Re: [SystemSafety] Modelling and coding guidelines: "Unambiguous Graphical Representation"

From: David MENTRE < >
Date: Fri, 26 Feb 2016 14:42:58 +0100

Dear Prof. Ladkin,

Le 26/02/2016 12:54, Peter Bernard Ladkin a écrit :
> I agree with much of what you say, but I am not sure about SDL.

I'm not sure neither. But apparently some work has been done. I won't say anything about its coverage.

Nonetheless, you'll find in ITU Z.100 :
Appendix I
Status of ITU-T Z.100, related documents and Recommendations [...]
– Annex F [Formal specification of SDL] to Recommendation ITU-T Z.100 (approved by ITU-T Study Group 10 on 24
November 2000). This document was for SDL-2000 and consistency with SDL-2010 is
subject to further study. Not part of the ITU-T Z.100 series for SDL-2010. Tools for the formal semantics reference model of SDL-2000 (ITU-T Specification and
Description Language) are found at (the files themselves
are accessible either through CVS, or through the CVS web front end, at """

> It was not true that SDL had an adequate formal semantics in the sense in
> which computer scientists use that term; neither was it true that SDL was unambiguous.

Honestly, I don't know. I would conjecture that it is better than UML/SysML. Maybe not at the level of SCADE.

> Lustre and Esterel certainly. I don't know about Signal. There is the further question of whether
> the SCADE tools respect the semantics of Lustre and Esterel (and Signal). That was always the
> intent, and my colleagues at Esterel do claim it, but I am not sure to what extent it has ever been
> independently assessed (apart from what TüV Süd says).

 From my understanding SCADE has its own semantics, but at least it is formally defined (in the mathematical sense of it).

>> It is both a
>> graphical and textual language. It is an international standard (ITU Z.100 to Z.109,
>> and is apparently freely available.
> The ITU charges for its documents.

Not always. For example you can freely download the PDF of Z.100:

And also annexes F1 to F3, were formal semantics of SDL is defined.

>> >For me, a graphical representation is unambiguous if, for each graphical construction or combination
>> >of constructions, its semantics (i.e. its meaning) is described, in an exhaustive way.
> Let X be a syntactic object specifying behavior. Let A, B and C be pairwise incompatible statements
> of a semantics.
> "X means A, or B, or C" is an exhaustive description of a semantics of X. It is patently not
> unambiguous. Indeed, X can have any one of three mutually incompatible meanings.
> You can, of course, say that "A or B or C" is unambiguous, and in logic it is. But in terms of
> understanding what X does, it is not.
> So, as we see, the term "unambiguous" is ambiguous.

Well spotted! I won't have time to try to propose a more complete definition but I fully agree with you.

>> >Because you can read the formal description and make tools from it.
> People do that with C!

Yes. Once again, my definition was too loose.

Best regards,

The System Safety Mailing List
systemsafety_at_xxxxxx Received on Fri Feb 26 2016 - 14:43:05 CET

This archive was generated by hypermail 2.3.0 : Sat Feb 16 2019 - 18:17:07 CET