Software Design, Modelling and Analysis in UML

Transcription

1 Software Design, Modelling and Analysis in UML Lecture 03: Object Constraint Language (OCL) main Prof. Dr. Andreas Podelski, Dr. Bernd Westphal Albert-Ludwigs-Universität Freiburg, Germany

2 Contents & Goals Last Lecture: Basic Object System Signature Ë and Structure Sprelim System State σ Σ Ë (Smells like they re related to class/object diagrams, officially we don t know yet...) This Lecture: Educational Objectives: Capabilities for these tasks/questions: Please explain this OCL constraint. Please formalise this constraint in OCL. Does this OCL constraint hold in this system state? Can you think of a system state satisfying this constraint? Please un-abbreviate all abbreviations in this OCL expression. In what sense is OCL a three-valued logic? For what purpose? How are (C) and τ C related? Content: OCL Syntax, OCL Semantics over system states 2/36

3 What is OCL? And What is It Good For? 3/ main

4 What is OCL? How Does it Look Like? OCL: Object Constraint Logic Swhatis OCL/Beispiel TeamMember name : String age : Integer 2..* meetings participants * Meeting title : String numparticipants : Integer start : Date duration: Time move(newstart : Date) context TeamMember inv: age => 18 context Meeting inv: duration > 0 * 1 Location name : String ((C) Prof. Dr. P. Thiemann, 4/36

5 What s It Good For? Most prominent: write down requirements supposed to be satisfied by all system states. Often targeting all alive objects of a certain class Swhatis 5/36

6 What s It Good For? Most prominent: write down requirements supposed to be satisfied by all system states. Often targeting all alive objects of a certain class. Not unknown: write down pre/post-conditions of methods (Behavioural Features). Then evaluated over two system states Swhatis 5/36

7 What s It Good For? Most prominent: write down requirements supposed to be satisfied by all system states. Often targeting all alive objects of a certain class. Not unknown: write down pre/post-conditions of methods (Behavioural Features). Then evaluated over two system states. Common with State Machines: guards in transitions Swhatis 5/36

8 What s It Good For? Most prominent: write down requirements supposed to be satisfied by all system states. Often targeting all alive objects of a certain class Swhatis Not unknown: write down pre/post-conditions of methods (Behavioural Features). Then evaluated over two system states. Common with State Machines: guards in transitions. Lesser known: provide operation bodies. 5/36

9 What s It Good For? Most prominent: write down requirements supposed to be satisfied by all system states. Often targeting all alive objects of a certain class Swhatis Not unknown: write down pre/post-conditions of methods (Behavioural Features). Then evaluated over two system states. Common with State Machines: guards in transitions. Lesser known: provide operation bodies. Metamodeling: the UML standard is a MOF-Model of UML. OCL expressions define well-formedness of UML models (cf. Lecture 21). 5/36

10 Plan. Today: OCLExpressions(Ë The set ) of OCL Ë expressions over. Given an OCL expression expr, a system state σ Σ, and a valuation of Ë logical variables β, define IÂexpr Ã(σ, β) {true, false, }. Later: use I to define = Σ Ë OCLExpressions(Ë ). UML W N E OCL Diagram CD, SM ϕ OCL CD, SD S Swhatis Model Instances Ë = (Ì,, V,atr), SM (Σ Ë, A Ë, SM ) = M expr (σ 0, ε 0 ) (cons0,snd0) (σ 1, ε 1 ) (cons1,snd1)... G = (N, E, f) Ë,SD B = (Q SD, q 0, A Ë, SD, F SD ) Mathematics Class Diagram Composite Structure Diagram Structure Diagram Component Diagram Deployment Diagram Object Diagram Package Diagram Activity Diagram Sequence Diagram 6/36 Interacti Diagram

11 (Core) OCL Syntax [OMG, 2006] 7/ main

12 OCL Syntax 1/4: Expressions Where, given Ë = (Ì,, V,atr), expr ::= w : τ(w) W {self C C } is a set of typed logical variables, w has type τ(w) Soclsyn expr 1 = τ expr 2 : τ τ Bool oclisundefined τ (expr 1 ) : τ Bool {expr 1,...,expr n } : τ τ Set(τ) isempty(expr 1 ) : Set(τ) Bool size(expr 1 ) : Set(τ) Int allinstances C : Set(τ C ) v(expr 1 ) : τ C τ(v) r 1 (expr 1 ) : τ C τ D r 2 (expr 1 ) : τ C Set(τ D ) τ is any type Ì from T B T {Set(τ 0 ) τ 0 T B T } T B is a set of basic types, in the following we use T B = {Bool,Int,String} T = {τ C C } is the set of object types, Set(τ 0 ) denotes the set-of-τ 0 type for τ 0 T B T (sufficient because of flattening (cf. standard)) v : τ(v) atr(c), τ(v) Ì, r 1 : D 0,1 atr(c), r 2 : D atr(c), C, D. 8/36

