Lecture 9: Live Sequence Charts

Transcription

1 Softwaretechnik / Software-Engineering Lecture 9: Live Sequence Charts Prof. Dr. Andreas Podelski, Dr. Bernd Westphal Albert-Ludwigs-Universität Freiburg, Germany main Topic Area Requirements Engineering: Content VL 6 Introduction Requirements Specification Desired Properties Kinds of Requirements. Analysis Techniques Documents Dictionary, Specification Specification Languages Natural Language VL 7 Decision Tables. Syntax, Semantics Completeness, Consistency, Sblockcontent VL 8. VL 9. Scenarios User Stories, Use Cases Live Sequence Charts Syntax, Semantics Working Definition: Software Discussion 2/54

2 main 3/54 Content Formal Methods in Requirements Engineering Software & Software Specification, formally Requirements Engineering, formally Examples: Decision Tables Use Cases Live Sequence Charts Scontent LSC Semantics: Full LSC syntax Activation, Pre-Chart, Chart Mode Automaton Construction Loop / Progress / Exit Conditions LSCs vs. Software Excursion: Symbolic Büchi Automata Methodology Requirements Engineering with scenarios Strengthening scenarions into requirements Requirements Engineering Wrap-Up 4/54

3 Software and Software Specification, formally Definition. Software is a finite description S of a (possibly infinite) set S of (finite or infinite) computation paths of the form where α σ 1 α 0 σ 2 1 σ 2 σ i Σ,i N 0, is called state (or configuration), and α i A,i N 0, is called action (or event). The (possibly partial) function : S S is called interpretation ofs. Definition. A software specification is a finite description S of a (possibly infinite) set S of softwares, i.e Sformalre S = {(S 1, 1 ),(S 2, 2 ),...}. The (possibly partial) function : S S is called interpretation of S. 6/54

4

5 Software Specification vs. Software S = {(S 0, 0 )} σ 0 0 α 0 1 σ1 0 α 0 2 σ2 0 I M I M σ0 1 α 1 1 α 1 2 σ1 1 σ2 1 σ0 2 α 2 1 α 2 2 σ1 2 σ2 2 (S 1, 1)} (S 2, 2)} Sformalre S 1 implements S viai andm S 2 implements S viai andm 9/54

6 Content Formal Methods in Requirements Engineering Software & Software Specification, formally Requirements Engineering, formally Examples: Decision Tables Use Cases Live Sequence Charts Scontent LSC Semantics: Full LSC syntax Activation, Pre-Chart, Chart Mode Automaton Construction Loop / Progress / Exit Conditions LSCs vs. Software Excursion: Symbolic Büchi Automata Methodology Requirements Engineering with scenarios Strengthening scenarions into requirements Requirements Engineering Wrap-Up 12/54

7 LSC Semantics main 13/54 Full LSC Syntax LSC: buy water AC: true AM: invariant I: strict User CoinValidator ChoicePanel Dispenser C50 pwater water_in_stock dwater OK A full LSC L = (PC,MC,ac 0,am,Θ L ) actually consist of pre-chartpc = ((L P, P, P ),I P,Msg P,Cond P,LocInv P,Θ P ) (possibly empty), main-chartmc = ((L M, M, M ),I M,Msg M,Cond M,LocInv M,Θ M ) (non-empty), activation conditionac 0 Φ(C), strictness flag strict (if false, L is permissive) activation mode am {initial, invariant}, chart mode existential (Θ L = cold) or universal (Θ L = ). 14/54

8 From Concrete to Abstract Syntax I1 I2 I3 locations L, l1,0 l2,0 l3,0 L L, L L I = {I 1,...,I n}, Msg L E L, Cond (2 L \ ) (C) LocInv L {, } (C) L {, }, : L Msg Cond LocInv {,cold}. c2 c3 l1,1 l1,2 A B l2,1 l2,2 c1 c4 C l3,1 l3,2 l2,3 l1,3 D l3,3 l1,4 E L = {l 1,0,l 1,1,l 1,2,l 1,3, l 1,2,l 1,4, l 2,0,l 2,1,l 2,2,l 2,3, l 3,0,l 3,1,l 3,2,l 3,3} l 1,0 l 1,1 l 1,2 l 1,3, l 1,2 l 1,4, l 2,0 l 2,1 l 2,2 l 2,3, l 3,0 l 3,1 l 3,2 l 3,3, l 1,1 l 2,1, l 2,2 l 1,2, l 2,3 l 1,3, l 3,2 l 1,4, l 2,1 l 3,1, l 2,2 l 3,2, I = {{l 1,0,l 1,1,l 1,2,l 1,3,l 1,4},{l 2,0,l 2,1,l 2,2,l 2,3},{l 3,0,l 3,1,l 3,2}}, Slscsyn Msg = {(l 1,1,A,l 2,1),(l 2,2,B,l 1,2),(l 2,2,C,l 3,2),(l 2,3,D,l 1,3),(l 3,3,E,l 1,4)} Cond = {({l 2,1,l 3,1},c 4),({l 2,2},c 2 c 3)}, LocInv = {(l 1,1,,c 1,l 1,2, )} 32/46 15/54 LSC Semantics am = initial am = invariant ΘL = cold ΘL = w W m N 0 w 0 = ac ψ exit (C0 P ) ψ prog(,c0 P ) w m+1 = ψ prog(,c0 M ) w W m N 0 w 0 = ac ψ exit(c P 0 ) ψprog(,cp 0 ) w m+1 = ψ exit (C M 0 ) = w m+1 = ψ prog (,C0 M ) w W k < m N 0 w k = ac ψ exit (C0 P ) ψ prog(,c0 P ) w m+1 = ψ prog(,c0 M ) w W k m N 0 w k = ac ψ exit(c P 0 ) ψprog(,cp 0 ) w m+1 = ψ exit (C M 0 ) = w m+1 = ψ prog (,C0 M ) Here,W is a set of words (for the moment, think of computation paths, like S ). α w W is a word (for the moment, think of a computation path, likeσ 1 α 0 2 σ1 σ2 S ). 16/32

