SLIDE 1 Theoretical Foundations of the UML
Lecture 5+6: Compositional Message Sequence Graphs Joost-Pieter Katoen
Lehrstuhl für Informatik 2 Software Modeling and Verification Group
moves.rwth-aachen.de/teaching/ss-20/fuml/
May 4, 2020
Joost-Pieter Katoen Theoretical Foundations of the UML 1/29
SLIDE 2 Outline
1
A non-decomposable MSC
2
Compositional Message Sequence Charts
3
Compositional Message Sequence Graphs
4
Safe Compositional Message Sequence Graphs
5
Existence of Safe Paths
6
Universality of Safe Paths
Joost-Pieter Katoen Theoretical Foundations of the UML 2/29
9-
r
!
two
decision
problem ,
Undecidable decidable
SLIDE 3 Overview
1
A non-decomposable MSC
2
Compositional Message Sequence Charts
3
Compositional Message Sequence Graphs
4
Safe Compositional Message Sequence Graphs
5
Existence of Safe Paths
6
Universality of Safe Paths
Joost-Pieter Katoen Theoretical Foundations of the UML 3/29
SLIDE 4 An MSC that cannot be decomposed
[Yannakakis 1999]
Joost-Pieter Katoen Theoretical Foundations of the UML 4/29
→
.
c-
SLIDE 5 An MSC that cannot be decomposed
[Yannakakis 1999]
This MSC cannot be decomposed as M1 • M2 • . . . • Mn for n > 1
Joost-Pieter Katoen Theoretical Foundations of the UML 4/29
e ,
ez
:
:L
"
?
:
I
Mz
=
SLIDE 6 An MSC that cannot be decomposed
[Yannakakis 1999]
This MSC cannot be decomposed as M1 • M2 • . . . • Mn for n > 1 This can be seen as follows: e1 and e2 = m(e1) must both belong to M1
Joost-Pieter Katoen Theoretical Foundations of the UML 4/29
SLIDE 7 An MSC that cannot be decomposed
[Yannakakis 1999]
This MSC cannot be decomposed as M1 • M2 • . . . • Mn for n > 1 This can be seen as follows: e1 and e2 = m(e1) must both belong to M1 e3 e2 and e1 e4 thus e3, e4 / 2 Mj , for j < 1 and j > 1 = ) e3, e4 must belong to M1
Joost-Pieter Katoen Theoretical Foundations of the UML 4/29
O
SLIDE 8 An MSC that cannot be decomposed
[Yannakakis 1999]
This MSC cannot be decomposed as M1 • M2 • . . . • Mn for n > 1 This can be seen as follows: e1 and e2 = m(e1) must both belong to M1 e3 e2 and e1 e4 thus e3, e4 / 2 Mj , for j < 1 and j > 1 = ) e3, e4 must belong to M1 by similar reasoning: e5, e6 2 M1 etc.
Joost-Pieter Katoen Theoretical Foundations of the UML 4/29
O
Or
G
SLIDE 9 An MSC that cannot be decomposed
[Yannakakis 1999]
This MSC cannot be decomposed as M1 • M2 • . . . • Mn for n > 1 This can be seen as follows: e1 and e2 = m(e1) must both belong to M1 e3 e2 and e1 e4 thus e3, e4 / 2 Mj , for j < 1 and j > 1 = ) e3, e4 must belong to M1 by similar reasoning: e5, e6 2 M1 etc.
Problem:
Compulsory matching between send and receive events in the same MSG vertex (i.e., send e and receive m(e) must belong to the same MSC).
Joost-Pieter Katoen Theoretical Foundations of the UML 4/29
DIT
SLIDE 10 Overview
1
A non-decomposable MSC
2
Compositional Message Sequence Charts
3
Compositional Message Sequence Graphs
4
Safe Compositional Message Sequence Graphs
5
Existence of Safe Paths
6
Universality of Safe Paths
Joost-Pieter Katoen Theoretical Foundations of the UML 5/29
compulsory
matching
send and receive events within the
same
MSC
is
relaxed
SLIDE 11 Compositional MSCs
[Gunter, Muscholl, Peled 2001]
Solution: drop restriction that e and m(e) belong to the same MSC (= allow for incomplete message transfer)
Joost-Pieter Katoen Theoretical Foundations of the UML 6/29
n
p
a-
Msc
" {
÷
e .
