International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015), pp. 73-98
http://dx.doi.org/10.14257/ijseia.2015.9.12.07
Web Applications Development by Formal Refinement Approach
Meftah Mohammed Charaf Eddine and Kazar Okba
University of Mohamed Khider, BISKRA, Algeria,
University of Mohamed Khider, BISKRA, Algeria
[email protected], [email protected]
Abstract
This paper proposes a formal approach for development of safe web applications. This
approach involves the generation of a web application on both sides (users’ side (Ajax)
and the web service side (Composition)) from formal specifications. First, we describe the
application using symbolic notations then an automatic process is applied in order to
translate them into formal specifications B. Using the B refinement process, a set of
refinement rules, operating on data and operations. These phases of refinement are
intended to make the final specifications close to the implementation language chosen so
that the last coding phase becomes intuitive and natural. In general, the process of
refinement is a manual task, relatively expensive; with character generic of these
refinement rules, an assisted refinement tool can be achieved, enabling reduction the cost
of the refining process. Finally, in the case study, we have developed a complete
application (Travel Agency) in order to show the benefits of our approach.
Keywords: Web application, Formal approach, B Model, refinement, SOA, AJAX
1. Introduction
The web technologies can be divided into two sides: first, user side where the users can
generate and distribute content, often with freedom to share and re-use. Web 2 sites often
feature a rich, user-friendly interface based on Ajax. Two, that the web services (Server
side); the Web 2 can be conceptualized as a global SOA; as in Figure 1:
Figure 1. The Web 2 Architecture
ISSN: 1738-9984 IJSEIA
Copyright ⓒ 2015 SERSC
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
1.1. AJAX (Asynchronous JavaScript and XML)
Ajax is a scripting technique to develop interactive and fast web applications with
enhanced functionality. The most commendable feature of AJAX is its ability of partial
exchange of data with the server, enabling the changes to appear on the browser without
reloading the complete page.
Ajax is not a single technology, but a group of technologies. HTML and CSS can be
used in combination to mark up and style information. The DOM is accessed with
JavaScript to dynamically display, and allow the user to interact with, the information
presented. JavaScript and the XMLHttpRequest object provide a method for exchanging
data asynchronously between browser and server to avoid full page reloads.
Ajax approach combines indeed two web publication standards appeared in the late
1990s but now universally recognized: JavaScript and XML (eXtensible Markup
Language). XML is not required for data interchange and therefore XSLT is not required
for the manipulation of data. JavaScript Object Notation (JSON) is often used as an
alternative format for data interchange [1].
1.2. Convergence of Web 2.0 and SOA
The W3C defines a Web Service as "a software system designed to support
interoperable machine-to-machine interaction over a network". There are at least two
significant connection points which relate Web 2.0 and SOA. One is that Web 2.0 can be
conceptualized as a global SOA. Two, that many traditional brickand-mortar business that
are currently using SOA as their architectural model will want to connect their Web/Web
2.0 faces up to their SOA. This makes Web 2.0 not just being the Global SOA but makes
meeting smaller SOAs everywhere. Another concept closely related to SOA is the notion
of Software as a Service (or SaaS). Simply put, SaaS can be defined as "software
deployed as a hosted service and accessed over the Internet" .Note that the respected
industry analysis firm, Gartner, recently said that by 2008 that 80% of all software
development will be based on SOA. This means Web 2.0 and SOA will meet each other
both coming and going, and begin to become each other as well [21].
The composition of web services (WSC for short) is one of the key features advanced
by the technology. It consists of combining existing services to provide a richer new
composite service to meet some user requirements.
Web
Service
02
Web
Servic
e
01
Web
Service
04
New Web
Service
05
Composition
Web
Service
03
Figure 2. The Web Services Composition
The composition techniques can be classified into two categories, namely: static
service composition and dynamic service composition. Static composition allows the
requestor to create an abstract model that should be respected during the execution of the
74
Copyright ⓒ 2015 SERSC
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
composed Web service. While the dynamic composition enables selecting the atomic
Web services automatically and combines them to create an unlimited number of new
Web ser-vices.
There is yet a third classification, which is based on how the composition is specified,
either by orchestration or by choreography [2].
Orchestration: consists of combining available services by adding a central coordinator
(the orchestrator) that is responsible for invoking and combining the single sub-activities,
as illustrated in Figure 3.
Figure 3. Web Services Orchestration and Choreography
Choreography: however, defines complex tasks via the definition of the conversation
that should be undertaken by each participant, as in Figure 3.
Such composition requires methods and languages for basic Web services integration,
such as: XML, XLANG, BPML, WSFL, WSCL, WSCI, BPEL4WS and WS-CDL.
Among the composition languages, we chose BPEL (or BPEL4WS) because it is an
XML-based language and describes the business process interactions based on web
services, within and between enterprises. A BPEL process specifies the exact order in
which participating Web services should be invoked. This can be done sequentially or in
parallel. With BPEL, we can express conditional behavior; for example, a Web service
invocation can depend on the value of a previous invocation. We can also construct loops,
declare variables, copy and assign values, define fault handlers, and so on. By com-bining
all these constructs, we can define complex business processes in an algorithmic manner
[3].
2. Related Work
Several studies and approaches have been proposed in this context, are devoted to the
formalization of orchestrations of Web services and allow some verification of their
behavior. In this section we briefly explore the advantages and limitations of current
practice and research work.
2.1. The Transition Systems LTSA-WS
This model [4-7] based to verifying compositions of web service implementations.
