course: advanced topic in software engineering (02265) · syntax example: petri nets transition...
TRANSCRIPT
![Page 1: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/1.jpg)
Advanced Topics in
Software Engineering (02265)
Ekkart Kindler
![Page 2: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/2.jpg)
Ekkart Kindler
2 ATSE (02265), L08: Formalisation and Analysis
VI. Formalisation and Analysis
![Page 3: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/3.jpg)
Ekkart Kindler
3 ATSE (02265), L08: Formalisation and Analysis
1. Motivation
Questions:
Why do we use models?
Understanding problems / solutions
Communication of ideas
Code generation / execution
Analysis and Verification
How do we define what models mean?
MOF can be defined in itself?!
In natural language (typically in English)
Mathematics (the ultimate resort in every field)
In particular, when it comes to behaviour models,
MOF is not (yet?) powerful enough to define it.
![Page 4: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/4.jpg)
Ekkart Kindler
4 ATSE (02265), L08: Formalisation and Analysis
Motivation
Questions:
How do we make sure that the models are correct?
Analyse the models (and the state space)
”Formal methods”: all kinds of clever techniques to
analyse and verify models efficiently (avoiding exploring
all states explicitly, representing sets of states
symbolically, ...)
How can we be sure the generated code is correct?
Define the semantics of both the model and the code
Verify that the code generator preserves them
![Page 5: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/5.jpg)
Ekkart Kindler
5 ATSE (02265), L08: Formalisation and Analysis
Motivation
As long as we cannot express the meaning of models
fully in MOF:
We need to be able to formalize the syntax and the
semantics in mathematics
![Page 6: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/6.jpg)
Ekkart Kindler
6 ATSE (02265), L08: Formalisation and Analysis
2. Formalising (abstract) syntax
Example: Petri nets
Place Transition
1 source
1 target
Arc
*
PetriNet
Token *
Node
Object
A Petri net N = (P, T, F ) consist of
two disjoint sets P and T and a
relation F (P T ) (T P ).
The elements of P are called the places
of N, the elements of T are called the
transitions of N, and the elements of F
are called the arcs of N.
The relation F is also called the flow-
relation of N.
Definition 1 (Petri net)
![Page 7: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/7.jpg)
Ekkart Kindler
7 ATSE (02265), L08: Formalisation and Analysis
Formalising (abstract) syntax
Example: Petri nets
Place Transition
1 source
1 target
Arc
*
PetriNet
Token *
Node
Object
Let N = (P, T, F ) be a Petri net.
A marking of N is a mapping
m: P IN.
Definition 2 (Marking of a Petri net)
![Page 8: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/8.jpg)
Ekkart Kindler
8 ATSE (02265), L08: Formalisation and Analysis
Formalising (abstract) syntax
Example: Petri nets
Place Transition
1 source
1 target
Arc
*
PetriNet
Token *
Node
Object
![Page 9: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/9.jpg)
Ekkart Kindler
9 ATSE (02265), L08: Formalisation and Analysis
Formalising (abstract) syntax
Example: Petri nets
Place Transition
1 source
1 target
Arc
*
PetriNet
Token *
Node
Object
Let N be a Petri net and let m0 be a
marking of N. Then, we call
= (N , m0 ) a Petri net system.
Definition 3 (Petri net system)
Let N = (P, T, F ) be a Petri net.
A marking of N is a mapping
m: P IN.
Definition 2 (Marking of a Petri net)
A Petri net N = (P, T, F ) consist of
two disjoint sets P and T and a
relation F (P T ) (T P ).
Definition 1 (Petri net) context Arc inv: ( self.source.oclIsKindOf(Place) and self.target.oclIsKindOf(Transition) ) or ( self.source.oclIsKindOf(Transition) and self.target.oclIsKindOf(Place) )
![Page 10: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/10.jpg)
Ekkart Kindler
10 ATSE (02265), L08: Formalisation and Analysis
Formalising (abstract) syntax
Example: Place/Transition system
Place Transition
1 source
1 target
Arc
*
PetriNet
Token *
Node
Object
Let N = (P, T, F ) be a Petri net, let m0
be a marking of N and W: F IN \ {0}.
Then, we call = (N , W, m0 ) a
Place/Transition-system (P/T-system).
Definition 4 (Place/Transition system)
Let N = (P, T, F ) be a Petri net.
A marking of N is a mapping
m: P IN.
Definition 2 (Marking of a Petri net)
A Petri net N = (P, T, F ) consist of
two disjoint sets P and T and a
relation F (P T ) (T P ).
