Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding and Comparing Model-Based Specification Notations Jianwei Niu, Joanne Atlee, and Nancy Day University of Waterloo.

Published byEsmond Wilcox Modified over 8 years ago

Similar presentations

Presentation on theme: "Understanding and Comparing Model-Based Specification Notations Jianwei Niu, Joanne Atlee, and Nancy Day University of Waterloo."— Presentation transcript:

1 Understanding and Comparing Model-Based Specification Notations Jianwei Niu, Joanne Atlee, and Nancy Day University of Waterloo

2 Expressing a Notation’s Semantics Pseudo code: (a) For each static reaction X in EN, execute the action associated with X (b) For each transition X in EN, let S n and S x be the set of states exited and entered, respectively; Formal semantics: Let EN be the set of enabled transitions and static reactions - update the history of all the parents of states in S x - delete the states in S x from the list of states in which the system resides - execute actions associated with exiting states in S x - execute the actions of X - execute the actions associated with entering the states in S n - add to the list of states in which the system resides all of the states in S n Definition: Let X = (X 0,…,X n ) be a sequence of state configurations. Let SC be a system configuration whose state configuration is X n. Let  SC 1 be a micro system configuration with respect to SC, and let  be a micro- step from  SC 1. Then  SC = (  X, , , ,  Y) is the micro system configuration reached by  from  SC 1 if 1.  X =  X 1 -  X 1  {  *(LCA(t)) | t   } 2.  1 =   {e |  generates e } 3.  =  1  { cr(c) |  does not assign F to c }  { cr(c) |  assigns T to c } 4.  (v) = x iff  1 (v) = x and  does not assign any value to v or  assigns x to v 5.  Y =  Y 1  {  C (LCA(t), target(t), X) | t   } Harel et al. “ On the Formal Semantics of Statecharts ”, LICS 1987 Harel et al. “ The STATEMATE Semantics of Statecharts ”, TOSEM, July 1996 Designers of specification notations document the semantics of their notations, to help specifiers use the notations correctly.

3 Template-Based Approach 1. Separates a notation’s step semantics from its semantics of composition. We propose a template-based approach [FSE’02] to structuring the operational semantics of model-based notations that CP1 CP2CP3 CP4 HTS1HTS2 HTS3 HTS4 HTS5

4 Template-Based Approach 1. Separates a notation’s step semantics from its semantics of composition. 2. Extracts common semantics into templates. User instantiates the templates with parameters, to specify a notation’s distinct semantics. We propose a template-based approach [FSE’02] to structuring the operational semantics of model-based notations that Templates parameters CP1 CP2CP3 CP4 HTS1HTS2 HTS3 HTS4 HTS5

5 Template Parameters RESETNEXT States current auxiliary enabling Events current input auxiliary enabling outputs Variables current auxiliary enabling Macro semantics Priority

6 current auxiliary enabling current input auxiliary enabling outputs current auxiliary enabling Macro semantics Priority Variables Events States Agreement among All 3 notations Agreement among 2 notations RESETNEXT RESET NEXT RESETNEXT statecharts RSML STATEMATE Comparing Notation Variants No AgreementUnused

7 Outline of Today's Talk Template semantics u Step semantics of basic components u Template parameters u Comparing notation variants Composition operators Expressing other notations’ semantics u SCR u SDL u Petri Nets CP1 CP2CP3 CP4 HTS1HTS2 HTS3 HTS4 HTS5

8 Control states, state hierarchy Internal events External events Variables Transitions: Basic Components Hierarchical Transition Systems (HTSs) Nonconcurrent machines – concurrency is introduced when composing multiple HTSs S0S0 S1S1 S3S3 S7S7 S8S8 S9S9 S4S4 S2S2 S5S5 S6S6 event [condition] / action sourcedest

9 Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, etc.) Operational Semantics: admissible steps between consecutive snapshots u micro-steps: execute a single transition u macro-steps: execute a sequence of micro-steps until a stable state is reached macro-step micro-step inputs

10 Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, etc.) Operational Semantics: admissible steps between consecutive snapshots u micro-steps: execute a single transition u macro-steps: execute a sequence of micro-steps until a stable state is reached macro-step micro-step inputs

11 Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, etc.) Operational Semantics: admissible steps between consecutive snapshots u micro-steps: execute a single transition u macro-steps: execute a sequence of micro-steps until a stable state is reached macro-step micro-step inputs

