Transformation from OCL into B

1
Transformation from OCL into B
2
Outline

• UML-B Integration
• Motivation
• Derivation schemes from UML specifications into B
• Perspectives
• OCL-into-B Transformation
• OCL Overview
• Tranformation principles
• Types and operations
• Postconditions
• Case study
• Related work

3
Motivation

• UML-B Integration perspectives
• UML ? B
• support for the B specification development
• B ? UML
• support for verification and proof of UML
  specifications
• UML
• largely accepted in industry as well as in
  research
• unified notations for specifying requirements,
  designs and implementations by objects that are
  intuitive and accessible
• B
• a formal technique covering from abstract
  specifications to executable codes
• powerful support tools AtelierB, B-ToolKit
• adaptable for industrial projects MÉTÉOR ...

4
UML-B Derivation Schemes

• Formalising UML Structure Concepts as B Data
  (MeyerSouquières at FM99)
• class
• attribute
• association
• inheritance
• state
• Formalising UML Behavioral Concepts as B
  operations
• class operation
• use case
• event
• transition
• action

5
UML-B Derivation Schemes

• UML-to-B Derivation Procedures (LedangSouquières
  at ASE01, IFM02, AFADL01)
• deriving B specifications from interaction ,
  object and class diagrams
• deriving B specifications from use case ,
  object and class diagrams
• deriving B specifications from state-chart ,
  object and class diagrams
• Generating B Operations and Invariants (ongoing
  work)
• translating OCL expressions into B
• generating B abstract operations
• generating invariants within B machines
• deriving messages into B statements
• generating B refinement operations

6
OCL Overview

•  Formal  language within UML notations
• supplemntary class invariant type definition,
  attribute properties , association properties
• class operation pre-/postcondition
• guard conditions
•  Object-Oriented  language
• simple to read and write
• postfixed operations object.attribute,
  object.assosEnd, Class.allInstances-gtsize,
  Class.allInstances-gtcollect(attribute)
• Typed language
• basic types Boolean, Integer, Real, String,
  EnumType, ObjectType
• collection types Set(T), Bag(T), Sequence(T)

7
Pump Component
The pump is a component is of a computer-based
system at a petrol station (cf. Chapter 6 in D.
Coleman et al. Object-Oriented Development, the
Fusion Approach). The component is required to
control the dispensing of petrol at a petrol
station. There are five Pumps, each pump is
composed of a Holster, a Gun, a Clutch, a Motor
and a Display. For each petrol dispensation
transaction, a Delivery is issued that will be
used by another component for the customer
payment.
8
Pump Class Diagram
9
Pumpen_Pump(...)
context Pumpen_Pump(pi PU_ID, gg Grade, vi
VEH_ID) void pre Pump.allInstances-gtcollect(
p p.id)-gtincludes(pi) post let pp
Set(Pump) Pump.allInstances-gtselect(p
p.id_at_pre pi and

p.status_at_pre disabled) in if pp-gtnotEmpty
then pp-gtforAll(p p.status enabled)
and pp-gtforAll(p p.display.grade gg)
and pp-gtforAll(p p.display.cost
costOfGrade(gg)) and pp-gtforAll(p
p.display.volume 0) and pp-gtforAll(p
p.display_veh_Id vi) and pp-gtforAll(p
p..motor.status on) and pp-gtforAll(p
p.clutch.status free) else true endif
10
OCL-to-B Transformation

• Doing with OCL expressions
• types and associated operations
• postconditions
• Giving B type semantics to OCL types
• basic types Boolean, Integer, String, Real,
  Enum, ObjectType
• collection types Set(T), Bag(T), Sequence(T)
• Giving B expression semantics to OCL operations
• predefined operations for basic types i1i2,
  ss-gtincludes(tt)
• object property access operations oo.attr,
  oo.assosEnd, oo.Oper(...)
• query operations on collections
  ss-gtselect(...), bb-gtcollect(...)
• Translating OCL postconditions into B
  substitutions
• determinism out expr(Input)
• non determinism boolexpr(out,Input)

11
Color Convention

• OCL Integer, Real, Boolean, ...
• B Z, INT, Seq, ...

