1 / 20

CSL (Contracts Specification Language) A Real-Time – pattern based – Specification Language

CSL (Contracts Specification Language) A Real-Time – pattern based – Specification Language. CSL is intended to provide a friendly formal specification means. CSL specification is automatically translated into LTL/Automata. CSL – Component Specification. { module-id } Interface

darius
Download Presentation

CSL (Contracts Specification Language) A Real-Time – pattern based – Specification Language

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSL (Contracts Specification Language) A Real-Time – pattern based – Specification Language • CSLis intended to provide a friendly formal specification means. • CSLspecification is automatically translated into LTL/Automata.

  2. CSL – Component Specification {module-id} Interface controlled: {variables declaration} uncontrolled: {variables declaration} {viewpoint-id}contract {contract-id} * Assumption: {assertion} Promise: {assertion}

  3. CSL – Assertions • An assertion is expressed by a pattern, • Pattern – text embedded with parameters’ placeholders, • Example: Whenever a car request has been issued, a car should • arrives at the station within 3 minutes • [car-request]triggers[car-arrives]within[3min $ CarRequest] Parameters: • Conditions – True,b:Bool,x~exp,C1|C2,C1&C2,C,C1C2 • Events: • a, b, c,… TurnOn,now • tr(C), fs(C), {Pre, Post} • e1&e2, e1|e2, e1-e2, e when C • Interval: e,e1,e2,Time $ e ~ {, , =, , } condition change Pre, Post - conditions

  4. CSL - Pattern Declaration Scope of pattern behavior while[interval]initial init-pat-exp then repeated-pat-exp scope

  5. Basic and Compound Patterns Basic patterns • [interval] • [e1,…,en] • [Condition] during|interval| • [e] within|interval| • [e] not during|interval| recall interval: e,e1,e2,Time $ e |…|{ […], (…), (…], […) } • Compound patterns • [P: pattern-exp] triggers |P: pattern-exp| • [P: pattern-exp] implies |P: pattern-exp| • [P: pattern-exp] then |P: pattern-exp|

  6. CSL Basic Patterns • The gate is closed as long as • a train is in the railway crossing. • [GateClosed]during[EnterGr, Tout] • Any car request is satisfied • within 3 min. • [Car_arrives]within[3:min$Car_request] • 40 sec. minimal delay between • trains • [Tin]not during(40:sec $ Tin]

  7. Compound Patterns - Pattern then Pattern • Lights should show Yellow for 6 sec then Red for 30 sec.. • [Lights=Yellow] during[6sec] then[Lights=Red]during[30sec] • While flying the aircraft signals aircraft-id every 3 sec. while [InAir] initial [ac-id] then [ac-id] at[3sec$ac_id]] [E]at[pat] =def[pat]triggers [E] [condition]till |e| =def[condition]during |now,e|

  8. Compound Patterns - Pattern triggers Pattern • The gate shall be open whenever the crossing is empty for more • than 10 sec. • [Tin]not-during[10sec$Tout] triggers[GateIsOpen]till[Tin] • Between the time an elevator is called at a floor and the time it stops atthat • floor the elevator can pass that floor at most twice. • [CallAtFloor]triggers [3:PassFloor] not-during[CallAtFloor, StopAtFloor] • Dispatch command shall be refused during first 5 sec. after a car arrives. • while[5sec$car-arrives][DispatchCmd]triggers[RefuseMsg] [E]at[pat] =def[pat]triggers [E] [condition]till |e| =def[condition]during |now,e| 8

  9. Common Abbreviations 9

  10. Crossing Control Example (I) CrossingControl Interface: Uncontrolled: Tin: event - train enters XR Tout : event- train exits XR Position : {0..90}– gate position Controlled: Open : Bool- raising the gate up (opening) Close : Bool- lowering the gate (closing) Stop : action- signal turned to show stop Pass: action- signal turned to show pass

  11. Crossing Control Example (II) Abstract variables: Open!defined-by[tr(position=90)] - Gate opened Close!defined-by[tr(position=0)] - Gate closed AtSignaldefined-by at[6sec$Tin] ShowPassdefined-byduring [Pass, Stop) EnterGAdefined-by - Train enters the gate area [AtSignalwhenShowPass| at (AtSignal, Pass]] GateIsOpendefined-byduring[Open!, Close) GateIsCloseddefined-byduring[Close!, Open)

  12. Crossing Control Example (Assumption) {behavior} contract {XR_Ctrl} Assumption: - Minimal delay of 40 sec. between successive trains. [Tin]not during(40sec $ Tin] - At startup no train enters or exits XR. [Tin | Tout]not at[TurnOn] - At startup no train is already in XR [Tout]not during[TurnOn, Tin-Tout] - It takes a train 15 to 25 seconds to traverse gate area (GA). [EnterGA]triggers[Tout]not during[10sec$EnterGA] then[Tout]within[15sec$EnterGA]

