Figure 1 - uploaded by Franco Mazzanti
Content may be subject to copyright.
Source publication
In this paper we present the state/event-based temporal logic µUCTL which is a logic oriented towards a natural description of dynamic properties of UML models. This logic allows to specify the basic properties that a runtime system configuration should satisfy and to combine these basic predicates with logic and temporal operators which allow to t...
Contexts in source publication
Context 1
... a set of communicating state machines evolving in parallel; in particular UML intention- ally does not specify the reliability and delay of communications between state machines, nor the degree of parallelism with which they evolve. Here we make the assumption that communications are instantaneous and loss-less, and that a system evolution is consti- tuted by a single state machine evolution 1 (i.e. state machines are supposed to evolve in interleaving). For example under these assumptions, if we consider a system composed by two equal objects, obj1 and obj2, as described by the statechart diagram of Fig. 1 Observable events have here the form: source : target.signal(args) where source is the name of the evolving object (sending the signal), target is the object which is the des- tination of the signal, signal the signal name and args its parameters (if any). Atomic propositions on states are instead expressions like ob j.attr = value. We suppoose that the user is given the possibility to specify in detail which events and/or which object at- tributes should be "observed" from the point of view of the model ...
Similar publications
One of the driving forces of language evolution is the selection of variants that suit the communicative needs of its users. Crucially, fitness of linguistic variants may largely depend on the structure of the environment in which language is learned, transmitted, and used. This hypothesis has gained support in various domains. We apply it in the co...
Context: Current practices on software quality monitoring for critical software systems development rely on the manual integration of the information provided by a number of independent commercial tools for code analysis; some external tools for code analysis are mandatory in some critical software projects that must comply with specific norms. How...
Citations
... UMC [29,45] is an "on-the-fly" model checker tool, designed for the formal analysis/verification of the dynamic behavior of UML statecharts, by providing a user friendly environment, for expressing the system and the properties. An online version of the UMC model checker is also available 2 . ...
Modern Smart Environments (SmE) are equipped with a multitude of devices and sensors aimed at intelligent services. The variety of devices has raised a major problem of managing SmE. An increasingly adopted solution to the problem is the modeling of goals and intentions, and then using artificial intelligence to control the respective SmE accordingly. Generally, the solution advocates that the goals can be achieved by controlling the evolution of the states of the devices. In order to automatically reach a particular state, a sophisticated solution is required through which the respective commands, notifications and their correct sequence can be discovered and enforced on the real devices. In this paper, a comprehensive methodology is proposed by considering a) the composite nature of the state of an individual device; b) the possible variation of specific commands, notifications and their sequence based on the current states of the devices. The methodology works at two levels: design-time and runtime. At design-time, it constructs the extended data and control flow behavioral graphs of the devices by using the concepts of a model checking approach. Then, at runtime, it uses these graphs for finding the reliable evolution through which the desired goal can be fulfilled. The proposed methodology is implemented over the Domotic Effects framework and a home automation system, i.e. Domotic OSGi Gateway (Dog). The implementation and experimentation details indicate the effectiveness of the proposed approach.
... Other action-based temporal and modal logics are discussed in the survey paper [29], including the modal µ-calculus [25] (µL), which is in some ways more powerful than TLR * , but lacks spatial action patterns. Among other logics supporting both actions and state predicates we find several extensions of either A-CTL * or A-CTL such as, e.g., [2,19,21,36]. Three other approaches proposing mixed logics with both state-predicates and actions are: (i) the extension of the SE -LTL in [8,9] to a universally path quantified logic involving ω-regular expressions [7]; (ii) the ESTL logic of events and states for Petri nets of [24]; and (iii) the Kripke modal transition systems of [23], and their use in the verification of safety and liveness properties in the context of the modal µcalculus . ...
