Download presentation
Presentation is loading. Please wait.
Published byRandolph Chandler Modified over 9 years ago
1
Basic Protocols, Message Sequence Charts, and the Verification of Requirements Specifications A. Letichevsky, J. Kapitonova, A. Letichevsky Jr., V. Volkov Glushkov Institute of Cybernetics, National Academy of Science, Kiev, Ukraine ISS Ltd S. Baranov, V. Kotlyarov Motorola, St.Petersburg, Russia T. Weigert Motorola, Schaumburg, Illinois, United States WITUL04
2
2 Nov 2004 WITUL Verdict MSC Using formal methods in requirement capturing Informa l reqs related to behavior Formalization Review Generating traces START Manual Automated Formal models Basic Protocols Scenarios MSC UML Formal Specs Proving annotations Checking consistency Testing scenarios MSC Verified requirements
3
2 Nov 2004 WITUL Requirement Specification Languages Temporal Logic linear/branching, propositional/predicate -calculus propositional/predicate Logics Process Algebras CCS, CSP, pi-calculus,… Automata Buchi, Muller, … ASM Dynamics Basic protocols Annotated scenarios Extended MSC,SDL,UML Agents and Environments (insertion programming)
4
2 Nov 2004 WITUL Basic Protocols SYRaSRMenu 430 Upon determining that the setup greeting prompt has been completed and if a Voice Recognition Session is active and menu level is “Main Phone Setup” then the system shall request the audio input channel and shall allow the user session silence timeout time to speak a voice command. SYRaCSTATE 701 While in the no phone call state and upon detecting that the Selected Device is set to a valid device and the Selected Device’s call status indicates a call in progress, the system shall assume it is in cip. Precondition Postcondition Process Parameters Attributes
5
2 Nov 2004 WITUL postcondition: (DAP d.group_list := (m,DAP d.group_list) & MS(m, idle) MS m ACG aDAP d precondition: DAP(d, paging m) & ACG(a, serving d) & (MS m.serving_acg = a) & valid m & not_empty(DAP d.page_list) postcondition: (DAP d.paging_ms := head (DAP d.page_list)) & (DAP d.page_list := tail (DAP d.page_list)) & MS (m, respond a) & DAP(d, paging(DAP d.paging_ms)) MS m ACG aDAP d precondition: MS(m, respond a) & ACG(a, serving d) Two basic protocols with MSC diagrams
6
2 Nov 2004 WITUL What is new? Not Hoare like triples, but * Special language of pre- and postconditions based on the model of interaction of agents and environments * The algebra of basic protocols * Applications to real life projects Using MSC is not essential. It can be UCM, wave diagr,… Important is interpretation as behaviors of transition systems.
7
2 Nov 2004 WITUL The logic language is based on interaction of Agents and Environments n agent environment agent environment Insertion function
8
2 Nov 2004 WITUL Agents Labeled or attributed (states are labeled by attribute values) transition systems with terminal and divergent states considered up to bisimilarity s' s a div term Δ a aa b a Δ a.0+a.b.(a.0+a. Δ+ Δ) Behaviors Continuous complete behavior algebra F(A) over action algebra А (vs. final coalgebra) Recursive definitions can be used to extend the signature: (x 1 :z 1,…,x n :z n )
9
2 Nov 2004 WITUL Environments Agent E over action set C with continuous insertion function Ins Insertion equivalence of agents: Multilevel environments:
10
2 Nov 2004 WITUL Agents and environments for basic protocols Environment: attributed transition system Аgents: types, ids, behaviors, state assumptions: phone(m, idle), agent attributes: phone m.f(x 1,x 2,…) Preconditions: 1-st order statements about attributes and agent states. Postconditions: the same as preconditions + assignments Scenarios: composition of basic protocols System: covers all possible scenarios
11
