15.11 Production of B1.2 Progress beyond the state of the art.

schoolmistInternet and Web Development

Oct 22, 2013 (4 years and 7 months ago)


15.11 Production of B1.2 Progress beyond the state of the art.

[BP: text in purple to be deleted, shown as a reference for now]

In section 15.10 we produced B1.1 and this must now be complemented by showing convincingly in

that what you propose is be
yond the current state of the art. Prepare for this by going over all

previous and
current projects in this area and where necessary explain why your proposal is better. Don’t

be afraid to
name names but do it positively

remember the evaluator may have b
een personally involved

in a previous
project you are quoting. An important goal here is to show the evaluator you have done your

and are aware of the latest developments in the field.

Describe the state of the art in the area concerned and the ad
vance that the proposed project
would bring

about. If applicable, refer to the results of any patent search you might have carried

Challenge 1

Objective ICT
2007.1.2: Service and Software Architectures, Infrastructures and


e engineering approaches
development processes, product lifecycle and

tools for dynamically composed systems with dependable quality of service and reliability

properties and
promoting new open development paradigms with a higher degree of

involvement of j
oint user and
development communities

Increased efficiency and productivity in software development and higher level of

software reliability
through novel service and software engineering tools and

improved mastering of complex systems.

Challenge 6

er major goal is to reap the benefits of ICT to optimise the use of natural resources

throughout their life cycles, including energy, to design smarter and cleaner processes with

waste, and to contain environmental degradation and related threats o
n human lives,

infrastructures and the
environment. In particular, research will help to achieve the EU targets

of taking the lead towards more
sustainable consumption and production in the global

economy, hence contributing to a cleaner, safer and
er global environment.

Objective ICT
2007.6.3: ICT for Environmental Management and Energy Efficiency

[BP: is this

to the project

Collaborative Systems for Environmental Management


Research is expected to deliver

visionary concepts

and techniques, or strategic integrated approaches for
ICT systems

addressing environmental applications that are cost
effective, easy to set up and to

The focus is on generic systems that will integrate to a large extent autonomous,

adaptive sen
, extended data fusion, rapid and secure access to distributed

information, modelling, simulation
and visualisation as well as computing facilities for

decision making. Full attention will be on the
optimisation of complex data flows across

ll decision levels, across borders and sectors. Typically, these
collaborative systems will

be validated in the case of fresh surface water, ambient air, outdoor or indoor.


Wide take
up of ICT systems to enable future buildings to become at least energy


B1.2 Progress beyond the state of the art.

SAY research contributions
focus on two main research areas,
specification and Analysis, where original c
ontributions will be on

design environments and
Appropriation Support and Collaborative Design
, and
, where the goal is to develop reliable and flexible service compositions. In the
following, we discuss how the U
SAY proje
ct will contribute to the state of the art in
those areas.

nts specification and Analysis

End User Development and DODEs


Appropriation Support and Collaborative Design

Appropriation Support

The SotA? of Appropriation Suppor
t Research will be added later, as it is still

Partecipatory design

Research in the area of participatory design lead to many different approaches how
designers and users can design a system collaboratively. Christiane Floyd demanded
in the 1980s that software has to be developed cyclic [Floyd 1989]. Since then,
many methods of the modern software engineering research and software distribution
extend the evolutionary and participatory design [Bleek 2002, Nichols 2003, Ritterbruch
. The approaches differ for example in their term of use during the software
lifecycle [Muller 1997]. Some approaches can be used before or while the system is
being implemented, while others can be used after system was implemented. The U
project invo
lves both approaches, because service assemblies are created during use time
of the system, but they involve the end user performing some implementation tasks.

ethnographic methods such as c
ontextual inquiry [Beyer 1998] are being
used to dis
cover the target users' real tasks, needs and vocabulary. These are often
augmented with studies in laboratories to try to understand the basic usability tradeoffs of
various techniques. Put together, this generates new knowledge that can drive design, and

allows design to be based on real data about the users' needs and characteristics. For
example, a Contextual Inquiry study highlighted some properties of what makes code
libraries and frameworks hard to use, which were refined and verified in laboratory
tudies [Ellis 2007]. Another study discovered that communication among programmers
and discovering the design intent were significant barriers among programmers in the
field [Ko 2007].

