Vered Gafni – Formal Development of Real Time Systems 1 Statecharts Semantics

Vered Gafni – Formal Development of Real Time Systems 2 Statecharts Synchronous Semantics Assumes tick - a fixed rate (clock) event occurs at time instants: t 0,t 1,t 2,… At each time instant t i the program reacts to the set of events occurring during (t i-1,t i ] (not empty, at least {tick}). A reaction is a set of synchronous actions computed in zero time. A reaction at t i may generate events which, by definition, occur at t i hence may trigger further reactions at the same time instant titi t i-1 t i+1 t i+2 E2E2 E3E3 E1E1 {tick,E 1, E 2, E 3 }

Vered Gafni – Formal Development of Real Time Systems 3 Nondeterminism May be resolved by priorities: A number of transitions may be enabled simultaneously:

Vered Gafni – Formal Development of Real Time Systems 4 Step Execution Conflicts Inconsistency: Traversing (instantaneous) states: Infinite loop ?

Vered Gafni – Formal Development of Real Time Systems 5 Step – taking an enabled transition General principles: events/actions generated during a step are sensed only at the next step. calculation of a step is carried out w.r.t the status as it is in the beginning of the step. events “live” only for the duration of one step - If D was true in S then U is entered. - If D was false in S then V is entered.

Vered Gafni – Formal Development of Real Time Systems 6 Simple Statecharts Semantics Given a statechart, the semantics defines the set of possible runs. A run is a sequence of statuses related by step.

Vered Gafni – Formal Development of Real Time Systems 7 Status (simple statechart) A status is a structure ( , E, , TM, Now) where:  - set of states. E - subset of atomic events (external/internal).  : Cnd  {T,F} - assignment of all atomic conditions. TM = { (tm(e,d),t) } - all timeout events and their expected time Now - integer variable representing current time (absolute) Initial status  = initial state E = {according to actions on initial arrows}  = conditions according to actions on initial arrow, o.w. false TM = { (tm(e,d),  ) } Now=0

Vered Gafni – Formal Development of Real Time Systems 8 Status Example Initial status: (  = R, E= ,  = , TM={(tm(b,3),  )}, Now=0 ) We specify  by the conditions that are currently True

Vered Gafni – Formal Development of Real Time Systems 9 Status types Statuses are of 2 types: -Tick status: tick  E - Transition status: tick  E Run evolution – tick statuses each followed by a finite sequence of transition statuses. tick is the clock event; external events that occur during (t-1,t] appear in E that corresponds to the tick of t

Vered Gafni – Formal Development of Real Time Systems 10 Steps 2 kinds of steps Tick step: transition status  tick status A tick step w.r.t. a transition status X=( , E, , TM, now) yields the tick-status X’ =( , E’, , TM, now) where: tick  E’ and E’ contains only external events Tick steps are triggered by the system clock ticks. Transition step: tick/transition status  transition status consists of 2 phases: - Time related update - Taking an enabled transition

Vered Gafni – Formal Development of Real Time Systems 11 Transition Step: Time related update Updates X=( , E, , TM, now)  X’ =(  ’, E’,  ’, TM’, now’) 1 [tick  E]: - E=E-{tick}, - now’:= now+1 -- current time update -  (tm(e,d),t)  TM’: -- timeout events update if t=now’: - { E=E  {tm(e,d)} -- timeout expired - if e  E: TM.(tm(e,d),t)  TM.(tm(e,d),  ) } 2  (tm(e,d),t)  TM: if e  E: TM.(tm(e,d),t)  TM.(tm(e,d), now’+d) 3 TM’=TM Examples: ( , E={tick}  {}, , TM=(tm(e,3),  ), now=7  8}) ( , E={tick}  {tm(e,3)}, , TM=(tm(e,3),8   ), now=7  8}) ( , E={tick, e}  {e, tm(e,3)}, , TM=(tm(e,3),8  11), now=7  8}) ( , E={e}, , TM=(tm(e,3),   10), now=7) next status

Vered Gafni – Formal Development of Real Time Systems 12 Transition Step: taking Enabled Transition A transition (S1,  event-exp,cond-exp,actions-list ,S2) is enabled on a status X=( , E, , TM, Now) iff: - S1  - E |  event-exp -  |  cond-exp

Vered Gafni – Formal Development of Real Time Systems 13 Taking a Simple Transition (S1,  event-exp, cond-exp, actions-list , S2) ({S1}, E, , TM, Now)  ({S2}, E’,  ’, TM, Now), where: - E’ = events induced by (execution of) actions-list, e.g.:  Atomic actions are events  Actions tr!(C), fs!(C)  tr(C), fs(C), respectively. -  ’ =  changed by tr!(C), fs!(C)  actions-list