Definition 1 (Petri net)
w:integer
![Page 11: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/11.jpg)
Ekkart Kindler
11 ATSE (02265), L08: Formalisation and Analysis
Observations
Nodes of a formalism represented as sets
different sets for different kinds of nodes
different kind: disjointness of sets
Arcs between nodes as a relation
Constraints in form of a restriction
Labels as mappings
Definitions systematically build on each other
(kind of modular)
![Page 12: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/12.jpg)
Ekkart Kindler
12 ATSE (02265), L08: Formalisation and Analysis
3. Formalising semantics
semaphor
request1
critical1
idle1
request2
critical2
idle2
Example
![Page 13: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/13.jpg)
Ekkart Kindler
13 ATSE (02265), L08: Formalisation and Analysis
Firing rule
semaphor
request1
critical1
idle1
request2
critical2
idle2
![Page 14: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/14.jpg)
Ekkart Kindler
14 ATSE (02265), L08: Formalisation and Analysis
Reachabilitygraph
[ i1, s, i2 ]
[ c1, i2 ]
[ i1, s, r2 ]
[ i1, c2 ]
[ r1, s, i2 ]
[ r1, s, r2 ]
[ c1, r2 ] [ r1, c2 ]
Example
![Page 15: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/15.jpg)
Ekkart Kindler
15 ATSE (02265), L08: Formalisation and Analysis
Formalising semantics
Example: Petri nets
Let N = (P, T, F ) be a Petri net and
t T be a transition.
The marking –t : P IN is defined by:
–t(p) = 1, if (p,t) F, and
–t(p) = 0, if (p,t) F
The marking t+ : P IN is defined by:
t+(p) = 1, if (t,p) F, and
t+(p) = 0, if (t,p) F
Definition 5 (Markings –t and t+ )
t
![Page 16: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/16.jpg)
Ekkart Kindler
16 ATSE (02265), L08: Formalisation and Analysis
Formalising semantics
Example: Petri nets
Let N = (P, T, F ) be a Petri net, t T be
a transition, and m be a marking of N.
A transition t is enabled in marking m,
if m –t .
Then, we write m
If the transition t is enabled in m, the
transition can fire, which results in the
successor marking m’ = ( m - –t ) + t+ .
Then, we write m m’ .
Definition 6 (Firing rule)
t
t
t
![Page 17: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/17.jpg)
Ekkart Kindler
17 ATSE (02265), L08: Formalisation and Analysis
Formalising semantics
Example: Petri nets
Let = (N , m0 ) be a Petri net system.
The set of reachable markings R of
is defined as the least set, such that
• m0 R
• if m R and there exists a
transition t of N and a marking m’
such that m m’, then also
m’ R
Definition 7 (Reachable markings)
t
t
![Page 18: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/18.jpg)
Ekkart Kindler
18 ATSE (02265), L08: Formalisation and Analysis
Observations
The way of defining the behaviour very much depends
on the formalism, but
Typically there is some notion of state
(markings in our example)
There is one (or more) initial state
There is a transition relation m m’
t
![Page 19: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/19.jpg)
Ekkart Kindler
19 ATSE (02265), L08: Formalisation and Analysis
4. State space generation
The inductive definition of the reachable states gives
an algorithm for computing it (in the finite case):
R:= { } // set of already found reachable states
U:= { m0 } // set of states that are yet undealt with
while U { } do
select any m U
U:= U \ { m }
R:= R { m }
for each m’ with m m’ do
U:= U { m’ }
result is R
![Page 20: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/20.jpg)
Ekkart Kindler
20 ATSE (02265), L08: Formalisation and Analysis
State space generation
The inductive definition of the reachable states gives
an algorithm for computing it (in the finite case):
R:= { } // set of already found reachable states
U:= { m0 } // set of states that are yet undealt with
while U { } do
select any m U
U:= U \ { m }
R:= R { m }
for each m’ with m m’ do
U:= U { m }
result is R
![Page 21: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/21.jpg)
Ekkart Kindler
21 ATSE (02265), L08: Formalisation and Analysis
State space generation
The inductive definition of the reachable states gives
an algorithm for computing it (in the finite case):
R = { }
U = { m0 }
while U { } do
select any m U
U:= U \ { m }
R:= R { m }
for each m’ with m m’ do
if m’ R then U:= U { m ’}
result is R
![Page 22: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/22.jpg)
Ekkart Kindler
22 ATSE (02265), L08: Formalisation and Analysis
State space generation
Where are the bottlenecks?
