Difference between pages "Development of a flash-based filestore" and "Element Hierarchy Extension Point & Library"

From Event-B
(Difference between pages)
Jump to navigationJump to search
imported>WikiSysop
 
imported>Tommy
 
Line 1: Line 1:
Nowadays, many formal methods are used in the area of software development accompanied by a number of advanced theories and tools. However, more experiments are still required in order to provide significant evidence that will convince and encourage users to use, and gain more benefits from, those theories and tools. Event-B is a formalism used for specifying and reasoning about systems. Rodin is an open and extensible toolset for Event-B specification, refinement and proof. The flash file system is a complex system that is challenging to specify and verify at this moment in time. This system was chosen as a case study for our experiments, carried out using Event-B and the Rodin tool. The experiments were aimed at developing a rigorous model of flash-based file system, and providing useful evidence and guidelines to developers and the software industry. We believe that these would convince users and make formal methods more accessible.
+
The UI in Rodin 2.x contains an extension point <tt>org.eventb.ui.editorItems</tt> that groups the both following information:
 +
*the definition of elements and attributes and their hierarchy, and the way they are created
 +
*the information needed to correctly display and edit these elements in the various editors and UI components
  
 +
It appears obvious that the first information should be defined from an extension that belongs to the Database.
 +
To fullfil the above statement, the current extension point <tt>org.eventb.ui.editorItems</tt> should be split in two.
 +
The existing extension point was also heterogenous. Indeed, whereas the element relationships were concerning element types, the attribute relationship were concerning element types and references to UI defined attributes (referring to core attributes).<br>
 +
There is no need for such an indirection.
  
===[http://eprints.ecs.soton.ac.uk/21655/ An Incremental Refinement Approach to a Development of a Flash-Based File System in Event-B] ===
+
----
 +
The proposal should concern :
 +
A - Relationship declaration (new extension point)
 +
B - API to test these relations and traverse them
 +
C - Enforcement of the authorized relations when modifying the DB
 +
D - Behaviour while loading a file (including a file with invalid parent-child relations occurrences)
 +
E- What about the compatibilty with the file upgrade mechanism?
 +
----
  
The work on the development of a flash-based file system in Event-B is reported in a PhD thesis by Kriangsak Damchoom.
+
= Some identified difficulties =
  
Papers and Rodin achives are available below.
+
== Initialization of elements from non UI components ==
  
=== [http://deploy-eprints.ecs.soton.ac.uk/22/ Modelling and proof of a Tree-structured File System] ===
+
The following ElementDescRegistry method, shows the dependency between an element creation and the initialization of its attributes with default values.
By ''Damchoom, Kriangsak and Butler, Michael and Abrial, Jean-Raymond''.
 
in ICFEM 2008
 
  
We present a verified model of a tree-structured file system which was carried out using Event-B and the Rodin platform. The model is focused on basic functionalities affecting the tree structure including create, copy, delete and move. This work is aimed at constructing a clear and accurate model with all proof obligations discharged. While constructing the model of a file system, we begin with an abstract model of a file system and subsequently refine it by adding more details through refinement steps. We have found that careful formulation of invariants and useful theorems that can be reused for discharging similar proof obligations make models simpler and easier to prove.
+
        public <T extends IInternalElement> T createElement(
 +
final IInternalElement root, IInternalElement parent,
 +
final IInternalElementType<T> type, final IInternalElement sibling)
 +
throws RodinDBException {
 +
final T newElement = parent.createChild(type, sibling, null);
 +
final IAttributeDesc[] attrDesc = getAttributes(type);
 +
for (IAttributeDesc desc : attrDesc) {
 +
desc.getManipulation().setDefaultValue(newElement, null);    // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
 +
}
 +
return newElement;
 +
}
  
=== [http://deploy-eprints.ecs.soton.ac.uk/125/ Applying Event and Machine Decomposition to a Flash-Based Filestore] ===
+
The protocol shall be changed to take into account this initialization outside from the graphical manipulation.
By ''Damchoom, Kriangsak and Butler, Michael.
+
Doing the initialization at org.eventb.core level is possible by registering a special "attribute initializer". <br>
in SBMF 2009
+
WARNING : The required attribute is only available for "choice" attributes. Can't it be available for all kind of attributes?
  
=== An Incremental Refinement Approach to a Development of a Flash File System [http://deploy-eprints.ecs.soton.ac.uk/243/  archive] ===
+
== Correspondence between UI manipulation and "core" elements ==
By ''Damchoom, Kriangsak and Butler, Michael''.
+
What if an element is not defined in the UI but defined in the hierarchy of a given core element?<br>
 +
>>> ANSWER : it seems that any contributor to the UI manages the extensions of the datat model. The responsability is thus left to him.<br>
 +
>>> A element for which there is no UI correspondance will not be displayed.
  
