1 / 49

Configurable Modelling Notations and Tools

Configurable Modelling Notations and Tools. Jo Atlee Nancy Day (Waterloo) Jianwei Niu (UT San Antonio) David R. Cheriton School of Computer Science University of Waterloo. Outline of Talk. Semantically configurable modelling notations and tools Dimensions of configurability

amish
Télécharger la présentation

Configurable Modelling Notations and Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Configurable Modelling Notations and Tools Jo Atlee Nancy Day (Waterloo) Jianwei Niu (UT San Antonio) David R. Cheriton School of Computer Science University of Waterloo

  2. Outline of Talk • Semantically configurable modelling notations and tools • Dimensions of configurability • Experiences building associated modelling tools • Study of families of modelling notations http://watform.uwaterloo.ca/metro

  3. Problem Modelling Problems Modelling Notations gap

  4. Problem Modelling Problems Modelling Notations wider gap Tool supported notations

  5. Problem Tools input to [Cleaveland & Sims, Dillon & Stirewalt, Pezzè & Young, Day & Joyce] • Hard to write • Incomplete (no data variables) Idea: Model-Specific Semantics Model modelled as Semantics of Model Let the human modeller provide the semantics for his/her model.

  6. Problem Configurable Modelling Notations We use template-semantics definitions to define families of modelling notations. The human modeller provides template-semantics parameters to specify the semantics of his/her model. Model modelled as Predefined Template Definitions Template Parameters http://watform.uwaterloo.ca/metro

  7. Which occurred events can trigger transitions? Can the non-occurrence of an event trigger a transition? Are input events treated differently from internally generated events? Can there be multiple sources of input events (e.g., distinct input queues)? Can the same event occurrence trigger more than one transition? Does an event’s occurrence persist after it triggers a transition? Does an event’s occurrence persist if it triggers no transitions? Semantic Variation Points ev [cond] ^ev2 \ x:=exp ev2

  8. Are conditions evaluated with respect to updated variable values, or with respect to the most recent stable values? Or both? Can conditions refer to states and events (or other elements) in addition to variables? Do variables have limited scopes? Semantic Variation Points ev [cond] ^ev2 \ x:=exp ev2

  9. How are generated events accumulated (e.g., sets, multi-sets, queues)?? How is a generated event added to the collection of occurred events? Do generated events have limited scopes? Are generated events broadcast or can they have targets? Semantic Variation Points ev [cond] ^ev2 \ x:=exp ev2

  10. Are expressions evaluated with respect to updated variable values, or with respect to the most recent stable values? Or both? In what order are multiple assignments evaluated and executed (e.g., sequentially, multi-assignment)? Can a transition make multiple assignments to the same variable? Can concurrent components share variables? How are concurrent assignments to the same variable resolved? Semantic Variation Points ev [cond] ^ev2 \ x:=exp ev2

  11. Semantic Variation Points Can multiple transitions execute between consecutive inputs? When does the modelled system sense new inputs from the environment? How are new inputs combined with previous inputs? Are inputs broadcast or can they have targets? Are transitions prioritized? Are there implicit transitions (e.g., NOP)? Do they have less priority than diligent transitions? ev [cond] ^ev2 \ x:=exp ev2

  12. Template Parameters how snapshot changes when transition executes how snapshot is reset at start of macro-step RESET(I) NEXT() how transitions are enabled

  13. Configurable Modelling Tools We use template semantics to • Structure product lines of tools for a notation family • Instantiate a tool for a particular model Template Definitions Template Parameters Product Line of Modelling Tool input to Model Tool input to http://watform.uwaterloo.ca/metro

  14. Problem MagicDraw Express Metro PlugIn Template Definitions Semantically Configurable Model Checking Template Parameters (menu selection) with semantics modelled as input to XML->HOL SMV XML HOL SMV http://watform.uwaterloo.ca/metro

  15. bridge single lane bridge noDir [!blueInQ] bridge redRightOfWay redRendez noDir [blueInQ] ^blueDir noDir [redInQ] ^redDir rendez empty blueRendez cars blueRightOfWay noDir [!redInQ] redCars parallel blueCars Syntax

