[PDF] - Software Design, Modelling and Analysis in UML Lecture 05: Object PDF Document

SLIDE 1

Software Design, Modelling and Analysis in UML

Lecture 05: Object Diagrams, OCL Consistency

2013-11-06

Prof. Dr. Andreas Podelski, Dr. Bernd Westphal

Albert-Ludwigs-Universit¨ at Freiburg, Germany

– 05 – 2013-11-06 – main –

Contents & Goals

Last Lecture:

OCL Semantics

This Lecture:

Educational Objectives: Capabilities for following tasks/questions.
What is an object diagram? What are object diagrams good for?
When is an object diagram called partial? What are partial ones good for?
When is an object diagram an object diagram (wrt. what)?
Is this an object diagram wrt. to that other thing?
How are system states and object diagrams related?
What does it mean that an OCL expression is satisfiable?
When is a set of OCL constraints said to be consistent?
Can you think of an object diagram which violates this OCL constraint?
Content:
Object Diagrams
Example: Object Diagrams for Documentation
OCL: consistency, satisfiability

– 05 – 2013-11-06 – Sprelim –

2/31

SLIDE 2

Where Are We?

– 05 – 2013-11-06 – main –

3/31

You Are Here.

UML

Model Instances

N S W E

CD, SM

S = (T, C, V, atr), SM

M = (Σ

D S , A S , →SM)

ϕ ∈ OCL expr CD, SD

S , SD

B = (QSD, q0, A

S , →SD, FSD)

π = (σ0, ε0)

(cons0,Snd0)

− − − − − − − − →

u0

(σ1, ε1)· · · wπ = ((σi, consi, Sndi))i∈N G = (N, E, f)

Mathematics

OD

UML

✔ ✔ ! ! ! ! ✔ ✔

– 05 – 2013-11-06 – Spostmap –

4/31

SLIDE 3

Object Diagrams

– 05 – 2013-11-06 – main –

5/31

Graph

Definition. A node labelled graph is a triple

G = (N, E, f) consisting of

vertexes N,
edges E,
node labeling f : N → X, where X is some label domain,

– 05 – 2013-11-06 – Sod –

6/31

SLIDE 4

Object Diagrams

Definition. Let

D be a structure of signature S = (T, C, V, atr)

and σ ∈ Σ

D S a system state.

Then any graph G = (N, E, f) where

nodes are identities (not necessarily alive), i.e.

N ⊂

D(C ) finite,

edges correspond to “links” of objects, i.e.

E ⊆ N × {v : τ ∈ V | τ ∈ {C0,1, C∗ | C ∈

C }} × N,

∀ (u1, r, u2) ∈ E : u1 ∈ dom(σ) ∧ u2 ∈ σ(u1)(r),

objects are labelled with attribute valuations and non-alive

identities marked with “X”, i.e. X = {X} ˙ ∪ (V (D(T ) ∪

D(C∗)))

∀ u ∈ N ∩ dom(σ) : f(u) ⊆ σ(u) ∀ u ∈ N \ dom(σ) : f(u) = {X}

is called object diagram of σ.

– 05 – 2013-11-06 – Sod –

7/31

Graphical Representation of Object Diagrams

N ⊂

D(C ) finite,

E ⊂ N × V0,1,∗ × N, X = {X} ˙ ∪ (V (D(T ) ∪

D(C∗)))

u1 ∈ dom(σ) ∧ u2 ∈ σ(u1)(r), f(u) ⊆ σ(u) or f(u) = {X}

Assume

S = ({Int}, {C}, {v1 : Int, v2 : Int, r : C∗}, {C → {v1, v2, r}}).

Consider

σ = {u1 → {v1 → 1, v2 → 2, r → {u2}}, u2 → {v1 → 3, v2 → 4, r → ∅}}

Then G = (N, E, f)

= ({u1, u2}, {(u1, r, u2)}, {u1 → {v1 → 1, v2 → 2}, u2 → {v1 → 3, v2 → 4}}, is an object diagram of σ wrt.

S and any D with D(Int) ⊇ {1, 2, 3, 4}.

– 05 – 2013-11-06 – Sod –

8/31

SLIDE 5

Graphical Representation of Object Diagrams

N ⊂

D(C ) finite,

E ⊂ N × V0,1,∗ × N, X = {X} ˙ ∪ (V (D(T ) ∪

D(C∗)))

u1 ∈ dom(σ) ∧ u2 ∈ σ(u1)(r), f(u) ⊆ σ(u) or f(u) = {X}

Assume

S = ({Int}, {C}, {v1 : Int, v2 : Int, r : C∗}, {C → {v1, v2, r}}).