Another approach we will use is called remote evaluation. It is simil
ar to usability
studies, but users process no given tasks. Instead, usability specialists track users’
problems during their daily work. The approach should be used to complement classical
usability studies. Hartson et al. insist on objective reports and t
herefore decline the
discussion of discrepancies between users and designers. The term “remote” indicates
that users and usability experts can work in different spaces, but also timely separated.
Nichols et al. [Nichols 2002] describe another method for th
e execution of usability tests,
called participatory usability. Users are enabled to create a usability report, whenever
they think that it is necessary. The tool for the creation of such reports is integrated into
the application itself, making it easier
for users to create a report. The report consists of
two parts. The first part contains objective data of the program state and is generated
automatically. The second part contains subjective data, which is entered by the user.
After sending the report, th
e user is able to track it, keeping him informed whether his
issue was already processed and if it will be fixed or not. Quite similar to the
participatory usability approach are crash reporting tools. These tools are also integrated
into the application a
nd provide designers with objective information about the
application in case of a crash. In contrast to the participatory usability approach, the
decision, if a report will be generated or not is done by the system and not by the user.
Sometimes crash rep
orting tools provide a feedback channel to the users, providing them
with web
links, emails, etc. Usually these tools are used to increase the stability of an
application and not to redesign it. The next approach is called e
prototyping. In this case,
s participate in the design process because of their experiences in the use context,
using the already implemented system. The approach is usually embedded in a
participatory, evolutionary development processes. The decision, if a requested feature
will be

implemented, is done within the development process and is not part of the e
prototyping approach.

Besides these formal participatory design approaches, open source development activities
show how participatory design works in practical settings. In thi
s case, there is no hard
separation between the group of designers and the group of users. Every user can be a
developer at the same time and vice versa. If a user becomes a developer, he has to face
the same complexity of software development, as all othe
r developers have to face. At
this critical issue, the

project will tie in with a new, less complex approach of
collaborative design, which treats users and developers, in contrast to classical
participatory design approaches, as equal partners.

will provide end users with a
specific service assembly environment, using appropriate service composition
representations and metaphors. The environment enables users to assemble services much
like they know it from business process engineering.

The created service assemblies
could be used to adapt and extend existing programs or to create new programs. The
utilization of users’ knowledge in process engineering decreases

compared to open
source development

the complexity of developing program
s. These user driven
assembly activities should furthermore be supported with communication, collaboration
and delegation tools. These support tools serve two purposes. First, the assembly
activities of users are in most cases collaborative activities, as
studies have already
proven. Second, the tools should support, like participatory design methods, the
communication between users and programmers.

The FP6 Project

“inContext” addresses a similar problem like
, because they
“[…] will develop a novel

scientific approach focused on a new blend of human
collaboration and service
oriented systems […]”. In contrast to inContext,

provide autonomic service adaptation methods, but will enable users to construct service
assemblies by themselves, le
aving design power in their hands.


Nichols 2002] David M Nichols and Michael B Twidale. Usability and open source
software. page 16, 2002.

[Muller 1997] M.J. Muller, J.H. Haslwanter, and T. Dayton. Participatory Practices in the
Software L
ifecycle, chapter 11, pages 256

297. Elsevier, 1997.

[Ritterbruch 2002] Marcus Ritterbruch, Gregor McEwan?, Nigel Ward, Tim Mansfield,
and Dominik Bartenstein. Extreme participation

moving extreme programming towards
participatory design. PDC2002 Procee
dings, 2002.

[Nichols 2003] David M Nichols, Dana McKay?, and Michael B Twidale. Participatory
usability: supporting proactive users. pages 63

68, 2003.

[Bleek 2002] Wolf
Gideon Bleek, Martti Jeenicke, and Ralf Klischewski. Developing
based applicati
ons through e
prototyping. In COMPSAC '02: Proceedings of the
26th International Computer Software and Applications Conference on Prolonging
Software Life: Development and Redevelopment, pages 609

614, Washington, DC,
USA, 2002. IEEE Computer Society.

oyd 1989] Christiane Floyd, Fanny
Michaela Reisin, and Gerhard Schmidt. Steps to
software development with users. In ESEC '89: Proceedings of the 2nd European
Software Engineering Conference, pages 48

64, London, UK, 1989. Springer
[Beyer 1998]H. B
eyer and K. Holtzblatt. Contextual Design: Defining Custom
Systems. San Francisco, CA, Morgan Kaufmann Publishers, Inc. 1998.

