Upload
a930006
View
221
Download
0
Embed Size (px)
Citation preview
7/28/2019 Formal Specification of Software Uml State Machines
1/99
Formal Specification of Software
UML State Machines
Bernhard Beckert
UNIVERSITT KOBLENZ-LANDAU
B. Beckert: Formal Formal Specification of Software p.1
7/28/2019 Formal Specification of Software Uml State Machines
2/99
UML State Machines
Important type of UML diagrams
For modelling behaviour
Lifecycle of objects
Behaviour of operations
History
Invented by D. Harel (State Charts)
Made popular by J. Rumbaugh (OMT)
B. Beckert: Formal Formal Specification of Software p.2
7/28/2019 Formal Specification of Software Uml State Machines
3/99
Notions Related to State Machines
State
Transition
Event
Action, Activity
GuardsSending messages
Nesting
Concurrency
History states
B. Beckert: Formal Formal Specification of Software p.3
7/28/2019 Formal Specification of Software Uml State Machines
4/99
Example: Chess
A chess game consists
of alternate moves of
Black and White. Whitemoves first.
B. Beckert: Formal Formal Specification of Software p.4
7/28/2019 Formal Specification of Software Uml State Machines
5/99
Example: Chess
A chess game consists
of alternate moves of
Black and White. White
moves first.Behaviour of ChessGame
Whites Move
Blacks Move
State
StateMachine
Initial State
Transition
Event
bm(p:Piece)
B. Beckert: Formal Formal Specification of Software p.4
7/28/2019 Formal Specification of Software Uml State Machines
6/99
Example: Chess
A chess game consists
of alternate moves of
Black and White. White
moves first.
The game can end both
when it is Whites and
when it is Blacks turn.
Behaviour of ChessGame
Whites Move
Blacks Move
State
StateMachine
Initial State
Transition
Event
bm(p:Piece)
B. Beckert: Formal Formal Specification of Software p.4
7/28/2019 Formal Specification of Software Uml State Machines
7/99
Example: Chess
A chess game consists
of alternate moves of
Black and White. White
moves first.
The game can end both
when it is Whites and
when it is Blacks turn.
Behaviour of ChessGame
Whites Move
Blacks Move
Final Statebm(p:Piece)
B. Beckert: Formal Formal Specification of Software p.4
7/28/2019 Formal Specification of Software Uml State Machines
8/99
Example: Chess
A chess game consists
of alternate moves of
Black and White. White
moves first.
The game can end both
when it is Whites and
when it is Blacks turn.
The moving player can
end the game: winning
(checkmate),
Behaviour of ChessGame
Whites Move
Blacks Move
Final Statebm(p:Piece)
B. Beckert: Formal Formal Specification of Software p.4
7/28/2019 Formal Specification of Software Uml State Machines
9/99
Example: Chess
A chess game consists
of alternate moves of
Black and White. White
moves first.
The game can end both
when it is Whites and
when it is Blacks turn.
The moving player can
end the game: winning
(checkmate),
Behaviour of ChessGame
Whites Move
Blacks Move
White Win
Black Win
bm(p:Piece)
B. Beckert: Formal Formal Specification of Software p.4
7/28/2019 Formal Specification of Software Uml State Machines
10/99
Example: Chess
A chess game consists
of alternate moves of
Black and White. White
moves first.
The game can end both
when it is Whites and
when it is Blacks turn.
The moving player can
end the game: winning
(checkmate),
loosing (resign),
Behaviour of ChessGame
Whites Move
Blacks Move
White Win
Black Win
bm(p:Piece)
B. Beckert: Formal Formal Specification of Software p.4
7/28/2019 Formal Specification of Software Uml State Machines
11/99
Example: Chess
A chess game consists
of alternate moves of
Black and White. White
moves first.
The game can end both
when it is Whites and
when it is Blacks turn.
The moving player can
end the game: winning
(checkmate),
loosing (resign),
Behaviour of ChessGame
Whites Move
Blacks Move
White Win
Black Win
bm(p:Piece)
B. Beckert: Formal Formal Specification of Software p.4
7/28/2019 Formal Specification of Software Uml State Machines
12/99
Example: Chess
A chess game consists
of alternate moves of
Black and White. White
moves first.
The game can end both
when it is Whites and
when it is Blacks turn.
The moving player can
end the game: winning
(checkmate),
loosing (resign),or with a draw.
Behaviour of ChessGame
Whites Move
Blacks Move
White Win
Black Win
bm(p:Piece)
B. Beckert: Formal Formal Specification of Software p.4
7/28/2019 Formal Specification of Software Uml State Machines
13/99
Example: Chess
A chess game consists
of alternate moves of
Black and White. White
moves first.
