02/04/2008 A Concrete Syntax for UML 2.1 Action Semantics Using +CAL 13th IEEE International Conference on Engineering of Complex Computer Systems – ICECCS.

Slides:



Advertisements
Similar presentations
Operating Systems Part III: Process Management (Process Synchronization)
Advertisements

Models of Concurrency Manna, Pnueli.
Formal Semantics of Programming Languages 虞慧群 Topic 6: Advanced Issues.
Mahadevan Subramaniam and Bo Guo University of Nebraska at Omaha An Approach for Selecting Tests with Provable Guarantees.
Concurrency Important and difficult (Ada slides copied from Ed Schonberg)
Ch. 7 Process Synchronization (1/2) I Background F Producer - Consumer process :  Compiler, Assembler, Loader, · · · · · · F Bounded buffer.
Mutual Exclusion By Shiran Mizrahi. Critical Section class Counter { private int value = 1; //counter starts at one public Counter(int c) { //constructor.
Silberschatz, Galvin and Gagne ©2013 Operating System Concepts – 9 th Edition Chapter 5: Process Synchronization.
Multiprocessor Synchronization Algorithms ( ) Lecturer: Danny Hendler The Mutual Exclusion problem.
ISBN Chapter 3 Describing Syntax and Semantics.
CS 355 – Programming Languages
Model-Based Programming: Executable UML with Sequence Diagrams By Ruben Campos Cal State L.A. Computer Science Thesis Work Spring 2007.
Formal Methods of Systems Specification Logical Specification of Hard- and Software Prof. Dr. Holger Schlingloff Institut für Informatik der.
Detailed Design Kenneth M. Anderson Lecture 21
Architecture-driven Modeling and Analysis By David Garlan and Bradley Schmerl Presented by Charita Feldman.
Computer Science Lecture 12, page 1 CS677: Distributed OS Last Class Distributed Snapshots –Termination detection Election algorithms –Bully –Ring.
Model Checking. Used in studying behaviors of reactive systems Typically involves three steps: Create a finite state model (FSM) of the system design.
Chapter 2: Algorithm Discovery and Design
Temporal Logic of Actions (TLA) Leslie Lamport
Programming Language Semantics Mooly SagivEran Yahav Schrirber 317Open space html://
Specification Formalisms Book: Chapter 5. Properties of formalisms Formal. Unique interpretation. Intuitive. Simple to understand (visual). Succinct.
Action Languages K268 SENG2100 Pat Browne
HAS. Patterns The use of patterns is essentially the reuse of well established good ideas. A pattern is a named well understood good solution to a common.
Describing Syntax and Semantics
The Mana Project Lars Asplund Kristina Lundqvist Uppsala University, Information Technology, Dept of Computer Systems.
1 CS101 Introduction to Computing Lecture 19 Programming Languages.
Basic Concepts The Unified Modeling Language (UML) SYSC System Analysis and Design.
Lecture 6 Template Semantics CS6133 Fall 2011 Software Specification and Verification.
02/06/05 “Investigating a Finite–State Machine Notation for Discrete–Event Systems” Nikolay Stoimenov.
Cheng/Dillon-Software Engineering: Formal Methods Model Checking.
Language Evaluation Criteria
Ontologies Reasoning Components Agents Simulations Agent Modeling Language: Behavioral Models Rafael Oliveira Ricson Santana Vinícius Remigo Jacques Robin.
Lecture 4 Finite State Machine CS6133 Software Specification and Verification.
Timed UML State Machines Ognyana Hristova Tutor: Priv.-Doz. Dr. Thomas Noll June, 2007.
1 Thread Synchronization: Too Much Milk. 2 Implementing Critical Sections in Software Hard The following example will demonstrate the difficulty of providing.
Imperative Programming
The Critical Section Problem
CS101 Introduction to Computing Lecture Programming Languages.
Algorithms and Algorithm Analysis The “fun” stuff.
ISBN Chapter 3 Describing Semantics -Attribute Grammars -Dynamic Semantics.
Ch. 2. Specification and Modeling 2.1 Requirements Describe requirements and approaches for specifying and modeling embedded systems. Specification for.
16 August Verilog++ Assertion Extension Requirements Proposal.
Modeling Component-based Software Systems with UML 2.0 George T. Edwards Jaiganesh Balasubramanian Arvind S. Krishna Vanderbilt University Nashville, TN.
Performance evaluation of component-based software systems Seminar of Component Engineering course Rofideh hadighi 7 Jan 2010.
Internet Software Development Controlling Threads Paul J Krause.
Information System Design IT60105
Chapter 5 Implementing UML Specification (Part II) Object-Oriented Technology From Diagram to Code with Visual Paradigm for UML Curtis H.K. Tsang, Clarence.
Using a simple Rendez-Vous mechanism in Java
Semantics In Text: Chapter 3.
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Examples: Simple BIR-Lite Examples Copyright 2004, Matt Dwyer, John Hatcliff,
CS3773 Software Engineering Lecture 06 UML State Machines.
Testing OO software. State Based Testing State machine: implementation-independent specification (model) of the dynamic behaviour of the system State:
Properties as Processes : FORTE slide Properties as Processes: their Specification and Verification Joel Kelso and George Milne School of Computer.
1. 2 Purpose of This Presentation ◆ To explain how spacecraft can be virtualized by using a standard modeling method; ◆ To introduce the basic concept.
Software Systems Verification and Validation Laboratory Assignment 4 Model checking Assignment date: Lab 4 Delivery date: Lab 4, 5.
Andrey Karaulov, Alexander Strabykin Institute for System Programming Russian Academy of Sciences SYRCoSE: Spring Young Researchers Colloquium on Software.
From Natural Language to LTL: Difficulties Capturing Natural Language Specification in Formal Languages for Automatic Analysis Elsa L Gunter NJIT.
September 1999Compaq Computer CorporationSlide 1 of 16 Verification of cache-coherence protocols with TLA+ Homayoon Akhiani, Damien Doligez, Paul Harter,
Introduction to distributed systems description relation to practice variables and communication primitives instructions states, actions and programs synchrony.
Concurrency/synchronization using UML state models November 27th, 2007 Michigan State University.
Analysis Classes Unit 5.
Concurrency/synchronization using UML state models
State Machine Diagrams
B (The language of B-Method )
Programming Languages 2nd edition Tucker and Noonan
Algorithm and Ambiguity
UML State Diagrams.
Programming Languages 2nd edition Tucker and Noonan
Chapter 3: Process Management
Presentation transcript:

