Extended finite-state machines (EFSMs) ... Extended ï¬پnite state machines: Formal...

download Extended finite-state machines (EFSMs) ... Extended ï¬پnite state machines: Formal speciï¬پcation An

of 92

  • date post

    12-Jul-2020
  • Category

    Documents

  • view

    0
  • download

    0

Embed Size (px)

Transcript of Extended finite-state machines (EFSMs) ... Extended ï¬پnite state machines: Formal...

  • Extended finite-state machines (EFSMs)

    Dr. C. Constantinides

    Department of Computer Science and Software Engineering Concordia University Montreal, Canada

    January 10, 2017

    1 / 92

  • Extended finite state machines: Formal specification

    An extended finite state machine (EFSM) is defined as follows:

    (Q,Σ1,Σ2, q0,V ,Λ)

    where

    1. Q is a finite, non-empty set of states. A state can be atomic (or simple) or composite (see later).

    2. Σ1 is a finite, non-empty set of events.

    3. Σ2 is a finite set of actions.

    4. q0 ∈ Q is the initial state (or start state). Further, every composite state has its own initial state.

    5. V is the set of state variables. Every state variable v ∈ V is a global variable and can be accessed at every state q ∈ Q.

    6. Λ is a finite set of transitions.

    2 / 92

  • Extended finite state machines: Formal specification /cont.

    ◮ A transition λ ∈ Λ is q e [g] / a −−−−−→ q′,

    where q, q′ ∈ Q, e ∈ Σ1, g is a condition called a guard, and a ∈ Σ2 is an action.

    ◮ A variable affected in the transition is denoted as x ′ in state q′.

    ◮ A transition is a relationship between two states: It indicates that when an event occurs (perhaps under a transition guard), the entity changes from the prior (source) state to the subsequent (target) state.

    ◮ Additionally, upon a state transition an action (also: activity, or effect) may execute. All parts of a transition label are optional.

    3 / 92

  • Extended finite state machines: State diagrams

    ◮ An EFSM can be illustrated by a directed graph, where the nodes represent the states and where the edges represent the transitions.

    ◮ The underlying behavior is modeled as a traversal of this graph.

    ◮ In software development, an EFSM can be deployed to model an object at a high level of abstraction such as the entire system, or a use case, or at a low level of abstraction, such as a software object.

    4 / 92

  • States, events and transitions

    ◮ The simplest EFSM is one that contains only states, events and transitions.

    5 / 92

  • Example: Gate - Description

    ◮ Consider a gate at the entrance of some facility which can be either open or closed.

    ◮ Upon a car approaching the gate, a sensor would produce a signal, lift gate, to command the gate to open.

    ◮ Upon leaving the gate, another sensor would produce a signal, lower gate, to command the gate to close.

    6 / 92

  • Example: Gate - Formal specification

    ◮ We can model this system with the tuple S = (Q,Σ1,Σ2, q0,V ,Λ), where Q = {open, closed} Σ1 = {lift gate, lower gate} Σ2 = {} q0 : closed V = {} Λ: Transition specifications 1. → closed 2. closed

    lift gate −−−−−→ open

    3. open lower gate −−−−−−−→ closed

    ◮ Note that empty sets such as Σ2 and V can be omitted.

    7 / 92

  • Example: Gate - State diagram

    closed open

    lower gate

    lift gate

    gate

    8 / 92

  • Example: Gate - State diagram /cont.

    ◮ Note that in this simple example, Σ2 and V are both empty sets.

    ◮ In the future, empty sets will be omitted from the specification.

    ◮ The EFSM of the gate system is modeled as a state diagram where states are represented as rectangles with rounded corners.

    ◮ The little black circle represents a pseudostate that automatically causes a transition to the initial state closed.

    9 / 92

  • Event types

    ◮ There are four types of events that can trigger a transition:

    ◮ Call event: An external request to invoke an operation.

    ◮ Change event: A transition is triggered when its value becomes true.

    ◮ Signal event: Is triggered by an internal or external clock. A time event makes use of the keyword at.

    ◮ Time event: When the source state has been active over the specified length of time, the guard (if present) is evaluated and a transition occurs if the guard is true. If no guard is present, then a transition occurs. A time event makes use of the keyword after.

    10 / 92

  • Orthogonal states

    ◮ A state can include independent (or parallel) regions.

    ◮ Such a state is called orthogonal.