12 Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, etc.) Operational Semantics: admissible steps between consecutive snapshots u micro-steps: execute a single transition u macro-steps: execute a sequence of micro-steps until a stable state is reached macro-step micro-step inputs

13 Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, etc.) Operational Semantics: admissible steps between consecutive snapshots u micro-steps: execute a single transition u macro-steps: execute a sequence of micro-steps until a stable state is reached macro-step micro-step inputs

14 Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, etc.) Operational Semantics: admissible steps between consecutive snapshots u micro-steps: execute a single transition u macro-steps: execute a sequence of micro-steps until a stable state is reached macro-step micro-step Stable snapshot: no transitions enabled in the snapshot inputs

15 Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s states, events, and variable values apply: applies a transition’s actions (new events, variable assignments) to the snapshot micro-step: selects an enabled transition and applies its actions to the snapshot macro-step: executes a sequence of micro-steps reset: resets the snapshot at start of macro-step

16 Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s states, events, and variable values apply: applies a transition’s actions (new events, variable assignments) to the snapshot micro-step: selects an enabled transition and applies its actions to the snapshot macro-step: executes a sequence of micro-steps reset: resets the snapshot at start of macro-step

17 Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s states, events, and variable values apply: applies a transition’s actions (new events, variable assignments) to the snapshot micro-step: selects an enabled transition and applies its actions to the snapshot macro-step: executes a sequence of micro-steps, reset: resets the snapshot at start of macro-step

18 Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s states, events, and variable values apply: applies a transition’s actions (new events, variable assignments) to the snapshot micro-step: selects an enabled transition and applies its actions to the snapshot macro-step: executes a sequence of micro-steps reset: resets the snapshot at start of macro-step

19 Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s states, events, and variable values apply: applies a transition’s actions (new events, variable assignments) to the snapshot micro-step: selects an enabled transition and applies its actions to the snapshot macro-step: executes a sequence of micro-steps reset: resets the snapshot at start of macro-step

20 Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s states, events, and variable values apply: applies a transition’s actions (new events, variable assignments) to the snapshot micro-step: selects an enabled transition and applies its actions to the snapshot macro-step: executes a sequence of micro-steps reset: resets the snapshot at start of macro-step

21 Example Function enabled_trans (ss, T ) returns the subset of transitions in T that are enabled in snapshot ss enabled_trans(ss, T)  {   T | enabling_states(ss,  )  enabling_events(ss,  )  enabling_cond(ss,  ) } where enabling_states, enabling_events, enabling_cond are template parameters

22 Template Parameters RESETNEXT how snapshot is reset at start of macro-step how snapshot changes when transition executes how transitions are enabled States current auxiliary enabling Events current input auxiliary enabling outputs Variables current auxiliary enabling Macro semantics Priority

23 Example (Harel’s original statecharts) RESET NEXT how snapshot is reset at start of macro-step how snapshot changes when transition  executes where IE - current internal events I a - current external events O - output events Events IE’=  IE  gen(  ) I a ’= I IaIa IE a ’= enabling trig(  )  I a  IE O’= O  gen(  ) gen(  ) - events generated by  trig(  ) -  ’s triggering events

24 Example (Harel’s original statecharts) RESET NEXT how snapshot is reset at start of macro-step how snapshot changes when transition  executes where IE - current internal events I a - current external events O - output events Events IE’=  IE  gen(  ) I a ’= I IaIa IE a ’= enabling trig(  )  I a  IE O’= O  gen(  ) gen(  ) - events generated by  trig(  ) -  ’s triggering events

25 Example (Harel’s original statecharts) RESET NEXT how snapshot is reset at start of macro-step how snapshot changes when transition  executes where IE - current internal events I a - current external events O - output events Events IE’=  IE  gen(  ) I a ’= I IaIa IE a ’= enabling trig(  )  I a  IE O’= O  gen(  ) gen(  ) - events generated by  trig(  ) -  ’s triggering events

26 Example (Harel’s original statecharts) RESET NEXT how snapshot is reset at start of macro-step how snapshot changes when transition  executes where IE - current internal events I a - current external events O - output events Events IE’=  IE  gen(  ) I a ’= I IaIa IE a ’= enabling trig(  )  I a  IE O’= O  gen(  ) gen(  ) - events generated by  trig(  ) -  ’s triggering events

27 Example (Harel’s original statecharts) RESET NEXT how snapshot is reset at start of macro-step how snapshot changes when transition  executes where IE - current internal events I a - current external events O - output events Events IE’=  IE  gen(  ) I a ’= I IaIa IE a ’= enabling trig(  )  I a  IE O’= gen(  ) - events generated by  trig(  ) -  ’s triggering events