SLIDE 12 Compositional MSCs
[Gunter, Muscholl, Peled 2001]
Solution: drop restriction that e and m(e) belong to the same MSC (= allow for incomplete message transfer)
Definition (Compositional MSC)
M = (P, E, C, l, m, ) is a compositional MSC (CMSC, for short) where P, E, C and l are defined as before, and
Joost-Pieter Katoen Theoretical Foundations of the UML 6/29
\
at
labeling
⇐
es !
message
e
,
e
→
! G.
arm ) content
?
ftp.m )
SLIDE 13 Compositional MSCs
[Gunter, Muscholl, Peled 2001]
Solution: drop restriction that e and m(e) belong to the same MSC (= allow for incomplete message transfer)
Definition (Compositional MSC)
M = (P, E, C, l, m, ) is a compositional MSC (CMSC, for short) where P, E, C and l are defined as before, and m : E! ! E? is a partial, injective function such that (as before): m(e) = e0 ^ l(e) = !(p, q, a) implies l(e0) = ?(q, p, a)
Joost-Pieter Katoen Theoretical Foundations of the UML 6/29
in Mses
,
it
is
a
bijection
(
in
Msas
it
is
a
total Anatto
?
injective
e
, ,ez
EE
!
e.
He
,
⇒ rule
, ) -4
mlez )
SLIDE 14 Compositional MSCs
[Gunter, Muscholl, Peled 2001]
Solution: drop restriction that e and m(e) belong to the same MSC (= allow for incomplete message transfer)
Definition (Compositional MSC)
M = (P, E, C, l, m, ) is a compositional MSC (CMSC, for short) where P, E, C and l are defined as before, and m : E! ! E? is a partial, injective function such that (as before): m(e) = e0 ^ l(e) = !(p, q, a) implies l(e0) = ?(q, p, a) = S
p2P <p
[ {(e, m(e)) | e 2 dom(m) | {z }
domain of m
| {z }
“m(e) is defined”
} ⇤
Joost-Pieter Katoen Theoretical Foundations of the UML 6/29
C-
*
vertical
- rdering
- horizontal
- rdering
SLIDE 15 Compositional MSCs
[Gunter, Muscholl, Peled 2001]
Solution: drop restriction that e and m(e) belong to the same MSC (= allow for incomplete message transfer)
Definition (Compositional MSC)
M = (P, E, C, l, m, ) is a compositional MSC (CMSC, for short) where P, E, C and l are defined as before, and m : E! ! E? is a partial, injective function such that (as before): m(e) = e0 ^ l(e) = !(p, q, a) implies l(e0) = ?(q, p, a) = S
p2P <p
[ {(e, m(e)) | e 2 dom(m) | {z }
domain of m
| {z }
“m(e) is defined”
} ⇤
Note:
An MSC is a CMSC where m is total and bijective.
Joost-Pieter Katoen Theoretical Foundations of the UML 6/29
SLIDE 16 CMSC example
m(e2) = e3 e1 / 2 dom(m) e4 / 2 rng(m)
Joost-Pieter Katoen Theoretical Foundations of the UML 7/29
÷
.
.
.
