Semantics in Model-Based Design Janos Sztipanovits ISIS, - - PDF document

SLIDE 1

1

Institute for Software Integrated Systems

Vanderbilt University

Semantics in Model-Based Design

Janos Sztipanovits ISIS, Vanderbilt University

Content

Application Drivers Composition on the Abstract Syntax Layer Composition on the Semantic Layer Road Ahead

SLIDE 2

2

An Embedded System Design Flow

Requirement Specification Functional Design HW Config. Design System Config. Component Design Software Architecture SW Deployment

Related Tools and Analyses

RA FD CD HwA SY DPL Functional Mod/ Sim Arch Mod/ Sim Alloc./ Sched. Analysis HW Pwr/ Perf Est Latency/ RT Analysis SwA

Requirement Specification Control Design Component Design Software Architecture HW Arch. Design System Arch. Design

Code Gen. Verif.

SW Deployment

SLIDE 3

3

Tool Chain Outputs

Functional Code OS/ Firmware Glue Files OI L File DBC File (CAN-Bus)

Content

Application Drivers Composition on the Abstract Syntax Layer Composition on the Semantic Layer Road Ahead

SLIDE 4

4

doTr ansi t i on ( f sm as as FSM , s as as St at e, t as as Tr ansi t i on) = r equi r e r equi r e s. act i ve st ep st ep exi t St at e ( s) st ep i f st ep i f t . out put Event <> nul l nul l t hen t hen em i t Event ( f sm , t . out put Event ) st ep st ep act i vat eSt at e ( f sm , t . dst )

Semantic Foundation Libraries Domain-Specific Environments Metaprogrammable Tools, Environments

Modeling Domain Specific Design Flows: Examples in MI C:

• ECSL - Automotive
• ESML - Avionics
• SPML - Signal Processing
• CAPE/ eLMS – Learning Technology
• AADL….

Metamodeling and Metaprogrammable Tools: (mature or in maturation program)

• GME (Generic Model Editor)
• GReAT (Model Transformation)
• OTI F (Tool I ntegration Framework)
• UDM (Universal Data Model)
• DESERT (Design Space Exploration)

Modeling Semantics (work in progress):

• Semantic “Units”
• Semantic Anchoring

Layers in Model-I ntegrated Computing Syntactic Layer

∈ = Υ

Υ r

R r C D | { ) , (

Semantic Domain: Set-Valued Domain models Interchange Formats Abstract Syntax Meta-models

MC MS

i nt er f ace i nt er f ace Event st r uct ur e st r uct ur e M

• del Event

i m pl em ent s i m pl em ent s Event case case M

• del Event 1

Structural Semantics

Modeling & Metamodeling Model Data Management Model Transformation Tool Integration Design-Space Exploration

SLIDE 5

5

Core Components of the Syntactic Layer

Methods and tools for modeling

C S A

MC MS DSML

DSML DSML i

Si Ci Ai

MCi MSi DSMLi

MOFADSMLi

MOF

MOFADSMLi

MOF

Methods and tools for metamodeling

Industrial standard metamodeling language: MOF (or some others)

Transformation T

MTLTDSML,DSMLi

UMT MA

Methods and tools for model transformations

Formal metamodel transformation language:

Unified Model Transformation Language.

Abstract Syntax and Transformations: Meta-Models Common Semantic Domain: Hybrid Automata Domain Models and Tool Interchange Formats: Tool Chains

DESERT AIRES OSEK/ Code ECSL-DP GME Simulink Stateflow

SL/SF ECSL-DP ECSL-DP CANOE ECSL-DP AIF SL/SF DSE EDP C

Vehicle Control Platform (VCP)

Behavior Model Component Structure Component Interaction Schedulability Analysis Behavior Simulation

(Experimental tool chain)

“Front-End View” of a Typical MI C Tool Chain

SLIDE 6

6

Common Semantic Domain: Hybrid Automata Domain Models and Tool Interchange Formats: Tool Chains

DESERT AIRES OSEK/ Code ECSL-DP GME Simulink Stateflow

SL/SF ECSL-DP ECSL-DP MOML ECSL-DP AIF SL/SF DSE EDP C

Vehicle Control Platform (VCP)

Abstract Syntax and Transformations: Meta-Models

SL/SF Meta-Model ECSL-DP Meta-Model AIRES Meta-Model CANOE DESERT Meta-Model SFC Meta-Model ECSL-DP SFC SL/SF ECSL-DP ECSL-DP MOML ECSL-DP AIF SL/SF DESERT

