Lecture 15: Hierarchical State Machines I

Similar documents
Lecture 16: Hierarchical State Machines II

Lecture 02: Semantical Model

Software Design, Modelling and Analysis in UML

Lecture 07: Class Diagrams II

Software Design, Modelling and Analysis in UML

Lecture 10: State Machines Overview

Software Design, Modelling and Analysis in UML

Software Design, Modelling and Analysis in UML

Software Design, Modelling and Analysis in UML

Software Design, Modelling and Analysis in UML

Software Design, Modelling and Analysis in UML

Software Design, Modelling and Analysis in UML

Software Design, Modelling and Analysis in UML

Software Design, Modelling and Analysis in UML

Software Design, Modelling and Analysis in UML

Software Design, Modelling and Analysis in UML

/50 5/50 2/50 3/50 6/50. UML-Notationsübersicht. Teil 1/4. Figure Examples of navigable ends. enda. endb main

Improving the Definition of UML

Lecture 03: Object Constraint Language

Software Design, Modelling and Analysis in UML

Variables. Substitution

Directed Model Checking for PROMELA with Relaxation-Based Distance Functions

Unified Modeling Language 2

Introduction to Linear-Time Temporal Logic. CSE 814 Introduction to LTL

COSC 3351 Software Design. An Introduction to UML (I)

Software Testing IV. Prof. Dr. Holger Schlingloff. Humboldt-Universität zu Berlin

Liveness and Fairness Properties in Multi-Agent Systems

2 nd UML 2 Semantics Symposium: Formal Semantics for UML

4. Simplicial Complexes and Simplicial Homology

Software Design, Modelling and Analysis in UML

THREE LECTURES ON BASIC TOPOLOGY. 1. Basic notions.

Chapter 3: Propositional Languages

Lecture 8: Use Cases and Scenarios

Simulation and Verification of UML-based Railway Interlocking Designs

Compositional Model Based Software Development

Refinement Using µ-charts: The Compaq Grand Slam Cup Case Study Revisited

1 Introduction. 3 Syntax

How useful is the UML profile SPT without Semantics? 1

Introduction to Formal Methods

The learning objectives of this chapter are the followings. At the end of this chapter, you shall

Direct Semantics of Extended State Machines

Engineering Design w/embedded Systems

Towards Model Checking Executable UML Specifications in mcrl2

Lecture 21. Lecture 21: Concurrency & Locking

XI International PhD Workshop OWD 2009, October Fuzzy Sets as Metasets

March 2, Homepage:

3.4 Deduction and Evaluation: Tools Conditional-Equational Logic

CSE P 501 Compilers. Parsing & Context-Free Grammars Hal Perkins Winter /15/ Hal Perkins & UW CSE C-1

15-819M: Data, Code, Decisions

EECS 144/244: Fundamental Algorithms for System Modeling, Analysis, and Optimization

Coverability Graph and Fairness

CS611 Lecture 33 Equirecursive types & Recursive domain equations November 19, 2001

Syntax. In Text: Chapter 3

Compilers and computer architecture From strings to ASTs (2): context free grammars

Semantics with Applications 3. More on Operational Semantics

CSE P 501 Compilers. Parsing & Context-Free Grammars Hal Perkins Spring UW CSE P 501 Spring 2018 C-1

Lecture 08: Scenarios and Use Cases

Contents. Softwaretechnik. Type Safety of Java. Featherweight Java. Lecture 21: Featherweight Java

Updating data and knowledge bases

Recency Types for Dynamically-Typed, Object-Based Languages

Interactive Verification of Concurrent Systems using Symbolic Execution

Warm-Up Problem. Let be a set of well-formed Predicate logic formulas. Let be well-formed Predicate logic formulas. Prove or disprove the following.

A Formal Resolution Strategy for Operation-Based Conflicts in Model Versioning Using Graph Modifications

Note that in this definition, n + m denotes the syntactic expression with three symbols n, +, and m, not to the number that is the sum of n and m.