28 current auxiliary enabling current input auxiliary enabling outputs current auxiliary enabling Macro semantics Priority Variables Events States Agreement among All 3 notations Agreement among 2 notations RESETNEXT RESET NEXT RESETNEXT statecharts RSML STATEMATE Comparing Notation Variants No AgreementUnused

29 current auxiliary enabling current input auxiliary enabling outputs current auxiliary enabling Macro semantics Priority Variables Events States Agreement among All 3 notations Agreement among 2 notations RESETNEXT RESET NEXT RESETNEXT statecharts RSML STATEMATE Comparing Notation Variants No AgreementUnused

30 current auxiliary enabling current input auxiliary enabling outputs current auxiliary enabling Macro semantics Priority Variables Events States Agreement among All 3 notations Agreement among 2 notations RESETNEXT RESET NEXT RESETNEXT statecharts RSML STATEMATE Comparing Notation Variants No AgreementUnused

31 current auxiliary enabling current input auxiliary enabling outputs current auxiliary enabling Macro semantics Priority Variables Events States Agreement among All 3 notations Agreement among 2 notations RESETNEXT RESET NEXT RESETNEXT statecharts RSML STATEMATE Comparing Notation Variants No AgreementUnused

32 current auxiliary enabling current input auxiliary enabling outputs current auxiliary enabling Macro semantics Priority Variables Events States Agreement among All 3 notations Agreement among 2 notations RESETNEXT RESET NEXT RESETNEXT statecharts RSML STATEMATE Comparing Notation Variants No AgreementUnused

33 Variant Variable Semantics statecharts STATEMATERSML AV’= AV  eval(asn(  ), AV) AV  eval(asn(  ), AV) AV  eval(last(asn(  )), AV) AV a ’= AV a enabling AV a cond(  )AV cond(  ) Variables NEXT where AV - current variable values AV a - old variable values (from start of macro-step) asn(  ) -  ’s variable assignments last(asn(  )) - last of multiple assignments to same variable eval(X, Y) - evaluates expressions in X wrt values in Y cond(  ) -  ’s enabling conditions

34 Variant Variable Semantics statecharts STATEMATERSML AV’= AV  eval(asn(  ), AV a ) AV  eval(asn(  ), AV) AV  eval(last(asn(  )), AV) AV a ’= AV a enabling AV a cond(  )AV cond(  ) Variables NEXT where AV - current variable values AV a - old variable values (from start of macro-step) asn(  ) -  ’s variable assignments last(asn(  )) - last of multiple assignments to same variable eval(X, Y) - evaluates expressions in X wrt values in Y cond(  ) -  ’s enabling conditions

35 Variant Variable Semantics statecharts STATEMATERSML AV’= AV  eval(asn(  ), AV a ) AV  eval(asn(  ), AV) AV  eval(last(asn(  )), AV) AV a ’= AV a enabling AV a cond(  )AV cond(  ) Variables NEXT where AV - current variable values AV a - old variable values (from start of macro-step) asn(  ) -  ’s variable assignments eval(X, Y) - evaluates expressions in X wrt values in Y cond(  ) -  ’s enabling conditions last(asn(  )) - last of multiple assignments to same variable

36 Variant Variable Semantics statecharts STATEMATERSML AV’= AV  eval(asn(  ), AV a ) AV  eval(asn(  ), AV) AV  eval(last(asn(  )), AV) AV a ’= AV a enabling AV a cond(  )AV cond(  ) Variables NEXT where AV - current variable values AV a - old variable values (from start of macro-step) asn(  ) -  ’s variable assignments eval(X, Y) - evaluates expressions in X wrt values in Y cond(  ) -  ’s enabling conditions last(asn(  )) - last of multiple assignments to same variable

37 Variant Variable Semantics statecharts STATEMATERSML AV’= AV  eval(asn(  ), AV a ) AV  eval(asn(  ), AV) AV  eval(last(asn(  )), AV) AV a ’= AV a enabling AV a cond(  )AV cond(  ) Variables NEXT where AV - current variable values AV a - old variable values (from start of macro-step) asn(  ) -  ’s variable assignments eval(X, Y) - evaluates expressions in X wrt values in Y cond(  ) -  ’s enabling conditions last(asn(  )) - last of multiple assignments to same variable

