1 / 19

A Concrete Syntax for UML 2.1 Action Semantics Using +CAL

A Concrete Syntax for UML 2.1 Action Semantics Using +CAL. 13th IEEE International Conference on Engineering of Complex Computer Systems – ICECCS 2008 UML&AADL’2008 Workshop Isabelle Perseil, Laurent Pautet TELECOM ParisTech, LTCI,UMR 5141 CNRS. Agenda. Context State-of-the Art Issues

dante
Download Presentation

A Concrete Syntax for UML 2.1 Action Semantics Using +CAL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Concrete Syntax for UML 2.1 Action Semantics Using +CAL 13th IEEE International Conference on Engineering of Complex Computer Systems – ICECCS 2008 UML&AADL’2008 Workshop Isabelle Perseil, Laurent Pautet TELECOM ParisTech, LTCI,UMR 5141 CNRS

  2. Agenda Context State-of-the Art Issues Goals Proposed approach Application of the approach Conclusions Page 2 – UML&AADL’ 2008 – 02/04/2008

  3. Context • The role of executable modeling (xUML) • Subset of UML + ASL  runs models, generation of safe code (computationally complete language) • Bridge the gap between the analysis, design and programming steps • From xUML to other executable modeling languages • Multiple views, multiple aspects :define all elements for implementation, without overloading one single model and mismatch the abstraction level •  Ada (better for system analysis) •  AADL  Ada (better for system deployment)

  4. State-of-the Art – part I : the OMG RFP The UML specifies how many types of models can be expressed it lacks a concrete syntax for describing actions Users of the UML can add operations and states to their models, but there is no standard concrete syntax to describe how objects are created and changed by those operations and states. The RFP solicits proposals for Concrete syntax for describing actions in the UML 2.1 action semantics and activities Page 4 – UML&AADL’ 2008 - 02/04/2008

  5. State-of-the Art – part II : Action languages Definition : An action is some computation, such as executing a function, sending a signal, reading or writing data, and iterating over a set an action is a statement or a sequence of statements that is executed when the object takes the transition Existing action languages SMALL (very limited precursor) TALL (functional) Bridge-Point Object iUMLfrom Kennedy Carter (industrially used) Answer to the RFP, but not formal enough Page 5 – UML&AADL’ 2008 - 02/04/2008

  6. State-of-the Art : example of the Lamport Bakery statechart [guard] if false it exits (not going to the next state “Trying”) [guard] actions action incoming transition [guard] Condition connector boolean condition : must be true for the transition to be taken Only the smallest ticket can enter in the critical section process a_process ∈1 . .N Page 6 – UML&AADL’ 2008 - 02/04/2008

  7. And its code (Mutex.adb) with “Rhapsody in Ada”-generation of one procedure : procedure Trying_Process_Event (this : in out Mutex_t; e : in out Class_Hierarchy_Specific_Event.Class ) is begin …. if Q < N then ……. ); Trying_Exit (this); ….. Q:=Q+1; …….. ); if (Rank( Q )=0 or (Rank(A_Process) > Rank( Q ) ) or (A_Process > Q )) then ……… ); --+[ transition --+] ……… ); Critical_Entry (this); ……….. ); --+[ transition Rank(A_Process) := 0; --+] …………… ); Idle_Entry (this); ……… end if; end if; end Trying_Process_Event; Automatically generates entry actions and exit actions for each state difficult to read (tool code simulation) • The code is not labeled • no parameterization • difficult to locate the origin Page 7 – UML&AADL’ 2008 - 02/04/2008

  8. Issues Use a high-level programming language : have many morefeatures than necessary to describe actions in a model (C++, Java, Ada…) The action semantics should provide just enough semantics to enable the specification of computation Genericity and interoperability between different action languages (if, for some reasons, we would have to work with several action languages) Page 8 – UML&AADL’ 2008 - 02/04/2008

  9. Goals Create a standard language with which users can write a complete and unambiguous functional description of the actions of operations and states with the following properties : Statements are readable and intuitive Statements resemble existing languages for common functions (e.g. if statements, assignment, comparison) Users can include comments Users can assign marks to individual statements in the language The language can be extended to include new features Page 9 – UML&AADL’ 2008 - 02/04/2008

  10. Our Goals The action language answers to the mandatory requirements, with particular strengths Preserves the level of abstraction of the action semantic language, adds formal capabilities Defines primitives, simple constructs Provides forthe specifications of systems in sufficient detail so that they can be executed Page 10 – UML&AADL’ 2008 - 02/04/2008

  11. Proposed Approach Requires a mapping from the structure of the specification to the structure of the implementation But executing a single diagram is not sufficient If the whole code is obtained from one (flat) diagram, then the execution of the model == a translation from one programming language to another one (i.e. a bijection) Page 11 – UML&AADL’ 2008 - 02/04/2008

