Using Formal Methods: OCL

1
Using Formal Methods OCL

• Outline the role of OCL in UML
• Interpret diagrams that use OCL
• Create simple diagrams and use OCL
• Explain OCL features similar to JML
• See Formally speaking How to apply OCL
• (http//www-128.ibm.com/developerworks/rational/li
  brary/5390.html)

2
Unified Modelling Language

• Class Diagrams
• Properties Methods of a class
• Relationships between classes
• Inheritance
• Aggregation (whole/part, container classes)
• Associations (general relationship)
• State Transition Diagrams
• Represent finite state machines
• States, Transitions, Events Actions

3
Object Constraint Language OCL

• Formal specification language, part of UML
• Annotate models to clarify meaning
• OCL is used to define
• Constraints Business rules
• Queries
• Operations that dont change the state
• no side effects
• Pre- and post-conditions
• Invariants
• Initial values of attributes
• Guards on transitions in state machines

4
UML OCL Example
Jar Category
Property
0..
0..
requirements
category
1
properties
0..
0..
0..
Jar capacity Integer contents Integer weight
Integer totalWeight() Integer diameter
Integer
Carton capacity Integer maxWeight
Integer sealed Boolean maxDiameter
int totalWeight() Integer addJar(j Jar)
0..1
0..
carton
jars
0..1
jar
cartons
0..
context Carton -- number of bottles must be less
than capacity inv jars-gtsize() lt capacity --
each bottle must fit in the crate inv
jars-gtforAll(diameter lt maxDiameter) -- total
weight must be less than the maximum inv
totalWeight() lt maxWeight
lid
0..1
0..1
crate
Lid innerDiameter Integer weight
Integer sealed Boolean
Crate capacity Integer maxWeight
Integer totalWeight() Integer addCrate(c
Crate)
0..
/ lids
5
Why is OCL needed?

• Graphical model cant define everything
• Must describe additional constraints
• Natural language can be ambiguous
• OCLUML easier than a formal language
• Note
• If you are interested in OCL syntax see
• http//www.csci.csusb.edu/dick/samples/ocl.htmlN
  otation

6
Reminder of Definitions

• Type/Class invariant
• Constraint met by all instances of a type/class
• Operation pre-condition (JML requires)
• A Boolean expression
• Caller of an operation must ensure true first
• Operation post-condition (JML ensures)
• A Boolean expression
• The operation must make this true

7
Invariants

• context Carton
• -- number of bottles must be less than capacity
• inv jars-gtsize() lt capacity
• -- each bottle must fit in the carton
• inv jars-gtforAll(diameter lt maxDiameter)
• -- total weight must be less than the maximum
• inv totalWeight() lt maxWeight

8
Pre- Post Conditions

• context CartonaddJar( j Jar )
• -- there must be room in the carton
• pre jars-gtsize() lt capacity
• -- new weight less than maximum for the carton
• pre totalWeight()j.totalWeight() lt maxWeight
• -- the jar is not in the crate
• pre not jars-gtincludes( j )
• -- j is added to the collection of bottles
• post jars jars_at_pre-gtincluding(j)
• a value with "_at_pre" added refers to the before
  state.

9
What can be used in OCL?

• Basic types
• String, Boolean, Integer, Real
• Classes features from the UML Model
• Attributes
• Query operations (getters)
• Methods returning a result not altering the
  state
• jar.totalWeight() gt 0
• Associations from the model
• Context Jar
• carton.jars
• -- All the jars in the same carton as this one

10
Collections

• OCL has built-in collection types
• Set, bag, sequence
• Associations with multiplicity gt 1 involve a
  collection, usually a bag
• carton.jars
• Constraints can be defined on
• The collection as a whole
• carton.jars-gtsize() lt 20
• Elements of the collection
• carton.jars-gtforall()

Note carton is an object Use . jars is a
collection Use -gt
11
Creating More Collections

• Can generate collections from collections
• Collection-gtcollect(elem T expr)
• Collection-gtcollect(elem expr)
• Collection-gtcollect(expr)
• Can be abbreviated to Collection.expr
• Results of evaluating expr for all elements
• carton.jars-gtcollect(weight lt 100)
• -- set of light jars