  16. Template Parameter Menu

  17. SMV Output MODULE states VAR bridgeHts_state : {blueRightOfWay,empty,redRightOfWay,noState}; redCarsHts_state : {NoneOnBridgeR,OneOnBridgeR,TwoOnBridgeR,noState}; blueCarsHts_state : {NoneOnBridgeB,OneOnBridgeB,TwoOnBridgeB,noState}; --define macros for all states DEFINE in_system := in_bridge | in_cars; in_bridge := in_blueRightOfWay | in_empty | in_redRightOfWay; in_blueRightOfWay := bridgeHts_state=blueRightOfWay; in_empty := bridgeHts_state=empty; in_redRightOfWay := bridgeHts_state=redRightOfWay; in_cars := in_redCars | in_blueCars; in_redCars := in_NoneOnBridgeR | in_OneOnBridgeR | in_TwoOnBridgeR; in_NoneOnBridgeR := redCarsHts_state=NoneOnBridgeR; in_OneOnBridgeR := redCarsHts_state=OneOnBridgeR; in_TwoOnBridgeR := redCarsHts_state=TwoOnBridgeR; in_blueCars := in_NoneOnBridgeB | in_OneOnBridgeB | in_TwoOnBridgeB; in_NoneOnBridgeB := blueCarsHts_state=NoneOnBridgeB; in_OneOnBridgeB := blueCarsHts_state=OneOnBridgeB; in_TwoOnBridgeB := blueCarsHts_state=TwoOnBridgeB; MODULE envEvents VAR redCar : boolean; blueCar : boolean;

  18. Architecture of SMV Model Input Model SMV Modules snapshot reset apply Op1 CS reset_CS next_CS Op2 HTS3 IE reset_IE next_IE HTS1 HTS2 Ia reset_Ia next_Ia Key enabled execute snapshot inputs HTS1 Op1 Op1Type Template def HTS2 Op2 Op2Type Template parm HTS3 HTS1 Component HTS2 Composition Op HTS3

  19. SMV troff SMV HOL Feasibility Study: A-7E U.S. Naval Aircraft SCR Specification • 41 modes in 3 modeclasses navigation, navigation update, weapon delivery • 69 conditions predicates on variables, terms, and modes Model GenSMV SMV [Sreemani & Atlee, 1996] troff Troff -> GenSMV -> HOL Express SMV [Eunsuk Kang, 2006] Template Parameters

  20. Feasibility Study: A-7E U.S. Naval Aircraft

  21. Semantically Configurable Code Generator Template Definitions Template Parameters (menu selection) Code-Generator Generator (CGG) input to Java Model Code Generator input to output

  22. Op1 Op2 HTS3 HTS1 HTS2 Architecture of Generated Code Global snapshot elements Inputs Java Object Diagram Input Model System AV OpType Operator semantics AVa OpType HTS3 HTS constructs HTS1 HTS2 CS3 IE3 CS1 CS2 O3 IE1 IE2 Local snapshot elements Ia3 O1 O2 Ia1 Ia2

  23. Enabledness information flows up through the composition hierarchy Step Semantics Global snapshot elements Inputs System AV OpType Operator semantics AVa OpType HTS3 HTS constructs HTS1 HTS2 CS3 IE3 CS1 CS2 O3 IE1 IE2 Local snapshot elements Ia3 O1 O2 Ia1 Ia2

  24. Global snapshot elements Inputs Execution constraints flow down through the composition hierarchy System AV OpType Operator semantics AVa OpType HTS3 HTS constructs HTS1 HTS2 CS3 IE3 CS1 CS2 O3 IE1 IE2 Local snapshot elements Ia3 O1 O2 Ia1 Ia2 Step Semantics

  25. Global snapshot elements Inputs System AV OpType Operator semantics AVa OpType Execution is actualized by the snapshot elements’ next_X and reset_X methods. HTS3 HTS constructs HTS1 HTS2 CS3 IE3 CS1 CS2 O3 IE1 IE2 Local snapshot elements Ia3 O1 O2 Ia1 Ia2 Step Semantics Execution constraints flow down through the composition hierarchy

  26. Efficiency Compared CGG-created code generators to four commercial notation-specific code generators • Rational Rose RT • Rhapsody Interleaving semantics, parallel semantics • SmartState • BetterState

