Contents Lecture 1: Introducing UML for Mobility Lecture 2: - - PowerPoint PPT Presentation

contents
SMART_READER_LITE
LIVE PREVIEW

Contents Lecture 1: Introducing UML for Mobility Lecture 2: - - PowerPoint PPT Presentation

Nov 13, 2022 123 likes •281 views

Contents Lecture 1: Introducing UML for Mobility Lecture 2: Refining Mobility Designs Refining mobility activities Refining mobility in sequence diagrams A semantic approach to refinement: Mobile TLA Lecture 3: Property-driven

slide-1
SLIDE 1

Contents

Lecture 1: Introducing UML for Mobility Lecture 2: Refining Mobility Designs

– Refining mobility activities – Refining mobility in sequence diagrams – A semantic approach to refinement: Mobile TLA

Lecture 3: Property-driven Development of Mobile Systems

  • M. Wirsing: UML for Global Computing

1

slide-2
SLIDE 2

A Semantic Approach to Refinement: Mobile TLA

UML for mobility

– semi-formal graphical notation – semantics and formal fondation non-obvious – no notion for reasoning on mobile systems – no abstract notion of refinement

Existing formalisms for mobile systems

– mostly calculi, some with associated logics – “intensional” semantics, reflecting process structure – no good notions of refinement

Reactive systems

– transition system semantics (next-state relation + fairness) – temporal logic properties – refinement : stuttering invariance

  • M. Wirsing: UML for Global Computing

2

slide-3
SLIDE 3

Computational model

❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜

✂ ✂ ✂ ✂ ✂ ❇ ❇ ❇ ❇ ❇ ❇ ❅ ❅ ❅ ❅ ❅ ❅

✂ ✂ ✂ ✂ ✂ ❇ ❇ ❇ ❇ ❇ ❇ ❅ ❅ ❅ ❅ ❅ ❅

✂ ✂ ✂ ✂ ✂ ❇ ❇ ❇ ❇ ❇ ❇ ❅ ❅ ❅ ❅ ❅ ❅

a2 joe a1 a3 a2 joe a1 a3 shopper found = ∅ found = ∅ shopper a2 joe a1 a3 . . . shopper found = {o1}

Configurations (t, λ)

t finite tree, edges labelled by unique names λ assigns local states to nodes

Computations σ = (t0, λ0), (t1, λ1), . . .

  • M. Wirsing: UML for Global Computing

3

slide-4
SLIDE 4

Shopping agent specification (1)

Assume:

fixed, finite set Net of names, joe ∈ Net, shopper / ∈ Net

Network topology

Topology ≡

n,m∈Net nm[false]

all nodes present at top level

Initial condition

Init ≡ ∧ joeshoppertrue ∧ shopper[ctl = “idle”] shopping agent in domain joe . . . . . . and in “idle” state

Prepare shopper to shop for item x

Prepare(x) ≡ ∧ shoppertrue ∧

shoppertrue ∧ shopper[ctl = “idle”] ∧

shopper[ctl = “shopping”] ∧

shopper[target = x ∧ found = ∅] shopping is (and stays) here state changes from “idle” . . . . . . to “shopping” initialize target and found

  • M. Wirsing: UML for Global Computing

4

slide-5
SLIDE 5

Shopping agent specification (2)

Remaining state-changing actions

GetOffer ≡ . . . PickOffer ≡ . . . get an offer and insert into found select among offers in found

Move among network nodes

Moven,m ≡ ∧ nshoppertrue ∧ shopper[ctl = “shopping”] ∧ n.shopper ≫ m.shopper shopping agent is in n’s domain and is in “shopping” state shopper moves to m’s domain, preserving local state

Overall specification (ignoring fairness)

Shopper ≡ ∧ Topology ∧ Init ∧

  • joe[(∃x : Prepare(x)) ∨ PickOffer] ∨

n∈Net n[GetOffer]

  • vars

n∈Net m∈Net Moven,m

  • −n.shopper
  • M. Wirsing: UML for Global Computing

5

slide-6
SLIDE 6

Spatial extensions of TLA

Formulas evaluated at run σ and name n σ, n | = F Explicit name references m[F]

– F holds at location m below . . . provided m exists – Note : m may be arbitrarily deep in subtree

“Everywhere” operator

F

F holds at all nodes of the subtree

Structural modification of trees α.n ≫ β.n

– subtree at αn before transition equals subtree at βn after transition – local state at moving subtree preserved

  • M. Wirsing: UML for Global Computing

6

slide-7
SLIDE 7

System properties

The shopping agent is always at some net location Shopper ⇒

  • n∈Net

n.shoppertrue The shopper idles only at its home location Shopper ⇒

(shopper.ctl = “idle” ⇒ joe.shoppertrue)