The game can end both
when it is Whites and
when it is Blacks turn.
The moving player can
end the game: winning
(checkmate),
loosing (resign),or with a draw.
Behaviour of ChessGame
Whites Move
Blacks Move
White Win
Black Win
Drawbm(p:Piece)
B. Beckert: Formal Formal Specification of Software p.4
7/28/2019 Formal Specification of Software Uml State Machines
14/99
State Machines
State Machine
Labelled, finite graph (cycles possible)
B. Beckert: Formal Formal Specification of Software p.5
7/28/2019 Formal Specification of Software Uml State Machines
15/99
State Machines
State Machine
Labelled, finite graph (cycles possible)
States
Nodes of the graph
Labelled with: name, do-, entry-, exit-action, . . .
Initial and final states have special shapes
B. Beckert: Formal Formal Specification of Software p.5
7/28/2019 Formal Specification of Software Uml State Machines
16/99
State Machines
State Machine
Labelled, finite graph (cycles possible)
States
Nodes of the graph
Labelled with: name, do-, entry-, exit-action, . . .
Initial and final states have special shapes
Transitions
Edges of the graph
Labelled with: event, guard, action, . . .
B. Beckert: Formal Formal Specification of Software p.5
7/28/2019 Formal Specification of Software Uml State Machines
17/99
When to Use State Machines
Use State Machines . . .
at an early stage of software development
when behaviour of an object (lifecycle) or operation
is not well understood yet
B. Beckert: Formal Formal Specification of Software p.6
7/28/2019 Formal Specification of Software Uml State Machines
18/99
When to Use State Machines
Use State Machines . . .
at an early stage of software development
when behaviour of an object (lifecycle) or operation
is not well understood yet
Do NOT use State Machines . . .
when several objects are involved
(interaction diagrams are better)
B. Beckert: Formal Formal Specification of Software p.6
7/28/2019 Formal Specification of Software Uml State Machines
19/99
State
Abstract view
the same response to the same stimuli
the same active behaviour
B. Beckert: Formal Formal Specification of Software p.7
7/28/2019 Formal Specification of Software Uml State Machines
20/99
State
Abstract view
the same response to the same stimuli
the same active behaviour
Implementation view
certain attributes have certain values
B. Beckert: Formal Formal Specification of Software p.7
7/28/2019 Formal Specification of Software Uml State Machines
21/99
Event
Properties
observable in the environment of the current object
takes place at certain point in time (has no duration)
has possibly parameters
B. Beckert: Formal Formal Specification of Software p.8
7/28/2019 Formal Specification of Software Uml State Machines
22/99
Event
Properties
observable in the environment of the current object
takes place at certain point in time (has no duration)
has possibly parameters
Role in diagram
triggers a transition
is consumed when transition is executed
can be saved under certain circumstances
B. Beckert: Formal Formal Specification of Software p.8
7/28/2019 Formal Specification of Software Uml State Machines
23/99
Types of Events
Signal event
An object that is dispatched (thrown) and received (caught)
Call event
Represents the dispatch of an operation
Time event
Represents the passage of a certain amount of time
Change event
Represents the fact that a Boolean expression is changed to true
The expression is checked continuously (polling)
B. Beckert: Formal Formal Specification of Software p.9
7/28/2019 Formal Specification of Software Uml State Machines
24/99
Transition
Properties
decribes change from one state to another state
without duration when executed
B. Beckert: Formal Formal Specification of Software p.10
7/28/2019 Formal Specification of Software Uml State Machines
25/99
Transition
Properties
decribes change from one state to another state
without duration when executed
Role in diagram
triggering controlled by events, guards, state exit conditions
execution can cause actions
B. Beckert: Formal Formal Specification of Software p.10
7/28/2019 Formal Specification of Software Uml State Machines
26/99
Example: ATM
The customer must pass
authentication before
withdrawing money.
B. Beckert: Formal Formal Specification of Software p.11
E l ATM
7/28/2019 Formal Specification of Software Uml State Machines
27/99
Example: ATM
The customer must pass
authentication before
withdrawing money.
Customer at ATM
Authentication WithdrawMoney
B. Beckert: Formal Formal Specification of Software p.11
E l ATM
7/28/2019 Formal Specification of Software Uml State Machines
28/99
Example: ATM
The customer must pass
authentication before
withdrawing money.
Authentication is done by
checking a PIN.
Customer at ATM
Authentication WithdrawMoney
B. Beckert: Formal Formal Specification of Software p.11
E l ATM
7/28/2019 Formal Specification of Software Uml State Machines
29/99
Example: ATM
The customer must pass
authentication before
withdrawing money.
Authentication is done by
checking a PIN.
