ADR: Architectural Design Rewriting Framework

Updated 1 April 2026

ADR is a formal, rule-based framework for modeling and evolving software architectures through algebraic graph transformations and design-by-contract techniques.
It employs precise rewrite rules with pre- and post-condition logic to automatically refactor systems and restore architectural invariants.
The framework supports static conformance, dynamic recovery, and runtime monitoring, enabling automated architecture reconstruction and self-healing in distributed systems.

Architectural Design Rewriting (ADR) is a formal, rule-based framework for modeling, analyzing, reconstructing, and evolving software and system architectures. ADR employs graph transformation techniques, design-by-contract reasoning, and automated search strategies to support both static architecture conformance and dynamic recovery from architectural erosion and unexpected runtime reconfigurations. The framework is underpinned by rigorous semantics for graph-based architectural representations, production rules equipped with logical pre-/post-conditions, and algorithmically grounded methods for maintaining or re-establishing desired architectural invariants in both monolithic and distributed software systems (Schmidt et al., 2014, Poyias et al., 2013, Poyias et al., 2012).

1. Graph-Based Formal Representation of Architectures

ADR models architectures as (hyper)graphs, where edges correspond to architectural elements (e.g., components, connectors), and nodes represent interaction points or ports. In its classical formulation, an ADR graph $G$ is a tuple $(V, E, \text{lab}, \text{att})$ , with $V$ a finite set of nodes, $E$ finite edges, $\text{lab}: E \rightarrow L$ a labeling function over a label alphabet $L$ (each with an arity), and $\text{att}: E \rightarrow V^{\text{ar}(\ell)}$ defining “tentacle” attachments of each edge (Poyias et al., 2012).

The type system is provided by a “type graph” $\Gamma$ with its own nodes and edges, inducing a morphism $\tau_G: G \rightarrow \Gamma$ that associates each architecture with a predetermined vocabulary of component types. In “replaceability-augmented” variants, each edge receives a replaceability status $\theta_G: E \rightarrow \{0,1\}$ , enabling precise control over which edges may be rewritten at runtime (Poyias et al., 2013).

A key specialized structure in ADR-driven architecture recovery is the “reflexion model”: a triple $(V, E, \text{lab}, \text{att})$ 0 where $(V, E, \text{lab}, \text{att})$ 1 are code-level units (e.g., Java classes), $(V, E, \text{lab}, \text{att})$ 2 is the set of dependencies, and $(V, E, \text{lab}, \text{att})$ 3 assigns each unit to an abstract architectural layer (Schmidt et al., 2014).

2. Rewrite Rules, Productions, and Logic Contracts

ADR evolves architectures via the controlled application of rewrite rules, known as productions. Each production $(V, E, \text{lab}, \text{att})$ 4 is a triple $(V, E, \text{lab}, \text{att})$ 5, where $(V, E, \text{lab}, \text{att})$ 6 is the “left-hand side” (often a replaceable edge and its context), $(V, E, \text{lab}, \text{att})$ 7 is the “right-hand side” (the replacement fragment), and $(V, E, \text{lab}, \text{att})$ 8 is an interface-embedding from $(V, E, \text{lab}, \text{att})$ 9’s nodes to those of $V$ 0 (Poyias et al., 2013, Poyias et al., 2012). Rewriting semantics adopt the single-pushout approach, replacing a match of $V$ 1 in $V$ 2 with $V$ 3, ensuring correct “gluing” along the interface. Variants parameterize applicability by replaceability and type constraints.

Logic-based contracts govern rule applicability and effects. A first-order–style logic φ specifies presence or absence of labeled edges (components/connectors) at specific nodes, as well as quantified invariants over fragments. Each rule $V$ 4 can be annotated with pre-conditions ( $V$ 5, over $V$ 6) and post-conditions ( $V$ 7, over $V$ 8). The contract enforcement ensures that, for any application $V$ 9 with $E$ 0, the result $E$ 1 satisfies $E$ 2 (Poyias et al., 2013, Poyias et al., 2012).

Central to automation is the weakest pre-condition algorithm $E$ 3, which, given a production $E$ 4 and desired post-condition $E$ 5, computes the least requirement on $E$ 6 guaranteeing $E$ 7 after applying $E$ 8. The structural algorithm handles the preservation, introduction, or deletion of edges and is composable under standard logical connectives.

3. Architecture Reconstruction and Refactoring

ADR methodologies are effective at reconstructing “lost” conceptual architectures and at refactoring codebases to conform to such reconstructed models (Schmidt et al., 2014). The process can be summarized as follows:

Extraction Phase: Parse source code to construct a dependency graph $E$ 9, typically leveraging metrics such as Coupling Between Objects (CBO) to assign weights $\text{lab}: E \rightarrow L$ 0.
Conceptual Layering: Search for a partition $\text{lab}: E \rightarrow L$ 1 (“layering”) that maximizes the fitness function

$\text{lab}: E \rightarrow L$ 2

where $\text{lab}: E \rightarrow L$ 3 penalizes architectural violations, especially those not automatically fixable (Schmidt et al., 2014).