12
OCL Basic Types vs. B Types

• Mismatch between OCL basic types and B predefined
  types
• Z or INT can be used to model Integer
• No B type corresponds to Real
• Mismatch between OCL operations and B operators
• no BOOL operator corresponds to Boolean operation
  implies
• no Z/INT operator corresponds to Integer
  operation /
• no STRING operator corresponds to String
  operations size, subString
• max(i1, i2) corresponds to i1.max(i2)

13
Formalising OCL Basic Types

• Boolean modelled by BOOL
• a xor b modelled by ?(a b)
• a implies b modelled by ?a ? b
• if a then b else c endif modelled by ?((a ? b)
  (?a ? c))
• Enumv1,...,vn modelled by Enumenum_v1,...,enu
  m_vn
• P_STATUSenabled, disabled modelled by
  P_STATUSp_status_enabled, p_status_disabled

14
Formalising OCL Basic Types

• Integer modelled by Z
• a div b modelled by a / b
• a gt b modelled by b ? a
• a.max(b) modelled by max(a, b)
• a.abs modelled by max(a, -a)
• a / b modelled by a ? (b / max(b, -b)) ?
  max(b, -b)
• Operations on fractions
• a / b c / d modelled by (a ? d b ? c) ? (b
  ? d)
• a / b lt c / d modelled by (a ? d ? b ? c)
• Real modelled by Z?Z
• Real operations are modelled in a similar manner
  for fraction operations

15
Formalising OCL Basic Types

• String modelled by seq(0..255)
• a String modelled by a ? seq(0..255)
• a.concat(b) modelled by a ? b
• a.subString(lower, upper) modelled by (a ? upper)
  ? lower
• no formalisation for toUpper and toLower
• Class modelled by CLASS
• Class.allInstances modelled by class
• Pump modelled by PUMP
• Pump.allInstances modelled by pump

16
OCL Collection and B Types

• Different collection type specialisations need
  different formalisations
• Set(T) all sub sets of T
• Bag(T) all multi sets on T
• Sequence(T) all sequences on T
• Collection operations need different
  formalisations for different collection types
  specialisations
• bb-gtincludes(tt) vs. ss-gtincludes(tt)
• bb-gtselect(tt boolexprtt) vs. ss-gtselect(tt
  boolexprtt)
• bb-gtcollect(tt exprtt) vs. ss-gtcollect(tt
  exprtt)
• ss-gtexcluding(tt) vs. se-gtexcluding(tt)

17
Formalising Collection Types

• Set(T) modelled by POW(T)
• ss Set(T) modelled by ss ? T
• Bag(T) modelled by T-gtN
• bb Bag(T) modelled by bb ? T -gt N
• bb.count(tt) modelled by bb(tt)
• Sequence(T) modelled by seq(T)

18
Collection Operations

• some formalisations
• ss-gtincludes(tt) modelled by tt ? ss
• bb-gtincludes(tt) modelled by tt ? dom(bb)
• se-gtincludes(tt) modelled by tt ? ran(se)
• ss-gtunion(ss2) modelled by ss?ss2
• bb-gtunion(bb2) modelled by tt, nn tt ? dom(bb)
  ? dom(bb2) ? nn ? N ? nn max(bbtt ?
  bb2tt)
• se-gtunion(se2) modelled by se ? se2
• ss-gtselect(ttboolexprtt) modelled by tt tt ?
  ss ? boolexprtt
• bb-gtselect(tt boolexprtt) modelled by tt, nn
  tt ? dom(bb) ? boolexprtt ? nn ? N ? nnbb(tt)
• ss-gtcollect(ttexprtt) modelled by x1, nn x1 ?
  exprttss ? nn ? N ? nn card(x2 x2 ?ss ?
  exprtt(x2) x1)

19
Formalising Collection Operations

• Pump.allInstances-gtselect(pp.idpi and
  p.statusdisabled)

pump
tt tt ? pump ? pump_id(tt)pi ?
pump_status(tt)p_status_disabled
Pump.allInstances-gtcollect(pp.id)-gtincludes(pi)
pump
x1, nn x1 ? pump_idpump ? nn ? N ? nn
card(x2 x2 ? pump ? pump_id(x2) x1)
pi ? dom(x1, nn x1 ? pump_idpump ? nn ? N ?
nn card(x2 x2 ? pump ? pump_id(x2) x1))
20
Formalising Collection Operations

• No B formalisation for
• ss-gtasSequence
• bb-gtasSequence
• se-gtexcluding(tt)
• se-gtselect(...)
• se-gtreject(...)
• se-gtcollect(...)
• ss-gtiterate(...), se-gtiterate(...),
  bb-gtiterate(...)

