1 / 62

A General Framework for Formalizing Object-Oriented Modeling Techniques

A General Framework for Formalizing Object-Oriented Modeling Techniques. Betty H. C. Cheng Software Engineering and Network Systems Laboratory Department of Computer Science and Engineering Michigan State University East Lansing, Michigan 48824 Chengb@cse.msu.edu www.cse.msu.edu/~chengb.

brone
Download Presentation

A General Framework for Formalizing Object-Oriented Modeling Techniques

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A General Framework for Formalizing Object-Oriented Modeling Techniques Betty H. C. Cheng Software Engineering and Network Systems Laboratory Department of Computer Science and Engineering Michigan State University East Lansing, Michigan 48824 Chengb@cse.msu.edu www.cse.msu.edu/~chengb

  2. Acknowledgements • Joint work with the following people: • Robert Bourdeau • Laura Campbell • William McUmber • Enoch Wang • Ryan Stephenson • Sponsored in part by: • National Science Foundation Grants: • (CCR-9633391, CCR-9901017, EIA-0000433) • DARPA Grant (EDCS Program): F30602-96-1-0298 • Motorola • Eaton Corporation • Siemens Automotive • Detroit Diesel Corporation

  3. Bridge the Gap Between Informal and Formal Methods Object-Oriented “Blueprints” Formal Representations • Formal Methods: • Well-defined language • Set of rules for reasoning Apply Formalization Framework • Formal Specifications: • + Automated Analysis • Consistency, completeness • Rapid Prototyping • Behavior Simulation • + Design Transformations • + Automated Test Case generation • - May be difficult to construct/modify Informal specifications, + graphical models, + easy for humans to formulate, - may be inconsistent and incomplete.

  4. Overview • Introduction • Background • Formalization Framework • Validation: • Tool Support • Case Study • Related Work • Conclusions and Future Investigations

  5. Objectives and Results • Overarching goals: • Broaden base of developers who can use rigorous software engineering techniques • Provide palatable path to more rigorous SE techniques • Leverage existing expertise and technology • Specific Goals • Enable use of intuitive diagrammatic notations (UML) for embedded system design • Provide path from UML to existing formal languages • Existing user base • Support Tools • Enable automated analyses of model • Simulation • Model checking

  6. Domain: Embedded Systems

  7. Background: Embedded Systems • Code difficult to design and analyze • Time-dependent • difficult to instrument • often highly concurrent • High level of robustness required • control real-world, physical processes

  8. Informal Modeling Notation

  9. Background: UML Unified Modeling Language • “General-purpose” visual modeling language • de facto Standard • (At least) nine different diagrams • use case, class, state, interaction (2), implementation (2), etc • Diagrams described by metamodels: • A graphical model that describes syntax of model • Therefore, nine different metamodels

  10. Named association “type of” indicator Talks-to 1 0..1 multiplicities Contains aggregations of Class B Contains components UML Class Diagram Class A Class X Class A1 Class A2 Class A3 Class B

  11. UML Metamodel • Metamodel defines UML syntax using class diagram notation. • Semantics not defined by metamodel • Note: Any language or diagram syntax can be defined with a metamodel

  12. Example Metamodel Program 0..* Block Compound Simple Statement Statement

  13. Metamodel UML Diagram Instance Specific diagram shows some aspect of the system being constructed Uses class diagram notation to describe diagram component relationships Metamodel - Diagram - System Relationship System Specifies aspect of Constrains syntax

  14. Target Formalization Languages

  15. Background: VHDL • IEEE standard language • Intended for abstract description of hardware • Uses multiple, concurrent, communicating processes • Communication through “signals” • Syntax is Ada-like, procedural in nature • Models can be “executed” in simulation.

  16. Background: Promela (SPIN) • Promela is language for SPIN model checker • Simulation and model checking of concurrent systems • SPIN: commonly used in telecommunication domain • Developed by Bell Labs (now Lucent part) • Protocol verification • Guarded Command Language + CSP + C • Collection of processes, channels, and variables

  17. “structure” typedef declarations Channel declaration Instantiation of “A_type” “initial” procedure Executed as one stmt Guarded statement Proctype instantiation Basic proctype Proctype declaration do-od loop Channel write if-fi block Channel read Background: Promela Example typdef A_type { int x; int y; bool unused; mtype vals; } chan queue=[3] of {mtype}; A_type A; mtype={on, off, none}; init { atomic {A.x = 1; A.y = 2} run abc() } proctype abc() { int I; do :: A.x > 1 -> A.y = A.y + 1; A.x = A.x + 1; od; queue!on; if :: queue?vals :: A.y > 4 -> goto skip1 fi}

  18. General Formalization Framework

  19. With the mapped objects This operation in this system with these objects (a & b) Does the “same thing” as this operation in this system Homomorphisms Preserve operations, hence structure and semantics

  20. Describes instance Produces mapping Describes instance UML diagram Formal description of system Mapping Rules Metamodel mapping UML metamodel Formal language metamodel Homomorphism

  21. Unified Class/Dynamic Metamodel Model Class related Dynamic related Behavior Class Relationships State Vertex Instance Variables Aggregation Generalization Transition Association Rest of dynamic model

  22. Dynamic Model Portion of Unified Metamodel To Class Behavior Guard 1..* 0..1 1 1 0..1 State Vertex Transition 0..1 0..1 0..1 Pseudostate State ActionSequence 0..1 0..1 0..1 CompositeState SimpleState Event Start Join SignalEvent TimeEvent ChangeEvent Final History

  23. h: Target Source h: A B R h: B’ A’ D’ R’ hasComp(A,C) h: C hasPart(A’,C’) h: C’ Example Metamodel Mapping

  24. Introduction to Mapping Rules • VHDL used for embedded systems • VHDL contains timing notations • Many commercial tools available • Comprehensive simulation capability • SPIN used in industry • Spin provides model simulation and checking • Concurrency is a feature of both

  25. Promela Class Diagram Mapping Rules • Classes (objects) map to proctypes. • Relationships map to channels. • Instance variables map to global typedef structures.

