Скачать презентацию Understanding and Comparing Model -Based Specification Notations Jianwei Скачать презентацию Understanding and Comparing Model -Based Specification Notations Jianwei

50c396fcda6c4e20634d2d7a0aa7ed2a.ppt

  • Количество слайдов: 87

Understanding and Comparing Model -Based Specification Notations Jianwei Niu, Joanne Atlee, and Nancy Day Understanding and Comparing Model -Based Specification Notations Jianwei Niu, Joanne Atlee, and Nancy Day University of Waterloo

Expressing a Notation’s Semantics Designers of specification notations document the semantics of their notations, Expressing a Notation’s Semantics Designers of specification notations document the semantics of their notations, to help specifiers use the notations correctly. Pseudo code: Formal semantics: Let EN be the set of enabled transitions and static reactions Definition: Let X = (X 0, …, Xn) be a sequence of state configurations. Let SC be a system configuration whose state configuration is Xn. Let SC 1 be a micro system configuration with respect to SC, and let be a microstep from SC 1. Then SC = ( X, , Y) is the micro system configuration reached by from SC 1 if (a) For each static reaction X in EN, execute the action associated with X (b) For each transition X in EN, let Sn and Sx be the set of states exited and entered, respectively; - update the history of all the parents of states in Sx - delete the states in Sx from the list of states in which the system resides - execute actions associated with exiting states in Sx - execute the actions of X - execute the actions associated with entering the states in Sn - add to the list of states in which the system resides all of the states in Sn Harel et al. “The STATEMATE Semantics of Statecharts”, TOSEM, July 1996 1. X = X 1 - X 1 { *(LCA(t)) | t } 2. 1 = {e | generates e } 3. = 1 { cr(c) | does not assign F to c } { cr(c) | assigns T to c } 4. (v) = x iff 1(v) = x and does not assign any value to v or assigns x to v 5. Y = Y 1 { C (LCA(t), target(t), X) | t } Harel et al. “On the Formal Semantics of Statecharts”, LICS 1987

Template-Based Approach We propose a template-based approach [FSE’ 02] to structuring the operational semantics Template-Based Approach We propose a template-based approach [FSE’ 02] to structuring the operational semantics of model-based notations that 1. Separates a notation’s step semantics from its semantics of composition. CP 1 CP 2 CP 3 CP 4 HTS 3 HTS 1 HTS 2 HTS 4 HTS 5

Template-Based Approach We propose a template-based approach [FSE’ 02] to structuring the operational semantics Template-Based Approach We propose a template-based approach [FSE’ 02] to structuring the operational semantics of model-based notations that parameters 1. Separates a notation’s step semantics from its semantics of composition. CP 1 2. Extracts common semantics into templates. User instantiates the templates with parameters, to specify a notation’s distinct semantics. CP 2 CP 3 CP 4 HTS 3 HTS 1 HTS 4 HTS 2 Templates HTS 5

Template Parameters RESET current States auxiliary enabling current input Events auxiliary enabling outputs current Template Parameters RESET current States auxiliary enabling current input Events auxiliary enabling outputs current Variables auxiliary enabling Macro semantics Priority NEXT

Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Events current input auxiliary enabling Variables outputs current auxiliary enabling Macro semantics Priority Unused Agreement among All 3 notations Agreement among 2 notations No Agreement

Outline of Today's Talk Template semantics u u u CP 1 Step semantics of Outline of Today's Talk Template semantics u u u CP 1 Step semantics of basic components Template parameters Comparing notation variants CP 4 CP 2 HTS 3 Composition operators HTS 1 HTS 2 Expressing other notations’ semantics u u u SCR SDL Petri Nets CP 3 HTS 4 HTS 5

Basic Components Hierarchical Transition Systems (HTSs) S 0 S 2 S 1 S 3 Basic Components Hierarchical Transition Systems (HTSs) S 0 S 2 S 1 S 3 S 5 S 7 S 9 S 8 S 4 S 6 Control states, state hierarchy Internal events External events Variables Transitions: source event [condition] / action dest Nonconcurrent machines – concurrency is introduced when composing multiple HTSs

Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, etc. ) Operational Semantics: admissible steps between consecutive snapshots u micro-steps: execute a single transition u macro-steps: execute a sequence of micro-steps until a stable state is reached inputs micro-step macro-step micro-step

Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, etc. ) Operational Semantics: admissible steps between consecutive snapshots u micro-steps: execute a single transition u macro-steps: execute a sequence of micro-steps until a stable state is reached inputs micro-step macro-step micro-step

Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, etc. ) Operational Semantics: admissible steps between consecutive snapshots u micro-steps: execute a single transition u macro-steps: execute a sequence of micro-steps until a stable state is reached inputs micro-step macro-step micro-step

Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, etc. ) Operational Semantics: admissible steps between consecutive snapshots u micro-steps: execute a single transition u macro-steps: execute a sequence of micro-steps until a stable state is reached inputs micro-step macro-step micro-step

Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, etc. ) Operational Semantics: admissible steps between consecutive snapshots u micro-steps: execute a single transition u macro-steps: execute a sequence of micro-steps until a stable state is reached inputs micro-step macro-step micro-step

Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, Step Semantics Snapshot: observable point in execution (current control states, occurring events, variable values, etc. ) Operational Semantics: admissible steps between consecutive snapshots u micro-steps: execute a single transition u macro-steps: execute a sequence of micro-steps until a stable state is reached inputs micro-step macro-step micro-step Stable snapshot: no transitions enabled in the snapshot

Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s states, events, and variable values apply: applies a transition’s actions (new events, variable assignments) to the snapshot micro-step: selects an enabled transition and applies its actions to the snapshot macro-step: executes a sequence of micro-steps reset: resets the snapshot at start of macro-step

Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s states, events, and variable values apply: applies a transition’s actions (new events, variable assignments) to the snapshot micro-step: selects an enabled transition and applies its actions to the snapshot macro-step: executes a sequence of micro-steps reset: resets the snapshot at start of macro-step

Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s states, events, and variable values apply: applies a transition’s actions (new events, variable assignments) to the snapshot micro-step: selects an enabled transition and applies its actions to the snapshot macro-step: executes a sequence of micro-steps, reset: resets the snapshot at start of macro-step

Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s states, events, and variable values apply: applies a transition’s actions (new events, variable assignments) to the snapshot micro-step: selects an enabled transition and applies its actions to the snapshot macro-step: executes a sequence of micro-steps reset: resets the snapshot at start of macro-step

Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s states, events, and variable values apply: applies a transition’s actions (new events, variable assignments) to the snapshot micro-step: selects an enabled transition and applies its actions to the snapshot macro-step: executes a sequence of micro-steps reset: resets the snapshot at start of macro-step

Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s Common Definitions of Template enabled transitions: identifies which transitions are enabled by the snapshot’s states, events, and variable values apply: applies a transition’s actions (new events, variable assignments) to the snapshot micro-step: selects an enabled transition and applies its actions to the snapshot macro-step: executes a sequence of micro-steps reset: resets the snapshot at start of macro-step

Example Function enabled_trans (ss, T ) returns the subset of transitions in T that Example Function enabled_trans (ss, T ) returns the subset of transitions in T that are enabled in snapshot ss enabled_trans(ss, T) { T | enabling_states(ss, ) enabling_events(ss, ) enabling_cond(ss, ) } where enabling_states, enabling_events, enabling_cond are template parameters

Template Parameters how snapshot is reset at start of macro-step RESET how snapshot changes Template Parameters how snapshot is reset at start of macro-step RESET how snapshot changes NEXT when transition executes current States auxiliary enabling current input Events auxiliary enabling outputs current Variables auxiliary enabling Macro semantics Priority how transitions are enabled

Example (Harel’s original statecharts) how snapshot is reset at start of macro-step RESET IE’= Example (Harel’s original statecharts) how snapshot is reset at start of macro-step RESET IE’= Ia’= Events how snapshot changes when transition executes NEXT IE gen( ) I Ia IEa’= enabling O’= where • IE - current internal events • Ia - current external events • O - output events trig( ) Ia IE O gen( ) • gen( ) - events generated by • trig( ) - ’s triggering events

Example (Harel’s original statecharts) how snapshot is reset at start of macro-step RESET IE’= Example (Harel’s original statecharts) how snapshot is reset at start of macro-step RESET IE’= Ia’= Events how snapshot changes when transition executes NEXT IE gen( ) I Ia IEa’= enabling O’= where • IE - current internal events • Ia - current external events • O - output events trig( ) Ia IE O gen( ) • gen( ) - events generated by • trig( ) - ’s triggering events