Customer at ATM
Authentication WithdrawMoneyCheckPIN
B. Beckert: Formal Formal Specification of Software p.11
Example ATM
7/28/2019 Formal Specification of Software Uml State Machines
30/99
Example: ATM
The customer must pass
authentication before
withdrawing money.
Authentication is done by
checking a PIN.
The PIN can be correct or
not.
Customer at ATM
Authentication WithdrawMoneyCheckPIN
B. Beckert: Formal Formal Specification of Software p.11
Example: ATM
7/28/2019 Formal Specification of Software Uml State Machines
31/99
Example: ATM
The customer must pass
authentication before
withdrawing money.
Authentication is done by
checking a PIN.
The PIN can be correct or
not.
Customer at ATM
Authentication WithdrawMoney
Guard
CheckPIN[correct]
CheckPIN
[incorrect]
B. Beckert: Formal Formal Specification of Software p.11
Example: ATM
7/28/2019 Formal Specification of Software Uml State Machines
32/99
Example: ATM
The customer must pass
authentication before
withdrawing money.
Authentication is done by
checking a PIN.
The PIN can be correct or
not.
Unseccessful attempts are
counted,
Customer at ATM
Authentication WithdrawMoney
Guard
CheckPIN[correct]
CheckPIN
[incorrect]
B. Beckert: Formal Formal Specification of Software p.11
Example: ATM
7/28/2019 Formal Specification of Software Uml State Machines
33/99
Example: ATM
The customer must pass
authentication before
withdrawing money.
Authentication is done by
checking a PIN.
The PIN can be correct or
not.
Unseccessful attempts are
counted,
Customer at ATM
Authentication WithdrawMoney
Action
CheckPIN[correct]
CheckPIN[incorrect]/increaseErrCounter
B. Beckert: Formal Formal Specification of Software p.11
Example: ATM
7/28/2019 Formal Specification of Software Uml State Machines
34/99
Example: ATM
The customer must pass
authentication before
withdrawing money.
Authentication is done by
checking a PIN.
The PIN can be correct or
not.
Unseccessful attempts are
counted,
If the counter exceeds a
limit, the customer is
rejected.
Customer at ATM
Authentication WithdrawMoney
Action
CheckPIN[correct]
CheckPIN[incorrect]/increaseErrCounter
B. Beckert: Formal Formal Specification of Software p.11
Example: ATM
7/28/2019 Formal Specification of Software Uml State Machines
35/99
Example: ATM
The customer must pass
authentication before
withdrawing money.
Authentication is done by
checking a PIN.
The PIN can be correct or
not.
Unseccessful attempts are
counted,
If the counter exceeds a
limit, the customer is
rejected.
Customer at ATM
Authentication WithdrawMoney
Rejected
SendEvent
CheckPIN[correct]
CheckPIN[incorrect and ErrCnt=Limit]Authentication Failed
B. Beckert: Formal Formal Specification of Software p.11
Internal Transitions
7/28/2019 Formal Specification of Software Uml State Machines
36/99
Internal Transitions
Notation
Written as
Event[Guard]/Action
within the state box
Example
Authentication
reset/clearScreen
Difference to self transition
Entry and exit actions are not dispatched
B. Beckert: Formal Formal Specification of Software p.12
Entry and Exit Actions
7/28/2019 Formal Specification of Software Uml State Machines
37/99
Entry and Exit Actions
Notation
Written as
entry/Action resp.exit/Action
within the state box
Semantics
Dispatched on entering resp. exiting the state
B. Beckert: Formal Formal Specification of Software p.13
Activities
7/28/2019 Formal Specification of Software Uml State Machines
38/99
Activities
Notation
Written as
do/Action
within the state box
Semantics
have duration
can be finished by event for outgoing transitions
B. Beckert: Formal Formal Specification of Software p.14
Example: ATM (Alternative Formalisation)
7/28/2019 Formal Specification of Software Uml State Machines
39/99
Example: ATM (Alternative Formalisation)
Customer at ATM
Authentication
do/CheckPINentry/maskScreenexit/unmaskScreen
WithdrawMoney
Rejected
Closed
when(correct)
when(incorrect and ErrCnt=Max)Authorization Failed
deposit(amount)/changeAccount
withdraw(amount)[amount
7/28/2019 Formal Specification of Software Uml State Machines
40/99
Exercise
A student must complete the basic level before entering
the advanced level.
After both levels, the student has to pass five examinations.An examination can be retaken at most twice.
After the third failed attempt the students registration is cancelled.
B. Beckert: Formal Formal Specification of Software p.16
Exercise: Student
7/28/2019 Formal Specification of Software Uml State Machines
41/99
A student must complete
the basic level before
entering the advanced level.