This model supports verification of properties created from design specifications and
implementation models to confirm expected results from the viewpoints of both the
designer and implementer. Scenarios are modeled in UML, in the form of Message
Sequence Charts (MSCs), and then compiled into the Finite State Process (FSP) process
algebra to concisely model the required behavior. BPEL4WS implementations are
mechanically translated to FSP to allow an equivalence trace verification process to be
Copyright ⓒ 2015 SERSC
75
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
performed. By providing early design verification and validation, the implementation,
testing and deployment of web service compositions can be eased through the
understanding of the behavior exhibited by the composition.
The advantage of this works, is that uses standard (sequence diagrams, BPEL4WS)
available that hide the complexity of FSP ; but UML is semi-formal and BPEL4WS with
no formal semantics, it is impossible to prove that the generated FSP is exactly what is
described. Then the comparisons and checks can only be partial.
Moreover it provides a visual means (via the LTSA tool) compare the design model
and the implementation model while checking the absence of violation of general
properties; but in case of no consistency of traces, the implementation is completely
resumed: the verification phase is then very / too late.
2.2. Process Algebras (ASDL)
ADSL (Abstract Service Design Language) [8-10] is a language based on ITL (Interval
Temporal Logic) a process algebra for reasoning about time constraints, indeed ASDL is
wide spectrum language for:
-
Behavioral specification of a service.
-
Specification of service composition.
-
Design of interaction protocols for service.
ASDL focuses on providing a minimalistic syntax with specification oriented
semantics for describing services and their compositions ASDL provides a model for the
verification of properties of services. ASDL provides capabilities of modeling oriented
systems and specification of their desired properties, while remaining within a unified
logical and semantic framework of ITL.
ASDL has a clearly semantic it is based on a process algebra semantics. It allows the
reasoning process; however ASDL has a complex syntax, far from the standards in the
field of Web services.
Otherwise ASDL has a high degree of abstraction allows him to describe an
orchestration at different levels (services, orchestration, protocols), wherefore he requires
another language (lowest level) to execute an orchestration described with ASDL,
example BPEL4WS.
2.3. Temporal Theories
In this approach, [11-12] propose to verify web services composition using an Event
Calculus approach. He assumes web services that are coordinated by a composition
process expressed in WSBPEL and he uses Event Calculus to specify the properties and
requirements to be monitored. The Event Calculus [13] is a temporal formalism designed
to model and reason about scenarios characterized by a set of events, whose occurrences
have the elect of starting or terminating the validity of determined properties.
This approach allows the verification of functional and non-functional properties. But
the description of the properties requires some expertise, far from the standard in the field
of Web services; and it allows the verification of a BPEL4WS orchestration to a static
level (prior to execution) and throughout the execution of an orchestration. The translation
phase between BPEL4WS and the formalization of this language remains as in other
approaches, which leads to the same restrictions, the potential loss of semantic.
On the other side (Ajax and Java) many studies have proposed formalization, but they
generally treat a subset of language; for example [14] propose a bottom-up approach for
the formal validation of HCI, uses B-event language. These approaches take into account
the "semi-formal" notations for describing interaction scenarios supported by the HCI
(Human Machine Interface).
76
Copyright ⓒ 2015 SERSC
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
3. The Proposed Approach
An important concept in the design of the behavioral aspects of the Web 2
applications is the task. These tasks describe the various interactions betwe en web
services (orchestration side and ergonomics side) to achieve a particular goal.
Figure 4. Task Model Used: CTT Notation and B Method
3.1. Models Used
We considered the task model described by the CTT [15] notation in-form expressions
of process algebra. We represent the decomposition into sub-tasks used by CTT using
Event-B refinement.
3.1.1. CTT (Concur Task Trees) Model: We chose the syntax of CTT language for
the following reasons:
- CTT is a notation defined for specifying task models.
- CTT is a task model based on decomposition by a top-down approach;
- CTT Allows the task description by combining tasks using temporal
operators.
- CTT Model is hierarchical structure represented as a tree.
- CTT can express precisely the different actions which are performed using
expressions of process algebra.
Grammar describing the syntax of CTT language:
T::=
T >> T
| T[]T
| T II T
| T |= | T
| [T]
| T [> T
| T |>T
| T [> T
| TN
| Tat
Copyright ⓒ 2015 SERSC
-- Enabling
-- Choice
-- Concurrent
-- Order independency
-- Optional process
-- Disabling
-- Interruption
-- Disabling infinite process
-- Finite process iteration
-- Atomic process
77
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
3.1.2. B Model: The B model [16] based on predicate calculus and a simplified settheory, wants to offer a complete solution, enabling write a formal specification, and
successive refinements produce a proven program conforms to this specification.
B has been used in major safety-critical system applications, It has robust,
commercially available tool support for specification, design, proof and code generation.
Recently, another formal method called Event-B has been developed. Event-B is
considered an evolution of B (also known as classical B). It is a simpler notation, which is
easier to learn and use.
We have to admit that the level of confidence in a software developed in the
formalism of the method B is optimal, but not total, it depends on the confidence in
the correctness and completion of the formal specification written in the tools
implementing the method, and the compiler, operating system and hardware.
The development process can be summarized by the following steps:
1. Capturing the functional requirements of the system in a form that can be
mathematically analyzed.
2. Systematically producing a design of the system, so that it can be verified with
respect to the specification.
3. Automatically generate programs using rules that assure that the software satisfies
the specification.
Abstract Machine
A development of B starts with the definition of an abstract machine, which
corresponds to the specification of the application that will be developed.
An abstract machine is composed of constants (invariant) and variables, describing a
global state, properties of these constants and variables (particularly invariant), and finally
operations to read or modify the global state. We can also parameterize an abstract
machine:
MODEL nameM
REFINES nameR
SETS . . .