Greedy Hill-Climbing: Use greedy assignment and steepest ascent hill-climbing to optimize SolutionQuality, typically targeting $\text{lab}: E \rightarrow L$ 4 coherent layers.
Identification of Violations: Any dependency $\text{lab}: E \rightarrow L$ 5 with $\text{lab}: E \rightarrow L$ 6 (i.e., “upward” relative to the abstraction hierarchy) is an architectural violation, annotated by resolveability.
Automated Refactoring: For each violation, synthesize and apply transformations such as MoveMethod, MoveConstant, or ExcludeParameter, evaluating post-coherence and SolutionQuality at each step. Transformations are implemented as AST rewrites via an analysis and transformation framework (e.g., RECODER).
Consistency Guarantee: All transformations re-parse and re-align the reflexion model, ensuring structural coherence and the absence of new downward violations.

Empirical results, e.g., on a 15-class MVC system, demonstrate stable degradation of SolutionQuality with increasing injected violations and partial automatic migration under greedy strategy (Schmidt et al., 2014).

4. Runtime Monitoring, Misbehaviour Localization, and Corrective Reconfiguration

ADR supports modular, runtime monitoring and adaptation, particularly in distributed environments subject to unanticipated reconfigurations. The approach in (Poyias et al., 2013) introduces a monitoring mechanism that maintains lineage trees (or forests) for each architectural element, recording the application and ancestry of rewrite rules. For each rewrite, new nodes in the monitoring tree record both the applied rule and the replacement edges, providing a localized history.

Upon detection of invariant violation (via logical graph invariant checking), the monitoring structure allows precise identification of the affected subgraph (“locus of error”) by extracting subtrees tied to the most recent reconfiguration. This enables the system to:

Localize errors with granularity dictated by the history tree rather than requiring global graph search;
Suggest and apply corrective reconfiguration by computing weakest pre-conditions $\text{lab}: E \rightarrow L$ 7 for available productions $\text{lab}: E \rightarrow L$ 8 relative to the current invariant $\text{lab}: E \rightarrow L$ 9, testing these only on subgraphs localized by the monitoring tree;
Guarantee both soundness (all suggested reconfigurations restore $L$ 0 if their pre-conditions are satisfied) and completeness (all such remedies are considered due to the weakest pre-condition machinery).

All such analyses and corrections are efficient due to off-line computation of logical conditions and incremental evaluation at runtime.

5. Enforcing Architectural Styles and Design-by-Contract

ADR offers a declarative methodology to enforce architectural styles—families of architectures specified by invariants or “style contracts.” At runtime, the architecture $L$ 1 is monitored against the invariant $L$ 2. Upon style violation (possibly caused by environmental failures or unforeseen distributed reconfigurations), the system automatically searches for available productions $L$ 3 and application sites $L$ 4 such that the weakest pre-condition $L$ 5 holds in $L$ 6. Applying an admissible $L$ 7 at $L$ 8 guarantees restoration of the invariant, yielding architectures that conform to the desired style (Poyias et al., 2012).

This contract-driven, graph-rewriting approach offers a mechanizable alternative to more heavyweight formalism (e.g., model checking in full temporal logic) and dynamic-component languages lacking logical guarantees. ADR’s algorithmic constructiveness allows style-preserving and recovery sequences to be synthesized on-the-fly, with all steps justified by pre-condition reasoning.

6. Algorithmic Summary and Prototype Implementations

End-to-end ADR workflows, as instantiated for architecture reconstruction and refactoring in (Schmidt et al., 2014), follow this high-level structure:

Graph Extraction: Build dependency graphs, compute metrics.
Architecture Reconstruction: Apply greedy and hill-climbing search for optimal conceptual layering and produce reflexion model $L$ 9 with violation marking.
Violation Repair: Automatically generate and evaluate AST-level refactoring variants for architecture violations using the MoveMethod, MoveConstant, and ExcludeParameter transformations; select optimal reductions by SolutionQuality.
Output: Provide updated reflexion models, refactored codebases, and before/after metrics.

Prototypes are implemented atop Java AST analysis frameworks and provide textual/XML reflexion models, violation reports, and automated code rewriting. Empirical studies confirm that automatic strategies can reduce violation counts and achieve high or optimal SolutionQuality on non-trivial systems (Schmidt et al., 2014).

7. Extensions, Limitations, and Research Trajectory

ADR’s foundation in algebraic graph rewriting and first-order logic offers systematic, modular, and mathematically justified approaches to software architectural evolution. The extension to tracking history trees and localized term-matching for reconfiguration and recovery supports autonomic self-healing and efficient adaptation in distributed architectures (Poyias et al., 2013).

A plausible implication is that this local, history-based monitoring may scale better than traditional global analysis in large, continually evolving system graphs.

However, the automation of refactoring is bounded by the formal expressiveness of the transformation catalog, the granularity of edge replaceability, and the choice of logic for invariants. No empirical complexity bounds are specified for monitoring or reconfiguration beyond the assertion that cost is proportional to the local interfaces and histories involved (Poyias et al., 2013). ADR’s suitability for runtime enforcement of complex, higher-order invariants depends on future refinement of logic, tool support, and integration with language-specific AST representations.

In summary, ADR provides a rigorous, search- and contract-based methodology for both static and dynamic architectural conformance, supporting automated architecture reconstruction, refactoring, monitoring, and guaranteed recovery, as well as offering a promising foundation for future research in autonomic, self-managing software systems (Schmidt et al., 2014, Poyias et al., 2013, Poyias et al., 2012).