safety-liveness semantics for uml 2.0 sequence diagrams radu grosu suny at stony brook
DESCRIPTION
Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook. Joint work with Scott A. Smolka. Scenario-Based Specifications. Convenient way of describing interaction among reactive systems, i.e.: Systems where termination is rather an error - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/1.jpg)
Safety-Liveness Semantics forUML 2.0 Sequence Diagrams
Radu Grosu SUNY at Stony Brook
Joint work with Scott A. Smolka
![Page 2: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/2.jpg)
• Convenient way of describing interaction among reactive systems, i.e.:
- Systems where termination is rather an error than an expected behavior.
• Have become an integral part of all modern software engineering design methods:
- SDL and ROOM MSC (message sequence charts), UML SD (sequence diagrams).
Scenario-Based Specifications
![Page 3: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/3.jpg)
Reactive Systems
Commercial Aircraft
Medical devices
Household devicesTelecommunication
Nuclear PowerPlants
Automobiles
![Page 4: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/4.jpg)
UML 2.0 SD Simplified Syntax
m nb
sd ackname of SD body of SD
process name process lifeline
receive event send event
message
Positive SD: describes traces that are valid and should be possible
![Page 5: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/5.jpg)
UML 2.0 SD Simplified Syntax
negative qualification
Negative SD: describes traces that are invalid and should not be
possible
m nc
neg sd nack
![Page 6: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/6.jpg)
UML 2.0 SD Simplified Syntax
m na
sd init
m nb
sd ack
m nc
neg sd nack
sd iod
initrefack
nackref
ref
High level SD (IOD)
synchronous/asynchronous sequencing
![Page 7: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/7.jpg)
UML 2.0 SD Full Syntax
m n
a
sd nsd
neg m na
neg sd ng
ngref
sd nsd
sd asd
a
bref
ref
m n
a
sd asd
b
alt
m na
sd a
m nb
sd b
![Page 8: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/8.jpg)
UML 2.0 SD Semantics?
m na
sd rs
This is not a reactive system!
What about asynchronous message passing?
m:n!a n:m?a
Lang(rs) = {m:n!a n:m?a}
rs
Closed world semantics:
![Page 9: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/9.jpg)
Positive SD Semantics?
m na
sd rs m:n!a n:m?a
Büchi automaton!
L(rs) = {* m:n!a * n:m?a }
rs
What about refinement?
tau transitions
![Page 10: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/10.jpg)
Positive SD and Refinement?
m na
sd rsm:n!a n:m?a
Liveness Büchi automaton!
rs
liveness closurem n
b
sd rs,
~m:n!a ~n:m?a
chaos closure
L(rs) = {* ~m:n!a (,), * m:n!a * ~n:m?a (,), * n:m?a * m:n!a * n:m?a (,) }
![Page 11: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/11.jpg)
Negative SD Semantics?
m nc
neg sd nack
Safety Büchi automaton!
L(nack) = { , * n:m!c , * ~n:m!c (,), * n:m!c * ~m:n!c (,) }
n:m!c m:n?c
nack
n:m!c m:n?cnack
,
~m:n?c~n:m!ccomplement + safety closure
![Page 12: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/12.jpg)
High Level SD Semantics
sd iod
initrefack
nackref
ref
initnack
ack
initack
Positive SD:
- remove all negative nodes and all their associated transitions.
initnack
ack
Negative SD:
- turn negative nodes into accepting sink nodes. Others nonaccepting.
![Page 13: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/13.jpg)
HSD Positive Semantics
,
~m:n!a ~n:m?a
m:n!a n:m?aliod n:m!b m:n?c
,
~n:m!b ~m:n!c
m:n!a n:m?a piod n:m!b n:m!b
init ack
![Page 14: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/14.jpg)
m:n!a n:m?aniod
init
nack
ack
n:m?cn:m!c
n:m!b n:m?b
HSD Negative Semantics
m:n!a n:m?asiod n:m!c
~n:m?c
n:m!b
n:m?b ~n:m?b
~n:m!c~n:m?a~m:n!a
,
![Page 15: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/15.jpg)
HSD Semantics
• Parallel composition of:
- Liveness Büchi automaton- Safety Büchi automaton
• Example:
- Iod automaton: iod = liod siod - Note: Lang(iod) = Lang(liod) Lang(siod)
![Page 16: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/16.jpg)
SD Refinement
• Definition: Let S1 and S2 be two SDs. Then:
- S1 S2 iff Lang(S1) Lang(S2)
• Theorem: Let S, T and U be three bounded SD and assume that S* and T* are bounded,
too. Then:
1. if S T then U S U T
2. if S T then (S)* (T)*
3. if S T then S + U T + U and U + S U + T4. if S T then S || U T || U and U || S U || T
![Page 17: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/17.jpg)
Examples of Refinement
initref initref ackrefSequential:
ackref Alternative:
ack
nackref
ref
![Page 18: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/18.jpg)
Examples of Refinement
Star?initref ackrefinitref
ack
nackref
refinitref
ackrefinitrefStar:
![Page 19: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/19.jpg)
Related Work
• PA and PO (Mauw, Alur, Muscholl, Peled, …): – Not compositional. Not interested in compositionality.
• Live SC (Damm, Harel, Kugler):– Elegant, alternative AT solution. Departure from UML.
• Triggered MSC (Cleaveland, Sengupta): – Prescriptive/constraint-based. Must preorder.
• STAIRS (Haugen, Stoelen):– Open semantics. Not fully formalized.
• Other semantics (Broy, Knapp, Krüger,…):– Also depart from closed world semantics.
![Page 20: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/20.jpg)
Conclusions
• Presented an Automata-theoretic semantics that solves in a simple and elegant way one of the main open questions about UML 2.0 SD:
– How to assign a precise meaning to a set of SD without compromising refinement?
• Provides a direct technique for checking SD refinement in a compositional way.
• Supports the development of a general purpose MC for property and refinement checking.
![Page 21: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/21.jpg)
Rough Complexity Analysis
• Translation of HSD to Pos/Neg FA:
- linear time (in the size of the HSD).
• Translation of Pos/Neg FA to Safe/Live BA:
- exponential due to flattening,
• Complementation hard:
- double exponential due to BA.
• In practice:
- avoid flattening for synchronous sequencing? - special kind of BA with simple complementation.
![Page 22: Safety-Liveness Semantics for UML 2.0 Sequence Diagrams Radu Grosu SUNY at Stony Brook](https://reader035.vdocuments.net/reader035/viewer/2022062500/5681514f550346895dbf7236/html5/thumbnails/22.jpg)