(meta)model s a nd t ransformation s ! thinking aids for the engineer - a case study
DESCRIPTION
(Meta)model s a nd t ransformation s ! thinking aids for the engineer - a case study. András Pataricza Budapest University of Technology and Economics Department of Measurement and Information Systems [email protected]. Abstract State Machines. References. Methodology. Guideline. - PowerPoint PPT PresentationTRANSCRIPT
(Meta)models and transformations ! thinking aids for the engineer -
a case study
András Pataricza
Budapest University of Technology and EconomicsDepartment of Measurement and Information Systems
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 2
Abstract State Machines
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 3
References
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 4
Methodology
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 5
Guideline
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 6
Contents
Qualitative fault
modeling
Motivation
Semantics definition
UML activity diagrams
Qualitative modeling
Summary
ASM foundations
UML 2.0
foundations
fault modeling
error propagation
Application to UML AD
ASM based modeling
Extended modeling
Formal semantics for UML diagrams
UML 2.0 provides only a verbal semantics definition.
How can a formal semantics derived from it ?
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 8
Qualitative fault
modeling
Motivation
Semantics definition
UML activity diagrams
Qualitative modeling
Summary
ASM foundations
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 9
Requirements for a specification language
Scope
Preciseness
Easy to understand• Programming language-like notations, auto-documentation• No enforced details• Hierarchical modeling, refinement
Transformability• Support of verification and validation• Support of implementation
Something in between or better SIMULTANEOUSLY mathematics and programming language
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 10
ASM Basics
Signature (vocabulary) finite collection of function names.
Each function name f:• Arity, a non-negative integer.
– Nullary: „constant”
Function names: • static or • dynamic.
Static constants{undef , true, false} 2 every ASM signature .
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 11
Function scheme
Function f1
Location
Location
Location
Variableassignement
Content
f(a1 ... an)
f(a’1...a’n)
f(a”1...a”n) undef
(x1,x2...xn)
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 12
Constant
Input variable
False
Undef
Constant
True
Function name
Signature
1..*
0..1
0..*
#arity 0..*0..10
Function f1
Location
Boolean algebra
Restriction of the domains
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 13
Function types
Shared (INOUT)
Monitored (IN)
Basic
Controlled
Derived
OUT
DynamicStatic
Functions
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 14
Static function
Shared (INOUT)
Monitored (IN)
Basic
Controlled
Derived
OUT
DynamicStatic
Functions
Function f1
Location
Location
Location
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 15
Function typesSystem
Monitored
Shared
Out
fshared(x)
fmonitored(x)
fout(x)
fcontrolled(x)
dynamic
fcontrolled(x)
staticControlled
Controlled
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 16
State
A state A for a signature • Superuniverse: a set |A| ;• Interpretation fA of each function name f
– if f is a constant fA 2 |A|– if f is a n-ary function name: fA: |A|n £ |A|
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 17
Update
Elementary update: a pair (l,v) l is a location
v 2 |A| is the designated new value at l
Trivial update: v=A(l) i.e. the new vaule is the same as the old one
U update set: set of updates
U consistent update set:No clashing updates:
8 l, 8 v,w: if (l,v) 2 U and (l,w) 2 U then v=w
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 18
Firing
Execution of upgrades • simultaneously from the (consistent) update set, • content of the locations not included: unaltered
Consistent update set UInitial state: AFiring: A ) (A + U)New state: (A + U)Contents: (A + U)(l) = if (l,v) 2 U then v
else A(l)
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 19
ASM
Abstract State Machine M
• signature • initial states for • rule declarations
• main rule name of the machine– arity zero
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 20
ASM machine
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 21
Basic ASM constructs
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 22
Formal semantics
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 23
Run of an ASM
A finite or infinite sequence of states such
• the initial state is A0
• either for all n 2 N+ a consistent update results in a An ! An+1 move
• or there is no more consistent update set and An is the final state
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 24
Isomorphism
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 25
Refinement and abstraction
Equivalence of states
Correctness: each refined has an abstract counterpart
Completeness: each abstract has a refined counterpart
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 27
Basic structure
DFN nodeinput channels
output channelsFSM
non-deterministicfiring rules
FIFO
DFN nodeFIFO
FIFO
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 28
Definition of a dataflow node
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 29
Definition of the FIFO
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 30
ASM program of the FIFO
length
tail head
Previous processed
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 31
ASM program of a node
Compile time
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 32
ASM program of a node Interpretation is defined by:
number(headi)
¸ Xin,r(i)
Interpreted DFN models:• Coloured tokens• Number of tokens – vector• Comparison – by vector components
Non-interpreted DFN:• Simple tokens• Numbers and comparison scalars
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 33
Abstraction - refinement
In order to show correctness:
Only to show, that• Total number of tokens is a homomorphism• Comparison as a relation is a homomorphism
5
2
3
4
6
20
2
1
1
5
3
12≥
≥
≥
≥
≥
≥
Uninterpreted
Interpreted
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 34
Some conclusions on ASM programs• Non-procedural programs• Simultaneously executed blocks
and not the order of instructions• Resemble to HDLs• Signals– Interaction of modules– Synchronization
• Refinement/ abstraction : correctness / completeness proven by the check of attributes of the elements
UML activity diagrams
Case study: how effective is ASM based modeling
Done for UML 1.x by Börger et al.