Example (Harel’s original statecharts) how snapshot is reset at start of macro-step RESET IE’= Example (Harel’s original statecharts) how snapshot is reset at start of macro-step RESET IE’= Ia’= Events how snapshot changes when transition executes NEXT IE gen( ) I Ia IEa’= enabling O’= where • IE - current internal events • Ia - current external events • O - output events trig( ) Ia IE O gen( ) • gen( ) - events generated by • trig( ) - ’s triggering events

Example (Harel’s original statecharts) how snapshot is reset at start of macro-step RESET IE’= Example (Harel’s original statecharts) how snapshot is reset at start of macro-step RESET IE’= Ia’= Events how snapshot changes when transition executes NEXT IE gen( ) I Ia IEa’= enabling O’= where • IE - current internal events • Ia - current external events • O - output events trig( ) Ia IE O gen( ) • gen( ) - events generated by • trig( ) - ’s triggering events

Example (Harel’s original statecharts) how snapshot is reset at start of macro-step RESET IE’= Example (Harel’s original statecharts) how snapshot is reset at start of macro-step RESET IE’= Ia’= Events how snapshot changes when transition executes NEXT IE gen( ) I Ia IEa’= enabling trig( ) Ia IE O’= where • IE - current internal events • Ia - current external events • O - output events • gen( ) - events generated by • trig( ) - ’s triggering events

Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Events current input auxiliary enabling Variables outputs current auxiliary enabling Macro semantics Priority Unused Agreement among All 3 notations Agreement among 2 notations No Agreement

Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Events current input auxiliary enabling Variables outputs current auxiliary enabling Macro semantics Priority Unused Agreement among All 3 notations Agreement among 2 notations No Agreement

Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Events current input auxiliary enabling Variables outputs current auxiliary enabling Macro semantics Priority Unused Agreement among All 3 notations Agreement among 2 notations No Agreement

Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Events current input auxiliary enabling Variables outputs current auxiliary enabling Macro semantics Priority Unused Agreement among All 3 notations Agreement among 2 notations No Agreement

Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Events current input auxiliary enabling Variables outputs current auxiliary enabling Macro semantics Priority Unused Agreement among All 3 notations Agreement among 2 notations No Agreement

Variant Variable Semantics AV’= RSML STATEMATE NEXT Variables statecharts NEXT eval(asn( ), AV) AVa’= Variant Variable Semantics AV’= RSML STATEMATE NEXT Variables statecharts NEXT eval(asn( ), AV) AVa’= enabling AV AV eval(asn( ), AV) eval(last(asn( )), AV) AVa cond( ) AV cond( ) where • AV - current variable values • AVa - old variable values (from start of macro-step) • • asn( ) - ’s variable assignments last(asn( )) - last of multiple assignments to same variable eval(X, Y) - evaluates expressions in X wrt values in Y cond( ) - ’s enabling conditions

Variant Variable Semantics AV’= RSML STATEMATE NEXT Variables statecharts NEXT eval(asn( ), AVa) AVa’= Variant Variable Semantics AV’= RSML STATEMATE NEXT Variables statecharts NEXT eval(asn( ), AVa) AVa’= enabling AV AV eval(asn( ), AV) eval(last(asn( )), AV) AVa cond( ) AV cond( ) where • AV - current variable values • AVa - old variable values (from start of macro-step) • • asn( ) - ’s variable assignments last(asn( )) - last of multiple assignments to same variable eval(X, Y) - evaluates expressions in X wrt values in Y cond( ) - ’s enabling conditions

Variant Variable Semantics AV’= RSML STATEMATE NEXT Variables statecharts NEXT eval(asn( ), AVa) AVa’= Variant Variable Semantics AV’= RSML STATEMATE NEXT Variables statecharts NEXT eval(asn( ), AVa) AVa’= enabling AV AVa cond( ) AV eval(asn( ), AV) eval(last(asn( )), AV) AVa AV cond( ) where • AV - current variable values • AVa - old variable values (from start of macro-step) • • asn( ) - ’s variable assignments eval(X, Y) - evaluates expressions in X wrt values in Y cond( ) - ’s enabling conditions last(asn( )) - last of multiple assignments to same variable

Variant Variable Semantics AV’= RSML STATEMATE NEXT Variables statecharts NEXT eval(asn( ), AVa) AVa’= Variant Variable Semantics AV’= RSML STATEMATE NEXT Variables statecharts NEXT eval(asn( ), AVa) AVa’= enabling AV AVa cond( ) AV eval(asn( ), AV) eval(last(asn( )), AV) AVa AV cond( ) where • AV - current variable values • AVa - old variable values (from start of macro-step) • • asn( ) - ’s variable assignments eval(X, Y) - evaluates expressions in X wrt values in Y cond( ) - ’s enabling conditions last(asn( )) - last of multiple assignments to same variable