B. Beckert: Formal Formal Specification of Software p.17
Exercise: Student
7/28/2019 Formal Specification of Software Uml State Machines
42/99
A student must complete
the basic level before
entering the advanced level.
Student
Basic Level
Advanced Level
B. Beckert: Formal Formal Specification of Software p.17
Exercise: Student
7/28/2019 Formal Specification of Software Uml State Machines
43/99
A student must complete
the basic level before
entering the advanced level.
After both levels, the
student has to pass five
examinations.
Student
Basic Level
Advanced Level
B. Beckert: Formal Formal Specification of Software p.17
Exercise: Student
7/28/2019 Formal Specification of Software Uml State Machines
44/99
A student must complete
the basic level before
entering the advanced level.
After both levels, the
student has to pass five
examinations.
Student
Basic Level
Advanced Level
when(FExaCnt>=5)
passMExa/inc(MExaCnt)
passFExa/inc(FExaCnt)
when(MExaCnt>=5)
B. Beckert: Formal Formal Specification of Software p.17
Exercise: Student
7/28/2019 Formal Specification of Software Uml State Machines
45/99
A student must complete
the basic level before
entering the advanced level.
After both levels, the
student has to pass five
examinations.An examination can be
retaken at most twice. After
the third failed attempt the
students registration is
cancelled.
Student
Basic Level
Advanced Level
when(FExaCnt>=5)
passMExa/inc(MExaCnt)
passFExa/inc(FExaCnt)
when(MExaCnt>=5)
B. Beckert: Formal Formal Specification of Software p.17
Exercise: Student
7/28/2019 Formal Specification of Software Uml State Machines
46/99
A student must complete
the basic level before
entering the advanced level.
After both levels, the
student has to pass five
examinations.An examination can be
retaken at most twice. After
the third failed attempt the
students registration is
cancelled.
Student
Basic Level
Advanced Level
Graduated
Examination
Cancelled
when(FExaCnt>=5)
passMExa/inc(MExaCnt)
when(MExaCnt>=5)
when(FailCnt>=3)
failFExa/inc(FailCnt)
enterFExa
passFExa/inc(FExaCnt)
B. Beckert: Formal Formal Specification of Software p.17
Criticism
7/28/2019 Formal Specification of Software Uml State Machines
47/99
Not really a good model, because . . .
the student leaves the basic level to take an exam
the student can cheat by repeating a passed exam
the student cannot enter parallel exams
the student has to complete each exam once tried
the student cannot pass exams of the advanced level
while in the basic level
B. Beckert: Formal Formal Specification of Software p.18
Advanced Constructs Can Help
7/28/2019 Formal Specification of Software Uml State Machines
48/99
Deferred event
Composite state
Concurrent composite state
Join state, Fork State
Concurrent transition
Junction state
Sync state
B. Beckert: Formal Formal Specification of Software p.19
Events: The Detailed View
7/28/2019 Formal Specification of Software Uml State Machines
49/99
State1
entry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev(Arg)[Guard]/ActTrans(Arg, Arg1)
B. Beckert: Formal Formal Specification of Software p.20
Events: The Detailed View
7/28/2019 Formal Specification of Software Uml State Machines
50/99
State1
entry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev(Arg)[Guard]/ActTrans(Arg, Arg1)
1. Event is generated: Event raised (somewhere) by some action
B. Beckert: Formal Formal Specification of Software p.20
Events: The Detailed View
7/28/2019 Formal Specification of Software Uml State Machines
51/99
State1
entry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev(Arg)[Guard]/ActTrans(Arg, Arg1)
1. Event is generated: Event raised (somewhere) by some action
2. Event is conveyed: Event transported to current object
(transpotation does not change event)
B. Beckert: Formal Formal Specification of Software p.20
Events: The Detailed View
7/28/2019 Formal Specification of Software Uml State Machines
52/99
State1
entry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev(Arg)[Guard]/ActTrans(Arg, Arg1)
1. Event is generated: Event raised (somewhere) by some action
2. Event is conveyed: Event transported to current object
(transpotation does not change event)
3. Event is received: Event placed on event queue of current object
B. Beckert: Formal Formal Specification of Software p.20
Events: The Detailed View
7/28/2019 Formal Specification of Software Uml State Machines
53/99
State1
entry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev(Arg)[Guard]/ActTrans(Arg, Arg1)
1. Event is generated: Event raised (somewhere) by some action
2. Event is conveyed: Event transported to current object