  27. Efficiency: Rose RT

  28. Efficiency: Rhapsody

  29. Efficiency: SmartState and BetterState

  30. Outline of Talk • Define and motivate the concept of configurable modelling notations and tools • Report on our experiences with semantically configurable modelling tools • Report on our use of template semantics to study and document families of modelling notations http://watform.uwaterloo.ca/metro

  31. Comparing Notation Variants statecharts STATEMATE RSML RESET NEXT NEXT RESET RESET NEXT Variables Events States Agreement among All 3 notations Agreement among 2 notations No Agreement Unused

  32. Example(Harel’s original statecharts) how snapshot is reset at start of macro-step how snapshot changes when transition  executes NEXT() RESET(I) • where • IE- current internal events • Ia - current external events • O -output events • trig() - ’s triggering events • gen() - events generated by 

  33. Example(Harel’s original statecharts) how snapshot is reset at start of macro-step how snapshot changes when transition  executes NEXT() RESET(I) • where • IE- current internal events • Ia - current external events • O -output events • trig() - ’s triggering events • gen() - events generated by 

  34. Example(Harel’s original statecharts) how snapshot is reset at start of macro-step how snapshot changes when transition  executes NEXT() RESET(I) • where • IE- current internal events • Ia - current external events • O -output events • trig() - ’s triggering events • gen() - events generated by 

  35. Variant Event Semantics statecharts RSML STATEMATE RESET NEXT RESET NEXT RESET NEXT • where • IE - current internal events • Ia - current external events • gen() - events generated by transition  • trig() - ’s triggering events • intern_ev(E) - internal events in E

  36. Variant Event Semantics statecharts RSML STATEMATE RESET NEXT RESET NEXT RESET NEXT • where • IE - current internal events • Ia - current external events • gen() - events generated by transition  • trig() - ’s triggering events • intern_ev(E) - internal events in E

  37. Variant Event Semantics statecharts RSML STATEMATE RESET NEXT RESET NEXT RESET NEXT • where • IE - current internal events • Ia - current external events • gen() - events generated by transition  • trig() - ’s triggering events • intern_ev(E) - internal events in E

  38. Compliance with UML Standard OMG UML Rhapsody Bridgepoint Rose RT RESET NEXT RESET NEXT NEXT NEXT RESET RESET Variables Events States Under-specified Agreement with OMG Refinement of OMG Deviation from OMG Unused

  39. Example(enabling states) OMG UML, RoseRT Rhapsody Bridgepoint • where • CS- current states • dest() - ’s destination state • pseudo(s) - tests if state s is a pseudostate (e.g., choice, junction, default) • active(s) - (ancestor/descendant) states that are current when state s is current • src()- ’s source state

  40. Compliance with UML Standard OMG UML Rhapsody Bridgepoint Rose RT RESET NEXT RESET NEXT NEXT NEXT RESET RESET Variables Events States Under-specified Agreement with OMG Refinement of OMG Deviation from OMG Unused

  41. Example(current variable values) OMG UML RoseRT, Rhapsody, Bridgepoint • where • AV- current variable values • asn() - ’s variable assignments • ? - underspecified overriding operation • seq_eval(X,A) - sequentially evaluates assignments A, using variable values X • assign(X,Y) - updates assignments X with assignments Y

  42. Compliance with UML Standard OMG UML Rhapsody Bridgepoint Rose RT RESET NEXT RESET NEXT NEXT NEXT RESET RESET Variables Events States Under-specified Agreement with OMG Refinement of OMG Deviation from OMG Unused

  43. Compliance with UML Standard OMG UML Rhapsody Bridgepoint Rose RT RESET NEXT RESET NEXT NEXT NEXT RESET RESET Input Pools Under-specified Agreement with OMG Refinement of OMG Deviation from OMG Unused

  44. Summary We apply template semantics technology to • Enable configurable modelling notations and tools • Compare members of a modelling notation family Challenges • Defining criteria for reasonable semantics • Combinations of semantic parameter values • Combinations of composition operator and parameter values • Combinations of composition operators • Optimizing semantically configurable modelling tools

