Precise Semantics of UML State Machines Avatar
  1. OMG Specification

Precise Semantics of UML State Machines — Closed Issues

  • Acronym: PSSM
  • Issues Count: 12
  • Description: Issues resolved by a task force and approved by Board
Closed All
Issues resolved by a task force and approved by Board

Issues Descriptions

Notation for entry, do and exit behaviors is wrong

  • Key: PSSM_-6
  • Status: closed  
  • Source: oose Innovative Informatik eG ( Mr. Axel Scheithauer)
  • Summary:

    The correct notation is for example:

    entry/Activity entry

    All the diagrams in PSSM show instead

    /entry Activity entry

    This is confusing and should get changed.
    Also the text in all examples of the UML specification is left justified. It is not mentioned as a requirement, but I think most tools follow this convention. In the PSSM specification the text is centered. I suggest to change it to left justified.
    The effect of Transitions is notated with a colon:

    /Activity: effect.

    I think that should also be consistent. Either remove the colon, or use it with state behaviors as well.
    As an additional suggestion: In most cases it is not relevant for the test case, that an activity is called. The string "Activity" could be left out to keep the diagram less cluttered.

  • Reported: PSSM 1.0b1 — Tue, 3 Apr 2018 15:31 GMT
  • Disposition: Deferred — PSSM 1.0
  • Disposition Summary:

    Defer

    This is the result of a bug in the Papyrus tooling used to generate the diagrams. Since the notation currently in the specification is still clear, if not entirely correct, the FTF proposes to defer the resolution of this issue until a fix is available for Papyrus.

  • Updated: Mon, 1 Apr 2019 18:41 GMT

PSSM implementation shall conform to bUML

  • Key: PSSM_-3
  • Status: closed  
  • Source: Commissariat a l Energie Atomique-CEA ( Dr. Jeremie Tatibouet)
  • Summary:

    The behavioral part of the PSSM semantic model is specified using Java syntax. The subset of Java that is used does not always conform to the mapping rules defined in Annex A of fUML between Java and Activities.

    Examples:

    1. Usage of index starting from 0 instead of 1 in StateActivation::hasCompleted operation.
    2. Constructor call with arguments in StateMachineEventAccepter::accept operation.
    3. Usage of an iterative for loop instead a parallel for loop in StateActivation::enterRegion operation.
  • Reported: PSSM 1.0b1 — Thu, 13 Apr 2017 13:02 GMT
  • Disposition: Deferred — PSSM 1.0
  • Disposition Summary:

    Defer

    The FTF agrees that this issue should be resolved, but it is deferred to the first RTF due to lack of time. Further, while the formal structure of fUML base semantics requires the use of bUML, the standard is still clear as it is on the functionality being specified, even if not fully conformant to bUML.

  • Updated: Mon, 1 Apr 2019 18:41 GMT

Tests that send multiple signals are not correct

  • Key: PSSM_-1
  • Status: closed  
  • Source: Model Driven Solutions ( Mr. Ed Seidewitz)
  • Summary:

    Any test in the PSSM test suite with a test driver that sends multiple signals to the model being tested may not currently be properly allowing all possible execution traces. This is because itt cannot, in general, be presumed that event occurrences are received in the order they are sent, even if they are all sent from the same thread. This was always true in fUML (per the statement of “the semantics of inter-object communications mechanisms” in subclause 2.4 of the spec), but it is completely, formally clear in fUML 1.3, in which EventOccurrence is an active class, such that all event occurrences are sent concurrently with each other.

    For example, consider test Transition 007 (described in subclause 9.3.3.2 of the PSSM beta spec). The tester behavior for this test sequentially sends three signal instances: AnotherSignal, Continue and Continue again. However, while these signals are sent sequentially, there is no guarantee they will be received by the tested state machine in the same order. For example, one of the Continue signal instances could be received before the AnotherSignal instance, which would cause the state machine (as shown in Fig. 9.12) to take transition T3 to S2 and never get to S3.

    Rather than try to capture all the possible traces that should be allowed by the such tests a s currently modeled, it would be better to modify the tests so that they should only produce the trace that is currently suspected. This can be done by having the state machine under test send signals back to the tester, in order to coordinate the sending of sequential signals. For example, in the case of Transition 007, the state machine could send signals back to the tester as part of the doTraversial behaviors for transitions T1 and T2. The test behavior would then have to include accept event actions in order to wait between the send signal actions. (Of course, to allow the test to send signals back to the tester, either the Tester/Target association in the test architecture would need to be made bidirectional, or some signaling mechanism would need to be provided through the SemanticTest class.)

  • Reported: PSSM 1.0b1 — Tue, 5 Dec 2017 23:11 GMT
  • Disposition: Deferred — PSSM 1.0
  • Disposition Summary:

    Defer

    While the FTF agrees that this is an issue that should be resolve, it is deferred to the first RTF due to lack of time.

  • Updated: Mon, 1 Apr 2019 18:41 GMT

Incorrect transition numbering in Deferred007_Test

  • Key: PSSM_-23
  • Status: closed  
  • Source: Commissariat a l Energie Atomique-CEA ( Dr. Jeremie Tatibouet)
  • Summary:

    The classifier behavior of the test Deferred007 is specified as a state machine. Transitions in this state machine are numbered. However the numbering goes jumps from T3 to T6.

  • Reported: PSSM 1.0a1 — Wed, 7 Nov 2018 15:55 GMT
  • Disposition: Resolved — PSSM 1.0
  • Disposition Summary:

    Resolution of issue PSSM_-23

    The resolution requires:

    1. An update of the specification document. Indeed Figure 9.101, the generated trace, the note and the RTC steps overview need to updated.
    2. An update of the test suite model.
  • Updated: Mon, 1 Apr 2019 18:19 GMT
  • Attachments:

PSSM should align with fUML 1.4 and PSCS 1.2

  • Key: PSSM_-12
  • Status: closed  
  • Source: Model Driven Solutions ( Mr. Ed Seidewitz)
  • Summary:

    The fUML 1.4 and PSCS 1.2 specifications have now been completed. These updates make no functional changes to fUML or PSCS, but they migrate those standards to UML 2.5.1, which is consistent with PSSM. Therefore, PSSM should align with fUML 1.4 and PSCS 1.2, rather than fUML 1.3 and PSCS 1.1.

  • Reported: PSSM 1.0b1 — Fri, 26 Oct 2018 13:07 GMT
  • Disposition: Resolved — PSSM 1.0
  • Disposition Summary:

    Update specification for fUML 1.4 and PSCS 1.2

    Since fUML 1.4 and PSCS 1.2 are based on UML 2.5.1, it is no longer necessary for the PSSM specification to include fUML and PSCS syntax and semantics files based on UML 2.5.1. Instead, the PSSM syntax, semantics and test suite should just use UML 2.5.1, fUML 1.4 and PSCS 1.2.

    The normative references in the specification document need to be updated to fUML 1.4 and PSCS 1.2. In addition, since both the fUML and the PSCS specification documents are now re-organized to follow UML 2.5.1, any subclause references to the fUML and PSCS documents need to be updated.

  • Updated: Mon, 1 Apr 2019 18:19 GMT

"Join 003" has (invalid) triggers on transitions entering join

  • Key: PSSM_-11
  • Status: closed  
  • Source: AGI ( Daniel Yankowsky)
  • Summary:

    According to the UML 2.5.1 spec, there's a constraint `join_segment_guards` which prohibits transitions whose target is a join pseudostate from having guards or triggers (the constraint's scope is larger than its name would imply). But the sample state machine "Join 003" has triggers on the two transitions entering the join.

    Essentially, as I read the UML spec, transitions leading to joins can only be triggered by completion events.

    I don't think that restriction is necessary, and can be trivially worked around (make a composite state with a triggered transition entering the final state). But this state machine does appear to violate that constraint.

  • Reported: PSSM 1.0b1 — Thu, 20 Sep 2018 18:16 GMT
  • Disposition: Duplicate or Merged — PSSM 1.0
  • Disposition Summary:

    Merge with PSSM_-8

    This issue relates to the same element of the same test case, Join 003, as issue PSSM_-8. The two issues can therefore be resolved together.

  • Updated: Mon, 1 Apr 2019 18:19 GMT

In Testcase "Entering 011" T3 is not a completion transition

  • Key: PSSM_-7
  • Status: closed  
  • Source: oose Innovative Informatik eG ( Mr. Axel Scheithauer)
  • Summary:

    The text says:

    The S1 completion event is then used to trigger transition T3.

    Actually transition T3 has an event "Continue" in the diagram and will not react to a completion event.

  • Reported: PSSM 1.0b1 — Tue, 3 Apr 2018 15:35 GMT
  • Disposition: Resolved — PSSM 1.0
  • Disposition Summary:

    Resolution of issue PSSM-7

    Entering 011 has a transition T3 that is not a completion transition. The text describing the interpretation of this transition is inconsistent since it considers T3 has a completion transition.

    This issue is only related to the text. Indeed the table describing each RTC step performed during the execution of the test is consistent with the model (i.e., it consider T3 as a transition triggered by the acceptance of a Continue event occurrence).

  • Updated: Mon, 1 Apr 2019 18:19 GMT

Synchronous operation call on an active object ends if the corresponding call event occurrence was deferred

  • Key: PSSM_-2
  • Status: closed  
  • Source: Commissariat a l Energie Atomique-CEA ( Dr. Jeremie Tatibouet)
  • Summary:

    FUML 1.3 provides a support for the CallEvent semantics. When an object performs a synchronous operation call on an active object then a call event occurrence is placed in the event pool of the target (i.e. the active object that is the target of the call). While the target has not accepted the call and the RTC initiated by the acceptance is not completed, the execution thread in which the caller executes remains suspended.

    In PSSM context, the target of the call can be an active object whose executing a classifier behavior described thanks to a state machine. This state machine can have states that declare a call event as being deferred. This means that when the state is active and such call event is dispatched then it is going to be accepted by the state machine. The acceptance leads the call event occurrence to be placed in the deferred event pool of the active object.

    The problem here is that since the call event was deferred, this implies the operation call was not performed by the target. Hence the caller shall not be released before the call event gets "undeferred" (i.e., return back to the regular event pool). However, this is not what is specified in the StateMachineEventAccepter (see section 8.5.2 in [PSSM 1.0b]) semantics. Indeed, the acceptance of the call event occurrence systematically leads to release the caller. Instead, the caller shall only get released if the call event occurrence is used to trigger one to many transitions.

    The problem can be highlighted through the test case Deferred007_Test provided through the PSSM test suite.

    In this test, the call event occurrence corresponding to the op operation is dispatched when in configuration S1. This implies the state machine accepts and defers the event occurrence. At the end of the RTC step, the tester (i.e., the object that emitted the call) shall remain suspended. This shall be maintained until the end of the RTC in which the transition T6 is fired. To demonstrate this semantics, Deferred007 Test shall be refactored.

  • Reported: PSSM 1.0b1 — Mon, 15 May 2017 15:47 GMT
  • Disposition: Resolved — PSSM 1.0
  • Disposition Summary:

    Update the StateMachineEventAccepter and test Deferred 007.

    Rules that constrain the acceptance of an event by a state machine are specified in the accept operation of class StateMachineSemanticVisitor. The specification of this operation needs to be updated to ensure that the caller of an operation gets released only when the corresponding call event occurrence is accepted, not when it is deferred.

    In addition, the test Deferred007_Test must be updated because it currently does not enable the assessment of the combined usage of a call event and deferral semantics. Indeed, as soon as S1 is deferred, the tester (i.e., the entity providing the stimulus) is suspended until the call event occurrence for the operation op is un-deferred and accepted. As Deferred007_Test will never receive a Continue signal event occurrence (since the tester is suspended), T3 will never have a chance to be fired, hence the state machine (and so the test) will remain stuck forever.

