Title: Transformation from OCL into B
1Transformation from OCL into B
2Outline
- UML-B Integration
- Motivation
- Derivation schemes from UML specifications into B
- Perspectives
- OCL-into-B Transformation
- OCL Overview
- Tranformation principles
- Types and operations
- Postconditions
- Case study
- Related work
3Motivation
- UML-B Integration perspectives
- UML ? B
- support for the B specification development
- B ? UML
- support for verification and proof of UML
specifications - UML
- largely accepted in industry as well as in
research - unified notations for specifying requirements,
designs and implementations by objects that are
intuitive and accessible - B
- a formal technique covering from abstract
specifications to executable codes - powerful support tools AtelierB, B-ToolKit
- adaptable for industrial projects MÉTÉOR ...
4UML-B Derivation Schemes
- Formalising UML Structure Concepts as B Data
(MeyerSouquières at FM99) - class
- attribute
- association
- inheritance
- state
- Formalising UML Behavioral Concepts as B
operations - class operation
- use case
- event
- transition
- action
5UML-B Derivation Schemes
- UML-to-B Derivation Procedures (LedangSouquières
at ASE01, IFM02, AFADL01) - deriving B specifications from interaction ,
object and class diagrams - deriving B specifications from use case ,
object and class diagrams - deriving B specifications from state-chart ,
object and class diagrams - Generating B Operations and Invariants (ongoing
work) - translating OCL expressions into B
- generating B abstract operations
- generating invariants within B machines
- deriving messages into B statements
- generating B refinement operations
6OCL Overview
- Formal language within UML notations
- supplemntary class invariant type definition,
attribute properties , association properties - class operation pre-/postcondition
- guard conditions
- Object-Oriented language
- simple to read and write
- postfixed operations object.attribute,
object.assosEnd, Class.allInstances-gtsize,
Class.allInstances-gtcollect(attribute) - Typed language
- basic types Boolean, Integer, Real, String,
EnumType, ObjectType - collection types Set(T), Bag(T), Sequence(T)
7Pump Component
The pump is a component is of a computer-based
system at a petrol station (cf. Chapter 6 in D.
Coleman et al. Object-Oriented Development, the
Fusion Approach). The component is required to
control the dispensing of petrol at a petrol
station. There are five Pumps, each pump is
composed of a Holster, a Gun, a Clutch, a Motor
and a Display. For each petrol dispensation
transaction, a Delivery is issued that will be
used by another component for the customer
payment.
8Pump Class Diagram
9Pumpen_Pump(...)
context Pumpen_Pump(pi PU_ID, gg Grade, vi
VEH_ID) void pre Pump.allInstances-gtcollect(
p p.id)-gtincludes(pi) post let pp
Set(Pump) Pump.allInstances-gtselect(p
p.id_at_pre pi and
p.status_at_pre disabled) in if pp-gtnotEmpty
then pp-gtforAll(p p.status enabled)
and pp-gtforAll(p p.display.grade gg)
and pp-gtforAll(p p.display.cost
costOfGrade(gg)) and pp-gtforAll(p
p.display.volume 0) and pp-gtforAll(p
p.display_veh_Id vi) and pp-gtforAll(p
p..motor.status on) and pp-gtforAll(p
p.clutch.status free) else true endif
10OCL-to-B Transformation
- Doing with OCL expressions
- types and associated operations
- postconditions
- Giving B type semantics to OCL types
- basic types Boolean, Integer, String, Real,
Enum, ObjectType - collection types Set(T), Bag(T), Sequence(T)
- Giving B expression semantics to OCL operations
- predefined operations for basic types i1i2,
ss-gtincludes(tt) - object property access operations oo.attr,
oo.assosEnd, oo.Oper(...) - query operations on collections
ss-gtselect(...), bb-gtcollect(...) - Translating OCL postconditions into B
substitutions - determinism out expr(Input)
- non determinism boolexpr(out,Input)
11Color Convention
- OCL Integer, Real, Boolean, ...
- B Z, INT, Seq, ...