9 LSC Semantics Θ L am = initial am = invariant cold w W m N 0 w 0 = ac w W w 0 = ac w W k < m N 0 w k = ac w W k m N 0 w k = ac Here,W is a set of words (for the moment, think of computation paths, like S ). α w W is a word (for the moment, think of a computation path, likeσ 1 α 0 2 σ1 σ2 S ). 16/54 Example: Vending Machine Positive scenario: Buy a Softdrink (i) Insert one 1 euro coin. (ii) Press the softdrink button. (iii) Get a softdrink. Positive scenario: Get Change (i) Insert one 50 cent and one 1 euro coin. (ii) Press the softdrink button. (iii) Get a softdrink. (iv) Get 50 cent change. Negative scenario: A Drink for Free (i) Insert one 1 euro coin. (ii) Press the softdrink button. (iii) Do not insert any more money. (iv) Get two softdrinks. 17/54

10 LSC Semantics LSC: buy softdrink AC: true AM: invariant I: permissive User E1 psoft Vend. Ma. SOFT am = initial am = invariant ΘL = cold w W m N 0 w 0 = ac ψ exit(c0 P ) ψprog(,cp 0 ) w m+1 = ψ prog(,c0 M ) w W k < m N 0 w k = ac ψ exit(c0 P ) ψprog(,cp 0 ) w m+1 = ψ prog(,c0 M ) ΘL = w W m N 0 w 0 = ac ψ exit(c P 0 ) ψprog(,cp 0 ) w m+1 = ψ exit(c M 0 ) = w m+1 = ψ prog(,c M 0 ) w W k m N 0 w k = ac ψ exit(c P 0 ) ψprog(,cp 0 ) w m+1 = ψ exit(c M 0 ) = w m+1 = ψ prog(,c M 0 ) 18/32 LSC Semantics LSC: get change AC: true AM: invariant I: permissive User C50 Vend. Ma. E1 psoft SOFT chg-c50 am = initial am = invariant ΘL = cold w W m N 0 w 0 = ac ψ exit(c0 P ) ψprog(,cp 0 ) w m+1 = ψ prog(,c0 M ) w W k < m N 0 w k = ac ψ exit(c0 P ) ψprog(,cp 0 ) w m+1 = ψ prog(,c0 M ) ΘL = w W m N 0 w 0 = ac ψ exit(c0 P ) ψprog(,cp 0 ) w m+1 = ψ exit(c M 0 ) = w m+1 = ψ prog(,c M 0 ) w W k m N 0 w k = ac ψ exit(c0 P ) ψprog(,cp 0 ) w m+1 = ψ exit(c M 0 ) = w m+1 = ψ prog(,c M 0 ) 19/32

11 LSC Semantics LSC: buy water AC: true AM: invariant I: strict User CoinValidator ChoicePanel Dispenser C50 pwater water_in_stock dwater OK am = initial am = invariant ΘL = cold w W m N 0 w 0 = ac ψ exit(c0 P ) ψprog(,cp 0 ) w m+1 = ψ prog(,c0 M ) w W k < m N 0 w k = ac ψ exit(c0 P ) ψprog(,cp 0 ) w m+1 = ψ prog(,c0 M ) ΘL = w W m N 0 w 0 = ac ψ exit(c P 0 ) ψprog(,cp 0 ) = w m+1 = ψ prog(,c0 M ) w W k m N 0 w k = ac ψ exit(c P 0 ) ψprog(,cp 0 ) = w m+1 = ψ prog(,c0 M ) 20/32 LSC Semantics LSC: buy softdrink AC: true AM: invariant I: permissive User E1 psoft Vend. Ma. SOFT Θ L am = initial am = invariant cold w W m N 0 w 0 = ac w W k < m N 0 w k = ac w W w 0 = ac w W k m N 0 w k = ac 18/54