13 OCL Syntax: Notational Conventions for Expressions Each expression ω(expr 1,expr 2,...,expr n ) : τ 1 τ n τ may alternatively be written ( abbreviated as ) expr 1. ω(expr 2,...,expr n ) if τ 1 is an object type, i.e. if τ 1 T. expr 1 -> ω(expr 2,...,expr n ) if τ 1 is a collection type (here: only sets), i.e. if τ 1 = Set(τ 0 ) for some τ 0 T B T. Examples: (self : τ C W; v,w : Int V ; r 1 : D 0,1, r 2 : D V ) self. v Soclsyn self. r 1. w self. r 2 -> isempty 9/36

14 OCL Syntax 2/4: Constants, Arithmetical Operators For example: expr ::=... true, false : Bool expr 1 {and, or, implies} expr 2 : Bool Bool Bool not expr 1 : Bool Bool 0, 1, 1, 2, 2,... : Int OclUndefined : τ expr 1 {+,,... } expr 2 : Int Int Int expr 1 {<,,... } expr 2 : Int Int Bool Soclsyn Generalised notation: expr ::= ω(expr 1,...,expr n ) with ω {+,,... } : τ 1 τ n τ 10/36

15 OCL Syntax 3/4: Iterate expr ::= expr 1 ->iterate(w 1 : τ 1 ; w 2 : τ 2 = expr 2 expr 3 ) or, with a little renaming, expr ::= expr 1 ->iterate(iter : τ 1 ; result : τ 2 = expr 2 expr 3 ) Soclsyn where expr 1 is of a collection type (here: a set Set(τ 0 ) for some τ 0 ), iter W is called iterator, gets type τ 1 (if τ 1 is omitted, τ 0 is assumed as type of iter) result W is called result variable, gets type τ 2, expr 2 in an expression of type τ 2 giving the initial value for result, ( OclUndefined if omitted) expr 3 is an expression of type τ 2 in which in particular iter and result may appear. 11/36

16 Iterate: Intuitive Semantics (Formally: later) expr ::= expr 1 ->iterate(iter : τ 1 ; result : τ 2 = expr 2 expr 3 ) Soclsyn τ 0 hlp = expr 1 ; τ 2 result = expr 2 ; while (!hlp.empty()) do od τ 1 iter = hlp.pop(); result = expr 3 ; Note: In our (simplified) setting, we always have expr 1 : Set(τ 1 ) and τ 0 = τ 1. In the type hierarchy of full OCL with inheritance and oclany, they may be different and still type consistent. 12/36

17 Abbreviations on Top of Iterate expr ::= expr 1 ->iterate(w 1 : τ 1 ; w 2 : τ 2 = expr 2 expr 3 ) expr 1 ->forall(w : τ 1 expr 3 ) is an abbreviation for expr 1 ->iterate(w: τ 1 ; w 1 : Bool = true w 1 expr 3 ). (To ensure confusion, we may again omit all kinds of things, cf. [OMG, 2006]) Soclsyn Similar: expr 1 ->Exists(w : τ 1 expr 3 ) 13/36

18 OCL Syntax 4/4: Context context ::= context w 1 : τ 1,...,w n : τ n inv : expr where w W and τ i T, 1 i n, n Soclsyn context w 1 : C 1,...,w n : C n inv : expr is an abbreviation for allinstances C1 ->forall(w 1 : C 1... allinstances Cn -> forall(w n : C n expr )... ) 14/36

19 Context: More Notational Conventions For context self : τ C inv : expr we may alternatively write ( abbreviate as ) context τ C inv : expr Soclsyn Within the latter abbreviation, we may omit the self in expr, i.e. for self.v and self.r we may alternatively write ( abbreviate as ) v and r 15/36

20 Examples (from lecture Softwaretechnik 2008 ) OCL/Beispiel TeamMember name : String age : Integer 2..* meetings participants * Meeting title : String numparticipants : Integer start : Date duration: Time move(newstart : Date) context TeamMember inv: age => 18 context Meeting inv: duration > 0 * 1 Location name : String ((C) Prof. Dr. P. Thiemann, Soclsyn 16/36

