Research of System Modeling and Verification Method Combine with UML Formalization Analysis and Colored Petri Net

ShangGuan Wei, Cai Bai-gen, Wang Jian, Wang Yan and Gou Chen-xi State Key Laboratory of Rail Traffic Control and Safety, School of Electronic and Information Engineering

Beijing Jiaotong University Beijing, China

wshg@bjtu.edu.cn

Abstract—Because of complexity of CTCS-3 train control system, interworking testing and function evaluation could not be operated directly on the system, which means that deep research on modeling and simulation of train operation control system should be carried out. This paper proposes a modeling and verification method based on UML and colored Petri net. On the basis of analysis of advantages and disadvantages of UML modeling, colored Petri net is used as formal specification of UML modeling, which improves scalability of formal method and make up for the deficiency of UML, as lack of analysis of model and verification method. Aiming at sequence diagram, dynamic model of UML, colored Petri net is suggested as a modeling method. Sequence diagram of communication between on-board and RBC during conversion from CTCS-3 to CTCS-2 is designed and transformed into colored Petri net model. Based on information interaction between objects to each other, colored Petri net model of on-board and RBC is obtained. Using CPN tools, the model is simulated and analyzed boundedness and deadlock of model. Thus, correctness of model is verified.

Keywords-UML; Colored Petri Net; System Modeling; Simulation Verification; CTCS-3

I. INTRODUCTION

A. Research on UML UML (Uniefid Modeilng Language) was proposed by

Grady Booch, Jim Runbaugh and Ivar Jacobson. As UML comes up, it is widely welcomed by many fields, as industry and school and becomes industrial standard of visual modeling. On Dec. 7th in 1997, OMG (Object Management Group) used UMLI.1 as standard modeling language based on object-oriented technology. Now the latest version of UML is 2.0. With UML development, a positive way is coming out, which is that several different methods could be used together by integration and unification with each other.

Reference [1] uses UML for modeling of urban rail control simulation system. In this paper, case diagram is used to analyze simulation system requirements and UML is used to describe every objects of simulation system model. Reference [2] uses UML for on-board DMI design in train control system. In this paper, static model (class diagram) and dynamic model (activity diagram and sequence diagram) of DMI is designed and realized by simulation. Reference [3] extends sequence diagram of statemate firstly, and then

models communication process of train passing by transponder in train control system.

B. Research on Petri net Concept of Petri net is firstly proposed by German

scientist, Carl Adam Petri in 1962 in his doctoral dissertation [4]. At the beginning of 1970s, concept and method of Petri net was paid a lot of attention to by European and American scholars.

As a system model, Petri net could not only describe system structure, but also describe dynamic behavior of system. Aiming at complex system, Petri net could use hierarchical description to describe it accurately step by step, which makes it easy to communicate in an object-oriented way [5]. In 2003, Zimmermand used deterministic and stochastic Petri net, called TimeNET, to analyze reliability of GSM-R [6]. In this paper, based on technical specification for ETCS, communication model of GSM-R is build up. Reference [7] used Petri net to model and to simulate train control system and obtained system nature. Reference [8] used colored Petri net to obtain formal description of station interlocking logic. Reference [9] used colored Petri net to build data flow model of communication based train control, CBTC. In this paper, hierarchical model of system data flow is build up, optimized and simulated.

C. Research on Petri net modeling method based on UML J. Trowitzsch and A. Zimmermann proposed to transform

state machine model of UML into stochastic Petri net model [10]. G. Hommel suggested rules for transformation from state diagram to stochastic Petri net and described transform process [11]. Sun Ying studied rule for transformation from UML communication diagram to Petri net [12]. Ma Min mentioned transformation from system static model based on UML to dynamic model based on stochastic Petri net [13].

