Theoretical Foundations of the UML 2) HMM ( Lecture 15+16: A - PowerPoint PPT Presentation

Theoretical Foundations of the UML 2) HMM ( Lecture 15+16: A Logic for MSCs Part Joost-Pieter Katoen Lehrstuhl für Informatik 2 Software Modeling and Verification Group moves.rwth-aachen.de/teaching/ss-20/fuml/ June 15, 2020 Head Joost-Pieter Katoen Theoretical Foundations of the UML 1/41

Outline Introduction Propositional 1 ) c Local Formulas and Path Expressions 2 Syntax Formal Semantics PDL Formulas 3 OI Verification problems for PDL formula 4 M PDL MSC - Model checking MSCs - ? MEE Model checking CFMs Model checking MSGs \ OI formula g PDL MSG Satisfiability - ? COI ? Leg ) MKE tf Frisch MKOI ME . . Joost-Pieter Katoen Theoretical Foundations of the UML 2/41

Overview Introduction 1 Local Formulas and Path Expressions 2 Syntax Formal Semantics PDL Formulas 3 Verification problems for PDL 4 Model checking MSCs Model checking CFMs Model checking MSGs Satisfiability Joost-Pieter Katoen Theoretical Foundations of the UML 20/41

Local formulas Definition (Syntax of local formulas) For communication action σ ∈ Act and path expression α , the grammar of local formulas is given by: ! 4,2 ? C 2 , a) forward , # ϕ ::= true | σ | ¬ ϕ | ϕ ∨ ϕ | � α � ϕ | � α � − 1 ϕ ✓ backward The syntax of path expressions α will be defined later on. Definition (Derived operators) regular false := ¬ true 2 is a G) e expressions ϕ 1 ∧ ϕ 2 := ¬ ( ¬ ϕ 1 ∨ ¬ ϕ 2 ) describes the ϕ 1 → ϕ 2 := ¬ ϕ 1 ∨ ϕ 2 admitted possible to navigate [ α ] ϕ := ¬ � α � ¬ ϕ ways ¬ � α � − 1 ¬ ϕ through MSC [ α ] − 1 ϕ a := Joost-Pieter Katoen Theoretical Foundations of the UML 10/41

Path expressions A Definition (Syntax of local formulas) For communication action σ ∈ Act and path expression α , the grammar of local formulas is given by: ϕ ::= true | σ | ¬ ϕ | ϕ ∨ ϕ | � α � ϕ | � α � − 1 ϕ Definition (Syntax of path expressions) For local formula ϕ , the grammar of path expressions is given by: α ::= { ϕ } | proc | msg | α ; α | α + α | α ∗ 4 I T horizontally local I 2 right vertically left s msg ) formula ( ileft downwards proc ) ' cmsgj right backwards C ^ - pros > Joost-Pieter Katoen Theoretical Foundations of the UML 12/41

PDL formulas if satisfying event contain does the MSC an " $ " & " ° " " " " " ( ! & " eh " Definition (Syntax of PDL formulas) For local formula ϕ , the grammar of PDL formulas is given by: v Φ ::= ∃ ϕ | ∀ ϕ | Φ ∧ Φ | Φ ∨ Φ Negation Negation is absent. As existential and universal quantification, as well as - conjunction and disjunction are present, PDF-formulas are closed under negation. Joost-Pieter Katoen Theoretical Foundations of the UML 21/41

Intuitive meaning of PDL formulas O MSC M satisfies ∃ ϕ if M has some event e satisfying ϕ O MSC M satisfies ∃� α � ϕ if from some event e in M , there exists an α -labelled path from e to an event e ′ , say, satisfying ϕ O MSC M satisfies ∃ [ α ] ϕ if from some event e in M , every event that can be reached via an α -labelled path satisfies ϕ ( ask > t = - Joost-Pieter Katoen Theoretical Foundations of the UML 22/41

Semantics of PDL formulas Definition (Semantics of PDL formulas) Let M = ( P , E, C , l, m, < ) ∈ M be an MSC. ( M, Φ ) ∈ | = i ff PDL formula Φ holds in MSC M . M | = ∃ ϕ i ff ∃ e ∈ E. M, e | = ϕ • M | = ∀ ϕ i ff ∀ e ∈ E. M, e | = ϕ • - M | = Φ 1 ∧ Φ 2 i ff M | = Φ 1 and M | = Φ 2 • - - M | = Φ 1 ∨ Φ 2 i ff M | = Φ 1 or M | = Φ 2 • - - Joost-Pieter Katoen Theoretical Foundations of the UML 23/41

Example (1) f • o o ? an e ; , a) t The (unique) maximal event of M is labeled by ?(2 , 1 , a ) Yes. No. - - Joost-Pieter Katoen Theoretical Foundations of the UML 24/41

Example (1) y = § a . . The (unique) maximal event of M is labeled by ?(2 , 1 , a ) Yes. No. - - - ∀ ( � ( proc + msg ) ∗ � ([ proc ] false ∧ ?(2 , 1 , a ))) Yes. No. - Joost-Pieter Katoen Theoretical Foundations of the UML 24/41

p proc = ms 8 ma ) ) m - ptm )* > ( Ep ] C ( tf ? ( 2. false F M n - = T te ) of ( formulas semantics PPL iff * ya ) ) ) . ( 's ) ( Ep ] ? ( 2. V-e f fcptm false EE ) e n T - - setof events in M t ) formulas of local semantics Ck iff " ( Xp ( tm ) > ? Can V-e.EE IN Fn et falser Ep ] E . . . event for there intuitive the MSG exists in every : , event ' that an e such and ' Ep ] ? ( 2in a ) false f- e r , - ' ,a§ " ) has Successors C no " ' ( F and Ep e 7 e e ( * ) it . its at and process ' ) ele a ) ?( wits ? Can labeled a , is =