R = { }
U = { m0 }
while U { } do
select any m U
U:= U \ { m }
R:= R { m }
for each m’ with m m’ do
if m’ R then U:= U { m }
result is R
![Page 23: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/23.jpg)
Ekkart Kindler
23 ATSE (02265), L08: Formalisation and Analysis
Checking properties on the fly
R = { }
U = { m0 }
while U { } do
select any m U
U:= U \ { m }
R:= R { m }
for each m’ with m m’ do
if m’ R then U:= U { m }
result is R
![Page 24: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/24.jpg)
Ekkart Kindler
24 ATSE (02265), L08: Formalisation and Analysis
5. Model checking
![Page 25: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/25.jpg)
Ekkart Kindler
25 ATSE (02265), L08: Formalisation and Analysis
5.1. Terminology
Model Checking
Validation and Verification
Reactive System
![Page 26: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/26.jpg)
Ekkart Kindler
26 ATSE (02265), L08: Formalisation and Analysis
Model Checking
Model checking is a
technology for
the fully automatic
verification of
reactive systems
with a finite state space.
![Page 27: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/27.jpg)
Ekkart Kindler
27 ATSE (02265), L08: Formalisation and Analysis
Terms
Technology
principle
method
concept
notation
tool
System
reactive vs. transformational
model
Validation
requirements
specification
simulation
test
verification
deductive
model based
![Page 28: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/28.jpg)
Ekkart Kindler
28 ATSE (02265), L08: Formalisation and Analysis
Validation
Question: Does the system do what it should do?
system
S F Kl eH Jjd j
requirements design
validation
![Page 29: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/29.jpg)
Ekkart Kindler
29 ATSE (02265), L08: Formalisation and Analysis
Validation
Problems:
requirements are informal in most cases, imprecise, incomplete, inconsistent, …
systems can be very complex
designing and building systems is very expensive
the later a flaw is detected the higher the costs to repair it
S F Kl eH Jjd j
![Page 30: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/30.jpg)
Ekkart Kindler
30 ATSE (02265), L08: Formalisation and Analysis
Validation
system
S F Kl eH Jjd j
requirements
validation
(formal)
specification
a
a
b
a b
model
verification
formali-
sation validation abstraction
refinement /
implementation
![Page 31: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/31.jpg)
Ekkart Kindler
31 ATSE (02265), L08: Formalisation and Analysis
Validation
Remarks:
most requirements are informal
validation is an inherently informal process
checking whether a specification captures the
requirements is inherently informal
verification is a formal process
(automatic in some cases) that can partially help
with validation
![Page 32: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/32.jpg)
Ekkart Kindler
32 ATSE (02265), L08: Formalisation and Analysis
Transformational System
accepts some input
makes some calculations
returns a result
In particular:
terminates always (resp. should terminate)
no user interaction possible (after the input was accepted)
![Page 33: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/33.jpg)
Ekkart Kindler
33 ATSE (02265), L08: Formalisation and Analysis
Reactive System
reacts permanently to input
can output results any time (dependent on the input)
In particular:
is interactive (could even be active or proactive)
does not terminate (normally)
reactive systems do not „calculate a function“
![Page 34: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/34.jpg)
Ekkart Kindler
34 ATSE (02265), L08: Formalisation and Analysis
Reactive vs. transformational
Information systems are reactive (in most cases)
The classical notions of algorithm and computation are defined from the transformational system’s point of view
Reactive systems have transformational components in most cases
![Page 35: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/35.jpg)
Ekkart Kindler
35 ATSE (02265), L08: Formalisation and Analysis
Model Checking
Model checking is tailored to the verification of
reactive systems
special notations for „reactive properties“
(temporal logics)
abstraction from transformational parts
(and often from data)
appropriate for cyclic behaviour
but on a high level of abstraction only
![Page 36: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/36.jpg)
Ekkart Kindler
36 ATSE (02265), L08: Formalisation and Analysis
Summary
Model checking is a
technology for
the fully automatic
verification of
reactive systems
with a finite state space.
![Page 37: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/37.jpg)
Ekkart Kindler
37 ATSE (02265), L08: Formalisation and Analysis
5.2. Main Concepts and Ideas
Kripke structures (defining the system/model)
CTL (specifying the properties)
algorithms (only basic idea)
complexity
![Page 38: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/38.jpg)
Ekkart Kindler
38 ATSE (02265), L08: Formalisation and Analysis
Systems and Requirements
system
S F Kl eH Jjd j
requirements
meets
![Page 39: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/39.jpg)
Ekkart Kindler
39 ATSE (02265), L08: Formalisation and Analysis
Model und Specification
model M
Kripke structure
specification A
AG ( a AF b )
Computation Tree Logic (CTL)
a
a
b
a b
![Page 40: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/40.jpg)
Ekkart Kindler
40 ATSE (02265), L08: Formalisation and Analysis
Kripke Structure
A Kripke structure consists of
a set of states,
with distinguished initial states,
a (total) transition relation
a labelling of states with a set of
atomic propositions.
and
a
a
b
a b
![Page 41: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/41.jpg)
Ekkart Kindler
41 ATSE (02265), L08: Formalisation and Analysis
Behaviour
The behaviour at a state can be represented as a
computation tree:
a
a
b
a b
![Page 42: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/42.jpg)
Ekkart Kindler
42 ATSE (02265), L08: Formalisation and Analysis
CTL-Formulas
CTL-formulas are inductively defined:
atomic propositions are CTL-formulas
a, b, ...
