User-friendly ways to capture temporal properties
KTH – June 2015, Stockholm, Sweden
Patrizio Pelliccione – Docent in software engineering, Chalmers|GU
www.patriziopelliccione.com
Properties Sequence Chart (PSC)
• Temporal Proper,es are typically specified as formulae in suitable temporal logics
• The inherent complexity of Temporal Logic formulae may induce to specify proper,es in a wrong way
Problem space
• Proper,es Sequence Chart (PSC) is a scenario-‐based visual language for specifying temporal proper,es which balances simplicity of use and expressive power
Solu,on space
Marco Au)li, Paola Inverardi, Patrizio Pelliccione (2007) Graphical scenarios for specifying temporal proper3es: an automated approach , Automated SoIware Engg. 14: 3. 293-‐340
hQp://www.di.univaq.it/psc/
Properties Sequence Chart (PSC)
Properties Sequence Chart (PSC)
c1:C1
Component Instance c1
r: a
Required message
e: a
Regular message
f: a
Fail message
loop(x,y) Loop operator
tiTime-line
b={Ci.l1.Cj,…,Ck.ln.Ct}
Unwanted Message Constraint
Alternative operator
alt
...
Strict operator
b
g=(Ci.l1.Cj,…,Ck.ln.Ct)=>
Wanted Chain Constraint
g
g=(Ci.l1.Cj,…,Ck.ln.Ct)
Unwanted Chain Constraint
g=>
Parallel operator
par
...
Properties Sequence Chart (PSC)
c1:C1
Component Instance c1
r: a
Required message
e: a
Regular message
f: a
Fail message
loop(x,y) Loop operator
tiTime-line
b={Ci.l1.Cj,…,Ck.ln.Ct}
Unwanted Message Constraint
Alternative operator
alt
...Strict
operator
b
g=(Ci.l1.Cj,…,Ck.ln.Ct)=>
Wanted Chain Constraint
g
g=(Ci.l1.Cj,…,Ck.ln.Ct)
Unwanted Chain Constraint
g=>
Parallel operator
par
...
Alert&system&
Speed&controller&
Lane&dep.&controller&
Driver&controller&
e:&speed&>&65km/h&
e:&distance&decreases&
r:&alerted&speed&>=&60km/h&
speed&>=&60km/h&
Translation to Büchi automata
required messages
Translation to Büchi automata
regular messages
Translation to Büchi automata
fail messages
Translation to Büchi automata
required messages: chain constraint
Translation to Büchi automata
regular messages: chain constraint
Translation to Büchi automata
fail messages: chain constraint
Translation to Büchi automata: composition
Trace-based semantics: an excerpt
Example
hQps://www.media.volvocars.com/global/en-‐gb/media/pressreleases/12130
Properties Sequence Chart (PSC)
If the speed of the car was greater than 65km/h, the distance between the car and the road lane
markings decreased rapidly, and, in the meanwhile, the speed of the car was not
decreased under 60km/h, then the driver is alerted via an audible signal
Properties Sequence Chart (PSC)
If the speed of the car was greater than 65km/h, the distance between the car and the road lane
markings decreased rapidly, and, in the meanwhile, the speed of the car was not
decreased under 60km/h, then the driver is alerted via an audible signal
Speed controller
Driver controller
e: speed > 65km/h
Properties Sequence Chart (PSC)
If the speed of the car was greater than 65km/h, the distance between the car and the road lane
markings decreased rapidly, and, in the meanwhile, the speed of the car was not
decreased under 60km/h, then the driver is alerted via an audible signal
Speed controller
Lane dep. controller
Driver controller
e: speed > 65km/h
e: distance decreases
Properties Sequence Chart (PSC)
If the speed of the car was greater than 65km/h, the distance between the car and the road lane
markings decreased rapidly, and, in the meanwhile, the speed of the car was not
decreased under 60km/h, then the driver is alerted via an audible signal
Speed controller
Lane dep. controller
Driver controller
e: speed > 65km/h
e: distance decreases
speed >= 60km/h
Properties Sequence Chart (PSC)
If the speed of the car was greater than 65km/h, the distance between the car and the road lane
markings decreased rapidly, and, in the meanwhile, the speed of the car was not
decreased under 60km/h, then the driver is alerted via an audible signal
Alert system
Speed controller
Lane dep. controller
Driver controller
e: speed > 65km/h
e: distance decreases
r: alerted speed >= 60km/h
speed >= 60km/h
PSC impact • Extensions and uses of PSC
– Timed Property Sequence Chart (TPSC) - http://dx.doi.org/10.1016/j.jss.2009.09.013
– Probabilistic Timed Property Sequence Chart (PTPSC) - http://dx.doi.org/10.1109/ASE.2009.56
– Monitoring of PSC and TPSC properties - http://dx.doi.org/10.1007/978-3-642-16612-9_39
– Monitoring of PTPSC - http://onlinelibrary.wiley.com/doi/10.1002/spe.1038/abstract
PSC is the nota,on used by SDL-‐RT V2.3 standard to express temporal proper,es
PSC is the nota,on used by MSC Tracer to express temporal proper,es
hQp://www.sdl-‐rt.org/
hQp://www.pragmadev.com/product/tracing.html
PSC is one of the nota,ons adopted within the Presto project (ARTEMIS-‐2010-‐1-‐269362)
hQp://www.presto-‐embedded.eu/
Marco Au)li, Lars Grunske, Markus Lumpe, Patrizio Pelliccione, and Antony Tang (2015) Aligning Qualita3ve, Real-‐Time, and Probabilis3c Property Specifica3on PaBerns Using a Structured English Grammar, IEEE Transac,ons on SoIware Engineering (TSE), To appear.
