UML Statecharts的模型检验方法

统一建模语言UML已广泛应用于软件开发中,验证UML模型是否满足某些关键性质成为一个重要问题.提出了对UML Statecharts进行模型检验的方法.首先用扩展层次自动机结构化地表示UML Statecharts,然后给出其操作语义,通过寻找最大无冲突迁移集可以保证语义的正确性.对于具有无穷运行的系统,该操作语义可以映射到一个Büchi自动机.使用基于自动机理论的模型检验方法来验证UML Statecharts的线性时态逻辑性质,并给出方法验证由Statecharts和协同图建模的复杂多对象系统.     

UML状态机模型元素的RSL形式化定义

UML状态机作为UML动态描述机制的重要组成部分,在描述系统及模型的动态行为时扮演着重要的角色,但已有的UML动态语义缺乏准确的形式化描述。首先将UML状态机抽象成图;再将图通过传统的有穷自动机进行语义扩展,同时增加状态分层,形成一个基于UML状态机的有穷自动机;然后用RAISE规约语言RSL对扩展后的自动机进行形式化定义,使UML状态机中的模型元素的语义更加清晰、精确,为后期的UML状态机的操作语义形式化研究打下基础。     

UML状态机模型形式化验证技术研究

系统建模是系统开发经常用到的分析设计方法,如何保证模型的正确性一直是人们关注的话题.为了验证系统设计的模型正确性,进而提高整个系统的质量,提出了一种通过模型检查技术对UML状态机模型进行动态语义验证的方法.对状态机模型进行形式化描述,根据定义的映射规则将图形信息映射成模型检查器可以读取的语言,分析待验证的性质内容,通过使用模型检查器得到验证结果.     

UML状态机的形式语义

许多大型系统在进行分析和设计时,均采用UML作为需求描述语言,尤其是一些对安全性要求较高的系统,更是广泛采用UML的动态行为描述机制--状态机来描述协议及控制机制.但是,由于UML没有形式化的动态语义,不利于对其所描述的需求进行形式化验证和证明.为了解决这一问题,采用以下方法为UML状态机构建形式语义.把UML状态机中的状态映射到一种项代数上,用归纳的状态项表示状态机的状态.然后,把状态项映射到一种加标记的变迁系统LTS上,LTS-状态是状态机的状态项,LTS-变迁是UML状态机的微步.最后,用Plotk     

层次化UML 状态机在拆装过程仿真中的应用

针对目前飞机维修培训中拆装流程复杂,系统模型繁多的问题,采用层 次化分析法和UML 状态机相结合的建模方法,建立飞机组件的拆装过程模型。运用UML 状态机建立拆卸组件的状态、迁移和约束模型,规范拆卸零部件模型的统一性表达,提高建 模的效率。利用层次化方法对零部件进行层次规划,实现拆卸目标组件的有序逻辑表述,实 时监测拆卸零部件的状态,从而建立仿真程度高的训练模型。最后,以维修培训平台中飞机 某组件的拆装为例,验证层次化UML 状态机拆卸过程仿真方法的有效性。     

基于UML的计算机联锁软件的分析与建模

有效地测试、分析和验证计算机联锁软件是保证列车运行安全和旅客生命财产安全的重要手段,而形式化模型是系统测试、分析和验证的基础。以联锁软件的UML非形式化模型为基础,以有限状态机模型为系统形式化模型描述的数学工具,研究UML顺序图(场景)自动转化为有限状态机模型的方法。首先将场景的UML顺序图转化为FSP进程代数模型,然后通过合并不同对象的进程代数模型,得到系统的有限状态机模型。最后以接车进路用例为例生成系统的有限状态机模型,以验证该方法的可行性和有效性。     

UML模型到FSM模型的转换

通常可采用UML的各种图从Web应用不同方面对其进行建模.当对Web应用模型进行测试和验证时,需要分别考虑这些采用了不同图形描述的模型,这就带来了测试和验证的繁琐.如果将UML各种图转换到有限状态机(FSM)模型,则可以统一用FSM模型来表示、验证和测试.提出了基于状态迁移特性保持规则的UML到FSM的模型转换方法,特别针对UML状态图中的3种基本组成单元到FSM模型的转换,给出了各自的转换方法,并实现了原型工具UML2FSM.     

定义及验证UML Statechart图中的数据流语义

在传统的UML Statechart图中加入了数据流对象后,因为UML Statechart图缺乏精确的数据流语义,所以不适合应用UML Statechart图对工作流中的数据流进行建模并验证其正确性。为了解决这一问题,选择标记转换系统(LTS)作为语义域,并用结构化操作语义(SOS)分两步定义了UML Statechart图的数据流语义,为工作流中的数据流正确性验证奠定了基础。在此基础上,使用时序逻辑公式表示数据流所需满足的性质,在验证数据流的正确性之前,给出了将它的UML Statechart图模型转化为可达状态迁移图的算法,最后通过模型检测算法验证数据流的正确性。     

基于状态约简的顺序图和状态图一致性检测

为了解决系统设计过程中模型一致性问题,提出了一种对UML顺序图和状态图的语义一致性检测方法。该方法对顺序图和状态图一致性进行符号化描述,为一致性检测提供理论基础;提出状态约简规则和状态约简算法,能够减少冗余状态和迁移,证明了状态约简不影响一致性检测;提出改进的UML模型到PROMELA的转换方法并使用SPIN进行验证。实验表明上述方法能够有效地检测顺序图和状态图的一致性,在验证过程中减少冗余状态和迁移,转换后的代码结构简单、执行效率高。     

模型驱动的嵌入式系统设计安全性验证方法研究

基于模型的嵌入式系统安全性分析与验证方法是近年来在安全攸关系统工程领域中出现的一个重要研究热点。提出一种基于模型驱动架构的面向SysML/MARTE状态机的系统安全性验证方法,具体包括:构建了具备SysML/MARTE扩展语义的状态机元模型,以及安全性建模与分析语言AltaRica的语义模型GTS的元模型;然后建立了从SysML/MARTE状态机模型分别到时间自动机模型以及AltaRica模型的语义映射模型转换规则,并基于AMMA平台和时间自动机验证工具UPPAAL设计实现了对SysML/MARTE状态机的模型转换与系统安全性形式化验证的框架。最后给出了一个飞机着陆控制系统设计模型的安全性验证实例分析。     

A compositional semantics of UML-RSDS

This paper provides a semantics for the UML-RSDS (Reactive System Development Support) subset of UML, using the real-time action logic (RAL) formalism. We show how this semantics can be used to resolve some ambiguities and omissions in UML semantics, and to support reasoning about specifications using the B formal method and tools. We use ‘semantic profiles’ to provide precise semantics for different semantic variation points of UML. We also show how RAL can be used to give a semantics to notations for real-time specification in UML. Unlike other approaches to UML semantics, which concentrate on the class diagram notation, our semantic representation has behaviour as a central element, and can be used to define semantics for use cases, state machines and interactions, in addition to class diagrams.     

Institutionalising UML 2.0 state machines

A key challenge to achieve a unified semantics for UML is how to handle the heterogeneity of its sublanguages. In this context, the theory of institutions provides an elegant and robust framework for programming in the large and in particular for compositionality. It can be used to define a family of formalisms which capture various UML sublanguages, and morphisms that represent the expected semantic relationships between them, resulting in a heterogeneous environment for the semantic definition of UML. The main goal of this work is to collaborate with the definition of such environment. For this purpose, we define an institution for UML 2.0 state machines. The building blocks of our institution are based on a previous semantics dealing with processing simple input events within a transition step. We also extend these semantic definitions for handling sequences of events, and then for considering runs through the state machine.     

Formalising concurrent UML state machines using coloured Petri nets

With the increasing complexity of dynamic concurrent systems, a phase of formal specification and formal verification is needed. UML state machines are widely used to specify dynamic systems behaviours. However, the official semantics of UML is described in a semi-formal manner, which renders the formal verification of complex systems delicate. In this paper, we propose a formalisation of UML state machines using coloured Petri nets. We consider in particular concurrent aspects (orthogonal regions, forks, joins, variables), the hierarchy induced by composite states and their associated activities, external, local or inter-level transitions, entry/exit/do behaviours, transition priorities, and shallow history pseudostates. We use a CD player as a motivating example, and run various verifications using CPN Tools.     