Distributed Systems Programming (F21DS1) Formal Verification

Software Design, Modelling and Analysis in UML

Scenario-based Synthesis of Annotated Class Diagrams in UML

SIC: Provably Timing-Predictable Strictly In-Order Pipelined Processor Core

Fundamental Concepts. Chapter 1

Mapping ConcurTaskTrees into UML 2.0

CS5371 Theory of Computation. Lecture 8: Automata Theory VI (PDA, PDA = CFG)

A Semantics to Generate the Context-sensitive Synchronized Control-Flow Graph (extended)

14.1 Encoding for different models of computation

Automated Formal Methods for Embedded Systems

CONVENTIONAL EXECUTABLE SEMANTICS. Grigore Rosu CS522 Programming Language Semantics

A framework for relating syntactic and semantic model differences

junit RV Adding Runtime Verification to junit

CS4215 Programming Language Implementation. Martin Henz

Week 6. Data structures

Lecture 6. Abstract Interpretation

Web Services Annotation and Reasoning

Towards a Logical Reconstruction of Relational Database Theory

The University of Nottingham SCHOOL OF COMPUTER SCIENCE A LEVEL 4 MODULE, SPRING SEMESTER MATHEMATICAL FOUNDATIONS OF PROGRAMMING ANSWERS

UNIVERSITY OF EDINBURGH COLLEGE OF SCIENCE AND ENGINEERING SCHOOL OF INFORMATICS INFR08008 INFORMATICS 2A: PROCESSING FORMAL AND NATURAL LANGUAGES

Program verification. Generalities about software Verification Model Checking. September 20, 2016

Softwaretechnik. Lecture 18: Featherweight Java. Peter Thiemann. University of Freiburg, Germany

CONVENTIONAL EXECUTABLE SEMANTICS. Grigore Rosu CS422 Programming Language Semantics

Technische Universität München Zentrum Mathematik

Programming Languages Lecture 14: Sum, Product, Recursive Types

Repairing Preference-Based Argumentation Frameworks

Software Engineering

SOFTWARE ENGINEERING UML FUNDAMENTALS. Saulius Ragaišis.

Distributed Objects with Sense of Direction

Lecture 1. 1 Notation

UML 2.0 State Machines

MIT Specifying Languages with Regular Expressions and Context-Free Grammars

Intro to semantics; Small-step semantics Lecture 1 Tuesday, January 29, 2013

On the Expressiveness of Infinite Behavior and Name Scoping in Process Calculi

CSCI 3155: Principles of Programming Languages Exam preparation #1 2007

Specification-based Testing of Embedded Systems H. Schlingloff, SEFM 2008

Transcription:

Software Design, Modelling and Analysis in UML Lecture 15: Hierarchical State Machines I 2015-01-08 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal 15 2015-01-08 main Albert-Ludwigs-Universität Freiburg, Germany Contents & Goals Last Lecture: RTC-Rules: Discard, Dispatch, Commence. item Step, RTC This Lecture: Educational Objectives: Capabilities for following tasks/questions. What does this State Machine mean? What happens if I inject this event? Can you please model the following behaviour. What is: initial state. What does this hierarchical State Machine mean? What may happen if I inject this event? What is: AND-State, OR-State, pseudo-state, entry/exit/do, final state,... 15 2015-01-08 Sprelim Content: Transformer: Create and Destroy, Divergence Putting It All Together Hierarchical State Machines Syntax 2/42

Missing Transformers: Create and Destroy 15 2015-01-08 main 3/42 Transformer: Create abstract syntax concrete syntax create(c, expr, v) intuitive semantics Create an object of class C and assign it to attribute v of the object denoted by expression expr. well-typedness expr : τ D, v atr(d), atr(c) = { v 1 : τ 1,expr 0 i 1 i n} semantics... observables... (error) conditions I expr 0 i (σ,u x) not defined for some i. 4/42

Transformer: Create abstract syntax concrete syntax create(c, expr, v) intuitive semantics Create an object of class C and assign it to attribute v of the object denoted by expression expr. well-typedness expr : τ D, v atr(d), atr(c) = { v 1 : τ 1,expr 0 i 1 i n} semantics... observables... (error) conditions I expr 0 i (σ,u x) not defined for some i. We use an and assign -action for simplicity it doesn t add or remove expressive power, but moving creation to the expression language raises all kinds of other problems such as order of evaluation (and thus creation). Also for simplicity: no parameters to construction( parameters of constructor). Adding them is straightforward (but somewhat tedious). 4/42 Create Transformer Example SM C : /...;n := new C;... s 1 s 2 create(c, expr, v) t create(c,expr,v) [u x ](σ,ε) =... σ: d : D n = :σ ε: :ε 5/42

