Towards formal manipulations of scenarios
represented by High-level Message Sequence
Charts
Loïc Hélouet
Claude Jard
Benoît Caillaud
IRISA/PAMPA (INRIA/CNRS/Univ. Rennes)
Campus de Beaulieu, F-35042 RENNES,
France.
http://www.irisa.fr/pampa
[email protected]
1
Motivations





Formal methods and tools to improve the
development process of (distributed) software
Need to instrument at early stages of the development
Interest of graphical scenario languages like Message
Sequence Charts in the SDL framework or Sequence
Diagrams of the popular Unified Modelling Language
Problems with their formal semantics
Problems with their declarative (high-level) nature :
Normal forms ? State-finiteness ? Executability ?
2
Contributions




Partial-order semantics of the High-level Message
Sequence Charts (HMSC is the ITU/Z.120 standard)
Effective notion of equivalence based on eventstructures and graph-grammars
Normal form of HMSCs
Towards new efficient methods :



to decide divergence,
to simulate and
to check properties
3
Outline









MSC et HMSC
Event structures
Partial order semantics of HMSC
Covering graphs of event structures
Graph grammars
Regularity of graph grammars
Equivalence
Applications
Conclusion and perspectives
4
Basic Message Sequence Charts (BMSC)


Instances, events and
messages
Ordering of events :



due to sequentiality of
instances
due to message causality
Partial order M= ( E,<,a,A,I )





E : events
< : causal ordering
a : labelling of events
a : E -> A x I
A : action names
I : instance names
5
High-level Message Sequence Charts
(HMSC)




Hierarchical graph of
MSCs
Sequence, choice and
loop operators
Non-deterministic
choice
Sequence is
communication-closed
but without
synchronization
6
Sequencing
Instance by instance, maximal events of the first
HMSC are linked to the minimal events of the second
HMSC
7
Choice : union of scenarios
8
Recursion (unfolding)
9
Specifications which are not implementable
Non-local choices
Divergence
10
Infinite family of partial orders


Paths of the HMSC
graph form (generally)
an infinite family of
partial orders
This family can be
uniquely represented by
an event structure
(communication closed
assumption)
11
Event structures


Compact representation
of partial order families.
Used in concurrency
theory
ES = (E, <, #, a, A , I )




E : events
< : partial order (causality)
# : conflict relation
(symmetric, inherited by
causality)
a : labelling
12
Reduction to minimal conflicts
13
From HMSCs to event structures



Sequencing : as
for partial orders;
conflicts are
inherited
Choice : creates
new conflicts
Recursion :
unfolding
14
HMSC partial order semantics



HMSC Semantics = the corresponding event
structure
Strong notion of equivalence given by isomorphism of
event structures
Isomorphism of (infinite) graphs can be computed
using graph grammars [Caucal 92] such that :



the graph is regular
the graph is finitely branching
Based on the computation of normal forms of the
grammars
15
Non regular specifications
16
Irregular graphs
Cannot be represented by a graph grammar
17
Covering graphs with conflict inheritance
edges
18
Transformation into a regular graph
19
Graph grammar




Hyperarc :
s1. . . .sn
Hypergraph :
Graph + hyperarcs
Rule : (Hyperarc,
Hypergraph)
Graph grammar =
G = (Axiom,Rules)
20
Graph rewriting
21
From HMSCs to graph grammars (ends)
22
From HMSCs to graph grammars (sequence)
23
From HMSCs to graph grammars (choice)
24
From HMSCs to graph grammars (recursion)
25
From HMSCs to graph grammars
(conflict inheritance arcs)
Context management
26
Example (HMSC)
27
Example (graph grammar)
28
Example (graph grammar)
29
Properties of covering graphs




Covering graphs with inheritance edges are regular
(can be finitely described by graph grammars)
Branching of conflicts is finite
Branching of causality is generally infinite
But ignoring them preserves the isomorphism of the
event structures (the infinite branching can be
reconstructed from the simplified graph)
30
Decision of equivalence







Let us consider two HMSCs H1 and H2
Compute their graph grammars G1 and G2
Replace the inheritance edges that are not made from choice to
choice by the corresponding conflicts (minimization of basic event
structures)
Compute grammars G’1 and G’2 by eliminating redundancies (to
avoid global optimization)
Compute FBG1 and FBG2 by eliminating infinite branchings
within G’1 and G’2
Compute FNG1 and FNG2, the normal forms of FBG1 and FBG2
If FBG1 and FBG2 have the same normal forms up to a
renaming, then H1 and H2 are equivalent
31
Normal forms


Global
transformation to
ensure a certain
distance between the
hyperarcs
Polynomial
A rule which is not normalized
32
Example of two equivalent HMSCs
33
Their covering graph
34
Decision of divergence
An HMSC is not divergent iff the communication graph of each simple loop is symmetric
Can be computed on the graph grammar by finite rewriting
35
Summary




Towards formal manipulations of scenario languages
Partial order semantics of the HMSC standard
Equivalence defined as a structure isomorphism
Use of graph grammars and of recent decision
algorithms
ftp://ftp.inria.fr/INRIA/publication/RR/RR-3499.ps.gz
36
Perspectives

Short term :




Middle term :




Implementation
Weaker notions of equivalence
Animation (using normal forms)
HMSCs with values
Parallel composition
Integration in the UML meta-model
Long term :



Decision of properties
Quantitative analysis using Max + techniques
Generation of squeletons, protocol synthesis
37