PROPERTIES . . .
VARIABLES . . .
INVARIANT . . .
ASSERTIONS . . .
INITIALISATION . . .
EVENTS . . .
END
Events: The events are described using generalized substitutions (based on the weaker
condition of Dijkstra)
[S]P: weakest precondition such that P is executed after the execution of S.
- Substitutions in B models.
[SKIP]P
[S1 II S2]P
78


P
[S1]P ^ [S2]P
Copyright ⓒ 2015 SERSC
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
[ANY v WHERE E THEN S END]P
[SELECT E THEN S END]P
[BEGIN S END]P
[x := E]P




¥ v.(E => [S]P)
E => [S]P
[S]P
P(x/E)
3.2. Processes and Tools of Our Approach
We provide all processes and tools that permit to build and analyze this formal
approach (Figure 5): first, extracting a CTT-B model by capturing the behavioural aspect
of the process of the social side and the behavioural aspect of the orchestration process;
this approach has a formal syntax and a behavioural semantics ,then implementing the
intermediate model; finally We present several mappings between these tools: a mapping
that allows to translate JAVA and BEPL4SW into Event-B, in order to proceed to their
formal verification and a mapping acting as a generator of JAVA and BEPL4SW code.
Figure 5. The Proposed Approach
3.2.1. Task Model for Specification: Web 2 applications can be specified by the
composition of elementary tasks with the operator of choice on CTT. In this way, an
orchestration can be completely specified by the data of all the possible tasks in the form
of an expression CTT, Thus, a specification will be in the form:
Copyright ⓒ 2015 SERSC
79
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
T (E)= T(E)1[]T(E)2 : : : []T(E)n
T (S)= T(S)1[]T(S)2 : : : []T(S)m
T(E) : Ergonomic task
T(S) : Web service task
Where T(E)i and T(S)j are the basic tasks.
The development of Web 2 application will be in encoding expression of tasks by B
refinements using patterns of refinement operators. The events occurring in the leaves of
the tree of tasks constitute the basic messages used in the design of the Web 2 application.
From the viewpoint of transition systems, a task CTT is a system transitions encoded in
B event. This task can either represent the system in case of a specification by a task, or
represent a task to validate. The Event-B models associated with these tasks and these
models describe the transition systems which are linked by a relationship of simulation.
Indeed, when the task is validated, then the transition system to content is in the other.
3.2.2. Task Model for Validation: Like the specification, we can use the coding task
model CTT to perform the validation as follows:
A Web 2 application is described by a set of events (messages) describing the different
possible interactions between web services partners. They may have been produced by a
refinement of a CTT task. The task is refined according to CTT decomposition reaching
the basic (leaves of the tree) events (messages) describing the behavioural of application.
In this case, this development should respect the system properties of the invariant and
assertion.
3.2.3. Model for Verification: Regarding the verification, two approaches can be
differentiated:
- The first is translating the source code of application into a formal language in order
to check as in the following figure:
Figure 6. The Verification Approach (Bottom Up).
- The second is to express a behavioural aspect of t he process with a formal language,
in order to check, and then translate it into source code, as in Figure7:
80
Copyright ⓒ 2015 SERSC
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
Figure 7. The Verification Approach (Top-Down)
3.2.4. Source Code Generation: A development of B is most often consisting of a set of
abstract machines, which are refined until an implementation, translatable into a program
in an imperative language such as Java or BPEL4SW. This level of abstraction is defined
as a set of assignments. These assignments are scheduled by a set of control structures
(BPEL4SW/JAVA): sequential composition, loops, if, then and else.
An abstract machine must be refined; the refinement corresponds to a representation of
the software derived from the specification but more deterministic, more concrete and
verified (Figure 7); the refinement in its turn may be refined one or many times to obtain a
deterministic version which is called Implementation. The refinement is defined for
substitutions (for operations). If R2 is a refinement of R1, which is denoted: R2 ref R1,
then any predicate directed by R2 is achieved by R1.
3.3. Development Practices for Validation
3.3.1. Capture the Behavioral Aspect of the Process (Orchestration (BPEL4SW),
AJAX (JAVA)): Projecting the behavioural aspect of the system in B model.
Representing the execution of methods (BPEL4SW, JAVA) as a set of sequential and/or
parallel processes compounds assignments...
a)
For BPL4SW :
Processes in BPEL export and import information by using web service interfaces
exclusively. BPEL describe Web-service interactions, this interaction is ensured through
Partnerlink. They represent the static part of a BPEL process and are described in a
WSDL document.
The dynamic part of BPEL is described by two types of activities:
-
Basic activities define basic operations of a business process as :
Invoke, Receive, Reply...
Structural activities define the order in which the nested activities are executed,
such as: Sequence and Flow (for sequential and parallel execution..)
-
Scope activity allows decomposing the BPEL process into sub-processes.
Copyright ⓒ 2015 SERSC
81
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
Figure 8. The Processes in BPEL4SW
b)
For JAVA:
Java Swing program consists of:
-
A set of widgets these widgets can be associated by event listeners.
-
Event listener implements methods.
Method of listener: the body of a listener method modifies rendering interface and
performs calculations per call to another web service or functional core of the application.
We can imagine matching between the concept of machine in B and class in Java:
MACHINE: Name of the abstract machine (same name of the class)
SETS: Declaration of abstract and enumerated sets
VARIABLE: Declaration of variables (same attributes of a class)
INVARIANT: Typing and variable property
INITIALISATION: Setting up the initial value of variables (same constructor)
OPERATIONS: Statement of Operations (same methods).
