Introduction to ASMs http www eecs umich edugasm
- Slides: 16
Introduction to ASMs http: //www. eecs. umich. edu/gasm/ Dumitru Roman Digital Enterprise Research Institute dumitru. roman@deri. org 04 -08 -2004 dumitru. roman@deri. org
Outline • ASMs Characteristics • ASMs Definition – Abstract States – Abstract Instructions for Changing States • Asm. L: an ASM engine – An example • DASMs formalizing BPEL 4 WS dumitru. roman@deri. org 2
ASMs overview • A practical method for rigorous system development which has been used successfully under industrial constraints for design and analysis of complex hardware/software systems. • Formalism for modelling/formalising algorithms • Previously known as Evolving algebras • An attempt to bridge the gap between formal models of computation and practical specification methods. Modeling Informal specification of the hardware/software system What System are you building? Refinement ASM Model Validation Verification Are you building the right system? Are you building the system right? dumitru. roman@deri. org Implementation of the system (C, Java, etc) 3
ASM methodology characteristics http: //www. eecs. umich. edu/gasm/intro. html • Precision: ASMs use classical mathematical structures that are well-understood • Faithfulness: ASMs require a minimal amount of notational coding • Understandability: ASMs use an extremely simple syntax, which can be read as a form of pseudo-code • Executablity: ASMs can be tested by executing them • Scalability: ASMs can describe a system/algorithm on different levels of abstraction • Generality: ASMs have been shown to be useful in many different application domains dumitru. roman@deri. org 4
Abstract States (1) • States can be viewed as (first-order) structures of mathematical logic • Structures - syntax – A vocabulary contains: • A finite collection of function names, each of a fixed arity • The equality sign, and nullary names true, false, undef, and unary name Boole, and the names of the usual Boolean operations – Terms - defined by the usual induction: • A nullary function name is a term. • If f is a function name of positive arity j and if t 1, …, tj are terms, then f(t 1, …, tj ) is a term. dumitru. roman@deri. org 5
Abstract States (2) • Structures – semantics – A structure X of vocabulary T is a nonempty set S together with interpretations of the function names in T over S – A j-ary function name is interpreted as a function from Sj to S – A nullary function is identified with its value. – The interpretation of a j-ary relation R is a function from Sj to {true; false} – The equality sign is interpreted as the identity relation S dumitru. roman@deri. org 6
Abstract Instructions for Changing States • The most general structure transforming machine instructions (called ASM rules) are guarded assignments to functions at given arguments expressable in the following form if Cond then Updates • Cond is an arbitrary condition statement formulated in the given vocabulary • Updates consists of finitely many function updates f(t 1, …, tn): = t which are executed simultaneously dumitru. roman@deri. org 7
ASMs Definition Egon Börger, "High Level System Design and Analysis using Abstract State Machines". Current Trends in Applied Formal Methods (FM-Trends 98). Springer LNCS 1641, 1999. • An ASM M is a finite set of rules for guarded multiple function updates • Applying one step of M to a state (algebra) A produces as next state another algebra A’ of the same signature obtained as follows: – First evaluate in A using the standard interpretation of classical logic all the guards of all the rules of M – Compute in A for each of the rules of M whose guard evaluates to true all the arguments and all the values appearing in the updates of this rule – Replace simultaneously for each rule and for all the locations in question the previous A-function value by the newly computed value – The algebra A’ thus obtained differs from A by the new values for those functions at those arguments where the values are updated by a rule of M which could fire in A dumitru. roman@deri. org 8
ASMs thesis • “Sequential Abstract State Machines Capture Sequential Algorithms”, by Yuri Gurevich; ACM Transactions on Computational Logic, July 2000 • “Abstract State Machines Capture Parallel Algorithms”, by Andreas Blass and Yuri Gurevich; ACM Transactions on Computational Logic (TOCL), October 2003 • The methodology is not proved yet for distributed algorithms dumitru. roman@deri. org 9
ASM engines http: //www. eecs. umich. edu/gasm/tools. html • A practical specification language is needed to write and execute ASM models => ASM engines: – ASM Workbench (U Paderborn, Siemens) – XASM (TU Berlin, Kestrel) – ASM Gofer (U Ulm, Siemens) – Asm. L = ASM Language (Microsoft) dumitru. roman@deri. org 10
Asm. L http: //research. microsoft. com/fse/asml • An Asm. L model (or program) - defined using a fixed vocabulary of symbols of our choosing. – The names of its state variables – A fixed set of operations • Values - simple elements like numbers and strings • State - a particular association of variable names to values: {(name 1, val 1), (name 2, val 2), … } • A run of the machine - a series of states connected by state transitions • Each state transition, or step, occurs when the machine's control logic (the set of operations) is applied to an input state and produces an output state. • A program consists of statements; a typical statement is the conditional update “if condition then update. “ - each update is in the form "a : = b" • The program never alters the input state. • An inconsistent update error occurs if the update set contains conflicting information (e. g. the program cannot update a variable to two different values in a single step) dumitru. roman@deri. org 11
Asm. L – an example: reading a file (1) http: //research. microsoft. com/fse/asml State Variables declaration and Main() initialization initially F as File? = null initially FContents = "" initially Mode = "Initial"Precedes the block of statements that will be step until fixpoint repeatedly run until no if Mode = "Initial" then state changes result F : = new Open("My. File. txt") Mode : = "Reading" A typical statement if Mode = "Reading“ and Length(FContents) = 0 then FContents : = Read(F, 1) if Mode = "Reading" and Length(FContents) = 1 then FContents : = FContents + Read(F, 1) if Mode = "Reading" and Length(FContents) > 1 then Write. Line(FContents) Mode : = "Finished" dumitru. roman@deri. org 12
Asm. L – an example: reading a file (2) http: //research. microsoft. com/fse/asml • How this approach is different from finite state machines, or other kinds of “automata”? – Our machines may have state variables with very large (even infinite) ranges as well as complex structure (such as a graph of interconnected nodes – The operations corresponding to the state transitions may interact with the external environment in a flexible way • ASMs - more general than other kinds of machines and automata • It is possible for state variables to have complex nested data structures as their values, or come from infinite sets like real numbers. dumitru. roman@deri. org 13
DASMs formalizing BPEL 4 WS (1) http: //www. cs. sfu. ca/~se/bpeltr/Technical. Report. htm • A DASM M has a finite set AGENT of autonomously operating agents. – The set of agents changes dynamically over runs of M – The behavior of an agent a in a given state S of M is defined by its program. S(a) – To introduce a new agent a in state S, a valid program has to be assigned to program. S(a); to terminate a, program. S(a) is reset to the distinguished value undef – In any state S reachable from an initial state of M, the set of agents is well defined as AGENTS ≡ {x € S : program. S(x) ≠ undef}. – The collection of all the programs that agents of M potentially can execute forms the distributed program PM. dumitru. roman@deri. org 14
DASMs formalizing BPEL 4 WS (2) http: //www. cs. sfu. ca/~se/bpeltr/Technical. Report. htm • Three layers of abstraction: • High-level structure of BPEL Abstract Machine: – Inbox manager, outbox manager, process instances: different types of DASM agents – Activity agents - created dynamically by process agents for executing BPEL structured activities dumitru. roman@deri. org 15
Introduction to ASMs Q&A 04 -08 -2004 dumitru. roman@deri. org