Your SlideShare is downloading. ×

UML&FM 2012

193

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
193
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Formal Semantics of Extended Hierarchical State Transition Matrix (EHSTM) by CSP Y. Yamagata, W. Kong, A. Fukuda, T. Nguyen, H. Ohsaki, K. Tagucni AIST and Kyushu University Cnam Paris, August 27th, 2012
  • 2. EHSTM (1)• Table based modeling language
  • 3. EHSTM (2) Task1 Task2 Root matrixChild matrix
  • 4. Table vs. ChartEHSTM State chart• Table based • Chart based• Event/state hierarchy • Composite state• Pros • Pros – All combination of events – Intuitive and states must be • Cons considered – Possibility of overlooking a• Cons combination of a state and – Less intuitive an event. – Tables tend to be very large
  • 5. ZIPC (1)• ZIPC uses EHSTM as a modeling method• ZIPC provides – simulation of models – code generation to C/C++ Tables Simulation Code generation ZIPC C/C++
  • 6. ZIPC (2)• Market share in Japan – among non-UML based modeling tools 5 5 ZIPC MATLAB/Simlink 42 Rational Test RealTime 34 Rational Rose RealTime
  • 7. Garakabu2 (1)• Automatic verifier for EHSTM
  • 8. Garakabu2 (2)CVC3 (SMT solver) Formulas EHSTM Simulation ZIPC C/C++
  • 9. Garakabu2 (3)CVC3 (SMT solver) Formulas Justification? Complexity of translation No formal justification EHSTM Simulation ZIPC C/C++
  • 10. Our approach PAT Verifier State-of-the-art model checker for CSPCSP language High-level specification language Relatively simple translation EHSTM Simulation ZIPC C/C++
  • 11. Related worksFormal semantics of state-chart• Uselton 1994, Harel, Naamad 1996Translation from state-chart to CSP• Fuhrmann 1998,• Sun, et.al 2005, 2008,• Zhang and Liu 2010Previous works on EHSTM• Kong et.al 2011, 2011
  • 12. CSP Terminate abnormally Terminate successfully Prefix Boolean choice Parallel composition Sequential composition interrupt Hiding Choice
  • 13. Translation EHSTM CSP System Process Task ProcessHierarchy of matrices Parallel composition Matrix Process State Global variable Event virtual frame Sequence of events Event Event Expression Expression
  • 14. Hierarchical Matrix T0 S1 S2 S2 e1 … □T1 e2 … …T0 T0 .state?S1 (q?e1 call(T1 ); T0 .state: S2; T0 | ) | T0 .state?S2call(T1 ) T1.start T1.return SKIP
  • 15. Hierarchical Matrix T1 S3 S4 S4 S3 e3 P1 return e4 … …T1 T1.sate?S3 (q?e3 ...| ) | T1.state?S4 (q?e3 T1.return T1.start T1 | ...)T1 T1.start T1
  • 16. ExperimentsExperiment 1• Test the interpretation of hierarchical matrices• Compare the result with Garakabu2Experiment 2• Motivating example in Kong 2011• Check the performance of the translation
  • 17. Experiments - resultsExperiment 1• Both report deadlock as supposed.Experiment 2• PAT is >1000 times faster than Garakabu2• This is most likely because • PAT does explicit model checking, while • Garakabu2 uses a SMT solver.
  • 18. Experiment 1 - model □0 S0 S1 S2 S1 S0 e0==0 x □0.1 e0=1 e0=1 S1 S2 e0==1 x □0.2 e0=0 □0.2 S011 S012 S013□0.1 S01 S02 S012 S013 S02 e2==0 returne1==0 x e2=1 e2=1 e1=1 S011 S01 e2=0;e1==1 return e2==1 x tmp=1; e1=1 tmp=0; e2=1;
  • 19. Experiment 1 - results• Garakabu2 and PAT report deadlock• Time required < 1s
  • 20. Experiment 2 - model
  • 21. Experiment 2 – properties• Deadlock-free• STC1≡□(returner==ret⇒changer==wait_money_taken)• STC2≡□(changer==wait_request⇒returner==wait)• DYN≡□((changer==wait_requiest && X changer== wait_money_taken)⇒ X returner==ret)
  • 22. Experiment 2 – results(1) Example with bug PAT PAT Garakabu2 Garakabu2Properties result Time result timeDeadlock Invalid 0.0013 Invalid 93 STC1 Invalid 0.011 Invalid 14 STC2 Invalid 0.0016 Invalid 16 DYN Invalid 0.0016 Invalid 4
  • 23. Experiment 2 – results(2) Example without bug PAT PAT Garakabu2 Garakabu2Properties result time result timeDeadlock Valid 0.077 Valid 1239 STC1 Valid 0.053 Valid 511 STC2 Valid 0.039 Valid 735 DYN Valid 0.056 Valid 3211
  • 24. Summary• Simple translation from EHSTM to CSP – Give a rigorous model of EHSTM• Verification of translated model using PAT – The result coincides with that of Garakabu2 – Faster than using Garakabu2
  • 25. Future work• Support more functionality of EHSTM – Hierarchical states – Interrupt• PAT plugin – Mechanize translation

×