Create Transformer Example SM C : /...;n := new C;... s 1 s 2 create(c, expr, v) t create(c,expr,v) [u x ](σ,ε) =... σ: d : D n = :σ ε: :ε 5/42 How To Choose New Identities? Re-use: choose any identity that is not alive now, i.e. not in dom(σ). Doesn t depend on history. May undangle dangling references may happen on some platforms. Fresh: choose any identity that has not been alive ever, i.e. not in dom(σ) and any predecessor in current run. Depends on history. Dangling references remain dangling could mask dirty effects of platform. 6/42

Transformer: Create abstract syntax concrete syntax create(c, expr, v) intuitive semantics Create an object of class C and assign it to attribute v of the object denoted by expression expr. well-typedness expr : τ D, v atr(d), atr(c) = { v 1 : τ 1,expr 0 i 1 i n} semantics ((σ,ε),(σ,ε )) t iff σ = σ[u 0 σ(u 0 )[v u]] {u {v i d i 1 i n}}, ε = [u](ε); u D(C) fresh, i.e. u dom(σ); u 0 = I expr (σ,u x ); d i = I expr 0 i (σ,u x) if expr 0 i and d i D(τ i ) otherwise (non-determinism). observables Obs create [u x ] = {(u x,,(, ),u)} (error) conditions I expr (σ,u x ) not defined. 7/42 Transformer: Destroy abstract syntax concrete syntax destroy(expr) intuitive semantics Destroy the object denoted by expression expr. well-typedness expr : τ C, C C semantics... observables Obs destroy [u x ] = {(u x,,(+, ),u)} (error) conditions I expr (σ,u x ) not defined. 8/42

Destroy Transformer Example SM C : /...;delete n;... s 1 s 2 destroy(expr) t destroy(expr) [u x ](σ,ε) =... σ: c : C n : C :σ ε: :ε 9/42 What to Do With the Remaining Objects? Assume object u 0 is destroyed... object u 1 may still refer to it via association r: allow dangling references? or remove u 0 from σ(u 1 )(r)? object u 0 may have been the last one linking to object u 2 : leave u 2 alone? or remove u 2 also? Plus: (temporal extensions of) OCL may have dangling references. Our choice: Dangling references and no garbage collection! This is in line with expect the worst, because there are target platforms which don t provide garbage collection and models shall (in general) be correct without assumptions on target platform. But: the more dirty effects we see in the model, the more expensive it often is to analyse. Valid proposal for simple analysis: monotone frame semantics, no destruction at all. 10/42

Transformer: Destroy abstract syntax concrete syntax destroy(expr) intuitive semantics Destroy the object denoted by expression expr. well-typedness expr : τ C, C C semantics t[u x ](σ,ε) = (σ,ε) where σ = σ dom(σ)\{u} with u = I expr (σ,u x ). observables Obs destroy [u x ] = {(u x,,(+, ),u)} (error) conditions I expr (σ,u x ) not defined. 11/42 Step and Run-to-completion Step 15 2015-01-08 main 12/42

Notions of Steps: The Step Note: we call one evolution (σ,ε) (cons,snd) (σ,ε ) a step. u Thus in our setting, a step directly corresponds to one object (namely u) takes a single transition between regular states. (We have to extend the concept of single transition for hierarchical state machines.) That is: We re going for an interleaving semantics without true parallelism. Remark: With only methods (later), the notion of step is not so clear. For example, consider c 1 calls f() at c 2, which calls g() at c 1 which in turn calls h() for c 2. 15 2015-01-08 Sstmstep Is the completion of h() a step? Or the completion of f()? Or doesn t it play a role? It does play a role, because constraints/invariants are typically (= by convention) assumed to be evaluated at step boundaries, and sometimes the convention is meant to admit (temporary) violation in between steps. 13/42 Notions of Steps: The Run-to-Completion Step What is a run-to-completion step...? Intuition: a maximal sequence of steps, where the first step is a dispatch step and all later steps are commence steps. Note: one step corresponds to one transition in the state machine. A run-to-completion step is in general not syntacically definable one transition may be taken multiple times during an RTC-step. 15 2015-01-08 Sstmstep Example: σ: ε: : C x = 2 E for u E[x > 0]/ s 1 s 2 /x := x 1 14/42