02/04/2008 A Concrete Syntax for UML 2.1 Action Semantics Using +CAL 13th IEEE International Conference on Engineering of Complex Computer Systems – ICECCS 2008 UML&AADL’2008 Workshop Isabelle Perseil, Laurent Pautet TELECOM ParisTech, LTCI,UMR 5141 CNRS

Page 2 – UML&AADL’ 2008 – 02/04/2008 Agenda  Context  State-of-the Art  Issues  Goals  Proposed approach  Application of the approach  Conclusions

Page 3 – UML&AADL’ /04/2008 Context  The role of executable modeling (xUML) Subset of UML + ASL  runs models, generation of safe code (computationally complete language) Bridge the gap between the analysis, design and programming steps  From xUML to other executable modeling languages Multiple views, multiple aspects : define all elements for implementation, without overloading one single model and mismatch the abstraction level  Ada (better for system analysis)  AADL  Ada (better for system deployment)

Page 4 – UML&AADL’ /04/2008 State-of-the Art – part I : the OMG RFP  The UML specifies how many types of models can be expressed it lacks a concrete syntax for describing actions Users of the UML can add operations and states to their models, but there is no standard concrete syntax to describe how objects are created and changed by those operations and states.  The RFP solicits proposals for Concrete syntax for describing actions in the UML 2.1 action semantics and activities

Page 5 – UML&AADL’ /04/2008 State-of-the Art – part II : Action languages Definition : An action is some computation, such as executing a function, sending a signal, reading or writing data, and iterating over a set  an action is a statement or a sequence of statements that is executed when the object takes the transition Existing action languages  SMALL (very limited precursor)  TALL (functional)  Bridge-Point Object  iUML from Kennedy Carter (industrially used) Answer to the RFP, but not formal enough

Page 6 – UML&AADL’ /04/2008 State-of-the Art : example of the Lamport Bakery statechart Condition connector actions [guard] action boolean condition : must be true for the transition to be taken incoming transition [guard] if false it exits (not going to the next state “Trying”) process a_process ∈ 1..N Only the smallest ticket can enter in the critical section

Page 7 – UML&AADL’ /04/2008 And its code (Mutex.adb) with “ Rhapsody in Ada ” -generation of one procedure : procedure Trying_Process_Event (this : in out Mutex_t; e : in out Class_Hierarchy_Specific_Event.Class ) is begin …. if Q < N then ……. ); Trying_Exit (this); ….. Q:=Q+1; …….. ); if (Rank( Q )=0 or (Rank(A_Process) > Rank( Q ) ) or (A_Process > Q )) then ……… ); --+[ transition --+] ……… ); Critical_Entry (this); ……….. ); --+[ transition Rank(A_Process) := 0; --+] …………… ); Idle_Entry (this); ……… end if; end Trying_Process_Event;  Automatically generates entry actions and exit actions for each state  The code is not labeled  no parameterization  difficult to locate the origin  difficult to read (tool code simulation)

Page 8 – UML&AADL’ /04/2008 Issues  Use a high-level programming language : have many more features than necessary to describe actions in a model (C++, Java, Ada…)  The action semantics should provide just enough semantics to enable the specification of computation  Genericity and interoperability between different action languages (if, for some reasons, we would have to work with several action languages)

Page 9 – UML&AADL’ /04/2008 Goals  Create a standard language with which users can write a complete and unambiguous functional description of the actions of operations and states with the following properties : Statements are readable and intuitive Statements resemble existing languages for common functions (e.g. if statements, assignment, comparison) Users can include comments Users can assign marks to individual statements in the language The language can be extended to include new features