Vered Gafni – Formal Development of Real Time Systems 14 Run Example-1 (  ={R}, E= ,  = , TM={(tm(b,3),  )}, Now=0) -- init. status ({R}, {tick}  {}, , {(tm(b,3),  )}, 1>2) -- no external events till 3 rd tick. ({R}, {tick,b}  {b}, , {(tm(b,3),6)}, 3) -- b at 3 rd tick:  : ({S}, , , {(tm(b,3),6)}, 3) -- enabled transition effect ({S}, {tick}  {}, , {(tm(b,3),6)}, 4>5) -- (4-5) th ticks ({S}, {tick}  {tm(b,3)}, , {(tm(b,3),  )},6)  ({T}, , , {(tm(b,3),  )}, 6) -- 6 th tick ({T}, {tick}  {c}, , {(tm(b,3),  )}, 7) -- 7 th tick ({T}, {tick}  {b}, , {(tm(b,3), 11)}, 8) -- 8 th tick  ({R}, {a}, , {(tm(b,3), 11)}, 8) ({Q}, {tr(D)}, {D}, {(tm(b,3), 11)}, 8) Super-Step

Vered Gafni – Formal Development of Real Time Systems 15 Run Example-2 ({Q}, {tick}  {}, {D}, {(tm(b,3),11)}, 9) -- 9 th tick: ({Q}, {tick}  {b}, {D}, {(tm(b,3), 13)}, 10) th tick: ({Q}, {tick}  {}, {D}, {(tm(b,3),13)}, 11>12) --(11,12) th tick: ({Q}, {tick}  {tm(b,3)}, {D}, {(tm(b,3),  )}, 13) --13 th tick:

Vered Gafni – Formal Development of Real Time Systems 16 Super Step  a sequence of basic steps (zero time),  first step is triggered by external events,  each successor is triggered by the internal events generated in the previous step, - Finite sequence, last step trigger no further transitions (stable state). Initial status: (  ={S}, E= ,  = , TM= , Now=0) a at 3 rd tick: (  ={S}, E={tick,a}  {a},  = , TM= , Now=2  3)  a\b enabled  (  ={Q}, E={b},  = , TM= , Now=3)  b enabled  (  ={R}, E= ,  = , TM= , Now=3)

Vered Gafni – Formal Development of Real Time Systems 17 Semantics of Compound Statecharts  T, R  T - tree representing the statechart structure R - partial relation on the tree nodes, representing the transitions.

Vered Gafni – Formal Development of Real Time Systems 18 Statecharts Tree And-Or tree (nodes denote states) Exactly one descendent of every Or-state is marked as “initial“. and-state or-state initial state leaf is or-state

Vered Gafni – Formal Development of Real Time Systems 19 States Scope and Orthogonality scope(S,S’) - lowest common ancestor of (S,S’), -- e.g., scope(B1,D)=S, scope(B,C2)=A. S’, S” are orthogonal iff S=scope(S’,S”) is an or-state -- e.g., (B1,D), (C1,C2), but (B,C2), (B,S) are not orthogonal. and-state or-state initial state

Vered Gafni – Formal Development of Real Time Systems 20 Transition relation A partial relation between orthogonal nodes (defined by the transitions): (state,  event-exp, cond-exp, action-list , state) (C1,  h,Q , D) (D,  m , A) (E,  n , E) (B1,  e , B2) (B2,  k , B2) (C1,  f , C2) (C2,  g , C1)

Vered Gafni – Formal Development of Real Time Systems 21 Configuration A configuration w.r.t a state S is a minimal sub-tree  [S] s.t.: S  [S] If A  [S] and A is an or-state then  [S] contains exactly one of the sub-states of A. If A  [S] and A is an and-state then  [S] contains all the sub-states of A. Basic configuration - the set of basic states in a configuration (uniquely identifies a configuration). Claim: A configuration does not include orthogonal states -- (need to be proved)

Vered Gafni – Formal Development of Real Time Systems 22 Configuration Example  [S]: {S, A, B, C, B1, C2}, (basic: {B1, C2}) {S, D, E} (basic {E}), …

Vered Gafni – Formal Development of Real Time Systems 23 Status A status is a structure that consists of:  - a configuration w.r.t the root state. E - subset of the atomic events (external/internal).  : Cnd  {T,F} - assignment of all atomic conditions. TM = { (tm(e,d),t) } - timeout events and their expected time Now - current time (absolute) H : S  S – partial function that assigns to each or-state last visited sub-state

Vered Gafni – Formal Development of Real Time Systems 24 History Partial function H:S  S (S - the set of all states in the statechart). Defined only for states of type OR that have refinement. H assigns to a state the last visited sub-state, defined at as follows: –In the initial status H(s) is the initial state of its refinement. –H(s) changes value only as a result of a step that generates the event ex(H(s)) but not the event ex(s), In this case, the new value of H(s) is the state entered by that enabled transition (which by definition is also a sub-state of s). changes H(S) but not H(R) changes H(S), H(R) (failure,  done , H(InOrder))

