114 Validation of Communications Systems with SDL obs_1 sigA sigC inst_dlca DLCa sigB Figure 5.4 The observer MSC obs 1 of the MSC to verify: in this case, the Simulator will not explore the states leading to an error (a violation) of the MSC, because the default configuration is error cut (equivalent to prune in Tau). 5.2 CASE STUDY WITH TAU SDL SUITE In Chapter 4, we have used the Tau SDL Suite Simulator. To benefit from automatic observation features, we will now switch to the Tau SDL Suite Validator. Note that the Simulator can also be used to check the SDL model against an MSC. 5.2.1 Simulate with user-defined rules In the Validator, only one user-defined rule can be used at a time. To check several conditions, you can use the operator or to group them in a single rule. 5.2.1.1 Detect DLC establishment We want to detect that a DLC is established. This means, in our V.76 SDL model, that: • instance 1 of process DLC in block DLCa is in state connected,and • instance 1 of process DLC in block DLCb is in state connected. It seems that the Validator rules do not accept qualifiers such as <<Block DLCa>>.As there are two processes named DLC, one in block DLCa and the other in block DLCb, it is not possible to write a rule to detect that both DLCs are in state connected. An observer process could be used instead. The solution would be to modify the SDL model to have a copy of block V76 DLC on each side: transformation of the block type V76 DLC into a block named V76a, making a copy of it and naming the copy V76b and in each block, renaming the DLC process, respectively, DLC a and DLC b. Then, the Validator user-defined rule would be: state(DLC_a:1)=connected and state(DLC_b:1)=connected Rather than performing this model modification, you will use rules concerning process AtoB and BtoA, which do not require the use of qualifiers, as they are unique in the system. Automatic Observation of Simulations 115 5.2.1.2 Detect state of processes AtoB and BtoA We want to detect that in our V.76 SDL model: • instance 1 of process AtoB is in state ready and • instance 1 of process BtoA is in state ready. This condition, translated into a Validator rule, becomes: state(AtoB:1)=ready and state(BtoA:1)=ready Compile the SDL model, start the Validator and test the rule: A. In the Organizer, select the SDL system V76test and do Generate > Make: the window represented in Figure 5.5 appears. Select Microsoft Validation or Borland Validation,and press Full Make. Figure 5.5 The SDL Make window set for validation B. In the Organizer, press the Validate button to start the Validator. The Validator main window appears, as shown in Figure 5.6. C. In the Validator command line, enter: Define-Rule state(AtoB:1)=ready and state(BtoA:1)=ready D. Then, to test if the rule is satisfied or not for the current SDL model state, enter: Evaluate-Rule state(AtoB:1)=ready and state(BtoA:1)=ready 116 Validation of Communications Systems with SDL Figure 5.6 The Validator main window The Validator answers: Evaluating rule: (( state( AtoB:1 ) = ready) and (state( BtoA:1 ) = ready )) Rule not satisfied This is normal, as the processes are not yet in state ready. E. Select View > Command Window: you see that the processes AtoB:1 and BtoA:1 are in state start. F. Press the Navigator button. In the Navigator window, double-click two times on Next 1 to execute the start transitions of AtoB and BtoA, as shown in Figure 5.7. Figure 5.7 Starting processes AtoB and BtoA Automatic Observation of Simulations 117 G. In the Validator command line, enter: Evaluate-Rule state(AtoB:1)=ready and state(BtoA:1)=ready As expected, the Validator answers: Evaluating rule: (( state( AtoB:1 ) = ready) and (state( BtoA:1 ) = ready )) User-defined rule satisfied. You can check in the Command Window that the processes AtoB and BtoA are in state ready. We have executed the transitions manually using the Navigator; we will see later that the transitions can also be executed automatically by the Validator, using several algorithms such as exhaustive simulation: then reports are automatically generated each time the user-defined rule is satisfied. 