checking temporal business rules kåre jelling kristoffersen it univ. of copenhagen joint work with...
Post on 21-Dec-2015
215 views
TRANSCRIPT
Checking Temporal Business Rules
Kåre Jelling KristoffersenIT Univ. Of Copenhagen
Joint work with Christian Pedersen and Henrik Andersen
- Part of Next generation?
Kåre J. Kristoffersen 2
Profile:1989 - 1994: MSc. Computer Science, Aalborg University.
1995 – 1998: PhD Thesis, Aalborg Univ., Formal Tools for software test and Verification.
1998 – 2000: Post Doc, Aalborg Univ.
2000 – 2001: ORACLE PL/SQL developer WM-Data/SONOFON: Number Portability, Sonofon Clearing House.
2001 - 2004: Assistant Professor, ITU Copenhagen.
- Softwaretest and Verification.
- Computer Networking.
Kåre J. Kristoffersen 3
Business Rules: What do we need?
Current Development platforms only offer very primitive means to specify business rules:
• ”Check constraints” on database tables asserts that single pieces of data are valid.
• assert(condition) checks validity of condition at chosen places, e.g. in C.
• Using triggers we can check a simple boolean property upon each insert, update and delete.
• Using workflow descriptions (and implementation) we can assert that the computer system is used to apply tasks i a correct order!
BUT, we do not have any generic way of expressing or monitoring that the data in the system evolves correctly as time passes! (Of course this can be programmed in each individual system, but this is not a feasible solution.)
Kåre J. Kristoffersen 4
What we provide:1. Provide a Language (timed logic) for
expressing legal state sequences for the data in a DBMS.
2. This language enables a non-tecnical domain expert to specify temporal business rules for a DBMS or a REA Model.
3. Provide a verification server for checking such rules at runtime.
4. Currently, we run server against my.ITU, an ORACLE Database for courses, student projects etc. at the IT University.
Kåre J. Kristoffersen 5
Outline:• Motivation
• Time sequences and Timed Logic.
• Temporal Business Rules.
• Verification Server.
• Internal Server Representation.
• J2EE Server Implementation.
• Demo
Kåre J. Kristoffersen 6
Temporal Rules, example 1Whenever Account.Balance goes below Treshold it gets back to Treshold+100 after no more than 10 time units!
P: Account.Balance < Treshold
q: Account.Balance >= Treshold+100
Time
t0
p
t1
q
<= 10
t0
p
t1
q
<= 10
Always( p => Eventually(10) q )
Kåre J. Kristoffersen 7
Temporal Rules,example 2Before 20 time units the Balance on Account should reach level high and remain for at least 5 time units.
Time
0 20
>= 5
Low
High
Eventually(20)(Acc.Bal=High AND Always(5)(Acc.Bal=High))
Kåre J. Kristoffersen 8
Temporal Rules (Syntax)
F ::= Always F | Always(c) F | Eventually F | Eventually (c) F |
F1 AND F2 | F1 OR F2 | NOT F | F1 => F2 | Atomic Proposition
AP ::= Table.Col < const | Table1.Col1 > Table2.Col2 |
Example:
Always(r.QOH < Treshold => Eventually(10)(r.QOH >= Treshold + 100))
Ressource.QOH <= const | Event.occured
Whenever ressource goes below treshold it gets back to +100 after no more than 10 time units!
Kåre J. Kristoffersen 9
Temporal Rule + Feedback = Temporal Business Rule
If Temporal Rule r succeds give Feedback1
else give Feedback2Possible Feedbacks:
• Send an Email, SMS, Letter, other message.
• Close an Account.
• Execute an event?
• Other?