This paper presents a model checker for LTLR, a subset of the temporal logic of rewriting TLR * extending linear temporal logic with spatial action patterns. Both LTLR and TLR * are very expressive logics gen-eralizing well-known state-based and action-based logics. Furthermore, the semantics of TLR * is given in terms of rewrite theories, so that the concurrent systems on which the LTLR properties are model checked can be specified at a very high level with rewrite rules. This paper answers a nontrivial challenge, namely, to be able to build a model checker to model check LTLR formulas on rewrite theories with relatively little effort by reusing Maude's LTL model checker for rewrite theories. For this, the reflective features of both rewriting logic and its Maude implementation have proved extremely useful.
... This is because, in order for the module to be correct, all possible models (and, hence, all possible customers that are conversational compliant) need to be checked to satisfy those properties. In [6], we outlined an approach for establishing the correctness of service modules based on the use of the model-checker UMC [41]. UMC has been developed for the logic UCTL and UML statecharts. ...
In this paper, we provide a mathematical semantics for a fragment of a language–SRML–that we have defined in the IST-FET-GC2 Integrated Project SENSORIA for modelling service-oriented systems. The main goal of this research is to make available a foundational basis for the development of practical modelling languages and tools that designers can use to model complex services at a level of abstraction that captures business functionality independently of the languages in which services are implemented and the platforms in which they execute. The basic artefact of the language is the service module, which provides a model for a complex service in terms of a number of components that jointly orchestrate a business function and may dynamically discover and bind to external parties that can deliver required functionalities. We define a mathematical model of computation and an associated logic for service-oriented systems based on the typical business conversations that occur between the parties that deliver a service. We then define the semantics of SRML service modules over this model and logic, and formulate a property of correctness that guarantees that services programmed and assembled as specified in a module provide the business functionality advertised by that module. Finally, we define an algebraic operation of composition of service modules that preserves correctness. To the best of our knowledge, there is no other formal approach that has been defined from first principles with the aim of capturing the business nature of service conversations and support service assembly based on the business logic that is required, not as it is programmed.
... SocL [6] is a service-oriented temporal logic derived from UCTL [19,8,7] which has the following characteristics: ...
In this chapter we present (some of) the design principles which have inspired the development of the CMC/UMC verification
framework. The first of these is the need of an abstraction mechanism which allows to observe a model in terms of an abstract
L
2
TS, therefore hiding all the unnecessary underlying details of the concrete computational model, while revealing only the details
which might be important to understand the system behavior. The second of these is the need a Service-Oriented Logic (SocL ) which is an event and state based, branching-time, efficiently verifiable, parametric temporal logic, for the formal encoding
of service-oriented properties. The third principle is the usefulness of an on-the-fly, bounded model-checking approach for
an efficient, interactive analysis of service-oriented systems which starts from the early stages of the incremental system
design.
... The roots of UCTL can be found in [16,17], where the logics called µ-ACTL + and µ-UCTL were first presented. These logics were already state/action based, but were defined as extensions of the full µ-calculus, so the until/unless operators were defined in terms of the fixpoint expressions. ...
We present the UMC framework for the formal analysis of concurrent systems specified by collections of UML state machines. The formal model of a system is given by a doubly labelled transition system, and the logic used to specify its properties is the state-based and event-based logic UCTL. UMC is an on-the-fly analysis framework which allows the user to interactively explore a UML model, to visualize abstract behavioural slices of it and to perform local model checking of UCTL formulae. An automotive scenario from the service-oriented computing (SOC) domain is used as case study to illustrate our approach.
... There are many approaches to combine state-based and event-based formulas. In23242526, several extensions of either A-CTL * or A-CTL are discussed. Three other approaches proposing mixed logics with both state-predicates and actions are: (i) the extension of the SE -LTL in [4, 22] to a universally path quantified logic involving ω-regular expressions [27]; (ii) the ESTL logic of events and states for Petri nets of [28]; and (iii) the Kripke modal transition systems of [29], and their use in the verification of safety and liveness properties in the context of the modal µ-calculus [30] (µL). ...