Vered Gafni – Formal Development of Real Time Systems 25 Initial Status A Statechart starts operating by executing the actions that label initial arrows which also influence the definition of the initial status  is built from root-state expanded by initial labels.  = {in(S)=true | S  }  {basic conditions according to actions on initial arrows, o.w. false} TM = { (tm(e,d),  ) } E = {en(S) | S  }  { according to actions on initial arrows} Now=0 H (s) = undefined if s is and-state or has no refinement = initial sub-state if s is an or-state that has refinement

Vered Gafni – Formal Development of Real Time Systems 26 Transition Step A transition (S1,  event-exp,cond-exp,actions-list ,S2, H) is enabled on a status X=( , E, , TM, Now, H) iff: - S1  - E |  event-exp -  |  cond-exp (S1,S2) are orthogonal hence S2  Transform from status X to status X’ by: updates due to time advance executing maximal subset of non-conflicting enabled transitions.

Vered Gafni – Formal Development of Real Time Systems 27 Exit Set Given a transition  = (R,  E,C,act , P) enabled on a status X=( , E, , TM, Now, H). Let S=scope(R,P),  [S] the corresponding sub-configuration of , then the exit set of  is: EX(  )=  [S] – {S}

Vered Gafni – Formal Development of Real Time Systems 28 Operational Conflict t2 vs. t3 (state A) t1 vs. {t2,t3} (state A) Transitions enabled on a given status are in operational conflict if their exit-sets contain a common state.

Vered Gafni – Formal Development of Real Time Systems 29 Selection of Non-conflicting Transitions {t2, t3}  t2 or t3 {t1, t2 }  t1 Given conflicting transitions ,  ’, then, If level(  )=level(  ’) – select arbitrary (non-determinism) If level(  )  level(  ’) – select  (hierarchy priority) For  = (R,  E,C,act , P) and a status X, level(  ) is the level of R in .

Vered Gafni – Formal Development of Real Time Systems 30 Resolving operational conflict { t2, t3 } ?

Vered Gafni – Formal Development of Real Time Systems 31 Step Execution: Exit/Entrance Sets of a Transition Given a transition  = (R,  E,C,act , P) enabled on a status X=( , E, , TM, Now, H). Let S=scope(R,P), then, the exit set of  is: EX(  )=  [S] – {S} The entrance set of  is: EN(  )=  [S..P] Note: If  =(R,  E, C, act , P) is enabled on X then scope(R,P)  (must be proved) EN(  ) is uniquely defined (must be proved) the configuration emerging from S (not included) that includes P and then expanded by initial or history labels.

Vered Gafni – Formal Development of Real Time Systems 32 Example Exit/Entrance Sets {e,f} may be enabled and taken in the same step – example of maximal non- conflicting take set

Vered Gafni – Formal Development of Real Time Systems 33 Step Algorithm Let X =( , E, , TM, Now, H) - current status, X’ =(  ’, E’,  ’, TM’, Now’, H’) - next status. Phase 1: -- update: now, E, TM if tick  E set now := now+1 For each (tm(e,d), t)  TM: –if tick  E and t=now add tm(e,d) to E if e  E set (tm(e,d),  ) in TM –if e  E set (tm(e,d), now+d) in TM if tick  E set E=E-{tick} TM’:=TM, now’:=now Same as for a simple transition

Vered Gafni – Formal Development of Real Time Systems 34 Step Algorithm (cont.) Phase 2: Compute the set  en of maximal non-conflicting enabled transitions with respect to X. Set E’= ,  ’= ,  ’= , H’=H for each    en  E’ := E’  {ex(S) | S  EX(  )}  {en(S) | S  EN(  )}  update  ’ : {in(S)=false | S  EX(  )} and {in(S)=true | S  EN(  )}   ’ :=  ’ – EX(  )  EN(  ) -- update configuration,  execute the actions, and update E’,  ’ respectively  update in H’ (history of parent states) according to EX(  ),

Vered Gafni – Formal Development of Real Time Systems 35 Super-step Example Assume C1, C2, C3 are false and e occurs Given status:  ={Q, W,R1,S1,T1}, E={e} step 1: {t1}:  {Q, W,R2,S1,T1}, {C1}, {ex(R1),en(R2),tr(C1),f} step 2: {t3,t4 }:  {Q, W,R2,S2,T2}, {C1,C2}, {ex(S1,T1),en(S2,T2),tr(C2)} step 3: {t2}:  {Q, W,R3,S2,T2}, {C1,C2,C3},{ex(R2),en(R3),tr(C3)} step 4: {t6}:  {Q, S}, {C1,C2,C3},{ex(W),ex(R3),ex(S2),ex(T2),en(S)}