“Back-plane View” of a Typical MI C Tool Chain Need for DSML Composition

Simulink/StateFlow (DSMLSL/SF) Component Model SW Architecture Model (DSMLSL/SF,CM)

SL/SF Functional blocks – SW Component Mapping Objective: Optimize the SW architecture by selecting a component model and by allocating functions to components. Platform: Heterogeneous Dataflow Component Model Tools: GME, GReAT, C Compiler, WCET Analyzer CM

SLIDE 7

7

Compositional Metamodeling

Goal: Composing modeling languages (not

models)

Metamodel composition methods in the Generic

Modeling Environment (GME):

Class Merge Metamodel Interfacing Class Refinement Template Instantiation Metamodel Transformations

Example: Metamodel I nterfacing

SLIDE 8

8

Content

Application Drivers Composition on the Abstract Syntax Layer Composition on the Semantic Layer Road Ahead

doTr ansi t i on ( f sm as as FSM , s as as St at e, t as as Tr ansi t i on) =

Semantic Domain Meta-models Domain models Interchange Formats Abstract Syntax Meta-models

MC MS

Behavioral Semantics

Semantics of DSMLs: Current Status

• Usually, specification stops at the level of abstract

syntax metamodels (“static semantics”)

• Specification of behavioral semantics (if done)

– involve major effort due to overly complex modeling languages, – use a wide range of formalisms and

• Impact is far-reaching

– tool chains are closed and built around loosely defined “conventions” and proprietary interpretations of semantics instead of standards – potential semantic mismatches create unacceptable risk for safety critical applications

Major roadblock that slows down acceptance of model-based design technology.

SLIDE 9

9

Transformational Specification of Semantics

Specify mapping to another language with well-

defined semantics.

Transformation T

Well-defined DSML i

C S A

MC MS DSML

DSML

MS= MSi ○ MA

MOFADSMLi MTLTDSML,DSMLi

MOF UMT

Si Ci Ai

MCi MSi DSMLi MSi: Ai→Si

MOFADSMLi

MOF Mi: MOFADSML→MOFADSMLi

Use a formal metamodeling framework

Industrial standard metamodeling language: MOF Formal metamodel transformation language:

Unified Model Transformation Language.

MA

Si Ci Ai

MCi MSi DSMLi MSi: Ai→Si

MOFADSMLi

MOF

Where are these coming from?

System Composition Dimension: Core Modeling Aspects

Component Behavior Structure I nteraction Scheduling / Resource Allocation Modeled on different levels of abstraction:

• State-based modeling (FSM, Time Automata, Cont.

Dynamics, Hybrid), fundamental role of time models

• Precise relationship among abstraction levels
• Research: dynamic/ adaptive behavior

Expressed as a system topology :

• Module I nterconnection (Nodes, Ports, Connections)
• Hierarchy
• Research: dynamic topology

Describes interaction patterns among components:

• Set of well-defined Models of Computations (MoC)

(SR, SDF, DE,…)

• Heterogeneous, but precisely defined interactions
• Research: interface theory (time, resources,..)

Mapping/ deploying components on platforms:

• Dynamic Priority
• Behavior guarantees
• Research: composition of schedulers

SLIDE 10

10

Semantic Units

Semantic Units

Capture the semantics of a finite set of basic dynamic behavioral

categories, such as FSM, DES, TA.

Capture the semantics of basic interaction categories (Model of

Computation, MoCs), such as SDF, PN, …

Specified in a formal semantics framework. Develop a set of simple modeling languages for the semantic

units.

MA

Si Ci Ai

MCi MSi SUi

C S A

MC MS DSML

MOFADSMLi MOFASUi MTLTDSML,SUi

MOF UMT MOF Mi: MOFADSML→MOFASUi Transformation T MSi: Ai→Si

MS= MSi ○ MA

Semantic Unit i DSML

Search for a Formal Framework

Specification style: Operational semantics Solid mathematical foundation Tool support for core use cases:

Readability (clear syntax and understandable semantics) Validation/exploration of semantics (executable

specification)

Verification of semantic equivalence (generation of

“reference traces”, integratability)

After evaluating several frameworks (Z, TLA+ ,..) we selected ASM and the AsmL tool suite (MSR).

