Introduction to ASMs

1. Introduction to ASMs http://www.eecs.umich.edu/gasm/ Dumitru Roman Digital Enterprise Research Institute dumitru.roman@deri.org

2. Outline • ASMs Characteristics • ASMs Definition • Abstract States • Abstract Instructions for Changing States • AsmL: an ASM engine • An example • DASMs for formalizing BPEL4WS dumitru.roman@deri.org

3. ASMs overview • A practical method for rigorous system development which has been used successfully under industrial constraints for design and analysis of complex hardware/software systems. • Formalism for modelling/formalising algorithms • Previously known as Evolving algebras • An attempt to bridge the gap between formal models of computation and practical specification methods. Modeling What System are you building? ASM Model Refinement Informal specification of the hardware/software system Implementation of the system (C, Java, etc) Verification Are you building the system right? Validation Are you building the right system? dumitru.roman@deri.org

4. ASM methodology characteristicshttp://www.eecs.umich.edu/gasm/intro.html • Precision: ASMs use classical mathematical structures that are well-understood • Faithfulness: ASMs require a minimal amount of notational coding • Understandability: ASMs use an extremely simple syntax, which can be read as a form of pseudo-code • Executablity: ASMs can be tested by executing them • Scalability: ASMs can describe a system/algorithm on different levels of abstraction • Generality: ASMs have been shown to be useful in many different application domains dumitru.roman@deri.org

5. Abstract States (1) • States can be viewed as (first-order) structures of mathematical logic • Structures - syntax • A vocabulary contains: • A finite collection of function names, each of a fixed arity • The equality sign, and nullary names true, false, undef, and unary name Boole, and the names of the usual Boolean operations • Terms - defined by the usual induction: • A nullary function name is a term. • If f is a function name of positive arity j and if t1,…,tjare terms, then f(t1,…,tj) is a term. dumitru.roman@deri.org

6. Abstract States (2) • Structures – semantics • A structure X of vocabulary T is a nonempty set S together with interpretations of the function names in T over S • A j-ary function name is interpreted as a function from Sjto S • A nullary function is identified with its value. • The interpretation of a j-ary relation R is a function from Sjto {true; false} • The equality sign is interpreted as the identity relation S dumitru.roman@deri.org

7. Abstract Instructions for Changing States • The most general structure transforming machine instructions (called ASM rules) are guarded assignments to functions at given arguments expressable in the following form ifCondthenUpdates • Cond is an arbitrary condition statement formulated in the given vocabulary • Updates consists of finitely many function updatesf(t1,…,tn):= t which are executed simultaneously dumitru.roman@deri.org

8. ASMs DefinitionEgon Börger, "High Level System Design and Analysis using Abstract State Machines". Current Trends in Applied Formal Methods (FM-Trends 98). Springer LNCS 1641, 1999. • An ASM M is a finite set of rules for guarded multiple function updates • Applying one step of M to a state (algebra) A produces as next state another algebra A’ of the same signature obtained as follows: • First evaluate in A using the standard interpretation of classical logic all the guards of all the rules of M • Compute in A for each of the rules of M whose guard evaluates to true all the arguments and all the values appearing in the updates of this rule • Replace simultaneously for each rule and for all the locations in question the previous A-function value by the newly computed value • The algebra A’ thus obtained differs from A by the new values for those functions at those arguments where the values are updated by a rule of M which could fire in A dumitru.roman@deri.org

9. ASMs thesis • “Sequential Abstract State Machines Capture Sequential Algorithms”, by Yuri Gurevich; ACM Transactions on Computational Logic, July 2000 • “Abstract State Machines Capture Parallel Algorithms”, by Andreas Blass and Yuri Gurevich; ACM Transactions on Computational Logic (TOCL), October 2003 • The methodology is not proved yet for distributed algorithms dumitru.roman@deri.org

10. ASM engineshttp://www.eecs.umich.edu/gasm/tools.html • A practical specification language is needed to write and execute ASM models => ASM engines: • ASM Workbench (U Paderborn, Siemens) • XASM (TU Berlin, Kestrel) • ASM Gofer (U Ulm, Siemens) • AsmL = ASM Language (Microsoft) dumitru.roman@deri.org

11. AsmLhttp://research.microsoft.com/fse/asml • An AsmL model (or program) - defined using a fixed vocabulary of symbols of our choosing. • The names of its state variables • A fixed set of operations • Values - simple elements like numbers and strings • State - a particular association of variable names to values: {(name1, val1), (name2, val2), … } • A run of the machine - a series of states connected by state transitions • Each state transition, or step, occurs when the machine's control logic (the set of operations) is applied to an input state and produces an output state. • A program consists of statements; a typical statement is the conditionalupdate “if condition then update.“ - each update is in the form "a := b" • The program never alters the input state. • An inconsistent update error occurs if the update set contains conflicting information (e.g. the program cannot update a variable to two different values in a single step) dumitru.roman@deri.org

12. AsmL – an example: reading a file (1)http://research.microsoft.com/fse/asml State Variables declaration and initialization Main() initially F as File? = null initially FContents = "" initially Mode = "Initial" stepuntilfixpoint if Mode = "Initial" then F := new Open("MyFile.txt") Mode := "Reading" if Mode = "Reading“ and Length(FContents) = 0 then FContents := Read(F, 1) if Mode = "Reading" and Length(FContents) = 1 then FContents := FContents + Read(F, 1) if Mode = "Reading" and Length(FContents) > 1 then WriteLine(FContents) Mode := "Finished" Precedes the block of statements that will be repeatedly run until no state changes result A typical statement dumitru.roman@deri.org

13. AsmL – an example: reading a file (2)http://research.microsoft.com/fse/asml • How this approach is different from finite state machines, or other kinds of “automata”? • Our machines may have state variables with very large (even infinite) ranges as well as complex structure (such as a graph of interconnected nodes • The operations corresponding to the state transitions may interact with the external environment in a flexible way • ASMs - more general than other kinds of machines and automata • It is possible for state variables to have complex nested data structures as their values, or come from infinite sets like real numbers. dumitru.roman@deri.org

14. DASMs for formalizing BPEL4WS (1)http://www.cs.sfu.ca/~se/bpeltr/TechnicalReport.htm • A DASM M has a finite set AGENT of autonomously operating agents. • The set of agents changes dynamically over runs of M • The behavior of an agent a in a given state S of M is defined by its program programS(a) • To introduce a new agent a in state S, a valid program has to be assigned to programS(a); to terminate a, programS(a) is reset to the distinguished value undef • In any state S reachable from an initial state of M, the set of agents is well defined as AGENTS ≡ {x € S : programS(x) ≠ undef}. • The collection of all the programs that agents of M potentially can execute forms the distributed program PM. dumitru.roman@deri.org

15. DASMs for formalizing BPEL4WS (2)http://www.cs.sfu.ca/~se/bpeltr/TechnicalReport.htm • High-level structure of BPEL Abstract Machine: • Inbox manager, outbox manager, process instances: different types of DASM agents • Activity agents - created dynamically by process agents for executing BPEL structured activities • Three layers of abstraction: dumitru.roman@deri.org

16. Introduction to ASMs Q & A