AUTOMATED DERIVATION OF ERROR PROPAGATION MODELS FROM UML MODELS?
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 36
Qualitative fault
modeling
Motivation
Semantics definition
UML activity diagrams
Qualitative modeling
Summary
UML 2.0
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 37
Activity diagram
Basically: a data flow network (DFN). • representation of data and control information.• directed graph
– hierarchical composition of activity nodes • activity• action
– activity edges – coloured token flows
• Partitions
• Interruptible regions and exceptions
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 38
Activity models
Coordination between the lower-level behaviors
• event oriented , – termination of an action producing output tokens, – events from the outside environment generating tokens at interface nodes,– arrival of data or control at an action component
• Option: reentrant
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 39
Nodes
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 40
Activity levels in UML 2.0
Control sequencing
No concurrency
Fork, join
Object nodes
object flows, multicast, xform of
tokens, edge weights
interruptible regions,
exceptions
Structured programming
Structured hierarchies
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 41
Actions• Primitive functions:
– user defined transformations on data
• Invocations of behavior – other activities – other types of behavior
• Invocation hierarchies invoking– other activities.– inter-behavior communication by signals (multicast / multireceive).
• Read, write create and delete operations on • variables, • objects • links
• Flow-of-control
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 42
Example:variable actions
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 43
Example: invocation
actions
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 44
Basic action node frame
ActionNode(n) =
FSM(n; action; next(n)) where
action = if active(n) and guard and correctMultiplicity(n) then
act
forall L 2 dynArgs(n) with guard(L) = true do act(L)
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 45
Control nodes
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 46
Decision node
Selection from alternatives
node ( in; (condi) i · k ; (outi) i · k )
ASM:
DecisionNode(n) =
FSM(n; test; next (n; min {i · k | condi}))
where test = if active (n) then skip
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 47
Object node
Intermediate buffer • objects and data between activity or action nodes. • Selection policies
– Simplest case: multiset– CompleteActivities:
• FIFO, LIFO, user defined- a behavior associated to the object node);
• Optional upper bound on the number of tokens in the node (capacity bounded Petri-nets) • Specification of the state of tokens required • A special case: DataStoreNode,
– central buffer node for non-transient information.
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 48
Short summary
UML diagrams can be captured by ASMs• A few of frames• Mapping of non-graphical constructs to ASMs
– Guards– Additional user defined behavioral specification
• Elementary proofs for standards compliance1 phrase ) 1 simple proof (trace)
• Future: – MDA– Microsoft provides technology for .net
Qualitative fault modeling
A natural way for abstraction in diagnosis problems
CAN WE DERIVE ERROR PROPAGATION MODELS IN AN AUTOMATED WAY FROM ASM MODELS?
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 50
Qualitative fault
modeling
Motivation
Semantics definition
UML activity diagrams
Qualitative modeling
Summary
foundations
fault modeling
error propagation
Application to UML AD
ASM based modeling
Extended modeling
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 51
Basic idea of qualitative fault modeling
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 52
ObjectiveBasic idea: • keep only, wheter the actual and reference values are identical • non-deterministic modeling
– IF-THEN-ELSE ) CHOOSE
Design• frequently incomplete specification• preliminary estimation of fault / error effectsAnalysis• complexity problems
– interpreted 10120
– uninterpreted 101600
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 53
Applications
Origins: mid-nineties (York, TUB)
A few qualitative values (good, faulty, early, late)
Applications: • industrial models (Daimler-xxx)• railway interlocking systems (Yellow book of the BR)• e-Business processes
Experiences:• effective both in modelling and analysis• Consistency between the qualitative and refined model ?• Automated derivation / checking ?