21
Property Access Operations

• OCL Syntax
• property access operation target.property
• target object object set object bag
  object sequence
• property attribute association end
  qualifiers association class name
   isQuery  class operation call
• B Formalisation
• exploiting UML-B derivation schemes for classes,
  attributes, associations, qualifiers
• taking into account multiplicity and ordered
  property of attributes and association ends
• exploiting B formalisation for Set(T), Bag(T) and
  Sequence(T)

22
Formalising Attribute Operations
attr1 class? Type1 attr2 class ? Type2
cc.attr1 modelled by attr1(cc) cc.attr2 modelled
by attr2cc sc.attr1 modelled by
attr1sc sc.attr2 modelled by tt, nn tt ?
attr2sc ? nn ? N ? nn card(attr2-1tt ?
sc) bc.attr2 is modelled on ly if attr2 is not
ordered se.attr2 can not be modelled
cc Class sc Set(Class) bc Bag(Class) se
Sequence(Class)
23
Navigation Operations with Qualifiers
assos class ? class2 q1 class2 ? Q1 ... qn
class2 ? Qn (assos-1 ? q1 ?... ? qn)-1 class ?
Q1 ? ... ? Qn? class2
cc Class v1 Q1, ..., vn Qn
cc.role2v1,...,vn modelled by (assos-1 ? q1
?... ? qn)-1(cc ? v1 ? ... ? vn)
24
Formalising Property Access OperationsMore

• Navigation operations to association classes
• cc.Assos modelled by cc ? assos cc ?
  assos(cc)
• bc.Assos modelled by tt, nn tt ? dom(bc) ?
  assos ? nn ? N ? nn bc(dom(cc))
•  isQuery  operation call
• formalising the corresponding postcondition
  instantiated with effetive parameters

25
Let expressions

• OCL syntax
• let variables types values in letbody
• B formalisation
• class invariant, preconditions, guard conditions
  formalising letbody with variables replaced by
  values
• postconditions using substitutions
• let variables be
• variables values
• in
• subst(letbody)
• end

26
Postconditions

• Specific operations
• object creation object.oclIsNew
• valeur précédente object.attribute
  object.attribute_at_pre 5
• Normalised postconditions (well-formed
  postconditions)
• P(Output,Input)
• Output out1,...,outn
• Input in1,...,inm
• outi result  out  parameter ltltnewgtgt
  object attribute association
• ini constant  in/inout  parameter
  attribute_at_pre association_at_pre existing
  objects
• P if cond then expr else expr endif
• expr if ...endif Pi and ... Pk
• Pi(outi,Input?NewObject) outiexpr(Input?Ne
  wObject)
• 
  boolexpr(outi, Input?NewObject)

27
Postconditions

• B formalisation of Pi
• using for determinism using any ... where
  for non determinism
• object.attribute object.attribute_at_pre 5
  modelled by attribute attribute lt
  object?attribute(object)5
• object.oclIsNew modelled by any cc where cc ?
  CLASS - class then class class ? vv
• eliminating all _at_pre before formalisation
• Pi and ... and Pk
• unifying substitutions
• B formalisation of If cond Then expr1 else expr2
  endif is If cond then subst(expr1) else/elsif
  subst(expr2) end

28
Postconditions
context Pumpen_Pump(pi PU_ID, gg Grade, vi
VEH_ID) void pre Pump.allInstances-gtcollect(
p p.id)-gtincludes(pi) post let pp
Set(Pump) Pump.allInstances-gtselect(p
p.id_at_prepi and

p.status_at_predisabled) in if pp-gtnotEmpty
then pp-gtforAll(p p.status enabled)
and pp-gtforAll(p p.display.grade gg)
and pp-gtforAll(p p.display.cost
costOfGrade(gg)) and pp-gtforAll(p
p.display.volume 0) and pp-gtforAll(p
p.display_veh_Id vi) and pp-gtforAll(p
p..motor.status on) and pp-gtforAll(p
p.clutch.status free) else true endif
29
pump_en_Pump(...)
pump_en_Pump(pi, gg, vi) pre pi ? PU_ID ? gg
? GRADE ? vi ? VEH_ID ? pi ? dom(x1, nn x1
? pump_idpump ? nn ? N ?
nn card(x2 x2 ? pump ? pump_id(x2)
x1)) then let pp be pp tt tt ?
pump ? pump_id(tt) pi ? pump_status(tt)
pump_disabled in if ?(pp ?) then
pump_status pump_status lt pp ? pump_enabled
display_grade display_gradelt
displayPumppp ? gg display_cost
display_cost lt displayPumppp ?
costOfGrade(gg) display_volume
display_volume lt displayPumppp ? 0
display_veh_id display_veh_id lt
displayPumppp ? vi motor_status
motor_status lt motorPumppp ? motor_on
clutch_status clutch_status lt
clutchPumppp ? free else skip end
end end
30
Conclusions

• Essential points
• giving B types semantics to OCL types used in OCL
  expressions
• giving B expression semantics to OCL operations
• giving B subsitution semantics to postconditions
• Perspectives
• extending Argo/UMLB OCL component with
  transformation rules from OCL into B