user-friendly ways to capture temporal properties - seminar at kth, june 2015

User-friendly ways to capture temporal properties

KTH – June 2015, Stockholm, Sweden

Patrizio Pelliccione – Docent in software engineering, Chalmers|GU

www.patriziopelliccione.com

Properties Sequence Chart (PSC)

•  Temporal  Proper,es  are  typically  specified  as  formulae  in  suitable  temporal  logics  

•  The  inherent  complexity  of  Temporal  Logic  formulae  may  induce  to  specify  proper,es  in  a  wrong  way  

Problem  space  

•  Proper,es  Sequence  Chart  (PSC)  is  a  scenario-­‐based  visual  language  for  specifying  temporal  proper,es  which  balances  simplicity  of  use  and  expressive  power  

Solu,on  space  

Marco  Au)li,  Paola  Inverardi,  Patrizio  Pelliccione  (2007)    Graphical  scenarios  for  specifying  temporal  proper3es:  an  automated  approach  ,  Automated  SoIware  Engg.  14:  3.  293-­‐340  

hQp://www.di.univaq.it/psc/    

Properties Sequence Chart (PSC)

Properties Sequence Chart (PSC)

c1:C1

Component Instance c1

r: a

Required message

e: a

Regular message

f: a

Fail message

loop(x,y) Loop operator

tiTime-line

b={Ci.l1.Cj,…,Ck.ln.Ct}

Unwanted Message Constraint

Alternative operator

alt

...

Strict operator

b

g=(Ci.l1.Cj,…,Ck.ln.Ct)=>

Wanted Chain Constraint

g

g=(Ci.l1.Cj,…,Ck.ln.Ct)

Unwanted Chain Constraint

g=>

Parallel operator

par

...

Properties Sequence Chart (PSC)

c1:C1

Component Instance c1

r: a

Required message

e: a

Regular message

f: a

Fail message

loop(x,y) Loop operator

tiTime-line

b={Ci.l1.Cj,…,Ck.ln.Ct}

Unwanted Message Constraint

Alternative operator

alt

...Strict

operator

b

g=(Ci.l1.Cj,…,Ck.ln.Ct)=>

Wanted Chain Constraint

g

g=(Ci.l1.Cj,…,Ck.ln.Ct)

Unwanted Chain Constraint

g=>

Parallel operator

par

...

Alert&system&

Speed&controller&

Lane&dep.&controller&

Driver&controller&

e:&speed&>&65km/h&

e:&distance&decreases&

r:&alerted&speed&>=&60km/h&

speed&>=&60km/h&

Translation to Büchi automata

required  messages  

Translation to Büchi automata

regular  messages  

Translation to Büchi automata

fail  messages  

Translation to Büchi automata

required  messages:  chain  constraint  

Translation to Büchi automata

regular  messages:  chain  constraint  

Translation to Büchi automata

fail  messages:  chain  constraint  

Translation to Büchi automata: composition

Trace-based semantics: an excerpt

Example

hQps://www.media.volvocars.com/global/en-­‐gb/media/pressreleases/12130    

Properties Sequence Chart (PSC)

If  the  speed  of  the  car  was  greater  than  65km/h,  the  distance  between  the  car  and  the  road  lane  

markings  decreased  rapidly,  and,  in  the  meanwhile,  the  speed  of  the  car  was  not  

decreased  under  60km/h,  then  the  driver  is  alerted  via  an  audible  signal  

Properties Sequence Chart (PSC)

If  the  speed  of  the  car  was  greater  than  65km/h,  the  distance  between  the  car  and  the  road  lane  

markings  decreased  rapidly,  and,  in  the  meanwhile,  the  speed  of  the  car  was  not  

decreased  under  60km/h,  then  the  driver  is  alerted  via  an  audible  signal  

Speed  controller  

Driver  controller  

e:  speed  >  65km/h  

Properties Sequence Chart (PSC)

If  the  speed  of  the  car  was  greater  than  65km/h,  the  distance  between  the  car  and  the  road  lane  

markings  decreased  rapidly,  and,  in  the  meanwhile,  the  speed  of  the  car  was  not  

decreased  under  60km/h,  then  the  driver  is  alerted  via  an  audible  signal  

Speed  controller  

Lane  dep.  controller  

Driver  controller  

e:  speed  >  65km/h  

e:  distance  decreases  

Properties Sequence Chart (PSC)

If  the  speed  of  the  car  was  greater  than  65km/h,  the  distance  between  the  car  and  the  road  lane  

markings  decreased  rapidly,  and,  in  the  meanwhile,  the  speed  of  the  car  was  not  

decreased  under  60km/h,  then  the  driver  is  alerted  via  an  audible  signal  

Speed  controller  

Lane  dep.  controller  

Driver  controller  

e:  speed  >  65km/h  

e:  distance  decreases  

speed  >=  60km/h  

Properties Sequence Chart (PSC)

If  the  speed  of  the  car  was  greater  than  65km/h,  the  distance  between  the  car  and  the  road  lane  

markings  decreased  rapidly,  and,  in  the  meanwhile,  the  speed  of  the  car  was  not  

decreased  under  60km/h,  then  the  driver  is  alerted  via  an  audible  signal  

Alert  system  

Speed  controller  

Lane  dep.  controller  

Driver  controller  

e:  speed  >  65km/h  

e:  distance  decreases  

r:  alerted  speed  >=  60km/h  

speed  >=  60km/h  

PSC impact •  Extensions and uses of PSC

–  Timed Property Sequence Chart (TPSC) - http://dx.doi.org/10.1016/j.jss.2009.09.013

–  Probabilistic Timed Property Sequence Chart (PTPSC) - http://dx.doi.org/10.1109/ASE.2009.56