Tool support for the rapid composition, analysis and implementation of reactive services

We present the integrated set of tools Arctis for the rapid development of reactive services. In our method, services are composed of collaborative building blocks that encapsulate behavioral patterns expressed as UML 2.0 collaborations and activities. Due to our underlying semantics in temporal logic, building blocks as well as their compositions can be transformed into formulas and model checked incrementally in order to guarantee that important system properties are kept. The process of model checking is fully automated. Error traces are presented to the users as easily understandable animations, so that no expertise in temporal logic is needed. In addition, the results of model checking are analyzed, so that in some cases automated diagnoses and fixes can be provided as well. The formal semantics also enables the correct, automatic synthesis of the activities to state machines which form the input of our code generators. Thus, the collaborative models can be fully automatically transformed into executable Java code. We present the development of a mobile treasure hunt system to exemplify the method and the tools.     

Timing consistency checking for UML/MARTE behavioral models

UML/MARTE model-driven development approaches are gaining attention in developing real-time embedded software (RTES). UML behavioral models with MARTE annotations are used to describe timing behaviors and timing characteristics of RTES. Particularly, state machine, sequence, and timing diagrams with MARTE annotations are appropriate to understand and analyze timing behaviors of RTES. However, to guarantee software correctness and safety, timing inconsistencies in UML/MARTE should be identified in the design phase of RTES. UML/MARTE timing inconsistencies are related to modeling errors and can be hazards throughout the lifecycle of RTES. We propose a systematic approach to check timing consistency of state machine, sequence, and timing diagrams with MARTE annotations for RTES. First, we present how state machine, sequence, and timing diagrams with MARTE annotations specify the behaviors of RTES. To overcome informal semantics of UML/MARTE models, we provide formal definitions of state machine, sequence, and timing diagrams with MARTE annotations. Second, we present the timing consistency checking approach that consists of a rule-based and a model checking-based timing consistency checking. In the rule-based timing consistency checking, we validate well formedness of UML/MARTE behavioral models in timing aspects. In the model checking-based timing consistency checking, we verify whether timing behaviors of sequence and timing diagrams with MARTE annotations are consistent with the timing behaviors of state machine diagrams with MARTE annotations. We support an automated timing consistency checking tool UML/MARTE timing Consistency Analyzer for a seamless approach. We demonstrate the effectiveness and the practicality of the proposed approach by two case studies using cruise control system software and guidance and control unit software.     

Compositional Operational Semantics of a UML-Kernel-Model Language

We define a compositional operational semantics for state machines and their composition in UML. Each state machine describes the behavior of an object of a class. If a class of a newly generated object is active, a new activity group, which is a singly-threaded collection of objects, is generated. Communication of state machines between activity groups differs from the one inside an activity group. We introduce (i) two parallel combinators reflecting this difference, which return a SOS given that their arguments are SOS, (ii) an SOS for each state machine regarded in isolation.     

Improving the coverage criteria of UML state machines using data flow analysis

A number of coverage criteria have been proposed for testing classes and class clusters modeled with state machines. Previous research has revealed their limitations in terms of their capability to detect faults. As these criteria can be considered to execute the control flow structure of the state machine, we are investigating how data flow information can be used to improve them in the context of UML state machines. More specifically, we investigate how such data flow analysis can be used to further refine the selection of a cost‐effective test suite among alternative, adequate test suites for a given state machine criterion. This paper presents a comprehensive methodology to perform data flow analysis of UML state machines—with a specific focus on identifying the data flow from OCL guard conditions and operation contracts—and applies it to a widely referenced coverage criterion, the round‐trip path (transition tree) criterion. It reports on two case studies whose results show that data flow information can be used to select the best transition tree, in terms of cost effectiveness, when more than one satisfies the transition tree criterion. The results also suggest that different trees are complementary in terms of the data flow that they exercise, thus, leading to the detection of intersecting but distinct subsets of faults. Copyright © 2009 John Wiley & Sons, Ltd.     

UML活动图描述工作流模型的执行语义

UML是软件工程中广泛应用的建模语言,但其主要问题是缺少严格的形式化语义,因而描述的模型容易产生歧义．根据UML活动图的语法和工作流系统的特点,为UML活动图定义了一种执行语义．基于时间转变系统模型,将工作流系统的执行描述为时间转变和数据转变两个交替进行的过程．时间转变描述时间的前进,数据转变修改工作流案例的状态,这种语义比层次状态图具有更强的描述并行的能力,比Petri网和进程代数更适合描述工作流模型．