An incremental refinement was chosen as a strategy in our development. The refinement
+
== Operation on elements shall be enforced ==
was used for two different purposes: feature augmentation and structural refinement (covering event and
+
machine decomposition). Several techniques and styles of modelling were investigated and compared; to
+
        private <T extends IInternalElement> OperationCreateElement getCreateElement(
produce some useful guidelines for modelling, refinement and proof. The model of the flash-based file system
+
IInternalElement parent, IInternalElementType<T> type,
we have completed covers three main issues: fault-tolerance, concurrency and wear-levelling process. Our
+
IInternalElement sibling, IAttributeValue[] values) {
model can deal with concurrent read/write operations and other processes such as block relocation and
+
OperationCreateElement op = new OperationCreateElement(
block erasure. The model tolerates faults that may occur during reading/writing of files. We believe our
+
createDefaultElement(parent, type, sibling));
development acts as an exemplar that other developers can learn from.
+
op.addSubCommande(new ChangeAttribute(values));
 +
return op;
 +
}
  
=== Multi-Levelled Refinement and Evolution of a Flash File System Model in Event-B and Rodin [http://deploy-eprints.ecs.soton.ac.uk/243/ archive ] ===
+
''The Operation model similar to a kind of transaction mechanism, should be made available from the DB layer.''<br>
By ''Damchoom, Kriangsak and Butler, Michael''.
+
''The relations when using such layer shall be enforced and any invalid operation could be rejected.''
  
This work is an extension of the work presented above. The focus of this work is to outline an evolution of the model when the requirements change. Evolution of the models is necessary when
+
= Proposal =
the requirements change. The point is how to deal with this. How much changes that impact the models? How reusability
+
 
can be achieved? and how flexibility of the language and tool are?
+
== Hierarchy between elements ==
 +
 
 +
The part concerning element definition and hierarchy will go to a dedicated extension point in the database.
 +
 
 +
=== A - hierarchy definition ===
 +
 
 +
Here is the definition of such an extension point : org.rodinp.core.dataModel ???  or org.rodinp.core.internalElementHierarchy ???
 +
 
 +
Configuration Markup:
 +
<!ELEMENT extension ((childRelation | attributeRelation | autoNaming)+)>
 +
<!ATTLIST extension
 +
point CDATA #REQUIRED
 +
id    CDATA #IMPLIED
 +
name  CDATA #IMPLIED
 +
>
 +
 +
<!ELEMENT elementRelationship (childType)+>
 +
<!ATTLIST elementRelationship
 +
parentTypeId CDATA #REQUIRED
 +
>
 +
parentTypeId - Element type of the parent, must be the unique ID of a Rodin internal element type (see extension point org.rodinp.core.internalElementTypes).
 +
 +
<!ELEMENT childType EMPTY>
 +
<!ATTLIST childType
 +
typeId                CDATA #REQUIRED
 +
implicitChildProvider CDATA #IMPLIED
 +
>
 +
typeId - Element type of the child, must be the unique ID of a Rodin internal element type (see extension point org.rodinp.core.internalElementTypes).
 +
 +
<!ELEMENT attributeRelationship (attributeType)+>
 +
<!ATTLIST attributeRelationship
 +
elementTypeId CDATA #REQUIRED
 +
>
 +
elementTypeId - Element type of the element, must be the unique ID of a Rodin internal element type (see extension point org.rodinp.core.internalElementTypes).
 +
 +
<!ELEMENT attributeType EMPTY>
 +
<!ATTLIST attributeType
 +
typeId CDATA #REQUIRED
 +
class  CDATA #REQUIRED
 +
>
 +
Describes how to graphically display a Rodin attribute of type boolean.
 +
 +
attributeTypeId - Id of the Rodin attribute type to which this description applies (see extension point org.rodinp.core.attributeTypes).
 +
 +
<!ELEMENT autoNaming EMPTY>
 +
<!ATTLIST autoNaming
 +
elementTypeId          CDATA #REQUIRED
 +
attributeDescriptionId CDATA #REQUIRED
 +
namePrefix             CDATA #REQUIRED
 +
>
 +
Describes how to automatically name an element. The autoNaming definition is unique for a given element type.
 +
 +
elementTypeId - Element type of the element, must be the unique ID of a Rodin internal element type (see extension point org.rodinp.core.internalElementTypes).
 +
namePrefix - default prefix to name the element
 +
 +
The use of such extension point is obvious in org.eventb.core plug-in, as it would complement the extensions of org.rodinp.core.attributeTypes and org.rodinp.core.internalElementTypes.
 +
 
 +
=== B - API to declare and test the element/attribute relations and traverse them ===
 +
 