[Ko 2007] Ko, A. J. DeLine?, R., Venolia, G. "Information Needs in Collocated Software
Development Teams." International

Conference on Software Engineering (ICSE), May
26, to appear.

[Ellis 2007] Brian Ellis, Jeffrey Stylos, and Brad Myers. "The Factory Pattern in API
Design: A Usability Evaluation". International Conference on Software Engineering
(ICSE'2007). May 20
6, 2007. Minneapolis, MN. To appear.

Service assembly and verification

Enhanced services

SAY will adopt an architectural style based on services


the service oriented

Several methodological approaches and systems have been proposed

to support

based service composition, by extending traditional process management

technology to distributed, Internet
based scenarios.

In recent years, flexibility and
adaptivity have been studied as important properties in composed service

In [Casati 2001
a first proposal towards
dynamic and adaptive composition of e

[Benatallah 2003
], services can be composed and executed
in a decentralized way
. In [De Antonellis 2006
] a

layered architecture for flexib
le e
service invocation is proposed based on substitution

mechanism. Moreover, for the more
general use of mobile applications, it is important

to be able to adapt these systems to the
user at hand, thus making a case for simple

user models to guide the ad
and Bernstein [Banavar 2002
] highlight the

importance of semantic modelling in this

adaptive mechanisms for workflows and service
based processes proposed in the
are based on the analysis of processes at design
me to support the design

flexible processes and an optimal service selection.
S [Cardoso 2003
] and oth
based approaches [WSMO 2007

explicitly define the service goal on which
they perform both discovery and composition. While

ed approaches open up the
possibility of deriving service compositions at run time, their

applicability in open WS
based applications is lim
ited by the amount of knowledge
available in

the service
definitions. In
, we aim at providing a design environ
ment in which semantic

information on services may be very limited and d
erived from service interfaces and user
requirements. As mentioned above, we are not focusing on autonomic service behavior
with discovery and adaptation in an open world environment.
However, some self
management properties are needed to control the correct execution of composed services
[Papazoglou 2005]
. With respect to self
healing mechanisms in this area, the

will provide innovative contributions to monitor services
at run time based
generate repair actions in case of failures.

The execution framework in U
SAY will be also based on research results from
Politecnico di Milano in previous EU
and FET

and the Italian MAIS and Art
Deco basic research projects, which contributed to the
creation of an adaptive service framework.


echanisms for automatically
augmenting processes with monitoring functionality have been proposed in
, and a design and execution

environment with an advanced service registry,
mediation tools for adaptiation, optimization and negotiation have been proposed in
[Bianchini 2006, Pernici 2006, Ardagna 2007, De Antonellis 2006]. While existing
methods and tools focus compositions of ser
vice operations, new research contributions
of U
SAY will concern the composition
of process fragments, coordinating several

MAIS functionality have also been adopted in the WS
Diamond to support service repair
and self
healing functionality. In

SAY, self
healing models developed in WS
will be adopted and extended to integrate them with the Secse monitoring functionality
and provide active feedback and support to users in case of failure.

The U
is coherent with
trategic Research Agenda (SRA)
. In
particular, with regards to the vision of a
Ubiquitous and invisible IT
, U
SAY will focus


all users with a global, transparent

tool in which they should only

the functionality of solutions, rather t
han the complexity of the

technology underneath


With respect to NESSI roadmap, U
SAY will contribute to
service lifecycle management
to support identification of components, location, negotiation and

orchestration, configu
ration, operational

management and in specifying
principles for defining unambiguous service level


Several projects have been developed in FP6 in the service area. Among these, Sensoria

on global services that are context adaptive, personalisable, and
may require hard
and soft constraints on resources and performance, and will take into account the fact that
services have to be deployed on different, possibly interoperating, global computers, to
provide novel and reusable service
oriented overlay comput
A formal approach to
composition is provided, oriented more to service programming rather than user design,
and on proving formal properties of services (see below).

In several IP projects, semantic web services have been proposed [Fensel 2002]. In
, there is an emphasis on business processes, in particular on modeling and
managing process design. In ASG, semantic web services and BPM have also been
studied, with a planning
based approach.
has focused on
collaborative services,
semantic inter
run time composition

Collaborative service modeling
has been
also in ATHENA,
with research work on
process models transformations with
annotated processes,
organization business processes

SAY research activities prop
se to enhance the service integration approach typical of
FP6, where the focus is the composition of service
, to a service
based composition of
processes, based on process fragments and service choreography.

