We describe action machines, a framework for encoding and composing partial behavioral descriptions. Action machines encode behavior as a variation of labeled transition systems where the labels are observable activities of the described artifact and the states capture full data models. Labels may also have structure, and both labels and states may be partial with a symbolic representation of the unknown parts. Action machines may stem from software models like state machines, scenario machines, or (model) programs, and can be composed in a variety of ways to synthesize new behaviors. The composition operators include synchronized parallel composition, sequential composition, hierarchical composition, and alternating simulation. We use action machines in analysis processes such as model checking and model-based testing. The current main application is in the area of model-based conformance testing, where our approach addresses practical problems users at Microsoft have in applying model-based testing technology. 1

We demonstrate the use of the language of Live Sequence Charts (LSCs) for specifying part of the air traffic control system CTAS (Center TRACON Automation System). We use a recent extension of LSCs to handle symbolic instances, allowing an instance to be associated with a class rather than with an object. This allows us to specify scenario-based requirements that could not have been expressed using concrete objects only. This work can form the basis for applying execution, verification and synthesis methods developed for LSCs, on a real-world case study.

Abstract. This paper is concerned with bridging the gap between requirements, provided as a set of scenarios, and conforming design models. The novel aspect of our approach is to exploit learning for the synthesis of design models. In particular, we present a procedure that infers a message-passing automaton (MPA) from a given set of positive and negative scenarios of the system’s behavior provided as message sequence charts (MSCs). The paper investigates which classes of regular MSC languages and corresponding MPA can (not) be learned, and presents a dedicated tool based on the learning library LearnLib that supports our approach. 1

Abstract. Message sequence charts (MSC) are a graphical language for the description of communication scenarios between asynchronous processes. Our starting point is to model systems using an assume-guarantee formalism, in the style of LSCs and Triggered MSCs. We enrich MSCs with the possibility of using gaps (template MSC), and show their expressivity. This formalism also allows to express logical formulas. We analyze the model-checking problem, whose complexity is linear in the size of the system, and ranges from PTIME to EXPSPACE in the size of the template formula. 1

Scenario-based specifications are a popular means for describing intended system behaviour. We aim to facilitate early analysis of system behaviour and the development of behaviour models in conjunction with scenarios. In this paper we define a novel scenario-based specification language with an existential semantics and that supports conditional specification of behaviour in the form of prechart and main chart. The language semantics is consistent with existing informal scenario-based and use-case based approaches to requirements engineering. The language provides a good fit with universal live sequence charts as standard existential live sequence charts do not adequately support conditional scenarios. In addition, we define a novel synthesis algorithm that, rather than building arbitrarily one of the many behaviour models that satisfy a scenario, constructs a Modal Transition System (MTS) which characterizes all behaviour models that conform to the scenario.

We report on a schema language for coordinating the construction and composition of partial behavior descriptions. The language is a frontend to the semantical and implementation framework of action machines, which allows to encode behaviors of software artifacts in a language-agnostic manner, supporting both state-based and interaction-based description styles, as well as partial descriptions by means of symbolic representations. Our approach is currently being incorporated into an advanced model-based specification and testing environment at Microsoft Research.

Many reactive control systems consist of classes of interacting objects where the objects belonging to a class exhibit similar behaviors. Such interacting process classes appear in telecommunication, transportation and avionics domains. In this paper, we propose a modeling and simulation technique for interacting process classes. Our modeling style uses standard notations to capture behavior. In particular, the control flow of a process class is captured by a labeled transition system, unit interactions between process objects are described by Message Sequence Charts and the structural relations are captured via class diagrams. The key feature of our approach is that our execution semantics leads to a symbolic simulation technique. Our simulation strategy is both time and memory efficient and we demonstrate this on well-studied non-trivial examples of reactive systems.

We argue that the evident utility of scenario-based modeling can be greatly enhanced when enriched with a mathematically precise notion of conditionality and partiality, such as that found in Triggered Message Sequence Charts (TMSCs). Unlike traditional Message Sequence Charts, the TMSC formalism allows scenarios to be conditional and partial, supports logical as well as behavioral operators for scenario composition, and is equipped with a refinement notion drawn from traditional process theory that provides a rigorous basis for stepwise development of specifications. This paper illustrates these points via the Center TRACON Automation System for flight control.

Message Sequence Charts (MSCs) are a widely used visual formalism for scenario-based specifications of distributed reactive systems. In its conventional usage, an MSC captures an interaction snippet between concrete objects in the system. This leads to voluminous specifications when the system contains several objects that are behaviorally similar. MSCs also play an important role in the model-based testing of reactive systems, where they may be used for specifying (partial) system behaviors, describing test generation criteria, or representing test cases. However, since the number of processes in a MSC specification are fixed, model-based testing of systems consisting of process classes may involve a significant amount of rework. For example, reconstructing system models, or regenerating test cases for systems differing only in the number of processes of various types. In this article, we propose a scenario based notation, called Symbolic Message Sequence Charts (SMSCs), for modeling, simulation, and testing of process classes. SMSCs are a lightweight syntactic and semantic extension of MSCs where, unlike MSCs, a SMSC lifeline can denote some/all objects from a collection. Our extensions give us substantially more modeling power. Moreover, we present an abstract execution semantics for (structured collections of) SMSCs. This allows us

This paper is concerned with bridging the gap between requirements and distributed systems. Requirements are defined as basic message sequence charts (MSCs) specifying positive and negative scenarios. Communicating finite-state machines (CFMs), i.e., finite automata that communicate via FIFO buffers, act as system realizations. The key contribution is a generalization of Angluin’s learning algorithm for synthesizing CFMs from MSCs. This approach is exact—the resulting CFM precisely accepts the set of positive scenarions and rejects all negative ones—and yields fully asynchronous implementations. The paper investigates for which classes of MSC languages CFMs can be learned, presents an optimization technique for learning partial orders, and provides substantial empirical evidence indicating the practical feasibility of the approach.