Notions of Steps: The RTC Step Cont d Proposal: Let (σ 0,ε 0 ) (cons 0,Snd 0 ) u 0... (cons n 1,Snd n 1) (σ n,ε n ), n > 0, u n 1 be a finite (!), non-empty, maximal, consecutive sequence such that object u is alive in σ 0, u 0 = u and (cons 0,Snd 0 ) indicates dispatching to u, i.e. cons = {(u, v d)}, there are no receptions by u in between, i.e. cons i {u} Evs(E,D) =,i > 1, u n 1 = u and u is stable only in σ 0 and σ n, i.e. 15 2015-01-08 Sstmstep σ 0 (u)(stable) = σ n (u)(stable) = 1 and σ i (u)(stable) = 0 for 0 < i < n, Let 0 = k 1 < k 2 < < k N = n be the maximal sequence of indices such that u ki = u for 1 i N. Then we call the sequence (σ 0 (u) =) σ k1 (u),σ k2 (u)...,σ kn (u) (= σ n 1 (u)) a (!) run-to-completion computation of u (from (local) configuration σ 0 (u)). 15/42 Divergence We say, object u can diverge on reception cons from (local) configuration σ 0 (u) if and only if there is an infinite, consecutive sequence (σ 0,ε 0 ) (cons 0,Snd 0 ) (σ 1,ε 1 ) (cons 1,Snd 1 )... such that u doesn t become stable again. Note: disappearance of object not considered in the definitions. By the current definitions, it s neither divergence nor an RTC-step. 15 2015-01-08 Sstmstep 16/42

Run-to-Completion Step: Discussion. What people may dislike on our definition of RTC-step is that it takes a global and non-compositional view. That is: In the projection onto a single object we still see the effect of interaction with other objects. Adding classes (or even objects) may change the divergence behaviour of existing ones. Compositional would be: the behaviour of a set of objects is determined by the behaviour of each object in isolation. Our semantics and notion of RTC-step doesn t have this (often desired) property. 15 2015-01-08 Sstmstep Can we give (syntactical) criteria such that any global run-to-completion step is an interleaving of local ones? Maybe: Strict interfaces. (A): Refer to private features only via self. (Proof left as exercise...) (Recall that other objects of the same class can modify private attributes.) (B): Let objects only communicate by events, i.e. don t let them modify each other s local state via links at all. 17/42 References 15 2015-01-08 main 41/42

15 2015-01-08 main [Crane and Dingel, 2007] Crane, M. L. and Dingel, J. (2007). UML vs. classical vs. rhapsody statecharts: not all models are created equal. Software and Systems Modeling, 6(4):415 435. [Damm et al., 2003] Damm, W., Josko, B., Votintseva, A., and Pnueli, A. (2003). A formal semantics for a UML kernel language 1.2. IST/33522/WP 1.1/D1.1.2-Part1, Version 1.2. [Fecher and Schönborn, 2007] Fecher, H. and Schönborn, J. (2007). UML 2.0 state machines: Complete formal semantics via core state machines. In Brim, L., Haverkort, B. R., Leucker, M., and van de Pol, J., editors, FMICS/PDMC, volume 4346 of LNCS, pages 244 260. Springer. [Harel and Kugler, 2004] Harel, D. and Kugler, H. (2004). The rhapsody semantics of statecharts. In Ehrig, H., Damm, W., Große-Rhode, M., Reif, W., Schnieder, E., and Westkämper, E., editors, Integration of Software Specification Techniques for Applications in Engineering, number 3147 in LNCS, pages 325 354. Springer-Verlag. [OMG, 2007] OMG (2007). Unified modeling language: Superstructure, version 2.1.2. Technical Report formal/07-11-02. [Störrle, 2005] Störrle, H. (2005). UML 2 für Studenten. Pearson Studium. 42/42

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback