251 7.4.11 Exhaustive simulation with GOAL observers.. However, to my knowledge, 13 yearsafter that release, this is the first book published on validation of SDL systems by simulation.Ve
Trang 2Validation of Communications
Systems with SDL
Trang 5Copyright 2003 John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester,
West Sussex PO19 8SQ, England Telephone ( +44) 1243 779777 Email (for orders and customer service enquiries): cs-books@wiley.co.uk
Visit our Home Page on www.wileyeurope.com or www.wiley.com
All Rights Reserved No part of this publication may be reproduced, stored in a retrieval system or
transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except under the terms of the Copyright, Designs and Patents Act 1988 or under the terms of a licence issued by the Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London W1T 4LP, UK, without the permission in writing of the Publisher Requests to the Publisher should be addressed to the Permissions Department, John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England, or emailed to permreq@wiley.co.uk, or faxed to ( +44) 1243 770620.
This publication is designed to provide accurate and authoritative information in regard to the subject matter covered It is sold on the understanding that the Publisher is not engaged in rendering professional services If professional advice or other expert assistance is required, the services of a competent professional should be sought.
Other Wiley Editorial Offices
John Wiley & Sons Inc., 111 River Street, Hoboken, NJ 07030, USA
Jossey-Bass, 989 Market Street, San Francisco, CA 94103-1741, USA
Wiley-VCH Verlag GmbH, Boschstr 12, D-69469 Weinheim, Germany
John Wiley & Sons Australia Ltd, 33 Park Road, Milton, Queensland 4064, Australia
John Wiley & Sons (Asia) Pte Ltd, 2 Clementi Loop #02-01, Jin Xing Distripark, Singapore 129809
John Wiley & Sons Canada Ltd, 22 Worcester Road, Etobicoke, Ontario, Canada M9W 1L1
Wiley also publishes its books in a variety of electronic formats Some content that appears
in print may not be available in electronic books.
British Library Cataloguing in Publication Data
A catalogue record for this book is available from the British Library
ISBN 0-470-85286-0
Typeset in 10/12pt Times by Laserwords Private Limited, Chennai, India
Printed and bound in Great Britain by Antony Rowe Ltd, Chippenham, Wiltshire
This book is printed on acid-free paper responsibly manufactured from sustainable forestry
in which at least two trees are planted for each one used for paper production.
Trang 6To my parents
To Martine
To Elsa
Trang 8Preface . xi
Foreword xiii
1 Introduction . 1
1.1 Validation of Communications Systems . 1
1.2 SDL, Language to Master Complex Systems Development . 2
1.2.1 Overview of SDL . 2
1.2.2 Benefits provided by SDL . 3
1.3 Simulation Life Cycle . 4
1.4 Contents of the Book . 6
1.5 Tools and Platforms Used . 7
2 Quick Tutorial on SDL . 9
2.1 Structure of an SDL Model . 9
2.1.1 System, block and process . 9
2.1.2 Scope of declarations 10
2.1.3 Process 10
2.1.4 Procedure 11
2.2 Communication 11
2.2.1 Signals 11
2.2.2 Channel 13
2.2.3 Signal route 13
2.3 Behavior 13
2.3.1 Structure of a transition 13
2.3.2 Start 14
2.3.3 States 15
2.3.4 Input 15
2.3.5 Save 16
2.3.6 Variables 17
2.3.7 Stop 17
2.3.8 Task 17
2.3.9 Create 18
2.3.10 Output 18
2.3.11 Decision 19
2.3.12 Timers 19
2.4 Data Types 20
Trang 9viii Contents
2.4.1 Predefined data 20
2.4.2 Array 21
2.4.3 Synonym and syntype 21
2.4.4 Newtype 21
2.5 Constructs for Better Modularity and Genericity 22
2.5.1 Package 22
2.5.2 Types, instances and gates 22
2.5.3 Specialization 24
3 The V.76 Protocol Case Study 25
3.1 Presentation 25
3.2 Specification of the V.76 Protocol 26
3.2.1 Abbreviations used 26
3.2.2 Exchange identification procedures (XID) 27
3.2.3 Establishment of a data link connection 27
3.2.4 Information transfer modes 28
3.2.5 Release of a DLC 28
3.3 Analysis MSCs for the V.76 Protocol 28
3.4 The SDL Model of V.76 30
3.4.1 The simulation configuration of V.76 30
3.4.2 The package V76 30
3.4.3 The block dataLink 35
4 Interactive Simulation 39
4.1 Principles 39
4.2 Case Study with Tau SDL Suite 40
4.2.1 Prepare the Simulator 40
4.2.2 Validate against the main scenarios 44
4.2.3 Detect a bug in the SDL model 50
4.2.4 Detect nonsimulated parts 55
4.2.5 Validate against more scenarios 58
4.2.6 Write a script for automatic validation 62
4.2.7 Other Simulator features 63
4.3 Case Study with ObjectGeode 68
