Introduction to ASMs http www eecs umich edugasm

  • Slides: 16
Download presentation
Introduction to ASMs http: //www. eecs. umich. edu/gasm/ Dumitru Roman Digital Enterprise Research Institute

Introduction to ASMs http: //www. eecs. umich. edu/gasm/ Dumitru Roman Digital Enterprise Research Institute dumitru. roman@deri. org 04 -08 -2004 dumitru. roman@deri. org

Outline • ASMs Characteristics • ASMs Definition – Abstract States – Abstract Instructions for

Outline • ASMs Characteristics • ASMs Definition – Abstract States – Abstract Instructions for Changing States • Asm. L: an ASM engine – An example • DASMs formalizing BPEL 4 WS dumitru. roman@deri. org 2

ASMs overview • A practical method for rigorous system development which has been used

ASMs overview • A practical method for rigorous system development which has been used successfully under industrial constraints for design and analysis of complex hardware/software systems. • Formalism for modelling/formalising algorithms • Previously known as Evolving algebras • An attempt to bridge the gap between formal models of computation and practical specification methods. Modeling Informal specification of the hardware/software system What System are you building? Refinement ASM Model Validation Verification Are you building the right system? Are you building the system right? dumitru. roman@deri. org Implementation of the system (C, Java, etc) 3

ASM methodology characteristics http: //www. eecs. umich. edu/gasm/intro. html • Precision: ASMs use classical

ASM methodology characteristics http: //www. eecs. umich. edu/gasm/intro. html • Precision: ASMs use classical mathematical structures that are well-understood • Faithfulness: ASMs require a minimal amount of notational coding • Understandability: ASMs use an extremely simple syntax, which can be read as a form of pseudo-code • Executablity: ASMs can be tested by executing them • Scalability: ASMs can describe a system/algorithm on different levels of abstraction • Generality: ASMs have been shown to be useful in many different application domains dumitru. roman@deri. org 4

Abstract States (1) • States can be viewed as (first-order) structures of mathematical logic

Abstract States (1) • States can be viewed as (first-order) structures of mathematical logic • Structures - syntax – A vocabulary contains: • A finite collection of function names, each of a fixed arity • The equality sign, and nullary names true, false, undef, and unary name Boole, and the names of the usual Boolean operations – Terms - defined by the usual induction: • A nullary function name is a term. • If f is a function name of positive arity j and if t 1, …, tj are terms, then f(t 1, …, tj ) is a term. dumitru. roman@deri. org 5

Abstract States (2) • Structures – semantics – A structure X of vocabulary T

Abstract States (2) • Structures – semantics – A structure X of vocabulary T is a nonempty set S together with interpretations of the function names in T over S – A j-ary function name is interpreted as a function from Sj to S – A nullary function is identified with its value. – The interpretation of a j-ary relation R is a function from Sj to {true; false} – The equality sign is interpreted as the identity relation S dumitru. roman@deri. org 6

Abstract Instructions for Changing States • The most general structure transforming machine instructions (called

Abstract Instructions for Changing States • The most general structure transforming machine instructions (called ASM rules) are guarded assignments to functions at given arguments expressable in the following form if Cond then Updates • Cond is an arbitrary condition statement formulated in the given vocabulary • Updates consists of finitely many function updates f(t 1, …, tn): = t which are executed simultaneously dumitru. roman@deri. org 7

ASMs Definition Egon Börger, "High Level System Design and Analysis using Abstract State Machines".

ASMs Definition Egon Börger, "High Level System Design and Analysis using Abstract State Machines". Current Trends in Applied Formal Methods (FM-Trends 98). Springer LNCS 1641, 1999. • An ASM M is a finite set of rules for guarded multiple function updates • Applying one step of M to a state (algebra) A produces as next state another algebra A’ of the same signature obtained as follows: – First evaluate in A using the standard interpretation of classical logic all the guards of all the rules of M – Compute in A for each of the rules of M whose guard evaluates to true all the arguments and all the values appearing in the updates of this rule – Replace simultaneously for each rule and for all the locations in question the previous A-function value by the newly computed value – The algebra A’ thus obtained differs from A by the new values for those functions at those arguments where the values are updated by a rule of M which could fire in A dumitru. roman@deri. org 8

ASMs thesis • “Sequential Abstract State Machines Capture Sequential Algorithms”, by Yuri Gurevich; ACM

