Resg ph d_seminar2010_germansibay

From Triggered Scenarios to Modal Transition System

German Sibay

Agenda

Motivation Previous Work Our Work Conclusion Future Work

Motivation Software is everywhere

– Nuclear power stations

– Mobile phones

– Banking Design and development of software is

hard Models are key in engineering

(abstraction)

requirements

Behaviour Models

analysis

Behaviour Models Pros

– Abstraction

– Build complexity: model < system

– Basis for (semi)automatic analysis techniques:

• Model checking

• Simulation

– Analysis of behaviour previous to construction

• Early detection

Cons

– Requires expertise

– Intra-agent behaviour specification

– Hard to build

Behaviour ModelsPerception: cons > pros

Possible cause of low adoption by practitioners

6

What do practitioners use?

Scenario notations, Use Cases Inter-agent specification Simple syntax Intuitive semantics MSC, UML Interaction Diagram

Actuator

User

Retrieve money

Pay Bills

7

Scenario notations

pros:

– Easy syntax, intuitive semantic

– Popular among practitioners cons:

– Generally informal (no suitable for formal analysis)

– Example of execution (not comprehensive)

– Limited expressiveness

Summary

requirements

Behaviour Models

analysis

9

Proposal: Synthesis from Scenarios

synthesis

Behaviour Models

scenarios scenario notation

requirements

analysis

10

Our Contribution

1. Novel Scenario Language with Trigger- Tree based semantics,

allows existential and universal with trigger

2. Synthesis algorithm for the new Language- Characterising all models

that satisfy the scenario

synthesis

Behaviour Models

scenario notation

11

Scenario Language: Basic Chart

Example of execution (MSC, UML Seq. Diag.) Partial order semantics Defines a finite language of finite words

{ pwd verify verifying wait ok , pwd verify wait veryfing ok }

12

Scenario Language with Prechart (or Trigger)

Live Sequence Chart (LSC):

– Existential Live Sequence Chart (eLSC)

•Example of a system run ≈ MSC

– Universal Live Sequence Chart (uLSC)

•Rule for all system runs ≈ Property

13

Existential Live Sequence Chart (eLSC)

Trace based semantics:interaction described by the scenario must be present somewhere in the trace

A set of traces satisfy if at least one satisfies

14

Universal Live Sequence Chart (uLSC)

Prechart

Mainchart

… pwd verify nok pwd verify nok pwd verify nok

x pwd verify ok …

Trace based semanticsEvery time the Prechart holds, the Mainchart must follow next

A set of traces satisfy if all satisfy

15

Labelled Transition System (LTS) as a set of traces

A LTS defines a set of traces

LTS satisfy the scenario if its set of traces do it:

- uLSC: All traces satisfy the scenario - eLSC: At least one trace satisfy the

scenario

16

Models and Scenarios

bdc dc(dc)∞ bc … x

0 1 2

.

.

.

A trace does not satisfy

the model does not satisfy the uLSC

uLSC

17

Models and Scenarios

bdc dc(dc)∞ bc …

0 1 2

.

.

.

There is a trace that satisfies

the model satisfies the eLSC

eLSC

18

New language: Motivation eLSC not very expressive.

Just an example of a user that logs in and retrieves money

19

New language: Motivation uLSC may be too restrictive

… pwd verify wait verifying wait ok getBalance() … x

Every time the user logs in, must try to retrieve money (and succeed)

20

Existential Triggered Scenario (eTS)

P

M

Execution tree based semantics:Every time the Trigger holds, there must exists an execution branch where the Mainchart holds next

21

Does the model satisfy the eTS?Does its tree satify the eTS?

b

dc

22

eTS: Summary Rule over entire system-to-be behaviour

Requires possibility of Mainchart when Prechart holds

Complementary to uLSCuLSC – LTL formula eTS - CTL formula

Semantics ≈ Use Cases with preconditions

23

Universal Triggered Scenario (uTS)

P

M

Execution tree based semantics:Every time the Trigger holds, only the Mainchart can come next. Also every word in the Mainchart must be in at least one branch

24

Universal Triggered Scenario (uTS)

Does this tree satify the uTS?

b

dcNO

25

TS extension

Conditions in the Trigger: Fluent Propositional Logic formula

uuserLoggedIn

26

Synthesis from TS

synthesis

TS

Behaviour model

27

Synthesis from this eTS

d

c

b

28

Synthesising a LTS Several LTS satisfy the scenario

Choosing one is taking an arbitrary decision

Choosing one that characterises them all (through simulation or trace inclusion) does not work

29

Solution: synthesise a Modal Transition System (MTS)

Extend LTS with an extra set of transitions

Required or Must transitions

Possible or May transitions

An LTS L is an implementation of an MTS M if

– all required behaviour in M is in L, and

– all behaviour in L is possible in M

request?reply?

request

reply

request

reply

request

reply

request

reply

30

MTS have a refinement relation: “more defined than”

MTS refinement preserves implementation

Solution: synthesise a MTS

request?reply?

Re

fin

ed+

-

request

reply

request

reply

Implementations (LTS)

request

reply

request

reply

request?reply?

31

MTS refinement preserves scenarios

Refinements

TS

LTSs: Satisfy the scenario

Synthesis

satisfies

MTSCharacterises

LTSsthat satisfy the

TS

32

Combining scenarios

Synthesised MTSs

Refinements

TS

Refinements

TS

Merge

33

Combining properties and scenarios

Synthesised MTSs

Refinements

Refinements

FLTL property

Merge

TS

34

Methodology

Synthesis

Feedback

Elaboration

Model Checking,Simulation,Animation

Validation

eTS

FLTL properties

uTS

Summarising New scenario-based

language

– based on LSC with branching semantic

– TS have existential with trigger

– Existential Fits with Use Case w/Preconditions

MTS Synthesis algorithm– No arbitrary choice

of LTS

– Characterisation of all LTSs satisfying TS

– Allows evolution through refinement

– Allows integrating multiple sources (merge)

Applicable to other scenario notations

35

Future Work Distributed

Synthesis– Problems of

composition of MTS (not complete)

– Distributed synthesis with trigger is tricky

Synthesise using scenarios and Architecture Diagrams

36