SLIDE 17 Concatenation of CMSCs (1)
Let Mi = (Pi, Ei, Ci, li, mi, i) 2 CM i 2 {1, 2} be CMSCs with E1 \ E2 = ∅
Joost-Pieter Katoen Theoretical Foundations of the UML 8/29
the set
cozy
;
bond
"
"
'
SLIDE 18 Concatenation of CMSCs (1)
Let Mi = (Pi, Ei, Ci, li, mi, i) 2 CM i 2 {1, 2} be CMSCs with E1 \ E2 = ∅ The concatenation of CMSCs M1 and M2 is the CMSC M1 • M2 = (P1 [ P2, E, C1 [ C2, l, m, ) with:
Joost-Pieter Katoen Theoretical Foundations of the UML 8/29
SLIDE 19 Concatenation of CMSCs (1)
Let Mi = (Pi, Ei, Ci, li, mi, i) 2 CM i 2 {1, 2} be CMSCs with E1 \ E2 = ∅ The concatenation of CMSCs M1 and M2 is the CMSC M1 • M2 = (P1 [ P2, E, C1 [ C2, l, m, ) with: E = E1 [ E2 l(e) = l1(e) if e 2 E1 , l2(e) otherwise
Joost-Pieter Katoen Theoretical Foundations of the UML 8/29
}
all
the
same as
for
MSCS
.
SLIDE 20 Concatenation of CMSCs (1)
Let Mi = (Pi, Ei, Ci, li, mi, i) 2 CM i 2 {1, 2} be CMSCs with E1 \ E2 = ∅ The concatenation of CMSCs M1 and M2 is the CMSC M1 • M2 = (P1 [ P2, E, C1 [ C2, l, m, ) with: E = E1 [ E2 l(e) = l1(e) if e 2 E1 , l2(e) otherwise m(e) = E! ! E? satisfies:
1
m extends m1 and m2, i.e., e 2 dom(mi) implies m(e) = mi(e)
Joost-Pieter Katoen Theoretical Foundations of the UML 8/29
for
events
is
E
,
.
for
my
is
defined the
matching
event
remains
the
same
SLIDE 21 Concatenation of CMSCs (1)
Let Mi = (Pi, Ei, Ci, li, mi, i) 2 CM i 2 {1, 2} be CMSCs with E1 \ E2 = ∅ The concatenation of CMSCs M1 and M2 is the CMSC M1 • M2 = (P1 [ P2, E, C1 [ C2, l, m, ) with: E = E1 [ E2 l(e) = l1(e) if e 2 E1 , l2(e) otherwise m(e) = E! ! E? satisfies:
1
m extends m1 and m2, i.e., e 2 dom(mi) implies m(e) = mi(e)
2
m matches unmatched send events in M1 with unmatched receive events in M2 according to order on process (matching from top to bottom)
Joost-Pieter Katoen Theoretical Foundations of the UML 8/29
i
I
.
I
:*
I
ng
Me
SLIDE 22 Concatenation of CMSCs (1)
Let Mi = (Pi, Ei, Ci, li, mi, i) 2 CM i 2 {1, 2} be CMSCs with E1 \ E2 = ∅ The concatenation of CMSCs M1 and M2 is the CMSC M1 • M2 = (P1 [ P2, E, C1 [ C2, l, m, ) with: E = E1 [ E2 l(e) = l1(e) if e 2 E1 , l2(e) otherwise m(e) = E! ! E? satisfies:
1
m extends m1 and m2, i.e., e 2 dom(mi) implies m(e) = mi(e)
2
m matches unmatched send events in M1 with unmatched receive events in M2 according to order on process (matching from top to bottom) the k-th unmatched send in M1 is matched with the k-th unmatched receive in M2 (of the same “type”)
Joost-Pieter Katoen Theoretical Foundations of the UML 8/29
I
message
content
"
¥ It
/
gender
corresponds to
receiver
p
SLIDE 23 Concatenation of CMSCs (1)
Let Mi = (Pi, Ei, Ci, li, mi, i) 2 CM i 2 {1, 2} be CMSCs with E1 \ E2 = ∅ The concatenation of CMSCs M1 and M2 is the CMSC M1 • M2 = (P1 [ P2, E, C1 [ C2, l, m, ) with: E = E1 [ E2 l(e) = l1(e) if e 2 E1 , l2(e) otherwise m(e) = E! ! E? satisfies:
1
m extends m1 and m2, i.e., e 2 dom(mi) implies m(e) = mi(e)
2
m matches unmatched send events in M1 with unmatched receive events in M2 according to order on process (matching from top to bottom) the k-th unmatched send in M1 is matched with the k-th unmatched receive in M2 (of the same “type”)
3
M1 • M2 is FIFO (when restricted to matched events)
Joost-Pieter Katoen Theoretical Foundations of the UML 8/29
l
SLIDE 24 Concatenation of CMSCs (2)
Let Mi = (Pi, Ei, Ci, li, mi, i) 2 CM i 2 {1, 2} be CMSCs with E1 \ E2 = ∅ The concatenation of CMSCs M1 and M2 is the CMSC M1 • M2 = (P1 [ P2, E1 [ E2, C1 [ C2, l, m, ) with:
Joost-Pieter Katoen Theoretical Foundations of the UML 9/29
SLIDE 25 Concatenation of CMSCs (2)
Let Mi = (Pi, Ei, Ci, li, mi, i) 2 CM i 2 {1, 2} be CMSCs with E1 \ E2 = ∅ The concatenation of CMSCs M1 and M2 is the CMSC M1 • M2 = (P1 [ P2, E1 [ E2, C1 [ C2, l, m, ) with: l and m are defined as on the previous slide is the reflexive and transitive closure of: ⇣S
p2P <p,1 [ <p,2
⌘ [ {(e, e0) | e 2 E1 \ Ep , e0 2 E2 \ Ep} [ {(e, m(e) | e 2 dom(m)}
Joost-Pieter Katoen Theoretical Foundations of the UML 9/29
{
÷÷
.
→
Process
wise i
all
events
at
process
p
in
Mz
hoppers after
all event
at p
in
M
,
.
SLIDE 26 Examples
Joost-Pieter Katoen Theoretical Foundations of the UML 10/29
SLIDE 27 Examples
Joost-Pieter Katoen Theoretical Foundations of the UML 10/29
①
Q
:O
: :
for
this
M
, and
①
①
Mz
,
Mi
.
M2
(2) g @
↳
is
not
defined
8-8
:
SLIDE 28 Associativity
Joost-Pieter Katoen Theoretical Foundations of the UML 11/29
8
P2
①
T÷÷T
f
Mscs
,
associative
(M
,
.
Md
. My
=
M
,
° ( Me . Mg)
T
no longer #
so
SLIDE 29 Associativity
Note:
Concatenation of CMSCs is not associative.
Joost-Pieter Katoen Theoretical Foundations of the UML 11/29
t
SLIDE 30 Overview
1
A non-decomposable MSC
2
Compositional Message Sequence Charts
3
Compositional Message Sequence Graphs
4
Safe Compositional Message Sequence Graphs
5
Existence of Safe Paths
6
Universality of Safe Paths
Joost-Pieter Katoen Theoretical Foundations of the UML 12/29
SLIDE 31 Compositional MSG
Let CM be the set of all CMSCs.
Definition (Compositional MSG)
A compositional MSG (CMSG) G = (V, !, v0, F, λ) with λ : V ! CM, where V, !, v0, and F as for MSGs. The difference with an MSG is that the vertices in a CMSG are labeled with compositional MSCs (rather than “real” MSCs).
Joost-Pieter Katoen Theoretical Foundations of the UML 13/29
y
fr
£
"
" "
#
graph
✓ o EV
#
initial
vertex
(
sun
vrhees
SLIDE 32 Paths
Joost-Pieter Katoen Theoretical Foundations of the UML 14/29
SLIDE 33 Paths
Let G = (V, !, v0, F, λ) be a CMSG.
Joost-Pieter Katoen Theoretical Foundations of the UML 14/29
SLIDE 34 Paths
Let G = (V, !, v0, F, λ) be a CMSG.