In addition, U
SAY approaches design from a us
oriented collaborative requirements
approach, from which the process composition, adaptation and integration
in complex
BPEL processes
are derived

ough automatic mapping an
d translation mechanisms
from a

oriented representation of the requiremen
To guarantee the quality and
reliability of the composition, fo
rmal analysis tools are applied, as discussed in the


[Ardagna 2007]
D. Ardagna and B. Pernici.
Adaptive service composition in flexible
processes. IEEE Trans. on Sof

Engineering, in press, online in June 2007.

[Banavar 2002]
Banavar G., and Bernstein, A.. Software infrastructure and design
challenges for ubiquitous computing applications. Commun. ACM, 45(12):92
96 (2002).

[Baresi 2007]
L. Baresi, E. di Nitto, C.
Ghezzi, and S. Guinea.

A Framework for the
Deployment of Adaptable Web Service Compositions. Service Oriented Computing and
Applications, Springer. Service
Oriented Computing and Applications, Springer
Volume 1, Number 1, 75
91, April 2007.

allah 2003]
B. Benatallah, Q. Z. Sheng, and M. Dumas. The self
serv environment
for web services composition.

Internet Computing, 7(1):40

48, 2003.

[Bianchini 2006]
D. Bianchini, V. D. Antonellis, B. Pernici, and P. Plebani.
based methodology

for e
service discovery.

Inf. Syst., 31(4

380, 2006.

J. Cardoso and A. P. Sheth. Semantic e
workflow composition. J. Intell. Inf. Syst.,

225, 2003.

[Casati 2001]
Casati, F., Shan, M..
Dynamic and adaptive composition of e
mation Systems,

26(3) (2001).

[De Antonellis 2006
] V. De Antonellis, M. Melchiori, L. D. Santis, M. Mecella, E.
Mussi, B. Pernici, and P. Plebani. A layered architecture for flexible web service
invocation. Software

Practice and Experience, 36(2), Febru
ary 2006.

[Fensel et al. 02] D. Fensel and C. Bussler: The Web Service Modelling Framework
WSMF, Electronic Commerce: Research and Applications, 1 (2002) 113

Papazoglou 2005
] M. P. Papazoglou and W.
J. van den Heuvel. Web services
management: A surv
ey. IEEE Internet Computing,


[Pernici 2006]
Barbara Pernici, editor. Mobile Information Systems. Infrastructure and

for Adaptivity and Flexibility. Springer, April 2006.

[WSMO 2007]
WSMO Working Group. Web Service Modeling Ontology.

[Papazoglou 2006]
Michael P. Papazoglou, Paolo Traverso, Schahram Dustdar, Frank
Leymann, and

Bernd J. Kr¨amer. Service
Oriented Computing: A Research Roadmap. In Francisco

Cubera, Bernd J. Kr¨amer, and Micha
el P. Papazoglou, editors, Service Oriented

Computing (SOC), number 05462 in Dagstuhl Seminar Proceedings.

Formal analysis of BPEL processes

Research on model checking web service compositions is quite recent, but has attracted
considerable attenti
on. An initial attempt is described in [1]. Flows are described in
WSFL [2] and translated into Promela, the input language of the SPIN model checker [3].
By following this approach, one can verify reachability, deadlock
freedom and
application specific pr

WSAT is a framework for analyzing interaction of composite web services ([4,5]). The
interactions among composite web services are modeled as conversations, keeping track
of exchanged messages. BPEL specifications of web services are translated
into an
intermediate representation, an XPath
guarded automaton augmented with unbounded
queues for incoming messages. This model is then translated into Promela and LTL
properties, which can be also derived from XPath expressions, and are checked with the

SPIN model checker.

The Zing model checker [6] is reported to check for errors in sets of web services, whose
behavior is described in BPEL. [7] proposes a model of BPEL compositions based on a
parametric definition of the communication infrastructure, i
n which the number of queues

may be changed, to allow different levels of asynchrony. The authors also propose an
algorithm for the verification, which identifies the simplest communication model for a
specific composition and produces the corresponding in
put file for the SPIN and NuSMV
[8] model checkers.

