# Software Design, Modelling and Analysis in UML Lecture 11: Core State Machines II

#### 2012-12-05

Prof. Dr. Andreas Podelski, Dr. Bernd Westphal

Albert-Ludwigs-Universität Freiburg, Germany

## Contents & Goals

#### Last Lecture:

- Core State Machines
- UML State Machine syntax
- State machines belong to classes.

#### This Lecture:

- Educational Objectives: Capabilities for following tasks/questions.
  - What does this State Machine mean? What happens if I inject this event?
  - Can you please model the following behaviour.
  - What is: Signal, Event, Ether, Transformer, Step, RTC.

#### • Content:

- Ether, System Configuration, Transformer
- Run-to-completion Step
- Putting It All Together

- 11 - 2012-12-05 - main

Recall: UML State Machines



3/64





- 11 - 2012-12-05 - Sstmover -

6/64

The Basic Causality Model

## 7/64

# 6.2.3 The Basic Causality Model [OMG, 2007b, 12]

"Causality model' is a specification of how things happen at run time [...].

The causality model is quite straightforward:

- Objects respond to messages that are generated by objects executing communication actions.
- When these messages arrive, the receiving objects eventually respond by executing the behavior that is **matched** to that message.
- The dispatching method by which a particular behavior is associated with a given message depends on the higher-level formalism used and is not defined in the UML specification (i.e., it is a semantic variation point).

The causality model also subsumes behaviors invoking each other and passing information to each other through arguments to parameters of the invoked behavior, [...].

This purely 'procedural' or 'process' model can be used by itself or in conjunction with the object-oriented model of the previous example."

- 11 - 2012-12-05 - Sstmstd

### 15.3.12 StateMachine [ОМG, 2007ь, 563]

- Event occurrences are detected, dispatched, and then processed by the state machine, one at a time.
- The semantics of event occurrence processing is based on the **run-tocompletion assumption**, interpreted as **run-to-completion processing**.
- Run-to-completion processing means that an event [...] can only be taken from the pool and dispatched if the processing of the previous [...] is fully completed.
- The processing of a single event occurrence by a state machine is known as a **run-to-completion step**.
- Before commencing on a run-tocompletion step, a state machine is in a stable state configuration with all entry/exit/internal-activities (but not necessarily do-activities) completed.

- The same conditions apply after the run-to-completion step is completed.
- Thus, an event occurrence will never be processed [...] in some intermediate and inconsistent situation.
- [IOW,] The run-to-completion step is the passage between two state configurations of the state machine.
- The run-to-completion assumption simplifies the transition function of the StM, since concurrency conflicts are avoided during the processing of event, allowing the StM to safely complete its run-tocompletion step.

10/64

## 15.3.12 StateMachine [ОМG, 2007ь, 563]

- The order of dequeuing is **not defined**, leaving open the possibility of modeling different priority-based schemes.
- Run-to-completion may be implemented in various ways. [...]





- ...:
  - We have to formally define what event occurrence is.
  - We have to define where events are stored what the event pool is.
  - We have to explain how transitions are chosen "matching".
  - We have to explain what the effect of actions is on state and event pool.
  - We have to decide on the granularity micro-steps, steps, run-to-completion steps (aka. super-steps)?
  - We have to formally define a notion of stability and RTC-step completion.
  - And then: hierarchical state machines.



## Roadmap: Chronologically

- (i) What do we (have to) cover? UML State Machine Diagrams Syntax.
- (ii) Def.: Signature with signals.
- (iii) Def.: Core state machine.
- $\varphi \in \mathsf{OCL}$ CD, SM  $\mathcal{CD}, \mathcal{SD}$ (iv) Map UML State Machine Diagrams to core state machines.  $\mathcal{T}, \mathcal{C}, V, atr), SM$  $\mathcal{S}, SD$

 $(\Sigma^{\mathscr{D}})$ 

SM

UML

exp

 $(\sigma_1, \varepsilon_1)$ 

OD

 $Snd_0$ )

G = (N, E, f)

#### Semantics:

The Basic Causality Model

- (v) Def.: Ether (aka. event pool)
- (vi) Def.: System configuration.
- (vii) Def.: Event.

- Sstmstd

2012-12-05 -

- (viii) Def.: Transformer.
- (ix) Def.: Transition system, computation.
- (x) Transition relation induced by core state machine.
- (xi) Def.: step, run-to-completion step.
- (xii) Later: Hierarchical state machines.