12 LSC Semantics LSC: get change AC: true AM: invariant I: permissive User C50 Vend. Ma. E1 psoft SOFT chg-c50 Θ L am = initial am = invariant cold w W m N 0 w 0 = ac w W k < m N 0 w k = ac w W w 0 = ac w W k m N 0 w k = ac 19/54 LSC Semantics LSC: buy water AC: true AM: invariant I: strict User CoinValidator ChoicePanel Dispenser C50 pwater water_in_stock dwater OK Θ L am = initial am = invariant cold w W m N 0 w 0 = ac w W k < m N 0 w k = ac w W w 0 = ac w W k m N 0 w k = ac 20/54

13 Example: Vending Machine Positive scenario: Buy a Softdrink (i) Insert one 1 euro coin. (ii) Press the softdrink button. (iii) Get a softdrink. Positive scenario: Get Change (i) Insert one 50 cent and one 1 euro coin. (ii) Press the softdrink button. (iii) Get a softdrink. (iv) Get 50 cent change. Negative scenario: A Drink for Free (i) Insert one 1 euro coin. (ii) Press the softdrink button. (iii) Do not insert any more money. (iv) Get two softdrinks. 21/54 LSC Semantics LSC: only one drink AC: true AM: invariant I: permissive User E1 psoft Vend. Ma. SOFT C50! E1! SOFT false Θ L am = initial am = invariant cold w W m N 0 w 0 = ac w W k < m N 0 w k = ac w W w 0 = ac w W k m N 0 w k = ac 22/54

14 LSC Semantics: TBA Construction main 23/54

15 main 25/54 TBA Construction Principle Only construct the transitions labels: = {(q,ψ loop (q),q) q Q} {(q,ψ prog (q,q ),q ) q F q } {(q,ψ exit (q),l) q Q} ψ loop (q) = =:ψ loop (q) {}}{ ψ Msg (q) ψ LocInv (q) ψ LocInv cold (q) ψ exit (q) = ( ψ loop (q) ψlocinv cold (q) ) ( 1 i n ψ prog (q,q i) ( ψ LocInv, cold (q,q i ) ψcold Cond (q,q i) )) q q 1... q n ψ prog(q,q n) = =:ψprog (q,q n) {}}{ ψ Msg (q,q n ) ψ Cond (q,q n ) ψ LocInv, (q,q n ) ψcold Cond (q,qn) ψlocinv, cold (q,q n) true I1 A I2 I3 c2 c3 B c1 C Slscsem D E 26/54

16 Loop Condition ψ Msg (q) = 1 i n ψmsg (q,q i ) ( strict = ψ loop (q) = ψ Msg (q) ψ LocInv (q) ψcold LocInv (q) ψ E!? Msg(L) ψ ) } {{ } =:ψ strict (q) ψθ LocInv (q) = l=(l,ι,φ,l,ι ) LocInv, Θ(l)=θ, l active atq φ A locationlis called front location of cutc if and only if l L l l. Local invariant(l o,ι 0,φ,l 1,ι 1 ) is active at cut (!) q if and only ifl 0 l l 1 for some front locationlof cutq orl = l 1 ι 1 =. Msg(F) = {E! (l,e,l ) Msg, l F} {E? (l,e,l ) Msg, l F} Msg(F 1,...,F n ) = 1 i n Msg(F i) I 1 I 2 I 3 A c 2 c 3 B c 1 C Slscsem D E 27/54 Progress Condition ψ Msg (q,q i ) = ψ Msg(q i \q) ψ j i ( strict = ψ prog (q,qi) = ψmsg (q,q n) ψ Cond (q,q n) ψ LocInv, (q n) ψ (E!? Msg(L))\Msg(F i ) ψ (Msg(q j \q)\msg(q i \q)) ψ ψ ) } {{ } =:ψ strict (q,q i ) ψθ Cond (q,q i ) = γ=(l,φ) Cond, Θ(γ)=θ, L (q i \q) φ ψ LocInv, θ (q,q i ) = λ=(l,ι,φ,l,ι ) LocInv, Θ(λ)=θ, λ -active atq i φ Local invariant(l 0,ι 0,φ,l 1,ι 1 ) is -active atq if and only if l 0 l l 1, or l = l 0 ι 0 =, or I 1 I 2 I 3 l = l 1 ι 1 = for some front locationlof cut (!) q. c 2 c 3 A B c 1 C Slscsem D E 28/54

17 Tell Them What You ve Told Them... Live Sequence Charts (if well-formed) have an abstract syntax. From an abstract syntax, mechanically construct its TBA. A universal LSC is satisfied by a softwares if and only if all words induced by the computation paths ofs are accepted by the LSC s TBA. An existential LSC is satisfied by a softwares if and only if there is a word induced by a computation path ofs which is accepted by the LSC s TBA. Pre-charts allow us to specify anti-scenarios ( this must not happen ), activation interactions Sttwytt 31/54

18 References main 53/54 References Harel, D. and Marelly, R. (2003). Come, Let s Play: Scenario-Based Programming Using LSCs and the Play-Engine. Springer-Verlag. Ludewig, J. and Lichter, H. (2013). Software Engineering. dpunkt.verlag, 3. edition. Rupp, C. and die SOPHISTen (2014). Requirements-Engineering und -Management. Hanser, 6th edition main 54/54