(transpotation does not change event)
3. Event is received: Event placed on event queue of current object
4. Event is dispatched Event de-queued from event queue
(becomes current event)
B. Beckert: Formal Formal Specification of Software p.20
Events: The Detailed View
7/28/2019 Formal Specification of Software Uml State Machines
54/99
State1
entry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev(Arg)[Guard]/ActTrans(Arg, Arg1)
1. Event is generated: Event raised (somewhere) by some action
2. Event is conveyed: Event transported to current object
(transpotation does not change event)
3. Event is received: Event placed on event queue of current object
4. Event is dispatched Event de-queued from event queue
(becomes current event)
5. Event is consumed Event is processed
B. Beckert: Formal Formal Specification of Software p.20
Event Processing: The Detailed View
7/28/2019 Formal Specification of Software Uml State Machines
55/99
State1
entry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev(Arg)[Guard]/ActTrans(Arg, Arg1)
B. Beckert: Formal Formal Specification of Software p.21
Event Processing: The Detailed View
7/28/2019 Formal Specification of Software Uml State Machines
56/99
State1
entry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev(Arg)[Guard]/ActTrans(Arg, Arg1)
1. check Guard if false abort
B. Beckert: Formal Formal Specification of Software p.21
Event Processing: The Detailed View
7/28/2019 Formal Specification of Software Uml State Machines
57/99
State1
entry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev(Arg)[Guard]/ActTrans(Arg, Arg1)
1. check Guard if false abort
2. abort ActDo1
B. Beckert: Formal Formal Specification of Software p.21
Event Processing: The Detailed View
7/28/2019 Formal Specification of Software Uml State Machines
58/99
State1entry/ActEntry1exit/ActExit1do/ActDo1
State2entry/ActEntry2exit/ActExit2do/ActDo2
Ev(Arg)[Guard]/ActTrans(Arg, Arg1)
1. check Guard if false abort
2. abort ActDo1
3. execute ActExit1
B. Beckert: Formal Formal Specification of Software p.21
Event Processing: The Detailed View
7/28/2019 Formal Specification of Software Uml State Machines
59/99
State1entry/ActEntry1exit/ActExit1do/ActDo1
State2entry/ActEntry2exit/ActExit2do/ActDo2
Ev(Arg)[Guard]/ActTrans(Arg, Arg1)
1. check Guard if false abort
2. abort ActDo1
3. execute ActExit1
4. execute ActTrans(Arg,Arg1)
(syncronous processing, i.e. wait until finished)
B. Beckert: Formal Formal Specification of Software p.21
Event Processing: The Detailed View
7/28/2019 Formal Specification of Software Uml State Machines
60/99
State1entry/ActEntry1exit/ActExit1do/ActDo1
State2entry/ActEntry2exit/ActExit2do/ActDo2
Ev(Arg)[Guard]/ActTrans(Arg, Arg1)
1. check Guard if false abort
2. abort ActDo1
3. execute ActExit1
4. execute ActTrans(Arg,Arg1)
(syncronous processing, i.e. wait until finished)
5. execute ActEntry2
B. Beckert: Formal Formal Specification of Software p.21
Event Processing: The Detailed View
7/28/2019 Formal Specification of Software Uml State Machines
61/99
State1entry/ActEntry1exit/ActExit1do/ActDo1
State2entry/ActEntry2exit/ActExit2do/ActDo2
Ev(Arg)[Guard]/ActTrans(Arg, Arg1)
1. check Guard if false abort
2. abort ActDo1
3. execute ActExit1
4. execute ActTrans(Arg,Arg1)
(syncronous processing, i.e. wait until finished)
5. execute ActEntry2
6. execute ActDo2
B. Beckert: Formal Formal Specification of Software p.21
Event Processing: Completion Event
7/28/2019 Formal Specification of Software Uml State Machines
62/99
State1entry/ActEntry1exit/ActExit1do/ActDo1
State2entry/ActEntry2exit/ActExit2do/ActDo2
[Guard]/ActTrans(Arg1)
B. Beckert: Formal Formal Specification of Software p.22
Event Processing: Completion Event
7/28/2019 Formal Specification of Software Uml State Machines
63/99
State1entry/ActEntry1exit/ActExit1do/ActDo1
State2entry/ActEntry2exit/ActExit2do/ActDo2
[Guard]/ActTrans(Arg1)
1. wait until ActDo1 finishes (raises completion event)
B. Beckert: Formal Formal Specification of Software p.22
Event Processing: Completion Event
7/28/2019 Formal Specification of Software Uml State Machines
64/99
State1entry/ActEntry1exit/ActExit1do/ActDo1
State2entry/ActEntry2exit/ActExit2do/ActDo2
[Guard]/ActTrans(Arg1)
1. wait until ActDo1 finishes (raises completion event)
2. check Guard if false abort
3. execute ActExit1
4. execute ActTrans(Arg1)
5. execute ActEntry2
6. execute ActDo2
B. Beckert: Formal Formal Specification of Software p.22
Event Processing: Change Event
7/28/2019 Formal Specification of Software Uml State Machines
65/99
State1entry/ActEntry1exit/ActExit1do/ActDo1