–  Monitoring of PSC and TPSC properties - http://dx.doi.org/10.1007/978-3-642-16612-9_39

–  Monitoring of PTPSC - http://onlinelibrary.wiley.com/doi/10.1002/spe.1038/abstract

PSC  is  the  nota,on  used  by  SDL-­‐RT  V2.3  standard  to  express  temporal  proper,es  

PSC  is  the  nota,on  used  by  MSC  Tracer  to  express  temporal  proper,es  

hQp://www.sdl-­‐rt.org/    

hQp://www.pragmadev.com/product/tracing.html    

PSC  is  one  of  the  nota,ons  adopted  within  the  Presto  project  (ARTEMIS-­‐2010-­‐1-­‐269362)  

hQp://www.presto-­‐embedded.eu/    

Marco  Au)li,  Lars  Grunske,  Markus  Lumpe,  Patrizio  Pelliccione,  and  Antony  Tang  (2015)    Aligning  Qualita3ve,  Real-­‐Time,  and  Probabilis3c  Property  Specifica3on  PaBerns  Using  a  Structured  English  Grammar,  IEEE  Transac,ons  on  SoIware  Engineering  (TSE),  To  appear.    

Property specification patterns Property  paQerns  

Occurrence   Order  

Absence  

Universality   Existence  

Bounded  Existence  

Precedence  

Response   Chain    Precedence  

Chain  Response  

Ma>hew  B.  Dwyer,  George  S.  Avrunin,  and  James  C.  Corbe>.  1999.  PaBerns  in  property  specifica3ons  for  finite-­‐state  verifica3on.  In  Proceedings  of  the  21st  interna)onal  conference  on  SoKware  engineering  (ICSE  '99).  ACM,  New  York,  NY,  USA,  411-­‐420.  

Patterns scope

Global  

Before  R  

AIer  Q  

Between  Q  and  R  

AIer  Q  un,l  R  

R   R  

Q   Q  

Q   Q   Q   R  R   R  

Q   Q   Q  R   R  

Q  

Q  

An example: Response pattern

•  To describe cause-effect relationships between a pair of events/states. An occurrence of the first, the cause, must be followed by an occurrence of the second, the effect. Also known as Follows and Leads-to.

Real-time specification patterns

Sascha  Konrad  and  Be>y  H.  C.  Cheng.  2005.  Real-­‐3me  specifica3on  paBerns.  In  Proceedings  of  the  27th  interna)onal  conference  on  SoKware  engineering  (ICSE  '05).  ACM,  New  York,  NY,  USA,  372-­‐381.  

Real-time specification patterns

Probabilistic Property patterns

Lars  Grunske.  2008.  Specifica3on  paBerns  for  probabilis3c  quality  proper3es.  In  Proceedings  of  the  30th  interna)onal  conference  on  SoKware  engineering  (ICSE  '08).  ACM,  New  York,  NY,  USA,  31-­‐40.    

Probabilistic Property patterns

Property specification patterns

40  newly  iden,fied  or  extended  paQerns  

PSP Wizard

PSPWizard user interface

Property Specification Patterns Structured English grammar

Property Specification Patterns Structured English grammar

Example

hQps://www.media.volvocars.com/global/en-­‐gb/media/pressreleases/12130    

Example

The  driver  is  alerted  via  an  audible  signal  if  the  speed  of  the  car  was  greater  than  

65km/h,  the  distance  between  the  car  and  the  road  lane  markings  decreased  rapidly,  and,  in  the  meanwhile,  the  speed  of  the  car  

was  not  decreased  under  60km/h.  

Example

If  the  driver  is  alerted  via  an  audible  signal  then  it  must  have  been  the  case  that  the  speed  of  the  car  

was  greater  than  65km/h  and  aGerwards  the  distance  between  the  car  and  the  road  lane  

markings  decreased  rapidly  and  aGerwards  the  speed  of  the  car  was  not  decre.9%.  

The  driver  is  alerted  via  an  audible  signal  if  the  speed  of  the  car  was  greater  than  

65km/h,  the  distance  between  the  car  and  the  road  lane  markings  decreased  rapidly,  and,  in  the  meanwhile,  the  speed  of  the  car  

was  not  decreased  under  60km/h.  

Example

If  the  driver  is  alerted  via  an  audible  signal  then  it  must  have  been  the  case  that  the  speed  of  the  car  

was  greater  than  65km/h  and  aGerwards  the  distance  between  the  car  and  the  road  lane  

markings  decreased  rapidly  without  the  speed  of  the  car  was  decreased  under  60km/h  in  between  

The  driver  is  alerted  via  an  audible  signal  if  the  speed  of  the  car  was  greater  than  

65km/h,  the  distance  between  the  car  and  the  road  lane  markings  decreased  rapidly,  and,  in  the  meanwhile,  the  speed  of  the  car  

was  not  decreased  under  60km/h.  

Example

If  the  driver  is  alerted  via  an  audible  signal  then  it  must  have  been  the  case  that  the  speed  of  the  car  

was  greater  than  65km/h  and  aGerwards  the  distance  between  the  car  and  the  road  lane  

markings  decreased  rapidly  without  the  speed  of  the  car  was  decreased  under  60km/h  in  between.  

The  driver  is  alerted  via  an  audible  signal  if  the  speed  of  the  car  was  greater  than  

65km/h,  the  distance  between  the  car  and  the  road  lane  markings  decreased  rapidly,  and,  in  the  meanwhile,  the  speed  of  the  car  

was  not  decreased  under  60km/h.  

hQp://ps-­‐paQerns.wikidot.com/    

“A  paQern  system  does  not  belong  to  an  individual,  but  to  the  community  of  experts  and  prac,,oners  who  contribute  to  and  use  it.”  (Dwyer  et  al.)  

Questions?

www.patriziopelliccione.com