  45. http://watform.uwaterloo.ca/metro

  46. ReferencesTemplate Semantics • Jianwei Niu, Joanne M. Atlee, and Nancy A. Day, ``Template Semantics for Model-Based Notations'', IEEE Transactions on Software Engineering, Vol. 29, No. 10 (October 2003), pp. 866-882. • Jianwei Niu, Joanne M. Atlee, and Nancy A. Day, ``Comparing and Understanding Model-Based Specification Notations'', IEEE International Requirements Engineering Conference (RE), September 2003, pp. 188-199. • G. D. Plotkin, “A Structural Approach to Operational Semantics”, Technical Report No. DAIMI FN - 19. Aarhus University, Computer Science Department,1981, Reprinted 1991. • Pamela Zave and Michael Jackson, “Conjunction as Composition”, in ACM Transactions on Software Engineering and Methodology, Vol. 2, No. 4, 1993, pp. 379-411. • David Harel and Amnon Naamad, “The Statemate Semantics of Statecharts”, in ACM Transactions on Software Engineering and Methodology, Vol. 5, No. 4, 1996, pp. 293-333. • David Harel et al., “On the Formal Semantics of Statecharts”, in Proceedings Symposium on Logic in Computer Science, 1987, pp. 54-64. • N. G. Leveson et al., “Requirements Specification for Process-Control Systems”, IEEE Transactions on Software Engineering, Vol. 20, No. 9, 1994, pp. 684-707.

  47. ReferencesSemantically Configurable Analysis • Yun Lu, Joanne Atlee, Nancy Day, and Jianwei Niu, ``Mapping Template Semantics to SMV'', in IEEE International Conference on Automated Software Engineering (ASE), (short paper), September 2004. • Eunsuk Kang, “Verifying the A-7E Software Requirements using Template Semantics”, report for CS745, University of Waterloo, Fall 2005. • George Avrunin, James Corbett and Laura Dillon,”Analyzing Partially-Implemented Real-Time Systems, in IEEE/ACM International Conference on Software Engineering, 1997, pp. 228-238. • Sadek Bensalem , et al., “An Overview of SAL”, in Langley Formal Methods Workshop, Center for Aerospace Information, NASA, 2000, pp. 187-196. • M. Bozga, et al.. “IF: An Intermediate Representation for SDL and Its Applications, SDL-Forum'99, Elsevier Science, 1999, pp. 423-440. • Tevfik Bultan, “Action Language: A Specification Language for Model Checking Reactive Systems”, in IEEE/ACM International Conference on Software Engineering, 2000, pp. 335-344. • William Chan, et al., “Model Checking Large Software Specifications, IEEE Transactions on Software Engineering, Vol. 24, No. 7, 1998, pp. 498-519.

  48. ReferencesSemantically Configurable Analysis • R. Cleaveland and S. Sims, “Generic tools for verifying concurrent systems”, Science of Computer Programming, Vol. 41, No. 1, 2002, pp. 39-47. • Nancy A. Day and Jeffrey J. Joyce, “Symbolic Functional Evaluation”, in Theorem Proving in Higher Order Logic, LNCS 1690, 1999, pp. 341-358. • Laura K. Dillon and Kurt Stirewalt, “Lightweight Analysis of Operational Specifications Using Inference Graphs”, in IEEE/ACM International Conference on Software Engineering, 2001, pp. 57-67. • Mauro Pezzè and Michal Young, “Creating of Multi-Formalism State-Space Analysis Tools”, in International Symposium on Software Testing and Analysis, 1996, pp. 172-179. • Mauro Pezzè and Michal Young, “Constructing Multi-Formalism State-Space Analysis Tools, in IEEE/ACM International Conference on Software Engineering, 1997, pp. 239-249.

  49. ReferencesSemantically Configurable Code Generation • Adam Prout, “Parameterized Code Generation from Template Semantics”, M.Math Thesis, University of Waterloo, Dec. 2005. • IBM, “Rational Rose Realtime”, 2005, http://www-130.ibm.com/developerworks/rational • I-Logix, “Rhapsody”, 2005, http://www.ilogix.com/rhapsody/rhapsody.cfm • WindRiver, “BetterState”, 2005, http://www.windriver.com/portal/server.pt • ApeSoft, “SmartState”, 2005, http://www.smartstatestudio.com • Object-Management-Group, “The Model-Driven Architecture resources page, 2005, http://www.omg.org/mda • Krzysztof Czarnecki and Ulrich W. Eisenecker, Generative programming: methods, tools, and applications, ACM Press/Addison-Wesley Publishing Co., New York, NY, 2000.

More Related