3.3.2. Implementation of the Intermediate Model: The intermediate model
obtained by analysis of the source code represents the methods (BPEL4SW, JAVA) as a
set of assignments. These assignments are scheduled by a set of:
Control structures;
Sequential composition;
Loops;
If then else...
3.3.3. Translation of Intermediate Model to Model CTT-B: The translation of
intermediate model to B model requires translation rules (Table 01) (according the
substitutions in B model: Section 3.1.2. page 10) to represent these control structures:
82
Copyright ⓒ 2015 SERSC
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
Table 1. Translation Rules into B Model
Specifications type
Application
side
Sequential composition:
SOA
T(S)1 ; T(S)2 ; . . . ; T(S)n
Sequential instruction:
Ergonomic
T(E)1 ; T(E)2 ; . . . ; T(E)n
Conditional compositios:
SOA
if (Me) then T(S)1
else T(S)2
Conditional instructions:
Ergonomic
if (Ee) then T(E)1
else T(E)2
Iterative loops
composition:
SOA
While (Me) {T(S) 1}; T(S) 2
Iterative loops instructions:
Ergonomic
While (Ee) {T(E) 1}; T(E) 2
B model
SELECT S1 ^ Me = n
THEN Me := Me − 1 II T(S)1
END;
SELECT S2^ Me = n − 1
THEN Me := Me– 1 II T(S)2
END;
…
SELECT Sn^ Me = 0
THEN T(S)n
END;
SELECT EC ^ Ee = n
THEN Ee := Ee − 1 II T(E)1
END;
SELECT EC^ Ee = n – 1
THEN Me := Ee– 1 II T(E)2
END;
…
SELECT EC^ Ee = 0
THEN T(E)n
END;
SELECT S1 ^ Me = 1
THEN S1 II Me := Me− 1
END;
SELECT S2 ^ ¬(Me) = 0
THEN S2 II Me := Me− 1
END;
SELECT EC ^ Ee = 1
THEN T(E)1 II Ee := Ee− 1
END;
SELECT EC ^ ¬(Ee) = 0
THEN T(E)2
END;
SELECT S ^ Me
THEN S1
END;
SELECT S ^ ¬ (Me)
THEN S2
END;
SELECT EC ^ Ee
THEN T(E) 1
END;
SELECT EC ^ ¬ (Ee)
THEN T(E) 2
END;
T(S): Web service task
Me: Web service message
S: Web service
T (E): Ergonomic task
Ee: Ergonomic event
EC: Ergonomic component (JAVA)
4. Case Study: Build the Complete Application (Travel Agency)
In this section, we are going to illustrate the application of our approach through a case
study. Suppose that a travel agency (business process) proposes to its clients organized
trips adapted to their needs by composing appropriate existing Web services. The
proposed tours contain the transport, the hosting, the car rent and pay expenses through
the bank. When the client decides to reserve for a tour, the client gets access to the web
site of the travel agency (business process), specifying his name, the destination, the
departure date and the return date. Then the travel agency proposes tickets of plan and
Copyright ⓒ 2015 SERSC
83
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
train, the rental of cars and the hotel reservation, after reimbursements (client, agency and
partners) through the bank.
4.1. Preparing the Environment
Before starting building our example, we need the following software resources to be
installed:
Table 2. Software and Tools
Software and tools
Java Development Kit (JDK) [17]
NetBeans IDE [18]
Glassfish Application server [19]
B4free and Click’n’Prove [20]
Version Required
Version 5
Version 6.5
(it is bundled with NetBeans IDE)
Vx.x
The GlassFish Application Server must be configured correctly and be running. As a
BPEL project is not directly deployable, we must add a BPEL project as a JBI (It defines
an environment for plug-in components that interact using a services model based directly
on Web Services Description Language) module to a Composite Application project.
Then we can deploy the Composite Application project.
4.1. BPEL4SW Process
To develop a BPEL process, we go through the following steps:
4.2.1. Get Familiar with the Involved Web Services (Import external WSDL files)
and Define Partner Link Types: The five e services providers ,Train, Airline, Hotel ,Car
rent and Bank Web services have been exposed over the network and their WSDL file can
be accessed by URLs as following :
Table 3. The WSDL URLs for the Five Web Services
Web
Service
URL
Train
Airline
Hotel
Car rent
Bank
http://localhost:8080/TrainReservation/TrainReservationService?WSDL
http://localhost:8080/AirlineReservation/AilrlineReservationService?WSDL
http://localhost:8080/HotelReservation/HotelReservationService?WSDL
http://localhost:8080/CarrentReservation/CarrentReservationService?WSDL
http://localhost:8080/BankPayer/BankPayerService?WSDL
Netbeans tool enables also to import the WSDL files for any external web service
provider. Thus, we import the five WSDL files for the five service providers with their
xml Schema.
WSDL of the process imports the WSDL of other web services providers and defines
the partnerlink types for them.
The five partner link types are as following:

ClientPartnerLink: used to describe the interaction between the client and the
BPEL process itself. This interaction is synchronous. This partner link type is declared in
the WSDL of the BPEL process.
84
Copyright ⓒ 2015 SERSC
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)

AirlinePartnerLink: used to describe the interaction between the Airline service
provider and the BPEL process itself. This interaction is synchronous. This partner link
type is defined in the BPEL process.

HotelPartnerLink: used to describe the interaction between the BPEL process
and the Hotel Reservation Web service. This interaction is synchronous. This partner link
type is defined in the BPEL process.

CarPartnerLink: describes the interaction between the BPEL process and the Car
rent Web service. This interaction is synchronous. This partner link type is defined in the
BPEL process.

BankPartnerLink: describes the interaction between the BPEL process and the
Bank Web service. This interaction is synchronous. This partner link type is defined in the
BPEL process.
