1 / 21

Checking Interaction Consistency in MARMOT Component Refinements

Checking Interaction Consistency in MARMOT Component Refinements. Yunja Choi School of Electrical Engineering and Computer Science Kyungpook National University. Overview. MARMOT methodology Component and refinements Interaction consistency A general framework for consistency checking

kiayada-blanchard
Download Presentation

Checking Interaction Consistency in MARMOT Component Refinements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Checking Interaction Consistency in MARMOT Component Refinements Yunja Choi School of Electrical Engineering and Computer Science Kyungpook National University

  2. Overview • MARMOT methodology • Component and refinements • Interaction consistency • A general framework for consistency checking • Case example • Model checking elevator system • Performance improvement through abstraction • Discussion

  3. MARMOT Methodology • Branched from KobrA by Atkinson et. al • Designed for the development of embedded systems • High quality system through systematic, structured development • Components are the focus of entire development process • Tree-structured hierarchy of components • Flexibility and reuse of components

  4. Statecharts Specification Operation Schemata Class Diagram Sequence Diagram Class Diagram Realization Object Diagram(Architecture) MARMOT Component Refined component Refining component

  5. Recursive Development Identification Specification Realization Kpt A Component Reuse Kpt B Kpt C Kpt D COTS Component

  6. Example: elevator system

  7. Specifying externally visible behavior

  8. Quality Control • MAMOT supports systematic identification and refinements of a component • the principle of “separation of concerns”: specification vs. realization • Iterative decomposition and refinements • There can be many issues in consistency • Structural consistency • Behavioral consistency • Behavioral consistency between the realization of refined component and the specification of its refining components

  9. Interaction Consistency • at ith refinement step, the realization of the refined component constrains the environment of the refining components • A system is consistent with its environment in its behavior if it either terminates normally or runs infinitely under the infinite sequence of stimuli generated from its environment • A system is inconsistent with its environment in its behavior if it terminates abnormally under the infinite sequence of stimuli generated from its environment

  10. A component and its environment are specified as two processes P and E, where each of them is represented as a labeled transition system (Sp, Lp, Rp, Ip, Tp) and (Se, Le, Re, Ie, Te) A restricted form of process composition of P and E is defined as P↑E = (Sp× Se, Lp∪ Le, Rp× Re, Ip× Ie, Tp× Te) where Process model

  11. Consistency Model

  12. Formal definitions • Termination • Terminate(P(s))↑E : P terminates to a state s that belongs to the pre-defined set of terminal states T under the environment E • P(s) ∧ s ∈T, • If P is a compositional process, P = P1∥ P2∥.. ∥ Pn • Terminate(P(s)) ↑E if and only if ∀i, Terminate(Pi(si)) ↑Ei , where Ei = E ∥ P1∥ P2∥.. Pi-1 ∥ Pi+1 ∥ … ∥ Pn

  13. Formal definitions • Progressiveness • Progress(P(s)) ↑E : eventually, there is a transition out of the state s under the environment E • Interaction Consistency • Consistent(P(s)) ↑E = Terminate(P(s))↑E ∨ Progress(P(s)) ↑E

  14. Model checking consistency • Based on the exhaustive search of system state-space • Fully automated • SPIN: invalid-endstate checking • SMV: we can formulate the consistency property in temporal logic and use model checker to verify it • Provide counter-examples • Need translation to PROMELA or SMV input language • A number of translation approaches are available

  15. model checking consistency- Framework -

  16. Consistency Model in PROMELA

  17. Performance issue

  18. Abstraction techniques • Trigger-based abstraction • Abstract the environment so that it contains all the transitions generating a triggering event for the process P, and all the transitions from the initial state leading to the transition • Transition reduction • collapse several transitions into one if the intermediate transitions do not generate triggering actions for the process P ti /ai s0 s1 s2 si Si+1 ti /ai s0 si Si+1

  19. Performance Improvement

  20. Discussion • Formal methods can be effective and useful when integrated into development process • Our work focuses on the seamless integration • There are a number of existing works on UML consistency, refinements, CBD methodology, and the use of model checking • However, they mostly focus on one of the issues separately. • Hardly any of the earlier works concerns on performance issue when using model checking • Environment constraints have been manually identified in the previous works • More investigation is needed on optimization and automation • Translation and abstraction

  21. Thank you!

More Related