Checking Interaction Consistency in MARMOT Component Refinements Yunja

  • Slides: 21
Download presentation
Checking Interaction Consistency in MARMOT Component Refinements Yunja Choi School of Electrical Engineering and

Checking Interaction Consistency in MARMOT Component Refinements Yunja Choi School of Electrical Engineering and Computer Science Kyungpook National University 1

Overview MARMOT methodology Component and refinements Interaction consistency A general framework for consistency checking

Overview MARMOT methodology Component and refinements Interaction consistency A general framework for consistency checking Case example Model checking elevator system Performance improvement through abstraction Discussion 2

MARMOT Methodology Branched from Kobr. A by Atkinson et. al Designed for the development

MARMOT Methodology Branched from Kobr. A by Atkinson et. al Designed for the development of embedded systems High quality system through systematic, structured development Components are the focus of entire development process Tree-structured hierarchy of components Flexibility and reuse of components 3

MARMOT Component Refined component Operation Schemata Statecharts Specification Class Diagram Sequence Diagram Refining component

MARMOT Component Refined component Operation Schemata Statecharts Specification Class Diagram Sequence Diagram Refining component Class Diagram Object Diagram (Architecture) Realization 5

Recursive Development Identification Specification Realization Kpt A Component Reuse Kpt C Kpt B Kpt

Recursive Development Identification Specification Realization Kpt A Component Reuse Kpt C Kpt B Kpt D COTS Component 6

Example: elevator system 7

Example: elevator system 7

Specifying externally visible behavior 8

Specifying externally visible behavior 8

Quality Control MAMOT supports systematic identification and refinements of a component the principle of

Quality Control MAMOT supports systematic identification and refinements of a component the principle of “separation of concerns”: specification vs. realization Iterative decomposition and refinements There can be many issues in consistency Structural consistency Behavioral consistency between the realization of refined component and the specification of its refining components 9

Interaction Consistency at ith refinement step, the realization of the refined component constrains the

Interaction Consistency at ith refinement step, the realization of the refined component constrains the environment of the refining components A system is consistent with its environment in its behavior if it either terminates normally or runs infinitely under the infinite sequence of stimuli generated from its environment A system is inconsistent with its environment in its behavior if it terminates abnormally under the infinite sequence of stimuli generated from its environment 10

Process model A component and its environment are specified as two processes P and

Process model A component and its environment are specified as two processes P and E, where each of them is represented as a labeled transition system (Sp, Lp, Rp, Ip, Tp) and (Se, Le, Re, Ie, Te) A restricted form of process composition of P and E is defined as P↑E = (Sp× Se, Lp∪ Le, Rp× Re, Ip× Ie, Tp× Te) where 11

Consistency Model 12

Consistency Model 12

Formal definitions Termination Terminate(P(s))↑E : P terminates to a state s that belongs to

Formal definitions Termination Terminate(P(s))↑E : P terminates to a state s that belongs to the pre-defined set of terminal states T under the environment E P(s) ∧ s ∈T, If P is a compositional process, P = P 1∥ P 2∥. . ∥ Pn Terminate(P(s)) ↑E if and only if ∀i, Terminate(Pi(si)) ↑Ei , where Ei = E ∥ P 1∥ P 2∥. . Pi-1 ∥ Pi+1 ∥ … ∥ Pn 13

Formal definitions Progressiveness Progress(P(s)) ↑E : eventually, there is a transition out of the

Formal definitions Progressiveness Progress(P(s)) ↑E : eventually, there is a transition out of the state s under the environment E Interaction Consistency Consistent(P(s)) ↑E = Terminate(P(s))↑E ∨ Progress(P(s)) ↑E 14

Model checking consistency Based on the exhaustive search of system state-space Fully automated SPIN:

Model checking consistency Based on the exhaustive search of system state-space Fully automated SPIN: invalid-endstate checking SMV: we can formulate the consistency property in temporal logic and use model checker to verify it Provide counter-examples Need translation to PROMELA or SMV input language A number of translation approaches are available 15

model checking consistency - Framework - 16

model checking consistency - Framework - 16

Consistency Model in PROMELA 17

Consistency Model in PROMELA 17

Performance issue 18

Performance issue 18

Abstraction techniques Trigger-based abstraction Abstract the environment so that it contains all the transitions

Abstraction techniques Trigger-based abstraction Abstract the environment so that it contains all the transitions generating a triggering event for the process P, and all the transitions from the initial state leading to the transition s 0 s 1 s 2 si ti /ai Si+1 Transition reduction collapse several transitions into one if the intermediate transitions do not generate triggering actions for the process P s 0 si ti /ai Si+1 19

Performance Improvement 20

Performance Improvement 20

Discussion Formal methods can be effective and useful when integrated into development process Our

Discussion Formal methods can be effective and useful when integrated into development process Our work focuses on the seamless integration There a number of existing works on UML consistency, refinements, CBD methodology, and the use of model checking However, they mostly focus on one of the issues separately. Hardly any of the earlier works concerns on performance issue when using model checking Environment constraints have been manually identified in the previous works More investigation is needed on optimization and automation Translation and abstraction 21

Thank you! 22

Thank you! 22