Page 10 – UML&AADL’ /04/2008 Our Goals The action language answers to the mandatory requirements, with particular strengths  Preserves the level of abstraction of the action semantic language, adds formal capabilities  Defines primitives, simple constructs  Provides for the specifications of systems in sufficient detail so that they can be executed

Page 11 – UML&AADL’ /04/2008 Proposed Approach  Requires a mapping from the structure of the specification to the structure of the implementation  But executing a single diagram is not sufficient If the whole code is obtained from one (flat) diagram, then the execution of the model == a translation from one programming language to another one (i.e. a bijection)

Page 12 – UML&AADL’ /04/2008 PCALToAda (1) +CAL algorithm --algorithm bakery variables Extraction = [k ∈ 1..N |-> FALSE], Rank= [m ∈ 1..N|-> 0]; process a_process ∈ 1..N variable q; begin Extraction[a_process]:= TRUE; Rank[a_process]:= 1 + max(Rank[1]..Rank[N]); Extraction[a_process]:= FALSE; q:=1; while q ≠ N+1 do while (Extraction[q]) do skip; end while; while ((Rank[q]≠ 0) ∧ ((Rank[q], q) < (Rank[a_process],a_process))) do skip; end while; q:=q+1; end while; \*The critical section Rank [a_process]:=0; \* non-critical section... end process end algorithm The “for” loop does not exist attribution of the ticket … ” busy waiting” (trying) wait until other processes with higher priorities have finished their job other processes know if some number requests are in progress or not number of the request check on pid process labeled actions

Page 13 – UML&AADL’ /04/2008 PCALToAda (2) Ada pgm ANTLR Translator From +CAL  Ada 2005 (in progress) procedure Entering (A_Process : in Proc_Index) is begin Extraction(A_Process) := True ; Rank(A_Process) := 1 + Maximum; Extraction(A_Process) := False ; for Q in 1..N loop loop delay 0. 1 ; exit when not Extraction(Q) ; exit when Rank (Q)=0 or else Rank (A_Process) > Rank (Q) or else (A_Process > Q) end loop ; end Entering ; −− −− Exit Protocol procedure Way_Out (A_Process : in (Proc_Index) is begin Rank (A_Process) := 0; end Way_Out ; guards wait exit of the loop

Page 14 – UML&AADL’ /04/2008 +CAL extensions : answer to mandatory requirements (  TLA+ expressions) - Stephan Merz’s works  The expressions in +cal algorithms can be any TLA+ expressions  TLA+ records (also called structs) [field1, field2]  Concurrent object “a” == record contains :  one field for every attribute of class A  a field q m for every message type m ∈ Meth A defined in class A (representing the queue of waiting requests to execute method m)  The action receive(a,m,x) describes the receipt of a message of type m by an object a with parameter tuple x

Page 15 – UML&AADL’ /04/2008 +CAL extensions : answer to mandatory requirements (  TLA+ expressions)  It represents some difficulties as we need to properly embed TLA+ :  On one hand, +CAL is simple because : it has no pointers, no objects, no types  On the other hand, the way to extend the capabilities is to use TLA+ expressions  To re-define a class and formalize its behavior in TLA is not simple  But, thanks to TLA we may represent a “next- state” relation for any attribute (actions defined for the given class)  So we may represent the changes during the receipt of a new message

Page 16 – UML&AADL’ /04/2008 Application of the approach TLA+ generation and assertion A simple command java pcal.trans Algorithm translate into TLA+  The translation introduces a new variable pc pc value is label of next statement to be executed  The invariant to check is no 2 process are in state cs  isMutex == ∀ i,k ∈ 1.. N : (i /= k) ) : => ¬((pc[i ] = "cs") ∧ (pc[k] = "cs"))  IsMutex is a TLA+ operator defined just after the algorithm, Then : we put assert answer = isMutex to check the algorithm with TLC we simulate the algorithm (run)

Page 17 – UML&AADL’ /04/2008 Application of the approach Use of extended +CAL into state machines diagrams algorithm Implementation Operation Body : process a_process \in 1..N variable q; begin … labeled actions while q /= N+1 do …. end while; cs: Rank [a_process]:=0; nd process Labeled specification Ada generation : procedures (PCALToAda translator) Invariance checking in TLA+ (with TLC) State machine in +CAL specification Specification Certification of the produced code sequence of steps (labels) Extraction[q]

Page 18 – UML&AADL’ /04/2008 Conclusions and future works  In order to formerly specify DRE Systems behavior Lamport specifies synchronization in terms of state machines (“Time, clocks and the ordering of events in a distributed system”)  formal state machines  We have shown how +CAL can be executed in the context of state machines and activity diagrams  To answer to the Action Language RFP mandatory requirements We need some Extensions to +CAL : Class and object manipulations and signal generation  animate UML models  +CAL brings genericity  labels (allows to divide multi- threaded pgm into atomic steps), multiple languages generation  +CAL can be used via a co-modeling methodology enabling TLA+ actions model-checking Safety properties of concurrent systems are satisfied

Page 19 – UML&AADL’ /04/2008 Questions ? Mail to :