Property specification patterns Property paQerns
Occurrence Order
Absence
Universality Existence
Bounded Existence
Precedence
Response Chain Precedence
Chain Response
Ma>hew B. Dwyer, George S. Avrunin, and James C. Corbe>. 1999. PaBerns in property specifica3ons for finite-‐state verifica3on. In Proceedings of the 21st interna)onal conference on SoKware engineering (ICSE '99). ACM, New York, NY, USA, 411-‐420.
Patterns scope
Global
Before R
AIer Q
Between Q and R
AIer Q un,l R
R R
Q Q
Q Q Q R R R
Q Q Q R R
Q
Q
An example: Response pattern
• To describe cause-effect relationships between a pair of events/states. An occurrence of the first, the cause, must be followed by an occurrence of the second, the effect. Also known as Follows and Leads-to.
Real-time specification patterns
Sascha Konrad and Be>y H. C. Cheng. 2005. Real-‐3me specifica3on paBerns. In Proceedings of the 27th interna)onal conference on SoKware engineering (ICSE '05). ACM, New York, NY, USA, 372-‐381.
Real-time specification patterns
Probabilistic Property patterns
Lars Grunske. 2008. Specifica3on paBerns for probabilis3c quality proper3es. In Proceedings of the 30th interna)onal conference on SoKware engineering (ICSE '08). ACM, New York, NY, USA, 31-‐40.
Probabilistic Property patterns
Property specification patterns
40 newly iden,fied or extended paQerns
PSP Wizard
PSPWizard user interface
Property Specification Patterns Structured English grammar
Property Specification Patterns Structured English grammar
Example
hQps://www.media.volvocars.com/global/en-‐gb/media/pressreleases/12130
Example
The driver is alerted via an audible signal if the speed of the car was greater than
65km/h, the distance between the car and the road lane markings decreased rapidly, and, in the meanwhile, the speed of the car
was not decreased under 60km/h.
Example
If the driver is alerted via an audible signal then it must have been the case that the speed of the car
was greater than 65km/h and aGerwards the distance between the car and the road lane
markings decreased rapidly and aGerwards the speed of the car was not decre.9%.
The driver is alerted via an audible signal if the speed of the car was greater than
65km/h, the distance between the car and the road lane markings decreased rapidly, and, in the meanwhile, the speed of the car
was not decreased under 60km/h.
Example
If the driver is alerted via an audible signal then it must have been the case that the speed of the car
was greater than 65km/h and aGerwards the distance between the car and the road lane
markings decreased rapidly without the speed of the car was decreased under 60km/h in between
The driver is alerted via an audible signal if the speed of the car was greater than
65km/h, the distance between the car and the road lane markings decreased rapidly, and, in the meanwhile, the speed of the car
was not decreased under 60km/h.
Example
If the driver is alerted via an audible signal then it must have been the case that the speed of the car
was greater than 65km/h and aGerwards the distance between the car and the road lane
markings decreased rapidly without the speed of the car was decreased under 60km/h in between.
The driver is alerted via an audible signal if the speed of the car was greater than
65km/h, the distance between the car and the road lane markings decreased rapidly, and, in the meanwhile, the speed of the car
was not decreased under 60km/h.
hQp://ps-‐paQerns.wikidot.com/
“A paQern system does not belong to an individual, but to the community of experts and prac,,oners who contribute to and use it.” (Dwyer et al.)
Questions?
www.patriziopelliccione.com