4.2.2. Define the Process Logic (CTT Notations): The next figure presents the business
process behavior, which gathers the various tasks to be achieved by the composition. Each
reservation is related to a Web service. Services run in this order with respect to the
following conditions:
1- If (price <1500) then Airline reservation (WS-ALR) else train reservation (WS-TR).
2- Hotel reservation (WS-HR).
3- Car rent (WS-CR).
4- Bank pay expenses (WS-BP)
Figure 9. The Process Logic
Copyright ⓒ 2015 SERSC
85
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
We merge these scenarios to produce the resulting sequence diagram (Sr) of this
composition, which represents the global behavior of the business process.
Sr : if (Me :WS-ALR(PRICE<1500)) then WS-ALR else WS-TR; WS-HR ;WS-CR ; WS-BP
4.2.3. Translate into B Formal Specifications
Using the B refinement process, a set of refinement rules, acting on both data and
operations, are applied on the specifications:
Data refinement is the replacement of an abstract data D by concrete data D '. In
this case, a predicate J, called invariant bonding, is unclear. This invariant establishes the
link between the data D and D '. The invariant J bonding is specified in the INVARIANT
clause of refining component. In our domain (web services) invariant bonding establishes
the link between WSDL data (abstract Party: types, messages, portType and concrete part:
binding, service).
Algorithmic refinement is the transformation of an abstract substitution S in a less
abstract substitution S' (e.g., replacing a simultaneous substitution by sequential
substitution, elimination of preconditions). In our domain (web services) applying this
type of refinement of the basic operations of service activities, we consider that each
service as a set of operations interact with a set of messages.
86
Copyright ⓒ 2015 SERSC
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
Figure 10. Model B of Travel Agency Web Service
4.2.4. B Tools: Click’n Prove (Interactive Proofs within Set Theory) and B4free:
B4free was a set of tools for the development of B formal models, based on a limited
version of Atelier B and mainly aimed at academic users. ClearSy ensured its
development until 2009. Since 2009, Atelier B is available in fully functional Community
Edition. B4Free resources are still available for teachers/researchers using them. However
the registration phase is not required anymore.
B4Free allows for Method B to be used operationally and offers numerous
functionalities to manage projects in B language within a coherent environment:

Syntactic verification of models, automatic generation of theorems to be
demonstrated,

Proof support to automatically demonstrate the theorems,

Support in development: automatic management of dependencies between B
components, reusable libraries, generation of documentation and metrics,

Graphic representation of projects, hypertext browser to surf within a project,
project status and statistics display, automatic generation of a dictionary with project
terms, project archiving [19].
Copyright ⓒ 2015 SERSC
87
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
Figure 11. Model B Component of Travel Agency Web Service
4.2.5. Source code (BPEL4SW) generation: The refinement phase’s aim at producing
final B specifications close to the chosen target language implementation (BPEL4SW)
such that the last step of the coding becomes more intuitive and straightforward.
Figure 12. Model B-BPEL4SW of Travel Agency Web Service
88
Copyright ⓒ 2015 SERSC
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
<?xml version="1.0" encoding="UTF-8"?>
<process name="TravelAgent"
targetNamespace="http://enterprise.netbeans.org /bpel/TravelAgent/ TravelAgent_1"
xmlns:ns1="http://localhost/TravelAgent/TravelAgent"
xmlns:ns2="http://xml.netbeans.org/schema/TravelAgent">
<import namespace="http://xml.netbeans.org/schema/TravelAgent"
location="TravelAgent.xsd"
importType="http://www.w3.org/2001/XMLSchema"/>
<import namespace="http://localhost/TravelAgent/TravelAgent"
location="TravelAgent.wsdl"
importType="http://schemas.xmlsoap.org/wsdl/"/>
<import namespace="http://ws.airline/"
location="localhost_8080/AirlineReservation/AilrlineReservationService.wsdl"
importType="http://schemas.xmlsoap.org/wsdl/"/>
<import namespace="http://ws.hotel/"
location="localhost_8080/HotelReservation/HotelReservationService.wsdl"
importType="http://schemas.xmlsoap.org/wsdl/"/>
<import namespace="http://ws.car/"
location="localhost_8080/CarReservation/CarReservationService.wsdl"
importType="http://schemas.xmlsoap.org/wsdl/"/>
<partnerLinks>
<partnerLink
name="ClientPortEntry"
partnerLinkType="ns1:partnerlinktypeforclient"
myRole="partnerlinktyperole1">
</partnerLink>
<partnerLink
name="AirlinePartnerLink1"
xmlns:tns="http://enterprise.netbeans.org/bpel/AilrlineReservationServiceWrapper"
partnerLinkType="tns:AilrlineReservationLinkType"
partnerRole="AilrlineReservationRole"/>
</partnerLinks>
<variables>
<variable name="RentCarOut" xmlns:tns="http://ws.car/"
messageType="tns:rentCarResponse"/>
</variables>
<sequence>
<receive partnerLink=“Client" operation=“Make_Res()"/>
<if name="Transport choice" ordre="0">
<condition expressionLanguage="Aircraft price < 1500"/>
<invoke partnerLink="WS-ARL" operation=“Get_res(nom, destination , departure date)"/>
<reply partnerLink="WS-ARL" operation=“Res_OK"/>
<elseif>
<condition expressionLanguage="Aircraft price > 1500 "/>
<invoke partnerLink="WS-TR" operation=“Get_res(nom, destination , departure date)"/>
<reply partnerLink="WS-TR" operation=“Res_OK"/>
</elseif>
</if>
<flow name =" Hotel & Car & Bank" >
<sequence> <invoke partnerLink="WS-HR" operation=“Get_res(Date)"/>
<reply partnerLink="WS-HR" operation=“Res_OK"/>
</sequence> <sequence> <invoke partnerLink="WS-CR" operation=“Get_res(Date)"/>
<reply partnerLink="WS-CR" operation=“Res_OK"/>
</sequence> <sequence> <invoke partnerLink="WS-BP" operation=“Get_res(Total)"/>
<reply partnerLink="WS-BP" operation=“Res_OK"/>
</sequence> </flow> <reply partnerLink=“Client" operation=“Res_OK"/>
</sequence></process>
Figure 13. BPEL4SW Process
Copyright ⓒ 2015 SERSC
89
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
4.2. Create the Endpoint Interface (JAVA)
A client invokes the process in the same way it invokes any web service or a method
locally. To get started with the client interface, we create a new java standalone
application using NetBeans tools. This application contains a main class where we call the
process. Moreover, the tools add the JAX-WS APIs package which will is needed to
compile the application.
