Embed Size (px)
Citation preview
Ivan MarsicRutgers University
LECTURE 11: Specifying Systems – State Diag’s & OCL
2
Topics
• UML State Machine Diagrams– State Activities: Entry, Do, and Exit Activities
– Composite States and Nested States
– Concurrency
• UML Object Constraint Language (OCL)– OCL Syntax
– OCL Constraints and Contracts
3
State Machine Diagram:Basic Notation
DelistedListing
plannedTraded
initial-listing
trade bankruptcy, merger,
acquisition, …
States of Stock_i
initial state
indicated by
terminal state
indicated by
event
transition
4
UML Diagrams Differ from FSMs
• Modularization of states• Concurrent behaviors
5
States of Stock_i
trade
tradetrade
trade
trade
trade
trade
trade
Buy SellHold
Traded
Buy SellHold
Listing planned
Delisted
DelistedListing
plannedTraded
initial-listing
trade bankruptcy, merger,
acquisition, …
composite state
6
States of Stock_i
DelistedIPO
plannedTraded
initial-listing
trade
bankruptcy, acquisition, merger, …
Traded
IPO planned
Delistedtrade
tradetrade
trade
trade
trade
trade
trade
Buy SellHold
initial-listing
bankruptcy, acquisition, merger, …
IPO = initial public offering
composite statenestedstate
7
State Activities:Entry, Do, and Exit Activities
matched
archive
cancel,reject
view
trade
Executed Archived
Cancelled
submit
dataentry
InPreparation
Pending
do: check_price+supply [buy] check_price+demand [sell]
States of a Trading Order
“do”state
activity
8
timer-expired /signal-reset,
set numOfAttemps := 0
User leaves without succeeding or blocking
autoLockInterval-expired /
Auto-locking feature not shown!
State Diagram for Controller[ Recall Section 2.7.4: Test Coverage and Code Coverage ]
invalid-key [numOfAttemps maxNumOfAttempts] / signal-failure
invalid-key / signal-failure invalid-key
[numOfAttemps maxNumOfAttempts] / sound-alarm
Blocked
Locked Accepting
valid-key / signal-success valid-key /
signal-success,set numOfAttemps := 0
Unlocked
Note how the object responds differently to the same event (invalid-key in Accepting state), depending on which events preceded it
9
invalid-key [numOfAttemps maxNumOfAttempts] / signal-failure
invalid-key / signal-failure invalid-key
[numOfAttemps maxNumOfAttempts] / sound-alarm
autoLockInterval-expired /
timer-expired /signal-reset,
set numOfAttemps := 0
Blocked
Locked
Accepting
entry: start timerdo: countdown
valid-key / signal-success
valid-key / signal-success
Unlocked
entry: start timerdo: countdown
State Diagram for Controller
Need “entry” and “do” state activities for countdown timers
10
Problem: States of a Hotel Room
make-reservation /
arrive /
depart /
Vacant
Occupied
Reserved
Problem:
- but a guest may be occupying the room while it is reserved by a future guest!?
- or the room may be vacantwhile reserved by a future guest!?
need a notion of time (“timing diagram”)
11
Problem: States of a Hotel Room
Vacant
Reserved
Time [days]
Occupied
Reservedby guest BC
mak
e-re
serv
atio
n
C a
rriv
e
C d
epar
t
Reservedby guest C
A a
rriv
e
A d
epar
t
B m
ake-
rese
rvat
ion
B a
rriv
e
B d
epar
t
Sta
tes
12
Problem: States of a Hotel Room
Vacant
Reserved
Time [days]
Occupied
Reservedby guest BC
mak
e-re
serv
atio
n
C a
rriv
e
C d
epar
t
Reservedby guest C
A a
rriv
e
A d
epar
t
B m
ake-
rese
rvat
ion
B a
rriv
e
B d
epar
t
What state?
What if the guest is late? – “Holding” state? What if the room is overbooked? What when it is being cleaned?
Issue: state transitions are weird—”Reserved” is
a future state but transitioned to by a
current event!
13
Object:Reservation table
Object:Room occupancy
Problem: States of a Hotel Room
Vacant
Reserved
Time [days]
Occupied
Reservedby guest BC
mak
e-re
serv
atio
n
Reservedby guest C
A a
rriv
e
A d
epar
t
B m
ake-
rese
rvat
ion
Available
curr
ent
time
SOLUTION:Introduce a new object!
