Software Design, Modelling and Analysis in UML Lecture 12: Core - PDF document

Software Design, Modelling and Analysis in UML Lecture 12: Core State Machines III 2011-12-21 – 12 – 2011-12-21 – main – Prof. Dr. Andreas Podelski, Dr. Bernd Westphal Albert-Ludwigs-Universit¨ at Freiburg, Germany Contents & Goals Last Lecture: • The basic causality model • Ether, System Configuration, Event, Transformer This Lecture: • Educational Objectives: Capabilities for following tasks/questions. • What does this State Machine mean? What happens if I inject this event? • Can you please model the following behaviour. • What is: Signal, Event, Ether, Transformer, Step, RTC. • Content: • Examples for transformer • Run-to-completion Step – 12 – 2011-12-21 – Sprelim – • Putting It All Together 2 /43

System Configuration, Ether, Transformer – 12 – 2011-12-21 – main – 3 /43 Roadmap: Chronologically (i) What do we (have to) cover? UML State Machine Diagrams Syntax . (ii) Def.: Signature with signals . N UML (iii) Def.: Core state machine . W S = ( T , C , V, atr ) , SM S , SD (iv) Map UML State Machine Diagrams CD , SM ϕ ∈ OCL CD , SD S ! ✔ to core state machines. ✔ D Model S , → SM ) = M S , → SD , F SD ) S , A expr Semantics : ✔ ! The Basic Causality Model ✔ (Σ B = ( Q SD , q 0 , A ! (v) Def.: Ether (aka. event pool) ✔ (vi) Def.: System configuration . Instances ( cons 0 , Snd 0 ) ( cons 1 , Snd 1 ) ( σ 0 , ε 0 ) − − − − − − − − → ( σ 1 , ε 1 ) − − − − − − − − → . . . ✔ (vii) Def.: Event . Mathematics G = ( N, E, f ) (viii) Def.: Transformer . ✔ – 12 – 2011-12-21 – Sstmsem – (ix) Def.: Transition system , computation. OD UML (x) Transition relation induced by core state ma- chine. (xi) Def.: step , run-to-completion step . (xii) Later: Hierarchical state machines. 4 /43

Transformer D S 0 , D 0 and S the set of system configurations over some D D D ( C ) × (Σ S × Eth ) × (Σ S × Eth ) Definition. Let Σ Eth and ether. We call a relation t ⊆ a (system configuration) transformer . D ( C ) × Evs ( E ˙ ∪ {∗ , + } , D ) × D ( C ) . • In the following, we assume that each application of a transformer t to some system configuration ( σ, ε ) for object u x is associated with a set of observations – 12 – 2010-12-08 – Sstmsem – Obs t [ u x ]( σ, ε ) ∈ 2 • An observation ( u src , ( E, � d ) , u dst ) ∈ Obs t [ u x ]( σ, ε ) represents the information that, as a “side effect” of u x executing t , an event (!) ( E, � d ) has been sent from object u src to object u dst . Special cases : creation/destruction. 9 /54 Why Transformers? E of the corresponding signature. • Recall the (simplified) syntax of transition annotations: annot ::= � � event � [ ‘ [ ’ � guard � ‘ ] ’ ] [ ‘ / ’ � action � ] � • Clear : � event � is from • But: What are � guard � and � action � ? • UML can be viewed as being parameterized in expression language (providing � guard � ) and action language (providing � action � ). • Examples : • Expression Language : · OCL · Java, C++, . . . expressions · . . . – 12 – 2010-12-08 – Sstmsem – • Action Language : · UML Action Semantics, “Executable UML” · Java, C++, . . . statements (plus some event send action) · . . . 10 /54

Transformers as Abstract Actions! In the following, we assume that we’re given • an expression language Expr for guards, and • an action language Act for actions, D J · K ( · , · ) : Expr → ((Σ D ( C ))) � S × ( { this } → and that we’re given • a semantics for boolean expressions in form of a partial function → B ) I which evaluates expressions in a given system configuration, Assuming I to be partial is a way to treat “undefined” during runtime. If I is not D D D ( C ) × (Σ S × Eth ) × (Σ S × Eth ) . defined (for instance because of dangling-reference navigation or division-by-zero), we – 12 – 2010-12-08 – Sstmsem – want to go to a designated “error” system configuration. • a transformer for each action: For each act ∈ Act , we assume to have t act ⊆ 11 /54 Expression/Action Language Examples We can make the assumptions from the previous slide because instances exist : • for OCL, we have the OCL semantics from Lecture 03. Simply remove the pre-images which map to “ ⊥ ”. • for Java, the operational semantics of the SWT lecture uniquely defines trans- formers for sequences of Java statements. We distinguish the following kinds of transformers: • skip : do nothing — recall: this is the default action • send : modifies ε — interesting, because state machines are built around sending/consuming events – 12 – 2010-12-08 – Sstmsem – • create / destroy : modify domain of σ — not specific to state machines, but let’s discuss them here as we’re at it • update : modify own or other objects’ local state — boring 12 /54

Transformer Examples: Presentation abstract syntax concrete syntax op intuitive semantics . . . well-typedness . . . semantics (( σ, ε ) , ( σ ′ , ε ′ )) ∈ t op [ u x ] iff . . . or t op [ u x ]( σ, ε ) = ( σ ′ , ε ′ ) where . . . observables Obs op [ u x ]( σ, ε ) = { . . . } , not a relation, depends on choice – 12 – 2010-12-08 – Sstmsem – (error) conditions Not defined if . . . 13 /54