Definition (Path in a CMSG)
A path π of G is a finite sequence π = u0 u1 . . . un with ui 2 V (0 i n) and ui ! ui+1 (0 i < n)
Joost-Pieter Katoen Theoretical Foundations of the UML 14/29
SLIDE 35 Paths
Let G = (V, !, v0, F, λ) be a CMSG.
Definition (Path in a CMSG)
A path π of G is a finite sequence π = u0 u1 . . . un with ui 2 V (0 i n) and ui ! ui+1 (0 i < n)
Definition (Accepting path of a CMSG)
Path π = u0 . . . un is accepting if: u0 = v0 and un 2 F.
Joost-Pieter Katoen Theoretical Foundations of the UML 14/29
initial
end in
accepting
vertex vertex
SLIDE 36 Paths
Let G = (V, !, v0, F, λ) be a CMSG.
Definition (Path in a CMSG)
A path π of G is a finite sequence π = u0 u1 . . . un with ui 2 V (0 i n) and ui ! ui+1 (0 i < n)
Definition (Accepting path of a CMSG)
Path π = u0 . . . un is accepting if: u0 = v0 and un 2 F.
Definition (CMSC of a path)
The CMSC of a path π = u0 . . . un is: M(π) = (. . . (λ(u0) • λ(u1)) • λ(u2) . . .) • λ(un) where CMSC concatenation is left associative.
Joost-Pieter Katoen Theoretical Foundations of the UML 14/29
SLIDE 37 The MSC language of a CMSG
Definition (Language of a CMSG)
The (MSC) language of CMSG G is defined by: L(G) = { M(π) 2 M | {z }
| π is an accepting path of G}.
Joost-Pieter Katoen Theoretical Foundations of the UML 15/29
Cnsc ofpaf
set
Msg
L C o ) E
TM
net
:
LCE)
E
GIM ) IM
SLIDE 38 The MSC language of a CMSG
Definition (Language of a CMSG)
The (MSC) language of CMSG G is defined by: L(G) = { M(π) 2 M | {z }
| π is an accepting path of G}.
Note: Accepting paths that give rise to an CMSC (which is not an MSC) are not part of L(G).
Joost-Pieter Katoen Theoretical Foundations of the UML 15/29
SLIDE 39 Yannakakis’ example as compositional MSG
Joost-Pieter Katoen Theoretical Foundations of the UML 16/29
SLIDE 40 Yannakakis’ example as compositional MSG
This MSC cannot be modeled for n > 1 by: M = M1 • M2 • . . . • Mn with Mi 2 M
Joost-Pieter Katoen Theoretical Foundations of the UML 16/29
SLIDE 41 Yannakakis’ example as compositional MSG
This MSC cannot be modeled for n > 1 by: M = M1 • M2 • . . . • Mn with Mi 2 M Thus it cannot be modeled by a MSG.
Joost-Pieter Katoen Theoretical Foundations of the UML 16/29
SLIDE 42 Yannakakis’ example as compositional MSG
This MSC cannot be modeled for n > 1 by: M = M1 • M2 • . . . • Mn with Mi 2 M Thus it cannot be modeled by a MSG. But it can be modeled as compositional MSG:
Joost-Pieter Katoen Theoretical Foundations of the UML 16/29
A
SLIDE 43 CMS G
g
: Pi
P2
Msc
M
, E
L ( G )
a
Vo
In
. 2
j
.
. )
safe
±
In
?
Evey
accepting
path
IT
for
G
i
M
Cst )
is
an
Msc
→
Mcm )
e Llg ) C MSG
g
is
called
safe
SLIDE 44 Overview
1
A non-decomposable MSC
2
Compositional Message Sequence Charts
3
Compositional Message Sequence Graphs
4
Safe Compositional Message Sequence Graphs
5
Existence of Safe Paths
6
Universality of Safe Paths
Joost-Pieter Katoen Theoretical Foundations of the UML 17/29
SLIDE 45 Safe paths and CMSGs
Joost-Pieter Katoen Theoretical Foundations of the UML 18/29
SLIDE 46 Safe paths and CMSGs
Definition (Safe path)
Path π of CMSG G is safe whenever M(π) ∈ M.