ASMs thesis • “Sequential Abstract State Machines Capture Sequential Algorithms”, by Yuri Gurevich; ACM Transactions on Computational Logic, July 2000 • “Abstract State Machines Capture Parallel Algorithms”, by Andreas Blass and Yuri Gurevich; ACM Transactions on Computational Logic (TOCL), October 2003 • The methodology is not proved yet for distributed algorithms dumitru. roman@deri. org 9

ASM engines http: //www. eecs. umich. edu/gasm/tools. html • A practical specification language is

ASM engines http: //www. eecs. umich. edu/gasm/tools. html • A practical specification language is needed to write and execute ASM models => ASM engines: – ASM Workbench (U Paderborn, Siemens) – XASM (TU Berlin, Kestrel) – ASM Gofer (U Ulm, Siemens) – Asm. L = ASM Language (Microsoft) dumitru. roman@deri. org 10

Asm. L http: //research. microsoft. com/fse/asml • An Asm. L model (or program) -

Asm. L http: //research. microsoft. com/fse/asml • An Asm. L model (or program) - defined using a fixed vocabulary of symbols of our choosing. – The names of its state variables – A fixed set of operations • Values - simple elements like numbers and strings • State - a particular association of variable names to values: {(name 1, val 1), (name 2, val 2), … } • A run of the machine - a series of states connected by state transitions • Each state transition, or step, occurs when the machine's control logic (the set of operations) is applied to an input state and produces an output state. • A program consists of statements; a typical statement is the conditional update “if condition then update. “ - each update is in the form "a : = b" • The program never alters the input state. • An inconsistent update error occurs if the update set contains conflicting information (e. g. the program cannot update a variable to two different values in a single step) dumitru. roman@deri. org 11

Asm. L – an example: reading a file (1) http: //research. microsoft. com/fse/asml State

Asm. L – an example: reading a file (1) http: //research. microsoft. com/fse/asml State Variables declaration and Main() initialization initially F as File? = null initially FContents = "" initially Mode = "Initial"Precedes the block of statements that will be step until fixpoint repeatedly run until no if Mode = "Initial" then state changes result F : = new Open("My. File. txt") Mode : = "Reading" A typical statement if Mode = "Reading“ and Length(FContents) = 0 then FContents : = Read(F, 1) if Mode = "Reading" and Length(FContents) = 1 then FContents : = FContents + Read(F, 1) if Mode = "Reading" and Length(FContents) > 1 then Write. Line(FContents) Mode : = "Finished" dumitru. roman@deri. org 12

Asm. L – an example: reading a file (2) http: //research. microsoft. com/fse/asml •

Asm. L – an example: reading a file (2) http: //research. microsoft. com/fse/asml • How this approach is different from finite state machines, or other kinds of “automata”? – Our machines may have state variables with very large (even infinite) ranges as well as complex structure (such as a graph of interconnected nodes – The operations corresponding to the state transitions may interact with the external environment in a flexible way • ASMs - more general than other kinds of machines and automata • It is possible for state variables to have complex nested data structures as their values, or come from infinite sets like real numbers. dumitru. roman@deri. org 13

DASMs formalizing BPEL 4 WS (1) http: //www. cs. sfu. ca/~se/bpeltr/Technical. Report. htm •

DASMs formalizing BPEL 4 WS (1) http: //www. cs. sfu. ca/~se/bpeltr/Technical. Report. htm • A DASM M has a finite set AGENT of autonomously operating agents. – The set of agents changes dynamically over runs of M – The behavior of an agent a in a given state S of M is defined by its program. S(a) – To introduce a new agent a in state S, a valid program has to be assigned to program. S(a); to terminate a, program. S(a) is reset to the distinguished value undef – In any state S reachable from an initial state of M, the set of agents is well defined as AGENTS ≡ {x € S : program. S(x) ≠ undef}. – The collection of all the programs that agents of M potentially can execute forms the distributed program PM. dumitru. roman@deri. org 14

DASMs formalizing BPEL 4 WS (2) http: //www. cs. sfu. ca/~se/bpeltr/Technical. Report. htm •

DASMs formalizing BPEL 4 WS (2) http: //www. cs. sfu. ca/~se/bpeltr/Technical. Report. htm • Three layers of abstraction: • High-level structure of BPEL Abstract Machine: – Inbox manager, outbox manager, process instances: different types of DASM agents – Activity agents - created dynamically by process agents for executing BPEL structured activities dumitru. roman@deri. org 15

Introduction to ASMs Q&A 04 -08 -2004 dumitru. roman@deri. org

Introduction to ASMs Q&A 04 -08 -2004 dumitru. roman@deri. org