Transformer: Skip abstract syntax concrete syntax skip intuitive semantics do nothing well-typedness ./. semantics t [ u x ]( σ, ε ) = ( σ, ε ) observables Obs skip [ u x ]( σ, ε ) = ∅ (error) conditions – 12 – 2010-12-08 – Sstmsem – 14 /54 Transformer: Update abstract syntax concrete syntax update ( expr 1 , v, expr 2 ) intuitive semantics Update attribute v in the object denoted by expr 1 to the value denoted by expr 2 . well-typedness expr 1 : τ C and v : τ ∈ atr ( C ) ; expr 2 : τ ; J expr 2 K ( σ, β )]] with expr 1 , expr 2 obey visibility and navigability J expr 1 K ( σ, β ) , β = { this �→ u x } . semantics t update ( expr 1 ,v, expr 2 ) [ u x ]( σ, ε ) = ( σ ′ , ε ) where σ ′ = σ [ u �→ σ ( u )[ v �→ I u = I J expr 1 K ( σ, β ) or I J expr 2 K ( σ, β ) not defined. observables Obs update ( expr 1 ,v, expr 2 ) [ u x ] = ∅ – 12 – 2010-12-08 – Sstmsem – (error) conditions Not defined if I 15 /54

Update Transformer Example SM C : /x := x + 1 s 1 s 2 J expr 2 K ( σ, β )]] , ε ) , J expr 1 K ( σ, β ) update ( expr 1 , v, expr 2 ) t update ( expr 1 ,v, expr 2 ) [ u x ]( σ, ε ) = ( σ [ u �→ σ ( u )[ v �→ I u = I u 1 : C u 1 : C σ : : σ ′ x = 4 x = 5 y = 0 y = 0 – 12 – 2010-12-08 – Sstmsem – ε : : ε ′ 16 /54 Transformer: Send abstract syntax concrete syntax send ( E ( expr 1 , ..., expr n ) , expr dst ) intuitive semantics C ; E ∈ E ; atr ( E ) = { v 1 : τ 1 , . . . , v n : τ n } ; Object u x : C sends event E to object expr dst , i.e. create a fresh signal instance, fill in its attributes, and place it in the ether. well-typedness expr dst : τ D , C, D ∈ expr i : τ i , 1 ≤ i ≤ n ; all expressions obey visibility and navigability in C J expr dst K ( σ, β ) ∈ dom( σ ) ; J expr i K ( σ, β ) for semantics t send ( E ( expr 1 ,..., expr n ) , expr dst ) [ u x ]( σ, ε ) = ( σ ′ , ε ′ ) D ( E ) a fresh identity, i.e. u �∈ dom( σ ) , where σ ′ = σ ˙ ε ′ = ε ⊕ ( u dst , u ) ; ∪ { u �→ { v i �→ d i | 1 ≤ i ≤ n }} ; if u dst = I d i = I 1 ≤ i ≤ n ; u ∈ – 12 – 2010-12-08 – Sstmsem – and where ( σ ′ , ε ′ ) = ( σ, ε ) if u dst �∈ dom( σ ) ; β = { this �→ u x } . J expr K ( σ, β ) not defined for any observables Obs send [ u x ] = { ( u x , ( E, d 1 , . . . , d n ) , u dst ) } (error) conditions I expr ∈ { expr dst , expr 1 , . . . , expr n } 17 /54

Send Transformer Example SM C : / . . . ; self ! F ( x + 1); . . . s 1 s 2 send ( E ( expr 1 , ..., expr n ) , expr dst ) t send ( expr src ,E ( expr 1 ,..., expr n ) , expr dst ) [ u x ]( σ, ε ) = ... σ : : σ ′ u 1 : C x = 5 – 12 – 2010-12-08 – Sstmsem – ε : : ε ′ 18 /54 Transformer: Create abstract syntax concrete syntax create ( C, expr , v ) intuitive semantics Create an object of class C and assign it to attribute v of the object denoted by expression expr . well-typedness expr : τ D , v ∈ atr ( D ) , atr ( C ) = {� v 1 : τ 1 , expr 0 i � | 1 ≤ i ≤ n } semantics . . . J expr K ( σ, β ) not defined. observables . . . (error) conditions I – 12 – 2010-12-08 – Sstmsem – • We use an “and assign”-action for simplicity — it doesn’t add or remove expressive power, but moving creation to the expression language raises all kinds of other problems such as order of evaluation (and thus creation). • Also for simplicity: no parameters to construction ( ∼ parameters of construc- tor). Adding them is straightforward (but somewhat tedious). 19 /54

Create Transformer Example SM C : / . . . ; n := new C ; . . . s 1 s 2 create ( C, expr , v ) t create ( C, expr ,v ) ( σ, ε ) = ... σ : : σ ′ d : D n = ∅ – 12 – 2010-12-08 – Sstmsem – ε : : ε ′ 20 /54 How To Choose New Identities? • Re-use : choose any identity that is not alive now , i.e. not in dom( σ ) . • Doesn’t depend on history. • May “undangle” dangling references – may happen on some platforms. • Fresh : choose any identity that has not been alive ever , i.e. not in dom( σ ) and any predecessor in current run. • Depends on history. • Dangling references remain dangling – could mask “dirty” effects of platform. – 12 – 2010-12-08 – Sstmsem – 21 /54