SLIDE 11

11

Example: Synchronous Data Flow

st st r uc r uct u t ur e r e Val ue ca case se I nt Val ue v as as I nt eger ca case se Doubl eVal ue v as as Doubl e ca case se Bool Val ue v as as Bool ean / / Dat a Token, i t m ay cont ai n a val ue or a nul l dat a st st r uc r uct u t ur e r e Token val ue as as Val ue? / / Dat a Por t , when exi st i s t r ue, t he por t has an ef f ect i ve dat a t oken cl cl ass ass Por t i d as as St r i ng va var t oken as as Token = Token ( nul nul l ) va var exi st as as Bool ean = f a f al s l se / / Dat a Channel connect i ng t wo dat a por t s cl cl ass ass Channel i d as as St r i ng sr cPor t as as Por t dst Por t as as Por t / / A Node i s a basi c uni t i s t he Dat a Fl ow. I t m ay be an act i on or a G uar d ab abst r st r ac act cl cl ass ass Node i d as as St r i ng ab abst st r a r act pr op pr oper er t y t y i nput Por t s as as Seq of

• f Por t

ge get ab abst st r a r act pr op pr oper er t y t y out put Por t s as as Seq of

• f Por t

ge get / / The Run m et hod t akes t okens f r om i t s i nput por t s, do act i ons and set out put / / t okens i n t he out put por t s ab abst st r a r act Fi r e ( ) / / Dynam i c Dat a Fl ow Sem ant i c Uni t ab abst r st r ac act cl cl ass ass SDF i d as as St r i ng ab abst st r a r act pr op pr oper er t y t y nodes as as Set of

• f Node

ge get ab abst st r a r act pr op pr oper er t y t y channel s as as Set of

• f Channel

ge get ab abst st r a r act pr op pr oper er t y t y i nput Por t s as as Seq of

• f Por t

ge get ab abst st r a r act pr op pr oper er t y t y out put Por t s as as Seq of

• f Por t

ge get Run ( n as as Node) r e r equ qui r e n i n i n m e m

• e. Enabl edNodes ( )

st st ep ep

• n. Fi r e ( )

st st ep ep i f i f ex exi s i st s p i n i n n. i nput Por t s wher her e p. exi st t hen t hen er r or ( " Af t er t he f i r i ng of a node, al l i nput t okens shoul d be consum ed by t he node. " ) st st ep ep i f i f ex exi s i st s p i n i n n. out put Por t s whe wher e no not p. exi st t h t hen en er r or ( " Af t er t he f i r i ng of a node, each of i t s out put por t shoul d have

• ne out put t oken. " )

st st ep ep f or a

• r al l c i n

i n m e m

• e. channel s wher e

wher e c. sr cPor t . exi st i f i f c. dst Por t . exi st t h t hen er r or ( " A i nput por t r ecei ves m

• r e t han one t oken. " )

el el se W r i t eLi ne ( " Channel " + c. i d + " i s sendi ng dat a t okens. " )

• c. dst Por t . t oken : = c. sr cPor t . t oken
• c. dst Por t . exi st : = t r

t r ue

• c. sr cPor t . exi st : = f a

f al se / / Ret ur n al l nodes i n t he SDF t hat have al l i t s r equi r ed dat a t okens t o f i r e. Enabl edNodes ( ) as as Set of

• f Node

r e r et u t ur n { n | n i n i n m e m

• e. nodes wher e

wher e f or a f or al l l l p i n i n n. i nput Por t s wh wher e p. exi st } I ni t i al i ze ( ) f o f or a r al l p i n i n m e m

• e. i nput Por t s wher e

wher e p. exi st f or a

• r al l c i n

i n m e m

• e. channel s wher e

wher e p. i d = c. sr cPor t . i d

• c. dst Por t . t oken : = c. sr cPor t . t oken
• c. sr cPor t . exi st : = f a

f al se

• c. dst Por t . exi st : = t r

t r ue Cl ear Por t s ( ) f o f or a r al l c i n i n m e m

• e. channel s

i f i f c. sr cPor t . exi st t hen t hen

• c. sr cPor t . exi st : = f a

f al se i f i f c. dst Por t . exi st t hen t hen

• c. dst Por t . exi st : = f a

f al se

Abstract Data Model Model I nterpreter

DSML Design Through Semantic Anchoring

• Step 1
• Specify the DSML < A, C, Mc> by using MOF-based metamodels.
• Step 2
• Select appropriate semantic units L = < Ai, Ci, MCi, Si, MSi> for the behavioral

aspects of the DSML.

• Step 3
• Specify the semantic anchoring MA = A -> Ai by using UMT.

MA

Si Ci Ai

MCi MSi SUi

C S A

MC MS DSML

MOFADSMLi MOFASUi MTLTDSML,SUi

MOF UMT MOF Mi: MOFADSML→MOFASUi Transformation T MSi: Ai→Si

MS= MSi ○ MA

Semantic Unit i DSML

SLIDE 12

12

Experimental Tool Suite for Semantic Anchoring

Operational Semantics Spec. Model

• Trans. Rules

(MA) DSML Metamdoel (A)

GME Toolset GReAT Tool

Mc Instance Generate Domain Model (C) Semantic Unit Metamodel (Ai) Model Checker Model Simulator Test Case Generator

AsmL Tools Semantic Unit Spec.

