Checking Interaction Consistency in MARMOT Component Refinements

1
Checking Interaction Consistency in MARMOT
Component Refinements

• Yunja Choi
• School of Electrical Engineering and Computer
  Science
• Kyungpook National University

2
Overview

• MARMOT methodology
• Component and refinements
• Interaction consistency
• A general framework for consistency checking
• Case example
• Model checking elevator system
• Performance improvement through abstraction
• Discussion

3
MARMOT Methodology

• Branched from KobrA by Atkinson et. al
• Designed for the development of embedded systems
• High quality system through systematic,
  structured development
• Components are the focus of entire development
  process
• Tree-structured hierarchy of components
• Flexibility and reuse of components

4
MARMOT Component
5
MARMOT Component
Refined component
Refining component
6
Recursive Development
Identification
Specification
Realization
Kpt A
Component Reuse
Kpt B
Kpt C
Kpt D
COTS Component
7
Example elevator system
8
Specifying externally visible behavior
9
Quality Control

• MAMOT supports systematic identification and
  refinements of a component
• the principle of separation of concerns
  specification vs. realization
• Iterative decomposition and refinements
• There can be many issues in consistency
• Structural consistency
• Behavioral consistency
• Behavioral consistency between the realization of
  refined component and the specification of its
  refining components

10
Interaction Consistency

• at ith refinement step, the realization of the
  refined component constrains the environment of
  the refining components
• A system is consistent with its environment in
  its behavior if it either terminates normally or
  runs infinitely under the infinite sequence of
  stimuli generated from its environment
• A system is inconsistent with its environment in
  its behavior if it terminates abnormally under
  the infinite sequence of stimuli generated from
  its environment

11
Process model

• A component and its environment are specified as
  two processes P and E, where each of them is
  represented as a labeled transition system (Sp,
  Lp, Rp, Ip, Tp) and (Se, Le, Re, Ie, Te)
• A restricted form of process composition of P and
  E is defined as P?E (Sp Se, Lp? Le, Rp Re,
  Ip Ie, Tp Te) where

12
Consistency Model
13
Formal definitions

• Termination
• Terminate(P(s))?E P terminates to a state s
  that belongs to the pre-defined set of terminal
  states T under the environment E
• P(s) ? s ?T,
• If P is a compositional process, P P1? P2?.. ?
  Pn
• Terminate(P(s)) ?E if and only if ?i,
  Terminate(Pi(si)) ?Ei , where Ei E ? P1? P2?..
  Pi-1 ? Pi1 ? ? Pn

14
Formal definitions

• Progressiveness
• Progress(P(s)) ?E eventually, there is a
  transition out of the state s under the
  environment E
• Interaction Consistency
• Consistent(P(s)) ?E Terminate(P(s))?E ?
  Progress(P(s)) ?E

15
Model checking consistency

• Based on the exhaustive search of system
  state-space
• Fully automated
• SPIN invalid-endstate checking
• SMV we can formulate the consistency property in
  temporal logic and use model checker to verify it
• Provide counter-examples
• Need translation to PROMELA or SMV input language
• A number of translation approaches are available

16
model checking consistency- Framework -
17
Consistency Model in PROMELA
18
Performance issue
19
Abstraction techniques

• Trigger-based abstraction
• Abstract the environment so that it contains all
  the transitions generating a triggering event for
  the process P, and all the transitions from the
  initial state leading to the transition
• Transition reduction
• collapse several transitions into one if the
  intermediate transitions do not generate
  triggering actions for the process P

ti /ai
s0
s1
s2
si
Si1
ti /ai
s0
si
Si1
20
Performance Improvement
21
Discussion

• Formal methods can be effective and useful when
  integrated into development process
• Our work focuses on the seamless integration
• There are a number of existing works on UML
  consistency, refinements, CBD methodology, and
  the use of model checking
• However, they mostly focus on one of the issues
  separately.
• Hardly any of the earlier works concerns on
  performance issue when using model checking
• Environment constraints have been manually
  identified in the previous works
• More investigation is needed on optimization and
  automation
• Translation and abstraction

22

• Thank you!