Introduction to ASMs
Download
Report
Transcript Introduction to ASMs
Introduction to ASMs
http://www.eecs.umich.edu/gasm/
Dumitru Roman
Digital Enterprise Research Institute
[email protected]
Outline
• ASMs Characteristics
• ASMs Definition
– Abstract States
– Abstract Instructions for Changing States
• AsmL: an ASM engine
– An example
• DASMs for formalizing BPEL4WS
[email protected]
2
ASMs overview
• A practical method for rigorous system development which has
been used successfully under industrial constraints for design and
analysis of complex hardware/software systems.
• Formalism for modelling/formalising algorithms
• Previously known as Evolving algebras
• An attempt to bridge the gap between formal models of
computation and practical specification methods.
Modeling
Informal specification of
the hardware/software
system
What System are
you building?
Refinement
ASM Model
Validation
Verification
Are you building
the right system?
Are you building
the system right?
[email protected]
Implementation of the
system (C, Java, etc)
3
ASM methodology characteristics
http://www.eecs.umich.edu/gasm/intro.html
• Precision: ASMs use classical mathematical structures
that are well-understood
• Faithfulness: ASMs require a minimal amount of
notational coding
• Understandability: ASMs use an extremely simple
syntax, which can be read as a form of pseudo-code
• Executablity: ASMs can be tested by executing them
• Scalability: ASMs can describe a system/algorithm on
different levels of abstraction
• Generality: ASMs have been shown to be useful in
many different application domains
[email protected]
4
Abstract States (1)
• States can be viewed as (first-order) structures of
mathematical logic
• Structures - syntax
– A vocabulary contains:
• A finite collection of function names, each of a fixed arity
• The equality sign, and nullary names true, false, undef, and unary name
Boole, and the names of the usual Boolean operations
– Terms - defined by the usual induction:
• A nullary function name is a term.
• If f is a function name of positive arity j and if t1,…,tj are terms, then
f(t1,…,tj ) is a term.
[email protected]
5
Abstract States (2)
• Structures – semantics
– A structure X of vocabulary T is a nonempty set S together
with interpretations of the function names in T over S
– A j-ary function name is interpreted as a function from Sj to
S
– A nullary function is identified with its value.
– The interpretation of a j-ary relation R is a function from Sj
to {true; false}
– The equality sign is interpreted as the identity relation S
[email protected]
6
Abstract Instructions for Changing
States
• The most general structure transforming machine
instructions (called ASM rules) are guarded assignments
to functions at given arguments expressable in the
following form
if Cond then Updates
• Cond is an arbitrary condition statement formulated in
the given vocabulary
• Updates consists of finitely many function updates
f(t1,…,tn):= t which are executed simultaneously
[email protected]
7
ASMs Definition
Egon Börger, "High Level System Design and Analysis using Abstract State Machines".
Current Trends in Applied Formal Methods (FM-Trends 98). Springer LNCS 1641, 1999.
• An ASM M is a finite set of rules for guarded multiple function
updates
• Applying one step of M to a state (algebra) A produces as next
state another algebra A’ of the same signature obtained as
follows:
– First evaluate in A using the standard interpretation of classical logic all
the guards of all the rules of M
– Compute in A for each of the rules of M whose guard evaluates to true
all the arguments and all the values appearing in the updates of this rule
– Replace simultaneously for each rule and for all the locations in question
the previous A-function value by the newly computed value
– The algebra A’ thus obtained differs from A by the new values for those
functions at those arguments where the values are updated by a rule of M
which could fire in A
[email protected]
8
ASMs thesis
• “Sequential Abstract State Machines Capture
Sequential Algorithms”, by Yuri Gurevich; ACM
Transactions on Computational Logic, July 2000
• “Abstract State Machines Capture Parallel
Algorithms”, by Andreas Blass and Yuri
Gurevich; ACM Transactions on Computational
Logic (TOCL), October 2003
• The methodology is not proved yet for
distributed algorithms
[email protected]
9
ASM engines
http://www.eecs.umich.edu/gasm/tools.html
• A practical specification language is needed to
write and execute ASM models => ASM
engines:
– ASM Workbench (U Paderborn, Siemens)
– XASM (TU Berlin, Kestrel)
– ASM Gofer (U Ulm, Siemens)
– AsmL = ASM Language (Microsoft)
[email protected]
10
AsmL
http://research.microsoft.com/fse/asml
• An AsmL model (or program) - defined using a fixed vocabulary of
symbols of our choosing.