38 Outline of Today's Talk Template semantics u Step semantics of basic components u Template parameters u Comparing notation variants Composition operators Expressing other notations’ semantics u SCR u SDL u Petri Nets

39 Composition Operators Constrain which/when components can take a step Share snapshot information: u communicate events u consistent values among shared variables CP1 CP2CP3 CP4 HTS1HTS2 HTS3 HTS4 HTS5

40 AND-state Composition IF: Both components are enabled Both components execute simultaneously 1 Generated events are shared 2 Assignments to shared variables are resolved 2 ELSE: One component is enabled Enabled component executes in isolation 1 Generated events are shared 2 Assignments to variables are shared 2 1 Components execute via their micro-step template definition. 2 Components use their template parameters to receive shared events and variable values

41 Outline of Today's Talk Template semantics u Step semantics of basic components u Template parameters u Comparing notation variants Composition operators Expressing other notations’ semantics u SCR u SDL u Petri Nets

42 Software Cost Reduction (SCR) An SCR specification specifies a system in terms of its variables and a history of how variables change value. Monitored variables:input variables, from the environment Controlled variables:output variables, set by the specification Terms, modes:internal variables

43 SCR ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ = offon An SCR specification specifies a system in terms of its variables and a history of how variables change value. Variable updates are specified as mathematical functions: Warning = Represented as a table: off if Mode=Off off if Mode  Off  Temp < 175 on if Mode  Off  Temp  175 where each table entry represents one case in the function’s definition.

44 SCR Template Parameters RESETNEXT States current auxiliary enabling Events current input auxiliary enabling outputs Variables current auxiliary enabling Macro semantics Priority

45 SCR Condition Tables ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon We define a transition  for every table entry: cond(  ): table-entry conditions, evaluated wrt current variable values: Mode  {Heat, Maintain}  Temp<175 asn(  ): bottom-level assignment Warning := off

46 SCR Condition Tables ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon We define a transition  for every table entry: cond(  ): table-entry conditions, evaluated wrt current variable values: Mode  {Heat, Maintain}  Temp<175 asn(  ): bottom-level assignment Warning := off

47 SCR Condition Tables ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon We define a transition  for every table entry: cond(  ): table-entry conditions, evaluated wrt current variable values: Mode  {Heat, Maintain}  Temp<175 asn(  ): bottom-level assignment Warning := off

48 SCR Condition Tables Variables AV’= AV  I AV  asn(  ) AV a ’= enabling AV cond(  ) outputs  controlled(V)  asn(  ) Macro semantics simple microstep RESETNEXT where AV – current variable values I – monitored (input) variable values O – controlled (output) variable values cond(  ) –  ’s enabling conditions controlled(V) – controlled (output) variables in V

49 SCR Condition Tables Variables AV’= AV  I AV  asn(  ) AV a ’= enabling AV cond(  ) outputs  controlled(V)  asn(  ) Macro semantics simple microstep RESETNEXT where AV – current variable values I – monitored (input) variable values O – controlled (output) variable values cond(  ) –  ’s enabling conditions controlled(V) – controlled (output) variables in V

50 SCR Condition Tables Variables AV’= AV  I AV  asn(  ) AV a ’= enabling AV cond(  ) outputs  controlled(V)  asn(  ) Macro semantics simple microstep RESETNEXT where AV – current variable values I – monitored (input) variable values O – controlled (output) variable values cond(  ) –  ’s enabling conditions controlled(V) – controlled (output) variables in V

51 SCR Condition Tables Variables AV’= AV  I AV  asn(  ) AV a ’= enabling AV cond(  ) outputs  controlled(V)  asn(  ) Macro semantics simple microstep RESETNEXT where AV – current variable values I – monitored (input) variable values O – controlled (output) variable values cond(  ) –  ’s enabling conditions controlled(V) – controlled (output) variables in V

52 SCR Condition Tables Variables AV’= AV  I AV  asn(  ) AV a ’= enabling AV cond(  ) outputs  controlled(V)  asn(  ) Macro semantics simple microstep RESETNEXT where AV – current variable values I – monitored (input) variable values O – controlled (output) variable values cond(  ) –  ’s enabling conditions controlled(V) – controlled (output) variables in V