Consider

σ = {u1 → {v1 → 1, v2 → 2, r → {u2}}, u2 → {v1 → 3, v2 → 4, r → ∅}}

Then G = (N, E, f)

= ({u1, u2}, {(u1, r, u2)}, {u1 → {v1 → 1, v2 → 2}, u2 → {v1 → 3, v2 → 4}}, is an object diagram of σ wrt.

S and any D with D(Int) ⊇ {1, 2, 3, 4}.

We may equivalently (!) represent G graphically as follows:

u1 : C v1 = 1 v2 = 2 u2 : C v1 = 3 v2 = 4 r

– 05 – 2013-11-06 – Sod –

8/31

UML Notation for Object Diagrams

id : class v1 = d1 . . . vn = dn id : class r

ptional

mandatory

“compartment”
ptional
ptional

– 05 – 2013-11-06 – Sod –

9/31

SLIDE 6

Object Diagrams: More Examples

N ⊂

D(C ) finite,

E ⊂ N × V0,1,∗ × N, X = {X} ˙ ∪ (V (D(T ) ∪

D(C∗)))

u1 ∈ dom(σ) ∧ u2 ∈ σ(u1)(r), f(u) ⊆ σ(u) or f(u) = {X}

σ = {1C → {p → ∅, n → {5C}}, 5C → {p → ∅, n → ∅}, 1D → {x → 23}} vs.

(∅, ∅, ∅)
1C : C

p = ∅ 5C : C n = ∅ p = ∅ 1D : D x = 23 n

1C : C

5C : C 1D : D x = 23 n

1C : C

5C : C 1D : D

1C : C

5C : C 1D : D x = 23 x

– 05 – 2013-11-06 – Sod –

10/31

Complete vs. Partial Object Diagram

Definition. Let G = (N, E, f) be an object diagram of system

state σ ∈ Σ

D S .

We call G complete wrt. σ if and only if

G is object complete, i.e.
G consists of all alive objects, i.e. N = dom(σ),
G is attribute complete, i.e.
G comprises all “links” between alive objects, i.e.

if u2 ∈ σ(u1)(r) for some u1, u2 ∈ dom(σ) and r ∈ V , then (u1, r, u2) ∈ E, and

each node is labelled with the values of all

T -typed attributes,

i.e. for each u ∈ dom(σ), f(u) = σ(u)|V

T ∪{r → (σ(u)(r)\N) | r ∈ V : σ(u)(r)\N = ∅}

where V

T := {v : τ ∈ V | τ ∈ T }.

Otherwise we call G partial.

– 05 – 2013-11-06 – Sod –

11/31

SLIDE 7

Complete vs. Partial Examples

N = dom(σ),

if u2 ∈ σ(u1)(r), then (u1, r, u2) ∈ E,

f(u) = σ(u)|V

T ∪ {r → (σ(u)(r) \ N) | σ(u)(r) \ N}

Complete or partial?

σ = {1C → {p → ∅, n → {5C}}, 5C → {p → ∅, n → ∅}, 1D → {x → 23}}

1C : C

p = ∅ 5C : C n = ∅ p = ∅ 1D : D x = 23 n

1C : C

5C : C 1D : D x = 23 n

1C : C

5C : C 1D : D

– 05 – 2013-11-06 – Sod –

12/31

Complete/Partial is Relative

Claim:
Each finite system state has exactly one complete object diagram.
A finite system state can have many partial object diagrams.
Each object diagram G represents a set of system states, namely

G−1 := {σ ∈ Σ

D S | G is an object diagram of σ}

Observation: If somebody tells us, that a given (consistent) object

diagram G is complete, we can uniquely reconstruct the corresponding system state. In other words: G−1 is then a singleton.

– 05 – 2013-11-06 – Sod –

13/31

SLIDE 8

Corner Cases

– 05 – 2013-11-06 – main –

14/31

Closed Object Diagrams vs. Dangling References

Find the 10 differences! (Both diagrams shall be complete.)

1C : C 5C : C p = {1C} n 1C : C 5C : C p = {7C} n

Definition.

Let σ be a system state. We say attribute v ∈ V0,1,∗ has a dangling reference in object u ∈ dom(σ) if and only if the attribute’s value comprises an object which is not alive in σ, i.e. if σ(u)(v) ⊂ dom(σ). We call σ closed if and only if no attribute has a dangling reference in any object alive in σ.