4.3.1. Define the Interface behavior (CTT notations)
Figure 14. Interface Behavior
Intermediate formalism of the sub-task: WS-ALR [] WS-TR:
Evt JBotton WS-ALR =
SELECT
JBotton WS-ALR ^State =1
THEN
State: = 0
END;
Evt JBotton WS-TR =
SELECT
JBotton WS-ALR ^State =2
THEN
State: = 0
END;
90
Copyright ⓒ 2015 SERSC
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
MODEL WS-AT-SWING
SETS
/* Abstract Sets */
STRINGS={Text,No Text} ;
LISTENERS ; LISTENERS typ = {ActionListener, KeyListener,. . . } ;
EVENTS id = {ActionPerformed, KeyPressed, KeyReleased,. . .} ;
EVENTS typ ={ActionEvent, KeyEvent,. . .} ;
WIDGETS ;
VARIABLES
/* Sets to describe application Instances */
widgets, JButtons, JTextFields, . . ., listeners, . . .
/* Total Functions to describe Attributes of instances*/
w att, JB att, JTF att,l att,
/* Event Buffer : representation of JVM events */
User Action
INVARIANTS
/* Typing Predicates */
widgets WIDGETS ^ JButtons WIDGETS ^ JTextFields WIDGETS ^ . . .
w_att widgets struct(visible :BOOL, enabled :BOOL, lists :P(listeners))^
l_att listeners struct(typs : P (LISTENERS typ))
User_Action struct(typ :EVENTS typ, id :EVENTS id, source :widgets)
/* consistence invariants */
widgets = JButtons JTextFields ^
set1,set2.(set1 JButtons ^ set2 JTextFields widgets set1 set2 = ) ^ .
DECLARATIONS : :
Strings={no text, value} ;
JTextField input,output ;
JButton WS-ALR,WS-TR,WS-HR,WS-CR,WS-BP ;
Listener lis1 ;
INITIALIZATION : :
lis1.typs=(ActionListener, KeyListener) ;
input.visible = true ;
input.enabled = true ;
input.addKeyListener(lis1) ;
output.visible = false ;
output.enabled = false ;
WS-ALR.addActionListener(lis1) ;
WS-ALR.enabled = false ;
WS-TR.addActionListener(lis1) ;
WS-TR.enabled = false ;
WS-HR.addActionListener(lis1) ;
WS-HR.enabled = false ;
WS-CR.addActionListener(lis1) ;
WS-CR.enabled = false ;
WS-BP.addActionListener(lis1) ;
WS-BP.enabled = false ;
EVENTS
Evt ActionPerformed lis1 =
SELECT UserAction’source {WS-ALR, WS-TR}^
widgets att(UserAction’source)’enabled = TRUE^
widgets att(UserAction’source)’visible = TRUE^
UserAction’list=lis1 ^ UserAction’typ=ActionEvent ^
^ EVStart=1
THEN
Jtextfields_att(output)’text := Text
EVStart := EVStart-1
Copyright ⓒ 2015 SERSC
ǁ widgets_att(output)’visible := true ǁ
91
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
END;
Evt ActionPerformed list1-1 =
SELECT
EVStart= 0 ^ UserAction’source=WS-ALR
THEN
Widgets_att(WS-ALR)’enabled := true k widgets_att(WS-TR)’enabled := false
END;
Evt ActionPerformed list1-2 =
SELECT
EVStart= 0 ^ not(UserAction’source=WS-ALR)
THEN
ǁ
Widgets_att(WS-ALR)’enabled := false widgets_att(WS-ALR)’enabled := true
END
Evt ActionPerformed lis2 =
SELECT UserAction’source {WS-ALR, WS-RT}^
widgets att(UserAction’source)’enabled = TRUE^
widgets att(UserAction’source)’visible = TRUE^
UserAction’list=lis1 ^ UserAction’typ=ActionEvent ^
^ EVStart=1
THEN
Jtextfields_att(output)’text := Text
EVStart := EVStart-1
END;
ǁ widgets_att(output)’visible := true ǁ
Evt ActionPerformed list2-1 =
SELECT
EVStart= 0 ^ UserAction’source=WS-TR
THEN
Widgets_att(WS-TR)’enabled := true k widgets_att(WS-TR)’enabled := false
END;
Evt ActionPerformed list2-2 =
SELECT
EVStart= 0 ^ not(UserAction’source=WS-TR)
ǁ
THENWidgets_att(WS-TR)’enabled := false widgets_att(WS-TR)’enabled := true
END;
END
EXECUTION :
ActionPerformed(method of : lis1 ; react on : ActionEvent)
{
Start1 : output.text = value ;
output.visible= true ;
goto start1 ;
start11: if (evt1.source=WS-ALR)
then start111
else start112 ;
/*Inlining of invoked methods*/
start111 : WS-ALR.Enabled= false ;
WS-ALR.Enabled= true ;
goto end ;
start112 : EF.Enabled= true ;
FE.Enabled= false ;
goto end1 ;
end1 : return ;}
92
Copyright ⓒ 2015 SERSC
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
KeyPressed(method of : lis1 ;
react on : KeyEvent)
{...}
Start2 : output.text = value ;
output.visible= true ;
goto start1 ;
start21 : if (evt1.source=WS-TR)
then start211
else start212 ;
/*Inlining of invoked methods*/
Start211 : WS-TR.Enabled= false ;
WS-TR.Enabled= true ;
goto end ;
start212 : TR.Enabled= true ;
FE.Enabled= false ;
goto end2 ;
end2 : return ;}
KeyPressed(method of : lis2 ;
react on : KeyEvent)
{...}
END
Figure 15. B Model Code
4.3.2. Translate Automatic Process into B Formal Specifications
