Formal Descriptive Semantics of UML and Its Applications

UML 2 Semantics and Applications Pub Date : 2009-10-19 DOI:10.1002/9780470522622.CH5

Hong Zhu, L. Shan, Ian Bayley, Richard Amphlett

{"title":"Formal Descriptive Semantics of UML and Its Applications","authors":"Hong Zhu, L. Shan, Ian Bayley, Richard Amphlett","doi":"10.1002/9780470522622.CH5","DOIUrl":null,"url":null,"abstract":"ClassXX +TemplateMethod() +Others() ConcreteClassXX Figure 1.19 Example design instance in template method pattern The following theorem states that if we can prove [[M ]] → Spec′(P ) in FOPL for model M and pattern P , then every system that is an instance of M must conform to pattern P . The proof is omitted for the sake of space. Theorem 1.2 Suppose that Spec′(P ) is a correct translation of the formal specification Spec(P ) of pattern P . For all models M , if [[M ]] ⇒ Spec′(P ) is true in FOPL, then, for all systems s ∈ D, s |= M and M |= Spec(P ) imply s |= Spec′(P ). We have translated the specifications given in [5] for all 23 design pat- terns in the GoF book into LAMBDES format. They are stored in a pattern specification repository. The conjecture generator of the LAMBDES tool is implemented to enable the proof (or disproof) of the conformance of a UML design model to a pattern. We have also conducted an experiment with the LAMBDES tool on its ability to recognise patterns in design instances. The experiment results show that the false negative error rate (for rejecting a pat- tern it should accept) is 0% while the false positive error rate (for accepting a pattern it should reject) is below 22%. Details of the experiment are omitted here for the sake of space, and will be reported separately. 1.4.5 Logic analysis of design patterns It is worth noting that the specification of a design pattern may contain errors. The conditions to satisfy the pattern may be in conflict with the semantics of the modelling language, or they may be in conflict with each other. Such logic errors can be detected by using LAMBDES tool and SPASS theorem prover. 26 UML DESCRIPTIVE SEMANTICS AND APPLICATIONS In particular, let Spec(P ) be a specification of a pattern P . If AxmD ∪ Spec(P ) false, we can conclude that Spec(P ) contains such errors. In the development of the pattern specification repository, using LAMB- DES and SPASS, we have proved that for all specifications of design patterns P in the repository, AxmD ∪ Spec(P ) false. So, all the specifications in our repository are consistent with the axioms of descriptive semantics. Another application of LAMBDES and SPASS in the logic analysis of de- sign patterns is to prove relations between patterns, for example, to prove one pattern is a specialisation of another. In [4], it is argued that the relationship that a design pattern P is a specialisation of pattern Q can be written as Spec(P ) → Spec(Q). Such a relationship can be formally proved by using LAMBDES and SPASS to infer that AxmD ∪ Spec(P ) Spec(Q). In the context of descriptive semantics, we can now prove the following property of the pattern specialisation relation. Theorem 1.3 Let Dom be a subject domain that is consistent with FOPL. If AxmD ∪ Spec(P ) Spec(Q), then, for all systems x ∈ Dom, if x is an instance of P then x is also an instance of pattern Q, i.e. ∀x·(x |= Spec(P ) → x |= Spec(Q)).","PeriodicalId":430141,"journal":{"name":"UML 2 Semantics and Applications","volume":"5 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-10-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"UML 2 Semantics and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1002/9780470522622.CH5","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