State2entry/ActEntry2exit/ActExit2do/ActDo2
when(Guard)/ActTrans(Arg1)
B. Beckert: Formal Formal Specification of Software p.23
Event Processing: Change Event
7/28/2019 Formal Specification of Software Uml State Machines
66/99
State1entry/ActEntry1exit/ActExit1do/ActDo1
State2entry/ActEntry2exit/ActExit2do/ActDo2
when(Guard)/ActTrans(Arg1)
1. wait until Guard switches from false to true (raises change event)
B. Beckert: Formal Formal Specification of Software p.23
Event Processing: Change Event
7/28/2019 Formal Specification of Software Uml State Machines
67/99
State1entry/ActEntry1exit/ActExit1do/ActDo1
State2entry/ActEntry2exit/ActExit2do/ActDo2
when(Guard)/ActTrans(Arg1)
1. wait until Guard switches from false to true (raises change event)
2. abort ActDo1
3. execute ActExit1
4. execute ActTrans(Arg1)
5. execute ActEntry2
6. execute ActDo2
B. Beckert: Formal Formal Specification of Software p.23
Completion Event vs. Change Event
7/28/2019 Formal Specification of Software Uml State Machines
68/99
Activity
Completion event: after activity has ActDo1 finished
Change event: activity ActDo1 is aborted
B. Beckert: Formal Formal Specification of Software p.24
Completion Event vs. Change Event
7/28/2019 Formal Specification of Software Uml State Machines
69/99
Activity
Completion event: after activity has ActDo1 finished
Change event: activity ActDo1 is aborted
Guard
Completion event: guard checked only once (on completion of activity)
Change event: guard checked continuously
B. Beckert: Formal Formal Specification of Software p.24
Event Processing: Deferred Events
7/28/2019 Formal Specification of Software Uml State Machines
70/99
Special action defer
Ev/defer
Puts event Ev in list of deferred events
Can only be used in a state (not to label a transition)
B. Beckert: Formal Formal Specification of Software p.25
Event Processing: Deferred Events
7/28/2019 Formal Specification of Software Uml State Machines
71/99
Special action defer
Ev/defer
Puts event Ev in list of deferred events
Can only be used in a state (not to label a transition)
Triggering deferred events
A deferred event is activated as soon as a state is entered
where it is not deferred
B. Beckert: Formal Formal Specification of Software p.25
Event Processing: Deferred Events
7/28/2019 Formal Specification of Software Uml State Machines
72/99
Special action defer
Ev/defer
Puts event Ev in list of deferred events
Can only be used in a state (not to label a transition)
Triggering deferred events
A deferred event is activated as soon as a state is entered
where it is not deferred
Lost events
Events that are neither handled nor deferred in the current state are lost
B. Beckert: Formal Formal Specification of Software p.25
Event Processing: Deferred Events Example
7/28/2019 Formal Specification of Software Uml State Machines
73/99
State1Ev1/deferentry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev
Ev1
Scenario
State1 is current state
Ev1 dispatched first, Ev dispatched afterwards
B. Beckert: Formal Formal Specification of Software p.26
Event Processing: Deferred Events Example
7/28/2019 Formal Specification of Software Uml State Machines
74/99
State1Ev1/deferentry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev
Ev1
Scenario
State1 is current state
Ev1 dispatched first, Ev dispatched afterwards
Then . . .
1. event Ev1 is deferred
B. Beckert: Formal Formal Specification of Software p.26
Event Processing: Deferred Events Example
7/28/2019 Formal Specification of Software Uml State Machines
75/99
State1Ev1/deferentry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev
Ev1
Scenario
State1 is current state
Ev1 dispatched first, Ev dispatched afterwards
Then . . .
1. event Ev1 is deferred
2. transition from State1 to State2, consuming event Ev
B. Beckert: Formal Formal Specification of Software p.26
Event Processing: Deferred Events Example
7/28/2019 Formal Specification of Software Uml State Machines
76/99
State1Ev1/deferentry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev
Ev1
Scenario
State1 is current state
Ev1 dispatched first, Ev dispatched afterwards
Then . . .
1. event Ev1 is deferred
2. transition from State1 to State2, consuming event Ev
3. event Ev1 is re-activated
B. Beckert: Formal Formal Specification of Software p.26
Event Processing: Deferred Events Example
7/28/2019 Formal Specification of Software Uml State Machines
77/99
State1Ev1/deferentry/ActEntry1exit/ActExit1do/ActDo1
State2
entry/ActEntry2exit/ActExit2do/ActDo2
Ev
Ev1
Scenario
State1 is current state
Ev1 dispatched first, Ev dispatched afterwards
Then . . .