Heft OI holds : ↳ Lcptm )t > ( Ep ] ? fan ,aD f falser I 's take eo e in Mcneff Ck ) V-ec-E.es?eoe-g K and eo , n=z ) ( sp > Sp > f eo e , for all events other and similar M FOI . Thus left , . za ) ? G. eo 't false M CPT i n right event the only in and is Mright formula satisfying this Teo V-ec-En.ge ' e . ' ' St hold this not does as eg eo . M # OI Thus right .

Example (2) • co The maximal event on process 2 is labeled by ?(2 , 1 , a ) Yes. Yes. Joost-Pieter Katoen Theoretical Foundations of the UML 25/41

ma ) ) ( ? ( Ep ] K F false M ? n a ) ) ( 2C ? Ep ) false f iff FEEE n e a. . ( a ) ) ? ( iff FEEE Ep ] f false and et G. e I false ) ( F Tff FEEE ' e' ' EE espe t r e . ? Cana ) ) ) and ele = ' ) ( FEEE ( Nele ?kmaD iff FLEE ecope and 7 . ? ( ? ma ) tteok M I since # left has and successors eo no its at process KOI similar Msight using in a way 0 e Eo -

Example (2) The maximal event on process 2 is labeled by ?(2 , 1 , a ) Yes. Yes. ∃ ([ proc ] false ∧ ?(2 , 1 , a )) Yes. Yes. Joost-Pieter Katoen Theoretical Foundations of the UML 25/41

Example (3) • O O ⑨ No two consecutive events are labeled with ?(2 , 3 , c ) No. Yes. - t : : : ∀ ([ { ?(2 , 3 , c ) } ; proc ; { ?(2 , 3 , c ) } ] false ) No. Yes. - - - + Joost-Pieter Katoen Theoretical Foundations of the UML 26/41

? Case ) ) ) [ { ? ( c ) } f tf false M f ; ; as p , . ] Tff He f- [ false EE e . - . . I ) Ex ] Ct 752377 iff that y use = ( ) false f He EE e 7 n . - . . . - time true ) ( . > IEEE ( iff not f e . . . . line ) 7133,0 } > ( s { c ) } > He ( L ? C 2,3 not Iff et sp ) EE , . the ) ( 7133 , c) If e) feet iff not > s Fsp . ) n e = . . V-ec-E.net/lCe)=?C43,c ) iff and - ? Case ) ) 1- e.) F l( e' ' EE ec.pe and = . # et M take = ez OI and e left e = , formula the and violate above ez q ' ' FOI Mnnght two e and e e cases ez = = , ' ) I ' ape 76,3 llg ' but e , , , ' Ep ' ) I but ? Cas =/ lleo ' ez eo ,

Example (4) • o co • The number of send events at process 3 is odd. No. No. - Joost-Pieter Katoen Theoretical Foundations of the UML 27/41

) ( auxiliary formulas Abbreviations at send acton ! G. j V a ) I . = " ' d to , process r aec - local j process g formula u message contents at send action V I ° top process 1 PEP ? G. j V a ) some receive ?mj = , from j AEC message at process 1 ! a£Y÷ , ;) ( tsjv ¥p,* ? % = . - - Tff at Py 1 f process e e occurs

2 Path that certain asserting expression a j at process some - event of times happens number even an ( ↳ 4,6 O 2 , , , - - - ) 4 formula ( local * ) ( 243 43 a - - - event event event no no no satisfying satisfying 4 4 satisfying Y occurs proc )* proc )* ( Ent ) ; ; ( Int ) ; ; proc

Example (4) The number of send events at process 3 is odd. No. No. formula for similar for PDL property See next slide a a - . Joost-Pieter Katoen Theoretical Foundations of the UML 27/41

Example MSC M has an even number of messages sent from process 1 to 2: . � [ proc ] − 1 false ∧ P 1 � I as ∀ → � α � [ proc ] false - � �� � � �� - � minimal event on process 1 maximal event on process - - where P 1 = � j ∈ P ,j � =1 (! 1 ,j ∨ ? 1 ,j ) with ! 1 ,j = � a ∈ C !(1 , j, a ) and ? 1 ,j is defined in a similar way, i.e., e | = P 1 i ff e occurs at process 1 . Path expression α is defined by: I α = (( {¬ ! 1 } ; proc ) ∗ ; { ! 1 } ; proc ; ( {¬ ! 1 } ; proc ) ∗ ; { ! 1 } ; proc ; ( {¬ ! 1 } ; proc ) ∗ ) ∗ C- - - - - and where ! 1 abbreviates � ← a ∈ C !(1 , 2 , a ) ! event occurs - no ← = , Joost-Pieter Katoen Theoretical Foundations of the UML 28/41

Let it j sing ;pw Cfp > Pj ) ) ( tf ; msg → ; spree " " i that j reach can expresses process process ( using intermediate two by exactly messages processes ) Pi ⇐ Pj • Ii . -4.1-1 t → I Epi .