21 Examples (from lecture Softwaretechnik 2008 ) OCL/Mehr Navigation/Beispiele TeamMember name : String age : Integer 2..* meetings participants * Meeting title : String numparticipants : Integer start : Date duration: Time move(newstart : Date) context Meeting inv: self.participants->size() = numparticipants context Location inv: name="lobby" implies meeting->isempty() * 1 Location name : String ((C) Prof. Dr. P. Thiemann, Soclsyn 17/36

22 Example (from lecture Softwaretechnik 2008 ) TeamMember name : String age : Integer 2..* meetings participants * Meeting title : String numparticipants : Integer start : Date duration: Time * 1 Location name : String move(newstart : Date) context Meeting inv : participants -> iterate(i : TeamMember; n : Int = 0 n + i. age) /participants -> size() > Soclsyn 18/36

23 Not Interesting Among others: Enumeration types Type hierarchy Complete list of arithmetical operators The two other collection types Bag and Sequence Casting Runtime type information Pre/post conditions (maybe later, when we officially know what an operation is) Soclsyn 19/36

24 OCL Semantics [OMG, 2006] 20/ main

25 The Task OCL Syntax 1/4: Expressions expr ::= w : τ(w) Where, given Ë = (Ì,, V,atr), W {self } is a set of typed logical variables, w has type τ(w) Soclsyn expr 1 = τ expr 2 : τ τ Bool oclisundefined τ (expr 1 ) : τ Bool {expr 1,...,expr n } : τ τ Set(τ) isempty(expr 1 ) : Set(τ) Bool size(expr 1 ) : Set(τ) Int allinstances C : Set(τ C ) v(expr 1 ) : τ C τ(v) r 1 (expr 1 ) : τ C τ D r 2 (expr 1 ) : τ C Set(τ D ) τ is any type Ì from T B T {Set(τ 0 ) τ 0 T B T } T B is a set of basic types, in the following we use T B = {Bool,Int,String} T = {τ C C } is the set of object types, Set(τ 0 ) denotes the set-of-τ 0 type for τ 0 T B T (sufficient because of flattening (cf. standard)) v : τ(v) atr(c), τ(v) Ì, r 1 : D 0,1 atr(c), r 2 : D atr(c), C, D. 7/ Soclsem Given an OCL expression expr, a system state σ Σ Ë, and a valuation of logical variables β, define IÂ Ã(, ) : OCLExpressions(Ë ) Σ Ë (W I(Ì T B T )) I(Bool) such that IÂexpr Ã(σ, β) {true, false, Bool }. 21/36

26 Basically business as usual... (i) Equip each OCL (!) basic type with a reasonable domain, i.e. define function I on T B dom(i) (iv) Equip each arithmetical operation with a reasonable interpretation (that is, with a function operating on the corresponding domains). I.e. define function I on Soclsem (ii) Equip each object type τ C with a reasonable domain, i.e. define function I on τ C dom(i) (most reasonable: (C) as determined by structure of Ë ). (iii) Equip each set type Set(τ 0 ) with reasonable domain, i.e. define function I on {Set(τ 0 ) τ 0 T B T } dom(i) {+,,,... } dom(i), e.g., I(+) I(Int) I(Int) I(Int) (v) Set operations similar: Define function I on {isempty,... } dom(i) (vi) Equip each expression with a reasonable interpretation, i.e. define function I on I : Expr Σ Ë (W I(Ì T B T ))...except for OCL being a three-valued logic, and the iterate expression. I(Bool) 22/36

27 (i) Domains of Basic Types Recall: T B = {Bool,Int,String} We set: I(Bool) := {true,false} { Bool } I(Int) := Z { Int } I(String) :=... { String } We may omit index τ of τ if it is clear from context Soclsem 23/36

28 (ii) Domains of Object and (iii) Set Types Now we need a structure of our signature Ë = (Ì,, V,atr). Recall: assigns an (infinite) domain (C) to each class C. Let τ C be an (OCL) object type for a class C. We set I(τ C ) := (C) { τc } Soclsem Let τ be a type from T B T. We set I(Set(τ)) := 2 I(τ) { Set(τ) } Note: in the OCL standard, only finite subsets of I(τ). But infinity doesn t scare us, so we simply allow it. 24/36