This paper presents the foundation, design, and implementation of the Linear Temporal Logic of Rewriting model checker as
an extension of the Maude system. The Linear Temporal Logic of Rewriting (LTLR) extends linear temporal logic with spatial
action patterns which represent rewriting events. LTLR generalizes and extends various state-based and event-based logics
and aims to avoid certain types of mismatches between a system and its temporal logic properties. We have implemented the
LTLR model checker at the C++ level within the Maude system by extending the existing Maude LTL model checker. Our LTLR model
checker provides very expressive methods to define event-related properties as well as state-related properties, or, more
generally, properties involving both events and state predicates. This greater expressiveness is gained without compromising
performance, because the LTLR implementation minimizes the extra costs involved in handling the events of systems.
... There are two research directions that promise significant long-term progress: one is the development of formalisms that are expressive enough to model interesting program properties while having low computational complexity, at least for a practically relevant class of problems. Interesting developments on this front are currently taking place, e.g., in the area of description logics [22] and temporal logics [23]. Modal logics [24], which allow the reasoning about the belief of other agents and may be appropriate for programs that try to reason in depth about their environment. ...
Software development is difficult, even if we control most of the operational parameters and if the software is designed to
run on a single machine. But in the future we will face an even more challenging task: engineering ensembles consisting of
thousands, or even millions, of nodes, all operating in parallel, with open boundaries, possibly unreliable components and
network links, and governed by multiple entities. To develop reliable and trustworthy software for these kinds of systems
we need to go far beyond the current state of the art and address fundamental problems in software development. We present
some challenges and promising avenues for research about software-engineering for ensembles.
... The use of temporal logic has also been adopted by workflow-based approaches to SOC; in [16] constraint templates based on linear temporal logic are used to capture common specification patterns for service flows. In order to capture patterns of service-oriented interactions we use abbreviations of an action/state branching time logic based on UCTL [12]. This new logic is being developed within SENSORIA together with our partners at ISTI-CNR (Pisa). ...
... In connection with the previous we are working on applying the UCTL branching time temporal logic to the SRML framework. UCTL is an action/state based logic that was originally introduced to express the properties of UML statecharts [12]. The formal power that is attained with an action/state logic is crucial in order to reason about SRML models that, as we have seen in section 3, possess information related to the state of the system and the behaviour that changes the state. ...
... First we can validate the soundness of our computational model by defining the tools that allow us to reason about the model itself and axiomatize it. Second, these same tools will allow reasoning about service-oriented architectures both using proof strategies and automatic model-checking [12]. Finally, we lay the basis for defining the language of business protocols that is used to specify the behaviour of interfaces and that consists essentially of abbreviations of the UCTL temporal logic. ...
We present a formal model for the coordination of interactions in service-oriented systems. This model provides a declarative semantics for the language SRML that is being developed under the FET-GC2 project SENSORIA for modelling and reasoning about complex services at the abstract business level. In SRML, interactions are conversational in the sense that they involve a number of correlated events that capture phenomena that are typical of SOC like committing to a pledge or revoking the effects of a deal. Events are exchanged across wires that connect the parties involved in the provision of the service.
... After a system has been modeled, it is useful to provide formal tools to check the validity of properties of the system under specification. Temporal logics have been widely recognized as a useful formalism to express liveness (something good eventually happens) and safety (nothing bad can happen) properties of complex systems [16]. Verification techniques differ according to the architecture being described. ...
... In[1,13,14], a less restricted logic (µ-UCTL) was defined and used in previous versions of UMC. Essentially based on the full µ-calculus, µ-UCTL was still defined over doubly labelled structures, but in that case the system transitions were labelled with sequences of events rather than with sets. ...
In this paper we present an action/state-based logical frame- work for the analysis and verication of complex systems, which relies on the denition of doubly labelled transition systems. The dened tempo- ral logic, called UCTL, combines the action paradigm|classically used to describe systems using labelled transition systems|with predicates that are true over states|as captured when using Kripke structures as semantic model. An ecient model checker for UCTL has been realized, exploiting an on-the-y algorithm. We then show how to use UCTL, and its model checker, in the design phase of an asynchronous extension of the communication protocol SOAP, called aSOAP. For this purpose, we de- scribe aSOAP as a set of communicating UML state machines, for which a semantics over doubly labelled transition systems has been provided.