    The issue can be resolved by giving S1 a do-activity behavior that is responsible for sending the Continue signal event occurrence to the test (i.e., the instance of Deferred007_Test). The Continue signal event occurrence will then be accepted by the state machine, T3 will be triggered and the call event occurrence will be un-deferred. This un-deferred event occurrence will then be used to trigger T6. Note, however, that this solution will only work if the call event occurrence is received before the Continue event occurrence.

  • Updated: Mon, 1 Apr 2019 18:19 GMT
  • Attachments:

PSSM shall be aligned with fUML 1.3 and PSCS 1.1

  • Key: PSSM_-4
  • Status: closed  
  • Source: Commissariat a l Energie Atomique-CEA ( Dr. Jeremie Tatibouet)
  • Summary:

    PSSM is not compatible with fUML 1.3 and PSCS 1.1. This is the consequence of the changes introduced by FUML13-23, FUML13-25, FUML13-16, FUML13-1, FUML13-60 and PSCS11-6. The description below provides an overview of the changes that must be performed in the PSSM semantic model in order to make PSSM comptabile with fUML 1.3 and PSCS 1.1. Note that these changes will also require an update of the PSSM document.

  • Reported: PSSM 1.0b1 — Thu, 13 Apr 2017 12:24 GMT
  • Disposition: Resolved — PSSM 1.0
  • Disposition Summary:

    Update PSSM for fUML 1.3

    There are four categories of changes needed to align PSSM with fUML 1.3 and PSCS 1.1:

    1. Changes to the signature of the Object::send operation (see [fUML 1.3], 8.3.2.2.19, and issue resolution FUML13-23)
      This requires adjusting the implementation of DoActivityContextObject, which redefines the inherited send operation.
    2. API changes introduced in the EventOccurrence class (see issue resolutions FUML13-25, FUML13-1, and FUML13-60)
      These API changes impact the specification of the trigger-matching semantics of CompletionEventOccurrence and DeferredEventOccurrence (see [PSSM 1.0b], 8.5.9). Specifically, a completion event cannot match a trigger since it is used to only trigger transitions with no triggers, and a deferred event occurrence merely delegates to the matching semantics of the deferred event. fUML now also provides the capability for an EventOccurrence to be sent through its own execution thread, but neither the CompletionEventOccurrence nor the DeferredEventOccurrence use this capability. Finally, the alignment with the new EventOccurrence API enables the refactoring of the code of StateActivation (canDefer, defer and notifyCompletion operations), SM_ObjectActivation (registerCompletionEvent operation), TransitionActivation (canFireOne and hasTrigger operations), StateMachineEventAccepter (isDeferred operation) and StateMachineSemanticVisitor (removal of the match operation).
    3. Introduction of class CS_EventOccurrence in PSCS (see [PSSM 1.0b], 8.5.1.2.7, and issue resolution PSCS11-6)
      This requires refactoring EventTriggeredExecution (see [PSSM 1.0b], 8.5.10.1), StateMachineEventAccepter (see [PSSM 1.0b], 8.5.2) and SM_OpaqueExpressionEvaluation (see [PSSM 1.0b], 8.2) to account for the possibility of receiving an CS_EventOccurrence .
    4. Handling of call events in fUML (see [fUML 1.3], 7.3.3 and 8.8, and issue resolution FUML13-16)
      Since fUML 1.3 now includes CallEvent, this no longer needs to be added in the syntax subset for PSSM (see [PSSM 1.0b], 7.5), and CallEventOccurrence and CallEventExecution (and all the associations in which they are involved) can be removed from the semantics for PSSM (see [PSSM 1.0b], 8.5.9).
  • Updated: Mon, 1 Apr 2019 18:19 GMT

"Join 003" test case state machine diagram appears to be invalid

  • Key: PSSM_-8
  • Status: closed  
  • Source: AGI ( Daniel Yankowsky)
  • Summary:

    According to the UML 2.5.1 spec, join pseudostates have a constraint `join_vertex` that ensures that joins have exactly one outgoing transition. Similarly, fork pseudostates have a constraint `fork_vertex` that ensures that forks have exactly one incoming transition. The state machine in "Join 003" includes a heavy bar (which could be interpreted as either a fork or join) that has two incoming transitions and two outgoing transitions. But due to the constraints, it can't be either. In the notation section of the UML 2.5.1 spec, there doesn't seem to be any affordance for a single drawn symbol in the state machine diagram to represent both a fork AND a join instance from the metamodel.