Abstract

ClassXX +TemplateMethod() +Others() ConcreteClassXX Figure 1.19 Example design instance in template method pattern The following theorem states that if we can prove [[M ]] → Spec′(P ) in FOPL for model M and pattern P , then every system that is an instance of M must conform to pattern P . The proof is omitted for the sake of space. Theorem 1.2 Suppose that Spec′(P ) is a correct translation of the formal specification Spec(P ) of pattern P . For all models M , if [[M ]] ⇒ Spec′(P ) is true in FOPL, then, for all systems s ∈ D, s |= M and M |= Spec(P ) imply s |= Spec′(P ). We have translated the specifications given in [5] for all 23 design pat- terns in the GoF book into LAMBDES format. They are stored in a pattern specification repository. The conjecture generator of the LAMBDES tool is implemented to enable the proof (or disproof) of the conformance of a UML design model to a pattern. We have also conducted an experiment with the LAMBDES tool on its ability to recognise patterns in design instances. The experiment results show that the false negative error rate (for rejecting a pat- tern it should accept) is 0% while the false positive error rate (for accepting a pattern it should reject) is below 22%. Details of the experiment are omitted here for the sake of space, and will be reported separately. 1.4.5 Logic analysis of design patterns It is worth noting that the specification of a design pattern may contain errors. The conditions to satisfy the pattern may be in conflict with the semantics of the modelling language, or they may be in conflict with each other. Such logic errors can be detected by using LAMBDES tool and SPASS theorem prover. 26 UML DESCRIPTIVE SEMANTICS AND APPLICATIONS In particular, let Spec(P ) be a specification of a pattern P . If AxmD ∪ Spec(P ) false, we can conclude that Spec(P ) contains such errors. In the development of the pattern specification repository, using LAMB- DES and SPASS, we have proved that for all specifications of design patterns P in the repository, AxmD ∪ Spec(P ) false. So, all the specifications in our repository are consistent with the axioms of descriptive semantics. Another application of LAMBDES and SPASS in the logic analysis of de- sign patterns is to prove relations between patterns, for example, to prove one pattern is a specialisation of another. In [4], it is argued that the relationship that a design pattern P is a specialisation of pattern Q can be written as Spec(P ) → Spec(Q). Such a relationship can be formally proved by using LAMBDES and SPASS to infer that AxmD ∪ Spec(P ) Spec(Q). In the context of descriptive semantics, we can now prove the following property of the pattern specialisation relation. Theorem 1.3 Let Dom be a subject domain that is consistent with FOPL. If AxmD ∪ Spec(P ) Spec(Q), then, for all systems x ∈ Dom, if x is an instance of P then x is also an instance of pattern Q, i.e. ∀x·(x |= Spec(P ) → x |= Spec(Q)).

查看原文本刊更多论文

UML的形式化描述语义及其应用

下面的定理表明，如果我们能够证明模型M和模式P在FOPL中的[[M]]→Spec ' (P)，那么每一个作为M的实例的系统都必须符合模式P。由于篇幅的关系，证明被省略了。定理1.2假设Spec ' (P)是模式P的形式规范Spec(P)的正确翻译。对于所有模型M，如果[[M]]⇒Spec ' (P)在FOPL中成立，则对于所有系统s∈D, s |= M和M |= Spec(P)均意味着s |= Spec ' (P)。我们已经将[5]中给出的GoF书中所有23种设计模式的规范翻译成LAMBDES格式。它们存储在模式规范存储库中。LAMBDES工具的猜想生成器被实现为能够证明(或否定)UML设计模型与模式的一致性。我们还对LAMBDES工具在设计实例中识别模式的能力进行了实验。实验结果表明，该算法的假阴性错误率(拒绝一个应该接受的模式)为0%，而假阳性错误率(接受一个应该拒绝的模式)低于22%。由于篇幅的关系，实验的细节在此略去，将另行报道。1.4.5设计模式的逻辑分析值得注意的是，设计模式的说明可能包含错误。满足模式的条件可能与建模语言的语义冲突，或者它们可能相互冲突。这种逻辑错误可以通过使用LAMBDES工具和SPASS定理证明器来检测。26 UML描述性语义和应用特别地，让Spec(P)成为模式P的规范。如果AxmD∪Spec(P)为假，我们可以得出Spec(P)包含这样的错误。在模式规范库的开发过程中，我们使用LAMB- DES和SPASS证明了对于存储库中设计模式P的所有规范，AxmD∪Spec(P)为假。因此，我们存储库中的所有规范都与描述性语义的公理一致。LAMBDES和SPASS在设计模式的逻辑分析中的另一个应用是证明模式之间的关系，例如，证明一个模式是另一个模式的专门化。在[4]中，有人认为设计模式P是模式Q的专门化的关系可以写成Spec(P)→Spec(Q)。这种关系可以用LAMBDES和SPASS来形式化地证明:AxmD∪Spec(P) Spec(Q)。在描述性语义的上下文中，我们现在可以证明模式专门化关系的以下属性。定理1.3设Dom为与FOPL一致的主题域。若AxmD∪Spec(P) Spec(Q)，则对于所有系统x∈Dom，若x是P的一个实例则x也是模式Q的一个实例，即∀x·(x |= Spec(P)→x |= Spec(Q))。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

UML 2 Semantics and Applications

自引率

0.00%

发文量