Joost-Pieter Katoen Theoretical Foundations of the UML 18/29
/
Msc
the CMSC
IT
SLIDE 47 Safe paths and CMSGs
Definition (Safe path)
Path π of CMSG G is safe whenever M(π) ∈ M.
Definition (Safe CMSG)
CMSG G is safe if for every accepting path π of G, M(π) is an MSC.
Joost-Pieter Katoen Theoretical Foundations of the UML 18/29
SLIDE 48 Safe paths and CMSGs
Definition (Safe path)
Path π of CMSG G is safe whenever M(π) ∈ M.
Definition (Safe CMSG)
CMSG G is safe if for every accepting path π of G, M(π) is an MSC.
So:
CMSG G is safe if on any of its accepting paths there are no unmatched sends and receipts, i.e., if any of its accepting paths is indeed an MSC.
Joost-Pieter Katoen Theoretical Foundations of the UML 18/29
SLIDE 49 Overview
1
A non-decomposable MSC
2
Compositional Message Sequence Charts
3
Compositional Message Sequence Graphs
4
Safe Compositional Message Sequence Graphs
5
Existence of Safe Paths
6
Universality of Safe Paths
Joost-Pieter Katoen Theoretical Foundations of the UML 19/29
SLIDE 50 Existence of a safe accepting path
Theorem: undecidability of existence of a safe path
The decision problem “does CMSG G have at least one safe, accepting path?” is undecidable.
Joost-Pieter Katoen Theoretical Foundations of the UML 20/29
SLIDE 51 Existence of a safe accepting path
Theorem: undecidability of existence of a safe path
The decision problem “does CMSG G have at least one safe, accepting path?” is undecidable.
Proof.
By a reduction from Post’s Correspondence Problem (PCP). . . . black board . . .
Joost-Pieter Katoen Theoretical Foundations of the UML 20/29
SLIDE 52 Existence of a safe accepting path
Theorem: undecidability of existence of a safe path
The decision problem “does CMSG G have at least one safe, accepting path?” is undecidable.
Proof.
By a reduction from Post’s Correspondence Problem (PCP). . . . black board . . .
The complement decision problem “does CMSG G have no safe, accepting path?” is undecidable too.
Joost-Pieter Katoen Theoretical Foundations of the UML 20/29
SLIDE 53 Claim
:
the
decision
problem
"
does
CMS G
g
hare at
least
safe
path ?
"
is
undecidable
.
L
t accepting
Pinot
by
a
reduction
from
the PCP
problem
.
Proof
idea
:
instance
Pcp
1-3
instance
(
u
,
w )
CMSG
few
/
U={
a
,
,
Un )
up
EE*
W
we
,
. . . ,wn3
wie
Et
"
" th
it
"
d
⇒
" t C
MSG
gyu
has
a
safe
, accepting
path
.
it
,
ij
E
Et
. .
n ]
Such
that
Ui
, Wiz
.
=
Wi
, Wiz
How does the CMSG
Gu
,w
look like
?
FF
Zun
SLIDE 54 Components
CMSG
Guy
:
Pe
{
pi
,
Pz
, Pg , Pg }
processes
C
=
E to
{
end }
a
{
9
.
Ej
V
=
LY
,
.
.
.vn } u
Lui
,
.
.
.vn/3v2vr-3
Fe
E up I
b ( Vi )
=
CMSG
corresponding
to
the word
we
>
( vi. )
=
a
a
a
a
Wi
the
do
the
vertices
Ye
,
up
'
and
up
look
the?
By
example
.
let
E=
{
a.
b }
,
ui=abaa
,
wi
Then
:
Pi
Pc
Pg Pg
the word
a
s
R
=
b
and index
>
pz
L
a sp ,
→
a
Pu
I
)
pz
P ,
Pz
Ps
Pg
⇐
receive
the
.