5.2.1.3 More user-defined rules Here are some more user-defined rules that you can enter in the Validator as indicated previously. To detect that variable foo1 in process AtoB contains 4: Define-Rule AtoB:1->foo1 = 4 To detect when the first signal in the input queue of process AtoB is v76frame: Define-Rule sitype(signal(AtoB:1))=V76frame To detect if process AtoB has exactly one instance: Define-Rule instno(AtoB) = 1 To detect if a process input queue contains more than one signal: Define-Rule maxlen() > 1 To detect that process AtoB has not created any process instance (rule always satisfied in our model): Define-Rule offspring(AtoB:1) = Null As you can see, several conditions in the SDL model can be detected by user-defined rules during the validation. However, user-defined rules cannot detect the correct sequencing of signals: for that, you must use MSCs. 5.2.2 Simulate with a basic MSC You will simulate the V.76 SDL model, observed by a basic MSC. Basic means that the MSC just contains a single scenario, as opposed to MSCs containing inline operators or to High-Level 118 Validation of Communications Systems with SDL MSCs (HMSC). To simplify, we reuse the basic MSC test1.msc, generated by the Simulator in Chapter 4. Naturally, you could use another MSC drawn from scratch with the Editor or rework an existing MSC. In Tau SDL Suite Validator 3 , an MSC is not only observing but also driving the simulation. A. Select File > Restart in the Validator, and enter the command: load-msc test1.msc Check that in test1.msc, there is either a single environment instance named env 0 or two environment instances named DLCaSU and DLCbSU (the names of the two external channels in the SDL model); otherwise the simulation would not match the loaded MSC. When an MSC is loaded, the Validator sends to the SDL model the first environment signal present in the MSC. Then, after receiving the first response from the SDL model, the Validator sends the next environment signal and so on until the MSC is verified or violated. B. Select Commands > Toggle MSC Trace. C. Press the Navigator button in the Explore group. The Navigator window appears, as illus- trated in Figure 5.8. By double-clicking in this window, you can execute transitions in the SDL model, going forward (down) but also backward (up). Figure 5.8 The Navigator window D. In the Navigator window, double-click on the lower rectangle, marked Next 1,toexecute the corresponding SDL transition. E. Continue double-clicking; when there are several possibilities, select the left one. F. After around 45 transitions, the Navigator window displays: No down node – MSC test1 verified, as shown in Figure 5.9. It means that the signal sequence present in the loaded MSC has been simulated. You can see that the trace MSC is identical to the loaded MSC. Note that if the simulated parameter values did not match the MSC expected values, the MSC property would not have been satisfied. 3 The MSCs can also be verified using the Simulator rather than the Validator. Automatic Observation of Simulations 119 Figure 5.9 The MSC test1 is verified 5.2.3 Simulate with an MSC containing inline operators The basic MSC test1 used in the previous section represents only a single execution sequence. To represent several expected behaviors consistent with the V.76 textual specification without creating too many basic MSCs, we will add inline operators to the MSC test1 . 5.2.3.1 Create the MSC With the MSC Editor, you will rework a copy of the basic MSC test1.msc generated by the Simulator in Chapter 4, to obtain the MSC test1inline.msc, shown in Figure 5.10: A. In Windows (or Unix), make a copy of the file test1.msc into test1inline.msc B. In the Organizer, select Tools > Editors > MSC Editor C. In the MSC Editor, select File > Open and choose test1inline.msc D. Enter the MSC name test1inline, and remove the XID part (eight signals from L SetparmReq to L SetparmConf ). E. Using copy–paste, duplicate the data transfer part, arrange the pasted signals to reverse the originating side of the second data transfer, and replace 86 by 39, as shown in Figure 5.11. F. Using copy–paste, duplicate the DLC release part and arrange the pasted signals to reverse the originating side of the second release: release originated by B. G. Using the Symbol Menu, insert one loop and two alt inline operators, depicted in Figure 5.10. Resize them and add two expression separators, to obtain the layout shown in Figure 5.11. 