53 SCR Event Tables ModeEvent Off X @T(Dial=bake) WHEN[Temp<SetT] @T(Dial=bake) WHEN[Temp  SetT] Heat @T(Dial=off) X @T(Temp  SetT) Maintain @T(Dial=off)@T(Temp<SetT-20] X Mode’ = OffHeatMaintain We define a transition  for every table entry: trig(  ): conditions becoming true @T(c); variables changing value @C(v) @T(Dial=bake) cond(  ): table-entry conditions, evaluated wrt values at start of step: (Mode old = Off)  (Temp old < SetT old ) asn(  ): bottom-level assignment Mode := Heat

54 SCR Event Tables ModeEvent Off X @T(Dial=bake) WHEN[Temp<SetT] @T(Dial=bake) WHEN[Temp  SetT] Heat @T(Dial=off) X @T(Temp  SetT) Maintain @T(Dial=off)@T(Temp<SetT-20] X Mode’ = OffHeatMaintain We define a transition  for every table entry: trig(  ): conditions becoming true @T(c); variables changing value @C(v) @T(Dial=bake) cond(  ): table-entry conditions, evaluated wrt values at start of step: (Mode old = Off)  (Temp old < SetT old ) asn(  ): bottom-level assignment Mode := Heat

55 SCR Event Tables ModeEvent OffX @T(Dial=bake) WHEN[Temp<SetT] @T(Dial=bake) WHEN[Temp  SetT] Heat @T(Dial=off) X @T(Temp  SetT) Maintain @T(Dial=off)@T(Temp<SetT-20] X Mode’ = OffHeatMaintain We define a transition  for every table entry: trig(  ): conditions becoming true @T(c); variables changing value @C(v) @T(Dial=bake) cond(  ): table-entry conditions, evaluated wrt values at start of step: (Mode old = Off)  (Temp old < SetT old ) asn(  ): bottom-level assignment Mode := Heat

56 SCR Event Tables ModeEvent Off X @T(Dial=bake) WHEN[Temp<SetT] @T(Dial=bake) WHEN[Temp  SetT] Heat @T(Dial=off) X @T(Temp  SetT) Maintain @T(Dial=off)@T(Temp<SetT-20] X Mode’ = OffHeatMaintain We define a transition  for every table entry: trig(  ): conditions becoming true @T(c); variables changing value @C(v) @T(Dial=bake) cond(  ): table-entry conditions, evaluated wrt values at start of step: (Mode old = Off)  (Temp old < SetT old ) asn(  ): bottom-level assignment Mode := Heat

57 SCR Event Tables Eventsenabling  e  trig(  ). [ e=@T(c)  (AV a  c)  (AV c ) ]  [ e=@C(v)  (Av a (c)  AV(c) ] Variables AV’= AV  I AV  asn(  ) AV a ’= AVAV a enabling AV a cond(  ) Outputs  controlled(V)  asn(  ) Macro semantics simple microstep RESETNEXT where AV – current variable values AV a – variable values from start of step I – new input-variable values cond(  ) –  ’s enabling conditions controlled(V) – controlled (output) variables in V

58 SCR Event Tables Eventsenabling  e  trig(  ). [ e=@T(c)  (AV a  c)  (AV c ) ]  [ e=@C(v)  (Av a (c)  AV(c) ] Variables AV’= AV  I AV  asn(  ) AV a ’= AVAV a enabling AV a cond(  ) Outputs  controlled(V)  asn(  ) Macro semantics simple microstep RESETNEXT where AV – current variable values AV a – variable values from start of step I – new input-variable values cond(  ) –  ’s enabling conditions controlled(V) – controlled (output) variables in V

59 An SCR specification is a network of these tabular functions, with variable dependences whose topological sort imposes a total ordering on tables: SCR Composition ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon ABCD FE ABECDF

60 An SCR specification is a network of these tabular functions, with variable dependences whose topological sort imposes a total ordering on tables: SCR composition is functional composition of the tables’ functions that maps one snapshot (SCR state) to its next snapshot using new variable values in downstream calculations SCR Composition ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon ModeCondition OffTrueX Heat, Maintain Temp < 175 Temp  175 Warning’ =offon ABCD FE ABECDF

61 A template for expressing the operational semantics of many model-based notations that reduces users’ effort in documenting a notation’s semantics results in succinct descriptions of notation semantics makes it easier to understand and to compare notations Summary

62 Questions?

63 current auxiliary enabling current input auxiliary enabling outputs current auxiliary enabling Macro semantics Priority Variables Events States RESETNEXT RESETNEXT Petri-NetsSDL Petri-Net, SDL Template Parameters