29 Basically business as usual... (i) Equip each OCL (!) basic type with a reasonable domain, i.e. define function I on T B dom(i) (iv) Equip each arithmetical operation with a reasonable interpretation (that is, with a function operating on the corresponding domains). I.e. define function I on Soclsem (ii) Equip each object type τ C with a reasonable domain, i.e. define function I on τ C dom(i) (most reasonable: (C) as determined by structure of Ë ). (iii) Equip each set type Set(τ 0 ) with reasonable domain, i.e. define function I on {Set(τ 0 ) τ 0 T B T } dom(i) {+,,,... } dom(i), e.g., I(+) I(Int) I(Int) I(Int) (v) Set operations similar: Define function I on {isempty,... } dom(i) (vi) Equip each expression with a reasonable interpretation, i.e. define function I on I : Expr Σ Ë (W I(Ì T B T ))...except for OCL being a three-valued logic, and the iterate expression. I(Bool) 25/36

30 (iv) Interpretation of Arithmetic Operations Soclsem Literals map to fixed values: I(true) := true, I(false) := false, I(0) := 0, I(1) := 1,... I(OclUndefined τ ) := τ Boolean operations (defined point-wise for x 1, x 2 I(τ)): true, if x 1 τ x 2 and x 1 = x 2 I(= τ )(x 1,x 2 ) := false, if x 1 τ x 2 and x 1 x 2, otherwise Bool Integer operations (defined point-wise for x 1, x 2 I(Int)): { x 1 + x 2, if x 1 = x 2 I(+)(x 1, x 2 ) :=, otherwise Note: There is a common principle. Namely, the interpretation of an operation ω : τ 1...τ n τ is a function I(ω) : I(τ 1 ) I(τ n ) I(τ) on corresponding semantical domain(s). 26/36

31 (iv) Interpretation of OclIsUndefined The is-undefined predicate (defined point-wise for x I(τ)): { true, if x = τ I(oclIsUndefined τ )(x) := false, otherwise Soclsem 27/36

32 (v) Interpretation of Set Operations Soclsem Basically the same principle as with arithmetic operations... Let τ T B T. Set comprehension (x 1,...,x n I(τ)): I({} τ n)(x 1,...,x n ) := {x 1,...,x n } for all n N 0 Empty-ness check (x I(Set(τ))): true I(isEmpty τ )(x) := false Bool, if x =, if x = Set(τ), otherwise Counting (x I(Set(τ))): I(size τ )(x) := x if x Set(τ) and Int otherwise 28/36

33 (vi) Putting It All Together: Semantics of Expressions Task: Given OCL expression expr, system state σ Σ Ë, and valuation β, define IÂ Ã(, ) : OCLExpressions(Ë ) Σ Ë (W I(Ì T B T )) I(Bool) such that IÂexpr Ã(σ,β) {true, false, Bool }. OCL Syntax 1/4: Expressions expr ::= w : τ(w) Where, given Ë = (Ì,, V,atr), W {self } is a set of typed logical variables, w has type τ(w) OCL Syntax 2/4: Constants, Arithmetical Operators For example: Soclsem Soclsyn expr 1 = τ expr 2 : τ τ Bool oclisundefined τ (expr 1 ) : τ Bool {expr 1,...,expr n } : τ τ Set(τ) isempty(expr 1 ) : Set(τ) Bool size(expr 1 ) : Set(τ) Int allinstances C : Set(τ C ) v(expr 1 ) : τ C τ(v) r 1 (expr 1 ) : τ C τ D r 2 (expr 1 ) : τ C Set(τ D ) OCL Syntax 3/4: Iterate τ is any type Ì from T B T {Set(τ 0) τ 0 T B T } T B is a set of basic types, in the following we use T B = {Bool,Int,String} = {τ C C } is the set of object types, Set(τ 0) denotes the set-of-τ 0 type for τ 0 T B true, false expr 1 {and, or, implies} expr 2 not expr 1 0, 1, 1, 2, 2,... OclUndefined expr 1 {+,,... } expr 2 : Bool : Bool Bool Bool : Bool Bool : Int : τ : Int Int Int (sufficient because of flattening (cf. standard)) expr 1 {<,,... } expr 2 : Int Int Bool v : τ(v) atr(c), τ(v), Generalised notation: r 1 : D 0,1 atr(c), r 2 : D atr(c), C, D. expr ::= expr 1 ->iterate(w 1 : τ 1 ; w 2 : τ 2 = expr 2 expr 3 ) or, with a little renaming, expr ::= expr 1 ->iterate(iter : τ 1 ; result : τ 2 = expr 2 expr 3 ) Soclsyn 7/30 expr ::=... expr ::= ω(expr 1,...,expr n ) with ω {+,,... } OCL Syntax 4/4: Context : τ 1 τ n τ context ::= context w 1 : τ 1,...,w n : τ n inv : expr where w W and τ i T, 1 i n, n 0. 9/32 29/36

