Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
Synthesizing State Machines from
Live Sequence Charts
Software Quality and Safety
Renate Ristov
17. Juli 2008
Motivation
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
Inter-object behavior
Intra-object behavior
?
Renate Ristov
Synthesis of State Machines from LSCs - 2
Coffee Vending Machine
Renate Ristov
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
Synthesis of State Machines from LSCs - 3
Play-in/Play-out
Renate Ristov
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
Synthesis of State Machines from LSCs - 4
Problem of Consistency
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
 Find an object system that satisfies the LSC
specification:
 For every chart and every run, whenever the prechart holds
the run must satisfy the chart
 LSC specification has to be consistent
Renate Ristov
Synthesis of State Machines from LSCs - 5
Deciding Consistency
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
DFA for
every LSC
Product Automaton
Eliminating Bad States
and Transitions
Renate Ristov
Synthesis of State Machines from LSCs - 6
Not Consistent Specification
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
Restricted messages: prep_coffee
Renate Ristov
Synthesis of State Machines from LSCs - 7
DFA for every LSC
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
All messages without
insert_coin
All messages not in the chart and
not prep_coffee
Renate Ristov
Synthesis of State Machines from LSCs - 8
Product Automaton
Renate Ristov
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
Synthesis of State Machines from LSCs - 9
Eliminating Bad States and
Transitions
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
DFA for
every LSC
Product Automaton
Eliminating Bad States
and Transitions
Renate Ristov
Synthesis of State Machines from LSCs - 10
Eliminating Bad States and
Transitions
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
 Bad Transition: System
Messages from Accepting
States
Renate Ristov
Synthesis of State Machines from LSCs - 11
Eliminating Bad States and
Transitions
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
 Bad Transition: System
Messages from Accepting
States
Renate Ristov
Synthesis of State Machines from LSCs - 12
Eliminating Bad States and
Transitions
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
 Bad Transition: System
Messages from Accepting
States
 Bad Transition:
Environment Messages
from Non-Accepting States
Renate Ristov
Synthesis of State Machines from LSCs - 13
Eliminating Bad States and
Transitions
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
 Bad Transition: System
Messages from Accepting
States
 Bad Transition:
Environment Messages
from Non-Accepting States
Renate Ristov
Synthesis of State Machines from LSCs - 14
Eliminating Bad States and
Transitions
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
 Bad Transition: System
Messages from Accepting
States
 Bad Transition: Environment
Messages from NonAccepting States
 Bad State: Accepting States,
where Environment Message
leads to Deadlock
Renate Ristov
Synthesis of State Machines from LSCs - 15
Eliminating Bad States and
Transitions
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
 Bad Transition: System
Messages from Accepting
States
 Bad Transition: Environment
Messages from NonAccepting States
 Bad State: Accepting States,
where Environment Message
leads to Deadlock
Renate Ristov
Synthesis of State Machines from LSCs - 16
Eliminating Bad States and
Transitions
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
 Bad Transition: System
Messages from Accepting
States
 Bad Transition: Environment
Messages from NonAccepting States
 Bad State: Accepting States,
where Environment Message
leads to Deadlock
Renate Ristov
Synthesis of State Machines from LSCs - 17
Eliminating Bad States and
Transitions
No object system found
to satisfy the LSCs
Renate Ristov
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
LSC specification
not consistent
Synthesis of State Machines from LSCs - 18
Corrected Specification
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
Restricted messages: prep_coffee
Renate Ristov
Synthesis of State Machines from LSCs - 19
Global System Automaton
Renate Ristov
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
Synthesis of State Machines from LSCs - 20
Distributing the GSA
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
DFA for every LSC
Product Automaton
Eliminating Bad States
and Transitions
Distributing the Global
System Automaton
Renate Ristov
Synthesis of State Machines from LSCs - 21
Distributing the GSA
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
 Controller Object
 Controller Object in size of GSA
 Every Object size of 1
 Full Duplication
 Every Object in size of GSA
 Partial Duplication
 Every Object size smaller than GSA
 But overall at least size of GSA
Renate Ristov
Synthesis of State Machines from LSCs - 22
Complexity
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
 Size of Global System Automaton (GSA) is
dependent on size of LSC specification
 Size of LSC specification dependent
• Number of Objects
• Number of Charts
• Number of Messages
 Fix one number  exponential in the size of other numbers
 Fix every number  polynomial in the size of LSC
specification
 Construction of GSA is polynomial in the size of GSA
Renate Ristov
Synthesis of State Machines from LSCs - 23
Discussion
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
 Very simple LSCs:
 No variables
 No conditions
 No complex constructs like
alternatives, loops, etc.
 For large systems too much time
and space needed to be practical
Renate Ristov
Synthesis of State Machines from LSCs - 24
Another approach
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
 Using smart play-out to find
consistency
 Encode play-out in a transition system
(only one of many)
 Model Checking:
┐(EF(AG( for all universal charts mi (active mi = 1)))
 Technique not complete: Another transition system
can be correct, but the algorithm did not find it
 LSCs have to be very detailed to bound the
complexity
Renate Ristov
Synthesis of State Machines from LSCs - 25
Summary
 Object System satisfies LSC
specification iff LSC
specification is consistent
 Very simple LSCs
 Not practical for large systems
 Another approach: Encoding
with Smart Play-Out and
Model Checking
 Richer LSCs
 Not complete
Renate Ristov
Fachgebiet Softwaretechnik
Prof. Dr. Wilhelm Schäfer
DFA for every LSC
Product Automaton
Eliminating Bad States
and Transitions
Distributing the Global
System Automaton
Synthesis of State Machines from LSCs - 26