1. event Ev1 is deferred
2. transition from State1 to State2, consuming event Ev
3. event Ev1 is re-activated
4. transition from State2 to State1, consuming Ev1B. Beckert: Formal Formal Specification of Software p.26
Composite States
7/28/2019 Formal Specification of Software Uml State Machines
78/99
PurposeAllow to model complex behaviour
Idea
Similar sub-states are grouped into a composite state
(nesting hierarchy is a tree)
Composite states can havetransitions, entry/exit actions, do activities, . . .
(transitions can connect states from different nesting levels)
Sub-states inherit from the composite state
Note
State Machines are in fact composite statesB. Beckert: Formal Formal Specification of Software p.27
Composite States: Example
7/28/2019 Formal Specification of Software Uml State Machines
79/99
Off
On
Initial
Process
switchOn
GoswitchOff
Initial, Process are sub-states of On
Initial, Process inherit transition switchOff
B. Beckert: Formal Formal Specification of Software p.28
Composite States: Three Equivalent Models
7/28/2019 Formal Specification of Software Uml State Machines
80/99
Off
On
Initial
Process
switchOn
GoswitchOff
NoteThese models are equivalent if
entry/exit actions and
do activities of On
are ignoredB. Beckert: Formal Formal Specification of Software p.29
Composite States: Three Equivalent Models
7/28/2019 Formal Specification of Software Uml State Machines
81/99
Off
On
Initial
Process
switchOn
GoswitchOff Off
On
Initial
Process
switchOn
switchOff
Go
NoteThese models are equivalent if
entry/exit actions and
do activities of On
are ignoredB. Beckert: Formal Formal Specification of Software p.29
Composite States: Three Equivalent Models
7/28/2019 Formal Specification of Software Uml State Machines
82/99
Off
On
Initial
Process
switchOn
GoswitchOff
Off
Initial
Process
switchOn
switchOff Go
switchOff
Off
On
Initial
Process
switchOn
switchOff
Go
NoteThese models are equivalent if
entry/exit actions and
do activities of On
are ignoredB. Beckert: Formal Formal Specification of Software p.29
Composite States: Active States
7/28/2019 Formal Specification of Software Uml State Machines
83/99
Off
On
Initial
Process
switchOn
GoswitchOff
Active states
Sub-state and composite state can be active simultaneously
Active state now denotes a pathfrom a top-level state to a leaf node in the state hierarchy
B. Beckert: Formal Formal Specification of Software p.30
Composite States: Rules for Entering States
7/28/2019 Formal Specification of Software Uml State Machines
84/99
Off
On
Initial
Process
switchOn
GoswitchOff
Entering a composite state
There must be an initial sub-state
Entering a sub-state
Both the composite state and sub-state are activated
Order of entry actions: top-downB. Beckert: Formal Formal Specification of Software p.31
Composite States: Rules for Exiting States
7/28/2019 Formal Specification of Software Uml State Machines
85/99
Off
On
Initial
Process
switchOn
GoswitchOff
Exiting a composite state
Exit active sub-state as well.
Exiting a sub-state
Order of exit actions: bottom-up
When final state becomes active sub-state, completion event is raisedB. Beckert: Formal Formal Specification of Software p.32
Concurrent Composite States
7/28/2019 Formal Specification of Software Uml State Machines
86/99
Taking Class
Incomplete
Lab1 Lab2
Project
Final Test
Passed
Failed
lab done
project done
pass
lab done
fail
Regions
Concurrent parts of composite state
Are activated synchronously (when composite state is acitivated)
Separated by dashed linesB. Beckert: Formal Formal Specification of Software p.33
Concurrent Composite States
T ki Cl
7/28/2019 Formal Specification of Software Uml State Machines
87/99
Taking Class
Incomplete
Lab1 Lab2
Project
Final Test
Passed
Failed
lab done
project done
pass
lab done
fail
Active state
Also called state configuration
Now consists of ???