120 Validation of Communications Systems with SDL 2 2 alt 1 1 loop <0, inf> 1 1 alt 1 2 loop operator alt operator (alternative) expression separator Figure 5.10 The inline MSC operators used in test1inline.msc This MSC represents the following behavior expected from the V.76 SDL model: 1. one connection phase, 2. followed any number of times (between 0 and infinite) by the repetition (operator loop <0, inf>) of data transfers from A to B or (operator alt ) from B to A, 3. followed by the disconnection phase initiated by A or (second alt operator) initiated by B. 5.2.3.2 Use the MSC to check the SDL model A. Start the Validator as indicated in Section 5.2.1.2, and enter the command: load-msc test1inline.msc B. Select Commands > Toggle MSC Trace. C. Press the Navigator button in the Explore group. D. Using the Navigator, execute an SDL scenario matching the loaded MSC (when there are two possibilities, select the left one): for example, establish DLC number 0, then transmit data 86, and then release DLC number 0. E. After around 40 transitions, the Navigator window displays: No down node – MSC test1inline verified, as shown in Figure 5.12. It means that one of the signal sequences present in the loaded MSC has been simulated. The Navigator also indicates which MSC operators have been followed and which branch has been taken in each alt operator. You could press the button Top in the Explore group to go back to the initial SDL model state, and try to verify other paths, for example, no data transfer, or a data transfer from B to A and so on. F. Exit from the Validator. Automatic Observation of Simulations 121 DLCbSUDLCaSU DLCb_3 block DLCb DLCa_2 block DLCa dataLink_1 block dataLink 2 2 alt 1 1 loop <0, inf> 1 1 alt 1 2 MSC test1inline L_DataInd ( 0, 86) L_EstabResp L_EstabInd (0) L_DataReq ( 0, 39 ) L_ReleaseReq (0) V76frame ( DISC : (. 0 .) ) V76frame ( UA : (. 0 .)) V76frame ( UA : (. 0 .)) V76frame ( DISC : (. 0 .)) V76frame ( DISC : (. 0 .)) V76frame (DISC : (. 0 .)) V76frame ( UA : (. 0 .) ) V76frame ( UA : (. 0 .) ) L_ReleaseInd (0) L_ReleaseReq ( 0) L_EstabConf (0) L_EstabReq (0) L_DataReq ( 0, 86) L_DataInd (0, 39) V76frame ( I : (. 0, 39, 15 .)) V76frame ( I : (. 0, 39, 15 .) ) V76frame ( I : (. 0, 86, 15 .)) V76frame ( I : (. 0, 86, 15 .) ) V76frame (UA : (. 0 .) ) V76frame (UA : (. 0 .)) V76frame ( SABME : (. 0 .) ) V76frame ( SABME : (. 0 .) ) L_ReleaseInd (0) L_ReleaseInd (0) L_ReleaseInd (0) loop operator alt operator (alternative) Figure 5.11 The MSC test1inline.msc 5.2.4 Simulate with an HMSC The idea with HMSC [MSC96] is to combine several MSCs (containing or not inline operators) to get a good overview of the expected behaviors. Remark: to be used in the Validator, all the MSCs used in an HMSC must contain the same entities; for example, it is not allowed to have block DLCa in one MSC and <<block DLCa>> process DLC in another MSC. 122 Validation of Communications Systems with SDL second operator branch 1 followed Figure 5.12 The MSC test1inline is verified 5.2.4.1 Create the HMSC With the MSC Editor, you will rework a copy of the basic MSC test1.msc generated by the Simulator in Chapter 4, to obtain the hierarchical HMSC test1ops.msc shown in Figure 5.13. This HMSC test1ops represents the following behavior expected from the V.76 SDL model 4 : 1. one connection phase (cnx1h), 2. followed or not by the repetition of data transfers from A to B (data a2b)orfromBtoA (data b2a), 3. followed by the disconnection phase initiated by A (disc 0 by a) or initiated by B (disc 0 by b). A. In the Organizer, select Edit > Add New, check MSC, choose HMSC, enter the document name test1ops, as shown in Figure 5.14, and press OK. B. The HMSC Editor appears. Draw the HMSC represented in Figure 5.13, and save it into the file test1ops.mrm. Now create the five MSCs referenced in the HMSC: C. In Windows (or Unix), make copies of the file test1inline.msc into the files: cnx1h.msc, data a2b.msc, data b2a.msc, disc 0 by a.msc and disc 0 by b.msc. D. In the Organizer, select Edit > Add Existing and choose cnx1h.msc. The MSC is loaded into the MSC Editor. 4 To simplify the example, this HMSC is incomplete: connection initiated by B is missing, DLC number 1 is not tested and so on. Automatic Observation of Simulations 123 MSC test1ops 1(1) cnx1h disc_0_by_a data_a2b data_b2a disc_0_by_b loop alternative bypass (no data) Figure 5.13 The HMSC test1ops.msc Figure 5.14 Adding HMSC test1ops [...]... 138 Validation of Communications Systems with SDL To detect if the transitions coverage rate of the SDL model is > 95% : stop if trans_cover_rate(system) > 95 To detect any output of signal L EstabInd : stop if output L_EstabInd To detect the output of any signal to the environment: stop if output TO ENV To detect the input of signal v76frame by instance 1 of process AtoB, coming from instance 1 of process... V76frame obs dataLink Figure 5. 