Variant Variable Semantics AV’= RSML STATEMATE NEXT Variables statecharts NEXT eval(asn( ), AVa) AVa’= Variant Variable Semantics AV’= RSML STATEMATE NEXT Variables statecharts NEXT eval(asn( ), AVa) AVa’= enabling AV AVa cond( ) AV eval(asn( ), AV) eval(last(asn( )), AV) AVa AV cond( ) where • AV - current variable values • AVa - old variable values (from start of macro-step) • • asn( ) - ’s variable assignments eval(X, Y) - evaluates expressions in X wrt values in Y cond( ) - ’s enabling conditions last(asn( )) - last of multiple assignments to same variable

Outline of Today's Talk Template semantics u u u Step semantics of basic components Outline of Today's Talk Template semantics u u u Step semantics of basic components Template parameters Comparing notation variants Composition operators Expressing other notations’ semantics u u u SCR SDL Petri Nets

Composition Operators Constrain which/when components can take a step CP 1 CP 2 Share Composition Operators Constrain which/when components can take a step CP 1 CP 2 Share snapshot information: u u communicate events consistent values among shared variables CP 3 CP 4 HTS 3 HTS 1 HTS 2 HTS 4 HTS 5

AND-state Composition IF: Both components are enabled • Both components execute simultaneously 1 • AND-state Composition IF: Both components are enabled • Both components execute simultaneously 1 • Generated events are shared 2 • Assignments to shared variables are resolved 2 ELSE: One component is enabled • Enabled component executes in isolation 1 • Generated events are shared 2 • Assignments to variables are shared 2 1 Components execute via their micro-step template definition. 2 Components use their template parameters to receive shared events and variable values

Outline of Today's Talk Template semantics u u u Step semantics of basic components Outline of Today's Talk Template semantics u u u Step semantics of basic components Template parameters Comparing notation variants Composition operators Expressing other notations’ semantics u u u SCR SDL Petri Nets

Software Cost Reduction (SCR) An SCR specification specifies a system in terms of its Software Cost Reduction (SCR) An SCR specification specifies a system in terms of its variables and a history of how variables change value. Monitored variables: input variables, from the environment Controlled variables: output variables, set by the specification Terms, modes: internal variables

SCR An SCR specification specifies a system in terms of its variables and a SCR An SCR specification specifies a system in terms of its variables and a history of how variables change value. Variable updates are specified as mathematical functions: off on Warning = if Mode=Off if Mode Off Temp < 175 if Mode Off Temp 175 Represented as a table: Mode Off Heat, Maintain Warning’ = Condition True X Temp < 175 Temp 175 off on where each table entry represents one case in the function’s definition.

SCR Template Parameters RESET current States auxiliary enabling current input Events auxiliary enabling outputs SCR Template Parameters RESET current States auxiliary enabling current input Events auxiliary enabling outputs current Variables auxiliary enabling Macro semantics Priority NEXT

SCR Condition Tables Mode Condition Off True Warning’ = Temp < 175 Temp 175 SCR Condition Tables Mode Condition Off True Warning’ = Temp < 175 Temp 175 off Heat, Maintain X on We define a transition for every table entry: cond( ): table-entry conditions, evaluated wrt current variable values: Mode {Heat, Maintain} Temp<175 asn( ): bottom-level assignment Warning : = off

SCR Condition Tables Mode Condition Off True Warning’ = Temp < 175 Temp 175 SCR Condition Tables Mode Condition Off True Warning’ = Temp < 175 Temp 175 off Heat, Maintain X on We define a transition for every table entry: cond( ): table-entry conditions, evaluated wrt current variable values: Mode {Heat, Maintain} Temp<175 asn( ): bottom-level assignment Warning : = off

SCR Condition Tables Mode Condition Off True Warning’ = Temp < 175 Temp 175 SCR Condition Tables Mode Condition Off True Warning’ = Temp < 175 Temp 175 off Heat, Maintain X on We define a transition for every table entry: cond( ): table-entry conditions, evaluated wrt current variable values: Mode {Heat, Maintain} Temp<175 asn( ): bottom-level assignment Warning : = off