12
Collection Operations

• forAll(expr), forAll(elem T expr)
• jars-gtforAll(diameter lt maxDiameter)
• exists (expr), exists(elem T expr)
• isEmpty()
• size()
• count(elem)
• Number of occurrences of item
• includes(elem)
• Is an element of
• includesAll(items)
• Items is a subset of

13
More Collection Operations

• General processing iterate
• Collection-gtiterate(elem type, answer type
• ltexpression-with-elem-and-answergt
• The bag of answers satisfying the expression
• Selection
• Collection-gtselect(expression)
• Items from collection meeting the condition
• Adding to collection
• newCollect Collection-gtincluding(item)
• Returns the old collection with the item added

14
Let Expression

• Introduces a local variable
• Simplifies an expression
• Example
• Let maxweight int
• max(jars-gtcollect(weight)) in
• maxweight lt 10 AND maxweight gt 8
• Which is equivalent to
• max(jars-gtcollect(weight)) lt 10 and
• max(jars-gtcollect(weight)) gt 8

Declaration initialisation
Expression
15
UML OCL Example
JarCategory
Property
0..
0..
requirements
category
1
properties
0..
0..
0..
Jar capacity Integer contents Integer weight
Integer totalWeight() Integer diameter
Integer
Carton capacity Integer maxWeight
Integer sealed Boolean totalWeight()
Integer addJar(j Jar)
0..1
0..
carton
jars
Jar carton.properties -gt includes(category.requi
rements)
The jars cartons properties must include the
requirements for that category of jar
Carton properties.jarCategory -gt
includes(jars.category)
The jar categories covered by the cartons
properties must include each jars category
16
Examples
Abbreviation for properties-gtcollect(jarCategory)

• Invariants
• Carton properties.jarCategory -gt
  includes(jars.category)
• Jar carton.properties -gt includes(category.requi
  rements)
• An association with a cardinality gt1, gives a bag
  
• Missing role names
• If there is no role name at an end of an
  association, use the name of the type (in lower
  case) e.g. properties.jarCategory.
• The "." operator applies the same attribute or
  association to each member of a bag to give
  another bag.

17
Specifying Operations

• Describe the effects of use cases operations
• Abstract away from algorithmic details (what not
  how)
• For example
• use case Assign(contents set of Jar, c Carton)
  
• Post c.jars c.jars_at_pre-gtincluding(contents)
• Note the postcondition
• Doesn't restate class diagram constraints/
  invariants.
• The carton must have appropriate properties from
  the cardinality of the jarcartons association,
  and the invariant
• Relates states before and after the operation
• no matter how long it takes, and what steps are
  needed.
• States what's required, but can leaves things
  open.
• Any carton can be used, if it has the relevant
  properties
• Program code would choose a specific one.

18
Inheritance and Constraints

• Key Principle
• Can always substitute a sub-class for a class
• Implications for invariants
• An invariant is inherited by each subclass
• A subclass can strengthen the invariant
• Implications for pre- and post-conditions
• A method pre-condition may be weakened
• The method is more widely applicable
• A method post-condition may be strengthened
• The method is more powerful

19
Advantages Disadvantages

• Writing in OCL encourages precise thinking
• Exposes inconsistencies in requirements documents
• Forces issues to be clarified early
• Not discovered during programming.
• Concise unambiguous
• No confusion between readers and writers.
• Programming-language-neutral
• Use with component-based systems to define the
  rules they all should conform to.
• Testing
• OCL statements help generate test harnesses
• Hard to understand
• Need narrative text, using OCL to reduce
  ambiguity.

20
Alternatives to OCL

• Exposing flaws
• animate scenarios or write a prototype
• Can take a long time even with RAD tools
• In OCL, can discuss high-level issues at early
  stage
• Use a programming language such as Java.
• Even better for test-harness
• But OCL has two advantages
• Implementation language neutrality useful
• To apply same rules to components in different
  languages
• Before an implementation language selected
• OCL deals with sets more concisely
• without needing explicit iterators

21
Summary
We wont cover OCL syntax details You need to
understand concepts

• Expect you to
• navigate through properties links
• use sensible collection operations
• ensure meaning is clear

• OCL invariants
• More precise model
• Implementation independent
• OCL pre- post-conditions
• Specify contracts
• Specify component interfaces precisely
• Using OCL
• Keep constraints simple
• Document with natural language
• Use syntax checker