 +
The API for an element : IElementDesc
 +
 
 +
public String getID();
 +
 +
public List<IAttributeDesc> getAttributeDescription();
 +
 +
public List<IElementRelationship> getChildRelationships();
 +
 +
public List<IElementType> getChildTypes();
 +
 +
public IAttributeDesc getAutoNameAttribute();
 +
 
 +
adding the following method to the protocol :
 +
 
 +
        public boolean isDirectChildTypeOf(IElementDesc parentElemDesc);
 +
 
 +
The API for an Attribute : IAttributeDesc
 +
 +
        public String getID(); 
 +
     
 +
        public IAttributeManipulation getManipulation();
 +
 +
public IAttributeType getAttributeType();
 +
 
 +
== Data model operation ==
 +
The ElementManipulationFacade, support for modifications over the Database, should be provided by the Event-B Core plug-in.<br>
 +
The IAttributeManipulation interface should be also provided by the Event-B Core plug-in as it concerns the manipulation done on the attribute in the DB.
 +
 
 +
The information about the rendering of an element or an attribute, should not be deduced from the attribute itself (e.g. choiceAttribute vs. toggleAttribute vs. textAttribute), it should be given in the UI.
 +
 
 +
== UI related information ==
 +
The part concerning how to display elements and UI related info will stay in the editorItems extension point and shall point to an element definition and hierachy.<br>
 +
Relationships will disappear from the editorItems extension point.
 +
 
 +
The interfaces are refactored to become the following :
 +
 
 +
''NB. IITemDesc disappears as it is cumbersome to provide such interface for a sole method getPrefix(). ''
 +
 
 +
public interface IUIElementDesc extends IItemDesc {
 +
 +
        public String getPrefix();
 +
 +
public String getChildrenSuffix();
 +
 +
public IImageProvider getImageProvider();
 +
 +
public IAttributeDesc atColumn(int i);
 +
 +
public int getDefaultColumn();
 +
 +
public boolean isSelectable(int i);
 +
 +
public String getAutoNamePrefix();
 +
 +
public IElementPrettyPrinter getPrettyPrinter();
 +
 +
}
 +
 
 +
public interface IUIAttributeDesc extends IItemDesc {
 +
 +
        public String getPrefix();
 +
 +
public String getSuffix();
 +
 +
public IEditComposite createWidget();
 +
 +
public boolean isHorizontalExpand();
 +
 +
}
 +
 
 +
[[Category:Design_proposal]]

Revision as of 16:15, 25 September 2012

The UI in Rodin 2.x contains an extension point org.eventb.ui.editorItems that groups the both following information:

  • the definition of elements and attributes and their hierarchy, and the way they are created
  • the information needed to correctly display and edit these elements in the various editors and UI components

It appears obvious that the first information should be defined from an extension that belongs to the Database. To fullfil the above statement, the current extension point org.eventb.ui.editorItems should be split in two. The existing extension point was also heterogenous. Indeed, whereas the element relationships were concerning element types, the attribute relationship were concerning element types and references to UI defined attributes (referring to core attributes).
There is no need for such an indirection.

The proposal should concern : 

A - Relationship declaration (new extension point)
B - API to test these relations and traverse them
C - Enforcement of the authorized relations when modifying the DB
D - Behaviour while loading a file (including a file with invalid parent-child relations occurrences)
E- What about the compatibilty with the file upgrade mechanism?

Some identified difficulties

Initialization of elements from non UI components

The following ElementDescRegistry method, shows the dependency between an element creation and the initialization of its attributes with default values. 

       public <T extends IInternalElement> T createElement(
			final IInternalElement root, IInternalElement parent,
			final IInternalElementType<T> type, final IInternalElement sibling)
			throws RodinDBException {
		final T newElement = parent.createChild(type, sibling, null);
		final IAttributeDesc[] attrDesc = getAttributes(type);
		for (IAttributeDesc desc : attrDesc) {
			desc.getManipulation().setDefaultValue(newElement, null);    // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
		}
		return newElement;
	}

The protocol shall be changed to take into account this initialization outside from the graphical manipulation. Doing the initialization at org.eventb.core level is possible by registering a special "attribute initializer".
WARNING : The required attribute is only available for "choice" attributes. Can't it be available for all kind of attributes?

Correspondence between UI manipulation and "core" elements

What if an element is not defined in the UI but defined in the hierarchy of a given core element?
>>> ANSWER : it seems that any contributor to the UI manages the extensions of the datat model. The responsability is thus left to him.
>>> A element for which there is no UI correspondance will not be displayed.