SCR Condition Tables RESET AV’= Variables NEXT AV asn( ) AV I AVa’= enabling SCR Condition Tables RESET AV’= Variables NEXT AV asn( ) AV I AVa’= enabling outputs Macro semantics AV cond( ) controlled(V) asn( ) simple microstep where • AV – current variable values • I – monitored (input) variable values • O – controlled (output) variable values • cond( ) – ’s enabling conditions • controlled(V) – controlled (output) variables in V

SCR Condition Tables RESET AV’= Variables NEXT AV asn( ) AV I AVa’= enabling SCR Condition Tables RESET AV’= Variables NEXT AV asn( ) AV I AVa’= enabling outputs Macro semantics AV cond( ) controlled(V) asn( ) simple microstep where • AV – current variable values • I – monitored (input) variable values • O – controlled (output) variable values • cond( ) – ’s enabling conditions • controlled(V) – controlled (output) variables in V

SCR Condition Tables RESET AV’= Variables NEXT AV asn( ) AV I AVa’= enabling SCR Condition Tables RESET AV’= Variables NEXT AV asn( ) AV I AVa’= enabling outputs Macro semantics AV cond( ) controlled(V) asn( ) simple microstep where • AV – current variable values • I – monitored (input) variable values • O – controlled (output) variable values • cond( ) – ’s enabling conditions • controlled(V) – controlled (output) variables in V

SCR Condition Tables RESET AV’= Variables NEXT AV asn( ) AV I AVa’= enabling SCR Condition Tables RESET AV’= Variables NEXT AV asn( ) AV I AVa’= enabling outputs Macro semantics AV cond( ) controlled(V) asn( ) simple microstep where • AV – current variable values • I – monitored (input) variable values • O – controlled (output) variable values • cond( ) – ’s enabling conditions • controlled(V) – controlled (output) variables in V

SCR Condition Tables RESET AV’= Variables NEXT AV asn( ) AV I AVa’= enabling SCR Condition Tables RESET AV’= Variables NEXT AV asn( ) AV I AVa’= enabling outputs Macro semantics AV cond( ) controlled(V) asn( ) simple microstep where • AV – current variable values • I – monitored (input) variable values • O – controlled (output) variable values • cond( ) – ’s enabling conditions • controlled(V) – controlled (output) variables in V

SCR Event Tables Mode Off X Event @T(Dial=bake) WHEN[Temp<Set T] @T(Dial=bake) WHEN[Temp Set. T] SCR Event Tables Mode Off X Event @T(Dial=bake) WHEN[Temp

SCR Event Tables Mode Off X Event @T(Dial=bake) WHEN[Temp<Set T] @T(Dial=bake) WHEN[Temp Set. T] SCR Event Tables Mode Off X Event @T(Dial=bake) WHEN[Temp

SCR Event Tables Mode Off X Event @T(Dial=bake) WHEN[Temp<Set WHEN[Temp Set. T] T] Heat SCR Event Tables Mode Off X Event @T(Dial=bake) WHEN[Temp

SCR Event Tables Mode Off X Event @T(Dial=bake) WHEN[Temp<Set T] @T(Dial=bake) WHEN[Temp Set. T] SCR Event Tables Mode Off X Event @T(Dial=bake) WHEN[Temp

SCR Event Tables RESET e trig( ). Events enabling NEXT [ e=@T(c) (AVa c) SCR Event Tables RESET e trig( ). Events enabling NEXT [ [email protected](c) (AVa c) (AV [ [email protected](v) (Ava(c) AV(c) ] c)] AV’= Variables AV I AV asn( ) AVa’= AV AVa enabling Outputs Macro semantics AVa cond( ) controlled(V) asn( ) simple microstep where • AV – current variable values • AVa – variable values from start of step • I – new input-variable values • cond( ) – ’s enabling conditions • controlled(V) – controlled (output) variables in V

SCR Event Tables RESET e trig( ). Events enabling NEXT [ e=@T(c) (AVa c) SCR Event Tables RESET e trig( ). Events enabling NEXT [ [email protected](c) (AVa c) (AV [ [email protected](v) (Ava(c) AV(c) ] c)] AV’= Variables AV I AV asn( ) AVa’= AV AVa enabling Outputs Macro semantics AVa cond( ) controlled(V) asn( ) simple microstep where • AV – current variable values • AVa – variable values from start of step • I – new input-variable values • cond( ) – ’s enabling conditions • controlled(V) – controlled (output) variables in V