Temporal Business Rules:
Kåre J. Kristoffersen 10
Using Verification Server
DBMS/REA
Database
Verification Server
State information
Feedback
Algorithm:
{Yes, No, Wait}
TemporalBusiness Rules
Kåre J. Kristoffersen 11
Internal Rule Representation
The formula:
Always(Acc.Bal<0 => Eventually(10)(Acc.Bal >= 100))
Becomes:
X = ((Acc.Bal >= 0) AND NextTime(X)) OR
( Acc.Bal < 0) and NextTime(X) and NextTime(Y(CurrentTime))
Y(t) = (Acc.Bal >= 100 AND CurrentTime < t+10) OR
NextTime(Y(t))
Kåre J. Kristoffersen 12
J2EE Server implementation
public String stateChange(State state){1. Find corresponding residualformula2. Find corresponding FS3. RT with state as argument4. Replace old RF with new RF5. Return satisfaction value
}
public int newConstraint(String constraint){1. Transform constraint into a FS2. Insert FS in the FS-Container3. Create ResidualFormulea for all involved processes4. return FS-number
}
public procesInfo newProces(State state){1. Find corresponding FS.2. Create a new residualFormula only consisting of the topidentifier.3. RT with state.4. Insert Residual Formula in FS-container.5. Return procesInfo containing
process number + status.}
public RF procesFormula(RF rf, DNF dnf, State state){1. Process the whole thing2. Return new Residual formula3. Register rf in TimeObserver}
public int insertnewRF(RF rf){1. Give RF a number.2. insert the RF.3. Return number}
public replaceRF(RF rf){1. replace rf.number with rf}
public void remove(int i){1. remove RF nummer i}
public RF getRF(int i){1. Return objekt representing formulanumber i}
public int insertnewFS(FS fs){1. Give fs a number.2. Insert fs.3. Return number}
public void remove(int i){1. Remove Fs number i2. Remove al processescorresponding to FS nr i}
public FS getFS(int i){1. Return object representation ofFS number i}
Stateless Session BeanResidual Transformer
public DNF buildFormula(String s){1. Transform s into a formula system.2. Return FS.}
Stateless Session BeanDNF-Builder
Entity BeanResidualFormulaContainer
Entity BeanFS-Container
public void regRF(RF rf){1. Registrer rf in rf.SIT}
Statefull SessionBean
TimeObserver
Kåre J. Kristoffersen 13
Current Activities:
1. Syntax directed editor that allows a domain expert to easily type in Temporal Rules and Feedback Rules.
2. Use Verification Server to check temporal Business Rules for my.ITU, an ORACLE Administrative Database at the ITU.
Kåre J. Kristoffersen 14
Demo:x y z
0 0 0
0 0 0
0 0 0
Assume a Table t with tree columns x, y and z.
Temporal property: Whenever x is greater than 50 then y is less than 10 before 6 time units have passed. (This must hold for any row in table t !!)
Kåre J. Kristoffersen 15
Demo:Let p= x>50 and let q= y<10
Always( p => Eventually(6) q )
Written as: Always(p => x.(t<x+6 UNTIL q))
Typed in as: [] ( p => ( x . ( t<x+6 UNTIL q ) ) )
Kåre J. Kristoffersen 16
3. Build Initial Residuals
Monitored ProgramVerification Server
Equation System
Collection of Residual Formulas
Instrumentation
Temporal Property: . 0
( .( ( 30)))
k Konto saldo
k x k t x
Navn nr. saldoKåre 1 500Christian 2 -600
Konto
K:=Konto.saldo<0Proces := 1
Kåre J. Kristoffersen 17
2. Build Equation System
Monitored ProgramVerification Server
Equation System Instrumentation
Temporal Property: . 0
( .( ( 30)))
k Konto saldo
k x k t x
Navn nr. saldoKåre 1 500Christian 2 -600
Konto
Kåre J. Kristoffersen 18
4. Runtime Verification
Monitored ProgramVerification Server
State Changes
Verification Results
Equation System
Collection of Residual Formulas
Instrumentation
Temporal Property: . 0
( .( ( 30)))
k Konto saldo
k x k t x
Navn nr. saldoKåre 1 500Christian 2 -600
Konto
K:=Konto.saldo<0Proces := 1
Kåre J. Kristoffersen 19
Residual formulas
1 1 2 1
2 1 4
3 1 1 2 4
( (2) (5)) ( (4))
( (4)) ( (7))
( (1) (2) (5)) ( (7))
R X X X
R X X
R X X X X
2 51 2 1 4
1 4 4 7
2 51 21 1 4 7
Kåre J. Kristoffersen 20
Residual formulas
1 1 2 1
2 1 4
3 1 1 2 4
( (2) (5)) ( (4))
( (4)) ( (7))
( (1) (2) (5)) ( (7))
R X X X
R X X
R X X X X
2 51 2 1 4
4 7
1 1
Kåre J. Kristoffersen 21
Residual formulas 2Dis
Con Dis
Con Conid
1
pa2
id
2
pa
5
id
1
pa4
1 1 2 1( (2) (5)) ( (4))R X X X
Kåre J. Kristoffersen 22
Dis
Con Dis
Con Conid
1
pa2
id
2
pa
5
id
1
pa
4
1 2 1(( (2)) ( (5))) (( (4)))X X X
1(( (4)))X1 2( (2)) ( (5))X X
1( (4))X
1(4)X
4
1(2)X
2
2( (5))X
2 (5)X
5
Residual formulas 3