Obviously, since UML has brilliant “static” modeling structure and Petri net has good dynamic modeling technology, an excellent model could be obtained by using them comprehensively. To keep train operation safety, simulation is a good and efficient option [14-15]; in home, research on train control system is held mainly by State Key Laboratory of Rail Traffic Control and Safety from Beijing Jiaotong University, China Academy of Railway Sciences and other scientific research institutions and companies.

This paper suggested studying modeling and simulation of CTCS-3 train control system by using both UML and

2009 Third International Symposium on Intelligent Information Technology Application

978-0-7695-3859-4/09 $26.00 © 2009 IEEE

DOI 10.1109/IITA.2009.489

488

2009 Third International Symposium on Intelligent Information Technology Application

978-0-7695-3859-4/09 $26.00 © 2009 IEEE

DOI 10.1109/IITA.2009.489

488

Petri net. The two combine could make up disadvantages of UML and disadvantages of Petri net; advantage of these two methods could developed to a more efficient modeling technology.

II. UML AND SEQUENCE DIAGRAM UML, could be used not only modeling during every

stage of software system development, but also modeling of business modeling and even every kind of modeling. In UML, every distraction of system could be described by several models [16-18]. Diagrams of UML play an important part in UML, one of which is sequence diagram. Sequence Diagram is used to reflect dynamic collaboration relations between the objects.

In sequence diagram of UML 1.x, there are modeling elements, as object, lifeline, activation, message, etc. In UML2.0, core of sequence diagram is almost not changed, while some new characters are added, as segments of interaction and so on. Compared with UML 1.x, interaction segment defined in UML2.0 solve model reuse problem more efficiently; combined fragments of loop type describe problem of message loop more accurately; combined fragments of parallel and alternative type show lifeline branch and message branch more clearly.

III. COLORED PETRI NET Colored Petri net is a kind of advanced Petri net model.

Compared with normal Petri net, model based on colored Petri net could not only show details of system, but also make scale and structure simpler and more compact [19-20].

Definition: colored Petri net is a septuplet: ∑= ),,,,;,( MIWCFTS (1)

In this, );,( FTS is a net, and C is a limited set of colors },{ 21 kcccC = .

)(: CLFW → +

)(: CLTI → + (2) )(: CLSM →

)(CL is a linear function with nonnegative integer coefficient defined on color set C , and )(CL + is )(CL , whose coefficients are not all zero, which is:

kk2211 ccc)( aaaCL +++=

kk2211 ccc)( bbbCL +++= (3)

ia , ib (i=1,2,…,k) are all nonnegative integers, and

021 ≠+++ kbbb . Obviously, character of CPN is to classify system elements into a place node or a change node and to distinguish them by different color.

IV. COLORED PETRI NET MODELING BASED ON UML In this paper, colored Petri net is applied as formal

specification for UML. General idea of CPN modeling method based on UML is shown in Fig.1.

Many scholars studied UML model and gained some results. However, CTCS-3 has its own characters. Aiming at sequence diagram, reference [21-22] just transforms it into simple Petri net model. Reference [23-26] changes state

diagram into colored Petri net model. Based on CTCS-3 system, UML sequence diagram is changed into colored Petri net model and some adapt is made to state diagram.

Non-executable

Model of UML

Analyze object

Build dynamic model

Build static model

Modify Map

Executable Model of Colored Petri Net

Simulation and verification

Build colored Petri net model

Figure 1. General idea of model method of CPN based on UML

A. Rules for UML sequence diagram based on CPN UML sequence diagram could describe time order of

information communication. In this paper, transforming rules from diagram to colored Petri net is provided, as: (1) Operation method call: calling operation method could be changed into a basic colored Petri net model. (2) Operation method call with return: ending and result return could be changed into returning to calling object. (3) Opt: the same as if or case in programming. (4) Alt: as same as Opt. (5) Loop: kind of like loop in programming. (6) Break: kind of like opt or alt. (7) Par: include two or more concurrent execution

B. Simplification of colored Petri net model after transformation Simplification of colored Petri net model is proposed, as: Rule 1: if two changes 21,tt and one place p are: p has

no original mark; 21 }{ tpt •==• ; 1tp =• and 2tp =• ; 1t has dependent input place and expression of input and output of p is not changed. 1t and 2t could be together as a change t .