T

– 05 – 2013-11-06 – Sodsconf –

15/31

SLIDE 9

Closed Object Diagrams vs. Dangling References

Find the 10 differences! (Both diagrams shall be complete.)

1C : C 5C : C p = {1C} n 1C : C 5C : C p = {7C} n

Definition.

Let σ be a system state. We say attribute v ∈ V0,1,∗ has a dangling reference in object u ∈ dom(σ) if and only if the attribute’s value comprises an object which is not alive in σ, i.e. if σ(u)(v) ⊂ dom(σ). We call σ closed if and only if no attribute has a dangling reference in any object alive in σ. Observation: Let G be the (!) complete object diagram of a closed system state σ. Then the nodes in G are labelled with

T -typed attribute/value pairs only.

– 05 – 2013-11-06 – Sodsconf –

15/31

Special Notation

S = ({Int}, {C}, {n, p : C∗}, {C → {n, p}}).
Instead of

1C : C 5C : C n

we want to write

1C : C p = ∅ 5C : C p = ∅ n

r

1C : C 5C : C n | p | p

to explicitly indicate that attribute p : C∗ has value ∅ (also for p : C0,1).

– 05 – 2013-11-06 – Sodsconf –

16/31

SLIDE 10

Aftermath

We slightly deviate from the standard (for reasons):

In the course, C0,1 and C∗-typed attributes only have sets as values.

UML also considers multisets, that is, they can have

u1 : C u2 : C n n

(This is not an object diagram in the sense of our definition because of the requirement on the edges E. Extension is straightforward but tedious.)

We allow to give the valuation of C0,1- or C∗-typed attributes in the

values compartment.

Allows us to indicate that a certain r is not referring to another object.
Allows us to represent “dangling references”, i.e. references to objects

which are not alive in the current system state.

We introduce a graphical representation of ∅ values.

– 05 – 2013-11-06 – Sodsconf –

17/31

The Other Way Round

– 05 – 2013-11-06 – main –

18/31

SLIDE 11

The Other Way Round

If we only have a picture as below, we typically assume that it’s meant

to be an object diagram wrt. some signature and structure.

u1 : C u2 : C u3 : D z = 0 x p

In the example, we can conclude (by “good will”) that the author is

referring to some signature

S = (T, C, V, atr) with at least

{C, D} ⊆

C ,

T ∈

T ,

{x : C∗, p : C∗, z : T} ⊆ V ,
{x} ⊆ atr(C),
{p, z} ⊆ atr(D),

and a structure with

{u1, u2} ⊆

D(C),

u3 ∈

D(D),

0 ∈

D(T).

– 05 – 2013-11-06 – Sotherway –

19/31

Example: Object Diagrams for Documentation

– 05 – 2013-11-06 – main –

20/31

SLIDE 12

Example: Data Structure [Schumann et al., 2008]

– 05 – 2013-11-06 – St9r –

21/31

Example: Illustrative Object Diagram [Schumann et al., 2008]

– 05 – 2013-11-06 – St9r –

22/31

SLIDE 13

OCL Consistency

– 05 – 2013-11-06 – main –

23/31

OCL Satisfaction Relation

In the following,

S denotes a signature and D a structure of S .

Definition (Satisfaction Relation). Let ϕ be an OCL constraint over

S and σ ∈ Σ D S a system state.

We write

σ |

= ϕ if and only if I

Jϕ K(σ, ∅) = true.

σ |

= ϕ if and only if I

Jϕ K(σ, ∅) = false.

Note: In general we can’t conclude from ¬(σ | = ϕ) to σ | = ϕ or vice versa.

– 05 – 2013-11-06 – Soclsat –

24/31

SLIDE 14

Object Diagrams and OCL

Let G be an object diagram of signature

S wrt. structure D.

Let expr be an OCL expression over

S .

We say G satisfies expr, denoted by G | = expr, if and only if ∀ σ ∈ G−1 : σ | = expr.

If G is complete, we can also talk about “|

=”.

(Otherwise better not to avoid confusion: G−1 could comprise different system states in which expr evaluates to true, false, and ⊥.)

Example:

(complete — what if not complete wrt. object/attribute/both?)

1C : C p = ∅ 5C : C n = ∅ p = ∅ 1D : D x = 23 n

context C inv : n -> isEmpty()
context C inv : p . n -> isEmpty()
context D inv : x = 0

– 05 – 2013-11-06 – Soclsat –

25/31

OCL Consistency

Definition (Consistency). A set Inv = {ϕ1, . . . , ϕn} of OCL constraints over

S is called consistent (or satisfiable) if and only if

there exists a system state of

S wrt. D which satisfies all of them,

i.e. if ∃ σ ∈ Σ

D S : σ |

= ϕ1 ∧ ... ∧ σ | = ϕn and inconsistent (or unrealizable) otherwise.