rese
rve
free
Objects send messages that change states
14
Problem: States of a Hotel Room
Vacant
Reserved
Time [days]
Occupied
C a
rriv
e
C d
epar
t
A a
rriv
e
A d
epar
t
B a
rriv
e
B d
epar
t
Available
curr
ent
time
Object 2:Reservation table
Object 1:Room occupancy
We need two objects:One tracks room’s current state (occupancy)and the other its future state (reservation)
15
OCL: Object Constraint Language
• OCL is used in UML diagrams to– write constraints in class diagrams– guard conditions in state and activity diagrams
• based on Boolean logic
• Boolean expressions (“OCL constraints”) used to state facts about elements of UML diagrams
• The implementation must ensure that the constraints always hold true
16
Basic OCL Types and Operations
16
Type Values Operations
Boolean true, false and, or, xor, not, implies, if-then-else
Integer 1, 48, 3, 84967, … *, , , /, abs()
Real 0.5, 3.14159265, 1.e+5 *, , , /, floor()
String 'With more exploration comes more text.' concat(), size(), substring()
17
OCL: Types of Navigation
Class_A
– attribute1– attribute2– …
(a) Local attribute (b) Directly related class (c) Indirectly related class
Class_A
Class_B
*
*
assocBA
assocAB
Class_A
Class_B
*
*
Class_C
*
*
assocBA
assocAB
assocCB
assocBC
Within Class_A:self.attribute2
Within Class_A:self.assocAB
Within Class_A:self.assocAB.assocBC
18
Accessing Collections in OCL
18
OCL Notation Meaning
EXAMPLE OPERATIONS ON ALL OCL COLLECTIONS
c->size() Returns the number of elements in the collection c.
c->isEmpty() Returns true if c has no elements, false otherwise.
c1->includesAll(c2) Returns true if every element of c2 is found in c1.
c1->excludesAll(c2) Returns true if no element of c2 is found in c1.
c->forAll(var | expr)Returns true if the Boolean expression expr true for all elements in c. As an element is being evaluated, it is bound to the variable var, which can be used in expr. This implements universal quantification .
c->forAll(var1, var2 | expr)Same as above, except that expr is evaluated for every possible pair of elements from c, including the cases where the pair consists of the same element.
c->exists(var | expr)Returns true if there exists at least one element in c for which expr is true. This implements existential quantification .
c->isUnique(var | expr) Returns true if expr evaluates to a different value when applied to every element of c.
c->select(expr) Returns a collection that contains only the elements of c for which expr is true.
EXAMPLE OPERATIONS SPECIFIC TO OCL SETS
s1->intersection(s2) Returns the set of the elements found in s1 and also in s2.
s1->union(s2) Returns the set of the elements found either s1 or s2.
s->excluding(x) Returns the set s without object x.
EXAMPLE OPERATION SPECIFIC TO OCL SEQUENCES
seq->first() Returns the object that is the first element in the sequence seq.
19
OCL Constraints and Contracts
• A contract specifies constraints on the class state that must be valid always or at certain times, such as before or after an operation is invoked
• Three types of constraints in OCL: invariants, preconditions, and postconditions An invariant must always evaluate to true for all instance objects
of a class, regardless of what operation is invoked and in what order
• applies to a class attribute
A precondition is a predicate that is checked before an operation is executed
• applies to a specific operation; used to validate input parameters
A postcondition is a predicate that must be true after an operation is executed
• also applies to a specific operation; describes how the object’s state was changed by an operation
20
Example Constraints (1)
• Invariant: the maximum allowed number of failed attempts at disarming the lock must be a positive integer– context Controller inv: self.getMaxNumOfAttempts() > 0
• Precondition: to execute enterKey() the number of failed attempts must be less than the maximum allowed number– context Controller::enterKey(k : Key) : boolean pre: self.getNumOfAttempts() self.getMaxNumOfAttempts()
21
Example Constraints (2)
• The postconditions for enterKey() are– (Poc1) a failed attempt is recorded– (Poc2) if the number of failed attempts reached the maximum allowed, the system
blocks and the alarm bell blurts– Reformulate (Poc1) to:
(Poc1) if the key is not element of the set of valid keys, then the counter of failed attempts after exiting from enterKey() must be by one greater than before entering enterKey()
• context Controller::enterKey(k : Key) : Boolean-- postcondition (Poc1):post: let allValidKeys : Set = self.checker.validKeys() if allValidKeys.exists(vk | k = vk) then getNumOfAttempts() = getNumOfAttempts()@pre else getNumOfAttempts() = getNumOfAttempts()@pre + 1
• -- postcondition (Poc2):post: getNumOfAttempts() >= getMaxNumOfAttempts() implies self.isBlocked() and self.alarmCtrl.isOn()
22
xUnit / JUnit assert_*_()
• Verification is usually done using the assert_*_() methods that define the expected state and raise errors if the actual state differs
• http://www.junit.org/• Examples:
– assertTrue(4 == (2 * 2));– assertEquals(expected, actual);– assertNull(Object object);– etc.
23
TLA+ Specification
[closed, unlit] [open, lit]
[closed, lit]turnLightOff
(?)
unlock(valid key)
unlock(valid key)lock
lock,unlock(invalid key)
lock,unlock(invalid key)
MAIN CONFUSION:What is this state diagram representing?
The state of _what_ object?