    This diagram appears to violate the `join_vertex` constraint of the metamodel.

  • Reported: PSSM 1.0b1 — Wed, 29 Aug 2018 19:22 GMT
  • Disposition: Resolved — PSSM 1.0
  • Disposition Summary:

    Resolution of issues PSSM_-8 and PSSM_-11

    Agreed. Join003_Test violates constraints join_segment_guards (see subclause 14.5.11.8 in [UML 2.5.1]) and join_vertex (see subclause 14.5.6.7 in [UML 2.5.1]).

    • join_segment_guards implies that a transition targeting a join pseudostate cannot have a guard and trigger.
    • join_vertex implies that a join pseudo state can only have a single outgoing transition.

    Hence, the state machine specifying the test behavior shall be updated as well as the description provided in the subclause 9.3.12.4 of [PSSM 1.0b].

  • Updated: Mon, 1 Apr 2019 18:19 GMT
  • Attachments:

Typos in "Note" section of "9.3.3.12 Transition 019"

  • Key: PSSM_-10
  • Status: closed  
  • Source: AGI ( Daniel Yankowsky)
  • Summary:

    The "Note" section says "Consider the situation where the state machine is in configuration S1[S1.1, S1.2]". This is an impossible configuration; it should read "... in configuration S1[S1.1, S2.1]". The note later says "CE(2.1) will be triggered next", but it should read "CE(2.2) will be triggered next".

  • Reported: PSSM 1.0b1 — Thu, 13 Sep 2018 18:33 GMT
  • Disposition: Resolved — PSSM 1.0
  • Disposition Summary:

    Resolution of issue PSSM_-10

    This is correct.

    • At the third line of the note, S1[S1.1, S1.2] designates an invalid configuration. The intended configuration is S1[S1.1, S2.1].
    • At the last line of the note, the reference to the completion event for S2.1 is invalid. Indeed, this reference must be for the completion event generated for S2.2.

    The changes to perform are limited to the Note in subclause 9.3.3.12 of [PSSM 1.0b].

  • Updated: Mon, 1 Apr 2019 18:19 GMT

Example state machine appears to violate UML constraints

  • Key: PSSM_-9
  • Status: closed  
  • Source: AGI ( Daniel Yankowsky)
  • Summary:

    In this state machine, there is a fork pseudostate with two outgoing transitions. One transition targets a state, while the other transition appears to target a junction pseudostate.

    The UML 2.5.1 spec includes the constraint `fork_segment_state` (14.5.11.8 Constraints) that requires that any transition originating at a fork must terminate at a state. Such a transition is not allowed to terminate at a pseudostate.

    (Incidentally, that particular constraint doesn't seem particularly useful, as any undesirable case that the constraint is trying to prevent could be instead created via default entry into an orthogonal state. But the constraint exists nonetheless.)

  • Reported: PSSM 1.0b1 — Thu, 13 Sep 2018 17:26 GMT
  • Disposition: Resolved — PSSM 1.0
  • Disposition Summary:

    Resolution of issue PSSM_-9

    Agreed. Transition_023 violates constraint fork_segment_state (see subclause 14.5.11.8 in [UML 2.5.1]). Indeed, transition T4 outgoing the fork pseudostate directly targets a junction pseudostate. This is forbidden since the constraints specifies that a transition outgoing a fork pseudostate shall only have a state as a target.

    Hence, the state machine specifying the test behavior shall be updated as well as the description provided in the subclause 9.3.3.15 of [PSSM 1.0b].

  • Updated: Mon, 1 Apr 2019 18:19 GMT
  • Attachments: