1

Towards formal manipulations of scenarios represented by High-level Message Sequence Charts

Loïc Hélouet

Claude Jard

Benoît Caillaud

IRISA/PAMPA (INRIA/CNRS/Univ. Rennes)Campus de Beaulieu, F-35042 RENNES,France.

http://www.irisa.fr/pampaClaude.Jard@irisa.fr

2

Motivations

Formal methods and tools to improve the development process of (distributed) software

Need to instrument at early stages of the development Interest of graphical scenario languages like Message

Sequence Charts in the SDL framework or Sequence Diagrams of the popular Unified Modelling Language

Problems with their formal semantics Problems with their declarative (high-level) nature :

Normal forms ? State-finiteness ? Executability ?

3

Contributions

Partial-order semantics of the High-level Message Sequence Charts (HMSC is the ITU/Z.120 standard)

Effective notion of equivalence based on event-structures and graph-grammars

Normal form of HMSCs Towards new efficient methods :

to decide divergence, to simulate and to check properties

4

Outline

MSC et HMSC Event structures Partial order semantics of HMSC Covering graphs of event structures Graph grammars Regularity of graph grammars Equivalence Applications Conclusion and perspectives

5

Basic Message Sequence Charts (BMSC)

Instances, events and messages

Ordering of events : due to sequentiality of

instances due to message causality

Partial order M= ( E,<,,A,I ) E : events < : causal ordering : labelling of events

: E -> A x I A : action names I : instance names

6

High-level Message Sequence Charts (HMSC)

Hierarchical graph of MSCs

Sequence, choice and loop operators

Non-deterministic choice

Sequence is communication-closed but without synchronization

7

Sequencing

Instance by instance, maximal events of the first HMSC are linked to the minimal events of the second HMSC

8

Choice : union of scenarios

9

Recursion (unfolding)

10

Specifications which are not implementable

Non-local choices Divergence

11

Infinite family of partial orders

Paths of the HMSC graph form (generally) an infinite family of partial orders

This family can be uniquely represented by an event structure (communication closed assumption)

12

Event structures

Compact representation of partial order families. Used in concurrency theory

ES = (E, <, #, , A , I ) E : events < : partial order (causality) # : conflict relation

(symmetric, inherited by causality)

: labelling

13

Reduction to minimal conflicts

14

From HMSCs to event structures

Sequencing : as for partial orders; conflicts are inherited

Choice : creates new conflicts

Recursion : unfolding

15

HMSC partial order semantics

HMSC Semantics = the corresponding event structure

Strong notion of equivalence given by isomorphism of event structures

Isomorphism of (infinite) graphs can be computed using graph grammars [Caucal 92] such that :

the graph is regular the graph is finitely branching

Based on the computation of normal forms of the grammars

16

Non regular specifications

17

Irregular graphs

Cannot be represented by a graph grammar

18

Covering graphs with conflict inheritance edges

19

Transformation into a regular graph

20

Graph grammar

Hyperarc :

s1. . . .sn

Hypergraph :

Graph + hyperarcs Rule : (Hyperarc,

Hypergraph) Graph grammar =

G = (Axiom,Rules)

21

Graph rewriting

22

From HMSCs to graph grammars (ends)

23

From HMSCs to graph grammars (sequence)

24

From HMSCs to graph grammars (choice)

25

From HMSCs to graph grammars (recursion)

26

From HMSCs to graph grammars (conflict inheritance arcs)

Context management

27

Example (HMSC)

28

Example (graph grammar)

29

Example (graph grammar)

30

Properties of covering graphs

Covering graphs with inheritance edges are regular (can be finitely described by graph grammars)

Branching of conflicts is finite Branching of causality is generally infinite But ignoring them preserves the isomorphism of the

event structures (the infinite branching can be reconstructed from the simplified graph)

31

Decision of equivalence

Let us consider two HMSCs H1 and H2 Compute their graph grammars G1 and G2 Replace the inheritance edges that are not made from choice to

choice by the corresponding conflicts (minimization of basic event structures)

Compute grammars G’1 and G’2 by eliminating redundancies (to avoid global optimization)

Compute FBG1 and FBG2 by eliminating infinite branchings within G’1 and G’2

Compute FNG1 and FNG2, the normal forms of FBG1 and FBG2 If FBG1 and FBG2 have the same normal forms up to a

renaming, then H1 and H2 are equivalent

32

Normal forms

Global transformation to ensure a certain distance between the hyperarcs

PolynomialA rule which is not normalized

33

Example of two equivalent HMSCs

34

Their covering graph

35

Decision of divergence

An HMSC is not divergent iff the communication graph of each simple loop is symmetricCan be computed on the graph grammar by finite rewriting

36

Summary

Towards formal manipulations of scenario languages Partial order semantics of the HMSC standard Equivalence defined as a structure isomorphism Use of graph grammars and of recent decision

algorithms

ftp://ftp.inria.fr/INRIA/publication/RR/RR-3499.ps.gz

37

Perspectives

Short term : Implementation Weaker notions of equivalence Animation (using normal forms)

Middle term : HMSCs with values Parallel composition Integration in the UML meta-model

Long term : Decision of properties Quantitative analysis using Max + techniques Generation of squeletons, protocol synthesis