B. Beckert: Formal Formal Specification of Software p.34
Concurrent Composite States
T ki Cl
7/28/2019 Formal Specification of Software Uml State Machines
88/99
Taking Class
Incomplete
Lab1 Lab2
Project
Final Test
Passed
Failed
lab done
project done
pass
lab done
fail
Active state
Also called state configuration
Now consists of a sub-tree of the state hierarchy
B. Beckert: Formal Formal Specification of Software p.34
Concurrent Composite States: Rules for Entering
Taking Class
7/28/2019 Formal Specification of Software Uml State Machines
89/99
Taking ClassIncomplete
Lab1 Lab2
Project
Final Test
Passed
Failed
lab done
project done
pass
lab done
fail
Entering a composite state
There must be an initial sub-state in each region
Entering a sub-state
There must be an initial sub-state in all other regionsB. Beckert: Formal Formal Specification of Software p.35
Concurrent Transitions
Taking Class
7/28/2019 Formal Specification of Software Uml State Machines
90/99
Taking Class
Incomplete
Lab1 Lab2
Project
Final Test
Passed
Failed
lab done
project done
pass
lab done
fail
Concurrent transition
Alternative notation for entering concurrent composite state
Uses pseude-states fork and join
B. Beckert: Formal Formal Specification of Software p.36
History States
Taking Class
7/28/2019 Formal Specification of Software Uml State Machines
91/99
Taking ClassIncomplete
Lab1 Lab2
Project
Final Test
H
Passed
Failed
Army
lab done
project done
pass
lab done
fail
was killed
outbreak of war
resume
When re-entering composite state,
establishes the last active configuration
Outgoing transition indicates default active configurationB. Beckert: Formal Formal Specification of Software p.37
History States: Shallow vs. Deep
Taking Class
7/28/2019 Formal Specification of Software Uml State Machines
92/99
Taking ClassIncomplete
Lab1 Lab2
Project
Final Test
H
Passed
Failed
Army
lab done
project done
pass
lab done
fail
was killed
outbreak of war
resume
Shallow (H): Records history only of composite state is belongs to
Deep (H): Records history of sub-states as well
B. Beckert: Formal Formal Specification of Software p.38
Synch States
Taking Class
7/28/2019 Formal Specification of Software Uml State Machines
93/99
Taking ClassIncomplete
Lab1 Lab2
*
Project
Final Test
Passed
Failed
lab done
project done
pass
lab done
fail
Allow to synchronise regions
Used in combination with fork and join
B. Beckert: Formal Formal Specification of Software p.39
Junction Points
State1 State2
7/28/2019 Formal Specification of Software Uml State Machines
94/99
State1 State2
State3 State4 State5
e1[g1]
e2[g2]
[g3]
[g4]
[g5]
Purpose
Simplify notation, allow to factor out transitions
Different from fork/join
B. Beckert: Formal Formal Specification of Software p.40
Junction Points
Example without junction point
7/28/2019 Formal Specification of Software Uml State Machines
95/99
Example without junction point
State1 State2
State3 State4 State5
e1[g1 and g3]
e1[g1 and g4]
e1[g1 and g5]e2[g2 and g3]
e2[g2 and g4]
e2[g2 and g5]
B. Beckert: Formal Formal Specification of Software p.41
Metamodel for State Machine
ModelElement
(from core)
7/28/2019 Formal Specification of Software Uml State Machines
96/99
StateMachineGuard
expression:BooleanExpression
StateVertex Transition
PseudoStatekind:PseudostateKind
SynchState
bound:UnlimitedInteger
StubState
referenceState:Name
State
Action
(from CommonBehavior)
Event
CompositeState
isConcurrent:BooleanSimpleState FinalState
+context 0..1
+behavior *
source
1 +outgoing
*
target
1 +incoming
*
0..1
+top 1
0..1
+transitions*1
+guard0..1
*
+trigger 0..1
0..1
+internalTransition*
0..1
+effect0..10..1
+entry
0..1
0..1
+exit
0..1
0..1
+doActivity
0..1
0..* +deferrableEvent
0..*
0..1
container
+submachine
1
B. Beckert: Formal Formal Specification of Software p.42
PseudoStateKind
initial
7/28/2019 Formal Specification of Software Uml State Machines
97/99
initial
final
deepHistoryshallowHistory
join
fork
junction
B. Beckert: Formal Formal Specification of Software p.43
A Constraint of the Meta Model
Constraint on context of StateMachine
7/28/2019 Formal Specification of Software Uml State Machines
98/99
Constraint on context of StateMachine
A state machine is aggregated within either a classifier or
a behavioural feature (e.g. an operation)
B. Beckert: Formal Formal Specification of Software p.44
A Constraint of the Meta Model
Constraint on context of StateMachine
7/28/2019 Formal Specification of Software Uml State Machines
99/99
Constraint on context of StateMachine
A state machine is aggregated within either a classifier or
a behavioural feature (e.g. an operation)
context StateMachine
invself.context.notEmpty implies
self.context.oclIsKindOf(BehavioralFeature) or
self.context.oclIsKindOf(Classifier))
Note
Nothing said about what happens if self.context.isEmpty
B. Beckert: Formal Formal Specification of Software p.44