FMCO 2005 / UpSTAIRS with Sequence Diagrams Ragnhild Kobro Runde UpSTAIRS with Sequence Diagrams Øystein Haugen, Ragnhild Kobro Runde, Ketil Stølen University

FMCO 2005 / UpSTAIRS with Sequence Diagrams Ragnhild Kobro Runde

UpSTAIRS with Sequence Diagrams

Øystein Haugen,Ragnhild Kobro Runde, Ketil Stølen

University of Oslo and SINTEF ICT, Norway

FMCO 2005 / UpSTAIRS with Sequence Diagrams / Slide 2 Ragnhild Kobro Runde

S T A IRS

SS TT AA IIRRSS

Overview

• Interactions and trace semantics• Interactions as example runs• Underspecification and nondeterminism• Refinement• Data and guards


S T A IRS

SS TT AA IIRRSS

sd S

A B

x

y

Background: UML interactions

• Partial ordering of events:- The send event is ordered before the corresponding receive event.

- Events on the same lifeline are ordered from the top and downwards.

• S specifies the two traces:- < !x, ?x, !y, ?y >

- < !x, !y, ?x, ?y >

Lifeline (instance)

Send-event (!x)

Receive-event (?x)

Message


S T A IRS

SS TT AA IIRRSS

Alternatives

sd S

A B

x

yalt

z

• S specifies the four traces:- < !x, ?x, !y, ?y >- < !x, !y, ?x, ?y >- < !x, ?x, !z, ?z >- < !x, !z, ?x, ?z >

First alternative

Second alternative


S T A IRS

SS TT AA IIRRSS

Example: Network communication

• Interactions = example runs!- Specifies a set of positive and/or negative behaviours.

Positive

Negative

Inconclusive

sd Comm

A:sender S:network B:receiver

m m


S T A IRS

SS TT AA IIRRSS

Negative behaviour

sd Comm


m m

mneg

• Formally:(p1,n1) (p2,n2) =(p1 p2, (p1 n2)U(n1 p2)U(n1 n2) )

• Note:- Inconclusive + positive/negative = inconclusive- Positive + negative = negative

Positive:<!mAS,?mAS,!mSB,?mSB>

Negative:<!mAS,?mAS ,!mSB,?mSB,!mSB,?mSB><!mAS,?mAS ,!mSB,!mSB,?mSB,?mSB>

~>~>~>~> ~>~> ~>~>~>~>


S T A IRS

SS TT AA IIRRSS

Overview



S T A IRS

SS TT AA IIRRSS

Underspecification and non-determinism

• Underspecification: Several alternative behaviours are considered equivalent (serve the same purpose).

• Inherent non-determinism: Alternative behaviours that must all be possible for the implementation.

• These two should be described differently!


S T A IRS

SS TT AA IIRRSS

STAIRS

Positive

Negative

InconclusivePositive

Negative

Inconclusive

Positive

Negative

Inconclusive

Positive

Negative

Inconclusive

Positive

Negative

Inconclusive

Positive

Negative

Inconclusive

xalt


S T A IRS

SS TT AA IIRRSS

alt vs xalt

• Assume[[ d1 ]] = (p1,n1)[[ d2 ]] = (p2,n2)

• alt specifies potential behaviour:[[ d1 alt d2 ]]= [[ d1 ]] + [[ d2 ]]= (p1 U p2, n1 U n2)

• xalt specifies mandatory behaviour:[[ d1 xalt d2 ]]= [[ d1 ]] U [[ d2 ]]= (p1,n1) U (p2,n2)

P1

N1

I1

P2

N2

I2

P1 U P2

N1 U N2

I


S T A IRS

SS TT AA IIRRSS

Example: Network communication

cs C


cs S

N1:N

N2:N

N4:N

N3:NG:N


S T A IRS

SS TT AA IIRRSS

alt vs xalt

A->G->N1->B

Everything else

A->G->N2->N3->BA->G->N2->N4->B

Everything else

S:networksd S_Comm

N1:N N2:N N3:N

m

m

m

N4:N

m m

G:N

m

m

A:sender B:receiver

m

alt

xalt


S T A IRS

SS TT AA IIRRSS

Overview



S T A IRS

SS TT AA IIRRSS

Refinement in STAIRS

• An interaction obligation o'=(p',n') is a refinement of an interaction obligation o=(p,n) iff

- n n'- p p'Un'

Positive

Negative

InconclusiveSupplementing Narrowing


S T A IRS

SS TT AA IIRRSS

Adding new obligations

sd S_Comm

N1:N N2:N N3:N

m

m

m

N4:N

m m

G:N

m

m

A:sender B:receiver

m

alt

xalt

Mobile:N

opt m mNEW


S T A IRS

SS TT AA IIRRSS

Supplementingsd S_Comm

N1:N N2:N N3:N

m

m

m

N4:N

m m

G:N

m

m

A:sender B:receiver

m

alt

xalt

assert

A->G->N1->B

Everything else

A->G->N2->N3->BA->G->N2->N4->B

Everything else

Everything else Everything else


S T A IRS

SS TT AA IIRRSS

Overview



S T A IRS

SS TT AA IIRRSS

Including data

• Two special events:- write (for assignments)- check (for constraints)

• A state is a total functionσ Var → Val

• For an expression expr, expr(σ) denotes its value in σ.