14/64

 $S_{SD}, F_{SD})$ 

 $((\sigma_i, cons_i, Snd_i))_{i \in \mathbb{N}}$ 

Mathematics

 $(Q_{SD}, q_0, A_3)$ 

UML

System Configuration, Ether, Transformer

Definition. Let \$\mathcal{S}\$ = \$(\mathcal{T}, \mathcal{C}, V, atrib)\$ be a signature with signals and \$\varDelta\$ a structure.
We call a biracture (Eth, ready, ⊕, ⊖, [·]) an ether over \$\mathcal{S}\$ and \$\varDelta\$ if and only if it provides
a ready operation which yields a set of events that are ready for a given object, i.e. for an event and an object with a ref of proof \$\varLeta\$ identify \$\varLeta\$ y \$\varLeta\$ of \$\varLeta\$ for \$\varLeta\$ and \$\varLeta\$ a point and an object with \$\varLeta\$ signal-instruction \$\varLeta\$ ready if \$\varLeta\$ and \$\varLeta\$ a point \$\varLeta\$ and \$\varLeta\$ of \$\varLeta\$ of \$\varLeta\$ for \$\varLeta\$ signal-instruction \$\varLeta\$ ready : \$Eth\$ × \$\varLeta\$ (\$\varLeta\$) > \$\varLeta\$ \$\varLeta\$ of \$\

16/64

Ether: Examples $(\pounds h, & \forall g, \oplus, \Theta, [\cdot])$ rody $\pounds t \times \mathfrak{V}(\mathcal{O}) \rightarrow 2^{\mathfrak{P}(\mathcal{E})}$ • A (single, global, shared, reliable) FIFO queue is an ether:• Eth:

- Eth:
   Here set of finite sequences of poils (u,e), u eD(C), e eD(E)
- ready ( (u,e), €, u) = { (u,e) }, roody ( (v,e), €, u) = Ø if v ≠ u, ready ( ·, u) = Ø
- $\oplus$  ( $\varepsilon$ ,  $v_1 e$ ) =  $\varepsilon$ . ( $v_1 e$ )
- $\ominus$  ((y,e). $\varepsilon$ , e) =  $\varepsilon$ ,  $\Theta$  ((y,e). $\varepsilon$ , e') =  $\varepsilon$ , if e'  $\neq$  e,  $\Theta$  (·, e) = ·
- [E](v): recharge ell (u,e) pairs from e
- One FIFO queue per active object is an ether.
- (• Lossy queue.)
- One-place buffer.
- Priority queue.
- Multi-queues (one per sender).
- Trivial example: sink, "black hole".
- ...

11 - 2012-12-05 - Sstn

- 11 - 2012-12-05 - Sstmsem

• The order of dequeuing is **not defined**, leaving open the possibility of modeling different priority-based schemes.

• Run-to-completion may be implemented in various ways. [...]

18/64

### *Ether and [OMG, 2007b]*

The standard distinguishes (among others)

• SignalEvent [OMG, 2007b, 450] and Reception [OMG, 2007b, 447].

On SignalEvents, it says

A signal event represents the receipt of an asynchronous signal instance. A signal event may, for example, cause a state machine to trigger a transition. [OMG, 2007b, 449]

[...]

#### Semantic Variation Points

The means by which requests are transported to their target depend on the type of requesting action, the target, the properties of the communication medium, and numerous other factors.

In some cases, this is instantaneous and completely reliable while in others it may involve transmission delays of variable duration, loss of requests, reordering, or duplication.

(See also the discussion on page 421.) [OMG, 2007b, 450]

Our **ether** is a general representation of the possible choices.

**Often seen minimal requirement**: order of sending **by one object** is preserved. But: we'll later briefly discuss "discarding" of events.

# References

63/64

## References

- [Harel and Gery, 1997] Harel, D. and Gery, E. (1997). Executable object modeling with statecharts. *IEEE Computer*, 30(7):31–42.
- [OMG, 2007a] OMG (2007a). Unified modeling language: Infrastructure, version 2.1.2. Technical Report formal/07-11-04.
- [OMG, 2007b] OMG (2007b). Unified modeling language: Superstructure, version 2.1.2. Technical Report formal/07-11-02.