Contents Lecture 1: Introducing UML for Mobility Lecture 2: Refining Mobility Designs – Refining mobility activities – Refining mobility in sequence diagrams – A semantic approach to refinement: Mobile TLA Lecture 3: Property-driven Development of Mobile Systems M. Wirsing: UML for Global Computing 1
A Semantic Approach to Refinement: Mobile TLA UML for mobility – semi-formal graphical notation – semantics and formal fondation non-obvious – no notion for reasoning on mobile systems – no abstract notion of refinement Existing formalisms for mobile systems – mostly calculi, some with associated logics – “intensional” semantics, reflecting process structure – no good notions of refinement Reactive systems – transition system semantics (next-state relation + fairness) – temporal logic properties – refinement : stuttering invariance M. Wirsing: UML for Global Computing 2
Computational model ❜ ❜ ❜ � ✂ ❅ ❇ � ✂ ❅ ❇ � ✂ ❅ ❇ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ joe a 1 a 2 a 3 joe a 1 a 2 a 3 joe a 1 a 2 a 3 . . . � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ ❜ shopper shopper shopper ❜ ❜ ❜ found = ∅ found = ∅ found = { o 1 } Configurations ( t , λ ) t finite tree, edges labelled by unique names λ assigns local states to nodes Computations σ = ( t 0 , λ 0 ) , ( t 1 , λ 1 ) , . . . M. Wirsing: UML for Global Computing 3
Shopping agent specification (1) Assume: fixed, finite set Net of names, joe ∈ Net , shopper / ∈ Net Network topology � � ≡ n , m ∈ Net n � m [ false ] � Topology all nodes present at top level Initial condition ≡ ∧ joe � shopper � true �� Init shopping agent in domain joe . . . ∧ shopper [ ctl = “idle” ] . . . and in “idle” state Prepare shopper to shop for item x ≡ ∧ shopper � true � ∧ shopper � true � Prepare ( x ) shopping is (and stays) here ❤ ∧ shopper [ ctl = “idle” ] state changes from “idle” . . . ∧ shopper [ ctl = “shopping” ] . . . to “shopping” ❤ ∧ shopper [ target = x ∧ found = ∅ ] initialize target and found ❤ M. Wirsing: UML for Global Computing 4
Shopping agent specification (2) Remaining state-changing actions ≡ GetOffer . . . get an offer and insert into found ≡ . . . PickOffer select among offers in found Move among network nodes Move n , m ≡ ∧ n � shopper � true �� shopping agent is in n ’s domain ∧ shopper [ ctl = “shopping” ] and is in “shopping” state ∧ n . shopper ≫ m . shopper shopper moves to m ’s domain, preserving local state Overall specification (ignoring fairness) ≡ ∧ Topology ∧ Init Shopper � � joe [( ∃ x : Prepare ( x )) ∨ PickOffer ] ∨ � ∧ � n ∈ Net n [ GetOffer ] vars � � � ∧ � m ∈ Net Move n , m n ∈ Net � − n . shopper M. Wirsing: UML for Global Computing 5
Spatial extensions of TLA σ, n | Formulas evaluated at run σ and name n = F Explicit name references m [ F ] – F holds at location m below . . . provided m exists – Note : m may be arbitrarily deep in subtree “Everywhere” operator � F F holds at all nodes of the subtree Structural modification of trees α. n ≫ β. n – subtree at α n before transition equals subtree at β n after transition – local state at moving subtree preserved M. Wirsing: UML for Global Computing 6
System properties The shopping agent is always at some net location � ⇒ n . shopper � true � Shopper � n ∈ Net The shopper idles only at its home location Shopper ⇒ � ( shopper . ctl = “idle” ⇒ joe . shopper � true � ) M. Wirsing: UML for Global Computing 7