4.3.1 Prepare the Simulator 69
4.3.2 Validate against the main scenarios 75
4.3.3 Detect a bug in the SDL model 79
4.3.4 Detect nonsimulated parts 86
4.3.5 Validate against more scenarios 88
4.3.6 Write a script for automatic validation 93
4.3.7 Other Simulator features: watch, trace, filter etc. 95
4.4 Errors Detectable by Interactive Simulation 108
4.4.1 Dynamic errors detected by Tau SDL suite Simulator 108
4.4.2 Dynamic errors detected by ObjectGeode SDL Simulator 109
4.4.3 Dynamic errors not checked 110
5 Automatic Observation of Simulations 111
5.1 Principles 111
Trang 10Contents ix
5.1.1 Automatic checking of model properties 111
5.1.2 Specificity of observation with MSCs in Tau SDL Suite 113
5.2 Case study with Tau SDL Suite 114
5.2.1 Simulate with user-defined rules 114
5.2.2 Simulate with a basic MSC 117
5.2.3 Simulate with an MSC containing inline operators 119
5.2.4 Simulate with an HMSC 121
5.2.5 More details on MSCs 127
5.2.6 Simulate with observer processes 132
5.2.7 More details on observer processes 134
5.3 Case Study with ObjectGeode 136
5.3.1 Simulate with stop conditions 136
5.3.2 Simulate with a basic MSC 139
5.3.3 Simulate with a hierarchical MSC 142
5.3.4 More details on MSCs 149
5.3.5 Simulate with GOAL observers 159
5.3.6 More details on GOAL observers 161
6 Random Simulation 167
6.1 Principles 167
6.2 Case Study with Tau SDL Suite 167
6.2.1 Random simulation without observers 167
6.2.2 Multiple random simulations 169
6.2.3 Random simulation with observers 170
6.3 Case Study with ObjectGeode 172
6.3.1 Random simulation without observers 172
6.3.2 Multiple random simulations 174
6.3.3 Random simulation with observers 175
6.3.4 Details on random simulation 179
6.4 Errors Detectable by Random Simulation 180
7 Exhaustive Simulation 181
7.1 Introduction 181
7.1.1 Exhaustive simulation 181
7.1.2 Bit-state simulation 184
7.1.3 On-the-fly validation 184
7.2 Simple Examples 185
7.2.1 Exhaustive simulation of the ping TCP/IP command 185
7.2.2 Exhaustive simulation of counters 190
7.3 Case Study with Tau SDL Suite 191
7.3.1 One second to detect missing save of v76frame 192
7.3.2 One second to detect missing input L ReleaseReq 197
7.3.3 One second to detect missing input L DataReq 199
7.3.4 Millions of states: detect output to Null 202
7.3.5 Forty seconds to detect missing save of L DataReq 206
7.3.6 Two minutes to detect missing input L ReleaseReq and answer DM 210 7.3.7 Three minutes, 6.7 million states, no error 214
7.3.8 Bit-state simulation with a user-defined rule 217
Trang 11x Contents
7.3.9 Verifying an MSC with bit-state simulation 218
7.3.10 Bit-state simulation with observer processes 220
7.4 Case Study with ObjectGeode 221
7.4.1 One second to detect missing save of v76frame 221
7.4.2 One second to detect missing input L ReleaseReq 225
7.4.3 One second to detect missing input L DataReq 227
7.4.4 Seventeen seconds to explore 87174 global states 230
7.4.5 Add faults in block dataLink : detect output to Null 235
7.4.6 Twenty-two seconds to detect missing save of L DataReq 240
7.4.7 Eleven minutes to detect missing input L ReleaseReq and answer DM 243
7.4.8 Eleven minutes, 2.8 million states, no error 248
7.4.9 Exhaustive simulation with stop conditions 250
7.4.10 Exhaustive simulation with MSC observers 251
7.4.11 Exhaustive simulation with GOAL observers 253
7.5 Other Simulation Algorithms 256
7.5.1 Tau SDL Suite 256
7.5.2 ObjectGeode: supertrace 256
7.5.3 ObjectGeode: liveness 257
7.6 Strategy to Master Exhaustive Simulation 262
7.6.1 Which simulation modes should be used 262
7.6.2 If simulation never terminates 263
7.7 Errors Detectable by Exhaustive Simulation 264
7.7.1 Errors detected by Tau SDL Suite 264
7.7.2 Errors detected by ObjectGeode 265
8 Other Simulator Features 267
8.1 Tau SDL Suite 267
8.1.1 Writing in the Simulator trace 267
8.1.2 Calling external C code 267
8.1.3 Simulating ASN.1 data types 270
8.1.4 Adding buttons to the Simulator 270
8.1.5 Adding buttons to the Validator 272
8.1.6 Setting breakpoints in the Simulator 272
8.1.7 Running several communicating Simulators 273
8.1.8 Real-time simulation 275
8.1.9 List of Validator options 275
8.2 ObjectGeode 279
8.2.1 Writing in the Simulator trace 279
8.2.2 Calling external C code 279
8.2.3 Simulating ASN.1 data types 281
8.2.4 Adding buttons to the Simulator 281
8.2.5 Simulation scheduling like in Tau SDL Simulator and Validator 282
8.2.6 List of Simulator settings 284
Bibliography 289
Index 293
Trang 12to severe technoweenies.