Data Model Instance

XSLT ASM Semantic ASM Semantic Framework Framework Metamodeling and Model Transformation Metamodeling and Model Transformation Tools Tools Formal Framework for Semantic Units Formal Framework for Semantic Units Specification Specification

Domain Model (Ci) Abstract Data Model

Metamodeling and Model

Transformation Tools

GME: Provide a MOF-based

metamodeling and modeling environment.

GReAT: Build on GME for

metamodel to metamodel transformation.

Tools for Semantic Unit

Specification

ASM: A particular kind of

mathematical machine, like the Turing machine. (Yuri Gurevich)

AsmL: A formal specification

language based on ASM. (Microsoft Research)

Transformation Engine

Example: HFSML = > FSM-SU

Operational Semantics Spec. Model

• Trans. Rules

(MA) Transformation Engine HFSML Metamodel (A)

GME Toolset GReAT Tool

Mc Instance Generate Domain Model (C) FSM Metamodel (Ai)

FSM-SU Specification

Data Model Instance

XSLT ASM Semantic ASM Semantic Framework Framework

FSM Model (Ci) Abstract Data Model

SLIDE 13

13

Example: HFSML = > FSM-SU

Operational Semantics Spec. Model

• Trans. Rules

(MA) Transformation Engine HFSML Metamodel (A)

GME Toolset GReAT Tool

Mc Instance Generate Domain Model (C) FSM Metamodel (Ai)

FSM-SU Specification

Data Model Instance

XSLT ASM Semantic ASM Semantic Framework Framework

FSM Model (Ci) Abstract Data Model

st r u st r uct ur ct ur e Event event Type as as St r i ng cl as cl ass St at e i d as as St r i ng i ni t i al as as Bool ean va var act i ve as as Bool ean = f al se l se cl as cl ass Tr ansi t i on i d as as St r i ng abst abst r act r act cl cl as ass FSM i d as as St r i ng abst r a st r act ct pr pr op

• per

er t y st at es as as Set of

• f St at e

ge get abst r a st r act ct pr pr op

• per

er t y t r ansi t i ons as as Set of

• f Tr ansi t i on

ge get abst r a st r act ct pr pr op

• per

er t y out Tr ansi t i ons as as M ap of

• f <St at e, Set of
• f Tr ansi t i on>

ge get abst r a st r act ct pr pr op

• per

er t y dst St at e as as M ap of

• f <Tr ansi t i on, St at e>

ge get abst r a st r act ct pr pr op

• per

er t y t r i gger Event Type as as M ap of

• f <Tr ansi t i on, St r i ng>

ge get abst r a st r act ct pr pr op

• per

er t y out put Event Type as as M ap of

• f <Tr ansi t i on, St r i ng>

React ( e as as Event ) as as Event ? st st ep ep l et l et CS as as St at e = G et Cur r ent St at e ( ) st st ep ep l et l et enabl edTs as as Set of

• f Tr ansi t i on = { t | t i n

i n out Tr ansi t i ons ( CS) whe wher e r e

• e. event Type = t r i gger Event Type( t ) }

st st ep ep i f i f Si ze ( enabl edTs) = 1 t hen hen choo hoose se t i n i n enabl edTs st e st ep / / W r i t eLi ne ( " Execut e t r ansi t i on: " + t . i d)

• CS. act i ve : = f a

f al s l se st e st ep dst St at e( t ) . act i ve : = t r u t r ue st e st ep i f i f t i n i n m e m

• e. out put Event Type t he

t hen r et r et ur n ur n Event ( out put Event Type( t ) ) el el se se r et r et ur n ur n nul nul l el s el se i f i f Si ze( enabl edTs) > 1 t h t hen en er r or ( " NO N- DETERM I NI SM ERRO R! " ) el se l se r et ur n t ur n nul l nul l

Example: HFSML = > FSM-SU

Operational Semantics Spec. Model

• Trans. Rules

(MA) Transformation Engine HFSML Metamodel (A)

GME Toolset GReAT Tool

Mc Instance Generate Domain Model (C) FSM Metamodel (Ai)

FSM-SU Specification

Data Model Instance

XSLT ASM Semantic ASM Semantic Framework Framework

FSM Model (Ci) Abstract Data Model

SLIDE 14

14

Heterogeneous DSMLs

Heterogeneity of systems

Complex systems are composed of heterogeneous

components using heterogeneous interactions. Modeling and design of heterogeneous systems is a significant challenge.

