Generic Constraints

Generic constraints treat data parameters and time stamps uniformly. In the CommaSuite framework, time and data constraints are translated to generic constraints and then evaluated. This is transparent to the user.

Users should always try first to express a constraint as a time or data constraint. If this is not possible due to limited expressive power then generic constraints can be used.

The basic element of a generic constraint is an event pattern, which may match with an observed event. It is described by the following parts:

  • "["

  • time stamp "," where the time stamp is a variable of type real

  • an optional counter "," ; a counter is a variable of type integer which is incremented every time the event occurs

  • an optional negation symbol: "!"

  • an optional list of state names of the form: "in state" state name "," …​ "," state name

  • an event description:

    • "signal" S, "command" C, or "notification" N followed by an optional list of parameters "(" param_1, …​, param_n ")" where the parameters are expressions or variables and S, C, and N are concrete event names

    • "reply" (optional parameters) "to" "command" C (optional parameters)

    • "reply" (optional parameters) "to" "any command" X where X is a string variable ranging over command names

    • "any command", "any signal", "any notification", or "any event"; optionally a string variable ranging over event names can be used

  • an optional: "when" condition; the condition can use variables in the event description and variables in the state machines when the constraint is given in the scope of an interface

  • an optional: "," condition; the condition can use time stamp, counter and event description variables

  • "]"

A step is formed by the "or" of a number of event patterns:

  • EP1 "|" …​ "|" EP2

Steps can be combined into a sequence element:

  • Step1 "until" Step2 ; this formula holds for a sequence of events if the sequence can be split in two parts, where the Step1 holds on the first part, Step2 does not hold on the first part, and Step2 holds on the second part.

  • Step1 "wuntil" Step2 ; the "weak until" is similar to the until case, but allows additionally that Step1 holds for the full event sequence and Step2 never holds.

Sequential composition of these sequence elements leads to a sequence formula, where optionally a condition can be added:

  • SE1 ";" …​ ";" SEn ["&" condition ] ; such a sequence formula holds for an event sequence if the event sequence can be split into n parts where the first part satisfies SE1, the second part SE2, etc.

Examples
Note that generic constraints have a name and can use variables, similar to time and data constraints.

generic constraints
variables
real t1
real t2
real t3

GCS1
[t1 , command SwitchOn ];
[t2 , any event ];
[t3 , signal SwitchOff , t3 > t1 + 10.7 ]

GCS2
[t1 , in state Operational notification OutOfOrder  ];
[t2 , ! in state Error command SwitchOn ];
[t3 , in state Error reply(Result::OK) to command Reset , t3 < t1 + 100.0]

GCU1
[t1 , command OrderProduct when credit > 0];
[t2 , reply(OrderResult::DELIVERED) , t2 < t1 + 50.0]

GCU2
[ t1 , reply(n,CoinResult::ACCEPTED) to command InsertCoin];
[ t2 , ! reply to command ReturnMoney ];
[ t3 , reply(v) to comman ReturnMoney] & v > 0

Sequence formulas can be combined into a general formula. Any sequence formula is a general formula and for formulas F, F1, F2, the following are also formulas:

  • "{" F "}"

  • "NOT" F

  • F1 "AND" F1

  • F1 "OR" F2

  • F1 "" F1

  • Conditional Follow F1 "CF" F2 ; this formula expresses that if there is a first part of an event sequence that satisfies F1 then the remaining part should satisfy F2.

  • Constraint Sequence F "where" condition holds if either F does not hold, or F holds and then also the condition must be true

Examples
As an advanced example, we show two ways to express that no two signals occur with the same name and same time stamp. Note the use of string variables to denote signal names.

generic constraints
variables
real t1
real t2
real t3
string X
string Y

GC1
NOT { [t1, any signal X];
      [t2, any signal, t1 == t2]
      until
      [t3, any signal Y, t1 == t3 and X == Y]
    }

GC2
[t1, any signal X]
CF
[t2, any signal Y, X != Y]
until
[t3, any signal, t1 != t3]

The next example shows a generic component constraint of a component with ports DevicePort and ApplicationPort called MaxDistance. This constraint expresses that if a reply to command SensorGetData is observed at time t1 with value v1 on DevicePort and next, after an arbitrary number of other events, a reply to command GetData at time t2 with value v2 on ApplicationPort is observed where v2 is greater than v1, then either v1 and v2 are different or t2 – t1 is less than 100. This expresses that command GetData returns a recently obtained value.

generic constraints
variables
real t
real t1
real t2
real v1
real v2
MaxDistance
[ t1, DevicePort::reply(v1) to command SensorGetData ];
[ t, any ApplicationPort::event ] | [ t, any DevicePort::event ]
until [ t2, ApplicationPort::reply(v2) to command GetData, v1 <= v2 ]
where v1 != v2 or t2 - t1 < 100.0