SCR Composition An SCR specification is a network of these tabular functions, with variable SCR Composition An SCR specification is a network of these tabular functions, with variable dependences A B Mode Off Condition True X Temp < 175 D Mode True X Temp < 175 Temp 175 off Off on Condition Mode Heat, Maintain Warning’ = True X Temp < 175 Temp 175 off Off on Condition on Warning’ = Condition Temp 175 off Off Heat, Maintain C Mode True Heat, Maintain Warning’ = E X Temp < 175 Temp 175 off on F Mode Off Heat, Maintain Warning’ = Condition Mode True X Temp < 175 Temp 175 off Off on Heat, Maintain Warning’ = Condition True X Temp < 175 Temp 175 off on whose topological sort imposes a total ordering on tables: A B E C D F

SCR Composition An SCR specification is a network of these tabular functions, with variable SCR Composition An SCR specification is a network of these tabular functions, with variable dependences A B Mode Off Condition True X Temp < 175 D Mode True X Temp < 175 Temp 175 off Off on Condition Mode Heat, Maintain Warning’ = True X Temp < 175 Temp 175 off Off on Condition on Warning’ = Condition Temp 175 off Off Heat, Maintain C Mode True Heat, Maintain Warning’ = E X Temp < 175 Temp 175 off on F Mode Off Heat, Maintain Warning’ = Condition Mode True X Temp < 175 Temp 175 off Off on Heat, Maintain Warning’ = Condition True X Temp < 175 Temp 175 off on whose topological sort imposes a total ordering on tables: A B E C D F SCR composition is • functional composition of the tables’ functions • that maps one snapshot (SCR state) to its next snapshot • using new variable values in downstream calculations

Summary A template for expressing the operational semantics of many model-based notations that reduces Summary A template for expressing the operational semantics of many model-based notations that reduces users’ effort in documenting a notation’s semantics results in succinct descriptions of notation semantics makes it easier to understand to compare notations

Questions? Questions?

Petri-Net, SDL Template Parameters Petri-Nets States RESET current auxiliary enabling Events current input auxiliary Petri-Net, SDL Template Parameters Petri-Nets States RESET current auxiliary enabling Events current input auxiliary enabling Variables outputs current auxiliary enabling Macro semantics Priority NEXT SDL RESET NEXT

Future Work Automated generation of notation-specific analysis tools by treating an instantiated template as Future Work Automated generation of notation-specific analysis tools by treating an instantiated template as a model compiler that compiles a specification into its next-state relation which is a format that is suitable for computer-aided verification.

Further Work Goal: To generate model compilers from notations’ semantics. A model compiler compiles Further Work Goal: To generate model compilers from notations’ semantics. A model compiler compiles a specification into a more primitive representation, according to the notation’s computation model. An instantiated template is a model compiler. It defines a notation’s semantics in terms of allowable execution steps.

Summary A succinct method for describing the semantics of a specification notation that Makes Summary A succinct method for describing the semantics of a specification notation that Makes it easier to understand to compare notations Makes it easier (possible) to compile specifications in a representation that is more suitable for automated analysis

Current Status We have defined the generic template definitions enabled-transition, apply, init, micro-step, macro-step Current Status We have defined the generic template definitions enabled-transition, apply, init, micro-step, macro-step We have defined template parameters and composition operators for several popular notations various statecharts variants, RSML, SCR, SDL 88, Petri-Nets, process algebras We have implemented a vertical slice of the Metro model- compiler generator to handle Basic State Transitions enabled-transition, apply, macro-step, interleaving composition,

Conclusions and Future Work Conclusions and Future Work

Example (original statecharts) how snapshot is reset at start of macro-step RESET CS’= States Example (original statecharts) how snapshot is reset at start of macro-step RESET CS’= States CSa’= enabling how snapshot changes when transition executes NEXT CS entered( ) ancestor(entered( ) CS CSa – descend(scope( )) source( ) CSa where • CS - current events • CSa - auxiliary state information (set of enabling states) • entered(s) - states entered when s is entered • ancestor(s) - ancestor states of s • descend(s) - descendent states of s • scope( ) - lowest common ancestor of ’s source and destination

Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Events current input auxiliary Variables enabling current auxiliary enabling Outputs Macro semantics Priority Agreement among All 3 notations Agreement among 2 notations RESET NEXT

Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Events current input auxiliary Variables enabling current auxiliary enabling Outputs Macro semantics Priority Agreement among All 3 notations Agreement among 2 notations RESET NEXT