64 Automated generation of notation-specific analysis tools by treating an instantiated template as a model compiler that compiles a specification into its next-state relation which is a format that is suitable for computer-aided verification. Future Work

65 Goal: To generate model compilers from notations’ semantics. A model compiler compiles a specification into a more primitive representation, according to the notation’s computation model. An instantiated template is a model compiler. It defines a notation’s semantics in terms of allowable execution steps. Further Work

66 A succinct method for describing the semantics of a specification notation that Makes it easier to understand and to compare notations Makes it easier (possible) to compile specifications in a representation that is more suitable for automated analysis Summary

67 Current Status We have defined the generic template definitions enabled-transition, apply, init, micro-step, macro-step We have defined template parameters and composition operators for several popular notations various statecharts variants, RSML, SCR, SDL88, Petri-Nets, process algebras We have implemented a vertical slice of the Metro model- compiler generator to handle Basic State Transitions enabled-transition, apply, macro-step, interleaving composition,

68 Conclusions and Future Work

69 Example (original statecharts) RESET NEXT how snapshot is reset at start of macro-step how snapshot changes when transition  executes where CS - current events CS a - auxiliary state information (set of enabling states) entered(s) - states entered when s is entered ancestor(s) - ancestor states of s descend(s) - descendent states of s scope(  ) - lowest common ancestor of  ’s source and destination States CS’= CS entered(  )  ancestor(entered(  ) CS a ’= CS CS a – descend(scope(  )) enabling source(  )  CS a

70 Outputs Macro semantics Priority Comparing Notation Variants current auxiliary enabling current input auxiliary enabling current auxiliary enabling RESET NEXT RESET NEXT RESETNEXT statecharts RSML STATEMATE Variables Events States Agreement among All 3 notations Agreement among 2 notations

71 current auxiliary enabling current input auxiliary enabling current auxiliary enabling Outputs Macro semantics Priority Variables Events States Agreement among All 3 notations Agreement among 2 notations RESETNEXT RESET NEXT RESETNEXT statecharts RSML STATEMATE Comparing Notation Variants

72 Variant Event Semantics RESETNEXT where gen(  ) - events generated by transition  trig(  ) -  ’s triggering events intern_ev(E) - internal events in E RESETNEXT statecharts STATEMATE RESETNEXT RSML Events IE’=  IE  gen(  )  gen(  )  intern_ev( E )  gen(  ) I a ’= IIaIa I  I  IE a ’ enabling trig(  )  I a  IE

73 Variant State Semantics RESETNEXT where CS - current events CS a - auxiliary state information (set of enabling states) entered(s) - states entered when s is entered ancestor(s) - ancestor states of s descend(s) - descendent states of s scope(  ) - lowest common ancestor of  ’s source and destination RESETNEXT statechartsRSML, STATEMATE States CS’=CS entered(  )  ancestor(entered(  ) CS entered(  )  ancestor(entered(  ) CS a ’= CS CS a – descend(scope(  )) enabling source(  )  CS a source(  )  CS

74 Example (Harel’s original statecharts) RESET NEXT how snapshot is reset at start of macro-step how snapshot changes when transition  executes Variables AV’=AV AV  eval(asn(  ), AV a ) AV a ’= AV AV a enabling AV a cond(  ) where AV - current variable values AV a - old variable values (from start of macro-step) asn(  ) -  ’s variable assignments eval(X, Y) - evaluates expressions in X wrt values in Y cond(  ) -  ’s enabling conditions

75 Example (Harel’s original statecharts) RESET NEXT how snapshot is reset at start of macro-step how snapshot changes when transition  executes Variables AV’=AV AV  eval(asn(  ), AV a ) AV a ’= AV AV a enabling AV a cond(  ) where AV - current variable values AV a - old variable values (from start of macro-step) asn(  ) -  ’s variable assignments eval(X, Y) - evaluates expressions in X wrt values in Y cond(  ) -  ’s enabling conditions

76 Example (Harel’s original statecharts) RESET NEXT how snapshot is reset at start of macro-step how snapshot changes when transition  executes Variables AV’=AV AV  eval(asn(  ), AV a ) AV a ’= AV AV a enabling AV a cond(  ) where AV - current variable values AV a - old variable values (from start of macro-step) asn(  ) -  ’s variable assignments eval(X, Y) - evaluates expressions in X wrt values in Y cond(  ) -  ’s enabling conditions