Figure 16. Model B of Travel Agency Web Service
Copyright ⓒ 2015 SERSC
93
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
Figure 17. Model B of Travel Agency Web Service
4.3.3. Java-Swing Program: The refinement phase’s aim at producing final B
specifications close to the chosen target language implementation (JAVA) such that the
last step of the coding becomes more intuitive and straightforward; according to the
matching between the concept of machine in B and class in Java:
MACHINE: Name of the abstract machine (same name of the class)
SETS: Declaration of abstract and enumerated sets
VARIABLE: Declaration of variables (same attributes of a class)
INVARIANT: Typing and variable property
INITIALISATION: Setting up the initial value of variables (same constructor)
OPERATIONS: Statement of Operations (same methods)
public class ChoixTransport
extends JFrame
implements ActionListener, KeyListener
private JTextField input,output ;
JButton WS-ALR,WS-TR ;
DC ChoixTransport dc ;
public P ChoixTransport()
{ Initialize() ;
subscribe() ;}
public void Initialize(){
/*Widgets creation*/
input=new JTextField() ;
output=new JTextField() ;
WS-ALR= new
JButton("AIRLINE RESERVATION") ;
WS-TR=new
JButton("TRAIN RESERVATION") ;
/* Widgets initialization */
94
Copyright ⓒ 2015 SERSC
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
WS-ALR.setEnabled(false) ;
WS-TR.setEnabled(false) ;
output.setEnabled(false) ;
this.setVisible(true) ;}
/*listeners subscriexion*/
public void subscribe() {
input.addKeyListener(this) ;
WS-ALR.addActionListener(this) ;
WS-TR.addActionListener(this) ;} ;
public void desactivate WS-ALR (boolean b){
WS-ALR.setEnabled( !b) ;
WS-TR.setEnabled(b) ;}
public String getInput()
{return input.getText() ;}
public void setOutput(String s)
{output.setText(s) ;}
/* Listener methods */
public void actionPerformed(ActionEvent e)
{if (e.getSource()==WS-ALR)
controler.WS-ALR(true) ;
if (e.getSource()==WS-TR)
{dc.WS-TR(false) ;}
public void keyPressed(KeyEvent e){}
public void keyReleased(KeyEvent e){}
public void keyTyped(KeyEvent e){} }
Figure 18. Java-Swing Code
5. Conclusions and Future Work
In this paper we have analysed several researches have been proposed in the Web 2
context and they have based on various formalisms have been conducted that have given
rise to several tools; but, very often, these tools are limited in their scope; where we
noticed that they mostly focused on the formalization of orchestrations of Web services
and allow some verification of their behavior, Without interest of social side of this
applications.
Table 4. Comparison between FAF WA Approaches
Approaches
Degree of
automation
Design type
Aspect
Based
modeling
Our approach
Automatic
Behavioral
LTSA-WS
approch
ASDL
approach
Semiautomatic
Semiautomatic
Graphical
and
symbolic
Graphical
Behavioral
CTT
notations
B Model
UML
symbolic
Behavioral
Algbra
Copyright ⓒ 2015 SERSC
Output
format
language
BPEL4SW
and JAVA
BPEL4SW
Rquires
another
language
(lowest level)
to execute an
orchestration
described
with ASDL,
example
95
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
BPEL4WS.
Temporal
theories
approach
Skogan
approach
Bordbar
approach
Ko approach
Lim
approach
Yue
approach
Semiautomatic
symbolic
Behavioral
Temporal
model
Semiautomatic
Semiautomatic
Automatic
Graphical
Functional
Graphical
Behavioral
BPEL and
WorkSCo
BPEL
Interactive
Nonfunctional
and
semantic
Semantic
Activity
diagram
Activity
diagram
clientfriendly
manner
Workflow
OWL-S
OWL-S
Colored Petri
Nets
Automatic
Automatic
Natural
language
Graphical
Semantic
and nonfunctional
BPEL4S
OWL-S
In this paper, we have presented an original formal approach for Web 2.0 applications
and AJAX and BPEL4SW in particular, the latter is one of the most popular standard for
Web Services orchestrations. We propose formal approach, called the CTT notation and
the B method, that is designed around most important AJAX (JAVA) and BPEL4SW
specific features and that aims to be a formal presentation of these standards. we show
that the CTT notation and the B method with Event-B that is based on a well-established
formalism, are well suited to specify the complex applications based on AJAX
technologies and Service Oriented Architectures (SOA).