  12. PCALToAda (1) +CAL algorithm --algorithm bakery variables Extraction = [k ∈ 1..N |-> FALSE], Rank= [m ∈ 1..N|-> 0]; process a_process ∈ 1..N variable q; begin Extraction[a_process]:= TRUE; Rank[a_process]:= 1 + max(Rank[1]..Rank[N]); Extraction[a_process]:= FALSE; q:=1; while q ≠ N+1 do while (Extraction[q]) do skip; end while; while ((Rank[q]≠ 0) ∧ ((Rank[q], q) < (Rank[a_process],a_process))) do skip; end while; q:=q+1; end while; \*The critical section Rank [a_process]:=0; \* non-critical section... end process end algorithm other processes know if some number requests are in progress or not number of the request labeled actions The “for” loop does not exist attribution of the ticket … ”busy waiting” (trying) wait until other processes with higher priorities have finished their job check on pid process Page 12 – UML&AADL’ 2008 - 02/04/2008

  13. PCALToAda (2) Ada pgm procedureEntering (A_Process : inProc_Index) is begin Extraction(A_Process) := True ; Rank(A_Process) := 1 + Maximum; Extraction(A_Process) := False ; forQ in1 . .N loop loop delay0 . 1 ; exit when notExtraction(Q) ; exit whenRank (Q)=0 or elseRank (A_Process) > Rank (Q) or else(A_Process > Q) end loop; end loop; endEntering ; −− −− Exit Protocol procedureWay_Out (A_Process : in(Proc_Index) is begin Rank (A_Process) := 0; endWay_Out ; wait guards ANTLR Translator From +CAL  Ada 2005 (in progress) exit of the loop Page 13 – UML&AADL’ 2008 - 02/04/2008

  14. +CAL extensions : answer to mandatory requirements ( TLA+ expressions) - Stephan Merz’s works The expressions in +cal algorithms can be any TLA+ expressions TLA+ records (also called structs)[field1, field2] Concurrent object “a” == record contains : one field for every attribute of class A a field qm for every message type m∈ MethAdefined in class A (representing the queue of waiting requests to execute method m) The action receive(a,m,x) describes the receipt of a message of type m by an object a with parameter tuple x Page 14 – UML&AADL’ 2008 - 02/04/2008

  15. +CAL extensions : answer to mandatory requirements ( TLA+ expressions) It represents some difficulties as we need to properly embed TLA+ : On one hand, +CAL is simple because : it has no pointers, no objects, no types On the other hand, the way to extend the capabilities is to use TLA+ expressions To re-define a class and formalize its behavior in TLA is not simple But, thanks to TLA we may represent a “next-state” relation for any attribute (actions defined for the given class) So we may represent the changes during the receipt of a new message Page 15 – UML&AADL’ 2008 - 02/04/2008

  16. Application of the approach TLA+ generation and assertion A simple command java pcal.trans Algorithm translate into TLA+ The translation introduces a new variable pc pc value is label of next statement to be executed The invariant to check is no 2 process are in state cs isMutex == ∀ i ,k∈1 .. N: (i /= k) ) : => ¬((pc[i ] = "cs") ∧(pc[k] = "cs")) IsMutex is a TLA+ operator defined just after the algorithm, Then : we put assert answer = isMutex to check the algorithm with TLC we simulate the algorithm (run) Page 16 – UML&AADL’ 2008 - 02/04/2008

  17. Application of the approachUse of extended +CAL into state machines diagrams algorithm Implementation Operation Body : • process a_process \in 1..N • variable q; • begin • …labeled actions • whileq /= N+1do • …. • end while; • cs: Rank [a_process]:=0; • nd process Labeled specification Extraction[q] sequence of steps (labels) specification Specification State machine in +CAL Ada generation : procedures (PCALToAda translator) Invariance checking in TLA+ (with TLC) Certificationof the produced code Page 17 – UML&AADL’ 2008 - 02/04/2008

  18. Conclusions and future works In order to formerly specify DRE Systems behavior Lamport specifies synchronization in terms of state machines (“Time, clocks and the ordering of events in a distributed system”)  formal state machines We have shown how +CAL can be executed in the context of state machines and activity diagrams To answer to the Action Language RFP mandatory requirements We need some Extensions to +CAL : Class and object manipulations and signal generation  animate UML models +CAL brings genericity  labels (allows to divide multi-threaded pgm into atomic steps), multiple languages generation +CAL can be used via a co-modeling methodology enabling TLA+ actions model-checking Safety properties of concurrent systems are satisfied Page 18 – UML&AADL’ 2008 - 02/04/2008

  19. Questions ? Mail to :isabelle.perseil@telecom-paristech.fr

More Related