• Assignment:[[assign(var,expr)]] =( {<write(σ, σ')> | σ'(var) = expr(σ)} , Ø}


S T A IRS

SS TT AA IIRRSS

Constraints

[[constr(c)]] =( {<check(σ)>|c(σ)} , {<check(σ)>|¬c(σ)} )

sd constraint A B

m{ avar = 0 }

{ avar > 0 }


S T A IRS

SS TT AA IIRRSS

Guards

• A special kind of constraint• May be overlapping• Need not be exhaustive

sd guards A B

x

y

alt [ avar = 0 ]

[ avar >= 0 ]


S T A IRS

SS TT AA IIRRSS

Definition of guarded xalt

• Assume:[[ d1 ]] = (p1,n1)[[ d2 ]] = (p2,n2)

• Guarded xalt:[[ g1->d1 xalt g2->d2]] =[[ constr(g1) seq d1 ]] U [[ constr(g2) seq d2 ]]


S T A IRS

SS TT AA IIRRSS

Definition of guarded xalt

• Assume:[[ d1 ]] = (p1,n1)[[ d2 ]] = (p2,n2)

• Guarded xalt:[[ g1->d1 xalt g2->d2]] =( {<check(σ)> p1 | g1(σ)}, {<check(σ)> p1 | ¬g1(σ)} U {<check(σ)> n1 | g1(σ) v ¬g1(σ)} )

U( {<check(σ)> p2 | g2(σ)}, {<check(σ)> p2 | ¬g2(σ)} U {<check(σ)> n2 | g2(σ) v ¬g2(σ)} )~>~>

~>~>~>~>

~>~>

~>~>

~>~>


S T A IRS

SS TT AA IIRRSS

sd S_Comm

N1:N N2:N N3:N

m

m

m

N4:N

m m

G:N

m

m

A:sender B:receiver

m

alt

xalt

assert


S T A IRS

SS TT AA IIRRSS

sd S_Comm

N1:N N2:N N3:N

m

m

N4:NG:N

m

A:sender B:receiver

m[N1 capacity ok]

[N2 capacity ok]

xalt

alt

assert

Narrowing by using guards

A->G->[N1 ok]->N1->B

Everything else

A->G->[N1 not ok]->N1->B

A->G->[N1 not ok]->N1->B

A->G->[N2 ok]->N2->...

Everything else

A->G->[N2 not ok]->N2->...

A->G->[N2 not ok]->N2->...


S T A IRS

SS TT AA IIRRSS

A->G->[N2 not ok]->N2->[N3 ok/not ok]->N3->BA->G->[N2 not ok]->N2->[N4 ok/not ok]->N4->B

Narrowing by using guards

A->G->[N2 ok]->N2->[N3 not ok]->N3->BA->G->[N2 ok]->N2->[N4 not ok]->N4->B

A->G->[N2 ok]->N2->[N3 not ok and N4 not ok]

A->G->[N2 ok]->N2->[N3 ok]->N3->BA->G->[N2 ok]->N2->[N4 ok]->N4->B

Everything else

A->G->[N2 ok]->N2->[N3 not ok]->N3->BA->G->[N2 ok]->N2->[N4 not ok]->N4->B

sd S_Comm

N1:N N2:N N3:N

m

m

N4:N

m m

G:N

m

m

A:sender B:receiver

[N2 capacity ok]xalt

[N3 capacity ok]

[N4 capacity ok]

alt

assert


S T A IRS

SS TT AA IIRRSS

Summary

• Interactions are partial specifications:- Distinguish between positive and inconclusive traces.

• Distinguish between underspecification (alt) and inherent non-determinism (xalt).

• Refinement also of partial interactions.- Supplementing- Narrowing

• Introducing guards should be a valid refinement step.

- Traces with a false guards should be negative.


S T A IRS

SS TT AA IIRRSS

Literature on STAIRS

• Øystein Haugen, Ketil Stølen:STAIRS – Steps to analyze interactions with refinement semantics (UML'2003, LNCS 2863).

- Distinguishes between mandatory and potential behaviour• Øystein Haugen, Knut Eilif Husa, Ragnhild Kobro Runde,

Ketil Stølen:STAIRS towards formal design with sequence diagrams (SOSYM, Online First, 2005).

- Denotational trace semantics for interactions- Formalizes the refinement relations in STAIRS

• Øystein Haugen, Knut Eilif Husa, Ragnhild Kobro Runde, Ketil Stølen: Why timed sequence diagrams require three-event semantics (Dagstuhl post-proc., LNCS 3466). Extended version as research report 309.

- Extends STAIRS with time and three-event semantics


S T A IRS

SS TT AA IIRRSS

Literature on STAIRS

• Ragnhild Kobro Runde, Øystein Haugen, Ketil Stølen:Refining UML interactions with explicit and implicit nondeterminism (Nordic Journal of Computing, to appear).

- Extends STAIRS with data and guards- More on mandatory vs potential behaviour

• Ragnhild Kobro Runde, Øystein Haugen, Ketil Stølen:How to transform UML neg into a useful construct (NIK'2005, to appear).

- Investigates various formal definitions for negation

• Atle Refsdal, Knut Eilif Husa, Ketil Stølen:Specification and refinement of soft real-time requirements using sequence diagrams (FORMATS'05).

- Extends STAIRS with probabilistic alternatives

FMCO 2005 / UpSTAIRS with Sequence Diagrams Ragnhild Kobro Runde

http://heim.ifi.uio.no/~ragnhilk/stairs/

Thank you!

Documents

FMCO 2005 / UpSTAIRS with Sequence Diagrams Ragnhild Kobro Runde UpSTAIRS with Sequence Diagrams Øystein Haugen, Ragnhild Kobro Runde, Ketil Stølen University