Operation on elements shall be enforced

       private <T extends IInternalElement> OperationCreateElement getCreateElement(
			IInternalElement parent, IInternalElementType<T> type, 
			IInternalElement sibling, IAttributeValue[] values) {
		OperationCreateElement op = new OperationCreateElement( 
				createDefaultElement(parent, type, sibling));
		op.addSubCommande(new ChangeAttribute(values));
		return op;
	}

The Operation model similar to a kind of transaction mechanism, should be made available from the DB layer.
The relations when using such layer shall be enforced and any invalid operation could be rejected.

Proposal

Hierarchy between elements

The part concerning element definition and hierarchy will go to a dedicated extension point in the database.

A - hierarchy definition

Here is the definition of such an extension point : org.rodinp.core.dataModel ??? or org.rodinp.core.internalElementHierarchy ??? 

Configuration Markup:
<!ELEMENT extension ((childRelation | attributeRelation | autoNaming)+)>
<!ATTLIST extension
point CDATA #REQUIRED
id    CDATA #IMPLIED
name  CDATA #IMPLIED
>

<!ELEMENT elementRelationship (childType)+>
<!ATTLIST elementRelationship
parentTypeId CDATA #REQUIRED
>
parentTypeId - Element type of the parent, must be the unique ID of a Rodin internal element type (see extension point org.rodinp.core.internalElementTypes).

<!ELEMENT childType EMPTY>
<!ATTLIST childType
typeId                CDATA #REQUIRED
implicitChildProvider CDATA #IMPLIED
>
typeId - Element type of the child, must be the unique ID of a Rodin internal element type (see extension point org.rodinp.core.internalElementTypes).

<!ELEMENT attributeRelationship (attributeType)+>
<!ATTLIST attributeRelationship
elementTypeId CDATA #REQUIRED
>
elementTypeId - Element type of the element, must be the unique ID of a Rodin internal element type (see extension point org.rodinp.core.internalElementTypes).

<!ELEMENT attributeType EMPTY>
<!ATTLIST attributeType
typeId CDATA #REQUIRED
class  CDATA #REQUIRED
>
Describes how to graphically display a Rodin attribute of type boolean.

attributeTypeId - Id of the Rodin attribute type to which this description applies (see extension point org.rodinp.core.attributeTypes).

<!ELEMENT autoNaming EMPTY>
<!ATTLIST autoNaming
elementTypeId          CDATA #REQUIRED
attributeDescriptionId CDATA #REQUIRED
namePrefix             CDATA #REQUIRED
>
Describes how to automatically name an element. The autoNaming definition is unique for a given element type.

elementTypeId - Element type of the element, must be the unique ID of a Rodin internal element type (see extension point org.rodinp.core.internalElementTypes).
namePrefix - default prefix to name the element

The use of such extension point is obvious in org.eventb.core plug-in, as it would complement the extensions of org.rodinp.core.attributeTypes and org.rodinp.core.internalElementTypes.

B - API to declare and test the element/attribute relations and traverse them

The API for an element : IElementDesc 

	public String getID();

	public List<IAttributeDesc> getAttributeDescription();
	
	public List<IElementRelationship> getChildRelationships();

	public List<IElementType> getChildTypes();

	public IAttributeDesc getAutoNameAttribute();

adding the following method to the protocol : 

       public boolean isDirectChildTypeOf(IElementDesc parentElemDesc);

The API for an Attribute : IAttributeDesc 

       public String getID();  
     
       public IAttributeManipulation getManipulation();

	public IAttributeType getAttributeType();

Data model operation

The ElementManipulationFacade, support for modifications over the Database, should be provided by the Event-B Core plug-in.
The IAttributeManipulation interface should be also provided by the Event-B Core plug-in as it concerns the manipulation done on the attribute in the DB.

The information about the rendering of an element or an attribute, should not be deduced from the attribute itself (e.g. choiceAttribute vs. toggleAttribute vs. textAttribute), it should be given in the UI.

UI related information

The part concerning how to display elements and UI related info will stay in the editorItems extension point and shall point to an element definition and hierachy.
Relationships will disappear from the editorItems extension point.

The interfaces are refactored to become the following :

NB. IITemDesc disappears as it is cumbersome to provide such interface for a sole method getPrefix(). 

public interface IUIElementDesc extends IItemDesc {

       public String getPrefix();

	public String getChildrenSuffix();

	public IImageProvider getImageProvider();

	public IAttributeDesc atColumn(int i);

	public int getDefaultColumn();

	public boolean isSelectable(int i);
	
	public String getAutoNamePrefix();
	
	public IElementPrettyPrinter getPrettyPrinter();
	
}

public interface IUIAttributeDesc extends IItemDesc {

       public String getPrefix();

	public String getSuffix();

	public IEditComposite createWidget();

	public boolean isHorizontalExpand();

}
Retrieved from ‘https://wiki.event-b.org/index.php?title=Development_of_a_flash-based_filestore&oldid=3988