CONCLUSIONES

We have implemented the translation of TCA to propositional formulas with linear arithmetic, as presented in Section 3.1.3, in ECT. In this section, we describe the implementation of our TCA formula generation.

ECT provides support for code generation (into an arbitrary target language) in package cwi.codegen, cf. Figure 5.5. A new code generator is defined by imple- menting the interface ICodeGenerator (or extending one of its abstract subclasses). Interface IGenModel encapsulates the data needed for code generation, that means, the properties (content information) of the underlying model that influence the generated code. It offers methods to manipulate these properties. Properties are

5.1. IMPLEMENTATION 93 interface ICodeGenerator +generateCode(IGenModel genModel) +initGenModel(IGenModel genModel) +validateGenModel(IGenModel genModel):IStatus interface IGenModel PROJECT LOCATION:String PROJECT NAME:String +getProperty(String key):String

+setProperty(String key, String value) AbstractCodeGenerator

JavaCodeGenerator

GenericGenModel

content 1

Figure 5.5: Packagecwi.codegen

key/value pairs of type String, new properties can be easily defined by calling set- Property(key,value) on an (until then) undefined key. IGenModel defines the two properties PROJECT LOCATION and PROJECT Name which every code genera- tor should support.

The sources for the TCA formula generation extension are located in package

cwi.ea.extensions.clocks.codegen, cf. Figure 5.6. InterfaceSMTFormulaTemplate can be seen as the main class of the extension. It defines a generic template for in- termediate representation of TCA, and serves as a superclass for template classes that generate formulas for different back-ends. Currently, there exists only one class that implements SMTFormulaTemplate in package cwi.ea.extensions.clocks.codegen,

MathSATFormulaTemplate. This class is used to generate input files for the _Math-

SAT [mat] tool.6

For each of the constituentsϕX _{of the formula representation (3.16) (cf. Table 3.4}

on Page 50), SMTFormulaTemplate defines a method signature buildX to generate the corresponding formula: buildInit() forϕinit _{(3.10),buildTrans() forϕ}trans _(3.13), buildLocation() forϕlocation _{(3.14), andbuildMutex() forϕ}mutex _{(3.15). The boolean}

parameter unfold in the latter three is used to determine whether to generate the step-abstract variant of the formula, that means with indices t and t+1, or the unfolded variant (cf. Section 3.2.2). In the former case, the return value should be a singleton list, in the latter case, the list should contain one entry for every unfolding depth, sorted in ascending order. The boolean parameter product in buildTrans()

determines whether to generate delay transitions for products of TCA, cf. (3.17). Subclasses ofSMTFormulaTemplate will have to implement these methods such that they generate formulas in the appropriate input format for the intended back-end solver, while following the constraints explained above.

6_For

94 CHAPTER 5. TOOL DEVELOPMENT AND CASE STUDIES SMTFormulaGenerator +generateCode(IGenModel genModel) +initGenModel(IGenModel genModel) +validateGenModel(IGenModel genModel):IStatus AbstractCodeGenerator (in cwi.codegen) interface SMTFormulaTemplate +buildInit():String

+buildTrans(boolean unfold, boolean product):EList<String>

+buildLocation(boolean unfold):EList<String>

+buildMutex(boolean unfold):EList<String>

+toString():String

+toProductString(EList<SMTFormulaTemplate> templates):String

MathSATFormulaTemplate −Automaton automaton

−int unfoldingDepth −int upperBound

−String reachableStateName

+MathSATFormulaTemplate(Automaton auto, String state, int depth, int upB)

content 1..*

Figure 5.6: Package cwi.ea.extensions.clocks.codegen

The formula representation (in String format) for a single SMTFormulaTemplate

object is obtained by calling method toString() . Method toProductString() is used to generate the product representation for a list of templates. Subclasses of SMT- FormulaTemplate will typically implement these methods such that they call the

buildX methods (passing the runtime value ofunfold to the latter three), add addi- tional information for the intended back-end solver as needed, and possibly sort the formulas in a specific way (cf. Section 4.2). Any implementation of the toProduct- String() method should be robust enough to produce the same result, independently of whether the object on which it is called (this) is contained in the list or not.

The constructor of MathSATFormulaTemplate is used to initialise the private fields with the appropriate values. It can be used for both finite and infinite data domains: for finite data domains, a lower bound of 0 is assumed by default. If the fourth parameter, upB(“upper bound”), is 0 as well, the data domain is assumed to be infinite. Otherwise, upB is required to have a value ≥1, which then determines the upper bound of the data domain (cf. also Remark 3.1.6 on finite data domains).

5.1. IMPLEMENTATION 95

Parameterstatecan be used to specify the name of a location to be checked fork-step reachability, cf. Section 3.2.3; it is stored in field reachableStateName. The imple- mentation of toString() respectively toProductString() generates the corresponding formulas. If parameterstate is the empty string, no such property is generated.

Invocation of the formula generation from the editor (cf. Section 5.2.2) creates an instance of classSMTFormulaGenerator, which is a subclass ofAbstractCodeGenerator

from cwi.codegen, cf. Figure 5.6. SMTFormulaGenerator implements the methods from ICodeGenerator (cf. Figure 5.5) as follows. Method initGenModel() initialises the properties of the genModel required for formula generation: unfolding depth, data domain, location of the resulting output file, the set of automata to translate to formulas (this is a subset of all automata contained in the currently open file), and the target language (currently, only MathSAT format is supported). These

settings are determined from user input to the formula generation wizard pages, cf. Figures 5.13, 5.14 and 5.15.

MethodvalidateGenModel()checks that thegenModelinitialised in this way satis- fies a number of additional (with respect to the constraints described in Section 5.1.2) syntactic and semantic requirements. This is needed for the resulting formulas to be well-defined: formula generation can be invoked for any EA automaton, but the results are well-defined only for TCA. The constraints include for example unique- ness of names, appropriate choice of finite data domain with respect to data values used in data constraints, or appropriate choice of enabled extensions (according to Section 5.1.2).

Method generateCode()starts the actual formula generation. It creates an SMT- FormulaTemplate instance for each TCA selected for formula generation. The target language property determines the runtime type of these objects, that means which subclass ofSMTFormulaTemplate to use. Actual parameters of the constructor of the appropriate runtime class are determined from the properties of the genModel. gen- erateCode() then calls either toString() or toProductString(), depending on whether one or more TCA were selected for formula generation, and writes the resulting string to a file, using the corresponding property of genModel to determine the location.