12OCL Basic Types vs. B Types
- Mismatch between OCL basic types and B predefined
types - Z or INT can be used to model Integer
- No B type corresponds to Real
- Mismatch between OCL operations and B operators
- no BOOL operator corresponds to Boolean operation
implies - no Z/INT operator corresponds to Integer
operation / - no STRING operator corresponds to String
operations size, subString - max(i1, i2) corresponds to i1.max(i2)
13Formalising OCL Basic Types
- Boolean modelled by BOOL
- a xor b modelled by ?(a b)
- a implies b modelled by ?a ? b
- if a then b else c endif modelled by ?((a ? b)
(?a ? c)) - Enumv1,...,vn modelled by Enumenum_v1,...,enu
m_vn - P_STATUSenabled, disabled modelled by
P_STATUSp_status_enabled, p_status_disabled
14Formalising OCL Basic Types
- Integer modelled by Z
- a div b modelled by a / b
- a gt b modelled by b ? a
- a.max(b) modelled by max(a, b)
- a.abs modelled by max(a, -a)
- a / b modelled by a ? (b / max(b, -b)) ?
max(b, -b) - Operations on fractions
- a / b c / d modelled by (a ? d b ? c) ? (b
? d) - a / b lt c / d modelled by (a ? d ? b ? c)
- Real modelled by Z?Z
- Real operations are modelled in a similar manner
for fraction operations
15Formalising OCL Basic Types
- String modelled by seq(0..255)
- a String modelled by a ? seq(0..255)
- a.concat(b) modelled by a ? b
- a.subString(lower, upper) modelled by (a ? upper)
? lower - no formalisation for toUpper and toLower
- Class modelled by CLASS
- Class.allInstances modelled by class
- Pump modelled by PUMP
- Pump.allInstances modelled by pump
16OCL Collection and B Types
- Different collection type specialisations need
different formalisations - Set(T) all sub sets of T
- Bag(T) all multi sets on T
- Sequence(T) all sequences on T
- Collection operations need different
formalisations for different collection types
specialisations - bb-gtincludes(tt) vs. ss-gtincludes(tt)
- bb-gtselect(tt boolexprtt) vs. ss-gtselect(tt
boolexprtt) - bb-gtcollect(tt exprtt) vs. ss-gtcollect(tt
exprtt) - ss-gtexcluding(tt) vs. se-gtexcluding(tt)
17Formalising Collection Types
- Set(T) modelled by POW(T)
- ss Set(T) modelled by ss ? T
- Bag(T) modelled by T-gtN
- bb Bag(T) modelled by bb ? T -gt N
- bb.count(tt) modelled by bb(tt)
- Sequence(T) modelled by seq(T)
18Collection Operations
- some formalisations
- ss-gtincludes(tt) modelled by tt ? ss
- bb-gtincludes(tt) modelled by tt ? dom(bb)
- se-gtincludes(tt) modelled by tt ? ran(se)
- ss-gtunion(ss2) modelled by ss?ss2
- bb-gtunion(bb2) modelled by tt, nn tt ? dom(bb)
? dom(bb2) ? nn ? N ? nn max(bbtt ?
bb2tt) - se-gtunion(se2) modelled by se ? se2
- ss-gtselect(ttboolexprtt) modelled by tt tt ?
ss ? boolexprtt - bb-gtselect(tt boolexprtt) modelled by tt, nn
tt ? dom(bb) ? boolexprtt ? nn ? N ? nnbb(tt) - ss-gtcollect(ttexprtt) modelled by x1, nn x1 ?
exprttss ? nn ? N ? nn card(x2 x2 ?ss ?
exprtt(x2) x1)
19Formalising Collection Operations
- Pump.allInstances-gtselect(pp.idpi and
p.statusdisabled)
pump
tt tt ? pump ? pump_id(tt)pi ?
pump_status(tt)p_status_disabled
Pump.allInstances-gtcollect(pp.id)-gtincludes(pi)
pump
x1, nn x1 ? pump_idpump ? nn ? N ? nn
card(x2 x2 ? pump ? pump_id(x2) x1)
pi ? dom(x1, nn x1 ? pump_idpump ? nn ? N ?
nn card(x2 x2 ? pump ? pump_id(x2) x1))
20Formalising Collection Operations
- No B formalisation for
- ss-gtasSequence
- bb-gtasSequence
- se-gtexcluding(tt)
- se-gtselect(...)
- se-gtreject(...)
- se-gtcollect(...)
- ss-gtiterate(...), se-gtiterate(...),
bb-gtiterate(...)