– 05 – 2013-11-06 – Soclsat –

26/31

SLIDE 15

OCL Inconsistency Example

((C) Prof. Dr. P. Thiemann, http://proglang.informatik.uni-freiburg.de/teaching/swt/2008/)

TeamMember name : String age : Integer name : String Location participants 2..* meetings * title : String numParticipants : Integer start : Date duration: Time Meeting move(newStart : Date) 1 * location meeting

context Location inv :

name = ’Lobby’ implies meeting -> isEmpty()

context Meeting inv :

title = ’Reception’ implies location . name = ”Lobby”

allInstancesMeeting -> exists(w : Meeting | w . title = ’Reception’)

– 05 – 2013-11-06 – Soclsat –

27/31

Deciding OCL Consistency

Whether a set of OCL constraints is satisfiable or not is in general not

as obvious as in the made-up example.

Wanted: A procedure which decides the OCL satisfiability problem.
Unfortunately: in general undecidable.

Otherwise we could, for instance, solve diophantine equations c1xn1

1 + · · · + cmxnm m = d.

Encoding in OCL: allInstancesC -> exists(w : C | c1 ∗ w.xn1

1 + · · · + cm ∗ w.xnm m = d).

And now? Options:

[Cabot and Claris´

, 2008]
Constrain OCL, use a less rich fragment of OCL.
Revert to finite domains — basic types vs. number of objects.

– 05 – 2013-11-06 – Soclsat –

28/31

SLIDE 16

OCL Critique

Expressive Power:
“Pure OCL expressions only compute primitive recursive functions, but not

recursive functions in general.” [Cengarle and Knapp, 2001]

Evolution over Time: “finally self .x > 0”

Proposals for fixes e.g. [Flake and M¨ uller, 2003]. (Or: sequence diagrams.)

Real-Time: “Objects respond within 10s”

Proposals for fixes e.g. [Cengarle and Knapp, 2002]

Reachability: “After insert operation, node shall be reachable.”

Fix: add transitive closure.

Concrete Syntax

“The syntax of OCL has been criticized – e.g., by the authors of Catalysis [...] – for being hard to read and write.

OCL’s expressions are stacked in the style of Smalltalk, which makes it hard

to see the scope of quantified variables.

Navigations are applied to atoms and not sets of atoms, although there is a

collect operation that maps a function over a set.

Attributes, [...], are partial functions in OCL, and result in expressions with

undefined value.” [Jackson, 2002]

– 05 – 2013-11-06 – Soclsat –

29/31

References

– 05 – 2013-11-06 – main –

30/31

SLIDE 17

References

[Cabot and Claris´

, 2008] Cabot, J. and Claris´
, R. (2008). UML-OCL verification in
practice. In Chaudron, M. R. V., editor, MoDELS Workshops, volume 5421 of Lecture

Notes in Computer Science. Springer. [Cengarle and Knapp, 2001] Cengarle, M. V. and Knapp, A. (2001). On the expressive power

f pure OCL. Technical Report 0101, Institut f¨

ur Informatik, Ludwig-Maximilians-Universit¨ at M¨ unchen. [Cengarle and Knapp, 2002] Cengarle, M. V. and Knapp, A. (2002). Towards OCL/RT. In Eriksson, L.-H. and Lindsay, P. A., editors, FME, volume 2391 of Lecture Notes in Computer Science, pages 390–409. Springer-Verlag. [Flake and M¨ uller, 2003] Flake, S. and M¨ uller, W. (2003). Formal semantics of static and temporal state-oriented OCL constraints. Software and Systems Modeling, 2(3):164–186. [Jackson, 2002] Jackson, D. (2002). Alloy: A lightweight object modelling notation. ACM Transactions on Software Engineering and Methodology, 11(2):256–290. [OMG, 2007a] OMG (2007a). Unified modeling language: Infrastructure, version 2.1.2. Technical Report formal/07-11-04. [OMG, 2007b] OMG (2007b). Unified modeling language: Superstructure, version 2.1.2. Technical Report formal/07-11-02. [Schumann et al., 2008] Schumann, M., Steinke, J., Deck, A., and Westphal, B. (2008). Traceviewer technical documentation, version 1.0. Technical report, Carl von Ossietzky Universit¨ at Oldenburg und OFFIS.

– 05 – 2013-11-06 – main –

31/31