Rule 2: if two changes 21,tt , place p and mid-place mp is: }{1 pt =• and }{1 mpt =• ; mp could not be the only input place for 2t ; Color sets of input and output places of 1t are the same and variables are the same. 1t and mp both could be omitted.

Rule 3: if change t , place p and mid-place mp are: }{pt =• and }{mpt =• ; color sets of p and mp are the

same; ,...2,1},{ ==• itmp i ; There could be expression on mp and several output change arc. t and several output changes of mp could be added as one change and mp is omitted.

Rule 4: if two places have the same input and output change and original mark, then any one of these two places could be omitted and whole volume of places should not be changed.

Rule 5: if there is no input change and no original mark in a place, then this place could be omitted together with change related to it.

V. APPLICATION OF MODELING AND VERIFICATION METHOD IN CTCS-3 SYSTEM

Sequence diagram of safe connection building process in CTCS-3 is shown in Fig.2. Sequence diagram is transformed into colored Petri net model, as shown in Fig.3. Subnet

489489

model of register is shown in Fig.4. Subnet model of link is shown in Fig.5. Model property could be analyzed.

Figure 2. Sequence of establishing safe link

p

pp

p

p

registerregister

t3

diaplay

t2

VC

t1

BTM

sp5

STRING

sp4

STRING

faill

STRING

success

STRING

failr

STRING

success1

STRING

sp3

STRING

sp2

STRINGsp1

STRING

sp0

STRING register

linklinklink

p

p

pp

p pp

Figure 3. Transformation model for sequence of establishing safe link

i+1p

pp

p

sp7

STRINGSTRING

STRINGSTRING

STRING

i

if rfail(p,i)then 1`"fail"else empty

if rsuccess(p,i)then 1`"success1"else empty

1`"register"t5counter1

INT

registersp6

t4

sp3I/OI/O

if rloop(p,i)then 1`"register"else empty

failrOutOut

success1OutOut

Figure 4. Subnet model of register

i

p

pp

1`"link"

p

t7

link

t6

counter2

INT

sp9 STRINGsp8

STRING

STRINGSTRING

success1I/O STRINGI/O

i+1

if lfail(p,i)then 1`"fail"else empty

faillOutOut

successOutOut

if lsuccess(p,i)then 1`"success2"else empty

if lloop(p,i)then 1`"link"else empty

Figure 5. Subnet model of link

Accessibility: let ∑= ),;,( MFTS as a Petri net. If there is Tt ∈ , let '][ MtM > , then 'M could be direct accessible from

M . If there is transition sequence, which is 1t ,

2t ,…kt and

signature sequences 1M ,

2M ,…kM , let

kkk MtMtMtM >>> − [[[ 1211 (4)

Then kM is accessible from M .

Boundedness: let ),;,(0∑ = MFTS as a Petri net and Ss ∈ .

If there is a positive integer B , let )( 0MRM ∈∀ : BsM ≤)( , then

place s is bounded and the minimum positive integer B is called the bound of place s , named )(sB , as.

})(:)(min{)( 0 BsMMRMsB ≤∈∀= (5)