34 Preliminaries: Valuations of Logical Variables Recall: we have typed logical variables (w ) W, τ(w) is the type of w. By β, we denote a valuation of the logical variables, i.e. for each w W, β(w) I(τ(w)) Soclsem 30/36

35 (vi) Putting It All Together... expr ::= w ω(expr 1,...,expr n ) allinstances C v(expr 1 ) r 1 (expr 1 ) r 2 (expr 1 ) expr 1 ->iterate(v 1 : τ 1 ; v 2 : τ 2 = expr 2 expr 3 ) IÂwÃ(σ, β) := β(w) IÂω(expr 1,...,expr n )Ã(σ, β) := I(ω)(IÂexpr 1 Ã(σ, β),...iâexpr n Ã(σ, β)) IÂallInstances C Ã(σ, β) := dom(σ) (C) Note: in the OCL standard, dom(σ) is assumed to be finite. Again: doesn t scare us Soclsem 31/36

36 (vi) Putting It All Together... expr ::= w ω(expr 1,...,expr n ) allinstances C v(expr 1 ) r 1 (expr 1 ) r 2 (expr 1 ) expr 1 ->iterate(v 1 : τ 1 ; v 2 : τ 2 = expr 2 expr 3 ) Soclsem Assume expr 1 : τ C for some C. Set u 1 := IÂexpr 1 Ã(σ, β) (τ C ). { σ(u 1 )(v), if u 1 dom(σ) IÂv(expr 1 )Ã(σ, β) :=, otherwise IÂr 1 (expr 1 )Ã(σ, β) := IÂr 2 (expr 1 )Ã(σ, β) := { u, if u 1 dom(σ) and σ(u 1 )(r 1 ) = {u}, otherwise { σ(u 1 )(r 2 ), if u 1 dom(σ), otherwise (Recall: σ evaluates r 2 of type C to a set) 31/36

37 (vi) Putting It All Together... expr ::= w ω(expr 1,...,expr n ) allinstances C v(expr 1 ) r 1 (expr 1 ) r 2 (expr 1 ) expr 1 ->iterate(v 1 : τ 1 ; v 2 : τ 2 = expr 2 expr 3 ) Soclsem IÂexpr 1 ->iterate(v 1 : τ 1 ; v 2 : τ 2 = expr 2 expr 3 )Ã(σ, β) { IÂexpr := 2 Ã(σ,β), if IÂexpr 1 Ã(σ, β) = iterate(ṽ 1, v 1, v 2,expr 3, σ, β ), otherwise where β = β[ṽ 1 IÂexpr 1 Ã(σ,β) \ {x},v 1 x, v 2 IÂexpr 2 Ã(σ, β)] and { β(v 2 ), if β(ṽ 1 ) = iterate(ṽ 1, v 1,v 2,expr 3, σ,β) = iterate(ṽ 1, v 1, v 2,expr 3, σ,β ), otherwise where β = β[ṽ 1 β(v 1 ) \ {x},v 1 x, v 2 IÂexpr 3 Ã(σ, β)], x β(ṽ 1 ) Quiz: Is (our) I a function? Not if the outcome depends on order of choice of the x! 31/36

38 Example TeamMember name : String age : Integer 2..* meetings participants * Meeting title : String numparticipants : Integer start : Date duration: Time move(newstart : Date) context TeamMember inv: age => 18 context Meeting inv: duration > 0 * 1 Location name : String ((C) Prof. Dr. P. Thiemann, Soclsem 32/36

39 Outlook on Type Theory 33/ main

40 Well-Typedness... Note: in the definition of I, we have silently assumed that expressions are well-typed. Which is somewhat clear from the typed syntax. For instance, is obviously well-typed, while is not (if r : D ). context C inv : r-> size() + 1 context C inv : r Soutlook In Lecture 06: A precise definition of well-typed expressions using basic type theory. Why so late? Consider visibility of attributes in one go. 34/36

41 References 35/ main

42 References [OMG, 2006] OMG (2006). Object Constraint Language, version 2.0. Technical Report formal/ [OMG, 2007a] OMG (2007a). Unified modeling language: Infrastructure, version Technical Report formal/ [OMG, 2007b] OMG (2007b). Unified modeling language: Superstructure, version Technical Report formal/ [Warmer and Kleppe, 1999] Warmer, J. and Kleppe, A. (1999). The Object Constraint Language. Addison-Wesley main 36/36