Heterogeneity of tool chains

Tool chains supporting domain-specific design flows

integrate modeling, analysis and synthesis tools using DSMLs with overlapping semantics.

The semantics of a heterogeneous DSML is

probably not captured by a single predefined semantic unit.

Compositional Specification

• f Semantics
• Structural Composition yields the composed Abstract Data Model,

where g1, g2 are the partial maps between concepts in AC, ASU1, and ASU2 .

• Behavioral composition is completed by the RC set of rules that together

with RSU1 and RSU2 form the R rule set for the composed semantics.

RC SC m ∈ MC = I(AC) RSU1 SSU1 mSU1 ∈ MSU1 = = I(ASU1) RSU2 SSU1 mSU2 ∈ MSU2 = = I(ASU2) g1 : AC → ASU1 g2 : AC → ASU2 Get_() Run_() Get_() Run_() SU1 SU2 CS = <A, R> A = <AC ,ASU1, ASU2, g1, g2> R = <RC,RSU1,RSU2>

> =<

2 1 2 1

, , , , g g A A A A

SU SU C

Remark: The behavioral

composition specifies a controller, which restricts the executions of actions. Since the behavior of the component semantic units can be described as partial orders on the sets of actions they can perform, the behavioral composition can be modeled mathematically as a composition of the partial

• rders.

SLIDE 15

15

Example: EFSM

• EFSM has been developed by GMR to specify vehicle motion control (VMC)

software.

• The SEFSM model is a synchronous reactive system including a set of

components communicating through event channels and data channels.

• A SEFSM component is an FSM-based model, which integrates a set of

stateless computational functions that consume input data and produce

• utput data.
• Events determine which components are to be activated and the order of

activations.

• Primary contributor: Kai Chen, Motorola Research

A SEFSM Component Model A SEFSM System Model

• A SEFSM system is composed of a set of components, which

communicate with each other through event channels and data channels.

• The semantics of SEFSM systems is defined as the composition
• f FSM-SU and SDF-SU

A SEFSM Conceptual Structure A Compositional Structure

The Compositional Structure for SEFSM Systems

SLIDE 16

16

Content

Application Drivers Composition on the Abstract Syntax Layer Composition on the Semantic Layer Road Ahead

Road Ahead

Continue the selection and specification of a

suite of Semantic Units.

Explore and develop theory for compositional

specification of semantics.

Initiate standardization with strong

involvement of IT and Systems industry.

Strengthen/expand international collaboration. Develop an experimental DSML Design Tool

Suite.

SLIDE 17

17

Appendices

I ntegrated MI C Tool Suite

GME UDM GReAT Best of Breed

• Modeling Tools
• Simulators
• Verifiers
• Model Checkers

Meta Models

Modeling Open Tool Integration Framework Model Transformation Model Data Management ESCHER Quality Controlled Repository: http://escher.isis.vanderbilt.edu OTIF

B A CK P L A NE R EG IST R A TIO N /N OT IF IC A T IO N /T RA N S FE R SE R V IC E S S E M A N T IC T R A N SL A T O R SE M AN T IC T RA N S LA T O R TO O L T O O L A D A PT O R T O O L T O O L A D A PT O R T OO L T O O L A D A P TO R M A N A GE R Stan dard interface/ P rotocol M ET ADATA

DESERT

Component Abstraction (TA) Design Space Modeling (MD) Design Space Encoding (TE) Design Space Pruning Design Decoding Component Reconstruction

Design Space Exploration

SLIDE 18

18

SEFSM Metamodel

The abstract syntax metamodels and the textual description

• f the behavior are insufficient for the precise

understanding of the semantics of SEFSM.

For example, the metamodel specification does not reveal the

complex interdependency between the event flow and the data flow structure of the components.

Metamodel defining the SEFSM component structure Metamodel defining the SEFSM system structure

The Compositional Structure for SEFSM Components

• The behavior of SEFSM components can be divided into two different

behavioral aspects: the FSM-based behavior expressing reactions to events and the SDF-based behavior controlling the execution of computational functions (actions and guards).

A SEFSM Component Model A Compositional Structure

SLIDE 19

19

A Derived Semantic Unit: AA-SU

The behavioral semantics specification for SEFSM

components actually specifies the semantics of a common behavioral category that captures elementary reactive computation behaviors.

We can consider the compositional semantics

specification of SEFSM components as a new derived semantic unit, called Action Automaton Semantic Unit (AA-SU).