Towards a Unified Specification Framework Ilham W. Kurnia joint work with: Arnd Poetzsch-Heffter, Yannick Welsch University of Kaiserslautern May 11, 2010

http://www.hats-project.eu

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

0/8

Overview

I

Example (subject-observer pattern)

I

Trace-based specification

I

State-based specification

I

Their relation

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

1/8

Subject-Observer Pattern [GOF] interface IObserver { void notify ( State s ) ; } class Subject { IObserver o1 , o2 ; Subject ( IObserver o1 , IObserver o2 ) { this . o1 = o1 ; this . o2 = o2 ; } void update ( State s ) { o1 . notify ( s ) ; o2 . notify ( s ) ; } } IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

2/8

Subject-Observer Pattern [GOF] interface IObserver { void notify ( State s ) ; } class Subject { IObserver o1 , o2 ;

Assumption I Different observers I

Non-null observers

I

Deterministic

I

Sequential

Subject ( IObserver o1 , IObserver o2 ) { this . o1 = o1 ; this . o2 = o2 ; } void update ( State s ) { o1 . notify ( s ) ; o2 . notify ( s ) ; } } IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

2/8

Subject-Observer Pattern [GOF] interface IObserver { void notify ( State s ) ; } class Subject { IObserver o1 , o2 ; Subject ( IObserver o1 , IObserver o2 ) { this . o1 = o1 ; this . o2 = o2 ; } void update ( State s ) { o1 . notify ( s ) ; o2 . notify ( s ) ; }

Assumption I Different observers I

Non-null observers

I

Deterministic

I

Sequential

Messages I → sbj.update(s) I

← sbj.update()

I

→ o.notify(s)

I

← o.notify()

} IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

2/8

Scenarios

o1

sbj

o2

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios

o1

→ sbj.update(s1 ) sbj

o2

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios

→

.no o1

) (s 1 fy i t

o1

→ sbj.update(s1 ) sbj

o2

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios

→

.no o1 ←

o1

) (s 1 fy i t

o

no 1.

ti

() fy

→ sbj.update(s1 ) sbj

o2

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios

→

.no o1 ←

o1

) (s 1 fy i t

o

no 1.

ti

() fy

→ sbj.update(s1 ) sbj

→

o2 .

no

ti

fy (s 1) o2

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios

→

.no o1 ←

o1

) (s 1 fy i t no 1.

o

ti

() fy

→ sbj.update(s1 ) sbj

→

←

IK,APH,YW

o2 .

o2 .

no

ti

no

ti

fy ()

fy (s 1) o2

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios

→

.no o1 ←

o1

) (s 1 fy i t no 1.

o

ti

() fy

→ sbj.update(s1 ) sbj ← sbj.update()

→

←

IK,APH,YW

o2 .

o2 .

no

ti

no

ti

fy ()

fy (s 1) o2

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios

o1

→ sbj.update(s1 ) sbj

o2

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios

ot

→

) s1 y( f i

o1

.n o1

→ sbj.update(s1 ) sbj

o2

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios

ot

→

) s1 y( f i

.n o1 →

sbj

a pd

o1

) (s 2 te

.u

→ sbj.update(s1 ) sbj

o2

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios s 2) y( if t ) . no s1 o1 y( → f i ot .n 2) 1 o e(s at → d .up sbj →

o1

→ sbj.update(s1 ) sbj

o2

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios s 2) y( if t ) . no s1 o1 y( → f i ot .n 2) 1 o e(s at → d () .up ify sbj not → ← o 1.

→ sbj.update(s1 )

o1

sbj

o2

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios s 2) y( if t ) . no s1 o1 y( → f i ot .n 2) 1 o e(s at → d () .up ify sbj not → ← o 1.

→ sbj.update(s1 )

o1

sbj

→

←

IK,APH,YW

o2 .

o2 .

no t

no

if

ti

y()

fy (s 2) o2

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios

→ sbj.update(s1 )

IK,APH,YW

s 2) y( if t o1 ) . no s1 o1 y( → f i ot .n 2) 1 o e(s at → d () .up ify sbj not → ← o 1. () ate upd sbj . j sb ← → o2 . no ti fy (s 2) ← o2 . no ti fy () o2

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios

ot

→

.n o1

←

o1

) s1 y( f i

y()

tif

no o 1.

