Formal Aspects of Computing

, Volume 25, Issue 2, pp 159–187 | Cite as

Relating computer systems to sequence diagrams: the impact of underspecification and inherent nondeterminism

  • Ragnhild Kobro Runde
  • Atle Refsdal
  • Ketil Stølen
Original Article


Having a sequence diagram specification and a computer system, we need to answer the question: Is the system compliant with the sequence diagram specification in the desired way? We present a procedure for answering this question for sequence diagrams with underspecification and inherent nondeterminism. The procedure is independent of any concrete technology, and relies only on the execution traces that may be produced by the system. If all traces are known, the procedure results in either “compliant” or “not compliant”. If only a subset of the traces is known, the conclusion may also be “likely compliant” or “likely not compliant”.


Sequence diagrams Computer systems Refinement Implementation Compliance Denotational trace semantics 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. AS85.
    Bowen B, Schneider FB (1985) Defining liveness. Inf Process Lett 21(4): 181–185MATHCrossRefGoogle Scholar
  2. Bow06.
    Bowles JKF (2006) Decomposing interactions. In: Algebraic methodology and software technology (AMAST 2006). LNCS, vol 4019. Springer, Berlin, pp 189–203Google Scholar
  3. BS01.
    Broy M, Stølen K (2001) Specification and development of interactive systems: FOCUS on streams, interfaces, and refinement. Springer, BerlinGoogle Scholar
  4. BvW98.
    Back R-J, von Wright J (1998) Refinement calculus: a systematic introduction. Springer, BerlinMATHCrossRefGoogle Scholar
  5. CF04.
    Cavarra A, Filipe JK (2004) Formalizing liveness-enriched sequence diagrams using ASMs. In: Abstract state machines (ASM 2004). LNCS, vol 3052. Springer, Berlin, pp 62–77Google Scholar
  6. CF05.
    Cavarra A, Filipe JK (2005) Combining sequence diagrams and OCL for liveness. Electron Notes Theor Comput Sci 115: 19–38CrossRefGoogle Scholar
  7. CK04.
    Cengarle MV, Knapp A (2004) UML 2.0 interactions: semantics and refinement. In: Proceedings 3rd international workshop on critical systems development with UML (CSDUML’04). Technical report TUM-I0415. Institut für Informatik, Technische Universität München, pp 85–99Google Scholar
  8. DH01.
    Damm W, Harel D (2001) LSC’s: breathing life into message sequence charts. Formal Methods Syst Des 19(1): 45–80MATHCrossRefGoogle Scholar
  9. Fil06.
    Filipe JK (2006) Modelling concurrent interactions. Theor Comput Sci 351(2): 203–220MATHCrossRefGoogle Scholar
  10. Gau95.
    Gaudel M-C (1995) Testing can be formal, too. In: Theory and practice of software development (TAPSOFT’95). LNCS, vol 915. Springer, Berlin, pp 82–96Google Scholar
  11. GS05.
    Grosu R, Smolka SA (2005) Safety-liveness semantics for UML 2.0 sequence diagrams. In: Proceedings applications of concurrency to system design (ACSD’05). IEEE Computer Society, pp 6–14Google Scholar
  12. HHRS05.
    Haugen Ø, Husa KE, Runde RK, Stølen K (2005) STAIRS towards formal design with sequence diagrams. Softw Syst Model 4(4): 349–458CrossRefGoogle Scholar
  13. HM03.
    Harel D, Marelly R (2003) Come, let’s play: scenario-based programming using LSCs and the play-engine. Springer, BerlinGoogle Scholar
  14. HM08.
    Harel D, Maoz S (2008) Assert and negate revisited: modal semantics for UML sequence diagrams. Softw Syst Model 7(2): 237–252CrossRefGoogle Scholar
  15. Hoa85.
    Hoare CAR (1985) Communicating sequential processes. Prentice-HallGoogle Scholar
  16. HS03.
    Haugen Ø, Stølen K (2003) STAIRS—steps to analyze interactions with refinement semantics. In: The unified modeling language. Modeling languages and applications (UML 2003). LNCS, vol 2863. Springer, Berlin, pp 388–402Google Scholar
  17. ISO89.
    International Standards Organization (1989) Information processing systems—open systems interconnection—LOTOS—a formal description technique based on the temporal ordering of observational behaviour—ISO 8807Google Scholar
  18. Jac89.
    Jacob J (1989) On the derivation of secure components. In: Proceedings of the IEEE symposium on security and privacy, pp 242–247Google Scholar
  19. JMV04.
    Juristo N, Moreno AM, Vegas S (2004) Reviewing 25 years of testing technique experiments. Empirical Softw Eng 9(1–2): 7–44CrossRefGoogle Scholar
  20. Jur01.
    Jürjens J (2001) Secrecy-preserving refinement. In: Formal methods for increasing software productivity (FME 2001). LNCS, vol 2021. Springer, Berlin, pp 135–152Google Scholar
  21. Kru00.
    Krüger IH (2000) Distributed system design with message sequence charts. PhD thesis. Technische Universität MünchenGoogle Scholar
  22. KW07.
    Knapp A, Wuttke J (2007) Model checking of UML 2.0 interactions. In: Models in software engineering. LNCS, vol 4364. Springer, Berlin, pp 42–51Google Scholar