The Verbus verification framework [9] is based on an intermediate formalism, which
decouples the approach from any particular process definition language or verification
tool. The support for BPEL is

omplete: missing constructs are compensation activities and event handlers. The
current version of the prototype performs reachability analysis and supports verification
of such properties as invariants, goals, activity pre

and post
conditions, as well as

generic properties defined in temporal logic.

Nakajima [10] proposes a method to extract the behavioral specification from a BPEL
process and to analyze it by using the SPIN model checker. A finite
state automaton
extended with variable annotations (defi
nitions and updates) is used as an intermediate
representation. This approach provides only a partial support for BPEL, which does not
deal with fault/event handlers and compensation activities. The tool checks for deadlock
freedom and verifies user
d LTL properties.

In [11], an operational semantics is provided for a subset of the BPEL language; this
subset is then mapped onto a network of Timed Automata, which is verified in Uppaal
[12]. Other authors use different computational models for verifyin
g BPEL processes.
Petri Nets are used in [13], where a Petri Net semantics is provided for BPEL. The net
resulting from the ranslation is then validated with the LoLA [14] model checking tool.

Process algebras are used in [15] and [16]. In [15], web servi
ce compositions are verified
against properties created from design specifications and implementation models.
Specifications, in the form of Message Sequence Charts, and implementations, in the
form of BPEL processes, are translated into the Finite State P
rocess notation, which is the
input language for the LTSA (Labelled Transition System Analyzer) model checker. In
[16], a process algebra, the BPE
calculus, is used to abstract BPEL control flow. This
calculus is used as input for a process algebra compile
r to produce a front
end for the
concurrency workbench (CWB), in which equivalence checking, pre
order checking and
model checking of processes are performed.

The work described in [17] proposes model checking of composite web services
expressed with OWL
S Web Ontology Language for Web Services), using an extended
version of Blast [18] tuned to support OWL
S concurrency. Atomic web services are
verified for predicate



[1] S. Nakajima. Verification of Web Service Flows with Model
Checking Techniques.
In CW '02: Proceedings of the First International Symposium on Cyber Worlds (CW'02),
Washington, DC, USA, 2002. IEEE Computer Society.

[2] F. Leymann. Web Services Flow Language (WSFL) 1.1., 2001.

[3] G.J. Holzmann. The model checker

SPIN. Transactions on Software Engineering,
295, 1997.

[4] X. Fu, T. Bultan, and J. Su. Analysis of interacting BPEL web services. In WWW '04:
Proceedings of the 13th international conference on World Wide Web, pages 621
New York, NY, US
A, 2004. ACM Press.

[5] X. Fu, T. Bultan, and J. Su. WSAT: A Tool for Formal Analysis of Web Services. In
Computer Aided Verification, 16th International Conference, CAV 2004, Proceedings,
volume 3114 of Lecture Notes in Computer

Science, pages 510
Springer, 2004.

[6] T. Andrews, S. Qadeer, S.K. Rajamani, and Y. Xie. Zing: Exploiting program
structure for model checking concurrent software. In CONCUR 2004

Theory, 15th International Conference, Proceedings, volume 3170 of Lecture Notes
Computer Science, pages 1
15. Springer, 2004.

[7] R. Kazhamiakin, M. Pistore, and L. Santuari. Analysis of communication models in
web service compositions. In WWW '06: Proceedings of the 15th international
conference on World Wide Web, pages 267
, New York, NY, USA, 2006.

[8] A. Cimatti, E. Clarke, E. Giunchiglia, F. Giunchiglia, M. Pistore, M. Roveri, R.
Sebastiani, and A. Tacchella.
NuSMV Version 2: An OpenSource Tool for Symbolic
Model Checking. In Proc. International Conference on
Aided Verification
(CAV 2002), volume 2404 of LNCS, Copenhagen, Denmark, July 2002. Springer.

[9] J. Arias
Fisteus, L.S. Fernandez, and C.D. Kloos. Formal Verification of BPEL4WS
Business Collaborations. In E
Commerce and Web Technologies, 5th In
Conference, EC
Web 2004, Proceedings, volume 3182 of Lecture Notes in Computer
Science, pages 76
85. Springer, 2004.

[10] S. Nakajima. Model
Checking Behavioral Specification of BPEL Applications. In
Proceedings of the International Workshop
on Web Languages and Formal Methods,
WLFM 2005, 2005.

[11] G. Puyz, Z. Xiangpengy, W. Shulingy, and Q. ZongyanyS. Towards the Semantics
and Verification of BPEL4WS. In Proceedings of the International Workshop on Web
Languages and Formal Methods, WLFM 200
5, 2005.