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 54
Example: e-Business
trip announcement
Log in
Program selection
Displaying program details
/Data: Program list
/Data: Username/Organisation: Tour
operator
/Data: Profit calculations
/Data: Password
Bad username or password
Login OK
Specifying trip details
/Data: Departure time
/Data: Price
/Infrastructure: Bus
Deficit
Profitable
Announce trip
/Organisation: Touroperator
/Organisation: Touroperator
/Data: Min. #ofParticipants
Resource allocation/Organisation: Tour
operator
/Infr.: Restaurant
/Infr.: Travel guide
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 55
Abstraction and analysis
Mostly correctness, but no completeness• Conclusion:
the abstract model covers non-existing refined ones
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 56
Principle of semi-decisions
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 57
Model construction
Basic idea:• fault modeling: resources• error propagation:
– simultaneous tracing of the reference and erroneous runs
– both propagate through the same (fault-free) components
– reduction of the (reference, erroneous) value pair to a single value {identical, different}
– domain reduction from n2 to 2 at each node !
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 59
UML General Resource ModelResourceUsage
StaticUsage DynamicUsage
Client
QoSValue+RequiredQoS
1..*
0..*
ResourceInstance1..*
+usedResources
1..*
+OfferedQoS
0..*
0..*
QoScharacteristic
+instance0..*
+type
*
Scenario
ResourceInstance
1..*
+usedResources1..*
ResourceServiceInstance
1
1..*
+OfferedQoS
0..*
0..*
QoSValue
ActionExecution
1
+step (ordered)1..*
+RequiredQoS
1..*
0..*
1..*
+usedServices
1..*
+instance0..*
+type
*
+successor
0..*
+predecessor
0..*
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 60
Fault modeling by GRM
Architecture design
+op1()::qualitative()
-attr_11::qualitative : Class1 = good
Class1
+op_21()::qualitative()
-attr_12::qualitative : int = good
Class2
Resources (GRM)
Resource1Resource2
«uses» «uses»
Resource_instance (state good/faulty)
Resource_manager
-ctrl*
-reacts*
Fault injector
Fault selection and activation
• Model of the inter-actions with resources via GRM• Insertion of (qualitative) faults at the resources• Error propagation through the scenarios
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 62
Interpreted statechart
State1
State21
e1 [x>26 & y<112] / on(light(x))
State22
e2 [x<=26] / off(light(x-1))
e33
[x>21] / on(light(x))
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 63
Non-interpreted
State1
State21
e1 [max(x,y)=potentially_faulty] / on(light(x))
State22
e2 [x=potentially_faulty] / off(light(x))
e33
[x=potentially_faulty] / on(light(x))
Illegale1 [max(x,y)=illegal]
[x=illegal]e2 [x=potentially_faulty]
e1 [max(x,y)=potentially_faulty]
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 64
Error propagation analysisError
propagation
Functional description(fault free case)
ASMphysicalcarrier
ASMcomputation
value
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 65
Error propagation – different valuesError
propagation
Functional description(fault free case)
Valueconstraint
Valueconstraint
ASMphysicalcarrier
Valueconstraint
ASMcomputation
value
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 66
Simplification into a single modelError
propagation
Functional description(fault free case)
Valueconstraint
ASMphysicalcarrier
ASMqualitative
Valueconstraint
Valueconstraint
ASMcomputation
value
Reduction:• do not trace the exact values• difference between the reference and erroneous run
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 67
Diagnosis problem single reference, single observation
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 68
(FT) scenario check –single reference – multiple erroneous runs
Qual itative model
Detail ed model
Qualitative run
Different DifferentDifferent
Equal Equal
{Erroneous run}
Reference run
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 69
Architecture FT analysis –multiple references – multiple erroneous runs
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 70
Basic idea of the transformation
Transformation of the model:• Transformation of individual ASM constructs
Example: Update ) Qualitative update
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 71
Basic ASM constructs
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 72
Qualitative transformation of the basic ASM constructs
Can be done for individual variables:• selected data
– what if the date is wrong– what if the price is wrong
• selected control states– the system is a wrong state
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 73
Basic action node frame qualification
ActionNode(n) =
FSM(n; action; next(n)) where
action = if active(n) and guard and correctMultiplicity(n) then
act
forall L 2 dynArgs(n) with guard(L) = true do act(L)
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 74
„Impressions” on activity diagrams
Majority of the elements:• Transformation type – propagation• Manipulation of data structures - multiple errors• Propagation through object nodes
– multiple paths – equivalent to fanout at the gate level)
• Decision - randomization• Individual analysis for primitive actions
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 76
Extended qualitative model
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 77
Qualitative values
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 78
Qualitative fault
modeling
Motivation
Semantics definition
UML activity diagrams
Qualitative modeling
Summary
Budapest University of Technology and EconomicsDepartment of Measurement and information Systems 79
Summary
A precise semantics • supports derivation
– any derived modeling problem – solvable in an algorithmic way
• solution at the language level– elementary transformation steps– objective appears as transformation object selection
• variety of modelling goals – embedded into the transformation