Activity: In system model based on CPN, condition of no deadlock is: let ),;,(

0∑= MFTS as a Petri net and 0M is

original mark, Tt ∈ . If there is )(' MRM ∈ to any )( 0MRM ∈ , then change t is active. If every Tt ∈ is active, ∑ could be active. With these property analyses, this colored Petri net model is accessible and bounded, but not active. Take model of communication maintenance process as an example. CPN Tools is used to obtain report on system state: Statistics ---------------------------------------------------------- State Space Nodes: 6 Arcs: 32 Secs: 0 Status: Full Scc Graph Nodes: 3 Arcs: 12 Secs: 0 Boundedness Properties ---------------------------------------------------------- Best Integer Bounds Upper Lower retain'end_communication 1 1 0 retain'p 1 1 0 retain'sa4 1 1 1 retain'sa5 1 1 1 retain'sp11 1 1 0 retain'sp12 1 1 0 retain'sp13 1 1 0 Best Upper Multi-set Bounds retain'end_communication 1 1`"end" retain'p 1 1`"MA"++ 1`"repeat" retain'sa4 1 1`9 retain'sa5 1 1`9 retain'sp11 1 1`"position" retain'sp12 1 1`"position" retain'sp13 1 1`"MA" Best Lower Multi-set Bounds retain'end_communication 1 empty retain'p 1 empty retain'sa4 1 1`9 retain'sa5 1 1`9 retain'sp11 1 empty retain'sp12 1 empty retain'sp13 1 empty Home Properties ---------------------------------------------------------- Home Markings [2] Liveness Properties ----------------------------------------------------------- Dead Markings [2] Dead Transition Instances None Live Transition Instances None Fairness Properties --------------------------------------------------------- retain'MA 1 Impartial retain'position 1 Impartial retain't8 1 Impartial retain't9 1 Impartial ---------------------------------------------------------

From this report, it is clear that: (1) There are 6 nodes in communication maintenance

process state space. States are accessible to each other. So these characters are obtained:

(2) Boundedness Properties: this model is bounded.

490490

(3) Home properties: the second mark is the final mark, which means communication is always stopped;

(4) Liveness properties: second mark is dead mark, which means there is no dead transition instance;

(5) Fairness Properties: there is no infinite sequence. To set original mark for other process could run model

simulation automatically. With simulation of the whole net, it is clear that CPN model is bounded, active and safe. During analysis, different requirements should be changed to satisfy CPN for analysis and verification.

VI. CONCLUSION Aiming at limited describe ability of UML sequence

diagram, this paper develops UML sequence diagram. Transformation rules for sequence diagram development into colored Petri net are mentioned. System modeling and verification method based on UML and colored Petri net is applied to simulation and verification of CTCS-3 train control system. Simulation and analysis of transformed model property could prove correctness and accuracy of system model.

ACKNOWLEDGMENT This research work was supported by National Natural

Science Foundation of China (No.60736047, No.60870016), Science and Technology Fund of BJTU (No.2008RC023) and National High Technology Research and Development Program of China (No.2007AA11Z214).

R.B.G. thanks for Pro. Cai and Dr. Wang who had devoted her attention to my study and guidance the right research direction; thanks for my team partner, they had given me many instructive advice to my research; and thanks for my family, my family’s self-giving love is my most important power; thanks for everybody had ever helped me.

REFERENCES [1] HUANG You-neng, TANG Tao. Modeling and Realization of Train

Operation Control Simulation System of Urban Railway Transportation Based on UML [J]. Journal of Beijing Jiaotong University. 2007. 31(5). 31-34

[2] WANG Xi, TANG Tao. Display and realization of on-board DMI based on UML [J]. Journal of System Simulation. 2006. 18(2). 338-342

[3] J. Bohn, W. Damm, H. Wittke, J. Klose, A. Moik. Modeling and Validating Train System Applications Using Statemate and Live Sequence Charts. Integrated Design and Process Technology[C]. IDPT-2002. United States of America. 2002.1-9

[4] T Murata. Petri nets: Properties, analysis and applications[J]. Proceedings of the IEEE.1989. 77(4). 541-580

[5] WU Zhe-hui. Petri Net Guide [M]. Beijing. China Machine Press. 2006

[6] Armin Z, Gunter H. A Train Control System Case Study in Model- Based Real Time System Design[C]//International parallel and distributed processing symposium, IEEE(S7695-1926). WashingtonDC, USA:IEEE Computer Society. 2003. 118-126.