CTL-formulas combined with a Boolean
operator are CTL-formulas
CTL-formulas combined with temporal
operators are CTL-formulas
. . , . . , . , ...
EX . , EG . , E[ . U . ], ...
![Page 43: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/43.jpg)
Ekkart Kindler
43 ATSE (02265), L08: Formalisation and Analysis
Exists neXt: EX p
there exists an (immediate) successor in which p holds
true:
EX p
EX p
EX p EX p
p p
p
p
![Page 44: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/44.jpg)
Ekkart Kindler
44 ATSE (02265), L08: Formalisation and Analysis
Exists Globally: EG p
there exists an infinite path on which p holds in each
state:
EG p
EG p
EG p
EG p
EG p
![Page 45: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/45.jpg)
Ekkart Kindler
45 ATSE (02265), L08: Formalisation and Analysis
Exists Until: E[ p U q ]
there exists a reachable state in which b holds true,
and up to this state p holds true:
E[ p U q ]
E[ p U q ]
E[ p U q ]
E[ p U q ] E[p U q ]
![Page 46: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/46.jpg)
Ekkart Kindler
46 ATSE (02265), L08: Formalisation and Analysis
Abbreviations
AX p EX p
for all immediate successors, p holds true
EF p E [ true U p ]
in some reachable state, p holds true
AG p EF p
in all reachable states, p holds true
AF p EG p
on each path, there exists a state in which p holds
true
![Page 47: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/47.jpg)
Ekkart Kindler
47 ATSE (02265), L08: Formalisation and Analysis
System “meets” formula
A CTL-formula holds for a Kripke structure
if the formula holds in each initial state.
![Page 48: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/48.jpg)
Ekkart Kindler
48 ATSE (02265), L08: Formalisation and Analysis
Example
model M specification p
AG ( a AF b ) a
a
b
a b
How do we prove it?
![Page 49: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/49.jpg)
Ekkart Kindler
49 ATSE (02265), L08: Formalisation and Analysis
Algorithms
For each sub-formula, we inductively calculate the set
of states, in which this sub-formula is true:
atomic propositions
temporal operators
Boolean operators
![Page 50: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/50.jpg)
Ekkart Kindler
50 ATSE (02265), L08: Formalisation and Analysis
„Algorithm“ for EX p
Given:
The set of states in which
p holds: Sp
Wanted:
The set of states in which EX p holds: SEX p
We also write EX(Sp ) for SEX p
![Page 51: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/51.jpg)
Ekkart Kindler
51 ATSE (02265), L08: Formalisation and Analysis
until Si+1 = Si = SE[ p U q ] until Si+1 = Si
Algorithm for E[ p U q ]
Given: Sp und Sq
Wanted: SE[ p U q ]
S0 =
S1 = Sq ( Sp EX(S0))
S2 = Sq ( Sp EX(S1))
Si+1 = Sq ( Sp EX(Si))
...
![Page 52: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/52.jpg)
Ekkart Kindler
52 ATSE (02265), L08: Formalisation and Analysis
until Si+1 = Si = SEG p until Si+1 = Si
Algorithm for EG p
Given: Sp
Wanted: SEG p
S0 = S
S1 = Sp EX(S0)
S2 = Sp EX(S1)
Si+1 = Sp EX(Si)
...
![Page 53: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/53.jpg)
Ekkart Kindler
53 ATSE (02265), L08: Formalisation and Analysis
Algorithms Summary
CTL model checking ~ marking algorithm + iteration
EX p
E[ p U q ]
EG p
![Page 54: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/54.jpg)
Ekkart Kindler
54 ATSE (02265), L08: Formalisation and Analysis
Complexity
When implemented in an efficient way, the marking
algorithm for each operator is linear in the number of
states of the system:
O( | M | | p | )
size of the
model
size of the
formula
![Page 55: Course: Advanced Topic in Software Engineering (02265) · syntax Example: Petri nets Transition Place 1 source 1 target Arc * PetriNet Token * Node Object A Petri net N = (P, T, F](https://reader036.vdocument.in/reader036/viewer/2022071212/602515d75c56452f3466d1d5/html5/thumbnails/55.jpg)
Ekkart Kindler
55 ATSE (02265), L08: Formalisation and Analysis
Complexity
When implemented in an efficient way, the marking
algorithm for each operator is linear in the number of
states of the system:
O( | M | | p | )