Refinement of mobile systems Operation refinement (Action Refinement) – decompose high-level operations – represented by implication (stuttering invariance) Spatial decomposition (Location Refinement) – refine high-level location n into a tree (with root named n ) – in general also distribute local state of n Virtualisation of locations (Location and Move Refinement) – implement high-level location n by structurally different hierarchy – preserve external behavior : n hidden from high-level interface M. Wirsing: UML for Global Computing 8
Spatial decomposition Suppose visiting agents are kept in a “dock” location ❜ � ✂ ❅ ❇ ❜ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ joe a 1 a 2 a 3 � ✂ ❇ ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ � ❜ ❜ ❜ ❜ joe a 1 a 2 a 3 � ❅ � ✂ ❇ ❅ � ✂ ❇ ❅ ❜ ❜ ❜ ❜ � ❅ dock out � ❅ in � ❅ shopper ❜ ❜ ❜ found = ∅ ❜ shopper found = ∅ ❜ Still conforms to the original specification – formula Shopper doesn’t mention locations dock , in , out – location shopper is still below location a 1 M. Wirsing: UML for Global Computing 9
Spatial decomposition in detail Refined initial condition ≡ ∧ joe . dock joe . shopper � true � DockedInit shopper still in joe ’s domain ∧ shopper [ ctl = “idle” ] local state unaffected Refined move actions ≡ ∧ n . dock n . shopper � true � SendShopper n stuttering action at high level ∧ shopper [ ctl = “shopping” ] ∧ n . dock n . shopper ≫ n . out n . shopper ≡ ∧ n . out n . shopper � true � MoveImpl n , m specialization of Move action ∧ n . out n . shopper ≫ m . in m . shopper RcvShopper m ≡ . . . another stuttering transition The refined specification again implies the original one M. Wirsing: UML for Global Computing 10
Spatial decomposition: general case Usually, decomposition requires distribution of state ❜ ❜ ✡ ❏ ✡ ❏ ✡ ❏ ✡ ❏ a c a c ✡ ❏ ✡ ❏ ✡ ❏ ✡ ❏ � b b ✡ ❏ ✡ ❏ ✡ ❏ ✡ ❏ x x 1 ❜ ❜ ❜ ❜ ❜ ❜ ☞ ❇ x = f ( x 1 , x 2 , x 3 ) ☞ ❇ ☞ ❇ d e f ☞ ❇ ☞ ❇ ☞ ❇ x 2 x 3 ❜ ❜ ❜ ∃ ∃ ∃ ⇒ ∃ ∃ ∃ a . x : Spec Refinement is then expressed as Impl local state variable x hidden from high-level interface M. Wirsing: UML for Global Computing 11
Virtualisation of locations Modify spatial hierarchy ❜ ✡ ❏ ✡ ❏ a b ❜ ✡ ❏ ✡ ❏ ✡ ❏ ✡ ❏ a b ✡ ❏ ❜ ❜ ✡ ❏ ✡ ✡ ❏ ✡ ✡ ❏ � ❜ ❜ ❏ c ✡ n f ✡ ❏ ✡ ✡ ✡ ❜ ❜ ❜ ❏ c ✡ d m f ❏ ❏ ✡ ❏ ❏ ✡ ❜ ❜ ❜ ❜ ❏ d e ❏ ❏ e ❜ ❜ ❜ ∃ ∃ ∃ ⇒ ∃ ∃ ∃ n : Spec Location n hidden from interface Impl preserve external behavior, except for location n M. Wirsing: UML for Global Computing 12
SlowShopper : refine move action Non-atomic moves across network ≡ ∧ n . shopper � true � ∈ Net StartMove n shopper moves to transit / ∧ shopper [ ctl = “shopping” ] ∧ n . shopper ≫ transit . shopper EndMove m ≡ ∧ transit . shopper � true � shopper moves to destination ∧ transit . shopper ≫ m . shopper Implementation does not imply specification �| = ⇒ � � n ∈ Net n . shopper � true � SlowShopper Solution : hide shopper in original specification ∃ ∃ ∃ | = ⇒ ∃ ∃ ∃ shopper : Shopper SlowShopper M. Wirsing: UML for Global Computing 13
Summary and Future Work Summary – Simple refinement calculi for activity and sequence diagrams for mobility – MTLA as a formal basis for a UML notion of refinement: Refinement is implication! Current Work – Refinement of other UML diagrams – Connecting MTLA with UML M. Wirsing: UML for Global Computing 14
Recommend
More recommend