  • M. Wirsing: UML for Global Computing

7

slide-8
SLIDE 8

Refinement of mobile systems

Operation refinement (Action Refinement)

– decompose high-level operations – represented by implication (stuttering invariance)

Spatial decomposition (Location Refinement)

– refine high-level location n into a tree (with root named n) – in general also distribute local state of n

Virtualisation of locations (Location and Move Refinement)

– implement high-level location n by structurally different hierarchy – preserve external behavior : n hidden from high-level interface

  • M. Wirsing: UML for Global Computing

8

slide-9
SLIDE 9

Spatial decomposition

Suppose visiting agents are kept in a “dock” location

❜ ❜ ❜ ❜ ❜ ❜

✂ ✂ ✂ ✂ ✂ ❇ ❇ ❇ ❇ ❇ ❇ ❅ ❅ ❅ ❅ ❅ ❅

a2 joe a1 a3 found = ∅ shopper

❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜

✂ ✂ ✂ ✂ ✂ ❇ ❇ ❇ ❇ ❇ ❇ ❅ ❅ ❅ ❅ ❅ ❅

❅ ❅ ❅

a2 joe a1 a3

  • ut

in dock shopper found = ∅

  • Still conforms to the original specification

– formula Shopper doesn’t mention locations dock, in, out – location shopper is still below location a1

  • M. Wirsing: UML for Global Computing

9

slide-10
SLIDE 10

Spatial decomposition in detail

Refined initial condition

DockedInit ≡ ∧ joe.dockjoe.shoppertrue ∧ shopper[ctl = “idle”] shopper still in joe’s domain local state unaffected

Refined move actions

SendShoppern ≡ ∧ n.dockn.shoppertrue ∧ shopper[ctl = “shopping”] ∧ n.dockn.shopper ≫ n.outn.shopper stuttering action at high level MoveImpln,m ≡ ∧ n.outn.shoppertrue ∧ n.outn.shopper ≫ m.inm.shopper specialization of Move action RcvShopperm ≡ . . . another stuttering transition

The refined specification again implies the original one

  • M. Wirsing: UML for Global Computing

10

slide-11
SLIDE 11

Spatial decomposition: general case

Usually, decomposition requires distribution of state

❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ✡ ✡ ✡ ✡ ✡ ✡ ❏ ❏ ❏ ❏ ❏ ❏ ☞ ☞ ☞ ☞ ☞ ☞ ❇ ❇ ❇ ❇ ❇ ❇ ✡ ✡ ✡ ✡ ✡ ✡ ❏ ❏ ❏ ❏ ❏ ❏

b c a d e f x3 x2 b c a x x1

  • x = f(x1, x2, x3)

Refinement is then expressed as Impl ⇒ ∃ ∃ ∃ ∃ ∃ ∃ a.x : Spec

local state variable x hidden from high-level interface

  • M. Wirsing: UML for Global Computing

11

slide-12
SLIDE 12

Virtualisation of locations

Modify spatial hierarchy

❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ✡ ✡ ✡ ✡ ✡ ❏ ❏ ❏ ❏ ❏ ✡ ✡ ✡ ✡ ✡ ❏ ❏ ❏ ❏ ❏

b a f c e d n

❜ ❜ ❜ ❜ ❏ ❏ ❏ ❏ ❏

m d e

❜ ❜ ❜ ❜ ✡ ✡ ✡ ✡ ✡ ❏ ❏ ❏ ❏ ❏ ✡ ✡ ✡ ✡ ✡

  • b

a f c

Location n hidden from interface Impl ⇒ ∃ ∃ ∃ ∃ ∃ ∃ n : Spec

preserve external behavior, except for location n

  • M. Wirsing: UML for Global Computing

12

slide-13
SLIDE 13

SlowShopper : refine move action

Non-atomic moves across network

StartMoven ≡ ∧ n.shoppertrue ∧ shopper[ctl = “shopping”] ∧ n.shopper ≫ transit.shopper shopper moves to transit / ∈ Net EndMovem ≡ ∧ transit.shoppertrue ∧ transit.shopper ≫ m.shopper shopper moves to destination

Implementation does not imply specification

| = SlowShopper ⇒

n∈Net n.shoppertrue

Solution : hide shopper in original specification

| = SlowShopper ⇒ ∃ ∃ ∃ ∃ ∃ ∃ shopper : Shopper

  • M. Wirsing: UML for Global Computing

13

slide-14
SLIDE 14

Summary and Future Work

Summary

– Simple refinement calculi for activity and sequence diagrams for mobility – MTLA as a formal basis for a UML notion of refinement: Refinement is implication!

Current Work

– Refinement of other UML diagrams – Connecting MTLA with UML

  • M. Wirsing: UML for Global Computing

14