  13. Crossing Control Example (Promise) • Promise: • - Gate is closed as long as a train is in GA. • [GateIsClosed]during[EnterGA,Tout] • - Gate is open whenever XR is empty for more than 10 sec. • [Tin]not during[10sec$Tout]triggers[GateIsOpen]till[Tin] • A train is allowed to continue beyond the signal within 10 seconds • since it arrives there: [EnterGA]within[10sec$AtSignal] • - No train enters XR while another train is still there: [Tin]not during(Tin,Tout)

  14. CSL Semantics: Translation to LTL – Conditions & Events • Conditions • any atomic condition C in CSL is atomic propositions C in LTL • Condition expressions in CSL C1|C2,C1&C2,C,C1C2 • are expressions in LTL • Events: • Atomic events in CSL are atomic propositions in LTL, • predefined event now introduces an assumption: now • {Pre, Post} = Pre Post • - tr(C) = {C, C}, fs(C) = {C, C} • e1&e2 = e1e2, e1|e2 = e1e2,e1-e2 = e1e2, • e when C = eC

  15. CSL Semantics: Translation to LTL – Intervals Duration: T$e = e O0,TTrue Closed interval, […]: [e] = e [e1, e2]=e1O(e2Ue2), [T$e] = T$e Left closed - right open interval, […): [e1, e2)= e1O(e2U(e2Oe2)), [T$e) = (T-1)$e Left open - right closed interval, (…]: (e1, e2]=e1(e2U(e2), (T$e] = (T-1)$e Open interval, (…): (e1, e2)=e1O(e2U(e2Oe2)), (T$e) = (T-2)$e Event Sequence: e1, e2,…,en = e1O(e2U(e2O(e3Ue3O … Uen)…)

  16. CSL Semantics: Translation to LTL – Basic Patterns (i) The translation of basic patterns is given with respect to an extended form augmented with a free pattern parameter: pattern-expression{ S } It is intended to enable superposition of patterns necessary to define compound patterns. • [interval] =[interval] {True} • where: [e]{S} = eS • [e1, e2]{S} = e1 O(e2U(e2S)) • [T$e]{S} = e O0,Ttrue  OT(true S) • e1, e2,…,en  = e1, e2,…,en{True} • where: e1, e2,…,en {S} • = e1O(e2U(e2O(e3Ue3O … U(en S)…)

  17. CSL Semantics: Translation to LTL – Basic Patterns (ii) • [e] within [I] =[e] within [I]{True} • where: • [e] within [es,et]{S} = esO(etU(eS))  (eseS) • [e] within [T$es]{S} = esO0,T(eS) • [C] during [I] = [C] during[I ]{True} • where • [C] during [es, et]{S} = (esC)O((etC)W(etCS)) • [C] during [T$es]{S}= (es O0,T-1C  OT(CS) • [e] not-during [I] =[e] not-during [I]{True} • where • [e] not-during [es, et]{S} • = (ese)  O((ete) U (eteS)) • [e] not-during [T$es]{S} = (esO0,T-1eOT(eS)

  18. CSL Semantics: Translation to LTL – Compound Patterns (i) • pat-exp1 then pat-exp2= pat-exp1 then pat-exp2 {True} • where • pat-exp1 then pat-exp2 {S}= pat-exp1 {pat-exp2 {S}} • Note: Here, the superposition enabled by the formalism defined • above comes into effect. • pat-exp1 triggers pat-exp2=pat-exp1 triggers pat-exp2 {True} • where • pat-exp1 triggers pat-exp2 {S} • = pat-exp1 pat-exp1 then pat-exp2 {S}

  19. CSL Semantics: Translation to LTL – Flowing/Iterative Occurrence designates the endpoints of the pattern occurrences. • flowing pat-exp=  pat-exp • iterative pat-exp • Add abstract variable pat-exp.SigEnd (assumption) •  (pat-exp {True}pat-exp{True pat-exp.SigEnd}) • With this assumption associated with the component • specification, we define • iterative pat-exp= pat-exp(pat-exp.SigEnd pat-exp) 19

  20. CSL Semantics: Translation to LTL – Global Pattern Expression • initial init-pat-exp then repeated-pat-exp • = init-pat-exp then repeated-pat-exp {True} • While [e1, e2] global-pat-exp • Add abstract variables Scope.SigEnd, Scope.SigStart: • ( [e1, e2] {True}[e1, e2]{True  Scope.SigEnd}) (e1  (e1 S (Startup  Scope.SigEnd) Scope.SigStart) • With this assumptions • While [e1, e2] global-pat-exp =  (Scope.SigStartglobal-pat-exp) abortScope.SigEnd) • j abort p iffkj. j..k(True) and jik . i p • or kj. kp and jik . i p and j..k() Basic pattern or ‘then’ pattern 20

More Related