UML&FM 2012

454 views
347 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
454
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
3
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

UML&FM 2012

  1. 1. Formal Semantics of Extended Hierarchical State Transition Matrix (EHSTM) by CSP Y. Yamagata, W. Kong, A. Fukuda, T. Nguyen, H. Ohsaki, K. Tagucni AIST and Kyushu University Cnam Paris, August 27th, 2012
  2. 2. EHSTM (1)• Table based modeling language
  3. 3. EHSTM (2) Task1 Task2 Root matrixChild matrix
  4. 4. Table vs. ChartEHSTM State chart• Table based • Chart based• Event/state hierarchy • Composite state• Pros • Pros – All combination of events – Intuitive and states must be • Cons considered – Possibility of overlooking a• Cons combination of a state and – Less intuitive an event. – Tables tend to be very large
  5. 5. ZIPC (1)• ZIPC uses EHSTM as a modeling method• ZIPC provides – simulation of models – code generation to C/C++ Tables Simulation Code generation ZIPC C/C++
  6. 6. ZIPC (2)• Market share in Japan – among non-UML based modeling tools 5 5 ZIPC MATLAB/Simlink 42 Rational Test RealTime 34 Rational Rose RealTime
  7. 7. Garakabu2 (1)• Automatic verifier for EHSTM
  8. 8. Garakabu2 (2)CVC3 (SMT solver) Formulas EHSTM Simulation ZIPC C/C++
  9. 9. Garakabu2 (3)CVC3 (SMT solver) Formulas Justification? Complexity of translation No formal justification EHSTM Simulation ZIPC C/C++
  10. 10. Our approach PAT Verifier State-of-the-art model checker for CSPCSP language High-level specification language Relatively simple translation EHSTM Simulation ZIPC C/C++
  11. 11. Related worksFormal semantics of state-chart• Uselton 1994, Harel, Naamad 1996Translation from state-chart to CSP• Fuhrmann 1998,• Sun, et.al 2005, 2008,• Zhang and Liu 2010Previous works on EHSTM• Kong et.al 2011, 2011
  12. 12. CSP Terminate abnormally Terminate successfully Prefix Boolean choice Parallel composition Sequential composition interrupt Hiding Choice
  13. 13. Translation EHSTM CSP System Process Task ProcessHierarchy of matrices Parallel composition Matrix Process State Global variable Event virtual frame Sequence of events Event Event Expression Expression
  14. 14. Hierarchical Matrix T0 S1 S2 S2 e1 … □T1 e2 … …T0 T0 .state?S1 (q?e1 call(T1 ); T0 .state: S2; T0 | ) | T0 .state?S2call(T1 ) T1.start T1.return SKIP
  15. 15. Hierarchical Matrix T1 S3 S4 S4 S3 e3 P1 return e4 … …T1 T1.sate?S3 (q?e3 ...| ) | T1.state?S4 (q?e3 T1.return T1.start T1 | ...)T1 T1.start T1
  16. 16. ExperimentsExperiment 1• Test the interpretation of hierarchical matrices• Compare the result with Garakabu2Experiment 2• Motivating example in Kong 2011• Check the performance of the translation
  17. 17. Experiments - resultsExperiment 1• Both report deadlock as supposed.Experiment 2• PAT is >1000 times faster than Garakabu2• This is most likely because • PAT does explicit model checking, while • Garakabu2 uses a SMT solver.
  18. 18. Experiment 1 - model □0 S0 S1 S2 S1 S0 e0==0 x □0.1 e0=1 e0=1 S1 S2 e0==1 x □0.2 e0=0 □0.2 S011 S012 S013□0.1 S01 S02 S012 S013 S02 e2==0 returne1==0 x e2=1 e2=1 e1=1 S011 S01 e2=0;e1==1 return e2==1 x tmp=1; e1=1 tmp=0; e2=1;
  19. 19. Experiment 1 - results• Garakabu2 and PAT report deadlock• Time required < 1s
  20. 20. Experiment 2 - model
  21. 21. Experiment 2 – properties• Deadlock-free• STC1≡□(returner==ret⇒changer==wait_money_taken)• STC2≡□(changer==wait_request⇒returner==wait)• DYN≡□((changer==wait_requiest && X changer== wait_money_taken)⇒ X returner==ret)
  22. 22. Experiment 2 – results(1) Example with bug PAT PAT Garakabu2 Garakabu2Properties result Time result timeDeadlock Invalid 0.0013 Invalid 93 STC1 Invalid 0.011 Invalid 14 STC2 Invalid 0.0016 Invalid 16 DYN Invalid 0.0016 Invalid 4
  23. 23. Experiment 2 – results(2) Example without bug PAT PAT Garakabu2 Garakabu2Properties result time result timeDeadlock Valid 0.077 Valid 1239 STC1 Valid 0.053 Valid 511 STC2 Valid 0.039 Valid 735 DYN Valid 0.056 Valid 3211
  24. 24. Summary• Simple translation from EHSTM to CSP – Give a rigorous model of EHSTM• Verification of translated model using PAT – The result coincides with that of Garakabu2 – Faster than using Garakabu2
  25. 25. Future work• Support more functionality of EHSTM – Hierarchical states – Interrupt• PAT plugin – Mechanize translation

×