  23. LAMB89.
    Larsen PG, Arentoft MM, Monahan BQ, Bear S (1989) Towards a formal semantics of the BSI/VDM specification language. In: Information processing 89: proceedings IFIP 11th world computer congress. Elsevier, Amsterdam, pp 95–100Google Scholar
  24. LRS10.
    Lund MS, Refsdal A, Stølen K (2010) Semantics of UML models for dynamic behavior. A survey of different approaches. In: Model-based engineering of embedded real-time systems. LNCS, vol 6100. Springer, Berlin, pp 77–103Google Scholar
  25. LS06.
    Lund MS, Stølen K (2006) Deriving tests from UML 2.0 sequence diagrams with neg and assert. In: Proceedings 1st international workshop on automation of software test (AST’06). ACM Press, pp 22–28Google Scholar
  26. Lun08.
    Lund MS (2008) Operational analysis of sequence diagram specifications. PhD thesis, University of OsloGoogle Scholar
  27. Lun09.
    Lund MS (2009) Model-based testing with the escalator tool. Telektronikk 105(1): 117–125MathSciNetGoogle Scholar
  28. LY96.
    Lee D, Yannakakis M (1996) Principles and methods of testing finite state machines—a survey. Proc IEEE 84(8): 1090–1123CrossRefGoogle Scholar
  29. MW10.
    Micskei Z, Waeselynck H (2010) The many meanings of UML 2 sequence diagrams: a survey. Softw Syst Model (Online First), 1–26Google Scholar
  30. OMG06.
    Object Management Group (2006) Object constraint language 2.0, document: formal/2006-05-01 editionGoogle Scholar
  31. OMG10.
    Object Management Group (2010) UML 2.3 superstructure specification, document: formal/2010-05-05 editionGoogle Scholar
  32. RHS05a.
    Runde RK, Haugen Ø, Stølen K (2005) How to transform UML neg into a useful construct. In: Proceedings Norsk Informatikkonferanse (NIK 2005), Tapir, pp 55–66Google Scholar
  33. RHS05b.
    Runde RK, Øystein H, Stølen K (2005) Refining UML interactions with underspecification and nondeterminism. Nordic J Comput 12(2): 157–188MathSciNetMATHGoogle Scholar
  34. Ros95.
    Roscoe B (1995) CSP and determinism in security modelling. In: Proceedings 1995 IEEE symposium on security and privacy. IEEE Computer Society Press, pp 114–127Google Scholar
  35. Ros98.
    Roscoe AW (1998) The theory and practice of concurrency. Prentice-HallGoogle Scholar
  36. RRS07.
    Runde RK, Refsdal A, Stølen K (2007) Relating computer systems to sequence diagrams with underspecification, inherent nondeterminism and probabilistic choice. Part 2: probabilistic choice. Technical report 347, Department of Informatics, University of OsloGoogle Scholar
  37. RRS11.
    Runde RK, Refsdal A, Stølen K (2011) Relating computer systems to sequence diagrams—the impact of underspecification and inherent nondeterminism. Technical report 410, Department of Informatics, University of OsloGoogle Scholar
  38. SBDB97.
    Steen M, Bowman H, Derrick J, and Boiten E (1997) Disjunction of LOTOS specifications. In: Formal description techniques and protocol specification, testing and verification (FORTE X/PSTV XVII ’97). Chapman & Hall, pp 177–192Google Scholar
  39. SC06.
    Sengupta B, Cleaveland R (2006) Triggered message sequence charts. IEEE Trans Softw Eng 32(8): 587–607CrossRefGoogle Scholar
  40. SS06.
    Seehusen F, Stølen K (2006) Information flow property preserving transformation of UML interaction diagrams. In: Proceedings symposium on access control models and technologies (SACMAT 2006). ACM, New York, pp 150–159Google Scholar
  41. SSS09.
    Seehusen F, Solhaug B, Stølen K (2009) Adherence preserving refinement of trace-set properties in STAIRS: exemplified for information flow properties and policies. Softw Syst Model 8(1): 45–65CrossRefGoogle Scholar
  42. Sto03.
    Störrle H (2003) Assert, negate and refinement in UML-2 interactions. In: Proceedings 2nd international workshop on critical systems development with UML (CSDUML’03). Technical report TUM-I0317, Institut für Informatik, Technische Universität München, pp 79–93Google Scholar
  43. Tre99.
    Tretmans J (1999) Testing concurrent systems: a formal approach. In: Proceedings 10th international conference on concurrency theory (CONCUR’99). LNCS, vol 1664. Springer, Berlin, pp 46–65Google Scholar
  44. UBC07.
    Uchitel S, Brunet G, Chechik M (2007) Behaviour model synthesis from properties and scenarios. In: Proceedings 29th international conference in software engineering (ISCE’07). IEEE Computer Society, pp 34–43Google Scholar
  45. WM01.
    Walicki M, Meldal S (2001) Nondeterminism vs. underspecification. In: Proceedings systemics, cybernetics and informatics (ISAS-SCI 2001). IIIS, pp 551–555Google Scholar

Copyright information

© British Computer Society 2011

Authors and Affiliations

  • Ragnhild Kobro Runde
    • 1
  • Atle Refsdal
    • 1
    • 2
  • Ketil Stølen
    • 1
    • 2
  1. 1.Department of InformaticsUniversity of OsloOsloNorway
  2. 2.SINTEF ICTOsloNorway

Personalised recommendations