Variant Event Semantics statecharts RSML RESET IE’= Events Ia’= NEXT RESET IE gen( ) Variant Event Semantics statecharts RSML RESET IE’= Events Ia’= NEXT RESET IE gen( ) I Ia I STATEMATE NEXT gen( ) intern_ev(E) IEa’ enabling trig( ) Ia IE where • gen( ) - events generated by transition • trig( ) - ’s triggering events • intern_ev(E) - internal events in E RESET NEXT gen( ) I

Variant State Semantics statecharts RESET CS’= States CS CSa’= CS enabling NEXT entered( ) Variant State Semantics statecharts RESET CS’= States CS CSa’= CS enabling NEXT entered( ) ancestor(entered( ) RSML, STATEMATE RESET NEXT CS entered( ) ancestor(entered( ) CSa – descend(scope( )) source( ) CSa source( ) CS where • CS - current events • CSa - auxiliary state information (set of enabling states) • entered(s) - states entered when s is entered • ancestor(s) - ancestor states of s • descend(s) - descendent states of s • scope( ) - lowest common ancestor of ’s source and destination

Example (Harel’s original statecharts) how snapshot is reset at start of macro-step how snapshot Example (Harel’s original statecharts) how snapshot is reset at start of macro-step how snapshot changes when transition executes NEXT RESET AV’= Variables AV AV eval(asn( ), AVa) AVa’= AV AVa enabling AVa cond( ) where • AV - current variable values • AVa - old variable values (from start of macro-step) • asn( ) - ’s variable assignments • eval(X, Y) - evaluates expressions in X wrt values in Y • cond( ) - ’s enabling conditions

Example (Harel’s original statecharts) how snapshot is reset at start of macro-step how snapshot Example (Harel’s original statecharts) how snapshot is reset at start of macro-step how snapshot changes when transition executes NEXT RESET AV’= Variables AV AV eval(asn( ), AVa) AVa’= AV AVa enabling AVa cond( ) where • AV - current variable values • AVa - old variable values (from start of macro-step) • asn( ) - ’s variable assignments • eval(X, Y) - evaluates expressions in X wrt values in Y • cond( ) - ’s enabling conditions

Example (Harel’s original statecharts) how snapshot is reset at start of macro-step how snapshot Example (Harel’s original statecharts) how snapshot is reset at start of macro-step how snapshot changes when transition executes NEXT RESET AV’= Variables AV AV eval(asn( ), AVa) AVa’= AV AVa enabling AVa cond( ) where • AV - current variable values • AVa - old variable values (from start of macro-step) • asn( ) - ’s variable assignments • eval(X, Y) - evaluates expressions in X wrt values in Y • cond( ) - ’s enabling conditions

Example (Harel’s original statecharts) how snapshot is reset at start of macro-step how snapshot Example (Harel’s original statecharts) how snapshot is reset at start of macro-step how snapshot changes when transition executes NEXT RESET AV’= Variables AV AV eval(asn( ), AVa) AVa’= AV AVa enabling AVa cond( ) where • AV - current variable values • AVa - old variable values (from start of macro-step) • asn( ) - ’s variable assignments • eval(X, Y) - evaluates expressions in X wrt values in Y • cond( ) - ’s enabling conditions

Template Parameters RESET current States auxiliary enabling current input Events auxiliary enabling outputs current Template Parameters RESET current States auxiliary enabling current input Events auxiliary enabling outputs current Variables auxiliary enabling Macro semantics Priority NEXT

AND-state Composition (original statecharts) Both components are enabled AND do not assign values to AND-state Composition (original statecharts) Both components are enabled AND do not assign values to the same variables • Both components execute simultaneously 1 • Generated events are shared 2 • Assignments to shared variables are resolved 2 OR • An enabled component executes in isolation 1 • Generated events are shared 2 • Assignments to variables are shared 2 1 Components execute via their micro-step template definition. 2 Components use their template parameters to receive shared events and variable values

SCR Composition (functional composition) fun_comp Nmicro (ss, , ss’) TO TO[n] TO[2] TO[1] ss’ SCR Composition (functional composition) fun_comp Nmicro (ss, , ss’) TO TO[n] TO[2] TO[1] ss’ = Nmicro (…(Nmicro (N micro (ss, 1), 2), …), n) = { 1, 2, …, n} i n. [ i = enabled_trans (Nmicro TO[i-1] TO[1] (…(Nmicro (ss, 1), …), i-1), TTO[i]) ]