[12] J. Bengtsson, K.G. Larsen, F. Larsson, P. Pettersson, and W. Yi. Uppaal

a Tool
Suite for Automatic Verification of Real
Time Systems. In Proc. of Workshop on
Verification and Control of Hybrid Systems III, number 1066 in Lecture Notes i
Computer Science, pages 232
243. Springer
Verlag, October 1995.

[13] B.H. Schlingloff, A. Martens, and K. Schmidt. Modeling and Model Checking Web
Services. Electronic Notes in Theoretical Computer Science: Issue on Logic and
Communication in Multi
ent Systems, 126:3
26, March 2005.

[14] K. Schmidt. Lola: A low level analyser. In M. Nielsen and D.~Simpson, editors,
Application and Theory of Petri Nets, 21st International Conference (ICATPN 2000),
volume 1825 of Lecture Notes in Computer Science, pa
ges 465
474. Springer
June 2000.

[15] H. Foster, S. Uchitel, J. Magee, and J. Kramer. Model
based Verification of Web
Service Compositions. In 18th IEEE International Conference on Automated Software
Engineering (ASE 2003), pages 152
163. IEEE C
omputer Society, 2003.

[16] M. Koshkina and F. van Breugel. Verification of Business Processes for Web
Services. Technical Report CS
11, York University

Department of Computer
Science, 4700 Keele Street, Toronto, M3J 1P3, Canada, October 2003.

] H. Huang, W.T. Tsai, R. Paul, and Y. Chen. Automated Model Checking and
Testing for Composite Web Services. In 8th IEEE International Symposium on Object
Oriented Real
Time Distributed Computing (ISORC 2005), pages 300
307. IEEE
Computer Society, 2005.

[18] T.A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In
Symposium on Principles of Programming Languages, pages 58
70, 2002.

Formal analysis through graph transformation systems

There are many proposals for Architecture Descripti
on Languages (ADLs) like Rapide
[1], Wright [2], or Darwin [3]. To model dynamic architectures, several approaches apply
graph transformation [4] using

this formal framework to reason about the consistency of
reconfiguration operations with structural cons
traints and component interaction. Our
paper is in this tradition, but it combines the formal approach with the

notion of style
based refinement.

Lemetayer [5] describes architectures by graphs and the valid graphs of an architectural
style by a graph gra
mmar. Reconfiguration is described by conditional graph rewriting
rules. By static type checking, the rewriting rules are proved to be consistent with the
respective style. In comparison to our work, his graphs represent computational entities
but no conne
ctors, specifications, or other resources. And, instead of a graph grammar,
we use a declarative type graph to define the valid graphs of the architectural style.

Wermelinger and Fiadeiro [6] provide an algebraic framework based on Category theory
where a
rchitectures are represented as graphs of CommUnity programs and
superpositions. The allowed ways to apply connectors to components is restricted by an
architectural style,

given as a type graph. Dynamic reconfiguration is specified

by graph

rules over architecture instances.

Both, styles and rules are used for

specific restrictions rather than the underlying

platform as we do.
Consequently, they do not deal with

refinement relationships between different levels of


In his Ph.D. thesis [7], Hirsch uses hypergraphs to

represent architectures and hyperedge
replacement grammars

to define the valid architectures of an architectural

Furthermore, he uses graph transformation rules to

specify runtime inter
actions among
components, reconfiguration,

and mobility. Hypergraphs and rules are textually

represented using the concept of syntactic judgements

which enables formal type
checking proofs. Similar

to the other approaches, refinement relationships are not


The use of graph transformation techniques to capture

dynamic semantics of models has
also been inspired

by work proposed by Engels et al. in [8] under the name

of dynamic
meta modeling. That approach extends metamodels

defining the abstract sy
ntax of a
modeling language

like UML by graph transformation rules for describing

changes to
object graphs representing the states

of a model.

There are different notions of software refinement.

For instance, Batory et. al. [9]
consider feature refinement

which is modifying models, code, and other artifacts

in order to integrate additional features. For every

new artifact type, they require a special
refinement definition

in order to compose software by generators. In

our case, we
concentrate on the refine
ment of architectural

models and derive platform
models from

abstract ones without adding any extra

Such refinement of architectures has first been discussed

by Moriconi et al. in [10].
Building on a formalization

in first
order lo
gic, the authors describe a general

of rule
based refinement replacing a structural

pattern in the more abstract style by its
realization in

the concrete style. The approach is complementary to

ours because it
focuses on refinement of structure ra

than behavior and does not capture
reconfiguration. The

general idea of rule
based refinement, however, could be

in our context, too.

