concept development.
A framework to monitor whether implementations of client and server conform to the specified interface. Statistics about the aspects specified in the constraints during execution, such as a histogram of the observed response times.
An important analysis tool is the monitoring framework, which allows frequent checks on interface conformance. For instance, during nightly tests and after components updates. Monitoring is based on a trace of client-server interactions, e.g., obtained via logging or sniffing. The monitoring tool generates an error when a trace does not conform to the state machine behavior. A warning is generated if a constraint is violated.