View
281
Download
3
Category
Tags:
Preview:
Citation preview
From Triggered Scenarios to Modal Transition System
German Sibay
Agenda
Motivation Previous Work Our Work Conclusion Future Work
Motivation Software is everywhere
– Nuclear power stations
– Mobile phones
– Banking Design and development of software is
hard Models are key in engineering
(abstraction)
requirements
Behaviour Models
analysis
Behaviour Models Pros
– Abstraction
– Build complexity: model < system
– Basis for (semi)automatic analysis techniques:
• Model checking
• Simulation
– Analysis of behaviour previous to construction
• Early detection
Cons
– Requires expertise
– Intra-agent behaviour specification
– Hard to build
Behaviour ModelsPerception: cons > pros
Possible cause of low adoption by practitioners
6
What do practitioners use?
Scenario notations, Use Cases Inter-agent specification Simple syntax Intuitive semantics MSC, UML Interaction Diagram
Actuator
User
Retrieve money
Pay Bills
7
Scenario notations
pros:
– Easy syntax, intuitive semantic
– Popular among practitioners cons:
– Generally informal (no suitable for formal analysis)
– Example of execution (not comprehensive)
– Limited expressiveness
Summary
requirements
Behaviour Models
analysis
9
Proposal: Synthesis from Scenarios
synthesis
Behaviour Models
scenarios scenario notation
requirements
analysis
10
Our Contribution
1. Novel Scenario Language with Trigger- Tree based semantics,
allows existential and universal with trigger
2. Synthesis algorithm for the new Language- Characterising all models
that satisfy the scenario
synthesis
Behaviour Models
scenario notation
11
Scenario Language: Basic Chart
Example of execution (MSC, UML Seq. Diag.) Partial order semantics Defines a finite language of finite words
{ pwd verify verifying wait ok , pwd verify wait veryfing ok }
12
Scenario Language with Prechart (or Trigger)
Live Sequence Chart (LSC):
– Existential Live Sequence Chart (eLSC)
•Example of a system run ≈ MSC
– Universal Live Sequence Chart (uLSC)
•Rule for all system runs ≈ Property
13
Existential Live Sequence Chart (eLSC)
Trace based semantics:interaction described by the scenario must be present somewhere in the trace
A set of traces satisfy if at least one satisfies
14
Universal Live Sequence Chart (uLSC)
Prechart
Mainchart
… pwd verify nok pwd verify nok pwd verify nok
x pwd verify ok …
Trace based semanticsEvery time the Prechart holds, the Mainchart must follow next
A set of traces satisfy if all satisfy
15
Labelled Transition System (LTS) as a set of traces
A LTS defines a set of traces
LTS satisfy the scenario if its set of traces do it:
- uLSC: All traces satisfy the scenario - eLSC: At least one trace satisfy the
scenario
16
Models and Scenarios
bdc dc(dc)∞ bc … x
0 1 2
.
.
.
A trace does not satisfy
the model does not satisfy the uLSC
uLSC
17
Models and Scenarios
bdc dc(dc)∞ bc …
0 1 2
.
.
.
There is a trace that satisfies
the model satisfies the eLSC
eLSC
18
New language: Motivation eLSC not very expressive.
Just an example of a user that logs in and retrieves money
19
New language: Motivation uLSC may be too restrictive
… pwd verify wait verifying wait ok getBalance() … x
Every time the user logs in, must try to retrieve money (and succeed)
20
Existential Triggered Scenario (eTS)
P
M
Execution tree based semantics:Every time the Trigger holds, there must exists an execution branch where the Mainchart holds next
21
Does the model satisfy the eTS?Does its tree satify the eTS?
b
dc
22
eTS: Summary Rule over entire system-to-be behaviour
Requires possibility of Mainchart when Prechart holds
Complementary to uLSCuLSC – LTL formula eTS - CTL formula
Semantics ≈ Use Cases with preconditions
23
Universal Triggered Scenario (uTS)
P
M
Execution tree based semantics:Every time the Trigger holds, only the Mainchart can come next. Also every word in the Mainchart must be in at least one branch
24
Universal Triggered Scenario (uTS)
Does this tree satify the uTS?
b
dcNO
25
TS extension
Conditions in the Trigger: Fluent Propositional Logic formula
uuserLoggedIn
26
Synthesis from TS
synthesis
TS
Behaviour model
27
Synthesis from this eTS
d
c
b
28
Synthesising a LTS Several LTS satisfy the scenario
Choosing one is taking an arbitrary decision
Choosing one that characterises them all (through simulation or trace inclusion) does not work
29
Solution: synthesise a Modal Transition System (MTS)
Extend LTS with an extra set of transitions
Required or Must transitions
Possible or May transitions
An LTS L is an implementation of an MTS M if
– all required behaviour in M is in L, and
– all behaviour in L is possible in M
request?reply?
request
reply
request
reply
request
reply
request
reply
30
MTS have a refinement relation: “more defined than”
MTS refinement preserves implementation
Solution: synthesise a MTS
request?reply?
Re
fin
ed+
-
request
reply
request
reply
Implementations (LTS)
request
reply
request
reply
request?reply?
31
MTS refinement preserves scenarios
Refinements
TS
LTSs: Satisfy the scenario
Synthesis
satisfies
MTSCharacterises
LTSsthat satisfy the
TS
32
Combining scenarios
Synthesised MTSs
Refinements
TS
Refinements
TS
Merge
33
Combining properties and scenarios
Synthesised MTSs
Refinements
Refinements
FLTL property
Merge
TS
34
Methodology
Synthesis
Feedback
Elaboration
Model Checking,Simulation,Animation
Validation
eTS
FLTL properties
uTS
Summarising New scenario-based
language
– based on LSC with branching semantic
– TS have existential with trigger
– Existential Fits with Use Case w/Preconditions
MTS Synthesis algorithm– No arbitrary choice
of LTS
– Characterisation of all LTSs satisfying TS
– Allows evolution through refinement
– Allows integrating multiple sources (merge)
Applicable to other scenario notations
35
Future Work Distributed
Synthesis– Problems of
composition of MTS (not complete)
– Distributed synthesis with trigger is tricky
Synthesise using scenarios and Architecture Diagrams
36
Recommended