J ( v )
= Pro
>
u
word
Wi plus
I
a
O 7
Pz
a
"
Pr
index
l
SLIDE 55 ther )
p ,
P2
Pg
Pg end
end
→ →
⑦
,
②
emo
⑦
indicates
that
process
p
,
has
sent
all its
messages
to
p ,
and
if
⑦
is
received
by
pz
,
all
messages
p , have
been
received
by
pz
.
②
similar
as
①
but
now
for
the
"
index
"
messages
that
are
exchanged
between
Pz
Ipg
.
③
indicates that
both
"phases
"
①
and
②
have
finished
.
SLIDE 56 It
remains
to prove that the
seduction
:
PCP instance
C
UN )
1-3
CMSG
gyu
is
correct
.
That
is
,
proof
is
:
(
u
,
w)
has
a
solution
iff
gu ,w
has
a
safe
,
accepting
path
Proof ,
←
⇒
"
let
index
sequence
in
,
. . .
, in
be
a
solution
PCP
instance
(
U
,
w )
.
Then
there
is
accepting
path
is
gyu
:
ii
"
w
"
,
it
. .
¥n:wi¥
/
the
traverse
the
.
.
vertices
"
y
.
' "
vertices
/
)
according
to
according
to
,
/
in
.
.
its 4
D As
in
,
. .
.
, ik
is
a
solution
to
(
UW )
,
and
by
construction
the
Chs
G
gu ,
w
it
follows
that
:
MCI )
=
((( blue ;)
.
diving)
.
bae ;)
.
.
.
.
.
> coin )
.
Hur )
(
left
bracketing
)
is
an
Msg
.
Thus
IT is
safe
and
it
is
accepting
.
SLIDE 57 "
⇐
IT
be
a
safe
, accepting
path
in
Gu ,w
Assume
:
it
Vj
,
Vg:
steps
k
steps
with
in
,
E
{
I
,
.
→
n )
and
ji
,
. . ,jk
E
{
3-
in }
.
Since
IT
is
safe
and
ends in
vertex
up
,
it
follows
:
①
as
? ( pg
, Pg
,
end )
in
Vp
,
all
unmatched sends
by
Pz
in Sub
path
Vi
,
.
Vin
,
are
matched
by
corresponding
receive
events
by
pg
in
the
Sub
path
Vj ,
. Vj; .
As in
each vertex
vie
que
message
is
sent
from
pg
and
in
V£e
message
is
received
by
pm
,
it
follows
that
MI
②
As
IT is
safe
,
it follows
that
b
Vii
Vg;
Vjm
is
safe
and
Fifo
.
all
"
index
"
messages 4
,
. .
, im
set
by
pg
are
received
by
Pg
;
in
the
same
.
SLIDE 58 Thus
Ep
=
In
,
Ez
,
.
,
Em
So D=
VE
,
.
Vim
VI;
. VIM Vp
is
Safet
As IT
is
completed
by
? Cpa
, Pz
,
end )
and
!
C Papa
,
end )
after
? C pz.pe
,
end
)
,
it
follows that
pa
has received
all
"
index
"
messages
,
pz
has received
all
messages
sent
by
pay
in
VE
,
p
,
has
sent
we ;
Uim
C to
pz )
,
process
pz
has received Wc ;
.
Wim
Since
LT is
safe
,
it follows
Ui
,
=
Wu ;
. Wim
Thus
:
Ey
. . .
Em
is
a
solution
to
the Pcp instance
(
a.
w )
DX
SLIDE 59 Overview
1
A non-decomposable MSC
2
Compositional Message Sequence Charts
3
Compositional Message Sequence Graphs
4
Safe Compositional Message Sequence Graphs
5
Existence of Safe Paths
6
Universality of Safe Paths
Joost-Pieter Katoen Theoretical Foundations of the UML 21/29
✓
Yann ekokis
✓
"
⇒
safe
path
✓
undecidable
a
CMS G
have
safe
paths
?