33 Adding the obs observer block block obs /*#INCLUDE 'access.pr' */ obs1 Figure 5. 34 The contents of the obs observer block Figure 5. 35 The Organizer showing the observer 1(1) 1(1) 134 Validation of Communications Systems with SDL process obs1 1(1) testing ;SIGNALSET; disp1:= GetPid('dispatch', 1) True; Priority 200 (vInteger(disp1, 'uData') = 55 ); Priority 1 testing DCL... ( DISC : ( 0 )) V76frame ( UA : ( 0 )) L_ReleaseInd (0) Figure 5. 19 The MSC disc 0 by b.msc Figure 5. 20 The HMSC test1ops and the five referenced MSCs in the Organizer 126 Validation of Communications Systems with SDL 5. 2.4.2 Use the HMSC to check the SDL model A Start the Validator as indicated in Section 5. 2.1.2, and enter the command5 : load-msc test1ops.mrm B Select Commands > Toggle MSC Trace C... example, if you load the MSC shown in Figure 5. 32 into the Validator 132 Validation of Communications Systems with SDL MSC time1 proc1 proc1_1 proc2 proc2_1 proc3 proc3_1 proc4 proc4_1 sA sB sC sZ Figure 5. 32 MSC with four instances and simulate the SDL sequence sA, sC and sB, you get a violation report, because sB was expected before sC 5. 2.6 Simulate with observer processes You will add an observer... Figure 5. 38, because uData contains 55 5. 2.7 More details on observer processes Note that several observer processes may be used at the same time in the Validator 5. 2.7.1 Using an observer process to test the state of a process The observer process obs2 represented in Figure 5. 39 detects when the state of process dispatch in block DLCa is equal to waitUA Automatic Observation of Simulations 1 35 Figure 5. 37... DataReq(0, 55 ) to DLCa Figure 5. 38 The condition has been detected by the observer obs1 process obs2 1(1) testing ;SIGNALSET; disp1:= GetPid('dispatch', 1) True; Priority 200 (GetState(disp1) = 'waitUA'); Priority 1 testing DCL disp1 Pid; - Report ('process dispatch in block DLCa is in state waitUA') - Figure 5. 39 Testing if a process is in a certain state 136 Validation of Communications Systems with SDL 5. 2.7.2... (b) Figure 5. 23 An MSC (b) consistent with the SDL model HDLC (a) 6 In ObjectGeode, signal sZ would have been ignored because it is not in the observer MSC To get a violation as in Tau, sZ must be declared as unexpected signal in the MSC simulation properties 128 Validation of Communications Systems with SDL MSC retry1 process dispatch DLC_1 _5 process DLC DLC_1 _5 timer set... the last SDL events observed by the MSC were: • the input by DLCb of signal V76frame with parameter value sabme and 0 and • the output by DLCb of signal L EstabInd with parameter value 0 142 Validation of Communications Systems with SDL IN v76frame v76frame( sabme : ( 0 ) ) v76frame( sabme : ( 0 ) ) l_estabind( 0 ) OUT l_estabind Figure 5. 46 Events observed at Step 9 Note that if the simulated parameter... look like Figure 5. 35 G In the SDL Editor, double-click the process reference obs1 : after two confirmations, the content of process obs1 is displayed H Copy the observer represented in Figure 5. 36: in the start transition, disp1 is filled with the Pid of the first instance of process dispatch, inside block DLCa From state testing, if the variable uData in process dispatch contains 55 , then a call to... order(colors, Natural), response(colors, Boolean, Integer); Figure 5. 26 The SDL model lights We consider the SDL model lights shown in Figure 5. 26: it can receive a signal order, having one parameter of type colors and one parameter of type Natural The signal response has one parameter of type colors, one parameter of type Boolean and one parameter of type Integer The Validator automatically generates test . (0) Figure 5. 19 The MSC disc 0 by b.msc Figure 5. 20 The HMSC test1ops and the five referenced MSCs in the Organizer 126 Validation of Communications Systems with SDL 5. 2.4.2 Use the HMSC to check the SDL. DLC in another MSC. 122 Validation of Communications Systems with SDL second operator branch 1 followed Figure 5. 12 The MSC test1inline is verified 5. 2.4.1 Create the HMSC With the MSC Editor, you. shown in Figure 5. 32 into the Validator 132 Validation of Communications Systems with SDL proc2_1 proc2 proc1_1 MSC time1 sA sC proc1 proc4_1 proc4 proc3_1 sB sZ proc3 Figure 5. 32 MSC with four instances and