– The names of its state variables
– A fixed set of operations
• Values - simple elements like numbers and strings
• State - a particular association of variable names to values: {(name1, val1),
(name2, val2), … }
• A run of the machine - a series of states connected by state transitions
• Each state transition, or step, occurs when the machine's control logic (the
set of operations) is applied to an input state and produces an output state.
• A program consists of statements; a typical statement is the conditional
update “if condition then update.“ - each update is in the form "a := b"
• The program never alters the input state.
• An inconsistent update error occurs if the update set contains conflicting
information (e.g. the program cannot update a variable to two different values
in a single step)
[email protected]
11
AsmL – an example: reading a file (1)
http://research.microsoft.com/fse/asml
State Variables declaration and
Main()
initialization
initially F as File? = null
initially FContents = ""
S1
initially Mode
= "Initial" Precedes the block of
F = undef
statements that will be
step until fixpoint
FContents = ""
repeatedly run until no
Mode
= "Initial"
if Mode = "Initial" then
state changes result
F := new Open("MyFile.txt")
Mode := "Reading"
A typical statement
if Mode = "Reading“ and Length(FContents) = 0 then
FContents := Read(F, 1)
Step 1
Step 2
S2
S3
F = <open file 1>
FContents = ""
Mode = "Reading"
F = <open file 1>
FContents = "a"
Mode = "Reading"
Step 3
S4
F = undef
FContents = "ab"
Mode = "Reading"
Step 5
S5
if Mode = "Reading" and Length(FContents) = 1 then
FContents := FContents + Read(F, 1)
Step 4
F = <open file 1>
FContents = "ab"
Mode="Finished"
if Mode = "Reading" and Length(FContents) > 1 then
WriteLine(FContents)
Mode := "Finished"
[email protected]
12
AsmL – an example: reading a file (2)
http://research.microsoft.com/fse/asml
• How this approach is different from finite state
machines, or other kinds of “automata”?
– Our machines may have state variables with very large (even
infinite) ranges as well as complex structure (such as a graph
of interconnected nodes
– The operations corresponding to the state transitions may
interact with the external environment in a flexible way
• ASMs - more general than other kinds of machines and
automata
• It is possible for state variables to have complex nested
data structures as their values, or come from infinite
sets like real numbers.
[email protected]
13
DASMs for formalizing BPEL4WS (1)
http://www.cs.sfu.ca/~se/bpeltr/TechnicalReport.htm
• A DASM M has a finite set AGENT of autonomously
operating agents.
– The set of agents changes dynamically over runs of M
– The behavior of an agent a in a given state S of M is defined
by its program programS(a)
– To introduce a new agent a in state S, a valid program has to
be assigned to programS(a); to terminate a, programS(a) is reset
to the distinguished value undef
– In any state S reachable from an initial state of M, the set of
agents is well defined as
AGENTS ≡ {x € S : programS(x) ≠ undef}.
– The collection of all the programs that agents of M
potentially can execute forms the distributed program PM.
[email protected]
14
DASMs for formalizing BPEL4WS (2)
http://www.cs.sfu.ca/~se/bpeltr/TechnicalReport.htm
• Three layers of
abstraction:
• High-level structure of
BPEL Abstract Machine:
– Inbox manager, outbox manager,
process instances: different types
of DASM agents
– Activity agents - created
dynamically by process agents for
executing BPEL structured
activities
[email protected]
15
Introduction to ASMs
Q&A