→ sbj.update(s1 ) sbj

o2

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

3/8

Scenarios

ot

→

.n o1

←

o1

) s1 y( f i

y()

tif

no o 1.

→ sbj.update(s1 ) sbj ← sbj.update()

→

←

IK,APH,YW

o2 .

o2 .

no

ti

no

ti

fy ()

fy (s 1) o2

Towards a Unified Specification Framework

11 May 2010

3/8

Trace-Based Specification trace spec Subject { in → sbj.Subject(o10 , o20 ) out ← sbj.Subject() requires o10 6= o20 6= null ; in → sbj.update(s) out → o1 .notify(s) requires sbj = sbj(h); ensures o1 = obs1(h); in ← o.notify() out → o2 .notify(s) requires o = obs1 (h) ; ensures o2 = obs2(h) ∧ s = getS(h); in ← o.notify() out ← sbj.update() requires o = obs2 (h) ; ensures sbj = sbj(h); }

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

4/8

Trace-Based Specification

Msg getS ( List < Pair < Msg , Msg > > history ) { for ( int i = history . size () - 1; i >= 0; i - -) { if ( isUpdateMessage ( history . get ( i ) . first () ) && match(2 * i - 1 , 2 * history . size () ) ) return history . get ( i ) . first () ; } } def

match(a, b) = µa ∈ Msg in ∧ µb ∈ Msg out ∧ header (µa ) = header (µb ) ∧ split(a + 1, b − 1), and def

split(a, b) = a > b ∨ match(a, b) ∨ ∃ a < c < b − 1 • split(a, c) ∧ split(c + 1, b)

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

5/8

State-Based Specification state spec Subject { Subject sbj ; IObserver o1 , o2 ; Stack < State > st ; in → sbj.Subject(o10 , o20 ) out ← sbj.Subject() requires o10 6= o20 6= null ; ensures o1 = o10 ∧ o2 = o20 ∧ st = Stack . Empty () ; in → sbj.update(s) out → o1 .notify(s) ensures st = old(st). push (s ) ; in ← o.notify() out → o2 .notify(s) requires o = o1 ; ensures s = old(st). top () ; in ← o.notify() out ← sbj.update() requires o = o2 ; ensures st = old(st). pop () ; } IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

6/8

What If? interface Observer { void notify ( State s ) ; } class Subject { Observer o1 , o2 ; Subject ( Observer o1 , Observer o2 ) { this . o1 = o1 ; this . o2 = o2 ; }

Assumption I Different observers I

Non-null observers

I

Deterministic

I

Sequential

void update ( State s ) { o1 . notify ( s ) ; o2 . notify ( s ) ; } } IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

7/8

What If? interface Observer { void notify ( State s ) ; } class Subject { Observer o1 , o2 ; Subject ( Observer o1 , Observer o2 ) { this . o1 = o1 ; this . o2 = o2 ; }

Assumption I Non-null observers I

Deterministic

I

Sequential

void update ( State s ) { o1 . notify ( s ) ; o2 . notify ( s ) ; } } IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

7/8

What If? interface Observer { void notify ( State s ) ; } class Subject { Observer o1 , o2 ; Subject ( Observer o1 , Observer o2 ) { this . o1 = o1 ; this . o2 = o2 ; } void update ( State s ) { o1 . notify ( s ) ; o2 . notify ( s ) ; }

Assumption I Non-null observers I

Deterministic

I

Sequential

I

trace-based: additional function as a counter

I

state-based: add e.g. stack

} IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

7/8

Trace- vs. State-Based Comparison

I

Some properties are easier to specify in each of them • trace-based: after an update, two notifications follow • state-based: defining what to do at ← o.update()

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

8/8

Trace- vs. State-Based Comparison

I

Some properties are easier to specify in each of them • trace-based: after an update, two notifications follow • state-based: defining what to do at ← o.update()

I

Representing the current state • state-based: states only contain what are necessary, but needs to define

the state changes • trace-based: no need to care about representation, but extracting

necessary info can be difficult

IK,APH,YW

Towards a Unified Specification Framework

11 May 2010

8/8