2 Nov 2004 WITUL Phone n Network phone(n,idle) phone(n, dial) offhook n dialtone n Phone m Phone n Network phone(m,dial) dial(m,n) phone(m, dial n) call setup initial call setup dialing 1 Precondition Postcondition Two basic protocols for telephone system
12
2 Nov 2004 WITUL call setupdialing 2 call setup failure 2 Phone m Network Phone n phone(m, dial n) & ~(valid n) phone(m, busy) busy phone(m, dial n) & valid n phone(m, ringing n) & phone(n,ringing) ring Phone m Network Phone n Two more protocols
13
2 Nov 2004 WITUL Phone m Network Phone n phone(m,idle) offhook dialtone dial(m,n) when valid n anno phone(m, ringing n) when ~(valid n) anno phone(m, busy) alt ring busy ПостусловиеAnnotations Guarded conditions Initial condition Annotated scenario
14
2 Nov 2004 WITUL environment( attributes: obj(Nil); parameters: obj(Nil); agent_types: obj( phone:obj( valid:symb, cw:symb, twc:symb, connector:bool, onhook:int, number:int ) ); axioms:Nil; reductions:(x)( equ_zero(0)=1, equ_zero(x)=0 ); instances: … agents: … initial: … ); Environment description for telephone example instances: (Phone 1, Phone 2, Phone 3, Phone 4, Network); agents: obj( p1:phone, p2:phone, p3:phone, p4:phone ); initial: env( obj( attributes: obj(Nil); agent_attributes:obj( p1:obj(valid:1,cw:0,twc:0,connector:0,onhook:0,number:1), p2:obj(valid:1,cw:0,twc:0,connector:0,onhook:0,number:2), p3:obj(valid:1,cw:0,twc:0,connector:0,onhook:0,number:3), p4:obj(valid:1,cw:0,twc:0,connector:0,onhook:0,number:4) ); numeric_restrictions: 1; logic_restrictions:Nil ), state(phone(p1,idle),phone(p2,idle), phone(p3,idle),phone(p4,idle)) )
15
2 Nov 2004 WITUL System defined by basic protocols For MSC diagrams it is a weak sequential composition Behavior of a system in a state with property alpha Environment transition
16
2 Nov 2004 WITUL Partially sequential composition Permutable Not commute Not permutable permutability
17
2 Nov 2004 WITUL Predicate transformers Predicate transformer: Example: postcondition: (DAP d.paging_ms := head (DAP d.page_list)) & (DAP d.page_list := tail (DAP d.page_list)) & MS (m, respond a) & DAP(d, paging(DAP d.paging_ms)) easy case What will be after? more general case
18
2 Nov 2004 WITUL Main verification problems Consistency and completeness of basic protocols Decomposition of scenarios to basic protocols Annotation consistency of scenarios composed by basic protocols (implemented for MSC and SDL) Reachability in the system defined by basic protocols Solved in verification environment of VRS. Integration of modeling and automatic theorem proving
19
2 Nov 2004 WITUL Inconsistent protocols (feature interaction between 3way Calling and Call Waiting) Protocol 3way teardown 2 Phone n Phone k Network Phone m phone(m, dial) phone(n, dial) phone(k, idle) phone(k,3way connect(m&n) ) dialtone onhook dialtone Phone k Phone m Phone n Network phone(m, idle) phone(k,connected n)& phone k.cw:=0 phone(k,connected m)& phone(n,cw_wait k) flash busy onhook Protocol cw teardown 1 phone(m,dial) & phone(n,dial)
20
2 Nov 2004 WITUL Phone m Phone n Phone k Network Phone z Phone m dial dialtone offhook ring offhook dialtone dial ring offhook flash offhook dialtone dial k ring flash anno phone(z,3way connect(m&k)) anno phone(k,connected z)&phone(n,cw wait k) Scenario confirming inconsistency phone(z,connected m) phone(k,connected n) phone(z,dial) pone(m, 3way wait z) phone(k,connected z) phone(n, cw wait k)
21
2 Nov 2004 WITUL Inconsistent state k m n z 3 way connect m&k n cw_wait k onhook z ??? phone(k,dial) phone(k,connected n)
22
2 Nov 2004 WITUL Piloting VRS
23
2 Nov 2004 WITUL Next project where VRS will be applied contains about 10 000 requirements. Special technology is under development to reduce states and trace spaces. What next? More UML to logic language
24
2 Nov 2004 WITUL
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.