77 Example (Harel’s original statecharts) RESET NEXT how snapshot is reset at start of macro-step how snapshot changes when transition  executes Variables AV’=AV AV  eval(asn(  ), AV a ) AV a ’= AV AV a enabling AV a cond(  ) where AV - current variable values AV a - old variable values (from start of macro-step) asn(  ) -  ’s variable assignments eval(X, Y) - evaluates expressions in X wrt values in Y cond(  ) -  ’s enabling conditions

78 Template Parameters RESETNEXT States current auxiliary enabling Events current input auxiliary enabling outputs Variables current auxiliary enabling Macro semantics Priority

79 AND-state Composition (original statecharts) Both components are enabled AND do not assign values to the same variables Both components execute simultaneously 1 Generated events are shared 2 Assignments to shared variables are resolved 2 OR An enabled component executes in isolation 1 Generated events are shared 2 Assignments to variables are shared 2 1 Components execute via their micro-step template definition. 2 Components use their template parameters to receive shared events and variable values

80 SCR Composition (functional composition) N (ss, , ss’) TO  ss’ = N ( … ( N ( N ( ss,  1 ),  2 ), … ),  n )   = {  1,  2, …,  n }   i  n. [  i = enabled_trans ( N ( … ( N ( ss,  1 ), … ),  i-1 ), T TO[i] ) ] fun_comp micro TO[n]TO[2]TO[1] micro TO[i-1] micro TO[1]

81 SCR Composition (functional composition) N (ss, , ss’) TO  ss’ = N ( … ( N ( N ( ss,  1 ),  2 ), … ),  n )   = {  1,  2, …,  n }   i  n. [  i = enabled_trans ( N ( … ( N ( ss,  1 ), … ),  i-1 ), T TO[i] ) ] fun_comp micro TO[n]TO[2]TO[1] micro TO[i-1] micro TO[1] There is a micro-step from ss to ss’, via transitions 

82 SCR Composition (functional composition) N (ss, , ss’) TO  ss’ = N ( … ( N ( N ( ss,  1 ),  2 ), … ),  n )   = {  1,  2, …,  n }   i  n. [  i = enabled_trans ( N ( … ( N ( ss,  1 ), … ),  i-1 ), T TO[i] ) ] fun_comp micro TO[n]TO[2]TO[1] micro TO[i-1] micro TO[1] Given a total ordering, TO, over the specification’s n functions (tables) There is a micro-step from ss to ss’, via transitions 

83 SCR Composition (functional composition) N (ss, , ss’) TO  ss’ = N ( … ( N ( N ( ss,  1 ),  2 ), … ),  n )   = {  1,  2, …,  n }   i  n. [  i = enabled_trans ( N ( … ( N ( ss,  1 ), … ),  i-1 ), T TO[i] ) ] fun_comp micro TO[n]TO[2]TO[1] micro TO[i-1] micro TO[1] Given a total ordering, TO, over the specification’s n functions (tables) There is a micro-step from ss to ss’, via transitions  ss’ = the functional composition of the tables’ functions, applied in the total order TO, starting from ss.

84 SCR Composition (functional composition) N (ss, , ss’) TO  ss’ = N ( … ( N ( N ( ss,  1 ),  2 ), … ),  n )   = {  1,  2, …,  n }   i  n. [  i = enabled_trans ( N ( … ( N ( ss,  1 ), … ),  i-1 ), T TO[i] ) ] fun_comp micro TO[n]TO[2]TO[1] micro TO[i-1] micro TO[1] Given a total ordering, TO, over the specification’s n functions (tables) There is a micro-step from ss to ss’, via transitions  ss’ = the functional composition of the tables’ functions, applied in the total order TO, starting from ss. one transition (i.e., variable assignment) from each table.

85 SCR Composition (functional composition) N (ss, , ss’) TO  ss’ = N ( … ( N ( N ( ss,  1 ),  2 ), … ),  n )   = {  1,  2, …,  n }   i  n. [  i = enabled_trans ( N ( … ( N ( ss,  1 ), … ),  i-1 ), T TO[i] ) ] fun_comp micro TO[n]TO[2]TO[1] micro TO[i-1] micro TO[1] Given a total ordering, TO, over the specification’s n functions (tables) There is a micro-step from ss to ss’, via transitions  ss’ = the functional composition of the tables’ functions, applied in the total order TO, starting from ss. one transition (i.e., variable assignment) from each table. each transition  i is enabled after the functional composition of transitions  1 …  i-1