There is a micro-step from ss to ss’, via transitions fun_comp Nmicro SCR Composition There is a micro-step from ss to ss’, via transitions fun_comp Nmicro SCR Composition (functional composition) (ss, , ss’) TO TO[n] TO[2] TO[1] ss’ = Nmicro (…(Nmicro (N micro (ss, 1), 2), …), n) = { 1, 2, …, n} i n. [ i = enabled_trans (Nmicro TO[i-1] TO[1] (…(Nmicro (ss, 1), …), i-1), TTO[i]) ]

There is a micro-step from ss to ss’, via transitions fun_comp Nmicro SCR Composition There is a micro-step from ss to ss’, via transitions fun_comp Nmicro SCR Composition (functional composition) Given a total ordering, TO, over the specification’s n functions (tables) (ss, , ss’) TO TO[n] TO[2] TO[1] ss’ = Nmicro (…(Nmicro (N micro (ss, 1), 2), …), n) = { 1, 2, …, n} i n. [ i = enabled_trans (Nmicro TO[i-1] TO[1] (…(Nmicro (ss, 1), …), i-1), TTO[i]) ]

There is a micro-step from ss to ss’, via transitions fun_comp Nmicro SCR Composition There is a micro-step from ss to ss’, via transitions fun_comp Nmicro SCR Composition (functional composition) Given a total ordering, TO, over the specification’s n functions (tables) (ss, , ss’) TO TO[n] TO[2] TO[1] ss’ = Nmicro (…(Nmicro (N micro (ss, 1), 2), …), n) ss’ = the functional composition of the tables’ functions, applied in the total order TO, starting from ss. = { 1, 2, …, n} i n. [ i = enabled_trans (Nmicro TO[i-1] TO[1] (…(Nmicro (ss, 1), …), i-1), TTO[i]) ]

There is a micro-step from ss to ss’, via transitions fun_comp Nmicro SCR Composition There is a micro-step from ss to ss’, via transitions fun_comp Nmicro SCR Composition (functional composition) Given a total ordering, TO, over the specification’s n functions (tables) (ss, , ss’) TO TO[n] TO[2] TO[1] ss’ = Nmicro (…(Nmicro (N micro (ss, 1), 2), …), n) ss’ = the functional composition of the tables’ functions, applied in the total order TO, starting from ss. = { 1, 2, …, n} one transition (i. e. , variable assignment) from each table. i n. [ i = enabled_trans (Nmicro TO[i-1] TO[1] (…(Nmicro (ss, 1), …), i-1), TTO[i]) ]

There is a micro-step from ss to ss’, via transitions fun_comp Nmicro SCR Composition There is a micro-step from ss to ss’, via transitions fun_comp Nmicro SCR Composition (functional composition) Given a total ordering, TO, over the specification’s n functions (tables) (ss, , ss’) TO TO[n] TO[2] TO[1] ss’ = Nmicro (…(Nmicro (N micro (ss, 1), 2), …), n) ss’ = the functional composition of the tables’ functions, applied in the total order TO, starting from ss. = { 1, 2, …, n} one transition (i. e. , variable assignment) from each table. i n. [ i = enabled_trans (Nmicro TO[i-1] TO[1] (…(Nmicro (ss, 1), …), i-1), TTO[i]) ] each transition i is enabled after the functional composition of transitions 1 … i-1

There is a micro-step from ss to ss’, via transitions fun_comp Nmicro SCR Composition There is a micro-step from ss to ss’, via transitions fun_comp Nmicro SCR Composition (functional composition) Given a total ordering, TO, over the specification’s n functions (tables) (ss, , ss’) TO TO[n] TO[2] TO[1] ss’ = Nmicro (…(Nmicro (N micro (ss, 1), 2), …), n) ss’ = the functional composition of the tables’ functions, applied in the total order TO, starting from ss. = { 1, 2, …, n} one transition (i. e. , variable assignment) from each table. i n. [ i = enabled_trans (Nmicro TO[i-1] TO[1] (…(Nmicro (ss, 1), …), i-1), TTO[i]) ] each transition i is enabled after the functional composition of transitions 1 … i-1

Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Comparing Notation Variants statecharts States RESET NEXT STATEMATE RSML RESET NEXT current auxiliary enabling Events current input auxiliary enabling Variables outputs current auxiliary enabling Macro semantics Priority Unused Agreement among All 3 notations Agreement among 2 notations No Agreement