Garlan [11] stresses the fact that it is more powerful

to have rules operating on styles
rather than on s

instances. He formalizes refinements as abstraction functions

the concrete to the abstract style. We use a

similar approach to define the refinement
relations. Also, he argues that no single definition of refinement

can be provided, but that
should state what

properties are preserved. In our case, we concentrate on

preservation of the dynamic semantics of reconfiguration

and communication scenarios.

SAY contributes to the actual verification of Web services compositions, and more
lly to the validation of component
based systems, in different ways. It aims at fully
exploiting the potentialities of model
checking techniques to validate the different aspects
of these software systems. It also proposes the use of graph transformation s
ystems to
model their dynamic evolution. These two aspects require efficient model checking
techniques and thus, we want to customize the behavior of well
known model checkers
(e.g., Bogor) to constrain the state space explosion by means of domain specific

information. The peculiarities of the system under analysis can help differentiate states by
using special
purpose policies and thus limiting the number of states that a conventional
model checker would create. Besides this, we also support multi

validation by
identifying the right formal methods/models to specify the aspect of interest and thus to
validate it. Model checking is the primary verification means, but other verification
approaches (e.g., Alloy, algebraic specifications, VDM, ecc.) mig
ht be more appropriate
to verify particular aspects.

Orthogonally, we also want to stress the idea of runtime validation, which clearly
requires ad
hoc solutions to cope with the stringent time
related requirements. Some of
the aspects listed above might
be rethought to move from conventional off
verification to the on
line check of running systems. Besides this, incremental, iterative,
partial or simplified approaches could be the solution to obtain "significant" results in
limited time.

[1] D. Luck
ham, J. Kenney, L. Augustin, J. Vera, D. Bryan,

and W. Mann. Specification
and analysis of system architecture

using rapide. IEEE Transactions on Software

Engineering, 21(4):336

355, 1995.

[2] R. Allen. A Formal Approach to Software Architecture.

PhD thes
is, School of
Computer Science, Carnegie Mellon

University, 1997.

[3] J. Magee, N. Dulay, S. Eisenbach, and J. Kramer. Specifying

Distributed Software
Architectures. In Proc. ESEC


5th European Software Engineering Conference,

989 of LNCS, page
s 137

153. Springer, 1995.

[4] L. Baresi and R. Heckel. Tutorial Introduction to Graph

Transformation: A Software
Engineering Perspective. In

Proceedings of the First International Conference on Graph

Transformation (ICGT 2002), volume 2505 of Lecture Not

in Computer Science, pages



[5] D. Le M´etayer.
Software architecture styles as graph

grammars. In Proc. 4th ACM
SIGSOFT Symposium on

the Foundations of Software Engineering, volume 216 of

Software Engineering Notes,
pages 15

23. ACM

Press, 1996.

[6] M. Wermelinger and J. L. Fiadero. A graph transformation

approach to software
architecture reconfiguration.

Science of Computer Programming, 44(2):133

155, 2002.

[7] D. Hirsch. Graph transformation models for software ar

PhD thesis,
Departamento de Computacion, Universidad de Buenos Aires, 2003.

[8] G. Engels, J.H. Hausmann, R. Heckel, and St. Sauer.

Dynamic meta modeling: A
graphical approach to the

operational semantics of behavioral diagrams in UML.

In Proc. UML 2000

The Unified Modeling Language,

volume 1939 of LNCS, pages

337. Springer, 2000.

[9] D. Batory, J. N. Sarvela, and A. Rauschmayer. Scaling

wise refinement. In Proc.
ICSE 2003

Int. Conference

on Software Engineering, pages 187

197. IEEE,


[10] M. Moriconi, X. Qian, and R. A. Riemenschneider. Correct

architecture refinement.
IEEE Transactions on Software

Engineering, 21(4):356

372, 1995.

[11] D. Garlan. Style
based refinement for software architecture.

In Proc. ISAW
2, 2nd
Int. Software Architecture

Workshop on SIGSOFT ’96, pages 72

ACM Press,