86 SCR Composition (functional composition) N (ss, , ss’) TO  ss’ = N ( … ( N ( N ( ss,  1 ),  2 ), … ),  n )   = {  1,  2, …,  n }   i  n. [  i = enabled_trans ( N ( … ( N ( ss,  1 ), … ),  i-1 ), T TO[i] ) ] fun_comp micro TO[n]TO[2]TO[1] micro TO[i-1] micro TO[1] Given a total ordering, TO, over the specification’s n functions (tables) There is a micro-step from ss to ss’, via transitions  ss’ = the functional composition of the tables’ functions, applied in the total order TO, starting from ss. one transition (i.e., variable assignment) from each table. each transition  i is enabled after the functional composition of transitions  1 …  i-1

87 current auxiliary enabling current input auxiliary enabling outputs current auxiliary enabling Macro semantics Priority Variables Events States Agreement among All 3 notations Agreement among 2 notations RESETNEXT RESET NEXT RESETNEXT statecharts RSML STATEMATE Comparing Notation Variants No AgreementUnused

Download ppt "Understanding and Comparing Model-Based Specification Notations Jianwei Niu, Joanne Atlee, and Nancy Day University of Waterloo."

Similar presentations

Formal Methods in Software Engineering

Formal Methods in Software Engineering
UML Statechart semantics Speaker: Fei Mo Tutor: Priv.-Doz. Dr. Thomas Noll Lehrstuhl für Informatik 2 RWTH Aachen SS 07.

UML Statechart semantics Speaker: Fei Mo Tutor: Priv.-Doz. Dr. Thomas Noll Lehrstuhl für Informatik 2 RWTH Aachen SS 07.
Statecharts Semantics

Statecharts Semantics
Models of Concurrency Manna, Pnueli.

Models of Concurrency Manna, Pnueli.
Vered Gafni – Formal Development of Real Time Systems 1 Statecharts Semantics.

Vered Gafni – Formal Development of Real Time Systems 1 Statecharts Semantics.
Week 6Fall 2001 CS5991 The STATEMATE Semantics of Statecharts D. Harel and A. Naamand Ahmad Alsawi 1-4 Bob Chen 5-8 Dapeng Xie 9-11.

Week 6Fall 2001 CS5991 The STATEMATE Semantics of Statecharts D. Harel and A. Naamand Ahmad Alsawi 1-4 Bob Chen 5-8 Dapeng Xie 9-11.
©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 12Slide 1 Software Design l Objectives To explain how a software design may be represented.

©Ian Sommerville 2000 Software Engineering, 6th edition. Chapter 12Slide 1 Software Design l Objectives To explain how a software design may be represented.
CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.

CS 290C: Formal Models for Web Software Lecture 4: Implementing and Verifying Statecharts Specifications Using the Spin Model Checker Instructor: Tevfik.
Temporal Specification Chris Patel Vinay Viswanathan.

Temporal Specification Chris Patel Vinay Viswanathan.
Models of Computation for Embedded System Design Alvise Bonivento.

Models of Computation for Embedded System Design Alvise Bonivento.
©Ian Sommerville 2000Software Engineering, 6/e, Chapter 91 Formal Specification l Techniques for the unambiguous specification of software.

©Ian Sommerville 2000Software Engineering, 6/e, Chapter 91 Formal Specification l Techniques for the unambiguous specification of software.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 10 Slide 1 Formal Specification.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 10 Slide 1 Formal Specification.
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Formal Specification.

©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 10 Slide 1 Formal Specification.
Lecture 6 Template Semantics CS6133 Fall 2011 Software Specification and Verification.

Lecture 6 Template Semantics CS6133 Fall 2011 Software Specification and Verification.
Ch.2 Part A: Requirements, State Charts EECE **** Embedded System Design.

Ch.2 Part A: Requirements, State Charts EECE **** Embedded System Design.
Lecture 4 Finite State Machine CS6133 Software Specification and Verification.

Lecture 4 Finite State Machine CS6133 Software Specification and Verification.
Requirements Expression and Modelling

Requirements Expression and Modelling
Mapping Specification Notations to Analysis Tools

Mapping Specification Notations to Analysis Tools
©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 9 Slide 1 Formal Specification l Techniques for the unambiguous specification of software.

©Ian Sommerville 2000Software Engineering, 6th edition. Chapter 9 Slide 1 Formal Specification l Techniques for the unambiguous specification of software.
An Introduction to Software Architecture

An Introduction to Software Architecture

Similar presentations

Ads by Google