  26. Promela Dynamic Model Mapping Rules • Simple states map to blocks of Promela statements. • Transitions map to gotoandrun() • Composite states map to proctypes • Events map to channel writes/receives • Pseudo-states map to blocks of various Promela statements

  27. SPIN Analyses • Random simulation • Exhaustive search of states • State transition system checked by temporal logic assertions • Often provides counter-examples (path to problem state) • “Easier” than theorem proving • Better than simulation when precise timing not required

  28. Structure Ent/Arch Class proctype Relationship Port signature channels Labeled block of statements procedure State Composite State Ent/Arch proctype Channel assignment Write to signal Event Summary of Mappings VHDL Promela

  29. Tool Support

  30. Tool Support Analysis results UML HIL Spec* Analysis Tool* MINERVA Hydra Diagram reports Analysis reports

  31. Architecture of Minerva Diagram reports Diagram in DoME format UML UML diagram editors HIL Plug-ins Visualization commands Analysis results (processed) Text processing scripts Analysis reports Analysis results (raw)

  32. Hydra Translation Tool Modular per formal language Uses library and parser to implement rules Language Specific Class Library Minerva Language Specific Class Library Hydra parser HIL Formal Specifications Implements mapping rules for specific language

  33. Industrial Case Study

  34. Smart Cruise Requirements Desired trail distance Safety zone Coast zone Closing zone About 400 ft - acquires target vehicle. Closing speed low enough to control. Starts coasting to match speed Maintain proper trail distance - speeds match Safe zone This is what we want Closing speed too high. Issues warnings to avoid this condition

  35. Class - Context Diagram Target acquisition target loss distance System boundary Control Radar Warnings “set” Distance Car speed throttle control Car Car speed brakes Target Brakes Throttle Control

  36. Smart Cruise Class Model • Target acquisition • target loss • distance to target Control Radar Car speed Car speed throttle control Car

  37. High Level Radar Dynamic Model [target <= 400]^target-acquired Check distance [target > 400] Car-speed Get car speed Wait for ack Ack-from-control Turn-on Off Turn-off

  38. Car Dynamic Model Set cruise speed car1 car3 Get-speed[real=set]^speed Get-speed[realset]/{adjust real speed}^speed Set-speed Supply speed to radar updatex updatespd Unset cruise speed Supply speed to control car4 car1 Get-speed^speed Unset speed dounset dogetspd

  39. High Level Control Dynamic Model Wait for target Wait for “set” target set Ack from car [exceed bounds] Get speed and distance Check bounds Warning or Alarm [trailing] [closing] Maintain Trail position Closing on target

  40. SPIN Analyses Performed • Random simulation • State reachability • State reachability with assertions • Progress loop analysis (cycle checks) • Model checking with temporal claim • Model checking with temporal claim and non-deterministic execution paths.

  41. Use of Simulation • Check that model runs (does not deadlock) • Model appears to achieve basic requirements • Model not erratic (simulation is random) • Exercise common paths • Explore extremes for initial proper behavior • Basically, high level debugging strategy

  42. State Reachability Analysis • Reachability is exhaustive (unlike simulation) • For common scenarios, • ensure set of states is correct and • exception states not entered • For exception scenarios, • ensure exception states entered

  43. State Reachability for Normal Scenario (Establish target trail) = reached Wait for target Wait for “set” target set Ack from car [exceed bounds] Get speed and distance Check bounds Warning or Alarm control dynamic model [trailing] [closing] Maintain Trail position Only unreached state, as expected Closing on target

  44. SPIN Progress Loop Analysis • Ensures no cycles of only unmarked states. • Reports cycles unless state(s) are marked. • If nothing marked, reports cycles • If known cycles are marked, reports unexpected cycles

  45. Progress Cycle Analysis of Model • Liveness check: Ensure state cycle “follow target” established • Differs from reachability by ensuring cycle exists, not just state visit. • Safety check: Ensure no unexpected cycles encountered

  46. Progress Loop Checks 1. Green states reported as cycle when unmarked Wait for target Wait for “set” target set Ack from car Get speed and distance Check bounds Warning or Alarm shut off system [trailing] [closing] Maintain Trail position Closing on target None of these reported 2. After marked, no other cycles appeared (complement of first check)

  47. Model Checking Tests • Car achieves trail position, and stays there. Three checks: • Once in idle, model never comes back • when target sent, ack replied • Remove ack to demonstrate check works • Brake application leads to return to idle state. • Revealed missed an event on transition

  48. Ensure Target is Never MissedDemonstrate Check Works Target acquired Control Radar acknowledgement Remove this message to force claim to fail This check failed (as expected)

  49. Related Work • Object-Orientation and Embedded Systems • Formalization of UML • Formalization of OO Modeling Techniques

  50. Embedded System Methodologies • Ad Hoc (frequently used in industry) • Structured methods - RTSA • [Ward & Mellor, Hatley & Pirbhai] • RTSA models semi-formal, uses top-down • Hybrid OO -- RTOOSA [Ellis] • Still structured, semi-formal - little object use • OO, non-UML (ROOM) [Selic, Gullekson] • Formal, but unusual OO model • OO, UML based [Douglass] • Semi-formal. No behavior verification

More Related