Readers who want to practise the exercises described in the book must contact the SDL toolvendors (see their updated list on www.sdl-forum.org), who generally provide free licenses forevaluation or cheap licenses for universities
The first versions of ObjectGeode and Tau SDL Suite including a simulator, named Geodeand SDT at that time, have been released around 1989 However, to my knowledge, 13 yearsafter that release, this is the first book published on validation of SDL systems by simulation.Very few other commercial tools or languages provide such a range of features for thevalidation and development of communications systems and software
Some may question the need for this book, as the SDL tools have their own documentation.The answer is that the documentation of each tool, assuming one of your colleagues has nottaken it away, contains thousands of pages, which is not always organized to present first thebasic simulation notions and then to introduce progressively more advanced features In thebook, every notion presented is illustrated by a hands-on systematic example, which has beenactually executed on the two simulation tools, with direct explanations
Although this book describes how to validate telecommunication systems, it can be used tovalidate the behavior of other kinds of real-time systems that can be modeled by communicatingstate machines
I hope that this book will reveal to students or managers the power of SDL simulation, andwill help designers and developers in the validation of their SDL models
Laurent Doldi
Trang 14‘Better’, ‘faster’ and ‘cheaper’ are the master words nowadays: how to build the best product,spend less and finish in time Every project manager knows this triptych: every time she or hestarts a new project, it could turn into a nightmare CMM-I, Six Sigma, COCOMO II, MDA,MDD, XML and others are answers that have resulted from different industries involving thedevelopment of complex systems
Modeling techniques have had significant quality and productivity impact in domains rangingfrom business processes to embedded real-time applications The Unified Modeling Language(UML), Model Driven Architecture (MDA), Component Based Development (CBD), Use CaseMaps, Message Sequence Charts (MSCs), and Specification and Description Language (SDL)all support modeling concepts that help reduce the impedance mismatch between models of theproblem domain and designs in the solution domain
Programming languages are no longer the necessary and sufficient condition to success Alleffort is put in product development to better manage the process Requirement management,system and software architecture, and model development are part of the artifacts of a goodsystem or software development process
Simulation, one of the most acclaimed requirements to UML 2.0, helps software engineerswho simulate the software architecture as well as its design for a better verification and valida-tion of what is being built Simulation can only be based on a formal language with a clearlydefined syntax and semantics Formal abstract languages such as SDL and the upcoming UML2.0, are the answers for modelers with concerns such as verifying architecture models anddesign models
Why simulate? What to simulate? How to simulate Answers to these questions are found
in this book, which is a result of the vast experience Laurent Doldi has acquired in the morethan two decades during which he was involved as a consultant engineer, in complex systemengineering, in tool development and in teaching classes Whether your concern is verification orvalidation, you will find in this book a systematic and practical approach aimed at engineers Itwill guide you through the use of tools to perform simulation, architecture or design debugging
by getting coverage of your requirements expressed as test cases using MSCs, meet your qualityexpectations and get a faster return on investment not only for the tools but also during productdevelopment
Jamel Marzouki
Distinguished Member of the Technical Staff, Motorola Labs, Schaumburg, IL
Trang 16Introduction
1.1 VALIDATION OF COMMUNICATIONS SYSTEMS
Communications systems and software are more and more difficult to develop: they includecomplex features such as wireless and mobile access, under strong constraints such as low size,weight or power consumption, interworking, total interoperability, security, short time-to-marketand low cost
Respecting such an array of constraints requires a high quality of the specifications orstandards used for their development This is why the specifications of many communica-tions systems are based on SDL (Specification and Description Language) or at least containSDL parts describing complex behaviors Examples of such systems are the GSM second-generation mobile telephony system, the UMTS third-generation mobile telephony system, theETSI HiperLAN 2 Broadband Radio Access Network or the IEEE 802.11 wireless Ethernetlocal area network
Validation of such systems by simulation of SDL models is useful, for example, at thefollowing stages:
• when standards are created by the organizations, to check that the behavior of the system
is correct, to generate Message Sequence Charts (MSCs) (sequence diagrams) illustratingtypical use cases, or to generate TTCN (Tree and Tabular Combined Notation) test cases totest the conformance of future implementations;
• before the implementation of a standard by a company, because standards rarely contain afinished SDL model ready to be translated into the application code;
• to provide nonambiguous low-error specifications to a contractor, enabling a quicker and lessexpensive implementation;
• after changes in the specifications, to check that the system has not regressed
During all these stages, the simulation allows the detection of specification or design-levelanomalies, preventing them to be embedded in the implementation Once the code is loadedinto a target device embedded into a complex test environment, each error detected is moredifficult and expensive to analyze than during an SDL model simulation: the error can comenot only from the specification but also from the coding, from the testing environment, fromthe hardware and so on
Also, SDL simulation enables the execution of the specification before the target hardwareand software platform is available: board, board support package, compiler and so on
Validation of Communications Systems with SDL: The Art of SDL Simulation and Reachability Analysis.
Laurent Doldi 2003 John Wiley & Sons, Ltd ISBN: 0-470-85286-0