Lecture 20: Live Sequence Charts 2015-02-03 Prof. Dr. Andreas - PowerPoint PPT Presentation

Software Design, Modelling and Analysis in UML Lecture 20: Live Sequence Charts 2015-02-03 Prof. Dr. Andreas Podelski, Dr. Bernd Westphal – 20 – 2015-02-03 – main – Albert-Ludwigs-Universit¨ at Freiburg, Germany

Contents & Goals Last Lecture: • Hierarchical State Machines completed. • Behavioural feature (aka. methods). This Lecture: • Educational Objectives: Capabilities for following tasks/questions. • What does this LSC mean? • Are this UML model’s state machines consistent with the interactions? • Please provide a UML model which is consistent with this LSC. • What is: activation, hot/cold condition, pre-chart, etc.? • Content: – 20 – 2015-02-03 – Sprelim – • Reflective description of behaviour. • LSC concrete and abstract syntax. • LSC semantics. 2 /51

– 20 – 2015-02-03 – main – You are here. 3 /51

Course Map N UML W E CD , SM ϕ ∈ OCL CD , SD S ✔ ✔ ✘ ✔ Model S = ( T , C , V, atr ) , SM expr S , SD ✘ ✔ ✔ ✔ M = (Σ D S , A S , → SM ) B = ( Q SD , q 0 , A S , → SD , F SD ) ✘ ✔ ✔ ( cons 0 , Snd 0 ) π = ( σ 0 , ε 0 ) − − − − − − − − → ( σ 1 , ε 1 ) · · · w π = (( σ i , cons i , Snd i )) i ∈ N Instances u 0 ✘ ✔ Mathematics G = ( N, E, f ) – 20 – 2015-02-03 – main – ✔ OD UML 4 /51

Motivation: Reflective, Dynamic Descriptions of Behaviour – 20 – 2015-02-03 – main – 5 /51

Recall: Constructive vs. Reflective Descriptions [Harel, 1997] proposes to distinguish constructive and reflective descriptions: • “ A language is constructive if it contributes to the dynamic semantics of the model. That is, its constructs contain information needed in executing the model or in translating it into executable code. ” A constructive description tells how things are computed (which can then be desired or undesired). • “ Other languages are reflective or assertive , and can be used by the system modeler to capture parts of the thinking that go into building the model – behavior included –, to derive and present views of the model, statically or during execution, or to set constraints on behavior in preparation for verification. ” – 20 – 2015-02-03 – Sbehav – A reflective description tells what shall or shall not be computed. Note : No sharp boundaries! 6 /51

Recall: What is a Requirement? Recall : • The semantics of the UML model M = ( C D , SM , OD ) is the transition system ( S, − → , S 0 ) constructed according to discard/dispatch/commence-rules. • The computations of M , denoted by � M � , are the computations of ( S, − → , S 0 ) . Now : A reflective description tells what shall or shall not be computed. More formally : a requirement ϑ is a property of computations; something which is either satisfied or not satisfied by a computation – 20 – 2015-02-03 – Sreflective – ( cons 0 , Snd 0 ) ( cons 1 , Snd 1 ) − − − − − − − − → ( σ 1 , ε 1 ) − − − − − − − − → · · · ∈ � M � , π = ( σ 0 , ε 0 ) denoted by π | = ϑ and π �| = ϑ , resp. Simplest case: OCL constraint. 7 /51

Live Sequence Charts — Concrete Syntax – 20 – 2015-02-03 – main – 8 /51

Example LSC: L AC: actcond I: strict AM: invariant Environment : LightsCtrl : CrossingCtrl : BarrierCtrl secreq t(10) lights on barrier down Operational ¬ MvUp [1 , 5] [1 , 3] lights ok o k r r i e b a r done t – 20 – 2015-02-03 – Slscsyn – CrossingCtrl � � signal , env � � secreq lights ok() 1 1 1 1 � � signal � � LightsCtrl BarrierCtrl barrier down Operational : Bool MvUp : Bool barrier ok lights on() done 9 /51

Example: What Is Required? CrossingCtrl LSC: L AC: actcond AM: invariant I: strict 1 1 1 1 Environment : LightsCtrl : CrossingCtrl : BarrierCtrl LightsCtrl BarrierCtrl secreq t(10) lights on barrier down Operational ¬ MvUp [1 , 5] [1 , 3] lights ok o k i e r b a r r done t • Whenever the CrossingCtrl has consumed a ‘secreq’ event • then it shall finally send ‘lights on’ and ‘barrier down’ to LightsCtrl and BarrierCtrl, • if LightsCtrl is not ‘operational’ when receiving that event, the rest of this scenario doesn’t apply; maybe there’s another LSC for that case. – 20 – 2015-02-03 – Slscsyn – • if LightsCtrl is ‘operational’ when receiving that event, it shall reply with ‘lights ok’ within 1–3 time units, • the BarrierCtrl shall reply with ‘barrier ok’ within 1–5 time units, during this time (dispatch time not included) it shall not be in state ‘MvUp’, • ‘lights ok’ and ‘barrier ok’ may occur in any order. • After having consumed both, CrossingCtrl may reply with ‘done’ to the environment. 10 /51