    11 / 92

  • Example: Heater system - Top-level state diagram

    off on

    heater

    12 / 92

  • Example: Heater system - State diagram of orthogonal state on

    on

    low high

    warm hot

    13 / 92

  • Orthogonal states /cont.

    ◮ The state can be present in a number of substates, e.g. low, warm, or low, hot, etc.

    14 / 92

  • Introducing guards

    ◮ Guards provide conditions under which transitions can take place.

    ◮ Guards are evaluated by the system.

    15 / 92

  • Introducing actions

    ◮ Transitions can be associated with actions.

    ◮ Such actions can be denoted by a slash after the event, or within a rectangle.

    ◮ Actions are performed by the system.

    16 / 92

  • Example: Bounded buffer - Description

    ◮ Consider a bounded buffer of capacity greater than one.

    ◮ The buffer has three states: it can be empty, it can be partially full, or it can be full.

    ◮ One may place an item in the buffer provided it is not full.

    ◮ One may also retrieve an item from the buffer provided it is not empty.

    ◮ We will use the events put and get to correspond to their respective operations.

    17 / 92

  • Example: Bounded buffer - Formal specification

    ◮ The EFSM is the tuple S = (Q,Σ1,Σ2, q0,V ,Λ), where Q = {empty , partial , full} Σ1 = {put, get} Σ2 = {size ++, size −−} q0 : empty V : size : N0; capacity : N is a constant. Λ: Transition specifications 1. → empty

    2. empty put / size++ −−−−−−−−→ partial

    3. partial put [size < capacity - 1] / size++ −−−−−−−−−−−−−−−−−−−−→ partial

    4. partial put [size = capacity - 1] / size++ −−−−−−−−−−−−−−−−−−−−→ full

    5. partial get [size > 1] / size– −−−−−−−−−−−−−→ partial

    6. partial get [size = 1] / size– −−−−−−−−−−−−−→ empty

    7. full get / size– −−−−−−−→ partial

    18 / 92

  • Example: Bounded buffer - State diagram

    empty

    partial

    put / size++

    full

    put [size = capacity 1] / size++ get / size--

    get [size = 1] / size--

    put [size < capacity 1] / size++ get [size > 1] / size--

    bounded buffer

    19 / 92

  • Example: Metro passageway - Description

    ◮ Consider a metro passageway.

    ◮ The passageway has only two states: It can be locked, or it can be unlocked.

    ◮ When the passageway is locked, a person can enter a (valid) ticket.

    ◮ This will cause the passageway to perform a transition to the unlocked state while at the same time performing two actions: 1) it will unlock the gate and 2) it will beep to indicate that the person may pass through.

    ◮ Once a person passes through the gate, a sensor or some physical device will cause the passageway to perform a transition back to the locked state while at the same time performing a lock action.

    ◮ We will use the events request entry and pass to correspond to their respective operations.

    20 / 92

  • Example: Metro passageway - Formal specification

    ◮ The EFSM of the metro passageway is the tuple S = (Q,Σ1,Σ2, q0,V ,Λ), where Q = {locked , unlocked} Σ1 = {request entry , pass} Σ2 = {lock , unlock , beep} q0 : locked V : ticket = {valid , invalid} Λ: Transition specifications 1. → locked

    2. locked request entry [ticket is valid] / (unlock ; beep) −−−−−−−−−−−−−−−−−−−−−−−−−−−→ unlocked

    3. unlocked pass / lock −−−−−−−→ locked

    21 / 92

  • Example: Metro passageway - State diagram

    ◮ Recall that a transition λ ∈ Λ is

    q e [g] / a −−−−−→ q′

    where q, q′ ∈ Q, e ∈ Σ1, g is a condition called a guard and a ∈ Σ2 is an action.

    ◮ If the label on a transition is e/a, then g is assumed to be true and the transition occurs whenever e occurs.

    ◮ If the label on a transition is [g ]/a, then the transition occurs whenever g holds at the source state q.

    ◮ If the label of a transition is e, then the transition occurs whenever an event e occurs at the source state q.

    22 / 92

  • Example: Metro passageway - State diagram /cont.

    locked unlocked

    pass / lock

    request entry [ticket is valid] / (unlock ; beep)

    metro passageway

    23 / 92

  • Hierarchically nested states

    ◮ Modern (UML-based) EFSMs have introduced the notion of hierarchically nested states.

    ◮ This means that a state can itself be modeled as an EFSM and contain its own states called substates (or nested states).

    ◮ States that contain other states are called composite states (as opposed to simple states).

    ◮ W