We provide all processes and tools that permit to build and analyze this formal
approach: Extracting a pattern CTT-B by capturing the behavioral aspect of the process of
the client side AJAX (JAVA) and the behavioral aspect of the orchestration process
(BPEL4SW), this pattern has a formal syntax and a behavioral semantics,. We also
present several mappings between these tools: a mapping that allows to translate JAVA
and BEPL4SW into Event-B, in order to proceed to their formal verification and a
mapping acting as a generator of JAVA and BEPL4SW code.
The approach presented in this article has several advantages:
1.
The proposed approach is top-down / bottom-up approach to formal
specification, formal validation and automatic code generation (BPEL4SW and JAVA).
2. The proposed approach is uniform approach for both languages (JAVA and
BPEL4SW) used one pattern: CTT-B.
As such, our approach has the advantages:
3. Reducing the cost of development: automation phases of specification,
refinement, and automatic code generation.
4. Standardization of the generated code: the two phases of translation and
refinement are dictated by precise and deterministic rules. This Code Standards provide a
better understanding and maintenance of the code produced.
5. Thus these tools, will aim to assist the designer in the development process of its
web applications. Such a tool will unload the designer of various manual and formal
phases of the development.
96
Copyright ⓒ 2015 SERSC
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
The work still remains; we plan to expand the approach to consider dynamic analysis
of policies for service interactions in service choreography and also the analysis of service
composition deployments on distributed architectures. Moreover we are keen to evolve
this approach to validate multimodal applications; and to extract multi-view based on the
properties to be validated.
References
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
[14]
[15]
[16]
[17]
[18]
[19]
[20]
[21]
[22]
S. Gurpreet and T. Guru, “Seminar Report On Service Oriented Architecture & Web 2.0”, Submitted
By: Department of Computer Science and Engineering; Institute of Technology, New Delhi
(048/GTBIT/CSE/2004).
Object Management Group, “MDA Guide Version 1.0.1”, (2003).
Object Management Group, “OMG Unified Modeling Language (OMG UML) Superstructure, Version
2.2”, (2009).
Hamadi and B. Benatallah, “A petri net-based model for web service composition”, Fourteenth
Australasian Database Conference (ADC2003), (2003).
S. Uchitel Foster, J. Magee and J. Kramer, “Model-based verification of web service compositions”,
IEEE Automated Software Engineering (ASE), (2003).
S. Uchitel Foster, J. Magee and J. Kramer, “Tool support for model-based engineering of web service
compositions”, IEEE International Conference on Web Services (ICWS), (2005).
S. Uchitel Foster, J. Magee and J. Kramer, “Ltsa-ws: A tool for model-based verifi-cation of web service
compositions and choreography”, IEEE International Conference on Software Engineering (ICSE 2006),
(2006).
A. Ferrara Salaun and A. Chirichiello, “Negotiation among web services using lotos/cadp”, European
Conference on Web Services (ECOWS 04), (2004).
Chirichiello and G. Salaun, “Encoding abstract descriptions into executable web services: Towards a
formal development negotiation among web services using lotos/cadp”, IEEE/WIC/ACM International
Conference on Web Intelligence (WI 2005), (2005).
A. Cau Solanki and H. Zedan, “Asdl: A wide spectrum language for designing web services”, 15th
International World Wide Web Conference (WWW2006), (2006).
W. Gaaloul Rouached, W.M.P. van der Aalst, S. Bhiri and C. Godart, “Web service mining and
verification of properties: An approach based on event calculus”, OTM Confederated International
Conferences, a, (2006).
M. Rouached, P. Perrin and C. Godart, “Towards formal verification of web service composition”, 4th
International Conference on Business Process Management (BPM 2006), b, (2006).
R. Kowalski and M. J. Sergot, “A logic-based calculus of events”, New generation Computing 4, (1986),
pp. 67-95.
A. Cortier, “ONERA – France 19”, Clearsy system engineering-Aix en provance CEDEX
3;http://www.b4free.com/index-en.php, (2009).
F. Paternò, C. Santoro and L. D. Spano, “ISTI-CNR W3C Working Group Submission 2”, (2012)
February.
Abrial, J. R., “The B-Book”, Combridge University Press, (1996).
Sun. Java SE Downloads-JDK 5. http://java.sun.com/javase/downloads/index_jdk5.jsp
NetBeans. NetBeans Tool. http://www.netbeans.org/
http://www.b4free.com/public/installLinuxSun.php.
http://www.loria.fr/~cansell/cnp.html.
Dion Hinchcliffe.On Digital strategy :Notes on Internet and Business Convergence:
http://dionhinchcliffe.com/2005/10/28/is-web-2-0-the-global-soa, (2008).
Authors
Meftah Mohammed Charaf Eddine, received his Bachelor
degree in 1999. Received his master degree in Computer Science
from University of Eloued since 2010; currently an Assistant
Professor in the Department of Computer science at the EL-Oued
University (Algeria). He is currently a Phd student at Biskra
University (Algeria). His research interest includes Software
engineering, Web services and Formal approach.
Copyright ⓒ 2015 SERSC
97
International Journal of Software Engineering and Its Applications
Vol. 9, No. 12 (2015)
Pr. Okba Kazar, received his master degree in 1997 from the
Constantine University (Algeria) working on artificial
intelligence field. He obtained his PhD degree from the same
university in 2005. He is member of editorial board of some
Journals. He is an author of some publication in international
journals and session chair in international conferences. Actually
Okba KAZAR is full professor at computer science department
of Biskra University and director of intelligent computer science
laboratory. He is interested to the multi-agents systems and their
applications, advanced information systems, Web services,
semantic Web, bigdata, internet of things and cloud computing.
98
Copyright ⓒ 2015 SERSC