Building Blocks CrossingCtrl LSC: L AC: actcond AM: invariant I: strict 1 1 1 1 Environment : LightsCtrl : CrossingCtrl : BarrierCtrl LightsCtrl BarrierCtrl secreq t(10) lights on barrier down Operational ¬ MvUp [1 , 5] [1 , 3] lights ok o k i e r b a r r done t • Instance Lines: Environment : C – 20 – 2015-02-03 – Slscsyn – 11 /51

Building Blocks CrossingCtrl LSC: L AC: actcond AM: invariant I: strict 1 1 1 1 Environment : LightsCtrl : CrossingCtrl : BarrierCtrl LightsCtrl BarrierCtrl secreq t(10) lights on barrier down Operational ¬ MvUp [1 , 5] [1 , 3] lights ok o k i e r b a r r done t • Messages: (asynchronous or synchronous/instantaneous) – 20 – 2015-02-03 – Slscsyn – a b 12 /51

Building Blocks CrossingCtrl LSC: L AC: actcond AM: invariant I: strict 1 1 1 1 Environment : LightsCtrl : CrossingCtrl : BarrierCtrl LightsCtrl BarrierCtrl secreq t(10) lights on barrier down Operational ¬ MvUp [1 , 5] [1 , 3] lights ok o k i e r b a r r done t • Conditions and Local Invariants: ( expr 1 , expr 2 , expr 3 ∈ Expr S ) – 20 – 2015-02-03 – Slscsyn – expr 1 expr 3 expr 2 13 /51

Intuitive Semantics: A Partial Order on Simclasses (i) Strictly After: a a b (ii) Simultaneously: (simultaneous region) a b c expr 1 (iii) Explicitly Unordered: (co-region) – 20 – 2015-02-03 – Slscsyn – a b 14 /51

Partial Order Requirements CrossingCtrl LSC: L AC: actcond AM: invariant I: strict 1 1 1 1 Environment : LightsCtrl : CrossingCtrl : BarrierCtrl LightsCtrl BarrierCtrl secreq t(10) lights on barrier down Operational ¬ MvUp [1 , 5] [1 , 3] lights ok o k i e r b a r r done t • Whenever the CrossingCtrl has consumed a ‘secreq’ event • then it shall finally send ‘lights on’ and ‘barrier down’ to LightsCtrl and BarrierCtrl, • if LightsCtrl is not ‘operational’ when receiving that event, the rest of this scenario doesn’t apply; maybe there’s another LSC for that case. – 20 – 2015-02-03 – Slscsyn – • if LightsCtrl is ‘operational’ when receiving that event, it shall reply with ‘lights ok’ within 1–3 time units, • the BarrierCtrl shall reply with ‘barrier ok’ within 1–5 time units, during this time (dispatch time not included) it shall not be in state ‘MvUp’, • ‘lights ok’ and ‘barrier ok’ may occur in any order. • After having consumed both, CrossingCtrl may reply with ‘done’ to the environment. 15 /51

LSC Specialty: Modes With LSCs, • whole charts, • locations, and • elements have a mode — one of hot or cold (graphically indicated by outline). chart location message condition/ local inv. a p b hot : b – 20 – 2015-02-03 – Slscsyn – a p b cold : b necessary vs. must vs. may mustn’t vs. always vs. at legal exit progress may get lost least once 16 /51

Example: Modes CrossingCtrl LSC: L AC: actcond AM: invariant I: strict 1 1 1 1 Environment : LightsCtrl : CrossingCtrl : BarrierCtrl LightsCtrl BarrierCtrl secreq t(10) lights on barrier down Operational ¬ MvUp [1 , 5] [1 , 3] lights ok o k i e r b a r r done t • Whenever the CrossingCtrl has consumed a ‘secreq’ event • then it shall finally send ‘lights on’ and ‘barrier down’ to LightsCtrl and BarrierCtrl, • if LightsCtrl is not ‘operational’ when receiving that event, the rest of this scenario doesn’t apply; maybe there’s another LSC for that case. – 20 – 2015-02-03 – Slscsyn – • if LightsCtrl is ‘operational’ when receiving that event, it shall reply with ‘lights ok’ within 1–3 time units, • the BarrierCtrl shall reply with ‘barrier ok’ within 1–5 time units, during this time (dispatch time not included) it shall not be in state ‘MvUp’, • ‘lights ok’ and ‘barrier ok’ may occur in any order. • After having consumed both, CrossingCtrl may reply with ‘done’ to the environment. 17 /51

LSC Specialty: Activation One major defect of MSCs and SDs : LSCs : Activation condition (AC ∈ Expr S ), they don’t say when the scenario has activation mode (AM ∈ { init , inv } ), to/may be observed. and pre-chart. LSC: L AC: expr AM: invariant I: strict : C : D : C : D a a b b – 20 – 2015-02-03 – Slscsyn – 18 /51