21Property Access Operations
- OCL Syntax
- property access operation target.property
- target object object set object bag
object sequence - property attribute association end
qualifiers association class name
isQuery class operation call - B Formalisation
- exploiting UML-B derivation schemes for classes,
attributes, associations, qualifiers - taking into account multiplicity and ordered
property of attributes and association ends - exploiting B formalisation for Set(T), Bag(T) and
Sequence(T)
22Formalising Attribute Operations
attr1 class? Type1 attr2 class ? Type2
cc.attr1 modelled by attr1(cc) cc.attr2 modelled
by attr2cc sc.attr1 modelled by
attr1sc sc.attr2 modelled by tt, nn tt ?
attr2sc ? nn ? N ? nn card(attr2-1tt ?
sc) bc.attr2 is modelled on ly if attr2 is not
ordered se.attr2 can not be modelled
cc Class sc Set(Class) bc Bag(Class) se
Sequence(Class)
23Navigation Operations with Qualifiers
assos class ? class2 q1 class2 ? Q1 ... qn
class2 ? Qn (assos-1 ? q1 ?... ? qn)-1 class ?
Q1 ? ... ? Qn? class2
cc Class v1 Q1, ..., vn Qn
cc.role2v1,...,vn modelled by (assos-1 ? q1
?... ? qn)-1(cc ? v1 ? ... ? vn)
24Formalising Property Access OperationsMore
- Navigation operations to association classes
- cc.Assos modelled by cc ? assos cc ?
assos(cc) - bc.Assos modelled by tt, nn tt ? dom(bc) ?
assos ? nn ? N ? nn bc(dom(cc)) - isQuery operation call
- formalising the corresponding postcondition
instantiated with effetive parameters
25Let expressions
- OCL syntax
- let variables types values in letbody
- B formalisation
- class invariant, preconditions, guard conditions
formalising letbody with variables replaced by
values - postconditions using substitutions
- let variables be
- variables values
- in
- subst(letbody)
- end
26Postconditions
- Specific operations
- object creation object.oclIsNew
- valeur précédente object.attribute
object.attribute_at_pre 5 - Normalised postconditions (well-formed
postconditions) - P(Output,Input)
- Output out1,...,outn
- Input in1,...,inm
- outi result out parameter ltltnewgtgt
object attribute association - ini constant in/inout parameter
attribute_at_pre association_at_pre existing
objects - P if cond then expr else expr endif
- expr if ...endif Pi and ... Pk
- Pi(outi,Input?NewObject) outiexpr(Input?Ne
wObject) -
boolexpr(outi, Input?NewObject)
27Postconditions
- B formalisation of Pi
- using for determinism using any ... where
for non determinism - object.attribute object.attribute_at_pre 5
modelled by attribute attribute lt
object?attribute(object)5 - object.oclIsNew modelled by any cc where cc ?
CLASS - class then class class ? vv - eliminating all _at_pre before formalisation
- Pi and ... and Pk
- unifying substitutions
- B formalisation of If cond Then expr1 else expr2
endif is If cond then subst(expr1) else/elsif
subst(expr2) end
28Postconditions
context Pumpen_Pump(pi PU_ID, gg Grade, vi
VEH_ID) void pre Pump.allInstances-gtcollect(
p p.id)-gtincludes(pi) post let pp
Set(Pump) Pump.allInstances-gtselect(p
p.id_at_prepi and
p.status_at_predisabled) in if pp-gtnotEmpty
then pp-gtforAll(p p.status enabled)
and pp-gtforAll(p p.display.grade gg)
and pp-gtforAll(p p.display.cost
costOfGrade(gg)) and pp-gtforAll(p
p.display.volume 0) and pp-gtforAll(p
p.display_veh_Id vi) and pp-gtforAll(p
p..motor.status on) and pp-gtforAll(p
p.clutch.status free) else true endif
29pump_en_Pump(...)
pump_en_Pump(pi, gg, vi) pre pi ? PU_ID ? gg
? GRADE ? vi ? VEH_ID ? pi ? dom(x1, nn x1
? pump_idpump ? nn ? N ?
nn card(x2 x2 ? pump ? pump_id(x2)
x1)) then let pp be pp tt tt ?
pump ? pump_id(tt) pi ? pump_status(tt)
pump_disabled in if ?(pp ?) then
pump_status pump_status lt pp ? pump_enabled
display_grade display_gradelt
displayPumppp ? gg display_cost
display_cost lt displayPumppp ?
costOfGrade(gg) display_volume
display_volume lt displayPumppp ? 0
display_veh_id display_veh_id lt
displayPumppp ? vi motor_status
motor_status lt motorPumppp ? motor_on
clutch_status clutch_status lt
clutchPumppp ? free else skip end
end end
30Conclusions
- Essential points
- giving B types semantics to OCL types used in OCL
expressions - giving B expression semantics to OCL operations
- giving B subsitution semantics to postconditions
- Perspectives
- extending Argo/UMLB OCL component with
transformation rules from OCL into B