[7] Michael Meyer zu Hörste, Eckehard Schnieder. Formal Modeling and Simulation of Train Control Systems using Petri Nets[J]. Springer-Verlag Heidelberg. 1999. 1709. 1-16

[8] CHEN Bang-xing, WU Fang-mei. Research on formal models of railway signal interlocking logic [J]. Journal of the China railway Society. 2002. 24(6). 50-54

[9] Dong-Yong Wu, Yong Zhang. Researching Colored Petri Nets Model of Communication Based Train Control System[J]. Journal of System Simulation. 2005. 17. 2388-2391

[10] J. Trowitzsch , A. Zimmermann. Using UML state machines and petri nets for the quantitative investigation of ETCS[C]. Proceedings of the 1st international conference on Performance evaluation methodolgies and tools. Pisa. Italy. 2006

[11] J.Trowitzsch, A.Zimmermann, G. Hommel. Towards Quantitative Analysis of Real-Time UML Using Stochastic Petri Nets[C]. In: 13th Int. Workshop on Parallel and Distributed Real-Time Systems. 2005

[12] SUN Ying, JIANG Bo, WANG He. Research of Transformation from Communication Diagram to Petri Net [J]. Journal of System Simulation. 2007. 19(1). 104-107

[13] Ma Min, Chen Guang-ju ,XieYongle. Hierarchy Modeling Method for Radar Fault Diagnosis System [J]. Journal of Electronic Measurement and Instrument. 2007. 21(2). 21-25

[14] Huttinger S, Rupp J, Griepentrog G. Karols P, Dostert K. Derivation of statistical properties for mass transit power supply networks as power-line communication channel[C]. 9th International Symposium on Power Line Communications and Its Applications. 2005. 4. 6-8, 143-146

[15] Hemsworth B, Hubner P. European cooperation on railway noise[J]. Noise Control Engineering Journal. 2001. 49(4). 185-187

[16] CAI Min, XU Hui-hui, HUANG Bing-qiang. UML and ROSE Modeling Course [M]. Beijing. Posts and Telecommunications Press. 2003

[17] ZHOU Chang-hong. Petri Net Modeling Based on UML [D]. Shandong. Shandong University of Science and Technology.2004. 7-8

[18] Christopher Fox.. HAN Yi, LUO Ying. Software Engineering Design Guide [M]. Beijing. Tsinghua Publishing House. 2007

[19] Jesen K. Coloured Petri nets-basic concepts, analysis methods and practical use[M]. Berlin. Springer-Verlag. 1997

[20] Kichang Lee, Hanil Jeong, Chankwon Park, Jinwoo Park. Construction and performance analysis of a Petri net model based on a functional model in a CIM system[J]. The International Journal of Advanced Manufacturing Technology. 2004. 23(1-2). 139-147

[21] J. P. López-Grao, J. Merseguer, J. Campos. From UML Activity Diagrams to Stochastic Petri Nets: Application to Software Performance Engineering[C]. In 4th Int. Workshop on Software and Performance (WOSP 2004). ACM Press. 2004. 25–36.

[22] Jeng MD, Lu WZ. Extension of UML and Its Conversion to Petri Nets for Semiconductor Manufacturing Modeling[C]. Procedings of the 2002 IEEE International Conference on Robotics&Automation. Washington.DC. 2002

[23] Jesen K, Rozenberg G. High-level Petri nets theory and application[M].Berlin. Springer-Verlag. 1991

[24] Jesen K. Coloured Petri nets-basic concepts, analysis methods and practical use[M]. Berlin. Springer-Verlag. 1997

[25] Yao Shuzhen, Jing Maozhong. Formal modeling and analysis of UML statecharts [J]. Journal of Beijing University of Aeronautics and Astronautics. 2007. 33(4). 472-476

[26] J. Trowitzsch, A. Zimmermann. Real-Time UML State Machines: An Analysis Approach. In Object Oriented Software Design for Real Time and Embedded Computer Systems. Erfurt. Germany. 2005

491491